From f2d60df747c08f15a9a7eb569d9eb96421d70c8e Mon Sep 17 00:00:00 2001
From: itojun <itojun@pkgsrc.org>
Date: Fri, 4 Oct 2002 03:00:11 +0000
Subject: pull security patch from http://www.epita.fr/~bevand_m/asa/asa-0000,
 as suggested in PR18522. bump PKGREVISION to 2.

---
 print/gv/Makefile         |  4 ++--
 print/gv/distinfo         |  5 ++++-
 print/gv/patches/patch-ag | 30 ++++++++++++++++++++++++++++++
 print/gv/patches/patch-ah | 22 ++++++++++++++++++++++
 print/gv/patches/patch-ai | 41 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 99 insertions(+), 3 deletions(-)
 create mode 100644 print/gv/patches/patch-ag
 create mode 100644 print/gv/patches/patch-ah
 create mode 100644 print/gv/patches/patch-ai

(limited to 'print/gv')

diff --git a/print/gv/Makefile b/print/gv/Makefile
index ff52acdee5e..a5a2644c715 100644
--- a/print/gv/Makefile
+++ b/print/gv/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.33 2002/09/13 22:08:25 jlam Exp $
+# $NetBSD: Makefile,v 1.34 2002/10/04 03:00:11 itojun Exp $
 # FreeBSD Id: Makefile,v 1.16 1997/07/13 18:49:29 max Exp
 #
 
 DISTNAME=	gv-3.5.8
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	print
 MASTER_SITES=	ftp://ftpthep.physik.uni-mainz.de/pub/gv/unix/
 
diff --git a/print/gv/distinfo b/print/gv/distinfo
index 2aec1c641b5..d247473ecad 100644
--- a/print/gv/distinfo
+++ b/print/gv/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2001/04/20 12:41:50 agc Exp $
+$NetBSD: distinfo,v 1.3 2002/10/04 03:00:11 itojun Exp $
 
 SHA1 (gv-3.5.8.tar.gz) = 5c67b41ee19887bf1efed4e958d09d3845a857aa
 Size (gv-3.5.8.tar.gz) = 369609 bytes
@@ -6,3 +6,6 @@ SHA1 (patch-aa) = 970c468e8cdd76cd8d61b28e9f329fd540012928
 SHA1 (patch-ab) = 219c5b4b9402dd68dc4855eb8179f44d60e9d8af
 SHA1 (patch-ae) = c9ff70c144a793b3cb058aa039dd51e8991d8036
 SHA1 (patch-af) = 6148ce1f295c302b2a09d4f4b58a313ed55c8cc2
+SHA1 (patch-ag) = 06e9f2f8ce39dc821b0edd8231a2a8b2f40d7184
+SHA1 (patch-ah) = 99253c32e35bf10c7fdffc0903b095a6a8047ac2
+SHA1 (patch-ai) = 2f1a65de62e5defb6ccf5805c424bbcc8ddf0bea
diff --git a/print/gv/patches/patch-ag b/print/gv/patches/patch-ag
new file mode 100644
index 00000000000..01780864cc1
--- /dev/null
+++ b/print/gv/patches/patch-ag
@@ -0,0 +1,30 @@
+$NetBSD: patch-ag,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/file.c source/file.c
+--- source/file.c	1997-06-07 00:00:00.000000000 +0200
++++ source/file.c	2002-09-26 23:56:00.000000000 +0200
+@@ -285,6 +285,22 @@
+ }
+ 
+ /*############################################################*/
++/* file_nameIsDangerous */
++/*############################################################*/
++
++char *file_charsAllowedInName = "+,-./:=@\\^_";
++
++int
++file_nameIsDangerous(fn)
++  char *fn;
++{
++  for (; *fn; fn++)
++    if (!isalnum(*fn) && !strchr(file_charsAllowedInName, *fn))
++      return(1);
++  return(0);
++}
++
++/*############################################################*/
+ /* file_pdfname2psname */
+ /* If the file ends in .pdf, change this to .ps.*/
+ /* Return pointer to temp copy if changed, else to input string. */
diff --git a/print/gv/patches/patch-ah b/print/gv/patches/patch-ah
new file mode 100644
index 00000000000..39b18681613
--- /dev/null
+++ b/print/gv/patches/patch-ah
@@ -0,0 +1,22 @@
+$NetBSD: patch-ah,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/file.h source/file.h
+--- source/file.h	1997-04-26 00:00:00.000000000 +0200
++++ source/file.h	2002-09-26 23:28:38.000000000 +0200
+@@ -70,6 +70,14 @@
+ #endif
+ );
+ 
++extern char *file_charsAllowedInName;
++
++extern int			file_nameIsDangerous (
++#if NeedFunctionPrototypes
++   char *
++#endif
++);
++
+ extern char*			file_pdfname2psname (
+ #if NeedFunctionPrototypes
+    char *	/* name */
diff --git a/print/gv/patches/patch-ai b/print/gv/patches/patch-ai
new file mode 100644
index 00000000000..32c73017379
--- /dev/null
+++ b/print/gv/patches/patch-ai
@@ -0,0 +1,41 @@
+$NetBSD: patch-ai,v 1.1 2002/10/04 03:00:12 itojun Exp $
+
+http://www.epita.fr/~bevand_m/asa/asa-0000
+
+diff -ur source/ps.c source/ps.c
+--- source/ps.c	1997-06-07 00:00:00.000000000 +0200
++++ source/ps.c	2002-09-27 00:29:35.000000000 +0200
+@@ -420,6 +420,16 @@
+       char cmd[512];
+       char s[512];
+       filename_unc=file_getTmpFilename(NULL,filename_raw);
++      if (file_nameIsDangerous(filename))
++	{
++	  INFMESSAGE(the filename is dangerous)
++	  sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
++		  "characters and \"%s\" are allowed.\n",
++		  filename, file_charsAllowedInName);
++	  NotePopupShowMessage(s);
++	  ENDMESSAGE(psscan)
++	  return(NULL);
++	}
+       sprintf(cmd,cmd_uncompress,filename,filename_unc);
+       INFMESSAGE(is compressed)
+       INFSMESSAGE(uncompress command,cmd)
+@@ -491,6 +501,16 @@
+       char cmd[512];
+       char s[512];
+       filename_dsc=file_getTmpFilename(NULL,filename_raw);
++      if (file_nameIsDangerous(filename))
++	{
++	  INFMESSAGE(the filename is dangerous)
++	  sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric "
++		  "characters and \"%s\" are allowed.\n",
++		  filename, file_charsAllowedInName);
++	  NotePopupShowMessage(s);
++	  ENDMESSAGE(psscan)
++	  return(NULL);
++	}
+       sprintf(cmd,cmd_scan_pdf,filename,filename_dsc);
+       INFMESSAGE(is PDF)
+       INFSMESSAGE(scan command,cmd)
-- 
cgit v1.2.3