Hello community, here is the log from the commit of package info2html for openSUSE:Factory checked in at 2017-08-12 19:59:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/info2html (Old) and /work/SRC/openSUSE:Factory/.info2html.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "info2html" Sat Aug 12 19:59:32 2017 rev:20 rq:514964 version:2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/info2html/info2html.changes 2011-09-23 02:03:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.info2html.new/info2html.changes 2017-08-12 19:59:35.236175491 +0200 @@ -1,0 +2,13 @@ +Mon Aug 7 12:11:40 UTC 2017 - wer...@suse.de + +- Readd a fixed version of DirnameCheck() for security + that is allow access even if no path for the info files had + been requested + +------------------------------------------------------------------- +Mon Aug 7 11:26:08 UTC 2017 - wer...@suse.de + +- Avoid DirnameCheck() as it breaks the info2html (boo#1052383) +- Avoid $* asignment with newer perl + +------------------------------------------------------------------- New: ---- info2html-rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ info2html.spec ++++++ --- /var/tmp/diff_new_pack.hdW6xQ/_old 2017-08-12 19:59:36.707969339 +0200 +++ /var/tmp/diff_new_pack.hdW6xQ/_new 2017-08-12 19:59:36.715968218 +0200 @@ -1,7 +1,7 @@ # -# spec file for package info2html (Version 2.0) +# spec file for package info2html # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,26 +15,27 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: info2html -BuildRequires: apache2-devel libapr-util1-devel pcre-devel +BuildRequires: apache2-devel +BuildRequires: libapr-util1-devel +BuildRequires: pcre-devel Url: http://sourceforge.net/projects/info2html/ -License: GPL-2.0+ -Group: Productivity/Publishing/Texinfo -AutoReqProv: on Provides: inf2htm Obsoletes: inf2htm Version: 2.0 -Release: 202 +Release: 0 Summary: Program to Convert Info Pages into HTML Pages +License: GPL-2.0+ +Group: Productivity/Publishing/Texinfo BuildArch: noarch -Source: info2html-2.0.tar.bz2 -Source1: arrows.tar.bz2 -Patch: info2html-2.0.dif +Source0: info2html-2.0.tar.bz2 +Source1: info2html-rpmlintrc +Source2: arrows.tar.bz2 +Patch0: info2html-2.0.dif %define apache_serverroot %(/usr/sbin/apxs2 -q datadir 2>/dev/null || apxs -q PREFIX) BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArch: noarch %description This package contains the CGI script 'info2html' that creates HTML pages @@ -49,8 +50,8 @@ Karl Guggisberg <gug...@iam.unibe.ch> %prep -%setup -n info2html-2.0 -a 1 -%patch +%setup -n info2html-2.0 -a 2 +%patch0 -b .p0 %build ++++++ info2html-2.0.dif ++++++ --- /var/tmp/diff_new_pack.hdW6xQ/_old 2017-08-12 19:59:36.903941889 +0200 +++ /var/tmp/diff_new_pack.hdW6xQ/_new 2017-08-12 19:59:36.907941329 +0200 @@ -1,5 +1,11 @@ +--- + info2html | 91 +++++++++++++++++++++++++++++++++++++++++---------------- + info2html.conf | 27 ++++++++-------- + infocat | 14 +++++++- + 3 files changed, 91 insertions(+), 41 deletions(-) + --- info2html -+++ info2html 2006-08-30 16:57:37.000000000 +0200 ++++ info2html 2017-08-07 12:10:40.074152757 +0000 @@ -62,15 +62,20 @@ $FTAG = '[^\)]+'; #-- p #--------------------------------------------------------- # Don't reveal where we're looking... --jonh 5/20/97 (and reapplied 5/4/1998) @@ -25,12 +31,10 @@ EOF die "\n"; } -@@ -90,6 +95,25 @@ sub Escape{ - return CGI::escape($Tag); +@@ -91,6 +96,28 @@ sub Escape{ } -+ -+#---------------------------------------------------------- + #---------------------------------------------------------- +# DirnameCheck +#---------------------------------------------------------- +sub DirnameCheck{ @@ -39,19 +43,24 @@ + + $Base =~ s@.*/@@g; + $Dir =~ s@/[^/]*$@@; -+ $Dir = "" if ($Dir eq $Base); ++ ++ if ($Dir eq $Base) { ++ $Dir = ""; ++ return(1); ++ } + + for (@INFODIR) { -+ return(1) if ( $Dir eq $_ ); ++ return(1) if ( $Dir eq $_ ); + } + + return(0); +} + - #---------------------------------------------------------- ++#---------------------------------------------------------- # DeEscape #---------------------------------------------------------- -@@ -100,6 +124,10 @@ sub DeEscape{ + sub DeEscape{ +@@ -100,6 +127,10 @@ sub DeEscape{ $Tag =~ s/%20/ /g; #-- oh yes it is -- jonh 5/16/1997 #$Tag; @@ -62,7 +71,7 @@ return CGI::unescape($Tag); } -@@ -172,23 +200,23 @@ sub MenuItem2HTML{ +@@ -172,23 +203,23 @@ sub MenuItem2HTML{ $Line = &Tab2Space($Line); # make sure columns line up well if ($Line =~ /\* ([^:]+)::/){ # -- is a simple entry ending with :: ? @@ -90,7 +99,7 @@ $MenuLinkText = $Line; } } -@@ -213,11 +241,10 @@ sub MenuItem2HTML{ +@@ -213,11 +244,10 @@ sub MenuItem2HTML{ sub ReadIndirectTable{ local($FileName,*InfoFiles,*Offsets) = @_; local($i,$Next); @@ -104,7 +113,7 @@ } else { open(FH1,$FileName) || &DieFileNotFound($FileName); } -@@ -260,9 +287,9 @@ sub ReadTagTable{ +@@ -260,9 +290,9 @@ sub ReadTagTable{ local($File,$Offset); if ( $FileName =~ /^(.+)\.gz$/ ) { @@ -116,7 +125,19 @@ } else { open(FH,$FileName) || &DieFileNotFound($FileName); } -@@ -437,8 +464,11 @@ sub PrintHeader{ +@@ -304,8 +334,9 @@ sub ReadTagTable{ + # transforms them to HTML using a little icon + #---------------------------------------------------------- + sub ParsCrossRefs{ +- local($prev,$Line,$BaseInfoFile) = @_; +- local($*,$NewLine,$Token) = (1); ++ my ($prev,$Line,$BaseInfoFile) = @_; ++ my ($NewLine,$Token); ++ my ($CrossRef, $CrossRefFile, $CrossRefTag, $CrossRefRef, $CrossRefText); + $Line = " ".$Line; + if ($prev =~ /\*Note([^\t\,\.]*)$/i) { + if ($Line =~ /^$TAG$TE/) { +@@ -437,8 +468,11 @@ sub PrintHeader{ ; print <<"EOF"; @@ -130,7 +151,7 @@ EOF print "\n<div class='nav navtop'\n>", -@@ -484,7 +514,7 @@ EOF +@@ -484,7 +518,7 @@ EOF print "<!-- info2html v$VERSION -->\n"; } @@ -139,7 +160,7 @@ return; } -@@ -493,14 +523,21 @@ EOF +@@ -493,14 +527,21 @@ EOF #---------------------------------------------------------- sub ReplyNotFoundMessage{ local($FileName,$Tag) = @_; @@ -164,7 +185,7 @@ EOF } #----------------------------------------------------------- -@@ -514,9 +551,9 @@ sub InfoNode2HTML{ +@@ -514,9 +555,9 @@ sub InfoNode2HTML{ local($FileName,$Offset,$Tag,$BaseInfoFile) = @_; local($Found); if ( $FileName =~ /^(.+)\.gz$/ ) { @@ -176,7 +197,7 @@ } else { open(FH2,$FileName) || &DieFileNotFound($FileName); } -@@ -657,8 +694,8 @@ $PROGRAM = $ENV{'SCRIPT_NAME'}; +@@ -657,8 +698,8 @@ $PROGRAM = $ENV{'SCRIPT_NAME'}; $CommandLine = DeEscape($ENV{'QUERY_STRING'}); # jonh DeEscape() 1997.05.16 if ($CommandLine =~ /\(([^\)]+)\)(.+)/) { $BaseInfoFile = &DeEscape($1); @@ -186,7 +207,7 @@ } elsif( $CommandLine =~ /^([-_0-9a-zA-Z]+)$/) { # tolerate bare queries $BaseInfoFile = &DeEscape($1); $NodeName = 'Top'; -@@ -674,7 +711,7 @@ $File = $BaseInfoFile if $File eq ""; +@@ -674,7 +715,7 @@ $File = $BaseInfoFile if $File eq ""; $FileNameFull = &FindFile($File); &InfoNode2HTML($FileNameFull,$Offset,$NodeName,$BaseInfoFile); @@ -196,7 +217,7 @@ ############################################################################### # # --- info2html.conf -+++ info2html.conf 2006-08-30 16:42:00.000000000 +0200 ++++ info2html.conf 2017-08-07 11:20:18.864788475 +0000 @@ -26,7 +26,8 @@ #-- URL for an icon for cross references @@ -256,7 +277,7 @@ #-- URL for documentation of info2html --- infocat -+++ infocat 2006-08-30 17:04:50.000000000 +0200 ++++ infocat 2017-08-07 12:24:27.423036335 +0000 @@ -66,6 +66,10 @@ sub DeEscape{ #$Tag =~ s/%20/ /g; #-- yes it is jonh 5/16/97 @@ -268,7 +289,15 @@ return CGI::unescape($Tag); } -@@ -90,12 +94,12 @@ foreach $dir (@INFODIR) { +@@ -83,6 +87,7 @@ print "$HTML_HEAD_STUFF</head><body clas + + my( %Desc2BaseExt, %BaseFreq, %BaseExt2Base ); + ++$SIG{'PIPE'} = 'IGNORE'; + foreach $dir (@INFODIR) { + opendir(DIR, $dir) or next; + while ($baseext = readdir(DIR)) { +@@ -90,12 +95,17 @@ foreach $dir (@INFODIR) { my $base; if ($baseext =~ m/^(.+)\.info\.bz2$/ ) { $base = $1; @@ -280,6 +309,11 @@ $base = $1; - next unless open INFOFILE, "gzip -dc $dir/$baseext|"; + next unless open INFOFILE, "gunzip -q -d -c < $dir/$baseext|"; ++ $collect = 0; ++ } ++ elsif ($baseext =~ m/^(.+)\.info\.xz$/ ) { ++ $base = $1; ++ next unless open INFOFILE, "xz -q -d -c < $dir/$baseext|"; $collect = 0; } elsif ($baseext =~ m/^(.+)\.info$/) { ++++++ info2html-rpmlintrc ++++++ addFilter(".*non-etc-or-var-file-marked-as-conffile.*")