aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Make sure to call isdigit and isspace with unsigned charHEADmasterMark Wielaard2024-04-092-3/+3
| | | | | | | | | Casting to Int32 or int could create negative values. Which isspace and isdigit don't handle. SEI CERT C Coding Standard STR37-C. Resolve by casting to UChar or unsigned char instead of Int32 or int. https://sourceware.org/bugzilla/show_bug.cgi?id=28283
* Initialize the fave and cost arrays fullyMark Wielaard2022-05-261-2/+2
| | | | | | | | | | | | We try to be smart in sendMTFValues by initializing just nGroups number of elements instead of all BZ_N_GROUPS elements. But this means the compiler doesn't know all elements are correctly initialized and might warn. The arrays are really small, BZ_N_GROUPS, 6 elements. And nGroups == BZ_N_GROUPS is the common case. So just initialize them all always. Using a constant loop might also help the compiler to optimize the initialization. https://sourceware.org/bugzilla/show_bug.cgi?id=28904
* Mark SEE ALSO commands with .BR in bzdiff.1, bzgrep.1 and bzmore.1Mark Wielaard2022-04-213-3/+18
| | | | | | This makes sure all commands show up as bold in the man pages. Suggested-by: Helge Kreutzmann <debian@helgefjell.de>
* Define STDERR_FILENO for BZ_LCCWIN32Mark Wielaard2022-04-201-0/+2
| | | | | | | STDERR_FILENO is *nix specific and is not defined under MSVC. So define it using _fileno(stderr). Suggested-by: Dmitry Tsarevich <dimhotepus@gmail.com>
* Don't call unsafe functions from SIGSEGV/SIGBUS signal handler.Mark Wielaard2020-05-171-16/+24
| | | | | | | | | | | | | | | GCC10 -fanalyzer notices that we try to call functions that are not signal safe from our fatal signal handler: bzip2.c: In function ‘mySIGSEGVorSIGBUScatcher’: bzip2.c:819:7: warning: call to ‘fprintf’ from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler] It also notices we then call showFileNames and cleanupAndFail which also call possibly not signal safe functions. Just write out the error message directly to STDERR and exit without trying to clean up any files.
* manual.xml: Add BZ_SEQUENCE_ERROR to return values of BZ2_bzDecompressMark Wielaard2020-05-171-0/+2
| | | | | | | BZ_SEQUENCE_ERROR can be returned if BZ2_bzDecompress is called after an earlier call already returned BZ_STREAM_END. Reported-by: Vanessa McHale <vamchale@gmail.com>
* Add generation of bzip2.txt and bzip2.1.preformatted to Makefile.Mark Wielaard2019-07-214-793/+9
| | | | | | And remove both pages from the repository since the will now be generated by make dist. Also don't try to update them in prepare-release.sh script.
* Mention the --help command line option in the documentation.Mark Wielaard2019-07-212-0/+25
| | | | Bug-Debian: https://bugs.debian.org/517257
* bzip2.1: remove blank spaces in man page and drop the .PU macro.Mark Wielaard2019-07-211-70/+68
| | | | | Author: Bjarni Ingi Gislason Bug-Debian: https://bugs.debian.org/675380
* Prepare for 1.0.8 release.bzip2-1.0.8Mark Wielaard2019-07-1327-64/+81
|
* prepare-release.sh: Fix bz-lifespan typo.Mark Wielaard2019-07-131-1/+1
|
* manual: Add id to legalnotice.Mark Wielaard2019-07-121-1/+1
| | | | | Otherwise the generated HTML will have a different randomly generated name id which generates spurious diffs.
* Fix bzgrep so it doesn't always return a 0 exit code with multiple archivesMark Wielaard2019-07-121-2/+14
| | | | | | | | The bzgrep wrapper always returns 0 as exit code when working on multiple archives, even when the pattern is not found. Fix from openSUSE by Kristýna Streitová <kstreitova@suse.com> https://bugzilla.suse.com/970260
* Fix bashism in bzgrepMark Wielaard2019-07-121-3/+1
| | | | | | | bzgrep uses ${var//} which is a bashism. Replace by calling sed so other POSIX shells work. Patch from openSUSE by Led <ledest@gmail.com>
* fix bzdiff when TMPDIR contains spacesMark Wielaard2019-07-111-8/+8
| | | | | | | | | The bzdiff script doesn't contain enough quotes, so that it doesn't work if the TMPDIR environment variable is defined and contains spaces. https://bugs.debian.org/493710 Author: Vincent Lefevre <vincent@vinc17.org>
* Replace project contact email with bzip2-devel@sourceware.org.Mark Wielaard2019-07-115-13/+14
| | | | | Keep Julian's email as author information, but redirect general project feedback in the code and manual to the community mailinglist.
* release-update.sh should update version number in website pages too.Mark Wielaard2019-07-111-0/+4
|
* Accept as many selectors as the file format allows.Mark Wielaard2019-07-092-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS. The theoretical maximum number of selectors depends on the maximum blocksize (900000 bytes) and the number of symbols (50) that can be encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002. But the bzip2 file format allows the number of selectors to be encoded with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in 14 bits). So the file format maximum is 32767 selectors. Some bzip2 encoders might actually have written out more selectors than the theoretical maximum because they rounded up the number of selectors to some convenient factor of 8. The extra 14766 selectors can never be validly used by the decompression algorithm. So we can read them, but then discard them. This is effectively what was done (by accident) before we added a check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate CVE-2019-12900. The extra selectors were written out after the array inside the EState struct. But the struct has extra space allocated after the selector arrays of 18060 bytes (which is larger than 14766). All of which will be initialized later (so the overwrite of that space with extra selector values would have been harmless).
* Fix a 'not a normal file' error when compressing large files.Phil Ross2019-07-091-2/+2
| | | | | | | | | | The bzip2 command line would report 'not a normal file' for files of size larger than 2^32 - 1 bytes. Patch bzip2.c to use _stati64 instead of _stat so that a successful result is returned for large files. Resolves https://github.com/philr/bzip2-windows/issues/3.
* Update prepare-release.sh for Makefile* and date ranges.Mark Wielaard2019-07-051-6/+8
| | | | | Also update the version number in the Makefile comments. And update any date ranges to include the current year.
* Fix include path separatorJoshua Watt2019-07-051-1/+1
| | | | | | | | Changes the include path separator for Windows builds to use "/" instead of "\". Windows has no problems with using a forward slash as a path separator, but using a backslash causes problems when attempting to cross compile for other platforms (for example, when trying to cross compile for MinGW from Linux).
* Always treat .ref files as binaryJoshua Watt2019-07-031-0/+1
| | | | | .ref files should always be treated as binary files so that git does not attempt to convert the line endings if core.autocrlf is set.
* Update .gitignoreJoshua Watt2019-07-031-0/+9
| | | | Updates the .gitignore file to ignore many build artifacts
* Prepare for 1.0.7 release.bzip2-1.0.7Mark Wielaard2019-06-2727-37/+51
|
* Add prepare-release.sh script.Mark Wielaard2019-06-256-26/+86
| | | | | | | | | | | | | | | | | | | Script to run to prepare a new release. It will update the release number and tell you to update the CHANGES file and to double check everything looks before doing the release commit and tagging. Afterwards you probably want to run release-update.sh to upload the release and update the website at https://sourceware.org/bzip2/ There are embedded version strings and dates in a couple of places. To keep the script simple remove some that aren't absolutely necessary. README now just points to CHANGES. README.COMPILATION.PROBLEMS only mentions the version once at the top. bzip2.c only mentions the version once when doing --version. manual.xml now doesn't have any embedded versions, just uses &bz-version; everywhere.
* Change a magic number (6) for a constant (BZ_N_GROUPS).Federico Mena Quintero2019-06-241-1/+1
| | | | decompress.c (BZ2_decompress): Check nGroups against BZ_N_GROUPS.
* Make sure nSelectors is not out of rangeAlbert Astals Cid2019-06-241-1/+1
| | | | | | | | | | | | | | nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is UChar selectorMtf[BZ_MAX_SELECTORS]; so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory access Fixes out of bounds access discovered while fuzzying karchive This was reported as CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BHPaul Kehrer2019-06-241-3/+3
| | | | | | | | | | These macros contain this pattern: 1 << ((Int32_value) & 31 This causes the undefined behavior sanitizers in clang and gcc to complain because the shift, while ultimately stored to an unsigned variable, is done as a signed value. Adding a cast to unsigned for the int32 value resolves this issue.
* bzip2: Fix return value when combining --test,-t and -q.Mark Wielaard2019-06-241-6/+8
| | | | | | | | | | When passing -q to get quiet output --test would not display an error message, but would also suppress the exit 2 code to indicate the file was corrupt. Only suppress the error message with -q, not the exit value. This patch comes from Debian. "bunzip2 -qt returns 0 for corrupt archives" https://bugs.debian.org/279025
* bzip2recover: Fix use after free issue with outFile.Mark Wielaard2019-06-241-0/+1
| | | | | | | | | | bzip2recover.c (main): Make sure to set outFile to NULL when done. This was reported as CVE-2016-3189 and found in multiple distributions. https://seclists.org/oss-sec/2016/q2/568 Some more analysis can be found in: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
* bzip2recover: Fix buffer overflow for large argv[0].Mark Wielaard2019-06-241-1/+2
| | | | | | | | bzip2recover.c (main) copies argv[0] to a statically sized buffer without checking whether argv[0] might be too big (> 2000 chars). This patch comes from Fedora and was originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=226979
* bzip2.c (testStream): Remove set, but not used nread variable.Mark Wielaard2019-06-231-2/+2
| | | | | | | | | | | | | Modern GCC warns: bzip2.c: In function ‘testStream’: bzip2.c:557:37: warning: variable ‘nread’ set but not used [-Wunused-but-set-variable] Int32 bzerr, bzerr_dummy, ret, nread, streamNo, i; ^~~~~ GCC is correct. In testStream we don't care about the number of bytes read by BZ2_bzRead. So just remove the variable and the assignment.
* Add release-update.sh script.Mark Wielaard2019-06-231-0/+85
| | | | | | | | | Script to run after a release has been tagged, signed and pushed to git. Will do a fresh checkout, verify the git tag, do fresh build/dist, sign the dist with gpg, create a backup copy in HOME, upload the tar.gz and sig to sourceware, checkout bzip2-htdocs, copy over the new changes, manual, etc. and git push that to update https://sourceware.org/bzip2/
* Use UTF-8 encoding and include bzip.css as link for HTML manual.Mark Wielaard2019-06-231-4/+7
|
* Adjust bzip.css images to new https://sourceware.org/bzip2/ location.Mark Wielaard2019-06-231-2/+2
|
* Change all bzip.org URLs to sourceware.org/bzip2Mark Wielaard2019-03-305-6/+6
|
* Change Julian's email address to jseward@acm.orgMark Wielaard2019-03-3028-34/+34
|
* bzip2-1.0.6bzip2-1.0.6Julian Seward2010-09-0628-89/+122
|
* bzip2-1.0.5bzip2-1.0.5Julian Seward2007-12-1025-61/+77
|
* bzip2-1.0.4bzip2-1.0.4Julian Seward2006-12-2036-875/+593
|
* bzip2-1.0.3bzip2-1.0.3Julian Seward2005-02-1530-2636/+3947
|
* bzip2-1.0.2bzip2-1.0.2Julian Seward2001-12-3031-625/+1464
|
* bzip2-1.0.1bzip2-1.0.1Julian Seward2000-06-2427-915/+2160
|
* bzip2-0.9.5dbzip2-0.9.5dJulian Seward1999-09-0427-2152/+32912
|
* bzip2-0.9.0cbzip2-0.9.0cJulian Seward1998-08-2333-4104/+8332
|
* bzip2-0.1pl2bzip2-0.1pl2Julian Seward1997-08-299-95/+118
|
* bzip2-0.1bzip2-0.1Julian Seward1997-08-0722-0/+6550