[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please unblock bzip2/1.0.5-6

please unblock bzip2/1.0.5-6

it fixes two RC bugs in testing: 597585 and 594733

the debdiff is minimal:

debdiff bzip2_1.0.5-4.dsc bzip2_1.0.5-6.dsc
diff -u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,20 @@
+bzip2 (1.0.5-6) unstable; urgency=high
+
+  * Fix integer overflow 
+    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
+    http://www.debian.org/security/2010/dsa-2112
+    Closes: 597585
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 21 Sep 2010 10:33:49 +1000
+
+bzip2 (1.0.5-5) unstable; urgency=low
+
+  * Provide missing symlinks in lib32bz2-1.0 and lib64bz2-1.0
+    Patch by Michael Gilbert
+    Closes: 594733
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 05 Sep 2010 00:06:01 +1000
+
 bzip2 (1.0.5-4) unstable; urgency=low
 
   [Jorge Ernesto Guevara Cuenca]
diff -u bzip2-1.0.5/debian/rules bzip2-1.0.5/debian/rules
--- bzip2-1.0.5/debian/rules
+++ bzip2-1.0.5/debian/rules
@@ -270,6 +270,7 @@
 
 	install -d debian/tmp-lib64/usr/lib64
 	cp -a 64/libbz2.so.* debian/tmp-lib64/usr/lib64/
+	ln -s libbz2.so.1.0.4 debian/tmp-lib64/usr/lib64/libbz2.so.1
 	chmod -x debian/tmp-lib64/usr/lib64/*
 
 	install -d debian/tmp-dev64/usr/lib64
@@ -345,6 +346,7 @@
 
 	install -d debian/tmp-lib32/$(lib32)
 	cp -a 32/libbz2.so.* debian/tmp-lib32/$(lib32)/
+	ln -s libbz2.so.1.0.4 debian/tmp-lib32/$(lib32)/libbz2.so.1
 	chmod -x debian/tmp-lib32/$(lib32)/*
 
 	install -d debian/tmp-dev32/$(lib32)
only in patch2:
unchanged:
--- bzip2-1.0.5.orig/decompress.c
+++ bzip2-1.0.5/decompress.c
@@ -381,6 +381,13 @@
             es = -1;
             N = 1;
             do {
+               /* Check that N doesn't get too big, so that es doesn't
+                  go negative.  The maximum value that can be
+                  RUNA/RUNB encoded is equal to the block size (post
+                  the initial RLE), viz, 900k, so bounding N at 2
+                  million should guard against overflow without
+                  rejecting any legitimate inputs. */
+               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
                N = N * 2;

Attachment: signature.asc
Description: Digital signature

Reply to: