foomatic/foomatic-filters-CVE-2011-2924.patch

diff -up foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 foomatic-filters-4.0.8/foomaticrip.c
--- foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924	2011-08-18 16:27:57.277636643 +0100
+++ foomatic-filters-4.0.8/foomaticrip.c	2011-08-18 16:33:37.680136675 +0100
@@ -1188,9 +1188,13 @@ int main(int argc, char** argv)
     if (arglist_remove_flag(arglist, "--debug"))
         debug = 1;
 
-    if (debug)
-        logh = fopen(LOG_FILE ".log", "w"); /* insecure, use for debugging only */
-    else if (quiet && !verbose)
+    if (debug) {
+	int fd = mkstemp (LOG_FILE "-XXXXXX.log");
+	if (fd != -1)
+	    logh = fdopen(fd, "w");
+	else
+	    logh = stderr;
+    } else if (quiet && !verbose)
         logh = NULL; /* Quiet mode, do not log */
     else
         logh = stderr; /* Default: log to stderr */
diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 foomatic-filters-4.0.8/renderer.c
--- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924	2011-07-25 10:50:57.000000000 +0100
+++ foomatic-filters-4.0.8/renderer.c	2011-08-18 14:36:14.120153309 +0100
@@ -434,7 +434,7 @@ int exec_kid3(FILE *in, FILE *out, void 
         }
 
         /* Save the data supposed to be fed into the renderer also into a file*/
-        dstrprepend(commandline, "tee -a " LOG_FILE ".ps | ( ");
+        dstrprepend(commandline, "tee $(mktemp " LOG_FILE "-XXXXXX.ps) | ( ");
         dstrcat(commandline, ")");
     }
Another fix for CVE-2011-2924 (bug #726426). 2011-08-18 15:36:01 +00:00			`diff -up foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 foomatic-filters-4.0.8/foomaticrip.c`
			`--- foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 2011-08-18 16:27:57.277636643 +0100`
			`+++ foomatic-filters-4.0.8/foomaticrip.c 2011-08-18 16:33:37.680136675 +0100`
			`@@ -1188,9 +1188,13 @@ int main(int argc, char** argv)`
			`if (arglist_remove_flag(arglist, "--debug"))`
			`debug = 1;`

			`- if (debug)`
			`- logh = fopen(LOG_FILE ".log", "w"); /* insecure, use for debugging only */`
			`- else if (quiet && !verbose)`
			`+ if (debug) {`
			`+ int fd = mkstemp (LOG_FILE "-XXXXXX.log");`
			`+ if (fd != -1)`
			`+ logh = fdopen(fd, "w");`
			`+ else`
			`+ logh = stderr;`
			`+ } else if (quiet && !verbose)`
			`logh = NULL; /* Quiet mode, do not log */`
			`else`
			`logh = stderr; /* Default: log to stderr */`
Use mktemp when creating debug log file in foomatic-rip (CVE-2011-2924, bug #726426). 2011-08-18 11:15:52 +00:00			`diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 foomatic-filters-4.0.8/renderer.c`
			`--- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 2011-07-25 10:50:57.000000000 +0100`
Another fix for CVE-2011-2924 (bug #726426). 2011-08-18 15:36:01 +00:00			`+++ foomatic-filters-4.0.8/renderer.c 2011-08-18 14:36:14.120153309 +0100`
Use mktemp when creating debug log file in foomatic-rip (CVE-2011-2924, bug #726426). 2011-08-18 11:15:52 +00:00			`@@ -434,7 +434,7 @@ int exec_kid3(FILE in, FILE out, void`
			`}`

			`/* Save the data supposed to be fed into the renderer also into a file*/`
			`- dstrprepend(commandline, "tee -a " LOG_FILE ".ps \| ( ");`
			`+ dstrprepend(commandline, "tee $(mktemp " LOG_FILE "-XXXXXX.ps) \| ( ");`
			`dstrcat(commandline, ")");`
			`}`