openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51553 Commits
1 Branch
2 Tags
597 MiB
 
 
 
 
 
 
Tree: 3821aef70c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3821aef70c'
${ noResults }
openpkg-packages/a2ps/a2ps.patch

125 lines
3.5 KiB
Raw Blame History Escape

Index: lib/quotearg.c
--- lib/quotearg.c.orig 2000-01-19 09:19:48 +0100
+++ lib/quotearg.c 2004-08-06 13:34:41 +0200
@@ -59,6 +59,9 @@
#endif
#if HAVE_MBRTOWC && HAVE_WCHAR_H
+#if defined(__hpux)
+# include<sys/_mbstate_t.h>
+#endif
# include <wchar.h>
#else
# define iswprint(wc) 1
Index: lib/strftime.c
--- lib/strftime.c.orig 2000-01-02 08:10:09 +0100
+++ lib/strftime.c 2004-08-06 13:35:34 +0200
@@ -67,6 +67,9 @@
#if DO_MULTIBYTE
# if HAVE_MBRLEN
+# if defined(__hpux)
+# include<sys/_mbstate_t.h>
+# endif
# include <wchar.h>
# else
/* Simulate mbrlen with mblen as best we can. */
Index: lib/path-concat.c
--- lib/path-concat.c.orig 1999-10-10 20:34:46 +0200
+++ lib/path-concat.c 2004-08-18 19:56:40 +0200
@@ -31,8 +31,6 @@
#endif
#include <sys/types.h>
-char *malloc ();
-
#ifndef DIRECTORY_SEPARATOR
# define DIRECTORY_SEPARATOR '/'
#endif
Index: etc/Makefile.in
--- etc/Makefile.in.orig 2000-02-24 18:55:34 +0100
+++ etc/Makefile.in 2006-09-10 18:56:23 +0200
@@ -131,7 +131,7 @@
lispdir = @lispdir@
-ogonkifydir = $(datadir)/ogonkify
+ogonkifydir = $(datadir)/a2ps/ogonkify
libpath = $(pkgdatadir)/sheets:$(pkgdatadir)/ps:$(pkgdatadir)/encoding:$(pkgdatadir)/afm:$(ogonkifydir)/afm:$(pkgdatadir)/ppd:$(pkgdatadir)/fonts:$(ogonkifydir)/fonts:$(pkgdatadir)
pkgdata_DATA = README
Index: ogonkify/Makefile.in
--- ogonkify/Makefile.in.orig 2000-01-07 14:00:49 +0100
+++ ogonkify/Makefile.in 2006-09-10 18:57:37 +0200
@@ -33,7 +33,7 @@
DESTDIR =
-pkgdatadir = $(datadir)/@PACKAGE@
+pkgdatadir = $(datadir)/a2ps/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170
a2ps 4.13 allows remote attackers to execute arbitrary commands via
shell metacharacters in the filename.
source: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/patch-select.c?rev=1.1&content-type=text/plain
--- src/select.c.orig Thu Dec 16 02:04:56 1999
+++ src/select.c Sat Aug 21 12:05:31 2004
@@ -131,6 +131,36 @@
return 1;
}
+/* escapes the name of a file so that the shell groks it in 'single' q.marks.
+ The resulting pointer has to be free()ed when not longer used. */
+char *
+shell_escape(const char *fn)
+{
+ size_t len = 0;
+ const char *inp;
+ char *retval, *outp;
+
+ for(inp = fn; *inp; ++inp)
+ switch(*inp)
+ {
+ case '\'': len += 4; break;
+ default: len += 1; break;
+ }
+
+ outp = retval = malloc(len + 1);
+ if(!outp)
+ return NULL; /* perhaps one should do better error handling here */
+ for(inp = fn; *inp; ++inp)
+ switch(*inp)
+ {
+ case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break;
+ default: *outp++ = *inp; break;
+ }
+ *outp = 0;
+
+ return retval;
+}
+
/* What says file about the type of a file (result is malloc'd). NULL
if could not be run. */
@@ -144,11 +174,15 @@
if (IS_EMPTY (job->file_command))
return NULL;
+ filename = shell_escape(filename);
+ if(filename == NULL)
+ return NULL;
/* Call file(1) with the correct option */
- command = ALLOCA (char, (2
+ command = ALLOCA (char, (4
+ strlen (job->file_command)
+ ustrlen (filename)));
- sprintf (command, "%s %s", job->file_command, (const char *) filename);
+ sprintf (command, "%s '%s'", job->file_command, (const char *) filename);
+ free(filename);
message (msg_tool, (stderr, "Reading pipe: `%s'\n", command));
file_out = popen (command, "r");