Mon Apr 14 14:47:45 2014 UTC ()

Pullup ticket #4372 - requested by taca
print/a2ps: security patch

Revisions pulled up:
- print/a2ps/Makefile                                           1.77
- print/a2ps/distinfo                                           1.15
- print/a2ps/patches/patch-CVE-2014-0466_1                      1.1
- print/a2ps/patches/patch-CVE-2014-0466_2                      1.1

---
   Module Name:	pkgsrc
   Committed By:	tez
   Date:		Tue Apr  8 19:32:11 UTC 2014

   Modified Files:
   	pkgsrc/print/a2ps: Makefile distinfo
   Added Files:
   	pkgsrc/print/a2ps/patches: patch-CVE-2014-0466_1 patch-CVE-2014-0466_2

   Log Message:
   Add fix for CVE-2014-0466 from
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902


(tron)

diff -r1.76 -r1.76.2.1 pkgsrc/print/a2ps/Makefile
diff -r1.14 -r1.14.2.1 pkgsrc/print/a2ps/distinfo
diff -r0 -r1.1.2.2 pkgsrc/print/a2ps/patches/patch-CVE-2014-0466_1
diff -r0 -r1.1.2.2 pkgsrc/print/a2ps/patches/patch-CVE-2014-0466_2

--- pkgsrc/print/a2ps/Makefile 2014/02/05 17:20:31 1.76
+++ pkgsrc/print/a2ps/Makefile 2014/04/14 14:47:45 1.76.2.1

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.76 2014/02/05 17:20:31 drochner Exp $
+# $NetBSD: Makefile,v 1.76.2.1 2014/04/14 14:47:45 tron Exp $
 DISTNAME=		a2ps-4.14
-PKGREVISION=		5
+PKGREVISION=		6
 CATEGORIES=		print
 MASTER_SITES=		${MASTER_SITE_GNU:=a2ps/} \
 			ftp://ftp.enst.fr/pub/unix/a2ps/
 MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www-inf.enst.fr/~demaille/a2ps/
 COMMENT=		Formats an ascii file for printing on a postscript printer
 DEPENDS+=		psutils>=1.17:../../print/psutils
 STRIP=			# empty
 USE_LIBTOOL=		yes

--- pkgsrc/print/a2ps/distinfo 2014/02/05 17:20:31 1.14
+++ pkgsrc/print/a2ps/distinfo 2014/04/14 14:47:45 1.14.2.1

 @@ -1,11 +1,13 @@
-$NetBSD: distinfo,v 1.14 2014/02/05 17:20:31 drochner Exp $
+$NetBSD: distinfo,v 1.14.2.1 2014/04/14 14:47:45 tron Exp $
 SHA1 (a2ps-4.14.tar.gz) = 365abbbe4b7128bf70dad16d06e23c5701874852
 RMD160 (a2ps-4.14.tar.gz) = a5105d6256a809483e099519325979aaaff7219e
 Size (a2ps-4.14.tar.gz) = 2552507 bytes
 SHA1 (patch-CVE-2001-1593_1) = d0ce811248c33c5df6952f84176c2901ca4bd176
 SHA1 (patch-CVE-2001-1593_2) = f3a40104b0c510480ce5107a8acf2924d4ef5974
 SHA1 (patch-CVE-2014-0466_1) = fa77ad336e307678e0c649e049b57d1fbc8c492f
 SHA1 (patch-CVE-2014-0466_2) = 1abc6d26bdf03d859cec53afc3f5c363942d9385
 SHA1 (patch-aa) = 6317b6abca697388538fc705037da55379a4e1e1
 SHA1 (patch-ab) = 7b1f1e3ed2af47e7d9864ec2dbcd7d105f93632a
 SHA1 (patch-ac) = 8e09c4c3b320b58bf12c4266d4d22977b5f9b826
 SHA1 (patch-lib_path-concat.c) = b345a7b16559315223dcbb182e92feccca7e6e2f

$NetBSD: patch-CVE-2014-0466_1,v 1.1.2.2 2014/04/14 14:47:45 tron Exp $

Fix for CVE-2014-0466 from
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902


--- contrib/fixps.in
+++ contrib/fixps.in
@@ -389,7 +389,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi

$NetBSD: patch-CVE-2014-0466_2,v 1.1.2.2 2014/04/14 14:47:45 tron Exp $

Fix for CVE-2014-0466 from
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902


--- contrib/fixps.m4
+++ contrib/fixps.m4
@@ -307,7 +307,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi