Hello community, here is the log from the commit of package bzip2 for openSUSE:Factory checked in at 2019-07-02 10:37:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bzip2 (Old) and /work/SRC/openSUSE:Factory/.bzip2.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bzip2" Tue Jul 2 10:37:05 2019 rev:64 rq:712352 version:1.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/bzip2/bzip2.changes 2019-04-26 22:41:17.513740283 +0200 +++ /work/SRC/openSUSE:Factory/.bzip2.new.4615/bzip2.changes 2019-07-02 10:37:07.882466364 +0200 @@ -1,0 +2,23 @@ +Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal <[email protected]> + +- Update bug reference +- Fix downloaded patches + +------------------------------------------------------------------- +Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <[email protected]> + +- Update to version 1.0.7: + * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & + ISSET_BH. + * bzip2: Fix return value when combining --test,-t and -q. + * bzip2recover: Fix buffer overflow for large argv[0]. + * bzip2recover: Fix use after free issue with outFile + (CVE-2016-3189). + * Make sure nSelectors is not out of range (CVE-2019-12900 + bsc#1139083) +- Drop patches fixed upstream: + * bzip2-unsafe_strcpy.patch. + * bzip2-1.0.6-CVE-2016-3189.patch. +- Refresh patches with quilt. + +------------------------------------------------------------------- Old: ---- bzip2-1.0.6-CVE-2016-3189.patch bzip2-1.0.6.tar.gz bzip2-unsafe_strcpy.patch New: ---- bzip2-1.0.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bzip2.spec ++++++ --- /var/tmp/diff_new_pack.lePdUM/_old 2019-07-02 10:37:08.830467806 +0200 +++ /var/tmp/diff_new_pack.lePdUM/_new 2019-07-02 10:37:08.834467812 +0200 @@ -12,13 +12,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define libname libbz2-1 Name: bzip2 -Version: 1.0.6 +Version: 1.0.7 Release: 0 Summary: A Program for Compressing Files License: BSD-3-Clause @@ -32,12 +32,10 @@ # PATCH-FEATURE-OPENSUSE bzip2-1.0.6-autoconfiscated.patch [email protected] -- Convert to a standard autoconf based package. Patch0: ftp://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch Patch1: bzip2-1.0.6-fix-bashisms.patch -Patch2: bzip2-unsafe_strcpy.patch Patch3: bzip2-point-to-doc-pkg.patch Patch4: bzip2-ocloexec.patch # PATCH-FIX-UPSTREAM bnc#970260 [email protected] -- fix a wrong exit code when grepping multiple archives Patch5: bzip2-1.0.6-bzgrep_return_value.patch -Patch6: bzip2-1.0.6-CVE-2016-3189.patch BuildRequires: autoconf >= 2.57 BuildRequires: libtool BuildRequires: pkgconfig @@ -77,11 +75,9 @@ %setup -q %patch0 %patch1 -p1 -%patch2 %patch3 -p1 -%patch4 +%patch4 -p1 %patch5 -p1 -%patch6 -p1 %build autoreconf -fiv @@ -91,7 +87,7 @@ %if 0%{?do_profiling} make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test - make clean + make %{?_smp_mflags} clean make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}" %else make %{?_smp_mflags} CFLAGS="%{optflags}" ++++++ bzip2-1.0.6-bzgrep_return_value.patch ++++++ --- /var/tmp/diff_new_pack.lePdUM/_old 2019-07-02 10:37:08.878467880 +0200 +++ /var/tmp/diff_new_pack.lePdUM/_new 2019-07-02 10:37:08.878467880 +0200 @@ -1,7 +1,7 @@ -Index: bzip2-1.0.6/bzgrep +Index: bzip2-1.0.7/bzgrep =================================================================== ---- bzip2-1.0.6.orig/bzgrep -+++ bzip2-1.0.6/bzgrep +--- bzip2-1.0.7.orig/bzgrep 2019-06-27 23:10:21.375272508 +0200 ++++ bzip2-1.0.7/bzgrep 2019-06-27 23:10:21.415272635 +0200 @@ -65,8 +65,20 @@ for i do else j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g') ++++++ bzip2-1.0.6-fix-bashisms.patch ++++++ --- /var/tmp/diff_new_pack.lePdUM/_old 2019-07-02 10:37:08.890467898 +0200 +++ /var/tmp/diff_new_pack.lePdUM/_new 2019-07-02 10:37:08.890467898 +0200 @@ -1,6 +1,7 @@ -diff -Ndurp bzip2-1.0.6/bzgrep bzip2-1.0.6-fix-bashisms/bzgrep ---- bzip2-1.0.6/bzgrep 2007-01-03 04:00:55.000000000 +0200 -+++ bzip2-1.0.6-fix-bashisms/bzgrep 2014-10-19 02:07:30.036033876 +0300 +Index: bzip2-1.0.7/bzgrep +=================================================================== +--- bzip2-1.0.7.orig/bzgrep 2019-06-27 20:15:39.000000000 +0200 ++++ bzip2-1.0.7/bzgrep 2019-06-27 23:12:37.027916706 +0200 @@ -63,9 +63,7 @@ for i do bzip2 -cdfq "$i" | $grep $opt "$pat" r=$? ++++++ bzip2-1.0.6.tar.gz -> bzip2-1.0.7.tar.gz ++++++ ++++ 229142 lines of diff (skipped) ++++++ bzip2-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.lePdUM/_old 2019-07-02 10:37:09.306468531 +0200 +++ /var/tmp/diff_new_pack.lePdUM/_new 2019-07-02 10:37:09.306468531 +0200 @@ -1,5 +1,7 @@ ---- bzlib.c.orig -+++ bzlib.c +Index: bzip2-1.0.7/bzlib.c +=================================================================== +--- bzip2-1.0.7.orig/bzlib.c 2019-06-27 20:15:39.000000000 +0200 ++++ bzip2-1.0.7/bzlib.c 2019-06-27 23:10:21.399272583 +0200 @@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen } mode++; ++++++ bzip2-point-to-doc-pkg.patch ++++++ --- /var/tmp/diff_new_pack.lePdUM/_old 2019-07-02 10:37:09.314468543 +0200 +++ /var/tmp/diff_new_pack.lePdUM/_new 2019-07-02 10:37:09.314468543 +0200 @@ -1,7 +1,7 @@ -Index: bzip2-1.0.6/README +Index: bzip2-1.0.7/README =================================================================== ---- bzip2-1.0.6.orig/README -+++ bzip2-1.0.6/README +--- bzip2-1.0.7.orig/README 2019-06-27 20:15:39.000000000 +0200 ++++ bzip2-1.0.7/README 2019-06-27 23:10:21.387272546 +0200 @@ -17,7 +17,8 @@ in the file LICENSE. Complete documentation is available in Postscript form (manual.ps),
