A peazip security update has been released for SUSE Linux Enterprise 15 SP4.

openSUSE-SU-2023:0071-1: moderate: Security update for peazip

openSUSE Security Update: Security update for peazip
______________________________________________________________________________

Announcement ID: openSUSE-SU-2023:0071-1
Rating: moderate
References: #1202690 #1208468
Cross-References: CVE-2023-24785
CVSS scores:
CVE-2023-24785 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for peazip fixes the following issues:

peazip was updated to 9.1.0:

* Major restyle in application's look & feel and themes, and many
usability improvements for the file manager, and archiving /
extraction screens.
* The scripting engine was refined, with the ability to adapt the syntax
for a specific 7z version at runtime, and to export archive conversion
tasks as scripts.
* Support for TAR, Brotli, and Zstandard formats was improved.
* Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes
boo#1208468)

Update to 9.0.0:

BACKEND:

* Pea 1.11.

CODE:

* Fixes, clean up of legacy code.
* Improved speed and memory usage.

FILE MANAGER:

* GUI better adapts to size and preference changes.
* Selecting one of the available tool bars (archive manager, file
manager, image manager) restores its visibility if the Tool bar is
hidden.

EXTRACTION and ARCHIVING:

* Added new options for 7z/p7zip backend.
* Improved support for TAR format, and for formats used in combination
with TAR.
* Improved support for ZPAQ and *PAQ formats.
* Updated compression preset scripts.
* Updated plugin for PeaZip.

- Update to 8.9.0:

BACKEND

* Pea 1.10

CODE

* Password Manager is now re-set only from Options > Settings >
Privacy, Reset Password Manager link
* Various fixes and improvements
* Correctly displays folder size inside ZIP archives if applicable
* Cleanup of legacy code
* Improved performances and memory management for browsing archives
* Improved opening folders after task completition
* Improved detecting root extraction directory
* Archive conversion procedure now opens target directory only once,
after final compression step
* Task window can now show temporary extraction work path from context
menu right-clicking on input and output links

FILE MANAGER

* Added progress bar while opening archive files supported through 7z
backend; progress indicator is not visible when archive pre-browsing
is disabled in Options > Settings > General, Performance group
* Improved Clipboard panel, can display tems size and modification date
* Improved quick navigation menu (on the left of the Address bar)
* Can now set password/keyfile, and display if a password is set
* Can now display info on current archive / selection / clipboard
content duplicating function of staus bar; the new Info entry is
also featured in main menu, Navigation group
* Can now toggle bookmarks, history, and clipboard views in the Status
bar
* Improved Style button
* Right-clicking Style shows main menu as context menu
* Settings is now reachable from Style button in Tool / Address bar
* Updated theming engine
* Address bar color can now be changed separately from Address field
color
* Tab bar color has now more options
* Improved existing Themes to take advantage of the new options
* Updated Tuxedo theme
* New Droid theme

EXTRACTION and ARCHIVING

* Changed default working directory to output path, as more consistent
with behavior of similar applications on non-Windows systems
* Added context menu entry for "Add to separate archives" action,
shown when applicable in file browser screen
* Improved archiving and extraction context menu, to make easier to
add files and folders (or open search) from bookmarks abd history
items
* Improved test after archiving
* Empty archives are reported as warnings
* It is now possible to set the sequence of tasks to stop for
auto-test results (otherwise it will stop only in case of error)
from Options > Settings > Advanced
* More information is available clicking status bar string in archive
creation and extraction screens: task type details, temp work path
(if applicable), input zise, output path with total size and free
space

- Update to 8.8.0 (boo#1202690):

BACKEND

* 7z 22.01
* Pea 1.09

CODE

* Various fixes and improvements

FILE MANAGER

* Improved GUI for more flexibility to better adapt to multiple
environments with different visual styles

EXTRACTION and ARCHIVING

* Added option to test archive after creation, for formats supporting
test routine, in Options > Settings, Archive manager tab
* Added timestamp precision option in Archiving screen, Advanced tab,
applies to ZIP and TAR/pax formats
* Added timestamp precision option in Archiving screen, Advanced tab,
applies to ZIP and TAR/pax formats
* Added options to save owner/group ids and names, available in
Archiving screen, Advanced tab

- Set correct category in the desktop file (boo#1202690)

- Update to 8.7.0:

BACKEND

* 7z 22.00
* Pea 1.08

CODE

* Can now optionally check hash of backend binaries called by PeaZip
in order to detect modified ones
* Can now optionally hardcode paths of backend binaries,
configuration, and non-binary resources directories as absoulte
paths at compile time

FILE MANAGER

* Added "Open in a new tab" to breadcrumb navigation menu
* Can now export content of navigation/search filter as CSV, from
column's header menu, and Main menu > Navigation submenu
* CSV separator can now be customised from Options > Settings, General
Tab, on the right of Localization selector
* File manager now displays file size and compressed file size of
directories inside archives, CRC column displays files and
sub-directores count for directories
* Many visual enhancements

EXTRACTION and ARCHIVING

* Can now remember default archive creation action (force new archive,
add, update, sync...)
* Improved displaying directory size in archive creation screen: items
are now recursively enumerated asynchronously (non blocking) by
default, so it is possible to proceed with archiving operations
(confirm, cancel, modify parameters...) without needing the input
count to be completed
* Re-organized Archive manager settings page in Options > Settings
* For Zpaq format now "Absolute paths" extraction option is enabled by
default (in Advanced tab of extraction screen)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-71=1


Package List:

- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):

peazip-9.1.0-bp154.2.3.1

- openSUSE Backports SLE-15-SP4 (noarch):

peazip-kf5-9.1.0-bp154.2.3.1

References:

  https://www.suse.com/security/cve/CVE-2023-24785.html
  https://bugzilla.suse.com/1202690
  https://bugzilla.suse.com/1208468