commit a2ps for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package a2ps for openSUSE:Factory checked in 
at 2015-11-26 17:03:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/a2ps (Old)
 and      /work/SRC/openSUSE:Factory/.a2ps.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "a2ps"

Changes:
--------
--- /work/SRC/openSUSE:Factory/a2ps/a2ps.changes        2015-05-25 
11:15:07.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.a2ps.new/a2ps.changes   2015-11-26 
17:03:53.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Nov 16 15:05:43 UTC 2015 - wer...@suse.de
+
+- Add patch a2ps-4.14-bnc955194.patch to fix format string
+  vulnerability (bnc#955194)
+
+-------------------------------------------------------------------

New:
----
  a2ps-4.14-bnc955194.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ a2ps.spec ++++++
--- /var/tmp/diff_new_pack.rq16x4/_old  2015-11-26 17:03:55.000000000 +0100
+++ /var/tmp/diff_new_pack.rq16x4/_new  2015-11-26 17:03:55.000000000 +0100
@@ -44,6 +44,8 @@
 # PATCH-FIX-USTREAM Bug 871097 - CVE-2014-0466: a2ps: fixps does not use 
-dSAFER
 Patch14:        CVE-2014-0466.diff
 Patch15:        a2ps-4.14-gperf.patch
+# PATCH-FIX-SUSE Bug 955194 - CVE-2015-8107: CVE-2015-8107 - a2ps(gnu) v4.14 
format string vulnerability
+Patch16:        a2ps-4.14-bnc955194.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  emacs-nox
@@ -120,6 +122,7 @@
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p0
 %patch0    -b .p0
 cp -f %{SOURCE3} po/ko.po
 find -type f | grep -vE '(parseppd|parsessh).y' | xargs \

++++++ a2ps-4.14-bnc955194.patch ++++++
>From seclists.org/oss-sec/2015/q4/284
CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability

Be aware that if compiled with -D_FORTIFY_SOURCE=2 the a2ps
does abort with

  a2ps --prologue=exploit /etc/hosts -o /dev/null
  *** %n in writable segment detected ***
  Abort

Also the explpoit has to be installed as a pro file in the
appropiate system paths or $HOME/.a2ps of the attacked user.

---
 lib/output.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- lib/output.c
+++ lib/output.c        2015-11-16 15:01:23.414079544 +0000
@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
                     expand_user_string (job, FIRST_FILE (job),
                                         (const uchar *) "Expand: requirement",
                                         (const uchar *) token));
-       output (dest, expansion);
+       output (dest, "%s", expansion);
        continue;
       }