From e5da2f38c3ca8d4626c1b87e045d00d28c1bf4d0 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 30 Dec 2014 14:46:21 -0500
Subject: gnu: unzip: Add fixes for CVE-2014-{8139,8140,8141}.

* gnu/packages/patches/unzip-CVE-2014-8139.patch,
  gnu/packages/patches/unzip-CVE-2014-8140.patch,
  gnu/packages/patches/unzip-CVE-2014-8141.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (unzip): Add patches.
---
 gnu/packages/zip.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/zip.scm')

diff --git a/gnu/packages/zip.scm b/gnu/packages/zip.scm
index 29ab555ae4..230907becb 100644
--- a/gnu/packages/zip.scm
+++ b/gnu/packages/zip.scm
@@ -79,7 +79,10 @@ Compression ratios of 2:1 to 3:1 are common for text files.")
       (uri (string-append "mirror://sourceforge/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz"))
       (sha256
        (base32
-        "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"))))
+        "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"))
+      (patches (list (search-patch "unzip-CVE-2014-8139.patch")
+                     (search-patch "unzip-CVE-2014-8140.patch")
+                     (search-patch "unzip-CVE-2014-8141.patch")))))
     (build-system gnu-build-system)
     ;; no inputs; bzip2 is not supported, since not compiled with BZ_NO_STDIO
     (arguments
-- 
cgit v1.2.3