* SECURITY REGRESSION: bzip2 update for CVE-2019-12900 causes some files raises
incorrect CRC error. (LP: #1834494)
- debian/patches/Accept-as-many-selectors-as-selectors*.patch
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2019-12900.patch: make sure
nSelectors is not out of range in decompress.c.
- CVE-2019-12900
* Non-maintainer upload.
* bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
* Remove Jorge Ernesto Guevara Cuenca from Uploaders, as agreed with him.
* Drop unused Build-Depends: gcc-multilib. Thanks to Helmut Grohne
<helmut@subdivi.de>. Closes: #778640
* Bump Standards-Version to 3.9.6. No changes needed.
* d/control: Remove useless lib{32,64}bz2* transition fields
(Conflicts/Replaces/Provides).
[ Steve Langasek ]
* Convert packaging to dh(1). Closes: #754337
* Drop obsolete maintainer script which hasn't been needed for a decade.
* Refactor the build targets so that we can move texinfo to
Build-Depends-Indep.
[ Santiago Ruano Rincón ]
* d/rules: override dh_auto_clean to call make clean.
* libbz2-dev recommends bzip2-doc to fulfill the lack of specific
development documentation. Closes: #149953
* Remove lib{32,64}bz2-{1.0,dev} packages. No longer needed, we rely on
multiarch now.
libbz2-{1.0,dev} conflict/replace/provide the removed
packages Closes: #736815
* d/copyright.in: fix versionless GPL.
* Bump Standards-Version to 3.9.5. No changes needed.
* Add ${misc:Depends} to all binary packages' dependencies.
* Adding watch file
* Updating rules clean rule.
* Updating Standards-Version to 3.9.4. No changes needed.
* Don't drink and upload release. Thanks to bubulle, habanero and
all the Cheese and Wine orga team.
* Updating 30-bzip2-harden.patch, hardening LDFLAGS was missing for
libbz2.so. Thanks to Simon Ruderich. Closes: #655164
* Bumped bzip2 priority from optional to standard. Closes: #642657
* Added 10-bzip2.1.patch to remove wrong black spaces in man page.
Thanks to Bjarni Ingi Gislason. Closes: #675380
* 30-bzip2-harden.patch to enable hardened build flags. Thanks to
Moritz Muehlenhoff. Closes: #655164
* New upstream version 1.0.6
* Debian source format is 3.0 (quilt)
* Fix "insecure temporary file creation (bzexe)"
Patch by vladz
Closes: 632862
* Compress changelogs with the -n option
Closes: 646972
* Update debian/copyright
Closes: 619797
[ Riku Voipio ]
* multiarchize, closes: #528143
* lib32bz2-1.0 only pre-depends on libc6-i386 on amd64; that
pre-dependency is nonsensical on ppc64.
Patch by Colin Watson
Closes: 614235
[ Anibal Monsalve Salazar ]
* Standards-Version is 3.9.2
* Fix debian-rules-missing-recommended-target
* Fix maintainer-script-empty
* Fix copyright-refers-to-versionless-license-file
* Fix info-document-missing-dir-section
* Fix missing-dependency-on-install-info
* Fix prerm-has-useless-call-to-install-docs
* Fix install-info-used-in-maintainer-script
* Fix integer overflow
CVE-2010-0405">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
http://www.debian.org/security/2010/dsa-2112
Closes: 597585
* Provide missing symlinks in lib32bz2-1.0 and lib64bz2-1.0
Patch by Michael Gilbert
Closes: 594733
[Jorge Ernesto Guevara Cuenca]
* New co-maintainer. Jorge Ernesto Guevara Cuenca <jguevara@debiancolombia.org>
* Add -h and --help options to the manual page (Closes: 517257)
[Santiago Ruano Rincón]
* Move DEBIAN/md5sums to a macro and rewrite to be more robust using find |
xargs and to drop the broken chmod calls. Thank to Loïc Minier from
Ubuntu. (Closes: #565393)
[ Santiago Ruano Rincón ]
* Add md5sums files. (Closes: #484342)
* Update debian/copyright.
[ Anibal Monsalve Salazar ]
* Merge from Ubuntu
* Install into /usr/lib32 as /emul/ia32-linux is deprecated
lib32bz2-1.0 pre-depends on libc6-i386 (>= 2.9-18)
Closes: #533007
* Merge from Debian unstable, remaining changes:
- debian/rules: install to /usr/lib32 on amd64
* Standards version is 3.8.1
* Add Vcs-* fields in control file
* Reinstate the $(CROSS) variable in the call to $(MAKE)
Closes: #529404
* Merge from Debian unstable, remaining changes:
- debian/rules: install to /usr/lib32 on amd64
* Fix "bzdiff doesn't work if $TMPDIR contains spaces"; closes: #493710
Patch by Vincent Lefevre <vincent@vinc17.org>
* Standards-Version is 3.8.0
* Fix the following lintian issues:
W: bzip2-doc: doc-base-unknown-section bzip2:9 Apps/Tools
* Merge from Debian unstable, remaining changes:
- debian/rules: install to /usr/lib32 on amd64
* NMU
* New upstream version. Fixes a denial of service via a crafted file.
Ref: CVE-2008-1372. (Closes: #471670).
* bzcmp: Fixed exit status for one-argument usage. Thanks to
Peter Samuelson <peter@p12n.org> (Closes: #464217).
* debian/control: Added ${shlibs:Depends} to bzip2's Depends
* debian/rules: changing mode for actual files in dev{32,64} dirs to
avoid afecting dangling symlinks and make chmod happy.
(Closes: #464270)
* SECURITY UPDATE: denial of service via heap memory corruption.
* bzlib.c, bzlib_private.h: upstream patch from 1.0.5 applied inline.
* References
CVE-2008-1372
* rebuild to regenerate bzip2.info (LP: #187946)
* debian/rules: don't try to chmod dangling symlinks in the binary
target, since coreutils now throws an error in this case. LP: #194449.
* lib32bz2-*: Install into /usr/lib32, instead of /emul; change incorrectly
dropped in last sync.
* Set Ubuntu maintainer address.
* Modify Maintainer value to match the DebianMaintainerField
specification.
* lib32bz2-*: install into /emul/ia32-linux. Closes: #458853
* bzexe: correct path is /bin/bzip2. Closes: #418532
* debian/copyright: provide a copyright file in source package.
Closes: #381230
* Synchronise with Ubuntu. Closes: #456237
* Bumped Standards-Version to 3.7.3
* Moved homepage from description to pseudo header field in
debian/control
* Improved cross-building. Closes: #445036
* Removed debian/rules.orig
* Fixed the following lintian messages:
- W: bzip2 source: debian-rules-ignores-make-clean-error line 90
- W: bzip2 source: substvar-source-version-is-deprecated libbz2-dev
- W: bzip2 source: substvar-source-version-is-deprecated bzip2
- W: bzip2 source: substvar-source-version-is-deprecated lib64bz2-dev
- W: bzip2 source: substvar-source-version-is-deprecated lib32bz2-dev
* Move the user manual in texinfo and ps format into bzip2-doc.
* New upstream version.
- Fix file permissions race problem (CAN-2005-0953).
- Sanitise file names more carefully in bzgrep. Fixes CAN-2005-0758
to the extent that applies to bzgrep.
* lib32bz2-*: Install into /usr/lib32, instead of /emul.
* Set Ubuntu maintainer address.
* Updated Build-depends, added gcc-multilib to fix FTBFS. Thanks to
"brian m. carlson" <sandals@crustytoothpaste.ath.cx>. (Closes: #422380)
* Fixed ppc64 Build-Depends, added Build-Depends on 'libc6-dev-powerpc
[ppc64]' in control. Patch by Andreas Jochens <aj@andaco.de>. (Closes: #384610)
* 32-bit libraries installed in /usr/lib32 instead of
/emul/ia32-linux/usr/lib on ppc64. Patch by Andreas Jochens <aj@andaco.de>
(Closes: #384284)
* Fixed doc-base control file, added Index: value for "info" format.
(Closes: #377184)
* The file of lib32bz2-1.0 and lib32bz2-dev are installed into
/emul/ia32-linux/usr/lib, not /usr/lib32. (Closes: #379858)
* Updated co-maintainer mail address.
* Set Standards-Version to 3.7.2.
* Fixed "bzip2: Bug in bzgrep, with fix", closes: #374168.
* Fixed "Superfluous symlinks in /usr", closes: #375285.
* Fixed lintian doc-base-file-unknown-format message.
* Synchronise with Ubuntu.
- Fixed "build dependency ia32-libs-dev [amd64] -> libc6-dev-i386
[amd64]", closes: #357271.
* Synchronize to Debian; apply the remaining Ubuntu changes to pristine
Debian version, since the current diffs were way too messy.
* debian/rules:
- Enable 32 bit libraries on amd64.
- Do not use ia32-libs as alternative shlibs.
* debian/control: Drop alternate build-dep on ia32-libs-dev.
* Fixed "upgrading fails", closes: #348266. Patches by Paul Brook
<paul@nowt.org> and Paul Wise <pabs3@bonedaddy.net>.
* Replaces amd64-libs and amd64-libs-dev versions << 1.5.
* Synchronise with Ubuntu.
- Fixed "new upstream bzip2 1.0.3 is available", closes: #318619.
- Fixed "Please provide 64-bit packages on i386", closes: #341159.
* Fixed "/usr/bin/$i -> /bin/$i symlinks make bzip2 break on some
GNU/Hurd installations", closes: #346420.
* Updated debian/copyright file.
* Fixed linda error "File not found for field Files in doc-base file
/usr/share/doc/bzip2/manual_*.html".
* New upstream version.
* Synchronise with Debian unstable.
* Fixed "Would be nice if it was installed in /bin (and /lib)",
closes: #140157.
* Fixed "The --color option can't be used by bzgrep", closes:
#316028.
* Fixed "libbz2-1.0 suggests libbz2-dev without a good reason",
closes: #333524.
* Resynchronise with Debian.
- Still generate 64 bit packages
* Fixed "libbz2-1.0: broken .shlibs file", closes: #330637.
* Acknowledge NMU, closes: #321286.
* Fixed dependency problem, closes: #330003.
* NMU
* Patch from Martin Pitt to bzgrep, to properly quote characters that can
break out of the generated sed command, in analogy to the recent zgrep
fix. Fixes CAN-2005-0758. Closes: #321286
* Fixed priority disparity. Changed priority from standard to important.
* Fixed "libbz2-1.0: missing symlink", closes: #320012.
* Changed upstream homepage, added new uploader.
* Changed Standards-Version to 3.6.2.
* Build 64bit packages to replace amd64-libs.
* Build 32bit packages on amd64 (currently disabled).
* SECURITY UPDATE: Fix shell command injection.
* bzgrep: Properly quote characters that can break out of the generated sed
command, in analogy to the recent zgrep fix.
* CAN-2005-0758
* Fixed "CAN-2005-1260 decompression bomb vulnerability", closes: #310803.
Patch by Martin Pitt <martin.pitt@ubuntu.com>.
* Fixed "Example provided in documentation causes data loss", closes:
#293581. Patch by Adam Borowski <kilobyte@mimuw.edu.pl>.
* Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
#303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>.
Original patch available at
http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2
* Fixed "missing opening bracket in libbz2-dev.prerm" (Closes: #293673,
#294663). Patches by Joshua Kwan <joshk@triplehelix.org> and
Jeremy Laine <jeremy.laine@m4x.org>.
* Fixed "uses #!/bin/sh and command -v" (Closes: #292965).
* Put back hardlinks for
/usr/bin/{bunzip2,bzcat,bzcmp,bzegrep,bzfgrep,bzless}
* Created script bzexe and its manpage (Closes: #292485).
Patch by Seo Sanghyeon <tinuviel@sparcs.kaist.ac.kr>
* New maintainer's email address.
* Fixed "Overly strict Depends (libc6-dev)" (Closes: #196264).
* Fixed "bzgrep munges filenames with '&' in them" (Closes: #231144).
* Fixed "bunzip2 -qt returns 0 for corrupt archives" (Closes: #279025).
* Fixed "bzip2 --version should exit with success" (Closes: #220374).
* Fixed "Several XSI:isms in package" (Closes: #256251).
Patch by David Weinehall <tao@debian.org>
* Enable bzip2 to cross-build (Closes: #282036).
Patch by NIIBE Yutaka <gniibe@fsij.org>
* Fixed lintian warning "bzip2 libbz2-1.0 libbz2-dev binaries:
postinst-should-not-set-usr-doc-link".
* Fixed lintian warning "bzip2 binary: package-contains-hardlink
usr/bin/{bunzip2,bzcat,bzcmp,bzegrep,bzfgrep,bzless}".
* New maintainer.
* Updated package to Policy 3.6.1.1.
* The package description does not follow Debian policy
(Closes: #209811, #210074).
* New upstream version; closes: #132318. Most of our patches merged
upstream.
* Generate copyright automatically from debian/rules.
* Set SHELL to bash in debian/rules so that we may use bashisms when
building bzip2 on boxes where /bin/sh != /bin/bash; closes: #116807.
* Fixed upstream version detection in debian/rules.
* Cleanup left-over dhelp-induced /usr/doc/bzip2 in preinst; closes: #107233.
* Set up the shlib file before running dpkg-shlibdeps to generate
correct dependencies for bzip2; closes: #105264.
* Added support for DEB_BUILD_OPTIONS.
* Added support for debian/rules get-orig-source.
* Ldconfig on postrm and remove per policy.
* Upgraded to policy 3.5.5.0.
* Fix the /usr/doc compatibility symlink; closes: #102450.
* Stripping libz2.a does not remove the .comment and .note sections
since this is non portable and more stripping will be needed anyways
after building executables; closes: #95601.
* Bzip2 -d -f now clobbers output file; closes: #95371.
* Spelling correction in bzip2.1 manpage; closes: #89315.
* Bzmore manpage comment fix; closes: #90713.
* Added --fast and --best; closes: #92203.
* Remove .note and .comment sections to make lintian happy.
* Build-depends on texinfo; closes: #88363.
* Include stdio.h in bzlib.h unconditionnaly; closes: #84096.
* Fix the test for shell script stripping; closes: #83236.
* -f really overwrites files (this was introduced in 1.0.1-1 when we
changed the fopen call to be safer with O_EXCL); closes: #81277.
* No more complaints when attempting to uncompress directories if -q
flag is specified; closes #81672.
* Added bz{more,less,{e,f,}grep,diff,cmp} wrapper scripts;
closes: #81113, #69621.
* Allow shell metacharacters in filenames; closes: #74961.
* New upstream version; closes: #64269, #72324.
* The new upstream version has a better message when catching a fatal
signal; closes: #58688.
* Versionned replaces for libbz2 and libzz2-dev.
* Fixed unsafe race condition in opening output files (closes: #56386).
Patch provided by Colin Phipps <crp22@cam.ac.uk>.
* Updated copyright file, fixed URL; closes: #64270, #64271.
* Don't give statistics when no bytes were compressed; closes: #68932.
* Make bzcat and bzip2 -d cat the file if the -f option is set;
closes: #65391.
* Added sections and priorities to packages.
* Bumped standards-version to 3.2.1.0.
* Moved back the ldconfig from the bzip2 postinst to the library
postinst (crept therein 0.9.5d-3).
* Moved the bzip2 documentation from the library package to the binary
package in order to roll out bzip2 1.0.x.
* Libbz2 and libzz2-dev now replaces bzip2 (overwrite bzip2's files...)
* New maintainer.
* New upstream release; closes: #41658, #43557.
* Shared library compiled with -D_REENTRANT.
* Splitted out shared library to new package.
* Binary now linked with shlib.
* Fixed shlibs file; closes: #43656.
* Bzcat now has a manpage; closes: #17604.
* New upstream release (closes: Bug#41217).
* bz2cat is no more. Use bzcat instead, as per upstream.
* Updated to Standards-Version 3.0.1:
- Man pages are placed in /usr/share/man.
- debian/copyright now points to /usr/share/common-licenses/GPL
instead of /usr/doc/copyright/GPL
* The bzip2 Home Page is now at http://www.bzip2.org/.
* Thanks to the patch from "Sean 'Shaleh' Perry" <shaleh@varesearch.com>,
a shared libbz2 library is here! (closes: Bug#27517, Bug#40804)
* Now registers bzip2's HTML and PS manual with doc-base.
Thanks to the suggestion from Wichert Akkerman
<wichert@cs.leidenuniv.nl> (closes: Bug#31166).
* New upstream bugfix release.
* [debian/control]: Upgraded to standards version 2.5.0.0 (no changes).
* New upstream release.
* [debian/rules]:
- bzcat and bz2cat are now both hard-linked to bzip2.
- Likewise, added symlinks bzcat.1.gz and bz2cat1.gz to bzip2.1.gz.
- Install new upstream bzip2 manual.ps and manual*.html.
- Install new upstream /usr/lib/libbz2.a and /usr/include/bzlib.h.
* [debian/copyright]: Replaced the "Copyright" section with the new
BSD-style license found in ./LICENSE.
* Removed dh_du from debian/rules.
(Fixed Lintian error: unknown-control-file du)
* Upgraded to standards version 2.4.1.0 (no changes).
* Fixed Lintian error: copyright-refers-to-compressed-license
usr/doc/copyright/GPL.gz
* Removed the note about bzip2's magic numbers in README.Debian.
The new Debian `file' package already includes them. :-)
* Now provides bz2cat, thanks to suggestions from John Goerzen
<jgoerzen@complete.org> and Joel Klecker <jk@espy.org>.
(fixes: bug#17222, bug#17484)
* /usr/bin/bunzip2 is now hardlinked to /usr/bin/bzip2.
* Updated Standards-Version to 2.3.0.1.
* Revised debian/rules.
* Added a note in README.Debian about some suggested bzip2 magic numbers.
* Changed my maintainer e-mail address to <foka@debian.org>. :)
* Added md5sums, thanks to the new debhelper-0.10. <smile>
* Initial Release.