webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

cups: Update to 1.7.5 and fix for CVE-2015-1158 and CVE-2015-1159

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-07-14 17:15:00 +02:00
parent 5929298ea1
commit b720e70288
2 changed files with 427 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lfs/cups
View File

@@ -24,7 +24,7 @@
include Config
VER = 1.7.0
VER = 1.7.5
THISAPP = cups-$(VER)
DL_FILE = $(THISAPP)-source.tar.bz2
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/cups-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = cups
PAK_VER = 10
PAK_VER = 11
DEPS = "ghostscript"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 5ab496a2ce27017fcdb3d7ec4818a75a
$(DL_FILE)_MD5 = 5d893edc2957005f78e2b2423fdace2e
install : $(TARGET)
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cups-str4609.patch
cd $(DIR_APP) && \
./configure \
--prefix=/usr \

423
src/patches/cups-str4609.patch Normal file
View File

@@ -0,0 +1,423 @@
diff -up cups-1.7.5/cgi-bin/ipp-var.c.str4609 cups-1.7.5/cgi-bin/ipp-var.c
--- cups-1.7.5/cgi-bin/ipp-var.c.str4609 2014-05-22 15:59:21.000000000 +0200
+++ cups-1.7.5/cgi-bin/ipp-var.c 2015-06-10 10:31:45.297965345 +0200
@@ -1206,21 +1206,7 @@ cgiSetIPPObjectVars(
* Rewrite URIs...
*/
- if (!strcmp(name, "member_uris"))
- {
- char url[1024]; /* URL for class member... */
-
-
- cgiRewriteURL(attr->values[i].string.text, url,
- sizeof(url), NULL);
-
- snprintf(valptr, sizeof(value) - (valptr - value),
- "<A HREF=\"%s\">%s</A>", url,
- strrchr(attr->values[i].string.text, '/') + 1);
- }
- else
- cgiRewriteURL(attr->values[i].string.text, valptr,
- sizeof(value) - (valptr - value), NULL);
+ cgiRewriteURL(attr->values[i].string.text, valptr, sizeof(value) - (valptr - value), NULL);
break;
}
diff -up cups-1.7.5/cgi-bin/template.c.str4609 cups-1.7.5/cgi-bin/template.c
--- cups-1.7.5/cgi-bin/template.c.str4609 2014-03-05 22:11:32.000000000 +0100
+++ cups-1.7.5/cgi-bin/template.c 2015-06-10 10:31:45.297965345 +0200
@@ -659,39 +659,7 @@ cgi_puts(const char *s, /* I - String
while (*s)
{
if (*s == '<')
- {
- /*
- * Pass <A HREF="url"> and </A>, otherwise quote it...
- */
-
- if (!_cups_strncasecmp(s, "<A HREF=\"", 9))
- {
- fputs("<A HREF=\"", out);
- s += 9;
-
- while (*s && *s != '\"')
- {
- if (*s == '&')
- fputs("&amp;", out);
- else
- putc(*s, out);
-
- s ++;
- }
-
- if (*s)
- s ++;
-
- fputs("\">", out);
- }
- else if (!_cups_strncasecmp(s, "</A>", 4))
- {
- fputs("</A>", out);
- s += 3;
- }
- else
- fputs("&lt;", out);
- }
+ fputs("&lt;", out);
else if (*s == '>')
fputs("&gt;", out);
else if (*s == '\"')
diff -up cups-1.7.5/scheduler/client.c.str4609 cups-1.7.5/scheduler/client.c
--- cups-1.7.5/scheduler/client.c.str4609 2015-06-10 10:31:45.280965399 +0200
+++ cups-1.7.5/scheduler/client.c 2015-06-10 10:31:45.300965335 +0200
@@ -598,7 +598,12 @@ cupsdCloseClient(cupsd_client_t *con) /*
httpClearCookie(HTTP(con));
httpClearFields(HTTP(con));
- cupsdClearString(&con->filename);
+ if (con->filename)
+ {
+ unlink(con->filename);
+ cupsdClearString(&con->filename);
+ }
+
cupsdClearString(&con->command);
cupsdClearString(&con->options);
cupsdClearString(&con->query_string);
diff -up cups-1.7.5/scheduler/env.c.str4609 cups-1.7.5/scheduler/env.c
--- cups-1.7.5/scheduler/env.c.str4609 2015-06-10 10:31:45.208965629 +0200
+++ cups-1.7.5/scheduler/env.c 2015-06-10 10:31:45.300965335 +0200
@@ -131,6 +131,13 @@ cupsdSetEnv(const char *name, /* I - Na
return;
/*
+ * Do not allow dynamic linker variables when running as root...
+ */
+
+ if (!RunUser && (!strncmp(name, "DYLD_", 5) || !strncmp(name, "LD_", 3)))
+ return;
+
+ /*
* See if this variable has already been defined...
*/
diff -up cups-1.7.5/scheduler/ipp.c.str4609 cups-1.7.5/scheduler/ipp.c
--- cups-1.7.5/scheduler/ipp.c.str4609 2015-06-10 10:31:45.287965377 +0200
+++ cups-1.7.5/scheduler/ipp.c 2015-06-10 10:31:45.299965339 +0200
@@ -412,8 +412,7 @@ cupsdProcessIPPRequest(
* Remote unauthenticated user masquerading as local root...
*/
- _cupsStrFree(username->values[0].string.text);
- username->values[0].string.text = _cupsStrAlloc(RemoteRoot);
+ ippSetString(con->request, &username, 0, RemoteRoot);
}
}
@@ -1576,7 +1575,7 @@ add_job(cupsd_client_t *con, /* I - Cl
cupsdSetString(&job->username, con->username);
if (attr)
- cupsdSetString(&attr->values[0].string.text, con->username);
+ ippSetString(job->attrs, &attr, 0, con->username);
}
else if (attr)
{
@@ -1594,9 +1593,8 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name", NULL, job->username);
else
{
- attr->group_tag = IPP_TAG_JOB;
- _cupsStrFree(attr->name);
- attr->name = _cupsStrAlloc("job-originating-user-name");
+ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB);
+ ippSetName(job->attrs, &attr, "job-originating-user-name");
}
if (con->username[0] || auth_info)
@@ -1630,48 +1628,11 @@ add_job(cupsd_client_t *con, /* I - Cl
* Also, we can only have 1 value and it must be a name value.
*/
- switch (attr->value_tag)
- {
- case IPP_TAG_STRING :
- case IPP_TAG_TEXTLANG :
- case IPP_TAG_NAMELANG :
- case IPP_TAG_TEXT :
- case IPP_TAG_NAME :
- case IPP_TAG_KEYWORD :
- case IPP_TAG_URI :
- case IPP_TAG_URISCHEME :
- case IPP_TAG_CHARSET :
- case IPP_TAG_LANGUAGE :
- case IPP_TAG_MIMETYPE :
- /*
- * Free old strings...
- */
-
- for (i = 0; i < attr->num_values; i ++)
- {
- _cupsStrFree(attr->values[i].string.text);
- attr->values[i].string.text = NULL;
- if (attr->values[i].string.language)
- {
- _cupsStrFree(attr->values[i].string.language);
- attr->values[i].string.language = NULL;
- }
- }
-
- default :
- break;
- }
-
- /*
- * Use the default connection hostname instead...
- */
-
- attr->value_tag = IPP_TAG_NAME;
- attr->num_values = 1;
- attr->values[0].string.text = _cupsStrAlloc(con->http.hostname);
+ ippDeleteAttribute(job->attrs, attr);
+ ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-originating-host-name", NULL, con->http.hostname);
}
-
- attr->group_tag = IPP_TAG_JOB;
+ else
+ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB);
}
else
{
@@ -1767,8 +1728,8 @@ add_job(cupsd_client_t *con, /* I - Cl
attr = ippAddStrings(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-sheets",
2, NULL, NULL);
- attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);
- attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);
+ ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
+ ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
job->job_sheets = attr;
@@ -1794,7 +1755,7 @@ add_job(cupsd_client_t *con, /* I - Cl
* Force the leading banner to have the classification on it...
*/
- cupsdSetString(&attr->values[0].string.text, Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,none\", "
@@ -1811,7 +1772,7 @@ add_job(cupsd_client_t *con, /* I - Cl
* Can't put two different security markings on the same document!
*/
- cupsdSetString(&attr->values[1].string.text, attr->values[0].string.text);
+ ippSetString(job->attrs, &attr, 1, attr->values[0].string.text);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,%s\", "
@@ -1851,18 +1812,18 @@ add_job(cupsd_client_t *con, /* I - Cl
if (attr->num_values > 1 &&
!strcmp(attr->values[0].string.text, attr->values[1].string.text))
{
- cupsdSetString(&(attr->values[0].string.text), Classification);
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
+ ippSetString(job->attrs, &attr, 1, Classification);
}
else
{
if (attr->num_values == 1 ||
strcmp(attr->values[0].string.text, "none"))
- cupsdSetString(&(attr->values[0].string.text), Classification);
+ ippSetString(job->attrs, &attr, 0, Classification);
if (attr->num_values > 1 &&
strcmp(attr->values[1].string.text, "none"))
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ ippSetString(job->attrs, &attr, 1, Classification);
}
if (attr->num_values > 1)
@@ -3098,8 +3059,8 @@ authenticate_job(cupsd_client_t *con, /
if (attr)
{
- attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
}
/*
@@ -8224,11 +8185,7 @@ print_job(cupsd_client_t *con, /* I -
filetype->type);
if (format)
- {
- _cupsStrFree(format->values[0].string.text);
-
- format->values[0].string.text = _cupsStrAlloc(mimetype);
- }
+ ippSetString(con->request, &format, 0, mimetype);
else
ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_MIMETYPE,
"document-format", NULL, mimetype);
@@ -8765,10 +8722,8 @@ release_job(cupsd_client_t *con, /* I -
if (attr)
{
- _cupsStrFree(attr->values[0].string.text);
-
- attr->value_tag = IPP_TAG_KEYWORD;
- attr->values[0].string.text = _cupsStrAlloc("no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED, cupsdFindDest(job->dest), job,
"Job job-hold-until value changed by user.");
@@ -9461,11 +9416,7 @@ send_document(cupsd_client_t *con, /* I
if ((jformat = ippFindAttribute(job->attrs, "document-format",
IPP_TAG_MIMETYPE)) != NULL)
- {
- _cupsStrFree(jformat->values[0].string.text);
-
- jformat->values[0].string.text = _cupsStrAlloc(mimetype);
- }
+ ippSetString(job->attrs, &jformat, 0, mimetype);
else
ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_MIMETYPE,
"document-format", NULL, mimetype);
diff -up cups-1.7.5/scheduler/job.c.str4609 cups-1.7.5/scheduler/job.c
--- cups-1.7.5/scheduler/job.c.str4609 2015-06-10 10:31:45.288965374 +0200
+++ cups-1.7.5/scheduler/job.c 2015-06-10 10:31:45.299965339 +0200
@@ -375,7 +375,7 @@ cupsdCheckJobs(void)
if ((attr = ippFindAttribute(job->attrs, "job-actual-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&attr->values[0].string.text, printer->uri);
+ ippSetString(job->attrs, &attr, 0, printer->uri);
else
ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_URI,
"job-actual-printer-uri", NULL, printer->uri);
@@ -2109,7 +2109,7 @@ cupsdMoveJob(cupsd_job_t *job, /* I
if ((attr = ippFindAttribute(job->attrs, "job-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&(attr->values[0].string.text), p->uri);
+ ippSetString(job->attrs, &attr, 0, p->uri);
cupsdAddEvent(CUPSD_EVENT_JOB_STOPPED, p, job,
"Job #%d moved from %s to %s.", job->id, olddest,
@@ -2306,7 +2306,7 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /
attr = ippFindAttribute(job->attrs, "job-hold-until", IPP_TAG_NAME);
if (attr)
- cupsdSetString(&(attr->values[0].string.text), when);
+ ippSetString(job->attrs, &attr, 0, when);
else
attr = ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_KEYWORD,
"job-hold-until", NULL, when);
@@ -2560,8 +2560,8 @@ cupsdSetJobState(
if (attr)
{
- attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD);
+ ippSetString(job->attrs, &attr, 0, "no-hold");
}
default :
@@ -4598,7 +4598,7 @@ start_job(cupsd_job_t *job, /* I -
"job-printer-state-message",
IPP_TAG_TEXT);
if (job->printer_message)
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ ippSetString(job->attrs, &job->printer_message, 0, "");
ippSetString(job->attrs, &job->reasons, 0, "job-printing");
cupsdSetJobState(job, IPP_JOB_PROCESSING, CUPSD_JOB_DEFAULT, NULL);
@@ -5216,15 +5216,14 @@ update_job_attrs(cupsd_job_t *job, /* I
if (job->state_value != IPP_JOB_PROCESSING &&
job->status_level == CUPSD_LOG_INFO)
{
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ ippSetString(job->attrs, &job->printer_message, 0, "");
job->dirty = 1;
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
}
else if (job->printer->state_message[0] && do_message)
{
- cupsdSetString(&(job->printer_message->values[0].string.text),
- job->printer->state_message);
+ ippSetString(job->attrs, &job->printer_message, 0, job->printer->state_message);
job->dirty = 1;
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
diff -up cups-1.7.5/scheduler/main.c.str4609 cups-1.7.5/scheduler/main.c
--- cups-1.7.5/scheduler/main.c.str4609 2015-06-10 10:31:45.265965447 +0200
+++ cups-1.7.5/scheduler/main.c 2015-06-10 10:31:45.300965335 +0200
@@ -1205,8 +1205,8 @@ cupsdAddString(cups_array_t **a, /* IO -
if (!*a)
*a = cupsArrayNew3((cups_array_func_t)strcmp, NULL,
(cups_ahash_func_t)NULL, 0,
- (cups_acopy_func_t)_cupsStrAlloc,
- (cups_afree_func_t)_cupsStrFree);
+ (cups_acopy_func_t)strdup,
+ (cups_afree_func_t)free);
return (cupsArrayAdd(*a, (char *)s));
}
@@ -1236,7 +1236,7 @@ cupsdClearString(char **s) /* O - Strin
{
if (s && *s)
{
- _cupsStrFree(*s);
+ free(*s);
*s = NULL;
}
}
@@ -1317,10 +1317,10 @@ cupsdSetString(char **s, /* O - N
return;
if (*s)
- _cupsStrFree(*s);
+ free(*s);
if (v)
- *s = _cupsStrAlloc(v);
+ *s = strdup(v);
else
*s = NULL;
}
@@ -1351,13 +1351,13 @@ cupsdSetStringf(char **s, /* O -
vsnprintf(v, sizeof(v), f, ap);
va_end(ap);
- *s = _cupsStrAlloc(v);
+ *s = strdup(v);
}
else
*s = NULL;
if (olds)
- _cupsStrFree(olds);
+ free(olds);
}
@@ -1804,8 +1804,7 @@ process_children(void)
}
if (job->printer_message)
- cupsdSetString(&(job->printer_message->values[0].string.text),
- message);
+ ippSetString(job->attrs, &job->printer_message, 0, message);
}
}