rpms / groff

Clone
Source Code
GIT

Blame SOURCES/0003-various-security-fixes.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   d4f5ec23b71b76e401c7f596bb287e1473e5239e
  2.   SOURCES
  3.   0003-various-security-fixes.patch
Blob History Raw
d4f5ec 
From 36115e102859badb08cb5b2398de6b0ba45421d3 Mon Sep 17 00:00:00 2001
d4f5ec 
From: Jan Vcelak <jvcelak@redhat.com>
d4f5ec 
Date: Tue, 4 Nov 2014 14:36:47 +0100
d4f5ec 
Subject: [PATCH] various security fixes
d4f5ec
d4f5ec 
CVE-2009-5044 (#709413)
d4f5ec 
CVE-2009-5080 (#720058)
d4f5ec 
CVE-2009-5081 (#720057)
d4f5ec
d4f5ec 
Based on: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2;content-type=text%2Fplain
d4f5ec 
Resolves: #709415, #720060
d4f5ec 
Signed-off-by: Jan Vcelak <jvcelak@redhat.com>
d4f5ec 
---
d4f5ec 
 contrib/eqn2graph/eqn2graph.sh    |  2 ++
d4f5ec 
 contrib/gdiffmk/tests/runtests.in |  5 +++--
d4f5ec 
 contrib/grap2graph/grap2graph.sh  |  2 ++
d4f5ec 
 contrib/groffer/main_subs.pl      | 10 +++++-----
d4f5ec 
 contrib/groffer/roff2.pl          |  2 +-
d4f5ec 
 contrib/pdfmark/pdfroff.man       |  5 +++--
d4f5ec 
 contrib/pic2graph/pic2graph.sh    |  2 ++
d4f5ec 
 doc/fixinfo.sh                    |  5 +++--
d4f5ec 
 doc/groff.info-2                  |  6 +++---
d4f5ec 
 doc/groff.texinfo                 |  6 +++---
d4f5ec 
 gendef.sh                         | 10 +++-------
d4f5ec 
 11 files changed, 30 insertions(+), 25 deletions(-)
d4f5ec
d4f5ec 
diff --git a/contrib/eqn2graph/eqn2graph.sh b/contrib/eqn2graph/eqn2graph.sh
d4f5ec 
index ee7cc5f..13edf78 100644
d4f5ec 
--- a/contrib/eqn2graph/eqn2graph.sh
d4f5ec 
+++ b/contrib/eqn2graph/eqn2graph.sh
d4f5ec 
@@ -67,6 +67,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
d4f5ec
d4f5ec 
     tmp=$d/eqn2graph$$-$RANDOM
d4f5ec 
     (umask 077 && mkdir $tmp) 2> /dev/null && break
d4f5ec 
+
d4f5ec 
+    tmp=
d4f5ec 
 done;
d4f5ec 
 if test -z "$tmp"; then
d4f5ec 
     echo "$0: cannot create temporary directory" >&2
d4f5ec 
diff --git a/contrib/gdiffmk/tests/runtests.in b/contrib/gdiffmk/tests/runtests.in
d4f5ec 
index 714ce48..40a35c4 100644
d4f5ec 
--- a/contrib/gdiffmk/tests/runtests.in
d4f5ec 
+++ b/contrib/gdiffmk/tests/runtests.in
d4f5ec 
@@ -56,8 +56,9 @@ function TestResult {
d4f5ec 
 	fi
d4f5ec 
 }
d4f5ec
d4f5ec 
-tmpfile=/tmp/$$
d4f5ec 
-trap 'rm -f ${tmpfile}' 0 1 2 3 15
d4f5ec 
+tmpfile="`mktemp -t gdiffmk-runtests.XXXXXXXXXX`" || exit
d4f5ec 
+trap 'rm -f -- "$tmpfile"' EXIT
d4f5ec 
+trap 'trap - EXIT; rm -f -- "$tmpfile"; exit 1' HUP INT QUIT TERM
d4f5ec
d4f5ec 
 #	Run tests.
d4f5ec
d4f5ec 
diff --git a/contrib/grap2graph/grap2graph.sh b/contrib/grap2graph/grap2graph.sh
d4f5ec 
index 58544e1..aeab832 100644
d4f5ec 
--- a/contrib/grap2graph/grap2graph.sh
d4f5ec 
+++ b/contrib/grap2graph/grap2graph.sh
d4f5ec 
@@ -63,6 +63,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
d4f5ec
d4f5ec 
     tmp=$d/grap2graph$$-$RANDOM
d4f5ec 
     (umask 077 && mkdir $tmp) 2> /dev/null && break
d4f5ec 
+
d4f5ec 
+    tmp=
d4f5ec 
 done;
d4f5ec 
 if test -z "$tmp"; then
d4f5ec 
     echo "$0: cannot create temporary directory" >&2
d4f5ec 
diff --git a/contrib/groffer/main_subs.pl b/contrib/groffer/main_subs.pl
d4f5ec 
index 90627cc..76896cd 100644
d4f5ec 
--- a/contrib/groffer/main_subs.pl
d4f5ec 
+++ b/contrib/groffer/main_subs.pl
d4f5ec 
@@ -1239,7 +1239,7 @@ sub main_temp {
d4f5ec 
   our $fh_stdin;
d4f5ec 
   our $tmp_cat;
d4f5ec 
   our $tmp_stdin;
d4f5ec 
-  my $template = 'groffer_' . "$$" . '_XXXX';
d4f5ec 
+  my $template = 'groffer_' . "$$" . '_XXXXXXXXXX';
d4f5ec 
   foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'},
d4f5ec 
 	   $ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) {
d4f5ec 
     if ($_ && -d $_ && -w $_) {
d4f5ec 
@@ -1271,12 +1271,12 @@ sub main_temp {
d4f5ec
d4f5ec 
   # further argument: SUFFIX => '.sh'
d4f5ec 
   if ($Debug{'KEEP'}) {
d4f5ec 
-    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir);
d4f5ec 
-    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir);
d4f5ec 
+    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir);
d4f5ec 
+    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir);
d4f5ec 
   } else {
d4f5ec 
-    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1,
d4f5ec 
+    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1,
d4f5ec 
 				   DIR => $tmpdir);
d4f5ec 
-    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1,
d4f5ec 
+    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1,
d4f5ec 
 				       DIR => $tmpdir);
d4f5ec 
   }
d4f5ec 
 }				# main_temp()
d4f5ec 
diff --git a/contrib/groffer/roff2.pl b/contrib/groffer/roff2.pl
d4f5ec 
index d8dad3f..f0ca9f2 100755
d4f5ec 
--- a/contrib/groffer/roff2.pl
d4f5ec 
+++ b/contrib/groffer/roff2.pl
d4f5ec 
@@ -123,7 +123,7 @@ if ($Has_Groffer) {
d4f5ec 
 	last;
d4f5ec 
       }
d4f5ec 
     }
d4f5ec 
-    my $template = $Name . '_XXXX';
d4f5ec 
+    my $template = $Name . '_XXXXXXXXXX';
d4f5ec 
     my ($fh, $stdin);
d4f5ec 
     if ($tempdir) {
d4f5ec 
       ($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) ||
d4f5ec 
diff --git a/contrib/pdfmark/pdfroff.man b/contrib/pdfmark/pdfroff.man
d4f5ec 
index ec412bb..faf2898 100644
d4f5ec 
--- a/contrib/pdfmark/pdfroff.man
d4f5ec 
+++ b/contrib/pdfmark/pdfroff.man
d4f5ec 
@@ -555,7 +555,7 @@ defaults to
d4f5ec 
 .B GROFF_TMPDIR
d4f5ec 
 Identifies the directory in which
d4f5ec 
 .B pdfroff
d4f5ec 
-should create temporary files.
d4f5ec 
+should create a subdirectory for its temporary files.
d4f5ec 
 .
d4f5ec 
 If
d4f5ec 
 .B \%GROFF_TMPDIR
d4f5ec 
@@ -568,7 +568,8 @@ and
d4f5ec 
 .B TEMP
d4f5ec 
 are considered in turn, as possible temporary file repositories.
d4f5ec 
 If none of these are set, then temporary files are created
d4f5ec 
-in the current directory.
d4f5ec 
+in a subdirectory of
d4f5ec 
+.BR /tmp .
d4f5ec 
 .
d4f5ec 
 .TP
d4f5ec 
 .B GROFF_GHOSTSCRIPT_INTERPRETER
d4f5ec 
diff --git a/contrib/pic2graph/pic2graph.sh b/contrib/pic2graph/pic2graph.sh
d4f5ec 
index 72c5477..6b3360d 100644
d4f5ec 
--- a/contrib/pic2graph/pic2graph.sh
d4f5ec 
+++ b/contrib/pic2graph/pic2graph.sh
d4f5ec 
@@ -78,6 +78,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
d4f5ec 
     tmp=$d/pic2graph$$-$RANDOM
d4f5ec 
     (umask 077 && mkdir $tmp) 2> /dev/null \
d4f5ec 
     && break
d4f5ec 
+
d4f5ec 
+    tmp=
d4f5ec 
 done;
d4f5ec 
 if test -z "$tmp"; then
d4f5ec 
     echo "$0: cannot create temporary directory" >&2
d4f5ec 
diff --git a/doc/fixinfo.sh b/doc/fixinfo.sh
d4f5ec 
index 2c853f8..6954e6a 100644
d4f5ec 
--- a/doc/fixinfo.sh
d4f5ec 
+++ b/doc/fixinfo.sh
d4f5ec 
@@ -22,8 +22,9 @@
d4f5ec 
 # groff.texinfo macro code.  Hopefully, a new texinfo version makes it
d4f5ec 
 # unnecessary.
d4f5ec
d4f5ec 
-t=${TMPDIR-.}/gro$$.tmp
d4f5ec 
-
d4f5ec 
+t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit
d4f5ec 
+trap 'rm -f -- "$t"' EXIT
d4f5ec 
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
d4f5ec 
 cat $1 | sed '
d4f5ec 
 1 {
d4f5ec 
   N
d4f5ec 
diff --git a/doc/groff.info-2 b/doc/groff.info-2
d4f5ec 
index 7eaae86..e7dab72 100644
d4f5ec 
--- a/doc/groff.info-2
d4f5ec 
+++ b/doc/groff.info-2
d4f5ec 
@@ -1697,9 +1697,9 @@ not there, 'groff' would not know when to stop.
d4f5ec 
      time into a document:
d4f5ec
d4f5ec 
           .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
d4f5ec 
-                       (localtime(time))[2,1,0]' > /tmp/x\n[$$]
d4f5ec 
-          .so /tmp/x\n[$$]
d4f5ec 
-          .sy rm /tmp/x\n[$$]
d4f5ec 
+                       (localtime(time))[2,1,0]' > timefile\n[$$]
d4f5ec 
+          .so timefile\n[$$]
d4f5ec 
+          .sy rm timefile\n[$$]
d4f5ec 
           \nH:\nM:\nS
d4f5ec
d4f5ec 
      Note that this works by having the 'perl' script (run by 'sy')
d4f5ec 
diff --git a/doc/groff.texinfo b/doc/groff.texinfo
d4f5ec 
index 066b527..83684da 100644
d4f5ec 
--- a/doc/groff.texinfo
d4f5ec 
+++ b/doc/groff.texinfo
d4f5ec 
@@ -13736,9 +13736,9 @@ into a document:
d4f5ec 
 @pindex perl
d4f5ec 
 @Example
d4f5ec 
 .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
d4f5ec 
-             (localtime(time))[2,1,0]' > /tmp/x\n[$$]
d4f5ec 
-.so /tmp/x\n[$$]
d4f5ec 
-.sy rm /tmp/x\n[$$]
d4f5ec 
+             (localtime(time))[2,1,0]' > timefile\n[$$]
d4f5ec 
++.so timefile\n[$$]
d4f5ec 
++.sy rm timefile\n[$$]
d4f5ec 
 \nH:\nM:\nS
d4f5ec 
 @endExample
d4f5ec
d4f5ec 
diff --git a/gendef.sh b/gendef.sh
d4f5ec 
index 41a511b..050bcbe 100644
d4f5ec 
--- a/gendef.sh
d4f5ec 
+++ b/gendef.sh
d4f5ec 
@@ -33,11 +33,9 @@ do
d4f5ec 
 #define $def"
d4f5ec 
 done
d4f5ec
d4f5ec 
-# Use $TMPDIR if defined.  Default to cwd, for non-Unix systems
d4f5ec 
-# which don't have /tmp on each drive (we are going to remove
d4f5ec 
-# the file before we exit anyway).  Put the PID in the basename,
d4f5ec 
-# since the extension can only hold 3 characters on MS-DOS.
d4f5ec 
-t=${TMPDIR-.}/gro$$.tmp
d4f5ec 
+t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit
d4f5ec 
+trap 'rm -f -- "$t"' EXIT
d4f5ec 
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
d4f5ec
d4f5ec 
 sed -e 's/=/ /' >$t <
d4f5ec 
 $defs
d4f5ec 
@@ -45,8 +43,6 @@ EOF
d4f5ec
d4f5ec 
 test -r $file && cmp -s $t $file || cp $t $file
d4f5ec
d4f5ec 
-rm -f $t
d4f5ec 
-
d4f5ec 
 exit 0
d4f5ec
d4f5ec 
 # eof
d4f5ec 
--
d4f5ec 
1.9.3
d4f5ec

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation