diff --git a/0001-add-compile-option.patch b/0001-add-compile-option.patch new file mode 100644 index 0000000..18ecb16 --- /dev/null +++ b/0001-add-compile-option.patch @@ -0,0 +1,52 @@ +From 70218c0c89b399fdc6febea92aae5dcc6ad32f56 Mon Sep 17 00:00:00 2001 +From: lvying +Date: Sat, 19 Oct 2019 13:07:28 +0800 +Subject: [PATCH 1/2] add compile option + +Signed-off-by: lvying +--- + Makefile | 4 ---- + Makefile-libbz2_so | 5 ++--- + 2 files changed, 2 insertions(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index f8a1772..69ea7b2 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,10 +18,6 @@ SHELL=/bin/sh + CC=gcc + AR=ar + RANLIB=ranlib +-LDFLAGS= +- +-BIGFILES=-D_FILE_OFFSET_BITS=64 +-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) + + # Where you want it installed when you do 'make install' + PREFIX=/usr/local +diff --git a/Makefile-libbz2_so b/Makefile-libbz2_so +index fb0f230..1eaf26a 100644 +--- a/Makefile-libbz2_so ++++ b/Makefile-libbz2_so +@@ -24,7 +24,6 @@ + SHELL=/bin/sh + CC=gcc + BIGFILES=-D_FILE_OFFSET_BITS=64 +-CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) + + OBJS= blocksort.o \ + huffman.o \ +@@ -35,8 +34,8 @@ OBJS= blocksort.o \ + bzlib.o + + all: $(OBJS) +- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS) +- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 + rm -f libbz2.so.1.0 + ln -s libbz2.so.1.0.8 libbz2.so.1.0 + +-- +1.8.3.1 + diff --git a/0001-bzip2-1.0.4-saneso.patch b/0001-bzip2-1.0.4-saneso.patch deleted file mode 100644 index 6b3430c..0000000 --- a/0001-bzip2-1.0.4-saneso.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up bzip2-1.0.6/Makefile-libbz2_so.pom bzip2-1.0.6/Makefile-libbz2_so ---- bzip2-1.0.6/Makefile-libbz2_so.pom 2010-09-11 01:07:52.000000000 +0200 -+++ bzip2-1.0.6/Makefile-libbz2_so 2010-09-22 10:31:46.000000000 +0200 -@@ -35,7 +35,7 @@ OBJS= blocksort.o \ - bzlib.o - - all: $(OBJS) -- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) -+ $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 - rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.6 libbz2.so.1.0 diff --git a/0006-CVE-2019-12900.patch b/0002-CVE-2019-12900.patch similarity index 78% rename from 0006-CVE-2019-12900.patch rename to 0002-CVE-2019-12900.patch index 9213a71..2f8db92 100644 --- a/0006-CVE-2019-12900.patch +++ b/0002-CVE-2019-12900.patch @@ -1,7 +1,7 @@ -From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From 52f520db6cda25f18e26208745f1b92803d5d559 Mon Sep 17 00:00:00 2001 From: Albert Astals Cid Date: Tue, 28 May 2019 19:35:18 +0200 -Subject: [PATCH] Make sure nSelectors is not out of range +Subject: [PATCH 2/2] Make sure nSelectors is not out of range nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is @@ -15,12 +15,12 @@ Fixes out of bounds access discovered while fuzzying karchive 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decompress.c b/decompress.c -index ab6a624..f3db91d 100644 +index a1a0bac..e1fabdb 100644 --- a/decompress.c +++ b/decompress.c @@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR); GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); - if (nSelectors < 1) RETURN(BZ_DATA_ERROR); + if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); @@ -28,5 +28,5 @@ index ab6a624..f3db91d 100644 j = 0; while (True) { -- -2.21.0 +1.8.3.1 diff --git a/0002-bzip2-1.0.4-cflags.patch b/0002-bzip2-1.0.4-cflags.patch deleted file mode 100644 index 209d738..0000000 --- a/0002-bzip2-1.0.4-cflags.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up bzip2-1.0.6/Makefile-libbz2_so.pom bzip2-1.0.6/Makefile-libbz2_so ---- bzip2-1.0.6/Makefile-libbz2_so.pom 2010-09-22 10:36:24.000000000 +0200 -+++ bzip2-1.0.6/Makefile-libbz2_so 2010-09-22 10:36:58.000000000 +0200 -@@ -35,7 +35,7 @@ OBJS= blocksort.o \ - bzlib.o - - all: $(OBJS) -- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) -+ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 - rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.6 libbz2.so.1.0 diff --git a/0003-bzip2-1.0.4-bzip2recover.patch b/0003-bzip2-1.0.4-bzip2recover.patch deleted file mode 100644 index e2bfe1c..0000000 --- a/0003-bzip2-1.0.4-bzip2recover.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- bzip2-1.0.4/bzip2recover.c.pom 2007-01-03 03:00:55.000000000 +0100 -+++ bzip2-1.0.4/bzip2recover.c 2007-02-05 11:55:17.000000000 +0100 -@@ -309,7 +309,8 @@ - UInt32 buffHi, buffLo, blockCRC; - Char* p; - -- strcpy ( progName, argv[0] ); -+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1); -+ progName[BZ_MAX_FILENAME-1]='\0'; - inFileName[0] = outFileName[0] = 0; - - fprintf ( stderr, diff --git a/0004-bzip2-ldflags.patch b/0004-bzip2-ldflags.patch deleted file mode 100644 index 2281262..0000000 --- a/0004-bzip2-ldflags.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up bzip2-1.0.6/Makefile.jx bzip2-1.0.6/Makefile ---- bzip2-1.0.6/Makefile.jx 2010-09-10 18:46:02.000000000 -0400 -+++ bzip2-1.0.6/Makefile 2015-08-14 13:04:33.891504131 -0400 -@@ -18,10 +18,6 @@ SHELL=/bin/sh - CC=gcc - AR=ar - RANLIB=ranlib --LDFLAGS= -- --BIGFILES=-D_FILE_OFFSET_BITS=64 --CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) - - # Where you want it installed when you do 'make install' - PREFIX=/usr/local -diff -up bzip2-1.0.6/Makefile-libbz2_so.jx bzip2-1.0.6/Makefile-libbz2_so ---- bzip2-1.0.6/Makefile-libbz2_so.jx 2015-08-14 13:04:33.885503955 -0400 -+++ bzip2-1.0.6/Makefile-libbz2_so 2015-08-14 13:06:52.554581179 -0400 -@@ -24,7 +24,6 @@ - SHELL=/bin/sh - CC=gcc - BIGFILES=-D_FILE_OFFSET_BITS=64 --CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) - - OBJS= blocksort.o \ - huffman.o \ -@@ -35,8 +34,8 @@ OBJS= blocksort.o \ - bzlib.o - - all: $(OBJS) -- $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) -- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 - rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.6 libbz2.so.1.0 - diff --git a/0005-set-out-file-to-null.patch b/0005-set-out-file-to-null.patch deleted file mode 100644 index 18d193b..0000000 --- a/0005-set-out-file-to-null.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./bzip2recover.c.old ./bzip2recover.c ---- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100 -+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200 -@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv ) - bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); - bsPutUInt32 ( bsWr, blockCRC ); - bsClose ( bsWr ); -+ outFile = NULL; - } - if (wrBlock >= rbCtr) break; - wrBlock++; diff --git a/bzip2-1.0.6.tar.gz b/bzip2-1.0.6.tar.gz deleted file mode 100644 index e47e903..0000000 Binary files a/bzip2-1.0.6.tar.gz and /dev/null differ diff --git a/bzip2-1.0.8.tar.gz b/bzip2-1.0.8.tar.gz new file mode 100644 index 0000000..985da4c Binary files /dev/null and b/bzip2-1.0.8.tar.gz differ diff --git a/bzip2.pc b/bzip2.pc index ff40d85..701d7b2 100644 --- a/bzip2.pc +++ b/bzip2.pc @@ -6,6 +6,6 @@ includedir=/usr/include Name: bzip2 Description: A file compression library -Version: 1.0.6 +Version: 1.0.8 Libs: -L${libdir} -lbz2 Cflags: -I${includedir} diff --git a/bzip2.spec b/bzip2.spec index 6de4ddb..13aa23e 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -1,6 +1,6 @@ Name: bzip2 -Version: 1.0.6 -Release: 33 +Version: 1.0.8 +Release: 1 Summary: A high-quality data compressor License: BSD @@ -8,12 +8,8 @@ URL: https://www.sourceware.org/bzip2/ Source0: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz Source1: bzip2.pc -Patch0: 0001-bzip2-1.0.4-saneso.patch -Patch1: 0002-bzip2-1.0.4-cflags.patch -Patch2: 0003-bzip2-1.0.4-bzip2recover.patch -Patch3: 0004-bzip2-ldflags.patch -Patch4: 0005-set-out-file-to-null.patch -Patch5: 0006-CVE-2019-12900.patch +Patch0: 0001-add-compile-option.patch +Patch1: 0002-CVE-2019-12900.patch BuildRequires: gcc @@ -94,6 +90,9 @@ make check %{_mandir}/man1/b*.1.gz %changelog +* Sat Oct 19 2019 openEuler Builteam - 1.0.8-1 +- update bzip2 + * Tue Sep 24 2019 shenyangyang - 1.0.6-33 - Type:enhancement - ID:NA