diff options
Diffstat (limited to 'external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6')
7 files changed, 0 insertions, 274 deletions
diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch deleted file mode 100644 index 1d0c3a6d..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2016-3189.patch +++ /dev/null @@ -1,18 +0,0 @@ -Upstream-Status: Backport -https://bugzilla.suse.com/attachment.cgi?id=681334 - -CVE: CVE-2016-3189 -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: bzip2-1.0.6/bzip2recover.c -=================================================================== ---- bzip2-1.0.6.orig/bzip2recover.c -+++ bzip2-1.0.6/bzip2recover.c -@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) - bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); - bsPutUInt32 ( bsWr, blockCRC ); - bsClose ( bsWr ); -+ outFile = NULL; - } - if (wrBlock >= rbCtr) break; - wrBlock++; diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch deleted file mode 100644 index 98416448..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 11e1fac27eb8a3076382200736874c78e09b75d6 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Tue, 28 May 2019 19:35:18 +0200 -Subject: [PATCH] Make sure nSelectors is not out of range - -nSelectors is used in a loop from 0 to nSelectors to access selectorMtf -which is - UChar selectorMtf[BZ_MAX_SELECTORS]; -so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory -access - -Fixes out of bounds access discovered while fuzzying karchive -CVE: CVE-2019-12900 -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> - ---- - decompress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/decompress.c b/decompress.c -index 311f566..b6e0a29 100644 ---- a/decompress.c -+++ b/decompress.c -@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) - GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); - GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); -- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); -+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); - for (i = 0; i < nSelectors; i++) { - j = 0; - while (True) { diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am deleted file mode 100644 index dcf64584..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/Makefile.am +++ /dev/null @@ -1,73 +0,0 @@ - -lib_LTLIBRARIES = libbz2.la -libbz2_la_LDFLAGS = -version-info 1:6:0 - -libbz2_la_SOURCES = blocksort.c \ - huffman.c \ - crctable.c \ - randtable.c \ - compress.c \ - decompress.c \ - bzlib.c - -bin_PROGRAMS = bzip2 bzip2recover - -bzip2_SOURCES = bzip2.c -bzip2_LDADD = libbz2.la -bzip2_DEPENDENCIES = libbz2.la - -include_HEADERS = bzlib.h - -bzip2recover_SOURCES = bzip2recover.c -bzip2recover_LDADD = libbz2.la -bzip2recover_DEPENDENCIES = libbz2.la - -bin_SCRIPTS = bzgrep bzmore bzdiff - -man_MANS = bzip2.1 bzgrep.1 bzmore.1 bzdiff.1 -EXTRA_DIST = $(man_MANS) - -runtest: - ./bzip2 -1 < sample1.ref > sample1.rb2 - ./bzip2 -2 < sample2.ref > sample2.rb2 - ./bzip2 -3 < sample3.ref > sample3.rb2 - ./bzip2 -d < sample1.bz2 > sample1.tst - ./bzip2 -d < sample2.bz2 > sample2.tst - ./bzip2 -ds < sample3.bz2 > sample3.tst - @if cmp sample1.bz2 sample1.rb2; then echo "PASS: sample1 compress";\ - else echo "FAIL: sample1 compress"; fi - @if cmp sample2.bz2 sample2.rb2; then echo "PASS: sample2 compress";\ - else echo "FAIL: sample2 compress"; fi - @if cmp sample3.bz2 sample3.rb2; then echo "PASS: sample3 compress";\ - else echo "FAIL: sample3 compress"; fi - @if cmp sample1.tst sample1.ref; then echo "PASS: sample1 decompress";\ - else echo "FAIL: sample1 decompress"; fi - @if cmp sample2.tst sample2.ref; then echo "PASS: sample2 decompress";\ - else echo "FAIL: sample2 decompress"; fi - @if cmp sample3.tst sample3.ref; then echo "PASS: sample3 decompress";\ - else echo "FAIL: sample3 decompress"; fi - -install-ptest: - sed -n '/^runtest:/,/^install-ptest:/{/^install-ptest:/!p}' \ - $(srcdir)/Makefile.am > $(DESTDIR)/Makefile - cp $(srcdir)/sample1.ref $(DESTDIR)/ - cp $(srcdir)/sample2.ref $(DESTDIR)/ - cp $(srcdir)/sample3.ref $(DESTDIR)/ - cp $(srcdir)/sample1.bz2 $(DESTDIR)/ - cp $(srcdir)/sample2.bz2 $(DESTDIR)/ - cp $(srcdir)/sample3.bz2 $(DESTDIR)/ - ln -s $(bindir)/bzip2 $(DESTDIR)/bzip2 - -install-exec-hook: - ln -s $(bindir)/bzip2$(EXEEXT) $(DESTDIR)$(bindir)/bunzip2$(EXEEXT) - ln -s $(bindir)/bzip2$(EXEEXT) $(DESTDIR)$(bindir)/bzcat$(EXEEXT) - ln -s $(bindir)/bzgrep$(EXEEXT) $(DESTDIR)$(bindir)/bzegrep$(EXEEXT) - ln -s $(bindir)/bzgrep$(EXEEXT) $(DESTDIR)$(bindir)/bzfgrep$(EXEEXT) - ln -s $(bindir)/bzmore$(EXEEXT) $(DESTDIR)$(bindir)/bzless$(EXEEXT) - ln -s $(bindir)/bzdiff$(EXEEXT) $(DESTDIR)$(bindir)/bzcmp$(EXEEXT) - -install-data-hook: - echo ".so man1/bzgrep.1" > $(DESTDIR)$(mandir)/man1/bzegrep.1 - echo ".so man1/bzgrep.1" > $(DESTDIR)$(mandir)/man1/bzfgrep.1 - echo ".so man1/bzmore.1" > $(DESTDIR)$(mandir)/man1/bzless.1 - echo ".so man1/bzdiff.1" > $(DESTDIR)$(mandir)/man1/bzcmp.1 diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac deleted file mode 100644 index e2bf1bf1..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/configure.ac +++ /dev/null @@ -1,11 +0,0 @@ -AC_PREREQ([2.57]) - -AC_INIT(bzip2, 1.0.6) -AM_INIT_AUTOMAKE(foreign) -AM_MAINTAINER_MODE - -AC_PROG_CC -AC_PROG_LIBTOOL - -AC_OUTPUT([Makefile]) - diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch deleted file mode 100644 index ece90d94..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 8068659388127e8e63f2d2297ba2348c72b20705 Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong.fan@windriver.com> -Date: Mon, 12 Oct 2015 03:19:51 -0400 -Subject: [PATCH] bzip2: fix bunzip2 -qt returns 0 for corrupt archives - -"bzip2 -t FILE" returns 2 if FILE exists, but is not a valid bzip2 file. -"bzip2 -qt FILE" returns 0 when this happens, although it does print out -an error message as is does so. - -This has been fix by Debian, just port changes from Debian patch file -"20-legacy.patch". - -Debian defect: -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279025 - -Fix item from changelog: -http://archive.debian.net/changelogs/pool/main/b/bzip2/bzip2_1.0.2-7/changelog - - * Fixed "bunzip2 -qt returns 0 for corrupt archives" (Closes: #279025). - -Upstream-Status: Pending - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - bzip2.c | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/bzip2.c b/bzip2.c -index 6de9d1d..f2ce668 100644 ---- a/bzip2.c -+++ b/bzip2.c -@@ -2003,12 +2003,14 @@ IntNative main ( IntNative argc, Char *argv[] ) - testf ( aa->name ); - } - } -- if (testFailsExist && noisy) { -- fprintf ( stderr, -- "\n" -- "You can use the `bzip2recover' program to attempt to recover\n" -- "data from undamaged sections of corrupted files.\n\n" -- ); -+ if (testFailsExist) { -+ if (noisy) { -+ fprintf ( stderr, -+ "\n" -+ "You can use the `bzip2recover' program to attempt to recover\n" -+ "data from undamaged sections of corrupted files.\n\n" -+ ); -+ } - setExit(2); - exit(exitValue); - } --- -1.9.1 - diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch deleted file mode 100644 index 362e6cf3..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 212f3ed7ac3931c9e0e9167a0bdc16eeb3c76af4 Mon Sep 17 00:00:00 2001 -From: Mark Wielaard <mark@klomp.org> -Date: Wed, 3 Jul 2019 01:28:11 +0200 -Subject: [PATCH] Accept as many selectors as the file format allows. - -But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS. - -The theoretical maximum number of selectors depends on the maximum -blocksize (900000 bytes) and the number of symbols (50) that can be -encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002. - -But the bzip2 file format allows the number of selectors to be encoded -with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in -14 bits). So the file format maximum is 32767 selectors. - -Some bzip2 encoders might actually have written out more selectors -than the theoretical maximum because they rounded up the number of -selectors to some convenient factor of 8. - -The extra 14766 selectors can never be validly used by the decompression -algorithm. So we can read them, but then discard them. - -This is effectively what was done (by accident) before we added a -check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate -CVE-2019-12900. - -The extra selectors were written out after the array inside the -EState struct. But the struct has extra space allocated after the -selector arrays of 18060 bytes (which is larger than 14766). -All of which will be initialized later (so the overwrite of that -space with extra selector values would have been harmless). - -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> - ---- - compress.c | 2 +- - decompress.c | 10 ++++++++-- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/compress.c b/compress.c -index caf7696..19b662b 100644 ---- a/compress.c -+++ b/compress.c -@@ -454,7 +454,7 @@ void sendMTFValues ( EState* s ) - - AssertH( nGroups < 8, 3002 ); - AssertH( nSelectors < 32768 && -- nSelectors <= (2 + (900000 / BZ_G_SIZE)), -+ nSelectors <= BZ_MAX_SELECTORS, - 3003 ); - - -diff --git a/decompress.c b/decompress.c -index b6e0a29..78060c9 100644 ---- a/decompress.c -+++ b/decompress.c -@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) - GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); - GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); -- if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); -+ if (nSelectors < 1) RETURN(BZ_DATA_ERROR); - for (i = 0; i < nSelectors; i++) { - j = 0; - while (True) { -@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s ) - j++; - if (j >= nGroups) RETURN(BZ_DATA_ERROR); - } -- s->selectorMtf[i] = j; -+ /* Having more than BZ_MAX_SELECTORS doesn't make much sense -+ since they will never be used, but some implementations might -+ "round up" the number of selectors, so just ignore those. */ -+ if (i < BZ_MAX_SELECTORS) -+ s->selectorMtf[i] = j; - } -+ if (nSelectors > BZ_MAX_SELECTORS) -+ nSelectors = BZ_MAX_SELECTORS; - - /*--- Undo the MTF values for the selectors. ---*/ - { diff --git a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest b/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest deleted file mode 100644 index 3b20fce1..00000000 --- a/external/poky/meta/recipes-extended/bzip2/bzip2-1.0.6/run-ptest +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -make -k runtest |