pool/groff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a80cb11a99
groff/groff-1.21-CVE-2009-5081.patch

156 lines
5.7 KiB
Diff
Raw Normal View History

- fix bnc#703665 - VUL-1: groff: missing checks for mktemp failures (CVE-2009-5080) - fix bnc#703666 - VUL-1: groff: insufficient number of X for mktemp (CVE-2009-5081) OBS-URL: https://build.opensuse.org/package/show/M17N/groff?expand=0&rev=22
2011-09-22 14:52:01 +02:00
Index: groff-1.21/contrib/groffer/perl/groffer.pl
===================================================================
--- groff-1.21.orig/contrib/groffer/perl/groffer.pl 2010-12-31 08:33:09.000000000 +0100
+++ groff-1.21/contrib/groffer/perl/groffer.pl 2011-09-22 14:23:55.756494935 +0200
@@ -1380,7 +1380,7 @@
########################################################################
sub main_temp {
- my $template = 'groffer_' . "$$" . '_XXXX';
+ my $template = 'groffer_' . "$$" . '_XXXXXXXXXX';
foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'},
$ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) {
if ($_ && -d $_ && -w $_) {
@@ -1411,12 +1411,12 @@
# further argument: SUFFIX => '.sh'
if ($Debug{'KEEP'}) {
- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir);
- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir);
+ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir);
+ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir);
} else {
- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1,
+ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1,
DIR => $tmpdir);
- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1,
+ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1,
DIR => $tmpdir);
}
} # main_temp()
Index: groff-1.21/contrib/groffer/perl/roff2.pl
===================================================================
--- groff-1.21.orig/contrib/groffer/perl/roff2.pl 2010-12-31 08:33:09.000000000 +0100
+++ groff-1.21/contrib/groffer/perl/roff2.pl 2011-09-22 14:23:55.783495865 +0200
@@ -124,7 +124,7 @@
last;
}
}
- my $template = $Name . '_XXXX';
+ my $template = $Name . '_XXXXXXXXXX';
my ($fh, $stdin);
if ($tempdir) {
($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) ||
Index: groff-1.21/contrib/pdfmark/pdfroff.man
===================================================================
--- groff-1.21.orig/contrib/pdfmark/pdfroff.man 2011-09-22 14:15:22.000000000 +0200
+++ groff-1.21/contrib/pdfmark/pdfroff.man 2011-09-22 14:23:55.792496177 +0200
@@ -529,7 +529,7 @@
.B GROFF_TMPDIR
Identifies the directory in which
.B pdfroff
-should create temporary files.
+should create a subdirectory for its temporary files.
If
.B \%GROFF_TMPDIR
is
@@ -541,7 +541,8 @@
.B TEMP
are considered in turn, as possible temporary file repositories.
If none of these are set, then temporary files are created
-in the current directory.
+in a subdirectory of
+.BR /tmp .
.
.TP
.B GROFF_GHOSTSCRIPT_INTERPRETER
Index: groff-1.21/doc/fixinfo.sh
===================================================================
--- groff-1.21.orig/doc/fixinfo.sh 2010-12-31 08:33:09.000000000 +0100
+++ groff-1.21/doc/fixinfo.sh 2011-09-22 14:23:55.795496280 +0200
@@ -21,7 +21,9 @@
# groff.texinfo macro code. Hopefully, a new texinfo version makes it
# unnecessary.
-t=${TMPDIR-.}/gro$$.tmp
+t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit
+trap 'rm -f -- "$t"' EXIT
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
cat $1 | sed '
1 {
Index: groff-1.21/doc/groff.info-2
===================================================================
--- groff-1.21.orig/doc/groff.info-2 2010-12-31 08:33:12.000000000 +0100
+++ groff-1.21/doc/groff.info-2 2011-09-22 14:23:55.798496383 +0200
@@ -1918,9 +1918,9 @@
.sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
- (localtime(time))[2,1,0]' > /tmp/x\n[$$]
- .so /tmp/x\n[$$]
- .sy rm /tmp/x\n[$$]
+ (localtime(time))[2,1,0]' > timefile\n[$$]
+ .so timefile\n[$$]
+ .sy rm timefile\n[$$]
\nH:\nM:\nS
Note that this works by having the `perl' script (run by `sy')
Index: groff-1.21/doc/groff.texinfo
===================================================================
--- groff-1.21.orig/doc/groff.texinfo 2010-12-31 08:33:09.000000000 +0100
+++ groff-1.21/doc/groff.texinfo 2011-09-22 14:23:55.803496556 +0200
@@ -13568,9 +13568,9 @@
@pindex perl
@Example
.sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
- (localtime(time))[2,1,0]' > /tmp/x\n[$$]
-.so /tmp/x\n[$$]
-.sy rm /tmp/x\n[$$]
+ (localtime(time))[2,1,0]' > timefile\n[$$]
+.so timefile\n[$$]
+.sy rm timefile\n[$$]
\nH:\nM:\nS
@endExample
Index: groff-1.21/gendef.sh
===================================================================
--- groff-1.21.orig/gendef.sh 2010-12-31 08:33:08.000000000 +0100
+++ groff-1.21/gendef.sh 2011-09-22 14:23:55.804496590 +0200
@@ -34,11 +34,9 @@
#define $def"
done
-# Use $TMPDIR if defined. Default to cwd, for non-Unix systems
-# which don't have /tmp on each drive (we are going to remove
-# the file before we exit anyway). Put the PID in the basename,
-# since the extension can only hold 3 characters on MS-DOS.
-t=${TMPDIR-.}/gro$$.tmp
+t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit
+trap 'rm -f -- "$t"' EXIT
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
sed -e 's/=/ /' >$t <<EOF
$defs
@@ -46,8 +44,6 @@
test -r $file && cmp -s $t $file || cp $t $file
-rm -f $t
-
exit 0
# eof
Index: groff-1.21/src/roff/groff/pipeline.c
===================================================================
--- groff-1.21.orig/src/roff/groff/pipeline.c 2010-12-31 08:33:08.000000000 +0100
+++ groff-1.21/src/roff/groff/pipeline.c 2011-09-22 14:23:55.804496590 +0200
@@ -378,6 +378,7 @@
/* Don't use `tmpnam' here: Microsoft's implementation yields unusable
file names if current directory is on network share with read-only
root. */
+#error AUDIT: This code is only compiled under DOS
tmpfiles[0] = tempnam(tmpdir, NULL);
tmpfiles[1] = tempnam(tmpdir, NULL);
Reference in New Issue Copy Permalink