Security fixed CVE-2017-8364 - 4ee793efe1 - Project import/rzip

Registration is now invite-only. Any user can make an invite, you need to create it here and give resulting link to someone to register.

slava86 has added 4ee793efe1

Security fixed CVE-2017-8364

...	...	--- /dev/null
...	...	+++ b/fill-buffer.patch
...	...	@@ -0,0 +1,33 @@
	1	Index: rzip-2.1/stream.c
	2	===================================================================
	3	--- rzip-2.1.orig/stream.c
	4	+++ rzip-2.1/stream.c
	5	@@ -147,16 +147,16 @@ static int write_u32(int f, u32 v)
	6	return 0;
	7	}
	8
	9	-static int read_buf(int f, uchar *p, int len)
	10	+static int read_buf(int f, uchar *p, unsigned int len)
	11	{
	12	int ret;
	13	ret = read(f, p, len);
	14	if (ret == -1) {
	15	- err_msg("Read of length %d failed - %s\n", len, strerror(errno));
	16	+ err_msg("Read of length %u failed - %s\n", len, strerror(errno));
	17	return -1;
	18	}
	19	if (ret != len) {
	20	- err_msg("Partial read!? asked for %d bytes but got %d\n", len, ret);
	21	+ err_msg("Partial read!? asked for %u bytes but got %d\n", len, ret);
	22	return -1;
	23	}
	24	return 0;
	25	@@ -399,7 +399,7 @@ static int fill_buffer(struct stream_inf
	26	if (sinfo->s[stream].buf) {
	27	free(sinfo->s[stream].buf);
	28	}
	29	- sinfo->s[stream].buf = malloc(u_len);
	30	+ sinfo->s[stream].buf = malloc(c_len > u_len ? c_len : u_len);
	31	if (!sinfo->s[stream].buf) {
	32	return -1;
	33	}

...	...	--- a/rzip.spec
...	...	+++ b/rzip.spec
...	...	@@ -1,11 +1,13 @@
1	1	Name: rzip
2	2	Summary: Compression program, similar in functionality to gzip or bzip2
3	3	Version: 2.1
4		Release: 11
	4	Release: 12
5	5	Source0: %{name}-%{version}.tar.bz2
6	6	URL: http://rzip.samba.org/
7	7	Group: Archiving/Compression
8	8	License: GPLv2+
	9	# CVE-2017-8364
	10	Patch1000: fill-buffer.patch
9	11	BuildRequires: bzip2-devel
10	12
11	13	%description
...	...	@@ -23,6 +25,8 @@ of rzip over bzip2 is that it is usually faster.
…	…
25	25	%prep
26	26	%setup -q
27	27
	28	%patch1000 -p1
	29
28	30	%build
29	31	%configure
30	32	%make