[arch-commits] Commit in a2ps/trunk (4 files)
Allan McRae
allan at archlinux.org
Wed May 6 14:39:49 UTC 2020
Date: Wednesday, May 6, 2020 @ 14:39:48
Author: allan
Revision: 382394
upgpkg: a2ps 4.14-9: fix FTBFS, grab a couple of CVE fixes from git
Added:
a2ps/trunk/CVE-2014-0466.patch
a2ps/trunk/CVE-2015-8107.patch
a2ps/trunk/a2ps-texinfo67.patch
Modified:
a2ps/trunk/PKGBUILD
----------------------+
CVE-2014-0466.patch | 25 ++++++++++++++++++
CVE-2015-8107.patch | 67 +++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 15 ++++++++--
a2ps-texinfo67.patch | 38 +++++++++++++++++++++++++++
4 files changed, 142 insertions(+), 3 deletions(-)
Added: CVE-2014-0466.patch
===================================================================
--- CVE-2014-0466.patch (rev 0)
+++ CVE-2014-0466.patch 2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,25 @@
+From 5ea5ff8bc0094ca1eda0dd0e011d860e994c0a88 Mon Sep 17 00:00:00 2001
+From: David Seifert <soap at gentoo.org>
+Date: Sun, 17 Sep 2017 23:26:32 +0200
+Subject: Add fix for CVE-2014-0466
+
+---
+ contrib/fixps.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/fixps.in b/contrib/fixps.in
+index 45eeafc..bd6244e 100644
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -393,7 +393,7 @@ if test $task != check; then
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ esac
+ )
+ fi
+--
+cgit v1.2.1
+
Added: CVE-2015-8107.patch
===================================================================
--- CVE-2015-8107.patch (rev 0)
+++ CVE-2015-8107.patch 2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,67 @@
+From 90b876cb480ca9e092490c825663f23909c6173c Mon Sep 17 00:00:00 2001
+From: David Seifert <soap at gentoo.org>
+Date: Sun, 17 Sep 2017 23:31:56 +0200
+Subject: Add fix for CVE-2015-8107
+
+---
+ lib/output.c | 2 +-
+ lib/parseppd.y | 2 +-
+ lib/psgen.c | 2 +-
+ src/parsessh.y | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/output.c b/lib/output.c
+index b0011e1..449df0c 100644
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -518,7 +518,7 @@ output_file (struct output * out, a2ps_job * job,
+ expand_user_string (job, FIRST_FILE (job),
+ (const uchar *) "Expand: requirement",
+ (const uchar *) token));
+- output (dest, expansion);
++ output (dest, "%s", expansion);
+ continue;
+ }
+
+diff --git a/lib/parseppd.y b/lib/parseppd.y
+index cb393e2..6e50ecb 100644
+--- a/lib/parseppd.y
++++ b/lib/parseppd.y
+@@ -156,7 +156,7 @@ font_clause :
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+
+ /*
+diff --git a/lib/psgen.c b/lib/psgen.c
+index 8738512..1cc3513 100644
+--- a/lib/psgen.c
++++ b/lib/psgen.c
+@@ -221,7 +221,7 @@ output_marker (a2ps_job * job, const char * kind, unsigned char * marker)
+ default:
+ *buf = '\0';
+ ps_escape_char (job, cp[i], buf);
+- output (jdiv, (char *) buf);
++ output (jdiv, "%s", (char *) buf);
+ break;
+ }
+ }
+diff --git a/src/parsessh.y b/src/parsessh.y
+index 78d2039..b301d87 100644
+--- a/src/parsessh.y
++++ b/src/parsessh.y
+@@ -742,7 +742,7 @@ exception_def_opt:
+ void
+ yyerror (const char *msg)
+ {
+- error_at_line (1, 0, sshfilename, sshlineno, msg);
++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+
+ /*
+--
+cgit v1.2.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-05-06 14:26:13 UTC (rev 382393)
+++ PKGBUILD 2020-05-06 14:39:48 UTC (rev 382394)
@@ -2,7 +2,7 @@
pkgname=a2ps
pkgver=4.14
-pkgrel=8
+pkgrel=9
pkgdesc="An Any to PostScript filter"
arch=('x86_64')
url="https://www.gnu.org/software/a2ps/"
@@ -14,7 +14,10 @@
a2ps-4.13c-fnmatch-replacement.patch a2ps-4.13c-emacs.patch
a2ps-4.13-manpage-chmod.patch a2ps-4.14-check-mempcpy.patch
a2ps-4.14-fix-stpcpy-proto.patch a2ps-texinfo5.patch
- a2ps-4.13-security.patch)
+ a2ps-4.13-security.patch
+ CVE-2014-0466.patch
+ CVE-2015-8107.patch
+ a2ps-texinfo67.patch)
sha1sums=('365abbbe4b7128bf70dad16d06e23c5701874852'
'SKIP'
'8783952d3410d8d59ed953e1db45e2ef1a0b8f65'
@@ -23,7 +26,10 @@
'6aed29c1399e79f3914b408059610f9e7c0fc38e'
'58fa90134f1027e3f05aeb08212cbcc10f420738'
'81269db9dd29685b0ece2539070ced3f7a8472df'
- '93a4db17edfaa99e3498c7d952c560dab49dbe42')
+ '93a4db17edfaa99e3498c7d952c560dab49dbe42'
+ '0a04f4c145d3aef8f3c7537eb00cb4040c7209c9'
+ '08c51a9361eaefe76af61b70392fa5ac1c4356c7'
+ 'f54b6b319a5c134e0ee9be8dc9c8f80a65dc98d6')
validpgpkeys=('6EB39358D8328FE3CDC903A8CB6FA340E7075A54')
prepare() {
@@ -39,6 +45,9 @@
patch -p0 -i "${srcdir}/a2ps-4.14-fix-stpcpy-proto.patch"
patch -p1 -i "${srcdir}/a2ps-texinfo5.patch"
patch -p1 -i "${srcdir}/a2ps-4.13-security.patch"
+ patch -p1 -i "${srcdir}/CVE-2014-0466.patch"
+ patch -p1 -i "${srcdir}/CVE-2015-8107.patch"
+ patch -p1 -i "${srcdir}/a2ps-texinfo67.patch"
}
build() {
Added: a2ps-texinfo67.patch
===================================================================
--- a2ps-texinfo67.patch (rev 0)
+++ a2ps-texinfo67.patch 2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,38 @@
+The patchs fixes build failure against texinfo-6.7+:
+```
+Malformed UTF-8 character: \xcb\xeb (unexpected non-continuation byte 0xeb, immediately after start byte 0xcb;
+need 2 bytes, got 1) in pattern match (m//) at /usr/share/texinfo/Texinfo/ParserNonXS.pm line 3364.
+Malformed UTF-8 character (fatal) at /usr/share/texinfo/Texinfo/ParserNonXS.pm line 3364.
+make[2]: *** [Makefile:472: a2ps.info] Error 25
+```
+
+Fixed-by: Neil Bothwick
+--- a/doc/a2ps.texi 2019-11-24 18:51:07.000000000 +0000
++++ a/doc/a2ps.texi 2019-11-24 18:56:30.390438433 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo @c -*- texinfo -*-
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename a2ps.info
+ @settitle General Purpose PostScript Generating Utility
+ @c @setchapternewpage odd
+
+--- a/doc/regex.texi 2002-03-04 18:46:24.000000000 +0000
++++ a/doc/regex.texi 2019-11-24 18:56:42.861052598 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename regex.info
+ @settitle Regex
+ @c %**end of header
+
+--- a/ogonkify/doc/ogonkify.texi 2007-12-29 02:09:38.000000000 +0000
++++ a/ogonkify/doc/ogonkify.texi 2019-11-24 18:57:03.173424149 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo @c -*-texinfo-*-
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename ogonkify.info
+ @settitle Ogonkify
+ @setchapternewpage off
More information about the arch-commits
mailing list