1.0.6

CHANGES

@@ -2,8 +2,8 @@
  This file is part of bzip2/libbzip2, a program and library for
  lossless, block-sorting data compression.
 
- bzip2/libbzip2 version 1.0.5 of 10 December 2007
- Copyright (C) 1996-2007 Julian Seward <[email protected]>
+ bzip2/libbzip2 version 1.0.6 of 6 September 2010
+ Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
  Please read the WARNING, DISCLAIMER and PATENTS sections in the 
  README file.
@@ -317,3 +317,11 @@ Fixes some minor bugs since the last version, 1.0.3.
 ~~~~~~~~~~~~~~~~~
 Security fix only.  Fixes CERT-FI 20469 as it applies to bzip2.
 
+
+1.0.6 (6 Sept 10)
+~~~~~~~~~~~~~~~~~
+
+* Security fix for CVE-2010-0405.  This was reported by Mikolaj
+  Izdebski.
+
+* Make the documentation build on Ubuntu 10.04

LICENSE

@@ -2,7 +2,7 @@
 --------------------------------------------------------------------------
 
 This program, "bzip2", the associated library "libbzip2", and all
-documentation, are copyright (C) 1996-2007 Julian R Seward.  All
+documentation, are copyright (C) 1996-2010 Julian R Seward.  All
 rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -37,6 +37,6 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 Julian Seward, [email protected]
-bzip2/libbzip2 version 1.0.5 of 10 December 2007
+bzip2/libbzip2 version 1.0.6 of 6 September 2010
 
 --------------------------------------------------------------------------

Makefile

@@ -2,8 +2,8 @@
 # This file is part of bzip2/libbzip2, a program and library for
 # lossless, block-sorting data compression.
 #
-# bzip2/libbzip2 version 1.0.5 of 10 December 2007
-# Copyright (C) 1996-2007 Julian Seward <[email protected]>
+# bzip2/libbzip2 version 1.0.6 of 6 September 2010
+# Copyright (C) 1996-2010 Julian Seward <[email protected]>
 #
 # Please read the WARNING, DISCLAIMER and PATENTS sections in the 
 # README file.
@@ -137,7 +137,7 @@ bzip2recover.o: bzip2recover.c
 distclean: clean
 	rm -f manual.ps manual.html manual.pdf
 
-DISTNAME=bzip2-1.0.5
+DISTNAME=bzip2-1.0.6
 dist: check manual
 	rm -f $(DISTNAME)
 	ln -s -f . $(DISTNAME)

Makefile-libbz2_so

@@ -1,6 +1,6 @@
 
 # This Makefile builds a shared version of the library, 
-# libbz2.so.1.0.4, with soname libbz2.so.1.0,
+# libbz2.so.1.0.6, with soname libbz2.so.1.0,
 # at least on x86-Linux (RedHat 7.2), 
 # with gcc-2.96 20000731 (Red Hat Linux 7.1 2.96-98).  
 # Please see the README file for some important info 
@@ -10,8 +10,8 @@
 # This file is part of bzip2/libbzip2, a program and library for
 # lossless, block-sorting data compression.
 #
-# bzip2/libbzip2 version 1.0.5 of 10 December 2007
-# Copyright (C) 1996-2007 Julian Seward <[email protected]>
+# bzip2/libbzip2 version 1.0.6 of 6 September 2010
+# Copyright (C) 1996-2010 Julian Seward <[email protected]>
 #
 # Please read the WARNING, DISCLAIMER and PATENTS sections in the 
 # README file.
@@ -35,13 +35,13 @@ OBJS= blocksort.o  \
       bzlib.o
 
 all: $(OBJS)
-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
-	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4
+	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS)
+	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
 	rm -f libbz2.so.1.0
-	ln -s libbz2.so.1.0.4 libbz2.so.1.0
+	ln -s libbz2.so.1.0.6 libbz2.so.1.0
 
 clean: 
-	rm -f $(OBJS) bzip2.o libbz2.so.1.0.4 libbz2.so.1.0 bzip2-shared
+	rm -f $(OBJS) bzip2.o libbz2.so.1.0.6 libbz2.so.1.0 bzip2-shared
 
 blocksort.o: blocksort.c
 	$(CC) $(CFLAGS) -c blocksort.c

README

@@ -6,8 +6,8 @@ This version is fully compatible with the previous public releases.
 This file is part of bzip2/libbzip2, a program and library for
 lossless, block-sorting data compression.
 
-bzip2/libbzip2 version 1.0.5 of 10 December 2007
-Copyright (C) 1996-2007 Julian Seward <[email protected]>
+bzip2/libbzip2 version 1.0.6 of 6 September 2010
+Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
 Please read the WARNING, DISCLAIMER and PATENTS sections in this file.
 
@@ -181,6 +181,10 @@ WHAT'S NEW IN 1.0.5 ?
 
    See the CHANGES file.
 
+WHAT'S NEW IN 1.0.6 ?
+
+   See the CHANGES file.
+
 
 I hope you find bzip2 useful.  Feel free to contact me at
    [email protected]
@@ -208,3 +212,4 @@ Cambridge, UK.
 15 February 2005 (bzip2, version 1.0.3)
 20 December 2006 (bzip2, version 1.0.4)
 10 December 2007 (bzip2, version 1.0.5)
+ 6     Sept 2010 (bzip2, version 1.0.6)

README.COMPILATION.PROBLEMS

@@ -2,8 +2,8 @@
 This file is part of bzip2/libbzip2, a program and library for
 lossless, block-sorting data compression.
 
-bzip2/libbzip2 version 1.0.5 of 10 December 2007
-Copyright (C) 1996-2007 Julian Seward <[email protected]>
+bzip2/libbzip2 version 1.0.6 of 6 September 2010
+Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
 Please read the WARNING, DISCLAIMER and PATENTS sections in the 
 README file.
@@ -12,7 +12,7 @@ This program is released under the terms of the license contained
 in the file LICENSE.
 ------------------------------------------------------------------
 
-bzip2-1.0.5 should compile without problems on the vast majority of
+bzip2-1.0.6 should compile without problems on the vast majority of
 platforms.  Using the supplied Makefile, I've built and tested it
 myself for x86-linux and amd64-linux.  With makefile.msc, Visual C++
 6.0 and nmake, you can build a native Win32 version too.  Large file

README.XML.STUFF

@@ -2,8 +2,8 @@
   This file is part of bzip2/libbzip2, a program and library for
   lossless, block-sorting data compression.
 
-  bzip2/libbzip2 version 1.0.5 of 10 December 2007
-  Copyright (C) 1996-2007 Julian Seward <[email protected]>
+  bzip2/libbzip2 version 1.0.6 of 6 September 2010
+  Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
   Please read the WARNING, DISCLAIMER and PATENTS sections in the 
   README file.

blocksort.c

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.

bzip2.1

@@ -1,7 +1,7 @@
 .PU
 .TH bzip2 1
 .SH NAME
-bzip2, bunzip2 \- a block-sorting file compressor, v1.0.4
+bzip2, bunzip2 \- a block-sorting file compressor, v1.0.6
 .br
 bzcat \- decompresses files to stdout
 .br
@@ -405,11 +405,11 @@ I/O error messages are not as helpful as they could be.
 tries hard to detect I/O errors and exit cleanly, but the details of
 what the problem is sometimes seem rather misleading.
 
-This manual page pertains to version 1.0.4 of
+This manual page pertains to version 1.0.6 of
 .I bzip2.  
 Compressed data created by this version is entirely forwards and
 backwards compatible with the previous public releases, versions
-0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and 1.0.3, but with the following
+0.1pl2, 0.9.0, 0.9.5, 1.0.0, 1.0.1, 1.0.2 and above, but with the following
 exception: 0.9.0 and above can correctly decompress multiple
 concatenated compressed files.  0.1pl2 cannot do this; it will stop
 after decompressing just the first file in the stream.

bzip2.1.preformatted

@@ -3,7 +3,7 @@ bzip2(1)                                                 bzip2(1)
 
 
 NNAAMMEE
-       bzip2, bunzip2 − a block‐sorting file compressor, v1.0.4
+       bzip2, bunzip2 − a block‐sorting file compressor, v1.0.6
        bzcat − decompresses files to stdout
        bzip2recover − recovers data from damaged bzip2 files
 
@@ -348,11 +348,11 @@ CCAAVVEEAATTSS
        but  the  details  of  what  the problem is sometimes seem
        rather misleading.
 
-       This manual page pertains to version 1.0.4 of _b_z_i_p_2_.  Com­
+       This manual page pertains to version 1.0.6 of _b_z_i_p_2_.  Com­
        pressed  data created by this version is entirely forwards
        and  backwards  compatible  with   the   previous   public
        releases,  versions  0.1pl2,  0.9.0,  0.9.5, 1.0.0, 1.0.1, 
-       1.0.2 and 1.0.3, but with the  following  exception: 0.9.0
+       1.0.2 and above, but with the  following  exception: 0.9.0
        and above can  correctly decompress  multiple concatenated
        compressed files.  0.1pl2  cannot do this;  it  will  stop 
        after  decompressing just the first file in the stream.

bzip2.c

@@ -7,8 +7,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -1605,11 +1605,11 @@ void license ( void )
     "bzip2, a block-sorting file compressor.  "
     "Version %s.\n"
     "   \n"
-    "   Copyright (C) 1996-2007 by Julian Seward.\n"
+    "   Copyright (C) 1996-2010 by Julian Seward.\n"
     "   \n"
     "   This program is free software; you can redistribute it and/or modify\n"
     "   it under the terms set out in the LICENSE file, which is included\n"
-    "   in the bzip2-1.0.5 source distribution.\n"
+    "   in the bzip2-1.0.6 source distribution.\n"
     "   \n"
     "   This program is distributed in the hope that it will be useful,\n"
     "   but WITHOUT ANY WARRANTY; without even the implied warranty of\n"

bzip2.txt

@@ -1,6 +1,6 @@
 
 NAME
-       bzip2, bunzip2 - a block-sorting file compressor, v1.0.4
+       bzip2, bunzip2 - a block-sorting file compressor, v1.0.6
        bzcat - decompresses files to stdout
        bzip2recover - recovers data from damaged bzip2 files
 
@@ -345,11 +345,11 @@ CAVEATS
        but  the  details  of  what  the problem is sometimes seem
        rather misleading.
 
-       This manual page pertains to version 1.0.4 of bzip2.  Com-
+       This manual page pertains to version 1.0.6 of bzip2.  Com-
        pressed  data created by this version is entirely forwards
        and  backwards  compatible  with   the   previous   public
        releases,  versions  0.1pl2,  0.9.0,  0.9.5, 1.0.0, 1.0.1,
-       1.0.2 and 1.0.3, but with the  following  exception: 0.9.0
+       1.0.2 and above, but with the  following  exception: 0.9.0
        and above can  correctly decompress  multiple concatenated
        compressed files.  0.1pl2  cannot do this;  it  will  stop
        after  decompressing just the first file in the stream.

bzip2recover.c

@@ -7,8 +7,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -313,7 +313,7 @@ Int32 main ( Int32 argc, Char** argv )
    inFileName[0] = outFileName[0] = 0;
 
    fprintf ( stderr, 
-             "bzip2recover 1.0.5: extracts blocks from damaged .bz2 files.\n" );
+             "bzip2recover 1.0.6: extracts blocks from damaged .bz2 files.\n" );
 
    if (argc != 2) {
       fprintf ( stderr, "%s: usage is `%s damaged_file_name'.\n",

bzlib.c

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.

bzlib.h

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.

bzlib_private.h

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -36,7 +36,7 @@
 
 /*-- General stuff. --*/
 
-#define BZ_VERSION  "1.0.5, 10-Dec-2007"
+#define BZ_VERSION  "1.0.6, 6-Sept-2010"
 
 typedef char            Char;
 typedef unsigned char   Bool;

compress.c

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.

crctable.c

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.

decompress.c

@@ -8,8 +8,8 @@
    This file is part of bzip2/libbzip2, a program and library for
    lossless, block-sorting data compression.
 
-   bzip2/libbzip2 version 1.0.5 of 10 December 2007
-   Copyright (C) 1996-2007 Julian Seward <[email protected]>
+   bzip2/libbzip2 version 1.0.6 of 6 September 2010
+   Copyright (C) 1996-2010 Julian Seward <[email protected]>
 
    Please read the WARNING, DISCLAIMER and PATENTS sections in the 
    README file.
@@ -381,6 +381,13 @@ Int32 BZ2_decompress ( DState* s )
             es = -1;
             N = 1;
             do {
+               /* Check that N doesn't get too big, so that es doesn't
+                  go negative.  The maximum value that can be
+                  RUNA/RUNB encoded is equal to the block size (post
+                  the initial RLE), viz, 900k, so bounding N at 2
+                  million should guard against overflow without
+                  rejecting any legitimate inputs. */
+               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
                N = N * 2;
@@ -485,15 +492,28 @@ Int32 BZ2_decompress ( DState* s )
          RETURN(BZ_DATA_ERROR);
 
       /*-- Set up cftab to facilitate generation of T^(-1) --*/
+      /* Check: unzftab entries in range. */
+      for (i = 0; i <= 255; i++) {
+         if (s->unzftab[i] < 0 || s->unzftab[i] > nblock)
+            RETURN(BZ_DATA_ERROR);
+      }
+      /* Actually generate cftab. */
       s->cftab[0] = 0;
       for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1];
       for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1];
+      /* Check: cftab entries in range. */
       for (i = 0; i <= 256; i++) {
          if (s->cftab[i] < 0 || s->cftab[i] > nblock) {
             /* s->cftab[i] can legitimately be == nblock */
             RETURN(BZ_DATA_ERROR);
          }
       }
+      /* Check: cftab entries non-descending. */
+      for (i = 1; i <= 256; i++) {
+         if (s->cftab[i-1] > s->cftab[i]) {
+            RETURN(BZ_DATA_ERROR);
+         }
+      }
 
       s->state_out_len = 0;
       s->state_out_ch  = 0;