diff options
author | Rosen Penev <rosenp@gmail.com> | 2018-08-22 19:07:56 -0700 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-08-23 07:15:35 +0200 |
commit | f9469efbfa7ce892651f9a6da713eacbef66f177 (patch) | |
tree | bfcaea4b3fc78f19846cc764ba7ce6c1bda76504 | |
parent | 6b4ba118ac1ba1318182eb3a22864e86165f0b09 (diff) | |
download | upstream-f9469efbfa7ce892651f9a6da713eacbef66f177.tar.gz upstream-f9469efbfa7ce892651f9a6da713eacbef66f177.tar.bz2 upstream-f9469efbfa7ce892651f9a6da713eacbef66f177.zip |
bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.
More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
-rw-r--r-- | package/utils/bzip2/Makefile | 2 | ||||
-rw-r--r-- | package/utils/bzip2/patches/010-CVE-2016-3189.patch | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/package/utils/bzip2/Makefile b/package/utils/bzip2/Makefile index 4c8b360de8..ea2fc76833 100644 --- a/package/utils/bzip2/Makefile +++ b/package/utils/bzip2/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bzip2 PKG_VERSION:=1.0.6 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.bzip.org/$(PKG_VERSION) diff --git a/package/utils/bzip2/patches/010-CVE-2016-3189.patch b/package/utils/bzip2/patches/010-CVE-2016-3189.patch new file mode 100644 index 0000000000..064f982c48 --- /dev/null +++ b/package/utils/bzip2/patches/010-CVE-2016-3189.patch @@ -0,0 +1,11 @@ +diff -up ./bzip2recover.c.old ./bzip2recover.c +--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100 ++++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200 +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; |