diff --git a/hplip-CVE-2011-2722.patch b/hplip-CVE-2011-2722.patch new file mode 100644 index 0000000..fa157e8 --- /dev/null +++ b/hplip-CVE-2011-2722.patch @@ -0,0 +1,21 @@ +diff -up hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp.CVE-2011-2722 hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp +--- hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp.CVE-2011-2722 2011-07-29 10:21:37.404874641 +0100 ++++ hplip-3.11.7/prnt/hpijs/hpcupsfax.cpp 2011-07-29 10:28:10.071298117 +0100 +@@ -625,8 +625,15 @@ int send_data_to_stdout(int fromFD) + fp = NULL; + if (iLogLevel & SAVE_PCL_FILE) + { +- fp = fopen ("/tmp/hpcupsfax.out", "w"); +- system ("chmod 666 /tmp/hpcupsfax.out"); ++ int fd; ++ ++ unlink ("/tmp/hpcupsfax.out"); ++ fd = open ("/tmp/hpcupsfax.out", O_WRONLY | O_CREAT | O_EXCL, ++ S_IRUSR | S_IWUSR | S_IRGRP); ++ if (fd != -1) ++ { ++ fp = fdopen (fd, "w"); ++ } + } + + while ((len = read (fromFD, pTmp, iSize)) > 0) diff --git a/hplip.spec b/hplip.spec index 15f7485..fbfbe42 100644 --- a/hplip.spec +++ b/hplip.spec @@ -1,7 +1,7 @@ Summary: HP Linux Imaging and Printing Project Name: hplip Version: 3.11.7 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and MIT Group: System Environment/Daemons Conflicts: system-config-printer < 0.6.132 @@ -47,6 +47,7 @@ Patch33: hplip-dbus-threads.patch Patch34: hplip-notification-exception.patch Patch35: hplip-CVE-2010-4267.patch Patch36: hplip-wifisetup.patch +Patch37: hplip-CVE-2011-2722.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -297,6 +298,7 @@ done # Avoid KeyError in ui4/wifisetupdialog.py (bug #680939). %patch36 -p1 -b .wifisetup +%patch37 -p1 -b .CVE-2011-2722 sed -i.duplex-constraints \ -e 's,\(UIConstraints.* \*Duplex\),//\1,' \ @@ -532,6 +534,9 @@ fi %postun libs -p /sbin/ldconfig %changelog +* Thu Aug 18 2011 Tim Waugh 3.11.7-2 +- Create debugging files securely (CVE-2011-2722, bug #725830). + * Mon Jul 25 2011 Jiri Popelka 3.11.7-1 - 3.11.7