gnu: unzip: Mitigate CVE-2018-1000035.

* gnu/packages/compression.scm (unzip)[replacement]: New field.
(unzip/fixed): New variable.
This commit is contained in:
Leo Famulari 2018-02-12 13:49:49 -05:00
parent ad5de226e7
commit 77737e0354
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08

View file

@ -5,7 +5,7 @@
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015, 2017, 2018 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
@ -1719,6 +1719,7 @@ (define-public zip
(define-public unzip
(package (inherit zip)
(name "unzip")
(replacement unzip/fixed)
(version "6.0")
(source
(origin
@ -1769,6 +1770,20 @@ (define-public unzip
(license (license:non-copyleft "file://LICENSE"
"See LICENSE in the distribution."))))
(define unzip/fixed
(package/inherit unzip
(arguments
(substitute-keyword-arguments (package-arguments unzip)
((#:phases phases)
`(modify-phases ,phases
(add-after 'unpack 'fortify
(lambda _
;; Mitigate CVE-2018-1000035, an exploitable buffer overflow.
;; This environment variable is recommended in 'unix/Makefile'
;; for passing flags to the C compiler.
(setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1")
#t))))))))
(define-public zziplib
(package
(name "zziplib")