diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2019-07-10 12:45:08 +0300 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2019-07-10 12:47:47 +0300 |
commit | 841bddb4b45fd6e47a8991f74380ba20dacbe1be (patch) | |
tree | 366e4a97004435ac1de8500201f1260ca3c9e28a | |
parent | 3e4afe029861b0205eed401a751f049e9deb128f (diff) |
gnu: a2ps: Fix CVE-2015-8107.
* gnu/packages/pretty-print.scm (a2ps)[source]: Add patch.
* gnu/packages/patches/a2ps-CVE-2015-8107.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/a2ps-CVE-2015-8107.patch | 80 | ||||
-rw-r--r-- | gnu/packages/pretty-print.scm | 5 |
3 files changed, 84 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 01c3ce011f..2821cdcca9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -660,6 +660,7 @@ dist_patch_DATA = \ %D%/packages/patches/4store-unset-preprocessor-directive.patch \ %D%/packages/patches/a2ps-CVE-2001-1593.patch \ %D%/packages/patches/a2ps-CVE-2014-0466.patch \ + %D%/packages/patches/a2ps-CVE-2015-8107.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ %D%/packages/patches/abiword-black-drawing-with-gtk322.patch \ %D%/packages/patches/acl-fix-perl-regex.patch \ diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch new file mode 100644 index 0000000000..5ea35d45da --- /dev/null +++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch @@ -0,0 +1,80 @@ +https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff + +Index: b/lib/psgen.c +=================================================================== +--- a/lib/psgen.c ++++ b/lib/psgen.c +@@ -232,7 +232,7 @@ + default: + *buf = '\0'; + ps_escape_char (job, cp[i], buf); +- output (jdiv, (char *) buf); ++ output (jdiv, "%s", (char *) buf); + break; + } + } +Index: b/lib/output.c +=================================================================== +--- a/lib/output.c ++++ b/lib/output.c +@@ -525,7 +525,7 @@ + expand_user_string (job, FIRST_FILE (job), + (const uchar *) "Expand: requirement", + (const uchar *) token)); +- output (dest, expansion); ++ output (dest, "%s", expansion); + continue; + } + +Index: b/lib/parseppd.y +=================================================================== +--- a/lib/parseppd.y ++++ b/lib/parseppd.y +@@ -154,7 +154,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.y +=================================================================== +--- a/src/parsessh.y ++++ b/src/parsessh.y +@@ -740,7 +740,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* +Index: b/lib/parseppd.c +=================================================================== +--- a/lib/parseppd.c ++++ b/lib/parseppd.c +@@ -1707,7 +1707,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.c +=================================================================== +--- a/src/parsessh.c ++++ b/src/parsessh.c +@@ -2639,7 +2639,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm index 405ad08ba4..7a5b98c698 100644 --- a/gnu/packages/pretty-print.scm +++ b/gnu/packages/pretty-print.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org> @@ -63,7 +63,8 @@ #t)) (patches (search-patches "a2ps-CVE-2001-1593.patch" - "a2ps-CVE-2014-0466.patch")))) + "a2ps-CVE-2014-0466.patch" + "a2ps-CVE-2015-8107.patch")))) (build-system gnu-build-system) (inputs `(("psutils" ,psutils) |