Hello community, here is the log from the commit of package bsdiff for openSUSE:Factory checked in at 2016-07-30 00:28:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bsdiff (Old) and /work/SRC/openSUSE:Factory/.bsdiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bsdiff" Changes: -------- --- /work/SRC/openSUSE:Factory/bsdiff/bsdiff.changes 2015-12-09 22:13:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.bsdiff.new/bsdiff.changes 2016-07-30 00:28:14.000000000 +0200 @@ -1,0 +2,9 @@ +Tue Jul 26 16:46:59 UTC 2016 - sor.ale...@meowr.ru + +- Add bsdiff-fix-makefile.patch: patch Makefile instead of working + around it in the spec file. +- Add bsdiff-fix-heap-vul.patch: fix heap vulnerability in bspatch + (bsc#990660, CVE-2014-9862), taken from + https://security.freebsd.org/patches/SA-16:25/bspatch.patch + +------------------------------------------------------------------- New: ---- bsdiff-fix-heap-vul.patch bsdiff-fix-makefile.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bsdiff.spec ++++++ --- /var/tmp/diff_new_pack.XwAicf/_old 2016-07-30 00:28:15.000000000 +0200 +++ /var/tmp/diff_new_pack.XwAicf/_new 2016-07-30 00:28:15.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package bsdiff # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,14 +19,16 @@ Name: bsdiff Version: 4.3 Release: 0 -Summary: Tools for patches to binary files +Summary: Tools for binary file patches License: BSD-2-Clause Group: Productivity/File utilities Url: http://daemonology.net/bsdiff Source: http://daemonology.net/bsdiff/%{name}-%{version}.tar.gz -BuildRequires: gcc +# PATCH-FIX-OPENSUSE bsdiff-fix-makefile.patch sor.ale...@meowr.ru +Patch0: %{name}-fix-makefile.patch +# PATCH-FIX-UPSTREAM bsdiff-fix-heap-vul.patch bsc#990660 -- Fix heap vulnerability in bspatch (CVE-2014-9862). +Patch1: %{name}-fix-heap-vul.patch BuildRequires: libbz2-devel -BuildRequires: make BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -39,24 +41,23 @@ %prep %setup -q -# Fix make install. -sed -i 's/^\..*$//g;s|${PREFIX}|${DESTDIR}${PREFIX}|g;s|${PREFIX}/man|%{_mandir}|g' Makefile +%patch0 -p1 +%patch1 -p1 head -n 25 %{name}.c > COPYING %build -# Proper make fails for unknown reason thus workaround has been made. -cc %{optflags} %{name}.c -lbz2 -o %{name} -cc %{optflags} bspatch.c -lbz2 -o bspatch +make %{?_smp_mflags} \ + CFLAGS="%{optflags}" %install -mkdir -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1/ -%make_install PREFIX=%{_prefix} INSTALL=%{_bindir}/install +%make_install \ + PREFIX=%{_prefix} %files %defattr(-,root,root) %doc COPYING %{_bindir}/%{name} %{_bindir}/bspatch -%{_mandir}/man1/*%{?ext_man} +%{_mandir}/man1/*.1%{?ext_man} %changelog ++++++ bsdiff-fix-heap-vul.patch ++++++ --- b/bspatch.c +++ c/bspatch.c @@ -152,6 +152,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); ++++++ bsdiff-fix-makefile.patch ++++++ --- a/Makefile +++ b/Makefile @@ -1,15 +1,31 @@ -CFLAGS += -O3 -lbz2 +СС ?= gcc +CFLAGS += -O2 -Wall -std=gnu89 +LDFLAGS += -lbz2 +INSTALL ?= install PREFIX ?= /usr/local -INSTALL_PROGRAM ?= ${INSTALL} -c -s -m 555 -INSTALL_MAN ?= ${INSTALL} -c -m 444 +MANDIR ?= $(PREFIX)/share/man -all: bsdiff bspatch -bsdiff: bsdiff.c -bspatch: bspatch.c +all: bsdiff bspatch + strip -s bsdiff + strip -s bspatch + +bsdiff: bsdiff.c + $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@ + +bspatch: bspatch.c + $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@ install: - ${INSTALL_PROGRAM} bsdiff bspatch ${PREFIX}/bin -.ifndef WITHOUT_MAN - ${INSTALL_MAN} bsdiff.1 bspatch.1 ${PREFIX}/man/man1 -.endif + $(INSTALL) -Dpm 0755 bsdiff $(DESTDIR)$(PREFIX)/bin/bsdiff + $(INSTALL) -Dpm 0755 bspatch $(DESTDIR)$(PREFIX)/bin/bspatch +ifndef WITHOUT_MAN + $(INSTALL) -Dpm 0644 bsdiff.1 $(DESTDIR)$(MANDIR)/man1/bsdiff.1 + $(INSTALL) -Dpm 0644 bspatch.1 $(DESTDIR)$(MANDIR)/man1/bspatch.1 +endif + +uninstall: + rm -fv $(DESTDIR)$(MANDIR)/bin/bsdiff + rm -fv $(DESTDIR)$(MANDIR)/bin/bspatch + rm -fv $(DESTDIR)$(MANDIR)/man1/bsdiff.1 + rm -fv $(DESTDIR)$(MANDIR)/man1/bspatch.1