gnu: unzip: Fix CVE-2014-9636 and some other bugs.

* gnu/packages/patches/unzip-CVE-2014-9636.patch,
  gnu/packages/patches/unzip-allow-greater-hostver-values.patch,
  gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch,
  gnu/packages/patches/unzip-initialize-symlink-flag.patch,
  gnu/packages/patches/unzip-remove-build-date.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (unzip)[source]: Add patches.
  [arguments]: Use 'modify-phases'.  Remove custom 'configure' phase; pass
  additional make-flags instead.  Add custom 'build' phase that builds
  "generic_gcc" target; remove "generic_gcc" from make-flags.

1 files changed, 16 insertions, 0 deletions

diff --git a/gnu/packages/patches/unzip-allow-greater-hostver-values.patch b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
new file mode 100644
index 0000000000..d98937f1cb
--- /dev/null
+++ b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch
@@ -0,0 +1,16 @@
+Copied from Debian.
+
+From: Santiago Vila <sanvila@debian.org>
+Subject: zipinfo.c: Do not crash when hostver byte is >= 100
+
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -2114,7 +2114,7 @@
+             else
+                 attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-';  /* T==undefined */
+ 
+-            sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10);
++            sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10);
+             break;
+ 
+     } /* end switch (hostnum: external attributes format) */