v0.6.0
When adding implicit dirs, ensure that ancestral directories
are added and that duplicates are excluded.
The library now relies on more_itertools
5.61.0
KTar::openArchive: Don't assert if file has two root dirs
KZip::openArchive: Don't assert when opening broken files
5.60.0
Do not crash if the inner file wants to be bigger than QByteArray max size
5.59.0
Test reading and seeking in KCompressionDevice
KCompressionDevice: Remove bIgnoreData
KAr: fix out-of-bounds read (on invalid input) by porting to QByteArray
KAr: fix parsing of long filenames with Qt-5.10
KAr: the permissions are in octal, not decimal
KAr::openArchive: Also check ar_longnamesIndex is not < 0
KAr::openArchive: Fix invalid memory access on broken files
KAr::openArchive: Protect against Heap-buffer-overflow in broken files
KTar::KTarPrivate::readLonglink: Fix crash in malformed files
5.58.0
KTar: Protect against negative longlink sizes
Fix invalid memory write on malformed tar files
Fix memory leak when reading some tar files
Fix uninitialized memory use when reading malformed tar files
Fix stack-buffer-overflow read on malformed files
Fix null-dereference on malformed tar files
Install krcc.h header
Fix double delete on broken files
Disallow copy of KArchiveDirectoryPrivate and KArchivePrivate
Fix KArchive::findOrCreate running out of stack on VERY LONG paths
Introduce and use KArchiveDirectory::addEntryV2
removeEntry can fail so it's good to know if it did
KZip: fix Heap-use-after-free in broken files
LZ4 v1.9.2
fix : out-of-bound read in exceptional circumstances when using decompress_partial()
fix : slim opportunity for out-of-bound write with compress_fast() with a large enough input and when providing an output smaller than recommended (< LZ4_compressBound(inputSize))
fix : rare data corruption bug with LZ4_compress_destSize()
fix : data corruption bug when Streaming with an Attached Dict in HC Mode
perf: enable LZ4_FAST_DEC_LOOP on aarch64/GCC by default
perf: improved lz4frame streaming API speed
perf: speed up lz4hc on slow patterns when using external dictionary
api: better in-place decompression and compression support
cli : --list supports multi-frames files
cli: --version outputs to stdout
cli : add option --best as an alias of -12
misc: Integration into oss-fuzz
Zstandard v1.4.3
Dictionary Compression Regression
We discovered an issue in the v1.4.2 release, which can degrade the effectiveness of dictionary compression. This release fixes that issue.
Detailed Changes
* bug: Fix Dictionary Compression Ratio Regression
* bug: Fix Buffer Overflow in v0.3 Decompression
* build: Add support for IAR C/C++ Compiler for Arm
* misc: Add NULL pointer check in util.c by
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
2019-02-18 Stuart Caie <kyzer@cabextract.org.uk>
* chmd_read_headers(): a CHM file name beginning "::" but shorter
than 33 bytes will lead to reading past the freshly-allocated name
buffer - checks for specific control filenames didn't take length
into account. Thanks to ADLab of Venustech for the report and
proof of concept.
2019-02-18 Stuart Caie <kyzer@cabextract.org.uk>
* chmd_read_headers(): CHM files can declare their chunks are any
size up to 4GB, and libmspack will attempt to allocate that to
read the file.
This is not a security issue; libmspack doesn't promise how much
memory it'll use to unpack files. You can set your own limits by
returning NULL in a custom mspack_system.alloc() implementation.
However, it would be good to validate chunk size further. With no
offical specification, only empirical data is available. All files
created by hhc.exe have a chunk size of 4096 bytes, and this is
matched by all the files I've found in the wild, except for one
which has a chunk size of 8192 bytes, which was created by someone
developing a CHM file creator 15 years ago, and they appear to
have abandoned it, so it seems 4096 is a de-facto standard.
I've changed the "chunk size is not a power of two" warning to
"chunk size is not 4096", and now only allow chunk sizes between
22 and 8192 bytes. If you have CHM files with a larger chunk size,
please send them to me and I'll increase this upper limit.
Thanks to ADLab of Venustech for the report.
2019-02-18 Stuart Caie <kyzer@cabextract.org.uk>
* oabd.c: replaced one-shot copying of uncompressed blocks (which
requires allocating a buffer of the size declared in the header,
which can be 4GB) with a fixed-size buffer. The buffer size is
user-controllable with the new msoab_decompressor::set_param()
method (check you have version 2 of the OAB decompressor), and
also controls the input buffer used for OAB's LZX decompression.
Reminder: compression formats can dictate how much memory is
needed to decompress them. If memory usage is a security concern
to you, write a custom mspack_system.alloc() that returns NULL
if "too much" memory is requested. Do not rely on libmspack adding
special heuristics to know not to request "too much".
Thanks to ADLab of Venustech for the report.
Zstandard v1.4.2
Legacy Decompression Fix
This release is a small one, that corrects an issue discovered in the previous release. Zstandard v1.4.1 included a bug in decompressing v0.5 legacy frames, which is fixed in v1.4.2.
Detailed Changes
bug: Fix bug in zstd-0.5 decoder
bug: Fix seekable decompression in-memory API
bug: Close minor memory leak in CLI
misc: Validate blocks are smaller than size limit
misc: Restructure source files
1.0.8 (13 Jul 19)
~~~~~~~~~~~~~~~~~
* Accept as many selectors as the file format allows.
This relaxes the fix for CVE-2019-12900 from 1.0.7
so that bzip2 allows decompression of bz2 files that
use (too) many selectors again.
* Fix handling of large (> 4GB) files on Windows.
* Cleanup of bzdiff and bzgrep scripts so they don't use
any bash extensions and handle multiple archives correctly.
* There is now a bz2-files testsuite at
https://sourceware.org/git/bzip2-tests.git
1.0.7 (27 Jun 19)
~~~~~~~~~~~~~~~~~
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)
v1.4.1
bug: Fix data corruption in niche use cases by @terrelln (#1659)
bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595)
bug: Fix out of bounds read by @terrelln (#1590)
perf: Improve decode speed by ~7% @mgrice (#1668)
perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681)
perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658)
perf: Improve compression ratio for small windowLog by @cyan4973 (#1624)
perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635)
api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656)
cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640)
cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631)
cli: Restrict read permissions on destination files by @chungy (#1644)
cli: zstdgrep: handle -f flag by @felixhandte (#1618)
cli: zstdcat: follow symlinks by @vejnar (#1604)
doc: Remove extra size limit on compressed blocks by @felixhandte (#1689)
doc: Fix typo by @yk-tanigawa (#1633)
doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629)
build: CMake: support building with LZ4 @leeyoung624 (#1626)
build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647)
build: CMake: respect existing uninstall target by @j301scott (#1619)
build: Make: skip multithread tests when built without support by @michaelforney (#1620)
build: Make: Fix examples/ test target by @sjnam (#1603)
build: Meson: rename options out of deprecated namespace by @lzutao (#1665)
build: Meson: fix build by @lzutao (#1602)
build: Visual Studio: don't export symbols in static lib by @scharan (#1650)
build: Visual Studio: fix linking by @absotively (#1639)
build: Fix MinGW-W64 build by @myzhang1029 (#1600)
misc: Expand decodecorpus coverage by @ephiepark (#1664)
Update ruby-zip to 1.2.3, here is release note.
1.2.3 (2019-05-23)
* Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
* Support frozen string literals in more files #390
* Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)
Tooling / Documentation:
* CI updates #392, #394
- Bump supported ruby versions and add 2.6
- JRuby failures are no longer ignored (reverts #375 / part of #371)
* Add changelog entry that was missing for last release #387
* Comment cleanup #385
Since the GitHub release information for 1.2.2 is missing, I will also include
it here:
1.2.2 (2018-09-01)
NB: This release drops support for extracting symlinks, because there was no
clear way to support this securely. See #376 (comment) for details.
* Fix CVE-2018-1000544 #376 / #371
* Fix NoMethodError: undefined method `glob' #363
* Fix handling of stored files (i.e. files not using compression) with general
purpose bit 3 set #358
* Fix close on StringIO-backed zip file #353
* Add Zip.force_entry_names_encoding option #340
* Update rubocop, apply auto-fixes, and fix regressions caused by said
auto-fixes #332, #355
* Save temporary files to temporary directory (rather than current directory)
#325
Tooling / Documentation:
* Turn off all terminal output in all tests #361
* Several CI updates #346, #347, #350, #352
* Several README improvements #345, #326, #321
### engrampa 1.22.1
sync with transifex
Help: replace link linkend with xref linkend
file-utils: avoid out of bound memory access
actions: avoid use of memory after it is freed
fr-process: Fix memory leak: 'g_shell_quote' needs to be freed
fr-process: Fix memory leak: 'g_strconcat' needs to be freed
[Security] fr-process: avoid 'strcpy' and 'strcat'
fr-process: Fix memory leak
Help: Fix version to 1.22
help: update copyright
Upgrade the manual to docbook 5.0
v1.4.0
perf: Improve level 1 compression speed in most scenarios by 6% by @gbtucker and @terrelln
api: Move the advanced API, including all functions in the staging section, to the stable section
api: Make ZSTD_e_flush and ZSTD_e_end block for maximum forward progress
api: Rename ZSTD_CCtxParam_getParameter to ZSTD_CCtxParams_getParameter
api: Rename ZSTD_CCtxParam_setParameter to ZSTD_CCtxParams_setParameter
api: Don't export ZSTDMT functions from the shared library by default
api: Require ZSTD_MULTITHREAD to be defined to use ZSTDMT
api: Add ZSTD_decompressBound() to provide an upper bound on decompressed size by @shakeelrao
api: Fix ZSTD_decompressDCtx() corner cases with a dictionary
api: Move ZSTD_getDictID_*() functions to the stable section
api: Add ZSTD_c_literalCompressionMode flag to enable or disable literal compression by @terrelln
api: Allow compression parameters to be set when a dictionary is used
api: Allow setting parameters before or after ZSTD_CCtx_loadDictionary() is called
api: Fix ZSTD_estimateCStreamSize_usingCCtxParams()
api: Setting ZSTD_d_maxWindowLog to 0 means use the default
cli: Ensure that a dictionary is not used to compress itself by @shakeelrao
cli: Add --[no-]compress-literals flag to enable or disable literal compression
doc: Update the examples to use the advanced API
doc: Explain how to transition from old streaming functions to the advanced API in the header
build: Improve the Windows release packages
build: Improve CMake build by @hjmjohnson
build: Build fixes for FreeBSD by @lwhsu
build: Remove redundant warnings by @thatsafunnyname
build: Fix tests on OpenBSD by @bket
build: Extend fuzzer build system to work with the new clang engine
build: CMake now creates the libzstd.so.1 symlink
build: Improve Menson build by @lzutao
misc: Fix symbolic link detection on FreeBSD
misc: Use physical core count for -T0 on FreeBSD by @cemeyer
misc: Fix zstd --list on truncated files by @kostmo
misc: Improve logging in debug mode by @felixhandte
misc: Add CirrusCI tests by @lwhsu
misc: Optimize dictionary memory usage in corner cases
misc: Improve the dictionary builder on small or homogeneous data
misc: Fix spelling across the repo by @jsoref
LZ4 v1.9.1
Changes
fix : decompression functions were reading a few bytes beyond input size
api : fix : lz4frame initializers compatibility with c++
cli : added command --list
build: improved Windows build
build: AIX, by Norman Green
LZ4 v1.9.0
This release brings an assortment of small improvements and bug fixes, as detailed below :
perf: large decompression speed improvement on x86/x64 (up to +20%)
api : changed : _destSize() compression variants are promoted to stable API
api : new : LZ4_initStream(HC), replacing LZ4_resetStream(HC)
api : changed : LZ4_resetStream(HC) as recommended reset function, for better performance on small data
cli : support custom block sizes
build: source code can be amalgamated, by Bing Xu
build: added meson build
build: new build macros : LZ4_DISTANCE_MAX, LZ4_FAST_DEC_LOOP
install: MidnightBSD
install: msys2 on Windows 10
Libaec provides fast lossless compression of 1 up to 32 bit wide signed
or unsigned integers (samples). The library achieves best results for
low entropy data as often encountered in space imaging instrument data or
numerical model output from weather or climate simulations. While floating
point representations are not directly supported, they can also be efficiently
coded by grouping exponents and mantissa.
Libaec implements Golomb-Rice coding as defined in the Space Data System
Standard documents 121.0-B-2 and 120.0-G-2.
Libaec includes a free drop-in replacement for the SZIP library.
Upstream changes:
0.0946 2019-04-05 20:11:47Z
- Added copyright holder/year meta to dist.ini. (GH#6) (Mohammad S Anwar)
- Auto generate META.yml using the plugin [MetaYAML]. (GH#8) (Mohammad S
Anwar)
