bzip2: Update to 1.0.8

It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

3 files changed, 34 insertions, 19 deletions

diff --git a/package/utils/bzip2/Makefile b/package/utils/bzip2/Makefile
index 9c64d2264a..7ae089f4f4 100644
--- a/package/utils/bzip2/Makefile
+++ b/package/utils/bzip2/Makefile
@@ -8,16 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bzip2
-PKG_VERSION:=1.0.6
-PKG_RELEASE:=5
+PKG_VERSION:=1.0.8
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://distfiles.gentoo.org/distfiles/ \
-	http://distcache.freebsd.org/ports-distfiles/
-PKG_HASH:=a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_SOURCE_URL:=https://sourceware.org/pub/bzip2
+PKG_HASH:=ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
 
-PKG_LICENSE:=BZIP2
+PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_LICENSE:=bzip2-1.0.8
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:bzip:bzip2
 
@@ -26,7 +25,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/bzip2/Default
   SUBMENU:=Compression
-  URL:=http://www.bzip.org/
+  URL:=https://sourceware.org/bzip2/
 endef
 
 define Package/libbz2
diff --git a/package/utils/bzip2/patches/010-CVE-2016-3189.patch b/package/utils/bzip2/patches/010-CVE-2016-3189.patch
deleted file mode 100644
index 064f982c48..0000000000
--- a/package/utils/bzip2/patches/010-CVE-2016-3189.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up ./bzip2recover.c.old ./bzip2recover.c
---- ./bzip2recover.c.old	2016-03-22 08:49:38.855620000 +0100
-+++ ./bzip2recover.c	2016-03-30 10:22:27.341430099 +0200
-@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
-             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
-             bsPutUInt32 ( bsWr, blockCRC );
-             bsClose ( bsWr );
-+            outFile = NULL;
-          }
-          if (wrBlock >= rbCtr) break;
-          wrBlock++;
diff --git a/package/utils/bzip2/patches/020-no-utime.patch b/package/utils/bzip2/patches/020-no-utime.patch
new file mode 100644
index 0000000000..d0cd4f0e35
--- /dev/null
+++ b/package/utils/bzip2/patches/020-no-utime.patch
@@ -0,0 +1,27 @@
+--- a/bzip2.c
++++ b/bzip2.c
+@@ -69,7 +69,6 @@
+ #if BZ_UNIX
+ #   include <fcntl.h>
+ #   include <sys/types.h>
+-#   include <utime.h>
+ #   include <unistd.h>
+ #   include <sys/stat.h>
+ #   include <sys/times.h>
+@@ -1051,12 +1050,12 @@ void applySavedTimeInfoToOutputFile ( Ch
+ {
+ #  if BZ_UNIX
+    IntNative      retVal;
+-   struct utimbuf uTimBuf;
++   struct timespec uTimBuf[2] = {};
+ 
+-   uTimBuf.actime = fileMetaInfo.st_atime;
+-   uTimBuf.modtime = fileMetaInfo.st_mtime;
++   uTimBuf[0].tv_sec = fileMetaInfo.st_atime;
++   uTimBuf[1].tv_sec = fileMetaInfo.st_mtime;
+ 
+-   retVal = utime ( dstName, &uTimBuf );
++   retVal = utimensat ( AT_FDCWD, dstName, uTimBuf , 0 );
+    ERROR_IF_NOT_ZERO ( retVal );
+ #  endif
+ }