[packages/bzip2] - up to 1.0.7; fixes CVE-2019-12900

arekm arekm at pld-linux.org
Fri Jun 28 09:03:49 CEST 2019


commit 4abaf75d98a117e4953aa5c17d2f2a19a2d87ec4
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Jun 28 09:03:42 2019 +0200

    - up to 1.0.7; fixes CVE-2019-12900

 bzip2-1.0.4-bzip2recover.patch | 21 ---------------------
 bzip2.spec                     | 12 +++++-------
 2 files changed, 5 insertions(+), 28 deletions(-)
---
diff --git a/bzip2.spec b/bzip2.spec
index e68af7b..75ef92c 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -11,12 +11,12 @@ Summary(pt_BR.UTF-8):	Compactador de arquivo extremamente poderoso
 Summary(uk.UTF-8):	Компресор файлів на базі алгоритму блочного сортування
 Summary(ru.UTF-8):	Компрессор файлов на основе алгоритма блочной сортировки
 Name:		bzip2
-Version:	1.0.6
-Release:	3
+Version:	1.0.7
+Release:	1
 License:	BSD-like
 Group:		Applications/Archiving
-Source0:	http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
-# Source0-md5:	00b516f4704d4a7cb50a1d97e6e8e15b
+Source0:	https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz
+# Source0-md5:	1a6a61cc867be4f3d6549037a09bf13e
 Source1:	http://qboosh.pl/man/%{name}-man-pages.tar.bz2
 # Source1-md5:	14a68bf85666428000aad7cb0785a6e5
 Source2:	%{name}.pc
@@ -24,8 +24,7 @@ Patch0:		%{name}-libtoolizeautoconf.patch
 Patch1:		%{name}-bzgrep.patch
 # Modified from http://www.vanheusden.com/Linux/bzip2-1.0.2.diff.gz
 Patch2:		%{name}-progress-counter-1.0.2.patch
-Patch3:		%{name}-1.0.4-bzip2recover.patch
-URL:		http://www.bzip.org/
+URL:		https://sourceware.org/bzip2//
 BuildRequires:	autoconf >= 2.50
 BuildRequires:	automake >= 1:1.6
 BuildRequires:	libtool
@@ -170,7 +169,6 @@ Bibliotecas estáticas para desenvolvimento com a bzip2.
 %patch0 -p1
 %patch1 -p1
 %{?with_progress:%patch2 -p1}
-%patch3 -p1
 
 %build
 %{__libtoolize}
diff --git a/bzip2-1.0.4-bzip2recover.patch b/bzip2-1.0.4-bzip2recover.patch
deleted file mode 100644
index 032ceed..0000000
--- a/bzip2-1.0.4-bzip2recover.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-
-https://bugzilla.redhat.com/226979
-
-commit d92c60c24c16e46363dd15b94b47f04a7535898e
-Author: Ivana Varekova <varekova at fedoraproject.org>
-Date:   Mon Feb 5 11:12:02 2007 +0000
-
-    - Resolves: 226979 Buffer overflow in bzip2's bzip2recover
-
---- bzip2-1.0.4/bzip2recover.c.pom	2007-01-03 03:00:55.000000000 +0100
-+++ bzip2-1.0.4/bzip2recover.c	2007-02-05 11:55:17.000000000 +0100
-@@ -309,7 +309,8 @@
-    UInt32      buffHi, buffLo, blockCRC;
-    Char*       p;
- 
--   strcpy ( progName, argv[0] );
-+   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
-+   progName[BZ_MAX_FILENAME-1]='\0';
-    inFileName[0] = outFileName[0] = 0;
- 
-    fprintf ( stderr, 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/bzip2.git/commitdiff/4abaf75d98a117e4953aa5c17d2f2a19a2d87ec4



More information about the pld-cvs-commit mailing list