Apply patch from Rudolf Polzer against CAN-2004-1170.

See http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
Bump PKGREVISION.

3 files changed, 63 insertions, 3 deletions

diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 45d4c59a1b9..72153797a2a 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2004/10/03 00:18:03 tv Exp $
+# $NetBSD: Makefile,v 1.50 2004/12/20 15:02:34 wiz Exp $
 
 DISTNAME=		a2ps-4.13b
 PKGNAME=		a2ps-4.13.0.2
-PKGREVISION=		4
+PKGREVISION=		5
 CATEGORIES=		print
 MASTER_SITES=		${MASTER_SITE_GNU:=a2ps/} \
 			ftp://ftp.enst.fr/pub/unix/a2ps/
diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo
index e4dd7f331a6..4b701bb1953 100644
--- a/print/a2ps/distinfo
+++ b/print/a2ps/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.6 2002/11/26 11:02:05 jmmv Exp $
+$NetBSD: distinfo,v 1.7 2004/12/20 15:02:34 wiz Exp $
 
 SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a
 Size (a2ps-4.13b.tar.gz) = 1944289 bytes
 SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877
 SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218
+SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17
diff --git a/print/a2ps/patches/patch-ac b/print/a2ps/patches/patch-ac
new file mode 100644
index 00000000000..9fa95435677
--- /dev/null
+++ b/print/a2ps/patches/patch-ac
@@ -0,0 +1,59 @@
+$NetBSD: patch-ac,v 1.5 2004/12/20 15:02:34 wiz Exp $
+
+--- src/select.c.orig	1999-12-16 02:04:56.000000000 +0100
++++ src/select.c
+@@ -131,6 +131,36 @@ sheets_map_load_main (void)
+   return 1;
+ }
+ 
++/* escapes the name of a file so that the shell groks it in 'single' q.marks. 
++   The resulting pointer has to be free()ed when not longer used. */
++char *
++shell_escape(const char *fn)
++{
++  size_t len = 0;
++  const char *inp;
++  char *retval, *outp;
++
++  for(inp = fn; *inp; ++inp)
++    switch(*inp)
++    {
++      case '\'': len += 4; break;
++      default:   len += 1; break;
++    }
++
++  outp = retval = malloc(len + 1);
++  if(!outp)
++    return NULL; /* perhaps one should do better error handling here */
++  for(inp = fn; *inp; ++inp)
++    switch(*inp)
++    {
++      case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break;
++      default:   *outp++ = *inp; break;
++    }
++  *outp = 0;
++
++  return retval;
++}
++
+ /* What says file about the type of a file (result is malloc'd).  NULL
+   if could not be run.  */
+ 
+@@ -144,11 +174,15 @@ file_verdict_on (const uchar *filename)
+   if (IS_EMPTY (job->file_command))
+     return NULL;
+ 
++  filename = shell_escape(filename);
++  if(filename == NULL)
++    return NULL;
+   /* Call file(1) with the correct option */
+-  command = ALLOCA (char, (2
++  command = ALLOCA (char, (4
+ 			   + strlen (job->file_command)
+ 			   + ustrlen (filename)));
+-  sprintf (command, "%s %s", job->file_command, (const char *) filename);
++  sprintf (command, "%s '%s'", job->file_command, (const char *) filename);
++  free(filename);
+   message (msg_tool, (stderr, "Reading pipe: `%s'\n", command));
+   file_out = popen (command, "r");
+