openSUSE Security Update: Security update for peazip
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2023:0071-1
Rating:             moderate
References:         #1202690 #1208468 
Cross-References:   CVE-2023-24785
CVSS scores:
                    CVE-2023-24785 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:

   This update for peazip fixes the following issues:

   peazip was updated to 9.1.0:

     * Major restyle in application's look & feel and themes, and many
       usability improvements for the file manager, and archiving /
       extraction screens.
     * The scripting engine was refined, with the ability to adapt the syntax
       for a specific 7z version at runtime, and to export archive conversion
       tasks as scripts.
     * Support for TAR, Brotli, and Zstandard formats was improved.
     * Pea was updated to 1.12, fixing for CVE-2023-24785 (this fixes
       boo#1208468)

   Update to 9.0.0:

     BACKEND:

     * Pea 1.11.

     CODE:

     * Fixes, clean up of legacy code.
     * Improved speed and memory usage.

     FILE MANAGER:

     * GUI better adapts to size and preference changes.
     * Selecting one of the available tool bars (archive manager, file
       manager, image manager) restores its visibility if the Tool bar is
       hidden.

     EXTRACTION and ARCHIVING:

     * Added new options for 7z/p7zip backend.
     * Improved support for TAR format, and for formats used in combination
       with TAR.
     * Improved support for ZPAQ and *PAQ formats.
     * Updated compression preset scripts.
     * Updated plugin for PeaZip.

   - Update to 8.9.0:

     BACKEND

       * Pea 1.10

     CODE

       * Password Manager is now re-set only from Options > Settings >
         Privacy, Reset Password Manager link
       * Various fixes and improvements
       * Correctly displays folder size inside ZIP archives if applicable
       * Cleanup of legacy code
       * Improved performances and memory management for browsing archives
       * Improved opening folders after task completition
       * Improved detecting root extraction directory
       * Archive conversion procedure now opens target directory only once,
         after final compression step
       * Task window can now show temporary extraction work path from context
         menu right-clicking on input and output links

     FILE MANAGER

       * Added progress bar while opening archive files supported through 7z
         backend; progress indicator is not visible when archive pre-browsing
         is disabled in Options > Settings > General, Performance group
       * Improved Clipboard panel, can display tems size and modification date
       * Improved quick navigation menu (on the left of the Address bar)
       * Can now set password/keyfile, and display if a password is set
       * Can now display info on current archive / selection / clipboard
         content duplicating function of staus bar; the new Info entry is
         also featured in main menu, Navigation group
       * Can now toggle bookmarks, history, and clipboard views in the Status
         bar
       * Improved Style button
       * Right-clicking Style shows main menu as context menu
       * Settings is now reachable from Style button in Tool / Address bar
       * Updated theming engine
       * Address bar color can now be changed separately from Address field
         color
       * Tab bar color has now more options
       * Improved existing Themes to take advantage of the new options
       * Updated Tuxedo theme
       * New Droid theme

     EXTRACTION and ARCHIVING

       * Changed default working directory to output path, as more consistent
         with behavior of similar applications on non-Windows systems
       * Added context menu entry for "Add to separate archives" action,
         shown when applicable in file browser screen
       * Improved archiving and extraction context menu, to make easier to
         add files and folders (or open search) from bookmarks abd history
         items
       * Improved test after archiving
       * Empty archives are reported as warnings
       * It is now possible to set the sequence of tasks to stop for
         auto-test results (otherwise it will stop only in case of error)
         from Options > Settings > Advanced
       * More information is available clicking status bar string in archive
         creation and extraction screens: task type details, temp work path
         (if applicable), input zise, output path with total size and free
         space

   - Update to 8.8.0 (boo#1202690):

     BACKEND

       * 7z 22.01
       * Pea 1.09

     CODE

       * Various fixes and improvements

     FILE MANAGER

       * Improved GUI for more flexibility to better adapt to multiple
         environments with different visual styles

     EXTRACTION and ARCHIVING

       * Added option to test archive after creation, for formats supporting
         test routine, in Options > Settings, Archive manager tab
       * Added timestamp precision option in Archiving screen, Advanced tab,
         applies to ZIP and TAR/pax formats
       * Added timestamp precision option in Archiving screen, Advanced tab,
         applies to ZIP and TAR/pax formats
       * Added options to save owner/group ids and names, available in
         Archiving screen, Advanced tab

   - Set correct category in the desktop file (boo#1202690)

   - Update to 8.7.0:

     BACKEND

       * 7z 22.00
       * Pea 1.08

     CODE

       * Can now optionally check hash of backend binaries called by PeaZip
         in order to detect modified ones
       * Can now optionally hardcode paths of backend binaries,
         configuration, and non-binary resources directories as absoulte
         paths at compile time

     FILE MANAGER

       * Added "Open in a new tab" to breadcrumb navigation menu
       * Can now export content of navigation/search filter as CSV, from
         column's header menu, and Main menu > Navigation submenu
       * CSV separator can now be customised from Options > Settings, General
         Tab, on the right of Localization selector
       * File manager now displays file size and compressed file size of
         directories inside archives, CRC column displays files and
         sub-directores count for directories
       * Many visual enhancements

     EXTRACTION and ARCHIVING

       * Can now remember default archive creation action (force new archive,
         add, update, sync...)
       * Improved displaying directory size in archive creation screen: items
         are now recursively enumerated asynchronously (non blocking) by
         default, so it is possible to proceed with archiving operations
         (confirm, cancel, modify parameters...) without needing the input
         count to be completed
       * Re-organized Archive manager settings page in Options > Settings
       * For Zpaq format now "Absolute paths" extraction option is enabled by
         default (in Advanced tab of extraction screen)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP4:

      zypper in -t patch openSUSE-2023-71=1



Package List:

   - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):

      peazip-9.1.0-bp154.2.3.1

   - openSUSE Backports SLE-15-SP4 (noarch):

      peazip-kf5-9.1.0-bp154.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2023-24785.html
   https://bugzilla.suse.com/1202690
   https://bugzilla.suse.com/1208468