rpms/bzip2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI bzip2-1.0.8-25.el10

Browse Source
This commit is contained in:
eabdullin 2025-05-14 17:56:58 +00:00
parent 284102bf7c
commit 140a9703c1
13 changed files with 182 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.bzip2.metadata
View File

@ -1 +0,0 @@
3f89f861209ce81a6bab1fd1998c0ef311712002 SOURCES/bzip2-1.0.6.tar.gz

4
.gitignore vendored
View File

@ -1 +1,3 @@
SOURCES/bzip2-1.0.6.tar.gz
bzip2-1.0.8.tar.gz
bzip2-1.0.8.tar.gz.sig
gpgkey-5C1D1AA44BE649DE760A.gpg

12
SOURCES/bzip2-1.0.4-bzip2recover.patch
View File

@ -1,12 +0,0 @@
--- bzip2-1.0.4/bzip2recover.c.pom 2007-01-03 03:00:55.000000000 +0100
+++ bzip2-1.0.4/bzip2recover.c 2007-02-05 11:55:17.000000000 +0100
@@ -309,7 +309,8 @@
UInt32 buffHi, buffLo, blockCRC;
Char* p;
- strcpy ( progName, argv[0] );
+ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+ progName[BZ_MAX_FILENAME-1]='\0';
inFileName[0] = outFileName[0] = 0;
fprintf ( stderr,

61
SOURCES/decompress-out-of-bounds.patch
View File

@ -1,61 +0,0 @@
From b07b105d1b66e32760095e3602261738443b9e13 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Wed, 3 Jul 2019 01:28:11 +0200
Subject: Accept as many selectors as the file format allows.
But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS.
The theoretical maximum number of selectors depends on the maximum
blocksize (900000 bytes) and the number of symbols (50) that can be
encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002.
But the bzip2 file format allows the number of selectors to be encoded
with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in
14 bits). So the file format maximum is 32767 selectors.
Some bzip2 encoders might actually have written out more selectors
than the theoretical maximum because they rounded up the number of
selectors to some convenient factor of 8.
The extra 14766 selectors can never be validly used by the decompression
algorithm. So we can read them, but then discard them.
This is effectively what was done (by accident) before we added a
check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate
CVE-2019-12900.
The extra selectors were written out after the array inside the
EState struct. But the struct has extra space allocated after the
selector arrays of 18060 bytes (which is larger than 14766).
All of which will be initialized later (so the overwrite of that
space with extra selector values would have been harmless).
Note by jamartis:
The original patch Described above also reverts some changes that were made after 1.0.6.
Since these changes are not yet present in 1.0.6, they don't need to be reverted and are thus
removed from the original patch
---
diff --git a/decompress.c b/decompress.c
index 20ce493..3303499 100644
--- a/decompress.c
+++ b/decompress.c
@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s )
j++;
if (j >= nGroups) RETURN(BZ_DATA_ERROR);
}
- s->selectorMtf[i] = j;
+ /* Having more than BZ_MAX_SELECTORS doesn't make much sense
+ since they will never be used, but some implementations might
+ "round up" the number of selectors, so just ignore those. */
+ if (i < BZ_MAX_SELECTORS)
+ s->selectorMtf[i] = j;
}
+ if (nSelectors > BZ_MAX_SELECTORS)
+ nSelectors = BZ_MAX_SELECTORS;
/*--- Undo the MTF values for the selectors. ---*/
{
--
cgit

11
SOURCES/set-out-file-to-null.patch
View File

@ -1,11 +0,0 @@
diff -up ./bzip2recover.c.old ./bzip2recover.c
--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100
+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200
@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;

11
bzip2-6.0-sast.patch Normal file
View File

@ -0,0 +1,11 @@
--- ./bzip2recover.c.old 2024-12-03 11:00:07.024976697 +0100
+++ ./bzip2recover.c 2024-12-03 11:02:28.832219809 +0100
@@ -402,7 +402,7 @@
rbEnd[rbCtr] = bEnd[currBlock];
rbCtr++;
}
- if (currBlock >= BZ_MAX_HANDLED_BLOCKS)
+ if (currBlock >= (BZ_MAX_HANDLED_BLOCKS-1))
tooManyBlocks(BZ_MAX_HANDLED_BLOCKS);
currBlock++;

8
SOURCES/bzip2-1.0.4-cflags.patch → bzip2-cflags.patch
View File

@ -5,8 +5,8 @@ diff -up bzip2-1.0.6/Makefile-libbz2_so.pom bzip2-1.0.6/Makefile-libbz2_so
bzlib.o
all: $(OBJS)
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
+ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
+ $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.6 libbz2.so.1.0
ln -s libbz2.so.1.0.8 libbz2.so.1.0

10
SOURCES/bzip2-ldflags.patch → bzip2-ldflags.patch
View File

@ -27,10 +27,10 @@ diff -up bzip2-1.0.6/Makefile-libbz2_so.jx bzip2-1.0.6/Makefile-libbz2_so
bzlib.o
all: $(OBJS)
- $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- $(CC) $(CFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
- $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.6 libbz2.so.1.0
ln -s libbz2.so.1.0.8 libbz2.so.1.0

8
SOURCES/bzip2-1.0.4-saneso.patch → bzip2-saneso.patch
View File

@ -5,8 +5,8 @@ diff -up bzip2-1.0.6/Makefile-libbz2_so.pom bzip2-1.0.6/Makefile-libbz2_so
bzlib.o
all: $(OBJS)
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS)
+ $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
+ $(CC) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
rm -f libbz2.so.1.0
ln -s libbz2.so.1.0.6 libbz2.so.1.0
ln -s libbz2.so.1.0.8 libbz2.so.1.0

0
SOURCES/bzip2.pc → bzip2.pc
View File

186
SPECS/bzip2.spec → bzip2.spec
View File

@ -1,23 +1,30 @@
%global library_version 1.0.6
%global library_version 1.0.8
Summary: A file compression utility
Summary: File compression utility
Name: bzip2
Version: 1.0.6
Release: 28%{?dist}
License: BSD
Group: Applications/File
URL: http://www.bzip.org/
Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
Version: 1.0.8
Release: 25%{?dist}
License: BSD-4-Clause
URL: https://sourceware.org/bzip2
#Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
Source0: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz
Source1: bzip2.pc
Source2: https://sourceware.org/pub/bzip2/%{name}-%{version}.tar.gz.sig
# https://sourceware.org/bzip2/downloads.html links to the gpg key
# https://sourceware.org/pub/bzip2/gpgkey-5C1D1AA44BE649DE760A.gpg
# with which the tarballs are signed
Source3: gpgkey-5C1D1AA44BE649DE760A.gpg
Patch0: bzip2-1.0.4-saneso.patch
Patch1: bzip2-1.0.4-cflags.patch
# resolves: #226979
Patch2: bzip2-1.0.4-bzip2recover.patch
Patch3: bzip2-ldflags.patch
# resolves: #1348179
Patch4: set-out-file-to-null.patch
Patch5: decompress-out-of-bounds.patch
Patch0: bzip2-saneso.patch
Patch1: bzip2-cflags.patch
Patch2: bzip2-ldflags.patch
Patch3: man_gzipdiff.patch
Patch4: bzip2-6.0-sast.patch
BuildRequires: gcc
BuildRequires: make
BuildRequires: gnupg2
Requires: bzip2-libs%{?_isa} = %{version}-%{release}
%description
Bzip2 is a freely available, patent-free, high quality data compressor.
@ -32,63 +39,48 @@ Install bzip2 if you need a compression utility.
%package devel
Summary: Libraries and header files for apps which will use bzip2
Group: Development/Libraries
Requires: bzip2-libs = %{version}-%{release}
Requires: bzip2-libs%{?_isa} = %{version}-%{release}
%description devel
Header files and a library of bzip2 functions, for developing apps
which will use the library.
%package libs
Summary: Libraries for applications using bzip2
Group: System Environment/Libraries
%description libs
Libraries for applications using the bzip2 compression format.
%package static
Summary: Libraries for applications using bzip2
Group: System Environment/Libraries
%description static
Static libraries for applications using the bzip2 compression format.
%prep
%{gpgverify} --keyring='%{SOURCE3}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
%setup -q
%patch0 -p1 -b .saneso
%patch1 -p1 -b .cflags
%patch2 -p1 -b .bz2recover
%patch3 -p1 -b .ldflags
%patch4 -p1 -b .bzip2recover
%patch5 -p1
%patch 0 -p1
%patch 1 -p1
%patch 2 -p1
%patch 3 -p2
%patch 4 -p1
cp -a %{SOURCE1} .
sed -i "s|^libdir=|libdir=%{_libdir}|" bzip2.pc
%build
%if 0%{?rhel} >= 7
%ifarch ppc64
export O3="-O3"
%else
export O3=""
%endif
%else
export O3=""
%endif
make -f Makefile-libbz2_so CC="%{__cc}" AR="%{__ar}" RANLIB="%{__ranlib}" \
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 -fpic -fPIC $O3" \
%make_build -f Makefile-libbz2_so CC="%{__cc}" AR="%{__ar}" RANLIB="ranlib" \
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 -fpic -fPIC" \
LDFLAGS="%{__global_ldflags}" \
%{?_smp_mflags} all
all
rm -f *.o
make CC="%{__cc}" AR="%{__ar}" RANLIB="%{__ranlib}" \
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 $O3" \
%make_build CC="%{__cc}" AR="%{__ar}" RANLIB="ranlib" \
CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" \
LDFLAGS="%{__global_ldflags}" \
%{?_smp_mflags} all
all
%install
chmod 644 bzlib.h
@ -119,19 +111,16 @@ ln -s bzgrep.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzfgrep.1
%ldconfig_scriptlets libs
%files
%doc LICENSE CHANGES README
%{!?_licensedir:%global license %%doc}
%doc CHANGES README
%license LICENSE
%{_bindir}/*
%{_mandir}/*/*
%files libs
%{!?_licensedir:%global license %%doc}
%license LICENSE
%{_libdir}/libbz2.so.1*
%files static
%{!?_licensedir:%global license %%doc}
%license LICENSE
%{_libdir}/libbz2.a
@ -142,13 +131,102 @@ ln -s bzgrep.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzfgrep.1
%{_libdir}/pkgconfig/bzip2.pc
%changelog
* Thu Dec 19 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.6-28
- The previous fix caused some regressions
- Use an updated patch that deals with the original issue+the regressions
Resolves: RHEL-71140
* Thu Dec 19 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-25
- Revert the changes from 1.0.8-23
Resolves: RHEL-71750
* Tue Oct 29 2024 Jacek Migacz <jmigacz@redhat.com> - 1.0.6-27
- Fixes out of bounds access in BZ2_decompress (RHEL-64929)
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-24
- Fix an off by one error in bzip2recover.c
Resolves: RHEL-36503
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-23
- Fix out of bounds write in bz_decompress
Resolves: CVE-2019-12900
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-22
- Minor spec cleanup
- Add explicit requires for the bzip2 package
Resolves: RHEL-69797
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.0.8-21
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Aug 19 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-20
- Rebuild with enabled gating
Resolves: RHEL-52100
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.0.8-19
- Bump release for June 2024 mass rebuild
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Stewart Smith <trawets@amazon.com> - 1.0.8-16
- gpgverify source tarball
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 1.0.8-14
- migrate to SPDX license format
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Nov 02 2021 Jakub Martisko <jamartis@redhat.com> - 1.0.8-10
- Fix a typo in the man page
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Jakub Martisko <jamartis@redhat.com> - 1.0.8-8
- Fix FTBFS due to _ranlib macro being removed
* Fri Feb 12 2021 Michal Schorm <mschorm@redhat.com> - 1.0.8-7
- Remove the ancient ppc64 hack
* Fri Jan 29 2021 Jakub Martisko <jamartis@redhat.com> - 1.0.8-6
- Minor man pgae update (gzip/bzip2 differnces)
resolves: #1897104
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Jakub Martisko <jamartis@redhat.com> - 1.0.8-4
- Use make macros
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Aug 06 2019 Jakub Martisko <jamartis@redhat.com> - 1.0.8-1
- Update to version 1.0.8
resolves: #1724797
resolves: #1717478
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 1.0.6-27
- Add gcc to buildrequires
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

20
man_gzipdiff.patch Normal file
View File

@ -0,0 +1,20 @@
--- ./bzip2-1.0.8/bzip2.1 2019-07-13 19:50:05.000000000 +0200
+++ ./bzip2-1.0.8/bzip2.1.new 2021-01-29 11:51:04.091430407 +0100
@@ -170,6 +170,17 @@
to try to recover data from
damaged files.
+Unlike
+.I GNU gzip,
+.I bzip2
+will not create a cascade of
+.I .bz2
+suffixes even when using the
+.I --force
+option:
+
+ filename.bz2 does not become filename.bz2.bz2
+
Return values: 0 for a normal exit, 1 for environmental problems (file
not found, invalid flags, I/O errors, &c), 2 to indicate a corrupt
compressed file, 3 for an internal consistency error (eg, bug) which

3
sources Normal file
View File

@ -0,0 +1,3 @@
SHA512 (bzip2-1.0.8.tar.gz) = 083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3
SHA512 (bzip2-1.0.8.tar.gz.sig) = 4a4a3fa0ec1c10a704b9870e8e629fd007cca55184423c6bfc3049a702fb41e4aeb73bfe9ca7442c27d32d278f1f34f27523a6be67d35b37896acdded12bf40d
SHA512 (gpgkey-5C1D1AA44BE649DE760A.gpg) = dc44ed3e38f54c3e57a4d83fa8b48ce2a8694802dd6bbf057cf432958f88ace9b585ee36a59ba98444e76c9aef0e998b9108a3807f97ebd6ba62303b41ab4690