diff options
author | Leo Famulari <leo@famulari.name> | 2018-02-12 13:49:49 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-02-13 09:51:07 -0500 |
commit | 77737e035491112a1e9c7d9a0e6f1e0397a4f930 (patch) | |
tree | 66e549878710c2dca436ed48dd3b9003a8e18302 | |
parent | ad5de226e769412131e8286e5d432377921f3ac0 (diff) | |
download | guix-77737e035491112a1e9c7d9a0e6f1e0397a4f930.tar.gz |
gnu: unzip: Mitigate CVE-2018-1000035.
* gnu/packages/compression.scm (unzip)[replacement]: New field. (unzip/fixed): New variable.
-rw-r--r-- | gnu/packages/compression.scm | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 3a0e27945f..9983ee129e 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name> +;;; Copyright © 2015, 2017, 2018 Leo Famulari <leo@famulari.name> ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com> @@ -1719,6 +1719,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.") (define-public unzip (package (inherit zip) (name "unzip") + (replacement unzip/fixed) (version "6.0") (source (origin @@ -1769,6 +1770,20 @@ recreates the stored directory structure by default.") (license (license:non-copyleft "file://LICENSE" "See LICENSE in the distribution.")))) +(define unzip/fixed + (package/inherit unzip + (arguments + (substitute-keyword-arguments (package-arguments unzip) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'unpack 'fortify + (lambda _ + ;; Mitigate CVE-2018-1000035, an exploitable buffer overflow. + ;; This environment variable is recommended in 'unix/Makefile' + ;; for passing flags to the C compiler. + (setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1") + #t)))))))) + (define-public zziplib (package (name "zziplib") |