Overview Repositories Revisions Requests Users Attributes Meta

A program to unpack compressed files

Edit Package unzip
http://www.info-zip.org/

UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files"). Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Links to openSUSE:Factory / unzip
  • Download package
  • osc -A https://api.opensuse.org checkout Archiving/unzip && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
CVE-2014-9913.patch 0000001013 1013 Bytes
CVE-2015-7696.patch 0000001234 1.21 KB
CVE-2015-7697.patch 0000001600 1.56 KB
CVE-2016-9844.patch 0000000950 950 Bytes
CVE-2018-1000035.patch 0000001290 1.26 KB
Fix-CVE-2014-8139-unzip.patch 0000003322 3.24 KB
Fix-CVE-2014-8140-and-CVE-2014-8141.patch 0000006872 6.71 KB
Fix-CVE-2014-9636-unzip-buffer-overflow.patch 0000001621 1.58 KB
_link 0000000124 124 Bytes
pre_checkin.sh 0000000237 237 Bytes
unzip-5.52-filename_too_long.patch 0000001210 1.18 KB
unzip-5.52-use_librcc.patch 0000004686 4.58 KB
unzip-dont_call_isprint.patch 0000000604 604 Bytes
unzip-iso8859_2.patch 0000007716 7.54 KB
unzip-no-build-date.patch 0000002286 2.23 KB
unzip-no_file_name_translation.patch 0000003873 3.78 KB
unzip-open_missing_mode.patch 0000002755 2.69 KB
unzip-optflags.patch 0000001111 1.08 KB
unzip-rcc.changes 0000014181 13.8 KB
unzip-rcc.spec 0000005605 5.47 KB
unzip.changes 0000014198 13.9 KB
unzip.dif 0000000749 749 Bytes
unzip.spec 0000005594 5.46 KB
unzip60-cfactorstr_overflow.patch 0000001623 1.58 KB
unzip60-total_disks_zero.patch 0000001265 1.24 KB
unzip60.tar.gz 0001376845 1.31 MB
Revision 53 (latest revision is 64)
Martin Pluskal's avatar Martin Pluskal (pluskalm) accepted request 642997 from Kristyna Streitova's avatar Kristyna Streitova (kstreitova) (revision 53) 
  list.c [bsc#1110194] [CVE-2018-18384]
Comments 2
Kira Marie Backes's avatar
Kira Marie Backes (audaki) -

There is a huge and probably very old bug in openSUSE unzip (Tumbleweed as well as 15.3). This bug is fixed in Ubuntu's unzip version, I looked at their patches and there's several CVEs missing here, and I assume it's one of these patches that fixed the issue.

The bug is when extracting an archive where file permissions are not explicitly set, occasionally (but reproducibly) one or more files get converted to be symlinks and the original content of the file is suddenly the link target.

This can easily be reproduced by downloading the zip archives from the Shopware/Platform project, e.g. https://github.com/shopware/platform/archive/dd2bf30d0519dcd9416dc269c88edcfd66f92add.zip

When downloading this zip archive and extracting it in the console with unzip the file platform-dd2bf30d0519dcd9416dc269c88edcfd66f92add/src/Storefront/Resources/app/storefront/dist/assets/icon/default/editor-redo.svg gets erroneously converted into a symlink. The fun thing about this bug is that you can reproduce it with nearly every single zip of a commit and it's always different files, but when extracting the same archive it's always the same file(s) that get converted into a symlink. This bug has caused us a lot of issues for the past year.

I guess it's one of the not applied patches you can see here: https://sources.debian.org/patches/unzip/6.0-26/

kind regards, Kira Backes

Marcus Meissner's avatar
Marcus Meissner (msmeissn) -

https://bugzilla.suse.com/show_bug.cgi?id=1190273

openSUSE Build Service is sponsored by
Places