rpms/a2ps
1
0
Fork 0
mirror of https://git.centos.org/rpms/a2ps.git synced 2025-02-23 16:22:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

import a2ps-4.14-23.el7.src.rpm

Browse source
This commit is contained in:
CentOS Buildsys 2014-04-01 16:28:29 +01:00
parent 8f1c6e6be2
commit 537872e490
2 changed files with 38 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
SOURCES/a2ps-CVE-2014-0466.patch Normal file
View file

@ -0,0 +1,24 @@
diff -up a2ps-4.14/contrib/fixps.in.CVE-2014-0466 a2ps-4.14/contrib/fixps.in
--- a2ps-4.14/contrib/fixps.in.CVE-2014-0466 2014-04-01 15:35:04.168904356 +0100
+++ a2ps-4.14/contrib/fixps.in 2014-04-01 15:35:36.509060292 +0100
@@ -389,7 +389,7 @@ if test $task != check; then
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi
diff -up a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 a2ps-4.14/contrib/fixps.m4
--- a2ps-4.14/contrib/fixps.m4.CVE-2014-0466 2014-04-01 15:35:06.885917452 +0100
+++ a2ps-4.14/contrib/fixps.m4 2014-04-01 15:35:48.748119336 +0100
@@ -307,7 +307,7 @@ if test $task != check; then
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi

15
SPECS/a2ps.spec
View file

@ -1,7 +1,7 @@
Summary: Converts text and other types of files to PostScript Summary: Converts text and other types of files to PostScript
Name: a2ps Name: a2ps
Version: 4.14 Version: 4.14
Release: 20%{?dist} Release: 23%{?dist}
License: GPLv3+ License: GPLv3+
Group: Applications/Publishing Group: Applications/Publishing
Source0: http://ftp.gnu.org/gnu/a2ps/%{name}-%{version}.tar.gz Source0: http://ftp.gnu.org/gnu/a2ps/%{name}-%{version}.tar.gz
@ -37,6 +37,7 @@ Patch36: a2ps-forward-null.patch
Patch37: a2ps-overrun-dynamic.patch Patch37: a2ps-overrun-dynamic.patch
Patch38: a2ps-overrun-static.patch Patch38: a2ps-overrun-static.patch
Patch39: a2ps-resource-leak.patch Patch39: a2ps-resource-leak.patch
Patch40: a2ps-CVE-2014-0466.patch
Requires: fileutils sh-utils info Requires: fileutils sh-utils info
BuildRequires: gperf BuildRequires: gperf
BuildRequires: emacs, flex, libtool, texinfo, groff BuildRequires: emacs, flex, libtool, texinfo, groff
@ -170,6 +171,9 @@ the emacs-%{name} package to use emacs-%{name} with GNU Emacs.
# Coverity fix (resource-leak). # Coverity fix (resource-leak).
%patch39 -p1 -b .resource-leak %patch39 -p1 -b .resource-leak
# Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082410).
%patch40 -p1 -b .CVE-2014-0466
for file in AUTHORS ChangeLog; do for file in AUTHORS ChangeLog; do
iconv -f latin1 -t UTF-8 < $file > $file.utf8 iconv -f latin1 -t UTF-8 < $file > $file.utf8
touch -c -r $file $file.utf8 touch -c -r $file $file.utf8
@ -309,6 +313,15 @@ exit 0
%{_emacs_sitelispdir}/%{name}/*.el %{_emacs_sitelispdir}/%{name}/*.el
%changelog %changelog
* Tue Apr 1 2014 Tim Waugh <twaugh@redhat.com> - 4.14-23
- Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082410).
* Tue Jan 28 2014 Daniel Mach <dmach@redhat.com> - 4.14-22
- Mass rebuild 2014-01-24
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 4.14-21
- Mass rebuild 2013-12-27
* Tue Apr 30 2013 Tim Waugh <twaugh@redhat.com> - 4.14-20 * Tue Apr 30 2013 Tim Waugh <twaugh@redhat.com> - 4.14-20
- Avoid a bad free in the encoding handling logic (bug #954104). - Avoid a bad free in the encoding handling logic (bug #954104).