Change-Id: Ib31db0200850edf88bae75f40ef366235c5f4c43
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1556
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: suezzelur <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,11 @@ |
0 |
+diff -ru bzip2-1.0.6/bzip2recover.c bzip2-1.0.6-mo/bzip2recover.c |
|
1 |
+--- bzip2-1.0.6/bzip2recover.c 2010-09-10 16:18:40.000000000 -0700 |
|
2 |
+@@ -457,6 +457,7 @@ |
|
3 |
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); |
|
4 |
+ bsPutUInt32 ( bsWr, blockCRC ); |
|
5 |
+ bsClose ( bsWr ); |
|
6 |
++ outFile = NULL; |
|
7 |
+ } |
|
8 |
+ if (wrBlock >= rbCtr) break; |
|
9 |
+ wrBlock++; |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Contains programs for compressing and decompressing files |
2 | 2 |
Name: bzip2 |
3 | 3 |
Version: 1.0.6 |
4 |
-Release: 5%{?dist} |
|
4 |
+Release: 6%{?dist} |
|
5 | 5 |
License: BSD |
6 | 6 |
URL: http://www.bzip.org/ |
7 | 7 |
Group: System Environment/Base |
... | ... |
@@ -11,6 +11,7 @@ Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz |
11 | 11 |
Provides: libbz2.so.1()(64bit) |
12 | 12 |
%define sha1 bzip2=3f89f861209ce81a6bab1fd1998c0ef311712002 |
13 | 13 |
Patch0: http://www.linuxfromscratch.org/patches/lfs/7.2/bzip2-1.0.6-install_docs-1.patch |
14 |
+Patch1: CVE-2016-3189.patch |
|
14 | 15 |
%description |
15 | 16 |
The Bzip2 package contains programs for compressing and |
16 | 17 |
decompressing files. Compressing text files with bzip2 yields a much better |
... | ... |
@@ -23,6 +24,7 @@ It contains the libraries and header files to create applications |
23 | 23 |
%prep |
24 | 24 |
%setup -q |
25 | 25 |
%patch0 -p1 |
26 |
+%patch1 -p1 |
|
26 | 27 |
sed -i 's@\(ln -s -f \)$(PREFIX)/bin/@\1@' Makefile |
27 | 28 |
sed -i "s@(PREFIX)/man@(PREFIX)/share/man@g" Makefile |
28 | 29 |
%build |
... | ... |
@@ -77,6 +79,8 @@ make %{?_smp_mflags} check |
77 | 77 |
%{_includedir}/bzlib.h |
78 | 78 |
%{_libdir}/libbz2.so |
79 | 79 |
%changelog |
80 |
+* Fri Oct 21 2016 Kumar Kaushik <kaushikk@vmware.com> 1.0.6-6 |
|
81 |
+- Fixing security bug CVE-2016-3189. |
|
80 | 82 |
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0.6-5 |
81 | 83 |
- GA - Bump release of all rpms |
82 | 84 |
* Tue Nov 10 2015 Mahmoud Bassiouny <mbassiouny@vmware.com> 1.0.6-4 |