From 38257f25bd8494ff2a7421017d02df38fb87de50 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Tue, 17 Jan 2012 12:30:52 +0000 Subject: [PATCH 1/2] Don't accept Device URIs of '\0' from SNMP devices (bug #770646, STR #4004). --- cups-str4004.patch | 13 +++++++++++++ cups.spec | 10 +++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 cups-str4004.patch diff --git a/cups-str4004.patch b/cups-str4004.patch new file mode 100644 index 0000000..f507042 --- /dev/null +++ b/cups-str4004.patch @@ -0,0 +1,13 @@ +diff -up cups-1.5.0/backend/snmp.c.snmp-bad-uri cups-1.5.0/backend/snmp.c +--- cups-1.5.0/backend/snmp.c.snmp-bad-uri 2012-01-17 11:51:00.786457690 +0000 ++++ cups-1.5.0/backend/snmp.c 2012-01-17 11:51:57.123384361 +0000 +@@ -1120,7 +1120,8 @@ read_snmp_response(int fd) /* I - SNMP + + case DEVICE_URI : + if (device && packet.object_type == CUPS_ASN1_OCTET_STRING && +- !device->uri && packet.object_value.string.num_bytes > 0) ++ !device->uri && packet.object_value.string.num_bytes > 3 && ++ strlen ((char *)packet.object_value.string.bytes) > 3) + { + /* + * Update an existing cache entry... diff --git a/cups.spec b/cups.spec index e28dd5c..d8f4809 100644 --- a/cups.spec +++ b/cups.spec @@ -13,7 +13,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.4.8 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -74,6 +74,7 @@ Patch34: cups-str3535.patch Patch35: cups-polld-busy-loop.patch Patch36: cups-CVE-2011-2896.patch Patch37: cups-str3947.patch +Patch38: cups-str4004.patch Patch40: cups-avahi-1-config.patch Patch41: cups-avahi-2-backend.patch @@ -297,6 +298,9 @@ module. %patch36 -p1 -b .CVE-2011-2896 # Fixed string manipulation in the dbus notifier (STR #3947, bug #741833). %patch37 -p1 -b .str3947 +# Don't accept Device URIs of '\0' from SNMP devices +# (bug #770646, STR #4004). +%patch38 -p1 -b .str4004 # Avahi support: # - discovery in the dnssd backend @@ -639,6 +643,10 @@ rm -rf $RPM_BUILD_ROOT %{php_extdir}/phpcups.so %changelog +* Tue Jan 17 2012 Tim Waugh 1:1.4.8-8 +- Don't accept Device URIs of '\0' from SNMP devices + (bug #770646, STR #4004). + * Wed Dec 21 2011 Tim Waugh 1:1.4.8-7 - Fixed textonly filter to work with single copies (bug #738412). From 6017b9cc053c1882192bb5d4a74fd5f1eddb1de6 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Tue, 17 Jan 2012 12:40:06 +0000 Subject: [PATCH 2/2] Replace newline characters with spaces in reported Device IDs (bug #782129, STR #4005). --- cups-str4005.patch | 25 +++++++++++++++++++++++++ cups.spec | 6 ++++++ 2 files changed, 31 insertions(+) create mode 100644 cups-str4005.patch diff --git a/cups-str4005.patch b/cups-str4005.patch new file mode 100644 index 0000000..bbb488c --- /dev/null +++ b/cups-str4005.patch @@ -0,0 +1,25 @@ +diff -up cups-1.5.0/cups/backend.c.backend-bad-id cups-1.5.0/cups/backend.c +--- cups-1.5.0/cups/backend.c.backend-bad-id 2011-04-29 23:45:35.000000000 +0100 ++++ cups-1.5.0/cups/backend.c 2012-01-17 12:23:13.687442534 +0000 +@@ -110,7 +110,8 @@ cupsBackendReport( + + + /* +- * 'quote_string()' - Write a quoted string to stdout, escaping \ and ". ++ * 'quote_string()' - Write a quoted string to stdout, escaping \ and ", ++ * and replacing newline with space. + */ + + static void +@@ -125,7 +126,10 @@ quote_string(const char *s) /* I - Stri + if (*s == '\\' || *s == '\"') + putchar('\\'); + +- putchar(*s); ++ if (*s == '\n') ++ putchar(' '); ++ else ++ putchar(*s); + + s ++; + } diff --git a/cups.spec b/cups.spec index d8f4809..b201e4c 100644 --- a/cups.spec +++ b/cups.spec @@ -75,6 +75,7 @@ Patch35: cups-polld-busy-loop.patch Patch36: cups-CVE-2011-2896.patch Patch37: cups-str3947.patch Patch38: cups-str4004.patch +Patch39: cups-str4005.patch Patch40: cups-avahi-1-config.patch Patch41: cups-avahi-2-backend.patch @@ -301,6 +302,9 @@ module. # Don't accept Device URIs of '\0' from SNMP devices # (bug #770646, STR #4004). %patch38 -p1 -b .str4004 +# Replace newline characters with spaces in reported Device IDs +# (bug #782129, STR #4005). +%patch39 -p1 -b .str4005 # Avahi support: # - discovery in the dnssd backend @@ -644,6 +648,8 @@ rm -rf $RPM_BUILD_ROOT %changelog * Tue Jan 17 2012 Tim Waugh 1:1.4.8-8 +- Replace newline characters with spaces in reported Device IDs + (bug #782129, STR #4005). - Don't accept Device URIs of '\0' from SNMP devices (bug #770646, STR #4004).