diff options
author | kei <kei@pkgsrc.org> | 2004-10-22 12:49:02 +0000 |
---|---|---|
committer | kei <kei@pkgsrc.org> | 2004-10-22 12:49:02 +0000 |
commit | e5fe974b7dc1c062417e4f90d9c822e25b64d5ad (patch) | |
tree | 17cd32b6f93836728fc2a8f54c3310806939d980 | |
parent | 9e9d22e2b31fffd7f1d438724e53c85c1f6d3d31 (diff) | |
download | pkgsrc-e5fe974b7dc1c062417e4f90d9c822e25b64d5ad.tar.gz |
xdvizilla had unsafe temporary file usage. fixes (diffs between 1.2 and
1.10) are pulled from its CVS repository.
closes pkga22940 by Jeremy C. Reed.
-rw-r--r-- | print/teTeX-bin/distinfo | 3 | ||||
-rw-r--r-- | print/teTeX-bin/patches/patch-ag | 196 |
2 files changed, 198 insertions, 1 deletions
diff --git a/print/teTeX-bin/distinfo b/print/teTeX-bin/distinfo index 66282f6eac5..9b7e0b98cc1 100644 --- a/print/teTeX-bin/distinfo +++ b/print/teTeX-bin/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2004/10/11 04:54:05 minskim Exp $ +$NetBSD: distinfo,v 1.6 2004/10/22 12:49:02 kei Exp $ SHA1 (teTeX/tetex-src-2.0.2.tar.gz) = 6445206b14d659458ee352df78d2c2daf8e88ab3 Size (teTeX/tetex-src-2.0.2.tar.gz) = 11745933 bytes @@ -8,5 +8,6 @@ SHA1 (patch-ac) = 7e96a7a14090a6b3009d3562b18ee8383d50d3e0 SHA1 (patch-ad) = 377f52b45ea66b88f682aaa7f0dd72dee8f986fb SHA1 (patch-ae) = 68825699db129b82f476c37ba3b6e20a8831ad6e SHA1 (patch-af) = d5fd0e1b30b1ea9fd96fe5983088df5a723f04b7 +SHA1 (patch-ag) = 9dd4ce8fc1dad6555a59fd3734364ebf9117b4f5 SHA1 (patch-ap) = 40543e9a2fb87d296557f3a8bd9a7207b2331a8e SHA1 (patch-aq) = f90ed07b2de340c55c6d987fdaa59d7ed6d46e0f diff --git a/print/teTeX-bin/patches/patch-ag b/print/teTeX-bin/patches/patch-ag new file mode 100644 index 00000000000..399036528f1 --- /dev/null +++ b/print/teTeX-bin/patches/patch-ag @@ -0,0 +1,196 @@ +$NetBSD: patch-ag,v 1.3 2004/10/22 12:49:02 kei Exp $ + +This diff is taken from the url below: +http://cvs.sourceforge.net/viewcvs.py/xdvi/xdvik/texk/xdvik/xdvizilla?r1=text&tr1=1.2&r2=text&tr2=1.10&diff_format=u + +=================================================================== +RCS file: /cvsroot/xdvi/xdvik/texk/xdvik/xdvizilla,v +retrieving revision 1.2 +retrieving revision 1.10 +diff -u -r1.2 -r1.10 +--- xdvi/xdvik/texk/xdvik/xdvizilla 2002/10/12 13:29:17 1.2 ++++ xdvi/xdvik/texk/xdvik/xdvizilla 2004/02/24 22:37:37 1.10 +@@ -1,11 +1,68 @@ + #! /bin/sh +- ++# + # This is a kludge to fix helper apps in mozilla. See mozilla bugs #57420 + # and also #78919. +- ++# + # It's also useful for tar files with Netscape 4.x ++# ++# Copyright (c) 2002-2004 Paul Vojta ++# ++# Permission is hereby granted, free of charge, to any person obtaining a copy ++# of this software and associated documentation files (the "Software"), to ++# deal in the Software without restriction, including without limitation the ++# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or ++# sell copies of the Software, and to permit persons to whom the Software is ++# furnished to do so, subject to the following conditions: ++# ++# The above copyright notice and this permission notice shall be included in ++# all copies or substantial portions of the Software. ++# ++# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. ++# IN NO EVENT SHALL PAUL VOJTA OR ANY OTHER AUTHOR OF OR CONTRIBUTOR TO ++# THIS SOFTWARE BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ++# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS ++# IN THE SOFTWARE. ++ ++# Some changes suggested by Thomas Esser included by ++# <stefanulrich@users.sourceforge.net>. + ++IN_FILE= + NO_RM= ++TMP_DIR= ++progname=xdvizilla ++ ++do_cleanup() ++{ ++ exitval=$? ++ if [ -z "$NO_RM" -a -n "$IN_FILE" ] ; then ++ rm -f "$IN_FILE" ++ fi ++ test -n "$TMP_DIR" && rm -rf "$TMP_DIR" ++ exit $exitval ++} ++ ++do_abort() ++{ ++ xmessage -nearmouse "$progname: $1" ++ do_cleanup ++ exit 1 ++} ++ ++usage() ++{ ++ xmessage -nearmouse "Usage: $progname [-no-rm] <file>" ++ do_cleanup ++ exit 1 ++} ++ ++trap 'do_cleanup' 1 2 3 7 13 15 ++ ++### create a temporary directory only read/writable by user ++TMP_DIR=${TMP-/tmp}/$progname.$$ ++(umask 077; mkdir "$TMP_DIR") || do_abort "Could not create directory \`$TMP_DIR'" + + if [ $# -gt 1 -a "x$1" = "x-no-rm" ]; then + NO_RM=y +@@ -13,8 +70,7 @@ + fi + + if [ $# -ne 1 ]; then +- xmessage -nearmouse 'Usage: xdvizilla [-no-rm] <file>' +- exit 1 ++ usage + fi + + DIR=`dirname "$0"` +@@ -27,55 +83,52 @@ + DIR= + fi + +-FILE=$1 +-FILETYPE=`file "$FILE"` +- +-case "$FILETYPE" in +- +- *"gzip compressed data"*) +- FILE=/tmp/xdvizilla$$ +- gunzip -c "$1" > $FILE +- [ -n "$NO_RM" ] || rm -f -- "$1" +- NO_RM= +- FILETYPE=`file "$FILE"` +- ;; +- +- *"compressed data"* | *"compress'd data"*) +- FILE=/tmp/xdvizilla$$ +- uncompress -c "$1" > $FILE +- [ -n "$NO_RM" ] || rm -f -- "$1" +- NO_RM= +- FILETYPE=`file "$FILE"` +- ;; +- +- "$1: empty") +- xmessage -nearmouse "$1 is an empty file +-(this is a bug in Mozilla)" +- [ -n "$NO_RM" ] || rm -f -- "$1" +- exit 1 +- ;; +- +-esac +- +-case "$FILETYPE" in +- +- *" tar archive") +- TARDIR=/tmp/xdvitar$$ +- mkdir $TARDIR +- cat "$FILE" | (cd $TARDIR; tar xf -) +- DVINAME=`tar tf "$FILE" | grep '\.dvi$' | head -1` +- [ -n "$NO_RM" ] || rm -f -- "$FILE" +- if [ -z "$DVINAME" ]; then +- xmessage -nearmouse "Tar file does not contain a dvi file" +- else +- (cd $TARDIR; "$DIR"xdvi -safer "$DVINAME") +- fi +- rm -rf $TARDIR +- ;; ++# need to preserve IN_FILE for eventual deletion ++IN_FILE="$1" ++TMP_FILE="$IN_FILE" ++ ++while [ 1 ]; do ++ [ -f "$TMP_FILE" ] || do_abort "$TMP_FILE: File not found." ++ FILETYPE=`file "$TMP_FILE"` ++ case "$FILETYPE" in ++ *"gzip compressed data"*) ++ out="$TMP_DIR"/tmp-gz ++ gunzip -c "$TMP_FILE" > "$out" ++ TMP_FILE="$out" ++ ;; ++ *"compressed data"* | *"compress'd data"*) ++ out="$TMP_DIR"/tmp-compress ++ uncompress -c "$TMP_FILE" > "$out" ++ TMP_FILE="$out" ++ ;; ++ "$TMP_FILE: empty") ++ do_abort "$TMP_FILE is an empty file ++(probably a bug in Mozilla?)" ++ ;; ++ *" tar archive") ++ ### do sanity checks on the tar archive, to avoid overwriting user files: ++ dangerous=`tar tf "$TMP_FILE" | egrep '^(/|.*\.\./)'` ++ [ -z "$dangerous" ] || do_abort "Tar file contains files with absolute paths or \`../' components, ++which may overwrite user files. Not unpacking it." ++ ### also check for gzipped DVI files inside the archive ... ++ out="$TMP_DIR"/`tar tf "$TMP_FILE" | egrep '\.(dvi|dvi.gz|dvi.Z)$' | head -1` ++ if [ -z "$out" ]; then ++ do_abort "Tar file does not contain a dvi file." ++ else ++ cat "$TMP_FILE" | (cd "$TMP_DIR"; tar xf -) ++ TMP_FILE="$out" ++ fi ++ ;; ++ *"DVI file"*) ++ "$DIR"xdvi -safer "$TMP_FILE" ++ break ++ ;; ++ *) ++ do_abort "$TMP_FILE: Unrecognized file format!" ++ ;; ++ esac ++done + +- *) +- "$DIR"xdvi -safer "$FILE" +- [ -n "$NO_RM" ] || rm -f -- "$FILE" +- ;; ++do_cleanup + +-esac ++exit 0 |