gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.
* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches. * gnu/packages/patches/a2ps-CVE-2001-1593.patch, gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.
This commit is contained in:
parent
ccda7c8317
commit
6447e19108
|
@ -412,6 +412,8 @@ GNU_SYSTEM_MODULES = \
|
||||||
patchdir = $(guilemoduledir)/%D%/packages/patches
|
patchdir = $(guilemoduledir)/%D%/packages/patches
|
||||||
dist_patch_DATA = \
|
dist_patch_DATA = \
|
||||||
%D%/packages/patches/4store-fix-buildsystem.patch \
|
%D%/packages/patches/4store-fix-buildsystem.patch \
|
||||||
|
%D%/packages/patches/a2ps-CVE-2001-1593.patch \
|
||||||
|
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
|
||||||
%D%/packages/patches/abiword-explictly-cast-bools.patch \
|
%D%/packages/patches/abiword-explictly-cast-bools.patch \
|
||||||
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
|
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
|
||||||
%D%/packages/patches/acl-hurd-path-max.patch \
|
%D%/packages/patches/acl-hurd-path-max.patch \
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
Index: b/lib/routines.c
|
||||||
|
===================================================================
|
||||||
|
--- a/lib/routines.c
|
||||||
|
+++ b/lib/routines.c
|
||||||
|
@@ -242,3 +242,50 @@
|
||||||
|
/* Don't complain if you can't unlink. Who cares of a tmp file? */
|
||||||
|
unlink (filename);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Securely generate a temp file, and make sure it gets
|
||||||
|
+ * deleted upon exit.
|
||||||
|
+ */
|
||||||
|
+static char ** tempfiles;
|
||||||
|
+static unsigned ntempfiles;
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+cleanup_tempfiles()
|
||||||
|
+{
|
||||||
|
+ while (ntempfiles--)
|
||||||
|
+ unlink(tempfiles[ntempfiles]);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+safe_tempnam(const char *pfx)
|
||||||
|
+{
|
||||||
|
+ char *dirname, *filename;
|
||||||
|
+ int fd;
|
||||||
|
+
|
||||||
|
+ if (!(dirname = getenv("TMPDIR")))
|
||||||
|
+ dirname = "/tmp";
|
||||||
|
+
|
||||||
|
+ tempfiles = (char **) realloc(tempfiles,
|
||||||
|
+ (ntempfiles+1) * sizeof(char *));
|
||||||
|
+ if (tempfiles == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
|
||||||
|
+ if (!filename)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
|
||||||
|
+
|
||||||
|
+ if ((fd = mkstemp(filename)) < 0) {
|
||||||
|
+ free(filename);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ close(fd);
|
||||||
|
+
|
||||||
|
+ if (ntempfiles == 0)
|
||||||
|
+ atexit(cleanup_tempfiles);
|
||||||
|
+ tempfiles[ntempfiles++] = filename;
|
||||||
|
+
|
||||||
|
+ return filename;
|
||||||
|
+}
|
||||||
|
Index: b/lib/routines.h
|
||||||
|
===================================================================
|
||||||
|
--- a/lib/routines.h
|
||||||
|
+++ b/lib/routines.h
|
||||||
|
@@ -255,7 +255,8 @@
|
||||||
|
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
|
||||||
|
#define tempname_ensure(Str) \
|
||||||
|
do { \
|
||||||
|
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
|
||||||
|
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
|
||||||
|
} while (0)
|
||||||
|
+char * safe_tempnam(const char *);
|
||||||
|
|
||||||
|
#endif
|
|
@ -0,0 +1,30 @@
|
||||||
|
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
|
||||||
|
A malicious PostScript file could delete files with the privileges of
|
||||||
|
the invoking user.
|
||||||
|
Origin: vendor
|
||||||
|
Bug-Debian: http://bugs.debian.org/742902
|
||||||
|
Author: Salvatore Bonaccorso <carnil@debian.org>
|
||||||
|
Last-Update: 2014-03-28
|
||||||
|
|
||||||
|
--- a/contrib/fixps.in
|
||||||
|
+++ b/contrib/fixps.in
|
||||||
|
@@ -389,7 +389,7 @@
|
||||||
|
eval "$command" ;;
|
||||||
|
gs)
|
||||||
|
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
||||||
|
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||||
|
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||||
|
esac
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
--- a/contrib/fixps.m4
|
||||||
|
+++ b/contrib/fixps.m4
|
||||||
|
@@ -307,7 +307,7 @@
|
||||||
|
eval "$command" ;;
|
||||||
|
gs)
|
||||||
|
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
||||||
|
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||||
|
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
||||||
|
esac
|
||||||
|
)
|
||||||
|
fi
|
|
@ -1,5 +1,6 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
|
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
|
||||||
|
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -43,7 +44,10 @@
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))))
|
"195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
|
||||||
|
(patches (search-patches
|
||||||
|
"a2ps-CVE-2001-1593.patch"
|
||||||
|
"a2ps-CVE-2014-0466.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(inputs
|
(inputs
|
||||||
`(("psutils" ,psutils)
|
`(("psutils" ,psutils)
|
||||||
|
|
Loading…
Reference in New Issue