[arch-commits] Commit in a2ps/trunk (4 files)

Allan McRae allan at archlinux.org
Wed May 6 14:39:49 UTC 2020 

    Date: Wednesday, May 6, 2020 @ 14:39:48
  Author: allan
Revision: 382394

upgpkg: a2ps 4.14-9: fix FTBFS, grab a couple of CVE fixes from git

Added:
  a2ps/trunk/CVE-2014-0466.patch
  a2ps/trunk/CVE-2015-8107.patch
  a2ps/trunk/a2ps-texinfo67.patch
Modified:
  a2ps/trunk/PKGBUILD

----------------------+
 CVE-2014-0466.patch  |   25 ++++++++++++++++++
 CVE-2015-8107.patch  |   67 +++++++++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD             |   15 ++++++++--
 a2ps-texinfo67.patch |   38 +++++++++++++++++++++++++++
 4 files changed, 142 insertions(+), 3 deletions(-)

Added: CVE-2014-0466.patch
===================================================================
--- CVE-2014-0466.patch	                        (rev 0)
+++ CVE-2014-0466.patch	2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,25 @@
+From 5ea5ff8bc0094ca1eda0dd0e011d860e994c0a88 Mon Sep 17 00:00:00 2001
+From: David Seifert <soap at gentoo.org>
+Date: Sun, 17 Sep 2017 23:26:32 +0200
+Subject: Add fix for CVE-2014-0466
+
+---
+ contrib/fixps.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/contrib/fixps.in b/contrib/fixps.in
+index 45eeafc..bd6244e 100644
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -393,7 +393,7 @@ if test $task != check; then
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++        $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
+-- 
+cgit v1.2.1
+

Added: CVE-2015-8107.patch
===================================================================
--- CVE-2015-8107.patch	                        (rev 0)
+++ CVE-2015-8107.patch	2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,67 @@
+From 90b876cb480ca9e092490c825663f23909c6173c Mon Sep 17 00:00:00 2001
+From: David Seifert <soap at gentoo.org>
+Date: Sun, 17 Sep 2017 23:31:56 +0200
+Subject: Add fix for CVE-2015-8107
+
+---
+ lib/output.c   | 2 +-
+ lib/parseppd.y | 2 +-
+ lib/psgen.c    | 2 +-
+ src/parsessh.y     | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/output.c b/lib/output.c
+index b0011e1..449df0c 100644
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -518,7 +518,7 @@ output_file (struct output * out, a2ps_job * job,
+ 		     expand_user_string (job, FIRST_FILE (job),
+ 					 (const uchar *) "Expand: requirement",
+ 					 (const uchar *) token));
+-	output (dest, expansion);
++	output (dest, "%s", expansion);
+ 	continue;
+       }
+ 
+diff --git a/lib/parseppd.y b/lib/parseppd.y
+index cb393e2..6e50ecb 100644
+--- a/lib/parseppd.y
++++ b/lib/parseppd.y
+@@ -156,7 +156,7 @@ font_clause :
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, ppdfilename, ppdlineno, msg);
++  error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg);
+ }
+ 
+ /*
+diff --git a/lib/psgen.c b/lib/psgen.c
+index 8738512..1cc3513 100644
+--- a/lib/psgen.c
++++ b/lib/psgen.c
+@@ -221,7 +221,7 @@ output_marker (a2ps_job * job, const char * kind, unsigned char * marker)
+     default:
+       *buf = '\0';
+       ps_escape_char (job, cp[i], buf);
+-      output (jdiv, (char *) buf);
++      output (jdiv, "%s", (char *) buf);
+       break;
+     }
+   }
+diff --git a/src/parsessh.y b/src/parsessh.y
+index 78d2039..b301d87 100644
+--- a/src/parsessh.y
++++ b/src/parsessh.y
+@@ -742,7 +742,7 @@ exception_def_opt:
+ void
+ yyerror (const char *msg)
+ {
+-  error_at_line (1, 0, sshfilename, sshlineno, msg);
++  error_at_line (1, 0, sshfilename, sshlineno, "%s", msg);
+ }
+ 
+ /*
+-- 
+cgit v1.2.1
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-05-06 14:26:13 UTC (rev 382393)
+++ PKGBUILD	2020-05-06 14:39:48 UTC (rev 382394)
@@ -2,7 +2,7 @@
 
 pkgname=a2ps
 pkgver=4.14
-pkgrel=8
+pkgrel=9
 pkgdesc="An Any to PostScript filter"
 arch=('x86_64')
 url="https://www.gnu.org/software/a2ps/"
@@ -14,7 +14,10 @@
         a2ps-4.13c-fnmatch-replacement.patch a2ps-4.13c-emacs.patch
 	a2ps-4.13-manpage-chmod.patch a2ps-4.14-check-mempcpy.patch
 	a2ps-4.14-fix-stpcpy-proto.patch a2ps-texinfo5.patch
-	a2ps-4.13-security.patch)
+	a2ps-4.13-security.patch
+	CVE-2014-0466.patch
+	CVE-2015-8107.patch
+	a2ps-texinfo67.patch)
 sha1sums=('365abbbe4b7128bf70dad16d06e23c5701874852'
           'SKIP'
           '8783952d3410d8d59ed953e1db45e2ef1a0b8f65'
@@ -23,7 +26,10 @@
           '6aed29c1399e79f3914b408059610f9e7c0fc38e'
           '58fa90134f1027e3f05aeb08212cbcc10f420738'
           '81269db9dd29685b0ece2539070ced3f7a8472df'
-          '93a4db17edfaa99e3498c7d952c560dab49dbe42')
+          '93a4db17edfaa99e3498c7d952c560dab49dbe42'
+          '0a04f4c145d3aef8f3c7537eb00cb4040c7209c9'
+          '08c51a9361eaefe76af61b70392fa5ac1c4356c7'
+          'f54b6b319a5c134e0ee9be8dc9c8f80a65dc98d6')
 validpgpkeys=('6EB39358D8328FE3CDC903A8CB6FA340E7075A54')
 
 prepare() {
@@ -39,6 +45,9 @@
   patch -p0 -i "${srcdir}/a2ps-4.14-fix-stpcpy-proto.patch"
   patch -p1 -i "${srcdir}/a2ps-texinfo5.patch"
   patch -p1 -i "${srcdir}/a2ps-4.13-security.patch"
+  patch -p1 -i "${srcdir}/CVE-2014-0466.patch"
+  patch -p1 -i "${srcdir}/CVE-2015-8107.patch"
+  patch -p1 -i "${srcdir}/a2ps-texinfo67.patch"
 }
 
 build() {

Added: a2ps-texinfo67.patch
===================================================================
--- a2ps-texinfo67.patch	                        (rev 0)
+++ a2ps-texinfo67.patch	2020-05-06 14:39:48 UTC (rev 382394)
@@ -0,0 +1,38 @@
+The patchs fixes build failure against texinfo-6.7+:
+```
+Malformed UTF-8 character: \xcb\xeb (unexpected non-continuation byte 0xeb, immediately after start byte 0xcb;
+need 2 bytes, got 1) in pattern match (m//) at /usr/share/texinfo/Texinfo/ParserNonXS.pm line 3364.
+Malformed UTF-8 character (fatal) at /usr/share/texinfo/Texinfo/ParserNonXS.pm line 3364.
+make[2]: *** [Makefile:472: a2ps.info] Error 25
+```
+
+Fixed-by: Neil Bothwick
+--- a/doc/a2ps.texi	2019-11-24 18:51:07.000000000 +0000
++++ a/doc/a2ps.texi	2019-11-24 18:56:30.390438433 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo @c -*- texinfo -*-
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename a2ps.info
+ @settitle General Purpose PostScript Generating Utility
+ @c @setchapternewpage odd
+
+--- a/doc/regex.texi	2002-03-04 18:46:24.000000000 +0000
++++ a/doc/regex.texi	2019-11-24 18:56:42.861052598 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename regex.info
+ @settitle Regex
+ @c %**end of header
+
+--- a/ogonkify/doc/ogonkify.texi	2007-12-29 02:09:38.000000000 +0000
++++ a/ogonkify/doc/ogonkify.texi	2019-11-24 18:57:03.173424149 +0000
+@@ -1,5 +1,6 @@
+ \input texinfo   @c -*-texinfo-*-
+ @c %**start of header
++ at documentencoding ISO-8859-1
+ @setfilename ogonkify.info
+ @settitle Ogonkify
+ @setchapternewpage off

More information about the arch-commits mailing list