Skip to content

Changelog bzip2 (1.0.6-8.1ubuntu0.2)


bzip2 (1.0.6-8.1ubuntu0.2) bionic-security; urgency=medium

   * SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
     incorrect CRC error. (LP: #1834494)
     - debian/patches/Accept-as-many-selectors-as-selectors*.patch

bzip2 (1.0.6-8.1ubuntu0.1) bionic-security; urgency=medium

   * SECURITY UPDATE: out-of-bounds write
     - debian/patches/CVE-2019-12900.patch: make sure
       nSelectors is not out of range in decompress.c.
     - CVE-2019-12900


bzip2 (1.0.6-8.1) unstable; urgency=medium

   * Non-maintainer upload.
   * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)


bzip2 (1.0.6-8) unstable; urgency=medium

   * Remove Jorge Ernesto Guevara Cuenca from Uploaders, as agreed with him.
   * Drop unused Build-Depends: gcc-multilib. Thanks to Helmut Grohne
     <>. Closes: #778640
   * Bump Standards-Version to 3.9.6. No changes needed.


bzip2 (1.0.6-7) unstable; urgency=medium

   * d/control: Remove useless lib{32,64}bz2* transition fields

bzip2 (1.0.6-6) unstable; urgency=low

   [ Steve Langasek ]
   * Convert packaging to dh(1). Closes: #754337
   * Drop obsolete maintainer script which hasn't been needed for a decade.
   * Refactor the build targets so that we can move texinfo to
   [ Santiago Ruano Rincón ]
   * d/rules: override dh_auto_clean to call make clean.
   * libbz2-dev recommends bzip2-doc to fulfill the lack of specific
     development documentation. Closes: #149953
   * Remove lib{32,64}bz2-{1.0,dev} packages. No longer needed, we rely on
     multiarch now.
     libbz2-{1.0,dev} conflict/replace/provide the removed
     packages Closes: #736815
   * d/ fix versionless GPL.
   * Bump Standards-Version to 3.9.5. No changes needed.
   * Add ${misc:Depends} to all binary packages' dependencies.


bzip2 (1.0.6-5) unstable; urgency=low

   * Adding watch file
   * Updating rules clean rule.
   * Updating Standards-Version to 3.9.4. No changes needed.
   * Don't drink and upload release. Thanks to bubulle, habanero and
     all the Cheese and Wine orga team.


bzip2 (1.0.6-4) unstable; urgency=low

   * Updating 30-bzip2-harden.patch, hardening LDFLAGS was missing for Thanks to Simon Ruderich. Closes: #655164

bzip2 (1.0.6-3) unstable; urgency=low

   * Bumped bzip2 priority from optional to standard. Closes: #642657

bzip2 (1.0.6-2) unstable; urgency=low

   * Added 10-bzip2.1.patch to remove wrong black spaces in man page.
     Thanks to Bjarni Ingi Gislason. Closes: #675380
   * 30-bzip2-harden.patch to enable hardened build flags. Thanks to
     Moritz Muehlenhoff. Closes: #655164


bzip2 (1.0.6-1) unstable; urgency=low

   * New upstream version 1.0.6
   * Debian source format is 3.0 (quilt)
   * Fix "insecure temporary file creation (bzexe)"
     Patch by vladz
     Closes: 632862
   * Compress changelogs with the -n option
     Closes: 646972
   * Update debian/copyright
     Closes: 619797

bzip2 (1.0.5-7) unstable; urgency=low

   [ Riku Voipio ]
   * multiarchize, closes: #528143
   * lib32bz2-1.0 only pre-depends on libc6-i386 on amd64; that
     pre-dependency is nonsensical on ppc64.
     Patch by Colin Watson
     Closes: 614235
   [ Anibal Monsalve Salazar ]
   * Standards-Version is 3.9.2
   * Fix debian-rules-missing-recommended-target
   * Fix maintainer-script-empty
   * Fix copyright-refers-to-versionless-license-file
   * Fix info-document-missing-dir-section
   * Fix missing-dependency-on-install-info
   * Fix prerm-has-useless-call-to-install-docs
   * Fix install-info-used-in-maintainer-script


bzip2 (1.0.5-6) unstable; urgency=high

   * Fix integer overflow
     Closes: 597585

bzip2 (1.0.5-5) unstable; urgency=low

   * Provide missing symlinks in lib32bz2-1.0 and lib64bz2-1.0
     Patch by Michael Gilbert
     Closes: 594733

bzip2 (1.0.5-4) unstable; urgency=low

   [Jorge Ernesto Guevara Cuenca]
   * New co-maintainer. Jorge Ernesto Guevara Cuenca <>
   * Add -h and --help options to the manual page (Closes: 517257)
   [Santiago Ruano Rincón]
   * Move DEBIAN/md5sums to a macro and rewrite to be more robust using find |
     xargs and to drop the broken chmod calls. Thank to Loïc Minier from
     Ubuntu. (Closes: #565393)


bzip2 (1.0.5-3) unstable; urgency=low

   [ Santiago Ruano Rincón ]
   * Add md5sums files. (Closes: #484342)
   * Update debian/copyright.
   [ Anibal Monsalve Salazar ]
   * Merge from Ubuntu
   * Install into /usr/lib32 as /emul/ia32-linux is deprecated
     lib32bz2-1.0 pre-depends on libc6-i386 (>= 2.9-18)
     Closes: #533007

bzip2 (1.0.5-2ubuntu1) karmic; urgency=low

   * Merge from Debian unstable, remaining changes:
     - debian/rules: install to /usr/lib32 on amd64

bzip2 (1.0.5-2) unstable; urgency=low

   * Standards version is 3.8.1
   * Add Vcs-* fields in control file
   * Reinstate the $(CROSS) variable in the call to $(MAKE)
     Closes: #529404


bzip2 (1.0.5-1ubuntu1) jaunty; urgency=low

   * Merge from Debian unstable, remaining changes:
     - debian/rules: install to /usr/lib32 on amd64

bzip2 (1.0.5-1) unstable; urgency=low

   * Fix "bzdiff doesn't work if $TMPDIR contains spaces"; closes: #493710
     Patch by Vincent Lefevre <>
   * Standards-Version is 3.8.0
   * Fix the following lintian issues:
     W: bzip2-doc: doc-base-unknown-section bzip2:9 Apps/Tools

bzip2 (1.0.5-0.1ubuntu1) intrepid; urgency=low

   * Merge from Debian unstable, remaining changes:
     - debian/rules: install to /usr/lib32 on amd64

bzip2 (1.0.5-0.1) unstable; urgency=high

   * NMU
   * New upstream version. Fixes a denial of service via a crafted file.
     Ref: CVE-2008-1372. (Closes: #471670).

bzip2 (1.0.4-4) unstable; urgency=low

   * bzcmp: Fixed exit status for one-argument usage. Thanks to
     Peter Samuelson <> (Closes: #464217).
   * debian/control: Added ${shlibs:Depends} to bzip2's Depends

bzip2 (1.0.4-3) unstable; urgency=low

   * debian/rules: changing mode for actual files in dev{32,64} dirs to
     avoid afecting dangling symlinks and make chmod happy.
     (Closes: #464270)

bzip2 (1.0.4-2ubuntu4) hardy; urgency=low

   * SECURITY UPDATE: denial of service via heap memory corruption.
   * bzlib.c, bzlib_private.h: upstream patch from 1.0.5 applied inline.
   * References

bzip2 (1.0.4-2ubuntu3) hardy; urgency=low

   * rebuild to regenerate (LP: #187946)

bzip2 (1.0.4-2ubuntu2) hardy; urgency=low

   * debian/rules: don't try to chmod dangling symlinks in the binary
     target, since coreutils now throws an error in this case.  LP: #194449.

bzip2 (1.0.4-2ubuntu1) hardy; urgency=low

   * lib32bz2-*: Install into /usr/lib32, instead of /emul; change incorrectly
     dropped in last sync.
   * Set Ubuntu maintainer address.
   * Modify Maintainer value to match the DebianMaintainerField

bzip2 (1.0.4-2) unstable; urgency=low

   * lib32bz2-*: install into /emul/ia32-linux. Closes: #458853
   * bzexe: correct path is /bin/bzip2. Closes: #418532
   * debian/copyright: provide a copyright file in source package.
     Closes: #381230


bzip2 (1.0.4-1) unstable; urgency=low

   * Synchronise with Ubuntu. Closes: #456237
   * Bumped Standards-Version to 3.7.3
   * Moved homepage from description to pseudo header field in
   * Improved cross-building. Closes: #445036
   * Removed debian/rules.orig
   * Fixed the following lintian messages:
     - W: bzip2 source: debian-rules-ignores-make-clean-error line 90
     - W: bzip2 source: substvar-source-version-is-deprecated libbz2-dev
     - W: bzip2 source: substvar-source-version-is-deprecated bzip2
     - W: bzip2 source: substvar-source-version-is-deprecated lib64bz2-dev
     - W: bzip2 source: substvar-source-version-is-deprecated lib32bz2-dev

bzip2 (1.0.4-0ubuntu2) gutsy; urgency=low

   * Move the user manual in texinfo and ps format into bzip2-doc.

bzip2 (1.0.4-0ubuntu1) gutsy; urgency=low

   * New upstream version.
     - Fix file permissions race problem (CAN-2005-0953).
     - Sanitise file names more carefully in bzgrep.  Fixes CAN-2005-0758
       to the extent that applies to bzgrep.
   * lib32bz2-*: Install into /usr/lib32, instead of /emul.
   * Set Ubuntu maintainer address.

bzip2 (1.0.3-7) unstable; urgency=low

   * Updated Build-depends, added gcc-multilib to fix FTBFS. Thanks to
     "brian m. carlson" <>. (Closes: #422380)


bzip2 (1.0.3-6) unstable; urgency=low

   * Fixed ppc64 Build-Depends, added Build-Depends on 'libc6-dev-powerpc
     [ppc64]' in control. Patch by Andreas Jochens <>. (Closes: #384610)

bzip2 (1.0.3-5) unstable; urgency=low

   * 32-bit libraries installed in /usr/lib32 instead of
     /emul/ia32-linux/usr/lib on ppc64. Patch by Andreas Jochens <>
     (Closes: #384284)
   * Fixed doc-base control file, added Index: value for "info" format.
     (Closes: #377184)

bzip2 (1.0.3-4) unstable; urgency=low

   * The file of lib32bz2-1.0 and lib32bz2-dev are installed into
     /emul/ia32-linux/usr/lib, not /usr/lib32. (Closes: #379858)

bzip2 (1.0.3-3) unstable; urgency=low

   * Updated co-maintainer mail address.
   * Set Standards-Version to 3.7.2.
   * Fixed "bzip2: Bug in bzgrep, with fix", closes: #374168.
   * Fixed "Superfluous symlinks in /usr", closes: #375285.
   * Fixed lintian doc-base-file-unknown-format message.
   * Synchronise with Ubuntu.
     - Fixed "build dependency ia32-libs-dev [amd64] -> libc6-dev-i386
       [amd64]", closes: #357271.

bzip2 (1.0.3-2ubuntu1) edgy; urgency=low

   * Synchronize to Debian; apply the remaining Ubuntu changes to pristine
     Debian version, since the current diffs were way too messy.
   * debian/rules:
     - Enable 32 bit libraries on amd64.
     - Do not use ia32-libs as alternative shlibs.
   * debian/control: Drop alternate build-dep on ia32-libs-dev.

bzip2 (1.0.3-2) unstable; urgency=low

   * Fixed "upgrading fails", closes: #348266. Patches by Paul Brook
     <> and Paul Wise <>.
   * Replaces amd64-libs and amd64-libs-dev versions << 1.5.

bzip2 (1.0.3-1) unstable; urgency=low

   * Synchronise with Ubuntu.
     - Fixed "new upstream bzip2 1.0.3 is available", closes: #318619.
     - Fixed "Please provide 64-bit packages on i386", closes: #341159.
   * Fixed "/usr/bin/$i -> /bin/$i symlinks make bzip2 break on some
     GNU/Hurd installations", closes: #346420.
   * Updated debian/copyright file.
   * Fixed linda error "File not found for field Files in doc-base file


bzip2 (1.0.3-0ubuntu1) dapper; urgency=low

   * New upstream version.
   * Synchronise with Debian unstable.

bzip2 (1.0.2-11) unstable; urgency=low

   * Fixed "Would be nice if it was installed in /bin (and /lib)",
     closes: #140157.
   * Fixed "The --color option can't be used by bzgrep", closes:
   * Fixed "libbz2-1.0 suggests libbz2-dev without a good reason",
     closes: #333524.

bzip2 (1.0.2-10ubuntu1) dapper; urgency=low

   * Resynchronise with Debian.
     - Still generate 64 bit packages

bzip2 (1.0.2-10) unstable; urgency=low

   * Fixed "libbz2-1.0: broken .shlibs file", closes: #330637.

bzip2 (1.0.2-9) unstable; urgency=low

   * Acknowledge NMU, closes: #321286.
   * Fixed dependency problem, closes: #330003.

bzip2 (1.0.2-8.1) unstable; urgency=low

   * NMU
   * Patch from Martin Pitt to bzgrep, to properly quote characters that can
     break out of the generated sed command, in analogy to the recent zgrep
     fix. Fixes CAN-2005-0758. Closes: #321286

bzip2 (1.0.2-8) unstable; urgency=low

   * Fixed priority disparity. Changed priority from standard to important.
   * Fixed "libbz2-1.0: missing symlink", closes: #320012.
   * Changed upstream homepage, added new uploader.
   * Changed Standards-Version to 3.6.2.

bzip2 (1.0.2-7ubuntu2) breezy; urgency=low

   * Build 64bit packages to replace amd64-libs.
   * Build 32bit packages on amd64 (currently disabled).

bzip2 (1.0.2-7ubuntu1) breezy; urgency=low

   * SECURITY UPDATE: Fix shell command injection.
   * bzgrep: Properly quote characters that can break out of the generated sed
     command, in analogy to the recent zgrep fix.
   * CAN-2005-0758

bzip2 (1.0.2-7) unstable; urgency=high

   * Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803.
     Patch by Martin Pitt <>.
   * Fixed "Example provided in documentation causes data loss", closes:
     #293581. Patch by Adam Borowski <>.

bzip2 (1.0.2-6) unstable; urgency=high

   * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
     #303300. Patch by Santiago Ruano Rincon <>.
     Original patch available at

bzip2 (1.0.2-5) unstable; urgency=low

   * Fixed "missing opening bracket in libbz2-dev.prerm" (Closes: #293673,
     #294663). Patches by Joshua Kwan <> and
     Jeremy Laine <>.
   * Fixed "uses #!/bin/sh and command -v" (Closes: #292965).

bzip2 (1.0.2-4) unstable; urgency=low

   * Put back hardlinks for
   * Created script bzexe and its manpage (Closes: #292485).
     Patch by Seo Sanghyeon <>
   * New maintainer's email address.

bzip2 (1.0.2-3) unstable; urgency=low

   * Fixed "Overly strict Depends (libc6-dev)" (Closes: #196264).
   * Fixed "bzgrep munges filenames with '&' in them" (Closes: #231144).
   * Fixed "bunzip2 -qt returns 0 for corrupt archives" (Closes: #279025).
   * Fixed "bzip2 --version should exit with success" (Closes: #220374).
   * Fixed "Several XSI:isms in package" (Closes: #256251).
     Patch by David Weinehall <>
   * Enable bzip2 to cross-build (Closes: #282036).
     Patch by NIIBE Yutaka <>
   * Fixed lintian warning "bzip2 libbz2-1.0 libbz2-dev binaries:
   * Fixed lintian warning "bzip2 binary: package-contains-hardlink


bzip2 (1.0.2-2) unstable; urgency=high

   * New maintainer.
   * Updated package to Policy
   * The package description does not follow Debian policy
     (Closes: #209811, #210074).


bzip2 (1.0.2-1) unstable; urgency=low

   * New upstream version; closes: #132318. Most of our patches merged
   * Generate copyright automatically from debian/rules.


bzip2 (1.0.1-14) unstable; urgency=low

   * Set SHELL to bash in debian/rules so that we may use bashisms when
     building bzip2 on boxes where /bin/sh != /bin/bash; closes: #116807.

bzip2 (1.0.1-13) unstable; urgency=low

   * Fixed upstream version detection in debian/rules.
   * Cleanup left-over dhelp-induced /usr/doc/bzip2 in preinst; closes: #107233.

bzip2 (1.0.1-12) unstable; urgency=low

   * Set up the shlib file before running dpkg-shlibdeps to generate
     correct dependencies for bzip2; closes: #105264.

bzip2 (1.0.1-11) unstable; urgency=low

   * Added support for DEB_BUILD_OPTIONS.
   * Added support for debian/rules get-orig-source.
   * Ldconfig on postrm and remove per policy.
   * Upgraded to policy

bzip2 (1.0.1-10) unstable; urgency=low

   * Fix the /usr/doc compatibility symlink; closes: #102450.

bzip2 (1.0.1-9) unstable; urgency=low

   * Stripping libz2.a does not remove the .comment and .note sections
     since this is non portable and more stripping will be needed anyways
     after building executables; closes: #95601.

bzip2 (1.0.1-8) unstable; urgency=low

   * Bzip2 -d -f now clobbers output file; closes: #95371.

bzip2 (1.0.1-7) unstable; urgency=low

   * Spelling correction in bzip2.1 manpage; closes: #89315.
   * Bzmore manpage comment fix; closes: #90713.
   * Added --fast and --best; closes: #92203.
   * Remove .note and .comment sections to make lintian happy.

bzip2 (1.0.1-6) unstable; urgency=low

   * Build-depends on texinfo; closes: #88363.

bzip2 (1.0.1-5) unstable; urgency=low

   * Include stdio.h in bzlib.h unconditionnaly; closes: #84096.

bzip2 (1.0.1-4) unstable; urgency=low

   * Fix the test for shell script stripping; closes: #83236.

bzip2 (1.0.1-3) unstable; urgency=low

   * -f really overwrites files (this was introduced in 1.0.1-1 when we
     changed the fopen call to be safer with O_EXCL); closes: #81277.
   * No more complaints when attempting to uncompress directories if -q
     flag is specified; closes #81672.
   * Added bz{more,less,{e,f,}grep,diff,cmp} wrapper scripts;
     closes: #81113, #69621.


bzip2 (1.0.1-2) unstable; urgency=low

   * Allow shell metacharacters in filenames; closes: #74961.

bzip2 (1.0.1-1) unstable; urgency=low

   * New upstream version; closes: #64269, #72324.
   * The new upstream version has a better message when catching a fatal
     signal; closes: #58688.
   * Versionned replaces for libbz2 and libzz2-dev.
   * Fixed unsafe race condition in opening output files (closes: #56386).
     Patch provided by Colin Phipps <>.
   * Updated copyright file, fixed URL; closes: #64270, #64271.
   * Don't give statistics when no bytes were compressed; closes: #68932.
   * Make bzcat and bzip2 -d cat the file if the -f option is set;
     closes: #65391.
   * Added sections and priorities to packages.
   * Bumped standards-version to
   * Moved back the ldconfig from the bzip2 postinst to the library
     postinst (crept therein 0.9.5d-3).

bzip2 (0.9.5d-3) unstable; urgency=low

   * Moved the bzip2 documentation from the library package to the binary
     package in order to roll out bzip2 1.0.x.


bzip2 (0.9.5d-2) unstable; urgency=low

   * Libbz2 and libzz2-dev now replaces bzip2 (overwrite bzip2's files...)

bzip2 (0.9.5d-1) unstable; urgency=low

   * New maintainer.
   * New upstream release; closes: #41658, #43557.
   * Shared library compiled with -D_REENTRANT.
   * Splitted out shared library to new package.
   * Binary now linked with shlib.
   * Fixed shlibs file; closes: #43656.
   * Bzcat now has a manpage; closes: #17604.

bzip2 (0.9.5c-1) unstable; urgency=low

   * New upstream release (closes: Bug#41217).
   * bz2cat is no more.  Use bzcat instead, as per upstream.
   * Updated to Standards-Version 3.0.1:
      - Man pages are placed in /usr/share/man.
      - debian/copyright now points to /usr/share/common-licenses/GPL
        instead of /usr/doc/copyright/GPL
   * The bzip2 Home Page is now at
   * Thanks to the patch from "Sean 'Shaleh' Perry" <>,
     a shared libbz2 library is here!  (closes: Bug#27517, Bug#40804)


bzip2 (0.9.0c-2) frozen unstable; urgency=low

   * Now registers bzip2's HTML and PS manual with doc-base.
     Thanks to the suggestion from Wichert Akkerman
     <> (closes: Bug#31166).

bzip2 (0.9.0c-1) frozen unstable; urgency=low

   * New upstream bugfix release.
   * [debian/control]: Upgraded to standards version (no changes).

bzip2 (0.9.0-1) unstable; urgency=low

   * New upstream release.
   * [debian/rules]:
       - bzcat and bz2cat are now both hard-linked to bzip2.
       - Likewise, added symlinks bzcat.1.gz and bz2cat1.gz to bzip2.1.gz.
       - Install new upstream bzip2 and manual*.html.
       - Install new upstream /usr/lib/libbz2.a and /usr/include/bzlib.h.
   * [debian/copyright]: Replaced the "Copyright" section with the new
       BSD-style license found in ./LICENSE.

bzip2 (0.1pl2-5) frozen unstable; urgency=low

   * Removed dh_du from debian/rules.
     (Fixed Lintian error: unknown-control-file du)
   * Upgraded to standards version (no changes).
   * Fixed Lintian error: copyright-refers-to-compressed-license
   * Removed the note about bzip2's magic numbers in README.Debian.
     The new Debian `file' package already includes them.  :-)

bzip2 (0.1pl2-4) unstable; urgency=low

   * Now provides bz2cat, thanks to suggestions from John Goerzen
     <> and Joel Klecker <>.
     (fixes: bug#17222, bug#17484)
   * /usr/bin/bunzip2 is now hardlinked to /usr/bin/bzip2.

bzip2 (0.1pl2-3) unstable; urgency=low

   * Updated Standards-Version to
   * Revised debian/rules.
   * Added a note in README.Debian about some suggested bzip2 magic numbers.
   * Changed my maintainer e-mail address to <>.  :)


bzip2 (0.1pl2-2) unstable; urgency=low

   * Added md5sums, thanks to the new debhelper-0.10.  <smile>

bzip2 (0.1pl2-1) unstable; urgency=low

   * Initial Release.