Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 8 Dec 2015 23:48:13 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r403350 - in branches/2015Q4/print/a2ps: . files
Message-ID:  <201512082348.tB8NmDvx010754@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: junovitch
Date: Tue Dec  8 23:48:13 2015
New Revision: 403350
URL: https://svnweb.freebsd.org/changeset/ports/403350

Log:
  print/a2ps: multiple fixes
  
  - fix for malicious crafted a2ps prologue files [1]
  - fix whitespaces in patch
  - bump PORTREVISION
  
  Submitted by:	feld [1]
  Approved by:	ports-secteam (feld)
  Security:	CVE-2015-8107
  Security:	https://vuxml.FreeBSD.org/freebsd/e359051d-90bd-11e5-bd18-002590263bf5.html

Added:
  branches/2015Q4/print/a2ps/files/patch-output.c
     - copied, changed from r401780, head/print/a2ps/files/patch-output.c
Modified:
  branches/2015Q4/print/a2ps/Makefile
Directory Properties:
  branches/2015Q4/   (props changed)

Modified: branches/2015Q4/print/a2ps/Makefile
==============================================================================
--- branches/2015Q4/print/a2ps/Makefile	Tue Dec  8 23:08:11 2015	(r403349)
+++ branches/2015Q4/print/a2ps/Makefile	Tue Dec  8 23:48:13 2015	(r403350)
@@ -3,7 +3,7 @@
 
 PORTNAME=	a2ps
 PORTVERSION=	4.13b
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	print
 MASTER_SITES=	GNU LOCAL/hrs/a2ps/:i18n
 

Copied and modified: branches/2015Q4/print/a2ps/files/patch-output.c (from r401780, head/print/a2ps/files/patch-output.c)
==============================================================================
--- head/print/a2ps/files/patch-output.c	Mon Nov 16 18:38:56 2015	(r401780, copy source)
+++ branches/2015Q4/print/a2ps/files/patch-output.c	Tue Dec  8 23:48:13 2015	(r403350)
@@ -1,13 +1,13 @@
 Fix for CVE-2015-8107
 http://www.openwall.com/lists/oss-security/2015/11/16/4
---- lib/output.c.orig  2015-11-16 15:29:38 UTC
-+++ lib/output.c
-@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
-                    expand_user_string (job, FIRST_FILE (job),
-                                        (const uchar *) "Expand: requirement",
-                                        (const uchar *) token));
--      output (dest, expansion);
-+      output (dest, "%s", expansion);
-       continue;
+--- lib/output.c.orig	1999-08-31 19:42:41.000000000 +0200
++++ lib/output.c	2015-11-18 07:08:31.672864000 +0100
+@@ -525,7 +525,7 @@
+ 		     expand_user_string (job, FIRST_FILE (job),
+ 					 (const uchar *) "Expand: requirement",
+ 					 (const uchar *) token));
+-	output (dest, expansion);
++	output (dest, "%s", expansion);
+ 	continue;
        }
-
+ 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512082348.tB8NmDvx010754>