Blame SOURCES/0003-various-security-fixes.patch

910785
From 8989e9e33080ed5a6e940bfbca3a4ef28b3264b5 Mon Sep 17 00:00:00 2001
910785
From: Jan Vcelak <jvcelak@redhat.com>
910785
Date: Tue, 1 Jan 2013 15:35:04 +0100
910785
Subject: [PATCH] various security fixes
910785
910785
CVE-2009-5044 (#709413)
910785
CVE-2009-5080 (#720058)
910785
CVE-2009-5081 (#720057)
910785
910785
Based on: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2;content-type=text%2Fplain
910785
Resolves: #709415, #720060
910785
Signed-off-by: Jan Vcelak <jvcelak@redhat.com>
910785
---
910785
 contrib/eqn2graph/eqn2graph.sh    |  2 ++
910785
 contrib/gdiffmk/tests/runtests.in |  5 +++--
910785
 contrib/grap2graph/grap2graph.sh  |  2 ++
910785
 contrib/groffer/perl/groffer.pl   | 10 +++++-----
910785
 contrib/groffer/perl/roff2.pl     |  2 +-
910785
 contrib/pdfmark/pdfroff.man       |  5 +++--
910785
 contrib/pic2graph/pic2graph.sh    |  2 ++
910785
 doc/fixinfo.sh                    |  4 +++-
910785
 doc/groff.info-2                  |  6 +++---
910785
 doc/groff.texinfo                 |  6 +++---
910785
 gendef.sh                         | 10 +++-------
910785
 11 files changed, 30 insertions(+), 24 deletions(-)
910785
910785
diff --git a/contrib/eqn2graph/eqn2graph.sh b/contrib/eqn2graph/eqn2graph.sh
910785
index 2f1fa56..c628423 100644
910785
--- a/contrib/eqn2graph/eqn2graph.sh
910785
+++ b/contrib/eqn2graph/eqn2graph.sh
910785
@@ -69,6 +69,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
910785
 
910785
     tmp=$d/eqn2graph$$-$RANDOM
910785
     (umask 077 && mkdir $tmp) 2> /dev/null && break
910785
+
910785
+    tmp=
910785
 done;
910785
 if test -z "$tmp"; then
910785
     echo "$0: cannot create temporary directory" >&2
910785
diff --git a/contrib/gdiffmk/tests/runtests.in b/contrib/gdiffmk/tests/runtests.in
910785
index 714ce48..40a35c4 100644
910785
--- a/contrib/gdiffmk/tests/runtests.in
910785
+++ b/contrib/gdiffmk/tests/runtests.in
910785
@@ -56,8 +56,9 @@ function TestResult {
910785
 	fi
910785
 }
910785
 
910785
-tmpfile=/tmp/$$
910785
-trap 'rm -f ${tmpfile}' 0 1 2 3 15
910785
+tmpfile="`mktemp -t gdiffmk-runtests.XXXXXXXXXX`" || exit
910785
+trap 'rm -f -- "$tmpfile"' EXIT
910785
+trap 'trap - EXIT; rm -f -- "$tmpfile"; exit 1' HUP INT QUIT TERM
910785
 
910785
 #	Run tests.
910785
 
910785
diff --git a/contrib/grap2graph/grap2graph.sh b/contrib/grap2graph/grap2graph.sh
910785
index 580e340..fe38041 100644
910785
--- a/contrib/grap2graph/grap2graph.sh
910785
+++ b/contrib/grap2graph/grap2graph.sh
910785
@@ -65,6 +65,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
910785
 
910785
     tmp=$d/grap2graph$$-$RANDOM
910785
     (umask 077 && mkdir $tmp) 2> /dev/null && break
910785
+
910785
+    tmp=
910785
 done;
910785
 if test -z "$tmp"; then
910785
     echo "$0: cannot create temporary directory" >&2
910785
diff --git a/contrib/groffer/perl/groffer.pl b/contrib/groffer/perl/groffer.pl
910785
index 65d4cdb..fd11ab1 100755
910785
--- a/contrib/groffer/perl/groffer.pl
910785
+++ b/contrib/groffer/perl/groffer.pl
910785
@@ -1379,7 +1379,7 @@ sub _check_prog_on_list {
910785
 ########################################################################
910785
 
910785
 sub main_temp {
910785
-  my $template = 'groffer_' . "$$" . '_XXXX';
910785
+  my $template = 'groffer_' . "$$" . '_XXXXXXXXXX';
910785
   foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'},
910785
 	   $ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) {
910785
     if ($_ && -d $_ && -w $_) {
910785
@@ -1410,12 +1410,12 @@ sub main_temp {
910785
 
910785
   # further argument: SUFFIX => '.sh'
910785
   if ($Debug{'KEEP'}) {
910785
-    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir);
910785
-    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir);
910785
+    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir);
910785
+    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir);
910785
   } else {
910785
-    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1,
910785
+    ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1,
910785
 				   DIR => $tmpdir);
910785
-    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1,
910785
+    ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1,
910785
 				       DIR => $tmpdir);
910785
   }
910785
 }				# main_temp()
910785
diff --git a/contrib/groffer/perl/roff2.pl b/contrib/groffer/perl/roff2.pl
910785
index 0e1f17a..b9eb67e 100755
910785
--- a/contrib/groffer/perl/roff2.pl
910785
+++ b/contrib/groffer/perl/roff2.pl
910785
@@ -124,7 +124,7 @@ if ($Has_Groffer) {
910785
 	last;
910785
       }
910785
     }
910785
-    my $template = $Name . '_XXXX';
910785
+    my $template = $Name . '_XXXXXXXXXX';
910785
     my ($fh, $stdin);
910785
     if ($tempdir) {
910785
       ($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) ||
910785
diff --git a/contrib/pdfmark/pdfroff.man b/contrib/pdfmark/pdfroff.man
910785
index 3a1d705..73650a8 100644
910785
--- a/contrib/pdfmark/pdfroff.man
910785
+++ b/contrib/pdfmark/pdfroff.man
910785
@@ -529,7 +529,7 @@ defaults to
910785
 .B GROFF_TMPDIR
910785
 Identifies the directory in which
910785
 .B pdfroff
910785
-should create temporary files.
910785
+should create a subdirectory for its temporary files.
910785
 If
910785
 .B \%GROFF_TMPDIR
910785
 is
910785
@@ -541,7 +541,8 @@ and
910785
 .B TEMP
910785
 are considered in turn, as possible temporary file repositories.
910785
 If none of these are set, then temporary files are created
910785
-in the current directory.
910785
+in a subdirectory of
910785
+.BR /tmp .
910785
 .
910785
 .TP
910785
 .B GROFF_GHOSTSCRIPT_INTERPRETER
910785
diff --git a/contrib/pic2graph/pic2graph.sh b/contrib/pic2graph/pic2graph.sh
910785
index 0c45610..874aad0 100644
910785
--- a/contrib/pic2graph/pic2graph.sh
910785
+++ b/contrib/pic2graph/pic2graph.sh
910785
@@ -80,6 +80,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP" "$TEMP" /tmp; do
910785
     tmp=$d/pic2graph$$-$RANDOM
910785
     (umask 077 && mkdir $tmp) 2> /dev/null \
910785
     && break
910785
+
910785
+    tmp=
910785
 done;
910785
 if test -z "$tmp"; then
910785
     echo "$0: cannot create temporary directory" >&2
910785
diff --git a/doc/fixinfo.sh b/doc/fixinfo.sh
910785
index 2c853f8..a0e8295 100644
910785
--- a/doc/fixinfo.sh
910785
+++ b/doc/fixinfo.sh
910785
@@ -22,7 +22,9 @@
910785
 # groff.texinfo macro code.  Hopefully, a new texinfo version makes it
910785
 # unnecessary.
910785
 
910785
-t=${TMPDIR-.}/gro$$.tmp
910785
+t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit
910785
+trap 'rm -f -- "$t"' EXIT
910785
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
910785
 
910785
 cat $1 | sed '
910785
 1 {
910785
diff --git a/doc/groff.info-2 b/doc/groff.info-2
910785
index 3e169ec..e964dd6 100644
910785
--- a/doc/groff.info-2
910785
+++ b/doc/groff.info-2
910785
@@ -1957,9 +1957,9 @@ not there, `groff' would not know when to stop.
910785
 
910785
 
910785
           .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
910785
-                       (localtime(time))[2,1,0]' > /tmp/x\n[$$]
910785
-          .so /tmp/x\n[$$]
910785
-          .sy rm /tmp/x\n[$$]
910785
+                       (localtime(time))[2,1,0]' > timefile\n[$$]
910785
+          .so timefile\n[$$]
910785
+          .sy rm timefile\n[$$]
910785
           \nH:\nM:\nS
910785
 
910785
      Note that this works by having the `perl' script (run by `sy')
910785
diff --git a/doc/groff.texinfo b/doc/groff.texinfo
910785
index bf77e95..914ba8b 100644
910785
--- a/doc/groff.texinfo
910785
+++ b/doc/groff.texinfo
910785
@@ -13660,9 +13660,9 @@ into a document:
910785
 @pindex perl
910785
 @Example
910785
 .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
910785
-             (localtime(time))[2,1,0]' > /tmp/x\n[$$]
910785
-.so /tmp/x\n[$$]
910785
-.sy rm /tmp/x\n[$$]
910785
+             (localtime(time))[2,1,0]' > timefile\n[$$]
910785
+.so timefile\n[$$]
910785
+.sy rm timefile\n[$$]
910785
 \nH:\nM:\nS
910785
 @endExample
910785
 
910785
diff --git a/gendef.sh b/gendef.sh
910785
index ad4ccb2..c25e2d4 100644
910785
--- a/gendef.sh
910785
+++ b/gendef.sh
910785
@@ -34,11 +34,9 @@ do
910785
 #define $def"
910785
 done
910785
 
910785
-# Use $TMPDIR if defined.  Default to cwd, for non-Unix systems
910785
-# which don't have /tmp on each drive (we are going to remove
910785
-# the file before we exit anyway).  Put the PID in the basename,
910785
-# since the extension can only hold 3 characters on MS-DOS.
910785
-t=${TMPDIR-.}/gro$$.tmp
910785
+t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit
910785
+trap 'rm -f -- "$t"' EXIT
910785
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
910785
 
910785
 sed -e 's/=/ /' >$t <
910785
 $defs
910785
@@ -46,8 +44,6 @@ EOF
910785
 
910785
 test -r $file && cmp -s $t $file || cp $t $file
910785
 
910785
-rm -f $t
910785
-
910785
 exit 0
910785
 
910785
 # eof
910785
-- 
910785
1.8.0.2
910785