File str4609.CVE-2015-1158.CVE-2015-1159.CUPS-1.5.4.patch of Package cups.openSUSE_13.1_Update
diff -rup cups-1.5.4.orig/cgi-bin/ipp-var.c cups-1.5.4/cgi-bin/ipp-var.c
--- cups-1.5.4.orig/cgi-bin/ipp-var.c 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5.4/cgi-bin/ipp-var.c 2015-04-22 12:22:04.000000000 +0200
@@ -1230,21 +1230,7 @@ cgiSetIPPObjectVars(
* Rewrite URIs...
*/
- if (!strcmp(name, "member_uris"))
- {
- char url[1024]; /* URL for class member... */
-
-
- cgiRewriteURL(attr->values[i].string.text, url,
- sizeof(url), NULL);
-
- snprintf(valptr, sizeof(value) - (valptr - value),
- "<A HREF=\"%s\">%s</A>", url,
- strrchr(attr->values[i].string.text, '/') + 1);
- }
- else
- cgiRewriteURL(attr->values[i].string.text, valptr,
- sizeof(value) - (valptr - value), NULL);
+ cgiRewriteURL(attr->values[i].string.text, valptr, sizeof(value) - (valptr - value), NULL);
break;
}
diff -rup cups-1.5.4.orig/cgi-bin/template.c cups-1.5.4/cgi-bin/template.c
--- cups-1.5.4.orig/cgi-bin/template.c 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5.4/cgi-bin/template.c 2015-04-22 12:22:04.000000000 +0200
@@ -659,39 +659,7 @@ cgi_puts(const char *s, /* I - String
while (*s)
{
if (*s == '<')
- {
- /*
- * Pass <A HREF="url"> and </A>, otherwise quote it...
- */
-
- if (!_cups_strncasecmp(s, "<A HREF=\"", 9))
- {
- fputs("<A HREF=\"", out);
- s += 9;
-
- while (*s && *s != '\"')
- {
- if (*s == '&')
- fputs("&", out);
- else
- putc(*s, out);
-
- s ++;
- }
-
- if (*s)
- s ++;
-
- fputs("\">", out);
- }
- else if (!_cups_strncasecmp(s, "</A>", 4))
- {
- fputs("</A>", out);
- s += 3;
- }
- else
- fputs("<", out);
- }
+ fputs("<", out);
else if (*s == '>')
fputs(">", out);
else if (*s == '\"')
diff -rup cups-1.5.4.orig/scheduler/ipp.c cups-1.5.4/scheduler/ipp.c
--- cups-1.5.4.orig/scheduler/ipp.c 2012-02-13 21:42:51.000000000 +0100
+++ cups-1.5.4/scheduler/ipp.c 2015-04-22 12:22:04.000000000 +0200
@@ -509,8 +509,8 @@ cupsdProcessIPPRequest(
* Remote unauthenticated user masquerading as local root...
*/
- _cupsStrFree(username->values[0].string.text);
- username->values[0].string.text = _cupsStrAlloc(RemoteRoot);
+ _cupsStrFree(username->values[0].string.text);
+ username->values[0].string.text = _cupsStrAlloc(RemoteRoot);
}
}
@@ -1648,7 +1648,10 @@ add_job(cupsd_client_t *con, /* I - Cl
cupsdSetString(&job->username, con->username);
if (attr)
- cupsdSetString(&attr->values[0].string.text, con->username);
+ {
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(con->username);
+ }
}
else if (attr)
{
@@ -1699,48 +1702,11 @@ add_job(cupsd_client_t *con, /* I - Cl
* Also, we can only have 1 value and it must be a name value.
*/
- switch (attr->value_tag)
- {
- case IPP_TAG_STRING :
- case IPP_TAG_TEXTLANG :
- case IPP_TAG_NAMELANG :
- case IPP_TAG_TEXT :
- case IPP_TAG_NAME :
- case IPP_TAG_KEYWORD :
- case IPP_TAG_URI :
- case IPP_TAG_URISCHEME :
- case IPP_TAG_CHARSET :
- case IPP_TAG_LANGUAGE :
- case IPP_TAG_MIMETYPE :
- /*
- * Free old strings...
- */
-
- for (i = 0; i < attr->num_values; i ++)
- {
- _cupsStrFree(attr->values[i].string.text);
- attr->values[i].string.text = NULL;
- if (attr->values[i].string.charset)
- {
- _cupsStrFree(attr->values[i].string.charset);
- attr->values[i].string.charset = NULL;
- }
- }
-
- default :
- break;
- }
-
- /*
- * Use the default connection hostname instead...
- */
-
- attr->value_tag = IPP_TAG_NAME;
- attr->num_values = 1;
- attr->values[0].string.text = _cupsStrAlloc(con->http.hostname);
+ ippDeleteAttribute(job->attrs, attr);
+ ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-originating-host-name", NULL, con->http.hostname);
}
-
- attr->group_tag = IPP_TAG_JOB;
+ else
+ attr->group_tag = IPP_TAG_JOB;
}
else
{
@@ -1832,8 +1798,8 @@ add_job(cupsd_client_t *con, /* I - Cl
attr = ippAddStrings(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-sheets",
2, NULL, NULL);
- attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);
- attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);
+ attr->values[0].string.text = _cupsStrAlloc(printer->job_sheets[0]);
+ attr->values[1].string.text = _cupsStrAlloc(printer->job_sheets[1]);
}
job->job_sheets = attr;
@@ -1859,7 +1825,8 @@ add_job(cupsd_client_t *con, /* I - Cl
* Force the leading banner to have the classification on it...
*/
- cupsdSetString(&attr->values[0].string.text, Classification);
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(Classification);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,none\", "
@@ -1876,7 +1843,8 @@ add_job(cupsd_client_t *con, /* I - Cl
* Can't put two different security markings on the same document!
*/
- cupsdSetString(&attr->values[1].string.text, attr->values[0].string.text);
+ _cupsStrFree(attr->values[1].string.text);
+ attr->values[1].string.text = _cupsStrAlloc(attr->values[0].string.text);
cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED "
"job-sheets=\"%s,%s\", "
@@ -1916,18 +1884,26 @@ add_job(cupsd_client_t *con, /* I - Cl
if (attr->num_values > 1 &&
!strcmp(attr->values[0].string.text, attr->values[1].string.text))
{
- cupsdSetString(&(attr->values[0].string.text), Classification);
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(Classification);
+ _cupsStrFree(attr->values[1].string.text);
+ attr->values[1].string.text = _cupsStrAlloc(Classification);
}
else
{
if (attr->num_values == 1 ||
strcmp(attr->values[0].string.text, "none"))
- cupsdSetString(&(attr->values[0].string.text), Classification);
+ {
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(Classification);
+ }
if (attr->num_values > 1 &&
strcmp(attr->values[1].string.text, "none"))
- cupsdSetString(&(attr->values[1].string.text), Classification);
+ {
+ _cupsStrFree(attr->values[1].string.text);
+ attr->values[1].string.text = _cupsStrAlloc(Classification);
+ }
}
if (attr->num_values > 1)
@@ -4150,7 +4126,8 @@ authenticate_job(cupsd_client_t *con, /
if (attr)
{
attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc("no-hold");
}
/*
@@ -10028,9 +10005,8 @@ release_job(cupsd_client_t *con, /* I -
if (attr)
{
- _cupsStrFree(attr->values[0].string.text);
-
attr->value_tag = IPP_TAG_KEYWORD;
+ _cupsStrFree(attr->values[0].string.text);
attr->values[0].string.text = _cupsStrAlloc("no-hold");
cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED, cupsdFindDest(job->dest), job,
diff -rup cups-1.5.4.orig/scheduler/job.c cups-1.5.4/scheduler/job.c
--- cups-1.5.4.orig/scheduler/job.c 2012-04-20 05:01:06.000000000 +0200
+++ cups-1.5.4/scheduler/job.c 2015-04-22 12:22:04.000000000 +0200
@@ -406,7 +406,10 @@ cupsdCheckJobs(void)
if ((attr = ippFindAttribute(job->attrs, "job-actual-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&attr->values[0].string.text, printer->uri);
+ {
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(printer->uri);
+ }
else
ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_URI,
"job-actual-printer-uri", NULL, printer->uri);
@@ -1950,7 +1953,10 @@ cupsdMoveJob(cupsd_job_t *job, /* I
if ((attr = ippFindAttribute(job->attrs, "job-printer-uri",
IPP_TAG_URI)) != NULL)
- cupsdSetString(&(attr->values[0].string.text), p->uri);
+ {
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(p->uri);
+ }
cupsdAddEvent(CUPSD_EVENT_JOB_STOPPED, p, job,
"Job #%d moved from %s to %s.", job->id, olddest,
@@ -2153,7 +2159,10 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, /
attr = ippFindAttribute(job->attrs, "job-hold-until", IPP_TAG_NAME);
if (attr)
- cupsdSetString(&(attr->values[0].string.text), when);
+ {
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc(when);
+ }
else
attr = ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_KEYWORD,
"job-hold-until", NULL, when);
@@ -2399,7 +2408,8 @@ cupsdSetJobState(
if (attr)
{
attr->value_tag = IPP_TAG_KEYWORD;
- cupsdSetString(&(attr->values[0].string.text), "no-hold");
+ _cupsStrFree(attr->values[0].string.text);
+ attr->values[0].string.text = _cupsStrAlloc("no-hold");
}
default :
@@ -4146,7 +4156,10 @@ start_job(cupsd_job_t *job, /* I -
"job-printer-state-message",
IPP_TAG_TEXT);
if (job->printer_message)
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ {
+ _cupsStrFree(job->printer_message->values[0].string.text);
+ job->printer_message->values[0].string.text = _cupsStrAlloc("");
+ }
cupsdSetJobState(job, IPP_JOB_PROCESSING, CUPSD_JOB_DEFAULT, NULL);
cupsdSetPrinterState(printer, IPP_PRINTER_PROCESSING, 0);
@@ -4708,10 +4721,15 @@ update_job_attrs(cupsd_job_t *job, /* I
if (job->state_value != IPP_JOB_PROCESSING &&
job->status_level == CUPSD_LOG_INFO)
- cupsdSetString(&(job->printer_message->values[0].string.text), "");
+ {
+ _cupsStrFree(job->printer_message->values[0].string.text);
+ job->printer_message->values[0].string.text = _cupsStrAlloc("");
+ }
else if (job->printer->state_message[0] && do_message)
- cupsdSetString(&(job->printer_message->values[0].string.text),
- job->printer->state_message);
+ {
+ _cupsStrFree(job->printer_message->values[0].string.text);
+ job->printer_message->values[0].string.text = _cupsStrAlloc(job->printer->state_message);
+ }
/*
* ... and the printer-state-reasons value...