[compress-lzf/f20] fix SUID issue in LZF compression rhbz#1115264
gil
gil at fedoraproject.org
Wed Jul 2 08:41:07 UTC 2014
commit fe238806e53d6af217dc674bc4db0aa787cd5e6c
Author: gil <puntogil at libero.it>
Date: Wed Jul 2 10:41:12 2014 +0200
fix SUID issue in LZF compression rhbz#1115264
compress-lzf-0.9.8-UnsafeChunkEncoderBE_java.patch | 37 ++++++++++++++++++++
compress-lzf.spec | 11 ++++--
2 files changed, 45 insertions(+), 3 deletions(-)
---
diff --git a/compress-lzf-0.9.8-UnsafeChunkEncoderBE_java.patch b/compress-lzf-0.9.8-UnsafeChunkEncoderBE_java.patch
new file mode 100644
index 0000000..82ff64c
--- /dev/null
+++ b/compress-lzf-0.9.8-UnsafeChunkEncoderBE_java.patch
@@ -0,0 +1,37 @@
+--- src/main/java/com/ning/compress/lzf/impl/UnsafeChunkEncoderBE.java 2013-03-10 03:40:11.000000000 +0100
++++ src/main/java/com/ning/compress/lzf/impl/UnsafeChunkEncoderBE.java-ibm-bug-proxy 2014-07-02 10:20:10.626157173 +0200
+@@ -98,7 +98,7 @@
+ int i1 = unsafe.getInt(in, BYTE_ARRAY_OFFSET + ptr1);
+ int i2 = unsafe.getInt(in, BYTE_ARRAY_OFFSET + ptr2);
+ if (i1 != i2) {
+- return 1 + _leadingBytes(i1, i2);
++ return 1 + _leadingBytes(Integer.reverseBytes(i1), Integer.reverseBytes(i2));
+ }
+ ptr1 += 4;
+ ptr2 += 4;
+@@ -106,7 +106,7 @@
+ i1 = unsafe.getInt(in, BYTE_ARRAY_OFFSET + ptr1);
+ i2 = unsafe.getInt(in, BYTE_ARRAY_OFFSET + ptr2);
+ if (i1 != i2) {
+- return 5 + _leadingBytes(i1, i2);
++ return 5 + _leadingBytes(Integer.reverseBytes(i1), Integer.reverseBytes(i2));
+ }
+ return _findLongMatchLength(in, ptr1+4, ptr2+4, maxPtr1);
+ }
+@@ -120,7 +120,7 @@
+ long l1 = unsafe.getLong(in, BYTE_ARRAY_OFFSET + ptr1);
+ long l2 = unsafe.getLong(in, BYTE_ARRAY_OFFSET + ptr2);
+ if (l1 != l2) {
+- return ptr1 - base + (Long.numberOfLeadingZeros(l1 ^ l2) >> 3);
++ return ptr1 - base + (Long.numberOfTrailingZeros(Long.reverseBytes(l1) ^ Long.reverseBytes(l2)) >> 3);
+ }
+ ptr1 += 8;
+ ptr2 += 8;
+@@ -134,6 +134,6 @@
+ }
+
+ private final static int _leadingBytes(int i1, int i2) {
+- return (Long.numberOfLeadingZeros(i1 ^ i2) >> 3);
++ return (Long.numberOfTrailingZeros(i1 ^ i2) >> 3);
+ }
+ }
diff --git a/compress-lzf.spec b/compress-lzf.spec
index 646c77a..401ab2e 100644
--- a/compress-lzf.spec
+++ b/compress-lzf.spec
@@ -1,12 +1,13 @@
Name: compress-lzf
Version: 0.9.8
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Basic LZF codec, compatible with standard C LZF package
License: ASL 2.0
URL: https://github.com/ning/compress
Source0: https://github.com/ning/compress/archive/%{name}-%{version}.tar.gz
-
-BuildRequires: java-devel
+# thanks to bugproxy at us.ibm.com
+# https://github.com/ning/compress/issues/37
+Patch0: %{name}-0.9.8-UnsafeChunkEncoderBE_java.patch
# test deps
BuildRequires: mvn(org.testng:testng)
@@ -36,6 +37,7 @@ This package contains javadoc for %{name}.
find . -name "*.class" -print -delete
find . -name "*.jar" -type f -print -delete
+%patch0 -p0
%pom_remove_plugin :maven-source-plugin
%pom_xpath_remove "pom:project/pom:build/pom:plugins/pom:plugin[pom:artifactId='maven-javadoc-plugin']/pom:executions"
@@ -55,5 +57,8 @@ find . -name "*.jar" -type f -print -delete
%doc LICENSE
%changelog
+* Wed Jul 02 2014 gil cattaneo <puntogil at libero.it> 0.9.8-2
+- fix SUID issue in LZF compression rhbz#1115264
+
* Wed Aug 14 2013 gil cattaneo <puntogil at libero.it> 0.9.8-1
- initial rpm
\ No newline at end of file
More information about the scm-commits
mailing list