groff/groff-1.16-safer.patch

--- groff-1.16/src/roff/troff/input.cc.safer	Wed Jun  7 21:47:48 2000
+++ groff-1.16/src/roff/troff/input.cc	Wed Jun  7 21:50:37 2000
@@ -90,6 +90,8 @@
 static int inhibit_errors = 0;
 static int ignoring = 0;
 
+static int safer_flag = 1;     // safer by default
+
 static void enable_warning(const char *);
 static void disable_warning(const char *);
 
@@ -4404,12 +4406,28 @@
   else {
     while (!tok.newline() && !tok.eof())
       tok.next();
-    errno = 0;
-    FILE *fp = fopen(nm.contents(), "r");
-    if (fp)
-      input_stack::push(new file_iterator(fp, nm.contents()));
-    else
-      error("can't open `%1': %2", nm.contents(), strerror(errno));
+    char cbuf[PATH_MAX], * cwd;
+    char pbuf[PATH_MAX], * path;
+    struct stat st;
+
+    if ((cwd = realpath(".", cbuf)) == NULL)
+      error("realpath on `%1' failed: %2", ".", strerror(errno));
+    else if ((path = realpath(nm.contents(), pbuf)) == NULL)
+      error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
+    else if (safer_flag && strncmp(cwd, path, strlen(cwd)))
+      error("won't source `%1' outside of `%2' without -U flag", path, cwd);
+    else if (stat(path, &st) < 0)
+      error("can't stat `%1': %2", path, strerror(errno));
+    else if (safer_flag && !S_ISREG(st.st_mode))
+      error("won't source non-file `%1' without -U flag", path);
+    else {
+      errno = 0;
+      FILE *fp = fopen(path, "r");
+      if (fp)
+        input_stack::push(new file_iterator(fp, nm.contents()));
+      else
+        error("can't open `%1': %2", path, strerror(errno));
+    }
     tok.next();
   }
 }
@@ -5669,7 +5687,6 @@
   int tflag = 0;
   int fflag = 0;
   int nflag = 0;
-  int safer_flag = 1;		// safer by default
   int no_rc = 0;		// don't process troffrc and troffrc-end
   int next_page_number;
   opterr = 0;
auto-import changelog data from groff-1.16-7.src.rpm Fri Jul 28 2000 Tim Waugh <twaugh@redhat.com> - Install troff-to-ps.fpi in /usr/lib/rhs-printfilters (#13634). Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> - rebuild with gcc-2.96-41. Mon Jul 17 2000 Jeff Johnson <jbj@redhat.com> - rebuild to fix miscompilation manifesting in alpha build of tcltk. Thu Jul 13 2000 Prospector <bugzilla@redhat.com> - automatic rebuild Tue Jul 04 2000 Jakub Jelinek <jakub@redhat.com> - Rebuild with new C++ Fri Jun 09 2000 Bill Nottingham <notting@redhat.com> - move mmroff to -perl Wed Jun 07 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix build - FHS - 1.16 Sun May 14 2000 Jeff Johnson <jbj@redhat.com> - install tmac.mse (FWIW tmac.se looks broken) to fix dangling symlink (#10757). - add README.A4, how to set up for A4 paper (#8276). - add other documents to package. Thu Mar 02 2000 Jeff Johnson <jbj@redhat.com> - permit sourcing on regular files within cwd tree (unless -U specified). Wed Feb 09 2000 Jeff Johnson <jbj@redhat.com> - fix incorrectly installed tmac.m file (#8362). Mon Feb 07 2000 Florian La Roche <Florian.LaRoche@redhat.com> - check if build system is sane again Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com> - fix description and summary - man pages are compressed. This is ugly. Mon Jan 31 2000 Bill Nottingham <notting@redhat.com> - put the binaries actually in the package oops Fri Jan 28 2000 Bill Nottingham <notting@redhat.com> - split perl components into separate subpackage Wed Dec 29 1999 Bill Nottingham <notting@redhat.com> - update to 1.15 Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 9) Tue Feb 16 1999 Cristian Gafton <gafton@redhat.com> - glibc 2.1 patch for xditview (#992) Thu Oct 22 1998 Bill Nottingham <notting@redhat.com> - build for Raw Hide Thu Sep 10 1998 Cristian Gafton <gafton@redhat.com> - fix makefiles to work with bash2 Fri May 08 1998 Prospector System <bugs@redhat.com> - translations modified for de, fr, tr Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com> - use g++ for C++ code Wed Apr 08 1998 Cristian Gafton <gafton@redhat.com> - manhattan and buildroot Mon Nov 03 1997 Michael Fulbright <msf@redhat.com> - made xdefaults file a config file Thu Oct 23 1997 Erik Troan <ewt@redhat.com> - split perl components into separate subpackage Tue Oct 21 1997 Michael Fulbright <msf@redhat.com> - updated to 1.11a - added safe troff-to-ps.fpi Tue Oct 14 1997 Michael Fulbright <msf@redhat.com> - removed troff-to-ps.fpi for security reasons. Fri Jun 13 1997 Erik Troan <ewt@redhat.com> - built against glibc 2004-09-09 05:50:51 +00:00			`--- groff-1.16/src/roff/troff/input.cc.safer Wed Jun 7 21:47:48 2000`
			`+++ groff-1.16/src/roff/troff/input.cc Wed Jun 7 21:50:37 2000`
			`@@ -90,6 +90,8 @@`
			`static int inhibit_errors = 0;`
			`static int ignoring = 0;`

			`+static int safer_flag = 1; // safer by default`
			`+`
			`static void enable_warning(const char *);`
			`static void disable_warning(const char *);`

			`@@ -4404,12 +4406,28 @@`
			`else {`
			`while (!tok.newline() && !tok.eof())`
			`tok.next();`
			`- errno = 0;`
			`- FILE *fp = fopen(nm.contents(), "r");`
			`- if (fp)`
			`- input_stack::push(new file_iterator(fp, nm.contents()));`
			`- else`
			- error("can't open `%1': %2", nm.contents(), strerror(errno));
			`+ char cbuf[PATH_MAX], * cwd;`
			`+ char pbuf[PATH_MAX], * path;`
			`+ struct stat st;`
			`+`
			`+ if ((cwd = realpath(".", cbuf)) == NULL)`
			+ error("realpath on `%1' failed: %2", ".", strerror(errno));
			`+ else if ((path = realpath(nm.contents(), pbuf)) == NULL)`
			+ error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
			`+ else if (safer_flag && strncmp(cwd, path, strlen(cwd)))`
			+ error("won't source `%1' outside of `%2' without -U flag", path, cwd);
			`+ else if (stat(path, &st) < 0)`
			+ error("can't stat `%1': %2", path, strerror(errno));
			`+ else if (safer_flag && !S_ISREG(st.st_mode))`
			+ error("won't source non-file `%1' without -U flag", path);
			`+ else {`
			`+ errno = 0;`
			`+ FILE *fp = fopen(path, "r");`
			`+ if (fp)`
			`+ input_stack::push(new file_iterator(fp, nm.contents()));`
			`+ else`
			+ error("can't open `%1': %2", path, strerror(errno));
			`+ }`
			`tok.next();`
			`}`
			`}`
			`@@ -5669,7 +5687,6 @@`
			`int tflag = 0;`
			`int fflag = 0;`
			`int nflag = 0;`
			`- int safer_flag = 1; // safer by default`
			`int no_rc = 0; // don't process troffrc and troffrc-end`
			`int next_page_number;`
			`opterr = 0;`