X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=enscript.git;a=blobdiff_plain;f=src%2FChangeLog;h=f888e1914e31bd77d1c8e4afbbc73397fb3fbb7d;hp=5352633fb00bc16ba5ed0a80e9715d1a591da55b;hb=refs%2Fheads%2Frelease;hpb=90aff5f8d6c1d6aa69be62d9ae8a12c22ccd3db7

diff --git a/src/ChangeLog b/src/ChangeLog
index 5352633..f888e19 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,43 @@
+2009-12-27  Tim Retout  <tim@retout.co.uk>
+
+	Apply patch
+
+	* psgen.c: Use PATH_MAX 
+
+2009-12-27  Tim Retout  <diocles@gnu.org>
+
+	Apply patch from Debian Security Team for CAN-2004-1184.
+
+	* gsint.h: Add shell_escape prototype.
+	* util.c (shell_escape): New function to escape filenames for
+	shell usage.
+	* util.c (is_open): Use shell_escape to expand command buffer.
+
+	* main.c (main): Use single quotes when building command string,
+	and use shell_escape to quote contents.
+
+	* util.c (escape_string): Check return code of xmalloc.
+
+	Apply patch from Werner Fink to address CVE-2008-3863,
+	CVE-2008-4306.
+
+	* psgen.c: Use PATH_MAX for various buffer sizes.
+	Replace several strcpy calls with memset and strncpy.
+
+2009-03-28  Tim Retout  <diocles@gnu.org>
+
+	* psgen.c (recognize_eps_file): Remove ability to read EPS data
+	from a pipe, as this executes arbitrary commands.  It has been
+	disabled in most distros for five years anyway.  See
+	CAN-2004-1185.
+
+	* psgen.c (dump_ps_page_header): Use basename() and dirname() to
+	split path.  Fixes a buffer overflow - see CAN-2004-1186.
+
+2009-01-25  Tim Retout  <diocles@gnu.org>
+
+	* main.c (main): Respect $HOME when searching for ~/.enscriptrc
+
 2008-01-01  Tim Retout  <diocles@gnu.org>
 
 	* ChangeLog: Run M-x change-log-redate. Add copyright notice at end.