Hello community,

here is the log from the commit of package bsdiff for openSUSE:Factory checked 
in at 2016-07-30 00:28:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bsdiff (Old)
 and      /work/SRC/openSUSE:Factory/.bsdiff.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "bsdiff"

Changes:
--------
--- /work/SRC/openSUSE:Factory/bsdiff/bsdiff.changes    2015-12-09 
22:13:14.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.bsdiff.new/bsdiff.changes       2016-07-30 
00:28:14.000000000 +0200
@@ -1,0 +2,9 @@
+Tue Jul 26 16:46:59 UTC 2016 - sor.ale...@meowr.ru
+
+- Add bsdiff-fix-makefile.patch: patch Makefile instead of working
+  around it in the spec file.
+- Add bsdiff-fix-heap-vul.patch: fix heap vulnerability in bspatch
+  (bsc#990660, CVE-2014-9862), taken from
+  https://security.freebsd.org/patches/SA-16:25/bspatch.patch
+
+-------------------------------------------------------------------

New:
----
  bsdiff-fix-heap-vul.patch
  bsdiff-fix-makefile.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ bsdiff.spec ++++++
--- /var/tmp/diff_new_pack.XwAicf/_old  2016-07-30 00:28:15.000000000 +0200
+++ /var/tmp/diff_new_pack.XwAicf/_new  2016-07-30 00:28:15.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package bsdiff
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,14 +19,16 @@
 Name:           bsdiff
 Version:        4.3
 Release:        0
-Summary:        Tools for patches to binary files
+Summary:        Tools for binary file patches
 License:        BSD-2-Clause
 Group:          Productivity/File utilities
 Url:            http://daemonology.net/bsdiff
 Source:         http://daemonology.net/bsdiff/%{name}-%{version}.tar.gz
-BuildRequires:  gcc
+# PATCH-FIX-OPENSUSE bsdiff-fix-makefile.patch sor.ale...@meowr.ru
+Patch0:         %{name}-fix-makefile.patch
+# PATCH-FIX-UPSTREAM bsdiff-fix-heap-vul.patch bsc#990660 -- Fix heap 
vulnerability in bspatch (CVE-2014-9862).
+Patch1:         %{name}-fix-heap-vul.patch
 BuildRequires:  libbz2-devel
-BuildRequires:  make
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -39,24 +41,23 @@
 
 %prep
 %setup -q
-# Fix make install.
-sed -i 
's/^\..*$//g;s|${PREFIX}|${DESTDIR}${PREFIX}|g;s|${PREFIX}/man|%{_mandir}|g' 
Makefile
+%patch0 -p1
+%patch1 -p1
 head -n 25 %{name}.c > COPYING
 
 %build
-# Proper make fails for unknown reason thus workaround has been made.
-cc %{optflags} %{name}.c -lbz2 -o %{name}
-cc %{optflags} bspatch.c -lbz2 -o bspatch
+make %{?_smp_mflags} \
+  CFLAGS="%{optflags}"
 
 %install
-mkdir -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1/
-%make_install PREFIX=%{_prefix} INSTALL=%{_bindir}/install
+%make_install \
+  PREFIX=%{_prefix}
 
 %files
 %defattr(-,root,root)
 %doc COPYING
 %{_bindir}/%{name}
 %{_bindir}/bspatch
-%{_mandir}/man1/*%{?ext_man}
+%{_mandir}/man1/*.1%{?ext_man}
 
 %changelog

++++++ bsdiff-fix-heap-vul.patch ++++++
--- b/bspatch.c
+++ c/bspatch.c
@@ -152,6 +152,10 @@ int main(int argc,char * argv[])
                };
 
                /* Sanity-check */
+               if ((ctrl[0] < 0) || (ctrl[1] < 0))
+                       errx(1,"Corrupt patch\n");
+
+               /* Sanity-check */
                if(newpos+ctrl[0]>newsize)
                        errx(1,"Corrupt patch\n");
 
++++++ bsdiff-fix-makefile.patch ++++++
--- a/Makefile
+++ b/Makefile
@@ -1,15 +1,31 @@
-CFLAGS         +=      -O3 -lbz2
+СС             ?=      gcc
+CFLAGS         +=      -O2 -Wall -std=gnu89
+LDFLAGS                +=      -lbz2
+INSTALL                ?=      install
 
 PREFIX         ?=      /usr/local
-INSTALL_PROGRAM        ?=      ${INSTALL} -c -s -m 555
-INSTALL_MAN    ?=      ${INSTALL} -c -m 444
+MANDIR         ?=      $(PREFIX)/share/man
 
-all:           bsdiff bspatch
-bsdiff:                bsdiff.c
-bspatch:       bspatch.c
+all: bsdiff bspatch
+       strip -s bsdiff
+       strip -s bspatch
+
+bsdiff: bsdiff.c
+       $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@
+
+bspatch: bspatch.c
+       $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@
 
 install:
-       ${INSTALL_PROGRAM} bsdiff bspatch ${PREFIX}/bin
-.ifndef WITHOUT_MAN
-       ${INSTALL_MAN} bsdiff.1 bspatch.1 ${PREFIX}/man/man1
-.endif
+       $(INSTALL) -Dpm 0755 bsdiff $(DESTDIR)$(PREFIX)/bin/bsdiff
+       $(INSTALL) -Dpm 0755 bspatch $(DESTDIR)$(PREFIX)/bin/bspatch
+ifndef WITHOUT_MAN
+       $(INSTALL) -Dpm 0644 bsdiff.1 $(DESTDIR)$(MANDIR)/man1/bsdiff.1
+       $(INSTALL) -Dpm 0644 bspatch.1 $(DESTDIR)$(MANDIR)/man1/bspatch.1
+endif
+
+uninstall:
+       rm -fv $(DESTDIR)$(MANDIR)/bin/bsdiff
+       rm -fv $(DESTDIR)$(MANDIR)/bin/bspatch
+       rm -fv $(DESTDIR)$(MANDIR)/man1/bsdiff.1
+       rm -fv $(DESTDIR)$(MANDIR)/man1/bspatch.1

Reply via email to