Fix CGI handling (STR #4454).

2014-07-23 14:32:05 +01:00 · 2014-07-23 14:32:05 +01:00 · 3c29b9339f
commit 3c29b9339f
parent 3e91a794f7
2 changed files with 24 additions and 1 deletions
--- a/cups-cgi.patch
+++ b/cups-cgi.patch
@ -0,0 +1,17 @@
+diff -up cups-1.7.4/scheduler/client.c~ cups-1.7.4/scheduler/client.c
+--- cups-1.7.4/scheduler/client.c~	2014-07-18 13:34:25.243248601 +0100
+++ cups-1.7.4/scheduler/client.c	2014-07-18 14:50:55.356614243 +0100
+@@ -3980,12 +3980,7 @@ pipe_command(cupsd_client_t *con,	/* I -
+   argv[0] = command;
+ 
+   if (options)
+-  {
+-    commptr = options;
+-    if (*commptr == ' ')
+-      commptr ++;
+-    strlcpy(argbuf, commptr, sizeof(argbuf));
+-  }
+    strlcpy(argbuf, options, sizeof(argbuf));
+   else
+     argbuf[0] = '\0';
+ 
--- a/cups.spec
+++ b/cups.spec
@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@ -65,6 +65,7 @@ Patch36: cups-web-devices-timeout.patch
 Patch37: cups-final-content-type.patch
 Patch38: cups-journal.patch
 Patch39: cups-synconclose.patch
+Patch40: cups-cgi.patch

 Patch100: cups-lspp.patch

@ -252,6 +253,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch38 -p1 -b .journal
 # Set the default for SyncOnClose to Yes.
 %patch39 -p1 -b .synconclose
+# Fix CGI handling (STR #4454).
+%patch40 -p1 -b .cgi

 %if %lspp
 # LSPP support.
@ -640,6 +643,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz

 %changelog
+* Wed Jul 23 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.4-2
+- Fix CGI handling (STR #4454).
+
 * Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.4-1
 - 1.7.4: CVE-2014-3537