Pullup ticket 516 - requested by Lubomir Sedlacik

security update for bzip2

Revisions pulled up:
- pkgsrc/archivers/bzip2/PLIST			1.3
- pkgsrc/archivers/bzip2/Makefile		1.39
- pkgsrc/archivers/bzip2/buildlink3.mk		1.17
- pkgsrc/archivers/bzip2/distinfo		1.12
- pkgsrc/archivers/bzip2/patches/patch-aa	1.11

    Module Name:    pkgsrc
    Committed By:   rillig
    Date:           Mon May 23 06:49:29 UTC 2005

    Modified Files:
            pkgsrc/archivers/bzip2: PLIST

    Log Message:
    Sorted PLIST entries to make pkglint happy.
    ----
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Thu May 26 15:03:11 UTC 2005

    Modified Files:
            pkgsrc/archivers/bzip2: Makefile buildlink3.mk distinfo
            pkgsrc/archivers/bzip2/patches: patch-aa

    Log Message:
    Security update to version 1.0.3

    - Further robustification against corrupted compressed data.
        There are currently no known bitstreams which can cause the
      decompressor to crash, loop or access memory which does not
      belong to it.  If you are using bzip2 or the library to
      decompress bitstreams from untrusted sources, an upgrade
      to 1.0.3 is recommended.

      http://scary.beasts.org/security/CESA-2005-002.txt

    - The documentation has been converted to XML, from which html
        and pdf can be derived.

    - Various minor bugs in the documentation have been fixed.

    - Fixes for various compilation warnings with newer versions of
        gcc, and on 64-bit platforms.

    - The BZ_NO_STDIO cpp symbol was not properly observed in 1.0.2.
        This has been fixed.

5 files changed, 27 insertions, 26 deletions

diff --git a/archivers/bzip2/Makefile b/archivers/bzip2/Makefile
index 3728738210b..a4c391b5043 100644
--- a/archivers/bzip2/Makefile
+++ b/archivers/bzip2/Makefile
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.37 2004/10/13 17:51:32 tv Exp $
+# $NetBSD: Makefile,v 1.37.4.1 2005/05/27 00:46:12 snj Exp $
 #
 
-DISTNAME=	bzip2-1.0.2
-PKGREVISION=	2
+DISTNAME=	bzip2-1.0.3
 CATEGORIES=	archivers
-MASTER_SITES=	ftp://sources.redhat.com/pub/bzip2/v102/
+MASTER_SITES=	http://www.bzip.org/1.0.3/
 
 MAINTAINER=	tech-pkg@NetBSD.org
-HOMEPAGE=	http://sources.redhat.com/bzip2/
+HOMEPAGE=	http://www.bzip.org/
 COMMENT=	Block-sorting file compressor
 
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
diff --git a/archivers/bzip2/PLIST b/archivers/bzip2/PLIST
index 379d5748f57..7e14a72df45 100644
--- a/archivers/bzip2/PLIST
+++ b/archivers/bzip2/PLIST
@@ -1,11 +1,11 @@
-@comment $NetBSD: PLIST,v 1.2 2004/09/22 08:09:14 jlam Exp $
-bin/bzip2
+@comment $NetBSD: PLIST,v 1.2.4.1 2005/05/27 00:46:12 snj Exp $
 bin/bunzip2
 bin/bzcat
+bin/bzip2
 bin/bzip2recover
 include/bzlib.h
 lib/libbz2.la
-man/man1/bzip2.1
 man/man1/bunzip2.1
 man/man1/bzcat.1
+man/man1/bzip2.1
 man/man1/bzip2recover.1
diff --git a/archivers/bzip2/buildlink3.mk b/archivers/bzip2/buildlink3.mk
index 1607ac24d77..0f3a7887148 100644
--- a/archivers/bzip2/buildlink3.mk
+++ b/archivers/bzip2/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2004/10/03 00:13:04 tv Exp $
+# $NetBSD: buildlink3.mk,v 1.16.4.1 2005/05/27 00:46:12 snj Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 BZIP2_BUILDLINK3_MK:=	${BZIP2_BUILDLINK3_MK}+
@@ -13,7 +13,7 @@ BUILDLINK_PACKAGES+=	bzip2
 .if !empty(BZIP2_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.bzip2+=	bzip2>=1.0.1
 BUILDLINK_PKGSRCDIR.bzip2?=	../../archivers/bzip2
-BUILDLINK_RECOMMENDED.bzip2+=	bzip2>=1.0.2nb2
+BUILDLINK_RECOMMENDED.bzip2+=	bzip2>=1.0.3
 .endif	# BZIP2_BUILDLINK3_MK
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH:S/+$//}
diff --git a/archivers/bzip2/distinfo b/archivers/bzip2/distinfo
index 8686e3c7752..cc5043e1e8f 100644
--- a/archivers/bzip2/distinfo
+++ b/archivers/bzip2/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2005/02/23 14:45:22 agc Exp $
+$NetBSD: distinfo,v 1.11.2.1 2005/05/27 00:46:12 snj Exp $
 
-SHA1 (bzip2-1.0.2.tar.gz) = d47793959c0d65a4d7246e0247ed1358662d9ebf
-RMD160 (bzip2-1.0.2.tar.gz) = 3926130e9ce78e37e3c518878f13a8d39e6fa5dc
-Size (bzip2-1.0.2.tar.gz) = 665198 bytes
-SHA1 (patch-aa) = 53c56d73f4d88c953cfa5cab1d839f0ddd3cc0bc
+SHA1 (bzip2-1.0.3.tar.gz) = 7e749510f65c86fbfff37b97144a02f1b8b8617f
+RMD160 (bzip2-1.0.3.tar.gz) = 7ac2a122c254d1fcd54ca8af96a1814e9e245a1a
+Size (bzip2-1.0.3.tar.gz) = 669075 bytes
+SHA1 (patch-aa) = 10a727166e8c0a7bcf695e79a224a4f9c6534ba9
diff --git a/archivers/bzip2/patches/patch-aa b/archivers/bzip2/patches/patch-aa
index 173f8490a41..8001ddcce90 100644
--- a/archivers/bzip2/patches/patch-aa
+++ b/archivers/bzip2/patches/patch-aa
@@ -1,21 +1,23 @@
-$NetBSD: patch-aa,v 1.10 2004/03/29 01:18:41 tv Exp $
+$NetBSD: patch-aa,v 1.10.8.1 2005/05/27 00:46:12 snj Exp $
 
---- Makefile.orig	Fri Jan 25 18:34:53 2002
-+++ Makefile	Mon Mar 15 11:42:02 2004
-@@ -2,43 +2,35 @@
+--- Makefile.orig	2005-02-17 12:28:24.000000000 +0100
++++ Makefile	2005-05-26 16:53:13.000000000 +0200
+@@ -2,42 +2,35 @@
  SHELL=/bin/sh
  
  # To assist in cross-compiling
 -CC=gcc
+-AR=ar
+-RANLIB=ranlib
+-LDFLAGS=
 +CC=${LIBTOOL} --mode=compile ${REALCC}
 +LD=${LIBTOOL} --mode=link ${REALCC}
- AR=ar
- RANLIB=ranlib
--LDFLAGS=
++#AR=ar
++#RANLIB=ranlib
++#LDFLAGS=
  
- # Suitably paranoid flags to avoid bugs in gcc-2.7
  BIGFILES=-D_FILE_OFFSET_BITS=64
--CFLAGS=-Wall -Winline -O2 -fomit-frame-pointer -fno-strength-reduce $(BIGFILES)
+-CFLAGS=-Wall -Winline -O -g $(BIGFILES)
 +CFLAGS+=$(BIGFILES)
  
 -# Where you want it installed when you do 'make install'
@@ -59,12 +61,12 @@ $NetBSD: patch-aa,v 1.10 2004/03/29 01:18:41 tv Exp $
 -	fi
 +libbz2.la: $(OBJS)
 +	rm -f libbz2.la
-+	$(LD) $(LDFLAGS) -o libbz2.la $(OBJS) -version-info 0:0  \
++	$(LD) $(LDFLAGS) -o libbz2.la $(OBJS) -version-info 0:0	\
 +		-rpath $(PREFIX)/lib
  
  check: test
  test: bzip2
-@@ -102,20 +94,20 @@
+@@ -100,20 +93,20 @@
  	sample1.rb2 sample2.rb2 sample3.rb2 \
  	sample1.tst sample2.tst sample3.tst