Overview

File groff-1.21-CVE-2009-5081.patch of Package groff

Index: b/contrib/pdfmark/pdfroff.1.man
===================================================================
--- a/contrib/pdfmark/pdfroff.1.man
+++ b/contrib/pdfmark/pdfroff.1.man
@@ -619,7 +619,7 @@ gs \-dBATCH \-dQUIET \-dNOPAUSE \-dSAFER
 .I GROFF_TMPDIR
 Identifies the directory in which
 .I pdfroff
-should create temporary files.
+should create a subdirectory for its temporary files.
 .
 If
 .I \%GROFF_TMPDIR
Index: b/doc/groff.texi
===================================================================
--- a/doc/groff.texi
+++ b/doc/groff.texi
@@ -16005,9 +16005,9 @@ The following code fragment introduces t
 @pindex perl
 @Example
 .sy perl -e 'printf ".nr H %d\\n.nr M %d\\n.nr S %d\\n",\
-             (localtime(time))[2,1,0]' > /tmp/x\n[$$]
-.so /tmp/x\n[$$]
-.sy rm /tmp/x\n[$$]
+             (localtime(time))[2,1,0]' > timefile\n[$$]
+.so timefile\n[$$]
+.sy rm timefile\n[$$]
 \nH:\nM:\nS
 @endExample
 
Index: b/gendef.sh
===================================================================
--- a/gendef.sh
+++ b/gendef.sh
@@ -33,11 +33,9 @@ do
 #define $def"
 done
 
-# Use $TMPDIR if defined.  Default to cwd, for non-Unix systems
-# which don't have /tmp on each drive (we are going to remove
-# the file before we exit anyway).  Put the PID in the basename,
-# since the extension can only hold 3 characters on MS-DOS.
-t=${TMPDIR-.}/gro$$.tmp
+t="`mktemp -t groff-gendef.XXXXXXXXXX`" || exit
+trap 'rm -f -- "$t"' EXIT
+trap 'trap - EXIT; rm -f -- "$t"; exit 1' HUP INT QUIT TERM
 
 sed -e 's/=/ /' >$t <<EOF
 $defs
@@ -45,8 +43,6 @@ EOF
 
 test -r $file && cmp -s $t $file || cp $t $file
 
-rm -f $t
-
 exit 0
 
 # eof
Index: b/src/roff/groff/pipeline.c
===================================================================
--- a/src/roff/groff/pipeline.c
+++ b/src/roff/groff/pipeline.c
@@ -378,6 +378,7 @@ int run_pipeline(int ncommands, char ***
   /* Don't use 'tmpnam' here: Microsoft's implementation yields unusable
      file names if current directory is on network share with read-only
      root. */
+#error AUDIT: This code is only compiled under DOS
   tmpfiles[0] = tempnam(tmpdir, NULL);
   tmpfiles[1] = tempnam(tmpdir, NULL);
openSUSE Build Service is sponsored by
Places