Update to 0.2.4
Resolves CVE-2012-4510 Revert stricter validation of printer names
This commit is contained in:
parent
a90252e13e
commit
996ab1752e
1
.gitignore
vendored
1
.gitignore
vendored
@ -4,3 +4,4 @@ cups-pk-helper-0.0.4.tar.bz2
|
||||
/cups-pk-helper-0.1.3.tar.bz2
|
||||
/cups-pk-helper-0.2.1.tar.bz2
|
||||
/cups-pk-helper-0.2.2.tar.bz2
|
||||
/cups-pk-helper-0.2.4.tar.bz2
|
||||
|
54
0001-Be-stricter-when-validating-printer-names.patch
Normal file
54
0001-Be-stricter-when-validating-printer-names.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 7bf9cbe43ef8f648f308e4760f75c2aa6b61fa8e Mon Sep 17 00:00:00 2001
|
||||
From: Vincent Untz <vuntz@suse.com>
|
||||
Date: Tue, 27 Mar 2012 17:47:07 +0200
|
||||
Subject: [PATCH] Be stricter when validating printer names
|
||||
|
||||
Only alphanumerical characters and the underscore are valid, and the
|
||||
name must not be longer than 127 characters. See
|
||||
http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1
|
||||
---
|
||||
src/cups.c | 20 +++++++++++---------
|
||||
1 file changed, 11 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/cups.c b/src/cups.c
|
||||
index 332abbe..1b2562b 100644
|
||||
--- a/src/cups.c
|
||||
+++ b/src/cups.c
|
||||
@@ -287,23 +287,25 @@ _cph_cups_is_printer_name_valid_internal (const char *name)
|
||||
int i;
|
||||
int len;
|
||||
|
||||
+ /* Quoting http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1:
|
||||
+ *
|
||||
+ * The printer name must start with any printable character except
|
||||
+ * " ", "/", and "@". It can contain up to 127 letters, numbers, and
|
||||
+ * the underscore (_).
|
||||
+ *
|
||||
+ * The first part is a bit weird, as the second part is more
|
||||
+ * restrictive. So we only consider the second part. */
|
||||
+
|
||||
/* no empty string */
|
||||
if (!name || name[0] == '\0')
|
||||
return FALSE;
|
||||
|
||||
len = strlen (name);
|
||||
- /* no string that is too long; see comment at the beginning of the
|
||||
- * validation code block */
|
||||
- if (len > CPH_STR_MAXLEN)
|
||||
+ if (len > 127)
|
||||
return FALSE;
|
||||
|
||||
- /* only printable characters, no space, no /, no # */
|
||||
for (i = 0; i < len; i++) {
|
||||
- if (!g_ascii_isprint (name[i]))
|
||||
- return FALSE;
|
||||
- if (g_ascii_isspace (name[i]))
|
||||
- return FALSE;
|
||||
- if (name[i] == '/' || name[i] == '#')
|
||||
+ if (!g_ascii_isalnum (name[i]) && name[i] != '_')
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
--
|
||||
1.7.12.1
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: cups-pk-helper
|
||||
Version: 0.2.2
|
||||
Release: 2%{?dist}
|
||||
Version: 0.2.4
|
||||
Release: 1%{?dist}
|
||||
Summary: A helper that makes system-config-printer use PolicyKit
|
||||
|
||||
Group: System Environment/Base
|
||||
@ -9,6 +9,7 @@ URL: http://www.vuntz.net/download/cups-pk-helper/
|
||||
Source0: http://cgit.freedesktop.org/cups-pk-helper/snapshot/cups-pk-helper-%{version}.tar.bz2
|
||||
|
||||
Patch0: polkit_result.patch
|
||||
Patch1: 0001-Be-stricter-when-validating-printer-names.patch
|
||||
|
||||
BuildRequires: libtool >= 1.4.3
|
||||
BuildRequires: cups-devel >= 1.2
|
||||
@ -38,6 +39,7 @@ interfaces available under control of PolicyKit.
|
||||
%setup -q
|
||||
|
||||
%patch0 -p1 -b .polkit-result
|
||||
%patch1 -p1 -R -b .strict-names
|
||||
|
||||
|
||||
%build
|
||||
@ -65,6 +67,11 @@ make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Oct 17 2012 Marek Kasik <mkasik@redhat.com> - 0.2.4-1
|
||||
- Update to 0.2.4
|
||||
- Resolves CVE-2012-4510
|
||||
- Revert stricter validation of printer names
|
||||
|
||||
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user