me/guix
Archived
1
0
Fork 0
Code Activity

gnu: a2ps: Update to 4.15.3.

Browse source 
* gnu/packages/pretty-print.scm (a2ps): Update to 4.15.3.
[inputs]: Add FILE, LIBGC, LIBPAPER. Re-order alphabetically.
[native-inputs]: Add PKG-CONFIG. Re-order alphabetically.
* gnu/packages/patches/a2ps-CVE-2001-1593.patch,
  gnu/packages/patches/a2ps-CVE-2014-0466.patch,
  gnu/packages/patches/a2ps-CVE-2015-8107.patch: Remove.
* gnu/local.mk (dist_patch_DATA): Remove entries above.

Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
This commit is contained in:
Andy Tai 2023-04-03 12:31:04 +02:00 committed by Maxim Cournoyer
parent 937b258879
commit 4239b6ac85
No known key found for this signature in database
GPG key ID: 1260E46482E63562
5 changed files with 13 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
gnu/local.mk
View file

@ -865,9 +865,6 @@ MODULES_NOT_COMPILED += \
patchdir = $(guilemoduledir)/%D%/packages/patches
dist_patch_DATA = \
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
%D%/packages/patches/a2ps-CVE-2015-8107.patch \
%D%/packages/patches/abcl-fix-build-xml.patch \
%D%/packages/patches/ableton-link-system-libraries-debian.patch \
%D%/packages/patches/abiword-explictly-cast-bools.patch \

69
gnu/packages/patches/a2ps-CVE-2001-1593.patch
View file

@ -1,69 +0,0 @@
Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
/* Don't complain if you can't unlink. Who cares of a tmp file? */
unlink (filename);
}
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char ** tempfiles;
+static unsigned ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+ while (ntempfiles--)
+ unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+ char *dirname, *filename;
+ int fd;
+
+ if (!(dirname = getenv("TMPDIR")))
+ dirname = "/tmp";
+
+ tempfiles = (char **) realloc(tempfiles,
+ (ntempfiles+1) * sizeof(char *));
+ if (tempfiles == NULL)
+ return NULL;
+
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+ if (!filename)
+ return NULL;
+
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+ if ((fd = mkstemp(filename)) < 0) {
+ free(filename);
+ return NULL;
+ }
+ close(fd);
+
+ if (ntempfiles == 0)
+ atexit(cleanup_tempfiles);
+ tempfiles[ntempfiles++] = filename;
+
+ return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
#define tempname_ensure(Str) \
do { \
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
} while (0)
+char * safe_tempnam(const char *);
#endif

30
gnu/packages/patches/a2ps-CVE-2014-0466.patch
View file

@ -1,30 +0,0 @@
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
A malicious PostScript file could delete files with the privileges of
the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28
--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi

80
gnu/packages/patches/a2ps-CVE-2015-8107.patch
View file

@ -1,80 +0,0 @@
https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff
Index: b/lib/psgen.c
===================================================================
--- a/lib/psgen.c
+++ b/lib/psgen.c
@@ -232,7 +232,7 @@
default:
*buf = '\0';
ps_escape_char (job, cp[i], buf);
- output (jdiv, (char *) buf);
+ output (jdiv, "%s", (char *) buf);
break;
}
}
Index: b/lib/output.c
===================================================================
--- a/lib/output.c
+++ b/lib/output.c
@@ -525,7 +525,7 @@
expand_user_string (job, FIRST_FILE (job),
(const uchar *) "Expand: requirement",
(const uchar *) token));
- output (dest, expansion);
+ output (dest, "%s", expansion);
continue;
}
Index: b/lib/parseppd.y
===================================================================
--- a/lib/parseppd.y
+++ b/lib/parseppd.y
@@ -154,7 +154,7 @@
void
yyerror (const char *msg)
{
- error_at_line (1, 0, ppdfilename, ppdlineno, msg);
+ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
}
/*
Index: b/src/parsessh.y
===================================================================
--- a/src/parsessh.y
+++ b/src/parsessh.y
@@ -740,7 +740,7 @@
void
yyerror (const char *msg)
{
- error_at_line (1, 0, sshfilename, sshlineno, msg);
+ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
}
/*
Index: b/lib/parseppd.c
===================================================================
--- a/lib/parseppd.c
+++ b/lib/parseppd.c
@@ -1707,7 +1707,7 @@
void
yyerror (const char *msg)
{
- error_at_line (1, 0, ppdfilename, ppdlineno, msg);
+ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
}
/*
Index: b/src/parsessh.c
===================================================================
--- a/src/parsessh.c
+++ b/src/parsessh.c
@@ -2639,7 +2639,7 @@
void
yyerror (const char *msg)
{
- error_at_line (1, 0, sshfilename, sshlineno, msg);
+ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
}
/*

25
gnu/packages/pretty-print.scm
View file

@ -37,7 +37,9 @@
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages boost)
#:use-module (gnu packages bdw-gc)
#:use-module (gnu packages compression)
#:use-module (gnu packages file)
#:use-module (gnu packages flex)
#:use-module (gnu packages ghostscript)
#:use-module (gnu packages gperf)
@ -52,34 +54,29 @@
(define-public a2ps
(package
(name "a2ps")
(version "4.14")
(version "4.15.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/a2ps/a2ps-"
version ".tar.gz"))
(sha256
(base32
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
"1izpmbk3i66g8cn1bd3kdpk72vxn5ggy329xjvag5jsdxgh823nh"))
(modules '((guix build utils)))
(snippet
;; Remove timestamp from the installed 'README' file.
'(begin
(substitute* "etc/README.in"
(("@date@")
"1st of some month, sometime after 1970"))
#t))
(patches (search-patches
"a2ps-CVE-2001-1593.patch"
"a2ps-CVE-2014-0466.patch"
"a2ps-CVE-2015-8107.patch"))))
"1st of some month, sometime after 1970"))))))
(build-system gnu-build-system)
(inputs
(list psutils gv))
(native-inputs
(list gperf groff perl))
(arguments
'(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'skip-failing-tests
(lambda _
(substitute* (list "tests/Makefile.am" "tests/Makefile.in")
(("(encoding|prolog-2)\\.tst") ""))))
(add-before 'build 'patch-scripts
(lambda _
(substitute*
@ -108,6 +105,10 @@
"tests/gps-ref/psmandup.ps")
(("#! */bin/sh") (string-append
"#!" (which "sh")))))))))
(native-inputs
(list gperf groff perl pkg-config))
(inputs
(list file gv libgc libpaper psutils))
(home-page "https://www.gnu.org/software/a2ps/")
(synopsis "Any file to PostScript, including pretty-printing")
(description