[cups-pk-helper] Update to 0.2.4
mkasik
mkasik at fedoraproject.org
Wed Oct 17 09:09:26 UTC 2012
commit 996ab1752eca062e6fcea128e54c41ebef2bf416
Author: Marek Kasik <mkasik at redhat.com>
Date: Wed Oct 17 11:08:47 2012 +0200
Update to 0.2.4
Resolves CVE-2012-4510
Revert stricter validation of printer names
.gitignore | 1 +
...Be-stricter-when-validating-printer-names.patch | 54 ++++++++++++++++++++
cups-pk-helper.spec | 11 +++-
sources | 2 +-
4 files changed, 65 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 50f717a..08cf220 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ cups-pk-helper-0.0.4.tar.bz2
/cups-pk-helper-0.1.3.tar.bz2
/cups-pk-helper-0.2.1.tar.bz2
/cups-pk-helper-0.2.2.tar.bz2
+/cups-pk-helper-0.2.4.tar.bz2
diff --git a/0001-Be-stricter-when-validating-printer-names.patch b/0001-Be-stricter-when-validating-printer-names.patch
new file mode 100644
index 0000000..0a6ba60
--- /dev/null
+++ b/0001-Be-stricter-when-validating-printer-names.patch
@@ -0,0 +1,54 @@
+From 7bf9cbe43ef8f648f308e4760f75c2aa6b61fa8e Mon Sep 17 00:00:00 2001
+From: Vincent Untz <vuntz at suse.com>
+Date: Tue, 27 Mar 2012 17:47:07 +0200
+Subject: [PATCH] Be stricter when validating printer names
+
+Only alphanumerical characters and the underscore are valid, and the
+name must not be longer than 127 characters. See
+http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1
+---
+ src/cups.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/src/cups.c b/src/cups.c
+index 332abbe..1b2562b 100644
+--- a/src/cups.c
++++ b/src/cups.c
+@@ -287,23 +287,25 @@ _cph_cups_is_printer_name_valid_internal (const char *name)
+ int i;
+ int len;
+
++ /* Quoting http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1:
++ *
++ * The printer name must start with any printable character except
++ * " ", "/", and "@". It can contain up to 127 letters, numbers, and
++ * the underscore (_).
++ *
++ * The first part is a bit weird, as the second part is more
++ * restrictive. So we only consider the second part. */
++
+ /* no empty string */
+ if (!name || name[0] == '\0')
+ return FALSE;
+
+ len = strlen (name);
+- /* no string that is too long; see comment at the beginning of the
+- * validation code block */
+- if (len > CPH_STR_MAXLEN)
++ if (len > 127)
+ return FALSE;
+
+- /* only printable characters, no space, no /, no # */
+ for (i = 0; i < len; i++) {
+- if (!g_ascii_isprint (name[i]))
+- return FALSE;
+- if (g_ascii_isspace (name[i]))
+- return FALSE;
+- if (name[i] == '/' || name[i] == '#')
++ if (!g_ascii_isalnum (name[i]) && name[i] != '_')
+ return FALSE;
+ }
+
+--
+1.7.12.1
+
diff --git a/cups-pk-helper.spec b/cups-pk-helper.spec
index 8dd2b05..9b0a8c0 100644
--- a/cups-pk-helper.spec
+++ b/cups-pk-helper.spec
@@ -1,6 +1,6 @@
Name: cups-pk-helper
-Version: 0.2.2
-Release: 2%{?dist}
+Version: 0.2.4
+Release: 1%{?dist}
Summary: A helper that makes system-config-printer use PolicyKit
Group: System Environment/Base
@@ -9,6 +9,7 @@ URL: http://www.vuntz.net/download/cups-pk-helper/
Source0: http://cgit.freedesktop.org/cups-pk-helper/snapshot/cups-pk-helper-%{version}.tar.bz2
Patch0: polkit_result.patch
+Patch1: 0001-Be-stricter-when-validating-printer-names.patch
BuildRequires: libtool >= 1.4.3
BuildRequires: cups-devel >= 1.2
@@ -38,6 +39,7 @@ interfaces available under control of PolicyKit.
%setup -q
%patch0 -p1 -b .polkit-result
+%patch1 -p1 -R -b .strict-names
%build
@@ -65,6 +67,11 @@ make install DESTDIR=$RPM_BUILD_ROOT
%changelog
+* Wed Oct 17 2012 Marek Kasik <mkasik at redhat.com> - 0.2.4-1
+- Update to 0.2.4
+- Resolves CVE-2012-4510
+- Revert stricter validation of printer names
+
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
diff --git a/sources b/sources
index 9c6379a..d73a36f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-848ed420884b7c528eb697047fa1ca52 cups-pk-helper-0.2.2.tar.bz2
+a039ec6ba20f85a26b2807b28968a749 cups-pk-helper-0.2.4.tar.bz2
More information about the scm-commits
mailing list