|
 |
68f74b |
From f95bed4ad636f286ef9ff3f5b4330a10938fd064 Mon Sep 17 00:00:00 2001
|
|
|
68f74b |
From: Jan Vcelak <jvcelak@redhat.com>
|
|
|
68f74b |
Date: Tue, 4 Nov 2014 14:36:47 +0100
|
|
|
68f74b |
Subject: [PATCH 3/4] various security fixes
|
|
|
68f74b |
|
|
|
68f74b |
CVE-2009-5044 (#709413)
|
|
|
68f74b |
CVE-2009-5080 (#720058)
|
|
|
68f74b |
CVE-2009-5081 (#720057)
|
|
|
68f74b |
|
|
|
68f74b |
Based on: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2;content- type=text%2Fplain
|
|
|
68f74b |
Resolves: #709415, #720060
|
|
|
68f74b |
Signed-off-by: Jan Vcelak <jvcelak@redhat.com>
|
|
|
68f74b |
---
|
|
|
68f74b |
contrib/eqn2graph/eqn2graph.sh | 2 ++
|
|
|
68f74b |
contrib/gdiffmk/tests/runtests.sh | 5 +++--
|
|
|
68f74b |
contrib/grap2graph/grap2graph.sh | 2 ++
|
|
|
68f74b |
contrib/groffer/main_subs.pl | 10 +++++-----
|
|
|
68f74b |
contrib/groffer/roff2.pl | 2 +-
|
|
|
68f74b |
contrib/pdfmark/pdfroff.1.man | 5 +++--
|
|
|
68f74b |
contrib/pic2graph/pic2graph.sh | 2 ++
|
|
|
68f74b |
doc/fixinfo.sh | 5 +++--
|
|
|
68f74b |
doc/groff.texi | 6 +++---
|
|
|
68f74b |
gendef.sh | 10 +++-------
|
|
|
68f74b |
10 files changed, 27 insertions(+), 22 deletions(-)
|
|
|
68f74b |
|
|
|
68f74b |
diff --git a/contrib/eqn2graph/eqn2graph.sh b/contrib/eqn2graph/eqn2graph.sh
|
|
|
68f74b |
index 3e9c374..4e4f11e 100644
|
|
|
68f74b |
--- a/contrib/eqn2graph/eqn2graph.sh
|
|
|
68f74b |
+++ b/contrib/eqn2graph/eqn2graph.sh
|
|
|
68f74b |
@@ -74,6 +74,8 @@ then
|
|
|
68f74b |
# but is supported by the stripped-down dash shell, for instance.
|
|
|
68f74b |
tmp="$d/eqn2graph$$-${RANDOM:-$PPID}"
|
|
|
68f74b |
(umask 077 && mkdir "$tmp") 2> /dev/null
|
|
|
68f74b |
+
|
|
|
68f74b |
+ tmp=
|
|
|
68f74b |
fi
|
|
|
68f74b |
|
|
|
68f74b |
if ! test -d "$tmp"
|
|
|
68f74b |
diff --git a/contrib/gdiffmk/tests/runtests.sh b/contrib/gdiffmk/tests/runtests.sh
|
|
|
68f74b |
index 0f7c3b6..f8aa874 100755
|
|
|
68f74b |
--- a/contrib/gdiffmk/tests/runtests.sh
|
|
|
68f74b |
+++ b/contrib/gdiffmk/tests/runtests.sh
|
|
|
68f74b |
@@ -63,8 +63,9 @@ TestResult () {
|
|
|
68f74b |
fi
|
|
|
68f74b |
}
|
|
|
68f74b |
|
|
|
68f74b |
-tmpfile=/tmp/$$
|
|
|
68f74b |
-trap 'rm -f ${tmpfile}' 0 1 2 3 15
|
|
|
68f74b |
+tmpfile="`mktemp -t gdiffmk-runtests.XXXXXXXXXX`" || exit
|
|
|
68f74b |
+trap 'rm -f -- "$tmpfile"' EXIT
|
|
|
68f74b |
+trap 'trap - EXIT; rm -f -- "$tmpfile"; exit 1' HUP INT QUIT TERM
|
|
|
68f74b |
|
|
|
68f74b |
# Run tests.
|
|
|
68f74b |
|
|
|
68f74b |
diff --git a/contrib/grap2graph/grap2graph.sh b/contrib/grap2graph/grap2graph.sh
|
|
|
68f74b |
index 29df25b..94c436b 100644
|
|
|
68f74b |
--- a/contrib/grap2graph/grap2graph.sh
|
|
|
68f74b |
+++ b/contrib/grap2graph/grap2graph.sh
|
|
|
68f74b |
@@ -76,6 +76,8 @@ then
|
|
|
68f74b |
# but is supported by the stripped-down dash shell, for instance.
|
|
|
68f74b |
tmp="$d/grap2graph$$-${RANDOM:-$PPID}"
|
|
|
68f74b |
(umask 077 && mkdir "$tmp") 2> /dev/null
|
|
|
68f74b |
+
|
|
|
68f74b |
+ tmp=
|
|
|
68f74b |
fi
|
|
|
68f74b |
|
|
|
68f74b |
if ! test -d "$tmp"
|
|
|
68f74b |
diff --git a/contrib/groffer/main_subs.pl b/contrib/groffer/main_subs.pl
|
|
|
68f74b |
index a40e356..c8c4e53 100644
|
|
|
68f74b |
--- a/contrib/groffer/main_subs.pl
|
|
|
68f74b |
+++ b/contrib/groffer/main_subs.pl
|
|
|
68f74b |
@@ -1244,7 +1244,7 @@ sub main_temp {
|
|
|
68f74b |
our $fh_stdin;
|
|
|
68f74b |
our $tmp_cat;
|
|
|
68f74b |
our $tmp_stdin;
|
|
|
68f74b |
- my $template = 'groffer_' . "$$" . '_XXXX';
|
|
|
68f74b |
+ my $template = 'groffer_' . "$$" . '_XXXXXXXXXX';
|
|
|
68f74b |
foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'},
|
|
|
68f74b |
$ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) {
|
|
|
68f74b |
if ($_ && -d $_ && -w $_) {
|
|
|
68f74b |
@@ -1276,12 +1276,12 @@ sub main_temp {
|
|
|
68f74b |
|
|
|
68f74b |
# further argument: SUFFIX => '.sh'
|
|
|
68f74b |
if ($Debug{'KEEP'}) {
|
|
|
68f74b |
- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir);
|
|
|
68f74b |
- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir);
|
|
|
68f74b |
+ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir);
|
|
|
68f74b |
+ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir);
|
|
|
68f74b |
} else {
|
|
|
68f74b |
- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1,
|
|
|
68f74b |
+ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1,
|
|
|
68f74b |
DIR => $tmpdir);
|
|
|
68f74b |
- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1,
|
|
|
68f74b |
+ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1,
|
|
|
68f74b |
DIR => $tmpdir);
|
|
|
68f74b |
}
|
|
|
68f74b |
} # main_temp()
|
|
|
68f74b |
diff --git a/contrib/groffer/roff2.pl b/contrib/groffer/roff2.pl
|
|
|
68f74b |
index cf5c583..24af006 100755
|
|
|
68f74b |
--- a/contrib/groffer/roff2.pl
|
|
|
68f74b |
+++ b/contrib/groffer/roff2.pl
|
|
|
68f74b |
@@ -123,7 +123,7 @@ if ($Has_Groffer) {
|
|
|
68f74b |
last;
|
|
|
68f74b |
}
|
|
|
68f74b |
}
|
|
|
68f74b |
- my $template = $Name . '_XXXX';
|
|
|
68f74b |
+ my $template = $Name . '_XXXXXXXXXX';
|
|
|
68f74b |
my ($fh, $stdin);
|
|
|
68f74b |
if ($tempdir) {
|
|
|
68f74b |
($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) ||
|
|
|
68f74b |
diff --git a/contrib/pdfmark/pdfroff.1.man b/contrib/pdfmark/pdfroff.1.man
|
|
|
68f74b |
index 95d7807..aa6f079 100644
|
|
|
68f74b |
--- a/contrib/pdfmark/pdfroff.1.man
|
|
|
68f74b |
+++ b/contrib/pdfmark/pdfroff.1.man
|
|
|
68f74b |
@@ -540,7 +540,7 @@ gs \-dBATCH \-dQUIET \-dNOPAUSE \-dSAFER \-sDEVICE=pdfwrite \e
|
|
|
68f74b |
.I GROFF_TMPDIR
|
|
|
68f74b |
Identifies the directory in which
|
|
|
68f74b |
.B pdfroff
|
|
|
68f74b |
-should create temporary files.
|
|
|
68f74b |
+should create a subdirectory for its temporary files.
|
|
|
68f74b |
.
|
|
|
68f74b |
If
|
|
|
68f74b |
.I \%GROFF_TMPDIR
|
|
|
68f74b |
@@ -553,7 +553,8 @@ and
|
|
|
68f74b |
.I TEMP
|
|
|
68f74b |
are considered in turn, as possible temporary file repositories.
|
|
|
68f74b |
If none of these are set, then temporary files are created
|
|
|
68f74b |
-in the current directory.
|
|
|
68f74b |
+in a subdirectory of
|
|
|
68f74b |
+.BR /tmp .
|
|
|
68f74b |
.
|
|
|
68f74b |
.TP
|
|
|
68f74b |
.I GROFF_GHOSTSCRIPT_INTERPRETER
|
|
|
68f74b |
diff --git a/contrib/pic2graph/pic2graph.sh b/contrib/pic2graph/pic2graph.sh
|
|
|
68f74b |
index b229914..2d6e77c 100644
|
|
|
68f74b |
--- a/contrib/pic2graph/pic2graph.sh
|
|
|
68f74b |
+++ b/contrib/pic2graph/pic2graph.sh
|
|
|
68f74b |
@@ -89,6 +89,8 @@ then
|
|
|
68f74b |
# but is supported by the stripped-down dash shell, for instance.
|
|
|
68f74b |
tmp="$d/pic2graph$$-${RANDOM:-$PPID}"
|
|
|
68f74b |
(umask 077 && mkdir "$tmp") 2> /dev/null
|
|
|
68f74b |
+
|
|
|
68f74b |
+ tmp=
|
|
|
68f74b |
fi
|
|
|
68f74b |
|
|
|
68f74b |
if ! test -d "$tmp"
|
|
|
68f74b |
diff --git a/doc/fixinfo.sh b/doc/fixinfo.sh
|
|
|
68f74b |
index 47127f8..69bb74d 100644
|
|
|
68f74b |
--- a/doc/fixinfo.sh
|
|
|
68f74b |
+++ b/doc/fixinfo.sh
|
|
|
68f74b |
@@ -24,8 +24,9 @@
|
|
|
68f74b |
#
|
|
|
68f74b |
# 09-2014: no more problem with texinfo 5.0 or higher
|
|
|
68f74b |
#
|
|
|
68f74b |
-t=${TMPDIR-.}/gro$$.tmp
|
|
|
68f74b |
-
|
|
|
68f74b |
+t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit
|
|
|
68f74b |
+trap 'rm -f -- "$t"' EXIT
|
|
|
68f74b |
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
|
|
|
68f74b |
cat $1 | sed '
|
|
|
68f74b |
1 {
|
|
|
68f74b |
N
|
|
|
68f74b |
diff --git a/doc/groff.texi b/doc/groff.texi
|
|
|
68f74b |
index e7fe4aa..b4d01ed 100644
|
|
|
68f74b |
--- a/doc/groff.texi
|
|
|
68f74b |
+++ b/doc/groff.texi
|
|
|
68f74b |
@@ -13857,9 +13857,9 @@ into a document:
|
|
|
68f74b |
@pindex perl
|
|
|
68f74b |
@Example
|
|
|
68f74b |
.sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
|
|
|
68f74b |
- (localtime(time))[2,1,0]' > /tmp/x\n[$$]
|
|
|
68f74b |
-.so /tmp/x\n[$$]
|
|
|
68f74b |
-.sy rm /tmp/x\n[$$]
|
|
|
68f74b |
+ (localtime(time))[2,1,0]' > timefile\n[$$]
|
|
|
68f74b |
+.so timefile\n[$$]
|
|
|
68f74b |
+.sy rm timefile\n[$$]
|
|
|
68f74b |
\nH:\nM:\nS
|
|
|
68f74b |
@endExample
|
|
|
68f74b |
|
|
|
68f74b |
diff --git a/gendef.sh b/gendef.sh
|
|
|
68f74b |
index be41dbe..4770bae 100644
|
|
|
68f74b |
--- a/gendef.sh
|
|
|
68f74b |
+++ b/gendef.sh
|
|
|
68f74b |
@@ -33,11 +33,9 @@ do
|
|
|
68f74b |
#define $def"
|
|
|
68f74b |
done
|
|
|
68f74b |
|
|
|
68f74b |
-# Use $TMPDIR if defined. Default to cwd, for non-Unix systems
|
|
|
68f74b |
-# which don't have /tmp on each drive (we are going to remove
|
|
|
68f74b |
-# the file before we exit anyway). Put the PID in the basename,
|
|
|
68f74b |
-# since the extension can only hold 3 characters on MS-DOS.
|
|
|
68f74b |
-t=${TMPDIR-.}/gro$$.tmp
|
|
|
68f74b |
+t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit
|
|
|
68f74b |
+trap 'rm -f -- "$t"' EXIT
|
|
|
68f74b |
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
|
|
|
68f74b |
|
|
|
68f74b |
sed -e 's/=/ /' >$t <
|
|
|
68f74b |
$defs
|
|
|
68f74b |
@@ -45,8 +43,6 @@ EOF
|
|
|
68f74b |
|
|
|
68f74b |
test -r $file && cmp -s $t $file || cp $t $file
|
|
|
68f74b |
|
|
|
68f74b |
-rm -f $t
|
|
|
68f74b |
-
|
|
|
68f74b |
exit 0
|
|
|
68f74b |
|
|
|
68f74b |
# eof
|
|
|
68f74b |
--
|
|
|
68f74b |
2.21.1
|
|
|
68f74b |
|