diff --git a/SOURCES/a2ps-CVE-2014-0466.patch b/SOURCES/a2ps-CVE-2014-0466.patch new file mode 100644 index 0000000..b857019 --- /dev/null +++ b/SOURCES/a2ps-CVE-2014-0466.patch @@ -0,0 +1,24 @@ +diff -up a2ps-4.14/contrib/fixps.in.CVE-2014-0466 a2ps-4.14/contrib/fixps.in +--- a2ps-4.14/contrib/fixps.in.CVE-2014-0466 2014-04-01 15:35:04.168904356 +0100 ++++ a2ps-4.14/contrib/fixps.in 2014-04-01 15:35:36.509060292 +0100 +@@ -389,7 +389,7 @@ if test $task != check; then + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi +diff -up a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 a2ps-4.14/contrib/fixps.m4 +--- a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 2014-04-01 15:35:06.885917452 +0100 ++++ a2ps-4.14/contrib/fixps.m4 2014-04-01 15:35:48.748119336 +0100 +@@ -307,7 +307,7 @@ if test $task != check; then + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi diff --git a/SPECS/a2ps.spec b/SPECS/a2ps.spec index 356db59..c48664e 100644 --- a/SPECS/a2ps.spec +++ b/SPECS/a2ps.spec @@ -1,7 +1,7 @@ Summary: Converts text and other types of files to PostScript Name: a2ps Version: 4.14 -Release: 20%{?dist} +Release: 23%{?dist} License: GPLv3+ Group: Applications/Publishing Source0: http://ftp.gnu.org/gnu/a2ps/%{name}-%{version}.tar.gz @@ -37,6 +37,7 @@ Patch36: a2ps-forward-null.patch Patch37: a2ps-overrun-dynamic.patch Patch38: a2ps-overrun-static.patch Patch39: a2ps-resource-leak.patch +Patch40: a2ps-CVE-2014-0466.patch Requires: fileutils sh-utils info BuildRequires: gperf BuildRequires: emacs, flex, libtool, texinfo, groff @@ -170,6 +171,9 @@ the emacs-%{name} package to use emacs-%{name} with GNU Emacs. # Coverity fix (resource-leak). %patch39 -p1 -b .resource-leak +# Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082410). +%patch40 -p1 -b .CVE-2014-0466 + for file in AUTHORS ChangeLog; do iconv -f latin1 -t UTF-8 < $file > $file.utf8 touch -c -r $file $file.utf8 @@ -309,6 +313,15 @@ exit 0 %{_emacs_sitelispdir}/%{name}/*.el %changelog +* Tue Apr 1 2014 Tim Waugh - 4.14-23 +- Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082410). + +* Tue Jan 28 2014 Daniel Mach - 4.14-22 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 4.14-21 +- Mass rebuild 2013-12-27 + * Tue Apr 30 2013 Tim Waugh - 4.14-20 - Avoid a bad free in the encoding handling logic (bug #954104).