aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/compression.scm
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2020-03-04 10:15:06 +0200
committerEfraim Flashner <efraim@flashner.co.il>2020-03-04 10:52:52 +0200
commit790b66e34fd81cdda246361303072065e6339c97 (patch)
tree5ce27aeeea0f79b91e3f0bcf4f77039cd3f6d842 /gnu/packages/compression.scm
parentcc51c03ff867d4633505354819c6d88af88bf919 (diff)
downloadguix-790b66e34fd81cdda246361303072065e6339c97.tar
guix-790b66e34fd81cdda246361303072065e6339c97.tar.gz
gnu: zziplib: Fix CVE-2018-16548.
* gnu/packages/compression.scm (zziplib)[replacement]: New field. (zziplib/fixed): New private variable. * gnu/packages/patches/zziplib-CVE-2018-16548.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r--gnu/packages/compression.scm8
1 files changed, 8 insertions, 0 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ee10bd03ce..6463b50735 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1584,6 +1584,7 @@ recreates the stored directory structure by default.")
(package
(name "zziplib")
(version "0.13.69")
+ (replacement zziplib/fixed)
(home-page "https://github.com/gdraheim/zziplib")
(source (origin
(method git-fetch)
@@ -1621,6 +1622,13 @@ recreates the stored directory structure by default.")
;; files carry the Zlib license; see "docs/copying.html" for details.
(license (list license:lgpl2.0+ license:mpl1.1))))
+(define zziplib/fixed
+ (package
+ (inherit zziplib)
+ (source (origin
+ (inherit (package-source zziplib))
+ (patches (search-patches "zziplib-CVE-2018-16548.patch"))))))
+
(define-public libzip
(package
(name "libzip")