gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.
* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches. * gnu/packages/patches/a2ps-CVE-2001-1593.patch, gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.master
parent
ccda7c8317
commit
6447e19108
|
@ -412,6 +412,8 @@ GNU_SYSTEM_MODULES = \
|
|||
patchdir = $(guilemoduledir)/%D%/packages/patches
|
||||
dist_patch_DATA = \
|
||||
%D%/packages/patches/4store-fix-buildsystem.patch \
|
||||
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
|
||||
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
|
||||
%D%/packages/patches/abiword-explictly-cast-bools.patch \
|
||||
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
|
||||
%D%/packages/patches/acl-hurd-path-max.patch \
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
Index: b/lib/routines.c
|
||||
===================================================================
|
||||
--- a/lib/routines.c
|
||||
+++ b/lib/routines.c
|
||||
@@ -242,3 +242,50 @@
|
||||
/* Don't complain if you can't unlink. Who cares of a tmp file? */
|
||||
unlink (filename);
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * Securely generate a temp file, and make sure it gets
|
||||
+ * deleted upon exit.
|
||||
+ */
|
||||
+static char ** tempfiles;
|
||||
+static unsigned ntempfiles;
|
||||
+
|
||||
+static void
|
||||
+cleanup_tempfiles()
|
||||
+{
|
||||
+ while (ntempfiles--)
|
||||
+ unlink(tempfiles[ntempfiles]);
|
||||
+}
|
||||
+
|
||||
+char *
|
||||
+safe_tempnam(const char *pfx)
|
||||
+{
|
||||
+ char *dirname, *filename;
|
||||
+ int fd;
|
||||
+
|
||||
+ if (!(dirname = getenv("TMPDIR")))
|
||||
+ dirname = "/tmp";
|
||||
+
|
||||
+ tempfiles = (char **) realloc(tempfiles,
|
||||
+ (ntempfiles+1) * sizeof(char *));
|
||||
+ if (tempfiles == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
|
||||
+ if (!filename)
|
||||
+ return NULL;
|
||||
+
|
||||
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
|
||||
+
|
||||
+ if ((fd = mkstemp(filename)) < 0) {
|
||||
+ free(filename);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ close(fd);
|
||||
+
|
||||
+ if (ntempfiles == 0)
|
||||
+ atexit(cleanup_tempfiles);
|
||||
+ tempfiles[ntempfiles++] = filename;
|
||||
+
|
||||
+ return filename;
|
||||
+}
|
||||
Index: b/lib/routines.h
|
||||
===================================================================
|
||||
--- a/lib/routines.h
|
||||
+++ b/lib/routines.h
|
||||
@@ -255,7 +255,8 @@
|
||||
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
|
||||
#define tempname_ensure(Str) \
|
||||
do { \
|
||||
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
|
||||
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
|
||||
} while (0)
|
||||
+char * safe_tempnam(const char *);
|
||||
|
||||
#endif
|
|
@ -0,0 +1,30 @@
|
|||
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
|
||||
A malicious PostScript file could delete files with the privileges of
|
||||
the invoking user.
|
||||
Origin: vendor
|
||||
Bug-Debian: http://bugs.debian.org/742902
|
||||
Author: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2014-03-28
|
||||
|
||||
--- a/contrib/fixps.in
|
||||
+++ b/contrib/fixps.in
|
||||
@@ -389,7 +389,7 @@
|
||||
eval "$command" ;;
|
||||
gs)
|
||||
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
||||
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||
esac
|
||||
)
|
||||
fi
|
||||
--- a/contrib/fixps.m4
|
||||
+++ b/contrib/fixps.m4
|
||||
@@ -307,7 +307,7 @@
|
||||
eval "$command" ;;
|
||||
gs)
|
||||
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
||||
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||
esac
|
||||
)
|
||||
fi
|
|
@ -1,5 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
|
||||
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -43,7 +44,10 @@
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))))
|
||||
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
|
||||
(patches (search-patches
|
||||
"a2ps-CVE-2001-1593.patch"
|
||||
"a2ps-CVE-2014-0466.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs
|
||||
`(("psutils" ,psutils)
|
||||
|
|
Reference in New Issue