Author: bodewig Date: Thu Aug 16 08:10:51 2018 New Revision: 28769 Log: vote for Commons Compress 1.18 RC1 has passed
Added: release/commons/compress/binaries/commons-compress-1.18-bin.tar.gz - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz release/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.asc - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.asc release/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.sha256 - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.sha256 release/commons/compress/binaries/commons-compress-1.18-bin.zip - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.zip release/commons/compress/binaries/commons-compress-1.18-bin.zip.asc - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.zip.asc release/commons/compress/binaries/commons-compress-1.18-bin.zip.sha256 - copied unchanged from r28768, dev/commons/compress/binaries/commons-compress-1.18-bin.zip.sha256 release/commons/compress/source/commons-compress-1.18-src.tar.gz - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.tar.gz release/commons/compress/source/commons-compress-1.18-src.tar.gz.asc - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.tar.gz.asc release/commons/compress/source/commons-compress-1.18-src.tar.gz.sha256 - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.tar.gz.sha256 release/commons/compress/source/commons-compress-1.18-src.zip - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.zip release/commons/compress/source/commons-compress-1.18-src.zip.asc - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.zip.asc release/commons/compress/source/commons-compress-1.18-src.zip.sha256 - copied unchanged from r28768, dev/commons/compress/source/commons-compress-1.18-src.zip.sha256 Removed: dev/commons/compress/RELEASE-NOTES.txt dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.asc dev/commons/compress/binaries/commons-compress-1.18-bin.tar.gz.sha256 dev/commons/compress/binaries/commons-compress-1.18-bin.zip dev/commons/compress/binaries/commons-compress-1.18-bin.zip.asc dev/commons/compress/binaries/commons-compress-1.18-bin.zip.sha256 dev/commons/compress/source/commons-compress-1.18-src.tar.gz dev/commons/compress/source/commons-compress-1.18-src.tar.gz.asc dev/commons/compress/source/commons-compress-1.18-src.tar.gz.sha256 dev/commons/compress/source/commons-compress-1.18-src.zip dev/commons/compress/source/commons-compress-1.18-src.zip.asc dev/commons/compress/source/commons-compress-1.18-src.zip.sha256 Modified: release/commons/compress/README.html release/commons/compress/RELEASE-NOTES.txt Modified: release/commons/compress/README.html ============================================================================== --- release/commons/compress/README.html (original) +++ release/commons/compress/README.html Thu Aug 16 08:10:51 2018 @@ -1,6 +1,6 @@ -<h1>Commons-Compress 1.17</h1> +<h1>Commons-Compress 1.18</h1> -<p>This is the 1.17 release of commons-compress. It is available in both binary and source distributions.</p> +<p>This is the 1.18 release of commons-compress. It is available in both binary and source distributions.</p> <p><font color="red" size="+2">Note:</font> The tar files in the distribution use GNU tar extensions @@ -34,12 +34,12 @@ href="https://www.apache.org/dist/common <pre>Always test available signatures, <i>e.g.</i>, $ pgpk -a KEYS -$ pgpv commons-compress-1.17-bin.tar.gz.asc +$ pgpv commons-compress-1.18-bin.tar.gz.asc or, $ pgp -ka KEYS -$ pgp commons-compress-1.17-bin.tar.gz.asc +$ pgp commons-compress-1.18-bin.tar.gz.asc or, $ gpg --import KEYS -$ gpg --verify commons-compress-1.17-bin.tar.gz.asc +$ gpg --verify commons-compress-1.18-bin.tar.gz.asc </pre> <p> Modified: release/commons/compress/RELEASE-NOTES.txt ============================================================================== --- release/commons/compress/RELEASE-NOTES.txt (original) +++ release/commons/compress/RELEASE-NOTES.txt Thu Aug 16 08:10:51 2018 @@ -5,6 +5,44 @@ compression and archive formats. These lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. +Release 1.18 +------------ + +New features: +o It is now possible to specify the arguments of zstd-jni's + ZstdOutputStream constructors via Commons Compress as well. + Issue: COMPRESS-460. + Thanks to Carmi Grushko. + +Fixed Bugs: +o The example Expander class has been vulnerable to a path + traversal in the edge case that happens when the target + directory has a sibling directory and the name of the target + directory is a prefix of the sibling directory's name. + Thanks to Didier Loiseau. +o Changed the OSGi Import-Package to also optionally import + javax.crypto so encrypted archives can be read. + Issue: COMPRESS-456. +o Changed various implementations of the close method to better + ensure all held resources get closed even if exceptions are + thrown during the closing the stream. + Issue: COMPRESS-457. +o ZipArchiveInputStream can now detect the APK Signing Block + used in signed Android APK files and treats it as an "end of + archive" marker. + Issue: COMPRESS-455. +o The cpio streams didn't handle archives using a multi-byte + encoding properly. + Issue: COMPRESS-459. + Thanks to Jens Reimann. +o ZipArchiveInputStream#read would silently return -1 on a + corrupted stored entry and even return > 0 after hitting the + end of the archive. + Issue: COMPRESS-463. +o ArArchiveInputStream#read would allow to read from the stream + without opening an entry at all. + Issue: COMPRESS-462. + Release 1.17 ------------ @@ -70,53 +108,53 @@ Release 1.16 New features: o Add read-only support for Zstandard compression based on the Zstd-jni project. - Issue: COMPRESS-423. Thanks to Andre F de Miranda. + Issue: COMPRESS-423. Thanks to Andre F de Miranda. o Added auto-detection for Zstandard compressed streams. - Issue: COMPRESS-425. + Issue: COMPRESS-425. o Added write-support for Zstandard compression. - Issue: COMPRESS-426. + Issue: COMPRESS-426. o Added read-only DEFLATE64 support to ZIP archives and as stand-alone CompressorInputStream. - Issue: COMPRESS-380. Thanks to Christian Marquez Grabia. + Issue: COMPRESS-380. Thanks to Christian Marquez Grabia. o Added read-only DEFLATE64 support to 7z archives. - Issue: COMPRESS-437. + Issue: COMPRESS-437. Fixed Bugs: o Synchronized iteration over a synchronizedList in ParallelScatterZipCreator. - Issue: COMPRESS-430. Thanks to Bruno P. Kinoshita. + Issue: COMPRESS-430. Thanks to Bruno P. Kinoshita. o ZipFile could get stuck in an infinite loop when parsing ZIP archives with certain strong encryption headers. - Issue: COMPRESS-432. + Issue: COMPRESS-432. o Added improved checks to detect corrupted bzip2 streams and throw the expected IOException rather than obscure RuntimeExceptions. - Issue: COMPRESS-424. + Issue: COMPRESS-424. Changes: o Replaces instanceof checks with a type marker in LZ77 support code. - Issue: COMPRESS-435. Thanks to BELUGA BEHR. + Issue: COMPRESS-435. Thanks to BELUGA BEHR. o Updated XZ for Java dependency to 1.8 in order to pick up bug fix - to LZMA2InputStream's available method. + to LZMA2InputStream's available method. o ZipArchiveEntry now exposes how the name or comment have been determined when the entry was read. - Issue: COMPRESS-429. Thanks to Damiano Albani. + Issue: COMPRESS-429. Thanks to Damiano Albani. o ZipFile.getInputStream will now always buffer the stream internally in order to improve read performance. - Issue: COMPRESS-438. + Issue: COMPRESS-438. o Speed improvement for DEFLATE64 decompression. - Issue: COMPRESS-440. Thanks to Dawid Weiss. + Issue: COMPRESS-440. Thanks to Dawid Weiss. o Added a few extra sanity checks for the rarer compression methods used in ZIP archives. - Issue: COMPRESS-436. + Issue: COMPRESS-436. o Simplified the special handling for the dummy byte required by zlib when using java.util.zip.Inflater. - Issue: COMPRESS-441. + Issue: COMPRESS-441. o Various code cleanups. - Github Pull Request #61. Thanks to Shahab Kondri. + Github Pull Request #61. Thanks to Shahab Kondri. o TarArchiveEntry's preserveLeadingSlashes constructor argument has been renamed and can now also be used to preserve the - drive letter on Windows. + drive letter on Windows. Release 1.15 ------------ @@ -323,9 +361,9 @@ o TarArchiveInputStream failed to parse Changes: o Update requirement from Java 5 to 6. - Issue: COMPRESS-349. + Issue: COMPRESS-349. o TarArchiveEntry wastefully allocates empty arrays. - Issue: COMPRESS-350. + Issue: COMPRESS-350. o Javadoc for BZip2CompressorInputStream(InputStream, boolean) should refer to IOEx, not NPE. Issue: COMPRESS-353. @@ -518,7 +556,7 @@ For complete information on Apache Commo on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Compress website: -http://commons.apache.org/compress/ +https://commons.apache.org/compress/ Old Release Notes ================= @@ -836,7 +874,7 @@ Release 1.4.1 ------------- This is a security bugfix release, see -http://commons.apache.org/proper/commons-compress/security.html#Fixed_in_Apache_Commons_Compress_1.4.1 +https://commons.apache.org/proper/commons-compress/security.html#Fixed_in_Apache_Commons_Compress_1.4.1 Fixed Bugs: