From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bzip2-devel-return-56-listarch-bzip2-devel=sourceware.org@sourceware.org>
Received: (qmail 98110 invoked by alias); 9 Jul 2019 21:38:05 -0000
Mailing-List: contact bzip2-devel-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bzip2-devel@sourceware.org>
List-Help: <mailto:bzip2-devel-help@sourceware.org>
List-Subscribe: <mailto:bzip2-devel-subscribe@sourceware.org>
List-Id: <bzip2-devel.sourceware.org>
Sender: bzip2-devel-owner@sourceware.org
Received: (qmail 98101 invoked by uid 89); 9 Jul 2019 21:38:04 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 spammy=
X-Spam-Status: No, score=-6.5 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org
X-Spam-Level: 
X-HELO: gnu.wildebeest.org
Message-ID: <7fc165ba50cad2fc5cd21a5ee610acc6cac148fa.camel@klomp.org>
Subject: Re: Alternative nSelectors patch (Was: bzip2 1.0.7 released)
From: Mark Wielaard <mark@klomp.org>
To: jseward@acm.org, Federico Mena Quintero <federico@gnome.org>, 
	bzip2-devel@sourceware.org
Date: Tue, 01 Jan 2019 00:00:00 -0000
In-Reply-To: <f9230fc65a3529b59b31f13494c72a1c01a6148e.camel@klomp.org>
References: <b8aab785a67113e4f50c54a6cb59129c11f805b6.camel@klomp.org>
	 <20190627205837.GD9273@wildebeest.org>
	 <0a2331bc6d0c8500c2c45df1e3ebe01b49ad5831.camel@klomp.org>
	 <8c4d5cf2479253406dacdee122692cc77771afb9.camel@gnome.org>
	 <e73799c0-cb3b-c9f8-84c8-53d028dbe1d5@acm.org>
	 <9998ca428c4c7f895a543aa91941e58efb0d5291.camel@klomp.org>
	 <308d9e82220760205ee673bf0505ee1815d48596.camel@klomp.org>
	 <4f434101-5ce3-d757-2f61-c9e419911e00@acm.org>
	 <f9230fc65a3529b59b31f13494c72a1c01a6148e.camel@klomp.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Evolution 3.28.5 (3.28.5-2.el7) 
Mime-Version: 1.0
X-Spam-Flag: NO
X-SW-Source: 2019-q3/txt/msg00019.txt.bz2

Hi,

> Attached is the patch with a commit message that hopefully explains why
> the change is correct (and why the CVE, although a source code bug,
> wasn't really exploitable in the first place). Hope it makes sense.

So the https://sourceware.org/git/bzip2-tests.git was integrated into
the buildbot and it turned RED. As expected, since without this fix it
fails with:
 - ./lbzip2/32767.bz2 bad decompress result

So I have now pushed the patch and hopefully that turns the buildbot
green: https://builder.wildebeest.org/buildbot/#/builders?tags=3Dbzip2

Cheers,

Mark