Update to 1.9, which includes: 1) Ghostgum modifications to the DEC original: 'Version 1.9 is a modification of 1.8h to recognise excessive space in "ashow" as being a word separator, as found output from groff 1.08. Also fixed widthshow, awidthshow and added xshow, yshow and xyshow. Uses ANSI prototypes. These are now required, not optional. Fixes a number of compiler warnings. Note that neither of the original authors still work at DEC/Compaq/HP. 2004-01-09 by Russell Lang at Ghostgum Software Pty Ltd. Version 1.8h is a modification of the original 1.8 to allow operation with Aladdin Ghostscript 6.0, to add -output to Windows and OS/2 executables, and to insert line breaks and form feeds is pstotext output. Modifications made 2000-07-15 by Russell Lang at Ghostgum Software Pty Ltd. main.c changed to use mkstemp not tempnam for Unix, 2000-06-02 by Russell Lang at Ghostgum Software Pty Ltd.' 2) Two Debian security patches: 'Security fix. popen(3) was being used in a construct which could did not perform sufficient cleanup/quoting of filenames; these filenames could come from untrusted sources like a web indexing service and could thus be misused to execute shell code as the user running pstotext. The use of popen(3) has been replaced by an explicit fork/pipe construct which does not involve the use of a shell. * [main.c] Security fix: call Ghostscript with -dSAFER to prevent malicious PostScript data from altering the filesystem or opening pipes to arbitrary external programs. This problem was remotely exploitable (through pstotext's registration with /etc/mailcap as a viewer application). The problem was identified and patched by Max Vozeler <xam@debian.org>.' Fix: Patch attached with submission follows:
Maintainer of print/pstotext, Please note that PR ports/125611 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/125611 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
lippe 2008-09-02 19:06:45 UTC FreeBSD ports repository Modified files: print/pstotext Makefile distinfo pkg-descr print/pstotext/files patch-aa patch-ab Added files: print/pstotext/files patch-pstotext.1 Log: - Update to 1.9. PR: ports/125611 Submitted by: bf <bf2006a@yahoo.com> Approved by: maintainer timeout (> 2 weeks) Revision Changes Path 1.16 +12 -6 ports/print/pstotext/Makefile 1.5 +3 -3 ports/print/pstotext/distinfo 1.4 +9 -10 ports/print/pstotext/files/patch-aa 1.2 +132 -18 ports/print/pstotext/files/patch-ab 1.1 +11 -0 ports/print/pstotext/files/patch-pstotext.1 (new) 1.3 +0 -16 ports/print/pstotext/pkg-descr _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed. Thanks!