From owner-svn-src-stable@FreeBSD.ORG Thu Feb 28 05:47:54 2013 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B9075E4A; Thu, 28 Feb 2013 05:47:54 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 95EBAC47; Thu, 28 Feb 2013 05:47:54 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1S5ls9T064455; Thu, 28 Feb 2013 05:47:54 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1S5loBf064426; Thu, 28 Feb 2013 05:47:50 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201302280547.r1S5loBf064426@svn.freebsd.org> From: Xin LI Date: Thu, 28 Feb 2013 05:47:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r247448 - stable/8/contrib/bzip2 X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2013 05:47:54 -0000 Author: delphij Date: Thu Feb 28 05:47:50 2013 New Revision: 247448 URL: http://svnweb.freebsd.org/changeset/base/247448 Log: MFC r215041 (obrien): Upgrade to bzip2 version 1.0.6. Modified: stable/8/contrib/bzip2/CHANGES stable/8/contrib/bzip2/LICENSE stable/8/contrib/bzip2/Makefile stable/8/contrib/bzip2/Makefile-libbz2_so stable/8/contrib/bzip2/README stable/8/contrib/bzip2/README.COMPILATION.PROBLEMS stable/8/contrib/bzip2/blocksort.c stable/8/contrib/bzip2/bzip2.1 stable/8/contrib/bzip2/bzip2.c stable/8/contrib/bzip2/bzip2recover.c stable/8/contrib/bzip2/bzlib.c stable/8/contrib/bzip2/bzlib.h stable/8/contrib/bzip2/bzlib_private.h stable/8/contrib/bzip2/compress.c stable/8/contrib/bzip2/crctable.c stable/8/contrib/bzip2/decompress.c stable/8/contrib/bzip2/huffman.c stable/8/contrib/bzip2/randtable.c stable/8/contrib/bzip2/spewG.c stable/8/contrib/bzip2/unzcrash.c Directory Properties: stable/8/contrib/bzip2/ (props changed) Modified: stable/8/contrib/bzip2/CHANGES ============================================================================== --- stable/8/contrib/bzip2/CHANGES Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/CHANGES Thu Feb 28 05:47:50 2013 (r247448) @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -317,3 +317,11 @@ Fixes some minor bugs since the last ver ~~~~~~~~~~~~~~~~~ Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. + +1.0.6 (6 Sept 10) +~~~~~~~~~~~~~~~~~ + +* Security fix for CVE-2010-0405. This was reported by Mikolaj + Izdebski. + +* Make the documentation build on Ubuntu 10.04 Modified: stable/8/contrib/bzip2/LICENSE ============================================================================== --- stable/8/contrib/bzip2/LICENSE Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/LICENSE Thu Feb 28 05:47:50 2013 (r247448) @@ -2,7 +2,7 @@ -------------------------------------------------------------------------- This program, "bzip2", the associated library "libbzip2", and all -documentation, are copyright (C) 1996-2007 Julian R Seward. All +documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -37,6 +37,6 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Julian Seward, jseward@bzip.org -bzip2/libbzip2 version 1.0.5 of 10 December 2007 +bzip2/libbzip2 version 1.0.6 of 6 September 2010 -------------------------------------------------------------------------- Modified: stable/8/contrib/bzip2/Makefile ============================================================================== --- stable/8/contrib/bzip2/Makefile Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/Makefile Thu Feb 28 05:47:50 2013 (r247448) @@ -2,8 +2,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.5 of 10 December 2007 -# Copyright (C) 1996-2007 Julian Seward +# bzip2/libbzip2 version 1.0.6 of 6 September 2010 +# Copyright (C) 1996-2010 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -137,7 +137,7 @@ bzip2recover.o: bzip2recover.c distclean: clean rm -f manual.ps manual.html manual.pdf -DISTNAME=bzip2-1.0.5 +DISTNAME=bzip2-1.0.6 dist: check manual rm -f $(DISTNAME) ln -s -f . $(DISTNAME) Modified: stable/8/contrib/bzip2/Makefile-libbz2_so ============================================================================== --- stable/8/contrib/bzip2/Makefile-libbz2_so Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/Makefile-libbz2_so Thu Feb 28 05:47:50 2013 (r247448) @@ -1,6 +1,6 @@ # This Makefile builds a shared version of the library, -# libbz2.so.1.0.4, with soname libbz2.so.1.0, +# libbz2.so.1.0.6, with soname libbz2.so.1.0, # at least on x86-Linux (RedHat 7.2), # with gcc-2.96 20000731 (Red Hat Linux 7.1 2.96-98). # Please see the README file for some important info @@ -10,8 +10,8 @@ # This file is part of bzip2/libbzip2, a program and library for # lossless, block-sorting data compression. # -# bzip2/libbzip2 version 1.0.5 of 10 December 2007 -# Copyright (C) 1996-2007 Julian Seward +# bzip2/libbzip2 version 1.0.6 of 6 September 2010 +# Copyright (C) 1996-2010 Julian Seward # # Please read the WARNING, DISCLAIMER and PATENTS sections in the # README file. @@ -35,13 +35,13 @@ OBJS= blocksort.o \ bzlib.o all: $(OBJS) - $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS) - $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4 + $(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS) + $(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6 rm -f libbz2.so.1.0 - ln -s libbz2.so.1.0.4 libbz2.so.1.0 + ln -s libbz2.so.1.0.6 libbz2.so.1.0 clean: - rm -f $(OBJS) bzip2.o libbz2.so.1.0.4 libbz2.so.1.0 bzip2-shared + rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared blocksort.o: blocksort.c $(CC) $(CFLAGS) -c blocksort.c Modified: stable/8/contrib/bzip2/README ============================================================================== --- stable/8/contrib/bzip2/README Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/README Thu Feb 28 05:47:50 2013 (r247448) @@ -6,8 +6,8 @@ This version is fully compatible with th This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.5 of 10 December 2007 -Copyright (C) 1996-2007 Julian Seward +bzip2/libbzip2 version 1.0.6 of 6 September 2010 +Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in this file. @@ -181,6 +181,10 @@ WHAT'S NEW IN 1.0.5 ? See the CHANGES file. +WHAT'S NEW IN 1.0.6 ? + + See the CHANGES file. + I hope you find bzip2 useful. Feel free to contact me at jseward@bzip.org @@ -208,3 +212,4 @@ Cambridge, UK. 15 February 2005 (bzip2, version 1.0.3) 20 December 2006 (bzip2, version 1.0.4) 10 December 2007 (bzip2, version 1.0.5) + 6 Sept 2010 (bzip2, version 1.0.6) Modified: stable/8/contrib/bzip2/README.COMPILATION.PROBLEMS ============================================================================== --- stable/8/contrib/bzip2/README.COMPILATION.PROBLEMS Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/README.COMPILATION.PROBLEMS Thu Feb 28 05:47:50 2013 (r247448) @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.5 of 10 December 2007 -Copyright (C) 1996-2007 Julian Seward +bzip2/libbzip2 version 1.0.6 of 6 September 2010 +Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -12,7 +12,7 @@ This program is released under the terms in the file LICENSE. ------------------------------------------------------------------ -bzip2-1.0.5 should compile without problems on the vast majority of +bzip2-1.0.6 should compile without problems on the vast majority of platforms. Using the supplied Makefile, I've built and tested it myself for x86-linux and amd64-linux. With makefile.msc, Visual C++ 6.0 and nmake, you can build a native Win32 version too. Large file Modified: stable/8/contrib/bzip2/blocksort.c ============================================================================== --- stable/8/contrib/bzip2/blocksort.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/blocksort.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/bzip2.1 ============================================================================== --- stable/8/contrib/bzip2/bzip2.1 Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzip2.1 Thu Feb 28 05:47:50 2013 (r247448) @@ -1,7 +1,7 @@ .PU .TH bzip2 1 .SH NAME -bzip2, bunzip2 \- a block-sorting file compressor, v1.0.4 +bzip2, bunzip2 \- a block-sorting file compressor, v1.0.6 .br bzcat \- decompresses files to stdout .br @@ -405,11 +405,11 @@ I/O error messages are not as helpful as tries hard to detect I/O errors and exit cleanly, but the details of what the problem is sometimes seem rather misleading. -This manual page pertains to version 1.0.4 of +This manual page pertains to version 1.0.6 of .I bzip2. Compressed data created by this version is entirely forwards and backwards compatible with the previous public releases, versions -0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and 1.0.3, but with the following +0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and above, but with the following exception: 0.9.0 and above can correctly decompress multiple concatenated compressed files. 0.1pl2 cannot do this; it will stop after decompressing just the first file in the stream. Modified: stable/8/contrib/bzip2/bzip2.c ============================================================================== --- stable/8/contrib/bzip2/bzip2.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzip2.c Thu Feb 28 05:47:50 2013 (r247448) @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -1605,11 +1605,11 @@ void license ( void ) "bzip2, a block-sorting file compressor. " "Version %s.\n" " \n" - " Copyright (C) 1996-2007 by Julian Seward.\n" + " Copyright (C) 1996-2010 by Julian Seward.\n" " \n" " This program is free software; you can redistribute it and/or modify\n" " it under the terms set out in the LICENSE file, which is included\n" - " in the bzip2-1.0.5 source distribution.\n" + " in the bzip2-1.0.6 source distribution.\n" " \n" " This program is distributed in the hope that it will be useful,\n" " but WITHOUT ANY WARRANTY; without even the implied warranty of\n" Modified: stable/8/contrib/bzip2/bzip2recover.c ============================================================================== --- stable/8/contrib/bzip2/bzip2recover.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzip2recover.c Thu Feb 28 05:47:50 2013 (r247448) @@ -7,8 +7,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -313,7 +313,7 @@ Int32 main ( Int32 argc, Char** argv ) inFileName[0] = outFileName[0] = 0; fprintf ( stderr, - "bzip2recover 1.0.5: extracts blocks from damaged .bz2 files.\n" ); + "bzip2recover 1.0.6: extracts blocks from damaged .bz2 files.\n" ); if (argc != 2) { fprintf ( stderr, "%s: usage is `%s damaged_file_name'.\n", Modified: stable/8/contrib/bzip2/bzlib.c ============================================================================== --- stable/8/contrib/bzip2/bzlib.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzlib.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/bzlib.h ============================================================================== --- stable/8/contrib/bzip2/bzlib.h Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzlib.h Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/bzlib_private.h ============================================================================== --- stable/8/contrib/bzip2/bzlib_private.h Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/bzlib_private.h Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -36,7 +36,7 @@ /*-- General stuff. --*/ -#define BZ_VERSION "1.0.5, 10-Dec-2007" +#define BZ_VERSION "1.0.6, 6-Sept-2010" typedef char Char; typedef unsigned char Bool; Modified: stable/8/contrib/bzip2/compress.c ============================================================================== --- stable/8/contrib/bzip2/compress.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/compress.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/crctable.c ============================================================================== --- stable/8/contrib/bzip2/crctable.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/crctable.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/decompress.c ============================================================================== --- stable/8/contrib/bzip2/decompress.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/decompress.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -492,15 +492,28 @@ Int32 BZ2_decompress ( DState* s ) RETURN(BZ_DATA_ERROR); /*-- Set up cftab to facilitate generation of T^(-1) --*/ + /* Check: unzftab entries in range. */ + for (i = 0; i <= 255; i++) { + if (s->unzftab[i] < 0 || s->unzftab[i] > nblock) + RETURN(BZ_DATA_ERROR); + } + /* Actually generate cftab. */ s->cftab[0] = 0; for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1]; for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1]; + /* Check: cftab entries in range. */ for (i = 0; i <= 256; i++) { if (s->cftab[i] < 0 || s->cftab[i] > nblock) { /* s->cftab[i] can legitimately be == nblock */ RETURN(BZ_DATA_ERROR); } } + /* Check: cftab entries non-descending. */ + for (i = 1; i <= 256; i++) { + if (s->cftab[i-1] > s->cftab[i]) { + RETURN(BZ_DATA_ERROR); + } + } s->state_out_len = 0; s->state_out_ch = 0; Modified: stable/8/contrib/bzip2/huffman.c ============================================================================== --- stable/8/contrib/bzip2/huffman.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/huffman.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/randtable.c ============================================================================== --- stable/8/contrib/bzip2/randtable.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/randtable.c Thu Feb 28 05:47:50 2013 (r247448) @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/spewG.c ============================================================================== --- stable/8/contrib/bzip2/spewG.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/spewG.c Thu Feb 28 05:47:50 2013 (r247448) @@ -13,8 +13,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. Modified: stable/8/contrib/bzip2/unzcrash.c ============================================================================== --- stable/8/contrib/bzip2/unzcrash.c Thu Feb 28 05:18:15 2013 (r247447) +++ stable/8/contrib/bzip2/unzcrash.c Thu Feb 28 05:47:50 2013 (r247448) @@ -17,8 +17,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.5 of 10 December 2007 - Copyright (C) 1996-2007 Julian Seward + bzip2/libbzip2 version 1.0.6 of 6 September 2010 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file.