summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-07-23 19:10:10 -0400
committerMax Rees <maxcrees@me.com>2019-07-23 19:10:10 -0400
commitb0c732dec4e83b2f18cb2cd323373b7247a6f2d3 (patch)
tree57bf26622e248cc0d71b344617cd91039fce619c
parent0b09c67b8eba048295e57af90599dd74d1e30df8 (diff)
downloadpackages-b0c732dec4e83b2f18cb2cd323373b7247a6f2d3.tar.gz
packages-b0c732dec4e83b2f18cb2cd323373b7247a6f2d3.tar.bz2
packages-b0c732dec4e83b2f18cb2cd323373b7247a6f2d3.tar.xz
packages-b0c732dec4e83b2f18cb2cd323373b7247a6f2d3.zip
system/bzip2: [CVE] bump to 1.0.8
bzip2-1.0.4-POSIX-shell.patch integrated: https://sourceware.org/git/?p=bzip2.git;a=commit;h=33414da1d2bedf2cbe693f0e21fdaef11d221b1d CVE-2016-3189.patch integrated: https://sourceware.org/git/?p=bzip2.git;a=commit;h=c1cdd98db3238cb711c7d9cdc5671452ce2822cb
-rw-r--r--system/bzip2/APKBUILD26
-rw-r--r--system/bzip2/bzip2-1.0.4-POSIX-shell.patch21
-rw-r--r--system/bzip2/bzip2-1.0.6-saneso.patch13
-rw-r--r--system/bzip2/bzip2-1.0.8-saneso.patch13
4 files changed, 25 insertions, 48 deletions
diff --git a/system/bzip2/APKBUILD b/system/bzip2/APKBUILD
index 54b3e4d66..ed22b0137 100644
--- a/system/bzip2/APKBUILD
+++ b/system/bzip2/APKBUILD
@@ -1,28 +1,28 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=bzip2
-pkgver=1.0.6
-pkgrel=7
+pkgver=1.0.8
+pkgrel=0
pkgdesc="A high-quality data compression program"
-url="http://sources.redhat.com/bzip2"
+url="https://www.sourceware.org/bzip2/"
arch="all"
license="BSD-4-Clause"
depends=""
subpackages="$pkgname-dev $pkgname-doc libbz2"
-source="https://downloads.sourceforge.net/bzip2/$pkgname-$pkgver.tar.gz
+source="https://sourceware.org/pub/bzip2/$pkgname-$pkgver.tar.gz
bzip2-1.0.4-makefile-CFLAGS.patch
- bzip2-1.0.6-saneso.patch
+ bzip2-1.0.8-saneso.patch
bzip2-1.0.4-man-links.patch
bzip2-1.0.2-progress.patch
bzip2-1.0.3-no-test.patch
- bzip2-1.0.4-POSIX-shell.patch
- CVE-2016-3189.patch
"
+builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 1.0.6-r5:
-# - CVE-2016-3189
+# - CVE-2016-3189
+# 1.0.8-r0:
+# - CVE-2019-12900
-builddir="$srcdir"/$pkgname-$pkgver
prepare() {
default_prepare
@@ -64,11 +64,9 @@ libbz2() {
mv "$pkgdir"/usr/lib/*.so.* "$subpkgdir"/usr/lib/
}
-sha512sums="00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12 bzip2-1.0.6.tar.gz
+sha512sums="083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3 bzip2-1.0.8.tar.gz
58cc37430555520b6e35db2740e699cf37eacdd82989c21a222a593e36288710a0defb003662d4238235c12b3764bfc89cd646e6be9d0a08d54bd2c9baa6ad15 bzip2-1.0.4-makefile-CFLAGS.patch
-8a7528b5b931bb72f637c6940bc811d54fb816fd5bb453af56d9b4a87091004eb5e191ba799d972794b24c56cf8134344a618b58946d3f1d985c508f88190845 bzip2-1.0.6-saneso.patch
+bc52f6efc63ac8d06fcbbb0446cc9c8025964ba0651ef493b5a124e838bf03bebb0ef56247fdd007265c8ea091f3458e832a53856228e7fefa4d20a55065bba3 bzip2-1.0.8-saneso.patch
2d9a306bc0f552a58916ebc702d32350a225103c487e070d2082121a54e07f1813d3228f43293cc80a4bee62053fd597294c99a1751b1685cd678f4e5c6a2fe7 bzip2-1.0.4-man-links.patch
b6810c73428f17245e0d7c2decd00c88986cd8ad1cfe4982defe34bdab808d53870ed92cb513b2d00c15301747ceb6ca958fb0e0458d0663b7d8f7c524f7ba4e bzip2-1.0.2-progress.patch
-aefcafaaadc7f19b20fe023e0bd161127b9f32e0cd364621f6e5c03e95fb976e7e69e354ec46673a554392519532a3bfe56d982a5cde608c10e0b18c3847a030 bzip2-1.0.3-no-test.patch
-64ab461bf739c29615383750e7f260abb2d49df7eb23916940d512bd61fd9a37aaade4d8f6f94280c95fc781b8f92587ad4f3dda51e87dec7a92a7a6f8d8ae86 bzip2-1.0.4-POSIX-shell.patch
-cef6f448b661a775cc433f9636730e89c1285d07075536217657056be56e0a11e96f41f7c14f6ec59e235464b9ddd649a71fb8de1c60eda2fd5c2cdfbb6a8fdc CVE-2016-3189.patch"
+aefcafaaadc7f19b20fe023e0bd161127b9f32e0cd364621f6e5c03e95fb976e7e69e354ec46673a554392519532a3bfe56d982a5cde608c10e0b18c3847a030 bzip2-1.0.3-no-test.patch"
diff --git a/system/bzip2/bzip2-1.0.4-POSIX-shell.patch b/system/bzip2/bzip2-1.0.4-POSIX-shell.patch
deleted file mode 100644
index a5916eaff..000000000
--- a/system/bzip2/bzip2-1.0.4-POSIX-shell.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-bzgrep uses !/bin/sh but then uses the bashism ${var//} so replace those
-with calls to sed so POSIX shells work
-
-http://bugs.gentoo.org/193365
-
---- ./bzgrep
-+++ ./bzgrep
-@@ -63,10 +63,9 @@
- bzip2 -cdfq "$i" | $grep $opt "$pat"
- r=$?
- else
-- j=${i//\\/\\\\}
-- j=${j//|/\\|}
-- j=${j//&/\\&}
-- j=`printf "%s" "$j" | tr '\n' ' '`
-+ # the backslashes here are doubled up as we have to escape each one for the
-+ # shell and then escape each one for the sed expression
-+ j=`printf "%s" "${i}" | sed -e 's:\\\\:\\\\\\\\:g' -e 's:[|]:\\\\|:g' -e 's:[&]:\\\\&:g' | tr '\n' ' '`
- bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
- r=$?
- fi
diff --git a/system/bzip2/bzip2-1.0.6-saneso.patch b/system/bzip2/bzip2-1.0.6-saneso.patch
deleted file mode 100644
index 1968a63bf..000000000
--- a/system/bzip2/bzip2-1.0.6-saneso.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- ./Makefile-libbz2_so
-+++ ./Makefile-libbz2_so
-@@ -35,8 +35,8 @@
- bzlib.o
-
- all: $(OBJS)
-- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS)
-- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
-+ $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
-+ $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- rm -f libbz2.so.1.0
- ln -s libbz2.so.1.0.6 libbz2.so.1.0
-
diff --git a/system/bzip2/bzip2-1.0.8-saneso.patch b/system/bzip2/bzip2-1.0.8-saneso.patch
new file mode 100644
index 000000000..7aab257af
--- /dev/null
+++ b/system/bzip2/bzip2-1.0.8-saneso.patch
@@ -0,0 +1,13 @@
+--- bzip2-1.0.8/Makefile-libbz2_so 2019-07-13 17:50:05.000000000 +0000
++++ bzip2-1.0.8/Makefile-libbz2_so 2019-07-23 22:36:08.050034514 +0000
+@@ -35,8 +35,8 @@ OBJS= blocksort.o \
+ bzlib.o
+
+ all: $(OBJS)
+- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
+- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
++ $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
++ $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+ rm -f libbz2.so.1.0
+ ln -s libbz2.so.1.0.8 libbz2.so.1.0
+