powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity

lzo package update 

Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64lebuilder0 2019-09-08 15:51:40 +02:00
parent fc1c514f27
commit e1500f6863
3 changed files with 460 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

245
SOURCES/lzo-2.06-CVE-2014-4607.patch Normal file
View File

@ -0,0 +1,245 @@
diff --git a/minilzo/minilzo.c b/minilzo/minilzo.c
index 34ce0f0..ecfdf66 100644
--- a/minilzo/minilzo.c
+++ b/minilzo/minilzo.c
@@ -3547,6 +3547,8 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
#undef TEST_LBO
#undef NEED_IP
#undef NEED_OP
+#undef TEST_IV
+#undef TEST_OV
#undef HAVE_TEST_IP
#undef HAVE_TEST_OP
#undef HAVE_NEED_IP
@@ -3561,6 +3563,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
# if (LZO_TEST_OVERRUN_INPUT >= 2)
# define NEED_IP(x) \
if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
+# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
# endif
#endif
@@ -3572,6 +3575,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
# undef TEST_OP
# define NEED_OP(x) \
if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
+# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
# endif
#endif
@@ -3602,11 +3606,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len,
# define HAVE_NEED_IP 1
#else
# define NEED_IP(x) ((void) 0)
+# define TEST_IV(x) ((void) 0)
#endif
#if defined(NEED_OP)
# define HAVE_NEED_OP 1
#else
# define NEED_OP(x) ((void) 0)
+# define TEST_OV(x) ((void) 0)
#endif
#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP)
@@ -3687,6 +3693,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
{
t += 255;
ip++;
+ TEST_IV(t);
NEED_IP(1);
}
t += 15 + *ip++;
@@ -3835,6 +3842,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 31 + *ip++;
@@ -3879,6 +3887,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 7 + *ip++;
@@ -4073,6 +4082,8 @@ lookbehind_overrun:
#undef TEST_LBO
#undef NEED_IP
#undef NEED_OP
+#undef TEST_IV
+#undef TEST_OV
#undef HAVE_TEST_IP
#undef HAVE_TEST_OP
#undef HAVE_NEED_IP
@@ -4087,6 +4098,7 @@ lookbehind_overrun:
# if (LZO_TEST_OVERRUN_INPUT >= 2)
# define NEED_IP(x) \
if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
+# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
# endif
#endif
@@ -4098,6 +4110,7 @@ lookbehind_overrun:
# undef TEST_OP
# define NEED_OP(x) \
if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
+# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
# endif
#endif
@@ -4128,11 +4141,13 @@ lookbehind_overrun:
# define HAVE_NEED_IP 1
#else
# define NEED_IP(x) ((void) 0)
+# define TEST_IV(x) ((void) 0)
#endif
#if defined(NEED_OP)
# define HAVE_NEED_OP 1
#else
# define NEED_OP(x) ((void) 0)
+# define TEST_OV(x) ((void) 0)
#endif
#if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP)
@@ -4213,6 +4228,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
{
t += 255;
ip++;
+ TEST_IV(t);
NEED_IP(1);
}
t += 15 + *ip++;
@@ -4361,6 +4377,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 31 + *ip++;
@@ -4405,6 +4422,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 7 + *ip++;
diff --git a/src/lzo1_d.ch b/src/lzo1_d.ch
index 40a5bfd..c442d9c 100644
--- a/src/lzo1_d.ch
+++ b/src/lzo1_d.ch
@@ -76,6 +76,8 @@
#undef TEST_LBO
#undef NEED_IP
#undef NEED_OP
+#undef TEST_IV
+#undef TEST_OV
#undef HAVE_TEST_IP
#undef HAVE_TEST_OP
#undef HAVE_NEED_IP
@@ -91,6 +93,7 @@
# if (LZO_TEST_OVERRUN_INPUT >= 2)
# define NEED_IP(x) \
if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun
+# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun
# endif
#endif
@@ -102,6 +105,7 @@
# undef TEST_OP /* don't need both of the tests here */
# define NEED_OP(x) \
if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun
+# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun
# endif
#endif
@@ -135,11 +139,13 @@
# define HAVE_NEED_IP 1
#else
# define NEED_IP(x) ((void) 0)
+# define TEST_IV(x) ((void) 0)
#endif
#if defined(NEED_OP)
# define HAVE_NEED_OP 1
#else
# define NEED_OP(x) ((void) 0)
+# define TEST_OV(x) ((void) 0)
#endif
diff --git a/src/lzo1b_d.ch b/src/lzo1b_d.ch
index fe5f361..36b4b6b 100644
--- a/src/lzo1b_d.ch
+++ b/src/lzo1b_d.ch
@@ -187,6 +187,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++;
diff --git a/src/lzo1f_d.ch b/src/lzo1f_d.ch
index 9e942f5..0c2199e 100644
--- a/src/lzo1f_d.ch
+++ b/src/lzo1f_d.ch
@@ -84,6 +84,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
{
t += 255;
ip++;
+ TEST_IV(t);
NEED_IP(1);
}
t += 31 + *ip++;
@@ -138,6 +139,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 31 + *ip++;
diff --git a/src/lzo1x_d.ch b/src/lzo1x_d.ch
index 49cf326..c804cc7 100644
--- a/src/lzo1x_d.ch
+++ b/src/lzo1x_d.ch
@@ -120,6 +120,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
{
t += 255;
ip++;
+ TEST_IV(t);
NEED_IP(1);
}
t += 15 + *ip++;
@@ -273,6 +274,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 31 + *ip++;
@@ -317,6 +319,7 @@ match:
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += 7 + *ip++;
diff --git a/src/lzo2a_d.ch b/src/lzo2a_d.ch
index 48e51ca..954f07e 100644
--- a/src/lzo2a_d.ch
+++ b/src/lzo2a_d.ch
@@ -131,6 +131,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len,
{
t += 255;
ip++;
+ TEST_OV(t);
NEED_IP(1);
}
t += *ip++;

24
SOURCES/lzo-2.06-configure.patch Normal file
View File

@ -0,0 +1,24 @@
diff -Naur lzo-2.06/configure lzo-2.06.configure/configure
--- lzo-2.06/configure 2011-08-12 21:32:59.000000000 +0530
+++ lzo-2.06.configure/configure 2011-09-14 12:33:41.151087816 +0530
@@ -12964,7 +12964,7 @@
asm_msg_amd64=no
asm_msg_i386=no
-case "$host_cpu-$ac_cv_sizeof_void_p" in
+case "$target_cpu-$ac_cv_sizeof_void_p" in
amd64-8 | x86_64-8) asm_arch="amd64"; asm_dir="asm/amd64/src_gas/elf64"; asm_mode="amd64_src_gas_elf64" ;;
i?86-4) asm_arch="i386"; asm_dir="asm/i386/src_gas"; asm_mode="i386_src_gas" ;;
*) enable_asm=no ;;
diff -Naur lzo-2.06/configure.ac lzo-2.06.configure/configure.ac
--- lzo-2.06/configure.ac 2011-08-12 21:32:59.000000000 +0530
+++ lzo-2.06.configure/configure.ac 2011-09-14 12:33:31.851087334 +0530
@@ -123,7 +123,7 @@
asm_msg_amd64=no
asm_msg_i386=no
-case "$host_cpu-$ac_cv_sizeof_void_p" in
+case "$target_cpu-$ac_cv_sizeof_void_p" in
amd64-8 | x86_64-8) asm_arch="amd64"; asm_dir="asm/amd64/src_gas/elf64"; asm_mode="amd64_src_gas_elf64" ;;
i?86-4) asm_arch="i386"; asm_dir="asm/i386/src_gas"; asm_mode="i386_src_gas" ;;
*) enable_asm=no ;;

191
SPECS/lzo.spec Normal file
View File

@ -0,0 +1,191 @@
Name: lzo
Version: 2.06
Release: 8%{?dist}
Summary: Data compression library with very fast (de)compression
Group: System Environment/Libraries
License: GPLv2+
URL: http://www.oberhumer.com/opensource/lzo/
Source0: http://www.oberhumer.com/opensource/lzo/download/%{name}-%{version}.tar.gz
Patch0: lzo-2.06-configure.patch
Patch1: lzo-2.06-CVE-2014-4607.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: zlib-devel

%description
LZO is a portable lossless data compression library written in ANSI C.
It offers pretty fast compression and very fast decompression.
Decompression requires no memory. In addition there are slower
compression levels achieving a quite competitive compression ratio
while still decompressing at this very high speed.


%package minilzo
Summary: Mini version of lzo for apps which don't need the full version
Group: System Environment/Libraries

%description minilzo
A small (mini) version of lzo for embedding into applications which don't need
full blown lzo compression support.


%package devel
Summary: Development files for the lzo library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: %{name}-minilzo = %{version}-%{release}
Requires: zlib-devel

%description devel
LZO is a portable lossless data compression library written in ANSI C.
It offers pretty fast compression and very fast decompression.
This package contains development files needed for lzo.


%prep
%setup -q
%patch0 -p1 -z .configure
%patch1 -p1 -b .CVE-2014-4607
# mark asm files as NOT needing execstack
for i in asm/i386/src_gas/*.S; do
echo '.section .note.GNU-stack,"",@progbits' >> $i
done


%build
%configure --disable-dependency-tracking --disable-static --enable-shared
make %{?_smp_mflags} CFLAGS="%{optflags} -fno-strict-aliasing"
# build minilzo too (bz 439979)
gcc %{optflags} -fno-strict-aliasing -fpic -Iinclude/lzo -o minilzo/minilzo.o -c minilzo/minilzo.c
gcc -g -shared -o libminilzo.so.0 -Wl,-soname,libminilzo.so.0 minilzo/minilzo.o


%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
install -m 755 libminilzo.so.0 $RPM_BUILD_ROOT%{_libdir}
ln -s libminilzo.so.0 $RPM_BUILD_ROOT%{_libdir}/libminilzo.so
install -p -m 644 minilzo/minilzo.h $RPM_BUILD_ROOT%{_includedir}/lzo

#Remove doc
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/lzo

%check
make check test


%clean
rm -rf $RPM_BUILD_ROOT


%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post minilzo -p /sbin/ldconfig

%postun minilzo -p /sbin/ldconfig


%files
%defattr(-,root,root,-)
%doc AUTHORS COPYING THANKS NEWS
%{_libdir}/liblzo2.so.*

%files minilzo
%defattr(-,root,root,-)
%doc minilzo/README.LZO
%{_libdir}/libminilzo.so.0

%files devel
%defattr(-,root,root,-)
%doc doc/LZOAPI.TXT doc/LZO.FAQ doc/LZO.TXT
%{_includedir}/lzo
%{_libdir}/lib*lzo*.so


%changelog
* Wed Jul 2 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.06-8
- Built with -fno-strict-aliasing (rpmdiff)
Related: CVE-2014-4607

* Mon Jun 30 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.06-7
- Fixed integer overflow in decompressor
Resolves: CVE-2014-4607

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.06-6
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.06-5
- Mass rebuild 2013-12-27

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.06-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.06-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.06-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Wed Sep 14 2011 Huzaifa Sidhpurwala <huzaifas@redhat.com> - 2.06-1
- Upgrade to latest upstream
- Apply patch from Nicolas Chauvet

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.03-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.03-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.03-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu May 1 2008 Lubomir Rintel <lkundrak@v3.sk> 2.03-1
- New upstream release
- Changed the license to GPLv2+

* Wed Apr 2 2008 Hans de Goede <j.w.r.degoede@hhs.nl> 2.02-5
- Fix configure failure with -Werror-implicit-function-declaration in CFLAGS
- Add a minilzo subpackage which contains a shared version of minilzo, to be
used by all applications which ship with their own copy of it (bz 439979)

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.02-4
- Autorebuild for GCC 4.3

* Wed Aug 15 2007 Hans de Goede <j.w.r.degoede@hhs.nl> 2.02-3
- Update License tag for new Licensing Guidelines compliance

* Mon Aug 28 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 2.02-2
- FE6 Rebuild

* Wed Jul 26 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 2.02-1
- New upstream release 2.02, soname change!

* Mon Jul 24 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 1.08-7
- Taking over as maintainer since Anvil has other priorities
- Add a patch to fix asm detection on i386 (bug 145882, 145893). Thanks to
Carlo Marcelo Arenas Belon <carenas@sajinet.com.pe> for the initial patch.
- Removed unused build dependency on nasm
- Remove static lib
- Cleanup %%doc a bit

* Thu Mar 16 2006 Dams <anvil[AT]livna.org> - 1.08-6.fc5
- Rebuild for new gcc

* Tue Jan 17 2006 Dams <anvil[AT]livna.org> - 1.08-5.fc5
- Bumped release for gcc 4.1 rebuild

* Sun May 22 2005 Jeremy Katz <katzj@redhat.com> - 1.08-4
- rebuild on all arches

* Fri Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt

* Sun Apr 27 2003 Dams <anvil[AT]livna.org> 0:1.08-0.fdr.2
- Typo un devel description
- Added post and postun scriptlets
- Added URL in Source0

* Fri Apr 25 2003 Dams <anvil[AT]livna.org>
- Initial build.