- fix bnc#698290: insecure temporary file handling in pdfroff

* groff-1.20.1-CVE-2009-5044.patch
  * gxditview Supplements the groff and X11 libs

OBS-URL: https://build.opensuse.org/package/show/M17N/groff?expand=0&rev=17

groff-1.20.1-CVE-2009-5044.patch

@@ -0,0 +1,55 @@
+Index: groff-1.20.1/contrib/pdfmark/pdfroff.sh
+===================================================================
+--- groff-1.20.1.orig/contrib/pdfmark/pdfroff.sh	2011-06-09 10:41:29.000000000 +0200
++++ groff-1.20.1/contrib/pdfmark/pdfroff.sh	2011-06-09 10:54:58.208448083 +0200
+@@ -145,14 +145,16 @@
+ 
+   GROFF_TMPDIR=${WRKDIR}
+ 
+-  WRKFILE=${GROFF_TMPDIR}/pdf$$.tmp
++  WRKFILE=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.tmp`
+ #
+-  REFCOPY=${GROFF_TMPDIR}/pdf$$.cmp
+-  REFFILE=${GROFF_TMPDIR}/pdf$$.ref
++  REFCOPY=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.cmp`
++  REFFILE=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.ref`
+ #
+   CS_DATA=""
+-  TC_DATA=${GROFF_TMPDIR}/pdf$$.tc
+-  BD_DATA=${GROFF_TMPDIR}/pdf$$.ps
++  TC_DATA=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.tc`
++  BD_DATA=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.ps`
++
++  STREAMFILE=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.in`
+ #
+ # Initialise 'groff' format control settings,
+ # to discriminate table of contents and document body formatting passes.
+@@ -305,7 +307,7 @@
+                ;;
+ 
+              --stylesheet)
+-               STYLESHEET="$OPTARG" CS_DATA=${GROFF_TMPDIR}/pdf$$.cs
++               STYLESHEET="$OPTARG" CS_DATA=`mktemp --tmpdir="${GROFF_TMPDIR}" pdfXXXXXXXXXX.cs`
+                ;;
+ 
+ 	     --no-toc-relocation)
+@@ -338,7 +340,7 @@
+ #     so set up a mechanism to achieve this, for ALL 'groff' passes.
+ #
+       - | -i*)
+-	   STREAM="$CAT ${GROFF_TMPDIR}/pdf$$.in |"
++	   STREAM="$CAT ${STREAMFILE} |"
+ 	   test "$1" = "-" && INPUT_FILES="$INPUT_FILES $1" \
+ 	     || GROFF_STYLE="$GROFF_STYLE $1" 
+ 	   ;;
+@@ -410,8 +412,8 @@
+ # or if no input files are specified, then we need to capture STDIN,
+ # so we can replay it into each 'groff' processing pass.
+ #
+-  test -z "$INPUT_FILES" && STREAM="$CAT ${GROFF_TMPDIR}/pdf$$.in |"
+-  test -n "$STREAM" && $CAT > ${GROFF_TMPDIR}/pdf$$.in
++  test -z "$INPUT_FILES" && STREAM="$CAT ${STREAMFILE} |"
++  test -n "$STREAM" && $CAT > ${STREAMFILE}
+ #
+ # Unless reference resolution is explicitly suppressed,
+ # we initiate it by touching the cross reference dictionary file,

groff.changes

@@ -1,6 +1,8 @@
 -------------------------------------------------------------------
 Wed Jun  8 09:06:44 UTC 2011 - mvyskocil@suse.cz
 
+- fix bnc#698290: insecure temporary file handling in pdfroff
+  * groff-1.20.1-CVE-2009-5044.patch
 - fix bnc#683857: Unicode characters in use properly
   * change the soft hyphenation char to - in tty.tmac
 

groff.spec

@@ -38,6 +38,7 @@ Patch1:         groff-1.20.1-destbufferoverflow.patch
 Patch2:         groff-1.20.1-nroff-empty-LANGUAGE.patch
 Patch3:         groff-1.20.1-groffer-libexecdir.patch
 Patch4:         groff-1.20.1-deunicode.patch
+Patch5:         groff-1.20.1-CVE-2009-5044.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++
@@ -86,6 +87,7 @@ programs store their man pages in either /usr/share/man/ or
 %patch2 -p1 -b .bnc540600
 %patch3 -p1 -b .groffer-libexecdir
 %patch4 -p1 -b .deunicode
+%patch5 -p1 -b .CVE-2009-5044
 
 %build
 PATH=$PWD/src/roff/troff:$PWD/src/preproc/pic:$PWD/src/preproc/eqn:$PWD/src/preproc/tbl:$PWDsrc/preproc/refer:$PWD/src/preproc/soelim:$PATH

gxditview.changes

@@ -2,7 +2,7 @@
 Wed Jun  8 09:52:07 UTC 2011 - mvyskocil@suse.cz
 
 - fix #bnc#668254: xditview don't show tilde
-  * gxditview Supplements the groof and X11 libs
+  * gxditview Supplements the groff and X11 libs
 
 -------------------------------------------------------------------
 Thu Apr 28 12:04:23 UTC 2011 - mvyskocil@suse.cz