Hello community, here is the log from the commit of package hplip for openSUSE:11.4 checked in at Fri Aug 12 14:59:45 CEST 2011. -------- --- old-versions/11.4/UPDATES/all/hplip/hplip.changes 2011-05-27 10:31:52.000000000 +0200 +++ 11.4/hplip/hplip.changes 2011-08-11 17:08:48.000000000 +0200 @@ -1,0 +2,9 @@ +Thu Aug 11 17:07:03 CEST 2011 - jsmeix@suse.de + +- foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch + fixes a leftover (strip out dangerous \x01 chars in arguments) + which is related to CVE-2004-0801 (bnc#59233) and mainly + it fixes CVE-2011-2697 which is a remote code execution + as user lp issue (bnc#698451). + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hplip.spec ++++++ --- /var/tmp/diff_new_pack.kvF8RA/_old 2011-08-12 14:59:34.000000000 +0200 +++ /var/tmp/diff_new_pack.kvF8RA/_new 2011-08-12 14:59:34.000000000 +0200 @@ -30,7 +30,7 @@ # x.y.m : x = major release number, y = year (eg: 6 = 2006), m = month (eg: 6a = second release in June) # Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc Version: 3.11.5 -Release: 1.<RELEASE2> +Release: 1.<RELEASE5> Group: Hardware/Printing License: BSD3c(or similar) ; GPLv2+ ; MIT License (or similar) Url: http://hplipopensource.com @@ -49,6 +49,12 @@ # Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source. # Patch12 hplip-3.9.8-CVE-2010-4267.patch fixes a remote buffer overflow in hpmud/pml.c: Patch12: hplip-3.9.8-CVE-2010-4267.patch +# Patch13 foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch +# fixes a leftover (strip out dangerous \x01 chars in arguments) +# which is related to CVE-2004-0801 (bnc#59233) and mainly +# it fixes CVE-2011-2697 which is a remote code execution +# as user lp issue (bnc#698451): +Patch13: foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch # Source100... is for special Suse sources: # Source100 is the primary source for the suse_update_desktop_file stuff. # It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip': @@ -233,6 +239,12 @@ # Patch12 hplip-3.9.8-CVE-2010-4267.patch # fixes a remote buffer overflow in hpmud/pml.c: %patch12 +# Patch13 foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch +# fixes a leftover (strip out dangerous \x01 chars in arguments) +# which is related to CVE-2004-0801 (bnc#59233) and mainly +# it fixes CVE-2011-2697 which is a remote code execution +# as user lp issue (bnc#698451): +%patch13 # Patch101 change-udev-rules.diff # changes the udev rules files 55-hpmud.rules and 56-hpmud_support.rules: %patch101 ++++++ foomatic-rip-hplip-3.11.5.CVE-2004-0801.CVE-2011-2697.patch ++++++ --- prnt/hpijs/foomatic-rip-hplip.orig 2011-05-09 03:00:51.000000000 +0200 +++ prnt/hpijs/foomatic-rip-hplip 2011-08-09 13:24:46.000000000 +0200 @@ -5,7 +5,7 @@ use strict; use POSIX; use Cwd; -my $ripversion='$Revision=3.0.2.131$'; +my $ripversion='$Revision$'; #'# Fix emacs syntax highlighting # foomatic-rip is a spooler-independent filter script which takes @@ -134,6 +134,15 @@ my $logfile = "/tmp/foomatic-rip"; # USA. # +# strip out dangerous \x01 chars in arguments to avoid a security hole in cups. +for (my $i=0; $i<=$#ARGV; $i++) +{ + if (defined($ARGV[$i])) + { + $ARGV[$i] =~ s/\001//g; + } +} + my $added_lf = "\n"; # Flush everything immediately. @@ -404,10 +413,6 @@ if (defined($ENV{'LPOPTS'})) { $spooler = 'gnulpr'; } - - -## Named command line options - # We do not use Getopt::Long because it does not work when between the # option and the argument is no space ("-w80" instead of "-w 80"). This # happens in the command line of LPRng, but also users could type in @@ -425,138 +430,178 @@ if (defined($ENV{'LPOPTS'})) { my $argstr = "\x01" . join("\x01", map { removeunprintables($_) } @ARGV) . "\x01"; -# Version check -if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) { - my $ver; - if ($ripversion =~ /^$Revision=(.*)$$/) { - $ver = $1; - } else { - $ver = "Unknown"; +my ($verbose, $quiet, $show_docs, $do_docs, $cupscolorprofile, $genpdqfile); + +## Named command line options + +# CUPS calls foomatic-rip only with 5 or 6 positional parameters, +# not with named options, like for example "-p <string>". Also PPR +# does not used named options. +if (($spooler ne 'cups') && ($spooler ne 'ppr') && ($spooler ne 'ppr_int')) { + + # Version check + if ($argstr =~ /^\x01-(h|v|-help|-version)\x01$/i) { + my $ver; + if ($ripversion =~ /^$Revision=(.*)$$/) { + $ver = $1; + } else { + $ver = "Unknown"; + } + print "foomatic-rip revision $ver\n"; + print ""man foomatic-rip" for help.\n"; + exit 0; } - print "foomatic-rip revision $ver\n"; - print ""man foomatic-rip" for help.\n"; - exit 0; -} -# Debug mode activated via command line -if ($argstr =~ s/\x01--debug\x01/\x01/) { - $debug = 1; -} + # Debug mode activated via command line + if ($argstr =~ s/\x01--debug\x01/\x01/) { + $debug = 1; + } -# Command line options for verbosity -my $verbose = ($argstr =~ s/\x01-v\x01/\x01/); -my $quiet = ($argstr =~ s/\x01-q\x01/\x01/); -my $show_docs = ($argstr =~ s/\x01-d\x01/\x01/); -my $do_docs; -my $cupscolorprofile; + # Command line options for verbosity + $verbose = ($argstr =~ s/\x01-v\x01/\x01/); + $quiet = ($argstr =~ s/\x01-q\x01/\x01/); + $show_docs = ($argstr =~ s/\x01-d\x01/\x01/); -if ($debug) { - # Grotesquely unsecure; use for debugging only - open LOG, "> ${logfile}.log"; - $logh = *LOG; + if ($debug) { + # Grotesquely unsecure; use for debugging only + open LOG, "> ${logfile}.log"; + $logh = *LOG; - use IO::Handle; - $logh->autoflush(1); -} elsif (($quiet) && (!$verbose)) { - # Quiet mode, do not log - open LOG, "> /dev/null"; - $logh = *LOG; + use IO::Handle; + $logh->autoflush(1); + } elsif (($quiet) && (!$verbose)) { + # Quiet mode, do not log + open LOG, "> /dev/null"; + $logh = *LOG; - use IO::Handle; - $logh->autoflush(1); -} else { - # Default: log to STDERR - $logh=*STDERR; -} + use IO::Handle; + $logh->autoflush(1); + } else { + # Default: log to STDERR + $logh=*STDERR; + } -## Start debug logging -if ($debug) { - # If we are not in debug mode, we do this later, as we must find out at - # first which spooler is used. When printing without spooler we - # suppress logging because foomatic-rip is called directly on the - # command line and so we avoid logging onto the console. - print $logh "foomatic-rip version $ripversion running...\n"; - # Print the command line only in debug mode, Mac OS X adds very many - # options so that CUPS cannot handle the output of the command line - # in its log files. If CUPS encounters a line with more than 1024 - # characters sent into its log files, it aborts the job with an error. - if (($debug) || ($spooler ne 'cups')) { - print $logh "called with arguments: '", join("', '",@ARGV), "'\n"; + ## Start debug logging + if ($debug) { + # If we are not in debug mode, we do this later, as we must find out at + # first which spooler is used. When printing without spooler we + # suppress logging because foomatic-rip is called directly on the + # command line and so we avoid logging onto the console. + print $logh "foomatic-rip version $ripversion running...\n"; + # Print the command line only in debug mode, Mac OS X adds very many + # options so that CUPS cannot handle the output of the command line + # in its log files. If CUPS encounters a line with more than 1024 + # characters sent into its log files, it aborts the job with an error. + if (($debug) || ($spooler ne 'cups')) { + print $logh "called with arguments: '", join("', '",@ARGV), "'\n"; + } } -} -## Continue with named options + ## Continue with named options -# Check for LPRng first so we do not pick up bogus ppd files by the -p option -if ($argstr =~ s/\x01--lprng\x01/\x01/) { - # We have LPRng - $spooler = 'lprng'; -} -# 'PRINTCAP_ENTRY' environment variable is : LPRng -# the :ppd=/path/to/ppdfile printcap entry should be used -if (defined($ENV{'PRINTCAP_ENTRY'})){ + # Check for LPRng first so we do not pick up bogus ppd files by the -p + # option + if ($argstr =~ s/\x01--lprng\x01/\x01/) { + # We have LPRng + $spooler = 'lprng'; + } + # 'PRINTCAP_ENTRY' environment variable is : LPRng + # the :ppd=/path/to/ppdfile printcap entry should be used + if (defined($ENV{'PRINTCAP_ENTRY'})){ $spooler = 'lprng'; my( @pc); @pc = split( /\s*:\s*/, $ENV{'PRINTCAP_ENTRY'} ); shift @pc; foreach (@pc) { - if( /^ppd=(.*)$/ or /^ppdfile=(.*)$/ ){ - $ppdfile = removespecialchars($1) if $1; - } + if( /^ppd=(.*)$/ or /^ppdfile=(.*)$/ ){ + $ppdfile = removespecialchars($1) if $1; + } } -} elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) { - # We have LPRng - $spooler = 'lprng'; -} + } elsif ($argstr =~ s/\x01--lprng\x01/\x01/g) { + # We have LPRng + $spooler = 'lprng'; + } + # Check for LPD/GNUlpr by typical options which the spooler puts onto + # the filter's command line (options "-w": text width, "-l": text + # length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, + # "-n": user name, "-h": host name) + if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) { + # We have LPD or GNUlpr + if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { + $spooler = 'lpd'; + } + $jobhost = $2; + } + if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) { + # We have LPD or GNUlpr + if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { + $spooler = 'lpd'; + } + $jobuser = $2; + } + if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) || + ($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) || + ($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) || + ($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) || + ($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) || + ($argstr =~ s/\x01-c\x01/\x01/)) { + # We have LPD or GNUlpr + if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { + $spooler = 'lpd'; + } + } -# PPD file name given via the command line -# allow duplicates, and use the last specified one -while ( ($spooler ne 'lprng') and ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/)) { - $ppdfile = $2; -} -while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) { - $ppdfile = $2; -} + # PPD file name given via the command line + # allow duplicates, and use the last specified one + if (($spooler ne 'lprng') && ($spooler ne 'lpd') && ($spooler ne 'gnulpr')){ + while ($argstr =~ s/\x01-p(\x01|)([^\x01]+)\x01/\x01/) { + $ppdfile = $2; + } + while ($argstr =~ s/\x01--ppd(\x01|=|)([^\x01]+)\x01/\x01/) { + $ppdfile = $2; + } + } -# Check for LPD/GNUlpr by typical options which the spooler puts onto -# the filter's command line (options "-w": text width, "-l": text -# length, "-i": indent, "-x", "-y": graphics size, "-c": raw printing, -# "-n": user name, "-h": host name) -if ($argstr =~ s/\x01-h(\x01|)([^\x01]+)\x01/\x01/) { - # We have LPD or GNUlpr - if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { - $spooler = 'lpd'; + # LPRng delivers the option settings via the "-Z" argument + if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) { + my @lpopts = split(/,/, $2); + foreach my $opt (@lpopts) { + $opt =~ s/^\s+//; + $opt =~ s/\s+$//; + $opt = removeshellescapes($opt); + if ($opt =~ /\s+/) { + $opt = ""$opt""; + } + $optstr .= "$opt "; + } + # We have LPRng + $spooler = 'lprng'; } - $jobhost = $2; -} -if ($argstr =~ s/\x01-n(\x01|)([^\x01]+)\x01/\x01/) { - # We have LPD or GNUlpr - if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { - $spooler = 'lpd'; + + # Job title and options for stock LPD + if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) { + # An LPD + $jobtitle = removeshellescapes($2); + # Classic LPD hack + if ($spooler eq "lpd") { + $optstr .= "$jobtitle "; + } } - $jobuser = $2; -} -if (($argstr =~ s/\x01-w(\x01|)\d+\x01/\x01/) || - ($argstr =~ s/\x01-l(\x01|)\d+\x01/\x01/) || - ($argstr =~ s/\x01-x(\x01|)\d+\x01/\x01/) || - ($argstr =~ s/\x01-y(\x01|)\d+\x01/\x01/) || - ($argstr =~ s/\x01-i(\x01|)\d+\x01/\x01/) || - ($argstr =~ s/\x01-c\x01/\x01/)) { - # We have LPD or GNUlpr - if (($spooler ne 'lpd') && ($spooler ne 'gnulpr') && ($spooler ne 'lprng')) { - $spooler = 'lpd'; + + # Check for CPS + if ($argstr =~ s/\x01--cps\x01/\x01/) { + # We have cps + $spooler = 'cps'; } -} -# LPRng delivers the option settings via the "-Z" argument -if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+)\x01/\x01/) { - my @lpopts = split(/,/, $2); - foreach my $opt (@lpopts) { + # Options for spooler-less printing, CPS, or PDQ + while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) { + my $opt = $2; $opt =~ s/^\s+//; $opt =~ s/\s+$//; $opt = removeshellescapes($opt); @@ -564,80 +609,49 @@ if ($argstr =~ s/\x01-Z(\x01|)([^\x01]+) $opt = ""$opt""; } $optstr .= "$opt "; + # If we don't print as a PPR RIP or as a CPS filter, we print without + # spooler (we check for PDQ later) + if (($spooler ne 'ppr') && ($spooler ne 'cps')) { + $spooler = 'direct'; + } } - # We have LPRng - $spooler = 'lprng'; -} - -# Job title and options for stock LPD -if ($argstr =~ s/\x01-[jJ](\x01|)([^\x01]+)\x01/\x01/) { - # An LPD - $jobtitle = removeshellescapes($2); - # Classic LPD hack - if ($spooler eq "lpd") { - $optstr .= "$jobtitle "; - } -} - -# Check for CPS -if ($argstr =~ s/\x01--cps\x01/\x01/) { - # We have cps - $spooler = 'cps'; -} - -# Options for spooler-less printing, CPS, or PDQ -while ($argstr =~ s/\x01-o(\x01|)([^\x01]+)\x01/\x01/) { - my $opt = $2; - $opt =~ s/^\s+//; - $opt =~ s/\s+$//; - $opt = removeshellescapes($opt); - if ($opt =~ /\s+/) { - $opt = ""$opt""; - } - $optstr .= "$opt "; - # If we don't print as a PPR RIP or as a CPS filter, we print without - # spooler (we check for PDQ later) - if (($spooler ne 'ppr') && ($spooler ne 'cps')) { - $spooler = 'direct'; - } -} -# Printer for spooler-less printing or PDQ -if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) { - $printer = removeshellescapes($2); -} -# Printer for spooler-less printing, PDQ, or LPRng -if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) { - $printer = removeshellescapes($2); -} - -# Were we called from a PDQ wrapper? -if ($argstr =~ s/\x01--pdq\x01/\x01/) { - # We have PDQ - $spooler = 'pdq'; -} - -# Were we called to build the PDQ driver declaration file? -# "--appendpdq=<file>" appends the data to the <file>, -# "--genpdq=<file>" creates/overwrites <file> for the data, and -# "--genpdq" writes to standard output -my $genpdqfile = ""; -if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) || - ($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) { - # Determine output file name - if (!$4) { - $genpdqfile = ">&STDOUT"; - } else { - if ($1 eq 'gen') { - $genpdqfile = "> " . removeshellescapes($4); + # Printer for spooler-less printing or PDQ + if ($argstr =~ s/\x01-d(\x01|)([^\x01]+)\x01/\x01/) { + $printer = removeshellescapes($2); + } + # Printer for spooler-less printing, PDQ, or LPRng + if ($argstr =~ s/\x01-P(\x01|)([^\x01]+)\x01/\x01/) { + $printer = removeshellescapes($2); + } + + # Were we called from a PDQ wrapper? + if ($argstr =~ s/\x01--pdq\x01/\x01/) { + # We have PDQ + $spooler = 'pdq'; + } + + # Were we called to build the PDQ driver declaration file? + # "--appendpdq=<file>" appends the data to the <file>, + # "--genpdq=<file>" creates/overwrites <file> for the data, and + # "--genpdq" writes to standard output + $genpdqfile = ""; + if (($argstr =~ s/\x01--(gen)(raw|)pdq(\x01|=|)([^\x01]*)\x01/\x01/) || + ($argstr =~ s/\x01--(append)(raw|)pdq(\x01|=|)([^\x01]+)\x01/\x01/)) { + # Determine output file name + if (!$4) { + $genpdqfile = ">&STDOUT"; } else { - $genpdqfile = ">> " . removeshellescapes($4); + if ($1 eq 'gen') { + $genpdqfile = "> " . removeshellescapes($4); + } else { + $genpdqfile = ">> " . removeshellescapes($4); + } } - } - # Do we want to have a PDQ driver declaration for a raw printer? - if ($2 eq 'raw') { - my $time = time(); - my @pdqfile = + # Do we want to have a PDQ driver declaration for a raw printer? + if ($2 eq 'raw') { + my $time = time(); + my @pdqfile = "driver "Raw-Printer-$time" { # This PDQ driver declaration file was generated automatically by # foomatic-rip to allow raw (filter-less) printing. @@ -652,20 +666,22 @@ if (($argstr =~ s/\x01--(gen)(raw|)pdq(\ ln -s $INPUT $OUTPUT } }"; - open PDQFILE, $genpdqfile or - rip_die("Cannot write PDQ driver declaration file", - $EXIT_PRNERR_NORETRY_BAD_SETTINGS); - print PDQFILE join('', @pdqfile); - close PDQFILE; - exit $EXIT_PRINTED; + open PDQFILE, $genpdqfile or + rip_die("Cannot write PDQ driver declaration file", + $EXIT_PRNERR_NORETRY_BAD_SETTINGS); + print PDQFILE join('', @pdqfile); + close PDQFILE; + exit $EXIT_PRINTED; + } + # We have PDQ + $spooler = 'pdq'; } - # We have PDQ - $spooler = 'pdq'; -} -# remove extra spacing if running as LPRng filter -$added_lf = "" if $spooler eq 'lprng'; + # remove extra spacing if running as LPRng filter + $added_lf = "" if $spooler eq 'lprng'; + +} ## Command line arguments without name @@ -3251,9 +3267,9 @@ for $file (@filelist) { # Insert PostScript option settings # (options for section "PageSetup". if ($isdscjob && !$pagesetupfound) { - $line .= + $line = makepagesetupsection($dat, $optionset, - 1); + 1) . $line; $pagesetupfound = 1; } } @@ -3646,7 +3662,6 @@ sub getrendererhandle { close KID3; - $SIG{PIPE} = 'DEFAULT'; pipe KID4_IN, KID4; KID4->autoflush(1); $kid4 = fork(); @@ -3827,15 +3842,11 @@ sub getrendererhandle { # When arrived here the renderer command line was successful # So exit with zero exit value here and inform the main process close KID_MESSAGE; + print KID_MESSAGE_IN "3 $EXIT_PRINTED\n"; + close KID_MESSAGE_IN; # Wait for postpipe/output child waitpid($kid4, 0); - if ($? != 0) { - print KID_MESSAGE_IN "3 $EXIT_SIGNAL\n"; - } else { - print KID_MESSAGE_IN "3 $EXIT_PRINTED\n"; - } - close KID_MESSAGE_IN; - print $logh "KID3 finished with $?\n"; + print $logh "KID3 finished\n"; exit $EXIT_PRINTED; } else { $kidgeneration += 1; @@ -4184,7 +4195,6 @@ sub getfileconverterhandle { # converter close KID1_IN; - $SIG{PIPE} = 'DEFAULT'; pipe KID2_IN, KID2; KID2->autoflush(1); $kid2 = fork(); @@ -4656,7 +4666,6 @@ sub getdocgeneratorhandle { # we are the kid; we generate the documentation page close KID0_IN; - $SIG{PIPE} = 'DEFAULT'; # Kill data on STDIN to satisfy PPR if (($spooler eq 'ppr_int') || ($spooler eq 'ppr')) { @@ -6717,7 +6726,6 @@ sub modern_system { # will be members of this process group and so by killing this # process group we can kill all subprocesses and so we can # cleanly cancel print jobs - $SIG{PIPE} = 'DEFAULT'; eval("setpgrp()"); # Stop catching signals #use sigtrap qw(die normal-signals error-signals ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org