| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: unzip | Distribution: SUSE Linux Enterprise 15 |
| Version: 6.00 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150000.4.11.1 | Build date: Thu Sep 22 09:16:11 2022 |
| Group: Productivity/Archiving/Compression | Build host: s390zp36 |
| Size: 293409 | Source RPM: unzip-6.00-150000.4.11.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: http://www.info-zip.org/ | |
| Summary: A program to unpack compressed files | |
UnZip is an extraction utility for archives compressed in .zip format (known as "zip files"). Although highly compatible both with PKWARE's PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip program, our primary objectives have been portability and non-MS-DOS functionality. This version can also extract encrypted archives.
BSD-3-Clause
* Wed Sep 21 2022 danilo.spinella@suse.com
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
* Thu Oct 11 2018 kstreitova@suse.com
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
list.c [bsc#1110194] [CVE-2018-18384]
* Wed Jun 27 2018 kstreitova@suse.com
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
unable to process Windows zip64 archives because Windows
archivers set total_disks field to 0 but per standard, valid
values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
* Thu Feb 08 2018 kbabioch@suse.com
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
* Thu Jul 06 2017 nico.kruber@gmail.com
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
causing errors testing valid jar files:
$ unzip -t foo.jar
Archive: foo.jar
testing: META-INF/ bad extra-field entry:
EF block length (0 bytes) invalid (< 4)
testing: META-INF/MANIFEST.MF OK
testing: foo OK
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
where the updated patch was taken from)
* Wed Feb 15 2017 josef.moellers@suse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913.patch)
* Wed Oct 12 2016 josef.moellers@suse.com
- When decrypting an encrypted file,
quit early if compressed size < HEAD_LEN.
When extracting avoid an infinite loop
if a file never finishes unzipping.
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
CVE-2015-7696.patch, CVE-2015-7697.patch)
* Thu Jun 16 2016 tchvatal@suse.com
- Require properly the update-alternatives to not throw out errors
when installing in OBS chroot
* Mon Jan 26 2015 tbehrens@suse.com
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
the CRC32 verification (fixes bnc#909214)
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
read errors (*_6430_*, *_3422_*) show problems in
process.c:getZip64Data() (fixes bnc#909214)
* Sun Dec 21 2014 meissner@suse.com
- build with PIE
/etc/alternatives/funzip /etc/alternatives/unzip /etc/alternatives/unzipsfx /etc/alternatives/zipgrep /usr/bin/funzip /usr/bin/funzip-plain /usr/bin/unzip /usr/bin/unzip-plain /usr/bin/unzipsfx /usr/bin/unzipsfx-plain /usr/bin/zipgrep /usr/bin/zipgrep-plain /usr/bin/zipinfo
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:25:27 2024