[cups-filters/f20] cups-browsed: Fixed a security bug in the remove_bad_chars() failing to reliably filt

Mon Mar 2 11:04:12 UTC 2015

commit 03b8867ec4365fb76f10234fe615efe9f035c924
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Mon Mar 2 12:03:37 2015 +0100

    cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
                   reliably filter out illegal characters. (upstream #1265)

 cups-filters-bug1265.patch | 11 +++++++++++
 cups-filters.spec          | 12 +++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)
---

diff --git a/cups-filters-bug1265.patch b/cups-filters-bug1265.patch
new file mode 100644
index 0000000..69893e4
--- /dev/null
+++ b/cups-filters-bug1265.patch
@@ -0,0 +1,11 @@
+diff -up cups-filters-1.0.53/utils/cups-browsed.c.orig cups-filters-1.0.53/utils/cups-browsed.c
+--- cups-filters-1.0.53/utils/cups-browsed.c.orig	2014-04-24 22:52:34.000000000 +0200
++++ cups-filters-1.0.53/utils/cups-browsed.c	2015-03-02 11:55:01.029188474 +0100
+@@ -627,6 +627,7 @@ remove_bad_chars(const char *str_orig, /
+ 		       str[i] == '.' || str[i] == ','))) {
+       /* Letter or number, keep it */
+       havedash = 0;
++      str[j] = str[i];
+     } else {
+       /* Replace all other characters by a single '-' */
+       if (havedash == 1)
diff --git a/cups-filters.spec b/cups-filters.spec
index ddba6b8..d0ecd00 100644
--- a/cups-filters.spec
+++ b/cups-filters.spec
@@ -4,7 +4,7 @@
 Summary: OpenPrinting CUPS filters and backends
 Name:    cups-filters
 Version: 1.0.53
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # For a breakdown of the licensing, see COPYING file
 # GPLv2:   filters: commandto*, imagetoraster, pdftops, rasterto*,
@@ -23,6 +23,7 @@ Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{versio
 Patch1: cups-filters-pdf-landscape.patch
 Patch2: cups-filters-makefile.patch
 Patch3: cups-filters-execmem.patch
+Patch4: cups-filters-bug1265.patch
 
 Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
 
@@ -123,6 +124,11 @@ This is the development package for OpenPrinting CUPS filters and backends.
 # Don't use grep's -P switch in pstopdf as it needs execmem (bug #1079534).
 %patch3 -p1 -b .execmem
 
+# cups-browsed: Fixed a security bug in the remove_bad_chars()
+#               failing to reliably filter out illegal characters.
+# https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
+%patch4 -p1 -b .bug1265
+
 %build
 # work-around Rpath
 ./autogen.sh
@@ -248,6 +254,10 @@ fi
 %{_libdir}/libfontembed.so
 
 %changelog
+* Mon Mar 02 2015 Jiri Popelka <jpopelka at redhat.com> - 1.0.53-6
+ cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
+               reliably filter out illegal characters. (upstream #1265)
+
 * Fri Jun 13 2014 Tim Waugh <twaugh at redhat.com> - 1.0.53-5
 - Really fix execmem issue (bug #1079534).
 
