[cups-filters/f20] cups-browsed: Fixed a security bug in the remove_bad_chars() failing to reliably filt
Jiří Popelka
jpopelka at fedoraproject.org
Mon Mar 2 11:04:12 UTC 2015
commit 03b8867ec4365fb76f10234fe615efe9f035c924
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Mon Mar 2 12:03:37 2015 +0100
cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
reliably filter out illegal characters. (upstream #1265)
cups-filters-bug1265.patch | 11 +++++++++++
cups-filters.spec | 12 +++++++++++-
2 files changed, 22 insertions(+), 1 deletion(-)
---
diff --git a/cups-filters-bug1265.patch b/cups-filters-bug1265.patch
new file mode 100644
index 0000000..69893e4
--- /dev/null
+++ b/cups-filters-bug1265.patch
@@ -0,0 +1,11 @@
+diff -up cups-filters-1.0.53/utils/cups-browsed.c.orig cups-filters-1.0.53/utils/cups-browsed.c
+--- cups-filters-1.0.53/utils/cups-browsed.c.orig 2014-04-24 22:52:34.000000000 +0200
++++ cups-filters-1.0.53/utils/cups-browsed.c 2015-03-02 11:55:01.029188474 +0100
+@@ -627,6 +627,7 @@ remove_bad_chars(const char *str_orig, /
+ str[i] == '.' || str[i] == ','))) {
+ /* Letter or number, keep it */
+ havedash = 0;
++ str[j] = str[i];
+ } else {
+ /* Replace all other characters by a single '-' */
+ if (havedash == 1)
diff --git a/cups-filters.spec b/cups-filters.spec
index ddba6b8..d0ecd00 100644
--- a/cups-filters.spec
+++ b/cups-filters.spec
@@ -4,7 +4,7 @@
Summary: OpenPrinting CUPS filters and backends
Name: cups-filters
Version: 1.0.53
-Release: 5%{?dist}
+Release: 6%{?dist}
# For a breakdown of the licensing, see COPYING file
# GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*,
@@ -23,6 +23,7 @@ Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{versio
Patch1: cups-filters-pdf-landscape.patch
Patch2: cups-filters-makefile.patch
Patch3: cups-filters-execmem.patch
+Patch4: cups-filters-bug1265.patch
Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
@@ -123,6 +124,11 @@ This is the development package for OpenPrinting CUPS filters and backends.
# Don't use grep's -P switch in pstopdf as it needs execmem (bug #1079534).
%patch3 -p1 -b .execmem
+# cups-browsed: Fixed a security bug in the remove_bad_chars()
+# failing to reliably filter out illegal characters.
+# https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
+%patch4 -p1 -b .bug1265
+
%build
# work-around Rpath
./autogen.sh
@@ -248,6 +254,10 @@ fi
%{_libdir}/libfontembed.so
%changelog
+* Mon Mar 02 2015 Jiri Popelka <jpopelka at redhat.com> - 1.0.53-6
+ cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
+ reliably filter out illegal characters. (upstream #1265)
+
* Fri Jun 13 2014 Tim Waugh <twaugh at redhat.com> - 1.0.53-5
- Really fix execmem issue (bug #1079534).
More information about the scm-commits
mailing list