diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2002-10-03 09:25:07 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2002-10-03 09:25:07 +0000 |
commit | 141e5545ca8589f6ab3c26b043992692ed113dd0 (patch) | |
tree | 7c08bf957cbad8e3526ee71c38f4d34f339f7a05 /app-text/gv | |
parent | supermount now installed (diff) | |
download | gentoo-2-141e5545ca8589f6ab3c26b043992692ed113dd0.tar.gz gentoo-2-141e5545ca8589f6ab3c26b043992692ed113dd0.tar.bz2 gentoo-2-141e5545ca8589f6ab3c26b043992692ed113dd0.zip |
Security update
Diffstat (limited to 'app-text/gv')
-rw-r--r-- | app-text/gv/ChangeLog | 7 | ||||
-rw-r--r-- | app-text/gv/files/digest-gv-3.5.8-r2 | 1 | ||||
-rw-r--r-- | app-text/gv/files/gv-3.5.8-r2-gentoo.diff | 81 | ||||
-rw-r--r-- | app-text/gv/gv-3.5.8-r2.ebuild | 68 |
4 files changed, 156 insertions, 1 deletions
diff --git a/app-text/gv/ChangeLog b/app-text/gv/ChangeLog index bb8dd8283a3d..660aea29213e 100644 --- a/app-text/gv/ChangeLog +++ b/app-text/gv/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-text/gv # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/app-text/gv/ChangeLog,v 1.4 2002/08/08 14:03:34 seemant Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/gv/ChangeLog,v 1.5 2002/10/03 09:25:07 aliz Exp $ + +*gv-3.5.8-r2 (03 Oct 2002) + + 03 Oct 2002; Daneil Ahlberg <aliz@gentoo.org> gv-3.5.8-r2.ebuild : + Security update. *gv-3.5.8-r1 (1 Feb 2002) diff --git a/app-text/gv/files/digest-gv-3.5.8-r2 b/app-text/gv/files/digest-gv-3.5.8-r2 new file mode 100644 index 000000000000..64a808e5d694 --- /dev/null +++ b/app-text/gv/files/digest-gv-3.5.8-r2 @@ -0,0 +1 @@ +MD5 8f2f0bd97395d6cea52926ddee736da8 gv-3.5.8.tar.gz 369609 diff --git a/app-text/gv/files/gv-3.5.8-r2-gentoo.diff b/app-text/gv/files/gv-3.5.8-r2-gentoo.diff new file mode 100644 index 000000000000..4be1611aedc9 --- /dev/null +++ b/app-text/gv/files/gv-3.5.8-r2-gentoo.diff @@ -0,0 +1,81 @@ +diff -ur gv-3.5.8.orig/source/file.c gv-3.5.8/source/file.c +--- gv-3.5.8.orig/source/file.c 1997-06-07 00:00:00.000000000 +0200 ++++ gv-3.5.8/source/file.c 2002-09-26 23:56:00.000000000 +0200 +@@ -285,6 +285,22 @@ + } + + /*############################################################*/ ++/* file_nameIsDangerous */ ++/*############################################################*/ ++ ++char *file_charsAllowedInName = "+,-./:=@\\^_"; ++ ++int ++file_nameIsDangerous(fn) ++ char *fn; ++{ ++ for (; *fn; fn++) ++ if (!isalnum(*fn) && !strchr(file_charsAllowedInName, *fn)) ++ return(1); ++ return(0); ++} ++ ++/*############################################################*/ + /* file_pdfname2psname */ + /* If the file ends in .pdf, change this to .ps.*/ + /* Return pointer to temp copy if changed, else to input string. */ +diff -ur gv-3.5.8.orig/source/file.h gv-3.5.8/source/file.h +--- gv-3.5.8.orig/source/file.h 1997-04-26 00:00:00.000000000 +0200 ++++ gv-3.5.8/source/file.h 2002-09-26 23:28:38.000000000 +0200 +@@ -70,6 +70,14 @@ + #endif + ); + ++extern char *file_charsAllowedInName; ++ ++extern int file_nameIsDangerous ( ++#if NeedFunctionPrototypes ++ char * ++#endif ++); ++ + extern char* file_pdfname2psname ( + #if NeedFunctionPrototypes + char * /* name */ +diff -ur gv-3.5.8.orig/source/ps.c gv-3.5.8/source/ps.c +--- gv-3.5.8.orig/source/ps.c 1997-06-07 00:00:00.000000000 +0200 ++++ gv-3.5.8/source/ps.c 2002-09-27 00:29:35.000000000 +0200 +@@ -420,6 +420,16 @@ + char cmd[512]; + char s[512]; + filename_unc=file_getTmpFilename(NULL,filename_raw); ++ if (file_nameIsDangerous(filename)) ++ { ++ INFMESSAGE(the filename is dangerous) ++ sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric " ++ "characters and \"%s\" are allowed.\n", ++ filename, file_charsAllowedInName); ++ NotePopupShowMessage(s); ++ ENDMESSAGE(psscan) ++ return(NULL); ++ } + sprintf(cmd,cmd_uncompress,filename,filename_unc); + INFMESSAGE(is compressed) + INFSMESSAGE(uncompress command,cmd) +@@ -491,6 +501,16 @@ + char cmd[512]; + char s[512]; + filename_dsc=file_getTmpFilename(NULL,filename_raw); ++ if (file_nameIsDangerous(filename)) ++ { ++ INFMESSAGE(the filename is dangerous) ++ sprintf(s, "The filename \"%s\" is dangerous: only alphanumeric " ++ "characters and \"%s\" are allowed.\n", ++ filename, file_charsAllowedInName); ++ NotePopupShowMessage(s); ++ ENDMESSAGE(psscan) ++ return(NULL); ++ } + sprintf(cmd,cmd_scan_pdf,filename,filename_dsc); + INFMESSAGE(is PDF) + INFSMESSAGE(scan command,cmd) diff --git a/app-text/gv/gv-3.5.8-r2.ebuild b/app-text/gv/gv-3.5.8-r2.ebuild new file mode 100644 index 000000000000..151a2545b830 --- /dev/null +++ b/app-text/gv/gv-3.5.8-r2.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/app-text/gv/gv-3.5.8-r2.ebuild,v 1.1 2002/10/03 09:25:07 aliz Exp $ + +# this r1 is a major change. it uses sed instead of patches. +# hopefully this will enable everyone to compile gv on widely +# different configurations, eliminating the gv.man/gv._man problem + +S=${WORKDIR}/${P} +DESCRIPTION="gv is a standard ghostscript frontend used e.g. by LyX" +SRC_URI="ftp://ftpthep.physik.uni-mainz.de/pub/gv/unix/${P}.tar.gz" +HOMEPAGE="http://wwwthep.physik.uni-mainz.de/~plass/gv/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="ppc x86" + +# There's probably more, but ghostscript also depends on it, +# so I can't identify it +DEPEND="virtual/x11 + x11-libs/Xaw3d + app-text/ghostscript" + +src_unpack() { + unpack ${A} + cd ${S} + patch -p1 < ${FILESDIR}/${PF}-gentoo.diff +} + +src_compile() { + + cp config.Unix 1 + sed -e 's:usr/local:usr:' 1 > config.Unix + rm 1 + + xmkmf || die + make Makefiles || die + + cd source + + cp Makefile 1 + cat 1 | sed -e 's/install.man:: gv.man/install.man::/' \ + -e 's/all:: gv./\#all:: gv./' \ + -e '/gv.man/ c \#removed by sed for ebuilding' > Makefile + rm 1 + if [ ! "`grep gv.man Makefile`" = "" ]; + then + echo "sed didn't completely remove gv.man references from the Makefile." + echo "We'll just run make and pray." + sleep 2s + fi + + + cd ${S} + emake || die +} + +src_install () { + + cd ${S} + make DESTDIR=${D} install || die + # make DESTDIR=${D} install.man || die # don't use this!!! + make GV_DOCDIR=${D}/usr/share/doc/${PF} install.doc || die + + cd ${S}/doc + cp gv.man gv.man.1 + doman gv.man.1 +} |