Bug 125611

Summary: [PATCH]print/pstotext: update to 1.9
Product: Ports & Packages Reporter: bf <bf2006a>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description bf 2008-07-14 18:20:03 UTC 
Update to 1.9, which includes:

1) Ghostgum modifications to the DEC original:

'Version 1.9 is a modification of 1.8h to recognise excessive space in 
"ashow" as being a word separator, as found output from groff 1.08. 
Also fixed widthshow, awidthshow and added xshow, yshow and xyshow.  
Uses ANSI prototypes.  These are now required, not optional.
Fixes a number of compiler warnings.
Note that neither of the original authors still work at DEC/Compaq/HP.
2004-01-09 by Russell Lang at Ghostgum Software Pty Ltd.

Version 1.8h is a modification of the original 1.8 to allow 
operation with Aladdin Ghostscript 6.0, to add -output to 
Windows and OS/2 executables, and to insert line breaks
and form feeds is pstotext output.  Modifications made 
2000-07-15 by Russell Lang at Ghostgum Software Pty Ltd.
main.c changed to use mkstemp not tempnam for Unix, 
2000-06-02 by Russell Lang at Ghostgum Software Pty Ltd.'

2) Two Debian security patches:

 'Security fix. popen(3) was being used in a construct which could
    did not perform sufficient cleanup/quoting of filenames; these filenames 
    could come from untrusted sources like a web indexing service and could 
    thus be misused to execute shell code as the user running pstotext. The 
    use of popen(3) has been replaced by an explicit fork/pipe construct 
    which does not involve the use of a shell. 

  * [main.c] Security fix: call Ghostscript with -dSAFER to prevent malicious
    PostScript data from altering the filesystem or opening pipes to arbitrary
    external programs. This problem was remotely exploitable (through
    pstotext's registration with /etc/mailcap as a viewer application).
    The problem was identified and patched by Max Vozeler <xam@debian.org>.'

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-07-14 18:20:22 UTC 
Maintainer of print/pstotext,

Please note that PR ports/125611 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/125611

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2008-07-14 18:20:23 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 dfilter service freebsd_committer freebsd_triage 2008-09-02 20:06:55 UTC 
lippe       2008-09-02 19:06:45 UTC

  FreeBSD ports repository

  Modified files:
    print/pstotext       Makefile distinfo pkg-descr 
    print/pstotext/files patch-aa patch-ab 
  Added files:
    print/pstotext/files patch-pstotext.1 
  Log:
  - Update to 1.9.
  
  PR:             ports/125611
  Submitted by:   bf <bf2006a@yahoo.com>
  Approved by:    maintainer timeout (> 2 weeks)
  
  Revision  Changes    Path
  1.16      +12 -6     ports/print/pstotext/Makefile
  1.5       +3 -3      ports/print/pstotext/distinfo
  1.4       +9 -10     ports/print/pstotext/files/patch-aa
  1.2       +132 -18   ports/print/pstotext/files/patch-ab
  1.1       +11 -0     ports/print/pstotext/files/patch-pstotext.1 (new)
  1.3       +0 -16     ports/print/pstotext/pkg-descr
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Felippe de Meirelles Motta freebsd_committer freebsd_triage 2008-09-02 20:07:14 UTC 
State Changed
From-To: feedback->closed

Committed. Thanks!