X-Git-Url: http://git.savannah.gnu.org/gitweb/?p=enscript.git;a=blobdiff_plain;f=src%2FChangeLog;h=f888e1914e31bd77d1c8e4afbbc73397fb3fbb7d;hp=7557664ad89a7117cb062beedb9db4af1197db1a;hb=aca79d5e90c1331854bb5e1a82492f7e8f02e927;hpb=0acc7b63a1be9f5d02f1a21d6df52cb5a9ce7e58

diff --git a/src/ChangeLog b/src/ChangeLog
index 7557664..f888e19 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,29 @@
+2009-12-27  Tim Retout  <tim@retout.co.uk>
+
+	Apply patch
+
+	* psgen.c: Use PATH_MAX 
+
+2009-12-27  Tim Retout  <diocles@gnu.org>
+
+	Apply patch from Debian Security Team for CAN-2004-1184.
+
+	* gsint.h: Add shell_escape prototype.
+	* util.c (shell_escape): New function to escape filenames for
+	shell usage.
+	* util.c (is_open): Use shell_escape to expand command buffer.
+
+	* main.c (main): Use single quotes when building command string,
+	and use shell_escape to quote contents.
+
+	* util.c (escape_string): Check return code of xmalloc.
+
+	Apply patch from Werner Fink to address CVE-2008-3863,
+	CVE-2008-4306.
+
+	* psgen.c: Use PATH_MAX for various buffer sizes.
+	Replace several strcpy calls with memset and strncpy.
+
 2009-03-28  Tim Retout  <diocles@gnu.org>
 
 	* psgen.c (recognize_eps_file): Remove ability to read EPS data