summaryrefslogtreecommitdiff
path: root/print
diff options
context:
space:
mode:
authoritojun <itojun@pkgsrc.org>2002-10-04 03:00:11 +0000
committeritojun <itojun@pkgsrc.org>2002-10-04 03:00:11 +0000
commitf2d60df747c08f15a9a7eb569d9eb96421d70c8e (patch)
tree73c8948814d0fbc51cd2e1d31f446da3151691d0 /print
parent2a91d5d0fc2ab416df6905249ed1173a24b1578f (diff)
downloadpkgsrc-f2d60df747c08f15a9a7eb569d9eb96421d70c8e.tar.gz
pull security patch from http://www.epita.fr/~bevand_m/asa/asa-0000,
as suggested in PR18522. bump PKGREVISION to 2.
Diffstat (limited to 'print')
-rw-r--r--print/gv/Makefile4
-rw-r--r--print/gv/distinfo5
-rw-r--r--print/gv/patches/patch-ag30
-rw-r--r--print/gv/patches/patch-ah22
-rw-r--r--print/gv/patches/patch-ai41
5 files changed, 99 insertions, 3 deletions
diff --git a/print/gv/Makefile b/print/gv/Makefile
index ff52acdee5e..a5a2644c715 100644
--- a/print/gv/Makefile
+++ b/print/gv/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.33 2002/09/13 22:08:25 jlam Exp $
+# $NetBSD: Makefile,v 1.34 2002/10/04 03:00:11 itojun Exp $
# FreeBSD Id: Makefile,v 1.16 1997/07/13 18:49:29 max Exp
#
DISTNAME= gv-3.5.8
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= print
MASTER_SITES= ftp://ftpthep.physik.uni-mainz.de/pub/gv/unix/
diff --git a/print/gv/distinfo b/print/gv/distinfo
index 2aec1c641b5..d247473ecad 100644
--- a/print/gv/distinfo
+++ b/print/gv/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2001/04/20 12:41:50 agc Exp $
+$NetBSD: distinfo,v 1.3 2002/10/04 03:00:11 itojun Exp $
SHA1 (gv-3.5.8.tar.gz) = 5c67b41ee19887bf1efed4e958d09d3845a857aa
Size (gv-3.5.8.tar.gz) = 369609 bytes
@@ -6,3 +6,6 @@ SHA1 (patch-aa) = 970c468e8cdd76cd8d61b28e9f329fd540012928
SHA1 (patch-ab) = 219c5b4b9402dd68dc4855eb8179f44d60e9d8af
SHA1 (patch-ae) = c9ff70c144a793b3cb058aa039dd51e8991d8036
SHA1 (patch-af) = 6148ce1f295c302b2a09d4f4b58a313ed55c8cc2
+SHA1 (patch-ag) = 06e9f2f8ce39dc821b0edd8231a2a8b2f40d7184
+SHA1 (patch-ah) = 99253c32e35bf10c7fdffc0903b095a6a8047ac2
+SHA1 (patch-ai) = 2f1a65de62e5defb6ccf5805c424bbcc8ddf0bea
diff --git a/print/gv/patches/patch-ag b/print/gv/patches/patch-ag
new file mode 100644
index 00000000000..01780864cc1
--- /dev/null
+++ b/print/gv/patches/patch-ag
@@ -0,0 +1,30 @@
+$NetBSD: patch-ag,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/file.c source/file.c
+--- source/file.c 1997-06-07 00:00:00.000000000 +0200
++++ source/file.c 2002-09-26 23:56:00.000000000 +0200
+@@ -285,6 +285,22 @@
+ }
+
+ /*############################################################*/
++/* file_nameIsDangerous */
++/*############################################################*/
++
++char *file_charsAllowedInName = "+,-./:=@\\^_";
++
++int
++file_nameIsDangerous(fn)
++ char *fn;
++{
++ for (; *fn; fn++)
++ if (!isalnum(*fn) && !strchr(file_charsAllowedInName, *fn))
++ return(1);
++ return(0);
++}
++
++/*############################################################*/
+ /* file_pdfname2psname */
+ /* If the file ends in .pdf, change this to .ps.*/
+ /* Return pointer to temp copy if changed, else to input string. */
diff --git a/print/gv/patches/patch-ah b/print/gv/patches/patch-ah
new file mode 100644
index 00000000000..39b18681613
--- /dev/null
+++ b/print/gv/patches/patch-ah
@@ -0,0 +1,22 @@
+$NetBSD: patch-ah,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/file.h source/file.h
+--- source/file.h 1997-04-26 00:00:00.000000000 +0200
++++ source/file.h 2002-09-26 23:28:38.000000000 +0200
+@@ -70,6 +70,14 @@
+ #endif
+ );
+
++extern char *file_charsAllowedInName;
++
++extern int file_nameIsDangerous (
++#if NeedFunctionPrototypes
++ char *
++#endif
++);
++
+ extern char* file_pdfname2psname (
+ #if NeedFunctionPrototypes
+ char * /* name */
diff --git a/print/gv/patches/patch-ai b/print/gv/patches/patch-ai
new file mode 100644
index 00000000000..32c73017379
--- /dev/null
+++ b/print/gv/patches/patch-ai
@@ -0,0 +1,41 @@
+$NetBSD: patch-ai,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/ps.c source/ps.c
+--- source/ps.c 1997-06-07 00:00:00.000000000 +0200
++++ source/ps.c 2002-09-27 00:29:35.000000000 +0200
+@@ -420,6 +420,16 @@
+ char cmd[512];
+ char s[512];
+ filename_unc=file_getTmpFilename(NULL,filename_raw);
++ if (file_nameIsDangerous(filename))
++ {
++ INFMESSAGE(the filename is dangerous)
++ sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
++ "characters and \"%s\" are allowed.\n",
++ filename, file_charsAllowedInName);
++ NotePopupShowMessage(s);
++ ENDMESSAGE(psscan)
++ return(NULL);
++ }
+ sprintf(cmd,cmd_uncompress,filename,filename_unc);
+ INFMESSAGE(is compressed)
+ INFSMESSAGE(uncompress command,cmd)
+@@ -491,6 +501,16 @@
+ char cmd[512];
+ char s[512];
+ filename_dsc=file_getTmpFilename(NULL,filename_raw);
++ if (file_nameIsDangerous(filename))
++ {
++ INFMESSAGE(the filename is dangerous)
++ sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
++ "characters and \"%s\" are allowed.\n",
++ filename, file_charsAllowedInName);
++ NotePopupShowMessage(s);
++ ENDMESSAGE(psscan)
++ return(NULL);
++ }
+ sprintf(cmd,cmd_scan_pdf,filename,filename_dsc);
+ INFMESSAGE(is PDF)
+ INFSMESSAGE(scan command,cmd)