rpm/a2ps
SHA256
1
0
Fork 0
forked from pool/a2ps
Code Pull Requests Activity

.

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Publishing/a2ps?expand=0&rev=31
This commit is contained in:
Dr. Werner Fink 2014-03-31 08:09:40 +00:00 committed by Git OBS Bridge
parent a96d210eb6
commit 0bdefeb059
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2014-0466.diff Normal file
View File

@ -0,0 +1,30 @@
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
A malicious PostScript file could delete files with the privileges of
the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28
--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f "$file" ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f "$file" ;;
esac
)
fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f "$file" ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f "$file" ;;
esac
)
fi

6
a2ps.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 31 08:08:37 UTC 2014 - werner@suse.de
- Add patch CVE-2014-0466.diff to fix bnc#871097 - CVE-2014-0466:
fixps does not use -dSAFER
-------------------------------------------------------------------
Mon Dec 9 13:56:20 UTC 2013 - werner@suse.de

5
a2ps.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package a2ps
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -62,6 +62,8 @@ Patch10: a2ps-4.13-types.patch
Patch11: a2ps-4.13-psgen.patch
Patch12: a2ps-4.13-gv-arguments.patch
Patch13: a2ps-4.13-linker.patch
# PATCH-FIX-USTREAM Bug 871097 - CVE-2014-0466: a2ps: fixps does not use -dSAFER
Patch14: CVE-2014-0466.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -105,6 +107,7 @@ touch -r configure.in .ref
%patch -P 11 -p 0 -b .psgen
%patch -P 12 -p 1 -b .gvarg
%patch -P 13 -p 0 -b .ldso
%patch -P 14 -p 1 -b .cve140466
%patch
cp -f %SOURCE1 po/ko.po
rename no nb po/no.*