From 2fb60621a68448daaeea7c02730301c47c6e5949 Mon Sep 17 00:00:00 2001 From: drochner Date: Wed, 13 Jul 2011 19:58:54 +0000 Subject: add a patch from Suse bug #698451 (which is said there to originate from upstream but I couldn't locate it) to fix possible injection of shell commands in print requests which would be executed as the "lp" user bump PKGREV --- print/foomatic4-filters/Makefile | 3 +- print/foomatic4-filters/distinfo | 4 +- print/foomatic4-filters/patches/patch-ac | 216 ++++++++++++++++++++++++++++++- 3 files changed, 215 insertions(+), 8 deletions(-) (limited to 'print') diff --git a/print/foomatic4-filters/Makefile b/print/foomatic4-filters/Makefile index 89cd55e1eb8..8a2eaaf5967 100644 --- a/print/foomatic4-filters/Makefile +++ b/print/foomatic4-filters/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.9 2011/01/17 14:14:52 drochner Exp $ +# $NetBSD: Makefile,v 1.10 2011/07/13 19:58:54 drochner Exp $ DISTNAME= foomatic-filters-4.0.6 +PKGREVISION= 1 CATEGORIES= print MASTER_SITES= http://www.linuxprinting.org/download/foomatic/ diff --git a/print/foomatic4-filters/distinfo b/print/foomatic4-filters/distinfo index 3ab1946ce0a..38b1e0c77ab 100644 --- a/print/foomatic4-filters/distinfo +++ b/print/foomatic4-filters/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.3 2011/01/17 14:14:52 drochner Exp $ +$NetBSD: distinfo,v 1.4 2011/07/13 19:58:54 drochner Exp $ SHA1 (foomatic-filters-4.0.6.tar.gz) = 5ebeb6fbf856433053bb5dc8d6a2fde824b88efd RMD160 (foomatic-filters-4.0.6.tar.gz) = a218d8d279cb7256194b11323ed823095f65e152 Size (foomatic-filters-4.0.6.tar.gz) = 244365 bytes -SHA1 (patch-ac) = 5013be198bca54423d520382bf686e9c6280dc43 +SHA1 (patch-ac) = 2f5a9e529517befef2639611a0099edd9b38a81e SHA1 (patch-ad) = 40f620a2f26d0872f87a2e332dd45853634ca5dc diff --git a/print/foomatic4-filters/patches/patch-ac b/print/foomatic4-filters/patches/patch-ac index 9f104c3a2e6..ebf605d6473 100644 --- a/print/foomatic4-filters/patches/patch-ac +++ b/print/foomatic4-filters/patches/patch-ac @@ -1,8 +1,8 @@ -$NetBSD: patch-ac,v 1.1.1.1 2009/11/20 20:50:43 drochner Exp $ +$NetBSD: patch-ac,v 1.2 2011/07/13 19:58:54 drochner Exp $ ---- foomaticrip.c.orig 2009-01-14 20:23:15.000000000 +0100 +--- foomaticrip.c.orig 2011-07-13 13:54:29.000000000 +0000 +++ foomaticrip.c -@@ -153,7 +153,7 @@ char cupsfilterpath[PATH_MAX] = "/usr/lo +@@ -177,7 +177,7 @@ char cupsfilterpath[PATH_MAX] = "/usr/lo "/opt/cups/filter:" "/usr/lib/cups/filter"; @@ -11,7 +11,7 @@ $NetBSD: patch-ac,v 1.1.1.1 2009/11/20 20:50:43 drochner Exp $ void config_set_option(const char *key, const char *value) { -@@ -968,6 +968,7 @@ int print_file(const char *filename, int +@@ -1059,6 +1059,7 @@ int print_file(const char *filename, int if (dup2(fileno(out), fileno(stdin)) < 0) rip_die(EXIT_PRNERR_NORETRY_BAD_SETTINGS, "Couldn't dup stdout of pdf-to-ps\n"); @@ -19,7 +19,7 @@ $NetBSD: patch-ac,v 1.1.1.1 2009/11/20 20:50:43 drochner Exp $ ret = print_file("", 0); -@@ -999,6 +1000,7 @@ int print_file(const char *filename, int +@@ -1090,6 +1091,7 @@ int print_file(const char *filename, int /* Read further data from the file converter and not from STDIN */ if (dup2(fileno(fchandle), fileno(stdin)) < 0) rip_die(EXIT_PRNERR_NORETRY_BAD_SETTINGS, "Couldn't dup fileconverterhandle\n"); @@ -27,3 +27,209 @@ $NetBSD: patch-ac,v 1.1.1.1 2009/11/20 20:50:43 drochner Exp $ ret = print_file("", 0); +@@ -1236,8 +1238,11 @@ int main(int argc, char** argv) + } + + /* Check for LPRng first so we do not pick up bogus ppd files by the -ppd option */ +- if (arglist_remove_flag(arglist, "--lprng")) +- spooler = SPOOLER_LPRNG; ++ if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR && ++ spooler != SPOOLER_PPR_INT) { ++ if (arglist_remove_flag(arglist, "--lprng")) ++ spooler = SPOOLER_LPRNG; ++ } + + /* 'PRINTCAP_ENTRY' environment variable is : LPRng + the :ppd=/path/to/ppdfile printcap entry should be used */ +@@ -1259,96 +1264,104 @@ int main(int argc, char** argv) + } + } + +- /* PPD file name given via the command line +- allow duplicates, and use the last specified one */ +- if (spooler != SPOOLER_LPRNG) { +- while ((str = arglist_get_value(arglist, "-p"))) { +- strncpy(job->ppdfile, str, 256); +- arglist_remove(arglist, "-p"); +- } +- } +- while ((str = arglist_get_value(arglist, "--ppd"))) { +- strncpy(job->ppdfile, str, 256); +- arglist_remove(arglist, "--ppd"); +- } +- +- /* Check for LPD/GNUlpr by typical options which the spooler puts onto +- the filter's command line (options "-w": text width, "-l": text +- length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, +- "-n": user name, "-h": host name) */ +- if ((str = arglist_get_value(arglist, "-h"))) { +- if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) +- spooler = SPOOLER_LPD; +- strncpy(job->host, str, 127); +- job->host[127] = '\0'; +- arglist_remove(arglist, "-h"); +- } +- if ((str = arglist_get_value(arglist, "-n"))) { +- if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) +- spooler = SPOOLER_LPD; +- +- strncpy(job->user, str, 127); +- job->user[127] = '\0'; +- arglist_remove(arglist, "-n"); +- } +- if (arglist_remove(arglist, "-w") || +- arglist_remove(arglist, "-l") || +- arglist_remove(arglist, "-x") || +- arglist_remove(arglist, "-y") || +- arglist_remove(arglist, "-i") || +- arglist_remove_flag(arglist, "-c")) { ++ /* CUPS calls foomatic-rip only with 5 or 6 positional parameters, ++ not with named options, like for example "-p ". Also PPR ++ does not used named options. */ ++ if (spooler != SPOOLER_CUPS && spooler != SPOOLER_PPR && ++ spooler != SPOOLER_PPR_INT) { ++ /* Check for LPD/GNUlpr by typical options which the spooler puts onto ++ the filter's command line (options "-w": text width, "-l": text ++ length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, ++ "-n": user name, "-h": host name) */ ++ if ((str = arglist_get_value(arglist, "-h"))) { ++ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) ++ spooler = SPOOLER_LPD; ++ strncpy(job->host, str, 127); ++ job->host[127] = '\0'; ++ arglist_remove(arglist, "-h"); ++ } ++ if ((str = arglist_get_value(arglist, "-n"))) { + if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) + spooler = SPOOLER_LPD; +- } +- /* LPRng delivers the option settings via the "-Z" argument */ +- if ((str = arglist_get_value(arglist, "-Z"))) { +- spooler = SPOOLER_LPRNG; +- dstrcatf(job->optstr, "%s ", str); +- arglist_remove(arglist, "-Z"); +- } +- /* Job title and options for stock LPD */ +- if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) { +- strncpy_omit(job->title, str, 128, omit_shellescapes); +- if (spooler == SPOOLER_LPD) +- dstrcatf(job->optstr, "%s ", job->title); +- if (!arglist_remove(arglist, "-j")) +- arglist_remove(arglist, "-J"); +- } +- /* Check for CPS */ +- if (arglist_remove_flag(arglist, "--cps") > 0) +- spooler = SPOOLER_CPS; +- +- /* Options for spooler-less printing, CPS, or PDQ */ +- while ((str = arglist_get_value(arglist, "-o"))) { +- strncpy_omit(tmp, str, 1024, omit_shellescapes); +- dstrcatf(job->optstr, "%s ", tmp); +- arglist_remove(arglist, "-o"); +- /* If we don't print as PPR RIP or as CPS filter, we print +- without spooler (we check for PDQ later) */ +- if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS) +- spooler = SPOOLER_DIRECT; +- } +- +- /* Printer for spooler-less printing or PDQ */ +- if ((str = arglist_get_value(arglist, "-d"))) { +- strncpy_omit(job->printer, str, 256, omit_shellescapes); +- arglist_remove(arglist, "-d"); +- } +- +- /* Printer for spooler-less printing, PDQ, or LPRng */ +- if ((str = arglist_get_value(arglist, "-P"))) { +- strncpy_omit(job->printer, str, 256, omit_shellescapes); +- arglist_remove(arglist, "-P"); +- } +- +- /* Were we called from a PDQ wrapper? */ +- if (arglist_remove_flag(arglist, "--pdq")) +- spooler = SPOOLER_PDQ; + +- /* Were we called to build the PDQ driver declaration file? */ +- genpdqfile = check_pdq_file(arglist); +- if (genpdqfile) +- spooler = SPOOLER_PDQ; ++ strncpy(job->user, str, 127); ++ job->user[127] = '\0'; ++ arglist_remove(arglist, "-n"); ++ } ++ if (arglist_remove(arglist, "-w") || ++ arglist_remove(arglist, "-l") || ++ arglist_remove(arglist, "-x") || ++ arglist_remove(arglist, "-y") || ++ arglist_remove(arglist, "-i") || ++ arglist_remove_flag(arglist, "-c")) { ++ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG) ++ spooler = SPOOLER_LPD; ++ } ++ /* LPRng delivers the option settings via the "-Z" argument */ ++ if ((str = arglist_get_value(arglist, "-Z"))) { ++ spooler = SPOOLER_LPRNG; ++ dstrcatf(job->optstr, "%s ", str); ++ arglist_remove(arglist, "-Z"); ++ } ++ /* Job title and options for stock LPD */ ++ if ((str = arglist_get_value(arglist, "-j")) || (str = arglist_get_value(arglist, "-J"))) { ++ strncpy_omit(job->title, str, 128, omit_shellescapes); ++ if (spooler == SPOOLER_LPD) ++ dstrcatf(job->optstr, "%s ", job->title); ++ if (!arglist_remove(arglist, "-j")) ++ arglist_remove(arglist, "-J"); ++ } ++ ++ /* Check for CPS */ ++ if (arglist_remove_flag(arglist, "--cps") > 0) ++ spooler = SPOOLER_CPS; ++ ++ /* PPD file name given via the command line ++ allow duplicates, and use the last specified one */ ++ if (spooler != SPOOLER_GNULPR && spooler != SPOOLER_LPRNG && ++ spooler != SPOOLER_LPD) { ++ while ((str = arglist_get_value(arglist, "-p"))) { ++ strncpy(job->ppdfile, str, 256); ++ arglist_remove(arglist, "-p"); ++ } ++ while ((str = arglist_get_value(arglist, "--ppd"))) { ++ strncpy(job->ppdfile, str, 256); ++ arglist_remove(arglist, "--ppd"); ++ } ++ } ++ ++ /* Options for spooler-less printing, CPS, or PDQ */ ++ while ((str = arglist_get_value(arglist, "-o"))) { ++ strncpy_omit(tmp, str, 1024, omit_shellescapes); ++ dstrcatf(job->optstr, "%s ", tmp); ++ arglist_remove(arglist, "-o"); ++ /* If we don't print as PPR RIP or as CPS filter, we print ++ without spooler (we check for PDQ later) */ ++ if (spooler != SPOOLER_PPR && spooler != SPOOLER_CPS) ++ spooler = SPOOLER_DIRECT; ++ } ++ ++ /* Printer for spooler-less printing or PDQ */ ++ if ((str = arglist_get_value(arglist, "-d"))) { ++ strncpy_omit(job->printer, str, 256, omit_shellescapes); ++ arglist_remove(arglist, "-d"); ++ } ++ ++ /* Printer for spooler-less printing, PDQ, or LPRng */ ++ if ((str = arglist_get_value(arglist, "-P"))) { ++ strncpy_omit(job->printer, str, 256, omit_shellescapes); ++ arglist_remove(arglist, "-P"); ++ } ++ ++ /* Were we called from a PDQ wrapper? */ ++ if (arglist_remove_flag(arglist, "--pdq")) ++ spooler = SPOOLER_PDQ; ++ ++ /* Were we called to build the PDQ driver declaration file? */ ++ genpdqfile = check_pdq_file(arglist); ++ if (genpdqfile) ++ spooler = SPOOLER_PDQ; ++ } + + /* spooler specific initialization */ + switch (spooler) { -- cgit v1.2.3