summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2017-06-03 13:48:46 +0200
committerLars Wendler <polynomial-c@gentoo.org>2017-06-03 13:48:46 +0200
commitfd4e6acf26c5766cfe17b4d1be223afcd0bab1e0 (patch)
tree0e19c7f5dd9baab9fa783be886266b4eb47cd8a8 /app-arch/bzip2
parentapp-admin/sudo: Removed old. (diff)
downloadgentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.tar.gz
gentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.tar.bz2
gentoo-fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.zip
app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Diffstat (limited to 'app-arch/bzip2')
-rw-r--r--app-arch/bzip2/bzip2-1.0.6-r8.ebuild114
-rw-r--r--app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch18
2 files changed, 132 insertions, 0 deletions
diff --git a/app-arch/bzip2/bzip2-1.0.6-r8.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
new file mode 100644
index 000000000000..c5e3c31b4f8a
--- /dev/null
+++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
+# (since we're building shared libs) ...
+
+EAPI=5
+
+inherit eutils toolchain-funcs multilib multilib-minimal
+
+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
+HOMEPAGE="http://www.bzip.org/"
+SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"
+
+LICENSE="BZIP2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="static static-libs"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
+ "${FILESDIR}"/${PN}-1.0.6-saneso.patch
+ "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
+ "${FILESDIR}"/${PN}-1.0.6-progress.patch
+ "${FILESDIR}"/${PN}-1.0.3-no-test.patch
+ "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
+ "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
+ "${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
+ "${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+
+ # - Use right man path
+ # - Generate symlinks instead of hardlinks
+ # - pass custom variables to control libdir
+ sed -i \
+ -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
+ -e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
+ -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
+ Makefile || die
+}
+
+bemake() {
+ emake \
+ VPATH="${S}" \
+ CC="$(tc-getCC)" \
+ AR="$(tc-getAR)" \
+ RANLIB="$(tc-getRANLIB)" \
+ "$@"
+}
+
+multilib_src_compile() {
+ bemake -f "${S}"/Makefile-libbz2_so all
+ # Make sure we link against the shared lib #504648
+ ln -sf libbz2.so.${PV} libbz2.so
+ bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
+}
+
+multilib_src_install() {
+ into /usr
+
+ # Install the shared lib manually. We install:
+ # .x.x.x - standard shared lib behavior
+ # .x.x - SONAME some distros use #338321
+ # .x - SONAME Gentoo uses
+ dolib.so libbz2.so.${PV}
+ local v
+ for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
+ dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
+ done
+ use static-libs && dolib.a libbz2.a
+
+ if multilib_is_native_abi ; then
+ gen_usr_ldscript -a bz2
+
+ dobin bzip2recover
+ into /
+ dobin bzip2
+ fi
+}
+
+multilib_src_install_all() {
+ # `make install` doesn't cope with out-of-tree builds, nor with
+ # installing just non-binaries, so handle things ourselves.
+ insinto /usr/include
+ doins bzlib.h
+ into /usr
+ dobin bz{diff,grep,more}
+ doman *.1
+
+ dosym bzdiff /usr/bin/bzcmp
+ dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
+
+ dosym bzmore /usr/bin/bzless
+ dosym bzmore.1 /usr/share/man/man1/bzless.1
+
+ local x
+ for x in bunzip2 bzcat bzip2recover ; do
+ dosym bzip2.1 /usr/share/man/man1/${x}.1
+ done
+ for x in bz{e,f}grep ; do
+ dosym bzgrep /usr/bin/${x}
+ dosym bzgrep.1 /usr/share/man/man1/${x}.1
+ done
+
+ dodoc README* CHANGES manual.pdf
+ dohtml manual.html
+
+ # move "important" bzip2 binaries to /bin and use the shared libbz2.so
+ dosym bzip2 /bin/bzcat
+ dosym bzip2 /bin/bunzip2
+}
diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
new file mode 100644
index 000000000000..1d0c3a6dd34f
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Backport
+https://bugzilla.suse.com/attachment.cgi?id=681334
+
+CVE: CVE-2016-3189
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bzip2-1.0.6/bzip2recover.c
+===================================================================
+--- bzip2-1.0.6.orig/bzip2recover.c
++++ bzip2-1.0.6/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;