This update for blosc fixes the following issues:
Update to version 1.20.1 boo#1179914 CVE-2020-29367:
* More saftey checks have been implemented so that potential flaws
discovered by new fuzzers in OSS-Fuzzer are fixed now
* BloscLZ updated to 2.3.0. Expect better compression ratios for faster
codecs. For details, see our new blog post:
* Fixed the _xgetbv() collision. Thanks to Micha?? G??rny (@mgorny).
Update to version 1.19.0:
* The length of automatic blocksizes for fast codecs (lz4, blosclz) has
been incremented quite a bit (up to 256 KB) for better compression
* The performance in modern CPUs (with at least 256 KB in L2 cache) should
be better too (for older CPUs the performance should stay roughly the
* For small buffers that cannot be compressed (typically < 128 bytes),
blosc_compress() returns now a 0 (cannot compress) instead of a negative
number (internal error). See #294.
* blosclz codec updated to 2.1.0. Expect better compression ratios and
performance in a wider variety of scenarios.
* blosc_decompress_unsafe(), blosc_decompress_ctx_unsafe() and
blosc_getitem_unsafe() have been removed because they are dangerous and
after latest improvements, they should not be used in production.
Update to version 1.18.1:
* Fixed the copy of the leftovers of a chunk when its size is not a
multiple of the typesize.
Update to version 1.17.1:
* BloscLZ codec updated to 2.0.0.
Update to version 1.16.3:
* Fix for building for clang with -march=haswell. See PR #262.
* Fix all the known warnings for GCC/Clang. Still some work to do for MSVC
in this front.
* Due to some problems with several CI systems, the check for library
symbols are deactivated now by default. If you want to enforce this
check, use: cmake .. -DDEACTIVATE_SYMBOLS_CHECK=ON to re-activate it.
* Correct the check for the compressed size when the buffer is memcpyed.
This was a regression introduced in 1.16.0. Fixes #261.
* Fixed a regression in 1.16.0 that prevented to compress empty buffers
* Now the functions that execute Blosc decompressions are safe by default
for untrusted/possibly corrupted inputs.
* The previous functions (with less safety) checks are still available
with a '_unsafe' suffix. The complete list is:
* Also, a new API function named blosc_cbuffer_validate(), for validating
Blosc compressed data, has been added.
* For details, see PR #258. Thanks to Jeremy Maitin-Shepard.
* Fixed a bug in blosc_compress() that could lead to thread deadlock under
some situations. See #251. Thanks to @wenjuno for the report and the fix.
* Fix data race in shuffle.c host_implementation initialization. Fixes
#253. Thanks to Jeremy Maitin-Shepard.
* Add workaround for Visual Studio 2008's lack of a stdint.h file to
* Replaced //-comments with /**/-comments and other improvements for
compatibility with quite old gcc compilers. See PR #243. Thanks to
* Empty buffers can be compressed again (this was unadvertedly prevented
while fixing #234). See #247. Thanks to Valentin Haenel.
Update to version 1.14.4:
* Added a new DEACTIVATE_SSE2 option for cmake that is useful for
disabling SSE2 when doing cross-compilation (see #236).
* New check for detecting output buffers smaller than BLOSC_MAX_OVERHEAD.
* The complib and version parameters for blosc_get_complib_info() can be
safely set to NULL now. This allows to call this function even if the
user is not interested in these parameters (so no need to reserve memory
* In some situations that a supposedly blosc chunk is passed to
blosc_decompress(), one might end with an Arithmetic exception. This is
probably due to the chunk not being an actual blosc chunk, and divisions
by zero might occur. A protection has been added for this.
Update to version 1.14.3:
* Fixed a bug that caused C-Blosc to crash on platforms requiring strict
* Fixed a piece of code that was not C89 compliant.