head 1.4; access; symbols OPENPKG_E1_MP_HEAD:1.4 OPENPKG_E1_MP:1.4 OPENPKG_E1_MP_2_STABLE:1.3.8.1 OPENPKG_E1_FP:1.3.8.1 OPENPKG_2_STABLE_MP:1.4 OPENPKG_2_STABLE_20061018:1.3.8.1 OPENPKG_2_STABLE_20060622:1.3 OPENPKG_2_STABLE:1.3.0.8 OPENPKG_2_STABLE_BP:1.3 OPENPKG_2_5_RELEASE:1.3 OPENPKG_2_5_SOLID:1.3.0.6 OPENPKG_2_5_SOLID_BP:1.3 OPENPKG_2_4_RELEASE:1.3 OPENPKG_2_4_SOLID:1.3.0.4 OPENPKG_2_4_SOLID_BP:1.3 OPENPKG_CW_FP:1.3 OPENPKG_2_3_RELEASE:1.3 OPENPKG_2_3_SOLID:1.3.0.2 OPENPKG_2_3_SOLID_BP:1.3 OPENPKG_2_1_SOLID:1.2.0.4 OPENPKG_2_2_RELEASE:1.2 OPENPKG_2_2_SOLID:1.2.0.2 OPENPKG_2_2_SOLID_BP:1.2; locks; strict; comment @# @; 1.4 date 2006.09.10.17.01.18; author rse; state Exp; branches; next 1.3; commitid mmKD7m0kKpavTiMr; 1.3 date 2005.01.17.11.43.10; author hms; state Exp; branches 1.3.8.1; next 1.2; 1.2 date 2004.08.18.18.00.00; author rse; state Exp; branches 1.2.2.1 1.2.4.1; next 1.1; 1.1 date 2004.08.06.11.43.29; author tho; state Exp; branches; next ; 1.3.8.1 date 2006.10.16.14.47.15; author rse; state Exp; branches; next ; commitid iZxwRSmmWscPXUQr; 1.2.2.1 date 2005.01.17.12.12.12; author hms; state Exp; branches; next ; 1.2.4.1 date 2005.01.17.11.43.05; author hms; state Exp; branches; next ; desc @@ 1.4 log @move 'ogonkify' stuff from share/ogonkify/ to share/a2ps/ogonkify to be more compliant to the OpenPKG filesystem layout @ text @Index: lib/quotearg.c --- lib/quotearg.c.orig 2000-01-19 09:19:48 +0100 +++ lib/quotearg.c 2004-08-06 13:34:41 +0200 @@@@ -59,6 +59,9 @@@@ #endif #if HAVE_MBRTOWC && HAVE_WCHAR_H +#if defined(__hpux) +# include +#endif # include #else # define iswprint(wc) 1 Index: lib/strftime.c --- lib/strftime.c.orig 2000-01-02 08:10:09 +0100 +++ lib/strftime.c 2004-08-06 13:35:34 +0200 @@@@ -67,6 +67,9 @@@@ #if DO_MULTIBYTE # if HAVE_MBRLEN +# if defined(__hpux) +# include +# endif # include # else /* Simulate mbrlen with mblen as best we can. */ Index: lib/path-concat.c --- lib/path-concat.c.orig 1999-10-10 20:34:46 +0200 +++ lib/path-concat.c 2004-08-18 19:56:40 +0200 @@@@ -31,8 +31,6 @@@@ #endif #include -char *malloc (); - #ifndef DIRECTORY_SEPARATOR # define DIRECTORY_SEPARATOR '/' #endif Index: etc/Makefile.in --- etc/Makefile.in.orig 2000-02-24 18:55:34 +0100 +++ etc/Makefile.in 2006-09-10 18:56:23 +0200 @@@@ -131,7 +131,7 @@@@ lispdir = @@lispdir@@ -ogonkifydir = $(datadir)/ogonkify +ogonkifydir = $(datadir)/a2ps/ogonkify libpath = $(pkgdatadir)/sheets:$(pkgdatadir)/ps:$(pkgdatadir)/encoding:$(pkgdatadir)/afm:$(ogonkifydir)/afm:$(pkgdatadir)/ppd:$(pkgdatadir)/fonts:$(ogonkifydir)/fonts:$(pkgdatadir) pkgdata_DATA = README Index: ogonkify/Makefile.in --- ogonkify/Makefile.in.orig 2000-01-07 14:00:49 +0100 +++ ogonkify/Makefile.in 2006-09-10 18:57:37 +0200 @@@@ -33,7 +33,7 @@@@ DESTDIR = -pkgdatadir = $(datadir)/@@PACKAGE@@ +pkgdatadir = $(datadir)/a2ps/@@PACKAGE@@ pkglibdir = $(libdir)/@@PACKAGE@@ pkgincludedir = $(includedir)/@@PACKAGE@@ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170 a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. source: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/patch-select.c?rev=1.1&content-type=text/plain --- src/select.c.orig Thu Dec 16 02:04:56 1999 +++ src/select.c Sat Aug 21 12:05:31 2004 @@@@ -131,6 +131,36 @@@@ return 1; } +/* escapes the name of a file so that the shell groks it in 'single' q.marks. + The resulting pointer has to be free()ed when not longer used. */ +char * +shell_escape(const char *fn) +{ + size_t len = 0; + const char *inp; + char *retval, *outp; + + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': len += 4; break; + default: len += 1; break; + } + + outp = retval = malloc(len + 1); + if(!outp) + return NULL; /* perhaps one should do better error handling here */ + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; + default: *outp++ = *inp; break; + } + *outp = 0; + + return retval; +} + /* What says file about the type of a file (result is malloc'd). NULL if could not be run. */ @@@@ -144,11 +174,15 @@@@ if (IS_EMPTY (job->file_command)) return NULL; + filename = shell_escape(filename); + if(filename == NULL) + return NULL; /* Call file(1) with the correct option */ - command = ALLOCA (char, (2 + command = ALLOCA (char, (4 + strlen (job->file_command) + ustrlen (filename))); - sprintf (command, "%s %s", job->file_command, (const char *) filename); + sprintf (command, "%s '%s'", job->file_command, (const char *) filename); + free(filename); message (msg_tool, (stderr, "Reading pipe: `%s'\n", command)); file_out = popen (command, "r"); @ 1.3 log @patch implemented for security issue CAN-2004-1170 OpenPKG-SA-2005.003-a2ps @ text @d39 24 @ 1.3.8.1 log @Mass merge from CURRENT to 2-STABLE (all packages except those of JUNK class) @ text @a38 24 Index: etc/Makefile.in --- etc/Makefile.in.orig 2000-02-24 18:55:34 +0100 +++ etc/Makefile.in 2006-09-10 18:56:23 +0200 @@@@ -131,7 +131,7 @@@@ lispdir = @@lispdir@@ -ogonkifydir = $(datadir)/ogonkify +ogonkifydir = $(datadir)/a2ps/ogonkify libpath = $(pkgdatadir)/sheets:$(pkgdatadir)/ps:$(pkgdatadir)/encoding:$(pkgdatadir)/afm:$(ogonkifydir)/afm:$(pkgdatadir)/ppd:$(pkgdatadir)/fonts:$(ogonkifydir)/fonts:$(pkgdatadir) pkgdata_DATA = README Index: ogonkify/Makefile.in --- ogonkify/Makefile.in.orig 2000-01-07 14:00:49 +0100 +++ ogonkify/Makefile.in 2006-09-10 18:57:37 +0200 @@@@ -33,7 +33,7 @@@@ DESTDIR = -pkgdatadir = $(datadir)/@@PACKAGE@@ +pkgdatadir = $(datadir)/a2ps/@@PACKAGE@@ pkglibdir = $(libdir)/@@PACKAGE@@ pkgincludedir = $(includedir)/@@PACKAGE@@ @ 1.2 log @modifying package: a2ps-4.13b 20040806 -> 20040818 @ text @d39 63 @ 1.2.2.1 log @patch implemented for security issue CAN-2004-1170 OpenPKG-SA-2005.003-a2ps @ text @a38 63 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170 a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. source: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/patch-select.c?rev=1.1&content-type=text/plain --- src/select.c.orig Thu Dec 16 02:04:56 1999 +++ src/select.c Sat Aug 21 12:05:31 2004 @@@@ -131,6 +131,36 @@@@ return 1; } +/* escapes the name of a file so that the shell groks it in 'single' q.marks. + The resulting pointer has to be free()ed when not longer used. */ +char * +shell_escape(const char *fn) +{ + size_t len = 0; + const char *inp; + char *retval, *outp; + + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': len += 4; break; + default: len += 1; break; + } + + outp = retval = malloc(len + 1); + if(!outp) + return NULL; /* perhaps one should do better error handling here */ + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; + default: *outp++ = *inp; break; + } + *outp = 0; + + return retval; +} + /* What says file about the type of a file (result is malloc'd). NULL if could not be run. */ @@@@ -144,11 +174,15 @@@@ if (IS_EMPTY (job->file_command)) return NULL; + filename = shell_escape(filename); + if(filename == NULL) + return NULL; /* Call file(1) with the correct option */ - command = ALLOCA (char, (2 + command = ALLOCA (char, (4 + strlen (job->file_command) + ustrlen (filename))); - sprintf (command, "%s %s", job->file_command, (const char *) filename); + sprintf (command, "%s '%s'", job->file_command, (const char *) filename); + free(filename); message (msg_tool, (stderr, "Reading pipe: `%s'\n", command)); file_out = popen (command, "r"); @ 1.2.4.1 log @patch implemented for security issue CAN-2004-1170 OpenPKG-SA-2005.003-a2ps @ text @d1 5 a5 43 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170 a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. source: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/print/a2ps-letter/files/patch-select.c?rev=1.1&content-type=text/plain --- src/select.c.orig Thu Dec 16 02:04:56 1999 +++ src/select.c Sat Aug 21 12:05:31 2004 @@@@ -131,6 +131,36 @@@@ return 1; } +/* escapes the name of a file so that the shell groks it in 'single' q.marks. + The resulting pointer has to be free()ed when not longer used. */ +char * +shell_escape(const char *fn) +{ + size_t len = 0; + const char *inp; + char *retval, *outp; + + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': len += 4; break; + default: len += 1; break; + } + + outp = retval = malloc(len + 1); + if(!outp) + return NULL; /* perhaps one should do better error handling here */ + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; + default: *outp++ = *inp; break; + } + *outp = 0; + + return retval; +} + /* What says file about the type of a file (result is malloc'd). NULL if could not be run. */ d7 11 a17 3 @@@@ -144,11 +174,15 @@@@ if (IS_EMPTY (job->file_command)) return NULL; d19 14 a32 13 + filename = shell_escape(filename); + if(filename == NULL) + return NULL; /* Call file(1) with the correct option */ - command = ALLOCA (char, (2 + command = ALLOCA (char, (4 + strlen (job->file_command) + ustrlen (filename))); - sprintf (command, "%s %s", job->file_command, (const char *) filename); + sprintf (command, "%s '%s'", job->file_command, (const char *) filename); + free(filename); message (msg_tool, (stderr, "Reading pipe: `%s'\n", command)); file_out = popen (command, "r"); d34 5 @ 1.1 log @add some quirks for HPUX @ text @d27 12 @