upx-5.0.0-lp156.3.3.1 RPM for x86_64

From OpenSuSE Leap 15.6 updates for x86_64

UPX is a compressor for several different executable formats.
Programs receive a stub that makes them self-runnable. When run,
decompression either happens in memory in-place if possible, or to a
temporary file, the latter of which does not support setuid programs,
or the proper name in argv[0].

Provides

• upx
• upx(x86-64)

Requires

• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.6)(64bit)
• libgcc_s.so.1()(64bit)
• libgcc_s.so.1(GCC_3.0)(64bit)
• libm.so.6()(64bit)
• libm.so.6(GLIBC_2.2.5)(64bit)
• libstdc++.so.6()(64bit)
• libstdc++.so.6(CXXABI_1.3)(64bit)
• libstdc++.so.6(CXXABI_1.3.9)(64bit)
• libstdc++.so.6(GLIBCXX_3.4)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.11)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.18)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.20)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.21)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.22)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.9)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1

License

Apache-2.0 WITH LLVM-exception AND GPL-2.0-or-later AND BSD-4-Clause AND BSD-3-Clause AND MIT AND Zlib AND (CPL-1.0 OR LGPL-2.1-only)

Changelog

* Fri Mar 28 2025 Jan Engelhardt <jengelh@inai.de>
  - Add 0001-More-checking-in-unpack.patch
    [boo#1240236, CVE-2025-2849]
* Sat Feb 22 2025 Jan Engelhardt <jengelh@inai.de>
  - Update to release 5.0.0
    * ELF: use of memfd_create to support Enforcing mode of SELinux
    * ELF: two-step de-compression enables future per-PT_LOAD work
    * ELF: --unmap-all-pages completely avoids /proc/self/exe
* Thu May 09 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.2.4
    * Resolve "CantPackException: MemBuffer invalid array index 0
      (0 bytes)" problem on armeabi
* Wed Mar 27 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.2.3
    * Resolve relocation overflow on PE binaries
    * Fix some segfaults under Linux and various binaries
  - Delete upx-aarch64.patch (merged)
* Wed Jan 03 2024 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.2.2
    * Fix upx program crash on Oracle Cloud VM
    * Fix upx program crash on ARM64 machines with 64K page size
    * Fix a heap-buffer-overflow in upx
* Wed Nov 01 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.2.1
    * linux: /proc/self/exe now is optional
* Thu Oct 26 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.2.0
    * win32/pe and win64/pe: stricter relocation checks
    * new option ``--link`` to preserve hard-links
      (Unix only; use with care)
    * add support for NO_COLOR env var
* Mon Oct 16 2023 Lubos Kocman <lubos.kocman@suse.com>
  - Fix typo in BSD-4-Clause
* Thu Sep 21 2023 Lubos Kocman <lubos.kocman@suse.com>
  - Update license based on legal review
    Skipping "Simplified license" WITH LZMA-exception due to missing
    matching license identifier for now
* Tue Aug 08 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.1
    * ELF: handle shared libraries with more than 2 PT_LOAD segments
* Mon Jan 30 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.0.2
    * Fix unpack of ELF x86-64 that failed with
      "CantUnpackException: corrupt b_info"
    * Resolve SEGV on PackLinuxElf64::invert_pt_dynamic
  - Delete upx-endiantests.patch (conflict upstream)
  - Delete 0001-invert_pt_dynamic-fix-thinko-PackLinuxElf64help1-ins.patch
    (merged)
* Sun Jan 15 2023 Jan Engelhardt <jengelh@inai.de>
  - Add 0001-invert_pt_dynamic-fix-thinko-PackLinuxElf64help1-ins.patch
    [boo#1207122] [CVE-2023-23457]
* Wed Nov 16 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.0.1
    * Fix crash when a linux/armeb LZMA-packed binary unpacks itself.
    * Resolve "CantPackException: bad ElfXX_Shdrs" with
      staticly-linked programs.
    * Resolve "CantPackException: need DT_INIT;..." when attempting
      to re-compress an already packed binary.
* Sat Oct 29 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 4.0
    * Add support for EFI files
  - Delete 0001-Silence-yet-some-more-compilation-warnings.patch,
    0001-Unpack-Phdrs-must-be-within-expansion-of-first-compr.patch
* Tue Jun 01 2021 Christophe Giboudeaux <christophe@krop.fr>
  - Add upstream change to fix build with GCC 11:
    * 0001-Silence-yet-some-more-compilation-warnings.patch
* Wed May 19 2021 Jan Engelhardt <jengelh@inai.de>
  - Add 0001-Unpack-Phdrs-must-be-within-expansion-of-first-compr.patch
    [CVE-2020-24119] [boo#1186238]
* Thu Jan 23 2020 Ismail Dönmez <idonmez@suse.com>
  - Update to version 3.96
    * Bug fixes:
      [CVE-2019-1010048, boo#1141777]
      [CVE-2019-14296, boo#1143839]
      [CVE-2019-20021, boo#1159833]
      [CVE-2019-20053, boo#1159920]
      [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138]
* Tue Oct 30 2018 Jan Engelhardt <jengelh@inai.de>
  - Trim bias from description.
* Sun Oct 28 2018 Luigi Baldoni <aloisio@gmx.com>
  - Update to version 3.95
    * Flag --force-pie when ET_DYN main program is not marked as
      DF_1_PIE
    * Better compatibility with varying layout of address space on
      Linux
    * Support for 4 PT_LOAD layout in ELF generated by binutils-2.31
    * bug fixes, particularly better diagnosis of malformed input
    * bug fixes - see https://github.com/upx/upx/milestone/4
  - Dropped 0001-Protect-against-bad-crafted-input.patch,
    0002-Protect-against-bad-crafted-input.patch and
    0001-Mach-o-defend-against-bad-crafted-input.patch (merged
    upstream)
  - Drop lzma922.tar.bz2 (which wasn't being used in the first
    place) and lzma-x-endian.patch which no longer applies to
    the integrated lzma-sdk. The in-tree lzma-sdk is actually a fork
    from an older version but recommended by the author, see
    src/stub/src/c/Makevars.lzma
  - Spec cleanup
* Sat Nov 18 2017 jengelh@inai.de
  - Add 0001-Mach-o-defend-against-bad-crafted-input.patch
    [CVE-2017-16869] [boo#1068681]
* Fri Oct 06 2017 jengelh@inai.de
  - Update to new upstream release 3.94
    * Add support for arm64-linux (aka aarch64).
    * Add support for --lzma compression on 64-bit PowerPC.
    * From 3.92:
    * Explicitly diagnose Go-language bad PT_LOAD.
  - Resolve apply/merge conflict of upx-endiantests.patch
  - Add 0001-Protect-against-bad-crafted-input.patch,
    0002-Protect-against-bad-crafted-input.patch [boo#1062059]
* Sun Nov 16 2014 crrodriguez@opensuse.org
  - upx-endiantests.patch and lzma-x-endian.patch Correct
    endianness tests by only considering what the compiler says
    about target system and not a hardcoded architecture list.
    (drop upx-3.03_ia64-endianity.patch)
  - build with hidden visibility.

Files

/usr/bin/upx
/usr/share/doc/packages/upx
/usr/share/doc/packages/upx/COPYING
/usr/share/doc/packages/upx/LICENSE
/usr/share/doc/packages/upx/NEWS
/usr/share/doc/packages/upx/README
/usr/share/doc/packages/upx/THANKS.txt
/usr/share/doc/packages/upx/upx-doc.html
/usr/share/doc/packages/upx/upx-doc.txt
/usr/share/licenses/upx
/usr/share/licenses/upx/LICENSE
/usr/share/man/man1/upx.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Nov 9 22:24:11 2025