[Frugalware-git] frugalware-0.9: enscript-1.6.4-5solaria1-i686

[Miklos Vajna]

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.9.git;a=commitdiff;h=ec761cdd6ab8be9458d803965967597a05df17e6

commit ec761cdd6ab8be9458d803965967597a05df17e6
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Tue Mar 10 12:39:30 2009 +0100

enscript-1.6.4-5solaria1-i686

- add CVE-2008-3863.patch
- closes #3404
(cherry picked from commit 2bab0d4e15900b17b17fd6f07ca08855aa2110b3)

diff --git a/source/apps/enscript/CVE-2008-3863.patch 
b/source/apps/enscript/CVE-2008-3863.patch
new file mode 100644
index 0000000..57bdc91
--- /dev/null
+++ b/source/apps/enscript/CVE-2008-3863.patch
@@ -0,0 +1,53 @@
+Index: enscript-1.6.4/src/psgen.c
+===================================================================
+--- enscript-1.6.4.orig/src/psgen.c    2008-10-28 12:36:22.000000000 -0700
++++ enscript-1.6.4/src/psgen.c 2008-10-28 12:37:43.000000000 -0700
+@@ -978,6 +978,9 @@
+                       FATAL ((stderr,
+                               _("user font encoding can be only the system's 
default or `ps'")));
+
++                    if (strlen(token.u.font.name) >= sizeof (user_font_name))
++                      FATAL ((stderr,
++                              _("user font name too long: %s"), 
token.u.font.name));
+                     strcpy (user_font_name, token.u.font.name);
+                     user_font_pt.w = token.u.font.size.w;
+                     user_font_pt.h = token.u.font.size.h;
+@@ -1444,7 +1447,7 @@
+         buf[i] = ch;
+         if (i + 1 >= sizeof (buf))
+           FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
+-                  escapes[i].name, i, buf));
++                  escapes[e].name, i, buf));
+       }
+       buf[i] = '\0';
+
+@@ -1452,6 +1455,9 @@
+       switch (escapes[e].escape)
+       {
+       case ESC_FONT:
++        if (strlen(buf) >= sizeof (token->u.font.name))
++          FATAL ((stderr, _("too long font name for font escape:\n%s"),
++                  buf));
+         strcpy (token->u.font.name, buf);
+
+         /* Check for the default font. */
+@@ -1465,6 +1471,9 @@
+               FATAL ((stderr, _("malformed font spec for ^...@font escape: 
%s"),
+                       token->u.font.name));
+
++            if (strlen(cp) >= sizeof (token->u.font.name))
++               FATAL ((stderr, _("too long font spec for font escape:\n%s"),
++                  cp));
+             strcpy (token->u.font.name, cp);
+             xfree (cp);
+           }
+@@ -1544,6 +1553,9 @@
+         break;
+
+       case ESC_SETFILENAME:
++        if (strlen(buf) >= sizeof (token->u.filename))
++          FATAL ((stderr, _("too long file name for setfilename escape:\n%s"),
++                  buf));
+         strcpy (token->u.filename, buf);
+         token->type = tSETFILENAME;
+         break;
diff --git a/source/apps/enscript/FrugalBuild b/source/apps/enscript/FrugalBuild
index 380a83d..bd201f2 100644
--- a/source/apps/enscript/FrugalBuild
+++ b/source/apps/enscript/FrugalBuild
@@ -3,17 +3,19 @@

pkgname=enscript
pkgver=1.6.4
-pkgrel=4
+pkgrel=5solaria1
pkgdesc="Converts text files to PostScript"
url="http://www.codento.com/people/mtr/genscript/";
depends=('glibc')
groups=('apps')
archs=('i686' 'x86_64')
up2date="lynx -dump $url|grep tar.gz$|sed 's/.*-\(.*\)\.t.*/\1/;q'"
-source=($url/$pkgname-$pkgver.tar.gz)
-sha1sums=('9dd7128a508d4c9671659b9520028d12add50cfa')
+source=($url/$pkgname-$pkgver.tar.gz CVE-2008-3863.patch)
+sha1sums=('9dd7128a508d4c9671659b9520028d12add50cfa' \
+          '912ba3b0254b4fa05dbfff1ac6d7be2e70a45b60')

build() {
+       Fpatchall
Fmake --sysconfdir=/etc/enscript
make prefix=$Fdestdir/usr sysconfdir=$Fdestdir/etc/enscript install || Fdie
}
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git