gnu: a2ps: Fix CVE-2001-1593, CVE-2014-0466.

* gnu/packages/pretty-print.scm (a2ps)[source]: Add patches. * gnu/packages/patches/a2ps-CVE-2001-1593.patch, gnu/packages/patches/a2ps-CVE-2014-0466.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them.
2016-05-30 07:13:47 +03:00 · 2016-05-30 07:13:47 +03:00 · 6447e19108
parent ccda7c8317
commit 6447e19108
4 changed files with 106 additions and 1 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -412,6 +412,8 @@ GNU_SYSTEM_MODULES =				\
 patchdir = $(guilemoduledir)/%D%/packages/patches
 dist_patch_DATA =						\
  %D%/packages/patches/4store-fix-buildsystem.patch		\
+  %D%/packages/patches/a2ps-CVE-2001-1593.patch	\
+  %D%/packages/patches/a2ps-CVE-2014-0466.patch	\
  %D%/packages/patches/abiword-explictly-cast-bools.patch	\
  %D%/packages/patches/abiword-wmf-version-lookup-fix.patch	\
  %D%/packages/patches/acl-hurd-path-max.patch			\
--- a/gnu/packages/patches/a2ps-CVE-2001-1593.patch
+++ b/gnu/packages/patches/a2ps-CVE-2001-1593.patch
@ -0,0 +1,69 @@
+Index: b/lib/routines.c
+===================================================================
+--- a/lib/routines.c
+++ b/lib/routines.c
+@@ -242,3 +242,50 @@
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
+Index: b/lib/routines.h
+===================================================================
+--- a/lib/routines.h
+++ b/lib/routines.h
+@@ -255,7 +255,8 @@
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
+char * safe_tempnam(const char *);
+ 
+ #endif
--- a/gnu/packages/patches/a2ps-CVE-2014-0466.patch
+++ b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
+++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
+--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
--- a/gnu/packages/pretty-print.scm
+++ b/gnu/packages/pretty-print.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -43,7 +44,10 @@
                          version ".tar.gz"))
      (sha256
       (base32
-        "195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))))
+        "195k78m1h03m961qn7jr120z815iyb93gwi159p1p9348lyqvbpk"))
+      (patches (search-patches
+                 "a2ps-CVE-2001-1593.patch"
+                 "a2ps-CVE-2014-0466.patch"))))
    (build-system gnu-build-system)
    (inputs
     `(("psutils" ,psutils)