diff --git a/bzip2-1.0.6-CVE-2016-3189.patch b/bzip2-1.0.6-CVE-2016-3189.patch
deleted file mode 100644
index 311f666..0000000
--- a/bzip2-1.0.6-CVE-2016-3189.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Author: Jakub Martisko <jamartis@redhat.com>
-Date: Wed, 30 Mar 2016 10:22:27 +0200
-Description: bzip2recover: Fix potential use-after-free
-Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
-
---- a/bzip2recover.c
-+++ b/bzip2recover.c
-@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
-             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
-             bsPutUInt32 ( bsWr, blockCRC );
-             bsClose ( bsWr );
-+            outFile = NULL;
-          }
-          if (wrBlock >= rbCtr) break;
-          wrBlock++;
diff --git a/bzip2-1.0.6-bzgrep_return_value.patch b/bzip2-1.0.6-bzgrep_return_value.patch
index 1227517..ac5026e 100644
--- a/bzip2-1.0.6-bzgrep_return_value.patch
+++ b/bzip2-1.0.6-bzgrep_return_value.patch
@@ -1,7 +1,7 @@
-Index: bzip2-1.0.6/bzgrep
+Index: bzip2-1.0.7/bzgrep
 ===================================================================
---- bzip2-1.0.6.orig/bzgrep
-+++ bzip2-1.0.6/bzgrep
+--- bzip2-1.0.7.orig/bzgrep	2019-06-27 23:10:21.375272508 +0200
++++ bzip2-1.0.7/bzgrep	2019-06-27 23:10:21.415272635 +0200
 @@ -65,8 +65,20 @@ for i do
    else
      j=$(echo "$i" | sed 's/\\/&&/g;s/|/\\&/g;s/&/\\&/g')
diff --git a/bzip2-1.0.6-fix-bashisms.patch b/bzip2-1.0.6-fix-bashisms.patch
index afcad97..3991cb4 100644
--- a/bzip2-1.0.6-fix-bashisms.patch
+++ b/bzip2-1.0.6-fix-bashisms.patch
@@ -1,6 +1,7 @@
-diff -Ndurp bzip2-1.0.6/bzgrep bzip2-1.0.6-fix-bashisms/bzgrep
---- bzip2-1.0.6/bzgrep	2007-01-03 04:00:55.000000000 +0200
-+++ bzip2-1.0.6-fix-bashisms/bzgrep	2014-10-19 02:07:30.036033876 +0300
+Index: bzip2-1.0.7/bzgrep
+===================================================================
+--- bzip2-1.0.7.orig/bzgrep	2019-06-27 20:15:39.000000000 +0200
++++ bzip2-1.0.7/bzgrep	2019-06-27 23:12:37.027916706 +0200
 @@ -63,9 +63,7 @@ for i do
      bzip2 -cdfq "$i" | $grep $opt "$pat"
      r=$?
diff --git a/bzip2-1.0.6.tar.gz b/bzip2-1.0.6.tar.gz
deleted file mode 100644
index 8cf2887..0000000
--- a/bzip2-1.0.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-size 782025
diff --git a/bzip2-1.0.7.tar.gz b/bzip2-1.0.7.tar.gz
new file mode 100644
index 0000000..abda68b
--- /dev/null
+++ b/bzip2-1.0.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e768a87c5b1a79511499beb41500bcc4caf203726fff46a6f5f9ad27fe08ab2b
+size 809680
diff --git a/bzip2-ocloexec.patch b/bzip2-ocloexec.patch
index 4a4dc0b..a174b72 100644
--- a/bzip2-ocloexec.patch
+++ b/bzip2-ocloexec.patch
@@ -1,5 +1,7 @@
---- bzlib.c.orig
-+++ bzlib.c
+Index: bzip2-1.0.7/bzlib.c
+===================================================================
+--- bzip2-1.0.7.orig/bzlib.c	2019-06-27 20:15:39.000000000 +0200
++++ bzip2-1.0.7/bzlib.c	2019-06-27 23:10:21.399272583 +0200
 @@ -1414,7 +1414,15 @@ BZFILE * bzopen_or_bzdopen
        }
        mode++;
diff --git a/bzip2-point-to-doc-pkg.patch b/bzip2-point-to-doc-pkg.patch
index 532a62e..33c4078 100644
--- a/bzip2-point-to-doc-pkg.patch
+++ b/bzip2-point-to-doc-pkg.patch
@@ -1,7 +1,7 @@
-Index: bzip2-1.0.6/README
+Index: bzip2-1.0.7/README
 ===================================================================
---- bzip2-1.0.6.orig/README
-+++ bzip2-1.0.6/README
+--- bzip2-1.0.7.orig/README	2019-06-27 20:15:39.000000000 +0200
++++ bzip2-1.0.7/README	2019-06-27 23:10:21.387272546 +0200
 @@ -17,7 +17,8 @@ in the file LICENSE.
  
  Complete documentation is available in Postscript form (manual.ps),
diff --git a/bzip2-unsafe_strcpy.patch b/bzip2-unsafe_strcpy.patch
deleted file mode 100644
index 51516fc..0000000
--- a/bzip2-unsafe_strcpy.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- bzip2recover.c
-+++ bzip2recover.c
-@@ -309,7 +309,8 @@
-    UInt32      buffHi, buffLo, blockCRC;
-    Char*       p;
- 
--   strcpy ( progName, argv[0] );
-+   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
-+   progName[BZ_MAX_FILENAME-1]='\0';
-    inFileName[0] = outFileName[0] = 0;
- 
-    fprintf ( stderr, 
diff --git a/bzip2.changes b/bzip2.changes
index 0f30028..843037b 100644
--- a/bzip2.changes
+++ b/bzip2.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Fri Jun 28 07:42:24 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
+
+- Update bug reference
+- Fix downloaded patches
+
+-------------------------------------------------------------------
+Thu Jun 27 21:01:36 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.0.7:
+  * Fix undefined behavior in the macros SET_BH, CLEAR_BH, &
+    ISSET_BH.
+  * bzip2: Fix return value when combining --test,-t and -q.
+  * bzip2recover: Fix buffer overflow for large argv[0].
+  * bzip2recover: Fix use after free issue with outFile
+    (CVE-2016-3189).
+  * Make sure nSelectors is not out of range (CVE-2019-12900
+    bsc#1139083)
+- Drop patches fixed upstream:
+  * bzip2-unsafe_strcpy.patch.
+  * bzip2-1.0.6-CVE-2016-3189.patch.
+- Refresh patches with quilt.
+
 -------------------------------------------------------------------
 Thu Apr 18 10:28:36 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
 
diff --git a/bzip2.spec b/bzip2.spec
index bd0ddb6..9e4957f 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -12,13 +12,13 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 %define libname libbz2-1
 Name:           bzip2
-Version:        1.0.6
+Version:        1.0.7
 Release:        0
 Summary:        A Program for Compressing Files
 License:        BSD-3-Clause
@@ -32,12 +32,10 @@ Source100:      bzip2-rpmlintrc
 # PATCH-FEATURE-OPENSUSE bzip2-1.0.6-autoconfiscated.patch sbrabec@suse.cz -- Convert to a standard autoconf based package.
 Patch0:         ftp://ftp.suse.com/pub/people/sbrabec/bzip2/for_downstream/bzip2-1.0.6.2-autoconfiscated.patch
 Patch1:         bzip2-1.0.6-fix-bashisms.patch
-Patch2:         bzip2-unsafe_strcpy.patch
 Patch3:         bzip2-point-to-doc-pkg.patch
 Patch4:         bzip2-ocloexec.patch
 # PATCH-FIX-UPSTREAM bnc#970260 kstreitova@suse.com -- fix a wrong exit code when grepping multiple archives
 Patch5:         bzip2-1.0.6-bzgrep_return_value.patch
-Patch6:         bzip2-1.0.6-CVE-2016-3189.patch
 BuildRequires:  autoconf >= 2.57
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -77,11 +75,9 @@ The bzip2 runtime library development files.
 %setup -q
 %patch0
 %patch1 -p1
-%patch2
 %patch3 -p1
-%patch4
+%patch4 -p1
 %patch5 -p1
-%patch6 -p1
 
 %build
 autoreconf -fiv
@@ -91,7 +87,7 @@ autoreconf -fiv
 %if 0%{?do_profiling}
   make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}"
   make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_generate}" test
-  make clean
+  make %{?_smp_mflags} clean
   make %{?_smp_mflags} CFLAGS="%{optflags} %{cflags_profile_feedback}"
 %else
   make %{?_smp_mflags} CFLAGS="%{optflags}"