From b1eb50599e4db7eb4501af75cbbfa22007081ea5 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Thu, 14 Jun 2018 02:22:19 -0500 Subject: The New Plan all pkgs needed to bootstrap -> system others -> user --- system/bzip2/APKBUILD | 74 +++++++++++ system/bzip2/CVE-2016-3189.patch | 12 ++ system/bzip2/bzip2-1.0.2-progress.patch | 175 +++++++++++++++++++++++++ system/bzip2/bzip2-1.0.3-no-test.patch | 9 ++ system/bzip2/bzip2-1.0.4-POSIX-shell.patch | 21 +++ system/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch | 25 ++++ system/bzip2/bzip2-1.0.4-man-links.patch | 12 ++ system/bzip2/bzip2-1.0.6-saneso.patch | 13 ++ 8 files changed, 341 insertions(+) create mode 100644 system/bzip2/APKBUILD create mode 100644 system/bzip2/CVE-2016-3189.patch create mode 100644 system/bzip2/bzip2-1.0.2-progress.patch create mode 100644 system/bzip2/bzip2-1.0.3-no-test.patch create mode 100644 system/bzip2/bzip2-1.0.4-POSIX-shell.patch create mode 100644 system/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch create mode 100644 system/bzip2/bzip2-1.0.4-man-links.patch create mode 100644 system/bzip2/bzip2-1.0.6-saneso.patch (limited to 'system/bzip2') diff --git a/system/bzip2/APKBUILD b/system/bzip2/APKBUILD new file mode 100644 index 000000000..aa73e70ab --- /dev/null +++ b/system/bzip2/APKBUILD @@ -0,0 +1,74 @@ +# Maintainer: Natanael Copa +pkgname=bzip2 +pkgver=1.0.6 +pkgrel=6 +pkgdesc="A high-quality data compression program" +url="http://sources.redhat.com/bzip2" +arch="all" +license="BSD" +depends="" +subpackages="$pkgname-dev $pkgname-doc libbz2" +source="http://www.bzip.org/$pkgver/$pkgname-$pkgver.tar.gz + bzip2-1.0.4-makefile-CFLAGS.patch + bzip2-1.0.6-saneso.patch + bzip2-1.0.4-man-links.patch + bzip2-1.0.2-progress.patch + bzip2-1.0.3-no-test.patch + bzip2-1.0.4-POSIX-shell.patch + CVE-2016-3189.patch + " + +# secfixes: +# 1.0.6-r5: +# - CVE-2016-3189 + +builddir="$srcdir"/$pkgname-$pkgver +prepare() { + default_prepare + + # Fix man path + # Generate relative symlinks + sed -i \ + -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \ + -e 's:ln -s -f $(PREFIX)/bin/:ln -s :' \ + Makefile + + # fixup broken version stuff + sed -i \ + -e "s:1\.0\.4:$pkgver:" \ + bzip2.1 bzip2.txt Makefile-libbz2_so manual.* +} + +build () { + cd "$builddir" + make -f Makefile-libbz2_so all + make all +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make PREFIX="$pkgdir"/usr install + install -D libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so.$pkgver + ln -s libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so + ln -s libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so.${pkgver%%.*} +} + +libbz2() { + pkgdesc="Shared library for bz2" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/*.so.* "$subpkgdir"/usr/lib/ +} + +sha512sums="00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12 bzip2-1.0.6.tar.gz +58cc37430555520b6e35db2740e699cf37eacdd82989c21a222a593e36288710a0defb003662d4238235c12b3764bfc89cd646e6be9d0a08d54bd2c9baa6ad15 bzip2-1.0.4-makefile-CFLAGS.patch +8a7528b5b931bb72f637c6940bc811d54fb816fd5bb453af56d9b4a87091004eb5e191ba799d972794b24c56cf8134344a618b58946d3f1d985c508f88190845 bzip2-1.0.6-saneso.patch +2d9a306bc0f552a58916ebc702d32350a225103c487e070d2082121a54e07f1813d3228f43293cc80a4bee62053fd597294c99a1751b1685cd678f4e5c6a2fe7 bzip2-1.0.4-man-links.patch +b6810c73428f17245e0d7c2decd00c88986cd8ad1cfe4982defe34bdab808d53870ed92cb513b2d00c15301747ceb6ca958fb0e0458d0663b7d8f7c524f7ba4e bzip2-1.0.2-progress.patch +aefcafaaadc7f19b20fe023e0bd161127b9f32e0cd364621f6e5c03e95fb976e7e69e354ec46673a554392519532a3bfe56d982a5cde608c10e0b18c3847a030 bzip2-1.0.3-no-test.patch +64ab461bf739c29615383750e7f260abb2d49df7eb23916940d512bd61fd9a37aaade4d8f6f94280c95fc781b8f92587ad4f3dda51e87dec7a92a7a6f8d8ae86 bzip2-1.0.4-POSIX-shell.patch +cef6f448b661a775cc433f9636730e89c1285d07075536217657056be56e0a11e96f41f7c14f6ec59e235464b9ddd649a71fb8de1c60eda2fd5c2cdfbb6a8fdc CVE-2016-3189.patch" diff --git a/system/bzip2/CVE-2016-3189.patch b/system/bzip2/CVE-2016-3189.patch new file mode 100644 index 000000000..6622670c9 --- /dev/null +++ b/system/bzip2/CVE-2016-3189.patch @@ -0,0 +1,12 @@ +diff --git a/bzip2recover.c b/bzip2recover.c +index f9de049..d159c92 100644 +--- a/bzip2recover.c ++++ b/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; diff --git a/system/bzip2/bzip2-1.0.2-progress.patch b/system/bzip2/bzip2-1.0.2-progress.patch new file mode 100644 index 000000000..2f389cfac --- /dev/null +++ b/system/bzip2/bzip2-1.0.2-progress.patch @@ -0,0 +1,175 @@ +Ripped from Mandrake. + +http://bugs.gentoo.org/show_bug.cgi?id=82192 + +--- bzip2-1.0.2.org/bzip2.1 ++++ bzip2-1.0.2/bzip2.1 +@@ -235,6 +235,10 @@ + Suppress non-essential warning messages. Messages pertaining to + I/O errors and other critical events will not be suppressed. + .TP ++.B \-p --show-progress ++Show percentage of input-file done and while compressing show the percentage ++of the original file the new file is. ++.TP + .B \-v --verbose + Verbose mode -- show the compression ratio for each file processed. + Further \-v's increase the verbosity level, spewing out lots of +--- bzip2-1.0.2.org/bzip2.c ++++ bzip2-1.0.2/bzip2.c +@@ -145,6 +145,7 @@ + #include + #include + #include ++#include + #include + #include "bzlib.h" + +@@ -301,6 +302,7 @@ + Char progNameReally[FILE_NAME_LEN]; + FILE *outputHandleJustInCase; + Int32 workFactor; ++Char showProgress; + + static void panic ( Char* ) NORETURN; + static void ioError ( void ) NORETURN; +@@ -425,6 +427,12 @@ + UInt32 nbytes_in_lo32, nbytes_in_hi32; + UInt32 nbytes_out_lo32, nbytes_out_hi32; + Int32 bzerr, bzerr_dummy, ret; ++ double fileSize = 0; /* initialized to make the compiler stop crying */ ++ /* double because big files might otherwhise give ++ * overflows. not long long since not all compilers ++ * support that one ++ */ ++ time_t startTime, currentTime; + + SET_BINARY_MODE(stream); + SET_BINARY_MODE(zStream); +@@ -432,12 +440,21 @@ + if (ferror(stream)) goto errhandler_io; + if (ferror(zStream)) goto errhandler_io; + ++ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { ++ (void)fseek(stream, 0, SEEK_END); ++ fileSize = (double)ftell(stream); ++ rewind(stream); ++ if (verbosity >= 1) ++ fprintf(stderr, "Input-file size: %ld\n", (long)fileSize); ++ } ++ + bzf = BZ2_bzWriteOpen ( &bzerr, zStream, + blockSize100k, verbosity, workFactor ); + if (bzerr != BZ_OK) goto errhandler; + + if (verbosity >= 2) fprintf ( stderr, "\n" ); + ++ time(&startTime); + while (True) { + + if (myfeof(stream)) break; +@@ -446,13 +463,32 @@ + if (nIbuf > 0) BZ2_bzWrite ( &bzerr, bzf, (void*)ibuf, nIbuf ); + if (bzerr != BZ_OK) goto errhandler; + ++ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) ++ { ++ time(¤tTime); ++ ++ if ((currentTime - startTime) > 1) { /* show progress every 2 seconds */ ++ double curInPos = (double)ftell(stream); ++ double curOutPos = (double)ftell(zStream); ++ ++ startTime = currentTime; ++ ++ fprintf(stderr, "%.2f%% done", (curInPos * 100.0) / fileSize); ++ if (srcMode == SM_F2F) ++ { ++ fprintf(stderr, ", new size: %.2f%%", (curOutPos * 100.0) / curInPos); ++ } ++ ++ fprintf(stderr, " \r"); ++ } ++ } + } + + BZ2_bzWriteClose64 ( &bzerr, bzf, 0, + &nbytes_in_lo32, &nbytes_in_hi32, + &nbytes_out_lo32, &nbytes_out_hi32 ); + if (bzerr != BZ_OK) goto errhandler; +- ++ + if (ferror(zStream)) goto errhandler_io; + ret = fflush ( zStream ); + if (ret == EOF) goto errhandler_io; +@@ -526,6 +562,8 @@ + UChar unused[BZ_MAX_UNUSED]; + Int32 nUnused; + UChar* unusedTmp; ++ double fileSize = 0; /* initialized to make the compiler stop crying */ ++ time_t startTime, currentTime; + + nUnused = 0; + streamNo = 0; +@@ -533,9 +571,19 @@ + SET_BINARY_MODE(stream); + SET_BINARY_MODE(zStream); + ++ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { ++ long dummy = ftell(zStream); ++ (void)fseek(zStream, 0, SEEK_END); ++ fileSize = (double)ftell(zStream); ++ (void)fseek(zStream, dummy, SEEK_SET); ++ if (verbosity >= 1) ++ fprintf(stderr, "Input-file size: %ld\n", (long)fileSize); ++ } ++ + if (ferror(stream)) goto errhandler_io; + if (ferror(zStream)) goto errhandler_io; + ++ time(&startTime); + while (True) { + + bzf = BZ2_bzReadOpen ( +@@ -551,6 +599,17 @@ + if ((bzerr == BZ_OK || bzerr == BZ_STREAM_END) && nread > 0) + fwrite ( obuf, sizeof(UChar), nread, stream ); + if (ferror(stream)) goto errhandler_io; ++ ++ if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { ++ time(¤tTime); ++ if ((currentTime - startTime) >= 2) ++ { ++ double curInPos = (double)ftell(zStream); ++ startTime = currentTime; ++ ++ fprintf(stderr, "%.2f%% done\r", (curInPos * 100.0) / fileSize); ++ } ++ } + } + if (bzerr != BZ_STREAM_END) goto errhandler; + +@@ -1872,6 +1931,7 @@ + deleteOutputOnInterrupt = False; + exitValue = 0; + i = j = 0; /* avoid bogus warning from egcs-1.1.X */ ++ showProgress = False; + + /*-- Set up signal handlers for mem access errors --*/ + signal (SIGSEGV, mySIGSEGVorSIGBUScatcher); +@@ -1949,6 +2009,7 @@ + case 'k': keepInputFiles = True; break; + case 's': smallMode = True; break; + case 'q': noisy = False; break; ++ case 'p': showProgress = True; break; + case '1': blockSize100k = 1; break; + case '2': blockSize100k = 2; break; + case '3': blockSize100k = 3; break; +@@ -1985,6 +2046,7 @@ + if (ISFLAG("--keep")) keepInputFiles = True; else + if (ISFLAG("--small")) smallMode = True; else + if (ISFLAG("--quiet")) noisy = False; else ++ if (ISFLAG("--show-progress")) showProgress = True; else + if (ISFLAG("--version")) license(); else + if (ISFLAG("--license")) license(); else + if (ISFLAG("--exponential")) workFactor = 1; else diff --git a/system/bzip2/bzip2-1.0.3-no-test.patch b/system/bzip2/bzip2-1.0.3-no-test.patch new file mode 100644 index 000000000..fc876d504 --- /dev/null +++ b/system/bzip2/bzip2-1.0.3-no-test.patch @@ -0,0 +1,9 @@ +--- ./Makefile ++++ ./Makefile +@@ -23,5 +23,5 @@ + bzlib.o + +-all: libbz2.a bzip2 bzip2recover test ++all: libbz2.a bzip2 bzip2recover + + bzip2: libbz2.a bzip2.o diff --git a/system/bzip2/bzip2-1.0.4-POSIX-shell.patch b/system/bzip2/bzip2-1.0.4-POSIX-shell.patch new file mode 100644 index 000000000..a5916eaff --- /dev/null +++ b/system/bzip2/bzip2-1.0.4-POSIX-shell.patch @@ -0,0 +1,21 @@ +bzgrep uses !/bin/sh but then uses the bashism ${var//} so replace those +with calls to sed so POSIX shells work + +http://bugs.gentoo.org/193365 + +--- ./bzgrep ++++ ./bzgrep +@@ -63,10 +63,9 @@ + bzip2 -cdfq "$i" | $grep $opt "$pat" + r=$? + else +- j=${i//\\/\\\\} +- j=${j//|/\\|} +- j=${j//&/\\&} +- j=`printf "%s" "$j" | tr '\n' ' '` ++ # the backslashes here are doubled up as we have to escape each one for the ++ # shell and then escape each one for the sed expression ++ j=`printf "%s" "${i}" | sed -e 's:\\\\:\\\\\\\\:g' -e 's:[|]:\\\\|:g' -e 's:[&]:\\\\&:g' | tr '\n' ' '` + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" + r=$? + fi diff --git a/system/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch b/system/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch new file mode 100644 index 000000000..cf146188c --- /dev/null +++ b/system/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch @@ -0,0 +1,25 @@ +--- ./Makefile ++++ ./Makefile +@@ -18,10 +18,9 @@ + CC=gcc + AR=ar + RANLIB=ranlib +-LDFLAGS= + + BIGFILES=-D_FILE_OFFSET_BITS=64 +-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) ++CFLAGS+=-Wall -Winline $(BIGFILES) $(CPPFLAGS) + + # Where you want it installed when you do 'make install' + PREFIX=/usr/local +--- ./Makefile-libbz2_so ++++ ./Makefile-libbz2_so +@@ -24,7 +24,7 @@ + SHELL=/bin/sh + CC=gcc + BIGFILES=-D_FILE_OFFSET_BITS=64 +-CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) ++CFLAGS+=-fpic -fPIC -Wall -Winline $(BIGFILES) $(CPPFLAGS) + + OBJS= blocksort.o \ + huffman.o \ diff --git a/system/bzip2/bzip2-1.0.4-man-links.patch b/system/bzip2/bzip2-1.0.4-man-links.patch new file mode 100644 index 000000000..2427d6a7f --- /dev/null +++ b/system/bzip2/bzip2-1.0.4-man-links.patch @@ -0,0 +1,12 @@ +http://bugs.gentoo.org/172986 + +--- bzip2-1.0.4/Makefile ++++ bzip2-1.0.4/Makefile +@@ -85,4 +85,7 @@ + cp -f bzip2.1 $(PREFIX)/share/man/man1 + chmod a+r $(PREFIX)/share/man/man1/bzip2.1 ++ ln -s bzip2.1 $(PREFIX)/share/man/man1/bunzip2.1 ++ ln -s bzip2.1 $(PREFIX)/share/man/man1/bzcat.1 ++ ln -s bzip2.1 $(PREFIX)/share/man/man1/bzip2recover.1 + cp -f bzlib.h $(PREFIX)/include + chmod a+r $(PREFIX)/include/bzlib.h diff --git a/system/bzip2/bzip2-1.0.6-saneso.patch b/system/bzip2/bzip2-1.0.6-saneso.patch new file mode 100644 index 000000000..1968a63bf --- /dev/null +++ b/system/bzip2/bzip2-1.0.6-saneso.patch @@ -0,0 +1,13 @@ +--- ./Makefile-libbz2_so ++++ ./Makefile-libbz2_so +@@ -35,8 +35,8 @@ + bzlib.o + + all: $(OBJS) +- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) +- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 ++ $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) ++ $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 + rm -f libbz2.so.1.0 + ln -s libbz2.so.1.0.6 libbz2.so.1.0 + -- cgit v1.2.3-70-g09d2