From 637c5d8219e254e8ba1b37d092f1b082ff7ddeaa Mon Sep 17 00:00:00 2001 From: Andy Tai Date: Mon, 3 Apr 2023 12:31:04 +0200 Subject: gnu: a2ps: Update to 4.15.3. * gnu/packages/pretty-print.scm (a2ps): Update to 4.15.3. [inputs]: Add FILE, LIBGC, LIBPAPER. Re-order alphabetically. [native-inputs]: Add PKG-CONFIG. Re-order alphabetically. * gnu/packages/patches/a2ps-CVE-2001-1593.patch, gnu/packages/patches/a2ps-CVE-2014-0466.patch, gnu/packages/patches/a2ps-CVE-2015-8107.patch: Remove. * gnu/local.mk (dist_patch_DATA): Remove entries above. Signed-off-by: Nicolas Goaziou --- gnu/packages/patches/a2ps-CVE-2001-1593.patch | 69 ----------------------- gnu/packages/patches/a2ps-CVE-2014-0466.patch | 30 ---------- gnu/packages/patches/a2ps-CVE-2015-8107.patch | 80 --------------------------- 3 files changed, 179 deletions(-) delete mode 100644 gnu/packages/patches/a2ps-CVE-2001-1593.patch delete mode 100644 gnu/packages/patches/a2ps-CVE-2014-0466.patch delete mode 100644 gnu/packages/patches/a2ps-CVE-2015-8107.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/a2ps-CVE-2001-1593.patch b/gnu/packages/patches/a2ps-CVE-2001-1593.patch deleted file mode 100644 index 17b7e7d932..0000000000 --- a/gnu/packages/patches/a2ps-CVE-2001-1593.patch +++ /dev/null @@ -1,69 +0,0 @@ -Index: b/lib/routines.c -=================================================================== ---- a/lib/routines.c -+++ b/lib/routines.c -@@ -242,3 +242,50 @@ - /* Don't complain if you can't unlink. Who cares of a tmp file? */ - unlink (filename); - } -+ -+/* -+ * Securely generate a temp file, and make sure it gets -+ * deleted upon exit. -+ */ -+static char ** tempfiles; -+static unsigned ntempfiles; -+ -+static void -+cleanup_tempfiles() -+{ -+ while (ntempfiles--) -+ unlink(tempfiles[ntempfiles]); -+} -+ -+char * -+safe_tempnam(const char *pfx) -+{ -+ char *dirname, *filename; -+ int fd; -+ -+ if (!(dirname = getenv("TMPDIR"))) -+ dirname = "/tmp"; -+ -+ tempfiles = (char **) realloc(tempfiles, -+ (ntempfiles+1) * sizeof(char *)); -+ if (tempfiles == NULL) -+ return NULL; -+ -+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); -+ if (!filename) -+ return NULL; -+ -+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx); -+ -+ if ((fd = mkstemp(filename)) < 0) { -+ free(filename); -+ return NULL; -+ } -+ close(fd); -+ -+ if (ntempfiles == 0) -+ atexit(cleanup_tempfiles); -+ tempfiles[ntempfiles++] = filename; -+ -+ return filename; -+} -Index: b/lib/routines.h -=================================================================== ---- a/lib/routines.h -+++ b/lib/routines.h -@@ -255,7 +255,8 @@ - /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ - #define tempname_ensure(Str) \ - do { \ -- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ -+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ - } while (0) -+char * safe_tempnam(const char *); - - #endif diff --git a/gnu/packages/patches/a2ps-CVE-2014-0466.patch b/gnu/packages/patches/a2ps-CVE-2014-0466.patch deleted file mode 100644 index 85199e35b0..0000000000 --- a/gnu/packages/patches/a2ps-CVE-2014-0466.patch +++ /dev/null @@ -1,30 +0,0 @@ -Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER - A malicious PostScript file could delete files with the privileges of - the invoking user. -Origin: vendor -Bug-Debian: http://bugs.debian.org/742902 -Author: Salvatore Bonaccorso -Last-Update: 2014-03-28 - ---- a/contrib/fixps.in -+++ b/contrib/fixps.in -@@ -389,7 +389,7 @@ - eval "$command" ;; - gs) - $verbose "$program: making a full rewrite of the file ($gs)." >&2 -- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; -+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; - esac - ) - fi ---- a/contrib/fixps.m4 -+++ b/contrib/fixps.m4 -@@ -307,7 +307,7 @@ - eval "$command" ;; - gs) - $verbose "$program: making a full rewrite of the file ($gs)." >&2 -- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; -+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; - esac - ) - fi diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch deleted file mode 100644 index 5ea35d45da..0000000000 --- a/gnu/packages/patches/a2ps-CVE-2015-8107.patch +++ /dev/null @@ -1,80 +0,0 @@ -https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff - -Index: b/lib/psgen.c -=================================================================== ---- a/lib/psgen.c -+++ b/lib/psgen.c -@@ -232,7 +232,7 @@ - default: - *buf = '\0'; - ps_escape_char (job, cp[i], buf); -- output (jdiv, (char *) buf); -+ output (jdiv, "%s", (char *) buf); - break; - } - } -Index: b/lib/output.c -=================================================================== ---- a/lib/output.c -+++ b/lib/output.c -@@ -525,7 +525,7 @@ - expand_user_string (job, FIRST_FILE (job), - (const uchar *) "Expand: requirement", - (const uchar *) token)); -- output (dest, expansion); -+ output (dest, "%s", expansion); - continue; - } - -Index: b/lib/parseppd.y -=================================================================== ---- a/lib/parseppd.y -+++ b/lib/parseppd.y -@@ -154,7 +154,7 @@ - void - yyerror (const char *msg) - { -- error_at_line (1, 0, ppdfilename, ppdlineno, msg); -+ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); - } - - /* -Index: b/src/parsessh.y -=================================================================== ---- a/src/parsessh.y -+++ b/src/parsessh.y -@@ -740,7 +740,7 @@ - void - yyerror (const char *msg) - { -- error_at_line (1, 0, sshfilename, sshlineno, msg); -+ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); - } - - /* -Index: b/lib/parseppd.c -=================================================================== ---- a/lib/parseppd.c -+++ b/lib/parseppd.c -@@ -1707,7 +1707,7 @@ - void - yyerror (const char *msg) - { -- error_at_line (1, 0, ppdfilename, ppdlineno, msg); -+ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); - } - - /* -Index: b/src/parsessh.c -=================================================================== ---- a/src/parsessh.c -+++ b/src/parsessh.c -@@ -2639,7 +2639,7 @@ - void - yyerror (const char *msg) - { -- error_at_line (1, 0, sshfilename, sshlineno, msg); -+ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); - } - - /* -- cgit v1.2.3