summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/compression.scm45
-rw-r--r--gnu/packages/patches/upx-CVE-2021-20285.patch76
3 files changed, 11 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 57f20b7314..eb6ac3df58 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1954,7 +1954,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/unzip-zipbomb-part2.patch		\
   %D%/packages/patches/unzip-zipbomb-part3.patch		\
   %D%/packages/patches/unzip-32bit-zipbomb-fix.patch    \
-  %D%/packages/patches/upx-CVE-2021-20285.patch		\
   %D%/packages/patches/ustr-fix-build-with-gcc-5.patch		\
   %D%/packages/patches/util-linux-tests.patch			\
   %D%/packages/patches/util-linux-CVE-2021-3995.patch		\
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index c258302d5c..f60ed4f597 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -35,6 +35,7 @@
 ;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
 ;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2021 Ahmad Jarara <git@ajarara.io>
+;;; Copyright © 2022 Zhu Zihao <all_but_last@163.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2308,40 +2309,16 @@ decompression is a little bit slower.")
 (define-public upx
   (package
     (name "upx")
-    (version "3.96")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "https://github.com/upx/upx/releases/download/v"
-                                 version "/upx-" version "-src.tar.xz"))
-             (sha256
-              (base32
-               "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7"))
-             (patches (search-patches "upx-CVE-2021-20285.patch"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     (list perl))
-    (inputs
-     (list ucl zlib))
-    (arguments
-     `(#:make-flags
-       (list "all")
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure)            ; no configure script
-         (delete 'check)                ; no test suite
-         (add-before 'build 'patch-exec-bin-sh
-           (lambda _
-             (substitute* (list "Makefile"
-                                "src/Makefile")
-               (("/bin/sh") (which "sh")))
-             #t))
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (bin (string-append out "/bin")))
-               (mkdir-p bin)
-               (copy-file "src/upx.out" (string-append bin "/upx")))
-             #t)))))
+    (version "4.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/upx/upx/releases/download/v"
+                           version "/upx-" version "-src.tar.xz"))
+       (sha256
+        (base32
+         "1sinky0rq40q2qqzly99c5hdd6ilz2bxlbqla9lg0rafhbw3iyga"))))
+    (build-system cmake-build-system)
     (home-page "https://upx.github.io/")
     (synopsis "Compression tool for executables")
     (description
diff --git a/gnu/packages/patches/upx-CVE-2021-20285.patch b/gnu/packages/patches/upx-CVE-2021-20285.patch
deleted file mode 100644
index 1d47b2a8bb..0000000000
--- a/gnu/packages/patches/upx-CVE-2021-20285.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 3781df9da23840e596d5e9e8493f22666802fe6c Mon Sep 17 00:00:00 2001
-From: John Reiser <jreiser@BitWagon.com>
-Date: Fri, 11 Dec 2020 13:38:18 -0800
-Subject: [PATCH] Check DT_REL/DT_RELA, DT_RELSZ/DT_RELASZ
-
-https://github.com/upx/upx/issues/421
-	modified:   p_lx_elf.cpp
----
- src/p_lx_elf.cpp | 34 +++++++++++++++++++++++++++++-----
- 1 file changed, 29 insertions(+), 5 deletions(-)
-
-diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
-index 182db192..3a4101cf 100644
---- a/src/p_lx_elf.cpp
-+++ b/src/p_lx_elf.cpp
-@@ -2222,8 +2222,20 @@ bool PackLinuxElf32::canPack()
-                         int z_rsz = dt_table[Elf32_Dyn::DT_RELSZ];
-                         if (z_rel && z_rsz) {
-                             unsigned rel_off = get_te32(&dynseg[-1+ z_rel].d_val);
-+                            if ((unsigned)file_size <= rel_off) {
-+                                char msg[70]; snprintf(msg, sizeof(msg),
-+                                     "bad Elf32_Dynamic[DT_REL] %#x\n",
-+                                     rel_off);
-+                                throwCantPack(msg);
-+                            }
-                             Elf32_Rel *rp = (Elf32_Rel *)&file_image[rel_off];
-                             unsigned relsz   = get_te32(&dynseg[-1+ z_rsz].d_val);
-+                            if ((unsigned)file_size <= relsz) {
-+                                char msg[70]; snprintf(msg, sizeof(msg),
-+                                     "bad Elf32_Dynamic[DT_RELSZ] %#x\n",
-+                                     relsz);
-+                                throwCantPack(msg);
-+                            }
-                             Elf32_Rel *last = (Elf32_Rel *)(relsz + (char *)rp);
-                             for (; rp < last; ++rp) {
-                                 unsigned r_va = get_te32(&rp->r_offset);
-@@ -2562,14 +2574,26 @@ PackLinuxElf64::canPack()
-                         int z_rel = dt_table[Elf64_Dyn::DT_RELA];
-                         int z_rsz = dt_table[Elf64_Dyn::DT_RELASZ];
-                         if (z_rel && z_rsz) {
--                            unsigned rel_off = get_te64(&dynseg[-1+ z_rel].d_val);
-+                            upx_uint64_t rel_off = get_te64(&dynseg[-1+ z_rel].d_val);
-+                            if ((u64_t)file_size <= rel_off) {
-+                                char msg[70]; snprintf(msg, sizeof(msg),
-+                                     "bad Elf64_Dynamic[DT_RELA] %#llx\n",
-+                                     rel_off);
-+                                throwCantPack(msg);
-+                            }
-                             Elf64_Rela *rp = (Elf64_Rela *)&file_image[rel_off];
--                            unsigned relsz   = get_te64(&dynseg[-1+ z_rsz].d_val);
-+                            upx_uint64_t relsz   = get_te64(&dynseg[-1+ z_rsz].d_val);
-+                            if ((u64_t)file_size <= relsz) {
-+                                char msg[70]; snprintf(msg, sizeof(msg),
-+                                     "bad Elf64_Dynamic[DT_RELASZ] %#llx\n",
-+                                     relsz);
-+                                throwCantPack(msg);
-+                            }
-                             Elf64_Rela *last = (Elf64_Rela *)(relsz + (char *)rp);
-                             for (; rp < last; ++rp) {
--                                unsigned r_va = get_te64(&rp->r_offset);
-+                                upx_uint64_t r_va = get_te64(&rp->r_offset);
-                                 if (r_va == user_init_ava) { // found the Elf64_Rela
--                                    unsigned r_info = get_te64(&rp->r_info);
-+                                    upx_uint64_t r_info = get_te64(&rp->r_info);
-                                     unsigned r_type = ELF64_R_TYPE(r_info);
-                                     if (Elf64_Ehdr::EM_AARCH64 == e_machine
-                                     &&  R_AARCH64_RELATIVE == r_type) {
-@@ -2581,7 +2605,7 @@ PackLinuxElf64::canPack()
-                                     }
-                                     else {
-                                         char msg[50]; snprintf(msg, sizeof(msg),
--                                            "bad relocation %#x DT_INIT_ARRAY[0]",
-+                                            "bad relocation %#llx DT_INIT_ARRAY[0]",
-                                             r_info);
-                                         throwCantPack(msg);
-                                     }