rpms/cups/F-8 .cvsignore, 1.40, 1.41 cups-lspp.patch, 1.32, 1.33 cups.spec, 1.397, 1.398 sources, 1.43, 1.44 cups-CVE-2008-1373.patch, 1.1, NONE cups-CVE-2008-1722.patch, 1.1, NONE cups-str2750.patch, 1.1, NONE
Tim Waugh
twaugh at fedoraproject.org
Fri Oct 10 09:19:32 UTC 2008
Author: twaugh
Update of /cvs/pkgs/rpms/cups/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11435
Modified Files:
.cvsignore cups-lspp.patch cups.spec sources
Removed Files:
cups-CVE-2008-1373.patch cups-CVE-2008-1722.patch
cups-str2750.patch
Log Message:
* Fri Oct 10 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.9-1
- 1.3.9, including fixes for CVE-2008-3639 / STR #2918,
CVE-2008-3640 / STR #2919 and CVE-2008-3641 / STR #2911
(bug #466419).
- No longer need str2750, CVE-2008-1722 or CVE-2008-1373 patches.
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/.cvsignore,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- .cvsignore 2 Apr 2008 12:10:08 -0000 1.40
+++ .cvsignore 10 Oct 2008 09:19:01 -0000 1.41
@@ -32,3 +32,4 @@
cups-1.3.5-source.tar.bz2
cups-1.3.6-source.tar.bz2
cups-1.3.7-source.tar.bz2
+cups-1.3.9-source.tar.bz2
cups-lspp.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.32 -r 1.33 cups-lspp.patch
Index: cups-lspp.patch
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/cups-lspp.patch,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- cups-lspp.patch 1 Jul 2008 11:40:24 -0000 1.32
+++ cups-lspp.patch 10 Oct 2008 09:19:01 -0000 1.33
@@ -1,5 +1,75 @@
---- cups-1.3.7/cups/cups.h.lspp 2008-02-20 00:32:58.000000000 +0000
-+++ cups-1.3.7/cups/cups.h 2008-05-30 16:59:10.000000000 +0100
+diff -up cups-1.3.9/config.h.in.lspp cups-1.3.9/config.h.in
+--- cups-1.3.9/config.h.in.lspp 2008-09-06 01:30:39.000000000 +0100
++++ cups-1.3.9/config.h.in 2008-10-10 09:49:48.000000000 +0100
+@@ -544,6 +544,13 @@
+ #undef HAVE_REMOVEFILE
+
+
++/*
++ * Are we trying to meet LSPP requirements?
++ */
++
++#undef WITH_LSPP
++
++
+ #endif /* !_CUPS_CONFIG_H_ */
+
+ /*
+diff -up /dev/null cups-1.3.9/config-scripts/cups-lspp.m4
+--- /dev/null 2008-10-10 08:24:20.441188188 +0100
++++ cups-1.3.9/config-scripts/cups-lspp.m4 2008-10-10 09:49:48.000000000 +0100
+@@ -0,0 +1,36 @@
++dnl
++dnl LSPP code for the Common UNIX Printing System (CUPS).
++dnl
++dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
++dnl
++dnl This program is free software; you can redistribute it and/or modify
++dnl it under the terms of the GNU General Public License as published by
++dnl the Free Software Foundation; version 2.
++dnl
++dnl This program is distributed in the hope that it will be useful, but
++dnl WITHOUT ANY WARRANTY; without even the implied warranty of
++dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++dnl General Public License for more details.
++dnl
++dnl You should have received a copy of the GNU General Public License
++dnl along with this program; if not, write to the Free Software Foundation,
++dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
++dnl
++
++dnl Are we trying to meet LSPP requirements
++AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
++
++if test x"$enable_lspp" != xno; then
++ case "$uname" in
++ Linux)
++ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
++ AC_CHECK_HEADER(libaudit.h)
++ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
++ AC_CHECK_HEADER(selinux/selinux.h)
++ AC_DEFINE(WITH_LSPP)
++ ;;
++ *)
++ # All others
++ ;;
++ esac
++fi
+diff -up cups-1.3.9/configure.in.lspp cups-1.3.9/configure.in
+--- cups-1.3.9/configure.in.lspp 2007-07-25 00:47:12.000000000 +0100
++++ cups-1.3.9/configure.in 2008-10-10 09:49:48.000000000 +0100
+@@ -42,6 +42,8 @@ sinclude(config-scripts/cups-pap.m4)
+ sinclude(config-scripts/cups-pdf.m4)
+ sinclude(config-scripts/cups-scripting.m4)
+
++sinclude(config-scripts/cups-lspp.m4)
++
+ INSTALL_LANGUAGES=""
+ UNINSTALL_LANGUAGES=""
+ LANGFILES=""
+diff -up cups-1.3.9/cups/cups.h.lspp cups-1.3.9/cups/cups.h
+--- cups-1.3.9/cups/cups.h.lspp 2008-07-23 01:06:46.000000000 +0100
++++ cups-1.3.9/cups/cups.h 2008-10-10 09:49:48.000000000 +0100
@@ -15,6 +15,9 @@
* This file is subject to the Apple OS-Developed Software exception.
*/
@@ -23,1789 +93,554 @@
/*
* Types and structures...
*/
---- cups-1.3.7/scheduler/job.c.lspp 2008-05-30 16:59:10.000000000 +0100
-+++ cups-1.3.7/scheduler/job.c 2008-05-30 17:01:23.000000000 +0100
-@@ -60,6 +60,9 @@
- * update_job_attrs() - Update the job-printer-* attributes.
- */
+diff -up cups-1.3.9/data/Makefile.lspp cups-1.3.9/data/Makefile
+--- cups-1.3.9/data/Makefile.lspp 2008-10-10 09:49:47.000000000 +0100
++++ cups-1.3.9/data/Makefile 2008-10-10 09:49:48.000000000 +0100
+@@ -25,7 +25,10 @@ BANNERS = \
+ secret \
+ standard \
+ topsecret \
+- unclassified
++ unclassified \
++ selinux \
++ mls \
++ te
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+ CHARMAPS = \
+ euc-cn.txt \
+diff -up /dev/null cups-1.3.9/data/mls
+--- /dev/null 2008-10-10 08:24:20.441188188 +0100
++++ cups-1.3.9/data/mls 2008-10-10 09:49:48.000000000 +0100
+@@ -0,0 +1,261 @@
++%!PS-Adobe-3.0
++%%BoundingBox: 0 0 612 792
++%%Pages: 1
++%%LanguageLevel: 1
++%%DocumentData: Clean7Bit
++%%DocumentSuppliedResources: procset bannerprint/1.0
++%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
++%%Creator: Michael Sweet, Easy Software Products
++%%CreationDate: May 10, 2000
++%%Title: Test Page
++%%EndComments
++%%BeginProlog
++%%BeginResource procset bannerprint 1.1 0
++%
++% PostScript banner page for the Common UNIX Printing System ("CUPS").
++%
++% Copyright 1993-2005 by Easy Software Products
++%
++% These coded instructions, statements, and computer programs are the
++% property of Easy Software Products and are protected by Federal
++% copyright law. Distribution and use rights are outlined in the file
++% "LICENSE.txt" which should have been included with this file. If this
++% file is missing or damaged please contact Easy Software Products
++% at:
++%
++% Attn: CUPS Licensing Information
++% Easy Software Products
++% 44141 Airport View Drive, Suite 204
++% Hollywood, Maryland 20636 USA
++%
++% Voice: (301) 373-9600
++% EMail: cups-info at cups.org
++% WWW: http://www.cups.org
++%
++/CENTER { % Draw centered text
++ % (name) CENTER -
++ dup stringwidth pop % Get the width of the string
++ 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
++ show % Show the string
++} bind def
++/RIGHT { % Draw right-justified text
++ % (name) RIGHT -
++ dup stringwidth pop % Get the width of the string
++ neg 0 rmoveto % Shift left the entire distance
++ show % Show the string
++} bind def
++/NUMBER { % Draw a number
++ % power n NUMBER -
++ 1 index 1 eq { % power == 1?
++ round cvi exch pop % Convert "n" to integer
++ } {
++ 1 index mul round exch div % Truncate extra decimal places
++ } ifelse
++ 100 string cvs show % Convert to a string and show it...
++} bind def
++/CUPSLOGO { % Draw the CUPS logo
++ % height CUPSLOGO
++ % Start with a big C...
++ /Helvetica findfont 1 index scalefont setfont
++ 0 setgray
++ 0 0 moveto
++ (C) show
+
- /*
- * Include necessary headers...
- */
-@@ -69,6 +72,14 @@
- #include <cups/backend.h>
- #include <cups/dir.h>
-
-+#ifdef WITH_LSPP
-+#include <libaudit.h>
-+#include <selinux/selinux.h>
-+#include <selinux/context.h>
-+#include <selinux/avc.h>
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Local globals...
-@@ -1100,6 +1111,23 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
- return;
- }
[...4313 lines suppressed...]
+ */
+
++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
-+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
-+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
-+ pageHeight 5 mul add % y += 2 lines
-+ 2 copy % Copy X & Y
-+ moveto
-+ (Job ID: ) RIGHT
-+ moveto
-+ ({printer-name}-{job-id}) show
+ /*
+ * Include necessary headers...
+ */
+@@ -73,6 +75,9 @@
+ # include <dlfcn.h>
+ #endif /* __APPLE__ && HAVE_DLFCN_H */
+
++#ifdef WITH_LSPP
++# include <libaudit.h>
++#endif /* WITH_LSPP */
+
+ /*
+ * Local functions...
+@@ -154,6 +159,9 @@ main(int argc, /* I - Number of comm
+ int launchd_idle_exit;
+ /* Idle exit on select timeout? */
+ #endif /* HAVE_LAUNCHD */
++#if WITH_LSPP
++ auditfail_t failmode; /* Action for audit_open failure */
++#endif /* WITH_LSPP */
+
+
+ #ifdef HAVE_GETEUID
+@@ -413,6 +421,25 @@ main(int argc, /* I - Number of comm
+ #endif /* DEBUG */
+ }
+
++#ifdef WITH_LSPP
++ if ((AuditLog = audit_open()) < 0 )
++ {
++ if (get_auditfail_action(&failmode) == 0)
++ {
++ if (failmode == FAIL_LOG)
++ {
++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
++ AuditLog = -1;
++ }
++ else if (failmode == FAIL_TERMINATE)
++ {
++ fprintf(stderr, "cupsd: unable to start auditing, terminating");
++ return -1;
++ }
++ }
++ }
++#endif /* WITH_LSPP */
+
-+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
-+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
-+ pageHeight 2 mul add % y += 1 line
-+ 2 copy % Copy X & Y
-+ moveto
-+ (Title: ) RIGHT
-+ moveto
-+ ({job-name}) show
+ /*
+ * Set the timezone info...
+ */
+@@ -1192,6 +1219,11 @@ main(int argc, /* I - Number of comm
+
+ cupsdStopSelect();
+
++#ifdef WITH_LSPP
++ if (AuditLog != -1)
++ audit_close(AuditLog);
++#endif /* WITH_LSPP */
+
-+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
-+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
-+ pageHeight -1 mul add % y -= 1 line
-+ 2 copy % Copy X & Y
-+ moveto
-+ (Requesting User: ) RIGHT
-+ moveto
-+ ({job-originating-user-name}) show
+ return (!stop_scheduler);
+ }
+
+diff -up cups-1.3.9/scheduler/printers.c.lspp cups-1.3.9/scheduler/printers.c
+--- cups-1.3.9/scheduler/printers.c.lspp 2008-10-10 09:49:47.000000000 +0100
++++ cups-1.3.9/scheduler/printers.c 2008-10-10 09:49:48.000000000 +0100
+@@ -51,6 +51,8 @@
+ * printing desktop tools.
+ */
+
++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
-+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
-+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
-+ pageHeight -4 mul add % y -= 2 lines
-+ 2 copy % Copy X & Y
-+ moveto
-+ (Billing Info: ) RIGHT
-+ moveto
-+ ({?job-billing}) show
+ /*
+ * Include necessary headers...
+ */
+@@ -74,6 +76,10 @@ static void write_irix_config(cupsd_prin
+ static void write_irix_state(cupsd_printer_t *p);
+ #endif /* __sgi */
+
++#ifdef WITH_LSPP
++# include <libaudit.h>
++# include <selinux/context.h>
++#endif /* WITH_LSPP */
+
+ /*
+ * 'cupsdAddPrinter()' - Add a printer to the system.
+@@ -1846,6 +1852,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
+ { /* No authentication */
+ "none"
+ };
++#ifdef WITH_LSPP
++ char *audit_message; /* Audit message string */
++ char *printerfile; /* Path to a local printer dev */
++ char *rangestr; /* Printer's range if its available */
++ security_context_t devcon; /* Printer SELinux context */
++ context_t printercon; /* context_t for the printer */
++#endif /* WITH_LSPP */
+
+
+ DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
+@@ -1995,6 +2008,44 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
+ attr->values[1].string.text = _cupsStrAlloc(Classification ?
+ Classification : p->job_sheets[1]);
+ }
++#ifdef WITH_LSPP
++ if (AuditLog != -1)
++ {
++ char uri[HTTP_MAX_URI];
++ audit_message = NULL;
++ rangestr = NULL;
++ printercon = 0;
++ printerfile = strstr(p->device_uri, "/dev/");
++ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
++ printerfile = strdup(p->device_uri + strlen("file:/"));
+
-+ % Then the CUPS logo....
-+ gsave
-+ pageWidth 4 mul
-+ pageWidth 6 mul
-+ translate
-+ pageWidth 9 mul CUPSLOGO
-+ grestore
++ if (printerfile != NULL)
++ {
++ if (getfilecon(printerfile, &devcon) == -1)
++ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdSetPrinterAttrs: Unable to get printer context");
++ else
++ {
++ printercon = context_new(devcon);
++ freecon(devcon);
++ }
++ }
+
-+ % And the ESP logo....
-+ gsave
-+ pageWidth 59 mul
-+ pageWidth 6 mul
-+ translate
-+ pageWidth 6 mul ESPLOGO
-+ grestore
-+% Show the page...
-+grestore
-+showpage
-+%
-+% End of "$Id$".
-+%
-+%%EOF
++ if (printercon && context_range_get(printercon))
++ rangestr = strdup(context_range_get(printercon));
++ else
++ rangestr = strdup("unknown");
++
++ cupsdSanitizeURI(p->device_uri, uri, sizeof(uri));
++ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
++ p->name, uri, p->job_sheets[0], p->job_sheets[1], rangestr);
++ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
++ ServerName, NULL, NULL, 1);
++ if (printercon)
++ context_free(printercon);
++ free(rangestr);
++ cupsdClearString(&audit_message);
++ }
++#endif /* WITH_LSPP */
+ }
+
+ p->raw = 0;
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/cups.spec,v
retrieving revision 1.397
retrieving revision 1.398
diff -u -r1.397 -r1.398
--- cups.spec 1 Jul 2008 11:40:24 -0000 1.397
+++ cups.spec 10 Oct 2008 09:19:01 -0000 1.398
@@ -5,8 +5,8 @@
Summary: Common Unix Printing System
Name: cups
-Version: 1.3.7
-Release: 4%{?dist}
+Version: 1.3.9
+Release: 1%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}-source.tar.bz2
@@ -41,14 +41,11 @@
Patch15: cups-undo-str2537.patch
Patch16: cups-pid.patch
Patch17: cups-foomatic-recommended.patch
-Patch18: cups-str2750.patch
Patch19: cups-eggcups.patch
Patch20: cups-getpass.patch
Patch21: cups-driverd-timeout.patch
Patch22: cups-strict-ppd-line-length.patch
Patch25: cups-usb-paperout.patch
-Patch29: cups-CVE-2008-1373.patch
-Patch30: cups-CVE-2008-1722.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -157,14 +154,11 @@
%patch15 -p1 -b .undo-str2537
%patch16 -p1 -b .pid
%patch17 -p1 -b .foomatic-recommended
-%patch18 -p1 -b .str2750
%patch19 -p1 -b .eggcups
%patch20 -p1 -b .getpass
%patch21 -p1 -b .driverd-timeout
%patch22 -p1 -b .strict-ppd-line-length
%patch25 -p1 -b .usb-paperout
-%patch29 -p1 -b .CVE-2008-1373
-%patch30 -p1 -b .CVE-2008-1722
%if %lspp
%patch100 -p1 -b .lspp
@@ -388,6 +382,7 @@
%{_docdir}/cups-%{version}/et
%{_docdir}/cups-%{version}/fr
%{_docdir}/cups-%{version}/he
+%{_docdir}/cups-%{version}/id
%{_docdir}/cups-%{version}/it
%{_docdir}/cups-%{version}/ja
%{_docdir}/cups-%{version}/pl
@@ -457,6 +452,12 @@
%{cups_serverbin}/daemon/cups-lpd
%changelog
+* Fri Oct 10 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.9-1
+- 1.3.9, including fixes for CVE-2008-3639 / STR #2918,
+ CVE-2008-3640 / STR #2919 and CVE-2008-3641 / STR #2911
+ (bug #466419).
+- No longer need str2750, CVE-2008-1722 or CVE-2008-1373 patches.
+
* Tue Jul 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-4
- Fixed bug #447200 again.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/sources,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- sources 2 Apr 2008 12:10:08 -0000 1.43
+++ sources 10 Oct 2008 09:19:01 -0000 1.44
@@ -1,2 +1,2 @@
b0bb017098e8e76b8a25e666c41ce540 postscript.ppd.gz
-db4a45a17104f10f3ee599d88267c9e5 cups-1.3.7-source.tar.bz2
+cf63f451c356e6cabb08972d4d11c365 cups-1.3.9-source.tar.bz2
--- cups-CVE-2008-1373.patch DELETED ---
--- cups-CVE-2008-1722.patch DELETED ---
--- cups-str2750.patch DELETED ---
More information about the scm-commits
mailing list