latest bzip2 reports crc errors incorrectly

Bug #1834494 reported by Tim Scott
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bzip2
Fix Released
Unknown
bzip2 (Debian)
Fix Released
Unknown
bzip2 (Ubuntu)
Fix Released
Undecided
Leonidas S. Barbosa
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Cosmic
Fix Released
Undecided
Unassigned
Disco
Fix Released
Undecided
Unassigned

Bug Description

I just got the bzip2 1.0.6-8.1ubuntu0.1 updates pushed to my machine and am now having problems with some .tbz2 archives. In particular, I can no longer extract this one:

https://developer.nvidia.com/embedded/dlc/l4t-jetson-xavier-driver-package-31-1-0

Downloading this and running:

bunzip2 -tvv Jetson_Linux_R31.1.0_aarch64.tbz2

...yields a CRC error. The previous version of bunzip2 does not report any errors with this archive.

CVE References

Revision history for this message
Tim Scott (tescott-jdes) wrote :

Manually reverting to a previous version of /lib/x86_64-linux-gnu/libbz2.so.1.0.4 corrects the issue for me.

Revision history for this message
Tim Scott (tescott-jdes) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bzip2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Tyler Hart (nitepone) wrote :
tags: added: regression-update
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Hi,

Thanks for report this issue.
I added a comment in commit fix that caused this regression in upstream project: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

Soon they update there with some notes we can look for a fix. For now, as you already did, please try downgrade to the previous version. Also, if possible, could you please test it using upstream version?

We apologize for the inconvenience.

Changed in bzip2 (Ubuntu):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
tags: added: bionic
Changed in bzip2:
status: Unknown → New
information type: Public → Public Security
Revision history for this message
Mark J. Wielaard (3y9m2vcw-ll9d-fkzsxrqg) wrote :

Please see the discussion and analysis of the issue on the bzip2-devel mailinglist: https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html

There is a proposed workaround patch for decompression of the (buggy lbzip2 compressed) files:
https://sourceware.org/ml/bzip2-devel/2019-q2/msg00031.html

Testing of that patch is highly appreciated.

Revision history for this message
Mark J. Wielaard (3y9m2vcw-ll9d-fkzsxrqg) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Proposed workaround. Still under analysis. Testing appreciated." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Salvatore Bonaccorso (carnil) wrote :

Filled respective bug in Debian as well as per https://bugs.debian.org/931278

Changed in bzip2 (Debian):
status: Unknown → Confirmed
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

I did test the patch suggested and can confirm that it fixes the issue.

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Hey @Mark, Thanks for provide these tests (https://sourceware.org/git/?p=bzip2-tests.git;a=summary). I ran our internal regression tests on the version patched and also the tests you provided. Our tests passed, but yours fails (believe is the same you mentioned in Debian-bug).

See bellow:

!!! 1 .bz files did not decompressed/recompressed correctly.

Testing detection of bad input data...

Processing ./go/compress/fail-issue5747.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/cve.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/cve2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/overrun.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/void.bz2.bad
  Trying to decompress...
  Trying to decompress (small)...
Processing ./lbzip2/crc1.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/crc2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/overrun2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.

Correctly found all bad file data integrity errors.

Bad results, look for !!! in the logs above

Revision history for this message
Mark J. Wielaard (3y9m2vcw-ll9d-fkzsxrqg) wrote :

Yes, there was one testcase that wasn't handled by the patch.
There is an updated patch that handles both the original file and the new testcase.
https://sourceware.org/ml/bzip2-devel/2019-q3/msg00007.html

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Thanks a lot @Mark for the quick fix!

:)

Changed in bzip2 (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-8ubuntu0.2

---------------
bzip2 (1.0.6-8ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:27:38 -0300

Changed in bzip2 (Ubuntu Xenial):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.19.04.1

---------------
bzip2 (1.0.6-9ubuntu0.19.04.1) disco-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:50:14 -0300

Changed in bzip2 (Ubuntu Disco):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.18.10.1

---------------
bzip2 (1.0.6-9ubuntu0.18.10.1) cosmic-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:40:45 -0300

Changed in bzip2 (Ubuntu Cosmic):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-8.1ubuntu0.2

---------------
bzip2 (1.0.6-8.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:35:36 -0300

Changed in bzip2 (Ubuntu Bionic):
status: New → Fix Released
tags: added: rls-ee-incoming
tags: removed: rls-ee-incoming
Changed in bzip2:
status: New → Fix Released
Changed in bzip2 (Debian):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-1ubuntu0.2

---------------
bzip2 (1.0.6-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 08:37:58 -0300

Changed in bzip2 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.