latest bzip2 reports crc errors incorrectly
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | bzip2 |
Fix Released
|
Unknown
|
||
| | bzip2 (Debian) |
Fix Released
|
Unknown
|
||
| | bzip2 (Ubuntu) |
Undecided
|
Leonidas S. Barbosa | ||
| | Xenial |
Undecided
|
Unassigned | ||
| | Bionic |
Undecided
|
Unassigned | ||
| | Cosmic |
Undecided
|
Unassigned | ||
| | Disco |
Undecided
|
Unassigned | ||
Bug Description
I just got the bzip2 1.0.6-8.1ubuntu0.1 updates pushed to my machine and am now having problems with some .tbz2 archives. In particular, I can no longer extract this one:
https:/
Downloading this and running:
bunzip2 -tvv Jetson_
...yields a CRC error. The previous version of bunzip2 does not report any errors with this archive.
CVE References
| Tim Scott (tescott-jdes) wrote : | #1 |
| Tim Scott (tescott-jdes) wrote : | #2 |
| Launchpad Janitor (janitor) wrote : | #3 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in bzip2 (Ubuntu): | |
| status: | New → Confirmed |
| Tyler Hart (nitepone) wrote : | #4 |
Bug is also present with other Nvidia Jetson packages.
https:/
| tags: | added: regression-update |
| Leonidas S. Barbosa (leosilvab) wrote : | #5 |
Hi,
Thanks for report this issue.
I added a comment in commit fix that caused this regression in upstream project: https:/
Soon they update there with some notes we can look for a fix. For now, as you already did, please try downgrade to the previous version. Also, if possible, could you please test it using upstream version?
We apologize for the inconvenience.
| Changed in bzip2 (Ubuntu): | |
| assignee: | nobody → Leonidas S. Barbosa (leosilvab) |
| tags: | added: bionic |
| Changed in bzip2: | |
| status: | Unknown → New |
| information type: | Public → Public Security |
Please see the discussion and analysis of the issue on the bzip2-devel mailinglist: https:/
There is a proposed workaround patch for decompression of the (buggy lbzip2 compressed) files:
https:/
Testing of that patch is highly appreciated.
The attachment "Proposed workaround. Still under analysis. Testing appreciated." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]
| tags: | added: patch |
| Salvatore Bonaccorso (carnil) wrote : | #9 |
Filled respective bug in Debian as well as per https:/
| Changed in bzip2 (Debian): | |
| status: | Unknown → Confirmed |
| Leonidas S. Barbosa (leosilvab) wrote : | #10 |
I did test the patch suggested and can confirm that it fixes the issue.
| Leonidas S. Barbosa (leosilvab) wrote : | #11 |
Hey @Mark, Thanks for provide these tests (https:/
See bellow:
!!! 1 .bz files did not decompressed/
Testing detection of bad input data...
Processing ./go/compress/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
Trying to decompress (small)...
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Processing ./lbzip2/
Trying to decompress...
bzip2: Data integrity error when decompressing.
Trying to decompress (small)...
bzip2: Data integrity error when decompressing.
Correctly found all bad file data integrity errors.
Bad results, look for !!! in the logs above
Yes, there was one testcase that wasn't handled by the patch.
There is an updated patch that handles both the original file and the new testcase.
https:/
| Leonidas S. Barbosa (leosilvab) wrote : | #13 |
Thanks a lot @Mark for the quick fix!
:)
| Changed in bzip2 (Ubuntu): | |
| status: | Confirmed → In Progress |
| Launchpad Janitor (janitor) wrote : | #14 |
This bug was fixed in the package bzip2 - 1.0.6-8ubuntu0.2
---------------
bzip2 (1.0.6-8ubuntu0.2) xenial-security; urgency=medium
* SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
incorrect CRC error. (LP: #1834494)
- debian/
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:27:38 -0300
| Changed in bzip2 (Ubuntu Xenial): | |
| status: | New → Fix Released |
| Launchpad Janitor (janitor) wrote : | #15 |
This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.
---------------
bzip2 (1.0.6-
* SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
incorrect CRC error. (LP: #1834494)
- debian/
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:50:14 -0300
| Changed in bzip2 (Ubuntu Disco): | |
| status: | New → Fix Released |
| Launchpad Janitor (janitor) wrote : | #16 |
This bug was fixed in the package bzip2 - 1.0.6-9ubuntu0.
---------------
bzip2 (1.0.6-
* SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
incorrect CRC error. (LP: #1834494)
- debian/
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:40:45 -0300
| Changed in bzip2 (Ubuntu Cosmic): | |
| status: | New → Fix Released |
| Launchpad Janitor (janitor) wrote : | #17 |
This bug was fixed in the package bzip2 - 1.0.6-8.1ubuntu0.2
---------------
bzip2 (1.0.6-
* SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
incorrect CRC error. (LP: #1834494)
- debian/
-- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jul 2019 09:35:36 -0300
| Changed in bzip2 (Ubuntu Bionic): | |
| status: | New → Fix Released |
| tags: | added: rls-ee-incoming |
| tags: | removed: rls-ee-incoming |
| Changed in bzip2: | |
| status: | New → Fix Released |
| Changed in bzip2 (Debian): | |
| status: | Confirmed → Fix Released |
Manually reverting to a previous version of /lib/x86_