summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2002-07-29 13:02:24 +0000
committertron <tron@pkgsrc.org>2002-07-29 13:02:24 +0000
commit72b0862ad5047871b8d01be1d7845bed1056b15f (patch)
treeb8f1566976bc97878d56e1e58dcbe51920d28eb7
parent1e3441c9dc8e7e5b22a585995d009a02136d5c9a (diff)
downloadpkgsrc-72b0862ad5047871b8d01be1d7845bed1056b15f.tar.gz
Stop "xv" from executing files starting with a "!" when they are selected
in the directory box. This is inconsistent with the command line handling and can turn into a security problem. This change fixed PR pkg/17751 by Christian Biere. Bump package revision to reflect this change.
-rw-r--r--graphics/xv/Makefile4
-rw-r--r--graphics/xv/distinfo3
-rw-r--r--graphics/xv/patches/patch-aw36
3 files changed, 40 insertions, 3 deletions
diff --git a/graphics/xv/Makefile b/graphics/xv/Makefile
index f89dc4d3f32..ebe5f9bd6fa 100644
--- a/graphics/xv/Makefile
+++ b/graphics/xv/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.41 2002/03/13 17:37:19 fredb Exp $
+# $NetBSD: Makefile,v 1.42 2002/07/29 13:02:24 tron Exp $
DISTNAME= xv-3.10a
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= graphics x11
MASTER_SITES= ftp://ftp.cis.upenn.edu/pub/xv/ \
ftp://ftp.kuis.kyoto-u.ac.jp/X11/contrib/clients/xv/ \
diff --git a/graphics/xv/distinfo b/graphics/xv/distinfo
index fbd49d7b0da..b4c7b4527bb 100644
--- a/graphics/xv/distinfo
+++ b/graphics/xv/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2001/04/21 09:54:31 wiz Exp $
+$NetBSD: distinfo,v 1.3 2002/07/29 13:02:24 tron Exp $
SHA1 (xv-3.10a.tar.gz) = 9e6372f154be9e9e355972cbeb91d98d9c342474
Size (xv-3.10a.tar.gz) = 2259124 bytes
@@ -30,3 +30,4 @@ SHA1 (patch-as) = f960648c9ce6e86c13dbd1cca091c4cc71ea7d08
SHA1 (patch-at) = a2c2c57ad852006b66addc5c88f73fce7d4716eb
SHA1 (patch-au) = 3cb2fde94db4b71a449c81e4b912132b204b0062
SHA1 (patch-av) = cb815b12de135927cad826623c5071e938a59509
+SHA1 (patch-aw) = 71698320f3fa4e7008f4cc231370d5db25b1efea
diff --git a/graphics/xv/patches/patch-aw b/graphics/xv/patches/patch-aw
new file mode 100644
index 00000000000..05d42b84110
--- /dev/null
+++ b/graphics/xv/patches/patch-aw
@@ -0,0 +1,36 @@
+$NetBSD: patch-aw,v 1.1 2002/07/29 13:02:24 tron Exp $
+
+--- xv.c.orig Mon Jul 29 14:50:12 2002
++++ xv.c Mon Jul 29 14:51:19 2002
+@@ -1872,11 +1872,13 @@
+ if (filenum == LOADPIC) {
+ fullname = GetDirFullName();
+
++#ifdef BROKEN_PIPE_HANDLING_FROM_DIRECTORY_BOX
+ if (ISPIPE(fullname[0])) { /* read from a pipe. */
+ strcpy(filename, fullname);
+ if (readpipe(fullname, filename)) goto FAILED;
+ frompipe = 1;
+ }
++#endif
+ }
+ else fullname = namelist[filenum];
+
+@@ -1902,6 +1904,7 @@
+ }
+
+
++#ifdef BROKEN_PIPE_HANDLING_FROM_DIRECTORY_BOX
+ if (filenum == LOADPIC && ISPIPE(fullname[0])) {
+ /* if we're reading from a pipe, 'filename' will have the /tmp/xvXXXXXX
+ filename, and we can skip a lot of stuff: (such as prepending
+@@ -1913,6 +1916,9 @@
+ }
+
+ else { /* NOT reading from a PIPE */
++#else
++ {
++#endif
+
+ /* if fullname doesn't start with a '/' (ie, it's a relative path),
+ (and it's not LOADPIC and it's not the special case '<stdin>')