[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.
|
From: |
Efraim Flashner |
|
Subject: |
01/02: gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466. |
|
Date: |
Mon, 30 May 2016 04:45:32 +0000 (UTC) |
efraim pushed a commit to branch master
in repository guix.
commit 6447e19108c69277ff2ead3fb084b04cd516e76a
Author: Efraim Flashner <address@hidden>
Date: Mon May 30 07:13:47 2016 +0300
gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.
* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches.
* gnu/packages/patches/a2ps-CVE-2001-1593.patch,
gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables.
* gnu/local.mk (dist_patch_DATA): Add them.
---
gnu/local.mk | 2 +
gnu/packages/patches/a2ps-CVE-2001-1593.patch | 69 +++++++++++++++++++++++++
gnu/packages/patches/a2ps-CVE-2014-0466.patch | 30 +++++++++++
gnu/packages/pretty-print.scm | 6 ++-
4 files changed, 106 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 66d7c62..f5745d3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -412,6 +412,8 @@ GNU_SYSTEM_MODULES = \
patchdir = $(guilemoduledir)/%D%/packages/patches
dist_patch_DATA = \
%D%/packages/patches/4store-fix-buildsystem.patch \
+ %D%/packages/patches/a2ps-CVE-2001-1593.patch \
+ %D%/packages/patches/a2ps-CVE-2014-0466.patch \
%D%/packages/patches/abiword-explictly-cast-bools.patch \
%D%/packages/patches/abiword-wmf-version-lookup-fix.patch \
%D%/packages/patches/acl-hurd-path-max.patch \
diff --git a/gnu/packages/patches/a2ps-CVE-2001-1593.patch
b/gnu/packages/patches/a2ps-CVE-2001-1593.patch
new file mode 100644
index 0000000..17b7e7d
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2001-1593.patch
@@ -0,0 +1,69 @@
+Index: b/lib/routines.c
+===================================================================
+--- a/lib/routines.c
++++ b/lib/routines.c
+@@ -242,3 +242,50 @@
+ /* Don't complain if you can't unlink. Who cares of a tmp file? */
+ unlink (filename);
+ }
++
++/*
++ * Securely generate a temp file, and make sure it gets
++ * deleted upon exit.
++ */
++static char ** tempfiles;
++static unsigned ntempfiles;
++
++static void
++cleanup_tempfiles()
++{
++ while (ntempfiles--)
++ unlink(tempfiles[ntempfiles]);
++}
++
++char *
++safe_tempnam(const char *pfx)
++{
++ char *dirname, *filename;
++ int fd;
++
++ if (!(dirname = getenv("TMPDIR")))
++ dirname = "/tmp";
++
++ tempfiles = (char **) realloc(tempfiles,
++ (ntempfiles+1) * sizeof(char *));
++ if (tempfiles == NULL)
++ return NULL;
++
++ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
++ if (!filename)
++ return NULL;
++
++ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
++
++ if ((fd = mkstemp(filename)) < 0) {
++ free(filename);
++ return NULL;
++ }
++ close(fd);
++
++ if (ntempfiles == 0)
++ atexit(cleanup_tempfiles);
++ tempfiles[ntempfiles++] = filename;
++
++ return filename;
++}
+Index: b/lib/routines.h
+===================================================================
+--- a/lib/routines.h
++++ b/lib/routines.h
+@@ -255,7 +255,8 @@
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str) \
+ do { \
+- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
++ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
+ } while (0)
++char * safe_tempnam(const char *);
+
+ #endif
diff --git a/gnu/packages/patches/a2ps-CVE-2014-0466.patch
b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
new file mode 100644
index 0000000..85199e3
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
@@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <address@hidden>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f
$file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c
save pop -f $file ;;
+ esac
+ )
+ fi
+--- a/contrib/fixps.m4
++++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f
$file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c
save pop -f $file ;;
+ esac
+ )
+ fi
diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm
index a1692dd..1662126 100644
--- a/gnu/packages/pretty-print.scm
+++ b/gnu/packages/pretty-print.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Eric Bavier <address@hidden>
+;;; Copyright © 2016 Efraim Flashner <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -43,7 +44,10 @@
version ".tar.gz"))
(sha256
(base32
- "195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))))
+ "195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
+ (patches (search-patches
+ "a2ps-CVE-2001-1593.patch"
+ "a2ps-CVE-2014-0466.patch"))))
(build-system gnu-build-system)
(inputs
`(("psutils" ,psutils)