forked from pool/bzip2
c074e654c4
- Update to version 1.0.7: * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH. * bzip2: Fix return value when combining --test,-t and -q. * bzip2recover: Fix buffer overflow for large argv[0]. * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189). * Make sure nSelectors is not out of range (CVE-2019-12900). - Drop patches fixed upstream: * bzip2-unsafe_strcpy.patch. * bzip2-1.0.6-CVE-2016-3189.patch. - Refresh patches with quilt. OBS-URL: https://build.opensuse.org/request/show/712284 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=76
22 lines
664 B
Diff
22 lines
664 B
Diff
Index: bzip2-1.0.7/bzlib.c
|
|
===================================================================
|
|
--- bzip2-1.0.7.orig/bzlib.c 2019-06-27 20:15:39.000000000 +0200
|
|
+++ bzip2-1.0.7/bzlib.c 2019-06-27 23:10:21.399272583 +0200
|
|
@@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen
|
|
}
|
|
mode++;
|
|
}
|
|
- strcat(mode2, writing ? "w" : "r" );
|
|
+
|
|
+ /* open fds with O_CLOEXEC _only_ when we are the initiator
|
|
+ * aka. bzopen() but not bzdopen() */
|
|
+ if(open_mode == 0) {
|
|
+ strcat (mode2, writing ? "we" : "re" );
|
|
+ } else {
|
|
+ strcat(mode2, writing ? "w" : "r" );
|
|
+ }
|
|
+
|
|
strcat(mode2,"b"); /* binary mode */
|
|
|
|
if (open_mode==0) {
|