> The researcher's advisory recommends building UnZip with FORTIFY_SOURCE
> to reduce the impact of the bug. The attached patch does that.
> + ;; Mitigate CVE-2018-1000035, an exploitable buffer
> + ;; This environment variable is recommended in
> + ;; for passing flags to the C compiler.
> + (setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1")
> + #t))))))))
This looks good to me. Thank you!
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC