Commit graph

515 commits

Author SHA1 Message Date
Daniel Frank
aa80b4780d
p7zip: mark as insecure 2020-05-01 14:26:21 +02:00
Daniel Frank
dd16c3944c
p7zip: fix two CVEs 2020-05-01 14:26:18 +02:00
adisbladis
955e235da3
p7zip: Make unfree features (rar support) optional 2020-04-22 16:06:50 +01:00
Emily
95f82e2a45 p7zip: remove non-free RAR support
7-Zip's RAR implementation is built on the non-free UnRAR source code;
DOC/License.txt says:

      Licenses for files are:
    
        1) CPP/7zip/Compress/Rar* files:  GNU LGPL + unRAR restriction
        2) All other files:  GNU LGPL
    
      The GNU LGPL + unRAR restriction means that you must follow both 
      GNU LGPL rules and unRAR restriction rules.
    
    ...
    
      unRAR restriction
      -----------------
    
        The decompression engine for RAR archives was developed using source 
        code of unRAR program.
        All copyrights to original unRAR code are owned by Alexander Roshal.
    
        The license for original unRAR code has the following restriction:
    
        The unRAR sources cannot be used to re-create the RAR compression algorithm, 
        which is proprietary. Distribution of modified unRAR sources in separate form 
        or as a part of other software is permitted, provided that it is clearly
        stated in the documentation and source comments that the code may
        not be used to develop a RAR (WinRAR) compatible archiver.

The unrar licensing is [infamously restrictive and non-free][fedora];
it's inappropriate for us to keep the RAR support while labelling the
package as free software (and indeed there's a commented-out line
pointing out that the current `meta.license` is false). Unfortunately,
the 7-Zip upstream seems uninterested in replacing the code with a
freely-licensed alternative (see [7-Zip ticket ][7zip]).

[fedora]: https://fedoraproject.org/wiki/Licensing:Unrar
[7zip]: https://sourceforge.net/p/sevenzip/feature-requests/1229/

An alternative solution would be to mark the p7zip package as non-free
instead; I decided not to because its other functionality (especially
`.7z` support) is freely-licensed and useful, and there are free
software alternatives for extracting RAR files (e.g. in nixpkgs there's
`archiver`, which is written in a memory-safe language, and `unar`,
which at least doesn't have two patches for CVEs that haven't been
addressed upstream...).

I checked that `7z(1)` fails gracefully on `.rar` files now:
    
    emily@renko ~/tmp> curl -L -O https://www.philippwinterberg.com/download/example.rar
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 5715k  100 5715k    0     0  6716k      0 --:--:-- --:--:-- --:--:-- 6716k
    emily@renko ~/tmp> 7z x example.rar
    
    7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
    p7zip Version 16.02 (locale=en_CA.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
    
    Scanning the drive for archives:
    1 file, 5853119 bytes (5716 KiB)
    
    Extracting archive: example.rar
    ERROR: example.rar
    Can not open the file as archive
    
        
    Can't open as archive: 1
    Files: 0
    Size:       0
    Compressed: 0
2020-04-22 15:01:48 +00:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM
233165ad0f unrar: 5.9.1 -> 5.9.2 2020-04-07 21:36:22 +00:00
Vladimír Čunát
48a997cd76
Merge : glibc: 2.27 -> 2.30 (into staging)
Includes update of stdenv bootstap tools (for three main platforms)
and many package fixes with new glibc.
2020-02-05 13:41:09 +01:00
R. RyanTM
a91faae4a6 unrar: 5.8.5 -> 5.9.1 2020-02-04 19:51:34 +00:00
Maximilian Bosch
6b0cd9ad47
Merge branch 'staging' into glibc230
Conflicts:
	pkgs/applications/misc/vit/default.nix
2020-01-28 14:54:51 +01:00
Silvan Mosberger
80a2740991
Merge pull request from Synthetica9/https-homepages
treewide: fix redirected urls
2020-01-27 15:00:53 +01:00
Michael Weiss
983f39cdab
unrar: Install all C++ header files into the "dev" output
This is e.g. required for the rar2fs build [0], which needs at least
version.hpp, rar.hpp, dllext.hpp, dll.hpp, and headers5.hpp.

At least Gentoo does this as well [1] but most other distributions only
install dll.hpp or no header files at all.

[0]: https://github.com/NixOS/nixpkgs/pull/78189
[1]: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-arch/unrar/unrar-5.8.5.ebuild
2020-01-23 21:16:38 +01:00
Patrick Hilhorst
593e11fd94
treewide: fix redirected urls
According to https://repology.org/repository/nix_unstable/problems, we have a
lot of packages that have http links that redirect to https as their homepage.
This commit updates all these packages to use the https links as their
homepage.

The following script was used to make these updates:

```

curl https://repology.org/api/v1/repository/nix_unstable/problems \
    | jq '.[] | .problem' -r \
    | rg 'Homepage link "(.+)" is a permanent redirect to "(.+)" and should be updated' --replace 's@$1@$2@' \
    | sort | uniq > script.sed

find -name '*.nix' | xargs -P4 -- sed -f script.sed -i
```
2020-01-22 11:26:22 +01:00
Luka Blaskovic
89590eb7bf sharutils: fix build with glibc>=2.28 2020-01-14 08:26:59 +00:00
Robin Gloster
2157dcd141
treewide: installFlags is a list 2019-12-30 13:22:43 +01:00
Merijn Broeren
133103d709
treewide: replace make/build/configure/patchFlags with nix lists 2019-12-30 12:58:11 +01:00
Robin Gloster
76b774e89a
zip: *Flags are lists 2019-12-30 11:13:42 +01:00
Robin Gloster
e49f0d4985
unzip: *Flags are lists 2019-12-30 11:13:42 +01:00
Nathan
b0caf68bff
maintainer-list.nix: remove ndowens 2019-12-26 16:47:41 -05:00
R. RyanTM
cb90c9da24 unrar: 5.8.4 -> 5.8.5 2019-12-24 13:51:50 -08:00
R. RyanTM
a1937011b2 unrar: 5.8.3 -> 5.8.4 2019-11-29 22:32:18 +01:00
Frederik Rietdijk
be7125dde7 Merge master into staging-next 2019-11-16 11:45:07 +01:00
c0bw3b
9367367dfd Treewide: fix URL permanent redirects
Permanent redirects on homepages and/or source URLs
as reported by Repology
2019-11-16 01:41:23 +01:00
Lancelot SIX
fe758f5fa3 cpio: 2.12 -> 2.13
See https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html
for release information.

Fixes CVE-2019-14866
2019-11-12 14:46:08 +01:00
Vladimír Čunát
802c81efa4
Merge : unzip: CVE-2019-13232 (into staging) 2019-11-09 15:29:58 +01:00
R. RyanTM
a6294b53b7 unrar: 5.8.2 -> 5.8.3 2019-11-03 10:02:50 +01:00
R. RyanTM
b78db667d2 unrar: 5.8.1 -> 5.8.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unrar/versions
2019-10-24 08:56:18 -07:00
Doron Behar
a7077637f9
snzip: init at 1.0.4 2019-10-21 16:10:47 +02:00
Thorsten Weber
4d33b41d3d unzip: CVE-2019-13232 2019-10-20 21:03:49 +02:00
Jan Tojnar
b3fcd9375d
Merge branch 'master' into staging-next 2019-10-03 01:47:08 +02:00
R. RyanTM
d33e497b1b unrar: 5.7.5 -> 5.8.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unrar/versions
2019-10-02 23:52:53 +02:00
Frederik Rietdijk
503081fa5b Merge staging into staging-next 2019-09-29 11:05:22 +02:00
R. RyanTM
5c5dfc3727 innoextract: 1.7 -> 1.8
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/innoextract/versions
2019-09-26 15:27:40 -07:00
worldofpeace
b0c2aea20b
treewide: drop adding hicolor-icon-theme where possible
This was either for the setup-hook to remove caches or added
even though the respective icon theme propagated it.
2019-09-18 22:47:26 +02:00
volth
7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Jan Tojnar
72e7d569a7
tree-wide: s/GTK+/GTK/g
GTK was renamed.
2019-09-06 02:54:53 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth
c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
volth
46420bbaa3 treewide: name -> pname (easy cases) ()
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
marius851000
4b594c3d8f ctrtool: 0.15 -> 0.16 2019-08-08 17:23:14 +02:00
adisbladis
eaafd840bf
Revert "unzip: CVE-2019-13232"
This reverts commit 0238946872.

This patch broke a number of legitimate zips in the wild, including but
not limited to most luarocks and a number of gradle-produced JARs.
2019-07-25 22:07:06 +01:00
Marek Mahut
0238946872 unzip: CVE-2019-13232 2019-07-17 10:15:08 +02:00
Jonathan Ringer
841893119d zpaq: fix version and pull from github 2019-07-11 09:48:39 +02:00
worldofpeace
cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Profpatsch
7251830bf1 unp: remove unfree unrar from the default backend list
`unrar` is unfree, meaning `unp` cannot be built by default if `unrar`
is in its dependencies.

A simple

  env NIXPKGS_ALLOW_UNFREE=1 nix-shell -p unrar

will make `unp` work with .rar files.
2019-06-24 16:18:23 +02:00
Profpatsch
7bc2aaff0e unp: improve file copying & fix manpage 2019-06-24 16:18:23 +02:00
Will Dietz
acb3ace5c9
xarchiver: 0.5.4.12 -> 0.5.4.14
Changelog seems only at the level of 5.4.x:

https://github.com/ib/xarchiver/blob/0.5.4.14/ChangeLog

Commits from 0.5.4.12 to 0.5.4.14:

https://github.com/ib/xarchiver/compare/0.5.4.12...0.5.4.14
2019-05-29 02:50:30 -05:00
Matthew Bauer
b73d7705cc
Merge pull request from marius851000/ndstool
ndstool: init at 2.1.2
2019-05-27 21:52:52 -04:00
marius851000
1ac6fa55a3 ndstool: init at 2.1.2 2019-05-27 17:03:58 +02:00
Andreas Rammhold
2b8b71ea66
Merge pull request from r-ryantm/auto-update/wimlib
wimlib: 1.13.0 -> 1.13.1
2019-05-24 20:09:11 +02:00