about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/compression/bzip2
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/compression/bzip2')
-rw-r--r--nixpkgs/pkgs/tools/compression/bzip2/1_1.nix43
-rw-r--r--nixpkgs/pkgs/tools/compression/bzip2/CVE-2016-3189.patch12
-rw-r--r--nixpkgs/pkgs/tools/compression/bzip2/cve-2019-12900.patch13
-rw-r--r--nixpkgs/pkgs/tools/compression/bzip2/default.nix55
4 files changed, 123 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/compression/bzip2/1_1.nix b/nixpkgs/pkgs/tools/compression/bzip2/1_1.nix
new file mode 100644
index 000000000000..ca5670a2e512
--- /dev/null
+++ b/nixpkgs/pkgs/tools/compression/bzip2/1_1.nix
@@ -0,0 +1,43 @@
+{ lib, stdenv
+, fetchFromGitLab
+, meson
+, python3
+, ninja
+}:
+
+stdenv.mkDerivation rec {
+  pname = "bzip2-unstable";
+  version = "2020-08-11";
+
+  src = fetchFromGitLab {
+    owner = "federicomenaquintero";
+    repo = "bzip2";
+    rev = "15255b553e7c095fb7a26d4dc5819a11352ebba1";
+    sha256 = "sha256-BAyz35D62LWi47B/gNcCSKpdaECHBGSpt21vtnk3fKs=";
+  };
+
+  postPatch = ''
+    patchShebangs install_links.py
+  '';
+
+  nativeBuildInputs = [
+    meson
+    python3
+    ninja
+  ];
+
+  outputs = [ "bin" "dev" "out" "man" ];
+
+  mesonFlags = [
+    "-Ddocs=disabled"
+  ];
+
+  strictDeps = true;
+
+  meta = with lib; {
+    description = "High-quality data compression program";
+    license = licenses.bsdOriginal;
+    platforms = platforms.all;
+    maintainers = [];
+  };
+}
diff --git a/nixpkgs/pkgs/tools/compression/bzip2/CVE-2016-3189.patch b/nixpkgs/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
new file mode 100644
index 000000000000..eff324b32503
--- /dev/null
+++ b/nixpkgs/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
@@ -0,0 +1,12 @@
+diff --git a/bzip2recover.c b/bzip2recover.c
+index f9de049..252c1b7 100644
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
diff --git a/nixpkgs/pkgs/tools/compression/bzip2/cve-2019-12900.patch b/nixpkgs/pkgs/tools/compression/bzip2/cve-2019-12900.patch
new file mode 100644
index 000000000000..bf3d13a7a691
--- /dev/null
+++ b/nixpkgs/pkgs/tools/compression/bzip2/cve-2019-12900.patch
@@ -0,0 +1,13 @@
+https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
+diff --git a/decompress.c b/decompress.c
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@
+       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+       for (i = 0; i < nSelectors; i++) {
+          j = 0;
+          while (True) {
diff --git a/nixpkgs/pkgs/tools/compression/bzip2/default.nix b/nixpkgs/pkgs/tools/compression/bzip2/default.nix
new file mode 100644
index 000000000000..da37cf9fbd8c
--- /dev/null
+++ b/nixpkgs/pkgs/tools/compression/bzip2/default.nix
@@ -0,0 +1,55 @@
+{ lib, stdenv, fetchurl
+, linkStatic ? with stdenv.hostPlatform; isStatic || isCygwin
+, autoreconfHook
+}:
+
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
+stdenv.mkDerivation rec {
+  pname = "bzip2";
+  version = "1.0.6.0.2";
+
+  /* We use versions patched to use autotools style properly,
+      saving lots of trouble. */
+  src = fetchurl {
+    urls = map
+      (prefix: prefix + "/people/sbrabec/bzip2/tarballs/${pname}-${version}.tar.gz")
+      [
+        "http://ftp.uni-kl.de/pub/linux/suse"
+        "ftp://ftp.hs.uni-hamburg.de/pub/mirrors/suse"
+        "ftp://ftp.mplayerhq.hu/pub/linux/suse"
+        "http://ftp.suse.com/pub" # the original patched version but slow
+      ];
+    sha256 = "sha256-FnhwNy4OHe8d5M6iYCClkxzcB/EHXg0veXwv43ZlxbA=";
+  };
+
+  nativeBuildInputs = [ autoreconfHook ];
+
+  patches = [
+    ./CVE-2016-3189.patch
+    ./cve-2019-12900.patch
+  ];
+
+  postPatch = ''
+    sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
+  '';
+
+  outputs = [ "bin" "dev" "out" "man" ];
+
+  configureFlags =
+    lib.optionals linkStatic [ "--enable-static" "--disable-shared" ];
+
+  enableParallelBuilding = true;
+
+  meta = with lib; {
+    description = "High-quality data compression program";
+    homepage = "https://www.sourceware.org/bzip2";
+    changelog = "https://sourceware.org/git/?p=bzip2.git;a=blob;f=CHANGES;hb=HEAD";
+    license = licenses.bsdOriginal;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ mic92 ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-17 17:31:36 +0000