pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/archivers/bzip2 Update to 1.0.5



details:   https://anonhg.NetBSD.org/pkgsrc/rev/31aa7341e9e3
branches:  trunk
changeset: 540095:31aa7341e9e3
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Wed Mar 26 19:06:06 2008 +0000

description:
Update to 1.0.5
The only change is to address the vulnerability detailed in CERT/CC: VU#813451
OK'ed joerg@

diffstat:

 archivers/bzip2/Makefile              |   6 +++---
 archivers/bzip2/files/CHANGES         |   9 +++++++--
 archivers/bzip2/files/LICENSE         |   7 +++----
 archivers/bzip2/files/README          |   9 +++++++--
 archivers/bzip2/files/blocksort.c     |   4 ++--
 archivers/bzip2/files/bzip2.1         |   4 ++--
 archivers/bzip2/files/bzip2.c         |   8 ++++----
 archivers/bzip2/files/bzip2recover.c  |   6 +++---
 archivers/bzip2/files/bzlib.c         |   7 ++++---
 archivers/bzip2/files/bzlib.h         |   4 ++--
 archivers/bzip2/files/bzlib_private.h |  16 +++++++++++-----
 archivers/bzip2/files/compress.c      |   4 ++--
 archivers/bzip2/files/crctable.c      |   4 ++--
 archivers/bzip2/files/decompress.c    |   4 ++--
 archivers/bzip2/files/huffman.c       |   4 ++--
 archivers/bzip2/files/randtable.c     |   4 ++--
 16 files changed, 58 insertions(+), 42 deletions(-)

diffs (truncated from 345 to 300 lines):

diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/Makefile
--- a/archivers/bzip2/Makefile  Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/Makefile  Wed Mar 26 19:06:06 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.46 2008/02/12 11:25:35 tnn Exp $
+# $NetBSD: Makefile,v 1.47 2008/03/26 19:06:06 adrianp Exp $
 #
 
-DISTNAME=      bzip2-1.0.4
+DISTNAME=      bzip2-1.0.5
 CATEGORIES=    archivers
-MASTER_SITES=  http://www.bzip.org/1.0.4/
+MASTER_SITES=  http://www.bzip.org/1.0.5/
 
 MAINTAINER=    joerg%NetBSD.org@localhost
 HOMEPAGE=      http://www.bzip.org/
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/CHANGES
--- a/archivers/bzip2/files/CHANGES     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/CHANGES     Wed Mar 26 19:06:06 2008 +0000
@@ -2,8 +2,8 @@
  This file is part of bzip2/libbzip2, a program and library for
  lossless, block-sorting data compression.
 
- bzip2/libbzip2 version 1.0.4 of 20 December 2006
- Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+ bzip2/libbzip2 version 1.0.5 of 10 December 2007
+ Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
  Please read the WARNING, DISCLAIMER and PATENTS sections in the 
  README file.
@@ -312,3 +312,8 @@
 
 * Fix minor doc/comment bugs.
 
+
+1.0.5 (10 Dec 07)
+~~~~~~~~~~~~~~~~~
+Security fix only.  Fixes CERT-FI 20469 as it applies to bzip2.
+
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/LICENSE
--- a/archivers/bzip2/files/LICENSE     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/LICENSE     Wed Mar 26 19:06:06 2008 +0000
@@ -2,7 +2,7 @@
 --------------------------------------------------------------------------
 
 This program, "bzip2", the associated library "libbzip2", and all
-documentation, are copyright (C) 1996-2006 Julian R Seward.  All
+documentation, are copyright (C) 1996-2007 Julian R Seward.  All
 rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -36,8 +36,7 @@
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-Julian Seward, Cambridge, UK.
-jseward%bzip.org@localhost
-bzip2/libbzip2 version 1.0.4 of 20 December 2006
+Julian Seward, jseward%bzip.org@localhost
+bzip2/libbzip2 version 1.0.5 of 10 December 2007
 
 --------------------------------------------------------------------------
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/README
--- a/archivers/bzip2/files/README      Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/README      Wed Mar 26 19:06:06 2008 +0000
@@ -6,8 +6,8 @@
 This file is part of bzip2/libbzip2, a program and library for
 lossless, block-sorting data compression.
 
-bzip2/libbzip2 version 1.0.4 of 20 December 2006
-Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+bzip2/libbzip2 version 1.0.5 of 10 December 2007
+Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
 Please read the WARNING, DISCLAIMER and PATENTS sections in this file.
 
@@ -177,6 +177,10 @@
 
    See the CHANGES file.
 
+WHAT'S NEW IN 1.0.5 ?
+
+   See the CHANGES file.
+
 
 I hope you find bzip2 useful.  Feel free to contact me at
    jseward%bzip.org@localhost
@@ -203,3 +207,4 @@
 30 December 2001 (bzip2, version 1.0.2pre1)
 15 February 2005 (bzip2, version 1.0.3)
 20 December 2006 (bzip2, version 1.0.4)
+10 December 2007 (bzip2, version 1.0.5)
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/blocksort.c
--- a/archivers/bzip2/files/blocksort.c Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/blocksort.c Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzip2.1
--- a/archivers/bzip2/files/bzip2.1     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzip2.1     Wed Mar 26 19:06:06 2008 +0000
@@ -1,7 +1,7 @@
 .PU
 .TH bzip2 1
 .SH NAME
-bzip2, bunzip2 \- a block-sorting file compressor, v1.0.4
+bzip2, bunzip2 \- a block-sorting file compressor, v1.0.5
 .br
 bzcat \- decompresses files to stdout
 .br
@@ -405,7 +405,7 @@
 tries hard to detect I/O errors and exit cleanly, but the details of
 what the problem is sometimes seem rather misleading.
 
-This manual page pertains to version 1.0.4 of
+This manual page pertains to version 1.0.5 of
 .I bzip2.  
 Compressed data created by this version is entirely forwards and
 backwards compatible with the previous public releases, versions
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzip2.c
--- a/archivers/bzip2/files/bzip2.c     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzip2.c     Wed Mar 26 19:06:06 2008 +0000
@@ -7,8 +7,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -1605,11 +1605,11 @@
     "bzip2, a block-sorting file compressor.  "
     "Version %s.\n"
     "   \n"
-    "   Copyright (C) 1996-2006 by Julian Seward.\n"
+    "   Copyright (C) 1996-2007 by Julian Seward.\n"
     "   \n"
     "   This program is free software; you can redistribute it and/or modify\n"
     "   it under the terms set out in the LICENSE file, which is included\n"
-    "   in the bzip2-1.0.4 source distribution.\n"
+    "   in the bzip2-1.0.5 source distribution.\n"
     "   \n"
     "   This program is distributed in the hope that it will be useful,\n"
     "   but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzip2recover.c
--- a/archivers/bzip2/files/bzip2recover.c      Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzip2recover.c      Wed Mar 26 19:06:06 2008 +0000
@@ -7,8 +7,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -313,7 +313,7 @@
    inFileName[0] = outFileName[0] = 0;
 
    fprintf ( stderr, 
-             "bzip2recover 1.0.4: extracts blocks from damaged .bz2 files.\n" );
+             "bzip2recover 1.0.5: extracts blocks from damaged .bz2 files.\n" );
 
    if (argc != 2) {
       fprintf ( stderr, "%s: usage is `%s damaged_file_name'.\n",
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzlib.c
--- a/archivers/bzip2/files/bzlib.c     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzlib.c     Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -48,7 +48,7 @@
       "component, you should also report this bug to the author(s)\n"
       "of that program.  Please make an effort to report this bug;\n"
       "timely and accurate bug reports eventually lead to higher\n"
-      "quality software.  Thanks.  Julian Seward, 15 February 2005.\n\n",
+      "quality software.  Thanks.  Julian Seward, 10 December 2007.\n\n",
       errcode,
       BZ2_bzlibVersion()
    );
@@ -598,6 +598,7 @@
       UInt32        c_tPos               = s->tPos;
       char*         cs_next_out          = s->strm->next_out;
       unsigned int  cs_avail_out         = s->strm->avail_out;
+      Int32         ro_blockSize100k     = s->blockSize100k;
       /* end restore */
 
       UInt32       avail_out_INIT = cs_avail_out;
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzlib.h
--- a/archivers/bzip2/files/bzlib.h     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzlib.h     Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/bzlib_private.h
--- a/archivers/bzip2/files/bzlib_private.h     Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/bzlib_private.h     Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -36,7 +36,7 @@
 
 /*-- General stuff. --*/
 
-#define BZ_VERSION  "1.0.4, 20-Dec-2006"
+#define BZ_VERSION  "1.0.5, 10-Dec-2007"
 
 typedef char            Char;
 typedef unsigned char   Bool;
@@ -442,11 +442,15 @@
 /*-- Macros for decompression. --*/
 
 #define BZ_GET_FAST(cccc)                     \
+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+    if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
     s->tPos = s->tt[s->tPos];                 \
     cccc = (UChar)(s->tPos & 0xff);           \
     s->tPos >>= 8;
 
 #define BZ_GET_FAST_C(cccc)                   \
+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+    if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \
     c_tPos = c_tt[c_tPos];                    \
     cccc = (UChar)(c_tPos & 0xff);            \
     c_tPos >>= 8;
@@ -469,8 +473,10 @@
    (((UInt32)s->ll16[i]) | (GET_LL4(i) << 16))
 
 #define BZ_GET_SMALL(cccc)                            \
-      cccc = BZ2_indexIntoF ( s->tPos, s->cftab );    \
-      s->tPos = GET_LL(s->tPos);
+    /* c_tPos is unsigned, hence test < 0 is pointless. */ \
+    if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \
+    cccc = BZ2_indexIntoF ( s->tPos, s->cftab );    \
+    s->tPos = GET_LL(s->tPos);
 
 
 /*-- externs for decompression. --*/
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/compress.c
--- a/archivers/bzip2/files/compress.c  Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/compress.c  Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
diff -r d028c9f135f2 -r 31aa7341e9e3 archivers/bzip2/files/crctable.c
--- a/archivers/bzip2/files/crctable.c  Wed Mar 26 16:23:33 2008 +0000
+++ b/archivers/bzip2/files/crctable.c  Wed Mar 26 19:06:06 2008 +0000
@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.4 of 20 December 2006
-   Copyright (C) 1996-2006 Julian Seward <jseward%bzip.org@localhost>
+   bzip2/libbzip2 version 1.0.5 of 10 December 2007
+   Copyright (C) 1996-2007 Julian Seward <jseward%bzip.org@localhost>



Home | Main Index | Thread Index | Old Index