CVS commit: [pkgsrc-2017Q1] pkgsrc/print/a2ps

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Apr 27 18:26:21 UTC 2017

Modified Files:
        pkgsrc/print/a2ps [pkgsrc-2017Q1]: Makefile distinfo
Added Files:
        pkgsrc/print/a2ps/patches [pkgsrc-2017Q1]: patch-CVE-2015-8107

Log Message:
Pullup ticket #5370 - requested by sevan
print/a2ps: security fix

Revisions pulled up:
- print/a2ps/Makefile                                           1.83
- print/a2ps/distinfo                                           1.17
- print/a2ps/patches/patch-CVE-2015-8107                        1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Tue Apr 25 22:19:20 UTC 2017

   Modified Files:
           pkgsrc/print/a2ps: Makefile distinfo
   Added Files:
           pkgsrc/print/a2ps/patches: patch-CVE-2015-8107

   Log Message:
   Patch for CVE-2015-8107 from http://seclists.org/oss-sec/2015/q4/284


To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.82.2.1 pkgsrc/print/a2ps/Makefile
cvs rdiff -u -r1.16 -r1.16.12.1 pkgsrc/print/a2ps/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/print/a2ps/patches/patch-CVE-2015-8107

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/print/a2ps/Makefile
diff -u pkgsrc/print/a2ps/Makefile:1.82 pkgsrc/print/a2ps/Makefile:1.82.2.1
--- pkgsrc/print/a2ps/Makefile:1.82     Thu Jan 19 18:52:22 2017
+++ pkgsrc/print/a2ps/Makefile  Thu Apr 27 18:26:21 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2017/01/19 18:52:22 agc Exp $
+# $NetBSD: Makefile,v 1.82.2.1 2017/04/27 18:26:21 bsiegert Exp $
 
 DISTNAME=              a2ps-4.14
-PKGREVISION=           9
+PKGREVISION=           10
 CATEGORIES=            print
 MASTER_SITES=          ${MASTER_SITE_GNU:=a2ps/}
 MASTER_SITES+=         ftp://ftp.enst.fr/pub/unix/a2ps/

Index: pkgsrc/print/a2ps/distinfo
diff -u pkgsrc/print/a2ps/distinfo:1.16 pkgsrc/print/a2ps/distinfo:1.16.12.1
--- pkgsrc/print/a2ps/distinfo:1.16     Wed Nov  4 01:01:30 2015
+++ pkgsrc/print/a2ps/distinfo  Thu Apr 27 18:26:21 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2015/11/04 01:01:30 agc Exp $
+$NetBSD: distinfo,v 1.16.12.1 2017/04/27 18:26:21 bsiegert Exp $
 
 SHA1 (a2ps-4.14.tar.gz) = 365abbbe4b7128bf70dad16d06e23c5701874852
 RMD160 (a2ps-4.14.tar.gz) = a5105d6256a809483e099519325979aaaff7219e
@@ -8,6 +8,7 @@ SHA1 (patch-CVE-2001-1593_1) = d0ce81124
 SHA1 (patch-CVE-2001-1593_2) = f3a40104b0c510480ce5107a8acf2924d4ef5974
 SHA1 (patch-CVE-2014-0466_1) = fa77ad336e307678e0c649e049b57d1fbc8c492f
 SHA1 (patch-CVE-2014-0466_2) = 1abc6d26bdf03d859cec53afc3f5c363942d9385
+SHA1 (patch-CVE-2015-8107) = 404b291b0c22b67aa4310f86e5aadea5160d1ea7
 SHA1 (patch-aa) = 6317b6abca697388538fc705037da55379a4e1e1
 SHA1 (patch-ab) = 7b1f1e3ed2af47e7d9864ec2dbcd7d105f93632a
 SHA1 (patch-ac) = 8e09c4c3b320b58bf12c4266d4d22977b5f9b826

Added files:

Index: pkgsrc/print/a2ps/patches/patch-CVE-2015-8107
diff -u /dev/null pkgsrc/print/a2ps/patches/patch-CVE-2015-8107:1.1.2.2
--- /dev/null   Thu Apr 27 18:26:21 2017
+++ pkgsrc/print/a2ps/patches/patch-CVE-2015-8107       Thu Apr 27 18:26:21 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2015-8107,v 1.1.2.2 2017/04/27 18:26:21 bsiegert Exp $
+
+Patch for CVE-2015-8107 from http://seclists.org/oss-sec/2015/q4/284
+
+
+--- lib/output.c.orig  2017-04-25 21:23:33.908698400 +0000
++++ lib/output.c
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
+                    expand_user_string (job, FIRST_FILE (job),
+                                        (const uchar *) "Expand: requirement",
+                                        (const uchar *) token));
+-      output (dest, expansion);
++      output (dest, "%s", expansion);
+       continue;
+       }
+