File foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch of Package hplip.import4987

--- prnt/hpijs/foomatic-rip-hplip.orig	2011-05-09 03:00:51.000000000 +0200
+++ prnt/hpijs/foomatic-rip-hplip	2011-08-09 13:24:46.000000000 +0200
@@ -5,7 +5,7 @@ use strict;
 use POSIX;
 use Cwd;
 
-my $ripversion='$Revision=3.0.2.131$';
+my $ripversion='$Revision$';
 #'# Fix emacs syntax highlighting
 
 # foomatic-rip is a spooler-independent filter script which takes
@@ -134,6 +134,15 @@ my $logfile = "/tmp/foomatic-rip";
 #  USA.
 #
 
+# strip out dangerous \x01 chars in arguments to avoid a security hole in cups.
+for (my $i=0; $i<=$#ARGV; $i++)
+{
+        if (defined($ARGV[$i]))
+        {
+                $ARGV[$i] =~ s/\001//g;
+        }
+}
+
 my $added_lf = "\n";
 
 # Flush everything immediately.
@@ -404,10 +413,6 @@ if (defined($ENV{'LPOPTS'})) {
     $spooler = 'gnulpr';
 }
 
-
-
-## Named command line options
-
 # We do not use Getopt::Long because it does not work when between the
 # option and the argument is no space ("-w80" instead of "-w 80"). This
 # happens in the command line of LPRng, but also users could type in
@@ -425,138 +430,178 @@ if (defined($ENV{'LPOPTS'})) {
 my $argstr = "\x01" . 
     join("\x01", map { removeunprintables($_) } @ARGV) . "\x01";
 
-# Version check
-if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) {
-    my $ver;
-    if ($ripversion =~ /^\$Revision=(.*)\$$/) {
-	$ver = $1;
-    } else {
-	$ver = "Unknown";
+my ($verbose, $quiet, $show_docs, $do_docs, $cupscolorprofile, $genpdqfile);
+
+## Named command line options
+
+# CUPS calls foomatic-rip only with 5 or 6 positional parameters,
+# not with named options, like for example "-p <string>". Also PPR
+# does not used named options.
+if (($spooler ne 'cups') && ($spooler ne 'ppr') && ($spooler ne 'ppr_int')) {
+
+    # Version check
+    if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) {
+	my $ver;
+	if ($ripversion =~ /^\$Revision=(.*)\$$/) {
+	    $ver = $1;
+	} else {
+	    $ver = "Unknown";
+	}
+	print "foomatic-rip revision $ver\n";
+	print "\"man foomatic-rip\" for help.\n";
+	exit 0;
     }
-    print "foomatic-rip revision $ver\n";
-    print "\"man foomatic-rip\" for help.\n";
-    exit 0;
-}
 
-# Debug mode activated via command line
-if ($argstr =~ s/\x01--debug\x01/\x01/) {
-    $debug = 1;
-}
+    # Debug mode activated via command line
+    if ($argstr =~ s/\x01--debug\x01/\x01/) {
+	$debug = 1;
+    }
 
-# Command line options for verbosity
-my $verbose = ($argstr =~ s/\x01-v\x01/\x01/);
-my $quiet = ($argstr =~ s/\x01-q\x01/\x01/);
-my $show_docs = ($argstr =~ s/\x01-d\x01/\x01/);
-my $do_docs;
-my $cupscolorprofile;
+    # Command line options for verbosity
+    $verbose = ($argstr =~ s/\x01-v\x01/\x01/);
+    $quiet = ($argstr =~ s/\x01-q\x01/\x01/);
+    $show_docs = ($argstr =~ s/\x01-d\x01/\x01/);
 
-if ($debug) {
-    # Grotesquely unsecure; use for debugging only
-    open LOG, "> ${logfile}.log";
-    $logh = *LOG;
+    if ($debug) {
+	# Grotesquely unsecure; use for debugging only
+	open LOG, "> ${logfile}.log";
+	$logh = *LOG;
 
-    use IO::Handle;
-    $logh->autoflush(1);
-} elsif (($quiet) && (!$verbose)) {
-    # Quiet mode, do not log
-    open LOG, "> /dev/null";
-    $logh = *LOG;
+	use IO::Handle;
+	$logh->autoflush(1);
+    } elsif (($quiet) && (!$verbose)) {
+	# Quiet mode, do not log
+	open LOG, "> /dev/null";
+	$logh = *LOG;
 
-    use IO::Handle;
-    $logh->autoflush(1);
-} else {
-    # Default: log to STDERR
-    $logh=*STDERR;
-}
+	use IO::Handle;
+	$logh->autoflush(1);
+    } else {
+	# Default: log to STDERR
+	$logh=*STDERR;
+    }
 
 
 
-## Start debug logging
-if ($debug) {
-    # If we are not in debug mode, we do this later, as we must find out at
-    # first which spooler is used. When printing without spooler we
-    # suppress logging because foomatic-rip is called directly on the
-    # command line and so we avoid logging onto the console.
-    print $logh "foomatic-rip version $ripversion running...\n";
-    # Print the command line only in debug mode, Mac OS X adds very many
-    # options so that CUPS cannot handle the output of the command line
-    # in its log files. If CUPS encounters a line with more than 1024
-    # characters sent into its log files, it aborts the job with an error.
-    if (($debug) || ($spooler ne 'cups')) {
-	print $logh "called with arguments: '", join("', '",@ARGV), "'\n";
+    ## Start debug logging
+    if ($debug) {
+	# If we are not in debug mode, we do this later, as we must find out at
+	# first which spooler is used. When printing without spooler we
+	# suppress logging because foomatic-rip is called directly on the
+	# command line and so we avoid logging onto the console.
+	print $logh "foomatic-rip version $ripversion running...\n";
+	# Print the command line only in debug mode, Mac OS X adds very many
+	# options so that CUPS cannot handle the output of the command line
+	# in its log files. If CUPS encounters a line with more than 1024
+	# characters sent into its log files, it aborts the job with an error.
+	if (($debug) || ($spooler ne 'cups')) {
+	    print $logh "called with arguments: '", join("', '",@ARGV), "'\n";
+	}
     }
-}
 
 
 
-## Continue with named options
+    ## Continue with named options
 
-# Check for LPRng first so we do not pick up bogus ppd files by the -p option
-if ($argstr =~ s/\x01--lprng\x01/\x01/) {
-    # We have LPRng
-    $spooler = 'lprng';
-}
-# 'PRINTCAP_ENTRY' environment variable is : LPRng
-#  the :ppd=/path/to/ppdfile printcap entry should be used
-if (defined($ENV{'PRINTCAP_ENTRY'})){
+    # Check for LPRng first so we do not pick up bogus ppd files by the -p
+    # option
+    if ($argstr =~ s/\x01--lprng\x01/\x01/) {
+	# We have LPRng
+	$spooler = 'lprng';
+    }
+    # 'PRINTCAP_ENTRY' environment variable is : LPRng
+    #  the :ppd=/path/to/ppdfile printcap entry should be used
+    if (defined($ENV{'PRINTCAP_ENTRY'})){
 	$spooler = 'lprng';
 	my( @pc);
 	@pc = split( /\s*:\s*/, $ENV{'PRINTCAP_ENTRY'} );
 	shift @pc;
 	foreach (@pc) {
-		if( /^ppd=(.*)$/ or  /^ppdfile=(.*)$/ ){
-			$ppdfile = removespecialchars($1) if $1;
-		}
+	    if( /^ppd=(.*)$/ or  /^ppdfile=(.*)$/ ){
+		$ppdfile = removespecialchars($1) if $1;
+	    }
 	}
-} elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) {
-    # We have LPRng
-    $spooler = 'lprng';
-}
+    } elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) {
+	# We have LPRng
+	$spooler = 'lprng';
+    }
 
+    # Check for LPD/GNUlpr by typical options which the spooler puts onto
+    # the filter's command line (options "-w": text width, "-l": text
+    # length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
+    # "-n": user name, "-h": host name)
+    if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) {
+	# We have LPD or GNUlpr
+	if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+	    $spooler = 'lpd';
+	}
+	$jobhost = $2;
+    }
+    if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) {
+	# We have LPD or GNUlpr
+	if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+	    $spooler = 'lpd';
+	}
+	$jobuser = $2;
+    }
+    if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) ||
+	($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) || 
+	($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) ||
+	($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) || 
+	($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) ||
+	($argstr =~ s/\x01-c\x01/\x01/)) {
+	# We have LPD or GNUlpr
+	if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
+	    $spooler = 'lpd';
+	}
+    }
 
-# PPD file name given via the command line
-# allow duplicates, and use the last specified one
-while ( ($spooler ne 'lprng') and ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/)) {
-    $ppdfile = $2;
-}
-while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) {
-    $ppdfile = $2;
-}
+    # PPD file name given via the command line
+    # allow duplicates, and use the last specified one
+    if (($spooler ne 'lprng') && ($spooler ne 'lpd') && ($spooler ne 'gnulpr')){
+	while ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/) {
+	    $ppdfile = $2;
+	}
+	while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) {
+	    $ppdfile = $2;
+	}
+    }
 
-# Check for LPD/GNUlpr by typical options which the spooler puts onto
-# the filter's command line (options "-w": text width, "-l": text
-# length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing,
-# "-n": user name, "-h": host name)
-if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) {
-    # We have LPD or GNUlpr
-    if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
-	$spooler = 'lpd';
+    # LPRng delivers the option settings via the "-Z" argument
+    if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) {
+	my @lpopts = split(/,/, $2);
+	foreach my $opt (@lpopts) {
+	    $opt =~ s/^\s+//;
+	    $opt =~ s/\s+$//;
+	    $opt = removeshellescapes($opt);
+	    if ($opt =~ /\s+/) {
+		$opt = "\"$opt\"";
+	    }
+	    $optstr .= "$opt ";
+	}
+	# We have LPRng
+	$spooler = 'lprng';
     }
-    $jobhost = $2;
-}
-if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) {
-    # We have LPD or GNUlpr
-    if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
-	$spooler = 'lpd';
+
+    # Job title and options for stock LPD
+    if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) {
+	# An LPD
+	$jobtitle = removeshellescapes($2);
+	# Classic LPD hack
+	if ($spooler eq "lpd") {
+	    $optstr .= "$jobtitle ";
+	}
     }
-    $jobuser = $2;
-}
-if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) ||
-    ($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) || 
-    ($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) ||
-    ($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) || 
-    ($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) ||
-    ($argstr =~ s/\x01-c\x01/\x01/)) {
-    # We have LPD or GNUlpr
-    if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) {
-	$spooler = 'lpd';
+
+    # Check for CPS
+    if ($argstr =~ s/\x01--cps\x01/\x01/) {
+	# We have cps
+	$spooler = 'cps';
     }
-}
 
-# LPRng delivers the option settings via the "-Z" argument
-if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) {
-    my @lpopts = split(/,/, $2);
-    foreach my $opt (@lpopts) {
+    # Options for spooler-less printing, CPS, or PDQ
+    while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) {
+	my $opt = $2;
 	$opt =~ s/^\s+//;
 	$opt =~ s/\s+$//;
 	$opt = removeshellescapes($opt);
@@ -564,80 +609,49 @@ if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)
 	    $opt = "\"$opt\"";
 	}
 	$optstr .= "$opt ";
+	# If we don't print as a PPR RIP or as a CPS filter, we print without
+	# spooler (we check for PDQ later)
+	if (($spooler ne 'ppr') && ($spooler ne 'cps')) {
+	    $spooler = 'direct';
+	}
     }
-    # We have LPRng
-    $spooler = 'lprng';
-}
-
-# Job title and options for stock LPD
-if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) {
-    # An LPD
-    $jobtitle = removeshellescapes($2);
-    # Classic LPD hack
-    if ($spooler eq "lpd") {
-	$optstr .= "$jobtitle ";
-    }
-}
-
-# Check for CPS
-if ($argstr =~ s/\x01--cps\x01/\x01/) {
-    # We have cps
-    $spooler = 'cps';
-}
-
-# Options for spooler-less printing, CPS, or PDQ
-while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) {
-    my $opt = $2;
-    $opt =~ s/^\s+//;
-    $opt =~ s/\s+$//;
-    $opt = removeshellescapes($opt);
-    if ($opt =~ /\s+/) {
-	$opt = "\"$opt\"";
-    }
-    $optstr .= "$opt ";
-    # If we don't print as a PPR RIP or as a CPS filter, we print without
-    # spooler (we check for PDQ later)
-    if (($spooler ne 'ppr') && ($spooler ne 'cps')) {
-	$spooler = 'direct';
-    }
-}
 
-# Printer for spooler-less printing or PDQ
-if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) {
-    $printer = removeshellescapes($2);
-}
-# Printer for spooler-less printing, PDQ, or LPRng
-if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) {
-    $printer = removeshellescapes($2);
-}
-
-# Were we called from a PDQ wrapper?
-if ($argstr =~ s/\x01--pdq\x01/\x01/) {
-    # We have PDQ
-    $spooler = 'pdq';
-}
-
-# Were we called to build the PDQ driver declaration file?
-# "--appendpdq=<file>" appends the data to the <file>,
-# "--genpdq=<file>" creates/overwrites <file> for the data, and
-# "--genpdq" writes to standard output
-my $genpdqfile = "";
-if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) ||
-    ($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) {
-    # Determine output file name
-    if (!$4) {
-	$genpdqfile = ">&STDOUT";
-    } else {
-	if ($1 eq 'gen') {
-	    $genpdqfile = "> " . removeshellescapes($4);
+    # Printer for spooler-less printing or PDQ
+    if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) {
+	$printer = removeshellescapes($2);
+    }
+    # Printer for spooler-less printing, PDQ, or LPRng
+    if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) {
+	$printer = removeshellescapes($2);
+    }
+
+    # Were we called from a PDQ wrapper?
+    if ($argstr =~ s/\x01--pdq\x01/\x01/) {
+	# We have PDQ
+	$spooler = 'pdq';
+    }
+
+    # Were we called to build the PDQ driver declaration file?
+    # "--appendpdq=<file>" appends the data to the <file>,
+    # "--genpdq=<file>" creates/overwrites <file> for the data, and
+    # "--genpdq" writes to standard output
+    $genpdqfile = "";
+    if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) ||
+	($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) {
+	# Determine output file name
+	if (!$4) {
+	    $genpdqfile = ">&STDOUT";
 	} else {
-	    $genpdqfile = ">> " . removeshellescapes($4);
+	    if ($1 eq 'gen') {
+		$genpdqfile = "> " . removeshellescapes($4);
+	    } else {
+		$genpdqfile = ">> " . removeshellescapes($4);
+	    }
 	}
-    }
-    # Do we want to have a PDQ driver declaration for a raw printer?
-    if ($2 eq 'raw') {
-	my $time = time();
-	my @pdqfile =
+	# Do we want to have a PDQ driver declaration for a raw printer?
+	if ($2 eq 'raw') {
+	    my $time = time();
+	    my @pdqfile =
 "driver \"Raw-Printer-$time\" {
   # This PDQ driver declaration file was generated automatically by
   # foomatic-rip to allow raw (filter-less) printing.
@@ -652,20 +666,22 @@ if (($argstr =~ s/\x01--(gen)(raw|)pdq(\
     ln -s \$INPUT \$OUTPUT
   }
 }";
-	open PDQFILE, $genpdqfile or
-	    rip_die("Cannot write PDQ driver declaration file",
-		    $EXIT_PRNERR_NORETRY_BAD_SETTINGS);
-	print PDQFILE join('', @pdqfile);
-	close PDQFILE;
-	exit $EXIT_PRINTED;
+	    open PDQFILE, $genpdqfile or
+		rip_die("Cannot write PDQ driver declaration file",
+			$EXIT_PRNERR_NORETRY_BAD_SETTINGS);
+	    print PDQFILE join('', @pdqfile);
+	    close PDQFILE;
+	    exit $EXIT_PRINTED;
+	}
+	# We have PDQ
+	$spooler = 'pdq';
     }
-    # We have PDQ
-    $spooler = 'pdq';
-}
 
 
-# remove extra spacing if running as LPRng filter
-$added_lf = "" if $spooler eq 'lprng';
+    # remove extra spacing if running as LPRng filter
+    $added_lf = "" if $spooler eq 'lprng';
+
+}
 
 ## Command line arguments without name
 
@@ -3251,9 +3267,9 @@ for $file (@filelist) {
 			    # Insert PostScript option settings
 			    # (options for section "PageSetup".
 			    if ($isdscjob && !$pagesetupfound) {
-				$line .= 
+				$line = 
 				    makepagesetupsection($dat, $optionset,
-							 1);
+							 1) . $line;
 				$pagesetupfound = 1;
 			    }
 			}
@@ -3646,7 +3662,6 @@ sub getrendererhandle {
 
         close KID3;
 
-        $SIG{PIPE} = 'DEFAULT';
         pipe KID4_IN, KID4;
 	KID4->autoflush(1);
         $kid4 = fork();
@@ -3827,15 +3842,11 @@ sub getrendererhandle {
 	    # When arrived here the renderer command line was successful
 	    # So exit with zero exit value here and inform the main process
 	    close KID_MESSAGE;
+	    print KID_MESSAGE_IN "3 $EXIT_PRINTED\n";
+	    close KID_MESSAGE_IN;
 	    # Wait for postpipe/output child
 	    waitpid($kid4, 0);
-	    if ($? != 0) {
-		print KID_MESSAGE_IN "3 $EXIT_SIGNAL\n";
-	    } else {
-		print KID_MESSAGE_IN "3 $EXIT_PRINTED\n";
-	    }
-	    close KID_MESSAGE_IN;
-	    print $logh "KID3 finished with $?\n";
+	    print $logh "KID3 finished\n";
 	    exit $EXIT_PRINTED;
         } else {
 	    $kidgeneration += 1;
@@ -4184,7 +4195,6 @@ sub getfileconverterhandle {
 	# converter
         close KID1_IN;
 
-        $SIG{PIPE} = 'DEFAULT';
         pipe KID2_IN, KID2;
 	KID2->autoflush(1);
         $kid2 = fork();
@@ -4656,7 +4666,6 @@ sub getdocgeneratorhandle {
     # we are the kid; we generate the documentation page
 
     close KID0_IN;
-    $SIG{PIPE} = 'DEFAULT';
 
     # Kill data on STDIN to satisfy PPR
     if (($spooler eq 'ppr_int') || ($spooler eq 'ppr')) {
@@ -6717,7 +6726,6 @@ sub modern_system {
 	# will be members of this process group and so by killing this
 	# process group we can kill all subprocesses and so we can
 	# cleanly cancel print jobs
-	$SIG{PIPE} = 'DEFAULT';
 	eval("setpgrp()");
 	# Stop catching signals
 	#use sigtrap qw(die normal-signals error-signals
openSUSE Build Service is sponsored by