SECURITY: fix arbitray command execution from remote in m17n flavor.

By Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>.
Noticed by brad@ in NetBSD.

www/w3m/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.24 2001/09/22 14:27:48 naddy Exp $
+# $OpenBSD: Makefile,v 1.25 2001/09/29 11:41:03 naddy Exp $
 
 ONLY_FOR_ARCHS=	i386 sparc m68k
 
@@ -68,11 +68,12 @@ LIB_DEPENDS+=	Imlib.19::graphics/imlib
 
 .elif ${FLAVOR:L:Mm17n}
 
-PKGNAME=	${DISTNAME}.${V_M17N}
+PKGNAME=	${DISTNAME}.${V_M17N}p1
 PATCHFILES=	${M17N_PATCH}
 HOMEPAGE=	http://www2u.biglobe.ne.jp/~hsaka/w3m/
 CONFIGURE_ARGS+= -suffix="" -charset=UTF-8
 DOCS+=		README.m17n
+PATCH_LIST+=	m17n-*
 
 .else
 

www/w3m/patches/m17n-indep_c

@@ -0,0 +1,20 @@
+$OpenBSD: m17n-indep_c,v 1.1 2001/09/29 11:41:03 naddy Exp $
+--- indep.c.orig	Sat Sep 29 03:02:38 2001
++++ indep.c	Sat Sep 29 03:03:32 2001
+@@ -74,14 +74,14 @@ currentdir()
+ #endif				/* __EMX__ */
+ 
+ char *
+-cleanupName(char *name)
++cleanupName2(char *name, int flag)
+ {
+     char *buf, *p, *q;
+ 
+     buf = allocStr(name, 0);
+     p = buf;
+     q = name;
+-    while (*q != '\0' && *q != '?') {
++    while (*q != '\0' && (*q != '?' || ! flag)) {
+ 	if (strncmp(p, "/../", 4) == 0) {	/* foo/bar/../FOO */
+ 	    if (p - 2 == buf && strncmp(p - 2, "..", 2) == 0) {
+ 		/* ../../       */

www/w3m/patches/m17n-indep_h

@@ -0,0 +1,13 @@
+$OpenBSD: m17n-indep_h,v 1.1 2001/09/29 11:41:03 naddy Exp $
+--- indep.h.orig	Sat Sep 29 03:03:43 2001
++++ indep.h	Sat Sep 29 03:04:10 2001
+@@ -20,7 +20,8 @@ extern char *getescapecmd(char **s);
+ extern char *allocStr(const char *s, int len);
+ extern int strCmp(const void *s1, const void *s2);
+ extern char *currentdir(void);
+-extern char *cleanupName(char *name);
++extern char *cleanupName2(char *name, int flag);
++#define cleanupName(name) cleanupName2((name), TRUE)
+ extern char *expandPath(char *name);
+ extern char *strcasestr(char *s1, char *s2);
+ extern int strcasemstr(char *str, char *srch[], char **ret_ptr);

www/w3m/patches/m17n-url_c

@@ -0,0 +1,39 @@
+$OpenBSD: m17n-url_c,v 1.1 2001/09/29 11:41:03 naddy Exp $
+--- url.c.orig	Sat Sep 29 03:04:23 2001
++++ url.c	Sat Sep 29 03:07:39 2001
+@@ -949,7 +949,7 @@ parseURL2(char *url, ParsedURL * pu, Par
+ 	    pu->file = cleanupName(pu->file);
+ 	}
+ 	if (pu->scheme == SCM_LOCAL)
+-	    pu->real_file = file_unquote(pu->file);
++	    pu->real_file = cleanupName2(file_unquote(pu->file), FALSE);
+     }
+ }
+ 
+@@ -1247,7 +1247,7 @@ openURL(char *url, ParsedURL * pu, Parse
+ 	    Str tmp2 = Strnew_charp("#");
+ 	    Strcat_charp(tmp2, pu->label);
+ 	    pu->file = tmp2->ptr;
+-	    pu->real_file = file_unquote(pu->file);
++	    pu->real_file = cleanupName2(file_unquote(pu->file), FALSE);
+ 	    pu->label = NULL;
+ 	}
+ 	else {
+@@ -1284,7 +1284,7 @@ openURL(char *url, ParsedURL * pu, Parse
+ 	else if ((q = strchr(pu->file, '?')) != NULL) {
+ 	    /* local CGI: GET */
+ 	    p = Strnew_charp_n(pu->file, (int)(q - pu->file))->ptr;
+-	    pu->real_file = file_unquote(p);
++	    pu->real_file = cleanupName2(file_unquote(p), FALSE);
+ 	    uf.stream = newFileStream(localcgi_get(pu->real_file, q + 1, option->referer),
+ 				      (void (*)()) pclose);
+ 	    if (uf.stream != NULL) {
+@@ -1606,7 +1606,7 @@ add_index_file(ParsedURL * pu, URLFile *
+     }
+     p = Strnew_m_charp(pu->file, "/", file_quote(index_file), NULL)->ptr;
+     p = cleanupName(p);
+-    q = file_unquote(p);
++    q = cleanupName2(file_unquote(p), FALSE);
+     examineFile(q, uf);
+     if (uf->stream == NULL)
+ 	return;