From 3c29b9339f8cf77540272da863ca48163a7b7f8e Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Wed, 23 Jul 2014 14:32:05 +0100 Subject: [PATCH] Fix CGI handling (STR #4454). --- cups-cgi.patch | 17 +++++++++++++++++ cups.spec | 8 +++++++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 cups-cgi.patch diff --git a/cups-cgi.patch b/cups-cgi.patch new file mode 100644 index 0000000..3e92757 --- /dev/null +++ b/cups-cgi.patch @@ -0,0 +1,17 @@ +diff -up cups-1.7.4/scheduler/client.c~ cups-1.7.4/scheduler/client.c +--- cups-1.7.4/scheduler/client.c~ 2014-07-18 13:34:25.243248601 +0100 ++++ cups-1.7.4/scheduler/client.c 2014-07-18 14:50:55.356614243 +0100 +@@ -3980,12 +3980,7 @@ pipe_command(cupsd_client_t *con, /* I - + argv[0] = command; + + if (options) +- { +- commptr = options; +- if (*commptr == ' ') +- commptr ++; +- strlcpy(argbuf, commptr, sizeof(argbuf)); +- } ++ strlcpy(argbuf, options, sizeof(argbuf)); + else + argbuf[0] = '\0'; + diff --git a/cups.spec b/cups.spec index 4b57885..b4b066d 100644 --- a/cups.spec +++ b/cups.spec @@ -11,7 +11,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 1.7.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Url: http://www.cups.org/ Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 @@ -65,6 +65,7 @@ Patch36: cups-web-devices-timeout.patch Patch37: cups-final-content-type.patch Patch38: cups-journal.patch Patch39: cups-synconclose.patch +Patch40: cups-cgi.patch Patch100: cups-lspp.patch @@ -252,6 +253,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch38 -p1 -b .journal # Set the default for SyncOnClose to Yes. %patch39 -p1 -b .synconclose +# Fix CGI handling (STR #4454). +%patch40 -p1 -b .cgi %if %lspp # LSPP support. @@ -640,6 +643,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Wed Jul 23 2014 Tim Waugh - 1:1.7.4-2 +- Fix CGI handling (STR #4454). + * Mon Jul 14 2014 Jiri Popelka - 1:1.7.4-1 - 1.7.4: CVE-2014-3537