debian/0000775000000000000000000000000012357756350007205 5ustar debian/liblzo2-2.install0000664000000000000000000000001512203365277012277 0ustar lib/*/*.so.* debian/control0000664000000000000000000000246612357756410010615 0ustar Source: lzo2 Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Peter Eisentraut Standards-Version: 3.9.2 Build-Depends: cdbs, debhelper (>= 8.1.3), dh-autoreconf Homepage: http://www.oberhumer.com/opensource/lzo/ Package: liblzo2-dev Section: libdevel Architecture: any Depends: liblzo2-2 (= ${binary:Version}), libc6-dev, ${misc:Depends} Replaces: liblzo-dev Multi-Arch: same Description: data compression library (development files) LZO is a portable, lossless data compression library. This package contains the header files and static libraries for the LZO data compression library. Package: liblzo2-2 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Multi-Arch: same Description: data compression library LZO is a portable, lossless data compression library. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this very high speed. Package: liblzo2-2-udeb Package-Type: udeb Section: debian-installer Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: data compression library debian/liblzo2-dev.install0000664000000000000000000000010011655766260012716 0ustar usr/lib/*/*.a usr/lib/*/*.so usr/include/ usr/share/lzo/minilzo debian/changelog0000664000000000000000000001430612357756350011063 0ustar lzo2 (2.06-1.2ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service or possible code execution via integer overflow - debian/patches/CVE-2014-4607.patch: check for overflow in minilzo/minilzo.c, src/lzo1_d.ch, src/lzo1b_d.ch, src/lzo1f_d.ch, src/lzo1x_d.ch, src/lzo2a_d.ch. - CVE-2014-4607 -- Marc Deslauriers Fri, 11 Jul 2014 08:47:36 -0400 lzo2 (2.06-1.2ubuntu1) trusty; urgency=medium * Build using dh-autoreconf. -- Matthias Klose Fri, 06 Dec 2013 12:38:46 +0100 lzo2 (2.06-1.2) unstable; urgency=low * Non-maintainer upload. * Correct /usr/lib/liblzo2.so symlink (Closes: #720749) -- Dmitrijs Ledkovs Mon, 26 Aug 2013 20:25:00 +0100 lzo2 (2.06-1.1) unstable; urgency=low * Non-maintainer upload to unbreak btrfs/installer. * Install libzo2 library into /lib, because btrfs user space now depends on this library and thus is needed before /usr might be mounted. (Closes: #709422) * Create libzo2-2-udeb, for the debian-installer to use btrfs at install time. * Piggy-back release-goal, mark dev package Multi-Arch (Closes: #681840) -- Dmitrijs Ledkovs Fri, 16 Aug 2013 09:53:32 +0100 lzo2 (2.06-1) unstable; urgency=low * New upstream release * Fixed lintian warning brace-expansion-in-debhelper-config-file -- Peter Eisentraut Thu, 10 Nov 2011 07:11:13 +0200 lzo2 (2.05-2) unstable; urgency=low * Converted to multiarch * Changed priority to optional to match override -- Peter Eisentraut Mon, 01 Aug 2011 14:48:33 +0300 lzo2 (2.05-1) unstable; urgency=low * New upstream release * Updated standards version * Removed *.la file (closes: #622467) -- Peter Eisentraut Mon, 04 Jul 2011 20:09:22 +0300 lzo2 (2.04-1) unstable; urgency=low * New upstream release (closes: #610732) * Updated standards version * Changed to debhelper level 8 -- Peter Eisentraut Sat, 19 Feb 2011 08:36:13 +0200 lzo2 (2.03-2) unstable; urgency=low * Changed source format to 3.0 (quilt) * Added ${misc:Depends} to all packages * Set a version on the dependency of liblzo2-dev to liblzo2-2 * Removed redundant section and priority fields * Pointed copyright to non-symlinked version of GPL file * Updated standards version * Really changed to debhelper level 6 -- Peter Eisentraut Fri, 06 Nov 2009 09:39:24 +0200 lzo2 (2.03-1) unstable; urgency=low * New upstream release - Obsoletes patches to avoid requiring an executable stack * Updated standards version * Added Homepage control field * Updated copyright; license is now GPLv2+ * Changed to debhelper level 6 -- Peter Eisentraut Wed, 30 Apr 2008 17:40:08 +0200 lzo2 (2.02-3) unstable; urgency=low * Added *.h files to examples (closes: #410054) * Updated standards version * Patched assembly to avoid requiring an executable stack (closes: #420753) -- Peter Eisentraut Fri, 15 Jun 2007 23:24:41 +0200 lzo2 (2.02-2) unstable; urgency=low * Fixed dependencies of liblzo2-dev -- Peter Eisentraut Fri, 27 Jan 2006 17:04:00 +0100 lzo2 (2.02-1) unstable; urgency=low * New upstream version in new package because of interface incompatibilities (closes: #342715) * Removed patches and quilt usage -- Peter Eisentraut Sat, 14 Jan 2006 11:42:59 +0100 lzo (1.08-3) unstable; urgency=low * Changed maintainer address * Updated standards version * Changed build system to CDBS and quilt * Added "old version" to description in light of upcoming lzo2 package * Altered watch file to cover only version 1 series * Added test suite to build process * Changed to debhelper level 5 -- Peter Eisentraut Wed, 11 Jan 2006 20:09:20 +0100 lzo (1.08-2) unstable; urgency=low * New maintainer (closes: #265726) * Previous two NMUs acknowledged (closes: #261872, #268052, #263513) * Revised descriptions * Changed section and priority to match overrides * Completed copyright information * Removed content-free README.debian * Updated rules to debhelper 4 conventions * Removed now useless liblzo1.postinst * Moved documentation files around * Use --disable-dependency-tracking and --disable-libtool-lock to speed up builds * Added watch file * Converted to dpatch * Updated libtool (closes: #261313) * Added minilzo to installation -- Peter Eisentraut Thu, 11 Nov 2004 12:33:51 +0100 lzo (1.08-1.2) unstable; urgency=high * NMU with high urgency for RC fix. * configure.in: add proper \ at the end of lines inside multi-line strings to fix ASM tests with gcc-3.3 (closes: #268052). * Re-run autoconf. * Standards-version is 3.6.1.1. -- Josselin Mouette Tue, 31 Aug 2004 11:58:13 +0200 lzo (1.08-1.1) unstable; urgency=low * NMU * [debian/rules] Added SHELL=/bin/bash as brace expansion is not POSIX. * [debian/rules] Put the .la file in the -dev package, not the runtime package. (Closes: #261872) * [debian/control] Added a Replaces for the .la move. -- J.H.M. Dassen (Ray) Wed, 4 Aug 2004 22:25:19 +0200 lzo (1.08-1) unstable; urgency=low * New upstream version. * Include examples (closes: bug#156918). -- Paolo Molaro Sun, 8 Jun 2003 14:38:18 +0200 lzo (1.07-1) unstable; urgency=low * New upstream release. * Updated to new policy. * Updated config.{sub,guess} (Closes: bug#95329). -- Paolo Molaro Sat, 30 Jun 2001 16:31:04 +0200 lzo (1.06-1) unstable; urgency=low * New upstream release (Closes: bug#53970). -- Paolo Molaro Wed, 5 Apr 2000 18:46:31 +0200 lzo (1.04-2) unstable; urgency=low * Fix overlapping of liblzo.la (Bug#28533). -- Paolo Molaro Thu, 29 Oct 1998 11:17:54 +0100 lzo (1.04-1) unstable; urgency=low * New Upstream release. -- Paolo Molaro Fri, 16 Oct 1998 13:45:07 +0200 lzo (1.03-1) unstable; urgency=low * Initial Release. -- Paolo Molaro Fri, 13 Feb 1998 13:41:33 +0100 debian/source/0000775000000000000000000000000011274641616010500 5ustar debian/source/format0000664000000000000000000000001411274751654011712 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000211527545660010401 0ustar 8 debian/liblzo2-dev.docs0000664000000000000000000000006611274641221012175 0ustar AUTHORS THANKS doc/LZOAPI.TXT doc/LZO.FAQ doc/LZO.TXT debian/patches/0000775000000000000000000000000012357756344010637 5ustar debian/patches/CVE-2014-4607.patch0000664000000000000000000001705512357756344013267 0ustar Description: fix denial of service or possible code execution via integer overflow Origin: backport thanks to Red Hat, originally from lzo-2.07 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1112418 Index: lzo2-2.06/minilzo/minilzo.c =================================================================== --- lzo2-2.06.orig/minilzo/minilzo.c 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/minilzo/minilzo.c 2014-07-11 08:38:53.061273222 -0400 @@ -3547,6 +3547,8 @@ #undef TEST_LBO #undef NEED_IP #undef NEED_OP +#undef TEST_IV +#undef TEST_OV #undef HAVE_TEST_IP #undef HAVE_TEST_OP #undef HAVE_NEED_IP @@ -3561,6 +3563,7 @@ # if (LZO_TEST_OVERRUN_INPUT >= 2) # define NEED_IP(x) \ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun # endif #endif @@ -3572,6 +3575,7 @@ # undef TEST_OP # define NEED_OP(x) \ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun # endif #endif @@ -3602,11 +3606,13 @@ # define HAVE_NEED_IP 1 #else # define NEED_IP(x) ((void) 0) +# define TEST_IV(x) ((void) 0) #endif #if defined(NEED_OP) # define HAVE_NEED_OP 1 #else # define NEED_OP(x) ((void) 0) +# define TEST_OV(x) ((void) 0) #endif #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) @@ -3687,6 +3693,7 @@ { t += 255; ip++; + TEST_IV(t); NEED_IP(1); } t += 15 + *ip++; @@ -3835,6 +3842,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 31 + *ip++; @@ -3879,6 +3887,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 7 + *ip++; @@ -4073,6 +4082,8 @@ #undef TEST_LBO #undef NEED_IP #undef NEED_OP +#undef TEST_IV +#undef TEST_OV #undef HAVE_TEST_IP #undef HAVE_TEST_OP #undef HAVE_NEED_IP @@ -4087,6 +4098,7 @@ # if (LZO_TEST_OVERRUN_INPUT >= 2) # define NEED_IP(x) \ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun # endif #endif @@ -4098,6 +4110,7 @@ # undef TEST_OP # define NEED_OP(x) \ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun # endif #endif @@ -4128,11 +4141,13 @@ # define HAVE_NEED_IP 1 #else # define NEED_IP(x) ((void) 0) +# define TEST_IV(x) ((void) 0) #endif #if defined(NEED_OP) # define HAVE_NEED_OP 1 #else # define NEED_OP(x) ((void) 0) +# define TEST_OV(x) ((void) 0) #endif #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) @@ -4213,6 +4228,7 @@ { t += 255; ip++; + TEST_IV(t); NEED_IP(1); } t += 15 + *ip++; @@ -4361,6 +4377,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 31 + *ip++; @@ -4405,6 +4422,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 7 + *ip++; Index: lzo2-2.06/src/lzo1_d.ch =================================================================== --- lzo2-2.06.orig/src/lzo1_d.ch 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/src/lzo1_d.ch 2014-07-11 08:39:24.633272733 -0400 @@ -76,6 +76,8 @@ #undef TEST_LBO #undef NEED_IP #undef NEED_OP +#undef TEST_IV +#undef TEST_OV #undef HAVE_TEST_IP #undef HAVE_TEST_OP #undef HAVE_NEED_IP @@ -91,6 +93,7 @@ # if (LZO_TEST_OVERRUN_INPUT >= 2) # define NEED_IP(x) \ if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun +# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun # endif #endif @@ -102,6 +105,7 @@ # undef TEST_OP /* don't need both of the tests here */ # define NEED_OP(x) \ if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun +# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun # endif #endif @@ -135,11 +139,13 @@ # define HAVE_NEED_IP 1 #else # define NEED_IP(x) ((void) 0) +# define TEST_IV(x) ((void) 0) #endif #if defined(NEED_OP) # define HAVE_NEED_OP 1 #else # define NEED_OP(x) ((void) 0) +# define TEST_OV(x) ((void) 0) #endif Index: lzo2-2.06/src/lzo1b_d.ch =================================================================== --- lzo2-2.06.orig/src/lzo1b_d.ch 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/src/lzo1b_d.ch 2014-07-11 08:36:15.093275669 -0400 @@ -187,6 +187,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++; Index: lzo2-2.06/src/lzo1f_d.ch =================================================================== --- lzo2-2.06.orig/src/lzo1f_d.ch 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/src/lzo1f_d.ch 2014-07-11 08:36:15.093275669 -0400 @@ -84,6 +84,7 @@ { t += 255; ip++; + TEST_IV(t); NEED_IP(1); } t += 31 + *ip++; @@ -138,6 +139,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 31 + *ip++; Index: lzo2-2.06/src/lzo1x_d.ch =================================================================== --- lzo2-2.06.orig/src/lzo1x_d.ch 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/src/lzo1x_d.ch 2014-07-11 08:36:15.093275669 -0400 @@ -120,6 +120,7 @@ { t += 255; ip++; + TEST_IV(t); NEED_IP(1); } t += 15 + *ip++; @@ -273,6 +274,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 31 + *ip++; @@ -317,6 +319,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += 7 + *ip++; Index: lzo2-2.06/src/lzo2a_d.ch =================================================================== --- lzo2-2.06.orig/src/lzo2a_d.ch 2014-07-11 08:36:15.097275669 -0400 +++ lzo2-2.06/src/lzo2a_d.ch 2014-07-11 08:36:15.093275669 -0400 @@ -131,6 +131,7 @@ { t += 255; ip++; + TEST_OV(t); NEED_IP(1); } t += *ip++; debian/patches/series0000664000000000000000000000002412357756344012050 0ustar CVE-2014-4607.patch debian/copyright0000664000000000000000000000141211527545344011133 0ustar This package was debianized by Paolo Molaro on 13 Feb 1998. Since 09 Nov 2004 it has been maintained by Peter Eisentraut . It was downloaded from . Upstream author: Markus F.X.J. Oberhumer Copyright: Copyright (C) 1996-2010 Markus Franz Xaver Johannes Oberhumer All Rights Reserved. The LZO library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. On Debian systems, the complete text of the GNU GPL version 2 can be found in the file /usr/share/common-licenses/GPL-2. debian/watch0000664000000000000000000000014111274641221010215 0ustar version=3 http://www.oberhumer.com/opensource/lzo/download/lzo-([0-9].*).tar.gz debian uupdate debian/liblzo2-dev.examples0000664000000000000000000000003211274641221013054 0ustar examples/*.c examples/*.h debian/liblzo2-2-udeb.install0000664000000000000000000000001512203365340013203 0ustar lib/*/*.so.* debian/liblzo2-2.docs0000664000000000000000000000003311274641221011552 0ustar AUTHORS THANKS doc/LZO.TXT debian/rules0000775000000000000000000000172512250333464010257 0ustar #!/usr/bin/make -f include /usr/share/cdbs/1/rules/autoreconf.mk include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk DEB_CONFIGURE_PATH_ARGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) DEB_CONFIGURE_EXTRA_FLAGS = --enable-shared --disable-libtool-lock DEB_INSTALL_CHANGELOGS_ALL = NEWS DEB_INSTALL_DOCS_ALL = DEB_MAKE_CHECK_TARGET = check test DEB_DH_MAKESHLIBS_ARGS = --add-udeb=liblzo2-2-udeb common-install-impl:: mkdir -p $(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH) mv $(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* $(DEB_DESTDIR)/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(basename $$(readlink $(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so)) $(DEB_DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so mkdir -p $(DEB_DESTDIR)/usr/share/lzo/minilzo install -D -m 644 minilzo/README.LZO minilzo/minilzo.c minilzo/minilzo.h include/lzo/lzoconf.h include/lzo/lzodefs.h $(CURDIR)/debian/tmp/usr/share/lzo/minilzo