bzip2: 1.0.6.0.2 -> 1.0.8

Use latest upstream version, yoink updated autoconf patch from SUSE. Might fix unpacking some very cursed files. Dropped security patches applied upstream (see https://sourceware.org/bzip2/CHANGES).
2024-11-23 15:33:13 +00:00 · 2022-07-12 11:50:56 +03:00 · 2022-07-12 11:50:56 +03:00 · 527595cc20
commit 527595cc20
parent 4d4b4f2dbb
3 changed files with 12 additions and 46 deletions
--- a/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
+++ b/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
@ -1,12 +0,0 @@
-diff --git a/bzip2recover.c b/bzip2recover.c
-index f9de049..252c1b7 100644
--- a/bzip2recover.c
-+++ b/bzip2recover.c
-@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
-             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
-             bsPutUInt32 ( bsWr, blockCRC );
-             bsClose ( bsWr );
-+            outFile = NULL;
-          }
-          if (wrBlock >= rbCtr) break;
-          wrBlock++;
--- a/pkgs/tools/compression/bzip2/cve-2019-12900.patch
+++ b/pkgs/tools/compression/bzip2/cve-2019-12900.patch
@ -1,13 +0,0 @@
-https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
-diff --git a/decompress.c b/decompress.c
--- a/decompress.c
-+++ b/decompress.c
-@@ -287,7 +287,7 @@
-       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
-       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
-       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
-+      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
-       for (i = 0; i < nSelectors; i++) {
-          j = 0;
-          while (True) {
--- a/pkgs/tools/compression/bzip2/default.nix
+++ b/pkgs/tools/compression/bzip2/default.nix
@ -10,34 +10,25 @@

 stdenv.mkDerivation rec {
  pname = "bzip2";
-  version = "1.0.6.0.2";
+  version = "1.0.8";

-  /* We use versions patched to use autotools style properly,
-      saving lots of trouble. */
  src = fetchurl {
-    urls = map
-      (prefix: prefix + "/people/sbrabec/bzip2/tarballs/${pname}-${version}.tar.gz")
-      [
-        "http://ftp.uni-kl.de/pub/linux/suse"
-        "ftp://ftp.hs.uni-hamburg.de/pub/mirrors/suse"
-        "ftp://ftp.mplayerhq.hu/pub/linux/suse"
-        "http://ftp.suse.com/pub" # the original patched version but slow
-      ];
-    sha256 = "sha256-FnhwNy4OHe8d5M6iYCClkxzcB/EHXg0veXwv43ZlxbA=";
+    url = "https://sourceware.org/pub/bzip2/bzip2-${version}.tar.gz";
+    sha256 = "sha256-q1oDF27hBtPw+pDjgdpHjdrkBZGBU8yiSOaCzQxKImk=";
  };

+  patchFlags = ["-p0"];
+
+  patches = [
+    (fetchurl {
+      url = "https://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch";
+      sha256 = "sha256-QMufl6ffJVVVVZespvkCbFpB6++R1lnq1687jEsUjr0=";
+    })
+  ];
+
  strictDeps = true;
  nativeBuildInputs = [ autoreconfHook ];

-  patches = [
-    ./CVE-2016-3189.patch
-    ./cve-2019-12900.patch
-  ];
-
-  postPatch = ''
-    sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
-  '';
-
  outputs = [ "bin" "dev" "out" "man" ];

  configureFlags =