rpms/groff
7
0
Fork 0
Code Issues Pull Requests Releases Activity
64db81d4e2
groff/groff-1.16-safer.patch
cvsdist 4706583cf0 auto-import changelog data from groff-1.16-7.src.rpm 
Fri Jul 28 2000 Tim Waugh <twaugh@redhat.com>
- Install troff-to-ps.fpi in /usr/lib/rhs-printfilters (#13634).
Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com>
- rebuild with gcc-2.96-41.
Mon Jul 17 2000 Jeff Johnson <jbj@redhat.com>
- rebuild to fix miscompilation manifesting in alpha build of tcltk.
Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
Tue Jul 04 2000 Jakub Jelinek <jakub@redhat.com>
- Rebuild with new C++
Fri Jun 09 2000 Bill Nottingham <notting@redhat.com>
- move mmroff to -perl
Wed Jun 07 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- Fix build
- FHS
- 1.16
Sun May 14 2000 Jeff Johnson <jbj@redhat.com>
- install tmac.mse (FWIW tmac.se looks broken) to fix dangling symlink
    (#10757).
- add README.A4, how to set up for A4 paper (#8276).
- add other documents to package.
Thu Mar 02 2000 Jeff Johnson <jbj@redhat.com>
- permit sourcing on regular files within cwd tree (unless -U specified).
Wed Feb 09 2000 Jeff Johnson <jbj@redhat.com>
- fix incorrectly installed tmac.m file (#8362).
Mon Feb 07 2000 Florian La Roche <Florian.LaRoche@redhat.com>
- check if build system is sane again
Thu Feb 03 2000 Cristian Gafton <gafton@redhat.com>
- fix description and summary
- man pages are compressed. This is ugly.
Mon Jan 31 2000 Bill Nottingham <notting@redhat.com>
- put the binaries actually in the package *oops*
Fri Jan 28 2000 Bill Nottingham <notting@redhat.com>
- split perl components into separate subpackage
Wed Dec 29 1999 Bill Nottingham <notting@redhat.com>
- update to 1.15
Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 9)
Tue Feb 16 1999 Cristian Gafton <gafton@redhat.com>
- glibc 2.1 patch for xditview (#992)
Thu Oct 22 1998 Bill Nottingham <notting@redhat.com>
- build for Raw Hide
Thu Sep 10 1998 Cristian Gafton <gafton@redhat.com>
- fix makefiles to work with bash2
Fri May 08 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr
Thu Apr 30 1998 Cristian Gafton <gafton@redhat.com>
- use g++ for C++ code
Wed Apr 08 1998 Cristian Gafton <gafton@redhat.com>
- manhattan and buildroot
Mon Nov 03 1997 Michael Fulbright <msf@redhat.com>
- made xdefaults file a config file
Thu Oct 23 1997 Erik Troan <ewt@redhat.com>
- split perl components into separate subpackage
Tue Oct 21 1997 Michael Fulbright <msf@redhat.com>
- updated to 1.11a
- added safe troff-to-ps.fpi
Tue Oct 14 1997 Michael Fulbright <msf@redhat.com>
- removed troff-to-ps.fpi for security reasons.
Fri Jun 13 1997 Erik Troan <ewt@redhat.com>
- built against glibc
2004-09-09 05:50:51 +00:00

55 lines
1.8 KiB
Diff
Raw Blame History

--- groff-1.16/src/roff/troff/input.cc.safer Wed Jun 7 21:47:48 2000
+++ groff-1.16/src/roff/troff/input.cc Wed Jun 7 21:50:37 2000
@@ -90,6 +90,8 @@
static int inhibit_errors = 0;
static int ignoring = 0;
+static int safer_flag = 1; // safer by default
+
static void enable_warning(const char *);
static void disable_warning(const char *);
@@ -4404,12 +4406,28 @@
else {
while (!tok.newline() && !tok.eof())
tok.next();
- errno = 0;
- FILE *fp = fopen(nm.contents(), "r");
- if (fp)
- input_stack::push(new file_iterator(fp, nm.contents()));
- else
- error("can't open `%1': %2", nm.contents(), strerror(errno));
+ char cbuf[PATH_MAX], * cwd;
+ char pbuf[PATH_MAX], * path;
+ struct stat st;
+
+ if ((cwd = realpath(".", cbuf)) == NULL)
+ error("realpath on `%1' failed: %2", ".", strerror(errno));
+ else if ((path = realpath(nm.contents(), pbuf)) == NULL)
+ error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
+ else if (safer_flag && strncmp(cwd, path, strlen(cwd)))
+ error("won't source `%1' outside of `%2' without -U flag", path, cwd);
+ else if (stat(path, &st) < 0)
+ error("can't stat `%1': %2", path, strerror(errno));
+ else if (safer_flag && !S_ISREG(st.st_mode))
+ error("won't source non-file `%1' without -U flag", path);
+ else {
+ errno = 0;
+ FILE *fp = fopen(path, "r");
+ if (fp)
+ input_stack::push(new file_iterator(fp, nm.contents()));
+ else
+ error("can't open `%1': %2", path, strerror(errno));
+ }
tok.next();
}
}
@@ -5669,7 +5687,6 @@
int tflag = 0;
int fflag = 0;
int nflag = 0;
- int safer_flag = 1; // safer by default
int no_rc = 0; // don't process troffrc and troffrc-end
int next_page_number;
opterr = 0;
Reference in New Issue View Git Blame Copy Permalink