diff options
| author | Thomas Woerner <twoerner@fedoraproject.org> | 2004-10-19 11:08:03 +0000 |
|---|---|---|
| committer | Thomas Woerner <twoerner@fedoraproject.org> | 2004-10-19 11:08:03 +0000 |
| commit | cd80198fd51a7119db7528aceeb886e4ff0dd8a6 (patch) | |
| tree | de6b39341d944cb3ad5da17f9c54993c3885a824 | |
| parent | 99d8df5dc8ca08fd7a9a9e282efbd65fa73b3bd8 (diff) | |
| download | groff-cd80198fd51a7119db7528aceeb886e4ff0dd8a6.tar.gz groff-cd80198fd51a7119db7528aceeb886e4ff0dd8a6.tar.xz groff-cd80198fd51a7119db7528aceeb886e4ff0dd8a6.zip | |
[tw] - fixed groffer scripte security problem (#136314)groff-1_18_1_1-3RHEL-4-splitFC-3-split
| -rw-r--r-- | groff-1.18.1.1-tempfile.patch | 28 | ||||
| -rw-r--r-- | groff.spec | 7 |
2 files changed, 34 insertions, 1 deletions
diff --git a/groff-1.18.1.1-tempfile.patch b/groff-1.18.1.1-tempfile.patch new file mode 100644 index 0000000..0e73606 --- /dev/null +++ b/groff-1.18.1.1-tempfile.patch @@ -0,0 +1,28 @@ +--- groff-1.18.1.1/contrib/groffer/groffer.sh.tempfile 2004-06-15 03:44:50.000000000 +0200 ++++ groff-1.18.1.1/contrib/groffer/groffer.sh 2004-10-19 13:04:35.704244526 +0200 +@@ -3228,18 +3228,13 @@ + do + if is_not_empty "$d"; then + if obj d is_dir && obj d is_writable; then +- _TMP_DIR="${d}/${_PROGRAM_NAME}${_PROCESS_ID}"; +- if obj _TMP_DIR is_dir; then +- rm -f "${_TMP_DIR}"/*; +- break; +- else +- mkdir "${_TMP_DIR}"; +- if obj _TMP_DIR is_not_dir; then +- _TMP_DIR=''; +- continue; +- fi; +- break; +- fi; ++ _TMP_DIR="`mktemp -d ${d}/${_PROGRAM_NAME}.XXXXXX`"; ++ if test $? = 0; then ++ break; ++ else ++ _TMP_DIR=''; ++ continue; ++ fi + fi; + if obj _TMP_DIR is_not_writable; then + _TMP_DIR=''; @@ -3,7 +3,7 @@ Summary: A document formatting system. Name: groff Version: 1.18.1.1 -Release: 2 +Release: 3 License: GPL Group: Applications/Publishing Source0: ftp://ftp.gnu.org/gnu/groff/groff-%{version}.tar.gz @@ -27,6 +27,7 @@ Patch16: groff-1.18.1-devutf8.patch Patch17: groff-1.18.1.1-revision.patch Patch18: groff-1.18.1.1-do_char.patch Patch19: groff-1.18.1.1-grn.patch +Patch20: groff-1.18.1.1-tempfile.patch URL: ftp://ftp.gnu.org/gnu/groff/ Requires: mktemp @@ -91,6 +92,7 @@ System display. %patch17 -p1 -b .revision %patch18 -p1 -b .do_char %patch19 -p1 -b .grn +%patch20 -p1 -b .tempfile %build PATH=$PATH:%{_prefix}/X11R6/bin @@ -196,6 +198,9 @@ fi %endif %changelog +* Tue Oct 19 2004 Thomas Woerner <twoerner@redhat.com> 1.18.1.1-3 +- fixed groffer scripte security problem (#136314) + * Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.18.1.1-2 - fixed DoCharacter calls in xditview (#110812) - fixed fclose called once too often (#132690): thanks to Ulrich Drepper for |