summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/a2ps-CVE-2014-0466.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/a2ps-CVE-2014-0466.patch')
-rw-r--r--gnu/packages/patches/a2ps-CVE-2014-0466.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/a2ps-CVE-2014-0466.patch b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
new file mode 100644
index 0000000000..85199e35b0
--- /dev/null
+++ b/gnu/packages/patches/a2ps-CVE-2014-0466.patch
@@ -0,0 +1,30 @@
+Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
+ A malicious PostScript file could delete files with the privileges of
+ the invoking user.
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/742902
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-03-28
+
+--- a/contrib/fixps.in
++++ b/contrib/fixps.in
+@@ -389,7 +389,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ esac
+ )
+ fi
+--- a/contrib/fixps.m4
++++ b/contrib/fixps.m4
+@@ -307,7 +307,7 @@
+ eval "$command" ;;
+ gs)
+ $verbose "$program: making a full rewrite of the file ($gs)." >&2
+- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
++ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ esac
+ )
+ fi