- Update from 1.0.6 to 1.0.8 - Update of rootfile - Changelog 1.0.8 (13 Jul 19) * Accept as many selectors as the file format allows. This relaxes the fix for CVE-2019-12900 from 1.0.7 so that bzip2 allows decompression of bz2 files that use (too) many selectors again. * Fix handling of large (> 4GB) files on Windows. * Cleanup of bzdiff and bzgrep scripts so they don't use any bash extensions and handle multiple archives correctly. * There is now a bz2-files testsuite at https://sourceware.org/git/bzip2-tests.git 1.0.7 (27 Jun 19) * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH * bzip2: Fix return value when combining --test,-t and -q. * bzip2recover: Fix buffer overflow for large argv[0] * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189) * Make sure nSelectors is not out of range (CVE-2019-12900)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/bzip2 | 2 +- lfs/bzip2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/bzip2 b/config/rootfiles/common/bzip2 index f6ad610d4..9a8e88148 100644 --- a/config/rootfiles/common/bzip2 +++ b/config/rootfiles/common/bzip2 @@ -2,7 +2,7 @@ bin/bunzip2 bin/bzcat bin/bzip2 lib/libbz2.so.1.0 -lib/libbz2.so.1.0.6 +lib/libbz2.so.1.0.8 usr/bin/bunzip2 usr/bin/bzcat usr/bin/bzcmp diff --git a/lfs/bzip2 b/lfs/bzip2 index da20ce68c..9c6f9c5a4 100644 --- a/lfs/bzip2 +++ b/lfs/bzip2 @@ -24,7 +24,7 @@
include Config
-VER = 1.0.6 +VER = 1.0.8
THISAPP = bzip2-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 00b516f4704d4a7cb50a1d97e6e8e15b +$(DL_FILE)_MD5 = 67e051268d0c475ea773822f7500d0e5
install : $(TARGET)
-
Adolf Belka