diff --git a/bzip2-CVE-2010-0405.patch b/bzip2-CVE-2010-0405.patch deleted file mode 100644 index 536aedb..0000000 --- a/bzip2-CVE-2010-0405.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: bzip2-1.0.5/decompress.c -=================================================================== ---- bzip2-1.0.5.orig/decompress.c -+++ bzip2-1.0.5/decompress.c -@@ -394,6 +394,13 @@ Int32 BZ2_decompress ( DState* s ) - es = -1; - N = 1; - do { -+ /* Check that N doesn't get too big, so that es doesn't -+ go negative. The maximum value that can be -+ RUNA/RUNB encoded is equal to the block size (post -+ the initial RLE), viz, 900k, so bounding N at 2 -+ million should guard against overflow without -+ rejecting any legitimate inputs. */ -+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); - if (nextSym == BZ_RUNA) es = es + (0+1) * N; else - if (nextSym == BZ_RUNB) es = es + (1+1) * N; - N = N * 2; diff --git a/bzip2.changes b/bzip2.changes index aab2251..c654d86 100644 --- a/bzip2.changes +++ b/bzip2.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Tue Sep 21 13:54:31 UTC 2010 - puzel@novell.com - -- add bzip2-CVE-2010-0405.patch (bnc#636978) -- fix copy-paste error in profile_bzip2() - ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de diff --git a/bzip2.spec b/bzip2.spec index 3789be6..c7399d4 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -45,7 +45,6 @@ Patch: http://pack.suse.cz/sbrabec/bzip2/for_downstream/bzip2-1.0.5-aut Patch2: bzip2-maxlen20.patch Patch3: bzip2-faster.patch Patch5: bzip2-unsafe_strcpy.patch -Patch6: bzip2-CVE-2010-0405.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -109,13 +108,12 @@ Authors: %patch2 %patch3 %patch5 -%patch6 -p1 %build profile_bzip2() { tmpfile=$(mktemp) - trap "rm -f $tmpfile $tmpfile.bz2" EXIT + trap "rm -f $tmpfile $tmpfile.gz" EXIT tar -cjf $tmpfile.bz2 /usr/src || true # time ./bzip2 $tmpfile time ./bzip2 -d < $tmpfile.bz2 > /dev/null