Fix cupsGetPPD3() so it doesn't give the caller an unreadable file (bug #1150917, STR #4500).

Resolves: rhbz#1150917
2014-10-15 13:06:38 +01:00 · 2014-10-15 13:06:38 +01:00 · 5b29618af3
commit 5b29618af3
parent fbc989962d
2 changed files with 25 additions and 1 deletions
--- a/cups-str4500.patch
+++ b/cups-str4500.patch
@ -0,0 +1,16 @@
+diff -up cups-2.0.0/cups/util.c.str4500 cups-2.0.0/cups/util.c
+--- cups-2.0.0/cups/util.c.str4500	2014-10-15 12:59:27.105942488 +0100
+++ cups-2.0.0/cups/util.c	2014-10-15 13:03:38.618187112 +0100
+@@ -846,10 +846,10 @@ cupsGetPPD3(http_t     *http,		/* I  - H
+ 
+     snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot,
+              name);
+-    if (!stat(ppdname, &ppdinfo))
+    if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
+     {
+      /*
+-      * OK, the file exists, use it!
+      * OK, the file exists and is readable, use it!
+       */
+ 
+       if (buffer[0])
--- a/cups.spec
+++ b/cups.spec
@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.5
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@ -68,6 +68,7 @@ Patch38: cups-synconclose.patch
 Patch39: cups-str4461.patch
 Patch40: cups-str2913.patch
 Patch41: cups-str4475.patch
+Patch42: cups-str4500.patch

 Patch100: cups-lspp.patch

@ -273,6 +274,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch40 -p1 -b .str2913
 # Fix icon display in web interface during server restart (STR #4475).
 %patch41 -p1 -b .str4475
+# Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
+# (bug #1150917, STR #4500).
+%patch42 -p1 -b .str4500

 %if %lspp
 # LSPP support.
@ -680,6 +684,10 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz

 %changelog
+* Wed Oct 15 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.5-9
+- Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
+  (bug #1150917, STR #4500).
+
 * Wed Oct 15 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.5-8
 - Can no longer reproduce bug #1010580 so removing final-content-type
  patch as it causes issues for some backends (bug #1149244).