[packages/bzip2] - up to 1.0.7; fixes CVE-2019-12900
arekm
arekm at pld-linux.org
Fri Jun 28 09:03:49 CEST 2019
commit 4abaf75d98a117e4953aa5c17d2f2a19a2d87ec4
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Jun 28 09:03:42 2019 +0200
- up to 1.0.7; fixes CVE-2019-12900
bzip2-1.0.4-bzip2recover.patch | 21 ---------------------
bzip2.spec | 12 +++++-------
2 files changed, 5 insertions(+), 28 deletions(-)
---
diff --git a/bzip2.spec b/bzip2.spec
index e68af7b..75ef92c 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -11,12 +11,12 @@ Summary(pt_BR.UTF-8): Compactador de arquivo extremamente poderoso
Summary(uk.UTF-8): Компресор файлів на базі алгоритму блочного сортування
Summary(ru.UTF-8): Компрессор файлов на основе алгоритма блочной сортировки
Name: bzip2
-Version: 1.0.6
-Release: 3
+Version: 1.0.7
+Release: 1
License: BSD-like
Group: Applications/Archiving
-Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
-# Source0-md5: 00b516f4704d4a7cb50a1d97e6e8e15b
+Source0: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz
+# Source0-md5: 1a6a61cc867be4f3d6549037a09bf13e
Source1: http://qboosh.pl/man/%{name}-man-pages.tar.bz2
# Source1-md5: 14a68bf85666428000aad7cb0785a6e5
Source2: %{name}.pc
@@ -24,8 +24,7 @@ Patch0: %{name}-libtoolizeautoconf.patch
Patch1: %{name}-bzgrep.patch
# Modified from http://www.vanheusden.com/Linux/bzip2-1.0.2.diff.gz
Patch2: %{name}-progress-counter-1.0.2.patch
-Patch3: %{name}-1.0.4-bzip2recover.patch
-URL: http://www.bzip.org/
+URL: https://sourceware.org/bzip2//
BuildRequires: autoconf >= 2.50
BuildRequires: automake >= 1:1.6
BuildRequires: libtool
@@ -170,7 +169,6 @@ Bibliotecas estáticas para desenvolvimento com a bzip2.
%patch0 -p1
%patch1 -p1
%{?with_progress:%patch2 -p1}
-%patch3 -p1
%build
%{__libtoolize}
diff --git a/bzip2-1.0.4-bzip2recover.patch b/bzip2-1.0.4-bzip2recover.patch
deleted file mode 100644
index 032ceed..0000000
--- a/bzip2-1.0.4-bzip2recover.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-
-https://bugzilla.redhat.com/226979
-
-commit d92c60c24c16e46363dd15b94b47f04a7535898e
-Author: Ivana Varekova <varekova at fedoraproject.org>
-Date: Mon Feb 5 11:12:02 2007 +0000
-
- - Resolves: 226979 Buffer overflow in bzip2's bzip2recover
-
---- bzip2-1.0.4/bzip2recover.c.pom 2007-01-03 03:00:55.000000000 +0100
-+++ bzip2-1.0.4/bzip2recover.c 2007-02-05 11:55:17.000000000 +0100
-@@ -309,7 +309,8 @@
- UInt32 buffHi, buffLo, blockCRC;
- Char* p;
-
-- strcpy ( progName, argv[0] );
-+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
-+ progName[BZ_MAX_FILENAME-1]='\0';
- inFileName[0] = outFileName[0] = 0;
-
- fprintf ( stderr,
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/bzip2.git/commitdiff/4abaf75d98a117e4953aa5c17d2f2a19a2d87ec4
More information about the pld-cvs-commit
mailing list