@@ -8,16 +8,15 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=bzip2
-PKG_VERSION:=1.0.6
-PKG_RELEASE:=5
+PKG_VERSION:=1.0.8
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://distfiles.gentoo.org/distfiles/ \
- http://distcache.freebsd.org/ports-distfiles/
-PKG_HASH:=a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_SOURCE_URL:=https://sourceware.org/pub/bzip2
+PKG_HASH:=ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
-PKG_LICENSE:=BZIP2
+PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
+PKG_LICENSE:=bzip2-1.0.8
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:bzip:bzip2
@@ -26,7 +25,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/bzip2/Default
SUBMENU:=Compression
- URL:=http://www.bzip.org/
+ URL:=https://sourceware.org/bzip2/
endef
define Package/libbz2
deleted file mode 100644
@@ -1,11 +0,0 @@
-diff -up ./bzip2recover.c.old ./bzip2recover.c
---- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100
-+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200
-@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
- bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
- bsPutUInt32 ( bsWr, blockCRC );
- bsClose ( bsWr );
-+ outFile = NULL;
- }
- if (wrBlock >= rbCtr) break;
- wrBlock++;
new file mode 100644
@@ -0,0 +1,27 @@
+--- a/bzip2.c
++++ b/bzip2.c
+@@ -69,7 +69,6 @@
+ #if BZ_UNIX
+ # include <fcntl.h>
+ # include <sys/types.h>
+-# include <utime.h>
+ # include <unistd.h>
+ # include <sys/stat.h>
+ # include <sys/times.h>
+@@ -1051,12 +1050,12 @@ void applySavedTimeInfoToOutputFile ( Char *dstName )
+ {
+ # if BZ_UNIX
+ IntNative retVal;
+- struct utimbuf uTimBuf;
++ struct timespec uTimBuf[2] = {};
+
+- uTimBuf.actime = fileMetaInfo.st_atime;
+- uTimBuf.modtime = fileMetaInfo.st_mtime;
++ uTimBuf[0].tv_sec = fileMetaInfo.st_atime;
++ uTimBuf[1].tv_sec = fileMetaInfo.st_mtime;
+
+- retVal = utime ( dstName, &uTimBuf );
++ retVal = utimensat ( AT_FDCWD, dstName, uTimBuf , 0 );
+ ERROR_IF_NOT_ZERO ( retVal );
+ # endif
+ }
It seems bzip2 was abandoned by the author and adopted by the sourceware people. The last release of bzip2 was from 2010. Several security bugs were fixed as well as others. Fixed up PKG_LICENSE to be compatible with SPDX. Changed URLs to point to the new home. Added patch that gets rid of deprecated utime function and switches it to utimensat. Signed-off-by: Rosen Penev <rosenp@gmail.com> --- package/utils/bzip2/Makefile | 15 +++++------ .../bzip2/patches/010-CVE-2016-3189.patch | 11 -------- .../utils/bzip2/patches/020-no-utime.patch | 27 +++++++++++++++++++ 3 files changed, 34 insertions(+), 19 deletions(-) delete mode 100644 package/utils/bzip2/patches/010-CVE-2016-3189.patch create mode 100644 package/utils/bzip2/patches/020-no-utime.patch