rpms/bzip2/F-7 bzip2-1.0.5.patch,NONE,1.1 bzip2.spec,1.31,1.32
Ivana Varekova (varekova)
fedora-extras-commits at redhat.com
Tue Apr 1 08:53:58 UTC 2008
Author: varekova
Update of /cvs/pkgs/rpms/bzip2/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28804
Modified Files:
bzip2.spec
Added Files:
bzip2-1.0.5.patch
Log Message:
- fix cash on malformed archive file - CVE-2008-1372 (#438118)
(apply upstream patch)
bzip2-1.0.5.patch:
--- NEW FILE bzip2-1.0.5.patch ---
diff -urN bzip2-1.0.4/bzlib.c bzip2-1.0.5/bzlib.c
--- bzip2-1.0.4/bzlib.c 2007-01-02 21:00:55.000000000 -0500
+++ bzip2-1.0.5/bzlib.c 2007-12-09 08:57:21.000000000 -0500
@@ -598,6 +598,7 @@
UInt32 c_tPos = s->tPos;
char* cs_next_out = s->strm->next_out;
unsigned int cs_avail_out = s->strm->avail_out;
+ Int32 ro_blockSize100k = s->blockSize100k;
/* end restore */
UInt32 avail_out_INIT = cs_avail_out;
diff -urN bzip2-1.0.4/bzlib_private.h bzip2-1.0.5/bzlib_private.h
--- bzip2-1.0.4/bzlib_private.h 2007-01-02 21:00:55.000000000 -0500
+++ bzip2-1.0.5/bzlib_private.h 2007-12-09 09:00:46.000000000 -0500
@@ -442,11 +442,15 @@
/*-- Macros for decompression. --*/
#define BZ_GET_FAST(cccc) \
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
s->tPos = s->tt[s->tPos]; \
cccc = (UChar)(s->tPos & 0xff); \
s->tPos >>= 8;
#define BZ_GET_FAST_C(cccc) \
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
c_tPos = c_tt[c_tPos]; \
cccc = (UChar)(c_tPos & 0xff); \
c_tPos >>= 8;
@@ -469,8 +473,10 @@
(((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
#define BZ_GET_SMALL(cccc) \
- cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
- s->tPos = GET_LL(s->tPos);
+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
+ cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \
+ s->tPos = GET_LL(s->tPos);
/*-- externs for decompression. --*/
Index: bzip2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/bzip2/F-7/bzip2.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- bzip2.spec 4 Apr 2007 13:55:03 -0000 1.31
+++ bzip2.spec 1 Apr 2008 08:53:22 -0000 1.32
@@ -1,7 +1,7 @@
Summary: A file compression utility
Name: bzip2
Version: 1.0.4
-Release: 10%{?dist}
+Release: 11%{?dist}
License: BSD
Group: Applications/File
URL: http://www.bzip.org/
@@ -9,6 +9,7 @@
Patch0: bzip2-1.0.4-saneso.patch
Patch5: bzip2-1.0.4-cflags.patch
Patch6: bzip2-1.0.4-bzip2recover.patch
+Patch7: bzip2-1.0.5.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@@ -45,6 +46,7 @@
%patch0 -p1 -b .saneso
%patch5 -p1 -b .cflags
%patch6 -p1 -b .bz2recover
+%patch7 -p1 -b .1.0.5
%build
@@ -108,6 +110,10 @@
%{_libdir}/*.a
%changelog
+* Tue Apr 1 2008 Ivana Varekova <varekova at redhat.com> 1.0.4-11
+- fix cash on malformed archive file - CVE-2008-1372 (#438118)
+ (apply upstream patch)
+
* Wed Apr 4 2007 Ivana Varekova <varekova at redhat.com> 1.0.4-10
- change libz.a permissions
More information about the fedora-extras-commits
mailing list