diff options
author | wiz <wiz> | 2004-12-20 15:02:34 +0000 |
---|---|---|
committer | wiz <wiz> | 2004-12-20 15:02:34 +0000 |
commit | 062dd8e7abb0865e05d06888d3c035f0a41f1498 (patch) | |
tree | 1d8c454a705bf203bf77aa68f269f555345782b2 /print | |
parent | 2f75d8d98a71fe3ae568d479fcacf0ce87ad7b73 (diff) | |
download | pkgsrc-062dd8e7abb0865e05d06888d3c035f0a41f1498.tar.gz |
Apply patch from Rudolf Polzer against CAN-2004-1170.
See http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1026.html
Bump PKGREVISION.
Diffstat (limited to 'print')
-rw-r--r-- | print/a2ps/Makefile | 4 | ||||
-rw-r--r-- | print/a2ps/distinfo | 3 | ||||
-rw-r--r-- | print/a2ps/patches/patch-ac | 59 |
3 files changed, 63 insertions, 3 deletions
diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile index 45d4c59a1b9..72153797a2a 100644 --- a/print/a2ps/Makefile +++ b/print/a2ps/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.49 2004/10/03 00:18:03 tv Exp $ +# $NetBSD: Makefile,v 1.50 2004/12/20 15:02:34 wiz Exp $ DISTNAME= a2ps-4.13b PKGNAME= a2ps-4.13.0.2 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_GNU:=a2ps/} \ ftp://ftp.enst.fr/pub/unix/a2ps/ diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo index e4dd7f331a6..4b701bb1953 100644 --- a/print/a2ps/distinfo +++ b/print/a2ps/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.6 2002/11/26 11:02:05 jmmv Exp $ +$NetBSD: distinfo,v 1.7 2004/12/20 15:02:34 wiz Exp $ SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a Size (a2ps-4.13b.tar.gz) = 1944289 bytes SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877 SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218 +SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17 diff --git a/print/a2ps/patches/patch-ac b/print/a2ps/patches/patch-ac new file mode 100644 index 00000000000..9fa95435677 --- /dev/null +++ b/print/a2ps/patches/patch-ac @@ -0,0 +1,59 @@ +$NetBSD: patch-ac,v 1.5 2004/12/20 15:02:34 wiz Exp $ + +--- src/select.c.orig 1999-12-16 02:04:56.000000000 +0100 ++++ src/select.c +@@ -131,6 +131,36 @@ sheets_map_load_main (void) + return 1; + } + ++/* escapes the name of a file so that the shell groks it in 'single' q.marks. ++ The resulting pointer has to be free()ed when not longer used. */ ++char * ++shell_escape(const char *fn) ++{ ++ size_t len = 0; ++ const char *inp; ++ char *retval, *outp; ++ ++ for(inp = fn; *inp; ++inp) ++ switch(*inp) ++ { ++ case '\'': len += 4; break; ++ default: len += 1; break; ++ } ++ ++ outp = retval = malloc(len + 1); ++ if(!outp) ++ return NULL; /* perhaps one should do better error handling here */ ++ for(inp = fn; *inp; ++inp) ++ switch(*inp) ++ { ++ case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; ++ default: *outp++ = *inp; break; ++ } ++ *outp = 0; ++ ++ return retval; ++} ++ + /* What says file about the type of a file (result is malloc'd). NULL + if could not be run. */ + +@@ -144,11 +174,15 @@ file_verdict_on (const uchar *filename) + if (IS_EMPTY (job->file_command)) + return NULL; + ++ filename = shell_escape(filename); ++ if(filename == NULL) ++ return NULL; + /* Call file(1) with the correct option */ +- command = ALLOCA (char, (2 ++ command = ALLOCA (char, (4 + + strlen (job->file_command) + + ustrlen (filename))); +- sprintf (command, "%s %s", job->file_command, (const char *) filename); ++ sprintf (command, "%s '%s'", job->file_command, (const char *) filename); ++ free(filename); + message (msg_tool, (stderr, "Reading pipe: `%s'\n", command)); + file_out = popen (command, "r"); + |