bzip2: 1.0.6.0.2 -> 1.0.8

Use latest upstream version, yoink updated autoconf patch from SUSE.
Might fix unpacking some very cursed files.
Dropped security patches applied upstream (see https://sourceware.org/bzip2/CHANGES).
This commit is contained in:
K900 2022-07-12 11:50:56 +03:00
parent 4d4b4f2dbb
commit 527595cc20
3 changed files with 12 additions and 46 deletions

View file

@ -1,12 +0,0 @@
diff --git a/bzip2recover.c b/bzip2recover.c
index f9de049..252c1b7 100644
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;

View file

@ -1,13 +0,0 @@
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
diff --git a/decompress.c b/decompress.c
--- a/decompress.c
+++ b/decompress.c
@@ -287,7 +287,7 @@
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
for (i = 0; i < nSelectors; i++) {
j = 0;
while (True) {

View file

@ -10,34 +10,25 @@
stdenv.mkDerivation rec {
pname = "bzip2";
version = "1.0.6.0.2";
version = "1.0.8";
/* We use versions patched to use autotools style properly,
saving lots of trouble. */
src = fetchurl {
urls = map
(prefix: prefix + "/people/sbrabec/bzip2/tarballs/${pname}-${version}.tar.gz")
[
"http://ftp.uni-kl.de/pub/linux/suse"
"ftp://ftp.hs.uni-hamburg.de/pub/mirrors/suse"
"ftp://ftp.mplayerhq.hu/pub/linux/suse"
"http://ftp.suse.com/pub" # the original patched version but slow
];
sha256 = "sha256-FnhwNy4OHe8d5M6iYCClkxzcB/EHXg0veXwv43ZlxbA=";
url = "https://sourceware.org/pub/bzip2/bzip2-${version}.tar.gz";
sha256 = "sha256-q1oDF27hBtPw+pDjgdpHjdrkBZGBU8yiSOaCzQxKImk=";
};
patchFlags = ["-p0"];
patches = [
(fetchurl {
url = "https://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch";
sha256 = "sha256-QMufl6ffJVVVVZespvkCbFpB6++R1lnq1687jEsUjr0=";
})
];
strictDeps = true;
nativeBuildInputs = [ autoreconfHook ];
patches = [
./CVE-2016-3189.patch
./cve-2019-12900.patch
];
postPatch = ''
sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
'';
outputs = [ "bin" "dev" "out" "man" ];
configureFlags =