diff options
| author | tez <tez@pkgsrc.org> | 2011-07-19 21:09:38 +0000 |
|---|---|---|
| committer | tez <tez@pkgsrc.org> | 2011-07-19 21:09:38 +0000 |
| commit | 768a93e8c347193d7ceccae9b7a2d1ec8ca2b61e (patch) | |
| tree | 48812fd7ba580839a73013860662d50d8b05381e /textproc | |
| parent | 7ebc2ee148ece1fcf492cf7fea5ac68103a225d6 (diff) | |
| download | pkgsrc-768a93e8c347193d7ceccae9b7a2d1ec8ca2b61e.tar.gz | |
Fix many temporary file handling issues, including in pdfroff
(resolves CVE-2009-5044 / SA44999)
Patches copied from:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2
Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo
that changes a `makeinfo' is too old warning into a fatal error.
Added patch to make pdfroff.sh use -dSAFER
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for details.
Diffstat (limited to 'textproc')
| -rw-r--r-- | textproc/groff/Makefile | 6 | ||||
| -rw-r--r-- | textproc/groff/distinfo | 16 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-config.guess | 28 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-configure | 49 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh | 20 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in | 23 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh | 20 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl | 37 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl | 20 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man | 42 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh | 52 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh | 20 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-doc_fixinfo.sh | 22 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-doc_groff.info-2 | 24 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-gendef.sh | 35 | ||||
| -rw-r--r-- | textproc/groff/patches/patch-src_roff_groff_pipeline.c | 19 |
16 files changed, 430 insertions, 3 deletions
diff --git a/textproc/groff/Makefile b/textproc/groff/Makefile index 98e1317ccb1..a7c8b650ee7 100644 --- a/textproc/groff/Makefile +++ b/textproc/groff/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.57 2011/04/26 12:07:14 obache Exp $ +# $NetBSD: Makefile,v 1.58 2011/07/19 21:09:38 tez Exp $ # DISTNAME= groff-1.20.1 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_GNU:=groff/} @@ -61,10 +61,12 @@ CONFIGURE_ENV+= PAGE=${PAPERSIZE:Q} # "operating-system" is for the default .Os value (operating system # and version/release) and is usually displayed at bottom of man page. # XXX Use "pkgsrc" as default .Os value. +# Also, avoid having pre-patched groff.info-2 installed (install uses wildcard) post-patch: ${SED} -e "s,@@VOLUME_OPERATING_SYSTEM@@,${OPSYS},g" \ -e "s,@@OPERATING_SYSTEM@@,pkgsrc,g" \ ${FILESDIR}/mdoc.local > ${WRKDIR}/mdoc.local + @${RM} ${WRKSRC}/doc/groff.info-2.orig # Groff installs its own man and ms macros as mgan and mgs if the # configure script thinks replacing the system ones is not safe. Since diff --git a/textproc/groff/distinfo b/textproc/groff/distinfo index 78f5d4cb921..86f29d54f22 100644 --- a/textproc/groff/distinfo +++ b/textproc/groff/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.14 2009/10/21 16:51:46 tnn Exp $ +$NetBSD: distinfo,v 1.15 2011/07/19 21:09:38 tez Exp $ SHA1 (groff-1.20.1.tar.gz) = 3066587d73df73c2bda235034f4515cf52d22549 RMD160 (groff-1.20.1.tar.gz) = ec311727206d183fb04f1b4bd01c1284142fdb52 @@ -7,3 +7,17 @@ SHA1 (patch-aa) = 3c74f1b8e809da5359d4702f0f5f299593601209 SHA1 (patch-ab) = 35f8a7f724ab13bedda8ad8bc54bcbede37f12c7 SHA1 (patch-ac) = 7c29e3ca0c0a2e5389ff436ff5c15c9a0a4d7581 SHA1 (patch-ae) = 777b9b4d5f39da5acf8d79616ae9d42025772fc5 +SHA1 (patch-config.guess) = 212dccdaed0d96c5d3c7fb126caeba3c3c20f006 +SHA1 (patch-configure) = 55900f2d427729fe913fe27abbbaec8b728949a7 +SHA1 (patch-contrib_eqn2graph_eqn2graph.sh) = 88b8f06f29448dabed66922cc494412662b15431 +SHA1 (patch-contrib_gdiffmk_tests_runtests.in) = 791c07909912a8ff0c98f6846f14de1fbc0fb7b0 +SHA1 (patch-contrib_grap2graph_grap2graph.sh) = 5b5a5ac958edc8d4f5e828b57198178bda8bb970 +SHA1 (patch-contrib_groffer_perl_groffer.pl) = 2583145fe594a11619cf237ca38a20bbbfee17f1 +SHA1 (patch-contrib_groffer_perl_roff2.pl) = 8ee9d4bba3c25a391b406e4dfac6352d414f7263 +SHA1 (patch-contrib_pdfmark_pdfroff.man) = c2a48a9f16650044a493d23192d9c00c2dabbc67 +SHA1 (patch-contrib_pdfmark_pdfroff.sh) = 0f23f02561913aaf9fabd2f41236de62b79bdf71 +SHA1 (patch-contrib_pic2graph_pic2graph.sh) = 447e25325f3c26be1e5fa8b6cd0bc05d9f99474e +SHA1 (patch-doc_fixinfo.sh) = 7ad376be722b712b129f736804b9c8c30789da2d +SHA1 (patch-doc_groff.info-2) = a5e366af0bc9ee018664d2ba9192b136980af6ce +SHA1 (patch-gendef.sh) = c5cbd81faa496764816d538913cb560376ead218 +SHA1 (patch-src_roff_groff_pipeline.c) = 1ce068b8548240a8a6bbd0095fb15b5792b9d0f1 diff --git a/textproc/groff/patches/patch-config.guess b/textproc/groff/patches/patch-config.guess new file mode 100644 index 00000000000..574ee47bd1a --- /dev/null +++ b/textproc/groff/patches/patch-config.guess @@ -0,0 +1,28 @@ +$NetBSD: patch-config.guess,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- config.guess.orig 2009-01-09 14:25:52.000000000 +0000 ++++ config.guess +@@ -104,13 +104,9 @@ trap 'exit 1' 1 2 15 + # Portable tmp directory creation inspired by the Autoconf team. + + set_cc_for_build=' +-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +-: ${TMPDIR=/tmp} ; +- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || +- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || +- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || +- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; ++trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" EXIT ; ++trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" PIPE HUP INT QUIT TERM ; ++tmp="`mktemp -dt cg.XXXXXXXXXX`" || exit ; + dummy=$tmp/dummy ; + tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; + case $CC_FOR_BUILD,$HOST_CC,$CC in diff --git a/textproc/groff/patches/patch-configure b/textproc/groff/patches/patch-configure new file mode 100644 index 00000000000..37187b0f4f3 --- /dev/null +++ b/textproc/groff/patches/patch-configure @@ -0,0 +1,49 @@ +$NetBSD: patch-configure,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- configure.orig 2009-01-09 14:25:52.000000000 +0000 ++++ configure +@@ -12937,33 +12937,12 @@ if $ac_need_defaults; then + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + fi + +-# Have a temporary directory for convenience. Make it in the build tree +-# simply because there is no reason against having it here, and in addition, +-# creating and moving files from /tmp can sometimes cause problems. +-# Hook for its removal unless debugging. +-# Note that there is a small window in which the directory will not be cleaned: +-# after its creation but before its name has been assigned to `$tmp'. ++# Create a temporary directory, and hook for its removal unless debugging. ++tmp="`mktemp -dt cs.XXXXXXXXXX`" || exit + $debug || + { +- tmp= +- trap 'exit_status=$? +- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +-' 0 +- trap '{ (exit 1); exit 1; }' 1 2 13 15 +-} +-# Create a (secure) tmp directory for tmp files. +- +-{ +- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && +- test -n "$tmp" && test -d "$tmp" +-} || +-{ +- tmp=./conf$$-$RANDOM +- (umask 077 && mkdir "$tmp") +-} || +-{ +- $as_echo "$as_me: cannot create a temporary directory in ." >&2 +- { (exit 1); exit 1; } ++ trap 'exit_status=$?; rm -rf -- "$tmp" && exit $exit_status' EXIT ++ trap '{ (exit $?); exit $?; }' HUP INT QUIT PIPE TERM + } + + # Set up the scripts for CONFIG_FILES section. diff --git a/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh b/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh new file mode 100644 index 00000000000..d7f336c5142 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_eqn2graph_eqn2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_eqn2graph_eqn2graph.sh,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/eqn2graph/eqn2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/eqn2graph/eqn2graph.sh +@@ -69,6 +69,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + + tmp=$d/eqn2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in b/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in new file mode 100644 index 00000000000..fc3de4fe970 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_gdiffmk_tests_runtests.in @@ -0,0 +1,23 @@ +$NetBSD: patch-contrib_gdiffmk_tests_runtests.in,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/gdiffmk/tests/runtests.in.orig 2009-01-09 14:25:53.000000000 +0000 ++++ contrib/gdiffmk/tests/runtests.in +@@ -56,8 +56,9 @@ function TestResult { + fi + } + +-tmpfile=/tmp/$$ +-trap 'rm -f ${tmpfile}' 0 1 2 3 15 ++tmpfile="`mktemp -t gdiffmk-runtests.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$tmpfile"' EXIT ++trap 'trap - EXIT; rm -f -- "$tmpfile"; exit 1' HUP INT QUIT TERM + + # Run tests. + diff --git a/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh b/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh new file mode 100644 index 00000000000..b7f8ff5bc5d --- /dev/null +++ b/textproc/groff/patches/patch-contrib_grap2graph_grap2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_grap2graph_grap2graph.sh,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/grap2graph/grap2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/grap2graph/grap2graph.sh +@@ -65,6 +65,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + + tmp=$d/grap2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl b/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl new file mode 100644 index 00000000000..fec7ac18893 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_groffer_perl_groffer.pl @@ -0,0 +1,37 @@ +$NetBSD: patch-contrib_groffer_perl_groffer.pl,v 1.1 2011/07/19 21:09:38 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/groffer/perl/groffer.pl.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/groffer/perl/groffer.pl +@@ -1380,7 +1380,7 @@ sub _check_prog_on_list { + ######################################################################## + + sub main_temp { +- my $template = 'groffer_' . "$$" . '_XXXX'; ++ my $template = 'groffer_' . "$$" . '_XXXXXXXXXX'; + foreach ($ENV{'GROFF_TMPDIR'}, $ENV{'TMPDIR'}, $ENV{'TMP'}, $ENV{'TEMP'}, + $ENV{'TEMPDIR'}, File::Spec->catfile($ENV{'HOME'}, 'tmp')) { + if ($_ && -d $_ && -w $_) { +@@ -1411,12 +1411,12 @@ sub main_temp { + + # further argument: SUFFIX => '.sh' + if ($Debug{'KEEP'}) { +- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', DIR => $tmpdir); +- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', DIR => $tmpdir); ++ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', DIR => $tmpdir); ++ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', DIR => $tmpdir); + } else { +- ($fh_cat, $tmp_cat) = tempfile(',cat_XXXX', UNLINK => 1, ++ ($fh_cat, $tmp_cat) = tempfile(',cat_XXXXXXXXXX', UNLINK => 1, + DIR => $tmpdir); +- ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXX', UNLINK => 1, ++ ($fh_stdin, $tmp_stdin) = tempfile(',stdin_XXXXXXXXXX', UNLINK => 1, + DIR => $tmpdir); + } + } # main_temp() diff --git a/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl b/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl new file mode 100644 index 00000000000..6cb0bc9c3d1 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_groffer_perl_roff2.pl @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_groffer_perl_roff2.pl,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/groffer/perl/roff2.pl.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/groffer/perl/roff2.pl +@@ -124,7 +124,7 @@ if ($Has_Groffer) { + last; + } + } +- my $template = $Name . '_XXXX'; ++ my $template = $Name . '_XXXXXXXXXX'; + my ($fh, $stdin); + if ($tempdir) { + ($fh, $stdin) = tempfile($template, UNLINK => 1, DIR => $tempdir) || diff --git a/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man new file mode 100644 index 00000000000..a648938d0ec --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.man @@ -0,0 +1,42 @@ +$NetBSD: patch-contrib_pdfmark_pdfroff.man,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +Added patch to make pdfroff.sh use -dSAFER +See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for why. + +--- contrib/pdfmark/pdfroff.man.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pdfmark/pdfroff.man +@@ -521,7 +521,7 @@ defaults to + .IP + .I + .ad l +-.NH gs \-dBATCH \-dQUIET \-dNOPAUSE \-sDEVICE=pdfwrite \-sOutputFile=\- ++.NH gs \-dBATCH \-dQUIET \-dNOPAUSE \-dSAFER \-sDEVICE=pdfwrite \-sOutputFile=\- + .ad + .RE + . +@@ -529,7 +529,7 @@ defaults to + .B GROFF_TMPDIR + Identifies the directory in which + .B pdfroff +-should create temporary files. ++should create a subdirectory for its temporary files. + If + .B \%GROFF_TMPDIR + is +@@ -541,7 +541,8 @@ and + .B TEMP + are considered in turn, as possible temporary file repositories. + If none of these are set, then temporary files are created +-in the current directory. ++in a subdirectory of ++.BR /tmp . + . + .TP + .B GROFF_GHOSTSCRIPT_INTERPRETER diff --git a/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh new file mode 100644 index 00000000000..0b8a53a2fc5 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh @@ -0,0 +1,52 @@ +$NetBSD: patch-contrib_pdfmark_pdfroff.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +Added patch to make pdfroff.sh use -dSAFER +See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for why. + +--- contrib/pdfmark/pdfroff.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pdfmark/pdfroff.sh +@@ -137,7 +137,15 @@ + # + # Set up temporary/intermediate file locations. + # +- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp ++ MYTMPDIR=${GROFF_TMPDIR-${TMPDIR-${TMP-${TEMP-"/tmp"}}}} ++ WRKDIR="`unset TMPDIR && mktemp -dp "$MYTMPDIR" groff-pdfroff.XXXXXXXXXX`" || exit ++ ++ trap 'rm -rf -- "$WRKDIR"' EXIT ++ trap 'trap - EXIT; rm -rf -- "$WRKDIR"; exit 1' HUP INT QUIT PIPE TERM ++ ++ GROFF_TMPDIR=${WRKDIR} ++ ++ WRKFILE=${GROFF_TMPDIR}/pdf$$.tmp + # + REFCOPY=${GROFF_TMPDIR}/pdf$$.cmp + REFFILE=${GROFF_TMPDIR}/pdf$$.ref +@@ -146,11 +154,6 @@ + TC_DATA=${GROFF_TMPDIR}/pdf$$.tc + BD_DATA=${GROFF_TMPDIR}/pdf$$.ps + # +-# Set a trap, to delete temporary files on exit. +-# (FIXME: may want to include other signals, in released version). +-# +- trap "rm -f ${GROFF_TMPDIR}/pdf$$.*" 0 +-# + # Initialise 'groff' format control settings, + # to discriminate table of contents and document body formatting passes. + # +@@ -597,7 +600,7 @@ + $SAY >&2 $n "Writing PDF output ..$c" + if test -z "$PDFROFF_POSTPROCESSOR_COMMAND" + then +- PDFROFF_POSTPROCESSOR_COMMAND="$GS -dQUIET -dBATCH -dNOPAUSE ++ PDFROFF_POSTPROCESSOR_COMMAND="$GS -dQUIET -dBATCH -dNOPAUSE -dSAFER + -sDEVICE=pdfwrite -sOutputFile="${PDF_OUTPUT-"-"} + + elif test -n "$PDF_OUTPUT" diff --git a/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh b/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh new file mode 100644 index 00000000000..b98a4e1c9d3 --- /dev/null +++ b/textproc/groff/patches/patch-contrib_pic2graph_pic2graph.sh @@ -0,0 +1,20 @@ +$NetBSD: patch-contrib_pic2graph_pic2graph.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- contrib/pic2graph/pic2graph.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ contrib/pic2graph/pic2graph.sh +@@ -80,6 +80,8 @@ for d in "$GROFF_TMPDIR" "$TMPDIR" "$TMP + tmp=$d/pic2graph$$-$RANDOM + (umask 077 && mkdir $tmp) 2> /dev/null \ + && break ++ ++ tmp= + done; + if test -z "$tmp"; then + echo "$0: cannot create temporary directory" >&2 diff --git a/textproc/groff/patches/patch-doc_fixinfo.sh b/textproc/groff/patches/patch-doc_fixinfo.sh new file mode 100644 index 00000000000..2a6ee7870c4 --- /dev/null +++ b/textproc/groff/patches/patch-doc_fixinfo.sh @@ -0,0 +1,22 @@ +$NetBSD: patch-doc_fixinfo.sh,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- doc/fixinfo.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ doc/fixinfo.sh +@@ -21,7 +21,9 @@ + # groff.texinfo macro code. Hopefully, a new texinfo version makes it + # unnecessary. + +-t=${TMPDIR-.}/gro$$.tmp ++t="`mktemp -t groff-fixinfo.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$t"' EXIT ++trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM + + cat $1 | sed ' + 1 { diff --git a/textproc/groff/patches/patch-doc_groff.info-2 b/textproc/groff/patches/patch-doc_groff.info-2 new file mode 100644 index 00000000000..023d7003b0e --- /dev/null +++ b/textproc/groff/patches/patch-doc_groff.info-2 @@ -0,0 +1,24 @@ +$NetBSD: patch-doc_groff.info-2,v 1.1 2011/07/19 21:09:39 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- doc/groff.info-2 2009-01-09 14:25:55.000000000 +0000 ++++ doc/groff.info-2 +@@ -1516,9 +1516,9 @@ not there, `groff' would not know when t + + + .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\ +- (localtime(time))[2,1,0]' > /tmp/x\n[$$] +- .so /tmp/x\n[$$] +- .sy rm /tmp/x\n[$$] ++ (localtime(time))[2,1,0]' > timefile\n[$$] ++ .so timefile\n[$$] ++ .sy rm timefile\n[$$] + \nH:\nM:\nS + + Note that this works by having the `perl' script (run by `sy') diff --git a/textproc/groff/patches/patch-gendef.sh b/textproc/groff/patches/patch-gendef.sh new file mode 100644 index 00000000000..328472728e3 --- /dev/null +++ b/textproc/groff/patches/patch-gendef.sh @@ -0,0 +1,35 @@ +$NetBSD: patch-gendef.sh,v 1.1 2011/07/19 21:09:40 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- gendef.sh.orig 2009-01-09 14:25:52.000000000 +0000 ++++ gendef.sh +@@ -34,11 +34,9 @@ do + #define $def" + done + +-# Use $TMPDIR if defined. Default to cwd, for non-Unix systems +-# which don't have /tmp on each drive (we are going to remove +-# the file before we exit anyway). Put the PID in the basename, +-# since the extension can only hold 3 characters on MS-DOS. +-t=${TMPDIR-.}/gro$$.tmp ++t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit ++trap 'rm -f -- "$t"' EXIT ++trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM + + sed -e 's/=/ /' >$t <<EOF + $defs +@@ -46,8 +44,6 @@ EOF + + test -r $file && cmp -s $t $file || cp $t $file + +-rm -f $t +- + exit 0 + + # eof diff --git a/textproc/groff/patches/patch-src_roff_groff_pipeline.c b/textproc/groff/patches/patch-src_roff_groff_pipeline.c new file mode 100644 index 00000000000..bd429e64454 --- /dev/null +++ b/textproc/groff/patches/patch-src_roff_groff_pipeline.c @@ -0,0 +1,19 @@ +$NetBSD: patch-src_roff_groff_pipeline.c,v 1.1 2011/07/19 21:09:40 tez Exp $ + +Fix many temporary file handling issues, including in pdfroff +(resolves CVE-2009-5044 / SA44999) +Patches copied from: + http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2 +Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo +that changes a `makeinfo' is too old warning into a fatal error. + +--- src/roff/groff/pipeline.c.orig 2009-01-09 14:25:52.000000000 +0000 ++++ src/roff/groff/pipeline.c +@@ -378,6 +378,7 @@ int run_pipeline(int ncommands, char *** + /* Don't use `tmpnam' here: Microsoft's implementation yields unusable + file names if current directory is on network share with read-only + root. */ ++#error AUDIT: This code is only compiled under DOS + tmpfiles[0] = tempnam(tmpdir, NULL); + tmpfiles[1] = tempnam(tmpdir, NULL); + |