Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=de0a5fab8cf280d67a7e7edec4a9be7d56ecb401
commit de0a5fab8cf280d67a7e7edec4a9be7d56ecb401 Author: kikadf <[email protected]> Date: Wed Jul 23 09:14:58 2014 +0200 cups-1.6.1-3arcturus3-x86_64 * Fix CVE-2014-3537 diff --git a/source/xapps/cups/CVE-2014-3537.patch b/source/xapps/cups/CVE-2014-3537.patch new file mode 100644 index 0000000..c5fc22a --- /dev/null +++ b/source/xapps/cups/CVE-2014-3537.patch @@ -0,0 +1,53 @@ +Description: fix privilege escalation via rss dir symlink +Origin: backported from 1.7.4 +Bug: https://www.cups.org/str.php?L4450 + +Index: cups-1.7.2/scheduler/client.c +=================================================================== +--- cups-1.7.2.orig/scheduler/client.c 2014-02-27 10:57:59.000000000 -0500 ++++ cups-1.7.2/scheduler/client.c 2014-07-18 16:23:21.874519390 -0400 +@@ -3323,7 +3323,7 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- if ((status = stat(filename, filestats)) != 0) ++ if ((status = lstat(filename, filestats)) != 0) + { + /* + * Drop the language prefix and try the root directory... +@@ -3335,12 +3335,33 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + } + + /* +- * If we're found a directory, get the index.html file instead... ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. ++ */ ++ ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); ++ return (NULL); ++ } ++ ++ /* ++ * If we've found a directory, get the index.html file instead... + */ + + if (!status && S_ISDIR(filestats->st_mode)) diff --git a/source/xapps/cups/FrugalBuild b/source/xapps/cups/FrugalBuild index 2d379ca..02883de 100644 --- a/source/xapps/cups/FrugalBuild +++ b/source/xapps/cups/FrugalBuild @@ -6,7 +6,7 @@ options+=('asneeded') pkgname=cups pkgver=1.6.1 -pkgrel=3arcturus2 +pkgrel=3arcturus3 pkgdesc="The CUPS Printing System" url="http://www.cups.org/"; depends=('libtiff' 'libpng>=1.4.1' 'libjpeg>=8a' 'systemd' 'poppler-pdftools>=0.18.0' 'xdg-utils') @@ -35,9 +35,10 @@ subgroups=('lib') subarchs=('i686 x86_64 arm') # FSA fix *** -source=(${source[@]} CVE-2013-6891.patch CVE-2014-2856.patch) +source=(${source[@]} CVE-2013-6891.patch CVE-2014-2856.patch CVE-2014-3537.patch) sha1sums=(${sha1sums[@]} '0d58375b7d7ec99766dc9df27bc82e64f4c4e550' \ - '3a6640d65eb8a1f77165352801f81dda7918d609') + '3a6640d65eb8a1f77165352801f81dda7918d609' \ + '6ea0b4aaa7a20b01f44e139295a15324f2eaa755') # *********** _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
