Control: tags -1 + pending thanks Dear maintainer,
I've prepared an NMU for hplip (versioned as 3.12.6-3.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards -- Sebastian Ramacher
diff -Nru hplip-3.12.6/debian/changelog hplip-3.12.6/debian/changelog --- hplip-3.12.6/debian/changelog 2012-06-24 08:49:45.000000000 +0200 +++ hplip-3.12.6/debian/changelog 2013-03-01 18:41:56.000000000 +0100 @@ -1,3 +1,12 @@ +hplip (3.12.6-3.1) unstable; urgency=high + + * Non-maintainer upload. + * debian/patches/CVE-2013-0200.patch: Fix CVE-2013-0200 by applying the + patch from Red Hat. Additionally increase the buffers to mitigate an + regression and a buffer overflow. (Closes: #701185) + + -- Sebastian Ramacher <sramac...@debian.org> Fri, 01 Mar 2013 18:21:48 +0100 + hplip (3.12.6-3) unstable; urgency=low * [!linux-any] --enable-libusb01_build diff -Nru hplip-3.12.6/debian/patches/CVE-2013-0200.patch hplip-3.12.6/debian/patches/CVE-2013-0200.patch --- hplip-3.12.6/debian/patches/CVE-2013-0200.patch 1970-01-01 01:00:00.000000000 +0100 +++ hplip-3.12.6/debian/patches/CVE-2013-0200.patch 2013-03-01 18:52:39.000000000 +0100 @@ -0,0 +1,98 @@ +Description: fix for CVE-2013-0200 (insecure temporary files) +Origin: vendor, ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/hplip-3.12.4-4.el6.src.rpm +Last-Update: 2013-03-01 +Bug-Debian: http://bugs.debian.org/701185 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=902163 + +--- a/prnt/hpcups/HPCupsFilter.cpp ++++ b/prnt/hpcups/HPCupsFilter.cpp +@@ -656,21 +656,24 @@ + + if (m_iLogLevel & SAVE_INPUT_RASTERS) + { +- char szFileName[32]; ++ char szFileName[44]; + memset(szFileName, 0, sizeof(szFileName)); +- snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number); ++ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number); + if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || + cups_header.cupsColorSpace == CUPS_CSPACE_RGB) + { +- cfp = fopen (szFileName, "w"); +- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); ++ int fd = mkstemp (szFileName); ++ if (fd != -1) ++ cfp = fdopen (fd, "w"); + } + if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || + cups_header.cupsColorSpace == CUPS_CSPACE_K) + { +- szFileName[17] = 'k'; +- kfp = fopen (szFileName, "w"); +- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); ++ int fd; ++ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number); ++ fd = mkstemp (szFileName); ++ if (fd != -1) ++ kfp = fdopen (fd, "w"); + } + + WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER); +--- a/prnt/hpcups/SystemServices.cpp ++++ b/prnt/hpcups/SystemServices.cpp +@@ -36,10 +36,12 @@ + m_fp = NULL; + if (iLogLevel & SAVE_PCL_FILE) + { +- char fname[32]; +- sprintf(fname, "/tmp/hpcups_job%d.out", job_id); +- m_fp = fopen(fname, "w"); +- chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); ++ int fd; ++ char fname[40]; ++ sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id); ++ fd = mkstemp (fname); ++ if (fd != -1) ++ m_fp = fdopen(fd, "w"); + } + } + +--- a/prnt/hpijs/hpijs.cpp ++++ b/prnt/hpijs/hpijs.cpp +@@ -96,13 +96,12 @@ + + if (pSS->m_iLogLevel & SAVE_PCL_FILE) + { ++ int fd; + char szFileName[32]; +- sprintf (szFileName, "/tmp/hpijs_%d.out", getpid()); +- pSS->outfp = fopen (szFileName, "w"); +- if (pSS->outfp) +- { +- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +- } ++ sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid()); ++ fd = mkstemp (szFileName); ++ if (fd != -1) ++ pSS->outfp = fdopen (fd, "w"); + } + } + +--- a/prnt/hpps/hppsfilter.c ++++ b/prnt/hpps/hppsfilter.c +@@ -92,10 +92,12 @@ + g_fp_outdbgps = NULL; + if (g_savepsfile & SAVE_PS_FILE) + { ++ int fd; + char sfile_name[FILE_NAME_SIZE] = {0}; +- sprintf(sfile_name, DBG_PSFILE, szjob_id); +- g_fp_outdbgps= fopen(sfile_name, "w"); +- chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); ++ sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id); ++ fd = mkstemp (sfile_name); ++ if (fd != -1) ++ g_fp_outdbgps = fdopen(fd, "w"); + } + } + diff -Nru hplip-3.12.6/debian/patches/series hplip-3.12.6/debian/patches/series --- hplip-3.12.6/debian/patches/series 2012-06-24 08:51:04.000000000 +0200 +++ hplip-3.12.6/debian/patches/series 2013-03-01 14:45:50.000000000 +0100 @@ -26,3 +26,4 @@ hp-mkuri-libnotify-so-4-support.dpatch hpaio-option-duplex.diff debian-changes +CVE-2013-0200.patch
signature.asc
Description: Digital signature