bzip2/NEWS
2019-06-20 11:38:17 -05:00

78 lines
2.2 KiB
Plaintext

Changes in version 1.0.7
========================
* The new maintainer of bzip2 is Federico Mena Quintero
<federico@gnome.org>.
* Bzip2 is now maintained under version control at
https://gitlab.com/federicomenaquintero/bzip2
The following are changes that have accumulated in various
distributions since bzip2-1.0.6:
* Fix bashisms in bzgrep (Led).
* Fix unsafe strcpy in bzip2recover (Red Hat).
* Fix bzgrep so it doesn't always return a 0 exit code (Kristýna Streitová)
* CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)
* Use O_CLOEXEC for bzopen()
* Fix mingw compilation (Marty E. Plummer, Dylan Baker)
* Fix Visual Studio compilation (Phil Ross)
* Fix #10: bunzip2 -qt returns 0 for corrupt archives (Wenzong Fan)
* Fix undefined behavior in macros with the shift-left operator
(Paul Kehrer)
* Fix a 'not a normal file' error when compressing large files on
Windows (Phil Ross)
This is a new bugfix:
* CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files
(Albert Astals Cid). Found through fuzzing karchive.
Build system changes:
* Instead of the historical Makefile, bzip2 now comes with two
supported build systems (Meson and CMake), and an unsupported one
(makefile.msc). Either of the supported ones should build a shared
library as per modern practices. Please see the file COMPILING.md for
details.
Special thanks:
* Julian Seward for ceding maintainership and providing lots of advice
and interesting anecdotes.
* Mark Wielaard for constructing a repository based on tarballs from
the original releases. For a different construction by Evan Nemerson, see
https://gitlab.com/federicomenaquintero/bzip2/issues/7
* Erich Córdoba and Jordan Petridis for the Continuous Integration
infrastructure.
* Phil Ross for the Windows build fixes.
* Dylan Baker for the Meson infrastructure.
* Micah Snyder for the CMake infrastructure.
* Stanislav Brabec for an Autotools infrastructure, which
became the basis for the Meson/CMake ones.
* Jens Korte for fixing up the README.
* All the people who submitted distribution-specific patches.
Changes in version 1.0.6 and earlier
====================================
Please see the file NEWS-pre-1.0.7.