[cups/f17] Applied additional upstream patch for CVE-2012-5519.
Tim Waugh
twaugh at fedoraproject.org
Mon Dec 3 12:40:15 UTC 2012
commit 411c9276c817b8621697180bd06ca0f8c912f48f
Author: Tim Waugh <twaugh at redhat.com>
Date: Mon Dec 3 11:46:35 2012 +0000
Applied additional upstream patch for CVE-2012-5519.
Now the RemoteRoot keyword is recognised in the correct configuration
file.
cups-str4223.patch | 176 +++++++++++++++++++++++++++-------------------------
cups.spec | 8 ++-
2 files changed, 97 insertions(+), 87 deletions(-)
---
diff --git a/cups-str4223.patch b/cups-str4223.patch
index 4fb0e78..6dd221b 100644
--- a/cups-str4223.patch
+++ b/cups-str4223.patch
@@ -1,6 +1,6 @@
diff -up cups-1.5.4/conf/cupsd.conf.in.str4223 cups-1.5.4/conf/cupsd.conf.in
--- cups-1.5.4/conf/cupsd.conf.in.str4223 2010-12-09 21:24:51.000000000 +0000
-+++ cups-1.5.4/conf/cupsd.conf.in 2012-12-03 09:16:12.201899058 +0000
++++ cups-1.5.4/conf/cupsd.conf.in 2012-12-03 11:48:30.828187118 +0000
@@ -9,10 +9,6 @@
# for troubleshooting...
LogLevel @CUPS_LOG_LEVEL@
@@ -13,8 +13,8 @@ diff -up cups-1.5.4/conf/cupsd.conf.in.str4223 cups-1.5.4/conf/cupsd.conf.in
Listen localhost:@DEFAULT_IPP_PORT@
@CUPS_LISTEN_DOMAINSOCKET@
diff -up cups-1.5.4/conf/cups-files.conf.in.str4223 cups-1.5.4/conf/cups-files.conf.in
---- cups-1.5.4/conf/cups-files.conf.in.str4223 2012-12-03 09:16:12.201899058 +0000
-+++ cups-1.5.4/conf/cups-files.conf.in 2012-12-03 09:16:12.201899058 +0000
+--- cups-1.5.4/conf/cups-files.conf.in.str4223 2012-12-03 11:48:30.829187121 +0000
++++ cups-1.5.4/conf/cups-files.conf.in 2012-12-03 11:59:23.780869579 +0000
@@ -0,0 +1,98 @@
+#
+# "$Id$"
@@ -57,7 +57,7 @@ diff -up cups-1.5.4/conf/cups-files.conf.in.str4223 cups-1.5.4/conf/cups-files.c
+#DataDir @CUPS_DATADIR@
+
+# Location of the static web content served by the scheduler...
-+#DocRoot @CUPS_DOCROOT@
++#DocumentRoot @CUPS_DOCROOT@
+
+# Location of the file logging all messages produced by the scheduler and any
+# helper programs; may be the name "syslog". If not an absolute path, the value
@@ -116,7 +116,7 @@ diff -up cups-1.5.4/conf/cups-files.conf.in.str4223 cups-1.5.4/conf/cups-files.c
+#
diff -up cups-1.5.4/config-scripts/cups-defaults.m4.str4223 cups-1.5.4/config-scripts/cups-defaults.m4
--- cups-1.5.4/config-scripts/cups-defaults.m4.str4223 2011-05-06 23:53:53.000000000 +0100
-+++ cups-1.5.4/config-scripts/cups-defaults.m4 2012-12-03 09:16:12.202899063 +0000
++++ cups-1.5.4/config-scripts/cups-defaults.m4 2012-12-03 11:48:30.829187121 +0000
@@ -367,6 +367,7 @@ else
fi
@@ -134,8 +134,8 @@ diff -up cups-1.5.4/config-scripts/cups-defaults.m4.str4223 cups-1.5.4/config-sc
dnl Default MaxCopies value...
AC_ARG_WITH(max-copies, [ --with-max-copies set default max copies value, default=9999 ],
diff -up cups-1.5.4/config-scripts/cups-ssl.m4.str4223 cups-1.5.4/config-scripts/cups-ssl.m4
---- cups-1.5.4/config-scripts/cups-ssl.m4.str4223 2012-12-03 09:16:12.060898353 +0000
-+++ cups-1.5.4/config-scripts/cups-ssl.m4 2012-12-03 09:16:12.202899063 +0000
+--- cups-1.5.4/config-scripts/cups-ssl.m4.str4223 2012-12-03 11:48:30.678186620 +0000
++++ cups-1.5.4/config-scripts/cups-ssl.m4 2012-12-03 11:48:30.829187121 +0000
@@ -27,6 +27,8 @@ AC_ARG_WITH(openssl-includes, [ --with-
SSLFLAGS=""
SSLLIBS=""
@@ -183,8 +183,8 @@ diff -up cups-1.5.4/config-scripts/cups-ssl.m4.str4223 cups-1.5.4/config-scripts
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)
diff -up cups-1.5.4/configure.in.str4223 cups-1.5.4/configure.in
---- cups-1.5.4/configure.in.str4223 2012-12-03 09:16:12.169898896 +0000
-+++ cups-1.5.4/configure.in 2012-12-03 09:16:12.202899063 +0000
+--- cups-1.5.4/configure.in.str4223 2012-12-03 11:48:30.787186981 +0000
++++ cups-1.5.4/configure.in 2012-12-03 11:48:30.829187121 +0000
@@ -66,6 +66,7 @@ AC_SUBST(INSTALL_LANGUAGES)
AC_SUBST(UNINSTALL_LANGUAGES)
@@ -202,8 +202,8 @@ diff -up cups-1.5.4/configure.in.str4223 cups-1.5.4/configure.in
man/cupsaddsmb.man
man/cupsd.conf.man
diff -up cups-1.5.4/conf/Makefile.str4223 cups-1.5.4/conf/Makefile
---- cups-1.5.4/conf/Makefile.str4223 2012-12-03 09:16:12.046898282 +0000
-+++ cups-1.5.4/conf/Makefile 2012-12-03 09:16:12.202899063 +0000
+--- cups-1.5.4/conf/Makefile.str4223 2012-12-03 11:48:30.664186573 +0000
++++ cups-1.5.4/conf/Makefile 2012-12-03 11:48:30.829187121 +0000
@@ -19,7 +19,7 @@ include ../Makedefs
# Config files...
#
@@ -215,7 +215,7 @@ diff -up cups-1.5.4/conf/Makefile.str4223 cups-1.5.4/conf/Makefile
diff -up cups-1.5.4/doc/help/ref-cupsd-conf.html.in.str4223 cups-1.5.4/doc/help/ref-cupsd-conf.html.in
--- cups-1.5.4/doc/help/ref-cupsd-conf.html.in.str4223 2012-01-30 21:40:21.000000000 +0000
-+++ cups-1.5.4/doc/help/ref-cupsd-conf.html.in 2012-12-03 09:16:12.203899068 +0000
++++ cups-1.5.4/doc/help/ref-cupsd-conf.html.in 2012-12-03 11:48:30.830187124 +0000
@@ -191,82 +191,6 @@ HREF="#Location"><CODE>Location</CODE></
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>
@@ -584,8 +584,8 @@ diff -up cups-1.5.4/doc/help/ref-cupsd-conf.html.in.str4223 cups-1.5.4/doc/help/
<H3>Examples</H3>
diff -up cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 cups-1.5.4/doc/help/ref-cups-files-conf.html.in
---- cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 2012-12-03 09:16:12.203899068 +0000
-+++ cups-1.5.4/doc/help/ref-cups-files-conf.html.in 2012-12-03 09:16:12.204899072 +0000
+--- cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 2012-12-03 11:48:30.831187127 +0000
++++ cups-1.5.4/doc/help/ref-cups-files-conf.html.in 2012-12-03 11:48:30.831187127 +0000
@@ -0,0 +1,531 @@
+<HTML>
+<!-- SECTION: References -->
@@ -1120,7 +1120,7 @@ diff -up cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 cups-1.5.4/doc/
+</HTML>
diff -up cups-1.5.4/doc/Makefile.str4223 cups-1.5.4/doc/Makefile
--- cups-1.5.4/doc/Makefile.str4223 2011-01-17 05:40:28.000000000 +0000
-+++ cups-1.5.4/doc/Makefile 2012-12-03 09:16:12.204899072 +0000
++++ cups-1.5.4/doc/Makefile 2012-12-03 11:48:30.831187127 +0000
@@ -3,7 +3,7 @@
#
# Documentation makefile for CUPS.
@@ -1132,7 +1132,7 @@ diff -up cups-1.5.4/doc/Makefile.str4223 cups-1.5.4/doc/Makefile
# These coded instructions, statements, and computer programs are the
diff -up cups-1.5.4/man/cupsd.conf.man.in.str4223 cups-1.5.4/man/cupsd.conf.man.in
--- cups-1.5.4/man/cupsd.conf.man.in.str4223 2011-05-18 22:33:35.000000000 +0100
-+++ cups-1.5.4/man/cupsd.conf.man.in 2012-12-03 09:16:12.204899072 +0000
++++ cups-1.5.4/man/cupsd.conf.man.in 2012-12-03 11:48:30.832187130 +0000
@@ -12,12 +12,15 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
@@ -1397,8 +1397,8 @@ diff -up cups-1.5.4/man/cupsd.conf.man.in.str4223 cups-1.5.4/man/cupsd.conf.man.
.br
http://localhost:631/help
diff -up cups-1.5.4/man/cups-files.conf.man.in.str4223 cups-1.5.4/man/cups-files.conf.man.in
---- cups-1.5.4/man/cups-files.conf.man.in.str4223 2012-12-03 09:16:12.204899072 +0000
-+++ cups-1.5.4/man/cups-files.conf.man.in 2012-12-03 09:16:12.204899072 +0000
+--- cups-1.5.4/man/cups-files.conf.man.in.str4223 2012-12-03 11:48:30.832187130 +0000
++++ cups-1.5.4/man/cups-files.conf.man.in 2012-12-03 11:48:30.832187130 +0000
@@ -0,0 +1,146 @@
+.\"
+.\" "$Id$"
@@ -1548,7 +1548,7 @@ diff -up cups-1.5.4/man/cups-files.conf.man.in.str4223 cups-1.5.4/man/cups-files
+.\"
diff -up cups-1.5.4/man/Makefile.str4223 cups-1.5.4/man/Makefile
--- cups-1.5.4/man/Makefile.str4223 2010-06-22 22:21:37.000000000 +0100
-+++ cups-1.5.4/man/Makefile 2012-12-03 09:16:12.204899072 +0000
++++ cups-1.5.4/man/Makefile 2012-12-03 11:48:30.833187133 +0000
@@ -39,6 +39,7 @@ MAN1 = cancel.$(MAN1EXT) \
ppdpo.$(MAN1EXT)
MAN5 = classes.conf.$(MAN5EXT) \
@@ -1559,7 +1559,7 @@ diff -up cups-1.5.4/man/Makefile.str4223 cups-1.5.4/man/Makefile
ipptoolfile.$(MAN5EXT) \
diff -up cups-1.5.4/packaging/cups.list.in.str4223 cups-1.5.4/packaging/cups.list.in
--- cups-1.5.4/packaging/cups.list.in.str4223 2012-04-24 00:49:19.000000000 +0100
-+++ cups-1.5.4/packaging/cups.list.in 2012-12-03 09:16:12.204899072 +0000
++++ cups-1.5.4/packaging/cups.list.in 2012-12-03 11:48:30.833187133 +0000
@@ -588,6 +588,7 @@ d 0755 root $CUPS_GROUP $SERVERROOT/inte
d 0755 root $CUPS_GROUP $SERVERROOT/ppd -
d 0700 root $CUPS_GROUP $SERVERROOT/ssl -
@@ -1570,7 +1570,7 @@ diff -up cups-1.5.4/packaging/cups.list.in.str4223 cups-1.5.4/packaging/cups.lis
%if PAMDIR
diff -up cups-1.5.4/packaging/cups.spec.in.str4223 cups-1.5.4/packaging/cups.spec.in
--- cups-1.5.4/packaging/cups.spec.in.str4223 2012-04-23 18:46:53.000000000 +0100
-+++ cups-1.5.4/packaging/cups.spec.in 2012-12-03 09:16:12.205899076 +0000
++++ cups-1.5.4/packaging/cups.spec.in 2012-12-03 11:48:30.833187133 +0000
@@ -152,6 +152,7 @@ rm -rf $RPM_BUILD_ROOT
%defattr(-,root,root)
%dir /etc/cups
@@ -1580,8 +1580,8 @@ diff -up cups-1.5.4/packaging/cups.spec.in.str4223 cups-1.5.4/packaging/cups.spe
%dir /etc/cups/interfaces
%dir /etc/cups/ppd
diff -up cups-1.5.4/scheduler/client.c.str4223 cups-1.5.4/scheduler/client.c
---- cups-1.5.4/scheduler/client.c.str4223 2012-12-03 09:16:12.156898831 +0000
-+++ cups-1.5.4/scheduler/client.c 2012-12-03 09:16:12.205899076 +0000
+--- cups-1.5.4/scheduler/client.c.str4223 2012-12-03 11:48:30.762186898 +0000
++++ cups-1.5.4/scheduler/client.c 2012-12-03 11:48:30.834187137 +0000
@@ -35,7 +35,7 @@
* data_ready() - Check whether data is available from a client.
* encrypt_client() - Enable encryption for the client...
@@ -1681,8 +1681,8 @@ diff -up cups-1.5.4/scheduler/client.c.str4223 cups-1.5.4/scheduler/client.c
/*
diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
---- cups-1.5.4/scheduler/conf.c.str4223 2012-12-03 09:16:12.157898836 +0000
-+++ cups-1.5.4/scheduler/conf.c 2012-12-03 09:16:34.586998220 +0000
+--- cups-1.5.4/scheduler/conf.c.str4223 2012-12-03 11:48:30.763186901 +0000
++++ cups-1.5.4/scheduler/conf.c 2012-12-03 12:04:17.310709680 +0000
@@ -27,7 +27,8 @@
* parse_fatal_errors() - Parse FatalErrors values in a string.
* parse_groups() - Parse system group names in a string.
@@ -1749,7 +1749,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
- { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
- { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
{ "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_INTEGER },
- { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
+- { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
- { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
{ "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
{ "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER },
@@ -1773,6 +1773,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
+ { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
+ { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
+ { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
++ { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
+ { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
+
{ "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
@@ -1867,16 +1868,29 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
RunUser = getuid();
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
-@@ -2512,13 +2546,174 @@ parse_protocols(const char *s) /* I - S
+@@ -842,6 +876,13 @@ cupsdReadConfiguration(void)
+ BrowseACL = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL");
+
+ /*
++ * Make sure ConfigFilePerm and LogFilePerm have sane values...
++ */
++
++ ConfigFilePerm &= 0664;
++ LogFilePerm &= 0664;
++
++ /*
+ * Open the system log for cupsd if necessary...
+ */
+
+@@ -2512,13 +2553,174 @@ parse_protocols(const char *s) /* I - S
/*
- * 'read_configuration()' - Read a configuration file.
+ * 'parse_variable()' - Parse a variable line.
- */
-
- static int /* O - 1 on success, 0 on failure */
--read_configuration(cups_file_t *fp) /* I - File to read from */
++ */
++
++static int /* O - 1 on success, 0 on failure */
+parse_variable(
+ const char *filename, /* I - Name of configuration file */
+ int linenum, /* I - Line in configuration file */
@@ -2036,16 +2050,17 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
+
+/*
+ * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
-+ */
-+
-+static int /* O - 1 on success, 0 on failure */
+ */
+
+ static int /* O - 1 on success, 0 on failure */
+-read_configuration(cups_file_t *fp) /* I - File to read from */
+read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
{
- int i; /* Looping var */
int linenum; /* Current line number */
char line[HTTP_MAX_BUFFER],
/* Line from file */
-@@ -2528,7 +2723,6 @@ read_configuration(cups_file_t *fp) /* I
+@@ -2528,7 +2730,6 @@ read_configuration(cups_file_t *fp) /* I
*value, /* Pointer to value */
*valueptr; /* Pointer into value */
int valuelen; /* Length of value */
@@ -2053,7 +2068,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
http_addrlist_t *addrlist, /* Address list */
*addr; /* Current address */
unsigned ip[4], /* Address value */
-@@ -2538,7 +2732,6 @@ read_configuration(cups_file_t *fp) /* I
+@@ -2538,7 +2739,6 @@ read_configuration(cups_file_t *fp) /* I
cupsd_location_t *location; /* Browse location */
cups_file_t *incfile; /* Include file */
char incname[1024]; /* Include filename */
@@ -2061,7 +2076,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
/*
-@@ -2570,7 +2763,7 @@ read_configuration(cups_file_t *fp) /* I
+@@ -2570,7 +2770,7 @@ read_configuration(cups_file_t *fp) /* I
incname, strerror(errno));
else
{
@@ -2070,7 +2085,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
cupsFileClose(incfile);
}
}
-@@ -2594,8 +2787,6 @@ read_configuration(cups_file_t *fp) /* I
+@@ -2594,8 +2794,6 @@ read_configuration(cups_file_t *fp) /* I
if (linenum == 0)
return (0);
}
@@ -2079,7 +2094,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
{
JobRetryInterval = atoi(value);
-@@ -3254,81 +3445,6 @@ read_configuration(cups_file_t *fp) /* I
+@@ -3254,81 +3452,6 @@ read_configuration(cups_file_t *fp) /* I
}
}
#endif /* HAVE_SSL */
@@ -2161,7 +2176,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
{
/*
-@@ -3407,22 +3523,6 @@ read_configuration(cups_file_t *fp) /* I
+@@ -3407,22 +3530,6 @@ read_configuration(cups_file_t *fp) /* I
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
value, linenum);
}
@@ -2184,7 +2199,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
else if (!_cups_strcasecmp(line, "ServerTokens") && value)
{
/*
-@@ -3548,117 +3648,192 @@ read_configuration(cups_file_t *fp) /* I
+@@ -3548,117 +3655,193 @@ read_configuration(cups_file_t *fp) /* I
"line %d.", value, linenum);
}
#endif /* HAVE_SSL */
@@ -2203,6 +2218,7 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
+ !_cups_strcasecmp(line, "PageLog") ||
+ !_cups_strcasecmp(line, "Printcap") ||
+ !_cups_strcasecmp(line, "PrintcapFormat") ||
++ !_cups_strcasecmp(line, "RemoteRoot") ||
+ !_cups_strcasecmp(line, "RequestRoot") ||
+ !_cups_strcasecmp(line, "ServerBin") ||
+ !_cups_strcasecmp(line, "ServerCertificate") ||
@@ -2471,8 +2487,8 @@ diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c
return (1);
diff -up cups-1.5.4/scheduler/conf.h.str4223 cups-1.5.4/scheduler/conf.h
---- cups-1.5.4/scheduler/conf.h.str4223 2012-12-03 09:16:12.055898328 +0000
-+++ cups-1.5.4/scheduler/conf.h 2012-12-03 09:16:12.206899081 +0000
+--- cups-1.5.4/scheduler/conf.h.str4223 2012-12-03 11:48:30.672186600 +0000
++++ cups-1.5.4/scheduler/conf.h 2012-12-03 11:48:30.835187141 +0000
@@ -96,7 +96,9 @@ typedef struct
*/
@@ -2485,8 +2501,8 @@ diff -up cups-1.5.4/scheduler/conf.h.str4223 cups-1.5.4/scheduler/conf.h
/* FQDN for server */
*ServerAdmin VALUE(NULL),
diff -up cups-1.5.4/scheduler/main.c.str4223 cups-1.5.4/scheduler/main.c
---- cups-1.5.4/scheduler/main.c.str4223 2012-12-03 09:16:12.172898911 +0000
-+++ cups-1.5.4/scheduler/main.c 2012-12-03 09:16:12.207899087 +0000
+--- cups-1.5.4/scheduler/main.c.str4223 2012-12-03 11:48:30.793187001 +0000
++++ cups-1.5.4/scheduler/main.c 2012-12-03 12:05:13.413532758 +0000
@@ -225,7 +225,6 @@ main(int argc, /* I - Number of comm
char *current; /* Current directory */
@@ -2495,43 +2511,7 @@ diff -up cups-1.5.4/scheduler/main.c.str4223 cups-1.5.4/scheduler/main.c
/*
* Allocate a buffer for the current working directory to
* reduce run-time stack usage; this approximates the
-@@ -251,6 +250,35 @@ main(int argc, /* I - Number of comm
- cupsdSetStringf(&ConfigurationFile, "%s/%s", current, argv[i]);
- free(current);
- }
-+
-+ if (!CupsFilesFile)
-+ {
-+ char *filename, /* Copy of cupsd.conf filename */
-+ *slash; /* Final slash in cupsd.conf filename */
-+ size_t len; /* Size of buffer */
-+
-+ len = strlen(ConfigurationFile) + 15;
-+ if ((filename = malloc(len)) == NULL)
-+ {
-+ _cupsLangPrintf(stderr,
-+ _("cupsd: Unable to get path to "
-+ "cups-files.conf file."));
-+ return (1);
-+ }
-+
-+ strlcpy(filename, ConfigurationFile, len);
-+ if ((slash = strrchr(filename, '/')) == NULL)
-+ {
-+ _cupsLangPrintf(stderr,
-+ _("cupsd: Unable to get path to "
-+ "cups-files.conf file."));
-+ return (1);
-+ }
-+
-+ strlcpy(slash, "/cups-files.conf", len - (slash - filename));
-+ cupsdSetString(&CupsFilesFile, filename);
-+ free(filename);
-+ }
- break;
-
- case 'f' : /* Run in foreground... */
-@@ -289,6 +317,29 @@ main(int argc, /* I - Number of comm
+@@ -289,6 +288,29 @@ main(int argc, /* I - Number of comm
UseProfiles = 0;
break;
@@ -2561,19 +2541,45 @@ diff -up cups-1.5.4/scheduler/main.c.str4223 cups-1.5.4/scheduler/main.c
#ifdef __APPLE__
case 'S' : /* Disable system management functions */
fputs("cupsd: -S (disable system management) for internal "
-@@ -318,6 +369,9 @@ main(int argc, /* I - Number of comm
+@@ -318,6 +340,35 @@ main(int argc, /* I - Number of comm
if (!ConfigurationFile)
cupsdSetString(&ConfigurationFile, CUPS_SERVERROOT "/cupsd.conf");
+ if (!CupsFilesFile)
-+ cupsdSetString(&CupsFilesFile, CUPS_SERVERROOT "/cups-files.conf");
++ {
++ char *filename, /* Copy of cupsd.conf filename */
++ *slash; /* Final slash in cupsd.conf filename */
++ size_t len; /* Size of buffer */
++
++ len = strlen(ConfigurationFile) + 15;
++ if ((filename = malloc(len)) == NULL)
++ {
++ _cupsLangPrintf(stderr,
++ _("cupsd: Unable to get path to "
++ "cups-files.conf file."));
++ return (1);
++ }
++
++ strlcpy(filename, ConfigurationFile, len);
++ if ((slash = strrchr(filename, '/')) == NULL)
++ {
++ _cupsLangPrintf(stderr,
++ _("cupsd: Unable to get path to "
++ "cups-files.conf file."));
++ return (1);
++ }
++
++ strlcpy(slash, "/cups-files.conf", len - (slash - filename));
++ cupsdSetString(&CupsFilesFile, filename);
++ free(filename);
++ }
+
/*
* If the user hasn't specified "-f", run in the background...
*/
diff -up cups-1.5.4/test/run-stp-tests.sh.str4223 cups-1.5.4/test/run-stp-tests.sh
--- cups-1.5.4/test/run-stp-tests.sh.str4223 2012-05-15 15:04:18.000000000 +0100
-+++ cups-1.5.4/test/run-stp-tests.sh 2012-12-03 09:16:12.207899087 +0000
++++ cups-1.5.4/test/run-stp-tests.sh 2012-12-03 11:48:30.835187141 +0000
@@ -337,25 +337,10 @@ fi
cat >/tmp/cups-$user/cupsd.conf <<EOF
diff --git a/cups.spec b/cups.spec
index c0d3afc..9804c1e 100644
--- a/cups.spec
+++ b/cups.spec
@@ -12,7 +12,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.5.4
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -491,7 +491,7 @@ for keyword in AccessLog CacheDir ConfigFilePerm \
DataDir DocumentRoot ErrorLog FatalErrors \
FileDevice FontPath Group LogFilePerm \
LPDConfigFile PageLog Printcap PrintcapFormat \
- RequestRoot ServerBin ServerCertificate \
+ RemoteRoot RequestRoot ServerBin ServerCertificate \
ServerKey ServerRoot SMBConfigFile StateDir \
SystemGroup SystemGroupAuthKey TempDir User; do
if ! /bin/grep -iq ^$keyword "$IN"; then continue; fi
@@ -736,6 +736,10 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man1/ipptool.1.gz
%changelog
+* Mon Dec 3 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.4-15
+- Applied additional upstream patch for CVE-2012-5519 so that the
+ RemoteRoot keyword is recognised in the correct configuration file.
+
* Mon Dec 3 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.4-14
- Fixed patch for CVE-2012-5519 so that LogFilePerm and LPDConfigFile
are recognised keywords for cups-files.conf (bug #882379).
More information about the scm-commits
mailing list