[notify] bzip2-32: CVE-2016-3189 and source url change as site is down

author: Danny Rawlins <monster.romster@gmail.com> 2018-08-10 18:39:20 +1000
committer: Danny Rawlins <monster.romster@gmail.com> 2018-08-10 18:40:42 +1000
commit: 47283921b8684ac0180d5566a43ba255c136da30 (patch)
tree: 47a080074d29f868e2074432df54087b43c69083
parent: 8fb02b0ecc98c74d0a8ebf2823c30155aba32c77 (diff)
download: compat-32-47283921b8684ac0180d5566a43ba255c136da30.tar.gz
compat-32-47283921b8684ac0180d5566a43ba255c136da30.tar.xz
5 files changed, 34 insertions, 20 deletions
diff --git a/bzip2-32/.md5sum b/bzip2-32/.md5sum
deleted file mode 100644
index fb5468a6..00000000
--- a/bzip2-32/.md5sum
+++ /dev/null
@@ -1,2 +0,0 @@
-00b516f4704d4a7cb50a1d97e6e8e15b  bzip2-1.0.6.tar.gz
-21bba891a5e515d69fa6ca6b11eac726  bzip2.patch
diff --git a/bzip2-32/.signature b/bzip2-32/.signature
index aec1f163..3407a318 100644
--- a/bzip2-32/.signature
+++ b/bzip2-32/.signature
@@ -1,6 +1,7 @@
 untrusted comment: verify with /etc/ports/compat-32.pub
-RWSwxGo/zH7eXdBNhGS2wUIB+vrItt3sy0lfMdyrmv6h8k6v48iI5+nOthqHdDzLLYW8KFFK0S7MCX3oS1ej7k7SqLHJZ2UVPgk=
-SHA256 (Pkgfile) = 765399b75bb6bf22746d2aee13d9c8243426420d41eb877d77ee900e7bbc0930
+RWSwxGo/zH7eXYJdJTk6lQa9/hL1nZ+SxVXqM/XShfogA2nt1HXaB+q99+6LpQDd5z9/uAqGaZpY0GADucx0SxelRNTaaF8g7g4=
+SHA256 (Pkgfile) = 6d385c5d20a15ee54efd86b8021325628892e4907e16ec590dd9f2d50d25e4ee
 SHA256 (.footprint) = 14e78943cc31fbae38e4ec6c8b3aeaa7afdc2dd29948006833478f1a52707f89
 SHA256 (bzip2-1.0.6.tar.gz) = a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-SHA256 (bzip2.patch) = 45715e151b26b7c9731bd59934ae6aa6f1b5d48332f23aed2d71667eada1fb76
+SHA256 (bzip2.patch) = b8aa64ff17bc5704cbaf2b7012086575acfa6557c89fafdcc6dcd847fb29b5cf
+SHA256 (CVE-2016-3189.patch) = 5c1cce66d2d1dfa61a627734c1a00bf0441c5ab6be0458676e20787705a14a6b
diff --git a/bzip2-32/CVE-2016-3189.patch b/bzip2-32/CVE-2016-3189.patch
new file mode 100644
index 00000000..d947130e
--- /dev/null
+++ b/bzip2-32/CVE-2016-3189.patch
@@ -0,0 +1,10 @@
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
diff --git a/bzip2-32/Pkgfile b/bzip2-32/Pkgfile
index cc5c957a..9e3a5e8f 100644
--- a/bzip2-32/Pkgfile
+++ b/bzip2-32/Pkgfile
@@ -4,14 +4,18 @@
 
 name=bzip2-32
 version=1.0.6
-release=1
-source=(http://www.bzip.org/$version/bzip2-$version.tar.gz \
-        bzip2.patch)
+release=2
+source=(
+	#http://www.bzip.org/$version/${name%-*}-$version.tar.gz
+	https://fossies.org/linux/misc/${name%-*}-$version.tar.gz
+	bzip2.patch
+	CVE-2016-3189.patch)
 
 build() {
-	cd bzip2-$version
+	cd ${name%-*}-$version
 
-	patch -Np1 -i $SRC/bzip2.patch
+	patch -p1 -i $SRC/bzip2.patch
+	patch -p1 -i $SRC/CVE-2016-3189.patch
 
 	sed -i -e 's,$(PREFIX)/lib,$(PREFIX)/lib32,g' Makefile{,-libbz2_so}
 
@@ -22,5 +26,6 @@ build() {
 
 	make -f Makefile-libbz2_so
 	make -f Makefile-libbz2_so PREFIX=$PKG/usr install
-	rm -rf $PKG/usr/{bin,include,man}
+
+	rm -r $PKG/usr/{bin,include,share}
 }
diff --git a/bzip2-32/bzip2.patch b/bzip2-32/bzip2.patch
index f0f93417..fa0dc9d2 100644
--- a/bzip2-32/bzip2.patch
+++ b/bzip2-32/bzip2.patch
@@ -53,7 +53,7 @@ diff -aur bzip2-1.0.6.orig/Makefile bzip2-1.0.6/Makefile
 -	echo ".so man1/bzdiff.1" > $(PREFIX)/man/man1/bzcmp.1
 +	install -d $(PREFIX)/bin \
 +	           $(PREFIX)/lib \
-+	           $(PREFIX)/man/man1 \
++	           $(PREFIX)/share/man/man1 \
 +	           $(PREFIX)/include
 +	install -m 755 bzip2 \
 +	               bzip2recover \
@@ -73,14 +73,14 @@ diff -aur bzip2-1.0.6.orig/Makefile bzip2-1.0.6/Makefile
 +	               bzgrep.1 \
 +	               bzmore.1 \
 +	               bzdiff.1 \
-+	               $(PREFIX)/man/man1
-+	ln -sf bzgrep.1 $(PREFIX)/man/man1/bzegrep.1
-+	ln -sf bzgrep.1 $(PREFIX)/man/man1/bzfgrep.1
-+	ln -sf bzmore.1 $(PREFIX)/man/man1/bzless.1
-+	ln -sf bzdiff.1 $(PREFIX)/man/man1/bzcmp.1
-+	ln -sf bzip2.1 $(PREFIX)/man/man1/bunzip2.1
-+	ln -sf bzip2.1 $(PREFIX)/man/man1/bzcat.1
-+	ln -sf bzip2.1 $(PREFIX)/man/man1/bzip2recover.1
++	               $(PREFIX)/share/man/man1
++	ln -sf bzgrep.1 $(PREFIX)/share/man/man1/bzegrep.1
++	ln -sf bzgrep.1 $(PREFIX)/share/man/man1/bzfgrep.1
++	ln -sf bzmore.1 $(PREFIX)/share/man/man1/bzless.1
++	ln -sf bzdiff.1 $(PREFIX)/share/man/man1/bzcmp.1
++	ln -sf bzip2.1 $(PREFIX)/share/man/man1/bunzip2.1
++	ln -sf bzip2.1 $(PREFIX)/share/man/man1/bzcat.1
++	ln -sf bzip2.1 $(PREFIX)/share/man/man1/bzip2recover.1
  
  clean: 
  	rm -f *.o libbz2.a bzip2 bzip2recover \
author	Danny Rawlins <monster.romster@gmail.com>	2018-08-10 18:39:20 +1000
committer	Danny Rawlins <monster.romster@gmail.com>	2018-08-10 18:40:42 +1000
commit	47283921b8684ac0180d5566a43ba255c136da30 (patch)
tree	47a080074d29f868e2074432df54087b43c69083
parent	8fb02b0ecc98c74d0a8ebf2823c30155aba32c77 (diff)
download	compat-32-47283921b8684ac0180d5566a43ba255c136da30.tar.gz compat-32-47283921b8684ac0180d5566a43ba255c136da30.tar.xz