diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog index 9657e2a..10cc634 100644 --- a/net-print/cups/ChangeLog +++ b/net-print/cups/ChangeLog @@ -2,6 +2,13 @@ # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.344 2009/03/09 18:42:27 armin76 Exp $ + 18 Feb 2010; Mario Fetka + +files/cups-1.3.11-str3200.patch, + +files/cups-1.3.11-str3367-security-1.3v2.patch, + +files/cups-1.3.11-str3401-security-1.3v2-regression.patch, + cups-1.4.2-r1.ebuild: + update ebuild + 28 Jan 2010; Mario Fetka cups-1.4.2-r1.ebuild: correct dependencies diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest index bb708f2..a50581f 100644 --- a/net-print/cups/Manifest +++ b/net-print/cups/Manifest @@ -1,5 +1,8 @@ AUX cups-1.3.0-configure.patch 651 RMD160 e4c7f45d7ddc28157433bf025c7f946c7e3b6d6a SHA1 101bf1893b56640d9fa82078e29319fbbd1449c7 SHA256 d6e5e60a982a3c093c0d0f89cf865e2b4c36290f5b1e188b7bf305d210070736 AUX cups-1.3.10-str3178.patch 888 RMD160 ff061fc3500960f441c59896cdfe421d5f47f386 SHA1 fac5361b1172aba167d48988f874faa6faf1554a SHA256 e6550fad17017ac6897e6e9c70a4aafaaec5473c05a19e9e50277293cdc6aac6 +AUX cups-1.3.11-str3200.patch 1782 RMD160 6c9134d1bc90650b882e167a5ae118d0f239b7ae SHA1 adb5b0ef222ad5beb2424bcb93a3c891af6a744e SHA256 2ae6d48ce7071051120740d654787be1bba0258752f4844f55a18f8e03e062e6 +AUX cups-1.3.11-str3367-security-1.3v2.patch 12834 RMD160 e770139528cbdf918f5c9073fbea8b31f30cac0f SHA1 81825028af8021aff2e67a36d8e9aa71cbbb42f4 SHA256 d4d770ce17855293348059451909fecbcc9e968d6731ac73b8d81927e2afe134 +AUX cups-1.3.11-str3401-security-1.3v2-regression.patch 871 RMD160 bb08b55e8d61341e9eeecc8fe99ba743d38500dd SHA1 33a919f4ef5de3c780f6f35e68d096ccf8371718 SHA256 ab9f24c05a422995b9ee274f36ffa0a9a6dca4d55fde4830a31201d1e61bd756 AUX cups-1.3.7-backend-https.patch 450 RMD160 9a1ad48d2be40c89510ccc512649f0a2eb5543b0 SHA1 d3dd55fcdee47855d6b7c1443adb6c2b3d8c9cdb SHA256 060f929ae3eae5dc411ce6352a0d50c3296b013974f034fc2ad8d6bb0c81b45a AUX cups-1.3.9-CVE-2008-5286.patch 761 RMD160 7abe5d746cc2c8135e946de492b767137204345a SHA1 1e904c63e5bb2ef2e6f9792e3b2c3bcb89cdc6e8 SHA256 e85dc13164dd1c7b7fa978aeb5b6df886d9595319aab5fadde57e35d0259aee3 AUX cups-1.3.9-ldap-draft-1.patch 3443 RMD160 a8d6cdc180c7a3dc4747e91d2b0b662978d613f4 SHA1 a1ad1ebc6258044cc5068153995a5f1415904a6c SHA256 096440d1fc5f18c65338a45699648c89f43b802721f51b91428df8446d77a582 @@ -20,6 +23,6 @@ EBUILD cups-1.3.11.ebuild 8430 RMD160 24de5585670d0c815277e00080257ccb6a9c5304 S EBUILD cups-1.3.9-r1.ebuild 8724 RMD160 2fadb7b929fa65fad0aab8df9e23a59f47843424 SHA1 9c3d039bb8941370f280915dded0c2467b573509 SHA256 823b083c2c1670f3dc069c70b07d408d96e92e567822106dac4e3613ed0b1588 EBUILD cups-1.3.9-r2.ebuild 8724 RMD160 2fadb7b929fa65fad0aab8df9e23a59f47843424 SHA1 9c3d039bb8941370f280915dded0c2467b573509 SHA256 823b083c2c1670f3dc069c70b07d408d96e92e567822106dac4e3613ed0b1588 EBUILD cups-1.4.1.ebuild 5228 RMD160 4fecb94344765ca29d0f12fc624ddd11b0a44aa7 SHA1 3cea580ca9e54c72b8643f36e613ca5a1ddec9ec SHA256 cc80002f6484e01713e5a4ed250573d5d212fa348bb7baff269f47a7b24038a7 -EBUILD cups-1.4.2-r1.ebuild 5412 RMD160 0a85c253dd90880ed9bf74795072575eff23dcb1 SHA1 4fa95fb73c182260ad597d8316370cb530eb3607 SHA256 2caee054fd88f73af9569c9b6889ad9cfc90b769b2ca337bd52607fd3f1ce743 -MISC ChangeLog 51674 RMD160 9e52b58333743470de7c776a6f20bcf48065e49a SHA1 3c66791ce5e486e328813a201bc2955248af2e32 SHA256 51aedbeb481c6fb81a2cd776b7bd35d400e9c4c531cb12577cebb7187d1e7dfc +EBUILD cups-1.4.2-r1.ebuild 5418 RMD160 c855cdc6d3cb82242d62b7db011e52d2ef7619c8 SHA1 b0a18ad9c66a1f0a243cdd62319fbf93ebe5e36b SHA256 9ab2d4719b51b96af15c29649c3a6b2688be5ec865526e9d009b7d678caaa8fd +MISC ChangeLog 51915 RMD160 69eaab46d40cdfd8789cf2e291cacb60302d7373 SHA1 b722bf2b2547c8b5b7afe8cf7b64024acaaab3a4 SHA256 01597411facf096e161b0a124038d4b1ab573c7cba25f189f95a608c6a803f49 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76 diff --git a/net-print/cups/cups-1.4.2-r1.ebuild b/net-print/cups/cups-1.4.2-r1.ebuild index 9b3300b..b6c1b16 100644 --- a/net-print/cups/cups-1.4.2-r1.ebuild +++ b/net-print/cups/cups-1.4.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2-r1.ebuild,v 1.1 2009/11/30 22:00:56 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2-r1.ebuild,v 1.4 2010/02/10 19:46:08 ssuominen Exp $ EAPI="2" @@ -21,7 +21,7 @@ COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) ) dbus? ( sys-apps/dbus ) gnutls? ( net-libs/gnutls ) java? ( >=virtual/jre-1.4 ) - jpeg? ( >=media-libs/jpeg-6b ) + jpeg? ( >=media-libs/jpeg-6b:0 ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( virtual/pam ) @@ -34,9 +34,9 @@ COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) ) tiff? ( >=media-libs/tiff-3.5.5 ) xinetd? ( sys-apps/xinetd ) app-text/libpaper - virtual/poppler-utils dev-libs/libgcrypt dev-libs/libusb + >=app-text/poppler-0.12.3-r3[utils] !net-print/cupsddk" DEPEND="${COMMON_DEPEND}" @@ -76,8 +76,8 @@ src_prepare() { # upstream bug STR #3200 epatch "${FILESDIR}/${PN}-1.4.2-str3200.patch" - # use the ldap schema of the ldap draft - epatch "${FILESDIR}/${PN}-1.4.1-ldap-draft-1.patch" + # use the ldap schema of the ldap draft + epatch "${FILESDIR}/${PN}-1.4.1-ldap-draft-1.patch" } src_configure() { diff --git a/net-print/cups/files/cups-1.3.11-str3200.patch b/net-print/cups/files/cups-1.3.11-str3200.patch new file mode 100644 index 0000000..84cdbd2 --- /dev/null +++ b/net-print/cups/files/cups-1.3.11-str3200.patch @@ -0,0 +1,39 @@ +diff -up cups-1.3.7/scheduler/select.c.CVE-2009-3553 cups-1.3.7/scheduler/select.c +--- cups-1.3.7/scheduler/select.c.CVE-2009-3553 2007-11-30 19:29:50.000000000 +0000 ++++ cups-1.3.7/scheduler/select.c 2009-11-11 16:36:07.223893886 +0000 +@@ -477,7 +477,7 @@ cupsdDoSelect(long timeout) /* I - Time + (*(fdptr->read_cb))(fdptr->data); + } + +- if (fdptr->write_cb && event->filter == EVFILT_WRITE) ++ if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...", + fdptr->fd); +@@ -537,7 +537,7 @@ cupsdDoSelect(long timeout) /* I - Time + (*(fdptr->read_cb))(fdptr->data); + } + +- if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP))) ++ if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP))) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...", + fdptr->fd); +@@ -649,7 +649,7 @@ cupsdDoSelect(long timeout) /* I - Time + (*(fdptr->read_cb))(fdptr->data); + } + +- if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP))) ++ if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP))) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...", + fdptr->fd); +@@ -719,7 +719,7 @@ cupsdDoSelect(long timeout) /* I - Time + (*(fdptr->read_cb))(fdptr->data); + } + +- if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output)) ++ if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output)) + { + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...", + fdptr->fd); diff --git a/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch b/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch new file mode 100644 index 0000000..8fe6b17 --- /dev/null +++ b/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch @@ -0,0 +1,435 @@ +Index: cgi-bin/printers.c +=================================================================== +--- cgi-bin/printers.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/printers.c (.../branches/leopard/cups) (revision 1707) +@@ -72,6 +72,7 @@ + */ + + cgiSetVariable("SECTION", "printers"); ++ cgiSetVariable("REFRESH_PAGE", ""); + + /* + * See if we are displaying a printer or all printers... +Index: cgi-bin/cgi.h +=================================================================== +--- cgi-bin/cgi.h (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/cgi.h (.../branches/leopard/cups) (revision 1707) +@@ -54,6 +54,7 @@ + extern void cgiAbort(const char *title, const char *stylesheet, + const char *format, ...); + extern int cgiCheckVariables(const char *names); ++extern void cgiClearVariables(void); + extern void *cgiCompileSearch(const char *query); + extern void cgiCopyTemplateFile(FILE *out, const char *tmpl); + extern void cgiCopyTemplateLang(const char *tmpl); +Index: cgi-bin/template.c +=================================================================== +--- cgi-bin/template.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/template.c (.../branches/leopard/cups) (revision 1707) +@@ -639,6 +639,8 @@ + fputs(">", out); + else if (*s == '\"') + fputs(""", out); ++ else if (*s == '\'') ++ fputs("'", out); + else if (*s == '&') + fputs("&", out); + else +@@ -659,7 +661,7 @@ + { + while (*s) + { +- if (strchr("%&+ <>#=", *s) || *s & 128) ++ if (strchr("%@&+ <>#=", *s) || *s < ' ' || *s & 128) + fprintf(out, "%%%02X", *s & 255); + else + putc(*s, out); +Index: cgi-bin/ipp-var.c +=================================================================== +--- cgi-bin/ipp-var.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/ipp-var.c (.../branches/leopard/cups) (revision 1707) +@@ -1220,7 +1220,9 @@ + int ascending, /* Order of jobs (0 = descending) */ + first, /* First job to show */ + count; /* Number of jobs */ +- const char *var; /* Form variable */ ++ const char *var, /* Form variable */ ++ *query, /* Query string */ ++ *section; /* Section in web interface */ + void *search; /* Search data */ + char url[1024], /* URL for prev/next/this */ + *urlptr, /* Position in URL */ +@@ -1265,10 +1267,13 @@ + * Get a list of matching job objects. + */ + +- if ((var = cgiGetVariable("QUERY")) != NULL) +- search = cgiCompileSearch(var); ++ if ((query = cgiGetVariable("QUERY")) != NULL) ++ search = cgiCompileSearch(query); + else ++ { ++ query = NULL; + search = NULL; ++ } + + jobs = cgiGetIPPObjects(response, search); + count = cupsArrayCount(jobs); +@@ -1293,17 +1298,28 @@ + if (first < 0) + first = 0; + +- sprintf(url, "%d", count); +- cgiSetVariable("TOTAL", url); +- + if ((var = cgiGetVariable("ORDER")) != NULL) + ascending = !strcasecmp(var, "asc"); + else +- { + ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed"); +- cgiSetVariable("ORDER", ascending ? "asc" : "dec"); +- } + ++ section = cgiGetVariable("SECTION"); ++ ++ cgiClearVariables(); ++ ++ if (query) ++ cgiSetVariable("QUERY", query); ++ ++ cgiSetVariable("ORDER", ascending ? "asc" : "dec"); ++ ++ cgiSetVariable("SECTION", section); ++ ++ sprintf(url, "%d", count); ++ cgiSetVariable("TOTAL", url); ++ ++ if (which_jobs) ++ cgiSetVariable("WHICH_JOBS", which_jobs); ++ + if (ascending) + { + for (i = 0, job = (ipp_attribute_t *)cupsArrayIndex(jobs, first); +@@ -1325,11 +1341,10 @@ + + urlend = url + sizeof(url); + +- if ((var = cgiGetVariable("QUERY")) != NULL) ++ if (query != NULL) + { + if (dest) +- snprintf(url, sizeof(url), "/%s/%s?QUERY=", cgiGetVariable("SECTION"), +- dest); ++ snprintf(url, sizeof(url), "/%s/%s?QUERY=", section, dest); + else + strlcpy(url, "/jobs/?QUERY=", sizeof(url)); + +@@ -1344,7 +1359,7 @@ + else + { + if (dest) +- snprintf(url, sizeof(url), "/%s/%s?", cgiGetVariable("SECTION"), dest); ++ snprintf(url, sizeof(url), "/%s/%s?", section, dest); + else + strlcpy(url, "/jobs/?", sizeof(url)); + +Index: cgi-bin/admin.c +=================================================================== +--- cgi-bin/admin.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/admin.c (.../branches/leopard/cups) (revision 1707) +@@ -104,6 +104,7 @@ + */ + + cgiSetVariable("SECTION", "admin"); ++ cgiSetVariable("REFRESH_PAGE", ""); + + /* + * See if we have form data... +@@ -134,16 +135,61 @@ + + + if (getenv("HTTPS")) +- snprintf(prefix, sizeof(prefix), "https://%s:%s", +- getenv("SERVER_NAME"), getenv("SERVER_PORT")); ++ snprintf(prefix, sizeof(prefix), "https://%s:%s", ++ getenv("SERVER_NAME"), getenv("SERVER_PORT")); + else +- snprintf(prefix, sizeof(prefix), "http://%s:%s", +- getenv("SERVER_NAME"), getenv("SERVER_PORT")); ++ snprintf(prefix, sizeof(prefix), "http://%s:%s", ++ getenv("SERVER_NAME"), getenv("SERVER_PORT")); + ++ fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix); ++ + if ((url = cgiGetVariable("URL")) != NULL) +- printf("Location: %s%s\n\n", prefix, url); ++ { ++ char encoded[1024], /* Encoded URL string */ ++ *ptr; /* Pointer into encoded string */ ++ ++ ++ ptr = encoded; ++ if (*url != '/') ++ *ptr++ = '/'; ++ ++ for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++) ++ { ++ if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128) ++ { ++ /* ++ * Percent-encode this character; safe because we have at least 4 ++ * bytes left in the array... ++ */ ++ ++ sprintf(ptr, "%%%02X", *url & 255); ++ ptr += 3; ++ } ++ else ++ *ptr++ = *url; ++ } ++ ++ *ptr = '\0'; ++ ++ if (*url) ++ { ++ /* ++ * URL was too long, just redirect to the admin page... ++ */ ++ ++ printf("Location: %s/admin\n\n", prefix); ++ } ++ else ++ { ++ /* ++ * URL is OK, redirect there... ++ */ ++ ++ printf("Location: %s%s\n\n", prefix, encoded); ++ } ++ } + else +- printf("Location: %s/admin\n\n", prefix); ++ printf("Location: %s/admin\n\n", prefix); + } + else if (!strcmp(op, "start-printer")) + do_printer_op(http, IPP_RESUME_PRINTER, cgiText(_("Start Printer"))); +@@ -293,6 +339,31 @@ + * and classes and (re)show the add page... + */ + ++ if (cgiGetVariable("EVENT_JOB_CREATED")) ++ cgiSetVariable("EVENT_JOB_CREATED", "CHECKED"); ++ if (cgiGetVariable("EVENT_JOB_COMPLETED")) ++ cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED"); ++ if (cgiGetVariable("EVENT_JOB_STOPPED")) ++ cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED"); ++ if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED")) ++ cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED"); ++ if (cgiGetVariable("EVENT_PRINTER_STOPPED")) ++ cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED"); ++ if (cgiGetVariable("EVENT_PRINTER_ADDED")) ++ cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED"); ++ if (cgiGetVariable("EVENT_PRINTER_MODIFIED")) ++ cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED"); ++ if (cgiGetVariable("EVENT_PRINTER_DELETED")) ++ cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED"); ++ if (cgiGetVariable("EVENT_SERVER_STARTED")) ++ cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED"); ++ if (cgiGetVariable("EVENT_SERVER_STOPPED")) ++ cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED"); ++ if (cgiGetVariable("EVENT_SERVER_RESTARTED")) ++ cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED"); ++ if (cgiGetVariable("EVENT_SERVER_AUDIT")) ++ cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED"); ++ + request = ippNewRequest(CUPS_GET_PRINTERS); + response = cupsDoRequest(http, request, "/"); + +@@ -450,6 +521,10 @@ + * Do the request and get back a response... + */ + ++ cgiClearVariables(); ++ if (name) ++ cgiSetVariable("PRINTER_NAME", name); ++ + if ((response = cupsDoRequest(http, request, "/")) != NULL) + { + /* +@@ -2336,7 +2411,9 @@ + if ((val = cupsGetOption("DefaultAuthType", num_settings, + settings)) != NULL && !strcasecmp(val, "Negotiate")) + cgiSetVariable("KERBEROS", "CHECKED"); ++ else + #endif /* HAVE_GSSAPI */ ++ cgiSetVariable("KERBEROS", ""); + + cupsFreeOptions(num_settings, settings); + +Index: cgi-bin/help.c +=================================================================== +--- cgi-bin/help.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/help.c (.../branches/leopard/cups) (revision 1707) +@@ -63,6 +63,7 @@ + */ + + cgiSetVariable("SECTION", "help"); ++ cgiSetVariable("REFRESH_PAGE", ""); + + /* + * Load the help index... +@@ -102,7 +103,7 @@ + */ + + for (i = 0; i < argc; i ++) +- fprintf(stderr, "argv[%d]=\"%s\"\n", i, argv[i]); ++ fprintf(stderr, "DEBUG: argv[%d]=\"%s\"\n", i, argv[i]); + + if ((helpfile = getenv("PATH_INFO")) != NULL) + { +@@ -179,6 +180,12 @@ + topic = cgiGetVariable("TOPIC"); + si = helpSearchIndex(hi, query, topic, helpfile); + ++ cgiClearVariables(); ++ if (query) ++ cgiSetVariable("QUERY", query); ++ if (topic) ++ cgiSetVariable("TOPIC", topic); ++ + fprintf(stderr, "DEBUG: query=\"%s\", topic=\"%s\"\n", + query ? query : "(null)", topic ? topic : "(null)"); + +Index: cgi-bin/var.c +=================================================================== +--- cgi-bin/var.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/var.c (.../branches/leopard/cups) (revision 1707) +@@ -15,6 +15,7 @@ + * Contents: + * + * cgiCheckVariables() - Check for the presence of "required" variables. ++ * cgiClearVariables() - Clear all form variables. + * cgiGetArray() - Get an element from a form array... + * cgiGetFile() - Get the file (if any) that was submitted in the form. + * cgiGetSize() - Get the size of a form array value. +@@ -135,6 +136,31 @@ + + + /* ++ * 'cgiClearVariables()' - Clear all form variables. ++ */ ++ ++void ++cgiClearVariables(void) ++{ ++ int i, j; /* Looping vars */ ++ _cgi_var_t *v; /* Current variable */ ++ ++ ++ for (v = form_vars, i = form_count; i > 0; v ++, i --) ++ { ++ _cupsStrFree(v->name); ++ for (j = 0; j < v->nvalues; j ++) ++ if (v->values[j]) ++ _cupsStrFree(v->values[j]); ++ } ++ ++ form_count = 0; ++ ++ cgi_unlink_file(); ++} ++ ++ ++/* + * 'cgiGetArray()' - Get an element from a form array... + */ + +@@ -154,7 +180,7 @@ + if (element < 0 || element >= var->nvalues) + return (NULL); + +- return (var->values[element]); ++ return (_cupsStrAlloc(var->values[element])); + } + + +@@ -209,7 +235,7 @@ + var->values[var->nvalues - 1]); + #endif /* DEBUG */ + +- return ((var == NULL) ? NULL : var->values[var->nvalues - 1]); ++ return ((var == NULL) ? NULL : _cupsStrAlloc(var->values[var->nvalues - 1])); + } + + +@@ -341,9 +367,9 @@ + var->nvalues = element + 1; + } + else if (var->values[element]) +- free((char *)var->values[element]); ++ _cupsStrFree((char *)var->values[element]); + +- var->values[element] = strdup(value); ++ var->values[element] = _cupsStrAlloc(value); + } + } + +@@ -388,7 +414,7 @@ + { + for (i = size; i < var->nvalues; i ++) + if (var->values[i]) +- free((void *)(var->values[i])); ++ _cupsStrFree((void *)(var->values[i])); + } + + var->nvalues = size; +@@ -421,9 +447,9 @@ + { + for (i = 0; i < var->nvalues; i ++) + if (var->values[i]) +- free((char *)var->values[i]); ++ _cupsStrFree((char *)var->values[i]); + +- var->values[0] = strdup(value); ++ var->values[0] = _cupsStrAlloc(value); + var->nvalues = 1; + } + } +@@ -470,10 +496,10 @@ + if ((var->values = calloc(element + 1, sizeof(char *))) == NULL) + return; + +- var->name = strdup(name); ++ var->name = _cupsStrAlloc(name); + var->nvalues = element + 1; + var->avalues = element + 1; +- var->values[element] = strdup(value); ++ var->values[element] = _cupsStrAlloc(value); + + form_count ++; + } +Index: cgi-bin/jobs.c +=================================================================== +--- cgi-bin/jobs.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/jobs.c (.../branches/leopard/cups) (revision 1707) +@@ -57,6 +57,7 @@ + */ + + cgiSetVariable("SECTION", "jobs"); ++ cgiSetVariable("REFRESH_PAGE", ""); + + /* + * Connect to the HTTP server... +Index: cgi-bin/classes.c +=================================================================== +--- cgi-bin/classes.c (.../easysw/current-1.3.x) (revision 1707) ++++ cgi-bin/classes.c (.../branches/leopard/cups) (revision 1707) +@@ -69,6 +69,7 @@ + */ + + cgiSetVariable("SECTION", "classes"); ++ cgiSetVariable("REFRESH_PAGE", ""); + + /* + * See if we are displaying a printer or all classes... + diff --git a/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch b/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch new file mode 100644 index 0000000..5f57175 --- /dev/null +++ b/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch @@ -0,0 +1,27 @@ +--- cgi-bin/admin.c.ori 2009-10-30 14:07:13.000000000 -0400 ++++ cgi-bin/admin.c 2009-10-30 14:06:54.000000000 -0400 +@@ -536,6 +536,7 @@ + ipp_attribute_t *attr; /* member-uris attribute */ + char uri[HTTP_MAX_URI]; /* Device or printer URI */ + const char *name, /* Pointer to class name */ ++ *op, /* Operation name */ + *ptr; /* Pointer to CGI variable */ + const char *title; /* Title of page */ + static const char * const pattrs[] = /* Requested printer attributes */ +@@ -547,6 +548,7 @@ + + + title = cgiText(modify ? _("Modify Class") : _("Add Class")); ++ op = cgiGetVariable("OP"); + name = cgiGetVariable("PRINTER_NAME"); + + if (cgiGetVariable("PRINTER_LOCATION") == NULL) +@@ -572,6 +574,8 @@ + */ + + cgiClearVariables(); ++ if (op) ++ cgiSetVariable("OP", op); + if (name) + cgiSetVariable("PRINTER_NAME", name); +