Hello community,
here is the log from the commit of package bsdiff for openSUSE:Factory checked
in at 2016-07-30 00:28:13
Comparing /work/SRC/openSUSE:Factory/bsdiff (Old)
and /work/SRC/openSUSE:Factory/.bsdiff.new (New)
Package is "bsdiff"
Changes:
--- /work/SRC/openSUSE:Factory/bsdiff/bsdiff.changes2015-12-09
22:13:14.0 +0100
+++ /work/SRC/openSUSE:Factory/.bsdiff.new/bsdiff.changes 2016-07-30
00:28:14.0 +0200
@@ -1,0 +2,9 @@
+Tue Jul 26 16:46:59 UTC 2016 - sor.ale...@meowr.ru
+
+- Add bsdiff-fix-makefile.patch: patch Makefile instead of working
+ around it in the spec file.
+- Add bsdiff-fix-heap-vul.patch: fix heap vulnerability in bspatch
+ (bsc#990660, CVE-2014-9862), taken from
+ https://security.freebsd.org/patches/SA-16:25/bspatch.patch
+
+---
New:
bsdiff-fix-heap-vul.patch
bsdiff-fix-makefile.patch
Other differences:
--
++ bsdiff.spec ++
--- /var/tmp/diff_new_pack.XwAicf/_old 2016-07-30 00:28:15.0 +0200
+++ /var/tmp/diff_new_pack.XwAicf/_new 2016-07-30 00:28:15.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package bsdiff
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,14 +19,16 @@
Name: bsdiff
Version:4.3
Release:0
-Summary:Tools for patches to binary files
+Summary:Tools for binary file patches
License:BSD-2-Clause
Group: Productivity/File utilities
Url:http://daemonology.net/bsdiff
Source: http://daemonology.net/bsdiff/%{name}-%{version}.tar.gz
-BuildRequires: gcc
+# PATCH-FIX-OPENSUSE bsdiff-fix-makefile.patch sor.ale...@meowr.ru
+Patch0: %{name}-fix-makefile.patch
+# PATCH-FIX-UPSTREAM bsdiff-fix-heap-vul.patch bsc#990660 -- Fix heap
vulnerability in bspatch (CVE-2014-9862).
+Patch1: %{name}-fix-heap-vul.patch
BuildRequires: libbz2-devel
-BuildRequires: make
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -39,24 +41,23 @@
%prep
%setup -q
-# Fix make install.
-sed -i
's/^\..*$//g;s|${PREFIX}|${DESTDIR}${PREFIX}|g;s|${PREFIX}/man|%{_mandir}|g'
Makefile
+%patch0 -p1
+%patch1 -p1
head -n 25 %{name}.c > COPYING
%build
-# Proper make fails for unknown reason thus workaround has been made.
-cc %{optflags} %{name}.c -lbz2 -o %{name}
-cc %{optflags} bspatch.c -lbz2 -o bspatch
+make %{?_smp_mflags} \
+ CFLAGS="%{optflags}"
%install
-mkdir -p %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1/
-%make_install PREFIX=%{_prefix} INSTALL=%{_bindir}/install
+%make_install \
+ PREFIX=%{_prefix}
%files
%defattr(-,root,root)
%doc COPYING
%{_bindir}/%{name}
%{_bindir}/bspatch
-%{_mandir}/man1/*%{?ext_man}
+%{_mandir}/man1/*.1%{?ext_man}
%changelog
++ bsdiff-fix-heap-vul.patch ++
--- b/bspatch.c
+++ c/bspatch.c
@@ -152,6 +152,10 @@ int main(int argc,char * argv[])
};
/* Sanity-check */
+ if ((ctrl[0] < 0) || (ctrl[1] < 0))
+ errx(1,"Corrupt patch\n");
+
+ /* Sanity-check */
if(newpos+ctrl[0]>newsize)
errx(1,"Corrupt patch\n");
++ bsdiff-fix-makefile.patch ++
--- a/Makefile
+++ b/Makefile
@@ -1,15 +1,31 @@
-CFLAGS += -O3 -lbz2
+СС ?= gcc
+CFLAGS += -O2 -Wall -std=gnu89
+LDFLAGS+= -lbz2
+INSTALL?= install
PREFIX ?= /usr/local
-INSTALL_PROGRAM?= ${INSTALL} -c -s -m 555
-INSTALL_MAN?= ${INSTALL} -c -m 444
+MANDIR ?= $(PREFIX)/share/man
-all: bsdiff bspatch
-bsdiff:bsdiff.c
-bspatch: bspatch.c
+all: bsdiff bspatch
+ strip -s bsdiff
+ strip -s bspatch
+
+bsdiff: bsdiff.c
+ $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@
+
+bspatch: bspatch.c
+ $(CC) $(CFLAGS) $< $(LDFLAGS) -o $@
install:
- ${INSTALL_PROGRAM} bsdiff bspatch ${PREFIX}/bin
-.ifndef WITHOUT_MAN
- ${INSTALL_MAN} bsdiff.1 bspatch.1 ${PREFIX}/man/man1
-.endif
+ $(INSTALL) -Dpm 0755 bsdiff $(DESTDIR)$(PREFIX)/bin/bsdiff
+ $(INSTALL) -Dpm 0755 bspatch $(DESTDIR)$(PREFIX)/bin/bspatch
+ifndef WITHOUT_MAN
+ $(INSTALL) -Dpm 0644 bsdiff.1 $(DESTDIR)$(MANDIR)/man1/bsdiff.1
+ $(INSTALL) -Dpm 0644 bspatch.1 $(DESTDIR)$(MANDIR)/man1/bspatch.1
+endif
+
+uninstall:
+ rm -fv $(DESTDIR)$(MANDIR)/bin/bsdiff
+ rm -fv