mirror of
https://https.git.savannah.gnu.org/git/guix.git/
synced 2025-07-14 02:50:45 +02:00
gnu: unzip: Add patches from Fedora [security fixes].
Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and CVE-2019-13232. * gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch, gnu/packages/patches/unzip-CVE-2016-9844.patch, gnu/packages/patches/unzip-CVE-2018-1000035.patch, gnu/packages/patches/unzip-CVE-2018-18384.patch, gnu/packages/patches/unzip-case-insensitive.patch, gnu/packages/patches/unzip-alt-iconv-utf8-print.patch, gnu/packages/patches/unzip-alt-iconv-utf8.patch, gnu/packages/patches/unzip-close.patch, gnu/packages/patches/unzip-exec-shield.patch, gnu/packages/patches/unzip-fix-recmatch.patch, gnu/packages/patches/unzip-manpage-fix.patch, gnu/packages/patches/unzip-overflow.patch, gnu/packages/patches/unzip-symlink.patch, gnu/packages/patches/unzip-timestamp.patch, gnu/packages/patches/unzip-valgrind.patch, gnu/packages/patches/unzip-x-option.patch, gnu/packages/patches/unzip-zipbomb-manpage.patch, gnu/packages/patches/unzip-zipbomb-part1.patch, gnu/packages/patches/unzip-zipbomb-part2.patch, gnu/packages/patches/unzip-zipbomb-part3.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches. (unzip)[replacement]: Graft.
This commit is contained in:
Léo Le Bouter
parent
92d0949a26
commit
31d289a475
22 changed files with 2540 additions and 0 deletions
|
|
@ -1594,6 +1594,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.")
|
|||
"unzip-overflow-on-invalid-input.patch"
|
||||
"unzip-format-secure.patch"
|
||||
"unzip-overflow-long-fsize.patch"))))
|
||||
(replacement unzip/fixed)
|
||||
(build-system gnu-build-system)
|
||||
;; no inputs; bzip2 is not supported, since not compiled with BZ_NO_STDIO
|
||||
(arguments
|
||||
|
|
@ -1629,6 +1630,54 @@ recreates the stored directory structure by default.")
|
|||
(license (license:non-copyleft "file://LICENSE"
|
||||
"See LICENSE in the distribution."))))
|
||||
|
||||
(define-public unzip/fixed
|
||||
(package
|
||||
(inherit unzip)
|
||||
(version "6.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/infozip"
|
||||
"/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"))
|
||||
(patches (search-patches "unzip-CVE-2014-8139.patch"
|
||||
"unzip-CVE-2014-8140.patch"
|
||||
"unzip-CVE-2014-8141.patch"
|
||||
"unzip-CVE-2014-9636.patch"
|
||||
"unzip-CVE-2015-7696.patch"
|
||||
"unzip-CVE-2015-7697.patch"
|
||||
"unzip-allow-greater-hostver-values.patch"
|
||||
"unzip-initialize-symlink-flag.patch"
|
||||
"unzip-remove-build-date.patch"
|
||||
"unzip-attribs-overflow.patch"
|
||||
"unzip-overflow-on-invalid-input.patch"
|
||||
"unzip-format-secure.patch"
|
||||
"unzip-overflow-long-fsize.patch"
|
||||
|
||||
;; From Fedora
|
||||
"unzip-alt-iconv-utf8.patch"
|
||||
"unzip-alt-iconv-utf8-print.patch"
|
||||
"unzip-fix-recmatch.patch"
|
||||
"unzip-caseinsensitive.patch"
|
||||
"unzip-close.patch"
|
||||
"unzip-COVSCAN-fix-unterminated-string.patch"
|
||||
"unzip-CVE-2016-9844.patch"
|
||||
"unzip-CVE-2018-1000035.patch"
|
||||
"unzip-CVE-2018-18384.patch"
|
||||
"unzip-exec-shield.patch"
|
||||
"unzip-manpage-fix.patch"
|
||||
"unzip-overflow.patch"
|
||||
"unzip-timestamp.patch"
|
||||
"unzip-valgrind.patch"
|
||||
"unzip-x-option.patch"
|
||||
;; CVE-2019-13232
|
||||
"unzip-zipbomb-manpage.patch"
|
||||
"unzip-zipbomb-part1.patch"
|
||||
"unzip-zipbomb-part2.patch"
|
||||
"unzip-zipbomb-part3.patch"))))))
|
||||
|
||||
(define-public ziptime
|
||||
(let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc")
|
||||
(revision "0"))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue