OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Michael Schloh
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 08-Jun-2005 14:18:08
Branch: HEAD Handle: 2005060813180800
Added files:
openpkg-src/analog analog.patch
Modified files:
openpkg-src/analog analog.spec
Log:
bzip2 based corrections in bzip2, analog, and most importantly openpkg
itself: OpenPKG-SA-2005.008 (CAN-2005-0953 and CAN-2005-1260)
Summary:
RevisionChanges Path
1.3 +264 -0 openpkg-src/analog/analog.patch
1.45+3 -1 openpkg-src/analog/analog.spec
patch -p0 <<'@@ .'
Index: openpkg-src/analog/analog.patch
$ cvs diff -u -r0 -r1.3 analog.patch
--- /dev/null 2005-06-08 14:18:04 +0200
+++ analog.patch 2005-06-08 14:18:08 +0200
@@ -0,0 +1,264 @@
+OpenPKG-SA-2005.008 and CAN-2005-1260,
+Infinite loop in decompression of specially crafted bzip2 archives.
+Parts of following patch taken from Ubuntu (backport from bzip2 1.0.3):
+
http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/bzip2_1.0.2-2ubuntu0.1.diff.gz
+
+Index: src/bzip2/bzlib.c
+diff -Nau src/bzip2/bzlib.c.orig src/bzip2/bzlib.c
+--- src/bzip2/bzlib.c.orig 2004-12-19 14:51:31 +0100
src/bzip2/bzlib.c2005-06-08 10:46:17 +0200
+@@ -575,8 +575,11 @@
+
+
+ /*---*/
++/* Return True if data corruption is discovered.
++ Returns False if there is no problem.
++*/
+ static
+-void unRLE_obuf_to_output_FAST ( DState* s )
++Bool unRLE_obuf_to_output_FAST ( DState* s )
+ {
+UChar k1;
+
+@@ -585,7 +588,7 @@
+ while (True) {
+ /* try to finish existing run */
+ while (True) {
+-if (s->strm->avail_out == 0) return;
++if (s->strm->avail_out == 0) return False;
+ if (s->state_out_len == 0) break;
+ *( (UChar*)(s->strm->next_out) ) = s->state_out_ch;
+ BZ_UPDATE_CRC ( s->calculatedBlockCRC, s->state_out_ch );
+@@ -597,8 +600,11 @@
+ }
+
+ /* can a new run be started? */
+- if (s->nblock_used == s->save_nblock+1) return;
++ if (s->nblock_used == s->save_nblock+1) return False;
+
++ /* Only caused by corrupt data stream? */
++ if (s->nblock_used > s->save_nblock+1)
++return True;
+
+ s->state_out_len = 1;
+ s->state_out_ch = s->k0;
+@@ -668,6 +674,10 @@
+cs_avail_out--;
+ }
+ }
++ /* Only caused by corrupt data stream? */
++ if (c_nblock_used > s_save_nblockPP)
++return True;
++
+ /* can a new run be started? */
+ if (c_nblock_used == s_save_nblockPP) {
+ c_state_out_len = 0; goto return_notr;
+@@ -713,6 +723,7 @@
+ s->strm->avail_out= cs_avail_out;
+ /* end save */
+}
++ return False;
+ }
+
+
+@@ -733,8 +744,11 @@
+
+
+ /*---*/
++/* Return True if data corruption is discovered.
++ Returns False if there is no problem.
++*/
+ static
+-void unRLE_obuf_to_output_SMALL ( DState* s )
++Bool unRLE_obuf_to_output_SMALL ( DState* s )
+ {
+UChar k1;
+
+@@ -743,7 +757,7 @@
+ while (True) {
+ /* try to finish existing run */
+ while (True) {
+-if (s->strm->avail_out == 0) return;
++if (s->strm->avail_out == 0) return False;
+ if (s->state_out_len == 0) break;
+ *( (UChar*)(s->strm->next_out) ) = s->state_out_ch;
+ BZ_UPDATE_CRC ( s->calculatedBlockCRC, s->state_out_ch );
+@@ -755,8 +769,11 @@
+ }
+
+ /* can a new run be started? */
+- if (s->nblock_used == s->save_nblock+1) return;
+-
++ if (s->nblock_used == s->save_nblock+1) return False;
++
++ /* Only caused by corrupt data stream? */
++ if (s->nblock_used > s->save_nblock+1)
++return True;
+
+ s->state_out_len = 1;
+ s->state_out_ch = s->k0;
+@@ -789,7 +806,7 @@
+ while (True) {
+ /* try to finish existing run */
+ while (True) {
+-if (s->strm->avail_out == 0) return;
++if (s->strm->avail_out == 0) return False;
+ if (s->state_out_len == 0) break;
+ *( (UChar*)(s->strm->next_out) ) = s->