From a71e325ca793af11f44f275365ca3bf4fd7d233f Mon Sep 17 00:00:00 2001 From: Alexander Stefanov Date: Thu, 16 Apr 2020 13:11:20 +0000 Subject: [PATCH] 1.0.8 --- .abf.yml | 2 +- 0001-Improve-file-access.patch | 48 +++++ ...-selectors-as-the-file-format-allows.patch | 73 ------- CVE-2019-12900.patch | 32 --- build_good-so-lib.patch | 18 ++ bzip2-1.0.6-CVE-2016-3189.patch | 11 - bzip2-1.0.6-improve-makefile.patch | 194 ++++++++++++++++++ bzip2-1.0.6-makefile.diff | 34 +-- bzip2.spec | 17 +- 9 files changed, 287 insertions(+), 142 deletions(-) create mode 100644 0001-Improve-file-access.patch delete mode 100644 Accept-as-many-selectors-as-the-file-format-allows.patch delete mode 100644 CVE-2019-12900.patch create mode 100644 build_good-so-lib.patch delete mode 100644 bzip2-1.0.6-CVE-2016-3189.patch create mode 100644 bzip2-1.0.6-improve-makefile.patch diff --git a/.abf.yml b/.abf.yml index 5d0a717..07e9ecf 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,2 +1,2 @@ sources: - "bzip2-1.0.6.tar.gz": 3f89f861209ce81a6bab1fd1998c0ef311712002 + bzip2-1.0.8.tar.gz: bf7badf7e248e0ecf465d33c2f5aeec774209227 diff --git a/0001-Improve-file-access.patch b/0001-Improve-file-access.patch new file mode 100644 index 0000000..d14ffc4 --- /dev/null +++ b/0001-Improve-file-access.patch @@ -0,0 +1,48 @@ +From 74177ebe376144ca4e3141d869334b31e5e95ee3 Mon Sep 17 00:00:00 2001 +From: Arjan van de Ven +Date: Sat, 26 Mar 2016 19:28:57 -0700 +Subject: [PATCH] Improve file access + +1) Don't open a file to find out if it exists. Use access(2). +2) use the "m" flag to glibc's fopen(3), to use mmap(2). +--- + bzip2.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/bzip2.c b/bzip2.c +index d95d280..8156f1a 100644 +--- a/bzip2.c ++++ b/bzip2.c +@@ -939,10 +939,7 @@ void copyFileName ( Char* to, Char* from ) + static + Bool fileExists ( Char* name ) + { +- FILE *tmp = fopen ( name, "rb" ); +- Bool exists = (tmp != NULL); +- if (tmp != NULL) fclose ( tmp ); +- return exists; ++ return (access(name, R_OK) == 0) ; + } + + +@@ -1425,7 +1422,7 @@ void uncompress ( Char *name ) + break; + + case SM_F2O: +- inStr = fopen ( inName, "rb" ); ++ inStr = fopen ( inName, "rbm" ); + outStr = stdout; + if ( inStr == NULL ) { + fprintf ( stderr, "%s: Can't open input file %s:%s.\n", +@@ -1437,7 +1434,7 @@ void uncompress ( Char *name ) + break; + + case SM_F2F: +- inStr = fopen ( inName, "rb" ); ++ inStr = fopen ( inName, "rbm" ); + outStr = fopen_output_safely ( outName, "wb" ); + if ( outStr == NULL) { + fprintf ( stderr, "%s: Can't create output file %s: %s.\n", +-- +2.22.0 + diff --git a/Accept-as-many-selectors-as-the-file-format-allows.patch b/Accept-as-many-selectors-as-the-file-format-allows.patch deleted file mode 100644 index e675ce7..0000000 --- a/Accept-as-many-selectors-as-the-file-format-allows.patch +++ /dev/null @@ -1,73 +0,0 @@ -From b357f4ec14a8b5b11b37621ee9f2a10f518b6c65 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Wed, 3 Jul 2019 01:28:11 +0200 -Subject: [PATCH] Accept as many selectors as the file format allows. - -But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS. - -The theoretical maximum number of selectors depends on the maximum -blocksize (900000 bytes) and the number of symbols (50) that can be -encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002. - -But the bzip2 file format allows the number of selectors to be encoded -with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in -14 bits). So the file format maximum is 32767 selectors. - -Some bzip2 encoders might actually have written out more selectors -than the theoretical maximum because they rounded up the number of -selectors to some convenient factor of 8. - -The extra 14766 selectors can never be validly used by the decompression -algorithm. So we can read them, but then discard them. - -This is effectively what was done (by accident) before we added a -check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate -CVE-2019-12900. - -The extra selectors were written out after the array inside the -EState struct. But the struct has extra space allocated after the -selector arrays of 18060 bytes (which is larger than 14766). -All of which will be initialized later (so the overwrite of that -space with extra selector values would have been harmless). -diff --git a/compress.c b/compress.c -index caf7696..19b662b 100644 ---- a/compress.c -+++ b/compress.c -@@ -454,7 +454,7 @@ void sendMTFValues ( EState* s ) - - AssertH( nGroups < 8, 3002 ); - AssertH( nSelectors < 32768 && -- nSelectors <= (2 + (900000 / BZ_G_SIZE)), -+ nSelectors <= BZ_MAX_SELECTORS, - 3003 ); - - -diff --git a/decompress.c b/decompress.c -index b6e0a29..78060c9 100644 ---- a/decompress.c -+++ b/decompress.c -@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) - GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); - GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); -- if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); -+ if (nSelectors < 1) RETURN(BZ_DATA_ERROR); - for (i = 0; i < nSelectors; i++) { - j = 0; - while (True) { -@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s ) - j++; - if (j >= nGroups) RETURN(BZ_DATA_ERROR); - } -- s->selectorMtf[i] = j; -+ /* Having more than BZ_MAX_SELECTORS doesn't make much sense -+ since they will never be used, but some implementations might -+ "round up" the number of selectors, so just ignore those. */ -+ if (i < BZ_MAX_SELECTORS) -+ s->selectorMtf[i] = j; - } -+ if (nSelectors > BZ_MAX_SELECTORS) -+ nSelectors = BZ_MAX_SELECTORS; - - /*--- Undo the MTF values for the selectors. ---*/ - { diff --git a/CVE-2019-12900.patch b/CVE-2019-12900.patch deleted file mode 100644 index 9213a71..0000000 --- a/CVE-2019-12900.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Tue, 28 May 2019 19:35:18 +0200 -Subject: [PATCH] Make sure nSelectors is not out of range - -nSelectors is used in a loop from 0 to nSelectors to access selectorMtf -which is - UChar selectorMtf[BZ_MAX_SELECTORS]; -so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory -access - -Fixes out of bounds access discovered while fuzzying karchive ---- - decompress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/decompress.c b/decompress.c -index ab6a624..f3db91d 100644 ---- a/decompress.c -+++ b/decompress.c -@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) - GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); - GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); -- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); -+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); - for (i = 0; i < nSelectors; i++) { - j = 0; - while (True) { --- -2.21.0 - diff --git a/build_good-so-lib.patch b/build_good-so-lib.patch new file mode 100644 index 0000000..ad6d6d1 --- /dev/null +++ b/build_good-so-lib.patch @@ -0,0 +1,18 @@ +diff --git a/Makefile-libbz2_so b/Makefile-libbz2_so +index 9b281eb..bcfeb77 100644 +--- a/Makefile-libbz2_so ++++ b/Makefile-libbz2_so +@@ -52,11 +52,13 @@ $(LIBRARY): $(OBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared $(top_sourcedir)/bzip2.c $(LIBRARY) + rm -f libbz2.so.1.0 + ln -s $(LIBRARY) libbz2.so.1.0 ++ ln -s $(LIBRARY) libbz2.so.1 + + install: all + mkdir -p $(DESTDIR)$(root_libdir) + install -m755 $(LIBRARY) $(DESTDIR)$(root_libdir) + ln -sf $(LIBRARY) $(DESTDIR)$(root_libdir)/libbz2.so.1.0 ++ ln -sf $(LIBRARY) $(DESTDIR)$(root_libdir)/libbz2.so.1 + mkdir -p $(DESTDIR)$(libdir) + rm -f $(DESTDIR)$(libdir)/libbz2.so + ln -sr $(DESTDIR)$(root_libdir)/$(LIBRARY) $(DESTDIR)$(libdir)/libbz2.so diff --git a/bzip2-1.0.6-CVE-2016-3189.patch b/bzip2-1.0.6-CVE-2016-3189.patch deleted file mode 100644 index 18d193b..0000000 --- a/bzip2-1.0.6-CVE-2016-3189.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./bzip2recover.c.old ./bzip2recover.c ---- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100 -+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200 -@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv ) - bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); - bsPutUInt32 ( bsWr, blockCRC ); - bsClose ( bsWr ); -+ outFile = NULL; - } - if (wrBlock >= rbCtr) break; - wrBlock++; diff --git a/bzip2-1.0.6-improve-makefile.patch b/bzip2-1.0.6-improve-makefile.patch new file mode 100644 index 0000000..df37551 --- /dev/null +++ b/bzip2-1.0.6-improve-makefile.patch @@ -0,0 +1,194 @@ +--- bzip2-1.0.6/Makefile-libbz2_so.mdkconf~ 2012-12-14 11:05:55.017674909 +0100 ++++ bzip2-1.0.6/Makefile-libbz2_so 2012-12-14 11:07:25.803497360 +0100 +@@ -20,7 +20,13 @@ + # in the file LICENSE. + # ------------------------------------------------------------------ + +-include config.in ++top_sourcedir = . ++include $(top_sourcedir)/config.in ++ ++prefix = /usr ++root_libdir= /$(lib) ++libdir = $(prefix)/$(lib) ++ + + SHELL=/bin/sh + CC=gcc +@@ -36,26 +42,27 @@ OBJS= blocksort.o \ + decompress.o \ + bzlib.o + +-all: $(OBJS) +- $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 $(LDFLAGS) -o libbz2.so.1.0.8 $(OBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 ++LIBRARY = libbz2.so.1.0.8 ++ ++all: $(LIBRARY) ++ ++ ++$(LIBRARY): $(OBJS) ++ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 $(LDFLAGS) -o $(LIBRARY) $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared $(top_sourcedir)/bzip2.c $(LIBRARY) + rm -f libbz2.so.1.0 +- ln -s libbz2.so.1.0.8 libbz2.so.1.0 ++ ln -s $(LIBRARY) libbz2.so.1.0 ++ ++install: all ++ mkdir -p $(DESTDIR)$(root_libdir) ++ install -m755 $(LIBRARY) $(DESTDIR)$(root_libdir) ++ ln -sf $(LIBRARY) $(DESTDIR)$(root_libdir)/libbz2.so.1.0 ++ mkdir -p $(DESTDIR)$(libdir) ++ rm -f $(DESTDIR)$(libdir)/libbz2.so ++ ln -sr $(DESTDIR)$(root_libdir)/$(LIBRARY) $(DESTDIR)$(libdir)/libbz2.so + + clean: +- rm -f $(OBJS) bzip2.o libbz2.so.1.0.8 libbz2.so.1.0 bzip2-shared ++ rm -f $(OBJS) bzip2.o $(LIBRARY) libbz2.so.1.0 bzip2-shared + +-blocksort.o: blocksort.c +- $(CC) $(CFLAGS) -c blocksort.c +-huffman.o: huffman.c +- $(CC) $(CFLAGS) -c huffman.c +-crctable.o: crctable.c +- $(CC) $(CFLAGS) -c crctable.c +-randtable.o: randtable.c +- $(CC) $(CFLAGS) -c randtable.c +-compress.o: compress.c +- $(CC) $(CFLAGS) -c compress.c +-decompress.o: decompress.c +- $(CC) $(CFLAGS) -c decompress.c +-bzlib.o: bzlib.c +- $(CC) $(CFLAGS) -c bzlib.c ++%.o: $(top_sourcedir)/%.c $(top_sourcedir)/bzlib.h $(top_sourcedir)/bzlib_private.h ++ $(CC) $(CFLAGS) -c $< +--- bzip2-1.0.6/Makefile.mdkconf~ 2012-12-14 11:05:55.017674909 +0100 ++++ bzip2-1.0.6/Makefile 2012-12-14 11:05:55.021674769 +0100 +@@ -12,7 +12,8 @@ + # in the file LICENSE. + # ------------------------------------------------------------------ + +-include config.in ++top_sourcedir=. ++include $(top_sourcedir)/config.in + + # define libdir name + lib ?= lib +@@ -51,54 +52,59 @@ mandir=$(prefix)/share/man + includedir=$(prefix)/include + DESTDIR= + +-all: $(LIB) bzip2 bzip2recover test ++all: $(LIB) bzip2 bzip2recover + +-install: all test ++install: all install-bin install-dev install-lib ++ ++install-bin: bzip2 bzip2recover + mkdir -p $(DESTDIR)$(bindir) +- libtool --mode=install install -s -m 0755 bzip2 $(DESTDIR)$(bindir)/ +- libtool --mode=install install -s -m 0755 bzip2recover $(DESTDIR)$(bindir)/ +- libtool --mode=install install -m 0755 bzdiff $(DESTDIR)$(bindir)/ +- libtool --mode=install install -m 0755 bzmore $(DESTDIR)$(bindir)/ ++ libtool --mode=install install -m 0755 bzip2 $(DESTDIR)$(bindir)/ ++ libtool --mode=install install -m 0755 bzip2recover $(DESTDIR)$(bindir)/ ++ libtool --mode=install install -m 0755 $(top_sourcedir)/bzdiff $(DESTDIR)$(bindir)/ ++ libtool --mode=install install -m 0755 $(top_sourcedir)/bzmore $(DESTDIR)$(bindir)/ + ln -sf bzip2 $(DESTDIR)$(bindir)/bunzip2 + ln -sf bzip2 $(DESTDIR)$(bindir)/bzcat + mkdir -p $(DESTDIR)$(mandir)/man1 +- install -c -m 0644 bzip2.1 $(DESTDIR)$(mandir)/man1/ +- install -c -m 0644 bzdiff.1 $(DESTDIR)$(mandir)/man1/ +- install -c -m 0644 bzmore.1 $(DESTDIR)$(mandir)/man1/ ++ install -c -m 0644 $(top_sourcedir)/bzip2.1 $(DESTDIR)$(mandir)/man1/ ++ install -c -m 0644 $(top_sourcedir)/bzdiff.1 $(DESTDIR)$(mandir)/man1/ ++ install -c -m 0644 $(top_sourcedir)/bzmore.1 $(DESTDIR)$(mandir)/man1/ + ln -sf bzip2.1 $(DESTDIR)$(mandir)/man1/bunzip2.1 + ln -sf bzip2.1 $(DESTDIR)$(mandir)/man1/bzcat.1 + ln -sf bzip2.1 $(DESTDIR)$(mandir)/man1/bzip2recover.1 ++ ++install-dev: ++ mkdir -p $(DESTDIR)$(includedir) ++ install -c -m 0644 $(top_sourcedir)/bzlib.h $(DESTDIR)$(includedir) ++ ++install-lib: $(LIB) + mkdir -p $(DESTDIR)$(libdir) + libtool --mode=install install $(LIB) $(DESTDIR)$(libdir) +- mkdir -p $(DESTDIR)$(includedir) +- install -c -m 0644 bzlib.h $(DESTDIR)$(includedir) + +-bzip2: bzip2.c $(LIB) +- libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2.c $(LIB) ++bzip2: $(top_sourcedir)/bzip2.c $(LIB) ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(top_sourcedir)/bzip2.c $(LIB) + +-bzip2recover: bzip2recover.c +- libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2recover.c ++bzip2recover: $(top_sourcedir)/bzip2recover.c ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(top_sourcedir)/bzip2recover.c + + $(LIB): $(OBJS) +- libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) -rpath $(libdir) \ +- -version-info 1:0:0 ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) -version-info 1:0:6 + + check: test + test: bzip2 +- @cat words1 +- ./bzip2 -1 < sample1.ref > sample1.rb2 +- ./bzip2 -2 < sample2.ref > sample2.rb2 +- ./bzip2 -3 < sample3.ref > sample3.rb2 +- ./bzip2 -d < sample1.bz2 > sample1.tst +- ./bzip2 -d < sample2.bz2 > sample2.tst +- ./bzip2 -ds < sample3.bz2 > sample3.tst +- cmp sample1.bz2 sample1.rb2 +- cmp sample2.bz2 sample2.rb2 +- cmp sample3.bz2 sample3.rb2 +- cmp sample1.tst sample1.ref +- cmp sample2.tst sample2.ref +- cmp sample3.tst sample3.ref +- @cat words3 ++ @cat $(top_sourcedir)/words1 ++ ./bzip2 -1 < $(top_sourcedir)/sample1.ref > sample1.rb2 ++ ./bzip2 -2 < $(top_sourcedir)/sample2.ref > sample2.rb2 ++ ./bzip2 -3 < $(top_sourcedir)/sample3.ref > sample3.rb2 ++ ./bzip2 -d < $(top_sourcedir)/sample1.bz2 > sample1.tst ++ ./bzip2 -d < $(top_sourcedir)/sample2.bz2 > sample2.tst ++ ./bzip2 -ds < $(top_sourcedir)/sample3.bz2 > sample3.tst ++ cmp $(top_sourcedir)/sample1.bz2 sample1.rb2 ++ cmp $(top_sourcedir)/sample2.bz2 sample2.rb2 ++ cmp $(top_sourcedir)/sample3.bz2 sample3.rb2 ++ cmp sample1.tst $(top_sourcedir)/sample1.ref ++ cmp sample2.tst $(top_sourcedir)/sample2.ref ++ cmp sample3.tst $(top_sourcedir)/sample3.ref ++ @cat $(top_sourcedir)/words3 + + clean: + rm -f *.o *.lo *.a $(LIB) bzip2 bzip2recover \ +@@ -107,10 +113,10 @@ clean: + + .SUFFIXES: .c .o .lo + +-%.o: %.c bzlib.h bzlib_private.h ++%.o: $(top_sourcedir)/%.c $(top_sourcedir)/bzlib.h $(top_sourcedir)/bzlib_private.h + $(CC) $(CFLAGS) -c $< + +-%.lo: %.c bzlib.h bzlib_private.h ++%.lo: $(top_sourcedir)/%.c $(top_sourcedir)/bzlib.h $(top_sourcedir)/bzlib_private.h + libtool --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< + + distclean: clean +@@ -187,10 +193,10 @@ MANUAL_SRCS= bz-common.xsl bz-fo.xsl bz + manual: manual.html manual.ps manual.pdf + + manual.ps: $(MANUAL_SRCS) +- ./xmlproc.sh -ps manual.xml ++ $(top_sourcedir)/xmlproc.sh -ps $(top_sourcedir)/manual.xml + + manual.pdf: $(MANUAL_SRCS) +- ./xmlproc.sh -pdf manual.xml ++ $(top_sourcedir)/xmlproc.sh -pdf $(top_sourcedir)/manual.xml + + manual.html: $(MANUAL_SRCS) +- ./xmlproc.sh -html manual.xml ++ $(top_sourcedir)/xmlproc.sh -html $(top_sourcedir)/manual.xml diff --git a/bzip2-1.0.6-makefile.diff b/bzip2-1.0.6-makefile.diff index 74e788f..faab397 100644 --- a/bzip2-1.0.6-makefile.diff +++ b/bzip2-1.0.6-makefile.diff @@ -1,6 +1,6 @@ -diff -Naur bzip2-1.0.6/Makefile bzip2-1.0.6.oden/Makefile ---- bzip2-1.0.6/Makefile 2010-09-11 00:46:02.000000000 +0200 -+++ bzip2-1.0.6.oden/Makefile 2010-09-20 12:22:58.718326583 +0200 +diff -up bzip2-1.0.7/Makefile.1~ bzip2-1.0.7/Makefile +--- bzip2-1.0.7/Makefile.1~ 2019-06-27 20:15:39.000000000 +0200 ++++ bzip2-1.0.7/Makefile 2019-06-28 13:28:14.311575852 +0200 @@ -12,45 +12,76 @@ # in the file LICENSE. # ------------------------------------------------------------------ @@ -97,18 +97,18 @@ diff -Naur bzip2-1.0.6/Makefile bzip2-1.0.6.oden/Makefile + install -c -m 0644 bzlib.h $(DESTDIR)$(includedir) + +bzip2: bzip2.c $(LIB) -+ libtool --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2.c $(LIB) ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2.c $(LIB) + +bzip2recover: bzip2recover.c -+ libtool --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2recover.c ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ bzip2recover.c + +$(LIB): $(OBJS) -+ libtool --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) -rpath $(libdir) \ ++ libtool --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) -rpath $(libdir) \ + -version-info 1:0:0 check: test test: bzip2 -@@ -69,70 +100,18 @@ +@@ -69,70 +100,18 @@ test: bzip2 cmp sample3.tst sample3.ref @cat words3 @@ -182,13 +182,13 @@ diff -Naur bzip2-1.0.6/Makefile bzip2-1.0.6.oden/Makefile + $(CC) $(CFLAGS) -c $< +%.lo: %.c bzlib.h bzlib_private.h -+ libtool --mode=compile $(CC) $(CFLAGS) -c $< ++ libtool --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< distclean: clean rm -f manual.ps manual.html manual.pdf -diff -Naur bzip2-1.0.6/Makefile-libbz2_so bzip2-1.0.6.oden/Makefile-libbz2_so ---- bzip2-1.0.6/Makefile-libbz2_so 2010-09-11 01:07:52.000000000 +0200 -+++ bzip2-1.0.6.oden/Makefile-libbz2_so 2010-09-20 12:22:58.719327028 +0200 +diff -up bzip2-1.0.7/Makefile-libbz2_so.1~ bzip2-1.0.7/Makefile-libbz2_so +--- bzip2-1.0.7/Makefile-libbz2_so.1~ 2019-06-27 20:15:39.000000000 +0200 ++++ bzip2-1.0.7/Makefile-libbz2_so 2019-06-28 13:30:02.244570616 +0200 @@ -20,11 +20,13 @@ # in the file LICENSE. # ------------------------------------------------------------------ @@ -204,14 +204,14 @@ diff -Naur bzip2-1.0.6/Makefile-libbz2_so bzip2-1.0.6.oden/Makefile-libbz2_so OBJS= blocksort.o \ huffman.o \ -@@ -35,8 +37,8 @@ +@@ -35,8 +37,8 @@ OBJS= blocksort.o \ bzlib.o all: $(OBJS) -- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) -- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 -+ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 $(LDFLAGS) -o libbz2.so.1.0.6 $(OBJS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 +- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS) +- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 ++ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 $(LDFLAGS) -o libbz2.so.1.0.8 $(OBJS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.6 libbz2.so.1.0 + ln -s libbz2.so.1.0.8 libbz2.so.1.0 diff --git a/bzip2.spec b/bzip2.spec index ea664e2..888fb7e 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -6,21 +6,21 @@ Summary: Extremely powerful file compression utility Name: bzip2 -Version: 1.0.6 -Release: 21 +Version: 1.0.8 +Release: 1 License: BSD Group: Archiving/Compression Url: http://www.bzip.org/index.html -Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz +Source0: https://sourceware.org/pub/bzip2/bzip2-%{version}.tar.gz Source1: bzgrep Source2: bzme Source3: bzme.1 Source4: bzip2.pc Patch0: bzip2-1.0.6-makefile.diff -Patch1: bzip2-1.0.6-CVE-2016-3189.patch -Patch2: CVE-2019-12900.patch -# Fixes regression introduced by CVE-2019-12900.patch (LP: #1834494) -Patch3: Accept-as-many-selectors-as-the-file-format-allows.patch +Patch1: bzip2-1.0.6-improve-makefile.patch +Patch2: build_good-so-lib.patch +# (tpg) ClearLinux Patches +Patch10: https://raw.githubusercontent.com/clearlinux-pkgs/bzip2/master/0001-Improve-file-access.patch BuildRequires: libtool BuildRequires: texinfo %if %{with pdf} @@ -109,7 +109,8 @@ texi2dvi --pdf manual.texi %endif %install -%makeinstall_std +%make_install -f Makefile-libbz2_so +make install-bin install-dev -f Makefile DESTDIR=%{buildroot} install -m0755 bzme %{buildroot}%{_bindir}/ install -m0755 bzgrep %{buildroot}%{_bindir}/