head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.10
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.8
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.6
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.4
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.1.0.40
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.38
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.36
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.34
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.32
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.30
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.28
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.26
	pkgsrc-2008Q1:1.1.0.24
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.22
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.20
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.18
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.16
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.14
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.12
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.10
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.8
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.6
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.4
	pkgsrc-2005Q3-base:1.1
	pkgsrc-2005Q2:1.1.0.2
	pkgsrc-2005Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2009.12.16.20.07.33;	author joerg;	state dead;
branches;
next	1.1;

1.1
date	2005.06.14.18.10.37;	author jlam;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Retire old xpm package. Replaced by x11/libXpm.
@
text
@$NetBSD: patch-ar,v 1.1 2005/06/14 18:10:37 jlam Exp $

--- /dev/null	2005-06-14 01:17:00.000000000 -0400
+++ lib/s_popen.c	2005-06-14 00:03:23.000000000 -0400
@@@@ -0,0 +1,181 @@@@
+/*
+ * Copyright (C) 2004 The X.Org fundation
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is fur-
+ * nished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * 
+ * Except as contained in this notice, the name of the X.Org fundation
+ * shall not be used in advertising or otherwise to promote the sale,
+ * use or other dealings in this Software without prior written
+ * authorization from the X.Org fundation.
+ */
+
+/*
+** This is a secure but NOT 100% compatible replacement for popen()
+** Note:        - don't use pclose() use fclose() for closing the returned
+**                filedesc.!!!
+**
+** Known Bugs:  - unable to use i/o-redirection like > or <
+** Author:      - Thomas Biege <thomas@@suse.de>
+** Credits:     - Andreas Pfaller <a.pfaller@@pop.gun.de> for fixing a SEGV when
+**                calling strtok()
+*/
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+#define __SEC_POPEN_TOKEN " "
+
+FILE *s_popen(char *cmd, const char *type)
+{
+  pid_t pid;
+  int pfd[2];
+  int rpipe = 0, wpipe = 0, i;
+  char **argv;
+  char *ptr;
+  char *cmdcpy;
+
+
+  if(cmd == NULL || cmd == "")
+    return(NULL);
+
+  if(type[0] != 'r' && type[0] != 'w')
+    return(NULL);
+
+  if ((cmdcpy = strdup(cmd)) == NULL)
+    return(NULL);
+
+  argv = NULL;
+  if( (ptr = strtok(cmdcpy, __SEC_POPEN_TOKEN)) == NULL)
+  {
+    free(cmdcpy);
+    return(NULL);
+  }
+
+  for(i = 0;; i++)
+  {
+    if( ( argv = (char **) realloc(argv, (i+1) * sizeof(char *)) ) == NULL)
+    {
+      free(cmdcpy);
+      return(NULL);
+    }
+
+    if( (*(argv+i) = (char *) malloc((strlen(ptr)+1) * sizeof(char))) == NULL)
+    {
+      free(cmdcpy);
+      return(NULL);
+    }
+
+    strcpy(argv[i], ptr);
+
+    if( (ptr = strtok(NULL, __SEC_POPEN_TOKEN)) == NULL)
+    {
+      if( ( argv = (char **) realloc(argv, (i+2) * sizeof(char *))) == NULL)
+      {
+        free(cmdcpy);
+        return(NULL);
+      }
+      argv[i+1] = NULL;
+      break;
+    }
+  }
+
+
+  if(type[0] == 'r')
+    rpipe = 1;
+  else
+    wpipe = 1;
+
+  if (pipe(pfd) < 0)
+  {
+    free(cmdcpy);
+    return(NULL);
+  }
+
+	if((pid = fork()) < 0)
+  {
+    close(pfd[0]);
+    close(pfd[1]);
+    free(cmdcpy);
+    return(NULL);
+  }
+
+	if(pid == 0)    /* child */
+  {
+    if((pid = fork()) < 0)
+    {
+      close(pfd[0]);
+      close(pfd[1]);
+      free(cmdcpy);
+      return(NULL);
+    }
+    if(pid > 0)
+    {
+      exit(0);  /* child nr. 1 exits */
+    }
+
+    /* child nr. 2 */
+    if(rpipe)
+    {
+      close(pfd[0]);  /* close reading end, we don't need it */
+      dup2(STDOUT_FILENO, STDERR_FILENO);
+      if (pfd[1] != STDOUT_FILENO)
+        dup2(pfd[1], STDOUT_FILENO);  /* redirect stdout to writing end of pipe */
+    }
+    else
+    {
+      close(pfd[1]);  /* close writing end, we don't need it */
+      if (pfd[0] != STDIN_FILENO)
+        dup2(pfd[0], STDIN_FILENO);    /* redirect stdin to reading end of pipe */
+	  }
+
+    if(strchr(argv[0], '/') == NULL)
+      execvp(argv[0], argv);  /* search in $PATH */
+    else
+      execv(argv[0], argv);
+
+    close(pfd[0]);
+    close(pfd[1]);
+    free(cmdcpy);
+    return(NULL);  /* exec failed.. ooops! */
+  }
+  else          /* parent */
+  {
+    waitpid(pid, NULL, 0); /* wait for child nr. 1 */
+
+    if(rpipe)
+    {
+      close(pfd[1]);
+      free(cmdcpy);
+      return(fdopen(pfd[0], "r"));
+    }
+    else
+    {
+      close(pfd[0]);
+      free(cmdcpy);
+      return(fdopen(pfd[1], "w"));
+    }
+
+  }
+}
+
@


1.1
log
@Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address
problems noted in CAN-2004-0914:

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
    used in XFree86 and other packages, include (1) multiple integer
    overflows, (2) out-of-bounds memory accesses, (3) directory
    traversal, (4) shell metacharacter, (5) endless loops, and (6)
    memory leaks, which could allow remote attackers to obtain
    sensitive information, cause a denial of service (application
    crash), or execute arbitary code via a certain XPM image file.

Bump PKGREVISION to 4.  Since this is a security-related fix, also
bump the BUILDLINK_RECOMMENDED version for this package.
@
text
@d1 1
a1 1
$NetBSD$
@