[arch-dev-public] [signoff] bzip2 1.0.5-1
dpmcgee at gmail.com
dpmcgee at gmail.com
Mon Apr 14 19:59:35 EDT 2008
On 4/14/08, Dan McGee <dpmcgee at gmail.com> wrote:
> On Mon, Apr 14, 2008 at 4:04 PM, Tom K <tom at archlinux.org> wrote:
> > Upstream vulnerability fix, our ref FS#10121, additional info here:
> > https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
> > Also, man path amended.
> >
> > In testing now for both arches.
>
> Looks good on i686.
Maybe I spoke too soon. The program itself works fine, but linking
against it is doing some really weird things. It seems that things are
getting statically included now or something? I'm not completely sure
what is going on, but my binaries for my pacman-git build went from
14K to 140K, and the strings output on the old vs. the new is showing
a lot of BZ2 crud, which I've attached below (I sorted it so
before/after would be as similar as possible).
-Dan
$ diff -u strings.old strings.new
--- strings.old 2008-04-14 18:57:02.000000000 -0500
+++ strings.new 2008-04-14 18:57:29.000000000 -0500
@@ -1,3 +1,29 @@
+ %d pointers, %d sorted, %d scanned
+ bucket sorting ...
+ depth %6d has
+ main sort initialise ...
+ qsort [0x%x, 0x%x] done %d this %d
+ reconstructing block ...
+ %d in block, %d after MTF & 1-2 coding, %d+2 syms in use
+ %d work, %d block, ratio %5.2f
+ bytes: mapping %d,
+ initial group %d, [%d .. %d], has %d syms (%4.1f%%)
+ pass %d: size is %d, grp uses are
+ [%d: huff+mtf
+ block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d
+ combined CRCs: stored = 0x%08x, computed = 0x%08x
+ final combined CRC = 0x%08x
+ too repetitive; using fallback sorting algorithm
+ (www.memtest86.com). At the time of writing it is free (GPLd).
+ Memtest86 tests memory much more thorougly than your BIOSs
+ Try a memory-test program. I have used Memtest86
+ bzip2, and I would very much like to hear about it. Please
+ let me know, and, ideally, save a copy of the file causing the
+ points in compression, you may have a flaky memory system.
+ power-on test, and may find failures that the BIOS doesn't.
+ problem -- without which I will be unable to investigate it.
+ {0x%08x, 0x%08x}
+%6d unresolved strings
%s conflicts with %s
%s/%s/depends
%s/%s/desc
@@ -6,18 +32,113 @@
%s: dependency file is missing
%s: description file is missing
%s: file list is missing
+* If the error can be repeatably reproduced, this is a bug in
+* If the error cannot be reproduced, and/or happens at different
+*** A special note about internal error number 1007 ***
/lib/ld-linux.so.2
/var/lib/pacman/
+1.0.5, 10-Dec-2007
+1G<1
+;GT|
+<[^_]
+<[^_]
+BZ2_blockSort
+BZ2_bsInitWrite
+BZ2_bzBuffToBuffCompress
+BZ2_bzBuffToBuffDecompress
+BZ2_bzCompress
+BZ2_bzCompressEnd
+BZ2_bzCompressInit
+BZ2_bzDecompress
+BZ2_bzDecompressEnd
+BZ2_bzDecompressInit
+BZ2_bzRead
+BZ2_bzReadClose
+BZ2_bzReadGetUnused
+BZ2_bzReadOpen
+BZ2_bzWrite
+BZ2_bzWriteClose
+BZ2_bzWriteClose64
+BZ2_bzWriteOpen
+BZ2_bz__AssertH__fail
+BZ2_bzclose
+BZ2_bzdopen
+BZ2_bzerror
+BZ2_bzflush
+BZ2_bzlibVersion
+BZ2_bzopen
+BZ2_bzread
+BZ2_bzwrite
+BZ2_compressBlock
+BZ2_crc32Table
+BZ2_decompress
+BZ2_hbAssignCodes
+BZ2_hbCreateDecodeTables
+BZ2_hbMakeCodeLengths
+BZ2_indexIntoF
+BZ2_rNums
+CONFIG_ERROR
+DATA_ERROR
+DATA_ERROR_MAGIC
+Experience suggests that a common cause of i.e. 1007
+FD;FH
+FP;FL
+FP;FL
+FP;FL|
+G 9E
+G 9E
+G 9E
+G,u?
+G8u$
+G8u$
+G8u'
+G8u'
+G8u'
+G8u'
+G<u'
GLIBC_2.0
+GLIBC_2.1
+GLIBC_2.3
+I suggest the following: try compressing the file again,
+IO_ERROR
LIBSSP_1.0
-PTRh`
-QVh0
+MEM_ERROR
+ND;NH
+NP;NL
+O8iE
+O8iE
+O8iE
+OUTBUFF_FULL
+PARAM_ERROR
+PTRh m
+Please report it to me at: jseward at bzip.org. If this happened
+QVh`
+SEQUENCE_ERROR
+This is a bug in bzip2/libbzip2, %s.
+UNEXPECTED_EOF
+US]CQ
+VUUU
+VUUU
+W8iE
+W8iE
+W8iE
WVSQ
Y[^_]
[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+^(BM
_IO_stdin_used
_Jv_RegisterClasses
__bss_start
+__ctype_b_loc
__errno_location
__gmon_start__
__libc_start_main
@@ -43,31 +164,60 @@
alpm_option_set_logcb
alpm_release
alpm_strerrorlast
+bzip2/libbzip2: internal error number %d.
cannot initialize alpm: %s
+code lengths %d,
+codes %d
+component, you should also report this bug to the author(s)
error : %s : %s
error releasing alpm: %s
error:
error: could not register 'local' database (%s)
exit
+fclose
+fdopen
+ferror
+fflush
+fgetc
+fopen64
+fputc
+fread
free
+fwrite
+is unreliable memory or other hardware. The 1007 assertion
+just happens to cross-check the results of huge numbers of
+kZ;&
libacl.so.1
libalpm.so.2
libarchive.so.2
libattr.so.1
-libbz2.so.1.0
libc.so.6
libdownload.so
libssp.so.0
libz.so.1
+malloc
+memory reads/writes, and so acts (unintendedly) as a stress
missing dependency for %s : %s
+of that program. Please make an effort to report this bug;
opendir
+possibly monitoring progress in detail with the -vv flag.
+quality software. Thanks. Julian Seward, 10 December 2007.
readdir
+rt+rld
+selectors %d,
snprintf
stderr
+stdin
stdout
+strcat
strcmp
strerror
+strlen
+test of your memory system.
testdb
+timely and accurate bug reports eventually lead to higher
+ungetc
usage: %s -b <pacman db>
vfprintf
warning:
+when you were using some program which uses libbzip2 as a
More information about the arch-dev-public
mailing list