- bzip2 version 1.0.8:
- Accept as many selectors as the file format allows. This relaxes the fix for CVE-2019-12900 from 1.0.7 so that bzip2 allows decompression of bz2 files that use (too) many selectors again.
- Fix handling of large (> 4GB) files on Windows.
- Cleanup of bzdiff and bzgrep scripts so they don't use any bash extensions and handle multiple archives correctly.
- The 05-support_64bit_file_sizes patch has been removed. This has now been included upstream.
- bzip2 version 1.0.7:
- Fix undefined behaviour in the macros
SET_BH,CLEAR_BHandISSET_BH. - bzip2: Fix return value when combining
--test,-tand-q. - bzip2recover: Fix buffer overflow for large
argv[0]. - bzip2recover: Fix use after free issue with
outFile(CVE-2016-3189). - Make sure
nSelectorsis not out of range (CVE-2019-12900).
- Fix undefined behaviour in the macros
- Visual Studio 2015 is now used to build (instead of Visual Studio 2013).
- The build script has been updated to download from the new bzip2 project home page at https://www.sourceware.org/bzip2.
- The downloaded file is verified against an expected SHA-256 hash.
- A patch has been applied to allow files larger than 2³² - 1 bytes to be handled (fixes a 'not a normal file' error). Resolves #3.
- Initial version of the patches and build script.
- bzip2 version 1.0.6.