Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

unzip-6.00-lp150.2.3 RPM for x86_64

From OpenSuSE Leap 15.0 for x86_64

Name: unzip Distribution: openSUSE Leap 15.0
Version: 6.00 Vendor: openSUSE
Release: lp150.2.3 Build date: Mon Apr 9 19:54:57 2018
Group: Productivity/Archiving/Compression Build host: cloud135
Size: 269113 Source RPM: unzip-6.00-lp150.2.3.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.info-zip.org/
Summary: A program to unpack compressed files
UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files").  Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Feb 08 2018 kbabioch@suse.com
  - Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
    password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
* Thu Jul 06 2017 nico.kruber@gmail.com
  - Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
    causing errors testing valid jar files:
    $ unzip -t foo.jar
    Archive:  foo.jar
      testing: META-INF/               bad extra-field entry:
      EF block length (0 bytes) invalid (< 4)
      testing: META-INF/MANIFEST.MF     OK
      testing: foo                      OK
    (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
    where the updated patch was taken from)
* Wed Feb 15 2017 josef.moellers@suse.com
  - Fixed two potential buffer overflows.
    The patches were extracted from
    http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
    http://antinode.info/ftp/info-zip/unzip60/list.c
    (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
    CVE-2016-9844.patch, CVE-2014-9913.patch)
* Wed Oct 12 2016 josef.moellers@suse.com
  - When decrypting an encrypted file,
    quit early if compressed size < HEAD_LEN.
    When extracting avoid an infinite loop
    if a file never finishes unzipping.
    (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
    CVE-2015-7696.patch, CVE-2015-7697.patch)
* Thu Jun 16 2016 tchvatal@suse.com
  - Require properly the update-alternatives to not throw out errors
    when installing in OBS chroot
* Mon Jan 26 2015 tbehrens@suse.com
  - Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
    the CRC32 verification (fixes bnc#909214)
  - Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
    (*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
    read errors (*_6430_*, *_3422_*) show problems in
    process.c:getZip64Data() (fixes bnc#909214)
* Sun Dec 21 2014 meissner@suse.com
  - build with PIE
* Fri Aug 02 2013 coolo@suse.com
  - fix defaultattr for old distros
* Fri Aug 02 2013 coolo@suse.com
  - split the rcc dependency into a spec file of it's own, we don't
    need that complexity during build causing cycles like this:
      unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
* Fri Apr 05 2013 idonmez@suse.com
  - Cleanup spec file
  - Add Source URL, see https://en.opensuse.org/SourceUrls
* Fri Aug 05 2011 pth@suse.de
  - Don't call isprint (bnc#620483).
* Mon May 23 2011 lnussel@suse.de
  - remove use of __DATE__ from correct file
* Sat May 07 2011 idoenmez@novell.com
  - Sync our compile time flags with Debian except Acorn stuff, this enables
    UTF-8, saves an unrelated warning about lchmod being not implemented.
  - Enable make check
* Fri Jan 28 2011 lnussel@suse.de
  - use dlopen for librcc0. A direct requires causes lots of other
    packages to get installed such as aspell which bloats a minimal
    install.
* Mon Aug 30 2010 cristian.rodriguez@opensuse.org
  - Do not include build host specific info like build dates In
    binaries.
* Fri Jun 25 2010 pth@suse.de
  - Doing open(O_WRONLY) and then fdopen("w+") will now fail with
    "Invalid Argument" whereas former glibcs would succeed. So now
    do open(O_RDWR).
  - Print error message when open(2) fails.
  - Add debugging traces in open_outfile.
* Fri May 21 2010 pth@suse.de
  - Update to 6.0:
    * Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
      entries larger than 4 GiBytes and more than 65536 entries within a
      single Zip archive.  This support is currently only available for Unix,
      OpenVMS and Win32/Win64.
    * Support for bzip2 compression method.
    * Support for UTF-8 encoded entry names, both through PKWARE's "General
      Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
      extra field.  (Currently, on Windows the UTF-8 handling is limited to
      the character subset contained in the configured non-unicode "system
      code page".)
    * Fixed "Time of Creation/Time of Use" vulnerability when setting
      attributes of extracted files, for Unix and Unix-like ports.
    * Fixed memory leak when processing invalid deflated data.
    * Fixed long-standing bug in unshrink (partial_clear), added boundary
      checks against invalid compressed data.
    * On Unix, keep inherited SGID attribute bit for extracted directories
      unless restoration of owner/group id or SUID/SGID/Tacky attributes was
      requested.
    * On Unix, allow extracted filenames to contain embedded control
      characters when explicitly requested by specifying the new command line
      option "-^".
    * On Unix, support restoration of symbolic link attributes.
    * On Unix, support restoration of 32-bit UID/GID data using the new "ux"
      IZUNIX3 extra field introduced with Zip 3.0.
    * Support symbolic links zipped up on VMS.
    * New -D option to suppress restoration of timestamps for extracted
      directory entries (on those ports that support setting of directory
      timestamps).  By specifying "-DD", this new option also allows to
      suppress timestamp restoration for ALL extracted files on all UnZip
      ports which support restoration of timestamps.  On VMS, the default
      behaviour is now to skip restoration of directory timestamps; here,
      "--D" restores ALL timestamps, "-D" restores none.
    * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
      to allow saving backup copies of overwritten files on extraction is now
      enabled by default.
* Mon May 10 2010 pth@suse.de
  - Use librcc to convert russian/slavic file names (bnc#540598).
* Sun Dec 06 2009 jengelh@.medozas.de
  - enable parallel building

Files

/etc/alternatives/funzip
/etc/alternatives/unzip
/etc/alternatives/unzipsfx
/etc/alternatives/zipgrep
/usr/bin/funzip
/usr/bin/funzip-plain
/usr/bin/unzip
/usr/bin/unzip-plain
/usr/bin/unzipsfx
/usr/bin/unzipsfx-plain
/usr/bin/zipgrep
/usr/bin/zipgrep-plain
/usr/bin/zipinfo


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Oct 10 04:45:12 2020