From e00c1aed1dbf6343f2914180f898943797586e8c Mon Sep 17 00:00:00 2001
From: Johannes Ranke <jranke@uni-bremen.de>
Date: Tue, 21 Mar 2017 10:37:33 +0100
Subject: Changes for security fix of R 3.2.5 in wheezy-cran3

---
 backport                     |  6 +++---
 wheezy/TALOS-2016-0227.patch | 35 +++++++++++++++++++++++++++++++++++
 wheezy/_reverts_r-base.sh    |  2 ++
 3 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 wheezy/TALOS-2016-0227.patch
 create mode 100644 wheezy/_reverts_r-base.sh

diff --git a/backport b/backport
index ed47e2f..1e067bd 100755
--- a/backport
+++ b/backport
@@ -8,7 +8,7 @@ export ARCH
 # R version against which the software is compiled
 Rversion=3.3.3
 reposversion="cran3"
-iteration=0
+iteration=1
 
 # Where the buildresults should be stored and where to look for current backports
 rcrandir=/home/jranke/svn/website/www/ranke/r-cran
@@ -24,7 +24,7 @@ rcrandir=/home/jranke/svn/website/www/ranke/r-cran
 
 usage()
 {
-echo "Usage: ./backport [options] sourcepackage stretch|jessie"
+echo "Usage: ./backport [options] sourcepackage stretch|jessie|wheezy"
 echo "Options:"
 echo " -k, --keep    Keep copied source package and directory used for package building"
 echo " -s, --skip    Skip apt-get update/upgrade and pbuilder update"
@@ -60,7 +60,7 @@ pkg=$1
 DIST=$2
 
 # Validate distribution argument
-if [ $DIST != "stretch" ] && [ $DIST != "jessie" ]; then usage; exit 1; fi
+if [ $DIST != "stretch" ] && [ $DIST != "jessie" ] && [ $DIST != "wheezy" ]; then usage; exit 1; fi
 export DIST
 
 # Set required r-base-dev version for packages build-depending on R
diff --git a/wheezy/TALOS-2016-0227.patch b/wheezy/TALOS-2016-0227.patch
new file mode 100644
index 0000000..f7bc97e
--- /dev/null
+++ b/wheezy/TALOS-2016-0227.patch
@@ -0,0 +1,35 @@
+Index: src/library/grDevices/src/devPS.c
+===================================================================
+--- src/library/grDevices/src/devPS.c	(Revision 71663)
++++ src/library/grDevices/src/devPS.c	(Revision 71664)
+@@ -513,13 +513,15 @@
+ 	if (!(fp = R_fopen(R_ExpandFileName(buf), "r"))) return 0;
+     }
+     if (GetNextItem(fp, buf, -1, &state)) return 0; /* encoding name */
+-    strcpy(encname, buf+1);
++    strncpy(encname, buf+1, 99); 
++    encname[99] = '\0';
+     if (!isPDF) snprintf(enccode, 5000, "/%s [\n", encname);
+     else enccode[0] = '\0';
+     if (GetNextItem(fp, buf, 0, &state)) { fclose(fp); return 0;} /* [ */
+     for(i = 0; i < 256; i++) {
+ 	if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; }
+-	strcpy(encnames[i].cname, buf+1);
++	strncpy(encnames[i].cname, buf+1, 39);
++        encnames[i].cname[39] = '\0';
+ 	strcat(enccode, " /"); strcat(enccode, encnames[i].cname);
+ 	if(i%8 == 7) strcat(enccode, "\n");
+     }
+Index: src/library/grDevices/src/devPS.c
+===================================================================
+--- src/library/grDevices/src/devPS.c	(Revision 71666)
++++ src/library/grDevices/src/devPS.c	(Revision 71667)
+@@ -521,7 +521,7 @@
+     for(i = 0; i < 256; i++) {
+ 	if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; }
+ 	strncpy(encnames[i].cname, buf+1, 39);
+-        encnames[i].cname[39] = '\0';
++	encnames[i].cname[39] = '\0';
+ 	strcat(enccode, " /"); strcat(enccode, encnames[i].cname);
+ 	if(i%8 == 7) strcat(enccode, "\n");
+     }
diff --git a/wheezy/_reverts_r-base.sh b/wheezy/_reverts_r-base.sh
new file mode 100644
index 0000000..df47c30
--- /dev/null
+++ b/wheezy/_reverts_r-base.sh
@@ -0,0 +1,2 @@
+patch -p0 < ../TALOS-2016-0227.patch
+dch -a "debian/control: Apply upstream commits r71664 and r71667 related to CVE-2016-8714 reported as TALOS-2016-0227"
-- 
cgit v1.2.1