Attachment #142052 for bug #189011

View | Details | Raw Unified | Return to bug 189011
Collapse All | Expand All

Lines 8-12 Link Here

(-)enscript-a4/Makefile (-1 lines)
8		8
9	MASTERDIR= ${.CURDIR}/../enscript-letter	9	MASTERDIR= ${.CURDIR}/../enscript-letter
10		10
11	NO_STAGE= yes
12	.include "${MASTERDIR}/Makefile"	11	.include "${MASTERDIR}/Makefile"




# $FreeBSD$

PORTNAME=	enscript
PORTVERSION=	1.6.6
PORTREVISION=	5
CATEGORIES+=	print
MASTER_SITES=	GNU
PKGNAMESUFFIX=	-${PAPERSIZE}
DISTNAME=	enscript-${PORTVERSION}



GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--disable-nls --with-media=${PS}
NO_STAGE=	yes

#CONFLICTS?=	enscript-a4-* enscript-letterdj-*

INFO=		enscript
MAN1=		diffpp.1 enscript.1 sliceprint.1 states.1

PAPERSIZE?=	letter
PS?=		Letter

	@${FALSE}
.endif

post-configure:
	${REINPLACE_CMD} -e 's|/usr/bin/perl|$${prefix}/bin/perl|g' ${WRKSRC}/scripts/Makefile

.include <bsd.port.mk>

Lines 1-2 Link Here

(-)enscript-letter/distinfo (-2 / +2 lines)
1	SHA256 (enscript-1.6.4.tar.gz) = 45299a4db47c9c08c3649d4f62b211ae79ef5143360c264a40371a728f6ad99b	1	SHA256 (enscript-1.6.6.tar.gz) = 6d56bada6934d055b34b6c90399aa85975e66457ac5bf513427ae7fc77f5c0bb
2	SIZE (enscript-1.6.4.tar.gz) = 1036734	2	SIZE (enscript-1.6.6.tar.gz) = 1330493




Patch for CVE-2008-3863 and CVE-2008-4306

Obtained from: http://cvs.fedoraproject.org/viewvc/devel/enscript/enscript-CVE-2008-3863%2BCVE-2008-4306.patch?revision=1.1

--- src/psgen.c
+++ src/psgen.c	2008-10-29 10:43:08.512598143 +0100
@@ -24,6 +24,7 @@
  * Boston, MA 02111-1307, USA.
  */
 
+#include <limits.h>
 #include "gsint.h"
 
 /*
@@ -124,7 +125,7 @@ struct gs_token_st
 	  double xscale;
 	  double yscale;
 	  int llx, lly, urx, ury; /* Bounding box. */
-	  char filename[512];
+	  char filename[PATH_MAX];
 	  char *skipbuf;
 	  unsigned int skipbuf_len;
 	  unsigned int skipbuf_pos;
@@ -135,11 +136,11 @@ struct gs_token_st
       Color bgcolor;
       struct
 	{
-	  char name[512];
+	  char name[PATH_MAX];
 	  FontPoint size;
 	  InputEncoding encoding;
 	} font;
-      char filename[512];
+      char filename[PATH_MAX];
     } u;
 };
 
@@ -248,7 +249,7 @@ static int do_print = 1;
 static int user_fontp = 0;
 
 /* The user ^@font{}-defined font. */
-static char user_font_name[256];
+static char user_font_name[PATH_MAX];
 static FontPoint user_font_pt;
 static InputEncoding user_font_encoding;
 
@@ -978,7 +979,8 @@ large for page\n"),
 			FATAL ((stderr,
 				_("user font encoding can be only the system's default or `ps'")));
 
-		      strcpy (user_font_name, token.u.font.name);
+		      memset  (user_font_name, 0, sizeof(user_font_name));
+		      strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
 		      user_font_pt.w = token.u.font.size.w;
 		      user_font_pt.h = token.u.font.size.h;
 		      user_font_encoding = token.u.font.encoding;
@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
 	  buf[i] = ch;
 	  if (i + 1 >= sizeof (buf))
 	    FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
-		    escapes[i].name, i, buf));
+		    escapes[e].name, i, buf));
 	}
       buf[i] = '\0';
 
@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
       switch (escapes[e].escape)
 	{
 	case ESC_FONT:
-	  strcpy (token->u.font.name, buf);
+	  memset  (token->u.font.name, 0, sizeof(token->u.font.name));
+	  strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
 
 	  /* Check for the default font. */
 	  if (strcmp (token->u.font.name, "default") == 0)
@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
 		FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
 			token->u.font.name));
 
-	      strcpy (token->u.font.name, cp);
+	      memset  (token->u.font.name, 0, sizeof(token->u.font.name));
+	      strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
 	      xfree (cp);
 	    }
 	  token->type = tFONT;
@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
 	  break;
 
 	case ESC_SETFILENAME:
-	  strcpy (token->u.filename, buf);
+	  memset  (token->u.filename, 0, sizeof(token->u.font.name));
+	  strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
 	  token->type = tSETFILENAME;
 	  break;




--- states/hl/Makefile.in.orig	Wed Mar  5 01:40:07 2003
+++ states/hl/Makefile.in	Tue Mar  2 06:33:27 2004
@@ -186,9 +186,9 @@
 diffs.st diffu.st elisp.st fortran.st fortran_pp.st haskell.st html.st	\
 idl.st inf.st java.st javascript.st ksh.st m4.st mail.st makefile.st	\
 matlab.st nroff.st objc.st outline.st pascal.st passthrough.st perl.st	\
-postscript.st python.st pyrex.st rfc.st scheme.st sh.st skill.st	\
-sql.st states.st synopsys.st tcl.st tcsh.st tex.st vba.st verilog.st	\
-vhdl.st vrml.st wmlscript.st zsh.st
+postscript.st python.st pyrex.st rfc.st ruby.st scheme.st sh.st		\
+skill.st sql.st states.st synopsys.st tcl.st tcsh.st tex.st vba.st	\
+verilog.st vhdl.st vrml.st wmlscript.st zsh.st
 
 
 states = $(misc) $(styles) $(languages) $(highlightings)





$FreeBSD$

--- configure.orig
+++ configure
@@ -1793,7 +1793,6 @@
 
 fi;
 
-if test "X$CC" = "X"; then
   ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -2816,7 +2815,6 @@
 fi
 
 
-fi
 
 
 

Lines 1-19 Link Here

(-)enscript-letter/files/patch-enscript.st (-19 lines)
1	--- states/hl/enscript.st.orig Wed Mar 5 02:31:31 2003
2	+++ states/hl/enscript.st Tue Mar 2 06:09:12 2004
3	@@ -489,6 +489,7 @@
4	/\.idl$/ idl;
5	/\.(hs\|lhs\|gs\|lgs)$/ haskell;
6	/\.(pm\|pl)$/ perl;
7	+ /\.(rb\|rbw)$/ ruby;
8	/\.(eps\|EPS\|ps\|PS)$/ postscript;
9	/\.py$/ python;
10	/\.pyx$/ pyrex;
11	@@ -530,6 +531,8 @@
12	/-\- [Ii][Dd][Ll] -\-/ idl;
13	/-\- [Pp][Ee][Rr][Ll] -\-/ perl;
14	/^#![ \t]\/.\/perl/ perl;
15	+ /-\- [Rr][Uu][Bb][Yy] -\-/ ruby;
16	+ /^#![ \t]\/.\/(env )?ruby/ ruby;
17	/^From:/ mail;
18	/^#![ \t]*(\/usr)?\/bin\/[ngmt]?awk/ awk;
19	/^#![ \t]*(\/usr)?\/bin\/sh/ sh;




--- states/hl/ruby.st.orig	Wed Dec 31 18:00:00 1969
+++ states/hl/ruby.st	Tue Mar  2 06:11:05 2004
@@ -0,0 +1,205 @@
+/**
+ * Name: ruby
+ * Description: Ruby programming language.
+ * Author: Mike Wilson <m.v.wilson@home.com>
+ */
+
+state ruby_comment
+{
+  /\*\\\// {
+    language_print ($0);
+    return;
+  }
+  LANGUAGE_SPECIALS {
+   language_print ($0);
+  }
+}
+
+state ruby_dquot_string
+{
+  /\\\\./ {
+    language_print ($0);
+  }
+  /\"/ {
+    language_print ($0);
+    return;
+  }
+  LANGUAGE_SPECIALS {
+    language_print ($0);
+  }
+}
+
+state ruby_quot_string
+{
+  /\\\\./ {
+    language_print ($0);
+  }
+  /[\']/ {
+    language_print ($0);
+    return;
+  }
+  LANGUAGE_SPECIALS {
+    language_print ($0);
+  }
+}
+
+state ruby_bquot_string
+{
+  /\\\\./ {
+    language_print ($0);
+  }
+  /`/ {
+    language_print ($0);
+    return;
+  }
+  LANGUAGE_SPECIALS {
+    language_print ($0);
+  }
+}
+
+state ruby
+{
+  BEGIN {
+    header ();
+  }
+  END {
+    trailer ();
+  }
+
+  /* Comments. */
+  /#[^{].*$/ {
+    comment_face (true);
+    language_print ($0);
+    comment_face (false);
+  }
+
+  /* Ignore escaped quote marks */
+  /\\\"/ {
+    language_print ($0);
+  }
+  /\\\'/ {
+    language_print ($0);
+  }
+  /\\\`/ {
+    language_print ($0);
+  }
+
+  /* In cgi files, JavaScript might be imbedded, so we need to look out
+   * for the JavaScript comments, because they might contain something
+   * we don't like, like a contraction (don't, won't, etc.)
+   * We won't put them in comment face, because they are not ruby
+   * comments.
+   */
+  /\/\// {
+    language_print ($0);
+    call (eat_one_line);
+  }
+
+  /* String constants. */
+  /\"/ {
+    string_face (true);
+    language_print ($0);
+    call (ruby_dquot_string);
+    string_face (false);
+  }
+  /[\']/ {
+    string_face (true);
+    language_print ($0);
+    call (ruby_quot_string);
+    string_face (false);
+  }
+
+  /* Backquoted command string */
+  /`/ {
+    string_face (true);
+    language_print ($0);
+    call (ruby_bquot_string);
+    string_face (false);
+  }
+
+  /* Variables globals and instance */
+  /[$@]\w+/ {
+    variable_name_face (true);
+    language_print ($0);
+    variable_name_face (false);
+  }
+
+  /* Variables class variable */
+  /@@\w+/ {
+    variable_name_face (true);
+    language_print ($0);
+    variable_name_face (false);
+  }
+
+   /([ \t]*)(def)([ \t]+)([^(]*)/ {
+    /* indentation */
+    language_print ($1);
+
+    /* def */
+    keyword_face (true);
+    language_print ($2);
+    keyword_face (false);
+
+    /* middle */
+    language_print ($3);
+
+    /* Function name. */
+    function_name_face (true);
+    language_print ($4);
+    function_name_face (false);
+  }
+
+  /\$[!@&`'+~=\/\\,;.<>_*$?:"]/ {
+    variable_name_face (true);
+    language_print ($0);
+    variable_name_face (false);
+  }
+
+  /* Highlighting
+        --Type face
+        private protected public
+
+        --Builtin face (I consider these to be somewhat special)
+        alias alias_method attr attr_accessor attr_reader attr_writer
+        module_alias module_function self super
+
+        --Reference face
+        require include
+
+        --Keyword face
+        and begin break case class def defined? do else elsif end
+        ensure eval extend false for if in method module next nil not
+        or redo rescue retry return then true undef unless until when
+        while yield
+   */
+/\\b(private|protected|public)\\b/ {
+    type_face (true);
+    language_print ($0);
+    type_face (false);
+  }
+
+/\\b(alias|alias_method|attr|attr_accessor|attr_reader|attr_writer\\
+|module_alias|module_function|self|super)\\b/ {
+    builtin_face (true);
+    language_print ($0);
+    builtin_face (false);
+  }
+
+/\\b(include|require)\\b/ {
+    reference_face (true);
+    language_print ($0);
+    reference_face (false);
+  }
+
+/\\b(and|begin|break|case|class|def|defined?|do|else|elsif|end|ensure|eval\\
+|extend|false|for|if|in|method|module|next|nil|not|or|raise|redo|rescue|retry\\
+|return|then|true|undef|unless|until|when|while|yield)\\b/ {
+    keyword_face (true);
+    language_print ($0);
+    keyword_face (false);
+  }
+
+  LANGUAGE_SPECIALS {
+    language_print ($0);
+  }
+}





$FreeBSD$

--- src/gsint.h.orig
+++ src/gsint.h
@@ -701,4 +701,9 @@
  */
 void printer_close ___P ((void *context));
 
+/*
+ * Escape filenames for shell usage
+ */
+char *shell_escape ___P ((const char *fn));
+
 #endif /* not GSINT_H */





$FreeBSD$

--- src/main.c.orig
+++ src/main.c
@@ -1546,9 +1546,13 @@
       buffer_append (&cmd, intbuf);
       buffer_append (&cmd, " ");
 
-      buffer_append (&cmd, "-Ddocument_title=\"");
-      buffer_append (&cmd, title);
-      buffer_append (&cmd, "\" ");
+      buffer_append (&cmd, "-Ddocument_title=\'");
+      if ((cp = shell_escape (title)) != NULL)
+	{
+	  buffer_append (&cmd, cp);
+	  free (cp);
+	}
+      buffer_append (&cmd, "\' ");
 
       buffer_append (&cmd, "-Dtoc=");
       buffer_append (&cmd, toc ? "1" : "0");
@@ -1565,8 +1569,14 @@
       /* Append input files. */
       for (i = optind; i < argc; i++)
 	{
-	  buffer_append (&cmd, " ");
-	  buffer_append (&cmd, argv[i]);
+	  char *cp;
+	  if ((cp = shell_escape (argv[i])) != NULL)
+	    {
+	      buffer_append (&cmd, " \'");
+	      buffer_append (&cmd, cp);
+	      buffer_append (&cmd, "\'");
+	      free (cp);
+	    }
 	}
 
       /* And do the job. */
@@ -1627,7 +1637,7 @@
 				 buffer_ptr (opts), buffer_len (opts));
 	    }
 
-	  buffer_append (&buffer, " \"%s\"");
+	  buffer_append (&buffer, " \'%s\'");
 
 	  input_filter = buffer_copy (&buffer);
 	  input_filter_stdin = "-";





$FreeBSD$

--- src/psgen.c.orig
+++ src/psgen.c
@@ -2034,8 +2034,9 @@
   else
     {
       ftail++;
-      strncpy (buf, fname, ftail - fname);
-      buf[ftail - fname] = '\0';
+      i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname;
+      strncpy (buf, fname, i);
+      buf[i] = '\0';
     }
 
   if (nup > 1)
@@ -2385,9 +2386,10 @@
   MESSAGE (2, (stderr, "^@epsf=\"%s\"\n", token->u.epsf.filename));
 
   i = strlen (token->u.epsf.filename);
+  /*
   if (i > 0 && token->u.epsf.filename[i - 1] == '|')
     {
-      /* Read EPS data from pipe. */
+      / * Read EPS data from pipe. * /
       token->u.epsf.pipe = 1;
       token->u.epsf.filename[i - 1] = '\0';
       token->u.epsf.fp = popen (token->u.epsf.filename, "r");
@@ -2400,6 +2402,7 @@
 	}
     }
   else
+  */
     {
       char *filename;
 





$FreeBSD$

--- src/util.c.orig
+++ src/util.c
@@ -1239,6 +1239,8 @@
 
   /* Create result. */
   cp = xmalloc (len + 1);
+  if (cp == NULL)
+      return NULL;
   for (i = 0, j = 0; string[i]; i++)
     switch (string[i])
       {
@@ -1879,6 +1881,7 @@
       char *cmd = NULL;
       int cmdlen;
       int i, pos;
+      char *cp;
 
       is->is_pipe = 1;
 
@@ -1902,12 +1905,16 @@
 		{
 		case 's':
 		  /* Expand cmd-buffer. */
-		  cmdlen += strlen (fname);
-		  cmd = xrealloc (cmd, cmdlen);
+		  if ((cp = shell_escape (fname)) != NULL)
+		    {
+		      cmdlen += strlen (cp);
+		      cmd = xrealloc (cmd, cmdlen);
 
-		  /* Paste filename. */
-		  strcpy (cmd + pos, fname);
-		  pos += strlen (fname);
+		      /* Paste filename. */
+		      strcpy (cmd + pos, cp);
+		      pos += strlen (cp);
+		      free (cp);
+		    }
 
 		  i++;
 		  break;
@@ -2115,4 +2122,37 @@
 buffer_len (Buffer *buffer)
 {
   return buffer->len;
+}
+
+/*
+ * Escapes the name of a file so that the shell groks it in 'single'
+ * quotation marks.  The resulting pointer has to be free()ed when not
+ * longer used.
+*/
+char *
+shell_escape(const char *fn)
+{
+  size_t len = 0;
+  const char *inp;
+  char *retval, *outp;
+
+  for(inp = fn; *inp; ++inp)
+    switch(*inp)
+    {
+      case '\'': len += 4; break;
+      default:   len += 1; break;
+    }
+
+  outp = retval = malloc(len + 1);
+  if(!outp)
+    return NULL; /* perhaps one should do better error handling here */
+  for(inp = fn; *inp; ++inp)
+    switch(*inp)
+    {
+      case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break;
+      default:   *outp++ = *inp; break;
+    }
+  *outp = 0;
+
+  return retval;
 }

Lines 4-7 Link Here

(-)enscript-letter/pkg-descr (-1 / +1 lines)
4	Tcl, and more, can optionally be pretty-printed instead of printed as	4	Tcl, and more, can optionally be pretty-printed instead of printed as
5	plain-text. Many printing options are available.	5	plain-text. Many printing options are available.
6		6
7	WWW: http://www.codento.com/people/mtr/genscript/	7	WWW: http://www.gnu.org/software/enscript/

Lines 4-10 Link Here

(-)enscript-letter/pkg-plist (-2 / +8 lines)
4	bin/over	4	bin/over
5	bin/sliceprint	5	bin/sliceprint
6	bin/states	6	bin/states
7	etc/enscript.cfg	7	%%ETCDIR%%.cfg
		8	info/dir
		9	man/man1/diffpp.1.gz
		10	man/man1/enscript.1.gz
		11	man/man1/sliceprint.1.gz
		12	man/man1/states.1.gz
8	%%DATADIR%%/88591.enc	13	%%DATADIR%%/88591.enc
9	%%DATADIR%%/885910.enc	14	%%DATADIR%%/885910.enc
10	%%DATADIR%%/88592.enc	15	%%DATADIR%%/88592.enc
Lines 14-19 Link Here
14	%%DATADIR%%/88597.enc	19	%%DATADIR%%/88597.enc
15	%%DATADIR%%/88599.enc	20	%%DATADIR%%/88599.enc
16	%%DATADIR%%/a2ps.hdr	21	%%DATADIR%%/a2ps.hdr
		22	%%DATADIR%%/afm/MustRead.html
17	%%DATADIR%%/afm/agd.afm	23	%%DATADIR%%/afm/agd.afm
18	%%DATADIR%%/afm/agdo.afm	24	%%DATADIR%%/afm/agdo.afm
19	%%DATADIR%%/afm/agw.afm	25	%%DATADIR%%/afm/agw.afm
Lines 84-89 Link Here
84	%%DATADIR%%/hl/diffu.st	90	%%DATADIR%%/hl/diffu.st
85	%%DATADIR%%/hl/elisp.st	91	%%DATADIR%%/hl/elisp.st
86	%%DATADIR%%/hl/enscript.st	92	%%DATADIR%%/hl/enscript.st
		93	%%DATADIR%%/hl/f90.st
87	%%DATADIR%%/hl/fortran.st	94	%%DATADIR%%/hl/fortran.st
88	%%DATADIR%%/hl/fortran_pp.st	95	%%DATADIR%%/hl/fortran_pp.st
89	%%DATADIR%%/hl/haskell.st	96	%%DATADIR%%/hl/haskell.st
Lines 113-119 Link Here
113	%%DATADIR%%/hl/pyrex.st	120	%%DATADIR%%/hl/pyrex.st
114	%%DATADIR%%/hl/python.st	121	%%DATADIR%%/hl/python.st
115	%%DATADIR%%/hl/rfc.st	122	%%DATADIR%%/hl/rfc.st
116	%%DATADIR%%/hl/ruby.st
117	%%DATADIR%%/hl/scheme.st	123	%%DATADIR%%/hl/scheme.st
118	%%DATADIR%%/hl/sh.st	124	%%DATADIR%%/hl/sh.st
119	%%DATADIR%%/hl/skill.st	125	%%DATADIR%%/hl/skill.st

Lines 8-12 Link Here

(-)enscript-letterdj/Makefile (-1 lines)
8		8
9	MASTERDIR= ${.CURDIR}/../enscript-letter	9	MASTERDIR= ${.CURDIR}/../enscript-letter
10		10
11	NO_STAGE= yes
12	.include "${MASTERDIR}/Makefile"	11	.include "${MASTERDIR}/Makefile"

Return to bug 189011

Lines 2-11 Link Here

(-)enscript-letter/Makefile (-6 / +6 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= enscript	4	PORTNAME= enscript
5	PORTVERSION= 1.6.4	5	PORTVERSION= 1.6.6
6	PORTREVISION= 5
7	CATEGORIES+= print	6	CATEGORIES+= print
8	MASTER_SITES= http://www.codento.com/people/mtr/genscript/	7	MASTER_SITES= GNU
9	PKGNAMESUFFIX= -${PAPERSIZE}	8	PKGNAMESUFFIX= -${PAPERSIZE}
10	DISTNAME= enscript-${PORTVERSION}	9	DISTNAME= enscript-${PORTVERSION}
11		10
Lines 14-25 Link Here
14		13
15	GNU_CONFIGURE= yes	14	GNU_CONFIGURE= yes
16	CONFIGURE_ARGS= --disable-nls --with-media=${PS}	15	CONFIGURE_ARGS= --disable-nls --with-media=${PS}
17	NO_STAGE= yes
18		16
19	CONFLICTS?= enscript-a4-* enscript-letterdj-*	17	#CONFLICTS?= enscript-a4-* enscript-letterdj-*
20		18
21	INFO= enscript	19	INFO= enscript
22	MAN1= diffpp.1 enscript.1 sliceprint.1 states.1
23		20
24	PAPERSIZE?= letter	21	PAPERSIZE?= letter
25	PS?= Letter	22	PS?= Letter
Lines 31-34 Link Here
31	@${FALSE}	28	@${FALSE}
32	.endif	29	.endif
33		30
		31	post-configure:
		32	${REINPLACE_CMD} -e 's\|/usr/bin/perl\|$${prefix}/bin/perl\|g' ${WRKSRC}/scripts/Makefile
		33
34	.include <bsd.port.mk>	34	.include <bsd.port.mk>

Lines 1-94 Link Here

(-)enscript-letter/files/patch-CVE-2008-3863-and-4306 (-94 lines)
1	Patch for CVE-2008-3863 and CVE-2008-4306
2
3	Obtained from: http://cvs.fedoraproject.org/viewvc/devel/enscript/enscript-CVE-2008-3863%2BCVE-2008-4306.patch?revision=1.1
4
5	--- src/psgen.c
6	+++ src/psgen.c 2008-10-29 10:43:08.512598143 +0100
7	@@ -24,6 +24,7 @@
8	* Boston, MA 02111-1307, USA.
9	*/
10
11	+#include <limits.h>
12	#include "gsint.h"
13
14	/*
15	@@ -124,7 +125,7 @@ struct gs_token_st
16	double xscale;
17	double yscale;
18	int llx, lly, urx, ury; /* Bounding box. */
19	- char filename[512];
20	+ char filename[PATH_MAX];
21	char *skipbuf;
22	unsigned int skipbuf_len;
23	unsigned int skipbuf_pos;
24	@@ -135,11 +136,11 @@ struct gs_token_st
25	Color bgcolor;
26	struct
27	{
28	- char name[512];
29	+ char name[PATH_MAX];
30	FontPoint size;
31	InputEncoding encoding;
32	} font;
33	- char filename[512];
34	+ char filename[PATH_MAX];
35	} u;
36	};
37
38	@@ -248,7 +249,7 @@ static int do_print = 1;
39	static int user_fontp = 0;
40
41	/* The user ^@font{}-defined font. */
42	-static char user_font_name[256];
43	+static char user_font_name[PATH_MAX];
44	static FontPoint user_font_pt;
45	static InputEncoding user_font_encoding;
46
47	@@ -978,7 +979,8 @@ large for page\n"),
48	FATAL ((stderr,
49	_("user font encoding can be only the system's default or `ps'")));
50
51	- strcpy (user_font_name, token.u.font.name);
52	+ memset (user_font_name, 0, sizeof(user_font_name));
53	+ strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
54	user_font_pt.w = token.u.font.size.w;
55	user_font_pt.h = token.u.font.size.h;
56	user_font_encoding = token.u.font.encoding;
57	@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
58	buf[i] = ch;
59	if (i + 1 >= sizeof (buf))
60	FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
61	- escapes[i].name, i, buf));
62	+ escapes[e].name, i, buf));
63	}
64	buf[i] = '\0';
65
66	@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
67	switch (escapes[e].escape)
68	{
69	case ESC_FONT:
70	- strcpy (token->u.font.name, buf);
71	+ memset (token->u.font.name, 0, sizeof(token->u.font.name));
72	+ strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
73
74	/* Check for the default font. */
75	if (strcmp (token->u.font.name, "default") == 0)
76	@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
77	FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
78	token->u.font.name));
79
80	- strcpy (token->u.font.name, cp);
81	+ memset (token->u.font.name, 0, sizeof(token->u.font.name));
82	+ strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
83	xfree (cp);
84	}
85	token->type = tFONT;
86	@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
87	break;
88
89	case ESC_SETFILENAME:
90	- strcpy (token->u.filename, buf);
91	+ memset (token->u.filename, 0, sizeof(token->u.font.name));
92	+ strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
93	token->type = tSETFILENAME;
94	break;

Lines 1-15 Link Here

(-)enscript-letter/files/patch-Makefile.in (-15 lines)
1	--- states/hl/Makefile.in.orig Wed Mar 5 01:40:07 2003
2	+++ states/hl/Makefile.in Tue Mar 2 06:33:27 2004
3	@@ -186,9 +186,9 @@
4	diffs.st diffu.st elisp.st fortran.st fortran_pp.st haskell.st html.st \
5	idl.st inf.st java.st javascript.st ksh.st m4.st mail.st makefile.st \
6	matlab.st nroff.st objc.st outline.st pascal.st passthrough.st perl.st \
7	-postscript.st python.st pyrex.st rfc.st scheme.st sh.st skill.st \
8	-sql.st states.st synopsys.st tcl.st tcsh.st tex.st vba.st verilog.st \
9	-vhdl.st vrml.st wmlscript.st zsh.st
10	+postscript.st python.st pyrex.st rfc.st ruby.st scheme.st sh.st \
11	+skill.st sql.st states.st synopsys.st tcl.st tcsh.st tex.st vba.st \
12	+verilog.st vhdl.st vrml.st wmlscript.st zsh.st
13
14
15	states = $(misc) $(styles) $(languages) $(highlightings)

Lines 1-21 Link Here

(-)enscript-letter/files/patch-configure (-21 lines)
1
2	$FreeBSD$
3
4	--- configure.orig
5	+++ configure
6	@@ -1793,7 +1793,6 @@
7
8	fi;
9
10	-if test "X$CC" = "X"; then
11	ac_ext=c
12	ac_cpp='$CPP $CPPFLAGS'
13	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
14	@@ -2816,7 +2815,6 @@
15	fi
16
17
18	-fi
19
20
21

Lines 1-208 Link Here

(-)enscript-letter/files/patch-ruby.st (-208 lines)
1	--- states/hl/ruby.st.orig Wed Dec 31 18:00:00 1969
2	+++ states/hl/ruby.st Tue Mar 2 06:11:05 2004
3	@@ -0,0 +1,205 @@
4	+/**
5	+ * Name: ruby
6	+ * Description: Ruby programming language.
7	+ * Author: Mike Wilson <m.v.wilson@home.com>
8	+ */
9	+
10	+state ruby_comment
11	+{
12	+ /\*\\\// {
13	+ language_print ($0);
14	+ return;
15	+ }
16	+ LANGUAGE_SPECIALS {
17	+ language_print ($0);
18	+ }
19	+}
20	+
21	+state ruby_dquot_string
22	+{
23	+ /\\\\./ {
24	+ language_print ($0);
25	+ }
26	+ /\"/ {
27	+ language_print ($0);
28	+ return;
29	+ }
30	+ LANGUAGE_SPECIALS {
31	+ language_print ($0);
32	+ }
33	+}
34	+
35	+state ruby_quot_string
36	+{
37	+ /\\\\./ {
38	+ language_print ($0);
39	+ }
40	+ /[\']/ {
41	+ language_print ($0);
42	+ return;
43	+ }
44	+ LANGUAGE_SPECIALS {
45	+ language_print ($0);
46	+ }
47	+}
48	+
49	+state ruby_bquot_string
50	+{
51	+ /\\\\./ {
52	+ language_print ($0);
53	+ }
54	+ /`/ {
55	+ language_print ($0);
56	+ return;
57	+ }
58	+ LANGUAGE_SPECIALS {
59	+ language_print ($0);
60	+ }
61	+}
62	+
63	+state ruby
64	+{
65	+ BEGIN {
66	+ header ();
67	+ }
68	+ END {
69	+ trailer ();
70	+ }
71	+
72	+ /* Comments. */
73	+ /#[^{].*$/ {
74	+ comment_face (true);
75	+ language_print ($0);
76	+ comment_face (false);
77	+ }
78	+
79	+ /* Ignore escaped quote marks */
80	+ /\\\"/ {
81	+ language_print ($0);
82	+ }
83	+ /\\\'/ {
84	+ language_print ($0);
85	+ }
86	+ /\\\`/ {
87	+ language_print ($0);
88	+ }
89	+
90	+ /* In cgi files, JavaScript might be imbedded, so we need to look out
91	+ * for the JavaScript comments, because they might contain something
92	+ * we don't like, like a contraction (don't, won't, etc.)
93	+ * We won't put them in comment face, because they are not ruby
94	+ * comments.
95	+ */
96	+ /\/\// {
97	+ language_print ($0);
98	+ call (eat_one_line);
99	+ }
100	+
101	+ /* String constants. */
102	+ /\"/ {
103	+ string_face (true);
104	+ language_print ($0);
105	+ call (ruby_dquot_string);
106	+ string_face (false);
107	+ }
108	+ /[\']/ {
109	+ string_face (true);
110	+ language_print ($0);
111	+ call (ruby_quot_string);
112	+ string_face (false);
113	+ }
114	+
115	+ /* Backquoted command string */
116	+ /`/ {
117	+ string_face (true);
118	+ language_print ($0);
119	+ call (ruby_bquot_string);
120	+ string_face (false);
121	+ }
122	+
123	+ /* Variables globals and instance */
124	+ /[$@]\w+/ {
125	+ variable_name_face (true);
126	+ language_print ($0);
127	+ variable_name_face (false);
128	+ }
129	+
130	+ /* Variables class variable */
131	+ /@@\w+/ {
132	+ variable_name_face (true);
133	+ language_print ($0);
134	+ variable_name_face (false);
135	+ }
136	+
137	+ /([ \t])(def)([ \t]+)([^(])/ {
138	+ /* indentation */
139	+ language_print ($1);
140	+
141	+ /* def */
142	+ keyword_face (true);
143	+ language_print ($2);
144	+ keyword_face (false);
145	+
146	+ /* middle */
147	+ language_print ($3);
148	+
149	+ /* Function name. */
150	+ function_name_face (true);
151	+ language_print ($4);
152	+ function_name_face (false);
153	+ }
154	+
155	+ /\$[!@&`'+~=\/\\,;.<>_*$?:"]/ {
156	+ variable_name_face (true);
157	+ language_print ($0);
158	+ variable_name_face (false);
159	+ }
160	+
161	+ /* Highlighting
162	+ --Type face
163	+ private protected public
164	+
165	+ --Builtin face (I consider these to be somewhat special)
166	+ alias alias_method attr attr_accessor attr_reader attr_writer
167	+ module_alias module_function self super
168	+
169	+ --Reference face
170	+ require include
171	+
172	+ --Keyword face
173	+ and begin break case class def defined? do else elsif end
174	+ ensure eval extend false for if in method module next nil not
175	+ or redo rescue retry return then true undef unless until when
176	+ while yield
177	+ */
178	+/\\b(private\|protected\|public)\\b/ {
179	+ type_face (true);
180	+ language_print ($0);
181	+ type_face (false);
182	+ }
183	+
184	+/\\b(alias\|alias_method\|attr\|attr_accessor\|attr_reader\|attr_writer\\
185	+\|module_alias\|module_function\|self\|super)\\b/ {
186	+ builtin_face (true);
187	+ language_print ($0);
188	+ builtin_face (false);
189	+ }
190	+
191	+/\\b(include\|require)\\b/ {
192	+ reference_face (true);
193	+ language_print ($0);
194	+ reference_face (false);
195	+ }
196	+
197	+/\\b(and\|begin\|break\|case\|class\|def\|defined?\|do\|else\|elsif\|end\|ensure\|eval\\
198	+\|extend\|false\|for\|if\|in\|method\|module\|next\|nil\|not\|or\|raise\|redo\|rescue\|retry\\
199	+\|return\|then\|true\|undef\|unless\|until\|when\|while\|yield)\\b/ {
200	+ keyword_face (true);
201	+ language_print ($0);
202	+ keyword_face (false);
203	+ }
204	+
205	+ LANGUAGE_SPECIALS {
206	+ language_print ($0);
207	+ }
208	+}

Lines 1-15 Link Here

(-)enscript-letter/files/patch-src_gsint.h (-15 lines)
1
2	$FreeBSD$
3
4	--- src/gsint.h.orig
5	+++ src/gsint.h
6	@@ -701,4 +701,9 @@
7	*/
8	void printer_close ___P ((void *context));
9
10	+/*
11	+ * Escape filenames for shell usage
12	+ */
13	+char shell_escape ___P ((const char fn));
14	+
15	#endif /* not GSINT_H */

Lines 1-48 Link Here

(-)enscript-letter/files/patch-src_main.c (-48 lines)
1
2	$FreeBSD$
3
4	--- src/main.c.orig
5	+++ src/main.c
6	@@ -1546,9 +1546,13 @@
7	buffer_append (&cmd, intbuf);
8	buffer_append (&cmd, " ");
9
10	- buffer_append (&cmd, "-Ddocument_title=\"");
11	- buffer_append (&cmd, title);
12	- buffer_append (&cmd, "\" ");
13	+ buffer_append (&cmd, "-Ddocument_title=\'");
14	+ if ((cp = shell_escape (title)) != NULL)
15	+ {
16	+ buffer_append (&cmd, cp);
17	+ free (cp);
18	+ }
19	+ buffer_append (&cmd, "\' ");
20
21	buffer_append (&cmd, "-Dtoc=");
22	buffer_append (&cmd, toc ? "1" : "0");
23	@@ -1565,8 +1569,14 @@
24	/* Append input files. */
25	for (i = optind; i < argc; i++)
26	{
27	- buffer_append (&cmd, " ");
28	- buffer_append (&cmd, argv[i]);
29	+ char *cp;
30	+ if ((cp = shell_escape (argv[i])) != NULL)
31	+ {
32	+ buffer_append (&cmd, " \'");
33	+ buffer_append (&cmd, cp);
34	+ buffer_append (&cmd, "\'");
35	+ free (cp);
36	+ }
37	}
38
39	/* And do the job. */
40	@@ -1627,7 +1637,7 @@
41	buffer_ptr (opts), buffer_len (opts));
42	}
43
44	- buffer_append (&buffer, " \"%s\"");
45	+ buffer_append (&buffer, " \'%s\'");
46
47	input_filter = buffer_copy (&buffer);
48	input_filter_stdin = "-";

Lines 1-37 Link Here

(-)enscript-letter/files/patch-src_psgen.c (-37 lines)
1
2	$FreeBSD$
3
4	--- src/psgen.c.orig
5	+++ src/psgen.c
6	@@ -2034,8 +2034,9 @@
7	else
8	{
9	ftail++;
10	- strncpy (buf, fname, ftail - fname);
11	- buf[ftail - fname] = '\0';
12	+ i = ftail - fname >= sizeof (buf)-1 ? sizeof (buf)-1 : ftail - fname;
13	+ strncpy (buf, fname, i);
14	+ buf[i] = '\0';
15	}
16
17	if (nup > 1)
18	@@ -2385,9 +2386,10 @@
19	MESSAGE (2, (stderr, "^@epsf=\"%s\"\n", token->u.epsf.filename));
20
21	i = strlen (token->u.epsf.filename);
22	+ /*
23	if (i > 0 && token->u.epsf.filename[i - 1] == '\|')
24	{
25	- /* Read EPS data from pipe. */
26	+ / * Read EPS data from pipe. * /
27	token->u.epsf.pipe = 1;
28	token->u.epsf.filename[i - 1] = '\0';
29	token->u.epsf.fp = popen (token->u.epsf.filename, "r");
30	@@ -2400,6 +2402,7 @@
31	}
32	}
33	else
34	+ */
35	{
36	char *filename;
37

Lines 1-82 Link Here

(-)enscript-letter/files/patch-src_util.c (-82 lines)
1
2	$FreeBSD$
3
4	--- src/util.c.orig
5	+++ src/util.c
6	@@ -1239,6 +1239,8 @@
7
8	/* Create result. */
9	cp = xmalloc (len + 1);
10	+ if (cp == NULL)
11	+ return NULL;
12	for (i = 0, j = 0; string[i]; i++)
13	switch (string[i])
14	{
15	@@ -1879,6 +1881,7 @@
16	char *cmd = NULL;
17	int cmdlen;
18	int i, pos;
19	+ char *cp;
20
21	is->is_pipe = 1;
22
23	@@ -1902,12 +1905,16 @@
24	{
25	case 's':
26	/* Expand cmd-buffer. */
27	- cmdlen += strlen (fname);
28	- cmd = xrealloc (cmd, cmdlen);
29	+ if ((cp = shell_escape (fname)) != NULL)
30	+ {
31	+ cmdlen += strlen (cp);
32	+ cmd = xrealloc (cmd, cmdlen);
33
34	- /* Paste filename. */
35	- strcpy (cmd + pos, fname);
36	- pos += strlen (fname);
37	+ /* Paste filename. */
38	+ strcpy (cmd + pos, cp);
39	+ pos += strlen (cp);
40	+ free (cp);
41	+ }
42
43	i++;
44	break;
45	@@ -2115,4 +2122,37 @@
46	buffer_len (Buffer *buffer)
47	{
48	return buffer->len;
49	+}
50	+
51	+/*
52	+ * Escapes the name of a file so that the shell groks it in 'single'
53	+ * quotation marks. The resulting pointer has to be free()ed when not
54	+ * longer used.
55	+*/
56	+char *
57	+shell_escape(const char *fn)
58	+{
59	+ size_t len = 0;
60	+ const char *inp;
61	+ char retval, outp;
62	+
63	+ for(inp = fn; *inp; ++inp)
64	+ switch(*inp)
65	+ {
66	+ case '\'': len += 4; break;
67	+ default: len += 1; break;
68	+ }
69	+
70	+ outp = retval = malloc(len + 1);
71	+ if(!outp)
72	+ return NULL; /* perhaps one should do better error handling here */
73	+ for(inp = fn; *inp; ++inp)
74	+ switch(*inp)
75	+ {
76	+ case '\'': outp++ = '\''; outp++ = '\\'; outp++ = '\'', outp++ = '\''; break;
77	+ default: outp++ = inp; break;
78	+ }
79	+ *outp = 0;
80	+
81	+ return retval;
82	}