CHANGES revision 351008
1205219Srdivacky ------------------------------------------------------------------ 2205219Srdivacky This file is part of bzip2/libbzip2, a program and library for 3205219Srdivacky lossless, block-sorting data compression. 4205219Srdivacky 5205219Srdivacky bzip2/libbzip2 version 1.0.8 of 13 July 2019 6205219Srdivacky Copyright (C) 1996-2019 Julian Seward <jseward@acm.org> 7205219Srdivacky 8205219Srdivacky Please read the WARNING, DISCLAIMER and PATENTS sections in the 9205219Srdivacky README file. 10205219Srdivacky 11205219Srdivacky This program is released under the terms of the license contained 12205219Srdivacky in the file LICENSE. 13205219Srdivacky ------------------------------------------------------------------ 14205219Srdivacky 15205219Srdivacky 16205219Srdivacky0.9.0 17205219Srdivacky~~~~~ 18205219SrdivackyFirst version. 19245431Sdim 20235633Sdim 21205219Srdivacky0.9.0a 22205219Srdivacky~~~~~~ 23205219SrdivackyRemoved 'ranlib' from Makefile, since most modern Unix-es 24205219Srdivackydon't need it, or even know about it. 25205219Srdivacky 26205219Srdivacky 27205219Srdivacky0.9.0b 28205219Srdivacky~~~~~~ 29205219SrdivackyFixed a problem with error reporting in bzip2.c. This does not effect 30205219Srdivackythe library in any way. Problem is: versions 0.9.0 and 0.9.0a (of the 31205219Srdivackyprogram proper) compress and decompress correctly, but give misleading 32205219Srdivackyerror messages (internal panics) when an I/O error occurs, instead of 33205219Srdivackyreporting the problem correctly. This shouldn't give any data loss 34205219Srdivacky(as far as I can see), but is confusing. 35205219Srdivacky 36205219SrdivackyMade the inline declarations disappear for non-GCC compilers. 37205219Srdivacky 38205219Srdivacky 39205219Srdivacky0.9.0c 40235633Sdim~~~~~~ 41205219SrdivackyFixed some problems in the library pertaining to some boundary cases. 42206084SrdivackyThis makes the library behave more correctly in those situations. The 43205219Srdivackyfixes apply only to features (calls and parameters) not used by 44205219Srdivackybzip2.c, so the non-fixedness of them in previous versions has no 45205219Srdivackyeffect on reliability of bzip2.c. 46205219Srdivacky 47205219SrdivackyIn bzlib.c: 48205219Srdivacky * made zero-length BZ_FLUSH work correctly in bzCompress(). 49218893Sdim * fixed bzWrite/bzRead to ignore zero-length requests. 50205219Srdivacky * fixed bzread to correctly handle read requests after EOF. 51205219Srdivacky * wrong parameter order in call to bzDecompressInit in 52205219Srdivacky bzBuffToBuffDecompress. Fixed. 53205219Srdivacky 54218893SdimIn compress.c: 55218893Sdim * changed setting of nGroups in sendMTFValues() so as to 56218893Sdim do a bit better on small files. This _does_ effect 57252723Sdim bzip2.c. 58218893Sdim 59252723Sdim 60252723Sdim0.9.5a 61252723Sdim~~~~~~ 62252723SdimMajor change: add a fallback sorting algorithm (blocksort.c) 63252723Sdimto give reasonable behaviour even for very repetitive inputs. 64252723SdimNuked --repetitive-best and --repetitive-fast since they are 65252723Sdimno longer useful. 66252723Sdim 67252723SdimMinor changes: mostly a whole bunch of small changes/ 68252723Sdimbugfixes in the driver (bzip2.c). Changes pertaining to the 69252723Sdimuser interface are: 70252723Sdim 71252723Sdim allow decompression of symlink'd files to stdout 72205219Srdivacky decompress/test files even without .bz2 extension 73205219Srdivacky give more accurate error messages for I/O errors 74205219Srdivacky when compressing/decompressing to stdout, don't catch control-C 75205219Srdivacky read flags from BZIP2 and BZIP environment variables 76252723Sdim decline to break hard links to a file unless forced with -f 77252723Sdim allow -c flag even with no filenames 78205219Srdivacky preserve file ownerships as far as possible 79205219Srdivacky make -s -1 give the expected block size (100k) 80218893Sdim add a flag -q --quiet to suppress nonessential warnings 81218893Sdim stop decoding flags after --, so files beginning in - can be handled 82252723Sdim resolved inconsistent naming: bzcat or bz2cat ? 83252723Sdim bzip2 --help now returns 0 84252723Sdim 85252723SdimProgramming-level changes are: 86205219Srdivacky 87205219Srdivacky fixed syntax error in GET_LL4 for Borland C++ 5.02 88252723Sdim let bzBuffToBuffDecompress return BZ_DATA_ERROR{_MAGIC} 89252723Sdim fix overshoot of mode-string end in bzopen_or_bzdopen 90252723Sdim wrapped bzlib.h in #ifdef __cplusplus ... extern "C" { ... } 91210299Sed close file handles under all error conditions 92218893Sdim added minor mods so it compiles with DJGPP out of the box 93245431Sdim fixed Makefile so it doesn't give problems with BSD make 94245431Sdim fix uninitialised memory reads in dlltest.c 95245431Sdim 96218893Sdim0.9.5b 97245431Sdim~~~~~~ 98245431SdimOpen stdin/stdout in binary mode for DJGPP. 99205219Srdivacky 100205219Srdivacky0.9.5c 101205219Srdivacky~~~~~~ 102252723SdimChanged BZ_N_OVERSHOOT to be ... + 2 instead of ... + 1. The + 1 103252723Sdimversion could cause the sorted order to be wrong in some extremely 104252723Sdimobscure cases. Also changed setting of quadrant in blocksort.c. 105252723Sdim 106252723Sdim0.9.5d 107205219Srdivacky~~~~~~ 108212904SdimThe only functional change is to make bzlibVersion() in the library 109212904Sdimreturn the correct string. This has no effect whatsoever on the 110212904Sdimfunctioning of the bzip2 program or library. Added a couple of casts 111212904Sdimso the library compiles without warnings at level 3 in MS Visual 112206084SrdivackyStudio 6.0. Included a Y2K statement in the file Y2K_INFO. All other 113206084Srdivackychanges are minor documentation changes. 114205219Srdivacky 115252723Sdim1.0 116252723Sdim~~~ 117252723SdimSeveral minor bugfixes and enhancements: 118252723Sdim 119252723Sdim* Large file support. The library uses 64-bit counters to 120252723Sdim count the volume of data passing through it. bzip2.c 121252723Sdim is now compiled with -D_FILE_OFFSET_BITS=64 to get large 122205219Srdivacky file support from the C library. -v correctly prints out 123212904Sdim file sizes greater than 4 gigabytes. All these changes have 124212904Sdim been made without assuming a 64-bit platform or a C compiler 125205219Srdivacky which supports 64-bit ints, so, except for the C library 126205219Srdivacky aspect, they are fully portable. 127205219Srdivacky 128205219Srdivacky* Decompression robustness. The library/program should be 129205219Srdivacky robust to any corruption of compressed data, detecting and 130205219Srdivacky handling _all_ corruption, instead of merely relying on 131205219Srdivacky the CRCs. What this means is that the program should 132205219Srdivacky never crash, given corrupted data, and the library should 133205219Srdivacky always return BZ_DATA_ERROR. 134221345Sdim 135235633Sdim* Fixed an obscure race-condition bug only ever observed on 136245431Sdim Solaris, in which, if you were very unlucky and issued 137245431Sdim control-C at exactly the wrong time, both input and output 138245431Sdim files would be deleted. 139245431Sdim 140245431Sdim* Don't run out of file handles on test/decompression when 141245431Sdim large numbers of files have invalid magic numbers. 142245431Sdim 143221345Sdim* Avoid library namespace pollution. Prefix all exported 144245431Sdim symbols with BZ2_. 145252723Sdim 146252723Sdim* Minor sorting enhancements from my DCC2000 paper. 147252723Sdim 148252723Sdim* Advance the version number to 1.0, so as to counteract the 149252723Sdim (false-in-this-case) impression some people have that programs 150252723Sdim with version numbers less than 1.0 are in some way, experimental, 151221345Sdim pre-release versions. 152221345Sdim 153221345Sdim* Create an initial Makefile-libbz2_so to build a shared library. 154221345Sdim Yes, I know I should really use libtool et al ... 155218893Sdim 156218893Sdim* Make the program exit with 2 instead of 0 when decompression 157218893Sdim fails due to a bad magic number (ie, an invalid bzip2 header). 158218893Sdim Also exit with 1 (as the manual claims :-) whenever a diagnostic 159218893Sdim message would have been printed AND the corresponding operation 160218893Sdim is aborted, for example 161218893Sdim bzip2: Output file xx already exists. 162218893Sdim When a diagnostic message is printed but the operation is not 163205219Srdivacky aborted, for example 164205219Srdivacky bzip2: Can't guess original name for wurble -- using wurble.out 165205219Srdivacky then the exit value 0 is returned, unless some other problem is 166210299Sed also detected. 167212904Sdim 168212904Sdim I think it corresponds more closely to what the manual claims now. 169205219Srdivacky 170205219Srdivacky 171205219Srdivacky1.0.1 172205219Srdivacky~~~~~ 173205219Srdivacky* Modified dlltest.c so it uses the new BZ2_ naming scheme. 174205219Srdivacky* Modified makefile-msc to fix minor build probs on Win2k. 175205219Srdivacky* Updated README.COMPILATION.PROBLEMS. 176205219Srdivacky 177205219SrdivackyThere are no functionality changes or bug fixes relative to version 178205219Srdivacky1.0.0. This is just a documentation update + a fix for minor Win32 179205219Srdivackybuild problems. For almost everyone, upgrading from 1.0.0 to 1.0.1 is 180205219Srdivackyutterly pointless. Don't bother. 181205219Srdivacky 182205219Srdivacky 183205219Srdivacky1.0.2 184205219Srdivacky~~~~~ 185205219SrdivackyA bug fix release, addressing various minor issues which have appeared 186205219Srdivackyin the 18 or so months since 1.0.1 was released. Most of the fixes 187205219Srdivackyare to do with file-handling or documentation bugs. To the best of my 188205219Srdivackyknowledge, there have been no data-loss-causing bugs reported in the 189205219Srdivackycompression/decompression engine of 1.0.0 or 1.0.1. 190218893Sdim 191205219SrdivackyNote that this release does not improve the rather crude build system 192205219Srdivackyfor Unix platforms. The general plan here is to autoconfiscate/ 193205219Srdivackylibtoolise 1.0.2 soon after release, and release the result as 1.1.0 194205219Srdivackyor perhaps 1.2.0. That, however, is still just a plan at this point. 195205219Srdivacky 196205219SrdivackyHere are the changes in 1.0.2. Bug-reporters and/or patch-senders in 197205219Srdivackyparentheses. 198205219Srdivacky 199205219Srdivacky* Fix an infinite segfault loop in 1.0.1 when a directory is 200205219Srdivacky encountered in -f (force) mode. 201205219Srdivacky (Trond Eivind Glomsrod, Nicholas Nethercote, Volker Schmidt) 202205219Srdivacky 203205219Srdivacky* Avoid double fclose() of output file on certain I/O error paths. 204205219Srdivacky (Solar Designer) 205205219Srdivacky 206205219Srdivacky* Don't fail with internal error 1007 when fed a long stream (> 48MB) 207205219Srdivacky of byte 251. Also print useful message suggesting that 1007s may be 208205219Srdivacky caused by bad memory. 209205219Srdivacky (noticed by Juan Pedro Vallejo, fixed by me) 210205219Srdivacky 211205219Srdivacky* Fix uninitialised variable silly bug in demo prog dlltest.c. 212205219Srdivacky (Jorj Bauer) 213205219Srdivacky 214205219Srdivacky* Remove 512-MB limitation on recovered file size for bzip2recover 215205219Srdivacky on selected platforms which support 64-bit ints. At the moment 216205219Srdivacky all GCC supported platforms, and Win32. 217205219Srdivacky (me, Alson van der Meulen) 218205219Srdivacky 219205219Srdivacky* Hard-code header byte values, to give correct operation on platforms 220205219Srdivacky using EBCDIC as their native character set (IBM's OS/390). 221205219Srdivacky (Leland Lucius) 222205219Srdivacky 223263509Sdim* Copy file access times correctly. 224205219Srdivacky (Marty Leisner) 225205219Srdivacky 226205219Srdivacky* Add distclean and check targets to Makefile. 227205219Srdivacky (Michael Carmack) 228205219Srdivacky 229205219Srdivacky* Parameterise use of ar and ranlib in Makefile. Also add $(LDFLAGS). 230205219Srdivacky (Rich Ireland, Bo Thorsen) 231263509Sdim 232205219Srdivacky* Pass -p (create parent dirs as needed) to mkdir during make install. 233205219Srdivacky (Jeremy Fusco) 234205219Srdivacky 235205219Srdivacky* Dereference symlinks when copying file permissions in -f mode. 236205219Srdivacky (Volker Schmidt) 237205219Srdivacky 238205219Srdivacky* Majorly simplify implementation of uInt64_qrm10. 239 (Bo Lindbergh) 240 241* Check the input file still exists before deleting the output one, 242 when aborting in cleanUpAndFail(). 243 (Joerg Prante, Robert Linden, Matthias Krings) 244 245Also a bunch of patches courtesy of Philippe Troin, the Debian maintainer 246of bzip2: 247 248* Wrapper scripts (with manpages): bzdiff, bzgrep, bzmore. 249 250* Spelling changes and minor enhancements in bzip2.1. 251 252* Avoid race condition between creating the output file and setting its 253 interim permissions safely, by using fopen_output_safely(). 254 No changes to bzip2recover since there is no issue with file 255 permissions there. 256 257* do not print senseless report with -v when compressing an empty 258 file. 259 260* bzcat -f works on non-bzip2 files. 261 262* do not try to escape shell meta-characters on unix (the shell takes 263 care of these). 264 265* added --fast and --best aliases for -1 -9 for gzip compatibility. 266 267 2681.0.3 (15 Feb 05) 269~~~~~~~~~~~~~~~~~ 270Fixes some minor bugs since the last version, 1.0.2. 271 272* Further robustification against corrupted compressed data. 273 There are currently no known bitstreams which can cause the 274 decompressor to crash, loop or access memory which does not 275 belong to it. If you are using bzip2 or the library to 276 decompress bitstreams from untrusted sources, an upgrade 277 to 1.0.3 is recommended. This fixes CAN-2005-1260. 278 279* The documentation has been converted to XML, from which html 280 and pdf can be derived. 281 282* Various minor bugs in the documentation have been fixed. 283 284* Fixes for various compilation warnings with newer versions of 285 gcc, and on 64-bit platforms. 286 287* The BZ_NO_STDIO cpp symbol was not properly observed in 1.0.2. 288 This has been fixed. 289 290 2911.0.4 (20 Dec 06) 292~~~~~~~~~~~~~~~~~ 293Fixes some minor bugs since the last version, 1.0.3. 294 295* Fix file permissions race problem (CAN-2005-0953). 296 297* Avoid possible segfault in BZ2_bzclose. From Coverity's NetBSD 298 scan. 299 300* 'const'/prototype cleanups in the C code. 301 302* Change default install location to /usr/local, and handle multiple 303 'make install's without error. 304 305* Sanitise file names more carefully in bzgrep. Fixes CAN-2005-0758 306 to the extent that applies to bzgrep. 307 308* Use 'mktemp' rather than 'tempfile' in bzdiff. 309 310* Tighten up a couple of assertions in blocksort.c following automated 311 analysis. 312 313* Fix minor doc/comment bugs. 314 315 3161.0.5 (10 Dec 07) 317~~~~~~~~~~~~~~~~~ 318Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. 319 320 3211.0.6 (6 Sept 10) 322~~~~~~~~~~~~~~~~~ 323 324* Security fix for CVE-2010-0405. This was reported by Mikolaj 325 Izdebski. 326 327* Make the documentation build on Ubuntu 10.04 328 3291.0.7 (27 Jun 19) 330~~~~~~~~~~~~~~~~~ 331 332* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH 333 334* bzip2: Fix return value when combining --test,-t and -q. 335 336* bzip2recover: Fix buffer overflow for large argv[0] 337 338* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189) 339 340* Make sure nSelectors is not out of range (CVE-2019-12900) 341 3421.0.8 (13 Jul 19) 343~~~~~~~~~~~~~~~~~ 344 345* Accept as many selectors as the file format allows. 346 This relaxes the fix for CVE-2019-12900 from 1.0.7 347 so that bzip2 allows decompression of bz2 files that 348 use (too) many selectors again. 349 350* Fix handling of large (> 4GB) files on Windows. 351 352* Cleanup of bzdiff and bzgrep scripts so they don't use 353 any bash extensions and handle multiple archives correctly. 354 355* There is now a bz2-files testsuite at 356 https://sourceware.org/git/bzip2-tests.git 357