Date: Mon, 14 Jul 2008 17:11:49 GMT From: bf <bf2006a@yahoo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/125611: [PATCH]print/pstotext: update to 1.9 Message-ID: <200807141711.m6EHBnlU037781@www.freebsd.org> Resent-Message-ID: <200807141720.m6EHK3mV051228@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125611
>Category: ports
>Synopsis: [PATCH]print/pstotext: update to 1.9
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Jul 14 17:20:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: bf
>Release: 7-STABLE i386
>Organization:
-
>Environment:
>Description:
Update to 1.9, which includes:
1) Ghostgum modifications to the DEC original:
'Version 1.9 is a modification of 1.8h to recognise excessive space in
"ashow" as being a word separator, as found output from groff 1.08.
Also fixed widthshow, awidthshow and added xshow, yshow and xyshow.
Uses ANSI prototypes. These are now required, not optional.
Fixes a number of compiler warnings.
Note that neither of the original authors still work at DEC/Compaq/HP.
2004-01-09 by Russell Lang at Ghostgum Software Pty Ltd.
Version 1.8h is a modification of the original 1.8 to allow
operation with Aladdin Ghostscript 6.0, to add -output to
Windows and OS/2 executables, and to insert line breaks
and form feeds is pstotext output. Modifications made
2000-07-15 by Russell Lang at Ghostgum Software Pty Ltd.
main.c changed to use mkstemp not tempnam for Unix,
2000-06-02 by Russell Lang at Ghostgum Software Pty Ltd.'
2) Two Debian security patches:
'Security fix. popen(3) was being used in a construct which could
did not perform sufficient cleanup/quoting of filenames; these filenames
could come from untrusted sources like a web indexing service and could
thus be misused to execute shell code as the user running pstotext. The
use of popen(3) has been replaced by an explicit fork/pipe construct
which does not involve the use of a shell.
* [main.c] Security fix: call Ghostscript with -dSAFER to prevent malicious
PostScript data from altering the filesystem or opening pipes to arbitrary
external programs. This problem was remotely exploitable (through
pstotext's registration with /etc/mailcap as a viewer application).
The problem was identified and patched by Max Vozeler <xam@debian.org>.'
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN pstotext.orig/Makefile pstotext/Makefile
--- pstotext.orig/Makefile 2008-02-21 00:13:04.000000000 -0500
+++ pstotext/Makefile 2008-07-14 12:47:08.120468415 -0400
@@ -6,12 +6,9 @@
#
PORTNAME= pstotext
-PORTVERSION= 1.8g
-PORTREVISION= 1
+PORTVERSION= 1.9
CATEGORIES= print
-MASTER_SITES= http://www.breuninger.org/files/distfiles/
-DISTNAME= ${PORTNAME}
-EXTRACT_SUFX= .tar.Z
+MASTER_SITES= http://mirror.cs.wisc.edu/pub/mirrors/ghost/contrib/
MAINTAINER= ob@breuninger.org
COMMENT= A PostScript to Text converter
@@ -20,9 +17,18 @@
MAN1= pstotext.1
PLIST_FILES= bin/pstotext
+PORTDOCS= copyright
+
+post-patch:
+ ${REINPLACE_CMD} -e 's;%%LOCALBASE%%;${LOCALBASE};g' ${WRKSRC}/main.c
+ ${REINPLACE_CMD} -e 's;%%PREFIX%%;${PREFIX};g' ${WRKSRC}/pstotext.1
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/pstotext ${PREFIX}/bin
${INSTALL_MAN} ${WRKSRC}/pstotext.1 ${PREFIX}/man/man1
+.ifndef(NOPORTDOCS)
+ ${MKDIR} ${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/pstotext.txt ${DOCSDIR}/copyright
+.endif
.include <bsd.port.mk>
diff -ruN pstotext.orig/distinfo pstotext/distinfo
--- pstotext.orig/distinfo 2008-02-21 00:13:04.000000000 -0500
+++ pstotext/distinfo 2008-07-14 12:47:08.120468415 -0400
@@ -1,3 +1,3 @@
-MD5 (pstotext.tar.Z) = 1be0be028ccc85be1bf55d7e90976b18
-SHA256 (pstotext.tar.Z) = 139ff4819bd067cb185c5d65d97b2ce62fb8109487a44e4b5450916179363652
-SIZE (pstotext.tar.Z) = 58743
+MD5 (pstotext-1.9.tar.gz) = 64576e8a10ff5514e285d98b3898ae78
+SHA256 (pstotext-1.9.tar.gz) = cfe0a251d0d43982a7d3bdf1d1670c854432739d00cb593c9beaca4b2cc36c27
+SIZE (pstotext-1.9.tar.gz) = 37461
diff -ruN pstotext.orig/files/patch-aa pstotext/files/patch-aa
--- pstotext.orig/files/patch-aa 2008-02-21 00:13:04.000000000 -0500
+++ pstotext/files/patch-aa 2008-07-14 12:47:08.116470421 -0400
@@ -1,29 +1,28 @@
---- Makefile.orig Wed Oct 28 08:45:58 1998
-+++ Makefile Tue Feb 1 23:21:29 2000
-@@ -8,7 +8,8 @@
+--- Makefile.orig 2004-01-09 05:20:35.000000000 -0500
++++ Makefile 2008-07-14 12:26:19.832973217 -0400
+@@ -9,7 +9,6 @@
# commenting out the includes of ptotdll.h in ptotdll.c and main.c.
# PMcJ 6 Sep 96
-CC=gcc
-+CC?=gcc
-+CFLAGS?=-O2
#CC=cc -std
BUNDLE = ocr.h rot270.h rot90.h
-@@ -16,10 +17,10 @@
+@@ -17,18 +16,18 @@
all: pstotext
- main.o: ptotdll.h bundle.h ocr.h rot270.h rot90.h
+ main.o: main.c ptotdll.h bundle.h ocr.h rot270.h rot90.h
- $(CC) -c $*.c
+ $(CC) ${CFLAGS} -c $*.c
- ptotdll.o: ptotdll.h
+ ptotdll.o: ptotdll.c ptotdll.h
- $(CC) -c $*.c
+ $(CC) ${CFLAGS} -c $*.c
pstotext: bundle.o main.o ptotdll.o
- $(CC) -o pstotext main.o bundle.o ptotdll.o -lm
-@@ -27,7 +28,7 @@
+- $(CC) -o pstotext main.o bundle.o ptotdll.o -lm
++ $(CC) ${CFLAGS} -o pstotext main.o bundle.o ptotdll.o -lm
+
.SUFFIXES: .ps
.c.o:
diff -ruN pstotext.orig/files/patch-ab pstotext/files/patch-ab
--- pstotext.orig/files/patch-ab 2008-02-21 00:13:04.000000000 -0500
+++ pstotext/files/patch-ab 2008-07-14 12:47:08.120468415 -0400
@@ -1,21 +1,135 @@
---- main.c.orig Fri Oct 16 16:27:57 1998
-+++ main.c Tue Feb 1 23:29:34 2000
-@@ -90,13 +90,16 @@
- static char *make_temp(b) BUNDLE b; {
- /* Return pathname of temporary file containing bundle "b". Caller
- should unlink file (and, technically, free pathname). */
-+ int fd;
- FILE *f;
+--- main.c.orig 2008-07-14 11:41:51.368157158 -0400
++++ main.c 2008-07-14 12:07:36.524646879 -0400
+@@ -126,12 +126,14 @@
+ static int cleanup(void) {
+ int gsstatus, status = 0;
+ pstotextExit(instance);
+- if (gs!=NULL) {
#ifdef VMS
- char *path = tempnam("SYS$SCRATCH:", ".ps2t");
++ if (gs!=NULL) {
+ gsstatus = fclose(gs);
++ }
#else
-- char *path = tempnam("/tmp", ",ps2t");
-+ char *path = strdup("/tmp/ps2tXXXXXXXXXX");
-+ if ((fd = mkstemp(path)) == NULL)
-+ {perror(cmd); exit(1);}
+- gsstatus = pclose(gs);
++ waitpid(-1, &gsstatus, 0);
#endif
-- f = fopen(path, "w");
-+ f = fdopen(fd, "w");
- if (f==NULL) {perror(cmd); exit(1);}
- putbundle(b, f);
- fclose(f);
++ if (gsstatus) {
+ if (WIFEXITED(gsstatus)) {
+ if (WEXITSTATUS(gsstatus)!=0) status = 3;
+ else if (WIFSIGNALED(gsstatus)) status = 4;
+@@ -166,8 +168,13 @@
+
+ static int do_it(char *path) {
+ /* If "path" is NULL, then "stdin" should be processed. */
+- char *gs_cmdline;
+- char *input;
++ char *gs_argv[32];
++ int gs_argc=0;
++#ifdef DEBUG
++ int i;
++#endif
++ int fd[2];
++ pid_t p;
+ int status;
+ char norotate[] = "";
+ FILE *fileout;
+@@ -201,47 +208,31 @@
+ exit(1);
+ }
+
+- if (path==NULL) {
+- input = (char*)malloc(2);
+- if (input == NULL) {
+- fprintf(stderr,"No memory available\n");
+- cleanup();
+- exit(1);
+- }
+- strcpy(input, "-");
+- } else {
+- input = (char*)malloc(strlen(path) + 6);
+- if (input == NULL) {
+- fprintf(stderr,"No memory available\n");
+- cleanup();
+- exit(1);
+- }
+- strcpy(input, "-- '"); strcat(input, path); strcat(input, "'");
++ gs_argv[gs_argc++] = "gs";
++ gs_argv[gs_argc++] = "-r72";
++ gs_argv[gs_argc++] = "-dNODISPLAY";
++ gs_argv[gs_argc++] = "-dFIXEDMEDIA";
++ gs_argv[gs_argc++] = "-dDELAYBIND";
++ gs_argv[gs_argc++] = "-dWRITESYSTEMDICT";
++ if (!debug) {
++ gs_argv[gs_argc++] = "-q";
++ }
++ gs_argv[gs_argc++] = "-dNOPAUSE";
++ gs_argv[gs_argc++] = "-dSAFER";
++ if (rotate_path && strcmp(rotate_path, "")) {
++ gs_argv[gs_argc++] = rotate_path;
++ }
++ if (ocr_path && strcmp(ocr_path, "")) {
++ gs_argv[gs_argc++] = ocr_path;
++ }
++ if (path == NULL ) {
++ gs_argv[gs_argc++] = "-";
++ }
++ else {
++ gs_argv[gs_argc++] = "--";
++ gs_argv[gs_argc++] = path;
+ }
+-
+- gs_cmdline = (char*)malloc(strlen(gs_cmd)+strlen(rotate_path)+
+- strlen(ocr_path) + strlen(input) + 128);
+-
+- if (gs_cmdline == NULL) {
+- fprintf(stderr, "No memory available\n");
+- cleanup();
+- exit(1);
+- }
+-
+- sprintf(
+- gs_cmdline,
+-#ifdef VMS
+- "%s -r72 \"-dNODISPLAY\" \"-dFIXEDMEDIA\" \"-dDELAYBIND\" \"-dWRITESYSTEMDICT\" %s \"-dNOPAUSE\" %s %s %s",
+-#else
+- "%s -r72 -dNODISPLAY -dFIXEDMEDIA -dDELAYBIND -dWRITESYSTEMDICT %s -dNOPAUSE %s %s %s",
+-#endif
+- gs_cmd,
+- (debug ? "" : "-q"),
+- rotate_path,
+- ocr_path,
+- input
+- );
+- if (debug) fprintf(stderr, "%s\n", gs_cmdline);
++ gs_argv[gs_argc++] = NULL;
+ #ifdef VMS
+ cmdfile = tempnam("SYS$SCRATCH:","PS2TGS");
+ gsoutfile = tempnam("SYS$SCRATCH:","GSRES");
+@@ -259,8 +250,25 @@
+ exit(1);
+ }
+ #else
+- gs = popen(gs_cmdline, "r");
+- if (gs==0) {perror(cmd); exit(1);}
++ if (pipe(fd)) {
++ perror("pipe failed: "); exit(1);
++ };
++ p = fork();
++ if (p == -1) {
++ perror("fork failed: "); exit(1);
++ }
++ if (p == 0) { /* child */
++ close(fd[0]);
++ dup2(fd[1], 1); /* Redirect stdout into pipe to parent */
++ execvp("%%LOCALBASE%%/bin/gs", gs_argv);
++ perror("execvp: "); status=cleanup(); exit(1);
++ } else { /* parent */
++ close(fd[1]);
++ gs = fdopen(fd[0], "r");
++ if (gs == NULL) {
++ perror("fdopen: "); status=cleanup(); exit(1);
++ }
++ }
+ #endif
+ status = pstotextInit(&instance);
+ if (status!=0) {
diff -ruN pstotext.orig/files/patch-ac pstotext/files/patch-ac
--- pstotext.orig/files/patch-ac 1969-12-31 19:00:00.000000000 -0500
+++ pstotext/files/patch-ac 2008-07-14 12:47:08.120468415 -0400
@@ -0,0 +1,11 @@
+--- pstotext.1.orig 2008-07-14 11:41:51.372153755 -0400
++++ pstotext.1 2008-07-14 12:40:21.785198430 -0400
+@@ -128,7 +128,7 @@
+ .br
+ Distributed only by permission.
+ .br
+-See file pstotext.txt for details.
++See file %%PREFIX%%/share/doc/pstotext/copyright for details.
+ .br
+ .BR
+ .PP
diff -ruN pstotext.orig/pkg-descr pstotext/pkg-descr
--- pstotext.orig/pkg-descr 2008-02-21 00:13:04.000000000 -0500
+++ pstotext/pkg-descr 2008-07-14 12:47:08.120468415 -0400
@@ -35,5 +35,3 @@
The options -debug and -bboxes are mostly of use for the maintainers of
pstotext. -debug shows Ghostscript output and error messages. -bboxes outputs
one word per line with bounding box information.
-
-WWW: http://www.research.digital.com/SRC/virtualpaper/pstotext.html
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807141711.m6EHBnlU037781>