summary refs log tree commit diff
path: root/gnu/packages/compression.scm
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2022-08-08 19:13:07 +0300
committerEfraim Flashner <efraim@flashner.co.il>2022-08-08 19:21:45 +0300
commit5e009a88746bf3c20b29626a8671055c47a42bd0 (patch)
tree514012154dfb0cc5a7566abfa42979b284ed01ea /gnu/packages/compression.scm
parentb8424f0cddd6be29a51b778790dd5a4ca10007c4 (diff)
downloadguix-5e009a88746bf3c20b29626a8671055c47a42bd0.tar.gz
gnu: unzip: Patch for CVE-2022-0529 and CVE-2022-0530.
* gnu/packages/compression.scm (unzip)[replacement]: New field.
(unzip/fixed): New variable.
* gnu/packages/patches/unzip-CVE-2022-0529+CVE-2022-0530.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r--gnu/packages/compression.scm10
1 files changed, 10 insertions, 0 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index e5bc3813c5..6854bcafe4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1768,6 +1768,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.")
   (package (inherit zip)
     (name "unzip")
     (version "6.0")
+    (replacement unzip/fixed)
     (source
      (origin
        (method url-fetch)
@@ -1850,6 +1851,15 @@ recreates the stored directory structure by default.")
     (license (license:non-copyleft "file://LICENSE"
                                    "See LICENSE in the distribution."))))
 
+(define unzip/fixed
+  (package (inherit unzip)
+    (source
+     (origin
+       (inherit (package-source unzip))
+       (patches (append
+                  (origin-patches (package-source unzip))
+                  (search-patches "unzip-CVE-2022-0529+CVE-2022-0530.patch")))))))
+
 (define-public ziptime
   (let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc")
         (revision "0"))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-23 10:24:27 +0000