Hello community, here is the log from the commit of package foomatic-filters for openSUSE:11.4 checked in at Thu Aug 11 13:50:44 CEST 2011.
-------- --- old-versions/11.4/all/foomatic-filters/foomatic-filters.changes 2011-02-09 17:17:16.000000000 +0100 +++ 11.4/foomatic-filters/foomatic-filters.changes 2011-08-11 10:25:04.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Aug 11 10:17:55 CEST 2011 - [email protected] + +- foomaticrip.c.4.0.6.CVE-2011-2697.patch fixes CVE-2011-2697 + which is a remote code execution as user lp issue (bnc#698451). + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/foomatic-filters Destination is old-versions/11.4/UPDATES/all/foomatic-filters calling whatdependson for 11.4-i586 New: ---- foomaticrip.c.4.0.6.CVE-2011-2697.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ foomatic-filters.spec ++++++ --- /var/tmp/diff_new_pack.RlHlig/_old 2011-08-11 13:50:12.000000000 +0200 +++ /var/tmp/diff_new_pack.RlHlig/_new 2011-08-11 13:50:12.000000000 +0200 @@ -36,7 +36,7 @@ Recommends: a2ps # See the VERSION file if it is a snapshot with "bzrdate": Version: 4.0.6 -Release: 2 +Release: 7.<RELEASE8> AutoReqProv: on # Source0...Source9 is for sources from upstream: # URL for Source0: http://www.openprinting.org/download/foomatic/foomatic-filters-4.0-20090513.tar.gz @@ -47,7 +47,9 @@ # Patch0...Patch9 is for patches from upstream: # ... # Patch10...Patch99 is for Suse patches for the sources from upstream: -# ... +# Patch10 foomaticrip.c.4.0.6.CVE-2011-2697.patch fixes CVE-2011-2697 +# which is a remote code execution as user lp issue (bnc#698451): +Patch10: foomaticrip.c.4.0.6.CVE-2011-2697.patch # Source100... is for special Suse sources: # ... Url: http://www.openprinting.org/ @@ -74,6 +76,9 @@ %setup -q # Use this "setup" if it is a snapshot with "bzrdate": # setup -q -n %{name}-%{bzrdate} +# Patch10 foomaticrip.c.4.0.6.CVE-2011-2697.patch fixes CVE-2011-2697 +# which is a remote code execution as user lp issue (bnc#698451): +%patch10 %build export CFLAGS="$RPM_OPT_FLAGS -fstack-protector" ++++++ foomaticrip.c.4.0.6.CVE-2011-2697.patch ++++++ --- foomaticrip.c.orig 2010-12-15 17:19:21.000000000 +0100 +++ foomaticrip.c 2011-08-11 09:49:02.000000000 +0200 @@ -1236,8 +1236,11 @@ int main(int argc, char** argv) } /* Check for LPRng first so we do not pick up bogus ppd files by the -ppd option */ - if (arglist_remove_flag(arglist, "--lprng")) - spooler = SPOOLER_LPRNG; + if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR && + spooler != SPOOLER_PPR_INT) { + if (arglist_remove_flag(arglist, "--lprng")) + spooler = SPOOLER_LPRNG; + } /* 'PRINTCAP_ENTRY' environment variable is : LPRng the :ppd=/path/to/ppdfile printcap entry should be used */ @@ -1259,96 +1262,104 @@ int main(int argc, char** argv) } } - /* PPD file name given via the command line - allow duplicates, and use the last specified one */ - if (spooler != SPOOLER_LPRNG) { - while ((str = arglist_get_value(arglist, "-p"))) { - strncpy(job->ppdfile, str, 256); - arglist_remove(arglist, "-p"); + /* CUPS calls foomatic-rip only with 5 or 6 positional parameters, + not with named options, like for example "-p <string>". Also PPR + does not used named options. */ + if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR && + spooler != SPOOLER_PPR_INT) { + /* Check for LPD/GNUlpr by typical options which the spooler puts onto + the filter's command line (options "-w": text width, "-l": text + length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, + "-n": user name, "-h": host name) */ + if ((str = arglist_get_value(arglist, "-h"))) { + if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) + spooler = SPOOLER_LPD; + strncpy(job->host, str, 127); + job->host[127] = '\0'; + arglist_remove(arglist, "-h"); } - } - while ((str = arglist_get_value(arglist, "--ppd"))) { - strncpy(job->ppdfile, str, 256); - arglist_remove(arglist, "--ppd"); - } - - /* Check for LPD/GNUlpr by typical options which the spooler puts onto - the filter's command line (options "-w": text width, "-l": text - length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, - "-n": user name, "-h": host name) */ - if ((str = arglist_get_value(arglist, "-h"))) { - if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) - spooler = SPOOLER_LPD; - strncpy(job->host, str, 127); - job->host[127] = '\0'; - arglist_remove(arglist, "-h"); - } - if ((str = arglist_get_value(arglist, "-n"))) { - if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) - spooler = SPOOLER_LPD; - - strncpy(job->user, str, 127); - job->user[127] = '\0'; - arglist_remove(arglist, "-n"); - } - if (arglist_remove(arglist, "-w") || - arglist_remove(arglist, "-l") || - arglist_remove(arglist, "-x") || - arglist_remove(arglist, "-y") || - arglist_remove(arglist, "-i") || - arglist_remove_flag(arglist, "-c")) { + if ((str = arglist_get_value(arglist, "-n"))) { if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) spooler = SPOOLER_LPD; - } - /* LPRng delivers the option settings via the "-Z" argument */ - if ((str = arglist_get_value(arglist, "-Z"))) { - spooler = SPOOLER_LPRNG; - dstrcatf(job->optstr, "%s ", str); - arglist_remove(arglist, "-Z"); - } - /* Job title and options for stock LPD */ - if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) { - strncpy_omit(job->title, str, 128, omit_shellescapes); - if (spooler == SPOOLER_LPD) - dstrcatf(job->optstr, "%s ", job->title); - if (!arglist_remove(arglist, "-j")) - arglist_remove(arglist, "-J"); - } - /* Check for CPS */ - if (arglist_remove_flag(arglist, "--cps") > 0) - spooler = SPOOLER_CPS; - /* Options for spooler-less printing, CPS, or PDQ */ - while ((str = arglist_get_value(arglist, "-o"))) { - strncpy_omit(tmp, str, 1024, omit_shellescapes); - dstrcatf(job->optstr, "%s ", tmp); - arglist_remove(arglist, "-o"); - /* If we don't print as PPR RIP or as CPS filter, we print - without spooler (we check for PDQ later) */ - if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS) - spooler = SPOOLER_DIRECT; - } + strncpy(job->user, str, 127); + job->user[127] = '\0'; + arglist_remove(arglist, "-n"); + } + if (arglist_remove(arglist, "-w") || + arglist_remove(arglist, "-l") || + arglist_remove(arglist, "-x") || + arglist_remove(arglist, "-y") || + arglist_remove(arglist, "-i") || + arglist_remove_flag(arglist, "-c")) { + if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) + spooler = SPOOLER_LPD; + } + /* LPRng delivers the option settings via the "-Z" argument */ + if ((str = arglist_get_value(arglist, "-Z"))) { + spooler = SPOOLER_LPRNG; + dstrcatf(job->optstr, "%s ", str); + arglist_remove(arglist, "-Z"); + } + /* Job title and options for stock LPD */ + if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) { + strncpy_omit(job->title, str, 128, omit_shellescapes); + if (spooler == SPOOLER_LPD) + dstrcatf(job->optstr, "%s ", job->title); + if (!arglist_remove(arglist, "-j")) + arglist_remove(arglist, "-J"); + } - /* Printer for spooler-less printing or PDQ */ - if ((str = arglist_get_value(arglist, "-d"))) { - strncpy_omit(job->printer, str, 256, omit_shellescapes); - arglist_remove(arglist, "-d"); - } + /* Check for CPS */ + if (arglist_remove_flag(arglist, "--cps") > 0) + spooler = SPOOLER_CPS; - /* Printer for spooler-less printing, PDQ, or LPRng */ - if ((str = arglist_get_value(arglist, "-P"))) { - strncpy_omit(job->printer, str, 256, omit_shellescapes); - arglist_remove(arglist, "-P"); - } + /* PPD file name given via the command line + allow duplicates, and use the last specified one */ + if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG && + spooler != SPOOLER_LPD) { + while ((str = arglist_get_value(arglist, "-p"))) { + strncpy(job->ppdfile, str, 256); + arglist_remove(arglist, "-p"); + } + while ((str = arglist_get_value(arglist, "--ppd"))) { + strncpy(job->ppdfile, str, 256); + arglist_remove(arglist, "--ppd"); + } + } - /* Were we called from a PDQ wrapper? */ - if (arglist_remove_flag(arglist, "--pdq")) - spooler = SPOOLER_PDQ; + /* Options for spooler-less printing, CPS, or PDQ */ + while ((str = arglist_get_value(arglist, "-o"))) { + strncpy_omit(tmp, str, 1024, omit_shellescapes); + dstrcatf(job->optstr, "%s ", tmp); + arglist_remove(arglist, "-o"); + /* If we don't print as PPR RIP or as CPS filter, we print + without spooler (we check for PDQ later) */ + if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS) + spooler = SPOOLER_DIRECT; + } - /* Were we called to build the PDQ driver declaration file? */ - genpdqfile = check_pdq_file(arglist); - if (genpdqfile) - spooler = SPOOLER_PDQ; + /* Printer for spooler-less printing or PDQ */ + if ((str = arglist_get_value(arglist, "-d"))) { + strncpy_omit(job->printer, str, 256, omit_shellescapes); + arglist_remove(arglist, "-d"); + } + + /* Printer for spooler-less printing, PDQ, or LPRng */ + if ((str = arglist_get_value(arglist, "-P"))) { + strncpy_omit(job->printer, str, 256, omit_shellescapes); + arglist_remove(arglist, "-P"); + } + + /* Were we called from a PDQ wrapper? */ + if (arglist_remove_flag(arglist, "--pdq")) + spooler = SPOOLER_PDQ; + + /* Were we called to build the PDQ driver declaration file? */ + genpdqfile = check_pdq_file(arglist); + if (genpdqfile) + spooler = SPOOLER_PDQ; + } /* spooler specific initialization */ switch (spooler) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
