rpms/bzip2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert the CVE 2019-12900 fix

Browse Source 
Resolves: RHEL-71750
This commit is contained in:
Jakub Martisko 2024-12-19 11:32:49 +01:00
parent 1daa00dbff
commit 1becd99d16
2 changed files with 6 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
bzip2-out_of_bounds.patch
View File

@ -1,32 +0,0 @@
From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 28 May 2019 19:35:18 +0200
Subject: [PATCH] Make sure nSelectors is not out of range
nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
which is
UChar selectorMtf[BZ_MAX_SELECTORS];
so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
access
Fixes out of bounds access discovered while fuzzying karchive
---
decompress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/decompress.c b/decompress.c
index ab6a624..f3db91d 100644
--- a/decompress.c
+++ b/decompress.c
@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR);
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
for (i = 0; i < nSelectors; i++) {
j = 0;
while (True) {
--
GitLab

10
bzip2.spec
View File

@ -3,7 +3,7 @@
Summary: File compression utility Summary: File compression utility
Name: bzip2 Name: bzip2
Version: 1.0.8 Version: 1.0.8
Release: 24%{?dist} Release: 25%{?dist}
License: BSD-4-Clause License: BSD-4-Clause
URL: https://sourceware.org/bzip2 URL: https://sourceware.org/bzip2
#Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz #Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
@ -19,8 +19,7 @@ Patch0: bzip2-saneso.patch
Patch1: bzip2-cflags.patch Patch1: bzip2-cflags.patch
Patch2: bzip2-ldflags.patch Patch2: bzip2-ldflags.patch
Patch3: man_gzipdiff.patch Patch3: man_gzipdiff.patch
Patch4: bzip2-out_of_bounds.patch Patch4: bzip2-6.0-sast.patch
Patch5: bzip2-6.0-sast.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: make BuildRequires: make
@ -66,7 +65,6 @@ Static libraries for applications using the bzip2 compression format.
%patch 2 -p1 %patch 2 -p1
%patch 3 -p2 %patch 3 -p2
%patch 4 -p1 %patch 4 -p1
%patch 5 -p1
cp -a %{SOURCE1} . cp -a %{SOURCE1} .
sed -i "s|^libdir=|libdir=%{_libdir}|" bzip2.pc sed -i "s|^libdir=|libdir=%{_libdir}|" bzip2.pc
@ -133,6 +131,10 @@ ln -s bzgrep.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzfgrep.1
%{_libdir}/pkgconfig/bzip2.pc %{_libdir}/pkgconfig/bzip2.pc
%changelog %changelog
* Thu Dec 19 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-25
- Revert the changes from 1.0.8-23
Resolves: RHEL-71750
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-24 * Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-24
- Fix an off by one error in bzip2recover.c - Fix an off by one error in bzip2recover.c
Resolves: RHEL-36503 Resolves: RHEL-36503