diff options
Diffstat (limited to 'pkgs/tools/archivers/p7zip/default.nix')
-rw-r--r-- | pkgs/tools/archivers/p7zip/default.nix | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/pkgs/tools/archivers/p7zip/default.nix b/pkgs/tools/archivers/p7zip/default.nix index f44791ce021..d6ad699eaa8 100644 --- a/pkgs/tools/archivers/p7zip/default.nix +++ b/pkgs/tools/archivers/p7zip/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, fetchpatch, lib, enableUnfree ? false }: stdenv.mkDerivation rec { pname = "p7zip"; @@ -12,6 +12,16 @@ stdenv.mkDerivation rec { patches = [ ./12-CVE-2016-9296.patch ./13-CVE-2017-17969.patch + (fetchpatch { + name = "3-CVE-2018-5996.patch"; + url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/3-CVE-2018-5996.patch"; + sha256 = "1zivvkazmza0653i498ccp3zbpbpc7dvxl3zxwllbx41b6n589yp"; + }) + (fetchpatch { + name = "4-CVE-2018-10115.patch"; + url = "https://raw.githubusercontent.com/termux/termux-packages/master/packages/p7zip/4-CVE-2018-10115.patch"; + sha256 = "1cr7q8gnrk9yp6dcvxaqi1yhdbgp964nkv65ls41mw1kdfm44zn6"; + }) ]; # Default makefile is full of impurities on Darwin. The patch doesn't hurt Linux so I'm leaving it unconditional @@ -24,6 +34,11 @@ stdenv.mkDerivation rec { substituteInPlace makefile.machine \ --replace 'CC=gcc' 'CC=${stdenv.cc.targetPrefix}gcc' \ --replace 'CXX=g++' 'CXX=${stdenv.cc.targetPrefix}g++' + '' + lib.optionalString (!enableUnfree) '' + # Remove non-free RAR source code + # (see DOC/License.txt, https://fedoraproject.org/wiki/Licensing:Unrar) + rm -r CPP/7zip/Compress/Rar* + find . -name makefile'*' -exec sed -i '/Rar/d' {} + ''; preConfigure = '' @@ -42,9 +57,14 @@ stdenv.mkDerivation rec { meta = { homepage = "http://p7zip.sourceforge.net/"; description = "A port of the 7-zip archiver"; - # license = stdenv.lib.licenses.lgpl21Plus; + "unRAR restriction" platforms = stdenv.lib.platforms.unix; maintainers = [ stdenv.lib.maintainers.raskin ]; - license = stdenv.lib.licenses.lgpl2Plus; + knownVulnerabilities = [ + # p7zip is abandoned, according to this thread on its forums: + # https://sourceforge.net/p/p7zip/discussion/383043/thread/fa143cf2/#1817 + "p7zip is abandoned and may not receive important security fixes" + ]; + # RAR code is under non-free UnRAR license, but we remove it + license = if enableUnfree then lib.licenses.unfree else lib.licenses.lgpl2Plus; }; } |