summary refs log tree commit diff
path: root/gnu/packages/patches/a2ps-CVE-2014-0466.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/a2ps-CVE-2014-0466.patch')
-rw-r--r--gnu/packages/patches/a2ps-CVE-2014-0466.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/a2ps-CVE-2014-0466.patch b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
new file mode 100644
index 0000000000..85199e35b0
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
@@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi
+--- a/contrib/fixps.m4
++++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+   	eval "$command" ;;
+       gs)
+         $verbose "$program: making a full rewrite of the file ($gs)." >&2
+-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+     esac
+   )
+ fi