File cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff of Package cups.13211

--- scheduler/conf.c.orig	2014-06-16 18:13:06.000000000 +0200
+++ scheduler/conf.c	2018-06-19 15:55:09.000000000 +0200
@@ -2844,13 +2844,10 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
 					/* Line from file */
 			temp[HTTP_MAX_BUFFER],
 					/* Temporary buffer for value */
-			*value,		/* Pointer to value */
-			*valueptr;	/* Pointer into value */
+			*value;		/* Pointer to value */
   int			valuelen;	/* Length of value */
   http_addrlist_t	*addrlist,	/* Address list */
 			*addr;		/* Current address */
-  cups_file_t		*incfile;	/* Include file */
-  char			incname[1024];	/* Include filename */
 
 
  /*
@@ -2865,28 +2862,7 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
     * Decode the directive...
     */
 
-    if (!_cups_strcasecmp(line, "Include") && value)
-    {
-     /*
-      * Include filename
-      */
-
-      if (value[0] == '/')
-        strlcpy(incname, value, sizeof(incname));
-      else
-        snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
-
-      if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
-        cupsdLogMessage(CUPSD_LOG_ERROR,
-	                "Unable to include config file \"%s\" - %s",
-	                incname, strerror(errno));
-      else
-      {
-        read_cupsd_conf(incfile);
-	cupsFileClose(incfile);
-      }
-    }
-    else if (!_cups_strcasecmp(line, "<Location") && value)
+    if (!_cups_strcasecmp(line, "<Location") && value)
     {
      /*
       * <Location path>
@@ -3211,31 +3187,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
 	cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
                         value, linenum);
     }
-    else if (!_cups_strcasecmp(line, "PassEnv") && value)
-    {
-     /*
-      * PassEnv variable [... variable]
-      */
-
-      for (; *value;)
-      {
-        for (valuelen = 0; value[valuelen]; valuelen ++)
-	  if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
-	    break;
-
-        if (value[valuelen])
-        {
-	  value[valuelen] = '\0';
-	  valuelen ++;
-	}
-
-        cupsdSetEnv(value, NULL);
-
-        for (value += valuelen; *value; value ++)
-	  if (!_cups_isspace(*value) || *value != ',')
-	    break;
-      }
-    }
     else if (!_cups_strcasecmp(line, "ServerAlias") && value)
     {
      /*
@@ -3264,30 +3215,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
 	    break;
       }
     }
-    else if (!_cups_strcasecmp(line, "SetEnv") && value)
-    {
-     /*
-      * SetEnv variable value
-      */
-
-      for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
-
-      if (*valueptr)
-      {
-       /*
-        * Found a value...
-	*/
-
-        while (isspace(*valueptr & 255))
-	  *valueptr++ = '\0';
-
-        cupsdSetEnv(value, valueptr);
-      }
-      else
-        cupsdLogMessage(CUPSD_LOG_ERROR,
-	                "Missing value for SetEnv directive on line %d.",
-	                linenum);
-    }
 #ifdef HAVE_SSL
     else if (!_cups_strcasecmp(line, "SSLOptions"))
     {
@@ -3318,6 +3245,7 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
              !_cups_strcasecmp(line, "LogFilePerm") ||
              !_cups_strcasecmp(line, "LPDConfigFile") ||
              !_cups_strcasecmp(line, "PageLog") ||
+             !_cups_strcasecmp(line, "PassEnv") ||
              !_cups_strcasecmp(line, "Printcap") ||
              !_cups_strcasecmp(line, "PrintcapFormat") ||
              !_cups_strcasecmp(line, "RemoteRoot") ||
@@ -3326,6 +3254,7 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
              !_cups_strcasecmp(line, "ServerCertificate") ||
              !_cups_strcasecmp(line, "ServerKey") ||
              !_cups_strcasecmp(line, "ServerRoot") ||
+             !_cups_strcasecmp(line, "SetEnv") ||
              !_cups_strcasecmp(line, "SMBConfigFile") ||
              !_cups_strcasecmp(line, "StateDir") ||
              !_cups_strcasecmp(line, "SystemGroup") ||
@@ -3355,10 +3284,49 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
 static int				/* O - 1 on success, 0 on failure */
 read_cups_files_conf(cups_file_t *fp)	/* I - File to read from */
 {
-  int		linenum;		/* Current line number */
+  int           i,                      /* Looping var */
+  	     	linenum;		/* Current line number */
   char		line[HTTP_MAX_BUFFER],	/* Line from file */
 		*value;			/* Value from line */
   struct group	*group;			/* Group */
+  static const char * const prohibited_env[] =
+  {                                    /* Prohibited environment variables */
+    "APPLE_LANGUAGE",
+    "AUTH_DOMAIN",
+    "AUTH_INFO_REQUIRED",
+    "AUTH_NEGOTIATE",
+    "AUTH_PASSWORD",
+    "AUTH_UID",
+    "AUTH_USERNAME",
+    "CHARSET",
+    "CLASS",
+    "CLASSIFICATION",
+    "CONTENT_TYPE",
+    "CUPS_CACHEDIR",
+    "CUPS_DATADIR",
+    "CUPS_DOCROOT",
+    "CUPS_FILETYPE",
+    "CUPS_FONTPATH",
+    "CUPS_MAX_MESSAGE",
+    "CUPS_REQUESTROOT",
+    "CUPS_SERVERBIN",
+    "CUPS_SERVERROOT",
+    "CUPS_STATEDIR",
+    "DEVICE_URI",
+    "FINAL_CONTENT_TYPE",
+    "HOME",
+    "LANG",
+    "PPD",
+    "PRINTER",
+    "PRINTER_INFO",
+    "PRINTER_LOCATION",
+    "PRINTER_STATE_REASONS",
+    "RIP_CACHE",
+    "SERVER_ADMIN",
+    "SOFTWARE",
+    "TMPDIR",
+    "USER"
+  };
 
 
  /*
@@ -3396,6 +3364,47 @@ read_cups_files_conf(cups_file_t *fp)	/*
 	}
       }
     }
+    else if (!_cups_strcasecmp(line, "PassEnv") && value)
+    {
+     /*
+      * PassEnv variable [... variable]
+      */
+
+      int valuelen;                    /* Length of variable name */
+
+      for (; *value;)
+      {
+        for (valuelen = 0; value[valuelen]; valuelen ++)
+         if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
+           break;
+
+        if (value[valuelen])
+        {
+         value[valuelen] = '\0';
+         valuelen ++;
+       }
+
+        for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
+        {
+          if (!strcmp(value, prohibited_env[i]))
+          {
+           cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile);
+
+           if (FatalErrors & CUPSD_FATAL_CONFIG)
+             return (0);
+           else
+             break;
+          }
+       }
+
+        if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
+          cupsdSetEnv(value, NULL);
+
+        for (value += valuelen; *value; value ++)
+         if (!_cups_isspace(*value) || *value != ',')
+           break;
+      }
+    }
     else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
     {
      /*
@@ -3417,6 +3426,46 @@ read_cups_files_conf(cups_file_t *fp)	/*
           return (0);
       }
     }
+    else if (!_cups_strcasecmp(line, "SetEnv") && value)
+    {
+     /*
+      * SetEnv variable value
+      */
+
+      char *valueptr;                  /* Pointer to environment variable value */
+
+      for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
+
+      if (*valueptr)
+      {
+       /*
+        * Found a value...
+       */
+
+        while (isspace(*valueptr & 255))
+         *valueptr++ = '\0';
+
+        for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
+        {
+          if (!strcmp(value, prohibited_env[i]))
+          {
+           cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set  on line %d of %s.", value, linenum, CupsFilesFile);
+
+           if (FatalErrors & CUPSD_FATAL_CONFIG)
+             return (0);
+           else
+             break;
+          }
+       }
+
+        if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
+         cupsdSetEnv(value, valueptr);
+      }
+      else
+        cupsdLogMessage(CUPSD_LOG_ERROR,
+                       "Missing value for SetEnv directive on line %d of %s.",
+                       linenum, ConfigurationFile);
+    }
     else if (!_cups_strcasecmp(line, "SystemGroup") && value)
     {
      /*
--- scheduler/job.c.orig	2013-11-08 16:18:01.000000000 +0100
+++ scheduler/job.c	2018-06-19 16:05:25.000000000 +0200
@@ -4494,6 +4494,18 @@ start_job(cupsd_job_t     *job,		/* I -
   job->status  = 0;
   job->profile = cupsdCreateProfile(job->id);
 
+#ifdef HAVE_SANDBOX_H
+  if (!job->profile)
+  {
+   /*
+    * Failure to create the sandbox profile means something really bad has
+    * happened and we need to shutdown immediately.
+    */
+
+    return;
+  }
+#endif /* HAVE_SANDBOX_H */
+
  /*
   * Create the status pipes and buffer...
   */
--- scheduler/process.c.orig	2013-05-29 13:51:34.000000000 +0200
+++ scheduler/process.c	2018-06-19 16:11:38.000000000 +0200
@@ -94,10 +94,15 @@ cupsdCreateProfile(int job_id)		/* I - J
 
   if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
   {
+   /*
+    * This should never happen, and is fatal when sandboxing is enabled.
+    */
+
     cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
                     job_id);
     cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
                     strerror(errno));
+    kill(getpid(), SIGTERM);
     return (NULL);
   }
 
--- scheduler/server.c.orig	2013-05-29 13:51:34.000000000 +0200
+++ scheduler/server.c	2018-06-19 16:13:48.000000000 +0200
@@ -45,16 +45,28 @@ void
 cupsdStartServer(void)
 {
  /*
-  * Start color management (as needed)...
+  * Create the default security profile...
   */
 
-  cupsdStartColor();
+  DefaultProfile = cupsdCreateProfile(0);
+
+#ifdef HAVE_SANDBOX_H
+  if (!DefaultProfile)
+  {
+   /*
+    * Failure to create the sandbox profile means something really bad has
+    * happened and we need to shutdown immediately.
+    */
+
+    return;
+  }
+#endif /* HAVE_SANDBOX_H */
 
  /*
-  * Create the default security profile...
+  * Start color management (as needed)...
   */
 
-  DefaultProfile = cupsdCreateProfile(0);
+  cupsdStartColor();
 
  /*
   * Startup all the networking stuff...