main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466

fixes #2824 (cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1) Conflicts: main/a2ps/APKBUILD
author: Natanael Copa <ncopa@alpinelinux.org> 2014-04-18 08:20:52 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2014-04-18 09:30:11 +0000
commit: 5290aa6bd3d877fe9f42553936e6d5be623c469d (patch)
tree: 93e7695c11694834d2c19573eae30d64836ca53b
parent: 85615dea1a3118f880f0f6670b8d0869cf08a167 (diff)
download: aports-5290aa6bd3d877fe9f42553936e6d5be623c469d.tar.bz2
aports-5290aa6bd3d877fe9f42553936e6d5be623c469d.tar.xz
3 files changed, 121 insertions, 2 deletions
diff --git a/main/a2ps/APKBUILD b/main/a2ps/APKBUILD
index d5bb45a582..449f8cebf3 100644
--- a/main/a2ps/APKBUILD
+++ b/main/a2ps/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=a2ps
 pkgver=4.14
-pkgrel=4
+pkgrel=5
 pkgdesc="a2ps is an Any to PostScript filter"
 url="http://www.gnu.org/software/a2ps/"
 arch="all"
@@ -18,6 +18,8 @@ source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
 	$pkgname-$pkgver-fix-stpcpy-proto.patch
 	a2ps-automake-1.12.patch
 	automake.patch
+	CVE-2001-1593.patch
+	CVE-2014-0466.patch
 	"
 
 prepare() {
@@ -56,4 +58,26 @@ md5sums="781ac3d9b213fa3e1ed0d79f986dc8c7  a2ps-4.14.tar.gz
 42aa39b74f6da8cf6e94185c4fc3e601  a2ps-4.14-check-mempcpy.patch
 4b4fbc19a6b79fa64df7e26945fcdcf9  a2ps-4.14-fix-stpcpy-proto.patch
 72e8f0a6cd234945df92549d8a5451f8  a2ps-automake-1.12.patch
-868217fde7f9a4c1350c99431b0c1671  automake.patch"
+868217fde7f9a4c1350c99431b0c1671  automake.patch
+fa3c5f09f47619fbee347256e940fcce  CVE-2001-1593.patch
+f1c0a955f604ccf7d592b92d67c7d255  CVE-2014-0466.patch"
+sha256sums="f3ae8d3d4564a41b6e2a21f237d2f2b104f48108591e8b83497500182a3ab3a4  a2ps-4.14.tar.gz
+5d1b8a8791fa2a36c23f43ef153a724cce1f8eec8fb92ab886f52fae7f8f3be3  a2ps-4.13c-fnmatch-replacement.patch
+943739a788db47f10942477754f42c8c9b22cdaad4463bea4103c31a330de76a  a2ps-4.13c-emacs.patch
+032c4698c1dabb1a72978b9aefef7a8895098fb5a7e46e81d861fedfef3b11ab  a2ps-4.13-manpage-chmod.patch
+7ec2164888d1621a8406d431ed3accd137ec8f92e0ca885175bc1c17010519a1  a2ps-4.14-check-mempcpy.patch
+547a50e7bd577222fac71ce1ab7fd25db2096a8874ae667bd09e118fb39bf5a9  a2ps-4.14-fix-stpcpy-proto.patch
+167a4639b008c123b54fe627a6fcbb1db12c37023f5c37a9994f2eeb212b1d55  a2ps-automake-1.12.patch
+ded40b73e44729ebf3cf4777eaea92915dde0429ab8a137ca53358333474f515  automake.patch
+fbfeb3d421e81540839e25f7a3efdab977e86e3c5748442eefe4560c85816a12  CVE-2001-1593.patch
+458601076b6e3cc241d121602cc455d2d3ae5fce47eeb57dd56c9acb9995db02  CVE-2014-0466.patch"
+sha512sums="fd6ac8ab47d789114c283e8ca508f7f56feabd1a189f4ac772cad9e6be7e3791e210892cfffd04ad1d39efe4b15386b2e61bf4cd56b70ed581c0554f36bfe06f  a2ps-4.14.tar.gz
+5509ae1277ff1f1f487fb106ed6673eb67fa7d1531a35bfa087f78a0bdb4dc0bf38c69b7fab95161a19406fc1acaef09b22b8a05ef603c6d43a8d7a8c3077b56  a2ps-4.13c-fnmatch-replacement.patch
+0ef1a215ecb757e249c4d4bdf9a789419c6cd433f7e330783fef13a0158c57c5c5e6a22526d8abcca0919bdb1dc08337869fdd3f0fe192284ca087eafad322a3  a2ps-4.13c-emacs.patch
+f3dc2698ee989928b3179b65b01bf12d828f4428bd860f6f1a3811daaa9d6256b353c2acb5cd4bf392dd89b040f8e9c15420ab4373f3d54b8b60652aaf23f864  a2ps-4.13-manpage-chmod.patch
+6835f5e9205cb549da52c4a3c13aad601c9e9d294f0f35ebe4d8cc6f8bd8b5f6fe77b857f8c92f552a43c02eb6de812021c078ce597c319bde176f0e91cd167b  a2ps-4.14-check-mempcpy.patch
+605385c355b15f2f8142b4a05390ce131d3f2b7a8d56bf37b70457db64c0ce458778daf05ef015c9059482483907a629f12d210bcaa91cc007af4f708b66b765  a2ps-4.14-fix-stpcpy-proto.patch
+422dba4b43fb14d68263361dd917a866a9ff033d4a5f60faf668385b80093f7f3f6025de149810f9287790acc07ed5f5feb15c7b23ff083ab74eb21c22bf0f05  a2ps-automake-1.12.patch
+4336ad6b40ecfd16ac01304a4d27b7715e5c19ef3777b57f0ea152fa1a57db476605c330b5c0091dfbf95705e4345806c8393e6c3f3e89d528bd94cc91a9beb9  automake.patch
+22b9e23d74a914a3332615b911c655cf5e63ce445073e2cd7faa353c16b3e9c813cc4f3b20db68795f09da8b5a8952effe4727e6d1a429699ad66487bd2cab32  CVE-2001-1593.patch
+1816c8c98c8902801c5376ed86821b60d67c18fe9f5534936e3fa9ffaae01f1b1f5b4cf84fa176ba30ee7350737fffa3c2e4b60cf03cb9e64bc93487a6448bb1  CVE-2014-0466.patch"
diff --git a/main/a2ps/CVE-2001-1593.patch b/main/a2ps/CVE-2001-1593.patch
new file mode 100644
index 0000000000..cff6225355
--- /dev/null
+++ b/main/a2ps/CVE-2001-1593.patch
@@ -0,0 +1,65 @@
+--- a2ps-4.13/lib/routines.c.security	Sat Oct 16 05:46:37 1999
++++ a2ps-4.13/lib/routines.c	Mon Feb 12 17:45:15 2001
+@@ -242,3 +242,50 @@
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
++
++/*
++ * Securely generate a temp file, and make sure it gets
++ * deleted upon exit.
++ */
++static char **	tempfiles;
++static unsigned	ntempfiles;
++
++static void
++cleanup_tempfiles()
++{
++	while (ntempfiles--)
++		unlink(tempfiles[ntempfiles]);
++}
++
++char *
++safe_tempnam(const char *pfx)
++{
++	char	*dirname, *filename;
++	int	fd;
++
++	if (!(dirname = getenv("TMPDIR")))
++		dirname = "/tmp";
++
++	tempfiles = (char **) realloc(tempfiles,
++			(ntempfiles+1) * sizeof(char *));
++	if (tempfiles == NULL)
++		return NULL;
++
++	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
++	if (!filename)
++		return NULL;
++
++	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
++
++	if ((fd = mkstemp(filename)) < 0) {
++		free(filename);
++		return NULL;
++	}
++	close(fd);
++
++	if (ntempfiles == 0)
++		atexit(cleanup_tempfiles);
++	tempfiles[ntempfiles++] = filename;
++
++	return filename;
++}
+--- a2ps-4.13/lib/routines.h.security	Mon Oct 18 21:24:41 1999
++++ a2ps-4.13/lib/routines.h	Mon Feb 12 17:39:30 2001
+@@ -255,7 +255,8 @@
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
++  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
++char * safe_tempnam(const char *);
+ 
+ #endif
diff --git a/main/a2ps/CVE-2014-0466.patch b/main/a2ps/CVE-2014-0466.patch
new file mode 100644
index 0000000000..85199e35b0
--- /dev/null
+++ b/main/a2ps/CVE-2014-0466.patch
@@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
+--- a/contrib/fixps.m4
++++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
author	Natanael Copa <ncopa@alpinelinux.org>	2014-04-18 08:20:52 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2014-04-18 09:30:11 +0000
commit	5290aa6bd3d877fe9f42553936e6d5be623c469d (patch)
tree	93e7695c11694834d2c19573eae30d64836ca53b
parent	85615dea1a3118f880f0f6670b8d0869cf08a167 (diff)
download	aports-5290aa6bd3d877fe9f42553936e6d5be623c469d.tar.bz2 aports-5290aa6bd3d877fe9f42553936e6d5be623c469d.tar.xz