bzip2: updated to 1.0.6-3

diff --git a/bzip2/.md5sum b/bzip2/.md5sum
index 134efa5977dfc49c772ace85daa9457de8860f2a..dc8c7f33b0c8f9459ebdd525856531963fb1a245 100644 (file)
--- a/bzip2/.md5sum
+++ b/bzip2/.md5sum
@@ -1,2 +1,3 @@
+3b17081b71204ddfaa1cef6f5f9d8747  CVE-2016-3189.patch
 00b516f4704d4a7cb50a1d97e6e8e15b  bzip2-1.0.6.tar.gz
 ab2b0d7367fc6f14a3d943a3861ad2c1  bzip2.patch

diff --git a/bzip2/CVE-2016-3189.patch b/bzip2/CVE-2016-3189.patch
new file mode 100644 (file)
index 0000000..d947130
--- /dev/null
+++ b/bzip2/CVE-2016-3189.patch
@@ -0,0 +1,10 @@
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;

diff --git a/bzip2/Pkgfile b/bzip2/Pkgfile
index 9ac24a5774dca833e6e5b7cdb076e143bea4d1c5..d2bc2af8536259d8c303e0e54db1fc263e4d2215 100644 (file)
--- a/bzip2/Pkgfile
+++ b/bzip2/Pkgfile
@@ -6,14 +6,15 @@
 
 name=bzip2
 version=1.0.6
-release=2
+release=3
 source=(http://www.bzip.org/$version/$name-$version.tar.gz \
-        $name.patch)
+        $name.patch CVE-2016-3189.patch)
 
 build() {
   cd $name-$version
 
   patch -Np1 -i $SRC/$name.patch
+  patch -p1 -i $SRC/CVE-2016-3189.patch
 
   sed "s|all: libbz2.a bzip2 bzip2recover test|all: libbz2.a bzip2 bzip2recover|g" -i Makefile