From 5e009a88746bf3c20b29626a8671055c47a42bd0 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Mon, 8 Aug 2022 19:13:07 +0300
Subject: gnu: unzip: Patch for CVE-2022-0529 and CVE-2022-0530.

* gnu/packages/compression.scm (unzip)[replacement]: New field.
(unzip/fixed): New variable.
* gnu/packages/patches/unzip-CVE-2022-0529+CVE-2022-0530.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/packages/compression.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index e5bc3813c5..6854bcafe4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1768,6 +1768,7 @@ Compression ratios of 2:1 to 3:1 are common for text files.")
   (package (inherit zip)
     (name "unzip")
     (version "6.0")
+    (replacement unzip/fixed)
     (source
      (origin
        (method url-fetch)
@@ -1850,6 +1851,15 @@ recreates the stored directory structure by default.")
     (license (license:non-copyleft "file://LICENSE"
                                    "See LICENSE in the distribution."))))
 
+(define unzip/fixed
+  (package (inherit unzip)
+    (source
+     (origin
+       (inherit (package-source unzip))
+       (patches (append
+                  (origin-patches (package-source unzip))
+                  (search-patches "unzip-CVE-2022-0529+CVE-2022-0530.patch")))))))
+
 (define-public ziptime
   (let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc")
         (revision "0"))
-- 
cgit v1.2.3