1.0.4 (20 Dec 06)
~~~~~~~~~~~~~~~~~
Fixes some minor bugs since the last version, 1.0.3.
* Fix file permissions race problem (CAN-2005-0953).
* Avoid possible segfault in BZ2_bzclose. From Coverity's NetBSD
scan.
* 'const'/prototype cleanups in the C code.
* Change default install location to /usr/local, and handle multiple
'make install's without error.
* Sanitise file names more carefully in bzgrep. Fixes CAN-2005-0758
to the extent that applies to bzgrep.
* Use 'mktemp' rather than 'tempfile' in bzdiff.
* Tighten up a couple of assertions in blocksort.c following automated
analysis.
* Fix minor doc/comment bugs.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
- Further robustification against corrupted compressed data.
There are currently no known bitstreams which can cause the
decompressor to crash, loop or access memory which does not
belong to it. If you are using bzip2 or the library to
decompress bitstreams from untrusted sources, an upgrade
to 1.0.3 is recommended.
http://scary.beasts.org/security/CESA-2005-002.txt
- The documentation has been converted to XML, from which html
and pdf can be derived.
- Various minor bugs in the documentation have been fixed.
- Fixes for various compilation warnings with newer versions of
gcc, and on 64-bit platforms.
- The BZ_NO_STDIO cpp symbol was not properly observed in 1.0.2.
This has been fixed.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
A bug fix release, addressing various minor issues.
* Fix an infinite segfault loop in 1.0.1 when a directory is encountered
in -f (force) mode.
* Avoid double fclose() of output file on certain I/O error paths.
* Don't fail with internal error 1007 when fed a long stream (> 48MB)
of byte 251. Also print useful message suggesting that 1007s may be
caused by bad memory.
* Fix uninitialised variable silly bug in demo prog dlltest.c.
* Remove 512-MB limitation on recovered file size for bzip2recover
on selected platforms which support 64-bit ints.
* Copy file access times correctly.
* Dereference symlinks when copying file permissions in -f mode.
* Majorly simplify implementation of uInt64_qrm10.
* Check the input file still exists before deleting the output one,
when aborting in cleanUpAndFail().
* Wrapper scripts (with manpages): bzdiff, bzgrep, bzmore.
* Spelling changes and minor enhancements in bzip2.1.
* Avoid race condition between creating the output file and setting its
interim permissions safely, by using fopen_output_safely().
* do not print senseless report with -v when compressing an empty file.
* bzcat -f works on non-bzip2 files.
* do not try to escape shell meta-characters on unix (the shell takes
care of these).
* added --fast and --best aliases for -1 -9 for gzip compatibility.
- New, optional Makefile variable HOMEPAGE, specifies a URL for
the home page of the software if it has one.
- The value of HOMEPAGE is used to add a link from the
README.html files.
- pkglint updated to know about it. The "correct" location for
HOMEPAGE in the Makefile is after MAINTAINER, in that same
section.
packages collection, from the FreeBSD port.
As pointed out by Charles Hannum, the author of bzip2 thinks it is
patent-free, so this should be used in preference to the older bzip
package.
