From 4e9eaa43e19ff8fe02c02589d0ea42b88ce67c87 Mon Sep 17 00:00:00 2001 From: Leo Famulari
Date: Mon, 12 Feb 2018 13:49:49 -0500 Subject: [PATCH] gnu: unzip: Mitigate CVE-2018-1000035. * gnu/packages/compression.scm (unzip)[replacement]: New field. (unzip/fixed): New variable. --- gnu/packages/compression.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 3a0e27945..9983ee129 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer ;;; Copyright © 2015, 2016 Eric Bavier ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus -;;; Copyright © 2015, 2017 Leo Famulari +;;; Copyright © 2015, 2017, 2018 Leo Famulari ;;; Copyright © 2015 Jeff Mickey ;;; Copyright © 2015, 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Ben Woodcroft @@ -1719,6 +1719,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.") (define-public unzip (package (inherit zip) (name "unzip") + (replacement unzip/fixed) (version "6.0") (source (origin @@ -1769,6 +1770,20 @@ recreates the stored directory structure by default.") (license (license:non-copyleft "file://LICENSE" "See LICENSE in the distribution.")))) +(define unzip/fixed + (package/inherit unzip + (arguments + (substitute-keyword-arguments (package-arguments unzip) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'unpack 'fortify + (lambda _ + ;; Mitigate CVE-2018-1000035, an exploitable buffer overflow. + ;; This environment variable is recommended in 'unix/Makefile' + ;; for passing flags to the C compiler. + (setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1") + #t)))))))) + (define-public zziplib (package (name "zziplib") -- 2.16.1