bzip2: fix CVE-2016-3189

2016-07-04 12:40:39 +02:00 · 2016-07-04 12:40:39 +02:00 · fc86793716
commit fc86793716
parent adacc1ccbd
2 changed files with 13 additions and 1 deletions
--- a/srcpkgs/bzip2/patches/CVE-2016-3189.patch
+++ b/srcpkgs/bzip2/patches/CVE-2016-3189.patch
@ -0,0 +1,12 @@
+Patch from: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
+
+--- ./bzip2recover.c.old	2016-03-22 08:49:38.855620000 +0100
+++ ./bzip2recover.c	2016-03-30 10:22:27.341430099 +0200
+@@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
+            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
--- a/srcpkgs/bzip2/template
+++ b/srcpkgs/bzip2/template
@ -1,7 +1,7 @@
 # Template build file for 'bzip2'.
 pkgname=bzip2
 version=1.0.6
-revision=10
+revision=11
 bootstrap=yes
 homepage="http://www.bzip.org"
 distfiles="http://www.bzip.org/$version/$pkgname-$version.tar.gz"