From fb69e223e528e6e4c1411ced8b7c9f07024dc280 Mon Sep 17 00:00:00 2001 From: Xin LI Date: Sun, 11 Aug 2019 06:22:06 +0000 Subject: [PATCH] Vendor import bzip2 -- upgrade to version 1.0.8. --- CHANGES | 20 ++++++++++++++++++-- LICENSE | 4 ++-- Makefile | 6 +++--- Makefile-libbz2_so | 14 +++++++------- README | 9 +++++---- README.COMPILATION.PROBLEMS | 4 ++-- blocksort.c | 4 ++-- bzip2.1 | 4 ++-- bzip2.c | 20 ++++++++++---------- bzip2recover.c | 6 +++--- bzlib.c | 8 ++++---- bzlib.h | 4 ++-- bzlib_private.h | 6 +++--- compress.c | 6 +++--- crctable.c | 4 ++-- decompress.c | 14 ++++++++++---- huffman.c | 4 ++-- randtable.c | 4 ++-- spewG.c | 4 ++-- unzcrash.c | 4 ++-- 20 files changed, 86 insertions(+), 63 deletions(-) diff --git a/CHANGES b/CHANGES index d9b4c05c52ce..30afead2586b 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -338,3 +338,19 @@ Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189) * Make sure nSelectors is not out of range (CVE-2019-12900) + +1.0.8 (13 Jul 19) +~~~~~~~~~~~~~~~~~ + +* Accept as many selectors as the file format allows. + This relaxes the fix for CVE-2019-12900 from 1.0.7 + so that bzip2 allows decompression of bz2 files that + use (too) many selectors again. + +* Fix handling of large (> 4GB) files on Windows. + +* Cleanup of bzdiff and bzgrep scripts so they don't use + any bash extensions and handle multiple archives correctly. + +* There is now a bz2-files testsuite at + https://sourceware.org/git/bzip2-tests.git diff --git a/LICENSE b/LICENSE index 95f9598f847d..81a37eab7a5b 100644 --- a/LICENSE +++ b/LICENSE @@ -2,7 +2,7 @@ -------------------------------------------------------------------------- This program, "bzip2", the associated library "libbzip2", and all -documentation, are copyright (C) 1996-2010 Julian R Seward. All +documentation, are copyright (C) 1996-2019 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -37,6 +37,6 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Julian Seward, jseward@acm.org -bzip2/libbzip2 version 1.0.7 of 27 June 2019 +bzip2/libbzip2 version 1.0.8 of 13 July 2019 -------------------------------------------------------------------------- diff --git a/Makefile b/Makefile index 6706685c09a3..f8a17722e1c3 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.6 of 6 September 2010 -# Copyright (C) 1996-2010 Julian Seward +# bzip2/libbzip2 version 1.0.8 of 13 July 2019 +# Copyright (C) 1996-2019 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -137,7 +137,7 @@ bzip2recover.o: bzip2recover.c distclean: clean rm -f manual.ps manual.html manual.pdf -DISTNAME=bzip2-1.0.7 +DISTNAME=bzip2-1.0.8 dist: check manual rm -f $(DISTNAME) ln -s -f . $(DISTNAME) diff --git a/Makefile-libbz2_so b/Makefile-libbz2_so index 862eb7d4e97f..fb0f2306f063 100644 --- a/Makefile-libbz2_so +++ b/Makefile-libbz2_so @@ -1,6 +1,6 @@ # This Makefile builds a shared version of the library, -# libbz2.so.1.0.7, with soname libbz2.so.1.0, +# libbz2.so.1.0.8, with soname libbz2.so.1.0, # at least on x86-Linux (RedHat 7.2), # with gcc-2.96 20000731 (Red Hat Linux 7.1 2.96-98). # Please see the README file for some important info @@ -10,8 +10,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.6 of 6 September 2010 -# Copyright (C) 1996-2010 Julian Seward +# bzip2/libbzip2 version 1.0.8 of 13 July 2019 +# Copyright (C) 1996-2019 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -35,13 +35,13 @@ OBJS= blocksort.o \ bzlib.o all: $(OBJS) - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.7 $(OBJS) - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.7 + $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS) + $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8 rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.7 libbz2.so.1.0 + ln -s libbz2.so.1.0.8 libbz2.so.1.0 clean: - rm -f $(OBJS) bzip2.o libbz2.so.1.0.7 libbz2.so.1.0 bzip2-shared + rm -f $(OBJS) bzip2.o libbz2.so.1.0.8 libbz2.so.1.0 bzip2-shared blocksort.o: blocksort.c $(CC) $(CFLAGS) -c blocksort.c diff --git a/README b/README index 64873f9826d8..b9c6099fd1c9 100644 --- a/README +++ b/README @@ -6,8 +6,8 @@ This version is fully compatible with the previous public releases. This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.7 of 27 June 2019 -Copyright (C) 1996-2010 Julian Seward +bzip2/libbzip2 version 1.0.8 of 13 July 2019 +Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in this file. @@ -165,8 +165,8 @@ WHAT'S NEW IN 1.0.x ? See the CHANGES file. -I hope you find bzip2 useful. Feel free to contact me at - jseward@acm.org +I hope you find bzip2 useful. Feel free to contact the developers at + bzip2-devel@sourceware.org if you have any suggestions or queries. Many people mailed me with comments, suggestions and patches after the releases of bzip-0.15, bzip-0.21, and bzip2 versions 0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, @@ -193,3 +193,4 @@ Cambridge, UK. 10 December 2007 (bzip2, version 1.0.5) 6 Sept 2010 (bzip2, version 1.0.6) 27 June 2019 (bzip2, version 1.0.7) +13 July 2019 (bzip2, version 1.0.8) diff --git a/README.COMPILATION.PROBLEMS b/README.COMPILATION.PROBLEMS index 9e6ac5a1c88e..fa317a50c814 100644 --- a/README.COMPILATION.PROBLEMS +++ b/README.COMPILATION.PROBLEMS @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.7 of 27 June 2019 -Copyright (C) 1996-2010 Julian Seward +bzip2/libbzip2 version 1.0.8 of 13 July 2019 +Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/blocksort.c b/blocksort.c index 26579017af10..92d81fe287ea 100644 --- a/blocksort.c +++ b/blocksort.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzip2.1 b/bzip2.1 index f49a78c89bba..0cbcdab00ed8 100644 --- a/bzip2.1 +++ b/bzip2.1 @@ -1,7 +1,7 @@ .PU .TH bzip2 1 .SH NAME -bzip2, bunzip2 \- a block-sorting file compressor, v1.0.7 +bzip2, bunzip2 \- a block-sorting file compressor, v1.0.8 .br bzcat \- decompresses files to stdout .br @@ -405,7 +405,7 @@ I/O error messages are not as helpful as they could be. tries hard to detect I/O errors and exit cleanly, but the details of what the problem is sometimes seem rather misleading. -This manual page pertains to version 1.0.7 of +This manual page pertains to version 1.0.8 of .I bzip2. Compressed data created by this version is entirely forwards and backwards compatible with the previous public releases, versions diff --git a/bzip2.c b/bzip2.c index e362c6506950..d95d280619ad 100644 --- a/bzip2.c +++ b/bzip2.c @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -128,12 +128,12 @@ #if BZ_LCCWIN32 # include # include -# include +# include # define NORETURN /**/ # define PATH_SEP '\\' -# define MY_LSTAT _stat -# define MY_STAT _stat +# define MY_LSTAT _stati64 +# define MY_STAT _stati64 # define MY_S_ISREG(x) ((x) & _S_IFREG) # define MY_S_ISDIR(x) ((x) & _S_IFDIR) @@ -748,8 +748,8 @@ void panic ( const Char* s ) fprintf ( stderr, "\n%s: PANIC -- internal consistency error:\n" "\t%s\n" - "\tThis is a BUG. Please report it to me at:\n" - "\tjseward@acm.org\n", + "\tThis is a BUG. Please report it to:\n" + "\tbzip2-devel@sourceware.org\n", progName, s ); showFileNames(); cleanUpAndFail( 3 ); @@ -829,7 +829,7 @@ void mySIGSEGVorSIGBUScatcher ( IntNative n ) " The user's manual, Section 4.3, has more info on (1) and (2).\n" " \n" " If you suspect this is a bug in bzip2, or are unsure about (1)\n" - " or (2), feel free to report it to me at: jseward@acm.org.\n" + " or (2), feel free to report it to: bzip2-devel@sourceware.org.\n" " Section 4.3 of the user's manual describes the info a useful\n" " bug report should have. If the manual is available on your\n" " system, please try and read it before mailing me. If you don't\n" @@ -852,7 +852,7 @@ void mySIGSEGVorSIGBUScatcher ( IntNative n ) " The user's manual, Section 4.3, has more info on (2) and (3).\n" " \n" " If you suspect this is a bug in bzip2, or are unsure about (2)\n" - " or (3), feel free to report it to me at: jseward@acm.org.\n" + " or (3), feel free to report it to: bzip2-devel@sourceware.org.\n" " Section 4.3 of the user's manual describes the info a useful\n" " bug report should have. If the manual is available on your\n" " system, please try and read it before mailing me. If you don't\n" @@ -1605,7 +1605,7 @@ void license ( void ) "bzip2, a block-sorting file compressor. " "Version %s.\n" " \n" - " Copyright (C) 1996-2010 by Julian Seward.\n" + " Copyright (C) 1996-2019 by Julian Seward.\n" " \n" " This program is free software; you can redistribute it and/or modify\n" " it under the terms set out in the LICENSE file, which is included\n" diff --git a/bzip2recover.c b/bzip2recover.c index c0b9eacb84e2..a8131e0611ec 100644 --- a/bzip2recover.c +++ b/bzip2recover.c @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -314,7 +314,7 @@ Int32 main ( Int32 argc, Char** argv ) inFileName[0] = outFileName[0] = 0; fprintf ( stderr, - "bzip2recover 1.0.7: extracts blocks from damaged .bz2 files.\n" ); + "bzip2recover 1.0.8: extracts blocks from damaged .bz2 files.\n" ); if (argc != 2) { fprintf ( stderr, "%s: usage is `%s damaged_file_name'.\n", diff --git a/bzlib.c b/bzlib.c index f9da295c7521..21786551b60b 100644 --- a/bzlib.c +++ b/bzlib.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -43,12 +43,12 @@ void BZ2_bz__AssertH__fail ( int errcode ) fprintf(stderr, "\n\nbzip2/libbzip2: internal error number %d.\n" "This is a bug in bzip2/libbzip2, %s.\n" - "Please report it to me at: jseward@acm.org. If this happened\n" + "Please report it to: bzip2-devel@sourceware.org. If this happened\n" "when you were using some program which uses libbzip2 as a\n" "component, you should also report this bug to the author(s)\n" "of that program. Please make an effort to report this bug;\n" "timely and accurate bug reports eventually lead to higher\n" - "quality software. Thanks. Julian Seward, 10 December 2007.\n\n", + "quality software. Thanks.\n\n", errcode, BZ2_bzlibVersion() ); diff --git a/bzlib.h b/bzlib.h index 8cf07918f8bc..8966a6c5804e 100644 --- a/bzlib.h +++ b/bzlib.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzlib_private.h b/bzlib_private.h index 797555222d52..3755a6f701ec 100644 --- a/bzlib_private.h +++ b/bzlib_private.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -36,7 +36,7 @@ /*-- General stuff. --*/ -#define BZ_VERSION "1.0.7, 27-Jun-2019" +#define BZ_VERSION "1.0.8, 13-Jul-2019" typedef char Char; typedef unsigned char Bool; diff --git a/compress.c b/compress.c index 237620d85891..5dfa00231b09 100644 --- a/compress.c +++ b/compress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -454,7 +454,7 @@ void sendMTFValues ( EState* s ) AssertH( nGroups < 8, 3002 ); AssertH( nSelectors < 32768 && - nSelectors <= (2 + (900000 / BZ_G_SIZE)), + nSelectors <= BZ_MAX_SELECTORS, 3003 ); diff --git a/crctable.c b/crctable.c index 746efac1cda9..2b33c2535338 100644 --- a/crctable.c +++ b/crctable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/decompress.c b/decompress.c index 20ce4936cdfb..a1a0bac89227 100644 --- a/decompress.c +++ b/decompress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR); GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); - if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + if (nSelectors < 1) RETURN(BZ_DATA_ERROR); for (i = 0; i < nSelectors; i++) { j = 0; while (True) { @@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s ) j++; if (j >= nGroups) RETURN(BZ_DATA_ERROR); } - s->selectorMtf[i] = j; + /* Having more than BZ_MAX_SELECTORS doesn't make much sense + since they will never be used, but some implementations might + "round up" the number of selectors, so just ignore those. */ + if (i < BZ_MAX_SELECTORS) + s->selectorMtf[i] = j; } + if (nSelectors > BZ_MAX_SELECTORS) + nSelectors = BZ_MAX_SELECTORS; /*--- Undo the MTF values for the selectors. ---*/ { diff --git a/huffman.c b/huffman.c index 0fd6fd762cac..43a1899e4688 100644 --- a/huffman.c +++ b/huffman.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/randtable.c b/randtable.c index 726d62f0ca0c..bdc6d4a4cc9a 100644 --- a/randtable.c +++ b/randtable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/spewG.c b/spewG.c index 320dc854beb4..65d24c89cbce 100644 --- a/spewG.c +++ b/spewG.c @@ -13,8 +13,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/unzcrash.c b/unzcrash.c index 6e7c63198d07..c68f93c56cba 100644 --- a/unzcrash.c +++ b/unzcrash.c @@ -17,8 +17,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.7 of 27 June 2019 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.8 of 13 July 2019 + Copyright (C) 1996-2019 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file.