diff options
author | tez <tez@pkgsrc.org> | 2011-07-19 21:09:38 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2011-07-19 21:09:38 +0000 |
commit | 768a93e8c347193d7ceccae9b7a2d1ec8ca2b61e (patch) | |
tree | 48812fd7ba580839a73013860662d50d8b05381e /textproc/groff/patches | |
parent | 7ebc2ee148ece1fcf492cf7fea5ac68103a225d6 (diff) | |
download | pkgsrc-768a93e8c347193d7ceccae9b7a2d1ec8ca2b61e.tar.gz |
Fix many temporary file handling issues, including in pdfroff
(resolves CVE-2009-5044 / SA44999)
Patches copied from:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2
Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo
that changes a `makeinfo' is too old warning into a fatal error.
Added patch to make pdfroff.sh use -dSAFER
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for details.
Diffstat (limited to 'textproc/groff/patches')
14 files changed, 411 insertions, 0 deletions
diff --git a/textproc/groff/patches/patch-config.guess b/textproc/groff/patches/patch-config.guess new file mode 100644 index 00000000000..574ee47bd1a --- /dev/null +++ b/textproc/groff/patches/patch-config.guess @@ -0,0 +1,28 @@ +$NetBSD: patch-config.guess,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- config.guess.orig 2009-01-09 14:25:52.000000000 +0000 ++++ config.guess +@@ -104,13 +104,9 @@ trap 'exit 1' 1 2 15 + # Portable tmp directory creation inspired by the Autoconf team. + + set_cc_for_build=' +-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +-: ${TMPDIR=/tmp} ; +- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || +- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || +- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || +- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; ++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" EXIT ; ++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" PIPE HUP INT QUIT TERM ; ++tmp="`mktemp -dt cg.XXXXXXXXXX`" || exit ; + dummy=$tmp/dummy ; + tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; + case $CC_FOR_BUILD,$HOST_CC,$CC in diff --git a/textproc/groff/patches/patch-configure b/textproc/groff/patches/patch-configure new file mode 100644 index 00000000000..37187b0f4f3 --- /dev/null +++ b/textproc/groff/patches/patch-configure @@ -0,0 +1,49 @@ +$NetBSD: patch-configure,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- configure.orig 2009-01-09 14:25:52.000000000 +0000 ++++ configure +@@ -12937,33 +12937,12 @@ if $ac_need_defaults; then + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + fi + +-# Have a temporary directory for convenience. Make it in the build tree +-# simply because there is no reason against having it here, and in addition, +-# creating and moving files from /tmp can sometimes cause problems. +-# Hook for its removal unless debugging. +-# Note that there is a small window in which the directory will not be cleaned: +-# after its creation but before its name has been assigned to `$tmp'. ++# Create a temporary directory, and hook for its removal unless debugging. ++tmp="`mktemp -dt cs.XXXXXXXXXX`" || exit + $debug || + { +- tmp= +- trap 'exit_status=$? +- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +-' 0 +- trap '{ (exit 1); exit 1; }' 1 2 13 15 +-} +-# Create a (secure) tmp directory for tmp files. +- +-{ +- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && +- test -n "$tmp" && test -d "$tmp" +-} || +-{ +- tmp=./conf$$-$RANDOM +- (umask 077 && mkdir "$tmp") +-} || +-{ +- $as_echo "$as_me: cannot create a temporary directory in ." >&2 +- { (exit 1); exit 1; } ++ trap 'exit_status=$?; rm -rf -- "$tmp" && exit $exit_status' EXIT ++ trap '{ (exit $?); exit $?; }' HUP INT QUIT PIPE TERM + } + + # Set up the scripts for CONFIG_FILES section. diff --git a/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh b/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh new file mode 100644 index 00000000000..d7f336c5142 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_eqn2graph_eqn2graph.sh,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/eqn2graph/eqn2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/eqn2graph/eqn2graph.sh +@@ -69,6 +69,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + + tmp=$d/eqn2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in b/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in new file mode 100644 index 00000000000..fc3de4fe970 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in @@ -0,0 +1,23 @@ +$NetBSD: patch-contrib_gdiffmk_tests_runtests.in,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/gdiffmk/tests/runtests.in.orig 2009-01-09 14:25:53.000000000 +0000 ++++ contrib/gdiffmk/tests/runtests.in +@@ -56,8 +56,9 @@ function TestResult { + fi + } + +-tmpfile=/tmp/$$ +-trap 'rm -f ${tmpfile}' 0 1 2 3 15 ++tmpfile="`mktemp -t gdiffmk-runtests.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$tmpfile"' EXIT ++trap 'trap - EXIT; rm -f -- "$tmpfile"; exit 1' HUP INT QUIT TERM + + # Run tests. + diff --git a/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh b/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh new file mode 100644 index 00000000000..b7f8ff5bc5d --- /dev/null +++ b/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_grap2graph_grap2graph.sh,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/grap2graph/grap2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/grap2graph/grap2graph.sh +@@ -65,6 +65,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + + tmp=$d/grap2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl b/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl new file mode 100644 index 00000000000..fec7ac18893 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl @@ -0,0 +1,37 @@ +$NetBSD: patch-contrib_groffer_perl_groffer.pl,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/groffer/perl/groffer.pl.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/groffer/perl/groffer.pl +@@ -1380,7 +1380,7 @@ sub _check_prog_on_list { + ######################################################################## + + sub main_temp { +- my $template = 'groffer_' . "$$" . '_XXXX'; ++ my $template = 'groffer_' . "$$" . '_XXXXXXXXXX'; + foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'}, + $ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) { + if ($_ && -d $_ && -w $_) { +@@ -1411,12 +1411,12 @@ sub main_temp { + + # further argument: SUFFIX => '.sh' + if ($Debug{'KEEP'}) { +- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir); +- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir); ++ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir); ++ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir); + } else { +- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1, ++ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1, + DIR => $tmpdir); +- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1, ++ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1, + DIR => $tmpdir); + } + } # main_temp() diff --git a/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl b/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl new file mode 100644 index 00000000000..6cb0bc9c3d1 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_groffer_perl_roff2.pl,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/groffer/perl/roff2.pl.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/groffer/perl/roff2.pl +@@ -124,7 +124,7 @@ if ($Has_Groffer) { + last; + } + } +- my $template = $Name . '_XXXX'; ++ my $template = $Name . '_XXXXXXXXXX'; + my ($fh, $stdin); + if ($tempdir) { + ($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) || diff --git a/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man new file mode 100644 index 00000000000..a648938d0ec --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man @@ -0,0 +1,42 @@ +$NetBSD: patch-contrib_pdfmark_pdfroff.man,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +Added patch to make pdfroff.sh use -dSAFER +See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for why. + +--- contrib/pdfmark/pdfroff.man.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pdfmark/pdfroff.man +@@ -521,7 +521,7 @@ defaults to + .IP + .I + .ad l +-.NH gs \-dBATCH \-dQUIET \-dNOPAUSE \-sDEVICE=pdfwrite \-sOutputFile=\- ++.NH gs \-dBATCH \-dQUIET \-dNOPAUSE \-dSAFER \-sDEVICE=pdfwrite \-sOutputFile=\- + .ad + .RE + . +@@ -529,7 +529,7 @@ defaults to + .B GROFF_TMPDIR + Identifies the directory in which + .B pdfroff +-should create temporary files. ++should create a subdirectory for its temporary files. + If + .B \%GROFF_TMPDIR + is +@@ -541,7 +541,8 @@ and + .B TEMP + are considered in turn, as possible temporary file repositories. + If none of these are set, then temporary files are created +-in the current directory. ++in a subdirectory of ++.BR /tmp . + . + .TP + .B GROFF_GHOSTSCRIPT_INTERPRETER diff --git a/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh new file mode 100644 index 00000000000..0b8a53a2fc5 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh @@ -0,0 +1,52 @@ +$NetBSD: patch-contrib_pdfmark_pdfroff.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +Added patch to make pdfroff.sh use -dSAFER +See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for why. + +--- contrib/pdfmark/pdfroff.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pdfmark/pdfroff.sh +@@ -137,7 +137,15 @@ + # + # Set up temporary/intermediate file locations. + # +- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp ++ MYTMPDIR=${GROFF_TMPDIR-${TMPDIR-${TMP-${TEMP-"/tmp"}}}} ++ WRKDIR="`unset TMPDIR && mktemp -dp "$MYTMPDIR" groff-pdfroff.XXXXXXXXXX`" || exit ++ ++ trap 'rm -rf -- "$WRKDIR"' EXIT ++ trap 'trap - EXIT; rm -rf -- "$WRKDIR"; exit 1' HUP INT QUIT PIPE TERM ++ ++ GROFF_TMPDIR=${WRKDIR} ++ ++ WRKFILE=${GROFF_TMPDIR}/pdf$$.tmp + # + REFCOPY=${GROFF_TMPDIR}/pdf$$.cmp + REFFILE=${GROFF_TMPDIR}/pdf$$.ref +@@ -146,11 +154,6 @@ + TC_DATA=${GROFF_TMPDIR}/pdf$$.tc + BD_DATA=${GROFF_TMPDIR}/pdf$$.ps + # +-# Set a trap, to delete temporary files on exit. +-# (FIXME: may want to include other signals, in released version). +-# +- trap "rm -f ${GROFF_TMPDIR}/pdf$$.*" 0 +-# + # Initialise 'groff' format control settings, + # to discriminate table of contents and document body formatting passes. + # +@@ -597,7 +600,7 @@ + $SAY >&2 $n "Writing PDF output ..$c" + if test -z "$PDFROFF_POSTPROCESSOR_COMMAND" + then +- PDFROFF_POSTPROCESSOR_COMMAND="$GS -dQUIET -dBATCH -dNOPAUSE ++ PDFROFF_POSTPROCESSOR_COMMAND="$GS -dQUIET -dBATCH -dNOPAUSE -dSAFER + -sDEVICE=pdfwrite -sOutputFile="${PDF_OUTPUT-"-"} + + elif test -n "$PDF_OUTPUT" diff --git a/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh b/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh new file mode 100644 index 00000000000..b98a4e1c9d3 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_pic2graph_pic2graph.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/pic2graph/pic2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pic2graph/pic2graph.sh +@@ -80,6 +80,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + tmp=$d/pic2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null \ + && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-doc_fixinfo.sh b/textproc/groff/patches/patch-doc_fixinfo.sh new file mode 100644 index 00000000000..2a6ee7870c4 --- /dev/null +++ b/textproc/groff/patches/patch-doc_fixinfo.sh @@ -0,0 +1,22 @@ +$NetBSD: patch-doc_fixinfo.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- doc/fixinfo.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ doc/fixinfo.sh +@@ -21,7 +21,9 @@ + # groff.texinfo macro code. Hopefully, a new texinfo version makes it + # unnecessary. + +-t=${TMPDIR-.}/gro$$.tmp ++t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$t"' EXIT ++trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM + + cat $1 | sed ' + 1 { diff --git a/textproc/groff/patches/patch-doc_groff.info-2 b/textproc/groff/patches/patch-doc_groff.info-2 new file mode 100644 index 00000000000..023d7003b0e --- /dev/null +++ b/textproc/groff/patches/patch-doc_groff.info-2 @@ -0,0 +1,24 @@ +$NetBSD: patch-doc_groff.info-2,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- doc/groff.info-2 2009-01-09 14:25:55.000000000 +0000 ++++ doc/groff.info-2 +@@ -1516,9 +1516,9 @@ not there, `groff' would not know when t + + + .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\ +- (localtime(time))[2,1,0]' > /tmp/x\n[$$] +- .so /tmp/x\n[$$] +- .sy rm /tmp/x\n[$$] ++ (localtime(time))[2,1,0]' > timefile\n[$$] ++ .so timefile\n[$$] ++ .sy rm timefile\n[$$] + \nH:\nM:\nS + + Note that this works by having the `perl' script (run by `sy') diff --git a/textproc/groff/patches/patch-gendef.sh b/textproc/groff/patches/patch-gendef.sh new file mode 100644 index 00000000000..328472728e3 --- /dev/null +++ b/textproc/groff/patches/patch-gendef.sh @@ -0,0 +1,35 @@ +$NetBSD: patch-gendef.sh,v 1.1 2011/07/19 21:09:40 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- gendef.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ gendef.sh +@@ -34,11 +34,9 @@ do + #define $def" + done + +-# Use $TMPDIR if defined. Default to cwd, for non-Unix systems +-# which don't have /tmp on each drive (we are going to remove +-# the file before we exit anyway). Put the PID in the basename, +-# since the extension can only hold 3 characters on MS-DOS. +-t=${TMPDIR-.}/gro$$.tmp ++t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$t"' EXIT ++trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM + + sed -e 's/=/ /' >$t <<EOF + $defs +@@ -46,8 +44,6 @@ EOF + + test -r $file && cmp -s $t $file || cp $t $file + +-rm -f $t +- + exit 0 + + # eof diff --git a/textproc/groff/patches/patch-src_roff_groff_pipeline.c b/textproc/groff/patches/patch-src_roff_groff_pipeline.c new file mode 100644 index 00000000000..bd429e64454 --- /dev/null +++ b/textproc/groff/patches/patch-src_roff_groff_pipeline.c @@ -0,0 +1,19 @@ +$NetBSD: patch-src_roff_groff_pipeline.c,v 1.1 2011/07/19 21:09:40 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- src/roff/groff/pipeline.c.orig 2009-01-09 14:25:52.000000000 +0000 ++++ src/roff/groff/pipeline.c +@@ -378,6 +378,7 @@ int run_pipeline(int ncommands, char *** + /* Don't use `tmpnam' here: Microsoft's implementation yields unusable + file names if current directory is on network share with read-only + root. */ ++#error AUDIT: This code is only compiled under DOS + tmpfiles[0] = tempnam(tmpdir, NULL); + tmpfiles[1] = tempnam(tmpdir, NULL); + |