[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/

[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/

[Thomas Deutschmann]

commit:     1948811390283ff8e5f122bd9ec68f2e7b907450
Author:     Amin Hassani <ahassani <AT> chromium <DOT> org>
AuthorDate: Mon Mar 25 18:25:34 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 26 08:34:55 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19488113

app-arch/bzip2: check for nselector's upperbound

In bzip2 decompressor, the upper bound of nselectors have not been
checked and hence a bad payload can cause a segfault. This patch adds
that required upperbound check.

Signed-off-by: Amin Hassani <ahassani <AT> chromium.org>
Closes: https://github.com/gentoo/gentoo/pull/11503
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 ...ip2-1.0.6-r10.ebuild => bzip2-1.0.6-r11.ebuild} |  1 +
 .../bzip2-1.0.6-nselectors-upper-bound-check.patch | 30 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/app-arch/bzip2/bzip2-1.0.6-r10.ebuild b/app-arch/bzip2/bzip2-1.0.6-r11.ebuild
similarity index 98%
rename from app-arch/bzip2/bzip2-1.0.6-r10.ebuild
rename to app-arch/bzip2/bzip2-1.0.6-r11.ebuild
index 5fb91d277fa..646f6a08d89 100644
--- a/app-arch/bzip2/bzip2-1.0.6-r10.ebuild
+++ b/app-arch/bzip2/bzip2-1.0.6-r11.ebuild
@@ -28,6 +28,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
 	"${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
 	"${FILESDIR}"/${PN}-1.0.6-ubsan-error.patch
+	"${FILESDIR}"/${PN}-1.0.6-nselectors-upper-bound-check.patch
 )
 
 DOCS=( CHANGES README{,.COMPILATION.PROBLEMS,.XML.STUFF} manual.pdf )

diff --git a/app-arch/bzip2/files/bzip2-1.0.6-nselectors-upper-bound-check.patch b/app-arch/bzip2/files/bzip2-1.0.6-nselectors-upper-bound-check.patch
new file mode 100644
index 00000000000..a7731f7de8f
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.6-nselectors-upper-bound-check.patch
@@ -0,0 +1,30 @@
+From 13ca8fee0c897121ae79ae644a212418398dfea7 Mon Sep 17 00:00:00 2001
+From: Amin Hassani <ahassani@chromium.org>
+Date: Fri, 8 Mar 2019 09:58:20 -0800
+Subject: [PATCH] Check for upper bounds of nselectors.
+
+Currently there is no check for the upper bounds of the
+nselectors. Hence, a corrupt input can cause a segfault.
+
+This issue was discovered by one of our fuzzers. The actual error was:
+
+../bzip2-1.0.6/decompress.c:299:10: runtime error: index 18002 out of bounds for type 'UChar [18002]'
+---
+ decompress.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/decompress.c b/decompress.c
+index 311f566..391552d 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -288,6 +288,7 @@ Int32 BZ2_decompress ( DState* s )
+       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+       if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++      if (nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+       for (i = 0; i < nSelectors; i++) {
+          j = 0;
+          while (True) {
+-- 
+2.21.0.360.g471c308f928-goog
+

[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/

[Lars Wendler]

commit:     f5f60c948b12ac20880e220e29e631c94e0d09b5
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 14 13:45:25 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Jul 14 13:45:25 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5f60c94

app-arch/bzip2: Bump to version 1.0.8

Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-arch/bzip2/Manifest                            |   1 +
 app-arch/bzip2/bzip2-1.0.8.ebuild                  | 114 +++++++++++++++++++++
 app-arch/bzip2/files/bzip2-1.0.8-mingw.patch       |  16 +++
 .../files/bzip2-1.0.8-out-of-tree-build.patch      |  76 ++++++++++++++
 app-arch/bzip2/files/bzip2-1.0.8-saneso.patch      |  13 +++
 5 files changed, 220 insertions(+)

diff --git a/app-arch/bzip2/Manifest b/app-arch/bzip2/Manifest
index ace5eb289ae..697d1445ac9 100644
--- a/app-arch/bzip2/Manifest
+++ b/app-arch/bzip2/Manifest
@@ -1,2 +1,3 @@
 DIST bzip2-1.0.6.tar.gz 782025 BLAKE2B b31533af7c71d715e6600874bb0a11b9b3aebbb08af0414a6d88bd5a2ad879a482ad408338159cb6c241815da8f48798d2ea7789ea971431d0be42ee827b0a7e SHA512 00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12
 DIST bzip2-1.0.7.tar.gz 809680 BLAKE2B da185d9771dd83d59f2c13ea32e9a514ce50c97d69145ca2c4c8f28749fc85c1aec491c5100f4fc6b2183ee397015b7e74a0407dc1d7a360db159a0a3676fd7a SHA512 e0e19b493e6b1f7beeb0eeb0be8a6358c24202173f28acb1e902a768835be9e24f2cb966452fbc90fc3e4e692532ce0c7e86d06aef2d52c0d2a9ac16e12ec8c8
+DIST bzip2-1.0.8.tar.gz 810029 BLAKE2B 22ab3acd84f4db8c3d6f59340c252faedfd4447cea00dafbd652e65b6cf8a20adf6835c22e58563004cfafdb15348c924996230b4b23cae42da5e25eeac4bdad SHA512 083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3

diff --git a/app-arch/bzip2/bzip2-1.0.8.ebuild b/app-arch/bzip2/bzip2-1.0.8.ebuild
new file mode 100644
index 00000000000..fd6f8529985
--- /dev/null
+++ b/app-arch/bzip2/bzip2-1.0.8.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
+#      (since we're building shared libs) ...
+
+EAPI=7
+
+inherit toolchain-funcs multilib-minimal
+
+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
+HOMEPAGE="https://sourceware.org/bzip2/"
+SRC_URI="https://sourceware.org/pub/${PN}/${P}.tar.gz"
+
+LICENSE="BZIP2"
+SLOT="0/1" # subslot = SONAME
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="static static-libs"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
+	"${FILESDIR}"/${PN}-1.0.8-saneso.patch
+	"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
+	"${FILESDIR}"/${PN}-1.0.6-progress.patch
+	"${FILESDIR}"/${PN}-1.0.3-no-test.patch
+	"${FILESDIR}"/${PN}-1.0.8-mingw.patch #393573
+	"${FILESDIR}"/${PN}-1.0.8-out-of-tree-build.patch
+)
+
+DOCS=( CHANGES README{,.COMPILATION.PROBLEMS,.XML.STUFF} manual.pdf )
+HTML_DOCS=( manual.html )
+
+src_prepare() {
+	default
+
+	# - Use right man path
+	# - Generate symlinks instead of hardlinks
+	# - pass custom variables to control libdir
+	sed -i \
+		-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
+		-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
+		-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
+		Makefile || die
+}
+
+bemake() {
+	emake \
+		VPATH="${S}" \
+		CC="$(tc-getCC)" \
+		AR="$(tc-getAR)" \
+		RANLIB="$(tc-getRANLIB)" \
+		"$@"
+}
+
+multilib_src_compile() {
+	bemake -f "${S}"/Makefile-libbz2_so all
+	# Make sure we link against the shared lib #504648
+	ln -s libbz2.so.${PV} libbz2.so || die
+	bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
+}
+
+multilib_src_install() {
+	into /usr
+
+	# Install the shared lib manually.  We install:
+	#  .x.x.x - standard shared lib behavior
+	#  .x.x   - SONAME some distros use #338321
+	#  .x     - SONAME Gentoo uses
+	dolib.so libbz2.so.${PV}
+	local v
+	for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
+		dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
+	done
+	use static-libs && dolib.a libbz2.a
+
+	if multilib_is_native_abi ; then
+		gen_usr_ldscript -a bz2
+
+		dobin bzip2recover
+		into /
+		dobin bzip2
+	fi
+}
+
+multilib_src_install_all() {
+	# `make install` doesn't cope with out-of-tree builds, nor with
+	# installing just non-binaries, so handle things ourselves.
+	insinto /usr/include
+	doins bzlib.h
+	into /usr
+	dobin bz{diff,grep,more}
+	doman *.1
+
+	dosym bzdiff /usr/bin/bzcmp
+	dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
+
+	dosym bzmore /usr/bin/bzless
+	dosym bzmore.1 /usr/share/man/man1/bzless.1
+
+	local x
+	for x in bunzip2 bzcat bzip2recover ; do
+		dosym bzip2.1 /usr/share/man/man1/${x}.1
+	done
+	for x in bz{e,f}grep ; do
+		dosym bzgrep /usr/bin/${x}
+		dosym bzgrep.1 /usr/share/man/man1/${x}.1
+	done
+
+	einstalldocs
+
+	# move "important" bzip2 binaries to /bin and use the shared libbz2.so
+	dosym bzip2 /bin/bzcat
+	dosym bzip2 /bin/bunzip2
+}

diff --git a/app-arch/bzip2/files/bzip2-1.0.8-mingw.patch b/app-arch/bzip2/files/bzip2-1.0.8-mingw.patch
new file mode 100644
index 00000000000..b512a8f466e
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.8-mingw.patch
@@ -0,0 +1,16 @@
+make it build for mingw targets
+
+https://bugs.gentoo.org/393573
+
+--- a/bzlib.h
++++ b/bzlib.h
+@@ -81,6 +81,9 @@ typedef
+       /* windows.h define small to char */
+ #      undef small
+ #   endif
++#   ifndef WINAPI
++#   define WINAPI
++#   endif
+ #   ifdef BZ_EXPORT
+ #   define BZ_API(func) WINAPI func
+ #   define BZ_EXTERN extern

diff --git a/app-arch/bzip2/files/bzip2-1.0.8-out-of-tree-build.patch b/app-arch/bzip2/files/bzip2-1.0.8-out-of-tree-build.patch
new file mode 100644
index 00000000000..4a641fdb2e8
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.8-out-of-tree-build.patch
@@ -0,0 +1,76 @@
+--- bzip2-1.0.8/Makefile
++++ bzip2-1.0.8/Makefile
+@@ -54,7 +54,6 @@
+ 
+ check: test
+ test: bzip2
+-	@cat words1
+ 	./bzip2 -1  < sample1.ref > sample1.rb2
+ 	./bzip2 -2  < sample2.ref > sample2.rb2
+ 	./bzip2 -3  < sample3.ref > sample3.rb2
+@@ -67,7 +66,6 @@
+ 	cmp sample1.tst sample1.ref
+ 	cmp sample2.tst sample2.ref
+ 	cmp sample3.tst sample3.ref
+-	@cat words3
+ 
+ install: bzip2 bzip2recover
+ 	if ( test ! -d $(PREFIX)/bin ) ; then mkdir -p $(PREFIX)/bin ; fi
+@@ -113,25 +111,8 @@
+ 	sample1.rb2 sample2.rb2 sample3.rb2 \
+ 	sample1.tst sample2.tst sample3.tst
+ 
+-blocksort.o: blocksort.c
+-	@cat words0
+-	$(CC) $(CFLAGS) -c blocksort.c
+-huffman.o: huffman.c
+-	$(CC) $(CFLAGS) -c huffman.c
+-crctable.o: crctable.c
+-	$(CC) $(CFLAGS) -c crctable.c
+-randtable.o: randtable.c
+-	$(CC) $(CFLAGS) -c randtable.c
+-compress.o: compress.c
+-	$(CC) $(CFLAGS) -c compress.c
+-decompress.o: decompress.c
+-	$(CC) $(CFLAGS) -c decompress.c
+-bzlib.o: bzlib.c
+-	$(CC) $(CFLAGS) -c bzlib.c
+-bzip2.o: bzip2.c
+-	$(CC) $(CFLAGS) -c bzip2.c
+-bzip2recover.o: bzip2recover.c
+-	$(CC) $(CFLAGS) -c bzip2recover.c
++%.o: %.c
++	$(CC) $(CFLAGS) -c $<
+ 
+ 
+ distclean: clean
+--- bzip2-1.0.8/Makefile-libbz2_so
++++ bzip2-1.0.8/Makefile-libbz2_so
+@@ -36,24 +36,10 @@
+ 
+ all: $(OBJS)
+ 	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
+-	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+-	rm -f libbz2.so.1.0
+-	ln -s libbz2.so.1.0.8 libbz2.so.1.0
++	ln -sf libbz2.so.1.0.8 libbz2.so.1.0
+ 
+ clean: 
+ 	rm -f $(OBJS) bzip2.o libbz2.so.1.0.8 libbz2.so.1.0 bzip2-shared
+ 
+-blocksort.o: blocksort.c
+-	$(CC) $(CFLAGS) -c blocksort.c
+-huffman.o: huffman.c
+-	$(CC) $(CFLAGS) -c huffman.c
+-crctable.o: crctable.c
+-	$(CC) $(CFLAGS) -c crctable.c
+-randtable.o: randtable.c
+-	$(CC) $(CFLAGS) -c randtable.c
+-compress.o: compress.c
+-	$(CC) $(CFLAGS) -c compress.c
+-decompress.o: decompress.c
+-	$(CC) $(CFLAGS) -c decompress.c
+-bzlib.o: bzlib.c
+-	$(CC) $(CFLAGS) -c bzlib.c
++%.o: %.c
++	$(CC) $(CFLAGS) -c $<

diff --git a/app-arch/bzip2/files/bzip2-1.0.8-saneso.patch b/app-arch/bzip2/files/bzip2-1.0.8-saneso.patch
new file mode 100644
index 00000000000..08430831baa
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.8-saneso.patch
@@ -0,0 +1,13 @@
+--- bzip2-1.0.8/Makefile-libbz2_so
++++ bzip2-1.0.8/Makefile-libbz2_so
+@@ -35,8 +35,8 @@
+       bzlib.o
+ 
+ all: $(OBJS)
+-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
+-	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
++	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
++	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+ 	rm -f libbz2.so.1.0
+ 	ln -s libbz2.so.1.0.8 libbz2.so.1.0
+ 

[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/

[Lars Wendler]

commit:     a3f46759232ee0c64311b8790c88966b2a098434
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  1 07:43:45 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 07:44:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3f46759

app-arch/bzip2: Bump to version 1.0.7

Package-Manager: Portage-2.3.68, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-arch/bzip2/Manifest                            |   1 +
 app-arch/bzip2/bzip2-1.0.7.ebuild                  | 115 +++++++++++++++++++++
 .../files/bzip2-1.0.7-out-of-tree-build.patch      |  76 ++++++++++++++
 app-arch/bzip2/files/bzip2-1.0.7-saneso.patch      |  13 +++
 4 files changed, 205 insertions(+)

diff --git a/app-arch/bzip2/Manifest b/app-arch/bzip2/Manifest
index 4db66c194b2..ace5eb289ae 100644
--- a/app-arch/bzip2/Manifest
+++ b/app-arch/bzip2/Manifest
@@ -1 +1,2 @@
 DIST bzip2-1.0.6.tar.gz 782025 BLAKE2B b31533af7c71d715e6600874bb0a11b9b3aebbb08af0414a6d88bd5a2ad879a482ad408338159cb6c241815da8f48798d2ea7789ea971431d0be42ee827b0a7e SHA512 00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12
+DIST bzip2-1.0.7.tar.gz 809680 BLAKE2B da185d9771dd83d59f2c13ea32e9a514ce50c97d69145ca2c4c8f28749fc85c1aec491c5100f4fc6b2183ee397015b7e74a0407dc1d7a360db159a0a3676fd7a SHA512 e0e19b493e6b1f7beeb0eeb0be8a6358c24202173f28acb1e902a768835be9e24f2cb966452fbc90fc3e4e692532ce0c7e86d06aef2d52c0d2a9ac16e12ec8c8

diff --git a/app-arch/bzip2/bzip2-1.0.7.ebuild b/app-arch/bzip2/bzip2-1.0.7.ebuild
new file mode 100644
index 00000000000..b0538f6ddf1
--- /dev/null
+++ b/app-arch/bzip2/bzip2-1.0.7.ebuild
@@ -0,0 +1,115 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
+#      (since we're building shared libs) ...
+
+EAPI=7
+
+inherit toolchain-funcs multilib-minimal
+
+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
+HOMEPAGE="https://sourceware.org/bzip2/"
+SRC_URI="https://sourceware.org/pub/${PN}/${P}.tar.gz"
+
+LICENSE="BZIP2"
+SLOT="0/1" # subslot = SONAME
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="static static-libs"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
+	"${FILESDIR}"/${PN}-1.0.7-saneso.patch
+	"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
+	"${FILESDIR}"/${PN}-1.0.6-progress.patch
+	"${FILESDIR}"/${PN}-1.0.3-no-test.patch
+	"${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
+	"${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
+	"${FILESDIR}"/${PN}-1.0.7-out-of-tree-build.patch
+)
+
+DOCS=( CHANGES README{,.COMPILATION.PROBLEMS,.XML.STUFF} manual.pdf )
+HTML_DOCS=( manual.html )
+
+src_prepare() {
+	default
+
+	# - Use right man path
+	# - Generate symlinks instead of hardlinks
+	# - pass custom variables to control libdir
+	sed -i \
+		-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
+		-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
+		-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
+		Makefile || die
+}
+
+bemake() {
+	emake \
+		VPATH="${S}" \
+		CC="$(tc-getCC)" \
+		AR="$(tc-getAR)" \
+		RANLIB="$(tc-getRANLIB)" \
+		"$@"
+}
+
+multilib_src_compile() {
+	bemake -f "${S}"/Makefile-libbz2_so all
+	# Make sure we link against the shared lib #504648
+	ln -s libbz2.so.${PV} libbz2.so || die
+	bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
+}
+
+multilib_src_install() {
+	into /usr
+
+	# Install the shared lib manually.  We install:
+	#  .x.x.x - standard shared lib behavior
+	#  .x.x   - SONAME some distros use #338321
+	#  .x     - SONAME Gentoo uses
+	dolib.so libbz2.so.${PV}
+	local v
+	for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
+		dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
+	done
+	use static-libs && dolib.a libbz2.a
+
+	if multilib_is_native_abi ; then
+		gen_usr_ldscript -a bz2
+
+		dobin bzip2recover
+		into /
+		dobin bzip2
+	fi
+}
+
+multilib_src_install_all() {
+	# `make install` doesn't cope with out-of-tree builds, nor with
+	# installing just non-binaries, so handle things ourselves.
+	insinto /usr/include
+	doins bzlib.h
+	into /usr
+	dobin bz{diff,grep,more}
+	doman *.1
+
+	dosym bzdiff /usr/bin/bzcmp
+	dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
+
+	dosym bzmore /usr/bin/bzless
+	dosym bzmore.1 /usr/share/man/man1/bzless.1
+
+	local x
+	for x in bunzip2 bzcat bzip2recover ; do
+		dosym bzip2.1 /usr/share/man/man1/${x}.1
+	done
+	for x in bz{e,f}grep ; do
+		dosym bzgrep /usr/bin/${x}
+		dosym bzgrep.1 /usr/share/man/man1/${x}.1
+	done
+
+	einstalldocs
+
+	# move "important" bzip2 binaries to /bin and use the shared libbz2.so
+	dosym bzip2 /bin/bzcat
+	dosym bzip2 /bin/bunzip2
+}

diff --git a/app-arch/bzip2/files/bzip2-1.0.7-out-of-tree-build.patch b/app-arch/bzip2/files/bzip2-1.0.7-out-of-tree-build.patch
new file mode 100644
index 00000000000..977d9b3cd30
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.7-out-of-tree-build.patch
@@ -0,0 +1,76 @@
+--- bzip2-1.0.7/Makefile
++++ bzip2-1.0.7/Makefile
+@@ -54,7 +54,6 @@
+ 
+ check: test
+ test: bzip2
+-	@cat words1
+ 	./bzip2 -1  < sample1.ref > sample1.rb2
+ 	./bzip2 -2  < sample2.ref > sample2.rb2
+ 	./bzip2 -3  < sample3.ref > sample3.rb2
+@@ -67,7 +66,6 @@
+ 	cmp sample1.tst sample1.ref
+ 	cmp sample2.tst sample2.ref
+ 	cmp sample3.tst sample3.ref
+-	@cat words3
+ 
+ install: bzip2 bzip2recover
+ 	if ( test ! -d $(PREFIX)/bin ) ; then mkdir -p $(PREFIX)/bin ; fi
+@@ -113,25 +111,8 @@
+ 	sample1.rb2 sample2.rb2 sample3.rb2 \
+ 	sample1.tst sample2.tst sample3.tst
+ 
+-blocksort.o: blocksort.c
+-	@cat words0
+-	$(CC) $(CFLAGS) -c blocksort.c
+-huffman.o: huffman.c
+-	$(CC) $(CFLAGS) -c huffman.c
+-crctable.o: crctable.c
+-	$(CC) $(CFLAGS) -c crctable.c
+-randtable.o: randtable.c
+-	$(CC) $(CFLAGS) -c randtable.c
+-compress.o: compress.c
+-	$(CC) $(CFLAGS) -c compress.c
+-decompress.o: decompress.c
+-	$(CC) $(CFLAGS) -c decompress.c
+-bzlib.o: bzlib.c
+-	$(CC) $(CFLAGS) -c bzlib.c
+-bzip2.o: bzip2.c
+-	$(CC) $(CFLAGS) -c bzip2.c
+-bzip2recover.o: bzip2recover.c
+-	$(CC) $(CFLAGS) -c bzip2recover.c
++%.o: %.c
++	$(CC) $(CFLAGS) -c $<
+ 
+ 
+ distclean: clean
+--- bzip2-1.0.7/Makefile-libbz2_so
++++ bzip2-1.0.7/Makefile-libbz2_so
+@@ -36,24 +36,10 @@
+ 
+ all: $(OBJS)
+ 	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.7 $(OBJS)
+-	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.7
+-	rm -f libbz2.so.1.0
+-	ln -s libbz2.so.1.0.7 libbz2.so.1.0
++	ln -sf libbz2.so.1.0.7 libbz2.so.1.0
+ 
+ clean: 
+ 	rm -f $(OBJS) bzip2.o libbz2.so.1.0.7 libbz2.so.1.0 bzip2-shared
+ 
+-blocksort.o: blocksort.c
+-	$(CC) $(CFLAGS) -c blocksort.c
+-huffman.o: huffman.c
+-	$(CC) $(CFLAGS) -c huffman.c
+-crctable.o: crctable.c
+-	$(CC) $(CFLAGS) -c crctable.c
+-randtable.o: randtable.c
+-	$(CC) $(CFLAGS) -c randtable.c
+-compress.o: compress.c
+-	$(CC) $(CFLAGS) -c compress.c
+-decompress.o: decompress.c
+-	$(CC) $(CFLAGS) -c decompress.c
+-bzlib.o: bzlib.c
+-	$(CC) $(CFLAGS) -c bzlib.c
++%.o: %.c
++	$(CC) $(CFLAGS) -c $<

diff --git a/app-arch/bzip2/files/bzip2-1.0.7-saneso.patch b/app-arch/bzip2/files/bzip2-1.0.7-saneso.patch
new file mode 100644
index 00000000000..5ab0cb52d05
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.7-saneso.patch
@@ -0,0 +1,13 @@
+--- bzip2-1.0.7/Makefile-libbz2_so
++++ bzip2-1.0.7/Makefile-libbz2_so
+@@ -35,8 +35,8 @@
+       bzlib.o
+ 
+ all: $(OBJS)
+-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.7 $(OBJS)
+-	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.7
++	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.7 $(OBJS)
++	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.7
+ 	rm -f libbz2.so.1.0
+ 	ln -s libbz2.so.1.0.7 libbz2.so.1.0
+ 

[gentoo-commits] repo/gentoo:master commit in: app-arch/bzip2/files/, app-arch/bzip2/

[Lars Wendler]

commit:     fd4e6acf26c5766cfe17b4d1be223afcd0bab1e0
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  3 11:48:46 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jun  3 11:48:46 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd4e6acf

app-arch/bzip2: Security revbump to fix CVE-2016-3189 (bug #620466).

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 app-arch/bzip2/bzip2-1.0.6-r8.ebuild               | 114 +++++++++++++++++++++
 .../bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch    |  18 ++++
 2 files changed, 132 insertions(+)

diff --git a/app-arch/bzip2/bzip2-1.0.6-r8.ebuild b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
new file mode 100644
index 00000000000..c5e3c31b4f8
--- /dev/null
+++ b/app-arch/bzip2/bzip2-1.0.6-r8.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# XXX: atm, libbz2.a is always PIC :(, so it is always built quickly
+#      (since we're building shared libs) ...
+
+EAPI=5
+
+inherit eutils toolchain-funcs multilib multilib-minimal
+
+DESCRIPTION="A high-quality data compressor used extensively by Gentoo Linux"
+HOMEPAGE="http://www.bzip.org/"
+SRC_URI="http://www.bzip.org/${PV}/${P}.tar.gz"
+
+LICENSE="BZIP2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="static static-libs"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.4-makefile-CFLAGS.patch
+	"${FILESDIR}"/${PN}-1.0.6-saneso.patch
+	"${FILESDIR}"/${PN}-1.0.4-man-links.patch #172986
+	"${FILESDIR}"/${PN}-1.0.6-progress.patch
+	"${FILESDIR}"/${PN}-1.0.3-no-test.patch
+	"${FILESDIR}"/${PN}-1.0.4-POSIX-shell.patch #193365
+	"${FILESDIR}"/${PN}-1.0.6-mingw.patch #393573
+	"${FILESDIR}"/${PN}-1.0.6-out-of-tree-build.patch
+	"${FILESDIR}"/${PN}-1.0.6-CVE-2016-3189.patch #620466
+)
+
+src_prepare() {
+	epatch "${PATCHES[@]}"
+
+	# - Use right man path
+	# - Generate symlinks instead of hardlinks
+	# - pass custom variables to control libdir
+	sed -i \
+		-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
+		-e 's:ln -s -f $(PREFIX)/bin/:ln -s -f :' \
+		-e 's:$(PREFIX)/lib:$(PREFIX)/$(LIBDIR):g' \
+		Makefile || die
+}
+
+bemake() {
+	emake \
+		VPATH="${S}" \
+		CC="$(tc-getCC)" \
+		AR="$(tc-getAR)" \
+		RANLIB="$(tc-getRANLIB)" \
+		"$@"
+}
+
+multilib_src_compile() {
+	bemake -f "${S}"/Makefile-libbz2_so all
+	# Make sure we link against the shared lib #504648
+	ln -sf libbz2.so.${PV} libbz2.so
+	bemake -f "${S}"/Makefile all LDFLAGS="${LDFLAGS} $(usex static -static '')"
+}
+
+multilib_src_install() {
+	into /usr
+
+	# Install the shared lib manually.  We install:
+	#  .x.x.x - standard shared lib behavior
+	#  .x.x   - SONAME some distros use #338321
+	#  .x     - SONAME Gentoo uses
+	dolib.so libbz2.so.${PV}
+	local v
+	for v in libbz2.so{,.{${PV%%.*},${PV%.*}}} ; do
+		dosym libbz2.so.${PV} /usr/$(get_libdir)/${v}
+	done
+	use static-libs && dolib.a libbz2.a
+
+	if multilib_is_native_abi ; then
+		gen_usr_ldscript -a bz2
+
+		dobin bzip2recover
+		into /
+		dobin bzip2
+	fi
+}
+
+multilib_src_install_all() {
+	# `make install` doesn't cope with out-of-tree builds, nor with
+	# installing just non-binaries, so handle things ourselves.
+	insinto /usr/include
+	doins bzlib.h
+	into /usr
+	dobin bz{diff,grep,more}
+	doman *.1
+
+	dosym bzdiff /usr/bin/bzcmp
+	dosym bzdiff.1 /usr/share/man/man1/bzcmp.1
+
+	dosym bzmore /usr/bin/bzless
+	dosym bzmore.1 /usr/share/man/man1/bzless.1
+
+	local x
+	for x in bunzip2 bzcat bzip2recover ; do
+		dosym bzip2.1 /usr/share/man/man1/${x}.1
+	done
+	for x in bz{e,f}grep ; do
+		dosym bzgrep /usr/bin/${x}
+		dosym bzgrep.1 /usr/share/man/man1/${x}.1
+	done
+
+	dodoc README* CHANGES manual.pdf
+	dohtml manual.html
+
+	# move "important" bzip2 binaries to /bin and use the shared libbz2.so
+	dosym bzip2 /bin/bzcat
+	dosym bzip2 /bin/bunzip2
+}

diff --git a/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
new file mode 100644
index 00000000000..1d0c3a6dd34
--- /dev/null
+++ b/app-arch/bzip2/files/bzip2-1.0.6-CVE-2016-3189.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Backport
+https://bugzilla.suse.com/attachment.cgi?id=681334
+
+CVE: CVE-2016-3189
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: bzip2-1.0.6/bzip2recover.c
+===================================================================
+--- bzip2-1.0.6.orig/bzip2recover.c
++++ bzip2-1.0.6/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;