Compare commits
6 Commits
| Author | SHA1 | Date |
|---|---|---|
Zdenek Dohnal
|
b265388087 | |
|
Zdenek Dohnal
|
3673c55ec6 | |
|
Zdenek Dohnal
|
e0f4660b6e | |
Pavel Zhukov
|
b8a192ec4d | |
|
Zdenek Dohnal
|
9e45898a56 | |
|
Zdenek Dohnal
|
08aedd134f |
|
|
@ -0,0 +1,454 @@
|
|||
diff -up cups-2.2.4/man/cupsd.conf.man.in.privilege-escalation cups-2.2.4/man/cupsd.conf.man.in
|
||||
--- cups-2.2.4/man/cupsd.conf.man.in.privilege-escalation 2017-06-30 17:44:38.000000000 +0200
|
||||
+++ cups-2.2.4/man/cupsd.conf.man.in 2018-07-23 14:57:44.562873692 +0200
|
||||
@@ -377,10 +377,6 @@ The following percent sequences are reco
|
||||
.fi
|
||||
The default is the empty string, which disables page logging.
|
||||
The string "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}" creates a page log with the standard items.
|
||||
-.\"#PassEnv
|
||||
-.TP 5
|
||||
-\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
|
||||
-Passes the specified environment variable(s) to child processes.
|
||||
.\"#Policy
|
||||
.TP 5
|
||||
\fB<Policy \fIname\fB> \fR... \fB</Policy>\fR
|
||||
@@ -466,10 +462,6 @@ Specifies what information is included i
|
||||
command.
|
||||
"Full" reports "CUPS 2.0.0 (UNAME) IPP/2.0".
|
||||
The default is "Minimal".
|
||||
-.\"#SetEnv
|
||||
-.TP 5
|
||||
-\fBSetEnv \fIvariable value\fR
|
||||
-Set the specified environment variable to be passed to child processes.
|
||||
.\"#SSLListen
|
||||
.TP 5
|
||||
\fBSSLListen \fIipv4-address\fB:\fIport\fR
|
||||
diff -up cups-2.2.4/man/cups-files.conf.man.in.privilege-escalation cups-2.2.4/man/cups-files.conf.man.in
|
||||
--- cups-2.2.4/man/cups-files.conf.man.in.privilege-escalation 2018-07-23 14:19:08.661479271 +0200
|
||||
+++ cups-2.2.4/man/cups-files.conf.man.in 2018-07-23 14:53:55.198731082 +0200
|
||||
@@ -159,6 +159,11 @@ The server name may be included in filen
|
||||
|
||||
.fi
|
||||
The default is "/var/log/cups/page_log".
|
||||
+.\"#PassEnv
|
||||
+.TP 5
|
||||
+\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
|
||||
+Passes the specified environment variable(s) to child processes.
|
||||
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
|
||||
.\"#RemoteRoot
|
||||
.TP 5
|
||||
\fBRemoteRoot \fIusername\fR
|
||||
@@ -193,6 +198,11 @@ macOS uses its keychain database to stor
|
||||
\fBServerRoot \fIdirectory\fR
|
||||
Specifies the directory containing the server configuration files.
|
||||
The default is "/etc/cups".
|
||||
+.\"#SetEnv
|
||||
+.TP 5
|
||||
+\fBSetEnv \fIvariable value\fR
|
||||
+Set the specified environment variable to be passed to child processes.
|
||||
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
|
||||
.\"#SyncOnClose
|
||||
.TP 5
|
||||
\fBSyncOnClose Yes\fR
|
||||
diff -up cups-2.2.4/scheduler/conf.c.privilege-escalation cups-2.2.4/scheduler/conf.c
|
||||
--- cups-2.2.4/scheduler/conf.c.privilege-escalation 2018-07-23 14:19:08.695478342 +0200
|
||||
+++ cups-2.2.4/scheduler/conf.c 2018-07-23 14:19:08.713477851 +0200
|
||||
@@ -2956,13 +2956,10 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
/* Line from file */
|
||||
temp[HTTP_MAX_BUFFER],
|
||||
/* Temporary buffer for value */
|
||||
- *value, /* Pointer to value */
|
||||
- *valueptr; /* Pointer into value */
|
||||
+ *value; /* Pointer to value */
|
||||
int valuelen; /* Length of value */
|
||||
http_addrlist_t *addrlist, /* Address list */
|
||||
*addr; /* Current address */
|
||||
- cups_file_t *incfile; /* Include file */
|
||||
- char incname[1024]; /* Include filename */
|
||||
|
||||
|
||||
/*
|
||||
@@ -2977,28 +2974,7 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
* Decode the directive...
|
||||
*/
|
||||
|
||||
- if (!_cups_strcasecmp(line, "Include") && value)
|
||||
- {
|
||||
- /*
|
||||
- * Include filename
|
||||
- */
|
||||
-
|
||||
- if (value[0] == '/')
|
||||
- strlcpy(incname, value, sizeof(incname));
|
||||
- else
|
||||
- snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
|
||||
-
|
||||
- if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
|
||||
- cupsdLogMessage(CUPSD_LOG_ERROR,
|
||||
- "Unable to include config file \"%s\" - %s",
|
||||
- incname, strerror(errno));
|
||||
- else
|
||||
- {
|
||||
- read_cupsd_conf(incfile);
|
||||
- cupsFileClose(incfile);
|
||||
- }
|
||||
- }
|
||||
- else if (!_cups_strcasecmp(line, "<Location") && value)
|
||||
+ if (!_cups_strcasecmp(line, "<Location") && value)
|
||||
{
|
||||
/*
|
||||
* <Location path>
|
||||
@@ -3376,31 +3352,6 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
|
||||
value, linenum, ConfigurationFile);
|
||||
}
|
||||
- else if (!_cups_strcasecmp(line, "PassEnv") && value)
|
||||
- {
|
||||
- /*
|
||||
- * PassEnv variable [... variable]
|
||||
- */
|
||||
-
|
||||
- for (; *value;)
|
||||
- {
|
||||
- for (valuelen = 0; value[valuelen]; valuelen ++)
|
||||
- if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
|
||||
- break;
|
||||
-
|
||||
- if (value[valuelen])
|
||||
- {
|
||||
- value[valuelen] = '\0';
|
||||
- valuelen ++;
|
||||
- }
|
||||
-
|
||||
- cupsdSetEnv(value, NULL);
|
||||
-
|
||||
- for (value += valuelen; *value; value ++)
|
||||
- if (!_cups_isspace(*value) || *value != ',')
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
else if (!_cups_strcasecmp(line, "ServerAlias") && value)
|
||||
{
|
||||
/*
|
||||
@@ -3429,30 +3380,6 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
break;
|
||||
}
|
||||
}
|
||||
- else if (!_cups_strcasecmp(line, "SetEnv") && value)
|
||||
- {
|
||||
- /*
|
||||
- * SetEnv variable value
|
||||
- */
|
||||
-
|
||||
- for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
|
||||
-
|
||||
- if (*valueptr)
|
||||
- {
|
||||
- /*
|
||||
- * Found a value...
|
||||
- */
|
||||
-
|
||||
- while (isspace(*valueptr & 255))
|
||||
- *valueptr++ = '\0';
|
||||
-
|
||||
- cupsdSetEnv(value, valueptr);
|
||||
- }
|
||||
- else
|
||||
- cupsdLogMessage(CUPSD_LOG_ERROR,
|
||||
- "Missing value for SetEnv directive on line %d of %s.",
|
||||
- linenum, ConfigurationFile);
|
||||
- }
|
||||
else if (!_cups_strcasecmp(line, "AccessLog") ||
|
||||
!_cups_strcasecmp(line, "CacheDir") ||
|
||||
!_cups_strcasecmp(line, "ConfigFilePerm") ||
|
||||
@@ -3466,6 +3393,7 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
!_cups_strcasecmp(line, "LogFilePerm") ||
|
||||
!_cups_strcasecmp(line, "LPDConfigFile") ||
|
||||
!_cups_strcasecmp(line, "PageLog") ||
|
||||
+ !_cups_strcasecmp(line, "PassEnv") ||
|
||||
!_cups_strcasecmp(line, "Printcap") ||
|
||||
!_cups_strcasecmp(line, "PrintcapFormat") ||
|
||||
!_cups_strcasecmp(line, "RemoteRoot") ||
|
||||
@@ -3475,6 +3403,7 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
!_cups_strcasecmp(line, "ServerKey") ||
|
||||
!_cups_strcasecmp(line, "ServerKeychain") ||
|
||||
!_cups_strcasecmp(line, "ServerRoot") ||
|
||||
+ !_cups_strcasecmp(line, "SetEnv") ||
|
||||
!_cups_strcasecmp(line, "SMBConfigFile") ||
|
||||
!_cups_strcasecmp(line, "StateDir") ||
|
||||
!_cups_strcasecmp(line, "SystemGroup") ||
|
||||
@@ -3504,10 +3433,49 @@ read_cupsd_conf(cups_file_t *fp) /* I -
|
||||
static int /* O - 1 on success, 0 on failure */
|
||||
read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
|
||||
{
|
||||
- int linenum; /* Current line number */
|
||||
+ int i, /* Looping var */
|
||||
+ linenum; /* Current line number */
|
||||
char line[HTTP_MAX_BUFFER], /* Line from file */
|
||||
*value; /* Value from line */
|
||||
struct group *group; /* Group */
|
||||
+ static const char * const prohibited_env[] =
|
||||
+ { /* Prohibited environment variables */
|
||||
+ "APPLE_LANGUAGE",
|
||||
+ "AUTH_DOMAIN",
|
||||
+ "AUTH_INFO_REQUIRED",
|
||||
+ "AUTH_NEGOTIATE",
|
||||
+ "AUTH_PASSWORD",
|
||||
+ "AUTH_UID",
|
||||
+ "AUTH_USERNAME",
|
||||
+ "CHARSET",
|
||||
+ "CLASS",
|
||||
+ "CLASSIFICATION",
|
||||
+ "CONTENT_TYPE",
|
||||
+ "CUPS_CACHEDIR",
|
||||
+ "CUPS_DATADIR",
|
||||
+ "CUPS_DOCROOT",
|
||||
+ "CUPS_FILETYPE",
|
||||
+ "CUPS_FONTPATH",
|
||||
+ "CUPS_MAX_MESSAGE",
|
||||
+ "CUPS_REQUESTROOT",
|
||||
+ "CUPS_SERVERBIN",
|
||||
+ "CUPS_SERVERROOT",
|
||||
+ "CUPS_STATEDIR",
|
||||
+ "DEVICE_URI",
|
||||
+ "FINAL_CONTENT_TYPE",
|
||||
+ "HOME",
|
||||
+ "LANG",
|
||||
+ "PPD",
|
||||
+ "PRINTER",
|
||||
+ "PRINTER_INFO",
|
||||
+ "PRINTER_LOCATION",
|
||||
+ "PRINTER_STATE_REASONS",
|
||||
+ "RIP_CACHE",
|
||||
+ "SERVER_ADMIN",
|
||||
+ "SOFTWARE",
|
||||
+ "TMPDIR",
|
||||
+ "USER"
|
||||
+ };
|
||||
|
||||
|
||||
/*
|
||||
@@ -3545,6 +3513,47 @@ read_cups_files_conf(cups_file_t *fp) /*
|
||||
}
|
||||
}
|
||||
}
|
||||
+ else if (!_cups_strcasecmp(line, "PassEnv") && value)
|
||||
+ {
|
||||
+ /*
|
||||
+ * PassEnv variable [... variable]
|
||||
+ */
|
||||
+
|
||||
+ int valuelen; /* Length of variable name */
|
||||
+
|
||||
+ for (; *value;)
|
||||
+ {
|
||||
+ for (valuelen = 0; value[valuelen]; valuelen ++)
|
||||
+ if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
|
||||
+ break;
|
||||
+
|
||||
+ if (value[valuelen])
|
||||
+ {
|
||||
+ value[valuelen] = '\0';
|
||||
+ valuelen ++;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
|
||||
+ {
|
||||
+ if (!strcmp(value, prohibited_env[i]))
|
||||
+ {
|
||||
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile);
|
||||
+
|
||||
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
|
||||
+ return (0);
|
||||
+ else
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
|
||||
+ cupsdSetEnv(value, NULL);
|
||||
+
|
||||
+ for (value += valuelen; *value; value ++)
|
||||
+ if (!_cups_isspace(*value) || *value != ',')
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
|
||||
{
|
||||
/*
|
||||
@@ -3590,6 +3599,46 @@ read_cups_files_conf(cups_file_t *fp) /*
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
+ else if (!_cups_strcasecmp(line, "SetEnv") && value)
|
||||
+ {
|
||||
+ /*
|
||||
+ * SetEnv variable value
|
||||
+ */
|
||||
+
|
||||
+ char *valueptr; /* Pointer to environment variable value */
|
||||
+
|
||||
+ for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
|
||||
+
|
||||
+ if (*valueptr)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Found a value...
|
||||
+ */
|
||||
+
|
||||
+ while (isspace(*valueptr & 255))
|
||||
+ *valueptr++ = '\0';
|
||||
+
|
||||
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
|
||||
+ {
|
||||
+ if (!strcmp(value, prohibited_env[i]))
|
||||
+ {
|
||||
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set on line %d of %s.", value, linenum, CupsFilesFile);
|
||||
+
|
||||
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
|
||||
+ return (0);
|
||||
+ else
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
|
||||
+ cupsdSetEnv(value, valueptr);
|
||||
+ }
|
||||
+ else
|
||||
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
||||
+ "Missing value for SetEnv directive on line %d of %s.",
|
||||
+ linenum, ConfigurationFile);
|
||||
+ }
|
||||
else if (!_cups_strcasecmp(line, "SystemGroup") && value)
|
||||
{
|
||||
/*
|
||||
diff -up cups-2.2.4/scheduler/job.c.privilege-escalation cups-2.2.4/scheduler/job.c
|
||||
--- cups-2.2.4/scheduler/job.c.privilege-escalation 2018-07-23 14:19:08.698478261 +0200
|
||||
+++ cups-2.2.4/scheduler/job.c 2018-07-23 14:19:08.715477797 +0200
|
||||
@@ -4981,6 +4981,18 @@ start_job(cupsd_job_t *job, /* I -
|
||||
job->profile = cupsdCreateProfile(job->id, 0);
|
||||
job->bprofile = cupsdCreateProfile(job->id, 1);
|
||||
|
||||
+#ifdef HAVE_SANDBOX_H
|
||||
+ if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Failure to create the sandbox profile means something really bad has
|
||||
+ * happened and we need to shutdown immediately.
|
||||
+ */
|
||||
+
|
||||
+ return;
|
||||
+ }
|
||||
+#endif /* HAVE_SANDBOX_H */
|
||||
+
|
||||
/*
|
||||
* Create the status pipes and buffer...
|
||||
*/
|
||||
diff -up cups-2.2.4/scheduler/process.c.privilege-escalation cups-2.2.4/scheduler/process.c
|
||||
--- cups-2.2.4/scheduler/process.c.privilege-escalation 2017-06-30 17:44:38.000000000 +0200
|
||||
+++ cups-2.2.4/scheduler/process.c 2018-07-23 14:19:08.715477797 +0200
|
||||
@@ -99,9 +99,13 @@ cupsdCreateProfile(int job_id, /* I - J
|
||||
|
||||
if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
|
||||
{
|
||||
+ /*
|
||||
+ * This should never happen, and is fatal when sandboxing is enabled.
|
||||
+ */
|
||||
+
|
||||
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
|
||||
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
|
||||
- strerror(errno));
|
||||
+ cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno));
|
||||
+ kill(getpid(), SIGTERM);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
@@ -198,10 +202,8 @@ cupsdCreateProfile(int job_id, /* I - J
|
||||
" #\"^%s/\"" /* TempDir/... */
|
||||
" #\"^%s$\"" /* CacheDir */
|
||||
" #\"^%s/\"" /* CacheDir/... */
|
||||
- " #\"^%s$\"" /* StateDir */
|
||||
- " #\"^%s/\"" /* StateDir/... */
|
||||
"))\n",
|
||||
- temp, temp, cache, cache, state, state);
|
||||
+ temp, temp, cache, cache);
|
||||
/* Read common folders */
|
||||
cupsFilePrintf(fp,
|
||||
"(allow file-read-data file-read-metadata\n"
|
||||
@@ -243,8 +245,10 @@ cupsdCreateProfile(int job_id, /* I - J
|
||||
" #\"^%s/\"" /* ServerBin/... */
|
||||
" #\"^%s$\"" /* ServerRoot */
|
||||
" #\"^%s/\"" /* ServerRoot/... */
|
||||
+ " #\"^%s$\"" /* StateDir */
|
||||
+ " #\"^%s/\"" /* StateDir/... */
|
||||
"))\n",
|
||||
- request, request, bin, bin, root, root);
|
||||
+ request, request, bin, bin, root, root, state, state);
|
||||
if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
|
||||
{
|
||||
/* Limited write access to /Library/Printers/... */
|
||||
diff -up cups-2.2.4/scheduler/server.c.privilege-escalation cups-2.2.4/scheduler/server.c
|
||||
--- cups-2.2.4/scheduler/server.c.privilege-escalation 2017-06-30 17:44:38.000000000 +0200
|
||||
+++ cups-2.2.4/scheduler/server.c 2018-07-23 14:19:08.715477797 +0200
|
||||
@@ -38,16 +38,28 @@ void
|
||||
cupsdStartServer(void)
|
||||
{
|
||||
/*
|
||||
- * Start color management (as needed)...
|
||||
+ * Create the default security profile...
|
||||
*/
|
||||
|
||||
- cupsdStartColor();
|
||||
+ DefaultProfile = cupsdCreateProfile(0, 1);
|
||||
+
|
||||
+#ifdef HAVE_SANDBOX_H
|
||||
+ if (!DefaultProfile && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Failure to create the sandbox profile means something really bad has
|
||||
+ * happened and we need to shutdown immediately.
|
||||
+ */
|
||||
+
|
||||
+ return;
|
||||
+ }
|
||||
+#endif /* HAVE_SANDBOX_H */
|
||||
|
||||
/*
|
||||
- * Create the default security profile...
|
||||
+ * Start color management (as needed)...
|
||||
*/
|
||||
|
||||
- DefaultProfile = cupsdCreateProfile(0, 1);
|
||||
+ cupsdStartColor();
|
||||
|
||||
/*
|
||||
* Startup all the networking stuff...
|
||||
diff -up cups-2.2.4/test/run-stp-tests.sh.privilege-escalation cups-2.2.4/test/run-stp-tests.sh
|
||||
--- cups-2.2.4/test/run-stp-tests.sh.privilege-escalation 2017-06-30 17:44:38.000000000 +0200
|
||||
+++ cups-2.2.4/test/run-stp-tests.sh 2018-07-23 14:19:08.715477797 +0200
|
||||
@@ -490,11 +490,6 @@ StrictConformance Yes
|
||||
Browsing Off
|
||||
Listen localhost:$port
|
||||
Listen $BASE/sock
|
||||
-PassEnv DYLD_LIBRARY_PATH
|
||||
-PassEnv LD_LIBRARY_PATH
|
||||
-PassEnv LD_PRELOAD
|
||||
-PassEnv LOCALEDIR
|
||||
-PassEnv SHLIB_PATH
|
||||
MaxSubscriptions 3
|
||||
MaxLogSize 0
|
||||
AccessLogLevel actions
|
||||
@@ -530,6 +525,12 @@ TempDir $BASE/spool/temp
|
||||
AccessLog $BASE/log/access_log
|
||||
ErrorLog $BASE/log/error_log
|
||||
PageLog $BASE/log/page_log
|
||||
+
|
||||
+PassEnv DYLD_LIBRARY_PATH
|
||||
+PassEnv LD_LIBRARY_PATH
|
||||
+PassEnv LD_PRELOAD
|
||||
+PassEnv LOCALEDIR
|
||||
+PassEnv SHLIB_PATH
|
||||
EOF
|
||||
|
||||
if test $ssltype != 0 -a `uname` = Darwin; then
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
commit 49fa4983f25b64ec29d548ffa3b9782426007df3
|
||||
Author: Michael Sweet <michael.r.sweet@gmail.com>
|
||||
Date: Mon Oct 23 16:23:43 2017 -0400
|
||||
|
||||
DBUS notifications could crash the scheduler (Issue #5143)
|
||||
|
||||
- scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.
|
||||
|
||||
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
|
||||
index e6743cdcb..5cf980ab3 100644
|
||||
--- a/scheduler/ipp.c
|
||||
+++ b/scheduler/ipp.c
|
||||
@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t *con, /* I - Client connection */
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
+ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
|
||||
+
|
||||
+ if (attr && !ippValidateAttribute(attr))
|
||||
+ {
|
||||
+ send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
|
||||
+ if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
|
||||
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
+ return (NULL);
|
||||
+ }
|
||||
+
|
||||
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
|
||||
{
|
||||
send_ipp_status(con, IPP_INTERNAL_ERROR,
|
||||
@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t *con, /* I - Client connection */
|
||||
add_job_uuid(job);
|
||||
apply_printer_defaults(printer, job);
|
||||
|
||||
- attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);
|
||||
-
|
||||
if (con->username[0])
|
||||
{
|
||||
cupsdSetString(&job->username, con->username);
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
diff -up cups-2.2.4/cups/dest.c.printer-lpdest cups-2.2.4/cups/dest.c
|
||||
--- cups-2.2.4/cups/dest.c.printer-lpdest 2018-01-09 12:36:28.625063928 +0100
|
||||
+++ cups-2.2.4/cups/dest.c 2018-01-09 12:41:08.057940668 +0100
|
||||
@@ -2687,7 +2687,7 @@ cupsGetNamedDest(http_t *http, /* I
|
||||
dest_name = cups_get_default(filename, defname, sizeof(defname), &instance);
|
||||
}
|
||||
|
||||
- if (!name)
|
||||
+ if (!dest_name)
|
||||
{
|
||||
/*
|
||||
* Still not there? Try the system lpoptions file...
|
||||
|
|
@ -1,332 +0,0 @@
|
|||
diff -up cups-2.2.0/cups/auth.c.resolv_reload cups-2.2.0/cups/auth.c
|
||||
--- cups-2.2.0/cups/auth.c.resolv_reload 2017-05-09 10:36:47.764075800 +0200
|
||||
+++ cups-2.2.0/cups/auth.c 2017-05-09 10:40:50.074052694 +0200
|
||||
@@ -519,6 +519,18 @@ cups_gss_getname(
|
||||
DEBUG_printf(("7cups_gss_getname(http=%p, service_name=\"%s\")", http,
|
||||
service_name));
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+ /*
|
||||
+ * Check if /etc/resolv.conf is modified.
|
||||
+ * If so, reload resolver.
|
||||
+ */
|
||||
+
|
||||
+ dns_resolver_reload_rv retval;
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ DEBUG_printf(("1cups_gss_getname: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
|
||||
/*
|
||||
* Get the hostname...
|
||||
diff -up cups-2.2.0/cups/http-addr.c.resolv_reload cups-2.2.0/cups/http-addr.c
|
||||
--- cups-2.2.0/cups/http-addr.c.resolv_reload 2017-05-09 10:36:58.094989545 +0200
|
||||
+++ cups-2.2.0/cups/http-addr.c 2017-05-09 10:43:51.958516333 +0200
|
||||
@@ -361,6 +361,20 @@ httpAddrLookup(
|
||||
|
||||
#ifdef HAVE_RES_INIT
|
||||
/*
|
||||
+ * Check if /etc/resolv.conf is modified.
|
||||
+ * If so, reload resolver and set need_res_init to 0.
|
||||
+ */
|
||||
+
|
||||
+ dns_resolver_reload_rv retval;
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_RELOADED && cg->need_res_init == 1)
|
||||
+ cg->need_res_init = 0;
|
||||
+
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ DEBUG_printf(("1httpAddrLookup: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
|
||||
+ /*
|
||||
* STR #2920: Initialize resolver after failure in cups-polld
|
||||
*
|
||||
* If the previous lookup failed, re-initialize the resolver to prevent
|
||||
diff -up cups-2.2.0/cups/http-addrlist.c.resolv_reload cups-2.2.0/cups/http-addrlist.c
|
||||
--- cups-2.2.0/cups/http-addrlist.c.resolv_reload 2017-05-09 10:37:03.834941621 +0200
|
||||
+++ cups-2.2.0/cups/http-addrlist.c 2017-05-09 10:45:10.426832540 +0200
|
||||
@@ -483,6 +483,20 @@ httpAddrGetList(const char *hostname, /*
|
||||
|
||||
#ifdef HAVE_RES_INIT
|
||||
/*
|
||||
+ * Check if /etc/resolv.conf is modified.
|
||||
+ * If so, reload resolver and set cg->need_res_init to 0
|
||||
+ */
|
||||
+
|
||||
+ dns_resolver_reload_rv retval;
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_RELOADED && cg->need_res_init == 1)
|
||||
+ cg->need_res_init = 0;
|
||||
+
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ DEBUG_printf(("1httpAddrGetList: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
|
||||
+ /*
|
||||
* STR #2920: Initialize resolver after failure in cups-polld
|
||||
*
|
||||
* If the previous lookup failed, re-initialize the resolver to prevent
|
||||
diff -up cups-2.2.0/cups/http.c.resolv_reload cups-2.2.0/cups/http.c
|
||||
--- cups-2.2.0/cups/http.c.resolv_reload 2017-05-09 10:37:23.282779246 +0200
|
||||
+++ cups-2.2.0/cups/http.c 2017-05-09 10:47:21.406691147 +0200
|
||||
@@ -107,7 +107,9 @@ static const char * const http_fields[]
|
||||
"Allow",
|
||||
"Server"
|
||||
};
|
||||
-
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+time_t resolv_conf_modtime = 0;
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
|
||||
/*
|
||||
* 'httpAcceptConnection()' - Accept a new HTTP client connection from the
|
||||
@@ -4811,3 +4813,107 @@ http_write_chunk(http_t *http, /* I
|
||||
|
||||
return (bytes);
|
||||
}
|
||||
+
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+/*
|
||||
+ * Function to check modification time of resolv.conf.
|
||||
+ * If time is changed, it reloads resolver.
|
||||
+ * If /etc/resolv.conf doesn't exist, it tries to reload resolver with local nameserver, if it wasn't reloaded before
|
||||
+ * If even reloading resolver with local nameserver doesn't work, it ends with error.
|
||||
+ * Global variable resolv_conf_modtime is set to -1 before the first call of this function - this is for prevention of resolver's reloading when cupsd is just started and resolv.conf exists - cupsd has current configuration in that case.
|
||||
+ */
|
||||
+
|
||||
+dns_resolver_reload_rv
|
||||
+dnsReloadResolver()
|
||||
+{
|
||||
+ dns_resolver_reload_rv retval, lstat_retval, stat_retval, res_init_retval;
|
||||
+ struct stat resolv_conf_stat, resolv_conf_lstat, resolv_conf_status;
|
||||
+ retval.status = DNS_RESOLVER_RELOAD_OK;
|
||||
+ retval.errnum = 0;
|
||||
+ stat_retval.errnum = 0;
|
||||
+ lstat_retval.errnum = 0;
|
||||
+ res_init_retval.errnum = 0;
|
||||
+
|
||||
+ /* Variable to store /etc/resolv.conf modification time - initialized by actual time*/
|
||||
+ static time_t resolv_conf_modtime = -1;
|
||||
+
|
||||
+ /* This part of code is to ensure we get modification time of symlink and original file - we will decide which is newer later */
|
||||
+ stat_retval.status = stat(DNS_RESOLV_CONF_PATH, &resolv_conf_stat);
|
||||
+ stat_retval.errnum = errno;
|
||||
+ lstat_retval.status = lstat(DNS_RESOLV_CONF_PATH, &resolv_conf_lstat);
|
||||
+ lstat_retval.errnum = errno;
|
||||
+
|
||||
+ /* symlink /etc/resolv.conf or original file couldn't be stated because it doesn't exist, try resolver on localhost
|
||||
+ * Covers cases:
|
||||
+ * - resolv.conf and original file existed and it doesn't now - resolv_conf_modtime has different value than 0 - reload resolver with local nameserver
|
||||
+ * - resolv.conf and original file didn't exist and still doesn't exist - resolv_conf_modtime is set to 0 - do nothing
|
||||
+ */
|
||||
+ if (stat_retval.status == -1 && lstat_retval.status == -1 && stat_retval.errnum == ENOENT && lstat_retval.errnum == ENOENT)
|
||||
+ {
|
||||
+ /* if resolv_conf_modtime is set to 0, it means previous reload was for resolver with local nameserver - no need to reload again */
|
||||
+ if (resolv_conf_modtime != 0)
|
||||
+ {
|
||||
+ res_init_retval.status = res_init();
|
||||
+ res_init_retval.errnum = errno;
|
||||
+ if (res_init_retval.status == 0)
|
||||
+ {
|
||||
+ resolv_conf_modtime = 0;
|
||||
+ retval.status = DNS_RESOLVER_RELOAD_RELOADED;
|
||||
+ }
|
||||
+ else
|
||||
+ retval.status = res_init_retval.status;
|
||||
+
|
||||
+ retval.errnum = res_init_retval.errnum;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ retval.status = DNS_RESOLVER_RELOAD_OK;
|
||||
+ retval.errnum = ENOENT;
|
||||
+ }
|
||||
+
|
||||
+ return (retval);
|
||||
+ }
|
||||
+
|
||||
+ /* If stat ends with different errno, return status - it should return both statuses and errnos, but for simplification it returns only stat */
|
||||
+ if (stat_retval.status == -1 && lstat_retval.status == -1)
|
||||
+ {
|
||||
+ retval.errnum = stat_retval.errnum;
|
||||
+ retval.status = stat_retval.status;
|
||||
+ return (retval);
|
||||
+ }
|
||||
+
|
||||
+ /* Here we compare modification times from lstat and stat to decide which is newer - if they are equal, lstat modification time is used. We are checking only stat() errno, because case with errors in both lstat() and stat() functions is checked before */
|
||||
+ if (stat_retval.errnum == 0)
|
||||
+ if (resolv_conf_stat.st_mtime > resolv_conf_lstat.st_mtime)
|
||||
+ resolv_conf_status = resolv_conf_stat;
|
||||
+ else
|
||||
+ resolv_conf_status = resolv_conf_lstat;
|
||||
+ else
|
||||
+ resolv_conf_status = resolv_conf_lstat;
|
||||
+
|
||||
+ /* If /etc/resolv.conf exists and modification times are different, reload resolver.
|
||||
+ * Covers cases:
|
||||
+ * - resolv.conf or original file exists and it was modified - resolv_conf_modtime has different value than resolv_conf_status.st_mtime - reload resolver with nameserver from /etc/resolv.conf
|
||||
+ * - resolv.conf or original file didn't exist and it does now - resolv_conf_modtime is set to 0 and resolv_conf_status.st_mtime has value - reload resolver with nameserver form /etc/resolv.conf
|
||||
+ * - resolv.conf or original file exists and it wasn't modified - resolv_conf_modtime is equal to resolv_conf_status.st_mtime - do nothing
|
||||
+ */
|
||||
+ if (resolv_conf_status.st_mtime != resolv_conf_modtime)
|
||||
+ {
|
||||
+ res_init_retval.status = res_init();
|
||||
+ res_init_retval.errnum = errno;
|
||||
+ if (res_init_retval.status == 0)
|
||||
+ {
|
||||
+ retval.status = DNS_RESOLVER_RELOAD_RELOADED;
|
||||
+ }
|
||||
+ else
|
||||
+ retval.status = res_init_retval.status;
|
||||
+
|
||||
+ retval.errnum = res_init_retval.errnum;
|
||||
+ }
|
||||
+
|
||||
+ resolv_conf_modtime = resolv_conf_status.st_mtime;
|
||||
+
|
||||
+ return (retval);
|
||||
+}
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
diff -up cups-2.2.0/cups/http.h.resolv_reload cups-2.2.0/cups/http.h
|
||||
--- cups-2.2.0/cups/http.h.resolv_reload 2017-05-09 10:37:41.108630413 +0200
|
||||
+++ cups-2.2.0/cups/http.h 2017-05-09 12:20:16.115333557 +0200
|
||||
@@ -55,6 +55,12 @@ typedef off_t ssize_t; /* @private@ */
|
||||
# define SO_PEERCRED LOCAL_PEERCRED
|
||||
# endif /* LOCAL_PEERCRED && !SO_PEERCRED */
|
||||
# endif /* WIN32 */
|
||||
+# ifdef HAVE_RES_INIT
|
||||
+# include <sys/stat.h>
|
||||
+# include <unistd.h>
|
||||
+# include <arpa/nameser.h>
|
||||
+# include <resolv.h>
|
||||
+# endif /* HAVE_RES_INIT */
|
||||
|
||||
|
||||
/*
|
||||
@@ -95,6 +101,13 @@ extern "C" {
|
||||
#endif /* AF_INET6 && !s6_addr32 */
|
||||
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+/*
|
||||
+ * Global variable for storing old modification time of resolv.conf
|
||||
+ */
|
||||
+ extern time_t resolv_conf_modtime;
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
/*
|
||||
* Limits...
|
||||
*/
|
||||
@@ -103,6 +116,9 @@ extern "C" {
|
||||
# define HTTP_MAX_HOST 256 /* Max length of hostname string */
|
||||
# define HTTP_MAX_BUFFER 2048 /* Max length of data buffer */
|
||||
# define HTTP_MAX_VALUE 256 /* Max header field value length */
|
||||
+# ifdef HAVE_RES_INIT
|
||||
+# define DNS_RESOLV_CONF_PATH "/etc/resolv.conf" /* Path to resolv.conf */
|
||||
+# endif /* HAVE_RES_INIT */
|
||||
|
||||
|
||||
/*
|
||||
@@ -406,6 +422,15 @@ typedef enum http_version_e /**** HTTP
|
||||
# endif /* !_CUPS_NO_DEPRECATED */
|
||||
} http_version_t;
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+typedef enum dns_resolver_reload_e
|
||||
+{
|
||||
+ DNS_RESOLVER_RELOAD_ERROR = -1,
|
||||
+ DNS_RESOLVER_RELOAD_OK = 0,
|
||||
+ DNS_RESOLVER_RELOAD_RELOADED = 1
|
||||
+} dns_resolver_reload_t;
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
typedef union _http_addr_u /**** Socket address union, which
|
||||
**** makes using IPv6 and other
|
||||
**** address types easier and
|
||||
@@ -444,6 +469,13 @@ typedef struct http_credential_s /**** H
|
||||
typedef int (*http_timeout_cb_t)(http_t *http, void *user_data);
|
||||
/**** HTTP timeout callback @since CUPS 1.5/macOS 10.7@ ****/
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+typedef struct dns_resolver_reload_retval
|
||||
+{
|
||||
+ dns_resolver_reload_t status;
|
||||
+ int errnum;
|
||||
+} dns_resolver_reload_rv;
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
|
||||
|
||||
/*
|
||||
@@ -590,6 +622,10 @@ extern http_version_t httpGetVersion(htt
|
||||
extern int httpReconnect2(http_t *http, int msec, int *cancel)
|
||||
_CUPS_API_1_6;
|
||||
|
||||
+/**** Prototype of function to check modification time of /etc/resolv.conf ****/
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+extern dns_resolver_reload_rv dnsReloadResolver();
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
|
||||
/**** New in CUPS 1.7/macOS 10.9 ****/
|
||||
extern http_t *httpAcceptConnection(int fd, int blocking)
|
||||
diff -up cups-2.2.0/cups/http-support.c.resolv_reload cups-2.2.0/cups/http-support.c
|
||||
--- cups-2.2.0/cups/http-support.c.resolv_reload 2017-05-09 10:38:11.314378218 +0200
|
||||
+++ cups-2.2.0/cups/http-support.c 2017-05-09 12:21:40.455565953 +0200
|
||||
@@ -2258,6 +2258,18 @@ http_resolve_cb(
|
||||
http_addrlist_t *addrlist, /* List of addresses */
|
||||
*addr; /* Current address */
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+ /*
|
||||
+ * Check if resolv.conf is modified, if so, reload resolver
|
||||
+ */
|
||||
+
|
||||
+ dns_resolver_reload_rv retval;
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ DEBUG_printf(("1http_resolve_cb: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
DEBUG_printf(("5http_resolve_cb: Looking up \"%s\".", hostTarget));
|
||||
|
||||
snprintf(fqdn, sizeof(fqdn), "%d", ntohs(port));
|
||||
diff -up cups-2.2.0/scheduler/conf.c.resolv_reload cups-2.2.0/scheduler/conf.c
|
||||
--- cups-2.2.0/scheduler/conf.c.resolv_reload 2017-05-09 10:38:29.869223299 +0200
|
||||
+++ cups-2.2.0/scheduler/conf.c 2017-05-09 12:22:40.442020000 +0200
|
||||
@@ -937,6 +937,15 @@ cupsdReadConfiguration(void)
|
||||
if (!RemotePort)
|
||||
BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+ dns_resolver_reload_rv retval; /* Return status of dnsReloadResolver() */
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ syslog(LOG_LPR, "1cupsdReadConfiguration: dnsReloadResolver() failed - %s.", strerror(retval.errnum));
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
/*
|
||||
* See if the ServerName is an IP address...
|
||||
*/
|
||||
diff -up cups-2.2.0/scheduler/main.c.resolv_reload cups-2.2.0/scheduler/main.c
|
||||
--- cups-2.2.0/scheduler/main.c.resolv_reload 2017-05-09 10:38:37.699157925 +0200
|
||||
+++ cups-2.2.0/scheduler/main.c 2017-05-09 12:23:36.280514244 +0200
|
||||
@@ -136,6 +136,14 @@ main(int argc, /* I - Number of comm
|
||||
long tmo_delay; /* Time before it must be called */
|
||||
#endif /* HAVE_AVAHI */
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+ dns_resolver_reload_rv retval; /* Return status from dnsReloadResolver() */
|
||||
+
|
||||
+ retval = dnsReloadResolver();
|
||||
+ if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
|
||||
+ fprintf(stderr, "cupsd: Cannot reload a resolver - %s , using old configuration now.\n", strerror(retval.errnum));
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
#ifdef HAVE_GETEUID
|
||||
/*
|
||||
* Check for setuid invocation, which we do not support!
|
||||
|
|
@ -0,0 +1,141 @@
|
|||
diff -up cups-2.2.4/scheduler/ipp.c.substitute-bad-attrs cups-2.2.4/scheduler/ipp.c
|
||||
--- cups-2.2.4/scheduler/ipp.c.substitute-bad-attrs 2018-04-12 08:44:42.202592413 +0200
|
||||
+++ cups-2.2.4/scheduler/ipp.c 2018-04-12 08:46:21.347689359 +0200
|
||||
@@ -164,6 +164,7 @@ cupsdProcessIPPRequest(
|
||||
ipp_attribute_t *uri = NULL; /* Printer or job URI attribute */
|
||||
ipp_attribute_t *username; /* requesting-user-name attr */
|
||||
int sub_id; /* Subscription ID */
|
||||
+ int valid = 1; /* Valid request? */
|
||||
|
||||
|
||||
cupsdLogMessage(CUPSD_LOG_DEBUG2,
|
||||
@@ -402,20 +403,55 @@ cupsdProcessIPPRequest(
|
||||
else
|
||||
{
|
||||
/*
|
||||
- * OK, all the checks pass so far; make sure requesting-user-name is
|
||||
- * not "root" from a remote host...
|
||||
+ * OK, all the checks pass so far; validate "requesting-user-name"
|
||||
+ * attribute value...
|
||||
*/
|
||||
|
||||
- if ((username = ippFindAttribute(con->request, "requesting-user-name",
|
||||
- IPP_TAG_NAME)) != NULL)
|
||||
- {
|
||||
- /*
|
||||
- * Check for root user...
|
||||
- */
|
||||
-
|
||||
- if (!strcmp(username->values[0].string.text, "root") &&
|
||||
- _cups_strcasecmp(con->http->hostname, "localhost") &&
|
||||
- strcmp(con->username, "root"))
|
||||
+ if ((username = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_ZERO)) != NULL)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Validate "requesting-user-name"...
|
||||
+ */
|
||||
+
|
||||
+ if (username->group_tag != IPP_TAG_OPERATION && StrictConformance)
|
||||
+ {
|
||||
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute in wrong group.", IPP_STATUS_ERROR_BAD_REQUEST, con->http->hostname);
|
||||
+ send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("\"requesting-user-name\" attribute in wrong group."));
|
||||
+ valid = 0;
|
||||
+ }
|
||||
+ else if (username->value_tag != IPP_TAG_NAME && username->value_tag != IPP_TAG_NAMELANG)
|
||||
+ {
|
||||
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with wrong syntax.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
|
||||
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
|
||||
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
|
||||
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
+ valid = 0;
|
||||
+ }
|
||||
+ else if (!ippValidateAttribute(username))
|
||||
+ {
|
||||
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with bad value.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
|
||||
+
|
||||
+ if (StrictConformance)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Throw an error...
|
||||
+ */
|
||||
+
|
||||
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
|
||||
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
|
||||
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
+ valid = 0;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /*
|
||||
+ * Map bad "requesting-user-name" to 'anonymous'...
|
||||
+ */
|
||||
+
|
||||
+ ippSetString(con->request, &username, 0, "anonymous");
|
||||
+ }
|
||||
+ }
|
||||
+ else if (!strcmp(username->values[0].string.text, "root") && _cups_strcasecmp(con->http->hostname, "localhost") && strcmp(con->username, "root"))
|
||||
{
|
||||
/*
|
||||
* Remote unauthenticated user masquerading as local root...
|
||||
@@ -431,6 +467,8 @@ cupsdProcessIPPRequest(
|
||||
else
|
||||
sub_id = 0;
|
||||
|
||||
+ if (valid)
|
||||
+ {
|
||||
/*
|
||||
* Then try processing the operation...
|
||||
*/
|
||||
@@ -634,6 +672,7 @@ cupsdProcessIPPRequest(
|
||||
ippOpString(
|
||||
con->request->request.op.operation_id));
|
||||
break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1594,27 +1633,34 @@ add_job(cupsd_client_t *con, /* I - Cl
|
||||
_("Bad job-name value: Wrong type or count."));
|
||||
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
|
||||
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
- return (NULL);
|
||||
+
|
||||
+ if (StrictConformance)
|
||||
+ return (NULL);
|
||||
+
|
||||
+ /* Don't use invalid attribute */
|
||||
+ ippDeleteAttribute(con->request, attr);
|
||||
+
|
||||
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
|
||||
}
|
||||
else if (!ippValidateAttribute(attr))
|
||||
{
|
||||
send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"),
|
||||
cupsLastErrorString());
|
||||
+
|
||||
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
|
||||
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
- return (NULL);
|
||||
- }
|
||||
|
||||
- attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
|
||||
+ if (StrictConformance)
|
||||
+ return (NULL);
|
||||
|
||||
- if (attr && !ippValidateAttribute(attr))
|
||||
- {
|
||||
- send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
|
||||
- if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
|
||||
- attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
|
||||
- return (NULL);
|
||||
+ /* Don't use invalid attribute */
|
||||
+ ippDeleteAttribute(con->request, attr);
|
||||
+
|
||||
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
|
||||
}
|
||||
|
||||
+ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
|
||||
+
|
||||
#ifdef WITH_LSPP
|
||||
if (is_lspp_config())
|
||||
{
|
||||
|
|
@ -33,7 +33,7 @@ diff -up cups-2.2.2/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.2/s
|
|||
diff -up cups-2.2.2/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.2/scheduler/org.cups.cupsd.service.in
|
||||
--- cups-2.2.2/scheduler/org.cups.cupsd.service.in.systemd-socket 2017-01-17 20:27:22.000000000 +0100
|
||||
+++ cups-2.2.2/scheduler/org.cups.cupsd.service.in 2017-01-19 11:12:42.029520021 +0100
|
||||
@@ -1,10 +1,11 @@
|
||||
@@ -1,10 +1,12 @@
|
||||
[Unit]
|
||||
Description=CUPS Scheduler
|
||||
Documentation=man:cupsd(8)
|
||||
|
|
@ -43,6 +43,7 @@ diff -up cups-2.2.2/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.
|
|||
ExecStart=@sbindir@/cupsd -l
|
||||
-Type=simple
|
||||
+Type=notify
|
||||
+Restart=on-failure
|
||||
|
||||
[Install]
|
||||
Also=org.cups.cupsd.socket org.cups.cupsd.path
|
||||
|
|
|
|||
39
cups.spec
39
cups.spec
|
|
@ -15,7 +15,7 @@ Summary: CUPS printing system
|
|||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.2.4
|
||||
Release: 6%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: GPLv2
|
||||
Url: http://www.cups.org/
|
||||
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
||||
|
|
@ -61,10 +61,14 @@ Patch34: cups-avahi-no-threaded.patch
|
|||
Patch35: cups-ipp-multifile.patch
|
||||
Patch36: cups-web-devices-timeout.patch
|
||||
Patch37: cups-synconclose.patch
|
||||
Patch38: cups-resolv_reload.patch
|
||||
Patch39: cups-ypbind.patch
|
||||
Patch40: cups-no-dest.patch
|
||||
Patch41: cups-cupsenumdests2.patch
|
||||
Patch42: cups-printer-lpdest.patch
|
||||
Patch43: cups-dbus_crash.patch
|
||||
Patch44: cups-substitute-bad-attrs.patch
|
||||
# 1607293 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [fedora-all]
|
||||
Patch45: 0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch
|
||||
|
||||
Patch100: cups-lspp.patch
|
||||
|
||||
|
|
@ -256,19 +260,24 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
|
|||
%patch36 -p1 -b .web-devices-timeout
|
||||
# Set the default for SyncOnClose to Yes.
|
||||
%patch37 -p1 -b .synconclose
|
||||
# CUPS does not recognize changes to /etc/resolv.conf until CUPS restart (bug #1437065)
|
||||
%patch38 -p1 -b .resolv_reload
|
||||
# CUPS may fail to start if NIS groups are used (bug #1494558)
|
||||
%patch39 -p1 -b .ypbind
|
||||
# Can not get destinations from CUPS server (bug #1484916)
|
||||
%patch40 -p1 -b .no-dest
|
||||
# Cannot browse CUPS servers in GNOME Control Panel Printers (bug #1498091)
|
||||
%patch41 -p1 -b .cupsenumdests2
|
||||
|
||||
# 1532536 - Commanline tools such as 'lpr' don't use default printer from environment any more (bug #1532536)
|
||||
%patch42 -p1 -b .printer-lpdest
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1561298
|
||||
%patch43 -p1 -b .dbus_notify
|
||||
%if %{lspp}
|
||||
# LSPP support.
|
||||
%patch100 -p1 -b .lspp
|
||||
%endif
|
||||
# Substitute default values for invalid job attributes (upstream #5186 and #5229)
|
||||
%patch44 -p1 -b .substitute-bad-attrs
|
||||
# 1607293 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [fedora-all]
|
||||
%patch45 -p1 -b .privilege-escalation
|
||||
|
||||
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
|
||||
|
||||
|
|
@ -502,7 +511,7 @@ rm -f %{cups_serverbin}/backend/smb
|
|||
%verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/snmp.conf
|
||||
%attr(0640,root,lp) %{_sysconfdir}/cups/snmp.conf.default
|
||||
%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/subscriptions.conf
|
||||
#%{_sysconfdir}/cups/interfaces
|
||||
#%%{_sysconfdir}/cups/interfaces
|
||||
%verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/lpoptions
|
||||
%dir %attr(0755,root,lp) %{_sysconfdir}/cups/ppd
|
||||
%dir %attr(0700,root,lp) %{_sysconfdir}/cups/ssl
|
||||
|
|
@ -629,6 +638,24 @@ rm -f %{cups_serverbin}/backend/smb
|
|||
%{_mandir}/man5/ipptoolfile.5.gz
|
||||
|
||||
%changelog
|
||||
* Mon Aug 06 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-12
|
||||
- 1612935 - cups doesn't restart after cupsctl command
|
||||
|
||||
* Mon Jul 23 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-11
|
||||
- 1607293 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [fedora-all]
|
||||
|
||||
* Thu Apr 12 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-10
|
||||
- Substitute default values for invalid job attributes (upstream #5186 and #5229)
|
||||
|
||||
* Wed Mar 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 1:2.2.4-9
|
||||
- Fix for CVE-2017-18248
|
||||
|
||||
* Fri Jan 12 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-8
|
||||
- 1437345 - Remove cups-resolv_reload.patch
|
||||
|
||||
* Tue Jan 09 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-7
|
||||
- 1532536 - Commanline tools such as 'lpr' don't use default printer from environment any more
|
||||
|
||||
* Wed Oct 04 2017 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-6
|
||||
- 1498091 - Cannot browse CUPS servers in GNOME Control Panel Printers
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue