From 0bc38fb8a52d36532fc56a36943b41586d5b1d2a Mon Sep 17 00:00:00 2001
From: dinoex <dinoex@FreeBSD.org>
Date: Mon, 16 Nov 2015 18:38:56 +0000
Subject: - fix for malicious crafted a2ps prologue files Security:
 CVE-2015-8107 Security:
 http://www.openwall.com/lists/oss-security/2015/11/16/4 Submitted by:	feld
 Obtained from:	http://www.openwall.com/

---
 print/a2ps/files/patch-output.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 print/a2ps/files/patch-output.c

(limited to 'print')

diff --git a/print/a2ps/files/patch-output.c b/print/a2ps/files/patch-output.c
new file mode 100644
index 000000000000..691d2d15dc5d
--- /dev/null
+++ b/print/a2ps/files/patch-output.c
@@ -0,0 +1,13 @@
+Fix for CVE-2015-8107
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+--- lib/output.c.orig  2015-11-16 15:29:38 UTC
++++ lib/output.c
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
+                    expand_user_string (job, FIRST_FILE (job),
+                                        (const uchar *) "Expand: requirement",
+                                        (const uchar *) token));
+-      output (dest, expansion);
++      output (dest, "%s", expansion);
+       continue;
+       }
+
-- 
cgit