gnu: unzip: Fix CVE-2014-9636 and some other bugs.

* gnu/packages/patches/unzip-CVE-2014-9636.patch, gnu/packages/patches/unzip-allow-greater-hostver-values.patch, gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch, gnu/packages/patches/unzip-initialize-symlink-flag.patch, gnu/packages/patches/unzip-remove-build-date.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/zip.scm (unzip)[source]: Add patches. [arguments]: Use 'modify-phases'. Remove custom 'configure' phase; pass additional make-flags instead. Add custom 'build' phase that builds "generic_gcc" target; remove "generic_gcc" from make-flags.
2025-10-02 02:15:12 +00:00 · 2015-07-15 22:55:26 -04:00 · 2015-07-15 22:55:26 -04:00 · 385ae063c9
commit 385ae063c9
parent 368474150b
7 changed files with 142 additions and 15 deletions
--- a/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
+++ b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
@ -0,0 +1,16 @@
+Copied from Debian.
+
+From: Santiago Vila <sanvila@debian.org>
+Subject: zipinfo.c: Do not crash when hostver byte is >= 100
+
+--- a/zipinfo.c
+++ b/zipinfo.c
+@@ -2114,7 +2114,7 @@
+             else
+                 attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-';  /* T==undefined */
+ 
+-            sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10);
+            sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10);
+             break;
+ 
+     } /* end switch (hostnum: external attributes format) */