SECURITY update to 1.0.4:

* Fix file permissions race problem (CVE-2005-0953).
* Avoid possible segfault in BZ2_bzclose.
* Sanitise file names more carefully in bzgrep.  Fixes CVE-2005-0758
  to the extent that applies to bzgrep.
* Use 'mktemp' rather than 'tempfile' in bzdiff.
* Tighten up a couple of assertions in blocksort.c following automated
  analysis.
This commit is contained in:
naddy 2007-01-25 21:08:22 +00:00
parent 1964826b56
commit 4ec1f15ebe
3 changed files with 19 additions and 19 deletions

View File

@ -1,12 +1,12 @@
# $OpenBSD: Makefile,v 1.53 2006/02/03 20:00:33 steven Exp $
# $OpenBSD: Makefile,v 1.54 2007/01/25 21:08:22 naddy Exp $
COMMENT= "block-sorting file compressor, unencumbered"
VERSION= 1.0.3
VERSION= 1.0.4
DISTNAME= bzip2-${VERSION}
CATEGORIES= archivers
MASTER_SITES= ${HOMEPAGE}${VERSION}/
SHARED_LIBS= bz2 10.3
SHARED_LIBS= bz2 10.4
HOMEPAGE= http://www.bzip.org/

View File

@ -1,4 +1,4 @@
MD5 (bzip2-1.0.3.tar.gz) = 8a716bebecb6e647d2e8a29ea5d8447f
RMD160 (bzip2-1.0.3.tar.gz) = 7ac2a122c254d1fcd54ca8af96a1814e9e245a1a
SHA1 (bzip2-1.0.3.tar.gz) = 7e749510f65c86fbfff37b97144a02f1b8b8617f
SIZE (bzip2-1.0.3.tar.gz) = 669075
MD5 (bzip2-1.0.4.tar.gz) = fc310b254f6ba5fbb5da018f04533688
RMD160 (bzip2-1.0.4.tar.gz) = 438365cb911ef84b3bd6643e0d39f6b7567f0447
SHA1 (bzip2-1.0.4.tar.gz) = f2388ec8f2c506e02aa89e67577b3c6331cbaa4c
SIZE (bzip2-1.0.4.tar.gz) = 841221

View File

@ -1,12 +1,12 @@
$OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $
--- Makefile.orig Thu Feb 17 12:28:24 2005
+++ Makefile Thu Dec 22 09:39:51 2005
@@ -10,10 +10,9 @@ LDFLAGS=
$OpenBSD: patch-Makefile,v 1.11 2007/01/25 21:08:22 naddy Exp $
--- Makefile.orig Tue Jan 23 21:27:43 2007
+++ Makefile Tue Jan 23 21:35:18 2007
@@ -23,10 +23,9 @@ LDFLAGS=
BIGFILES=-D_FILE_OFFSET_BITS=64
CFLAGS=-Wall -Winline -O -g $(BIGFILES)
CFLAGS=-Wall -Winline -O2 -g $(BIGFILES)
-# Where you want it installed when you do 'make install'
-PREFIX=/usr
-PREFIX=/usr/local
+PICFLAG= -fpic
+SHLIB= libbz2.so.${LIBbz2_VERSION}
@ -14,7 +14,7 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $
OBJS= blocksort.o \
huffman.o \
crctable.o \
@@ -21,10 +20,17 @@ OBJS= blocksort.o \
@@ -34,10 +33,17 @@ OBJS= blocksort.o \
compress.o \
decompress.o \
bzlib.o
@ -33,7 +33,7 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $
$(CC) $(CFLAGS) $(LDFLAGS) -o bzip2 bzip2.o -L. -lbz2
bzip2recover: bzip2recover.o
@@ -39,66 +45,61 @@ libbz2.a: $(OBJS)
@@ -52,66 +58,61 @@ libbz2.a: $(OBJS)
$(RANLIB) libbz2.a ; \
fi
@ -91,14 +91,14 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $
- cp -f libbz2.a $(PREFIX)/lib
- chmod a+r $(PREFIX)/lib/libbz2.a
- cp -f bzgrep $(PREFIX)/bin/bzgrep
- ln $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzegrep
- ln $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzfgrep
- ln -s -f $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzegrep
- ln -s -f $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzfgrep
- chmod a+x $(PREFIX)/bin/bzgrep
- cp -f bzmore $(PREFIX)/bin/bzmore
- ln $(PREFIX)/bin/bzmore $(PREFIX)/bin/bzless
- ln -s -f $(PREFIX)/bin/bzmore $(PREFIX)/bin/bzless
- chmod a+x $(PREFIX)/bin/bzmore
- cp -f bzdiff $(PREFIX)/bin/bzdiff
- ln $(PREFIX)/bin/bzdiff $(PREFIX)/bin/bzcmp
- ln -s -f $(PREFIX)/bin/bzdiff $(PREFIX)/bin/bzcmp
- chmod a+x $(PREFIX)/bin/bzdiff
- cp -f bzgrep.1 bzmore.1 bzdiff.1 $(PREFIX)/man/man1
- chmod a+r $(PREFIX)/man/man1/bzgrep.1