X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=enscript.git;a=blobdiff_plain;f=src%2FChangeLog;h=f888e1914e31bd77d1c8e4afbbc73397fb3fbb7d;hp=2153b3d03834a0a3f7bd8a2d3faaf1ae2291554e;hb=aca79d5e90c1331854bb5e1a82492f7e8f02e927;hpb=288e95a13a053743ed97d2a122a637c10450fdf1 diff --git a/src/ChangeLog b/src/ChangeLog index 2153b3d..f888e19 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,7 +1,50 @@ +2009-12-27 Tim Retout + + Apply patch + + * psgen.c: Use PATH_MAX + +2009-12-27 Tim Retout + + Apply patch from Debian Security Team for CAN-2004-1184. + + * gsint.h: Add shell_escape prototype. + * util.c (shell_escape): New function to escape filenames for + shell usage. + * util.c (is_open): Use shell_escape to expand command buffer. + + * main.c (main): Use single quotes when building command string, + and use shell_escape to quote contents. + + * util.c (escape_string): Check return code of xmalloc. + + Apply patch from Werner Fink to address CVE-2008-3863, + CVE-2008-4306. + + * psgen.c: Use PATH_MAX for various buffer sizes. + Replace several strcpy calls with memset and strncpy. + +2009-03-28 Tim Retout + + * psgen.c (recognize_eps_file): Remove ability to read EPS data + from a pipe, as this executes arbitrary commands. It has been + disabled in most distros for five years anyway. See + CAN-2004-1185. + + * psgen.c (dump_ps_page_header): Use basename() and dirname() to + split path. Fixes a buffer overflow - see CAN-2004-1186. + +2009-01-25 Tim Retout + + * main.c (main): Respect $HOME when searching for ~/.enscriptrc + 2008-01-01 Tim Retout * ChangeLog: Run M-x change-log-redate. Add copyright notice at end. + * main.c (usage): Use PACKAGE_BUGREPORT instead of hardcoding the bug + report address. + * main.c (main) : Remove an unnecessary fclose of the toc temporary file, which was breaking the --toc option.