diff --git a/a2ps-CVE-2014-0466.patch b/a2ps-CVE-2014-0466.patch new file mode 100644 index 0000000..b857019 --- /dev/null +++ b/a2ps-CVE-2014-0466.patch @@ -0,0 +1,24 @@ +diff -up a2ps-4.14/contrib/fixps.in.CVE-2014-0466 a2ps-4.14/contrib/fixps.in +--- a2ps-4.14/contrib/fixps.in.CVE-2014-0466 2014-04-01 15:35:04.168904356 +0100 ++++ a2ps-4.14/contrib/fixps.in 2014-04-01 15:35:36.509060292 +0100 +@@ -389,7 +389,7 @@ if test $task != check; then + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi +diff -up a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 a2ps-4.14/contrib/fixps.m4 +--- a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 2014-04-01 15:35:06.885917452 +0100 ++++ a2ps-4.14/contrib/fixps.m4 2014-04-01 15:35:48.748119336 +0100 +@@ -307,7 +307,7 @@ if test $task != check; then + eval "$command" ;; + gs) + $verbose "$program: making a full rewrite of the file ($gs)." >&2 +- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; ++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;; + esac + ) + fi diff --git a/a2ps.spec b/a2ps.spec index eec76b6..3b982f8 100644 --- a/a2ps.spec +++ b/a2ps.spec @@ -1,7 +1,7 @@ Summary: Converts text and other types of files to PostScript Name: a2ps Version: 4.14 -Release: 22%{?dist} +Release: 23%{?dist} License: GPLv3+ Group: Applications/Publishing Source0: http://ftp.gnu.org/gnu/a2ps/%{name}-%{version}.tar.gz @@ -38,6 +38,7 @@ Patch36: a2ps-forward-null.patch Patch37: a2ps-overrun-dynamic.patch Patch38: a2ps-overrun-static.patch Patch39: a2ps-resource-leak.patch +Patch40: a2ps-CVE-2014-0466.patch Requires: fileutils sh-utils info BuildRequires: gperf BuildRequires: emacs, flex, libtool, texinfo, groff @@ -174,6 +175,9 @@ the emacs-%{name} package to use emacs-%{name} with GNU Emacs. # Coverity fix (resource-leak). %patch39 -p1 -b .resource-leak +# Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082411). +%patch40 -p1 -b .CVE-2014-0466 + for file in AUTHORS ChangeLog; do iconv -f latin1 -t UTF-8 < $file > $file.utf8 touch -c -r $file $file.utf8 @@ -313,6 +317,9 @@ exit 0 %{_emacs_sitelispdir}/%{name}/*.el %changelog +* Tue Apr 1 2014 Tim Waugh - 4.14-23 +- Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082411). + * Tue Dec 3 2013 Tim Waugh - 4.14-22 - Prevent build failure with -Werror=format-security (bug #1036979).