Fix CGI handling (STR #4454).

This commit is contained in:
Tim Waugh 2014-07-23 14:32:05 +01:00
parent 3e91a794f7
commit 3c29b9339f
2 changed files with 24 additions and 1 deletions

17
cups-cgi.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up cups-1.7.4/scheduler/client.c~ cups-1.7.4/scheduler/client.c
--- cups-1.7.4/scheduler/client.c~ 2014-07-18 13:34:25.243248601 +0100
+++ cups-1.7.4/scheduler/client.c 2014-07-18 14:50:55.356614243 +0100
@@ -3980,12 +3980,7 @@ pipe_command(cupsd_client_t *con, /* I -
argv[0] = command;
if (options)
- {
- commptr = options;
- if (*commptr == ' ')
- commptr ++;
- strlcpy(argbuf, commptr, sizeof(argbuf));
- }
+ strlcpy(argbuf, options, sizeof(argbuf));
else
argbuf[0] = '\0';

View File

@ -11,7 +11,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 1.7.4 Version: 1.7.4
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Url: http://www.cups.org/ Url: http://www.cups.org/
Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@ -65,6 +65,7 @@ Patch36: cups-web-devices-timeout.patch
Patch37: cups-final-content-type.patch Patch37: cups-final-content-type.patch
Patch38: cups-journal.patch Patch38: cups-journal.patch
Patch39: cups-synconclose.patch Patch39: cups-synconclose.patch
Patch40: cups-cgi.patch
Patch100: cups-lspp.patch Patch100: cups-lspp.patch
@ -252,6 +253,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch38 -p1 -b .journal %patch38 -p1 -b .journal
# Set the default for SyncOnClose to Yes. # Set the default for SyncOnClose to Yes.
%patch39 -p1 -b .synconclose %patch39 -p1 -b .synconclose
# Fix CGI handling (STR #4454).
%patch40 -p1 -b .cgi
%if %lspp %if %lspp
# LSPP support. # LSPP support.
@ -640,6 +643,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz %{_mandir}/man5/ipptoolfile.5.gz
%changelog %changelog
* Wed Jul 23 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.4-2
- Fix CGI handling (STR #4454).
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.4-1 * Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.4-1
- 1.7.4: CVE-2014-3537 - 1.7.4: CVE-2014-3537