SECURITY fix for CVE-2015-8107:

http://www.openwall.com/lists/oss-security/2015/11/16/4
2015-11-17 08:38:52 +00:00 · 2015-11-17 08:38:52 +00:00 · 5c3346e489
commit 5c3346e489
parent 630f72ccfc
2 changed files with 18 additions and 2 deletions
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.59 2015/04/06 21:05:07 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.60 2015/11/17 08:38:52 ajacoutot Exp $

 COMMENT=	format files for printing on PostScript printers

 DISTNAME=	a2ps-4.14
-REVISION=	10
+REVISION=	11

 SHARED_LIBS +=  a2ps                 2.0      # 2.0

--- a/print/a2ps/patches/patch-lib_output_c
+++ b/print/a2ps/patches/patch-lib_output_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-lib_output_c,v 1.1 2015/11/17 08:38:52 ajacoutot Exp $
+
+Fix for CVE-2015-8107:
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+
+--- lib/output.c.orig	Sat Dec 29 02:58:21 2007
+++ lib/output.c	Tue Nov 17 09:36:23 2015
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_job * job,
+ 		     expand_user_string (job, FIRST_FILE (job),
+ 					 (const uchar *) "Expand: requirement",
+ 					 (const uchar *) token));
+-	output (dest, expansion);
+	output (dest, "%s", expansion);
+ 	continue;
+       }
+