From e00c1aed1dbf6343f2914180f898943797586e8c Mon Sep 17 00:00:00 2001 From: Johannes Ranke Date: Tue, 21 Mar 2017 10:37:33 +0100 Subject: Changes for security fix of R 3.2.5 in wheezy-cran3 --- backport | 6 +++--- wheezy/TALOS-2016-0227.patch | 35 +++++++++++++++++++++++++++++++++++ wheezy/_reverts_r-base.sh | 2 ++ 3 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 wheezy/TALOS-2016-0227.patch create mode 100644 wheezy/_reverts_r-base.sh diff --git a/backport b/backport index ed47e2f..1e067bd 100755 --- a/backport +++ b/backport @@ -8,7 +8,7 @@ export ARCH # R version against which the software is compiled Rversion=3.3.3 reposversion="cran3" -iteration=0 +iteration=1 # Where the buildresults should be stored and where to look for current backports rcrandir=/home/jranke/svn/website/www/ranke/r-cran @@ -24,7 +24,7 @@ rcrandir=/home/jranke/svn/website/www/ranke/r-cran usage() { -echo "Usage: ./backport [options] sourcepackage stretch|jessie" +echo "Usage: ./backport [options] sourcepackage stretch|jessie|wheezy" echo "Options:" echo " -k, --keep Keep copied source package and directory used for package building" echo " -s, --skip Skip apt-get update/upgrade and pbuilder update" @@ -60,7 +60,7 @@ pkg=$1 DIST=$2 # Validate distribution argument -if [ $DIST != "stretch" ] && [ $DIST != "jessie" ]; then usage; exit 1; fi +if [ $DIST != "stretch" ] && [ $DIST != "jessie" ] && [ $DIST != "wheezy" ]; then usage; exit 1; fi export DIST # Set required r-base-dev version for packages build-depending on R diff --git a/wheezy/TALOS-2016-0227.patch b/wheezy/TALOS-2016-0227.patch new file mode 100644 index 0000000..f7bc97e --- /dev/null +++ b/wheezy/TALOS-2016-0227.patch @@ -0,0 +1,35 @@ +Index: src/library/grDevices/src/devPS.c +=================================================================== +--- src/library/grDevices/src/devPS.c (Revision 71663) ++++ src/library/grDevices/src/devPS.c (Revision 71664) +@@ -513,13 +513,15 @@ + if (!(fp = R_fopen(R_ExpandFileName(buf), "r"))) return 0; + } + if (GetNextItem(fp, buf, -1, &state)) return 0; /* encoding name */ +- strcpy(encname, buf+1); ++ strncpy(encname, buf+1, 99); ++ encname[99] = '\0'; + if (!isPDF) snprintf(enccode, 5000, "/%s [\n", encname); + else enccode[0] = '\0'; + if (GetNextItem(fp, buf, 0, &state)) { fclose(fp); return 0;} /* [ */ + for(i = 0; i < 256; i++) { + if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; } +- strcpy(encnames[i].cname, buf+1); ++ strncpy(encnames[i].cname, buf+1, 39); ++ encnames[i].cname[39] = '\0'; + strcat(enccode, " /"); strcat(enccode, encnames[i].cname); + if(i%8 == 7) strcat(enccode, "\n"); + } +Index: src/library/grDevices/src/devPS.c +=================================================================== +--- src/library/grDevices/src/devPS.c (Revision 71666) ++++ src/library/grDevices/src/devPS.c (Revision 71667) +@@ -521,7 +521,7 @@ + for(i = 0; i < 256; i++) { + if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; } + strncpy(encnames[i].cname, buf+1, 39); +- encnames[i].cname[39] = '\0'; ++ encnames[i].cname[39] = '\0'; + strcat(enccode, " /"); strcat(enccode, encnames[i].cname); + if(i%8 == 7) strcat(enccode, "\n"); + } diff --git a/wheezy/_reverts_r-base.sh b/wheezy/_reverts_r-base.sh new file mode 100644 index 0000000..df47c30 --- /dev/null +++ b/wheezy/_reverts_r-base.sh @@ -0,0 +1,2 @@ +patch -p0 < ../TALOS-2016-0227.patch +dch -a "debian/control: Apply upstream commits r71664 and r71667 related to CVE-2016-8714 reported as TALOS-2016-0227" -- cgit v1.2.1