head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.20 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.18 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.16 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.14 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.12 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.10 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.8 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.6 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.4 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.2 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.5.0.8 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.6 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.4 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.2 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.3.0.2 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.6 date 2008.01.30.08.19.25; author obache; state dead; branches; next 1.5; 1.5 date 2007.01.08.08.50.51; author rillig; state Exp; branches; next 1.4; 1.4 date 2007.01.08.08.21.48; author rillig; state Exp; branches; next 1.3; 1.3 date 2006.11.18.15.49.02; author adrianp; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2006.02.11.01.04.19; author joerg; state Exp; branches 1.2.6.1; next 1.1; 1.1 date 2005.10.10.15.14.49; author salo; state Exp; branches 1.1.2.1; next ; 1.3.2.1 date 2007.01.08.12.01.21; author ghen; state Exp; branches; next ; 1.2.6.1 date 2006.11.19.12.22.44; author ghen; state Exp; branches; next ; 1.1.2.1 date 2005.10.10.15.14.49; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.10.12.03.56.19; author snj; state Exp; branches; next ; desc @@ 1.6 log @Update gtexinfo to 4.11. Based on patch provided by Magnus Henoch in PR 37481. I made some modification: * keep and update patch-ac (need to pick up pkgsrc info files). * fixes PLIST, missing some entries. * portability fix in texi2dvi (patch-am). * DESTDIR support. Changes: 4.11 (9 September 2007) * Language: . @@documentlanguage now supports an optional country code specification after the language code, a la gettext. . new command @@allowcodebreaks controls breaks at _ and - within @@code. . new command @@frenchspacing controls spacing after sentences. . new command @@fonttextsize allows changing body text font size to 10pt. . new command @@textdegree{} produces the normal degrees symbol. . new command @@thischapternum can be used in TeX headers/footers. . new commands for quotes: @@quotedblleft @@quotedblright @@quoteleft @@quoteright @@quotedblbase @@quotesinglbase @@guillemetleft @@guillemetright @@guilsinglleft @@guilsinglright. . new option @@set txicodequoteundirected produces an undirected quote in code and example output, instead of the regular right quote. . new option @@set txicodequotebacktick produces a grave accent in code and example output, instead of the regular left quote. * makeinfo: . The @@documentlanguage locale is used to translate various document strings. . --enable-encoding is now the default, meaning Info and plain text output use 8-bit characters given a supported @@documentencoding. . new option --css-ref=URL for creating a stylesheet in HTML output. . new option --transliterate-file-names to use a reduction-to-ASCII algorithm for split HTML file names, useful for non-Latin-based languages. . @@enddots{} outputs three dots instead of four, for consistency with texinfo.tex. . the Local Variables coding: setting written by --enable-encoding now comes at the very end, after the tags table, so that Emacs can find it in more cases. . @@allow-recursion (never documented) is deprecated and produces a warning. . @@quote-args (never documented) is now the default behavior. . centering and such take account of character widths. . the --reference-limit option is now a no-op. . improvements to XML and Docbook output and the DTD. * texinfo.tex: . @@thissection can now be used in custom headings, and @@thischapter works reliably even without @@set chapternewpage. Custom headings have additional flexibility as well. * texi2dvi: . pdftexi2dvi is a new wrapper to `texi2dvi --pdf', equal to texi2pdf, for the sake of AUC-TeX which prepends `pdf' to the compilation command when requested to produce PDF. * info: . look for info files in the current directory first, by default. . when calling man, use -a if no explicit section is found. . avoid showing the top(1) man page for nonexistent info files. * install-info: . new options --section-regex, --remove-exactly, --debug, --test. * Distribution: . autoconf 2.60, automake 1.10, gettext 0.16.1. . gettext support now [external]. . new translations: hu (Hungarian), rw (Kinyarwandan), vi (Vietnamese). . most common sources imported from gnulib. 4.10 (omitted) 4.9 (29 June 2007) * GPLv3. * texi2dvi: . new mode --build=tidy which supports compilation in a separate directory, where intermediate files are preserved. . new option --build-dir, to specify where the tidy build will take place, either locally or globally. This allows avoiding the clutter while preserving auxiliary files. . new support for AUC-TeX: texi2dvi (weakly) supports arguments a la TeX such as `\nonstopmode\input{file.tex}'. . new options --ps and --dvipdf, useful especially for pstricks documents. . new option --src-specials, passed to TeX. * texinfo.tex: . Latin1, Latin2, Latin9, and UTF-8 are supported -- only as well as the Computer Modern fonts can manage, which means primarily English and western European languages, to a limited extent. . png and jpg images supported in pdf output. . new Russian, Serbian, and Ukrainian translations for texinfo.tex: txi-ru.tex, txi-sr.tex, txi-uk.tex. . section names with \ characters work properly in pdf outlines. . have .toc files use @@ as the escape character, instead of \. @ text @$NetBSD: patch-al,v 1.5 2007/01/08 08:50:51 rillig Exp $ Security fix for CAN-2005-3001 and CVE-2006-4810 --- util/texindex.c.orig 2004-04-11 19:56:47.000000000 +0200 +++ util/texindex.c 2007-01-08 09:41:42.000000000 +0100 @@@@ -387,14 +387,15 @@@@ For more information about these matters /* Return a name for temporary file COUNT. */ static char * -maketempname (int count) +maketempname (int count, int can_exist) { static char *tempbase = NULL; + char *tempname; char tempsuffix[10]; + int fd; if (!tempbase) { - int fd; tempbase = concat (tempdir, "txidxXXXXXX"); fd = mkstemp (tempbase); @@@@ -403,7 +404,14 @@@@ maketempname (int count) } sprintf (tempsuffix, ".%d", count); - return concat (tempbase, tempsuffix); + tempname = concat (tempbase, tempsuffix); + if (!can_exist) { + fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600); + if (fd == -1) + pfatal_with_name (tempname); + close (fd); + } + return tempname; } @@@@ -415,7 +423,7 @@@@ flush_tempfiles (int to_count) if (keep_tempfiles) return; while (last_deleted_tempcount < to_count) - unlink (maketempname (++last_deleted_tempcount)); + unlink (maketempname (++last_deleted_tempcount, 1)); } @@@@ -837,7 +845,7 @@@@ readline (struct linebuffer *linebuffer, { buffer = (char *) xrealloc (buffer, linebuffer->size *= 2); p += buffer - linebuffer->buffer; - end += buffer - linebuffer->buffer; + end = buffer + linebuffer->size; linebuffer->buffer = buffer; } if (c < 0 || c == '\n') @@@@ -882,7 +890,7 @@@@ sort_offline (char *infile, off_t total, for (i = 0; i < ntemps; i++) { - char *outname = maketempname (++tempcount); + char *outname = maketempname (++tempcount, 0); FILE *ostream = fopen (outname, "w"); long tempsize = 0; @@@@ -930,7 +938,7 @@@@ fail: for (i = 0; i < ntemps; i++) { - char *newtemp = maketempname (++tempcount); + char *newtemp = maketempname (++tempcount, 0); sort_in_core (tempfiles[i], MAX_IN_CORE_SORT, newtemp); if (!keep_tempfiles) unlink (tempfiles[i]); @@@@ -1400,7 +1408,7 @@@@ merge_files (char **infiles, int nfiles, int nf = MAX_DIRECT_MERGE; if (i + 1 == ntemps) nf = nfiles - i * MAX_DIRECT_MERGE; - tempfiles[i] = maketempname (++tempcount); + tempfiles[i] = maketempname (++tempcount, 0); value |= merge_direct (&infiles[i * MAX_DIRECT_MERGE], nf, tempfiles[i]); } @ 1.5 log @Corrected my last change. The original patch for CVE-2006-4810 was correct, only the pkgsrc version somehow managed to get wrong. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.4 2007/01/08 08:21:48 rillig Exp $ @ 1.4 log @Fixed the "fix" for CVE-2006-4810, since it introduced these compiler warnings. ===> GCC texindex.c: In function `readline': texindex.c:848: warning: assignment makes pointer from integer without a cast ===> MIPSpro cc-1515 cc: ERROR File = texindex.c, Line = 848 A value of type "long" cannot be assigned to an entity of type "char *". end = buffer - linebuffer->buffer; Well, if the compilers were more intelligent, they could have seen that (buffer == linebuffer->buffer) was an invariant and that the resulting difference was therefore always zero, and zero can be converted into any pointer type. ;) @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.3 2006/11/18 15:49:02 adrianp Exp $ a4 5 Note: The "official" patch for CVE-2006-4810 is wrong. The "fixed" code assigns a "long" to a "char *". Furthermore, the code was completely broken anyway. Maybe that's why it has been removed in the current CVS version. d6 1 a6 1 +++ util/texindex.c 2007-01-08 09:02:20.000000000 +0100 d50 1 a50 16 @@@@ -827,17 +835,19 @@@@ long readline (struct linebuffer *linebuffer, FILE *stream) { char *buffer = linebuffer->buffer; - char *p = linebuffer->buffer; - char *end = p + linebuffer->size; + char *p = buffer; + char *end = buffer + linebuffer->size; while (1) { + /* invariant: buffer <= p && p <= end */ + /* invariant: buffer + linebuffer->size == end */ + /* invariant: buffer == linebuffer->buffer */ int c = getc (stream); if (p == end) d53 1 a53 1 - p += buffer - linebuffer->buffer; d59 1 a59 1 @@@@ -882,7 +892,7 @@@@ sort_offline (char *infile, off_t total, d68 1 a68 1 @@@@ -930,7 +940,7 @@@@ fail: d77 1 a77 1 @@@@ -1400,7 +1410,7 @@@@ merge_files (char **infiles, int nfiles, @ 1.3 log @Fix for CVE-2006-4810 and bump to nb6 @ text @d1 1 a1 1 $NetBSD$ d5 7 a11 2 --- util/texindex.c.orig 2004-04-11 18:56:47.000000000 +0100 +++ util/texindex.c d55 16 a70 1 @@@@ -837,7 +845,7 @@@@ readline (struct linebuffer *linebuffer, d73 1 a73 1 p += buffer - linebuffer->buffer; d75 1 a75 1 + end = buffer - linebuffer->buffer; d79 1 a79 1 @@@@ -882,7 +890,7 @@@@ sort_offline (char *infile, off_t total, d88 1 a88 1 @@@@ -930,7 +938,7 @@@@ fail: d97 1 a97 1 @@@@ -1400,7 +1408,7 @@@@ merge_files (char **infiles, int nfiles, @ 1.3.2.1 log @Pullup ticket 1982 - requested by rillig security fix for gtexinfo - pkgsrc/devel/gtexinfo/Makefile 1.67 - pkgsrc/devel/gtexinfo/distinfo 1.26-1.27 - pkgsrc/devel/gtexinfo/patches/patch-al 1.4-1.5 Module Name: pkgsrc Committed By: rillig Date: Mon Jan 8 08:21:48 UTC 2007 Modified Files: pkgsrc/devel/gtexinfo: distinfo pkgsrc/devel/gtexinfo/patches: patch-al Log Message: Fixed the "fix" for CVE-2006-4810, since it introduced these compiler warnings. ===> GCC texindex.c: In function `readline': texindex.c:848: warning: assignment makes pointer from integer without a cast ===> MIPSpro cc-1515 cc: ERROR File = texindex.c, Line = 848 A value of type "long" cannot be assigned to an entity of type "char *". end = buffer - linebuffer->buffer; Well, if the compilers were more intelligent, they could have seen that (buffer == linebuffer->buffer) was an invariant and that the resulting difference was therefore always zero, and zero can be converted into any pointer type. ;) --- Module Name: pkgsrc Committed By: rillig Date: Mon Jan 8 08:50:51 UTC 2007 Modified Files: pkgsrc/devel/gtexinfo: Makefile distinfo pkgsrc/devel/gtexinfo/patches: patch-al Log Message: Corrected my last change. The original patch for CVE-2006-4810 was correct, only the pkgsrc version somehow managed to get wrong. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.5 2007/01/08 08:50:51 rillig Exp $ d5 2 a6 2 --- util/texindex.c.orig 2004-04-11 19:56:47.000000000 +0200 +++ util/texindex.c 2007-01-08 09:41:42.000000000 +0100 d55 1 a55 1 + end = buffer + linebuffer->size; @ 1.2 log @Improve the security fix. maketempname is called from two contextes: (a) to generate a new tempory file name -> O_EXCL logic applies here (b) to regenerate the name of an older temporary file for removal -> don't create or even open the file here, just remove it. Discussed with salo@@. @ text @d3 1 a3 1 Security fix for CAN-2005-3001. d5 1 a5 1 --- util/texindex.c.orig 2004-04-11 19:56:47.000000000 +0200 d50 9 @ 1.2.6.1 log @Pullup ticket 1914 - requested by adrianp security fix for gtexinfo - pkgsrc/devel/gtexinfo/Makefile 1.66 - pkgsrc/devel/gtexinfo/distinfo 1.25 - pkgsrc/devel/gtexinfo/patches/patch-al 1.3 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 18 15:49:02 UTC 2006 Modified Files: pkgsrc/devel/gtexinfo: Makefile distinfo pkgsrc/devel/gtexinfo/patches: patch-al Log Message: Fix for CVE-2006-4810 and bump to nb6 @ text @d1 1 a1 1 $NetBSD: patch-al,v 1.3 2006/11/18 15:49:02 adrianp Exp $ d3 1 a3 1 Security fix for CAN-2005-3001 and CVE-2006-4810 d5 1 a5 1 --- util/texindex.c.orig 2004-04-11 18:56:47.000000000 +0100 a49 9 @@@@ -837,7 +845,7 @@@@ readline (struct linebuffer *linebuffer, { buffer = (char *) xrealloc (buffer, linebuffer->size *= 2); p += buffer - linebuffer->buffer; - end += buffer - linebuffer->buffer; + end = buffer - linebuffer->buffer; linebuffer->buffer = buffer; } if (c < 0 || c == '\n') @ 1.1 log @Security fix for CAN-2005-3011: "texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 Patch from Ubuntu. @ text @d3 1 a3 1 Security fix for CAN-2005-3011, from Ubuntu. d6 7 a12 3 +++ util/texindex.c 2005-10-10 16:46:44.000000000 +0200 @@@@ -390,11 +390,12 @@@@ maketempname (int count) d25 1 a25 1 @@@@ -403,7 +404,12 @@@@ d31 6 a36 4 + fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600); + if (fd == -1) + pfatal_with_name (tempname); + close (fd); d41 36 @ 1.1.2.1 log @file patch-al was added on branch pkgsrc-2005Q3 on 2005-10-10 15:14:49 +0000 @ text @d1 34 @ 1.1.2.2 log @Pullup ticket 821 - requested by Lubomir Sedlacik security fix for gtexinfo Revisions pulled up: - pkgsrc/devel/gtexinfo/Makefile 1.58 - pkgsrc/devel/gtexinfo/distinfo 1.22 - pkgsrc/devel/gtexinfo/patches/patch-al 1.1 Module Name: pkgsrc Committed By: salo Date: Mon Oct 10 15:14:49 UTC 2005 Modified Files: pkgsrc/devel/gtexinfo: Makefile distinfo Added Files: pkgsrc/devel/gtexinfo/patches: patch-al Log Message: Security fix for CAN-2005-3011: "texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 Patch from Ubuntu. @ text @a0 34 $NetBSD: patch-al,v 1.1.2.1 2005/10/12 03:56:19 snj Exp $ Security fix for CAN-2005-3011, from Ubuntu. --- util/texindex.c.orig 2004-04-11 19:56:47.000000000 +0200 +++ util/texindex.c 2005-10-10 16:46:44.000000000 +0200 @@@@ -390,11 +390,12 @@@@ maketempname (int count) { static char *tempbase = NULL; + char *tempname; char tempsuffix[10]; + int fd; if (!tempbase) { - int fd; tempbase = concat (tempdir, "txidxXXXXXX"); fd = mkstemp (tempbase); @@@@ -403,7 +404,12 @@@@ } sprintf (tempsuffix, ".%d", count); - return concat (tempbase, tempsuffix); + tempname = concat (tempbase, tempsuffix); + fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600); + if (fd == -1) + pfatal_with_name (tempname); + close (fd); + return tempname; } @