diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-22 07:03:19 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-09-22 08:56:44 +0000 |
commit | 609601d663d130ce924db4936d05ceff1e4c36b3 (patch) | |
tree | 9aa592ced8d7498a37d24bbf453957e98d913ec5 | |
parent | 647999fdf3057d2b7756f0ee137ef030bca22056 (diff) | |
download | alpine_aports-609601d663d130ce924db4936d05ceff1e4c36b3.tar.bz2 alpine_aports-609601d663d130ce924db4936d05ceff1e4c36b3.tar.xz alpine_aports-609601d663d130ce924db4936d05ceff1e4c36b3.zip |
main/bzip2: upgrade to 1.0.6. security fix for CVE-2010-0405
(cherry picked from commit 1b7a989a8a8e1ce2bef83fb1f9f2488254ac5d75)
-rw-r--r-- | main/bzip2/APKBUILD | 57 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.2-progress.patch | 175 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.3-no-test.patch | 9 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.4-POSIX-shell.patch | 4 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch | 12 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.4-saneso.patch | 13 | ||||
-rw-r--r-- | main/bzip2/bzip2-1.0.6-saneso.patch | 13 |
7 files changed, 246 insertions, 37 deletions
diff --git a/main/bzip2/APKBUILD b/main/bzip2/APKBUILD index 1081978b5c..23ffa64745 100644 --- a/main/bzip2/APKBUILD +++ b/main/bzip2/APKBUILD | |||
@@ -1,27 +1,33 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=bzip2 | 2 | pkgname=bzip2 |
3 | pkgver=1.0.5 | 3 | pkgver=1.0.6 |
4 | pkgrel=2 | 4 | pkgrel=0 |
5 | pkgdesc="A high-quality data compression program" | 5 | pkgdesc="A high-quality data compression program" |
6 | url="http://sources.redhat.com/bzip2" | 6 | url="http://sources.redhat.com/bzip2" |
7 | license="BZIP2" | 7 | license="BZIP2" |
8 | depends="" | 8 | depends="" |
9 | install="$pkgname.post-deinstall" | 9 | install="$pkgname.post-deinstall" |
10 | source="http://www.bzip.org/$pkgver/$pkgname-$pkgver.tar.gz | 10 | source="http://www.bzip.org/$pkgver/$pkgname-$pkgver.tar.gz |
11 | $install | ||
12 | bzip2-1.0.4-POSIX-shell.patch | ||
13 | bzip2-1.0.4-makefile-CFLAGS.patch | 11 | bzip2-1.0.4-makefile-CFLAGS.patch |
12 | bzip2-1.0.6-saneso.patch | ||
14 | bzip2-1.0.4-man-links.patch | 13 | bzip2-1.0.4-man-links.patch |
15 | bzip2-1.0.4-saneso.patch | 14 | bzip2-1.0.2-progress.patch |
15 | bzip2-1.0.3-no-test.patch | ||
16 | bzip2-1.0.4-POSIX-shell.patch | ||
16 | " | 17 | " |
17 | subpackages="$pkgname-dev $pkgname-doc" | 18 | subpackages="$pkgname-dev $pkgname-doc libbz2" |
18 | 19 | ||
19 | build () { | 20 | _builddir="$srcdir"/$pkgname-$pkgver |
21 | prepare() { | ||
20 | local i | 22 | local i |
21 | cd "$srcdir"/$pkgname-$pkgver | 23 | cd "$_builddir" |
22 | for i in ../*.patch; do | 24 | for i in $source; do |
23 | msg "Applying ${i##*/}" | 25 | case $i in |
24 | patch -p1 < $i || return 1 | 26 | *.patch) |
27 | msg "Applying $i" | ||
28 | patch -p1 -i "$srcdir"/$i || return 1 | ||
29 | ;; | ||
30 | esac | ||
25 | done | 31 | done |
26 | 32 | ||
27 | # Fix man path | 33 | # Fix man path |
@@ -36,13 +42,32 @@ build () { | |||
36 | -e "s:1\.0\.4:$pkgver:" \ | 42 | -e "s:1\.0\.4:$pkgver:" \ |
37 | bzip2.1 bzip2.txt Makefile-libbz2_so manual.* || return 1 | 43 | bzip2.1 bzip2.txt Makefile-libbz2_so manual.* || return 1 |
38 | 44 | ||
45 | } | ||
46 | |||
47 | build () { | ||
48 | cd "$_builddir" | ||
39 | make -f Makefile-libbz2_so all || return 1 | 49 | make -f Makefile-libbz2_so all || return 1 |
40 | make all || return 1 | 50 | make all || return 1 |
51 | } | ||
52 | |||
53 | package() { | ||
54 | cd "$_builddir" | ||
41 | make PREFIX="$pkgdir"/usr install || return 1 | 55 | make PREFIX="$pkgdir"/usr install || return 1 |
56 | install -D libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so.$pkgver | ||
57 | ln -s libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so | ||
58 | ln -s libbz2.so.$pkgver "$pkgdir"/usr/lib/libbz2.so.${pkgver%%.*} | ||
42 | } | 59 | } |
43 | md5sums="3c15a0c8d1d3ee1c46a1634d00617b1a bzip2-1.0.5.tar.gz | 60 | |
44 | b84506d253e04db3c5af9016fead45a3 bzip2.post-deinstall | 61 | libbz2() { |
45 | 2e9bcfeb1614b55f5ba2d087ac65a3fe bzip2-1.0.4-POSIX-shell.patch | 62 | pkgdesc="Shared library for bz2" |
46 | 56b90131e3c2ae425b758de9c7be7682 bzip2-1.0.4-makefile-CFLAGS.patch | 63 | mkdir -p "$subpkgdir"/usr/lib |
64 | mv "$pkgdir"/usr/lib/*.so.* "$subpkgdir"/usr/lib/ | ||
65 | } | ||
66 | |||
67 | md5sums="00b516f4704d4a7cb50a1d97e6e8e15b bzip2-1.0.6.tar.gz | ||
68 | 3675cd4db6affe64e1d7d40bc2ad4f26 bzip2-1.0.4-makefile-CFLAGS.patch | ||
69 | d47a4aa8f08d101aa5aa0dd2030338d1 bzip2-1.0.6-saneso.patch | ||
47 | fd13ef6bc55276c7e3adc346bde56cd1 bzip2-1.0.4-man-links.patch | 70 | fd13ef6bc55276c7e3adc346bde56cd1 bzip2-1.0.4-man-links.patch |
48 | 643983e8134723ebe53c858b1a3938ad bzip2-1.0.4-saneso.patch" | 71 | 5f7a98f0aaaed6554126d30e28383ee0 bzip2-1.0.2-progress.patch |
72 | 804bd17c96297968a89fc4eddc9a6713 bzip2-1.0.3-no-test.patch | ||
73 | 55ac0e9be7821190b99376e0205707be bzip2-1.0.4-POSIX-shell.patch" | ||
diff --git a/main/bzip2/bzip2-1.0.2-progress.patch b/main/bzip2/bzip2-1.0.2-progress.patch new file mode 100644 index 0000000000..2f389cfac9 --- /dev/null +++ b/main/bzip2/bzip2-1.0.2-progress.patch | |||
@@ -0,0 +1,175 @@ | |||
1 | Ripped from Mandrake. | ||
2 | |||
3 | http://bugs.gentoo.org/show_bug.cgi?id=82192 | ||
4 | |||
5 | --- bzip2-1.0.2.org/bzip2.1 | ||
6 | +++ bzip2-1.0.2/bzip2.1 | ||
7 | @@ -235,6 +235,10 @@ | ||
8 | Suppress non-essential warning messages. Messages pertaining to | ||
9 | I/O errors and other critical events will not be suppressed. | ||
10 | .TP | ||
11 | +.B \-p --show-progress | ||
12 | +Show percentage of input-file done and while compressing show the percentage | ||
13 | +of the original file the new file is. | ||
14 | +.TP | ||
15 | .B \-v --verbose | ||
16 | Verbose mode -- show the compression ratio for each file processed. | ||
17 | Further \-v's increase the verbosity level, spewing out lots of | ||
18 | --- bzip2-1.0.2.org/bzip2.c | ||
19 | +++ bzip2-1.0.2/bzip2.c | ||
20 | @@ -145,6 +145,7 @@ | ||
21 | #include <signal.h> | ||
22 | #include <math.h> | ||
23 | #include <errno.h> | ||
24 | +#include <time.h> | ||
25 | #include <ctype.h> | ||
26 | #include "bzlib.h" | ||
27 | |||
28 | @@ -301,6 +302,7 @@ | ||
29 | Char progNameReally[FILE_NAME_LEN]; | ||
30 | FILE *outputHandleJustInCase; | ||
31 | Int32 workFactor; | ||
32 | +Char showProgress; | ||
33 | |||
34 | static void panic ( Char* ) NORETURN; | ||
35 | static void ioError ( void ) NORETURN; | ||
36 | @@ -425,6 +427,12 @@ | ||
37 | UInt32 nbytes_in_lo32, nbytes_in_hi32; | ||
38 | UInt32 nbytes_out_lo32, nbytes_out_hi32; | ||
39 | Int32 bzerr, bzerr_dummy, ret; | ||
40 | + double fileSize = 0; /* initialized to make the compiler stop crying */ | ||
41 | + /* double because big files might otherwhise give | ||
42 | + * overflows. not long long since not all compilers | ||
43 | + * support that one | ||
44 | + */ | ||
45 | + time_t startTime, currentTime; | ||
46 | |||
47 | SET_BINARY_MODE(stream); | ||
48 | SET_BINARY_MODE(zStream); | ||
49 | @@ -432,12 +440,21 @@ | ||
50 | if (ferror(stream)) goto errhandler_io; | ||
51 | if (ferror(zStream)) goto errhandler_io; | ||
52 | |||
53 | + if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { | ||
54 | + (void)fseek(stream, 0, SEEK_END); | ||
55 | + fileSize = (double)ftell(stream); | ||
56 | + rewind(stream); | ||
57 | + if (verbosity >= 1) | ||
58 | + fprintf(stderr, "Input-file size: %ld\n", (long)fileSize); | ||
59 | + } | ||
60 | + | ||
61 | bzf = BZ2_bzWriteOpen ( &bzerr, zStream, | ||
62 | blockSize100k, verbosity, workFactor ); | ||
63 | if (bzerr != BZ_OK) goto errhandler; | ||
64 | |||
65 | if (verbosity >= 2) fprintf ( stderr, "\n" ); | ||
66 | |||
67 | + time(&startTime); | ||
68 | while (True) { | ||
69 | |||
70 | if (myfeof(stream)) break; | ||
71 | @@ -446,13 +463,32 @@ | ||
72 | if (nIbuf > 0) BZ2_bzWrite ( &bzerr, bzf, (void*)ibuf, nIbuf ); | ||
73 | if (bzerr != BZ_OK) goto errhandler; | ||
74 | |||
75 | + if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) | ||
76 | + { | ||
77 | + time(¤tTime); | ||
78 | + | ||
79 | + if ((currentTime - startTime) > 1) { /* show progress every 2 seconds */ | ||
80 | + double curInPos = (double)ftell(stream); | ||
81 | + double curOutPos = (double)ftell(zStream); | ||
82 | + | ||
83 | + startTime = currentTime; | ||
84 | + | ||
85 | + fprintf(stderr, "%.2f%% done", (curInPos * 100.0) / fileSize); | ||
86 | + if (srcMode == SM_F2F) | ||
87 | + { | ||
88 | + fprintf(stderr, ", new size: %.2f%%", (curOutPos * 100.0) / curInPos); | ||
89 | + } | ||
90 | + | ||
91 | + fprintf(stderr, " \r"); | ||
92 | + } | ||
93 | + } | ||
94 | } | ||
95 | |||
96 | BZ2_bzWriteClose64 ( &bzerr, bzf, 0, | ||
97 | &nbytes_in_lo32, &nbytes_in_hi32, | ||
98 | &nbytes_out_lo32, &nbytes_out_hi32 ); | ||
99 | if (bzerr != BZ_OK) goto errhandler; | ||
100 | - | ||
101 | + | ||
102 | if (ferror(zStream)) goto errhandler_io; | ||
103 | ret = fflush ( zStream ); | ||
104 | if (ret == EOF) goto errhandler_io; | ||
105 | @@ -526,6 +562,8 @@ | ||
106 | UChar unused[BZ_MAX_UNUSED]; | ||
107 | Int32 nUnused; | ||
108 | UChar* unusedTmp; | ||
109 | + double fileSize = 0; /* initialized to make the compiler stop crying */ | ||
110 | + time_t startTime, currentTime; | ||
111 | |||
112 | nUnused = 0; | ||
113 | streamNo = 0; | ||
114 | @@ -533,9 +571,19 @@ | ||
115 | SET_BINARY_MODE(stream); | ||
116 | SET_BINARY_MODE(zStream); | ||
117 | |||
118 | + if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { | ||
119 | + long dummy = ftell(zStream); | ||
120 | + (void)fseek(zStream, 0, SEEK_END); | ||
121 | + fileSize = (double)ftell(zStream); | ||
122 | + (void)fseek(zStream, dummy, SEEK_SET); | ||
123 | + if (verbosity >= 1) | ||
124 | + fprintf(stderr, "Input-file size: %ld\n", (long)fileSize); | ||
125 | + } | ||
126 | + | ||
127 | if (ferror(stream)) goto errhandler_io; | ||
128 | if (ferror(zStream)) goto errhandler_io; | ||
129 | |||
130 | + time(&startTime); | ||
131 | while (True) { | ||
132 | |||
133 | bzf = BZ2_bzReadOpen ( | ||
134 | @@ -551,6 +599,17 @@ | ||
135 | if ((bzerr == BZ_OK || bzerr == BZ_STREAM_END) && nread > 0) | ||
136 | fwrite ( obuf, sizeof(UChar), nread, stream ); | ||
137 | if (ferror(stream)) goto errhandler_io; | ||
138 | + | ||
139 | + if ((srcMode == SM_F2F || srcMode == SM_F2O) && showProgress == True) { | ||
140 | + time(¤tTime); | ||
141 | + if ((currentTime - startTime) >= 2) | ||
142 | + { | ||
143 | + double curInPos = (double)ftell(zStream); | ||
144 | + startTime = currentTime; | ||
145 | + | ||
146 | + fprintf(stderr, "%.2f%% done\r", (curInPos * 100.0) / fileSize); | ||
147 | + } | ||
148 | + } | ||
149 | } | ||
150 | if (bzerr != BZ_STREAM_END) goto errhandler; | ||
151 | |||
152 | @@ -1872,6 +1931,7 @@ | ||
153 | deleteOutputOnInterrupt = False; | ||
154 | exitValue = 0; | ||
155 | i = j = 0; /* avoid bogus warning from egcs-1.1.X */ | ||
156 | + showProgress = False; | ||
157 | |||
158 | /*-- Set up signal handlers for mem access errors --*/ | ||
159 | signal (SIGSEGV, mySIGSEGVorSIGBUScatcher); | ||
160 | @@ -1949,6 +2009,7 @@ | ||
161 | case 'k': keepInputFiles = True; break; | ||
162 | case 's': smallMode = True; break; | ||
163 | case 'q': noisy = False; break; | ||
164 | + case 'p': showProgress = True; break; | ||
165 | case '1': blockSize100k = 1; break; | ||
166 | case '2': blockSize100k = 2; break; | ||
167 | case '3': blockSize100k = 3; break; | ||
168 | @@ -1985,6 +2046,7 @@ | ||
169 | if (ISFLAG("--keep")) keepInputFiles = True; else | ||
170 | if (ISFLAG("--small")) smallMode = True; else | ||
171 | if (ISFLAG("--quiet")) noisy = False; else | ||
172 | + if (ISFLAG("--show-progress")) showProgress = True; else | ||
173 | if (ISFLAG("--version")) license(); else | ||
174 | if (ISFLAG("--license")) license(); else | ||
175 | if (ISFLAG("--exponential")) workFactor = 1; else | ||
diff --git a/main/bzip2/bzip2-1.0.3-no-test.patch b/main/bzip2/bzip2-1.0.3-no-test.patch new file mode 100644 index 0000000000..fc876d5044 --- /dev/null +++ b/main/bzip2/bzip2-1.0.3-no-test.patch | |||
@@ -0,0 +1,9 @@ | |||
1 | --- ./Makefile | ||
2 | +++ ./Makefile | ||
3 | @@ -23,5 +23,5 @@ | ||
4 | bzlib.o | ||
5 | |||
6 | -all: libbz2.a bzip2 bzip2recover test | ||
7 | +all: libbz2.a bzip2 bzip2recover | ||
8 | |||
9 | bzip2: libbz2.a bzip2.o | ||
diff --git a/main/bzip2/bzip2-1.0.4-POSIX-shell.patch b/main/bzip2/bzip2-1.0.4-POSIX-shell.patch index 74f8df000b..a5916eaff5 100644 --- a/main/bzip2/bzip2-1.0.4-POSIX-shell.patch +++ b/main/bzip2/bzip2-1.0.4-POSIX-shell.patch | |||
@@ -3,8 +3,8 @@ with calls to sed so POSIX shells work | |||
3 | 3 | ||
4 | http://bugs.gentoo.org/193365 | 4 | http://bugs.gentoo.org/193365 |
5 | 5 | ||
6 | --- a/bzgrep | 6 | --- ./bzgrep |
7 | +++ b/bzgrep | 7 | +++ ./bzgrep |
8 | @@ -63,10 +63,9 @@ | 8 | @@ -63,10 +63,9 @@ |
9 | bzip2 -cdfq "$i" | $grep $opt "$pat" | 9 | bzip2 -cdfq "$i" | $grep $opt "$pat" |
10 | r=$? | 10 | r=$? |
diff --git a/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch b/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch index 85a3c6af6c..cf146188c3 100644 --- a/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch +++ b/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch | |||
@@ -1,5 +1,5 @@ | |||
1 | --- a/Makefile | 1 | --- ./Makefile |
2 | +++ b/Makefile | 2 | +++ ./Makefile |
3 | @@ -18,10 +18,9 @@ | 3 | @@ -18,10 +18,9 @@ |
4 | CC=gcc | 4 | CC=gcc |
5 | AR=ar | 5 | AR=ar |
@@ -8,18 +8,18 @@ | |||
8 | 8 | ||
9 | BIGFILES=-D_FILE_OFFSET_BITS=64 | 9 | BIGFILES=-D_FILE_OFFSET_BITS=64 |
10 | -CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) | 10 | -CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) |
11 | +CFLAGS+=-Wall -Winline $(BIGFILES) | 11 | +CFLAGS+=-Wall -Winline $(BIGFILES) $(CPPFLAGS) |
12 | 12 | ||
13 | # Where you want it installed when you do 'make install' | 13 | # Where you want it installed when you do 'make install' |
14 | PREFIX=/usr/local | 14 | PREFIX=/usr/local |
15 | --- a/Makefile-libbz2_so | 15 | --- ./Makefile-libbz2_so |
16 | +++ b/Makefile-libbz2_so | 16 | +++ ./Makefile-libbz2_so |
17 | @@ -24,7 +24,7 @@ | 17 | @@ -24,7 +24,7 @@ |
18 | SHELL=/bin/sh | 18 | SHELL=/bin/sh |
19 | CC=gcc | 19 | CC=gcc |
20 | BIGFILES=-D_FILE_OFFSET_BITS=64 | 20 | BIGFILES=-D_FILE_OFFSET_BITS=64 |
21 | -CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) | 21 | -CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES) |
22 | +CFLAGS+=-fpic -fPIC -Wall -Winline $(BIGFILES) | 22 | +CFLAGS+=-fpic -fPIC -Wall -Winline $(BIGFILES) $(CPPFLAGS) |
23 | 23 | ||
24 | OBJS= blocksort.o \ | 24 | OBJS= blocksort.o \ |
25 | huffman.o \ | 25 | huffman.o \ |
diff --git a/main/bzip2/bzip2-1.0.4-saneso.patch b/main/bzip2/bzip2-1.0.4-saneso.patch deleted file mode 100644 index 9a71342ca9..0000000000 --- a/main/bzip2/bzip2-1.0.4-saneso.patch +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | --- a/Makefile-libbz2_so | ||
2 | +++ b/Makefile-libbz2_so | ||
3 | @@ -35,8 +35,8 @@ | ||
4 | bzlib.o | ||
5 | |||
6 | all: $(OBJS) | ||
7 | - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS) | ||
8 | - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4 | ||
9 | + $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.4 $(OBJS) | ||
10 | + $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4 | ||
11 | rm -f libbz2.so.1.0 | ||
12 | ln -s libbz2.so.1.0.4 libbz2.so.1.0 | ||
13 | |||
diff --git a/main/bzip2/bzip2-1.0.6-saneso.patch b/main/bzip2/bzip2-1.0.6-saneso.patch new file mode 100644 index 0000000000..1968a63bf1 --- /dev/null +++ b/main/bzip2/bzip2-1.0.6-saneso.patch | |||
@@ -0,0 +1,13 @@ | |||
1 | --- ./Makefile-libbz2_so | ||
2 | +++ ./Makefile-libbz2_so | ||
3 | @@ -35,8 +35,8 @@ | ||
4 | bzlib.o | ||
5 | |||
6 | all: $(OBJS) | ||
7 | - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) | ||
8 | - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 | ||
9 | + $(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS) | ||
10 | + $(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 | ||
11 | rm -f libbz2.so.1.0 | ||
12 | ln -s libbz2.so.1.0.6 libbz2.so.1.0 | ||
13 | |||