+++ /dev/null
---- groff-1.17/src/roff/troff/input.cpp.safer Wed Jun 7 21:47:48 2000
-+++ groff-1.17/src/roff/troff/input.cpp Wed Jun 7 21:50:37 2000
-@@ -4404,12 +4406,28 @@
- else {
- while (!tok.newline() && !tok.eof())
- tok.next();
-- errno = 0;
-- FILE *fp = fopen(nm.contents(), "r");
-- if (fp)
-- input_stack::push(new file_iterator(fp, nm.contents()));
-- else
-- error("can't open `%1': %2", nm.contents(), strerror(errno));
-+ char cbuf[PATH_MAX], * cwd;
-+ char pbuf[PATH_MAX], * path;
-+ struct stat st;
-+
-+ if ((cwd = realpath(".", cbuf)) == NULL)
-+ error("realpath on `%1' failed: %2", ".", strerror(errno));
-+ else if ((path = realpath(nm.contents(), pbuf)) == NULL)
-+ error("realpath on `%1' failed: %2", nm.contents(), strerror(errno));
-+ else if (safer_flag && strncmp(cwd, path, strlen(cwd)))
-+ error("won't source `%1' outside of `%2' without -U flag", path, cwd);
-+ else if (stat(path, &st) < 0)
-+ error("can't stat `%1': %2", path, strerror(errno));
-+ else if (safer_flag && !S_ISREG(st.st_mode))
-+ error("won't source non-file `%1' without -U flag", path);
-+ else {
-+ errno = 0;
-+ FILE *fp = fopen(path, "r");
-+ if (fp)
-+ input_stack::push(new file_iterator(fp, nm.contents()));
-+ else
-+ error("can't open `%1': %2", path, strerror(errno));
-+ }
- tok.next();
- }
- }