From 4ec1f15ebeff6c7641010fca9ba79648cbc850b5 Mon Sep 17 00:00:00 2001 From: naddy Date: Thu, 25 Jan 2007 21:08:22 +0000 Subject: [PATCH] SECURITY update to 1.0.4: * Fix file permissions race problem (CVE-2005-0953). * Avoid possible segfault in BZ2_bzclose. * Sanitise file names more carefully in bzgrep. Fixes CVE-2005-0758 to the extent that applies to bzgrep. * Use 'mktemp' rather than 'tempfile' in bzdiff. * Tighten up a couple of assertions in blocksort.c following automated analysis. --- archivers/bzip2/Makefile | 6 +++--- archivers/bzip2/distinfo | 8 ++++---- archivers/bzip2/patches/patch-Makefile | 24 ++++++++++++------------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/archivers/bzip2/Makefile b/archivers/bzip2/Makefile index 7bcf3c84aa3..a70edd0f368 100644 --- a/archivers/bzip2/Makefile +++ b/archivers/bzip2/Makefile @@ -1,12 +1,12 @@ -# $OpenBSD: Makefile,v 1.53 2006/02/03 20:00:33 steven Exp $ +# $OpenBSD: Makefile,v 1.54 2007/01/25 21:08:22 naddy Exp $ COMMENT= "block-sorting file compressor, unencumbered" -VERSION= 1.0.3 +VERSION= 1.0.4 DISTNAME= bzip2-${VERSION} CATEGORIES= archivers MASTER_SITES= ${HOMEPAGE}${VERSION}/ -SHARED_LIBS= bz2 10.3 +SHARED_LIBS= bz2 10.4 HOMEPAGE= http://www.bzip.org/ diff --git a/archivers/bzip2/distinfo b/archivers/bzip2/distinfo index 187ddf72847..9aa8bac377d 100644 --- a/archivers/bzip2/distinfo +++ b/archivers/bzip2/distinfo @@ -1,4 +1,4 @@ -MD5 (bzip2-1.0.3.tar.gz) = 8a716bebecb6e647d2e8a29ea5d8447f -RMD160 (bzip2-1.0.3.tar.gz) = 7ac2a122c254d1fcd54ca8af96a1814e9e245a1a -SHA1 (bzip2-1.0.3.tar.gz) = 7e749510f65c86fbfff37b97144a02f1b8b8617f -SIZE (bzip2-1.0.3.tar.gz) = 669075 +MD5 (bzip2-1.0.4.tar.gz) = fc310b254f6ba5fbb5da018f04533688 +RMD160 (bzip2-1.0.4.tar.gz) = 438365cb911ef84b3bd6643e0d39f6b7567f0447 +SHA1 (bzip2-1.0.4.tar.gz) = f2388ec8f2c506e02aa89e67577b3c6331cbaa4c +SIZE (bzip2-1.0.4.tar.gz) = 841221 diff --git a/archivers/bzip2/patches/patch-Makefile b/archivers/bzip2/patches/patch-Makefile index 879ec29fec5..4b66e510416 100644 --- a/archivers/bzip2/patches/patch-Makefile +++ b/archivers/bzip2/patches/patch-Makefile @@ -1,12 +1,12 @@ -$OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $ ---- Makefile.orig Thu Feb 17 12:28:24 2005 -+++ Makefile Thu Dec 22 09:39:51 2005 -@@ -10,10 +10,9 @@ LDFLAGS= +$OpenBSD: patch-Makefile,v 1.11 2007/01/25 21:08:22 naddy Exp $ +--- Makefile.orig Tue Jan 23 21:27:43 2007 ++++ Makefile Tue Jan 23 21:35:18 2007 +@@ -23,10 +23,9 @@ LDFLAGS= BIGFILES=-D_FILE_OFFSET_BITS=64 - CFLAGS=-Wall -Winline -O -g $(BIGFILES) + CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) -# Where you want it installed when you do 'make install' --PREFIX=/usr +-PREFIX=/usr/local +PICFLAG= -fpic +SHLIB= libbz2.so.${LIBbz2_VERSION} @@ -14,7 +14,7 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $ OBJS= blocksort.o \ huffman.o \ crctable.o \ -@@ -21,10 +20,17 @@ OBJS= blocksort.o \ +@@ -34,10 +33,17 @@ OBJS= blocksort.o \ compress.o \ decompress.o \ bzlib.o @@ -33,7 +33,7 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $ $(CC) $(CFLAGS) $(LDFLAGS) -o bzip2 bzip2.o -L. -lbz2 bzip2recover: bzip2recover.o -@@ -39,66 +45,61 @@ libbz2.a: $(OBJS) +@@ -52,66 +58,61 @@ libbz2.a: $(OBJS) $(RANLIB) libbz2.a ; \ fi @@ -91,14 +91,14 @@ $OpenBSD: patch-Makefile,v 1.10 2005/12/23 13:57:21 espie Exp $ - cp -f libbz2.a $(PREFIX)/lib - chmod a+r $(PREFIX)/lib/libbz2.a - cp -f bzgrep $(PREFIX)/bin/bzgrep -- ln $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzegrep -- ln $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzfgrep +- ln -s -f $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzegrep +- ln -s -f $(PREFIX)/bin/bzgrep $(PREFIX)/bin/bzfgrep - chmod a+x $(PREFIX)/bin/bzgrep - cp -f bzmore $(PREFIX)/bin/bzmore -- ln $(PREFIX)/bin/bzmore $(PREFIX)/bin/bzless +- ln -s -f $(PREFIX)/bin/bzmore $(PREFIX)/bin/bzless - chmod a+x $(PREFIX)/bin/bzmore - cp -f bzdiff $(PREFIX)/bin/bzdiff -- ln $(PREFIX)/bin/bzdiff $(PREFIX)/bin/bzcmp +- ln -s -f $(PREFIX)/bin/bzdiff $(PREFIX)/bin/bzcmp - chmod a+x $(PREFIX)/bin/bzdiff - cp -f bzgrep.1 bzmore.1 bzdiff.1 $(PREFIX)/man/man1 - chmod a+r $(PREFIX)/man/man1/bzgrep.1