Upgrade brotli to v1.0.9 am: 065f36f595
Original change: https://android-review.googlesource.com/c/platform/external/brotli/+/1413972
Change-Id: I3f6e1d58f13541d6f3edcf836e4b6885edd45e9b
diff --git a/.gitattributes b/.gitattributes
index c0ca54b..8915918 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -19,6 +19,8 @@
premake5.lua !export-ignore
README !export-ignore
README.md !export-ignore
+setup.py !export-ignore
+setup.cfg !export-ignore
WORKSPACE !export-ignore
# Add sources
@@ -26,9 +28,22 @@
c/** !export-ignore
c/common/dictionary.bin* export-ignore
c/fuzz export-ignore
+
+# Add man pages
+docs !export-ignore
+docs/** !export-ignore
+docs/brotli-comparison-study-2015-09-22.pdf export-ignore
+
+# Add python bindings + tests
+python !export-ignore
+python/** !export-ignore
+
+# Add more build files.
scripts !export-ignore
scripts/sources.lst !export-ignore
scripts/libbrotli*.pc.in !export-ignore
+
+# Add testdata
tests !export-ignore
tests/*.sh !export-ignore
tests/*.cmake !export-ignore
@@ -37,8 +52,3 @@
tests/testdata/empty.compressed !export-ignore
tests/testdata/ukkonooa !export-ignore
tests/testdata/ukkonooa.compressed !export-ignore
-
-# Add man pages
-docs !export-ignore
-docs/** !export-ignore
-docs/brotli-comparison-study-2015-09-22.pdf export-ignore
\ No newline at end of file
diff --git a/METADATA b/METADATA
index e4711e2..6433111 100644
--- a/METADATA
+++ b/METADATA
@@ -9,11 +9,11 @@
type: GIT
value: "https://github.com/google/brotli.git"
}
- version: "v1.0.8"
+ version: "v1.0.9"
license_type: NOTICE
last_upgrade_date {
year: 2020
month: 8
- day: 26
+ day: 27
}
}
diff --git a/README.md b/README.md
index 017173c..3bacbbc 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
<p align="center"><img src="https://brotli.org/brotli.svg" alt="Brotli" width="64"></p>
+# SECURITY NOTE
+
+Please consider updating brotli to version 1.0.9 (latest).
+
+Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, `memcpy` is invoked with a gigantic `num` value, that will likely cause the crash.
+
### Introduction
Brotli is a generic-purpose lossless compression algorithm that compresses data
diff --git a/c/common/version.h b/c/common/version.h
index 075d4d1..01b2998 100644
--- a/c/common/version.h
+++ b/c/common/version.h
@@ -14,13 +14,13 @@
BrotliEncoderVersion methods. */
/* Semantic version, calculated as (MAJOR << 24) | (MINOR << 12) | PATCH */
-#define BROTLI_VERSION 0x1000008
+#define BROTLI_VERSION 0x1000009
/* This macro is used by build system to produce Libtool-friendly soname. See
https://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
*/
/* ABI version, calculated as (CURRENT << 24) | (REVISION << 12) | AGE */
-#define BROTLI_ABI_VERSION 0x1008000
+#define BROTLI_ABI_VERSION 0x1009000
#endif /* BROTLI_COMMON_VERSION_H_ */