From 14cb935c02c6a4e1110711c696ea75309a73bf0d Mon Sep 17 00:00:00 2001 From: markd Date: Mon, 29 Dec 2008 08:48:45 +0000 Subject: Fix quoting chars in popen variables expansion (http://secunia.com/advisories/33227/) patch from 2.0.4beta2. Bump PKGREVISION. --- net/netatalk/Makefile | 4 +- net/netatalk/distinfo | 3 +- net/netatalk/patches/patch-ap | 97 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 3 deletions(-) create mode 100644 net/netatalk/patches/patch-ap (limited to 'net/netatalk') diff --git a/net/netatalk/Makefile b/net/netatalk/Makefile index aa751dd8c01..0b82136ff9e 100644 --- a/net/netatalk/Makefile +++ b/net/netatalk/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.60 2008/09/06 20:54:33 wiz Exp $ +# $NetBSD: Makefile,v 1.61 2008/12/29 08:48:45 markd Exp $ DISTNAME= netatalk-2.0.3 -PKGREVISION= 11 +PKGREVISION= 12 CATEGORIES= net print MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=netatalk/} EXTRACT_SUFX= .tar.bz2 diff --git a/net/netatalk/distinfo b/net/netatalk/distinfo index 9888a44148e..3589a7bf388 100644 --- a/net/netatalk/distinfo +++ b/net/netatalk/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.27 2008/04/06 20:21:52 christos Exp $ +$NetBSD: distinfo,v 1.28 2008/12/29 08:48:45 markd Exp $ SHA1 (netatalk-2.0.3.tar.bz2) = ce2d5dd123467ccae72fc62ca4ee3738019455f2 RMD160 (netatalk-2.0.3.tar.bz2) = 29b763400a45797ac4a8e499d5328aa91a091c91 @@ -17,5 +17,6 @@ SHA1 (patch-al) = df56d837eeb5698b0247fc0233448d254392fe43 SHA1 (patch-am) = a01ab55a793c5249cc6fa0a4d98d61e43f173021 SHA1 (patch-an) = 5472758813b927708ca178809fb89733719e67b4 SHA1 (patch-ao) = 1b140d7b8fc1df6b44b15a181ddc625744610bb9 +SHA1 (patch-ap) = 1b208e1dca1c62b08e39dabbf962fdcf2ff91584 SHA1 (patch-bi) = b592d058a1d61322c03d1c3d44e39b48f2ddf7c3 SHA1 (patch-bj) = 578f4ac2fbe3e4f5d85a4ac24a778ce9d2e75045 diff --git a/net/netatalk/patches/patch-ap b/net/netatalk/patches/patch-ap new file mode 100644 index 00000000000..905dab34dd1 --- /dev/null +++ b/net/netatalk/patches/patch-ap @@ -0,0 +1,97 @@ +$NetBSD: patch-ap,v 1.4 2008/12/29 08:48:46 markd Exp $ + +quote chars in popen variables expansion - from 2.0.4beta2 + +--- etc/papd/lp.c.orig 2004-06-09 14:24:47.000000000 +1200 ++++ etc/papd/lp.c +@@ -212,10 +212,37 @@ static void lp_setup_comments (charset_t + + #define is_var(a, b) (strncmp((a), (b), 2) == 0) + ++static size_t quote(char *dest, char *src, const size_t bsize, size_t len) ++{ ++size_t used = 0; ++ ++ while (len && used < bsize ) { ++ switch (*src) { ++ case '$': ++ case '\\': ++ case '"': ++ case '`': ++ if (used + 2 > bsize ) ++ return used; ++ *dest = '\\'; ++ dest++; ++ used++; ++ break; ++ } ++ *dest = *src; ++ src++; ++ dest++; ++ len--; ++ used++; ++ } ++ return used; ++} ++ ++ + static char* pipexlate(char *src) + { + char *p, *q, *dest; +- static char destbuf[MAXPATHLEN]; ++ static char destbuf[MAXPATHLEN +1]; + size_t destlen = MAXPATHLEN; + int len = 0; + +@@ -224,13 +251,15 @@ static char* pipexlate(char *src) + if (!src) + return NULL; + +- strncpy(dest, src, MAXPATHLEN); +- if ((p = strchr(src, '%')) == NULL) /* nothing to do */ ++ memset(dest, 0, MAXPATHLEN +1); ++ if ((p = strchr(src, '%')) == NULL) { /* nothing to do */ ++ strncpy(dest, src, MAXPATHLEN); + return destbuf; +- +- /* first part of the path. just forward to the next variable. */ ++ } ++ /* first part of the path. copy and forward to the next variable. */ + len = MIN((size_t)(p - src), destlen); + if (len > 0) { ++ strncpy(dest, src, len); + destlen -= len; + dest += len; + } +@@ -246,21 +275,24 @@ static char* pipexlate(char *src) + q = lp.lp_created_for; + } else if (is_var(p, "%%")) { + q = "%"; +- } else +- q = p; ++ } + + /* copy the stuff over. if we don't understand something that we + * should, just skip it over. */ + if (q) { +- len = MIN(p == q ? 2 : strlen(q), destlen); ++ len = MIN(strlen(q), destlen); ++ len = quote(dest, q, destlen, len); ++ } ++ else { ++ len = MIN(2, destlen); + strncpy(dest, q, len); +- dest += len; +- destlen -= len; + } ++ dest += len; ++ destlen -= len; + +- /* stuff up to next $ */ ++ /* stuff up to next % */ + src = p + 2; +- p = strchr(src, '$'); ++ p = strchr(src, '%'); + len = p ? MIN((size_t)(p - src), destlen) : destlen; + if (len > 0) { + strncpy(dest, src, len); -- cgit v1.2.3