;;; Copyright © 2015, 2016, 2017, 2018, 2020 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2017, 2018 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2020 Lars-Dominik Braun <lars@6xq.net>
+;;; Copyright © 2020, 2021 Lars-Dominik Braun <lars@6xq.net>
;;; Copyright © 2020 Guillaume Le Vaillant <glv@posteo.net>
;;; Copyright © 2020 Léo Le Bouter <lle-bout@zaclys.net>
;;; Copyright © 2021 Antoine Côté <antoine.cote@posteo.net>
tarballs.")
(license license:bsd-2)))
-(define-public bsdiff
- (package
- (name "bsdiff")
- (version "4.3")
- (home-page "https://www.daemonology.net/bsdiff/")
- (source (origin
- (method url-fetch)
- (uri (string-append home-page name "-" version ".tar.gz"))
- (sha256
- (base32
- "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq"))
- (patches (search-patches "bsdiff-CVE-2014-9862.patch"))))
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags (list "INSTALL=install"
- (string-append "CC=" ,(cc-for-target))
- (string-append "PREFIX=" (assoc-ref %outputs "out")))
- #:phases (modify-phases %standard-phases
- (delete 'configure)
- (add-before 'build 'fix-Makefile
- (lambda _
- (substitute* "Makefile"
- ;; Adjust syntax to make it compatible with GNU Make.
- (("^\\.") "")
- ;; Help install(1) create the target directory.
- (("\\$\\{PREFIX\\}") "-D -t ${PREFIX}"))
- #t)))
- #:tests? #f)) ;no tests
- (inputs
- `(("bzip2" ,bzip2)))
- (synopsis "Patch binary files")
- (description
- "@command{bsdiff} and @command{bspatch} are tools for building and
-applying patches to binary files. By using suffix sorting (specifically
-Larsson and Sadakane's @code{qsufsort}) and taking advantage of how
-executable files change, bsdiff routinely produces binary patches 50-80%
-smaller than those produced by @code{Xdelta}.")
- (license license:bsd-2)))
-
(define-public cabextract
(package
(name "cabextract")
`(#:test-target "test"
#:phases
(modify-phases %standard-phases
+ ;; Enable PIC, so it can be used in shared libraries.
+ (add-after 'unpack 'use-pic
+ (lambda _
+ (substitute* "Makefile"
+ (("CPPFLAGS = " all) (string-append all "-fPIC ")))
+ #t))
(delete 'configure)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
"v" version "/zstd-" version ".tar.gz"))
(sha256
(base32 "05ckxap00qvc0j51d3ci38150cxsw82w7s9zgd5fgzspnzmp1vsr"))))
- (replacement zstd-1.4.9)
+ (replacement zstd/fixed)
(build-system gnu-build-system)
(outputs '("out" ;1.2MiB executables and documentation
"lib" ;1.2MiB shared library and headers
license:public-domain ; zlibWrapper/examples/fitblk*
license:zlib)))) ; zlibWrapper/{gz*.c,gzguts.h}
-(define-public zstd-1.4.9
+(define zstd/fixed
(package
(inherit zstd)
- (name "zstd")
- (version "1.4.9")
(source
(origin
- (method url-fetch)
- (uri (string-append "https://github.com/facebook/zstd/releases/download/"
- "v" version "/zstd-" version ".tar.gz"))
- (sha256
- (base32 "14yj7309gsvg39rki4xqnd6w5idmqi0655v1fc0mk1m2kvhp9b19"))))))
+ (inherit (package-source zstd))
+ (patches
+ (search-patches
+ ;; From Ubuntu focal-security
+ "zstd-CVE-2021-24031_CVE-2021-24032.patch"))))))
(define-public pzstd
- (package
+ (package/inherit zstd
(name "pzstd")
- (version (package-version zstd))
- (source (package-source zstd))
- (build-system gnu-build-system)
+ (outputs '("out"))
(inputs
`(,@(if (%current-target-system)
`(("googletest" ,googletest))
"unzip-overflow-on-invalid-input.patch"
"unzip-format-secure.patch"
"unzip-overflow-long-fsize.patch"))))
+ (replacement unzip/fixed)
(build-system gnu-build-system)
;; no inputs; bzip2 is not supported, since not compiled with BZ_NO_STDIO
(arguments
(license (license:non-copyleft "file://LICENSE"
"See LICENSE in the distribution."))))
+(define unzip/fixed
+ (package
+ (inherit unzip)
+ (version "6.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/infozip"
+ "/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz"))
+ (sha256
+ (base32
+ "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"))
+ (patches (search-patches "unzip-CVE-2014-8139.patch"
+ "unzip-CVE-2014-8140.patch"
+ "unzip-CVE-2014-8141.patch"
+ "unzip-CVE-2014-9636.patch"
+ "unzip-CVE-2015-7696.patch"
+ "unzip-CVE-2015-7697.patch"
+ "unzip-allow-greater-hostver-values.patch"
+ "unzip-initialize-symlink-flag.patch"
+ "unzip-remove-build-date.patch"
+ "unzip-attribs-overflow.patch"
+ "unzip-overflow-on-invalid-input.patch"
+ "unzip-format-secure.patch"
+ "unzip-overflow-long-fsize.patch"
+
+ ;; From Fedora
+ "unzip-alt-iconv-utf8.patch"
+ "unzip-alt-iconv-utf8-print.patch"
+ "unzip-fix-recmatch.patch"
+ "unzip-case-insensitive.patch"
+ "unzip-close.patch"
+ "unzip-COVSCAN-fix-unterminated-string.patch"
+ "unzip-CVE-2016-9844.patch"
+ "unzip-CVE-2018-1000035.patch"
+ "unzip-CVE-2018-18384.patch"
+ "unzip-exec-shield.patch"
+ "unzip-manpage-fix.patch"
+ "unzip-overflow.patch"
+ "unzip-timestamp.patch"
+ "unzip-valgrind.patch"
+ "unzip-x-option.patch"
+ ;; CVE-2019-13232
+ "unzip-zipbomb-manpage.patch"
+ "unzip-zipbomb-part1.patch"
+ "unzip-zipbomb-part2.patch"
+ "unzip-zipbomb-part3.patch"
+
+ ;; https://github.com/madler/unzip/issues/2
+ "unzip-32bit-zipbomb-fix.patch"))))))
+
(define-public ziptime
(let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc")
(revision "0"))
(sha256
(base32
"0i6bpa2b13z19alm6ig80364dnin1w28cvif18k6wkkb0w3dzp8y"))))
- (arguments `())
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'install-compatibility-symlinks
+ (lambda* (#:key outputs #:allow-other-keys)
+ (with-directory-excursion
+ (string-append (assoc-ref outputs "out") "/lib")
+ (map (lambda (lib new-symlink)
+ (symlink lib new-symlink))
+ (list "libzzip.so.13" "libzzipfseeko.so.13"
+ "libzzipmmapped.so.13" "libzzipwrap.so.13")
+ (list "libzzip-0.so.13" "libzzipfseeko-0.so.13"
+ "libzzipmmapped-0.so.13" "libzzipwrap-0.so.13")))
+ #t)))))
(native-inputs
`(("python" ,python)
,@(alist-delete "python"
version "/upx-" version "-src.tar.xz"))
(sha256
(base32
- "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7"))))
+ "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7"))
+ (patches (search-patches "upx-CVE-2021-20285.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("perl" ,perl)))
HCoop / jackhill / guix / guix.git / blobdiff