groff/groff-1.16-safer.patch

--- groff-1.19.1/src/roff/troff/input.cpp.safer	2004-05-05 18:41:58.000000000 +0200
+++ groff-1.19.1/src/roff/troff/input.cpp	2005-01-12 13:27:33.947740912 +0100
@@ -5444,20 +5444,35 @@ void source()
   if (nm.is_null())
     skip_line();
   else {
+    char cbuf[PATH_MAX], * cwd;
+    char pbuf[PATH_MAX], * path;
+    struct stat st;
+
     while (!tok.newline() && !tok.eof())
       tok.next();
-    errno = 0;
-    FILE *fp = include_search_path.open_file_cautious(nm.contents());
-    if (fp)
-      input_stack::push(new file_iterator(fp, nm.contents()));
-    else
-      error("can't open `%1': %2", nm.contents(), strerror(errno));
+
+    if ((cwd = realpath(".", cbuf)) == NULL)
+      error("realpath on `%1' failed: %2", ".", strerror(errno));
+    else if ((path = realpath(nm.contents(), pbuf)) == NULL)
+      error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
+    else if (safer_flag && strncmp(cwd, path, strlen(cwd)))
+      error("won't source `%1' outside of `%2' without -U flag", path, cwd);
+    else if (stat(path, &st) < 0)
+      error("can't stat `%1': %2", path, strerror(errno));
+    else if (safer_flag && !S_ISREG(st.st_mode))
+      error("won't source non-file `%1' without -U flag", path);
+    else {
+      errno = 0;
+      FILE *fp = fopen(path, "r");
+      if (fp)
+        input_stack::push(new file_iterator(fp, nm.contents()));
+      else
+        error("can't open `%1': %2", path, strerror(errno));
+    }
     tok.next();
   }
 }
 
-// like .so but use popen()
-
 void pipe_source()
 {
   if (safer_flag) {
- update to groff 1.19.1 - drop 8bit, fix15, devutf8, grn patches - sync the rest of patches with current release - spec cleanup 2005-01-12 14:08:37 +00:00			`--- groff-1.19.1/src/roff/troff/input.cpp.safer 2004-05-05 18:41:58.000000000 +0200`
			`+++ groff-1.19.1/src/roff/troff/input.cpp 2005-01-12 13:27:33.947740912 +0100`
			`@@ -5444,20 +5444,35 @@ void source()`
			`if (nm.is_null())`
			`skip_line();`
auto-import changelog data from groff-1.16-7.src.rpm Fri Jul 28 2000 Tim Waugh <twaugh@redhat.com> - Install troff-to-ps.fpi in /usr/lib/rhs-printfilters (#13634). Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> - rebuild with gcc-2.96-41. Mon Jul 17 2000 Jeff Johnson <jbj@redhat.com> - rebuild to fix miscompilation manifesting in alpha build of tcltk. Thu Jul 13 2000 Prospector <bugzilla@redhat.com> - automatic rebuild Tue Jul 04 2000 Jakub Jelinek <jakub@redhat.com> - Rebuild with new C++ Fri Jun 09 2000 Bill Nottingham <notting@redhat.com> - move mmroff to -perl Wed Jun 07 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix build - FHS - 1.16 Sun May 14 2000 Jeff Johnson <jbj@redhat.com> - install tmac.mse (FWIW tmac.se looks broken) to fix dangling symlink (#10757). - add README.A4, how to set up for A4 paper (#8276). - add other documents to package. Thu Mar 02 2000 Jeff Johnson <jbj@redhat.com> - permit sourcing on regular files within cwd tree (unless -U specified). Wed Feb 09 2000 Jeff Johnson <jbj@redhat.com> - fix incorrectly installed tmac.m file (#8362). Mon Feb 07 2000 Florian La Roche <Florian.LaRoche@redhat.com> - check if build system is sane again Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com> - fix description and summary - man pages are compressed. This is ugly. Mon Jan 31 2000 Bill Nottingham <notting@redhat.com> - put the binaries actually in the package oops Fri Jan 28 2000 Bill Nottingham <notting@redhat.com> - split perl components into separate subpackage Wed Dec 29 1999 Bill Nottingham <notting@redhat.com> - update to 1.15 Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 9) Tue Feb 16 1999 Cristian Gafton <gafton@redhat.com> - glibc 2.1 patch for xditview (#992) Thu Oct 22 1998 Bill Nottingham <notting@redhat.com> - build for Raw Hide Thu Sep 10 1998 Cristian Gafton <gafton@redhat.com> - fix makefiles to work with bash2 Fri May 08 1998 Prospector System <bugs@redhat.com> - translations modified for de, fr, tr Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com> - use g++ for C++ code Wed Apr 08 1998 Cristian Gafton <gafton@redhat.com> - manhattan and buildroot Mon Nov 03 1997 Michael Fulbright <msf@redhat.com> - made xdefaults file a config file Thu Oct 23 1997 Erik Troan <ewt@redhat.com> - split perl components into separate subpackage Tue Oct 21 1997 Michael Fulbright <msf@redhat.com> - updated to 1.11a - added safe troff-to-ps.fpi Tue Oct 14 1997 Michael Fulbright <msf@redhat.com> - removed troff-to-ps.fpi for security reasons. Fri Jun 13 1997 Erik Troan <ewt@redhat.com> - built against glibc 2004-09-09 05:50:51 +00:00			`else {`
- update to groff 1.19.1 - drop 8bit, fix15, devutf8, grn patches - sync the rest of patches with current release - spec cleanup 2005-01-12 14:08:37 +00:00			`+ char cbuf[PATH_MAX], * cwd;`
			`+ char pbuf[PATH_MAX], * path;`
			`+ struct stat st;`
			`+`
auto-import changelog data from groff-1.16-7.src.rpm Fri Jul 28 2000 Tim Waugh <twaugh@redhat.com> - Install troff-to-ps.fpi in /usr/lib/rhs-printfilters (#13634). Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> - rebuild with gcc-2.96-41. Mon Jul 17 2000 Jeff Johnson <jbj@redhat.com> - rebuild to fix miscompilation manifesting in alpha build of tcltk. Thu Jul 13 2000 Prospector <bugzilla@redhat.com> - automatic rebuild Tue Jul 04 2000 Jakub Jelinek <jakub@redhat.com> - Rebuild with new C++ Fri Jun 09 2000 Bill Nottingham <notting@redhat.com> - move mmroff to -perl Wed Jun 07 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix build - FHS - 1.16 Sun May 14 2000 Jeff Johnson <jbj@redhat.com> - install tmac.mse (FWIW tmac.se looks broken) to fix dangling symlink (#10757). - add README.A4, how to set up for A4 paper (#8276). - add other documents to package. Thu Mar 02 2000 Jeff Johnson <jbj@redhat.com> - permit sourcing on regular files within cwd tree (unless -U specified). Wed Feb 09 2000 Jeff Johnson <jbj@redhat.com> - fix incorrectly installed tmac.m file (#8362). Mon Feb 07 2000 Florian La Roche <Florian.LaRoche@redhat.com> - check if build system is sane again Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com> - fix description and summary - man pages are compressed. This is ugly. Mon Jan 31 2000 Bill Nottingham <notting@redhat.com> - put the binaries actually in the package oops Fri Jan 28 2000 Bill Nottingham <notting@redhat.com> - split perl components into separate subpackage Wed Dec 29 1999 Bill Nottingham <notting@redhat.com> - update to 1.15 Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 9) Tue Feb 16 1999 Cristian Gafton <gafton@redhat.com> - glibc 2.1 patch for xditview (#992) Thu Oct 22 1998 Bill Nottingham <notting@redhat.com> - build for Raw Hide Thu Sep 10 1998 Cristian Gafton <gafton@redhat.com> - fix makefiles to work with bash2 Fri May 08 1998 Prospector System <bugs@redhat.com> - translations modified for de, fr, tr Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com> - use g++ for C++ code Wed Apr 08 1998 Cristian Gafton <gafton@redhat.com> - manhattan and buildroot Mon Nov 03 1997 Michael Fulbright <msf@redhat.com> - made xdefaults file a config file Thu Oct 23 1997 Erik Troan <ewt@redhat.com> - split perl components into separate subpackage Tue Oct 21 1997 Michael Fulbright <msf@redhat.com> - updated to 1.11a - added safe troff-to-ps.fpi Tue Oct 14 1997 Michael Fulbright <msf@redhat.com> - removed troff-to-ps.fpi for security reasons. Fri Jun 13 1997 Erik Troan <ewt@redhat.com> - built against glibc 2004-09-09 05:50:51 +00:00			`while (!tok.newline() && !tok.eof())`
			`tok.next();`
			`- errno = 0;`
- update to groff 1.19.1 - drop 8bit, fix15, devutf8, grn patches - sync the rest of patches with current release - spec cleanup 2005-01-12 14:08:37 +00:00			`- FILE *fp = include_search_path.open_file_cautious(nm.contents());`
auto-import changelog data from groff-1.16-7.src.rpm Fri Jul 28 2000 Tim Waugh <twaugh@redhat.com> - Install troff-to-ps.fpi in /usr/lib/rhs-printfilters (#13634). Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> - rebuild with gcc-2.96-41. Mon Jul 17 2000 Jeff Johnson <jbj@redhat.com> - rebuild to fix miscompilation manifesting in alpha build of tcltk. Thu Jul 13 2000 Prospector <bugzilla@redhat.com> - automatic rebuild Tue Jul 04 2000 Jakub Jelinek <jakub@redhat.com> - Rebuild with new C++ Fri Jun 09 2000 Bill Nottingham <notting@redhat.com> - move mmroff to -perl Wed Jun 07 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix build - FHS - 1.16 Sun May 14 2000 Jeff Johnson <jbj@redhat.com> - install tmac.mse (FWIW tmac.se looks broken) to fix dangling symlink (#10757). - add README.A4, how to set up for A4 paper (#8276). - add other documents to package. Thu Mar 02 2000 Jeff Johnson <jbj@redhat.com> - permit sourcing on regular files within cwd tree (unless -U specified). Wed Feb 09 2000 Jeff Johnson <jbj@redhat.com> - fix incorrectly installed tmac.m file (#8362). Mon Feb 07 2000 Florian La Roche <Florian.LaRoche@redhat.com> - check if build system is sane again Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com> - fix description and summary - man pages are compressed. This is ugly. Mon Jan 31 2000 Bill Nottingham <notting@redhat.com> - put the binaries actually in the package oops Fri Jan 28 2000 Bill Nottingham <notting@redhat.com> - split perl components into separate subpackage Wed Dec 29 1999 Bill Nottingham <notting@redhat.com> - update to 1.15 Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 9) Tue Feb 16 1999 Cristian Gafton <gafton@redhat.com> - glibc 2.1 patch for xditview (#992) Thu Oct 22 1998 Bill Nottingham <notting@redhat.com> - build for Raw Hide Thu Sep 10 1998 Cristian Gafton <gafton@redhat.com> - fix makefiles to work with bash2 Fri May 08 1998 Prospector System <bugs@redhat.com> - translations modified for de, fr, tr Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com> - use g++ for C++ code Wed Apr 08 1998 Cristian Gafton <gafton@redhat.com> - manhattan and buildroot Mon Nov 03 1997 Michael Fulbright <msf@redhat.com> - made xdefaults file a config file Thu Oct 23 1997 Erik Troan <ewt@redhat.com> - split perl components into separate subpackage Tue Oct 21 1997 Michael Fulbright <msf@redhat.com> - updated to 1.11a - added safe troff-to-ps.fpi Tue Oct 14 1997 Michael Fulbright <msf@redhat.com> - removed troff-to-ps.fpi for security reasons. Fri Jun 13 1997 Erik Troan <ewt@redhat.com> - built against glibc 2004-09-09 05:50:51 +00:00			`- if (fp)`
			`- input_stack::push(new file_iterator(fp, nm.contents()));`
			`- else`
			- error("can't open `%1': %2", nm.contents(), strerror(errno));
			`+`
			`+ if ((cwd = realpath(".", cbuf)) == NULL)`
			+ error("realpath on `%1' failed: %2", ".", strerror(errno));
			`+ else if ((path = realpath(nm.contents(), pbuf)) == NULL)`
			+ error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
			`+ else if (safer_flag && strncmp(cwd, path, strlen(cwd)))`
			+ error("won't source `%1' outside of `%2' without -U flag", path, cwd);
			`+ else if (stat(path, &st) < 0)`
			+ error("can't stat `%1': %2", path, strerror(errno));
			`+ else if (safer_flag && !S_ISREG(st.st_mode))`
			+ error("won't source non-file `%1' without -U flag", path);
			`+ else {`
			`+ errno = 0;`
			`+ FILE *fp = fopen(path, "r");`
			`+ if (fp)`
			`+ input_stack::push(new file_iterator(fp, nm.contents()));`
			`+ else`
			+ error("can't open `%1': %2", path, strerror(errno));
			`+ }`
			`tok.next();`
			`}`
			`}`
- update to groff 1.19.1 - drop 8bit, fix15, devutf8, grn patches - sync the rest of patches with current release - spec cleanup 2005-01-12 14:08:37 +00:00
			`-// like .so but use popen()`
			`-`
			`void pipe_source()`
			`{`
			`if (safer_flag) {`