kc3-lang/bzip2

Branch :

Log

Commit	Date	Message
33414da1	2019-07-12 00:50:54	Fix bashism in bzgrep bzgrep uses ${var//} which is a bashism. Replace by calling sed so other POSIX shells work. Patch from openSUSE by Led <ledest@gmail.com>
f7d209bf	2019-07-11 23:24:29	fix bzdiff when TMPDIR contains spaces The bzdiff script doesn't contain enough quotes, so that it doesn't work if the TMPDIR environment variable is defined and contains spaces. https://bugs.debian.org/493710 Author: Vincent Lefevre <vincent@vinc17.org>
d50cc4b0	2019-07-11 19:54:37	Replace project contact email with bzip2-devel@sourceware.org. Keep Julian's email as author information, but redirect general project feedback in the code and manual to the community mailinglist.
04e97920	2019-07-11 02:40:18	release-update.sh should update version number in website pages too.
b07b105d	2019-07-03 01:28:11	Accept as many selectors as the file format allows. But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS. The theoretical maximum number of selectors depends on the maximum blocksize (900000 bytes) and the number of symbols (50) that can be encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002. But the bzip2 file format allows the number of selectors to be encoded with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in 14 bits). So the file format maximum is 32767 selectors. Some bzip2 encoders might actually have written out more selectors than the theoretical maximum because they rounded up the number of selectors to some convenient factor of 8. The extra 14766 selectors can never be validly used by the decompression algorithm. So we can read them, but then discard them. This is effectively what was done (by accident) before we added a check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate CVE-2019-12900. The extra selectors were written out after the array inside the EState struct. But the struct has extra space allocated after the selector arrays of 18060 bytes (which is larger than 14766). All of which will be initialized later (so the overwrite of that space with extra selector values would have been harmless).
13d8bce0	2019-05-21 20:46:14	Fix a 'not a normal file' error when compressing large files. The bzip2 command line would report 'not a normal file' for files of size larger than 2^32 - 1 bytes. Patch bzip2.c to use _stati64 instead of _stat so that a successful result is returned for large files. Resolves https://github.com/philr/bzip2-windows/issues/3.
5a4a6f44	2019-07-03 22:22:16	Update prepare-release.sh for Makefile* and date ranges. Also update the version number in the Makefile comments. And update any date ranges to include the current year.
53f3d0d7	2019-07-02 15:05:44	Fix include path separator Changes the include path separator for Windows builds to use "/" instead of "\". Windows has no problems with using a forward slash as a path separator, but using a backslash causes problems when attempting to cross compile for other platforms (for example, when trying to cross compile for MinGW from Linux).
61b434b4	2019-07-02 15:06:01	Always treat .ref files as binary .ref files should always be treated as binary files so that git does not attempt to convert the line endings if core.autocrlf is set.
35dd3cf9	2019-07-02 15:05:53	Update .gitignore Updates the .gitignore file to ignore many build artifacts
f319b98a	2019-06-27 20:10:07	Prepare for 1.0.7 release.
f1e93777	2019-06-25 19:22:37	Add prepare-release.sh script. Script to run to prepare a new release. It will update the release number and tell you to update the CHANGES file and to double check everything looks before doing the release commit and tagging. Afterwards you probably want to run release-update.sh to upload the release and update the website at https://sourceware.org/bzip2/ There are embedded version strings and dates in a couple of places. To keep the script simple remove some that aren't absolutely necessary. README now just points to CHANGES. README.COMPILATION.PROBLEMS only mentions the version once at the top. bzip2.c only mentions the version once when doing --version. manual.xml now doesn't have any embedded versions, just uses &bz-version; everywhere.
ff986850	2019-05-29 17:14:27	Change a magic number (6) for a constant (BZ_N_GROUPS). decompress.c (BZ2_decompress): Check nGroups against BZ_N_GROUPS.
7ed62bfb	2019-05-28 19:35:18	Make sure nSelectors is not out of range nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is UChar selectorMtf[BZ_MAX_SELECTORS]; so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory access Fixes out of bounds access discovered while fuzzying karchive This was reported as CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
16f2c753	2019-06-08 10:06:40	Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH These macros contain this pattern: 1 << ((Int32_value) & 31 This causes the undefined behavior sanitizers in clang and gcc to complain because the shift, while ultimately stored to an unsigned variable, is done as a signed value. Adding a cast to unsigned for the int32 value resolves this issue.
f51f164d	2019-06-24 09:31:16	bzip2: Fix return value when combining --test,-t and -q. When passing -q to get quiet output --test would not display an error message, but would also suppress the exit 2 code to indicate the file was corrupt. Only suppress the error message with -q, not the exit value. This patch comes from Debian. "bunzip2 -qt returns 0 for corrupt archives" https://bugs.debian.org/279025
c1cdd98d	2019-06-24 00:45:32	bzip2recover: Fix use after free issue with outFile. bzip2recover.c (main): Make sure to set outFile to NULL when done. This was reported as CVE-2016-3189 and found in multiple distributions. https://seclists.org/oss-sec/2016/q2/568 Some more analysis can be found in: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
833548ed	2019-06-24 00:14:02	bzip2recover: Fix buffer overflow for large argv[0]. bzip2recover.c (main) copies argv[0] to a statically sized buffer without checking whether argv[0] might be too big (> 2000 chars). This patch comes from Fedora and was originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=226979
02fe3ca2	2019-06-23 23:52:03	bzip2.c (testStream): Remove set, but not used nread variable. Modern GCC warns: bzip2.c: In function ‘testStream’: bzip2.c:557:37: warning: variable ‘nread’ set but not used [-Wunused-but-set-variable] Int32 bzerr, bzerr_dummy, ret, nread, streamNo, i; ^~~~~ GCC is correct. In testStream we don't care about the number of bytes read by BZ2_bzRead. So just remove the variable and the assignment.
32db5b67	2019-06-23 22:18:58	Add release-update.sh script. Script to run after a release has been tagged, signed and pushed to git. Will do a fresh checkout, verify the git tag, do fresh build/dist, sign the dist with gpg, create a backup copy in HOME, upload the tar.gz and sig to sourceware, checkout bzip2-htdocs, copy over the new changes, manual, etc. and git push that to update https://sourceware.org/bzip2/
ac9b3847	2019-06-23 02:14:23	Use UTF-8 encoding and include bzip.css as link for HTML manual.
ddd8bae9	2019-06-23 00:47:20	Adjust bzip.css images to new https://sourceware.org/bzip2/ location.
5b923861	2019-03-30 22:56:16	Change Julian's email address to jseward@acm.org
032a25ee	2019-03-30 23:09:35	Change all bzip.org URLs to sourceware.org/bzip2
962d6061	2010-09-06 22:13:13	bzip2-1.0.6
a1d78c55	2007-12-10 22:13:13	bzip2-1.0.5
f10a3353	2006-12-20 22:13:13	bzip2-1.0.4
4d540bfc	2005-02-15 22:13:13	bzip2-1.0.3
099d8442	2001-12-30 22:13:13	bzip2-1.0.2
795b859e	2000-06-24 22:13:13	bzip2-1.0.1
f93cd82a	1999-09-04 22:13:13	bzip2-0.9.5d
977101ad	1998-08-23 22:13:13	bzip2-0.9.0c
1eb67a9d	1997-08-29 22:13:13	bzip2-0.1pl2
33d13403	1997-08-07 22:13:13	bzip2-0.1