openSUSE Security Update: Security update for peazip ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0071-1 Rating: moderate References: #1202690 #1208468 Cross-References: CVE-2023-24785 CVSS scores: CVE-2023-24785 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for peazip fixes the following issues: peazip was updated to 9.1.0: * Major restyle in application's look & feel and themes, and many usability improvements for the file manager, and archiving / extraction screens. * The scripting engine was refined, with the ability to adapt the syntax for a specific 7z version at runtime, and to export archive conversion tasks as scripts. * Support for TAR, Brotli, and Zstandard formats was improved. * Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes boo#1208468) Update to 9.0.0: BACKEND: * Pea 1.11. CODE: * Fixes, clean up of legacy code. * Improved speed and memory usage. FILE MANAGER: * GUI better adapts to size and preference changes. * Selecting one of the available tool bars (archive manager, file manager, image manager) restores its visibility if the Tool bar is hidden. EXTRACTION and ARCHIVING: * Added new options for 7z/p7zip backend. * Improved support for TAR format, and for formats used in combination with TAR. * Improved support for ZPAQ and *PAQ formats. * Updated compression preset scripts. * Updated plugin for PeaZip. - Update to 8.9.0: BACKEND * Pea 1.10 CODE * Password Manager is now re-set only from Options > Settings > Privacy, Reset Password Manager link * Various fixes and improvements * Correctly displays folder size inside ZIP archives if applicable * Cleanup of legacy code * Improved performances and memory management for browsing archives * Improved opening folders after task completition * Improved detecting root extraction directory * Archive conversion procedure now opens target directory only once, after final compression step * Task window can now show temporary extraction work path from context menu right-clicking on input and output links FILE MANAGER * Added progress bar while opening archive files supported through 7z backend; progress indicator is not visible when archive pre-browsing is disabled in Options > Settings > General, Performance group * Improved Clipboard panel, can display tems size and modification date * Improved quick navigation menu (on the left of the Address bar) * Can now set password/keyfile, and display if a password is set * Can now display info on current archive / selection / clipboard content duplicating function of staus bar; the new Info entry is also featured in main menu, Navigation group * Can now toggle bookmarks, history, and clipboard views in the Status bar * Improved Style button * Right-clicking Style shows main menu as context menu * Settings is now reachable from Style button in Tool / Address bar * Updated theming engine * Address bar color can now be changed separately from Address field color * Tab bar color has now more options * Improved existing Themes to take advantage of the new options * Updated Tuxedo theme * New Droid theme EXTRACTION and ARCHIVING * Changed default working directory to output path, as more consistent with behavior of similar applications on non-Windows systems * Added context menu entry for "Add to separate archives" action, shown when applicable in file browser screen * Improved archiving and extraction context menu, to make easier to add files and folders (or open search) from bookmarks abd history items * Improved test after archiving * Empty archives are reported as warnings * It is now possible to set the sequence of tasks to stop for auto-test results (otherwise it will stop only in case of error) from Options > Settings > Advanced * More information is available clicking status bar string in archive creation and extraction screens: task type details, temp work path (if applicable), input zise, output path with total size and free space - Update to 8.8.0 (boo#1202690): BACKEND * 7z 22.01 * Pea 1.09 CODE * Various fixes and improvements FILE MANAGER * Improved GUI for more flexibility to better adapt to multiple environments with different visual styles EXTRACTION and ARCHIVING * Added option to test archive after creation, for formats supporting test routine, in Options > Settings, Archive manager tab * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats * Added timestamp precision option in Archiving screen, Advanced tab, applies to ZIP and TAR/pax formats * Added options to save owner/group ids and names, available in Archiving screen, Advanced tab - Set correct category in the desktop file (boo#1202690) - Update to 8.7.0: BACKEND * 7z 22.00 * Pea 1.08 CODE * Can now optionally check hash of backend binaries called by PeaZip in order to detect modified ones * Can now optionally hardcode paths of backend binaries, configuration, and non-binary resources directories as absoulte paths at compile time FILE MANAGER * Added "Open in a new tab" to breadcrumb navigation menu * Can now export content of navigation/search filter as CSV, from column's header menu, and Main menu > Navigation submenu * CSV separator can now be customised from Options > Settings, General Tab, on the right of Localization selector * File manager now displays file size and compressed file size of directories inside archives, CRC column displays files and sub-directores count for directories * Many visual enhancements EXTRACTION and ARCHIVING * Can now remember default archive creation action (force new archive, add, update, sync...) * Improved displaying directory size in archive creation screen: items are now recursively enumerated asynchronously (non blocking) by default, so it is possible to proceed with archiving operations (confirm, cancel, modify parameters...) without needing the input count to be completed * Re-organized Archive manager settings page in Options > Settings * For Zpaq format now "Absolute paths" extraction option is enabled by default (in Advanced tab of extraction screen) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-71=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): peazip-9.1.0-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (noarch): peazip-kf5-9.1.0-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-24785.html https://bugzilla.suse.com/1202690 https://bugzilla.suse.com/1208468