From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Thu, 27 May 2021 08:46:52 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1lm9nA-0002pa-LM
	for lore@lore.pengutronix.de; Thu, 27 May 2021 08:46:52 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1lm9n9-00086L-Uo; Thu, 27 May 2021 08:46:51 +0200
Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1lm9lz-0005qa-VH; Thu, 27 May 2021 08:45:40 +0200
Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de)
 by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1lm9lz-0006Uj-EE; Thu, 27 May 2021 08:45:39 +0200
Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.92)
 (envelope-from <mol@pengutronix.de>)
 id 1lm9lz-00GxOO-DY; Thu, 27 May 2021 08:45:39 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Thu, 27 May 2021 08:45:39 +0200
Message-Id: <20210527064539.4041474-1-m.olbrich@pengutronix.de>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20210516185231.5680-3-rhi@pengutronix.de>
References: <20210516185231.5680-3-rhi@pengutronix.de>
MIME-Version: 1.0
Subject: Re: [ptxdist] [APPLIED] bzip2: version bump 1.0.6 -> 1.0.8
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Roland Hieber <rhi@pengutronix.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Thanks, applied as 402c4a7af5619abbbe9a08869a836f71050e8a64.

Michael

[sent from post-receive hook]

On Thu, 27 May 2021 08:45:39 +0200, Roland Hieber <rhi@pengutronix.de> wrote:
> Patch 0002 (CVE-2016-3189) was merged upstream in bzip2-1.0.7, remove
> it. Unfuzz the other patch.
> 
> The copyright dates, the version number and the author's e-mail address
> changed in LICENSE.
> 
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20210516185231.5680-3-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
> deleted file mode 100644
> index d3ba2379a8e3..000000000000
> --- a/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
> +++ /dev/null
> @@ -1,23 +0,0 @@
> -From: Jakub Martisko <jamartis@redhat.com>
> -Date: Wed, 30 Mar 2016 10:22:27 +0200
> -Subject: [PATCH] bzip2recover: Fix potential use-after-free
> -
> -Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
> -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
> -Bug-Debian: https://bugs.debian.org/827744
> ----
> - bzip2recover.c | 1 +
> - 1 file changed, 1 insertion(+)
> -
> -diff --git a/bzip2recover.c b/bzip2recover.c
> -index f9de0496abf1..252c1b79853d 100644
> ---- a/bzip2recover.c
> -+++ b/bzip2recover.c
> -@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
> -             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
> -             bsPutUInt32 ( bsWr, blockCRC );
> -             bsClose ( bsWr );
> -+            outFile = NULL;
> -          }
> -          if (wrBlock >= rbCtr) break;
> -          wrBlock++;
> diff --git a/patches/bzip2-1.0.6/series b/patches/bzip2-1.0.6/series
> deleted file mode 100644
> index faf98db85308..000000000000
> --- a/patches/bzip2-1.0.6/series
> +++ /dev/null
> @@ -1,5 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-fixup-Makefile.patch
> -0002-bzip2recover-Fix-potential-use-after-free.patch
> -# b97444d53b93823526970708b2bbb965  - git-ptx-patches magic
> diff --git a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch b/patches/bzip2-1.0.8/0001-fixup-Makefile.patch
> similarity index 96%
> rename from patches/bzip2-1.0.6/0001-fixup-Makefile.patch
> rename to patches/bzip2-1.0.8/0001-fixup-Makefile.patch
> index 0e260213418e..af14b2d5436f 100644
> --- a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
> +++ b/patches/bzip2-1.0.8/0001-fixup-Makefile.patch
> @@ -3,17 +3,15 @@ Date: Sat, 29 Oct 2011 18:59:40 +0200
>  Subject: [PATCH] fixup Makefile
>  
>  This patch fixes various problems in the makefile and disables compile
> -time test. It was taken from Debinan.
> +time test. It was taken from Debian.
>  
>  Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
>  ---
> -# 20091210 rsc: needs probably another look before going mainline
> -
> - Makefile |  134 ++++++++++++++++++++++++++++++++------------------------------
> - 1 files changed, 69 insertions(+), 65 deletions(-)
> + Makefile | 134 ++++++++++++++++++++++++++++++++-------------------------------
> + 1 file changed, 69 insertions(+), 65 deletions(-)
>  
>  diff --git a/Makefile b/Makefile
> -index 9754ddf286b1..8e6a46b63904 100644
> +index f8a17722e1c3..d2c7e75ed744 100644
>  --- a/Makefile
>  +++ b/Makefile
>  @@ -12,6 +12,8 @@
> @@ -203,5 +201,5 @@ index 9754ddf286b1..8e6a46b63904 100644
>  -	rm -f manual.ps manual.html manual.pdf
>  +	#rm -f manual.ps manual.html manual.pdf
>   
> - DISTNAME=bzip2-1.0.6
> + DISTNAME=bzip2-1.0.8
>   dist: check manual
> diff --git a/patches/bzip2-1.0.8/series b/patches/bzip2-1.0.8/series
> new file mode 100644
> index 000000000000..78ff345669b5
> --- /dev/null
> +++ b/patches/bzip2-1.0.8/series
> @@ -0,0 +1,4 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-fixup-Makefile.patch
> +# cf8c416b9e8252c5e89375edfd4523b9  - git-ptx-patches magic
> diff --git a/rules/bzip2.make b/rules/bzip2.make
> index 4bf856e565c3..8247b24c1983 100644
> --- a/rules/bzip2.make
> +++ b/rules/bzip2.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_BZIP2) += bzip2
>  #
>  # Paths and names
>  #
> -BZIP2_VERSION	:= 1.0.6
> -BZIP2_MD5	:= 00b516f4704d4a7cb50a1d97e6e8e15b
> +BZIP2_VERSION	:= 1.0.8
> +BZIP2_MD5	:= 67e051268d0c475ea773822f7500d0e5
>  BZIP2		:= bzip2-$(BZIP2_VERSION)
>  BZIP2_SUFFIX	:= tar.gz
>  BZIP2_URL	:= \
> @@ -25,7 +25,7 @@ BZIP2_URL	:= \
>  BZIP2_SOURCE	:= $(SRCDIR)/$(BZIP2).$(BZIP2_SUFFIX)
>  BZIP2_DIR	:= $(BUILDDIR)/$(BZIP2)
>  BZIP2_LICENSE	:= bzip2-1.0.6
> -BZIP2_LICENSE_FILES	:= file://LICENSE;md5=ddeb76cd34e791893c0f539fdab879bb
> +BZIP2_LICENSE_FILES	:= file://LICENSE;md5=1e5cffe65fc786f83a11a4b225495c0b
>  
>  # ----------------------------------------------------------------------------
>  # Prepare

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de