gnu: zziplib: Fix CVE-2018-16548.

* gnu/packages/compression.scm (zziplib)[replacement]: New field. (zziplib/fixed): New private variable. * gnu/packages/patches/zziplib-CVE-2018-16548.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
author: Efraim Flashner <efraim@flashner.co.il> 2020-03-04 10:15:06 +0200
committer: Efraim Flashner <efraim@flashner.co.il> 2020-03-04 10:52:52 +0200
commit: 790b66e34fd81cdda246361303072065e6339c97 (patch)
tree: 5ce27aeeea0f79b91e3f0bcf4f77039cd3f6d842 /gnu/packages/compression.scm
parent: cc51c03ff867d4633505354819c6d88af88bf919 (diff)
download: guix-790b66e34fd81cdda246361303072065e6339c97.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ee10bd03ce..6463b50735 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1584,6 +1584,7 @@ recreates the stored directory structure by default.")
   (package
     (name "zziplib")
     (version "0.13.69")
+    (replacement zziplib/fixed)
     (home-page "https://github.com/gdraheim/zziplib")
     (source (origin
               (method git-fetch)
@@ -1621,6 +1622,13 @@ recreates the stored directory structure by default.")
     ;; files carry the Zlib license; see "docs/copying.html" for details.
     (license (list license:lgpl2.0+ license:mpl1.1))))
 
+(define zziplib/fixed
+  (package
+    (inherit zziplib)
+    (source (origin
+              (inherit (package-source zziplib))
+              (patches (search-patches "zziplib-CVE-2018-16548.patch"))))))
+
 (define-public libzip
   (package
     (name "libzip")
author	Efraim Flashner <efraim@flashner.co.il>	2020-03-04 10:15:06 +0200
committer	Efraim Flashner <efraim@flashner.co.il>	2020-03-04 10:52:52 +0200
commit	790b66e34fd81cdda246361303072065e6339c97 (patch)
tree	5ce27aeeea0f79b91e3f0bcf4f77039cd3f6d842 /gnu/packages/compression.scm
parent	cc51c03ff867d4633505354819c6d88af88bf919 (diff)
download	guix-790b66e34fd81cdda246361303072065e6339c97.tar.gz