openpkg
/
openpkg-packages


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
							--- texk/dvipsk/dvips.c.orig	Wed Jul  3 19:13:42 2002
+++ texk/dvipsk/dvips.c	Fri Jul  5 09:45:34 2002
@@ -64,7 +64,7 @@
 Boolean cropmarks ;           /* add cropmarks? */
 Boolean abspage = 0 ;         /* are page numbers absolute? */
 Boolean tryepsf = 0 ;         /* should we try to make it espf? */
-Boolean secure = 0 ;          /* make safe for suid */
+Boolean secure = 1 ;          /* make safe for suid */
 int collatedcopies = 1 ;      /* how many collated copies? */
 int sectioncopies = 1 ;       /* how many times to repeat each section? */
 integer pagecopies = 1 ;          /* how many times to repeat each page? */
--- texk/dvipsk/dvips.1.orig	Sun Nov  1 04:45:06 1998
+++ texk/dvipsk/dvips.1	Fri Jul  5 09:50:52 2002
@@ -320,7 +320,9 @@
 Stack pages in reverse order.  Normally, page 1 will be printed first.
 .TP
 .B -R
-Run in secure mode. This means that ``backtick'' commands from a
+Run in secure mode.  This is the default; to run unsecurely use the
+.B -R0
+option. This means that ``backtick'' commands from a
 .I \\\special{}
 or
 .I \epsffile{}
--- texk/kpathsea/tex-make.c.orig	Tue Jan 26 21:31:23 1999
+++ texk/kpathsea/tex-make.c	Tue Sep  3 12:07:34 2002
@@ -138,14 +138,6 @@
   int save_stderr = -1;
 #endif
 
-  /* If the user snuck `backquotes` or $(command) substitutions into the
-     name, foil them.  */
-  for (i = 0; i < strlen (cmd); i++) {
-    if (cmd[i] == '`' || (cmd[i] == '$' && cmd[i+1] == '(')) {
-      cmd[i] = '#';
-    }
-  }
-
   /* Tell the user we are running the script, so they have a clue as to
      what's going on if something messes up.  But if they asked to
      discard output, they probably don't want to see this, either.  */
@@ -259,10 +251,31 @@
     string args, cmd;
     const_string prog = spec.program;
     const_string arg_spec = spec.program_args;
+    unsigned int i;
 
     if (format <= kpse_any_glyph_format)
       set_maketex_mag ();
 
+    /* If the user snuck `backquotes` or $(command) substitutions etc
+       into the name, foil them.
+       Thwart ../ in file names too.
+     */
+    for (i = 0; i < strlen (base); i++) {
+      char c = base[i];
+
+      if (c == '.' && base[i+1] == '.' && base[i+2] == '/') {
+        base[i] = base[i+1] = '_';
+        continue;
+      }
+      
+      if (('A' <= c && c <= 'Z')
+       || ('a' <= c && c <= 'z')
+       || ('0' <= c && c <= '9')
+       || strchr("_-.", c))
+        continue;
+      base[i] = '#';
+    }
+
     /* Here's an awful kludge: if the mode is `/', mktexpk recognizes
        it as a special case.  `kpse_prog_init' sets it to this in the
        first place when no mode is otherwise specified; this is so