diff options
| author | tron <tron> | 2002-07-29 13:02:24 +0000 |
|---|---|---|
| committer | tron <tron> | 2002-07-29 13:02:24 +0000 |
| commit | 74f616cb6fc421899f7046ef8fb05b1ed23333ad (patch) | |
| tree | b8f1566976bc97878d56e1e58dcbe51920d28eb7 /graphics/xv | |
| parent | 12edb1605b07c34a5285ce61e89228a041a6b745 (diff) | |
| download | pkgsrc-74f616cb6fc421899f7046ef8fb05b1ed23333ad.tar.gz | |
Stop "xv" from executing files starting with a "!" when they are selected
in the directory box. This is inconsistent with the command line handling
and can turn into a security problem. This change fixed PR pkg/17751
by Christian Biere. Bump package revision to reflect this change.
Diffstat (limited to 'graphics/xv')
| -rw-r--r-- | graphics/xv/Makefile | 4 | ||||
| -rw-r--r-- | graphics/xv/distinfo | 3 | ||||
| -rw-r--r-- | graphics/xv/patches/patch-aw | 36 |
3 files changed, 40 insertions, 3 deletions
diff --git a/graphics/xv/Makefile b/graphics/xv/Makefile index f89dc4d3f32..ebe5f9bd6fa 100644 --- a/graphics/xv/Makefile +++ b/graphics/xv/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.41 2002/03/13 17:37:19 fredb Exp $ +# $NetBSD: Makefile,v 1.42 2002/07/29 13:02:24 tron Exp $ DISTNAME= xv-3.10a -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics x11 MASTER_SITES= ftp://ftp.cis.upenn.edu/pub/xv/ \ ftp://ftp.kuis.kyoto-u.ac.jp/X11/contrib/clients/xv/ \ diff --git a/graphics/xv/distinfo b/graphics/xv/distinfo index fbd49d7b0da..b4c7b4527bb 100644 --- a/graphics/xv/distinfo +++ b/graphics/xv/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2001/04/21 09:54:31 wiz Exp $ +$NetBSD: distinfo,v 1.3 2002/07/29 13:02:24 tron Exp $ SHA1 (xv-3.10a.tar.gz) = 9e6372f154be9e9e355972cbeb91d98d9c342474 Size (xv-3.10a.tar.gz) = 2259124 bytes @@ -30,3 +30,4 @@ SHA1 (patch-as) = f960648c9ce6e86c13dbd1cca091c4cc71ea7d08 SHA1 (patch-at) = a2c2c57ad852006b66addc5c88f73fce7d4716eb SHA1 (patch-au) = 3cb2fde94db4b71a449c81e4b912132b204b0062 SHA1 (patch-av) = cb815b12de135927cad826623c5071e938a59509 +SHA1 (patch-aw) = 71698320f3fa4e7008f4cc231370d5db25b1efea diff --git a/graphics/xv/patches/patch-aw b/graphics/xv/patches/patch-aw new file mode 100644 index 00000000000..05d42b84110 --- /dev/null +++ b/graphics/xv/patches/patch-aw @@ -0,0 +1,36 @@ +$NetBSD: patch-aw,v 1.1 2002/07/29 13:02:24 tron Exp $ + +--- xv.c.orig Mon Jul 29 14:50:12 2002 ++++ xv.c Mon Jul 29 14:51:19 2002 +@@ -1872,11 +1872,13 @@ + if (filenum == LOADPIC) { + fullname = GetDirFullName(); + ++#ifdef BROKEN_PIPE_HANDLING_FROM_DIRECTORY_BOX + if (ISPIPE(fullname[0])) { /* read from a pipe. */ + strcpy(filename, fullname); + if (readpipe(fullname, filename)) goto FAILED; + frompipe = 1; + } ++#endif + } + else fullname = namelist[filenum]; + +@@ -1902,6 +1904,7 @@ + } + + ++#ifdef BROKEN_PIPE_HANDLING_FROM_DIRECTORY_BOX + if (filenum == LOADPIC && ISPIPE(fullname[0])) { + /* if we're reading from a pipe, 'filename' will have the /tmp/xvXXXXXX + filename, and we can skip a lot of stuff: (such as prepending +@@ -1913,6 +1916,9 @@ + } + + else { /* NOT reading from a PIPE */ ++#else ++ { ++#endif + + /* if fullname doesn't start with a '/' (ie, it's a relative path), + (and it's not LOADPIC and it's not the special case '<stdin>') |