Changes in version 1.0.7 ======================== * The new maintainer of bzip2 is Federico Mena Quintero . * Bzip2 is now maintained under version control at https://gitlab.com/federicomenaquintero/bzip2 The following are changes that have accumulated in various distributions since bzip2-1.0.6: * Fix bashisms in bzgrep (Led). * Fix unsafe strcpy in bzip2recover (Red Hat). * Fix bzgrep so it doesn't always return a 0 exit code (Kristýna Streitová) * CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko) * Use O_CLOEXEC for bzopen() * Fix mingw compilation (Marty E. Plummer, Dylan Baker) * Fix Visual Studio compilation (Phil Ross) * Fix #10: bunzip2 -qt returns 0 for corrupt archives (Wenzong Fan) * Fix undefined behavior in macros with the shift-left operator (Paul Kehrer) * Fix a 'not a normal file' error when compressing large files on Windows (Phil Ross) This is a new bugfix: * CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive. Build system changes: * Instead of the historical Makefile, bzip2 now comes with two supported build systems (Meson and CMake), and an unsupported one (makefile.msc). Either of the supported ones should build a shared library as per modern practices. Please see the file COMPILING.md for details. Special thanks: * Julian Seward for ceding maintainership and providing lots of advice and interesting anecdotes. * Mark Wielaard for constructing a repository based on tarballs from the original releases. For a different construction by Evan Nemerson, see https://gitlab.com/federicomenaquintero/bzip2/issues/7 * Erich Córdoba and Jordan Petridis for the Continuous Integration infrastructure. * Phil Ross for the Windows build fixes. * Dylan Baker for the Meson infrastructure. * Micah Snyder for the CMake infrastructure. * Stanislav Brabec for an Autotools infrastructure, which became the basis for the Meson/CMake ones. * Jens Korte for fixing up the README. * All the people who submitted distribution-specific patches. Changes in version 1.0.6 and earlier ==================================== Please see the file NEWS-pre-1.0.7.