debian/0000755000000000000000000000000011725173724007177 5ustar debian/mime0000644000000000000000000000150311725173724010050 0ustar application/postscript; pstotext %s; test=test -z "$LYNX_VERSION"; copiousoutput; description="PostScript document"; priority=4 application/postscript; pstotext %s; test=test -n "$LYNX_VERSION"; description="PostScript document"; priority=4 application/ghostview; pstotext %s; test=test -z "$LYNX_VERSION"; copiousoutput; description="PostScript document"; priority=4 application/ghostview; pstotext %s; test=test -n "$LYNX_VERSION"; description="PostScript document"; priority=4 application/pdf; pstotext %s; test=test -z "$LYNX_VERSION" && expr `gs --version` ">=" 3.51 >/dev/null 2>&1; copiousoutput; description="Portable Document Format document"; priority=2 application/pdf; pstotext %s; test=test -n "$LYNX_VERSION" && expr `gs --version` ">=" 3.51 >/dev/null 2>&1; description="Portable Document Format document"; priority=2 debian/watch0000644000000000000000000000022611725173724010230 0ustar # format version number, currently 3; this line is compulsory! version=3 http://mirror.cs.wisc.edu/pub/mirrors/ghost/contrib/pstotext-(.*)\.tar\.gz debian/copyright0000644000000000000000000000076211725173724011137 0ustar This package was originally debianized by J.H.M. Dassen on Sun, 12 Jan 1997 19:18:04 +0100. The current Debian maintainer is Jan Jeroným Zvánovec It was originally obtained via http://www.research.digital.com/SRC/virtualpaper/pstotext.html but is now found through http://www.cs.wisc.edu/~ghost/doc/pstotext.htm Original copyright ⓒ 1995-1998, Digital Equipment Corporation Full copyright information (pstotext.txt file of the source distribution): debian/manpages0000644000000000000000000000001311725173724010707 0ustar pstotext.1 debian/dirs0000644000000000000000000000006211725173724010061 0ustar usr/bin usr/share/man/man1 usr/share/doc/pstotext debian/source/0000755000000000000000000000000011725173724010477 5ustar debian/source/format0000644000000000000000000000001411725173724011705 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000002113011725173724011046 0ustar pstotext (1.9-6) unstable; urgency=low * [debian/rules] use dpkg-buildflags; fix "Please enabled hardened build flags", applied patch courtesy of Moritz Muehlenhoff (Closes: #655105) * [debian/rules] providing build-arch and build-indep as recommended by lintian * [debian/control] updated to Standars-Version: 3.9.3 (no changes needed) * removing templates [debian/postinst.debhelper] and [debian/postrm.debhelper] -- Jan Jeroným Zvánovec Mon, 05 Mar 2012 18:28:41 +0100 pstotext (1.9-5) unstable; urgency=medium * New maintainer (closes: #585061) * [debian/control] updated dependency on ghostscript (closes: #539671) * [debian/rules] -fno-string-aliasing workaround to prevent broken compilation of type punning (closes: #586914) * [debian/copyright] new maintainer, including pstotext.txt only once (closes: #289097) * [debian/control] updated to Standards-Version: 3.9.0.0 (no changes needed) * [debian/control] new Homepage field added; added ${misc:Depends} * [debian/{preinst,postinst,prerm,postrm}] deleted because trivial * [debian/README.debian] doc path fixed; new maintainer * [debian/compat] set to 7 * [debian/source/format] set to "3.0 (quilt)" * [debian/watch] added * patches moved from diff.gz to debian/patches * [debian/rules] - builds in debian/pstotext instead of debian/tmp; dh_installman instead of dh_install_manpages; wiped useless dh_* -- Jan Jeroným Zvánovec Sat, 10 Jul 2010 19:23:58 +0200 pstotext (1.9-4) unstable; urgency=medium * [main.c] Applied patch courtesy of Martin Ehmsen to unbreak pstotext on input from stdin which was broken by 1.9-3's security patch. (Closes: #356988) -- J.H.M. Dassen (Ray) Sun, 21 May 2006 20:14:12 +0200 pstotext (1.9-3) unstable; urgency=high * [main.c] Security fix. popen(3) was being used in a construct which could did not perform sufficient cleanup/quoting of filenames; these filenames could come from untrusted sources like a web indexing service and could thus be misused to execute shell code as the user running pstotext. The use of popen(3) has been replaced by an explicit fork/pipe construct which does not involve the use of a shell. (Closes: #356988) * [debian/control] Change the non-virtual package suggestion for the dependency on the "gs" virtual package to gs-gpl as gs-aladdin has become a transitional package. * [debian/control] Updated Standards-Version. -- J.H.M. Dassen (Ray) Fri, 5 May 2006 17:09:48 +0200 pstotext (1.9-2) unstable; urgency=high * [main.c] Security fix: call Ghostscript with -dSAFER to prevent malicious PostScript data from altering the filesystem or opening pipes to arbitrary external programs. This problem was remotely exploitable (through pstotext's registration with /etc/mailcap as a viewer application). The problem was identified and patched by Max Vozeler . -- J.H.M. Dassen (Ray) Wed, 27 Jul 2005 18:43:55 +0200 pstotext (1.9-1) unstable; urgency=low * New upstream, incorporating Debian's code changes. * [debian/copyright, debian/README.Debian] Updated. * [debian/control] Updated Standards-Version. -- J.H.M. Dassen (Ray) Tue, 13 Jan 2004 19:21:53 +0100 pstotext (1.8g-6) unstable; urgency=low * Implemented current policy and updated Standards-Version accordingly. * Corrected priority. * [debian/mime] Added `copiousoutput' to the PDF entry. (Closes: #207374) * [debian/mime] Added workarounds for lynx not dealing with the `copiousoutput' flag properly. (Closes: #170848) -- J.H.M. Dassen (Ray) Thu, 28 Aug 2003 18:08:05 +0200 pstotext (1.8g-5) unstable; urgency=medium * MAXPATHLEN patch caused core dump on empty argument list; reworked it. * Minor code cleanup: dealt with a few compiler warnings. * Use mkstemp() in tempfile generation. -- J.H.M. Dassen (Ray) Sat, 2 Feb 2002 10:43:43 +0100 pstotext (1.8g-4) unstable; urgency=medium * Applied patch from James A Morrison to remove use of MAXPATHLEN as needed for GNU/Hurd. (Closes: #113738). -- J.H.M. Dassen (Ray) Wed, 28 Nov 2001 21:28:29 +0100 pstotext (1.8g-3) unstable; urgency=low * Restored MIME support that went missing. -- J.H.M. Dassen (Ray) Wed, 23 May 2001 20:45:19 +0200 pstotext (1.8g-2) unstable; urgency=low * Applied patch by Matthew Swift to fix a problem with filename quoting that broke pstotext on filenames containing spaces. (Closes: #86421) * Added build dependency on debhelper. * Updated Standards-Version. -- J.H.M. Dassen (Ray) Sat, 31 Mar 2001 12:46:06 +0200 pstotext (1.8g-1) unstable; urgency=low * Discovered a new upstream version was released some time ago. * Updated Standards-version. * Folded gs-aladdin suggestion into Depends: line. * Updated email address. * Updated to current debhelper capabilities. -- J.H.M. Dassen (Ray) Sat, 27 May 2000 17:18:47 +0200 pstotext (1.8-4) unstable; urgency=low * FHS migration. -- J.H.M. Dassen (Ray) Sat, 11 Sep 1999 12:51:46 +0200 pstotext (1.8-3) unstable; urgency=low * Fixed order of fields in application/pdf mailcap entry. (Closes: bug#42441) * Moved manpage to FHS-conformant location. -- J.H.M. Dassen (Ray) Thu, 5 Aug 1999 22:09:26 +0200 pstotext (1.8-2) unstable; urgency=low * Use dh_installmime (fixes: mailcap entry in the wrong directory). * Updated Standards-Version. -- J.H.M. Dassen (Ray) Thu, 15 Jul 1999 17:03:56 +0200 pstotext (1.8-1) unstable; urgency=low * New upstream release. * Fixed lintian warning. -- J.H.M. Dassen (Ray) Mon, 2 Nov 1998 20:05:26 +0100 pstotext (1.7-3) unstable; urgency=low * Updated for the new mime-support. * Fixed Barrie's surname in the changelog. -- J.H.M. Dassen (Ray) Thu, 20 Aug 1998 09:54:03 +0200 pstotext (1.7-2) unstable; urgency=low * Fixed preinst script. (Thanks to Barrie Stott for reporting the problems he had with the old one). -- J.H.M. Dassen (Ray) Sat, 18 Jul 1998 15:52:23 +0200 pstotext (1.7-1) unstable; urgency=low * New upstream release. -- J.H.M. Dassen (Ray) Thu, 11 Jun 1998 12:05:53 +0200 pstotext (1.6-5) unstable; urgency=low * Really silence the mailcap test. The previous version's error redirection was wrong. (fixes #18524). * Used maintainer name from my PGP user ID. * Checked compliance with current policy; no bashims. -- J.H.M. Dassen (Ray) Thu, 5 Mar 1998 13:52:24 +0100 pstotext (1.6-4) unstable; urgency=low * Silenced the mailcap test for application/pdf (bug #16433); remove the old test if present. -- J.H.M. Dassen (Ray) Mon, 5 Jan 1998 13:43:37 +0100 pstotext (1.6-3) unstable; urgency=low * Switched from debmake to debhelper. -- J.H.M. Dassen (Ray) Wed, 31 Dec 1997 13:42:02 +0100 pstotext (1.6-2) unstable; urgency=low * Now registers as a MIME viewer for PostScript and PDF; especially for use outside X. * Copyright file generated, rather than copied from source file, so the release number and date are up to date. -- J.H.M. Dassen (Ray) Wed, 24 Sep 1997 08:40:03 +0200 pstotext (1.6-1) unstable; urgency=low * New upstream release. * Now in main, as its main function (extracting text from PostScript files) can be done without needing non-free packages. * Added a note to debian.README explaining you need gs-aladdin to extract text from PDF. * Changed dependencies to comply with the requirements for main. * Install files with preserved timestamps. * Tar part of the .orig.tar.gz is pristine (upstream distribution is in .tar.Z format). -- J.H.M. Dassen (Ray) Fri, 19 Sep 1997 16:56:46 +0200 pstotext (1.5-2) non-free; urgency=low * Rebuilt with libc6. -- J.H.M. Dassen (Ray) Sun, 27 Jul 1997 15:32:46 +0200 pstotext (1.5-1) non-free; urgency=low * Initial Release. Added Debian package maintenance files. * Small fixes to reduce warnings (added return-types and includes and such) * This package goes in non-free because it depends on a non-free version of ghostscript. -- J.H.M. Dassen Sun, 12 Jan 1997 19:10:51 +0100 debian/compat0000644000000000000000000000000211725173724010375 0ustar 7 debian/patches/0000755000000000000000000000000011725173724010626 5ustar debian/patches/series0000644000000000000000000000004511725173724012042 0ustar 1.9-3_and_1.9-4.patch doc-path.patch debian/patches/doc-path.patch0000644000000000000000000000055111725173724013347 0ustar Description: Debian specific: fix copyright path in manpage Author: J.H.M. Dassen (Ray) Forwarded: not-needed Last-Update: 2010-07-10 --- a/pstotext.1 +++ b/pstotext.1 @@ -128,7 +128,7 @@ .br Distributed only by permission. .br -See file pstotext.txt for details. +See file /usr/share/doc/pstotext/copyright for details. .br .BR .PP debian/patches/1.9-3_and_1.9-4.patch0000644000000000000000000000675611725173724013706 0ustar Subject: Security fix, arbitratry code execution via bad popen(3) call Bug-Debian: http://bugs.debian.org/356988 Author: J.H.M. Dassen (Ray) Author: Martin Ehmsen Last-Update: 2010-07-10 --- a/main.c +++ b/main.c @@ -126,12 +126,14 @@ static int cleanup(void) { int gsstatus, status = 0; pstotextExit(instance); - if (gs!=NULL) { #ifdef VMS + if (gs!=NULL) { gsstatus = fclose(gs); + } #else - gsstatus = pclose(gs); + waitpid(-1, &gsstatus, 0); #endif + if (gsstatus) { if (WIFEXITED(gsstatus)) { if (WEXITSTATUS(gsstatus)!=0) status = 3; else if (WIFSIGNALED(gsstatus)) status = 4; @@ -166,8 +168,13 @@ static int do_it(char *path) { /* If "path" is NULL, then "stdin" should be processed. */ - char *gs_cmdline; - char *input; + char *gs_argv[32]; + int gs_argc=0; +#ifdef DEBUG + int i; +#endif + int fd[2]; + pid_t p; int status; char norotate[] = ""; FILE *fileout; @@ -201,47 +208,31 @@ exit(1); } - if (path==NULL) { - input = (char*)malloc(2); - if (input == NULL) { - fprintf(stderr,"No memory available\n"); - cleanup(); - exit(1); - } - strcpy(input, "-"); - } else { - input = (char*)malloc(strlen(path) + 6); - if (input == NULL) { - fprintf(stderr,"No memory available\n"); - cleanup(); - exit(1); - } - strcpy(input, "-- '"); strcat(input, path); strcat(input, "'"); + gs_argv[gs_argc++] = "gs"; + gs_argv[gs_argc++] = "-r72"; + gs_argv[gs_argc++] = "-dNODISPLAY"; + gs_argv[gs_argc++] = "-dFIXEDMEDIA"; + gs_argv[gs_argc++] = "-dDELAYBIND"; + gs_argv[gs_argc++] = "-dWRITESYSTEMDICT"; + if (!debug) { + gs_argv[gs_argc++] = "-q"; + } + gs_argv[gs_argc++] = "-dNOPAUSE"; + gs_argv[gs_argc++] = "-dSAFER"; + if (rotate_path && strcmp(rotate_path, "")) { + gs_argv[gs_argc++] = rotate_path; + } + if (ocr_path && strcmp(ocr_path, "")) { + gs_argv[gs_argc++] = ocr_path; + } + if (path == NULL ) { + gs_argv[gs_argc++] = "-"; + } + else { + gs_argv[gs_argc++] = "--"; + gs_argv[gs_argc++] = path; } - - gs_cmdline = (char*)malloc(strlen(gs_cmd)+strlen(rotate_path)+ - strlen(ocr_path) + strlen(input) + 128); - - if (gs_cmdline == NULL) { - fprintf(stderr, "No memory available\n"); - cleanup(); - exit(1); - } - - sprintf( - gs_cmdline, -#ifdef VMS - "%s -r72 \"-dNODISPLAY\" \"-dFIXEDMEDIA\" \"-dDELAYBIND\" \"-dWRITESYSTEMDICT\" %s \"-dNOPAUSE\" %s %s %s", -#else - "%s -r72 -dNODISPLAY -dFIXEDMEDIA -dDELAYBIND -dWRITESYSTEMDICT %s -dNOPAUSE %s %s %s", -#endif - gs_cmd, - (debug ? "" : "-q"), - rotate_path, - ocr_path, - input - ); - if (debug) fprintf(stderr, "%s\n", gs_cmdline); + gs_argv[gs_argc++] = NULL; #ifdef VMS cmdfile = tempnam("SYS$SCRATCH:","PS2TGS"); gsoutfile = tempnam("SYS$SCRATCH:","GSRES"); @@ -259,8 +250,25 @@ exit(1); } #else - gs = popen(gs_cmdline, "r"); - if (gs==0) {perror(cmd); exit(1);} + if (pipe(fd)) { + perror("pipe failed: "); exit(1); + }; + p = fork(); + if (p == -1) { + perror("fork failed: "); exit(1); + } + if (p == 0) { /* child */ + close(fd[0]); + dup2(fd[1], 1); /* Redirect stdout into pipe to parent */ + execvp("/usr/bin/gs", gs_argv); + perror("execvp: "); status=cleanup(); exit(1); + } else { /* parent */ + close(fd[1]); + gs = fdopen(fd[0], "r"); + if (gs == NULL) { + perror("fdopen: "); status=cleanup(); exit(1); + } + } #endif status = pstotextInit(&instance); if (status!=0) { debian/README.debian0000644000000000000000000000175211725173724011305 0ustar pstotext for DEBIAN ------------------- This package was originally packaged for Debian GNU/Linux by J.H.M. Dassen . The current Debian maintainer is Jan Jeroným Zvánovec NOTICE ------ In accordance with the USE RESTRICTIONS specified in the END USER LICENSE AGREEMENT governing this package (available in /usr/share/doc/pstotext/copyright.gz), please be aware that: (i). THIS SOFTWARE HAS BEEN MODIFIED. (ii). The modifications were done by developers of Debian GNU/Linux, organized as Software in the Public Interest (SPI), contact information for which can be found in the Debian GNU/Linux FAQ (part of the doc-debian package distributed with Debian GNU/Linux). (iii). A description of the modifications, including dates, can be found in the file /usr/share/doc/pstotext/changelog.Debian.gz; the modifications are documented through diff(1) output included in the Debian source distribution of this package. debian/rules0000755000000000000000000000423011725173724010256 0ustar #! /usr/bin/make -f # Based on the sample debian.rules file - for GNU Hello (1.3). # Copyright 1994,1995 by Ian Jackson. # I hereby give you perpetual unlimited permission to copy, modify and # relicense this file, provided that you do not remove my name from the file # itself. (I assert my moral right of paternity under the Copyright, # Designs and Patents Act 1988.) # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS = `dpkg-buildflags --get CFLAGS` CFLAGS += -Wall -DNEED_PROTO LDFLAGS = `dpkg-buildflags --get LDFLAGS` CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -fno-strict-aliasing endif build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir # The Makefile doesn't use CFLAGS, so we pass flags in an ugly way. make CC="gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS)" touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp -rm -f core [ ! -f Makefile ] || make clean -rm -f `find . -name "*~"` -rm -rf debian/pstotext debian/files* debian/substvars dh_clean debian/postrm.debhelper debian/postinst.debhelper install: build dh_testdir dh_testroot dh_prep dh_installdirs install -d debian/pstotext cd debian/pstotext; install -d `cat ../dirs` install -p pstotext `pwd`/debian/pstotext/usr/bin dh_installdocs cat pstotext.txt >> `pwd`/debian/pstotext/usr/share/doc/pstotext/copyright touch -r debian/copyright `pwd`/debian/pstotext/usr/share/doc/pstotext/copyright # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installdocs cat pstotext.txt >> `pwd`/debian/pstotext/usr/share/doc/pstotext/copyright touch -r debian/copyright `pwd`/debian/pstotext/usr/share/doc/pstotext/copyright dh_installmime dh_installman dh_installinfo dh_installchangelogs #CHANGELOGS# dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/control0000644000000000000000000000126611725173724010607 0ustar Source: pstotext Section: text Priority: optional Build-Depends: debhelper (>= 7) Maintainer: Jan Jeroným Zvánovec Standards-Version: 3.9.3.0 Homepage: http://www.cs.wisc.edu/~ghost/doc/pstotext.htm Package: pstotext Architecture: any Depends: ghostscript, ${shlibs:Depends}, ${misc:Depends} Description: Extract text from PostScript and PDF files pstotext extracts text (in the ISO 8859-1 character set) from a PostScript or PDF (Portable Document Format) file. Thus, pstotext is similar to the ps2ascii program that comes with ghostscript. The output of pstotext is however better than that of ps2ascii, because pstotext deals better with punctuation and ligatures.