[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/
Date:	Sat, 03 Jun 2017 11:49:02
Message-Id:	`1496490526.fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0.polynomial-c@gentoo`

1

commit:     fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Sat Jun  3 11:48:46 2017 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Sat Jun  3 11:48:46 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd4e6acf

7

8

app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).

9

10

Package-Manager: Portage-2.3.6, Repoman-2.3.2

11

12

 app-arch/bzip2/bzip2-1.0.6-r8.ebuild               | 114 +++++++++++++++++++++

13

 .../bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch    |  18 ++++

14

 2 files changed, 132 insertions(+)

15

16

diff --git a/app-arch/bzip2/bzip2-1.0.6-r8.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild

17

new file mode 100644

18

index 00000000000..c5e3c31b4f8

19

--- /dev/null

20

+++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild

21

@@ -0,0 +1,114 @@

22

+# Copyright 1999-2017 Gentoo Foundation

23

+# Distributed under the terms of the GNU General Public License v2

24

+

25

+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly

26

+#      (since we're building shared libs) ...

27

+

28

+EAPI=5

29

+

30

+inherit eutils toolchain-funcs multilib multilib-minimal

31

+

32

+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"

33

+HOMEPAGE="http://www.bzip.org/"

34

+SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"

35

+

36

+LICENSE="BZIP2"

37

+SLOT="0"

38

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"

39

+IUSE="static static-libs"

40

+

41

+PATCHES=(

42

+	"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch

43

+	"${FILESDIR}"/${PN}-1.0.6-saneso.patch

44

+	"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986

45

+	"${FILESDIR}"/${PN}-1.0.6-progress.patch

46

+	"${FILESDIR}"/${PN}-1.0.3-no-test.patch

47

+	"${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365

48

+	"${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573

49

+	"${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch

50

+	"${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466

51

+)

52

+

53

+src_prepare() {

54

+	epatch "${PATCHES[@]}"

55

+

56

+	# - Use right man path

57

+	# - Generate symlinks instead of hardlinks

58

+	# - pass custom variables to control libdir

59

+	sed -i \

60

+		-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \

61

+		-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \

62

+		-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \

63

+		Makefile || die

64

+}

65

+

66

+bemake() {

67

+	emake \

68

+		VPATH="${S}" \

69

+		CC="$(tc-getCC)" \

70

+		AR="$(tc-getAR)" \

71

+		RANLIB="$(tc-getRANLIB)" \

72

+		"$@"

73

+}

74

+

75

+multilib_src_compile() {

76

+	bemake -f "${S}"/Makefile-libbz2_so all

77

+	# Make sure we link against the shared lib #504648

78

+	ln -sf libbz2.so.${PV} libbz2.so

79

+	bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"

80

+}

81

+

82

+multilib_src_install() {

83

+	into /usr

84

+

85

+	# Install the shared lib manually.  We install:

86

+	#  .x.x.x - standard shared lib behavior

87

+	#  .x.x   - SONAME some distros use #338321

88

+	#  .x     - SONAME Gentoo uses

89

+	dolib.so libbz2.so.${PV}

90

+	local v

91

+	for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do

92

+		dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}

93

+	done

94

+	use static-libs && dolib.a libbz2.a

95

+

96

+	if multilib_is_native_abi ; then

97

+		gen_usr_ldscript -a bz2

98

+

99

+		dobin bzip2recover

100

+		into /

101

+		dobin bzip2

102

+	fi

103

+}

104

+

105

+multilib_src_install_all() {

106

+	# `make install` doesn't cope with out-of-tree builds, nor with

107

+	# installing just non-binaries, so handle things ourselves.

108

+	insinto /usr/include

109

+	doins bzlib.h

110

+	into /usr

111

+	dobin bz{diff,grep,more}

112

+	doman *.1

113

+

114

+	dosym bzdiff /usr/bin/bzcmp

115

+	dosym bzdiff.1 /usr/share/man/man1/bzcmp.1

116

+

117

+	dosym bzmore /usr/bin/bzless

118

+	dosym bzmore.1 /usr/share/man/man1/bzless.1

119

+

120

+	local x

121

+	for x in bunzip2 bzcat bzip2recover ; do

122

+		dosym bzip2.1 /usr/share/man/man1/${x}.1

123

+	done

124

+	for x in bz{e,f}grep ; do

125

+		dosym bzgrep /usr/bin/${x}

126

+		dosym bzgrep.1 /usr/share/man/man1/${x}.1

127

+	done

128

+

129

+	dodoc README* CHANGES manual.pdf

130

+	dohtml manual.html

131

+

132

+	# move "important" bzip2 binaries to /bin and use the shared libbz2.so

133

+	dosym bzip2 /bin/bzcat

134

+	dosym bzip2 /bin/bunzip2

135

+}

136

137

diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch

138

new file mode 100644

139

index 00000000000..1d0c3a6dd34

140

--- /dev/null

141

+++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch

142

@@ -0,0 +1,18 @@

143

+Upstream-Status: Backport

144

+https://bugzilla.suse.com/attachment.cgi?id=681334

145

+

146

+CVE: CVE-2016-3189

147

+Signed-off-by: Armin Kuster <akuster@××××××.com>

148

+

149

+Index: bzip2-1.0.6/bzip2recover.c

150

+===================================================================

151

+--- bzip2-1.0.6.orig/bzip2recover.c

152

++++ bzip2-1.0.6/bzip2recover.c

153

+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )

154

+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );

155

+             bsPutUInt32 ( bsWr, blockCRC );

156

+             bsClose ( bsWr );

157

++            outFile = NULL;

158

+          }

159

+          if (wrBlock >= rbCtr) break;

160

+          wrBlock++;

1	commit: fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Sat Jun 3 11:48:46 2017 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Sat Jun 3 11:48:46 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd4e6acf
7
8	app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).
9
10	Package-Manager: Portage-2.3.6, Repoman-2.3.2
11
12	app-arch/bzip2/bzip2-1.0.6-r8.ebuild \| 114 +++++++++++++++++++++
13	.../bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch \| 18 ++++
14	2 files changed, 132 insertions(+)
15
16	diff --git a/app-arch/bzip2/bzip2-1.0.6-r8.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
17	new file mode 100644
18	index 00000000000..c5e3c31b4f8
19	--- /dev/null
20	+++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
21	@@ -0,0 +1,114 @@
22	+# Copyright 1999-2017 Gentoo Foundation
23	+# Distributed under the terms of the GNU General Public License v2
24	+
25	+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
26	+# (since we're building shared libs) ...
27	+
28	+EAPI=5
29	+
30	+inherit eutils toolchain-funcs multilib multilib-minimal
31	+
32	+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
33	+HOMEPAGE="http://www.bzip.org/"
34	+SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"
35	+
36	+LICENSE="BZIP2"
37	+SLOT="0"
38	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
39	+IUSE="static static-libs"
40	+
41	+PATCHES=(
42	+ "${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
43	+ "${FILESDIR}"/${PN}-1.0.6-saneso.patch
44	+ "${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
45	+ "${FILESDIR}"/${PN}-1.0.6-progress.patch
46	+ "${FILESDIR}"/${PN}-1.0.3-no-test.patch
47	+ "${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
48	+ "${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
49	+ "${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
50	+ "${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
51	+)
52	+
53	+src_prepare() {
54	+ epatch "${PATCHES[@]}"
55	+
56	+ # - Use right man path
57	+ # - Generate symlinks instead of hardlinks
58	+ # - pass custom variables to control libdir
59	+ sed -i \
60	+ -e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
61	+ -e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
62	+ -e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
63	+ Makefile \|\| die
64	+}
65	+
66	+bemake() {
67	+ emake \
68	+ VPATH="${S}" \
69	+ CC="$(tc-getCC)" \
70	+ AR="$(tc-getAR)" \
71	+ RANLIB="$(tc-getRANLIB)" \
72	+ "$@"
73	+}
74	+
75	+multilib_src_compile() {
76	+ bemake -f "${S}"/Makefile-libbz2_so all
77	+ # Make sure we link against the shared lib #504648
78	+ ln -sf libbz2.so.${PV} libbz2.so
79	+ bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
80	+}
81	+
82	+multilib_src_install() {
83	+ into /usr
84	+
85	+ # Install the shared lib manually. We install:
86	+ # .x.x.x - standard shared lib behavior
87	+ # .x.x - SONAME some distros use #338321
88	+ # .x - SONAME Gentoo uses
89	+ dolib.so libbz2.so.${PV}
90	+ local v
91	+ for v in libbz2.so{,.{${PV%%.},${PV%.}}} ; do
92	+ dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
93	+ done
94	+ use static-libs && dolib.a libbz2.a
95	+
96	+ if multilib_is_native_abi ; then
97	+ gen_usr_ldscript -a bz2
98	+
99	+ dobin bzip2recover
100	+ into /
101	+ dobin bzip2
102	+ fi
103	+}
104	+
105	+multilib_src_install_all() {
106	+ # `make install` doesn't cope with out-of-tree builds, nor with
107	+ # installing just non-binaries, so handle things ourselves.
108	+ insinto /usr/include
109	+ doins bzlib.h
110	+ into /usr
111	+ dobin bz{diff,grep,more}
112	+ doman *.1
113	+
114	+ dosym bzdiff /usr/bin/bzcmp
115	+ dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
116	+
117	+ dosym bzmore /usr/bin/bzless
118	+ dosym bzmore.1 /usr/share/man/man1/bzless.1
119	+
120	+ local x
121	+ for x in bunzip2 bzcat bzip2recover ; do
122	+ dosym bzip2.1 /usr/share/man/man1/${x}.1
123	+ done
124	+ for x in bz{e,f}grep ; do
125	+ dosym bzgrep /usr/bin/${x}
126	+ dosym bzgrep.1 /usr/share/man/man1/${x}.1
127	+ done
128	+
129	+ dodoc README* CHANGES manual.pdf
130	+ dohtml manual.html
131	+
132	+ # move "important" bzip2 binaries to /bin and use the shared libbz2.so
133	+ dosym bzip2 /bin/bzcat
134	+ dosym bzip2 /bin/bunzip2
135	+}
136
137	diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
138	new file mode 100644
139	index 00000000000..1d0c3a6dd34
140	--- /dev/null
141	+++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
142	@@ -0,0 +1,18 @@
143	+Upstream-Status: Backport
144	+https://bugzilla.suse.com/attachment.cgi?id=681334
145	+
146	+CVE: CVE-2016-3189
147	+Signed-off-by: Armin Kuster <akuster@××××××.com>
148	+
149	+Index: bzip2-1.0.6/bzip2recover.c
150	+===================================================================
151	+--- bzip2-1.0.6.orig/bzip2recover.c
152	++++ bzip2-1.0.6/bzip2recover.c
153	+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
154	+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
155	+ bsPutUInt32 ( bsWr, blockCRC );
156	+ bsClose ( bsWr );
157	++ outFile = NULL;
158	+ }
159	+ if (wrBlock >= rbCtr) break;
160	+ wrBlock++;

Gentoo Archives: gentoo-commits