diff options
author | Pierre Neidhardt <ambrevar@gmail.com> | 2018-06-16 16:54:53 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2018-06-17 01:40:13 +0200 |
commit | a14de83213a8d4fe6befced5a3dcf05e40fe4513 (patch) | |
tree | ede1ffa1fb873c137b3dedee2996b03775a2dc03 /gnu/packages/compression.scm | |
parent | ed2ae0dc7f44d884ed1329cba457f5479cafd2ba (diff) | |
download | patches-a14de83213a8d4fe6befced5a3dcf05e40fe4513.tar patches-a14de83213a8d4fe6befced5a3dcf05e40fe4513.tar.gz |
gnu: upx: Fix CVE-2017-15056.
* gnu/packages/patches/upx-protect-against-bad-crafted-input.patch: New file.
* gnu/packages/compression.scm (upx)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r-- | gnu/packages/compression.scm | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 8f062049a6..9cb0917dae 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -2209,7 +2209,8 @@ decompression is a little bit slower.") version "/" name "-" version "-src.tar.xz")) (sha256 (base32 - "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1")))) + "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1")) + (patches (search-patches "upx-fix-CVE-2017-15056.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) ("ucl" ,ucl))) @@ -2241,6 +2242,11 @@ decompression is a little bit slower.") #t)) ))) (home-page "https://upx.github.io/") + ;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix. + ;; See https://github.com/upx/upx/issues/146 and + ;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869. + ;; The issue will be fixed after version 3.94. + (properties `((lint-hidden-cve . ("CVE-2017-16869")))) (synopsis "Compression tool for executables") (description "The Ultimate Packer for eXecutables (UPX) is an executable file |