- fix for malicious crafted a2ps prologue files

Security: CVE-2015-8107 Security: http://www.openwall.com/lists/oss-security/2015/11/16/4 Submitted by: feld Obtained from: http://www.openwall.com/
author: Dirk Meyer <dinoex@FreeBSD.org> 2015-11-16 18:38:56 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2015-11-16 18:38:56 +0000
commit: 0543d3e32afc12a739ec870c0a90c1b4e9689d29 (patch)
tree: fbf2979cee86170e692147b193cc3c3704954d03 /print
parent: 05366ca4c19fcbd267a1e0285b012eb27b75fe24 (diff)
download: freebsd-ports-0543d3e32afc12a739ec870c0a90c1b4e9689d29.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/print/a2ps/files/patch-output.c b/print/a2ps/files/patch-output.c
new file mode 100644
index 000000000000..691d2d15dc5d
--- /dev/null
+++ b/print/a2ps/files/patch-output.c
@@ -0,0 +1,13 @@
+Fix for CVE-2015-8107
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+--- lib/output.c.orig  2015-11-16 15:29:38 UTC
++++ lib/output.c
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
+                    expand_user_string (job, FIRST_FILE (job),
+                                        (const uchar *) "Expand: requirement",
+                                        (const uchar *) token));
+-      output (dest, expansion);
++      output (dest, "%s", expansion);
+       continue;
+       }
+
author	Dirk Meyer <dinoex@FreeBSD.org>	2015-11-16 18:38:56 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2015-11-16 18:38:56 +0000
commit	0543d3e32afc12a739ec870c0a90c1b4e9689d29 (patch)
tree	fbf2979cee86170e692147b193cc3c3704954d03 /print
parent	05366ca4c19fcbd267a1e0285b012eb27b75fe24 (diff)
download	freebsd-ports-0543d3e32afc12a739ec870c0a90c1b4e9689d29.zip