1 files changed, 11 insertions, 23 deletions

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 30db84e167..024a017c97 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1908,15 +1908,14 @@ decompression is a little bit slower.")
 (define-public upx
   (package
     (name "upx")
-    (version "3.94")
+    (version "3.96")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/upx/upx/releases/download/v"
-                                 version "/" name "-" version "-src.tar.xz"))
+                                 version "/upx-" version "-src.tar.xz"))
              (sha256
               (base32
-               "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1"))
-             (patches (search-patches "upx-fix-CVE-2017-15056.patch"))))
+               "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("perl" ,perl)))
@@ -1925,36 +1924,25 @@ decompression is a little bit slower.")
        ("zlib" ,zlib)))
     (arguments
      `(#:make-flags
-       (list "all"
-             ;; CHECK_WHITESPACE does not seem to work.
-             ;; See https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/upx.
-             "CHECK_WHITESPACE=true")
+       (list "all")
        #:phases
        (modify-phases %standard-phases
-         (delete 'configure)
-         (delete 'check)
-         (delete 'install)
+         (delete 'configure)            ; no configure script
+         (delete 'check)                ; no test suite
          (add-before 'build 'patch-exec-bin-sh
            (lambda _
-             (substitute* (find-files "Makefile")
-               (("/bin/sh") (which "sh")))
-             (substitute* "src/Makefile"
+             (substitute* (list "Makefile"
+                                "src/Makefile")
                (("/bin/sh") (which "sh")))
              #t))
-         (add-after 'build 'install-upx
+         (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
-                   (bin (string-append out "/bin")))
+                    (bin (string-append out "/bin")))
                (mkdir-p bin)
                (copy-file "src/upx.out" (string-append bin "/upx")))
-             #t))
-         )))
+             #t)))))
     (home-page "https://upx.github.io/")
-    ;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix.
-    ;; See https://github.com/upx/upx/issues/146 and
-    ;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869.
-    ;; The issue will be fixed after version 3.94.
-    (properties `((lint-hidden-cve . ("CVE-2017-16869"))))
     (synopsis "Compression tool for executables")
     (description
      "The Ultimate Packer for eXecutables (UPX) is an executable file