diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:33:50 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:33:50 +0000 |
| commit | 0dabf557b83072a583dfb8c316048783039fe34e (patch) | |
| tree | 178e89b1e9d9b51eb0d12e32067cc6b6187d7e03 /main/cups | |
| parent | 8ed8bf5e79c29b662ee26b6ba0895c891101f1d4 (diff) | |
| download | aports-0dabf557b83072a583dfb8c316048783039fe34e.tar.bz2 aports-0dabf557b83072a583dfb8c316048783039fe34e.tar.xz | |
main/cups: security fix (CVE-2014-3537,CVE-2014-5029,5030,5031)
Diffstat (limited to 'main/cups')
| -rw-r--r-- | main/cups/APKBUILD | 16 | ||||
| -rw-r--r-- | main/cups/CVE-2014-3537.patch | 51 | ||||
| -rw-r--r-- | main/cups/CVE-2014-5029_5030_5031.patch | 89 |
3 files changed, 152 insertions, 4 deletions
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD index 81f1f7e207..23f1fc4de7 100644 --- a/main/cups/APKBUILD +++ b/main/cups/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cups pkgver=1.6.2 -pkgrel=2 +pkgrel=3 pkgdesc="The CUPS Printing System" url="http://www.cups.org/" arch="all" @@ -19,6 +19,8 @@ source="http://www.cups.org/software/$pkgver/$pkgname-$pkgver-source.tar.bz2 $pkgname.logrotate cupsd.initd CVE-2014-2856.patch + CVE-2014-3537.patch + CVE-2014-5029_5030_5031.patch " @@ -118,12 +120,18 @@ client() { md5sums="13c8b2b2336d42001abe4899766b62dc cups-1.6.2-source.tar.bz2 f861b18f4446c43918c8643dcbbd7f6d cups.logrotate 1154ed66fdcfa0523f929a369079f43c cupsd.initd -09c0def850cf68d5f0bd4adcb39192ba CVE-2014-2856.patch" +09c0def850cf68d5f0bd4adcb39192ba CVE-2014-2856.patch +e7b557c8515d17bda174caf39dc774ad CVE-2014-3537.patch +749673017347dacc336a60555e6c7a58 CVE-2014-5029_5030_5031.patch" sha256sums="37a3ebd305e76cfd4c9c53013e89c0f7a4dcb04b2e9da61029a29faa57e0f10d cups-1.6.2-source.tar.bz2 b3308353504bc1cc0d5203ad3609bc98639ad9655b52e8ec8257286877532796 cups.logrotate 3ea71f13cf925736847ca44aa0f1a9ed944fb3d303c34af923140b20fd587e2b cupsd.initd -1066ddc97764e55f1cf98c742c59a3296adf9a9acb5d1a5d7d4ef80cba519755 CVE-2014-2856.patch" +1066ddc97764e55f1cf98c742c59a3296adf9a9acb5d1a5d7d4ef80cba519755 CVE-2014-2856.patch +8898d80602eff060cf595b1e671b657930968c029614715f050aa6802bb8d080 CVE-2014-3537.patch +c90152101ea215b34b9a483538c31902f683bea452a91e74733b41a1a1d7aa25 CVE-2014-5029_5030_5031.patch" sha512sums="08b7ae95af9c19a1bb72f851b801d55a51360a4c2993c34878d18a605bf1d9381eada5a8f51653c4467738f0509bb8ad713b79e78c8d2a80f1aa86f1d2196038 cups-1.6.2-source.tar.bz2 162fe69ee46962f7ce07a9a2a75154682088895c4749c9bcfc54bb2aa861f48d7d1a8e3223f78a197319a3a405626ffe996615f6eb23168afcefabab343d5be0 cups.logrotate 3c5f4017cb1faf3e63551db53da4cb8305601adf65358bc53e982c5a0dfdd2b455a8ce735760ae3cc5ef81cdfa2a3cfe4be4107d1858d7ab9d91b4b97d3bc73b cupsd.initd -c365b6e85b180c839f15d9945fb5597c21a0b2f5fd9b941f162b4582767fff7e8b8306d8c3fcb74d160f47a1e795fb69b0f2d32776b49e3971d0090fe624d6fa CVE-2014-2856.patch" +c365b6e85b180c839f15d9945fb5597c21a0b2f5fd9b941f162b4582767fff7e8b8306d8c3fcb74d160f47a1e795fb69b0f2d32776b49e3971d0090fe624d6fa CVE-2014-2856.patch +146c85e595f66a339852fc7e79bfde0e9329704d412dfc85130f94f946a78481827261236acea9502bddd538c0db84a7905040f777fd123cc7e983c3f1c13930 CVE-2014-3537.patch +4261de408769cf24b7f32044ac606145c28fa879aa268c084b2b6119efaa8b53b6f4a455d21195e94c7fd5f099cde2b8f7915c2458873ed90f80613937d246b3 CVE-2014-5029_5030_5031.patch" diff --git a/main/cups/CVE-2014-3537.patch b/main/cups/CVE-2014-3537.patch new file mode 100644 index 0000000000..f947c9b9c2 --- /dev/null +++ b/main/cups/CVE-2014-3537.patch @@ -0,0 +1,51 @@ +Index: scheduler/client.c +=================================================================== +--- ./scheduler/client.c (revision 11982) ++++ ./scheduler/client.c (working copy) +@@ -2961,7 +2961,7 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- if ((status = stat(filename, filestats)) != 0) ++ if ((status = lstat(filename, filestats)) != 0) + { + /* + * Drop the language prefix and try the root directory... +@@ -2973,14 +2973,35 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + } + + /* +- * If we're found a directory, get the index.html file instead... ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. + */ + ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_WARN, "Symlinks such as \"%s\" are not allowed.", filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_WARN, "Files/directories such as \"%s\" must be world-readable.", filename); ++ return (NULL); ++ } ++ ++ /* ++ * If we've found a directory, get the index.html file instead... ++ */ ++ + if (!status && S_ISDIR(filestats->st_mode)) + { + /* diff --git a/main/cups/CVE-2014-5029_5030_5031.patch b/main/cups/CVE-2014-5029_5030_5031.patch new file mode 100644 index 0000000000..d80768a92a --- /dev/null +++ b/main/cups/CVE-2014-5029_5030_5031.patch @@ -0,0 +1,89 @@ +Index: scheduler/client.c +=================================================================== +--- ./scheduler/client.c (revision 12054) ++++ ./scheduler/client.c (working copy) +@@ -3310,7 +3310,7 @@ + * then fallback to the default one... + */ + +- if ((status = stat(filename, filestats)) != 0 && language[0] && ++ if ((status = lstat(filename, filestats)) != 0 && language[0] && + strncmp(con->uri, "/icons/", 7) && + strncmp(con->uri, "/ppd/", 5) && + strncmp(con->uri, "/rss/", 5) && +@@ -3408,13 +3408,13 @@ + plen = len - (ptr - filename); + + strlcpy(ptr, "index.html", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + + #ifdef HAVE_JAVA + if (status) + { + strlcpy(ptr, "index.class", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_JAVA */ + +@@ -3422,7 +3422,7 @@ + if (status) + { + strlcpy(ptr, "index.pl", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PERL */ + +@@ -3430,7 +3430,7 @@ + if (status) + { + strlcpy(ptr, "index.php", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PHP */ + +@@ -3438,18 +3438,39 @@ + if (status) + { + strlcpy(ptr, "index.pyc", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + + if (status) + { + strlcpy(ptr, "index.py", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PYTHON */ + + } + while (status && language[0]); ++ ++ /* ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. ++ */ ++ ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); ++ return (NULL); ++ } + } + + cupsdLogMessage(CUPSD_LOG_DEBUG2, |