latest bzip2 reports crc errors incorrectly

Bug #1834494 reported by Tim Scott on 2019-06-27
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bzip2
Fix Released
Unknown
bzip2 (Debian)
Fix Released
Unknown
bzip2 (Ubuntu)
Undecided
Leonidas S. Barbosa
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

I just got the bzip2 1.0.6-8.1ubuntu0.1 updates pushed to my machine and am now having problems with some .tbz2 archives. In particular, I can no longer extract this one:

https://developer.nvidia.com/embedded/dlc/l4t-jetson-xavier-driver-package-31-1-0

Downloading this and running:

bunzip2 -tvv Jetson_Linux_R31.1.0_aarch64.tbz2

...yields a CRC error. The previous version of bunzip2 does not report any errors with this archive.

CVE References

Tim Scott (tescott-jdes) wrote :

Manually reverting to a previous version of /lib/x86_64-linux-gnu/libbz2.so.1.0.4 corrects the issue for me.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bzip2 (Ubuntu):
status: New → Confirmed
tags: added: regression-update
Leonidas S. Barbosa (leosilvab) wrote :

Hi,

Thanks for report this issue.
I added a comment in commit fix that caused this regression in upstream project: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

Soon they update there with some notes we can look for a fix. For now, as you already did, please try downgrade to the previous version. Also, if possible, could you please test it using upstream version?

We apologize for the inconvenience.

Changed in bzip2 (Ubuntu):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
tags: added: bionic
Changed in bzip2:
status: Unknown → New
information type: Public → Public Security

Please see the discussion and analysis of the issue on the bzip2-devel mailinglist: https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html

There is a proposed workaround patch for decompression of the (buggy lbzip2 compressed) files:
https://sourceware.org/ml/bzip2-devel/2019-q2/msg00031.html

Testing of that patch is highly appreciated.

The attachment "Proposed workaround. Still under analysis. Testing appreciated." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Salvatore Bonaccorso (carnil) wrote :

Filled respective bug in Debian as well as per https://bugs.debian.org/931278

Changed in bzip2 (Debian):
status: Unknown → Confirmed

I did test the patch suggested and can confirm that it fixes the issue.

Hey @Mark, Thanks for provide these tests (https://sourceware.org/git/?p=bzip2-tests.git;a=summary). I ran our internal regression tests on the version patched and also the tests you provided. Our tests passed, but yours fails (believe is the same you mentioned in Debian-bug).

See bellow:

!!! 1 .bz files did not decompressed/recompressed correctly.

Testing detection of bad input data...

Processing ./go/compress/fail-issue5747.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/cve.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/cve2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/overrun.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/void.bz2.bad
  Trying to decompress...
  Trying to decompress (small)...
Processing ./lbzip2/crc1.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/crc2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.
Processing ./lbzip2/overrun2.bz2.bad
  Trying to decompress...

bzip2: Data integrity error when decompressing.
  Trying to decompress (small)...

bzip2: Data integrity error when decompressing.

Correctly found all bad file data integrity errors.

Bad results, look for !!! in the logs above

Yes, there was one testcase that wasn't handled by the patch.
There is an updated patch that handles both the original file and the new testcase.
https://sourceware.org/ml/bzip2-devel/2019-q3/msg00007.html

Thanks a lot @Mark for the quick fix!

:)

Changed in bzip2 (Ubuntu):
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-8ubuntu0.2

---------------
bzip2 (1.0.6-8ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:27:38 -0300

Changed in bzip2 (Ubuntu Xenial):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.19.04.1

---------------
bzip2 (1.0.6-9ubuntu0.19.04.1) disco-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:50:14 -0300

Changed in bzip2 (Ubuntu Disco):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.18.10.1

---------------
bzip2 (1.0.6-9ubuntu0.18.10.1) cosmic-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:40:45 -0300

Changed in bzip2 (Ubuntu Cosmic):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bzip2 - 1.0.6-8.1ubuntu0.2

---------------
bzip2 (1.0.6-8.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
    incorrect CRC error. (LP: #1834494)
    - debian/patches/Accept-as-many-selectors-as-selectors*.patch

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:35:36 -0300

Changed in bzip2 (Ubuntu Bionic):
status: New → Fix Released
tags: added: rls-ee-incoming
tags: removed: rls-ee-incoming
Changed in bzip2:
status: New → Fix Released
Changed in bzip2 (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.