Commit Graph

34 Commits

Author SHA1 Message Date
Martin Weinelt
e24f5eab66
treewide: add CVE identifiers to patches
This allows tools like broken.sh to correctly identify the patched
status.
2020-05-06 23:18:09 +02:00
Daniel Frank
aa80b4780d
p7zip: mark as insecure 2020-05-01 14:26:21 +02:00
Daniel Frank
dd16c3944c
p7zip: fix two CVEs 2020-05-01 14:26:18 +02:00
adisbladis
955e235da3
p7zip: Make unfree features (rar support) optional 2020-04-22 16:06:50 +01:00
Emily
95f82e2a45 p7zip: remove non-free RAR support
7-Zip's RAR implementation is built on the non-free UnRAR source code;
DOC/License.txt says:

      Licenses for files are:
    
        1) CPP/7zip/Compress/Rar* files:  GNU LGPL + unRAR restriction
        2) All other files:  GNU LGPL
    
      The GNU LGPL + unRAR restriction means that you must follow both 
      GNU LGPL rules and unRAR restriction rules.
    
    ...
    
      unRAR restriction
      -----------------
    
        The decompression engine for RAR archives was developed using source 
        code of unRAR program.
        All copyrights to original unRAR code are owned by Alexander Roshal.
    
        The license for original unRAR code has the following restriction:
    
        The unRAR sources cannot be used to re-create the RAR compression algorithm, 
        which is proprietary. Distribution of modified unRAR sources in separate form 
        or as a part of other software is permitted, provided that it is clearly
        stated in the documentation and source comments that the code may
        not be used to develop a RAR (WinRAR) compatible archiver.

The unrar licensing is [infamously restrictive and non-free][fedora];
it's inappropriate for us to keep the RAR support while labelling the
package as free software (and indeed there's a commented-out line
pointing out that the current `meta.license` is false). Unfortunately,
the 7-Zip upstream seems uninterested in replacing the code with a
freely-licensed alternative (see [7-Zip ticket #1229][7zip]).

[fedora]: https://fedoraproject.org/wiki/Licensing:Unrar
[7zip]: https://sourceforge.net/p/sevenzip/feature-requests/1229/

An alternative solution would be to mark the p7zip package as non-free
instead; I decided not to because its other functionality (especially
`.7z` support) is freely-licensed and useful, and there are free
software alternatives for extracting RAR files (e.g. in nixpkgs there's
`archiver`, which is written in a memory-safe language, and `unar`,
which at least doesn't have two patches for CVEs that haven't been
addressed upstream...).

I checked that `7z(1)` fails gracefully on `.rar` files now:
    
    emily@renko ~/tmp> curl -L -O https://www.philippwinterberg.com/download/example.rar
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 5715k  100 5715k    0     0  6716k      0 --:--:-- --:--:-- --:--:-- 6716k
    emily@renko ~/tmp> 7z x example.rar
    
    7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
    p7zip Version 16.02 (locale=en_CA.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
    
    Scanning the drive for archives:
    1 file, 5853119 bytes (5716 KiB)
    
    Extracting archive: example.rar
    ERROR: example.rar
    Can not open the file as archive
    
        
    Can't open as archive: 1
    Files: 0
    Size:       0
    Compressed: 0
2020-04-22 15:01:48 +00:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Matthew Bauer
74c784a79c treewide: make -Wno-error flags clang-only
In 724e833ea2a, I was a little too aggressive in enabling these flags.
Many don’t work in gcc, and we should probably avoid settings them
widely. This makes those flags optional on isclang
2019-04-29 21:34:24 -04:00
Matthew Bauer
724e833ea2 treewide: disable -Werror for llvm 7
Some of these have errors on newest llvm. It’s easiest to just add
-Wno-error in these cases.
2019-04-26 21:55:04 -04:00
volth
fbeeed1c5c
p7zip: fix cross-compilation 2018-10-12 12:36:48 +00:00
Benjamin Hipple
0c119682ce p7zip: vendor debian patches
A few months ago I moved these patches to the new debian alsa instance [1], but
it looks like their `sha256`s on the tag at the remote have changed again.

It doesn't appear that debian's source remote is stable in the way we need it to
be; let's just vendor the patches to avoid future issues.

[1] https://github.com/NixOS/nixpkgs/pull/41769
2018-08-16 01:52:30 +00:00
Pascal Wittmann
76ce4751d0
p7zip: add license
see issue #43716
2018-08-09 12:41:06 +02:00
Benjamin Hipple
e20abf829a p7zip: fix src URL for debian gitlab move (#41769)
Another broken URL related to: https://github.com/NixOS/nixpkgs/issues/39927

Note that the patch file has legitimately changed, because ~4 months ago Debian
replaced their CVE security fix with a newer version that fixes some additional
bugs: d6fd3b3734
2018-06-09 23:08:59 +00:00
Franz Pletz
eaaca14c30
p7zip: add patch to fix CVE-2017-17969 2018-01-29 10:54:45 +01:00
Vladimír Čunát
6cad339a0e
p7zip: add commit ID to the patch
We still do mirror the patch (I think), as `nix-build -Q -A p7zip.patches`
downloaded it on my machine.  I verified that only the diff headers differ;
it's still better to have another working download and Fedora's URLs are
less likely to disappear than Debian's.
/cc #27075.
2017-07-03 08:19:20 +02:00
es_github
674e46d643 p7zip: Update CVE-2016-9296 patch URL.
The debian source for this patch file has gone away, rendering this derivation
unbuildable from scratch.
This change updates the URL to a src.fedoraproject.org location that is still
serving a p7zip patch. This file is not the same bytewise, so I'm also updating
the hash; I didn't manage to find a location still serving a file with the
original hash, and my best guess is that this one is functionally equivalent.
2017-07-03 02:58:38 +01:00
Dan Peebles
9ae3f39e8e p7zip: fix purity on Darwin
This should (I hope) get Hydra to build it. Fixes #24714
2017-04-07 16:51:23 -04:00
Nikolay Amiantov
0063c8acb4 p7zip: add setup hook 2016-12-17 15:33:12 +03:00
Rob Vermaas
0a90a53441 Fix hash for p7zip patch (seems fetchurl hash was added, while fetch-patch function is used.
(cherry picked from commit 38b1bd9e729485d418f20c43c275c2856837f8cf)
2016-12-09 07:59:25 +00:00
Graham Christensen
0683c1a35c
p7zip: patch for CVE-2016-9296 2016-12-07 19:38:50 -05:00
Miguel Madrid
c09338d037 p7zip: 15.14.1 -> 16.02 (#17025) 2016-07-19 09:25:35 +02:00
Chris Jefferson
ac2625e3b1 p7zip: Fix darwin build 2016-05-26 09:59:55 +01:00
Marius Bakke
5d15c0f5fd p7zip: 9.38 -> 15.14.1 2016-04-09 14:05:23 +01:00
Vladimír Čunát
d3b25752f1 p7zip: small update to fix CVE-2015-1038 2015-02-12 20:51:26 +01:00
Michael Raskin
bc5f55cc91 Adopt a few packages 2014-11-05 11:56:19 +03:00
Mateusz Kowalczyk
7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Jason "Don" O'Conal
e822cc9c44 p7zip: fix build on darwin 2013-08-15 13:53:43 +10:00
Eelco Dolstra
d9c01ef51d p7zip: Update to 9.20.1 2012-10-05 16:06:35 -04:00
Eelco Dolstra
ca716d5bc7 * p7zip updated to 9.13. Also build 7z and 7zr.
svn path=/nixpkgs/trunk/; revision=23016
2010-08-06 22:26:25 +00:00
Eelco Dolstra
1608964306 svn path=/nixpkgs/trunk/; revision=17689 2009-10-07 11:29:23 +00:00
Eelco Dolstra
8cb83682c4 * p7zip updated to 9.04.
svn path=/nixpkgs/trunk/; revision=17688
2009-10-07 11:28:35 +00:00
Eelco Dolstra
bf95691d1c svn path=/nixpkgs/trunk/; revision=10514 2008-02-06 14:19:58 +00:00
Eelco Dolstra
a1022416c5 * Latest unstable Nix.
svn path=/nixpkgs/trunk/; revision=9274
2007-09-06 20:45:36 +00:00
Eelco Dolstra
af7da7f19d * Added p7zip for decompressing 7-zip archives.
svn path=/nixpkgs/trunk/; revision=9248
2007-09-04 11:55:19 +00:00