From 7a545226f1692457e1189559866ae07e4a0bfac8 Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Fri, 28 Jun 2019 12:24:36 +0300 Subject: [PATCH] - updated bzip2 to version 1.0.7 https://www.sourceware.org/bzip2/ https://www.sourceware.org/pub/bzip2/bzip2-1.0.7.tar.gz --- bzip2/CHANGES | 17 +++++++++++++++-- bzip2/LICENSE | 4 ++-- bzip2/README | 36 ++++++++---------------------------- bzip2/blocksort.c | 10 +++++----- bzip2/bzlib.c | 12 ++++++------ bzip2/bzlib.h | 36 ++++++++++++++++++++++++++---------- bzip2/bzlib_private.h | 6 +++--- bzip2/compress.c | 6 +++--- bzip2/crctable.c | 4 ++-- bzip2/decompress.c | 8 ++++---- bzip2/huffman.c | 4 ++-- bzip2/randtable.c | 4 ++-- 12 files changed, 78 insertions(+), 69 deletions(-) diff --git a/bzip2/CHANGES b/bzip2/CHANGES index 81e97ca6f..d9b4c05c5 100644 --- a/bzip2/CHANGES +++ b/bzip2/CHANGES @@ -2,8 +2,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -325,3 +325,16 @@ Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. Izdebski. * Make the documentation build on Ubuntu 10.04 + +1.0.7 (27 Jun 19) +~~~~~~~~~~~~~~~~~ + +* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH + +* bzip2: Fix return value when combining --test,-t and -q. + +* bzip2recover: Fix buffer overflow for large argv[0] + +* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189) + +* Make sure nSelectors is not out of range (CVE-2019-12900) diff --git a/bzip2/LICENSE b/bzip2/LICENSE index cc614178c..95f9598f8 100644 --- a/bzip2/LICENSE +++ b/bzip2/LICENSE @@ -36,7 +36,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Julian Seward, jseward@bzip.org -bzip2/libbzip2 version 1.0.6 of 6 September 2010 +Julian Seward, jseward@acm.org +bzip2/libbzip2 version 1.0.7 of 27 June 2019 -------------------------------------------------------------------------- diff --git a/bzip2/README b/bzip2/README index 9fb0f6360..64873f982 100644 --- a/bzip2/README +++ b/bzip2/README @@ -6,8 +6,8 @@ This version is fully compatible with the previous public releases. This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. -bzip2/libbzip2 version 1.0.6 of 6 September 2010 -Copyright (C) 1996-2010 Julian Seward +bzip2/libbzip2 version 1.0.7 of 27 June 2019 +Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in this file. @@ -73,7 +73,7 @@ HOW TO BUILD -- Windows 95, NT, DOS, Mac, etc. It's difficult for me to support compilation on all these platforms. My approach is to collect binaries for these platforms, and put them -on the master web site (http://www.bzip.org). Look there. However +on the master web site (https://sourceware.org/bzip2/). Look there. However (FWIW), bzip2-1.0.X is very standard ANSI C and should compile unmodified with MS Visual C. If you have difficulties building, you might want to read README.COMPILATION.PROBLEMS. @@ -161,43 +161,22 @@ WHAT'S NEW IN 0.9.5 ? * Many small improvements in file and flag handling. * A Y2K statement. -WHAT'S NEW IN 1.0.0 ? +WHAT'S NEW IN 1.0.x ? See the CHANGES file. -WHAT'S NEW IN 1.0.2 ? - - See the CHANGES file. - -WHAT'S NEW IN 1.0.3 ? - - See the CHANGES file. - -WHAT'S NEW IN 1.0.4 ? - - See the CHANGES file. - -WHAT'S NEW IN 1.0.5 ? - - See the CHANGES file. - -WHAT'S NEW IN 1.0.6 ? - - See the CHANGES file. - - I hope you find bzip2 useful. Feel free to contact me at - jseward@bzip.org + jseward@acm.org if you have any suggestions or queries. Many people mailed me with comments, suggestions and patches after the releases of bzip-0.15, bzip-0.21, and bzip2 versions 0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and 1.0.3, and the changes in bzip2 are largely a result of this feedback. I thank you for your comments. -bzip2's "home" is http://www.bzip.org/ +bzip2's "home" is https://sourceware.org/bzip2/ Julian Seward -jseward@bzip.org +jseward@acm.org Cambridge, UK. 18 July 1996 (version 0.15) @@ -213,3 +192,4 @@ Cambridge, UK. 20 December 2006 (bzip2, version 1.0.4) 10 December 2007 (bzip2, version 1.0.5) 6 Sept 2010 (bzip2, version 1.0.6) +27 June 2019 (bzip2, version 1.0.7) diff --git a/bzip2/blocksort.c b/bzip2/blocksort.c index d0d662cd4..26579017a 100644 --- a/bzip2/blocksort.c +++ b/bzip2/blocksort.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -202,9 +202,9 @@ void fallbackQSort3 ( UInt32* fmap, bhtab [ 0 .. 2+(nblock/32) ] destroyed */ -#define SET_BH(zz) bhtab[(zz) >> 5] |= (1 << ((zz) & 31)) -#define CLEAR_BH(zz) bhtab[(zz) >> 5] &= ~(1 << ((zz) & 31)) -#define ISSET_BH(zz) (bhtab[(zz) >> 5] & (1 << ((zz) & 31))) +#define SET_BH(zz) bhtab[(zz) >> 5] |= ((UInt32)1 << ((zz) & 31)) +#define CLEAR_BH(zz) bhtab[(zz) >> 5] &= ~((UInt32)1 << ((zz) & 31)) +#define ISSET_BH(zz) (bhtab[(zz) >> 5] & ((UInt32)1 << ((zz) & 31))) #define WORD_BH(zz) bhtab[(zz) >> 5] #define UNALIGNED_BH(zz) ((zz) & 0x01f) diff --git a/bzip2/bzlib.c b/bzip2/bzlib.c index 9db864ef2..f9da295c7 100644 --- a/bzip2/bzlib.c +++ b/bzip2/bzlib.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -43,7 +43,7 @@ void BZ2_bz__AssertH__fail ( int errcode ) fprintf(stderr, "\n\nbzip2/libbzip2: internal error number %d.\n" "This is a bug in bzip2/libbzip2, %s.\n" - "Please report it to me at: jseward@bzip.org. If this happened\n" + "Please report it to me at: jseward@acm.org. If this happened\n" "when you were using some program which uses libbzip2 as a\n" "component, you should also report this bug to the author(s)\n" "of that program. Please make an effort to report this bug;\n" @@ -1234,7 +1234,7 @@ void BZ_API(BZ2_bzReadGetUnused) BZ_SETERR(BZ_OK); *nUnused = bzf->strm.avail_in; - *unused = (void **)bzf->strm.next_in; + *unused = bzf->strm.next_in; } #endif @@ -1247,7 +1247,7 @@ void BZ_API(BZ2_bzReadGetUnused) int BZ_API(BZ2_bzBuffToBuffCompress) ( char* dest, unsigned int* destLen, - const char* source, + char* source, unsigned int sourceLen, int blockSize100k, int verbosity, @@ -1299,7 +1299,7 @@ int BZ_API(BZ2_bzBuffToBuffCompress) int BZ_API(BZ2_bzBuffToBuffDecompress) ( char* dest, unsigned int* destLen, - const char* source, + char* source, unsigned int sourceLen, int small, int verbosity ) diff --git a/bzip2/bzlib.h b/bzip2/bzlib.h index 8a6e58f0a..8cf07918f 100644 --- a/bzip2/bzlib.h +++ b/bzip2/bzlib.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -47,7 +47,7 @@ extern "C" { typedef struct { - const char *next_in; + char *next_in; unsigned int avail_in; unsigned int total_in_lo32; unsigned int total_in_hi32; @@ -75,8 +75,24 @@ typedef #include #endif -#define BZ_API(func) func -#define BZ_EXTERN extern +#ifdef _WIN32 +# include +# ifdef small + /* windows.h define small to char */ +# undef small +# endif +# ifdef BZ_EXPORT +# define BZ_API(func) WINAPI func +# define BZ_EXTERN extern +# else + /* import windows dll dynamically */ +# define BZ_API(func) (WINAPI * func) +# define BZ_EXTERN +# endif +#else +# define BZ_API(func) func +# define BZ_EXTERN extern +#endif /*-- Core (low-level) library functions --*/ @@ -100,7 +116,7 @@ BZ_EXTERN int BZ_API(BZ2_bzCompressEnd) ( BZ_EXTERN int BZ_API(BZ2_bzDecompressInit) ( bz_stream *strm, int verbosity, - int lowmem + int small ); BZ_EXTERN int BZ_API(BZ2_bzDecompress) ( @@ -124,7 +140,7 @@ BZ_EXTERN BZFILE* BZ_API(BZ2_bzReadOpen) ( int* bzerror, FILE* f, int verbosity, - int lowmem, + int small, void* unused, int nUnused ); @@ -188,7 +204,7 @@ BZ_EXTERN void BZ_API(BZ2_bzWriteClose64) ( BZ_EXTERN int BZ_API(BZ2_bzBuffToBuffCompress) ( char* dest, unsigned int* destLen, - const char* source, + char* source, unsigned int sourceLen, int blockSize100k, int verbosity, @@ -198,9 +214,9 @@ BZ_EXTERN int BZ_API(BZ2_bzBuffToBuffCompress) ( BZ_EXTERN int BZ_API(BZ2_bzBuffToBuffDecompress) ( char* dest, unsigned int* destLen, - const char* source, + char* source, unsigned int sourceLen, - int lowmem, + int small, int verbosity ); diff --git a/bzip2/bzlib_private.h b/bzip2/bzlib_private.h index 5d0217f46..797555222 100644 --- a/bzip2/bzlib_private.h +++ b/bzip2/bzlib_private.h @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -36,7 +36,7 @@ /*-- General stuff. --*/ -#define BZ_VERSION "1.0.6, 6-Sept-2010" +#define BZ_VERSION "1.0.7, 27-Jun-2019" typedef char Char; typedef unsigned char Bool; diff --git a/bzip2/compress.c b/bzip2/compress.c index 9e944ab67..237620d85 100644 --- a/bzip2/compress.c +++ b/bzip2/compress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -202,7 +202,7 @@ void generateMTFValues ( EState* s ) *ryy_j = rtmp2; }; yy[0] = rtmp; - j = (Int32)(ryy_j - &(yy[0])); + j = ryy_j - &(yy[0]); mtfv[wr] = j+1; wr++; s->mtfFreq[j+1]++; } diff --git a/bzip2/crctable.c b/bzip2/crctable.c index 1fea7e946..746efac1c 100644 --- a/bzip2/crctable.c +++ b/bzip2/crctable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzip2/decompress.c b/bzip2/decompress.c index 311f5668f..20ce4936c 100644 --- a/bzip2/decompress.c +++ b/bzip2/decompress.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. @@ -285,9 +285,9 @@ Int32 BZ2_decompress ( DState* s ) /*--- Now the selectors ---*/ GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); - if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR); GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); - if (nSelectors < 1) RETURN(BZ_DATA_ERROR); + if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); for (i = 0; i < nSelectors; i++) { j = 0; while (True) { diff --git a/bzip2/huffman.c b/bzip2/huffman.c index 2283fdbc5..0fd6fd762 100644 --- a/bzip2/huffman.c +++ b/bzip2/huffman.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file. diff --git a/bzip2/randtable.c b/bzip2/randtable.c index 6d6245990..726d62f0c 100644 --- a/bzip2/randtable.c +++ b/bzip2/randtable.c @@ -8,8 +8,8 @@ This file is part of bzip2/libbzip2, a program and library for lossless, block-sorting data compression. - bzip2/libbzip2 version 1.0.6 of 6 September 2010 - Copyright (C) 1996-2010 Julian Seward + bzip2/libbzip2 version 1.0.7 of 27 June 2019 + Copyright (C) 1996-2010 Julian Seward Please read the WARNING, DISCLAIMER and PATENTS sections in the README file.