me
/
guix
Archived
1
0
Fork 0

gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.

* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches.
* gnu/packages/patches/a2ps-CVE-2001-1593.patch,
gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
master
Efraim Flashner 2016-05-30 07:13:47 +03:00
parent ccda7c8317
commit 6447e19108
No known key found for this signature in database
GPG Key ID: F4C1D3917EACEE93
4 changed files with 106 additions and 1 deletions

View File

@ -412,6 +412,8 @@ GNU_SYSTEM_MODULES = \
patchdir = $(guilemoduledir)/%D%/packages/patches
dist_patch_DATA = \
%D%/packages/patches/4store-fix-buildsystem.patch \
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
%D%/packages/patches/abiword-explictly-cast-bools.patch \
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
%D%/packages/patches/acl-hurd-path-max.patch \

View File

@ -0,0 +1,69 @@
Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
/* Don't complain if you can't unlink. Who cares of a tmp file? */
unlink (filename);
}
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char ** tempfiles;
+static unsigned ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+ while (ntempfiles--)
+ unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+ char *dirname, *filename;
+ int fd;
+
+ if (!(dirname = getenv("TMPDIR")))
+ dirname = "/tmp";
+
+ tempfiles = (char **) realloc(tempfiles,
+ (ntempfiles+1) * sizeof(char *));
+ if (tempfiles == NULL)
+ return NULL;
+
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+ if (!filename)
+ return NULL;
+
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+ if ((fd = mkstemp(filename)) < 0) {
+ free(filename);
+ return NULL;
+ }
+ close(fd);
+
+ if (ntempfiles == 0)
+ atexit(cleanup_tempfiles);
+ tempfiles[ntempfiles++] = filename;
+
+ return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
#define tempname_ensure(Str) \
do { \
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
} while (0)
+char * safe_tempnam(const char *);
#endif

View File

@ -0,0 +1,30 @@
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
A malicious PostScript file could delete files with the privileges of
the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28
--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -43,7 +44,10 @@
version ".tar.gz"))
(sha256
(base32
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))))
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
(patches (search-patches
"a2ps-CVE-2001-1593.patch"
"a2ps-CVE-2014-0466.patch"))))
(build-system gnu-build-system)
(inputs
`(("psutils" ,psutils)