commit 47283921b8684ac0180d5566a43ba255c136da30 Author: Danny Rawlins <monster.romster@gmail.com> Date: Fri Aug 10 18:39:20 2018 +1000 [notify] bzip2-32: CVE-2016-3189 and source url change as site is down diff --git a/bzip2-32/.md5sum b/bzip2-32/.md5sum deleted file mode 100644 index fb5468a..0000000 --- a/bzip2-32/.md5sum +++ /dev/null @@ -1,2 +0,0 @@ -00b516f4704d4a7cb50a1d97e6e8e15b bzip2-1.0.6.tar.gz -21bba891a5e515d69fa6ca6b11eac726 bzip2.patch diff --git a/bzip2-32/.signature b/bzip2-32/.signature index aec1f16..3407a31 100644 --- a/bzip2-32/.signature +++ b/bzip2-32/.signature @@ -1,6 +1,7 @@ untrusted comment: verify with /etc/ports/compat-32.pub -RWSwxGo/zH7eXdBNhGS2wUIB+vrItt3sy0lfMdyrmv6h8k6v48iI5+nOthqHdDzLLYW8KFFK0S7MCX3oS1ej7k7SqLHJZ2UVPgk= -SHA256 (Pkgfile) = 765399b75bb6bf22746d2aee13d9c8243426420d41eb877d77ee900e7bbc0930 +RWSwxGo/zH7eXYJdJTk6lQa9/hL1nZ+SxVXqM/XShfogA2nt1HXaB+q99+6LpQDd5z9/uAqGaZpY0GADucx0SxelRNTaaF8g7g4= +SHA256 (Pkgfile) = 6d385c5d20a15ee54efd86b8021325628892e4907e16ec590dd9f2d50d25e4ee SHA256 (.footprint) = 14e78943cc31fbae38e4ec6c8b3aeaa7afdc2dd29948006833478f1a52707f89 SHA256 (bzip2-1.0.6.tar.gz) = a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd -SHA256 (bzip2.patch) = 45715e151b26b7c9731bd59934ae6aa6f1b5d48332f23aed2d71667eada1fb76 +SHA256 (bzip2.patch) = b8aa64ff17bc5704cbaf2b7012086575acfa6557c89fafdcc6dcd847fb29b5cf +SHA256 (CVE-2016-3189.patch) = 5c1cce66d2d1dfa61a627734c1a00bf0441c5ab6be0458676e20787705a14a6b diff --git a/bzip2-32/CVE-2016-3189.patch b/bzip2-32/CVE-2016-3189.patch new file mode 100644 index 0000000..d947130 --- /dev/null +++ b/bzip2-32/CVE-2016-3189.patch @@ -0,0 +1,10 @@ +--- a/bzip2recover.c ++++ b/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; diff --git a/bzip2-32/Pkgfile b/bzip2-32/Pkgfile index cc5c957..9e3a5e8 100644 --- a/bzip2-32/Pkgfile +++ b/bzip2-32/Pkgfile @@ -4,14 +4,18 @@ name=bzip2-32 version=1.0.6 -release=1 -source=(http://www.bzip.org/$version/bzip2-$version.tar.gz \ - bzip2.patch) +release=2 +source=( + #http://www.bzip.org/$version/${name%-*}-$version.tar.gz + https://fossies.org/linux/misc/${name%-*}-$version.tar.gz + bzip2.patch + CVE-2016-3189.patch) build() { - cd bzip2-$version + cd ${name%-*}-$version - patch -Np1 -i $SRC/bzip2.patch + patch -p1 -i $SRC/bzip2.patch + patch -p1 -i $SRC/CVE-2016-3189.patch sed -i -e 's,$(PREFIX)/lib,$(PREFIX)/lib32,g' Makefile{,-libbz2_so} @@ -22,5 +26,6 @@ build() { make -f Makefile-libbz2_so make -f Makefile-libbz2_so PREFIX=$PKG/usr install - rm -rf $PKG/usr/{bin,include,man} + + rm -r $PKG/usr/{bin,include,share} } diff --git a/bzip2-32/bzip2.patch b/bzip2-32/bzip2.patch index f0f9341..fa0dc9d 100644 --- a/bzip2-32/bzip2.patch +++ b/bzip2-32/bzip2.patch @@ -53,7 +53,7 @@ diff -aur bzip2-1.0.6.orig/Makefile bzip2-1.0.6/Makefile - echo ".so man1/bzdiff.1" > $(PREFIX)/man/man1/bzcmp.1 + install -d $(PREFIX)/bin \ + $(PREFIX)/lib \ -+ $(PREFIX)/man/man1 \ ++ $(PREFIX)/share/man/man1 \ + $(PREFIX)/include + install -m 755 bzip2 \ + bzip2recover \ @@ -73,14 +73,14 @@ diff -aur bzip2-1.0.6.orig/Makefile bzip2-1.0.6/Makefile + bzgrep.1 \ + bzmore.1 \ + bzdiff.1 \ -+ $(PREFIX)/man/man1 -+ ln -sf bzgrep.1 $(PREFIX)/man/man1/bzegrep.1 -+ ln -sf bzgrep.1 $(PREFIX)/man/man1/bzfgrep.1 -+ ln -sf bzmore.1 $(PREFIX)/man/man1/bzless.1 -+ ln -sf bzdiff.1 $(PREFIX)/man/man1/bzcmp.1 -+ ln -sf bzip2.1 $(PREFIX)/man/man1/bunzip2.1 -+ ln -sf bzip2.1 $(PREFIX)/man/man1/bzcat.1 -+ ln -sf bzip2.1 $(PREFIX)/man/man1/bzip2recover.1 ++ $(PREFIX)/share/man/man1 ++ ln -sf bzgrep.1 $(PREFIX)/share/man/man1/bzegrep.1 ++ ln -sf bzgrep.1 $(PREFIX)/share/man/man1/bzfgrep.1 ++ ln -sf bzmore.1 $(PREFIX)/share/man/man1/bzless.1 ++ ln -sf bzdiff.1 $(PREFIX)/share/man/man1/bzcmp.1 ++ ln -sf bzip2.1 $(PREFIX)/share/man/man1/bunzip2.1 ++ ln -sf bzip2.1 $(PREFIX)/share/man/man1/bzcat.1 ++ ln -sf bzip2.1 $(PREFIX)/share/man/man1/bzip2recover.1 clean: rm -f *.o libbz2.a bzip2 bzip2recover \