[OpenWrt-Devel] bzip2: Update to 1.0.8
diff mbox series

Message ID 20190808190121.10128-1-rosenp@gmail.com
State Accepted
Delegated to: Hauke Mehrtens
Headers show
Series
  • [OpenWrt-Devel] bzip2: Update to 1.0.8
Related show

Commit Message

Rosen Penev Aug. 8, 2019, 7:01 p.m. UTC
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 package/utils/bzip2/Makefile                  | 15 +++++------
 .../bzip2/patches/010-CVE-2016-3189.patch     | 11 --------
 .../utils/bzip2/patches/020-no-utime.patch    | 27 +++++++++++++++++++
 3 files changed, 34 insertions(+), 19 deletions(-)
 delete mode 100644 package/utils/bzip2/patches/010-CVE-2016-3189.patch
 create mode 100644 package/utils/bzip2/patches/020-no-utime.patch

Patch
diff mbox series

diff --git a/package/utils/bzip2/Makefile b/package/utils/bzip2/Makefile
index 9c64d2264a..7ae089f4f4 100644
--- a/package/utils/bzip2/Makefile
+++ b/package/utils/bzip2/Makefile
@@ -8,16 +8,15 @@ 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bzip2
-PKG_VERSION:=1.0.6
-PKG_RELEASE:=5
+PKG_VERSION:=1.0.8
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://distfiles.gentoo.org/distfiles/ \
-	http://distcache.freebsd.org/ports-distfiles/
-PKG_HASH:=a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_SOURCE_URL:=https://sourceware.org/pub/bzip2
+PKG_HASH:=ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
 
-PKG_LICENSE:=BZIP2
+PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_LICENSE:=bzip2-1.0.8
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:bzip:bzip2
 
@@ -26,7 +25,7 @@  include $(INCLUDE_DIR)/package.mk
 
 define Package/bzip2/Default
   SUBMENU:=Compression
-  URL:=http://www.bzip.org/
+  URL:=https://sourceware.org/bzip2/
 endef
 
 define Package/libbz2
diff --git a/package/utils/bzip2/patches/010-CVE-2016-3189.patch b/package/utils/bzip2/patches/010-CVE-2016-3189.patch
deleted file mode 100644
index 064f982c48..0000000000
--- a/package/utils/bzip2/patches/010-CVE-2016-3189.patch
+++ /dev/null
@@ -1,11 +0,0 @@ 
-diff -up ./bzip2recover.c.old ./bzip2recover.c
---- ./bzip2recover.c.old	2016-03-22 08:49:38.855620000 +0100
-+++ ./bzip2recover.c	2016-03-30 10:22:27.341430099 +0200
-@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
-             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
-             bsPutUInt32 ( bsWr, blockCRC );
-             bsClose ( bsWr );
-+            outFile = NULL;
-          }
-          if (wrBlock >= rbCtr) break;
-          wrBlock++;
diff --git a/package/utils/bzip2/patches/020-no-utime.patch b/package/utils/bzip2/patches/020-no-utime.patch
new file mode 100644
index 0000000000..9eea15554e
--- /dev/null
+++ b/package/utils/bzip2/patches/020-no-utime.patch
@@ -0,0 +1,27 @@ 
+--- a/bzip2.c
++++ b/bzip2.c
+@@ -69,7 +69,6 @@
+ #if BZ_UNIX
+ #   include <fcntl.h>
+ #   include <sys/types.h>
+-#   include <utime.h>
+ #   include <unistd.h>
+ #   include <sys/stat.h>
+ #   include <sys/times.h>
+@@ -1051,12 +1050,12 @@ void applySavedTimeInfoToOutputFile ( Char *dstName )
+ {
+ #  if BZ_UNIX
+    IntNative      retVal;
+-   struct utimbuf uTimBuf;
++   struct timespec uTimBuf[2] = {};
+ 
+-   uTimBuf.actime = fileMetaInfo.st_atime;
+-   uTimBuf.modtime = fileMetaInfo.st_mtime;
++   uTimBuf[0].tv_sec = fileMetaInfo.st_atime;
++   uTimBuf[1].tv_sec = fileMetaInfo.st_mtime;
+ 
+-   retVal = utime ( dstName, &uTimBuf );
++   retVal = utimensat ( AT_FDCWD, dstName, uTimBuf , 0 );
+    ERROR_IF_NOT_ZERO ( retVal );
+ #  endif
+ }