Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.5.git;a=commitdiff;h=59cb50098dccaf9cf90f1eb11a47cf9912d84f68

commit 59cb50098dccaf9cf90f1eb11a47cf9912d84f68
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Mon Aug 22 01:37:47 2011 +0200

foomatic-filters-4.0.1-6mores1-i686

- add patch for CVE-2011-2924
- closes #4556

diff --git a/source/apps/foomatic-filters/FrugalBuild 
b/source/apps/foomatic-filters/FrugalBuild
index 18c6071..cf8d888 100644
--- a/source/apps/foomatic-filters/FrugalBuild
+++ b/source/apps/foomatic-filters/FrugalBuild
@@ -3,15 +3,16 @@

pkgname=foomatic-filters
pkgver=4.0.1
-pkgrel=5
+pkgrel=6mores1
pkgdesc="Foomatic is a system for using free software printer drivers with 
common spoolers on Unix"
url="http://www.linuxprinting.org/foomatic.html";
depends=('perl' 'libxml2>=2.7.8' 'cups' 'ghostscript>=9.00' 'openssl>=1.0.0')
archs=('i686' 'x86_64' 'ppc')
groups=('apps')
-source=(http://www.linuxprinting.org/download/foomatic/$pkgname-$pkgver.tar.gz)
+source=(http://www.linuxprinting.org/download/foomatic/$pkgname-$pkgver.tar.gz 
foomatic-filters-CVE-2011-2924.patch)
up2date='lynx --dump "http://www.linuxprinting.org/download/foomatic/?C=M:O=D"; 
| grep "foomatic-filters-[0-9.]\+.tar.gz" | head -n 1 | sed 
"s/.*foomatic-filters-\(.*\).tar.gz.*/\1/"'
-sha1sums=('b7cb36cbe88bb637da66795df38a29fd9ed4fc04')
+sha1sums=('b7cb36cbe88bb637da66795df38a29fd9ed4fc04' \
+          'd8e06af5731dc4ecd575cf52e4d9a2cd9b3344c3')

build() {
Fbuild
diff --git a/source/apps/foomatic-filters/foomatic-filters-CVE-2011-2924.patch 
b/source/apps/foomatic-filters/foomatic-filters-CVE-2011-2924.patch
new file mode 100644
index 0000000..f5fb659
--- /dev/null
+++ b/source/apps/foomatic-filters/foomatic-filters-CVE-2011-2924.patch
@@ -0,0 +1,32 @@
+diff -up foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 
foomatic-filters-4.0.8/foomaticrip.c
+--- foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 2011-08-18 
16:27:57.277636643 +0100
++++ foomatic-filters-4.0.8/foomaticrip.c       2011-08-18 16:33:37.680136675 
+0100
+@@ -1188,9 +1188,13 @@ int main(int argc, char** argv)
+     if (arglist_remove_flag(arglist, "--debug"))
+         debug = 1;
+
+-    if (debug)
+-        logh = fopen(LOG_FILE ".log", "w"); /* insecure, use for debugging 
only */
+-    else if (quiet && !verbose)
++    if (debug) {
++      int fd = mkstemp (LOG_FILE "-XXXXXX.log");
++      if (fd != -1)
++          logh = fdopen(fd, "w");
++      else
++          logh = stderr;
++    } else if (quiet && !verbose)
+         logh = NULL; /* Quiet mode, do not log */
+     else
+         logh = stderr; /* Default: log to stderr */
+diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 
foomatic-filters-4.0.8/renderer.c
+--- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924    2011-07-25 
10:50:57.000000000 +0100
++++ foomatic-filters-4.0.8/renderer.c  2011-08-18 14:36:14.120153309 +0100
+@@ -434,7 +434,7 @@ int exec_kid3(FILE *in, FILE *out, void
+         }
+
+         /* Save the data supposed to be fed into the renderer also into a 
file*/
+-        dstrprepend(commandline, "tee -a " LOG_FILE ".ps | ( ");
++        dstrprepend(commandline, "tee $(mktemp " LOG_FILE "-XXXXXX.ps) | ( ");
+         dstrcat(commandline, ")");
+     }
+
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to