Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit bzip2 for openSUSE:Factory
Hello community,

here is the log from the commit of package bzip2 for openSUSE:Factory checked
in at 2019-04-26 22:41:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bzip2 (Old)
and /work/SRC/openSUSE:Factory/.bzip2.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "bzip2"

Fri Apr 26 22:41:11 2019 rev:63 rq:696999 version:1.0.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/bzip2/bzip2.changes 2018-09-04
22:58:01.833381904 +0200
+++ /work/SRC/openSUSE:Factory/.bzip2.new.5536/bzip2.changes 2019-04-26
22:41:17.513740283 +0200
@@ -1,0 +2,7 @@
+Thu Apr 18 10:28:36 UTC 2019 - Kristýna Streitová <kstreitova@xxxxxxxx>
+
+- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
+ free vulnerability that was reported in bzip2recover [bsc#985657]
+ [CVE-2016-3189]
+
+-------------------------------------------------------------------

New:
----
bzip2-1.0.6-CVE-2016-3189.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ bzip2.spec ++++++
--- /var/tmp/diff_new_pack.JUh2S5/_old 2019-04-26 22:41:19.589739223 +0200
+++ /var/tmp/diff_new_pack.JUh2S5/_new 2019-04-26 22:41:19.617739209 +0200
@@ -1,7 +1,7 @@
#
# spec file for package bzip2
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,7 @@
Patch4: bzip2-ocloexec.patch
# PATCH-FIX-UPSTREAM bnc#970260 kstreitova@xxxxxxxx -- fix a wrong exit code
when grepping multiple archives
Patch5: bzip2-1.0.6-bzgrep_return_value.patch
+Patch6: bzip2-1.0.6-CVE-2016-3189.patch
BuildRequires: autoconf >= 2.57
BuildRequires: libtool
BuildRequires: pkgconfig
@@ -80,6 +81,7 @@
%patch3 -p1
%patch4
%patch5 -p1
+%patch6 -p1

%build
autoreconf -fiv

++++++ bzip2-1.0.6-CVE-2016-3189.patch ++++++
Author: Jakub Martisko <jamartis@xxxxxxxxxx>
Date: Wed, 30 Mar 2016 10:22:27 +0200
Description: bzip2recover: Fix potential use-after-free
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit

--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;



< Previous Next >
This Thread
  • No further messages