ae69000001
* arduino and antiword is kept at -Np0
```sh
git grep -l '^patch_args=-Np0' "srcpkgs/$1*/template" |
while read template; do
for p in ${template%/template}/patches/*; do
sed -i '
\,^[+-][+-][+-] /dev/null,b
/^[*-]\+ [0-9]\+\(,[0-9]\+\)\? [*-]\+$/b
s,^[*][*][*] ,&a/,
/^--- /{
s,\(^--- \)\(./\)*,\1a/,
s,[.][Oo][Rr][Ii][Gg]\([ /]\),\1,
s/[.][Oo][Rr][Ii][Gg]$//
s/[.]patched[.]\([^.]\)/.\1/
h
}
/^+++ -/{
g
s/^--- a/+++ b/
b
}
s,\(^+++ \)\(./\)*,\1b/,
' "$p"
done
sed -i '/^patch_args=/d' $template
done
```
30 lines
1 KiB
Diff
30 lines
1 KiB
Diff
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
|
|
A malicious PostScript file could delete files with the privileges of
|
|
the invoking user.
|
|
Origin: vendor
|
|
Bug-Debian: http://bugs.debian.org/742902
|
|
Author: Salvatore Bonaccorso <carnil@debian.org>
|
|
Last-Update: 2014-03-28
|
|
|
|
--- a/contrib/fixps.in
|
|
+++ b/contrib/fixps.in
|
|
@@ -389,7 +389,7 @@
|
|
eval "$command" ;;
|
|
gs)
|
|
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
|
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
|
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
|
esac
|
|
)
|
|
fi
|
|
--- a/contrib/fixps.m4
|
|
+++ b/contrib/fixps.m4
|
|
@@ -307,7 +307,7 @@
|
|
eval "$command" ;;
|
|
gs)
|
|
$verbose "$program: making a full rewrite of the file ($gs)." >&2
|
|
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
|
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
|
|
esac
|
|
)
|
|
fi
|