Skip to content

Commit

Permalink
app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).
Browse files Browse the repository at this point in the history
Package-Manager: Portage-2.3.6, Repoman-2.3.2
  • Loading branch information
Lars Wendler committed Jun 3, 2017
1 parent d63517f commit fd4e6ac
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 0 deletions.
114 changes: 114 additions & 0 deletions app-arch/bzip2/bzip2-1.0.6-r8.ebuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
# (since we're building shared libs) ...

EAPI=5

inherit eutils toolchain-funcs multilib multilib-minimal

DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
HOMEPAGE="http://www.bzip.org/"
SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"

LICENSE="BZIP2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="static static-libs"

PATCHES=(
"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
"${FILESDIR}"/${PN}-1.0.6-saneso.patch
"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
"${FILESDIR}"/${PN}-1.0.6-progress.patch
"${FILESDIR}"/${PN}-1.0.3-no-test.patch
"${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
"${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
"${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
"${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
)

src_prepare() {
epatch "${PATCHES[@]}"

# - Use right man path
# - Generate symlinks instead of hardlinks
# - pass custom variables to control libdir
sed -i \
-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
Makefile || die
}

bemake() {
emake \
VPATH="${S}" \
CC="$(tc-getCC)" \
AR="$(tc-getAR)" \
RANLIB="$(tc-getRANLIB)" \
"$@"
}

multilib_src_compile() {
bemake -f "${S}"/Makefile-libbz2_so all
# Make sure we link against the shared lib #504648
ln -sf libbz2.so.${PV} libbz2.so
bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
}

multilib_src_install() {
into /usr

# Install the shared lib manually. We install:
# .x.x.x - standard shared lib behavior
# .x.x - SONAME some distros use #338321
# .x - SONAME Gentoo uses
dolib.so libbz2.so.${PV}
local v
for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
done
use static-libs && dolib.a libbz2.a

if multilib_is_native_abi ; then
gen_usr_ldscript -a bz2

dobin bzip2recover
into /
dobin bzip2
fi
}

multilib_src_install_all() {
# `make install` doesn't cope with out-of-tree builds, nor with
# installing just non-binaries, so handle things ourselves.
insinto /usr/include
doins bzlib.h
into /usr
dobin bz{diff,grep,more}
doman *.1

dosym bzdiff /usr/bin/bzcmp
dosym bzdiff.1 /usr/share/man/man1/bzcmp.1

dosym bzmore /usr/bin/bzless
dosym bzmore.1 /usr/share/man/man1/bzless.1

local x
for x in bunzip2 bzcat bzip2recover ; do
dosym bzip2.1 /usr/share/man/man1/${x}.1
done
for x in bz{e,f}grep ; do
dosym bzgrep /usr/bin/${x}
dosym bzgrep.1 /usr/share/man/man1/${x}.1
done

dodoc README* CHANGES manual.pdf
dohtml manual.html

# move "important" bzip2 binaries to /bin and use the shared libbz2.so
dosym bzip2 /bin/bzcat
dosym bzip2 /bin/bunzip2
}
18 changes: 18 additions & 0 deletions app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
Upstream-Status: Backport
https://bugzilla.suse.com/attachment.cgi?id=681334

CVE: CVE-2016-3189
Signed-off-by: Armin Kuster <[email protected]>

Index: bzip2-1.0.6/bzip2recover.c
===================================================================
--- bzip2-1.0.6.orig/bzip2recover.c
+++ bzip2-1.0.6/bzip2recover.c
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;

0 comments on commit fd4e6ac

Please sign in to comment.