commit: ab12f95ca1503bbcf12964e3d4d5673993f422a1 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Wed Nov 15 15:31:41 2017 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Wed Nov 15 15:31:41 2017 +0000 URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=ab12f95c
app-arch/bzip2: sync for CVE, bug #637572 Bug: https://bugs.gentoo.org/637572 Package-Manager: Portage-2.3.13-prefix, Repoman-2.3.4 app-arch/bzip2/bzip2-1.0.6-r1.ebuild | 113 ------------------- app-arch/bzip2/bzip2-1.0.6-r3.ebuild | 121 --------------------- ...bzip2-1.0.6-r7.ebuild => bzip2-1.0.6-r8.ebuild} | 65 +++++------ .../bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch | 18 +++ 4 files changed, 43 insertions(+), 274 deletions(-) diff --git a/app-arch/bzip2/bzip2-1.0.6-r1.ebuild b/app-arch/bzip2/bzip2-1.0.6-r1.ebuild deleted file mode 100644 index a88f13ce09..0000000000 --- a/app-arch/bzip2/bzip2-1.0.6-r1.ebuild +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/bzip2/bzip2-1.0.6-r1.ebuild,v 1.1 2010/09/23 09:19:49 vapier Exp $ - -inherit eutils multilib toolchain-funcs flag-o-matic prefix - -DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux" -HOMEPAGE="http://www.bzip.org/"; -SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"; - -LICENSE="BZIP2" -SLOT="0" -KEYWORDS="~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="static" - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch - epatch "${FILESDIR}"/${PN}-1.0.6-saneso.patch - epatch "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986 - epatch "${FILESDIR}"/${PN}-1.0.2-progress.patch - epatch "${FILESDIR}"/${PN}-1.0.3-no-test.patch - epatch "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365 - epatch "${FILESDIR}"/${PN}-1.0.5-checkenv.patch # for AIX, Darwin? - epatch "${FILESDIR}"/${PN}-1.0.4-prefix.patch - eprefixify bz{diff,grep,more} - # this a makefile for Darwin, which already "includes" saneso - cp "${FILESDIR}"/${P}-Makefile-libbz2_dylib Makefile-libbz2_dylib || die - - # - Use right man path - # - Generate symlinks instead of hardlinks - # - pass custom variables to control libdir - sed -i \ - -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \ - -e 's:ln -s -f $(PREFIX)/bin/:ln -s :' \ - -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \ - Makefile || die - - if [[ ${CHOST} == *-hpux* ]] ; then - sed -i -e 's,-soname,+h,' Makefile-libbz2_so || die "cannot replace -soname with +h" - if [[ ${CHOST} == hppa*-hpux* && ${CHOST} != hppa64*-hpux* ]] ; then - sed -i -e '/^SOEXT/s,so,sl,' Makefile-libbz2_so || die "cannot replace so with sl" - sed -i -e '/^SONAME/s,=,=${EPREFIX}/lib/,' Makefile-libbz2_so || die "cannt set soname" - fi - elif [[ ${CHOST} == *-interix* ]] ; then - sed -i -e 's,-soname,-h,' Makefile-libbz2_so || die "cannot replace -soname with -h" - sed -i -e 's,-fpic,,' -e 's,-fPIC,,' Makefile-libbz2_so || die "cannot replace pic options" - fi -} - -bemake() { - emake \ - CC="$(tc-getCC)" \ - AR="$(tc-getAR)" \ - RANLIB="$(tc-getRANLIB)" \ - "$@" || die -} -src_compile() { - local checkopts= - case "${CHOST}" in - *-darwin*) - bemake PREFIX="${EPREFIX}"/usr -f Makefile-libbz2_dylib || die - ;; - *-mint*) - # do nothing, no shared libraries - : - ;; - *) - bemake -f Makefile-libbz2_so all || die - ;; - esac - use static && append-flags -static - bemake all || die -} - -src_install() { - make PREFIX="${D}${EPREFIX}"/usr LIBDIR="$(get_libdir)" install || die - dodoc README* CHANGES bzip2.txt manual.* - - if [[ $(get_libname) != ".irrelevant" ]] ; then - - # Install the shared lib manually. We install: - # .x.x.x - standard shared lib behavior - # .x.x - SONAME some distros use #338321 - # .x - SONAME Gentoo uses - dolib.so libbz2$(get_libname ${PV}) || die - local s - for v in libbz2$(get_libname) libbz2$(get_libname ${PV%%.*}) libbz2$(get_libname ${PV%.*}) ; do - dosym libbz2$(get_libname ${PV}) /usr/$(get_libdir)/${v} || die - done - gen_usr_ldscript -a bz2 - - if ! use static ; then - newbin bzip2-shared bzip2 || die - fi - - fi - - # move "important" bzip2 binaries to /bin and use the shared libbz2.so - dodir /bin - mv "${ED}"/usr/bin/b{zip2,zcat,unzip2} "${ED}"/bin/ || die - dosym bzip2 /bin/bzcat || die - dosym bzip2 /bin/bunzip2 || die - - if [[ ${CHOST} == *-winnt* ]]; then - dolib.so libbz2$(get_libname ${PV}).dll || die "dolib shared" - - # on windows, we want to continue using bzip2 from interix. - # building bzip2 on windows gives the libraries only! - rm -rf "${ED}"/bin "${ED}"/usr/bin - fi -} diff --git a/app-arch/bzip2/bzip2-1.0.6-r3.ebuild b/app-arch/bzip2/bzip2-1.0.6-r3.ebuild deleted file mode 100644 index a4a4c6147d..0000000000 --- a/app-arch/bzip2/bzip2-1.0.6-r3.ebuild +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/bzip2/bzip2-1.0.6-r3.ebuild,v 1.12 2014/01/18 01:43:22 vapier Exp $ - -# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly -# (since we're building shared libs) ... - -EAPI="2" - -inherit eutils multilib toolchain-funcs flag-o-matic prefix - -DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux" -HOMEPAGE="http://www.bzip.org/"; -SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"; - -LICENSE="BZIP2" -SLOT="0" -KEYWORDS="~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -IUSE="static static-libs" - -src_prepare() { - epatch "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch - epatch "${FILESDIR}"/${PN}-1.0.6-saneso.patch - epatch "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986 - epatch "${FILESDIR}"/${PN}-1.0.6-progress.patch - epatch "${FILESDIR}"/${PN}-1.0.3-no-test.patch - epatch "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365 - epatch "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573 - - epatch "${FILESDIR}"/${PN}-1.0.5-checkenv.patch # for AIX, Darwin? - epatch "${FILESDIR}"/${PN}-1.0.4-prefix.patch - eprefixify bz{diff,grep,more} - # this a makefile for Darwin, which already "includes" saneso - cp "${FILESDIR}"/${P}-Makefile-libbz2_dylib Makefile-libbz2_dylib || die - - # - Use right man path - # - Generate symlinks instead of hardlinks - # - pass custom variables to control libdir - sed -i \ - -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \ - -e 's:ln -s -f $(PREFIX)/bin/:ln -s :' \ - -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \ - Makefile || die - - if [[ ${CHOST} == *-hpux* ]] ; then - sed -i -e 's,-soname,+h,' Makefile-libbz2_so || die "cannot replace -soname with +h" - if [[ ${CHOST} == hppa*-hpux* && ${CHOST} != hppa64*-hpux* ]] ; then - sed -i -e '/^SOEXT/s,so,sl,' Makefile-libbz2_so || die "cannot replace so with sl" - sed -i -e '/^SONAME/s,=,=${EPREFIX}/lib/,' Makefile-libbz2_so || die "cannt set soname" - fi - elif [[ ${CHOST} == *-interix* ]] ; then - sed -i -e 's,-soname,-h,' Makefile-libbz2_so || die "cannot replace -soname with -h" - sed -i -e 's,-fpic,,' -e 's,-fPIC,,' Makefile-libbz2_so || die "cannot replace pic options" - fi -} - -bemake() { - emake \ - CC="$(tc-getCC)" \ - AR="$(tc-getAR)" \ - RANLIB="$(tc-getRANLIB)" \ - "$@" || die -} -src_compile() { - local checkopts= - case "${CHOST}" in - *-darwin*) - bemake PREFIX="${EPREFIX}"/usr -f Makefile-libbz2_dylib || die - ;; - *-mint*) - # do nothing, no shared libraries - : - ;; - *) - bemake -f Makefile-libbz2_so all || die - ;; - esac - use static && append-flags -static - bemake all || die -} - -src_install() { - make PREFIX="${D}${EPREFIX}"/usr LIBDIR="$(get_libdir)" install || die - dodoc README* CHANGES bzip2.txt manual.* - - if [[ $(get_libname) != ".irrelevant" ]] ; then - - if ! use static ; then - newbin bzip2-shared bzip2 || die - fi - if ! use static-libs ; then - rm -f "${ED}"/usr/lib*/libbz2.a || die - fi - - # move "important" bzip2 binaries to /bin and use the shared libbz2.so - dodir /bin - mv "${ED}"/usr/bin/b{zip2,zcat,unzip2} "${ED}"/bin/ || die - dosym bzip2 /bin/bzcat || die - dosym bzip2 /bin/bunzip2 || die - - # Install the shared lib manually. We install: - # .x.x.x - standard shared lib behavior - # .x.x - SONAME some distros use #338321 - # .x - SONAME Gentoo uses - dolib.so libbz2$(get_libname ${PV}) || die - local s - for v in libbz2$(get_libname) libbz2$(get_libname ${PV%%.*}) libbz2$(get_libname ${PV%.*}) ; do - dosym libbz2$(get_libname ${PV}) /usr/$(get_libdir)/${v} || die - done - gen_usr_ldscript -a bz2 - - fi - - if [[ ${CHOST} == *-winnt* ]]; then - dolib.so libbz2$(get_libname ${PV}).dll || die "dolib shared" - - # on windows, we want to continue using bzip2 from interix. - # building bzip2 on windows gives the libraries only! - rm -rf "${ED}"/bin "${ED}"/usr/bin - fi -} diff --git a/app-arch/bzip2/bzip2-1.0.6-r7.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild similarity index 72% rename from app-arch/bzip2/bzip2-1.0.6-r7.ebuild rename to app-arch/bzip2/bzip2-1.0.6-r8.ebuild index fa785fc384..eeb7f85da2 100644 --- a/app-arch/bzip2/bzip2-1.0.6-r7.ebuild +++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild @@ -1,11 +1,10 @@ # Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/bzip2/bzip2-1.0.6-r7.ebuild,v 1.2 2014/04/28 17:18:31 mgorny Exp $ # XXX: atm, libbz2.a is always PIC :(, so it is always built quickly # (since we're building shared libs) ... -EAPI=4 +EAPI=5 inherit eutils toolchain-funcs multilib multilib-minimal prefix @@ -14,30 +13,27 @@ HOMEPAGE="http://www.bzip.org/"; SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"; LICENSE="BZIP2" -SLOT="0" +SLOT="0/1" # subslot = SONAME KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" IUSE="static static-libs" -RDEPEND="abi_x86_32? ( - !<=app-emulation/emul-linux-x86-baselibs-20130224 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] - )" +PATCHES=( + "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch + "${FILESDIR}"/${PN}-1.0.6-saneso.patch + "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986 + "${FILESDIR}"/${PN}-1.0.6-progress.patch + "${FILESDIR}"/${PN}-1.0.3-no-test.patch + "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365 + "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573 + "${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch + "${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466 + + "${FILESDIR}"/${PN}-1.0.6-r7-checkenv.patch # for AIX, Darwin? + "${FILESDIR}"/${PN}-1.0.6-prefix.patch +) src_prepare() { - epatch "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch - epatch "${FILESDIR}"/${PN}-1.0.6-saneso.patch - epatch "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986 - epatch "${FILESDIR}"/${PN}-1.0.6-progress.patch - epatch "${FILESDIR}"/${PN}-1.0.3-no-test.patch - epatch "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365 - epatch "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573 - epatch "${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch - - epatch "${FILESDIR}"/${PN}-1.0.6-r7-checkenv.patch # for AIX, Darwin? - epatch "${FILESDIR}"/${PN}-1.0.4-prefix.patch - eprefixify bz{diff,grep,more} - # this a makefile for Darwin, which already "includes" saneso - cp "${FILESDIR}"/${P}-Makefile-libbz2_dylib Makefile-libbz2_dylib || die + epatch "${PATCHES[@]}" # - Use right man path # - Generate symlinks instead of hardlinks @@ -48,6 +44,10 @@ src_prepare() { -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \ Makefile || die + eprefixify bz{diff,grep,more} + # this a makefile for Darwin, which already "includes" saneso + cp "${FILESDIR}"/${P}-Makefile-libbz2_dylib Makefile-libbz2_dylib || die + if [[ ${CHOST} == *-hpux* ]] ; then sed -i -e 's,-soname,+h,' Makefile-libbz2_so || die "cannot replace -soname with +h" if [[ ${CHOST} == hppa*-hpux* && ${CHOST} != hppa64*-hpux* ]] ; then @@ -73,24 +73,9 @@ bemake() { } multilib_src_compile() { - local checkopts= - case "${CHOST}" in - *-darwin*) - bemake PREFIX="${EPREFIX}"/usr -f "${S}"/Makefile-libbz2_dylib all - # FWIW, #504648 like for .so below - ln -sf libbz2.${PV}.dylib libbz2.dylib - ;; - *-mint*) - # do nothing, no shared libraries - : - ;; - *) - bemake -f "${S}"/Makefile-libbz2_so all - # Make sure we link against the shared lib #504648 - [[ $(get_libname) != $(get_libname ${PV}) ]] && - ln -sf libbz2$(get_libname ${PV}) libbz2$(get_libname) - ;; - esac + bemake -f "${S}"/Makefile-libbz2_so all + # Make sure we link against the shared lib #504648 + ln -sf libbz2.so.${PV} libbz2.so bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')" } @@ -111,7 +96,7 @@ multilib_src_install() { dosym libbz2$(get_libname ${PV}) /usr/$(get_libdir)/${v} done - fi + fi # tc-is-static-only use static-libs && dolib.a libbz2.a diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch new file mode 100644 index 0000000000..1d0c3a6dd3 --- /dev/null +++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch @@ -0,0 +1,18 @@ +Upstream-Status: Backport +https://bugzilla.suse.com/attachment.cgi?id=681334 + +CVE: CVE-2016-3189 +Signed-off-by: Armin Kuster <akus...@mvista.com> + +Index: bzip2-1.0.6/bzip2recover.c +=================================================================== +--- bzip2-1.0.6.orig/bzip2recover.c ++++ bzip2-1.0.6/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++;
