bzip2: 1.0.6.0.2 -> 1.0.8

Use latest upstream version, yoink updated autoconf patch from SUSE. Might fix unpacking some very cursed files. Dropped security patches applied upstream (see https://sourceware.org/bzip2/CHANGES).
author: K900 <me@0upti.me> 2022-07-12 11:50:56 +0300
committer: K900 <me@0upti.me> 2022-07-12 21:16:20 +0300
commit: 527595cc2068eb3502bbaf760faee2566ae639ab (patch)
tree: dc07dde66b072978210462781d6922c9dd05851e
parent: 4d4b4f2dbb5fce1f9413b3bb87f511b876a2020d (diff)
3 files changed, 10 insertions, 44 deletions
diff --git a/pkgs/tools/compression/bzip2/CVE-2016-3189.patch b/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
deleted file mode 100644
index eff324b325031..0000000000000
--- a/pkgs/tools/compression/bzip2/CVE-2016-3189.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/bzip2recover.c b/bzip2recover.c
-index f9de049..252c1b7 100644
---- a/bzip2recover.c
-+++ b/bzip2recover.c
-@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
-             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
-             bsPutUInt32 ( bsWr, blockCRC );
-             bsClose ( bsWr );
-+            outFile = NULL;
-          }
-          if (wrBlock >= rbCtr) break;
-          wrBlock++;
diff --git a/pkgs/tools/compression/bzip2/cve-2019-12900.patch b/pkgs/tools/compression/bzip2/cve-2019-12900.patch
deleted file mode 100644
index bf3d13a7a6915..0000000000000
--- a/pkgs/tools/compression/bzip2/cve-2019-12900.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
-diff --git a/decompress.c b/decompress.c
---- a/decompress.c
-+++ b/decompress.c
-@@ -287,7 +287,7 @@
-       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
-       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
-       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
--      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
-+      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
-       for (i = 0; i < nSelectors; i++) {
-          j = 0;
-          while (True) {
diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix
index 3dd3632711c3d..dafd6a6070dfc 100644
--- a/pkgs/tools/compression/bzip2/default.nix
+++ b/pkgs/tools/compression/bzip2/default.nix
@@ -10,33 +10,24 @@
 
 stdenv.mkDerivation rec {
   pname = "bzip2";
-  version = "1.0.6.0.2";
+  version = "1.0.8";
 
-  /* We use versions patched to use autotools style properly,
-      saving lots of trouble. */
   src = fetchurl {
-    urls = map
-      (prefix: prefix + "/people/sbrabec/bzip2/tarballs/${pname}-${version}.tar.gz")
-      [
-        "http://ftp.uni-kl.de/pub/linux/suse"
-        "ftp://ftp.hs.uni-hamburg.de/pub/mirrors/suse"
-        "ftp://ftp.mplayerhq.hu/pub/linux/suse"
-        "http://ftp.suse.com/pub" # the original patched version but slow
-      ];
-    sha256 = "sha256-FnhwNy4OHe8d5M6iYCClkxzcB/EHXg0veXwv43ZlxbA=";
+    url = "https://sourceware.org/pub/bzip2/bzip2-${version}.tar.gz";
+    sha256 = "sha256-q1oDF27hBtPw+pDjgdpHjdrkBZGBU8yiSOaCzQxKImk=";
   };
 
-  strictDeps = true;
-  nativeBuildInputs = [ autoreconfHook ];
+  patchFlags = ["-p0"];
 
   patches = [
-    ./CVE-2016-3189.patch
-    ./cve-2019-12900.patch
+    (fetchurl {
+      url = "https://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch";
+      sha256 = "sha256-QMufl6ffJVVVVZespvkCbFpB6++R1lnq1687jEsUjr0=";
+    })
   ];
 
-  postPatch = ''
-    sed -i -e '/<sys\\stat\.h>/s|\\|/|' bzip2.c
-  '';
+  strictDeps = true;
+  nativeBuildInputs = [ autoreconfHook ];
 
   outputs = [ "bin" "dev" "out" "man" ];
author	K900 <me@0upti.me>	2022-07-12 11:50:56 +0300
committer	K900 <me@0upti.me>	2022-07-12 21:16:20 +0300
commit	527595cc2068eb3502bbaf760faee2566ae639ab (patch)
tree	dc07dde66b072978210462781d6922c9dd05851e
parent	4d4b4f2dbb5fce1f9413b3bb87f511b876a2020d (diff)