[CVS] OpenPKG: openpkg-src/tetex tetex.patch tetex.spec openpkg-web ne...

Mon, 16 Dec 2002 07:03:48 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web, openpkg-src         Date:   16-Dec-2002 16:03:16
  Branch: HEAD                             Handle: 2002121615031501

  Added files:
    openpkg-src/tetex       tetex.patch
  Modified files:
    openpkg-src/tetex       tetex.spec
    openpkg-web             news.txt

  Log:
    include security bugfixes

  Summary:
    Revision    Changes     Path
    1.1         +73 -0      openpkg-src/tetex/tetex.patch
    1.28        +4  -1      openpkg-src/tetex/tetex.spec
    1.2291      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  Index: openpkg-src/tetex/tetex.patch
  ============================================================
  $ cvs update -p -r1.1 tetex.patch
  --- texk/dvipsk/dvips.c.orig  Wed Jul  3 19:13:42 2002
  +++ texk/dvipsk/dvips.c       Fri Jul  5 09:45:34 2002
  @@ -64,7 +64,7 @@
   Boolean cropmarks ;           /* add cropmarks? */
   Boolean abspage = 0 ;         /* are page numbers absolute? */
   Boolean tryepsf = 0 ;         /* should we try to make it espf? */
  -Boolean secure = 0 ;          /* make safe for suid */
  +Boolean secure = 1 ;          /* make safe for suid */
   int collatedcopies = 1 ;      /* how many collated copies? */
   int sectioncopies = 1 ;       /* how many times to repeat each section? */
   integer pagecopies = 1 ;          /* how many times to repeat each page? */
  --- texk/dvipsk/dvips.1.orig  Sun Nov  1 04:45:06 1998
  +++ texk/dvipsk/dvips.1       Fri Jul  5 09:50:52 2002
  @@ -320,7 +320,9 @@
   Stack pages in reverse order.  Normally, page 1 will be printed first.
   .TP
   .B -R
  -Run in secure mode. This means that ``backtick'' commands from a
  +Run in secure mode.  This is the default; to run unsecurely use the
  +.B -R0
  +option. This means that ``backtick'' commands from a
   .I \\\special{}
   or
   .I \epsffile{}
  --- texk/kpathsea/tex-make.c.orig     Tue Jan 26 21:31:23 1999
  +++ texk/kpathsea/tex-make.c  Tue Sep  3 12:07:34 2002
  @@ -138,14 +138,6 @@
     int save_stderr = -1;
   #endif
   
  -  /* If the user snuck `backquotes` or $(command) substitutions into the
  -     name, foil them.  */
  -  for (i = 0; i < strlen (cmd); i++) {
  -    if (cmd[i] == '`' || (cmd[i] == '$' && cmd[i+1] == '(')) {
  -      cmd[i] = '#';
  -    }
  -  }
  -
     /* Tell the user we are running the script, so they have a clue as to
        what's going on if something messes up.  But if they asked to
        discard output, they probably don't want to see this, either.  */
  @@ -259,10 +251,31 @@
       string args, cmd;
       const_string prog = spec.program;
       const_string arg_spec = spec.program_args;
  +    unsigned int i;
   
       if (format <= kpse_any_glyph_format)
         set_maketex_mag ();
   
  +    /* If the user snuck `backquotes` or $(command) substitutions etc
  +       into the name, foil them.
  +       Thwart ../ in file names too.
  +     */
  +    for (i = 0; i < strlen (base); i++) {
  +      char c = base[i];
  +
  +      if (c == '.' && base[i+1] == '.' && base[i+2] == '/') {
  +        base[i] = base[i+1] = '_';
  +        continue;
  +      }
  +      
  +      if (('A' <= c && c <= 'Z')
  +       || ('a' <= c && c <= 'z')
  +       || ('0' <= c && c <= '9')
  +       || strchr("_-.", c))
  +        continue;
  +      base[i] = '#';
  +    }
  +
       /* Here's an awful kludge: if the mode is `/', mktexpk recognizes
          it as a special case.  `kpse_prog_init' sets it to this in the
          first place when no mode is otherwise specified; this is so
  Index: openpkg-src/tetex/tetex.spec
  ============================================================
  $ cvs diff -u -r1.27 -r1.28 tetex.spec
  --- openpkg-src/tetex/tetex.spec      4 Dec 2002 12:24:42 -0000       1.27
  +++ openpkg-src/tetex/tetex.spec      16 Dec 2002 15:03:16 -0000      1.28
  @@ -42,13 +42,14 @@
   Group:        Text
   License:      GPL
   Version:      %{V_src}
  -Release:      20021204
  +Release:      20021216
   
   #   list of sources
   Source0:      
ftp://sunsite.informatik.rwth-aachen.de/pub/comp/tex/teTeX/1.0/distrib/sources/teTeX-src-%{V_src}.tar.gz
   Source1:      
ftp://sunsite.informatik.rwth-aachen.de/pub/comp/tex/teTeX/1.0/distrib/sources/teTeX-texmf-%{V_texmf}.tar.gz
   Source2:      http://www.tei-c.org.uk/Software/passivetex/passivetex.zip
   Source3:      ftp://ftp.tex.ac.uk/tex-archive/macros/xmltex/base.zip
  +Patch0:       tetex.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -76,6 +77,8 @@
   
   %prep
       %setup -q -n teTeX-%{V_base}
  +    %patch -p0
  +
       #   teTeX requires the texmf stuff to be already in place
       #   for building and installing the source parts.
       rm -rf $RPM_BUILD_ROOT
  Index: openpkg-web/news.txt
  ============================================================
  $ cvs diff -u -r1.2290 -r1.2291 news.txt
  --- openpkg-web/news.txt      16 Dec 2002 14:46:20 -0000      1.2290
  +++ openpkg-web/news.txt      16 Dec 2002 15:03:15 -0000      1.2291
  @@ -1,3 +1,4 @@
  +16-Dec-2002: Upgraded package: P<tetex-1.0.7-20021216>
   16-Dec-2002: New package: P<al-0.9.0-20021216>
   16-Dec-2002: Upgraded package: P<wget-1.8.2-20021216>
   16-Dec-2002: Upgraded package: P<lynx-2.8.4-20021216>
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to