From 5a93e3ae7b2612a3cee5ab42acdb8c807af3eedf Mon Sep 17 00:00:00 2001 From: "David E. O'Brien" Date: Sat, 2 Oct 2010 06:54:59 +0000 Subject: [PATCH 1/3] Flatten the bzip2 vendor area in preparations for the 1.0.6 import. --- contrib/bzip2/CHANGES => CHANGES | 0 contrib/bzip2/LICENSE => LICENSE | 0 contrib/bzip2/Makefile => Makefile | 0 contrib/bzip2/Makefile-libbz2_so => Makefile-libbz2_so | 0 contrib/bzip2/README => README | 0 .../README.COMPILATION.PROBLEMS => README.COMPILATION.PROBLEMS | 0 contrib/bzip2/blocksort.c => blocksort.c | 0 contrib/bzip2/bzip2.1 => bzip2.1 | 0 contrib/bzip2/bzip2.c => bzip2.c | 0 contrib/bzip2/bzip2recover.c => bzip2recover.c | 0 contrib/bzip2/bzlib.c => bzlib.c | 0 contrib/bzip2/bzlib.h => bzlib.h | 0 contrib/bzip2/bzlib_private.h => bzlib_private.h | 0 contrib/bzip2/compress.c => compress.c | 0 contrib/bzip2/crctable.c => crctable.c | 0 contrib/bzip2/decompress.c => decompress.c | 0 contrib/bzip2/dlltest.c => dlltest.c | 0 contrib/bzip2/huffman.c => huffman.c | 0 contrib/bzip2/libbz2.def => libbz2.def | 0 contrib/bzip2/makefile.msc => makefile.msc | 0 contrib/bzip2/randtable.c => randtable.c | 0 contrib/bzip2/sample1.bz2.uu => sample1.bz2.uu | 0 contrib/bzip2/sample1.ref.gz.uu => sample1.ref.gz.uu | 0 contrib/bzip2/sample2.bz2.uu => sample2.bz2.uu | 0 contrib/bzip2/sample2.ref.gz.uu => sample2.ref.gz.uu | 0 contrib/bzip2/sample3.bz2.uu => sample3.bz2.uu | 0 contrib/bzip2/sample3.ref.gz.uu => sample3.ref.gz.uu | 0 contrib/bzip2/spewG.c => spewG.c | 0 contrib/bzip2/unzcrash.c => unzcrash.c | 0 contrib/bzip2/words0 => words0 | 0 contrib/bzip2/words1 => words1 | 0 contrib/bzip2/words2 => words2 | 0 contrib/bzip2/words3 => words3 | 0 33 files changed, 0 insertions(+), 0 deletions(-) rename contrib/bzip2/CHANGES => CHANGES (100%) rename contrib/bzip2/LICENSE => LICENSE (100%) rename contrib/bzip2/Makefile => Makefile (100%) rename contrib/bzip2/Makefile-libbz2_so => Makefile-libbz2_so (100%) rename contrib/bzip2/README => README (100%) rename contrib/bzip2/README.COMPILATION.PROBLEMS => README.COMPILATION.PROBLEMS (100%) rename contrib/bzip2/blocksort.c => blocksort.c (100%) rename contrib/bzip2/bzip2.1 => bzip2.1 (100%) rename contrib/bzip2/bzip2.c => bzip2.c (100%) rename contrib/bzip2/bzip2recover.c => bzip2recover.c (100%) rename contrib/bzip2/bzlib.c => bzlib.c (100%) rename contrib/bzip2/bzlib.h => bzlib.h (100%) rename contrib/bzip2/bzlib_private.h => bzlib_private.h (100%) rename contrib/bzip2/compress.c => compress.c (100%) rename contrib/bzip2/crctable.c => crctable.c (100%) rename contrib/bzip2/decompress.c => decompress.c (100%) rename contrib/bzip2/dlltest.c => dlltest.c (100%) rename contrib/bzip2/huffman.c => huffman.c (100%) rename contrib/bzip2/libbz2.def => libbz2.def (100%) rename contrib/bzip2/makefile.msc => makefile.msc (100%) rename contrib/bzip2/randtable.c => randtable.c (100%) rename contrib/bzip2/sample1.bz2.uu => sample1.bz2.uu (100%) rename contrib/bzip2/sample1.ref.gz.uu => sample1.ref.gz.uu (100%) rename contrib/bzip2/sample2.bz2.uu => sample2.bz2.uu (100%) rename contrib/bzip2/sample2.ref.gz.uu => sample2.ref.gz.uu (100%) rename contrib/bzip2/sample3.bz2.uu => sample3.bz2.uu (100%) rename contrib/bzip2/sample3.ref.gz.uu => sample3.ref.gz.uu (100%) rename contrib/bzip2/spewG.c => spewG.c (100%) rename contrib/bzip2/unzcrash.c => unzcrash.c (100%) rename contrib/bzip2/words0 => words0 (100%) rename contrib/bzip2/words1 => words1 (100%) rename contrib/bzip2/words2 => words2 (100%) rename contrib/bzip2/words3 => words3 (100%) diff --git a/contrib/bzip2/CHANGES b/CHANGES similarity index 100% rename from contrib/bzip2/CHANGES rename to CHANGES diff --git a/contrib/bzip2/LICENSE b/LICENSE similarity index 100% rename from contrib/bzip2/LICENSE rename to LICENSE diff --git a/contrib/bzip2/Makefile b/Makefile similarity index 100% rename from contrib/bzip2/Makefile rename to Makefile diff --git a/contrib/bzip2/Makefile-libbz2_so b/Makefile-libbz2_so similarity index 100% rename from contrib/bzip2/Makefile-libbz2_so rename to Makefile-libbz2_so diff --git a/contrib/bzip2/README b/README similarity index 100% rename from contrib/bzip2/README rename to README diff --git a/contrib/bzip2/README.COMPILATION.PROBLEMS b/README.COMPILATION.PROBLEMS similarity index 100% rename from contrib/bzip2/README.COMPILATION.PROBLEMS rename to README.COMPILATION.PROBLEMS diff --git a/contrib/bzip2/blocksort.c b/blocksort.c similarity index 100% rename from contrib/bzip2/blocksort.c rename to blocksort.c diff --git a/contrib/bzip2/bzip2.1 b/bzip2.1 similarity index 100% rename from contrib/bzip2/bzip2.1 rename to bzip2.1 diff --git a/contrib/bzip2/bzip2.c b/bzip2.c similarity index 100% rename from contrib/bzip2/bzip2.c rename to bzip2.c diff --git a/contrib/bzip2/bzip2recover.c b/bzip2recover.c similarity index 100% rename from contrib/bzip2/bzip2recover.c rename to bzip2recover.c diff --git a/contrib/bzip2/bzlib.c b/bzlib.c similarity index 100% rename from contrib/bzip2/bzlib.c rename to bzlib.c diff --git a/contrib/bzip2/bzlib.h b/bzlib.h similarity index 100% rename from contrib/bzip2/bzlib.h rename to bzlib.h diff --git a/contrib/bzip2/bzlib_private.h b/bzlib_private.h similarity index 100% rename from contrib/bzip2/bzlib_private.h rename to bzlib_private.h diff --git a/contrib/bzip2/compress.c b/compress.c similarity index 100% rename from contrib/bzip2/compress.c rename to compress.c diff --git a/contrib/bzip2/crctable.c b/crctable.c similarity index 100% rename from contrib/bzip2/crctable.c rename to crctable.c diff --git a/contrib/bzip2/decompress.c b/decompress.c similarity index 100% rename from contrib/bzip2/decompress.c rename to decompress.c diff --git a/contrib/bzip2/dlltest.c b/dlltest.c similarity index 100% rename from contrib/bzip2/dlltest.c rename to dlltest.c diff --git a/contrib/bzip2/huffman.c b/huffman.c similarity index 100% rename from contrib/bzip2/huffman.c rename to huffman.c diff --git a/contrib/bzip2/libbz2.def b/libbz2.def similarity index 100% rename from contrib/bzip2/libbz2.def rename to libbz2.def diff --git a/contrib/bzip2/makefile.msc b/makefile.msc similarity index 100% rename from contrib/bzip2/makefile.msc rename to makefile.msc diff --git a/contrib/bzip2/randtable.c b/randtable.c similarity index 100% rename from contrib/bzip2/randtable.c rename to randtable.c diff --git a/contrib/bzip2/sample1.bz2.uu b/sample1.bz2.uu similarity index 100% rename from contrib/bzip2/sample1.bz2.uu rename to sample1.bz2.uu diff --git a/contrib/bzip2/sample1.ref.gz.uu b/sample1.ref.gz.uu similarity index 100% rename from contrib/bzip2/sample1.ref.gz.uu rename to sample1.ref.gz.uu diff --git a/contrib/bzip2/sample2.bz2.uu b/sample2.bz2.uu similarity index 100% rename from contrib/bzip2/sample2.bz2.uu rename to sample2.bz2.uu diff --git a/contrib/bzip2/sample2.ref.gz.uu b/sample2.ref.gz.uu similarity index 100% rename from contrib/bzip2/sample2.ref.gz.uu rename to sample2.ref.gz.uu diff --git a/contrib/bzip2/sample3.bz2.uu b/sample3.bz2.uu similarity index 100% rename from contrib/bzip2/sample3.bz2.uu rename to sample3.bz2.uu diff --git a/contrib/bzip2/sample3.ref.gz.uu b/sample3.ref.gz.uu similarity index 100% rename from contrib/bzip2/sample3.ref.gz.uu rename to sample3.ref.gz.uu diff --git a/contrib/bzip2/spewG.c b/spewG.c similarity index 100% rename from contrib/bzip2/spewG.c rename to spewG.c diff --git a/contrib/bzip2/unzcrash.c b/unzcrash.c similarity index 100% rename from contrib/bzip2/unzcrash.c rename to unzcrash.c diff --git a/contrib/bzip2/words0 b/words0 similarity index 100% rename from contrib/bzip2/words0 rename to words0 diff --git a/contrib/bzip2/words1 b/words1 similarity index 100% rename from contrib/bzip2/words1 rename to words1 diff --git a/contrib/bzip2/words2 b/words2 similarity index 100% rename from contrib/bzip2/words2 rename to words2 diff --git a/contrib/bzip2/words3 b/words3 similarity index 100% rename from contrib/bzip2/words3 rename to words3 From be31153629808972e5d23b96d548a04163aca95f Mon Sep 17 00:00:00 2001 From: "David E. O'Brien" Date: Sat, 2 Oct 2010 06:57:04 +0000 Subject: [PATCH 2/3] Vendor import bzip2 -- upgrade to version 1.0.6. --- CHANGES | 12 ++++++++++-- LICENSE | 4 ++-- Makefile | 6 +++--- Makefile-libbz2_so | 14 +++++++------- README | 9 +++++++-- README.COMPILATION.PROBLEMS | 6 +++--- blocksort.c | 4 ++-- bzip2.1 | 6 +++--- bzip2.c | 8 ++++---- bzip2recover.c | 6 +++--- bzlib.c | 4 ++-- bzlib.h | 4 ++-- bzlib_private.h | 6 +++--- compress.c | 4 ++-- crctable.c | 4 ++-- decompress.c | 24 ++++++++++++++++++++++-- huffman.c | 4 ++-- randtable.c | 4 ++-- sample1.bz2.uu | 2 +- sample1.ref.gz.uu | 2 +- sample2.bz2.uu | 2 +- sample2.ref.gz.uu | 2 +- sample3.bz2.uu | 2 +- sample3.ref.gz.uu | 2 +- spewG.c | 4 ++-- unzcrash.c | 4 ++-- 26 files changed, 91 insertions(+), 58 deletions(-) diff --git a/CHANGES b/CHANGES index 6e4f65e2e0a6..81e97ca6fa25 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -317,3 +317,11 @@ Fixes some minor bugs since the last version, 1.0.3. ~~~~~~~~~~~~~~~~~ Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. + +1.0.6 (6 Sept 10) +~~~~~~~~~~~~~~~~~ + +* Security fix for CVE-2010-0405. This was reported by Mikolaj + Izdebski. + +* Make the documentation build on Ubuntu 10.04 diff --git a/LICENSE b/LICENSE index f420cffb67dc..cc614178cf79 100644 --- a/LICENSE +++ b/LICENSE @@ -2,7 +2,7 @@ -------------------------------------------------------------------------- This program, "bzip2", the associated library "libbzip2", and all -documentation, are copyright (C) 1996-2007 Julian R Seward. All +documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -37,6 +37,6 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Julian Seward, jseward@bzip.org -bzip2/libbzip2 version 1.0.5 of 10 December 2007 +bzip2/libbzip2 version 1.0.6 of 6 September 2010 -------------------------------------------------------------------------- diff --git a/Makefile b/Makefile index eb09753ce101..9754ddf286b1 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.5 of 10 December 2007 -# Copyright (C) 1996-2007 Julian Seward +# bzip2/libbzip2 version 1.0.6 of 6 September 2010 +# Copyright (C) 1996-2010 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -137,7 +137,7 @@ bzip2recover.o: bzip2recover.c distclean: clean rm -f manual.ps manual.html manual.pdf -DISTNAME=bzip2-1.0.5 +DISTNAME=bzip2-1.0.6 dist: check manual rm -f $(DISTNAME) ln -s -f . $(DISTNAME) diff --git a/Makefile-libbz2_so b/Makefile-libbz2_so index 9a13c77e4873..e58791b3b337 100644 --- a/Makefile-libbz2_so +++ b/Makefile-libbz2_so @@ -1,6 +1,6 @@ # This Makefile builds a shared version of the library, -# libbz2.so.1.0.4, with soname libbz2.so.1.0, +# libbz2.so.1.0.6, with soname libbz2.so.1.0, # at least on x86-Linux (RedHat 7.2), # with gcc-2.96 20000731 (Red Hat Linux 7.1 2.96-98). # Please see the README file for some important info @@ -10,8 +10,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.5 of 10 December 2007 -# Copyright (C) 1996-2007 Julian Seward +# bzip2/libbzip2 version 1.0.6 of 6 September 2010 +# Copyright (C) 1996-2010 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -35,13 +35,13 @@ OBJS= blocksort.o \ bzlib.o all: $(OBJS) - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS) - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4 + $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) + $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.4 libbz2.so.1.0 + ln -s libbz2.so.1.0.6 libbz2.so.1.0 clean: - rm -f $(OBJS) bzip2.o libbz2.so.1.0.4 libbz2.so.1.0 bzip2-shared + rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared blocksort.o: blocksort.c $(CC) $(CFLAGS) -c blocksort.c diff --git a/README b/README index e17a84e049f4..9fb0f636013a 100644 --- a/README +++ b/README @@ -6,8 +6,8 @@ This version is fully compatible with the previous public releases. This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.5 of 10 December 2007 -Copyright (C) 1996-2007 Julian Seward +bzip2/libbzip2 version 1.0.6 of 6 September 2010 +Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in this file. @@ -181,6 +181,10 @@ WHAT'S NEW IN 1.0.5 ? See the CHANGES file. +WHAT'S NEW IN 1.0.6 ? + + See the CHANGES file. + I hope you find bzip2 useful. Feel free to contact me at jseward@bzip.org @@ -208,3 +212,4 @@ Cambridge, UK. 15 February 2005 (bzip2, version 1.0.3) 20 December 2006 (bzip2, version 1.0.4) 10 December 2007 (bzip2, version 1.0.5) + 6 Sept 2010 (bzip2, version 1.0.6) diff --git a/README.COMPILATION.PROBLEMS b/README.COMPILATION.PROBLEMS index 22b95c6cb668..667d0d6dfe4d 100644 --- a/README.COMPILATION.PROBLEMS +++ b/README.COMPILATION.PROBLEMS @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.5 of 10 December 2007 -Copyright (C) 1996-2007 Julian Seward +bzip2/libbzip2 version 1.0.6 of 6 September 2010 +Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -12,7 +12,7 @@ This program is released under the terms of the license contained in the file LICENSE. ------------------------------------------------------------------ -bzip2-1.0.5 should compile without problems on the vast majority of +bzip2-1.0.6 should compile without problems on the vast majority of platforms. Using the supplied Makefile, I've built and tested it myself for x86-linux and amd64-linux. With makefile.msc, Visual C++ 6.0 and nmake, you can build a native Win32 version too. Large file diff --git a/blocksort.c b/blocksort.c index bd2dec157fac..d0d662cd4e9f 100644 --- a/blocksort.c +++ b/blocksort.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzip2.1 b/bzip2.1 index a313f2d5bedc..ce3a78e6b4f9 100644 --- a/bzip2.1 +++ b/bzip2.1 @@ -1,7 +1,7 @@ .PU .TH bzip2 1 .SH NAME -bzip2, bunzip2 \- a block-sorting file compressor, v1.0.4 +bzip2, bunzip2 \- a block-sorting file compressor, v1.0.6 .br bzcat \- decompresses files to stdout .br @@ -405,11 +405,11 @@ I/O error messages are not as helpful as they could be. tries hard to detect I/O errors and exit cleanly, but the details of what the problem is sometimes seem rather misleading. -This manual page pertains to version 1.0.4 of +This manual page pertains to version 1.0.6 of .I bzip2. Compressed data created by this version is entirely forwards and backwards compatible with the previous public releases, versions -0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and 1.0.3, but with the following +0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and above, but with the following exception: 0.9.0 and above can correctly decompress multiple concatenated compressed files. 0.1pl2 cannot do this; it will stop after decompressing just the first file in the stream. diff --git a/bzip2.c b/bzip2.c index 390410735b54..6de9d1d14889 100644 --- a/bzip2.c +++ b/bzip2.c @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -1605,11 +1605,11 @@ void license ( void ) "bzip2, a block-sorting file compressor. " "Version %s.\n" " \n" - " Copyright (C) 1996-2007 by Julian Seward.\n" + " Copyright (C) 1996-2010 by Julian Seward.\n" " \n" " This program is free software; you can redistribute it and/or modify\n" " it under the terms set out in the LICENSE file, which is included\n" - " in the bzip2-1.0.5 source distribution.\n" + " in the bzip2-1.0.6 source distribution.\n" " \n" " This program is distributed in the hope that it will be useful,\n" " but WITHOUT ANY WARRANTY; without even the implied warranty of\n" diff --git a/bzip2recover.c b/bzip2recover.c index 5f6d6218095e..f9de0496abf1 100644 --- a/bzip2recover.c +++ b/bzip2recover.c @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -313,7 +313,7 @@ Int32 main ( Int32 argc, Char** argv ) inFileName[0] = outFileName[0] = 0; fprintf ( stderr, - "bzip2recover 1.0.5: extracts blocks from damaged .bz2 files.\n" ); + "bzip2recover 1.0.6: extracts blocks from damaged .bz2 files.\n" ); if (argc != 2) { fprintf ( stderr, "%s: usage is `%s damaged_file_name'.\n", diff --git a/bzlib.c b/bzlib.c index ef86c91e6953..bd358a793b84 100644 --- a/bzlib.c +++ b/bzlib.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzlib.h b/bzlib.h index c5b75d6d8ff9..8277123da8cf 100644 --- a/bzlib.h +++ b/bzlib.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzlib_private.h b/bzlib_private.h index 23427879b180..5d0217f46350 100644 --- a/bzlib_private.h +++ b/bzlib_private.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -36,7 +36,7 @@ /*-- General stuff. --*/ -#define BZ_VERSION "1.0.5, 10-Dec-2007" +#define BZ_VERSION "1.0.6, 6-Sept-2010" typedef char Char; typedef unsigned char Bool; diff --git a/compress.c b/compress.c index 8c80a079700c..caf7696011b6 100644 --- a/compress.c +++ b/compress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/crctable.c b/crctable.c index 215687b2c054..1fea7e946c57 100644 --- a/crctable.c +++ b/crctable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/decompress.c b/decompress.c index bba5e0fa36dc..311f5668f9ae 100644 --- a/decompress.c +++ b/decompress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -381,6 +381,13 @@ Int32 BZ2_decompress ( DState* s ) es = -1; N = 1; do { + /* Check that N doesn't get too big, so that es doesn't + go negative. The maximum value that can be + RUNA/RUNB encoded is equal to the block size (post + the initial RLE), viz, 900k, so bounding N at 2 + million should guard against overflow without + rejecting any legitimate inputs. */ + if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); if (nextSym == BZ_RUNA) es = es + (0+1) * N; else if (nextSym == BZ_RUNB) es = es + (1+1) * N; N = N * 2; @@ -485,15 +492,28 @@ Int32 BZ2_decompress ( DState* s ) RETURN(BZ_DATA_ERROR); /*-- Set up cftab to facilitate generation of T^(-1) --*/ + /* Check: unzftab entries in range. */ + for (i = 0; i <= 255; i++) { + if (s->unzftab[i] < 0 || s->unzftab[i] > nblock) + RETURN(BZ_DATA_ERROR); + } + /* Actually generate cftab. */ s->cftab[0] = 0; for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1]; for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1]; + /* Check: cftab entries in range. */ for (i = 0; i <= 256; i++) { if (s->cftab[i] < 0 || s->cftab[i] > nblock) { /* s->cftab[i] can legitimately be == nblock */ RETURN(BZ_DATA_ERROR); } } + /* Check: cftab entries non-descending. */ + for (i = 1; i <= 256; i++) { + if (s->cftab[i-1] > s->cftab[i]) { + RETURN(BZ_DATA_ERROR); + } + } s->state_out_len = 0; s->state_out_ch = 0; diff --git a/huffman.c b/huffman.c index 87e79e38af0f..2283fdbc5a10 100644 --- a/huffman.c +++ b/huffman.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/randtable.c b/randtable.c index 068b76367bcc..6d6245990610 100644 --- a/randtable.c +++ b/randtable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/sample1.bz2.uu b/sample1.bz2.uu index 544568031af1..7095c0d334e7 100644 --- a/sample1.bz2.uu +++ b/sample1.bz2.uu @@ -1,4 +1,4 @@ -begin 644 sample1.bz2 +begin 640 sample1.bz2 M0EIH,3%!62936``^"5D```4[8=N[8K7,-JP,#+WT`WUMF`[!Z#H>Z]G#Z!`$ M``&]F(!NO=V[[M9NCTWNY[8+SDJPX]LV]K.-S+;KAZ-ZL2V8*;.;77MW;VVY diff --git a/sample1.ref.gz.uu b/sample1.ref.gz.uu index 6c36f44d14df..8b1b8a7c5477 100644 --- a/sample1.ref.gz.uu +++ b/sample1.ref.gz.uu @@ -1,4 +1,4 @@ -begin 644 sample1.ref.gz +begin 640 sample1.ref.gz M'XL("%<.FT4"`W-A;7!L93$NZWW'?ON>>>Y7N^ diff --git a/sample2.bz2.uu b/sample2.bz2.uu index b0610ea63c91..b1a7134201e5 100644 --- a/sample2.bz2.uu +++ b/sample2.bz2.uu @@ -1,4 +1,4 @@ -begin 644 sample2.bz2 +begin 640 sample2.bz2 M0EIH,C%!629367PQR6$!@_U_____________________________________ M________X3T-[WV#SN>48``!H*!H`-``'3:NO$JCVP/N!K+L'U2AE M@`!.QH[YW>@&]ZXY```0:`^@``,G'WQSWQ[NC('@`0T7L!W84*!XU@`/30*N diff --git a/sample2.ref.gz.uu b/sample2.ref.gz.uu index fd78424a8c31..60126226fa7e 100644 --- a/sample2.ref.gz.uu +++ b/sample2.ref.gz.uu @@ -1,4 +1,4 @@ -begin 644 sample2.ref.gz +begin 640 sample2.ref.gz M'XL("%<.FT4"`W-A;7!L93(NX1)(!DVDX@UW=4SY717#5W=F4P@""XL2L8T!?44&2#L/(`@"(*, M+`HJH.S*PR(*@H`R@DL0?%#@/"?-_W?OP4DNZN6WKPBU87N[XI5>!/TRY1JZE9UN&;!6ZH,60K?O=56)J;1@ diff --git a/sample3.ref.gz.uu b/sample3.ref.gz.uu index 8552ba60f267..3611162cdd2d 100644 --- a/sample3.ref.gz.uu +++ b/sample3.ref.gz.uu @@ -1,4 +1,4 @@ -begin 644 sample3.ref.gz +begin 640 sample3.ref.gz M'XL("%<.FT4"`W-A;7!L93,N4$"`)T;M%]+Z!F MZ-B(8P>2@S:W'R7HNB=XBP=1$#\E_9KF%N.\9/0U_YXSO^;ULCSC]U9[<8KX M.<9S>_2>]>M5U);+.-0LK[Z8]V/ + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/unzcrash.c b/unzcrash.c index a1b75463adca..7041da51c989 100644 --- a/unzcrash.c +++ b/unzcrash.c @@ -17,8 +17,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. From dd642931791555836f950996f6ff2c854f882dc6 Mon Sep 17 00:00:00 2001 From: "David E. O'Brien" Date: Sat, 2 Oct 2010 08:28:15 +0000 Subject: [PATCH 3/3] Correct file permissions. --- sample1.bz2.uu | 2 +- sample1.ref.gz.uu | 2 +- sample2.bz2.uu | 2 +- sample2.ref.gz.uu | 2 +- sample3.bz2.uu | 2 +- sample3.ref.gz.uu | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sample1.bz2.uu b/sample1.bz2.uu index 7095c0d334e7..544568031af1 100644 --- a/sample1.bz2.uu +++ b/sample1.bz2.uu @@ -1,4 +1,4 @@ -begin 640 sample1.bz2 +begin 644 sample1.bz2 M0EIH,3%!62936``^"5D```4[8=N[8K7,-JP,#+WT`WUMF`[!Z#H>Z]G#Z!`$ M``&]F(!NO=V[[M9NCTWNY[8+SDJPX]LV]K.-S+;KAZ-ZL2V8*;.;77MW;VVY diff --git a/sample1.ref.gz.uu b/sample1.ref.gz.uu index 8b1b8a7c5477..6c36f44d14df 100644 --- a/sample1.ref.gz.uu +++ b/sample1.ref.gz.uu @@ -1,4 +1,4 @@ -begin 640 sample1.ref.gz +begin 644 sample1.ref.gz M'XL("%<.FT4"`W-A;7!L93$NZWW'?ON>>>Y7N^ diff --git a/sample2.bz2.uu b/sample2.bz2.uu index b1a7134201e5..b0610ea63c91 100644 --- a/sample2.bz2.uu +++ b/sample2.bz2.uu @@ -1,4 +1,4 @@ -begin 640 sample2.bz2 +begin 644 sample2.bz2 M0EIH,C%!629367PQR6$!@_U_____________________________________ M________X3T-[WV#SN>48``!H*!H`-``'3:NO$JCVP/N!K+L'U2AE M@`!.QH[YW>@&]ZXY```0:`^@``,G'WQSWQ[NC('@`0T7L!W84*!XU@`/30*N diff --git a/sample2.ref.gz.uu b/sample2.ref.gz.uu index 60126226fa7e..fd78424a8c31 100644 --- a/sample2.ref.gz.uu +++ b/sample2.ref.gz.uu @@ -1,4 +1,4 @@ -begin 640 sample2.ref.gz +begin 644 sample2.ref.gz M'XL("%<.FT4"`W-A;7!L93(NX1)(!DVDX@UW=4SY717#5W=F4P@""XL2L8T!?44&2#L/(`@"(*, M+`HJH.S*PR(*@H`R@DL0?%#@/"?-_W?OP4DNZN6WKPBU87N[XI5>!/TRY1JZE9UN&;!6ZH,60K?O=56)J;1@ diff --git a/sample3.ref.gz.uu b/sample3.ref.gz.uu index 3611162cdd2d..8552ba60f267 100644 --- a/sample3.ref.gz.uu +++ b/sample3.ref.gz.uu @@ -1,4 +1,4 @@ -begin 640 sample3.ref.gz +begin 644 sample3.ref.gz M'XL("%<.FT4"`W-A;7!L93,N4$"`)T;M%]+Z!F MZ-B(8P>2@S:W'R7HNB=XBP=1$#\E_9KF%N.\9/0U_YXSO^;ULCSC]U9[<8KX M.<9S>_2>]>M5U);+.-0LK[Z8]V/