diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-18 08:20:52 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-18 09:46:20 +0000 |
commit | dc904137c8e3e8f68a9410dbc8bfac56b382b50d (patch) | |
tree | 2653432b3d877b0bfbf59ee334b8ab759e202052 /main | |
parent | cde01b6ed9fd07efc639db755932a0cf99f3ff23 (diff) | |
download | aports-dc904137c8e3e8f68a9410dbc8bfac56b382b50d.tar.bz2 aports-dc904137c8e3e8f68a9410dbc8bfac56b382b50d.tar.xz |
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2822
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
Conflicts:
main/a2ps/APKBUILD
Diffstat (limited to 'main')
-rw-r--r-- | main/a2ps/APKBUILD | 8 | ||||
-rw-r--r-- | main/a2ps/CVE-2001-1593.patch | 65 | ||||
-rw-r--r-- | main/a2ps/CVE-2014-0466.patch | 30 |
3 files changed, 101 insertions, 2 deletions
diff --git a/main/a2ps/APKBUILD b/main/a2ps/APKBUILD index 2cf3a759bb..a39cc7f908 100644 --- a/main/a2ps/APKBUILD +++ b/main/a2ps/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=a2ps pkgver=4.14 -pkgrel=3 +pkgrel=4 pkgdesc="a2ps is an Any to PostScript filter" url="http://www.gnu.org/software/a2ps/" arch="all" @@ -16,6 +16,8 @@ source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz $pkgname-4.13-manpage-chmod.patch $pkgname-$pkgver-check-mempcpy.patch $pkgname-$pkgver-fix-stpcpy-proto.patch + CVE-2001-1593.patch + CVE-2014-0466.patch " prepare() { @@ -50,4 +52,6 @@ md5sums="781ac3d9b213fa3e1ed0d79f986dc8c7 a2ps-4.14.tar.gz 2e493d0bc00d71eb3e8a9b6febc52b69 a2ps-4.13c-emacs.patch 09cc5ed4d3d8ff1b2103e519191e8286 a2ps-4.13-manpage-chmod.patch 42aa39b74f6da8cf6e94185c4fc3e601 a2ps-4.14-check-mempcpy.patch -4b4fbc19a6b79fa64df7e26945fcdcf9 a2ps-4.14-fix-stpcpy-proto.patch" +4b4fbc19a6b79fa64df7e26945fcdcf9 a2ps-4.14-fix-stpcpy-proto.patch +fa3c5f09f47619fbee347256e940fcce CVE-2001-1593.patch +f1c0a955f604ccf7d592b92d67c7d255 CVE-2014-0466.patch" diff --git a/main/a2ps/CVE-2001-1593.patch b/main/a2ps/CVE-2001-1593.patch new file mode 100644 index 0000000000..cff6225355 --- /dev/null +++ b/main/a2ps/CVE-2001-1593.patch @@ -0,0 +1,65 @@ +--- a2ps-4.13/lib/routines.c.security Sat Oct 16 05:46:37 1999 ++++ a2ps-4.13/lib/routines.c Mon Feb 12 17:45:15 2001 +@@ -242,3 +242,50 @@ + /* Don't complain if you can't unlink. Who cares of a tmp file? */ + unlink (filename); + } ++ ++/* ++ * Securely generate a temp file, and make sure it gets ++ * deleted upon exit. ++ */ ++static char ** tempfiles; ++static unsigned ntempfiles; ++ ++static void ++cleanup_tempfiles() ++{ ++ while (ntempfiles--) ++ unlink(tempfiles[ntempfiles]); ++} ++ ++char * ++safe_tempnam(const char *pfx) ++{ ++ char *dirname, *filename; ++ int fd; ++ ++ if (!(dirname = getenv("TMPDIR"))) ++ dirname = "/tmp"; ++ ++ tempfiles = (char **) realloc(tempfiles, ++ (ntempfiles+1) * sizeof(char *)); ++ if (tempfiles == NULL) ++ return NULL; ++ ++ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); ++ if (!filename) ++ return NULL; ++ ++ sprintf(filename, "%s/%sXXXXXX", dirname, pfx); ++ ++ if ((fd = mkstemp(filename)) < 0) { ++ free(filename); ++ return NULL; ++ } ++ close(fd); ++ ++ if (ntempfiles == 0) ++ atexit(cleanup_tempfiles); ++ tempfiles[ntempfiles++] = filename; ++ ++ return filename; ++} +--- a2ps-4.13/lib/routines.h.security Mon Oct 18 21:24:41 1999 ++++ a2ps-4.13/lib/routines.h Mon Feb 12 17:39:30 2001 +@@ -255,7 +255,8 @@ + /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ + #define tempname_ensure(Str) \ + do { \ +- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ ++ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ + } while (0) ++char * safe_tempnam(const char *); + + #endif diff --git a/main/a2ps/CVE-2014-0466.patch b/main/a2ps/CVE-2014-0466.patch new file mode 100644 index 0000000000..85199e35b0 --- /dev/null +++ b/main/a2ps/CVE-2014-0466.patch @@ -0,0 +1,30 @@ +Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER + A malicious PostScript file could delete files with the privileges of + the invoking user. +Origin: vendor +Bug-Debian: http://bugs.debian.org/742902 +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2014-03-28 + +--- a/contrib/fixps.in ++++ b/contrib/fixps.in +@@ -389,7 +389,7 @@ + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi +--- a/contrib/fixps.m4 ++++ b/contrib/fixps.m4 +@@ -307,7 +307,7 @@ + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi |