- Applied patch to fix CVE-2009-0163 (bug #490596).
- Applied patch to fix CVE-2009-0164 (bug #490597).
This commit is contained in:
parent
ec68565eae
commit
046ffba366
14
cups-CVE-2009-0163.patch
Normal file
14
cups-CVE-2009-0163.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -up cups-1.4b2-svn8404/filter/image-private.h.CVE-2009-0163 cups-1.4b2-svn8404/filter/image-private.h
|
||||
--- cups-1.4b2-svn8404/filter/image-private.h.CVE-2009-0163 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/filter/image-private.h 2009-04-17 16:21:52.000000000 +0100
|
||||
@@ -40,8 +40,8 @@
|
||||
|
||||
# define CUPS_IMAGE_MAX_WIDTH 0x07ffffff
|
||||
/* 2^27-1 to allow for 15-channel data */
|
||||
-# define CUPS_IMAGE_MAX_HEIGHT 0x7fffffff
|
||||
- /* 2^31-1 */
|
||||
+# define CUPS_IMAGE_MAX_HEIGHT 0x3fffffff
|
||||
+ /* 2^30-1 */
|
||||
|
||||
# define CUPS_TILE_SIZE 256 /* 256x256 pixel tiles */
|
||||
# define CUPS_TILE_MINIMUM 10 /* Minimum number of tiles */
|
653
cups-CVE-2009-0164.patch
Normal file
653
cups-CVE-2009-0164.patch
Normal file
@ -0,0 +1,653 @@
|
||||
diff -up cups-1.4b2-svn8404/CHANGES-1.3.txt.CVE-2009-0164 cups-1.4b2-svn8404/CHANGES-1.3.txt
|
||||
--- cups-1.4b2-svn8404/CHANGES-1.3.txt.CVE-2009-0164 2009-03-05 10:54:00.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/CHANGES-1.3.txt 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -69,11 +69,6 @@ CHANGES IN CUPS V1.3.10
|
||||
- The scheduler now rejects ATTR: messages with empty values.
|
||||
- The scheduler could consume all CPU handling closed connections
|
||||
(STR #2988)
|
||||
- - The scheduler now protects against DNS rebinding attacks on
|
||||
- localhost.
|
||||
- - SECURITY: The PNG image reading code did not validate the
|
||||
- image size properly, leading to a potential buffer overflow
|
||||
- (STR #2974)
|
||||
- Fixed some configure script bugs with rc/xinetd directories
|
||||
(STR #2970)
|
||||
- The Epson sample driver PPDs contained errors (STR #2979)
|
||||
diff -up cups-1.4b2-svn8404/cups/http-addr.c.CVE-2009-0164 cups-1.4b2-svn8404/cups/http-addr.c
|
||||
--- cups-1.4b2-svn8404/cups/http-addr.c.CVE-2009-0164 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/cups/http-addr.c 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -154,7 +154,7 @@ httpAddrLocalhost(
|
||||
#endif /* AF_LOCAL */
|
||||
|
||||
if (addr->addr.sa_family == AF_INET &&
|
||||
- ntohl(addr->ipv4.sin_addr.s_addr) == 0x7f000001)
|
||||
+ (ntohl(addr->ipv4.sin_addr.s_addr) & 0xff000000) == 0x7f000000)
|
||||
return (1);
|
||||
|
||||
return (0);
|
||||
diff -up cups-1.4b2-svn8404/cups/http.c.CVE-2009-0164 cups-1.4b2-svn8404/cups/http.c
|
||||
--- cups-1.4b2-svn8404/cups/http.c.CVE-2009-0164 2009-04-17 16:47:18.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/cups/http.c 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -1842,18 +1842,35 @@ httpSetField(http_t *http, /* I -
|
||||
|
||||
strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
|
||||
|
||||
- /*
|
||||
- * Special case for Authorization: as its contents can be
|
||||
- * longer than HTTP_MAX_VALUE
|
||||
- */
|
||||
-
|
||||
if (field == HTTP_FIELD_AUTHORIZATION)
|
||||
{
|
||||
+ /*
|
||||
+ * Special case for Authorization: as its contents can be
|
||||
+ * longer than HTTP_MAX_VALUE
|
||||
+ */
|
||||
+
|
||||
if (http->field_authorization)
|
||||
free(http->field_authorization);
|
||||
|
||||
http->field_authorization = strdup(value);
|
||||
}
|
||||
+ else if (field == HTTP_FIELD_HOST)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Special-case for Host: as we don't want a trailing "." on the hostname.
|
||||
+ */
|
||||
+
|
||||
+ char *ptr = http->fields[HTTP_FIELD_HOST];
|
||||
+ /* Pointer into Host: field */
|
||||
+
|
||||
+ if (*ptr)
|
||||
+ {
|
||||
+ ptr += strlen(ptr) - 1;
|
||||
+
|
||||
+ if (*ptr == '.')
|
||||
+ *ptr = '\0';
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
|
||||
diff -up cups-1.4b2-svn8404/man/cupsd.conf.man.in.CVE-2009-0164 cups-1.4b2-svn8404/man/cupsd.conf.man.in
|
||||
--- cups-1.4b2-svn8404/man/cupsd.conf.man.in.CVE-2009-0164 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/man/cupsd.conf.man.in 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -617,6 +617,11 @@ ServerAdmin user@domain.com
|
||||
.br
|
||||
Specifies the email address of the server administrator.
|
||||
.TP 5
|
||||
+ServerAlias hostname
|
||||
+.br
|
||||
+Specifies an alternate name that the server is known by. The special name "*"
|
||||
+allows any name to be used.
|
||||
+.TP 5
|
||||
ServerBin directory
|
||||
.br
|
||||
Specifies the directory where backends, CGIs, daemons, and filters may
|
||||
diff -up cups-1.4b2-svn8404/scheduler/client.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/client.c
|
||||
--- cups-1.4b2-svn8404/scheduler/client.c.CVE-2009-0164 2009-03-05 10:54:00.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/client.c 2009-04-17 16:47:48.000000000 +0100
|
||||
@@ -39,6 +39,7 @@
|
||||
* is_path_absolute() - Is a path absolute and free of relative elements.
|
||||
* make_certificate() - Make a self-signed SSL/TLS certificate.
|
||||
* pipe_command() - Pipe the output of a command to the remote client.
|
||||
+ * valid_host() - Is the Host: field valid?
|
||||
* write_file() - Send a file via HTTP.
|
||||
* write_pipe() - Flag that data is available on the CGI pipe.
|
||||
*/
|
||||
@@ -108,6 +109,7 @@ static int make_certificate(cupsd_clien
|
||||
#endif /* HAVE_SSL */
|
||||
static int pipe_command(cupsd_client_t *con, int infile, int *outfile,
|
||||
char *command, char *options, int root);
|
||||
+static int valid_host(cupsd_client_t *con);
|
||||
static int write_file(cupsd_client_t *con, http_status_t code,
|
||||
char *filename, char *type,
|
||||
struct stat *filestats);
|
||||
@@ -1129,13 +1131,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
return;
|
||||
}
|
||||
}
|
||||
- else if (httpAddrLocalhost(con->http.hostaddr) &&
|
||||
- strcasecmp(con->http.fields[HTTP_FIELD_HOST], "localhost") &&
|
||||
- strncasecmp(con->http.fields[HTTP_FIELD_HOST], "localhost:", 10) &&
|
||||
- strcmp(con->http.fields[HTTP_FIELD_HOST], "127.0.0.1") &&
|
||||
- strncmp(con->http.fields[HTTP_FIELD_HOST], "127.0.0.1:", 10) &&
|
||||
- strcmp(con->http.fields[HTTP_FIELD_HOST], "[::1]") &&
|
||||
- strncmp(con->http.fields[HTTP_FIELD_HOST], "[::1]:", 6))
|
||||
+ else if (!valid_host(con))
|
||||
{
|
||||
/*
|
||||
* Access to localhost must use "localhost" or the corresponding IPv4
|
||||
@@ -3278,6 +3274,10 @@ get_cdsa_certificate(cupsd_client_t *con
|
||||
ssl_options.ServerName = con->servername;
|
||||
ssl_options.ServerNameLen = strlen(con->servername);
|
||||
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
|
||||
+ "get_cdsa_certificate: Looking for certs for \"%s\"...",
|
||||
+ con->servername);
|
||||
+
|
||||
options.Data = (uint8 *)&ssl_options;
|
||||
options.Length = sizeof(ssl_options);
|
||||
|
||||
@@ -3970,7 +3970,7 @@ make_certificate(cupsd_client_t *con) /*
|
||||
envp[envc] = NULL;
|
||||
|
||||
if (!cupsdStartProcess(command, argv, envp, -1, -1, -1, -1, -1, 1, NULL, 0,
|
||||
- &pid))
|
||||
+ NULL, &pid))
|
||||
{
|
||||
unlink(seedfile);
|
||||
return (0);
|
||||
@@ -4862,6 +4862,165 @@ pipe_command(cupsd_client_t *con, /* I -
|
||||
|
||||
|
||||
/*
|
||||
+ * 'valid_host()' - Is the Host: field valid?
|
||||
+ */
|
||||
+
|
||||
+static int /* O - 1 if valid, 0 if not */
|
||||
+valid_host(cupsd_client_t *con) /* I - Client connection */
|
||||
+{
|
||||
+ cupsd_alias_t *a; /* Current alias */
|
||||
+ cupsd_netif_t *netif; /* Current network interface */
|
||||
+ const char *host, /* Host field */
|
||||
+ *end; /* End character */
|
||||
+
|
||||
+
|
||||
+ host = con->http.fields[HTTP_FIELD_HOST];
|
||||
+
|
||||
+ if (httpAddrLocalhost(con->http.hostaddr))
|
||||
+ {
|
||||
+ /*
|
||||
+ * Only allow "localhost" or the equivalent IPv4 or IPv6 numerical
|
||||
+ * addresses when accessing CUPS via the loopback interface...
|
||||
+ */
|
||||
+
|
||||
+ return (!strcasecmp(host, "localhost") ||
|
||||
+ !strncasecmp(host, "localhost:", 10) ||
|
||||
+ !strcasecmp(host, "localhost.") ||
|
||||
+ !strncasecmp(host, "localhost.:", 11) ||
|
||||
+#ifdef __linux
|
||||
+ !strcasecmp(host, "localhost.localdomain") ||
|
||||
+ !strncasecmp(host, "localhost.localdomain:", 22) ||
|
||||
+#endif /* __linux */
|
||||
+ !strcmp(host, "127.0.0.1") ||
|
||||
+ !strncmp(host, "127.0.0.1:", 10) ||
|
||||
+ !strcmp(host, "[::1]") ||
|
||||
+ !strncmp(host, "[::1]:", 6));
|
||||
+ }
|
||||
+
|
||||
+#ifdef HAVE_DNSSD
|
||||
+ /*
|
||||
+ * Check if the hostname is something.local (Bonjour); if so, allow it.
|
||||
+ */
|
||||
+
|
||||
+ if ((end = strrchr(host, '.')) != NULL &&
|
||||
+ (!strcasecmp(end, ".local") || !strncasecmp(end, ".local:", 7) ||
|
||||
+ !strcasecmp(end, ".local.") || !strncasecmp(end, ".local.:", 8)))
|
||||
+ return (1);
|
||||
+#endif /* HAVE_DNSSD */
|
||||
+
|
||||
+ /*
|
||||
+ * Check if the hostname is an IP address...
|
||||
+ */
|
||||
+
|
||||
+ if (isdigit(*host & 255) || *host == '[')
|
||||
+ {
|
||||
+ /*
|
||||
+ * Possible IPv4/IPv6 address...
|
||||
+ */
|
||||
+
|
||||
+ char temp[1024], /* Temporary string */
|
||||
+ *ptr; /* Pointer into temporary string */
|
||||
+ http_addrlist_t *addrlist; /* List of addresses */
|
||||
+
|
||||
+
|
||||
+ strlcpy(temp, host, sizeof(temp));
|
||||
+ if ((ptr = strrchr(temp, ':')) != NULL && !strchr(ptr, ']'))
|
||||
+ *ptr = '\0'; /* Strip :port from host value */
|
||||
+
|
||||
+ if ((addrlist = httpAddrGetList(temp, AF_UNSPEC, NULL)) != NULL)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Good IPv4/IPv6 address...
|
||||
+ */
|
||||
+
|
||||
+ httpAddrFreeList(addrlist);
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Check for (alias) name matches...
|
||||
+ */
|
||||
+
|
||||
+ for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
|
||||
+ a;
|
||||
+ a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
|
||||
+ {
|
||||
+ /*
|
||||
+ * "ServerAlias *" allows all host values through...
|
||||
+ */
|
||||
+
|
||||
+ if (!strcmp(a->name, "*"))
|
||||
+ return (1);
|
||||
+
|
||||
+ if (!strncasecmp(host, a->name, a->namelen))
|
||||
+ {
|
||||
+ /*
|
||||
+ * Prefix matches; check the character at the end - it must be ":", ".",
|
||||
+ * ".:", or nul...
|
||||
+ */
|
||||
+
|
||||
+ end = host + a->namelen;
|
||||
+
|
||||
+ if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#ifdef HAVE_DNSSD
|
||||
+ for (a = (cupsd_alias_t *)cupsArrayFirst(DNSSDAlias);
|
||||
+ a;
|
||||
+ a = (cupsd_alias_t *)cupsArrayNext(DNSSDAlias))
|
||||
+ {
|
||||
+ /*
|
||||
+ * "ServerAlias *" allows all host values through...
|
||||
+ */
|
||||
+
|
||||
+ if (!strcmp(a->name, "*"))
|
||||
+ return (1);
|
||||
+
|
||||
+ if (!strncasecmp(host, a->name, a->namelen))
|
||||
+ {
|
||||
+ /*
|
||||
+ * Prefix matches; check the character at the end - it must be ":", ".",
|
||||
+ * ".:", or nul...
|
||||
+ */
|
||||
+
|
||||
+ end = host + a->namelen;
|
||||
+
|
||||
+ if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* HAVE_DNSSD */
|
||||
+
|
||||
+ /*
|
||||
+ * Check for interface hostname matches...
|
||||
+ */
|
||||
+
|
||||
+ for (netif = (cupsd_netif_t *)cupsArrayFirst(NetIFList);
|
||||
+ netif;
|
||||
+ netif = (cupsd_netif_t *)cupsArrayNext(NetIFList))
|
||||
+ {
|
||||
+ if (!strncasecmp(host, netif->hostname, netif->hostlen))
|
||||
+ {
|
||||
+ /*
|
||||
+ * Prefix matches; check the character at the end - it must be ":", ".",
|
||||
+ * ".:", or nul...
|
||||
+ */
|
||||
+
|
||||
+ end = host + netif->hostlen;
|
||||
+
|
||||
+ if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
|
||||
+ return (1);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return (0);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* 'write_file()' - Send a file via HTTP.
|
||||
*/
|
||||
|
||||
diff -up cups-1.4b2-svn8404/scheduler/conf.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/conf.c
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.c.CVE-2009-0164 2009-04-17 16:47:18.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.c 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -14,13 +14,15 @@
|
||||
*
|
||||
* Contents:
|
||||
*
|
||||
+ * cupsdAddAlias() - Add a host alias.
|
||||
* cupsdCheckPermissions() - Fix the mode and ownership of a file or
|
||||
* directory.
|
||||
+ * cupsdFreeAliases() - Free all of the alias entries.
|
||||
* cupsdReadConfiguration() - Read the cupsd.conf file.
|
||||
* get_address() - Get an address + port number from a line.
|
||||
* get_addr_and_mask() - Get an IP address and netmask.
|
||||
- * parse_aaa() - Parse authentication, authorization, and
|
||||
- * access control lines.
|
||||
+ * parse_aaa() - Parse authentication, authorization, and access
|
||||
+ * control lines.
|
||||
* parse_fatal_errors() - Parse FatalErrors values in a string.
|
||||
* parse_groups() - Parse system group names in a string.
|
||||
* parse_protocols() - Parse browse protocols in a string.
|
||||
@@ -197,6 +199,7 @@ static const unsigned zeros[4] =
|
||||
/*
|
||||
* Local functions...
|
||||
*/
|
||||
+
|
||||
static http_addrlist_t *get_address(const char *value, int defport);
|
||||
static int get_addr_and_mask(const char *value, unsigned *ip,
|
||||
unsigned *mask);
|
||||
@@ -211,6 +214,30 @@ static int read_policy(cups_file_t *fp,
|
||||
|
||||
|
||||
/*
|
||||
+ * 'cupsdAddAlias()' - Add a host alias.
|
||||
+ */
|
||||
+
|
||||
+void
|
||||
+cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
|
||||
+ const char *name) /* I - Name to add */
|
||||
+{
|
||||
+ cupsd_alias_t *a; /* New alias */
|
||||
+ size_t namelen; /* Length of name */
|
||||
+
|
||||
+
|
||||
+ namelen = strlen(name);
|
||||
+
|
||||
+ if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
|
||||
+ return;
|
||||
+
|
||||
+ a->namelen = namelen;
|
||||
+ strcpy(a->name, name); /* OK since a->name is allocated */
|
||||
+
|
||||
+ cupsArrayAdd(aliases, a);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
|
||||
*/
|
||||
|
||||
@@ -362,6 +389,25 @@ cupsdCheckPermissions(
|
||||
|
||||
|
||||
/*
|
||||
+ * 'cupsdFreeAliases()' - Free all of the alias entries.
|
||||
+ */
|
||||
+
|
||||
+void
|
||||
+cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
|
||||
+{
|
||||
+ cupsd_alias_t *a; /* Current alias */
|
||||
+
|
||||
+
|
||||
+ for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
|
||||
+ a;
|
||||
+ a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
|
||||
+ free(a);
|
||||
+
|
||||
+ cupsArrayDelete(aliases);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* 'cupsdReadConfiguration()' - Read the cupsd.conf file.
|
||||
*/
|
||||
|
||||
@@ -433,6 +479,9 @@ cupsdReadConfiguration(void)
|
||||
* String options...
|
||||
*/
|
||||
|
||||
+ cupsdFreeAliases(ServerAlias);
|
||||
+ ServerAlias = NULL;
|
||||
+
|
||||
cupsdClearString(&ServerName);
|
||||
cupsdClearString(&ServerAdmin);
|
||||
cupsdSetString(&ServerBin, CUPS_SERVERBIN);
|
||||
@@ -674,9 +723,7 @@ cupsdReadConfiguration(void)
|
||||
|
||||
if (!ServerName)
|
||||
{
|
||||
- if (HostNameLookups || RemoteAccessEnabled)
|
||||
- httpGetHostname(NULL, temp, sizeof(temp));
|
||||
- else if (gethostname(temp, sizeof(temp)))
|
||||
+ if (gethostname(temp, sizeof(temp)))
|
||||
{
|
||||
cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
|
||||
strerror(errno));
|
||||
@@ -684,6 +731,50 @@ cupsdReadConfiguration(void)
|
||||
}
|
||||
|
||||
cupsdSetString(&ServerName, temp);
|
||||
+
|
||||
+ if (!ServerAlias)
|
||||
+ ServerAlias = cupsArrayNew(NULL, NULL);
|
||||
+
|
||||
+ cupsdAddAlias(ServerAlias, temp);
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
|
||||
+
|
||||
+ if (HostNameLookups || RemoteAccessEnabled)
|
||||
+ {
|
||||
+ struct hostent *host; /* Host entry to get FQDN */
|
||||
+
|
||||
+ if ((host = gethostbyname(temp)) != NULL)
|
||||
+ {
|
||||
+ if (strcasecmp(temp, host->h_name))
|
||||
+ {
|
||||
+ cupsdSetString(&ServerName, host->h_name);
|
||||
+ cupsdAddAlias(ServerAlias, host->h_name);
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
|
||||
+ host->h_name);
|
||||
+ }
|
||||
+
|
||||
+ if (host->h_aliases)
|
||||
+ {
|
||||
+ for (i = 0; host->h_aliases[i]; i ++)
|
||||
+ if (strcasecmp(temp, host->h_aliases[i]))
|
||||
+ {
|
||||
+ cupsdAddAlias(ServerAlias, host->h_aliases[i]);
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
|
||||
+ host->h_aliases[i]);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Make sure we have the base hostname added as an alias, too!
|
||||
+ */
|
||||
+
|
||||
+ if ((slash = strchr(temp, '.')) != NULL)
|
||||
+ {
|
||||
+ *slash = '\0';
|
||||
+ cupsdAddAlias(ServerAlias, temp);
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
|
||||
+ }
|
||||
}
|
||||
|
||||
for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
|
||||
@@ -3278,6 +3369,13 @@ read_configuration(cups_file_t *fp) /* I
|
||||
break;
|
||||
}
|
||||
}
|
||||
+ else if (!strcasecmp(line, "ServerAlias") && value)
|
||||
+ {
|
||||
+ if (!ServerAlias)
|
||||
+ ServerAlias = cupsArrayNew(NULL, NULL);
|
||||
+
|
||||
+ cupsdAddAlias(ServerAlias, value);
|
||||
+ }
|
||||
else if (!strcasecmp(line, "SetEnv") && value)
|
||||
{
|
||||
/*
|
||||
diff -up cups-1.4b2-svn8404/scheduler/conf.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/conf.h
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.h.CVE-2009-0164 2009-04-17 16:47:18.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.h 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -82,6 +82,17 @@ typedef enum
|
||||
|
||||
|
||||
/*
|
||||
+ * ServerAlias data...
|
||||
+ */
|
||||
+
|
||||
+typedef struct
|
||||
+{
|
||||
+ size_t namelen; /* Length of alias name */
|
||||
+ char name[1]; /* Alias name */
|
||||
+} cupsd_alias_t;
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* Globals...
|
||||
*/
|
||||
|
||||
@@ -105,6 +116,8 @@ VAR char *ConfigurationFile VALUE(NULL)
|
||||
/* Directory for request files */
|
||||
*DocumentRoot VALUE(NULL);
|
||||
/* Root directory for documents */
|
||||
+VAR cups_array_t *ServerAlias VALUE(NULL);
|
||||
+ /* Alias names for server */
|
||||
VAR int RemoteAccessEnabled VALUE(0),
|
||||
/* Are we listening on non-local addresses? */
|
||||
ServerNameIsIP VALUE(0);
|
||||
@@ -269,10 +282,12 @@ VAR char *SystemGroupAuthKey VALUE(NULL
|
||||
* Prototypes...
|
||||
*/
|
||||
|
||||
+extern void cupsdAddAlias(cups_array_t *aliases, const char *name);
|
||||
extern int cupsdCheckPermissions(const char *filename,
|
||||
const char *suffix, int mode,
|
||||
int user, int group, int is_dir,
|
||||
int create_dir);
|
||||
+extern void cupsdFreeAliases(cups_array_t *aliases);
|
||||
extern char *cupsdGetDateTime(struct timeval *t, cupsd_time_t format);
|
||||
#ifdef HAVE_GSSAPI
|
||||
extern int cupsdLogGSSMessage(int level, int major_status,
|
||||
diff -up cups-1.4b2-svn8404/scheduler/dirsvc.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/dirsvc.c
|
||||
--- cups-1.4b2-svn8404/scheduler/dirsvc.c.CVE-2009-0164 2009-04-17 16:47:18.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/dirsvc.c 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -38,6 +38,7 @@
|
||||
* cupsdUpdateLDAPBrowse() - Scan for new printers via LDAP...
|
||||
* cupsdUpdateSLPBrowse() - Get browsing information via SLP.
|
||||
* dequote() - Remote quotes from a string.
|
||||
+ * dnssdAddAlias() - Add a DNS-SD alias name.
|
||||
* dnssdBuildTxtRecord() - Build a TXT record from printer info.
|
||||
* dnssdComparePrinters() - Compare the registered names of two printers.
|
||||
* dnssdDeregisterPrinter() - Stop sending broadcast information for a
|
||||
@@ -155,6 +156,10 @@ static void update_smb(int onoff);
|
||||
|
||||
|
||||
#ifdef HAVE_DNSSD
|
||||
+# ifdef HAVE_COREFOUNDATION
|
||||
+static void dnssdAddAlias(const void *key, const void *value,
|
||||
+ void *context);
|
||||
+# endif /* HAVE_COREFOUNDATION */
|
||||
static char *dnssdBuildTxtRecord(int *txt_len, cupsd_printer_t *p,
|
||||
int for_lpd);
|
||||
static int dnssdComparePrinters(cupsd_printer_t *a, cupsd_printer_t *b);
|
||||
@@ -2199,6 +2204,38 @@ dequote(char *d, /* I - Destinat
|
||||
|
||||
|
||||
#ifdef HAVE_DNSSD
|
||||
+# ifdef HAVE_COREFOUNDATION
|
||||
+/*
|
||||
+ * 'dnssdAddAlias()' - Add a DNS-SD alias name.
|
||||
+ */
|
||||
+
|
||||
+static void
|
||||
+dnssdAddAlias(const void *key, /* I - Key */
|
||||
+ const void *value, /* I - Value (domain) */
|
||||
+ void *context) /* I - Unused */
|
||||
+{
|
||||
+ char valueStr[1024], /* Domain string */
|
||||
+ hostname[1024]; /* Complete hostname */
|
||||
+
|
||||
+
|
||||
+ (void)context;
|
||||
+
|
||||
+ if (CFGetTypeID((CFStringRef)value) == CFStringGetTypeID() &&
|
||||
+ CFStringGetCString((CFStringRef)value, valueStr, sizeof(valueStr),
|
||||
+ kCFStringEncodingUTF8))
|
||||
+ {
|
||||
+ snprintf(hostname, sizeof(hostname), "%s.%s", DNSSDName, valueStr);
|
||||
+ if (!DNSSDAlias)
|
||||
+ DNSSDAlias = cupsArrayNew(NULL, NULL);
|
||||
+
|
||||
+ cupsdAddAlias(DNSSDAlias, hostname);
|
||||
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Added Back to My Mac ServerAlias %s",
|
||||
+ hostname);
|
||||
+ }
|
||||
+}
|
||||
+# endif /* HAVE_COREFOUNDATION */
|
||||
+
|
||||
+
|
||||
/*
|
||||
* 'dnssdBuildTxtRecord()' - Build a TXT record from printer info.
|
||||
*/
|
||||
diff -up cups-1.4b2-svn8404/scheduler/dirsvc.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/dirsvc.h
|
||||
--- cups-1.4b2-svn8404/scheduler/dirsvc.h.CVE-2009-0164 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/dirsvc.h 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -4,7 +4,7 @@
|
||||
* Directory services definitions for the Common UNIX Printing System
|
||||
* (CUPS) scheduler.
|
||||
*
|
||||
- * Copyright 2007-2008 by Apple Inc.
|
||||
+ * Copyright 2007-2009 by Apple Inc.
|
||||
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
|
||||
*
|
||||
* These coded instructions, statements, and computer programs are the
|
||||
@@ -135,6 +135,8 @@ VAR cupsd_statbuf_t *PollStatusBuffer VA
|
||||
#ifdef HAVE_DNSSD
|
||||
VAR char *DNSSDName VALUE(NULL);
|
||||
/* Computer/server name */
|
||||
+VAR cups_array_t *DNSSDAlias VALUE(NULL);
|
||||
+ /* List of dynamic ServerAlias's */
|
||||
VAR int DNSSDPort VALUE(0);
|
||||
/* Port number to register */
|
||||
VAR cups_array_t *DNSSDPrinters VALUE(NULL);
|
||||
diff -up cups-1.4b2-svn8404/scheduler/network.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/network.c
|
||||
--- cups-1.4b2-svn8404/scheduler/network.c.CVE-2009-0164 2009-02-05 10:57:28.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/network.c 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -101,6 +101,7 @@ cupsdNetIFUpdate(void)
|
||||
struct ifaddrs *addrs, /* Interface address list */
|
||||
*addr; /* Current interface address */
|
||||
char hostname[1024]; /* Hostname for address */
|
||||
+ size_t hostlen; /* Length of hostname */
|
||||
|
||||
|
||||
/*
|
||||
@@ -176,8 +177,8 @@ cupsdNetIFUpdate(void)
|
||||
* Create a new address element...
|
||||
*/
|
||||
|
||||
- if ((temp = calloc(1, sizeof(cupsd_netif_t) +
|
||||
- strlen(hostname))) == NULL)
|
||||
+ hostlen = strlen(hostname);
|
||||
+ if ((temp = calloc(1, sizeof(cupsd_netif_t) + hostlen)) == NULL)
|
||||
break;
|
||||
|
||||
/*
|
||||
@@ -185,6 +186,7 @@ cupsdNetIFUpdate(void)
|
||||
*/
|
||||
|
||||
strlcpy(temp->name, addr->ifa_name, sizeof(temp->name));
|
||||
+ temp->hostlen = hostlen;
|
||||
strcpy(temp->hostname, hostname); /* Safe because hostname is allocated */
|
||||
|
||||
if (addr->ifa_addr->sa_family == AF_INET)
|
||||
diff -up cups-1.4b2-svn8404/scheduler/network.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/network.h
|
||||
--- cups-1.4b2-svn8404/scheduler/network.h.CVE-2009-0164 2008-12-03 15:39:53.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/network.h 2009-04-17 16:47:18.000000000 +0100
|
||||
@@ -4,7 +4,7 @@
|
||||
* Network interface definitions for the Common UNIX Printing System
|
||||
* (CUPS) scheduler.
|
||||
*
|
||||
- * Copyright 2007 by Apple Inc.
|
||||
+ * Copyright 2007-2009 by Apple Inc.
|
||||
* Copyright 1997-2006 by Easy Software Products, all rights reserved.
|
||||
*
|
||||
* These coded instructions, statements, and computer programs are the
|
||||
@@ -25,6 +25,7 @@ typedef struct cupsd_netif_s /**** Netw
|
||||
http_addr_t address, /* Network address */
|
||||
mask, /* Network mask */
|
||||
broadcast; /* Broadcast address */
|
||||
+ size_t hostlen; /* Length of hostname */
|
||||
char name[32], /* Network interface name */
|
||||
hostname[1]; /* Hostname associated with interface */
|
||||
} cupsd_netif_t;
|
100
cups-lspp.patch
100
cups-lspp.patch
@ -1,6 +1,6 @@
|
||||
diff -up cups-1.4b2-svn8404/config.h.in.lspp cups-1.4b2-svn8404/config.h.in
|
||||
--- cups-1.4b2-svn8404/config.h.in.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/config.h.in 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/config.h.in.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/config.h.in 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -626,6 +626,13 @@
|
||||
#undef HAVE_TCPD_H
|
||||
|
||||
@ -16,8 +16,8 @@ diff -up cups-1.4b2-svn8404/config.h.in.lspp cups-1.4b2-svn8404/config.h.in
|
||||
|
||||
/*
|
||||
diff -up /dev/null cups-1.4b2-svn8404/config-scripts/cups-lspp.m4
|
||||
--- /dev/null 2009-03-05 08:48:03.067001897 +0000
|
||||
+++ cups-1.4b2-svn8404/config-scripts/cups-lspp.m4 2009-03-05 11:40:03.000000000 +0000
|
||||
--- /dev/null 2009-04-17 08:56:26.038189487 +0100
|
||||
+++ cups-1.4b2-svn8404/config-scripts/cups-lspp.m4 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -0,0 +1,36 @@
|
||||
+dnl
|
||||
+dnl LSPP code for the Common UNIX Printing System (CUPS).
|
||||
@ -57,7 +57,7 @@ diff -up /dev/null cups-1.4b2-svn8404/config-scripts/cups-lspp.m4
|
||||
+fi
|
||||
diff -up cups-1.4b2-svn8404/configure.in.lspp cups-1.4b2-svn8404/configure.in
|
||||
--- cups-1.4b2-svn8404/configure.in.lspp 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/configure.in 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/configure.in 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -42,6 +42,8 @@ sinclude(config-scripts/cups-pap.m4)
|
||||
sinclude(config-scripts/cups-pdf.m4)
|
||||
sinclude(config-scripts/cups-scripting.m4)
|
||||
@ -69,7 +69,7 @@ diff -up cups-1.4b2-svn8404/configure.in.lspp cups-1.4b2-svn8404/configure.in
|
||||
LANGFILES=""
|
||||
diff -up cups-1.4b2-svn8404/cups/cups.h.lspp cups-1.4b2-svn8404/cups/cups.h
|
||||
--- cups-1.4b2-svn8404/cups/cups.h.lspp 2009-03-05 10:54:00.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/cups/cups.h 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/cups/cups.h 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -15,6 +15,9 @@
|
||||
* This file is subject to the Apple OS-Developed Software exception.
|
||||
*/
|
||||
@ -95,7 +95,7 @@ diff -up cups-1.4b2-svn8404/cups/cups.h.lspp cups-1.4b2-svn8404/cups/cups.h
|
||||
*/
|
||||
diff -up cups-1.4b2-svn8404/data/Makefile.lspp cups-1.4b2-svn8404/data/Makefile
|
||||
--- cups-1.4b2-svn8404/data/Makefile.lspp 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/data/Makefile 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/data/Makefile 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -25,7 +25,10 @@ BANNERS = \
|
||||
secret \
|
||||
standard \
|
||||
@ -109,8 +109,8 @@ diff -up cups-1.4b2-svn8404/data/Makefile.lspp cups-1.4b2-svn8404/data/Makefile
|
||||
CHARMAPS = \
|
||||
euc-cn.txt \
|
||||
diff -up /dev/null cups-1.4b2-svn8404/data/mls
|
||||
--- /dev/null 2009-03-05 08:48:03.067001897 +0000
|
||||
+++ cups-1.4b2-svn8404/data/mls 2009-03-05 11:40:03.000000000 +0000
|
||||
--- /dev/null 2009-04-17 08:56:26.038189487 +0100
|
||||
+++ cups-1.4b2-svn8404/data/mls 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -0,0 +1,261 @@
|
||||
+%!PS-Adobe-3.0
|
||||
+%%BoundingBox: 0 0 612 792
|
||||
@ -374,8 +374,8 @@ diff -up /dev/null cups-1.4b2-svn8404/data/mls
|
||||
+%
|
||||
+%%EOF
|
||||
diff -up /dev/null cups-1.4b2-svn8404/data/selinux
|
||||
--- /dev/null 2009-03-05 08:48:03.067001897 +0000
|
||||
+++ cups-1.4b2-svn8404/data/selinux 2009-03-05 11:40:03.000000000 +0000
|
||||
--- /dev/null 2009-04-17 08:56:26.038189487 +0100
|
||||
+++ cups-1.4b2-svn8404/data/selinux 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -0,0 +1,261 @@
|
||||
+%!PS-Adobe-3.0
|
||||
+%%BoundingBox: 0 0 612 792
|
||||
@ -639,8 +639,8 @@ diff -up /dev/null cups-1.4b2-svn8404/data/selinux
|
||||
+%
|
||||
+%%EOF
|
||||
diff -up /dev/null cups-1.4b2-svn8404/data/te
|
||||
--- /dev/null 2009-03-05 08:48:03.067001897 +0000
|
||||
+++ cups-1.4b2-svn8404/data/te 2009-03-05 11:40:03.000000000 +0000
|
||||
--- /dev/null 2009-04-17 08:56:26.038189487 +0100
|
||||
+++ cups-1.4b2-svn8404/data/te 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -0,0 +1,261 @@
|
||||
+%!PS-Adobe-3.0
|
||||
+%%BoundingBox: 0 0 612 792
|
||||
@ -905,7 +905,7 @@ diff -up /dev/null cups-1.4b2-svn8404/data/te
|
||||
+%%EOF
|
||||
diff -up cups-1.4b2-svn8404/filter/common.c.lspp cups-1.4b2-svn8404/filter/common.c
|
||||
--- cups-1.4b2-svn8404/filter/common.c.lspp 2008-12-03 15:39:53.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/filter/common.c 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/filter/common.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -30,6 +30,12 @@
|
||||
* Include necessary headers...
|
||||
*/
|
||||
@ -1075,8 +1075,8 @@ diff -up cups-1.4b2-svn8404/filter/common.c.lspp cups-1.4b2-svn8404/filter/commo
|
||||
|
||||
/*
|
||||
diff -up cups-1.4b2-svn8404/filter/pstops.c.lspp cups-1.4b2-svn8404/filter/pstops.c
|
||||
--- cups-1.4b2-svn8404/filter/pstops.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/filter/pstops.c 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/filter/pstops.c.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/filter/pstops.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -3239,6 +3239,18 @@ write_label_prolog(pstops_doc_t *doc, /*
|
||||
{
|
||||
const char *classification; /* CLASSIFICATION environment variable */
|
||||
@ -1233,8 +1233,8 @@ diff -up cups-1.4b2-svn8404/filter/pstops.c.lspp cups-1.4b2-svn8404/filter/pstop
|
||||
|
||||
/*
|
||||
diff -up cups-1.4b2-svn8404/Makedefs.in.lspp cups-1.4b2-svn8404/Makedefs.in
|
||||
--- cups-1.4b2-svn8404/Makedefs.in.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/Makedefs.in 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/Makedefs.in.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/Makedefs.in 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -146,7 +146,7 @@ LIBCUPSORDER = @LIBCUPSORDER@
|
||||
LIBCUPSIMAGEORDER = @LIBCUPSIMAGEORDER@
|
||||
LINKCUPS = @LINKCUPS@ $(SSLLIBS) $(DNSSDLIBS)
|
||||
@ -1254,17 +1254,17 @@ diff -up cups-1.4b2-svn8404/Makedefs.in.lspp cups-1.4b2-svn8404/Makedefs.in
|
||||
|
||||
.c.o:
|
||||
diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler/client.c
|
||||
--- cups-1.4b2-svn8404/scheduler/client.c.lspp 2009-03-05 10:54:00.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/client.c 2009-03-05 11:40:03.000000000 +0000
|
||||
@@ -41,6 +41,7 @@
|
||||
* pipe_command() - Pipe the output of a command to the remote client.
|
||||
--- cups-1.4b2-svn8404/scheduler/client.c.lspp 2009-04-17 16:48:03.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/client.c 2009-04-17 16:48:25.000000000 +0100
|
||||
@@ -42,6 +42,7 @@
|
||||
* valid_host() - Is the Host: field valid?
|
||||
* write_file() - Send a file via HTTP.
|
||||
* write_pipe() - Flag that data is available on the CGI pipe.
|
||||
+ * client_pid_to_auid() - Get the audit login uid of the client.
|
||||
*/
|
||||
|
||||
/*
|
||||
@@ -49,6 +50,7 @@
|
||||
@@ -50,6 +51,7 @@
|
||||
|
||||
#include "cupsd.h"
|
||||
|
||||
@ -1272,7 +1272,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
|
||||
#ifdef HAVE_CDSASSL
|
||||
# include <Security/Security.h>
|
||||
# ifdef HAVE_SECIDENTITYSEARCHPRIV_H
|
||||
@@ -81,6 +83,12 @@ extern const char *cssmErrorString(int e
|
||||
@@ -82,6 +84,12 @@ extern const char *cssmErrorString(int e
|
||||
# include <tcpd.h>
|
||||
#endif /* HAVE_TCPD_H */
|
||||
|
||||
@ -1285,7 +1285,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
|
||||
|
||||
/*
|
||||
* Local functions...
|
||||
@@ -381,6 +389,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
|
||||
@@ -383,6 +391,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
|
||||
}
|
||||
#endif /* HAVE_TCPD_H */
|
||||
|
||||
@ -1343,7 +1343,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
|
||||
#ifdef AF_INET6
|
||||
if (con->http.hostaddr->addr.sa_family == AF_INET6)
|
||||
cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: %d from %s:%d (IPv6)",
|
||||
@@ -772,6 +831,13 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
@@ -774,6 +833,13 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
mime_type_t *type; /* MIME type of file */
|
||||
cupsd_printer_t *p; /* Printer */
|
||||
static unsigned request_id = 0; /* Request ID for temp files */
|
||||
@ -1357,7 +1357,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
|
||||
|
||||
|
||||
status = HTTP_CONTINUE;
|
||||
@@ -2054,6 +2120,67 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
@@ -2050,6 +2116,67 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
fchmod(con->file, 0640);
|
||||
fchown(con->file, RunUser, Group);
|
||||
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
|
||||
@ -1478,7 +1478,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
|
||||
*/
|
||||
diff -up cups-1.4b2-svn8404/scheduler/client.h.lspp cups-1.4b2-svn8404/scheduler/client.h
|
||||
--- cups-1.4b2-svn8404/scheduler/client.h.lspp 2009-02-17 17:45:27.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/client.h 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/client.h 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -18,6 +18,13 @@
|
||||
#endif /* HAVE_AUTHORIZATION_H */
|
||||
|
||||
@ -1515,9 +1515,9 @@ diff -up cups-1.4b2-svn8404/scheduler/client.h.lspp cups-1.4b2-svn8404/scheduler
|
||||
|
||||
/*
|
||||
diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/conf.c
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.c 2009-03-05 11:40:03.000000000 +0000
|
||||
@@ -27,6 +27,7 @@
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.c.lspp 2009-04-17 16:48:03.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -29,6 +29,7 @@
|
||||
* read_configuration() - Read a configuration file.
|
||||
* read_location() - Read a <Location path> definition.
|
||||
* read_policy() - Read a <Policy name> definition.
|
||||
@ -1525,7 +1525,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
*/
|
||||
|
||||
/*
|
||||
@@ -48,6 +49,9 @@
|
||||
@@ -50,6 +51,9 @@
|
||||
# define INADDR_NONE 0xffffffff
|
||||
#endif /* !INADDR_NONE */
|
||||
|
||||
@ -1535,7 +1535,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
|
||||
/*
|
||||
* Configuration variable structure...
|
||||
@@ -169,6 +173,10 @@ static const cupsd_var_t variables[] =
|
||||
@@ -171,6 +175,10 @@ static const cupsd_var_t variables[] =
|
||||
# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
|
||||
{ "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
|
||||
# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
|
||||
@ -1546,7 +1546,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
#endif /* HAVE_SSL */
|
||||
{ "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
|
||||
{ "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
|
||||
@@ -382,6 +390,9 @@ cupsdReadConfiguration(void)
|
||||
@@ -428,6 +436,9 @@ cupsdReadConfiguration(void)
|
||||
const char *tmpdir; /* TMPDIR environment variable */
|
||||
struct stat tmpinfo; /* Temporary directory info */
|
||||
cupsd_policy_t *p; /* Policy */
|
||||
@ -1556,7 +1556,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
|
||||
|
||||
/*
|
||||
@@ -665,6 +676,25 @@ cupsdReadConfiguration(void)
|
||||
@@ -714,6 +725,25 @@ cupsdReadConfiguration(void)
|
||||
|
||||
RunUser = getuid();
|
||||
|
||||
@ -1582,7 +1582,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
|
||||
RemoteAccessEnabled ? "enabled" : "disabled");
|
||||
|
||||
@@ -981,11 +1011,23 @@ cupsdReadConfiguration(void)
|
||||
@@ -1072,11 +1102,23 @@ cupsdReadConfiguration(void)
|
||||
* Update classification setting as needed...
|
||||
*/
|
||||
|
||||
@ -1607,7 +1607,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
|
||||
/*
|
||||
* Check the MaxClients setting, and then allocate memory for it...
|
||||
@@ -3536,6 +3578,18 @@ read_location(cups_file_t *fp, /* I - C
|
||||
@@ -3634,6 +3676,18 @@ read_location(cups_file_t *fp, /* I - C
|
||||
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
|
||||
}
|
||||
|
||||
@ -1627,9 +1627,9 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
/*
|
||||
* 'read_policy()' - Read a <Policy name> definition.
|
||||
diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/conf.h
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.h.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.h 2009-03-05 11:40:03.000000000 +0000
|
||||
@@ -246,6 +246,12 @@ VAR char *ServerKey VALUE(NULL);
|
||||
--- cups-1.4b2-svn8404/scheduler/conf.h.lspp 2009-04-17 16:48:03.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/conf.h 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -259,6 +259,12 @@ VAR char *ServerKey VALUE(NULL);
|
||||
VAR int SSLOptions VALUE(CUPSD_SSL_NONE);
|
||||
/* SSL/TLS options */
|
||||
#endif /* HAVE_SSL */
|
||||
@ -1642,7 +1642,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
|
||||
#ifdef HAVE_LAUNCHD
|
||||
VAR int LaunchdTimeout VALUE(DEFAULT_KEEPALIVE);
|
||||
@@ -264,6 +270,9 @@ VAR char *SystemGroupAuthKey VALUE(NULL
|
||||
@@ -277,6 +283,9 @@ VAR char *SystemGroupAuthKey VALUE(NULL
|
||||
/* System group auth key */
|
||||
#endif /* HAVE_AUTHORIZATION_H */
|
||||
|
||||
@ -1653,8 +1653,8 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/c
|
||||
/*
|
||||
* Prototypes...
|
||||
diff -up cups-1.4b2-svn8404/scheduler/ipp.c.lspp cups-1.4b2-svn8404/scheduler/ipp.c
|
||||
--- cups-1.4b2-svn8404/scheduler/ipp.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/ipp.c 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/scheduler/ipp.c.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/ipp.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -41,6 +41,7 @@
|
||||
* cancel_all_jobs() - Cancel all print jobs.
|
||||
* cancel_job() - Cancel a print job.
|
||||
@ -2247,8 +2247,8 @@ diff -up cups-1.4b2-svn8404/scheduler/ipp.c.lspp cups-1.4b2-svn8404/scheduler/ip
|
||||
* Check the username against the owner...
|
||||
*/
|
||||
diff -up cups-1.4b2-svn8404/scheduler/job.c.lspp cups-1.4b2-svn8404/scheduler/job.c
|
||||
--- cups-1.4b2-svn8404/scheduler/job.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/job.c 2009-03-05 12:07:09.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/scheduler/job.c.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/job.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -65,6 +65,9 @@
|
||||
* update_job_attrs() - Update the job-printer-* attributes.
|
||||
*/
|
||||
@ -2643,7 +2643,7 @@ diff -up cups-1.4b2-svn8404/scheduler/job.c.lspp cups-1.4b2-svn8404/scheduler/jo
|
||||
*/
|
||||
diff -up cups-1.4b2-svn8404/scheduler/job.h.lspp cups-1.4b2-svn8404/scheduler/job.h
|
||||
--- cups-1.4b2-svn8404/scheduler/job.h.lspp 2009-03-05 10:54:00.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/job.h 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/job.h 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -13,6 +13,13 @@
|
||||
* file is missing or damaged, see the license at "http://www.cups.org/".
|
||||
*/
|
||||
@ -2670,8 +2670,8 @@ diff -up cups-1.4b2-svn8404/scheduler/job.h.lspp cups-1.4b2-svn8404/scheduler/jo
|
||||
|
||||
|
||||
diff -up cups-1.4b2-svn8404/scheduler/main.c.lspp cups-1.4b2-svn8404/scheduler/main.c
|
||||
--- cups-1.4b2-svn8404/scheduler/main.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/main.c 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/scheduler/main.c.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/main.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -35,6 +35,8 @@
|
||||
* usage() - Show scheduler usage.
|
||||
*/
|
||||
@ -2740,8 +2740,8 @@ diff -up cups-1.4b2-svn8404/scheduler/main.c.lspp cups-1.4b2-svn8404/scheduler/m
|
||||
}
|
||||
|
||||
diff -up cups-1.4b2-svn8404/scheduler/printers.c.lspp cups-1.4b2-svn8404/scheduler/printers.c
|
||||
--- cups-1.4b2-svn8404/scheduler/printers.c.lspp 2009-03-05 11:40:03.000000000 +0000
|
||||
+++ cups-1.4b2-svn8404/scheduler/printers.c 2009-03-05 11:40:03.000000000 +0000
|
||||
--- cups-1.4b2-svn8404/scheduler/printers.c.lspp 2009-04-17 16:48:02.000000000 +0100
|
||||
+++ cups-1.4b2-svn8404/scheduler/printers.c 2009-04-17 16:48:03.000000000 +0100
|
||||
@@ -58,6 +58,8 @@
|
||||
* write_xml_string() - Write a string with XML escaping.
|
||||
*/
|
||||
|
10
cups.spec
10
cups.spec
@ -8,7 +8,7 @@
|
||||
Summary: Common Unix Printing System
|
||||
Name: cups
|
||||
Version: 1.4
|
||||
Release: 0.%{pre}.13%{?dist}
|
||||
Release: 0.%{pre}.14%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?pre}%{?svn}-source.tar.bz2
|
||||
@ -49,6 +49,8 @@ Patch22: cups-build.patch
|
||||
Patch23: cups-res_init.patch
|
||||
Patch26: cups-avahi.patch
|
||||
Patch27: cups-missing-devices.patch
|
||||
Patch28: cups-CVE-2009-0163.patch
|
||||
Patch29: cups-CVE-2009-0164.patch
|
||||
Patch100: cups-lspp.patch
|
||||
Epoch: 1
|
||||
Url: http://www.cups.org/
|
||||
@ -191,6 +193,8 @@ module.
|
||||
%patch23 -p1 -b .res_init
|
||||
%patch26 -p1 -b .avahi
|
||||
%patch27 -p1 -b .missing-devices
|
||||
%patch28 -p1 -b .CVE-2009-0163
|
||||
%patch29 -p1 -b .CVE-2009-0164
|
||||
|
||||
%if %lspp
|
||||
%patch100 -p1 -b .lspp
|
||||
@ -472,6 +476,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/php/modules/*.so
|
||||
|
||||
%changelog
|
||||
* Fri Apr 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.b2.14
|
||||
- Applied patch to fix CVE-2009-0163 (bug #490596).
|
||||
- Applied patch to fix CVE-2009-0164 (bug #490597).
|
||||
|
||||
* Thu Apr 2 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.b2.13
|
||||
- Don't verify MD5 sum, file size, or mtime for several config files:
|
||||
cupsd.conf, client.conf, classes.conf, printers.conf, snmp.conf,
|
||||
|
Loading…
Reference in New Issue
Block a user