From 1becd99d163a3950e9823a2e17f91a5d84ddbce0 Mon Sep 17 00:00:00 2001 From: Jakub Martisko Date: Thu, 19 Dec 2024 11:32:49 +0100 Subject: [PATCH] Revert the CVE 2019-12900 fix Resolves: RHEL-71750 --- bzip2-out_of_bounds.patch | 32 -------------------------------- bzip2.spec | 10 ++++++---- 2 files changed, 6 insertions(+), 36 deletions(-) delete mode 100644 bzip2-out_of_bounds.patch diff --git a/bzip2-out_of_bounds.patch b/bzip2-out_of_bounds.patch deleted file mode 100644 index f7563a2..0000000 --- a/bzip2-out_of_bounds.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Tue, 28 May 2019 19:35:18 +0200 -Subject: [PATCH] Make sure nSelectors is not out of range - -nSelectors is used in a loop from 0 to nSelectors to access selectorMtf -which is - UChar selectorMtf[BZ_MAX_SELECTORS]; -so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory -access - -Fixes out of bounds access discovered while fuzzying karchive ---- - decompress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/decompress.c b/decompress.c -index ab6a624..f3db91d 100644 ---- a/decompress.c -+++ b/decompress.c -@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) - GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR); - GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); -- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); -+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); - for (i = 0; i < nSelectors; i++) { - j = 0; - while (True) { --- -GitLab - diff --git a/bzip2.spec b/bzip2.spec index 56eb689..e459924 100644 --- a/bzip2.spec +++ b/bzip2.spec @@ -3,7 +3,7 @@ Summary: File compression utility Name: bzip2 Version: 1.0.8 -Release: 24%{?dist} +Release: 25%{?dist} License: BSD-4-Clause URL: https://sourceware.org/bzip2 #Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz @@ -19,8 +19,7 @@ Patch0: bzip2-saneso.patch Patch1: bzip2-cflags.patch Patch2: bzip2-ldflags.patch Patch3: man_gzipdiff.patch -Patch4: bzip2-out_of_bounds.patch -Patch5: bzip2-6.0-sast.patch +Patch4: bzip2-6.0-sast.patch BuildRequires: gcc BuildRequires: make @@ -66,7 +65,6 @@ Static libraries for applications using the bzip2 compression format. %patch 2 -p1 %patch 3 -p2 %patch 4 -p1 -%patch 5 -p1 cp -a %{SOURCE1} . sed -i "s|^libdir=|libdir=%{_libdir}|" bzip2.pc @@ -133,6 +131,10 @@ ln -s bzgrep.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzfgrep.1 %{_libdir}/pkgconfig/bzip2.pc %changelog +* Thu Dec 19 2024 Jakub Martisko - 1.0.8-25 +- Revert the changes from 1.0.8-23 +Resolves: RHEL-71750 + * Tue Dec 03 2024 Jakub Martisko - 1.0.8-24 - Fix an off by one error in bzip2recover.c Resolves: RHEL-36503