From b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571 Mon Sep 17 00:00:00 2001 From: Michael Sweet Date: Tue, 15 Mar 2016 10:37:32 -0400 Subject: [PATCH] Import CUPS v1.7.5 --- CHANGES.txt | 14 +++++++++-- INSTALL.txt | 2 +- README.txt | 2 +- backend/lpd.c | 6 ++--- config-scripts/cups-common.m4 | 2 +- configure | 2 +- cups/cups.h | 8 +++--- doc/help/man-cupsd.conf.html | 16 ++++++++++++ locale/cups_pt_BR.po | 10 ++++---- man/cupsd.conf.man.in | 18 +++++++++++--- packaging/cups.spec | 4 +-- scheduler/client.c | 46 +++++++++++++++++++++++------------ 12 files changed, 92 insertions(+), 38 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 26076645f6..d05ce49e61 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,17 @@ -CHANGES.txt - 1.7.4 - 2014-07-08 +CHANGES.txt - 1.7.5 - 2014-07-30 -------------------------------- +CHANGES IN CUPS V1.7.5 + + - Security: Addressed some more situations where symlinked files would + be served by the web interface (STR #4455) + - The LPD backend did not work with some versions of glibc (STR #4452) + - CGI scripts did not work (STR #4454) + - The cupsd.conf man page did not list the ErrorPolicy directive + (STR #4457) + - Updated the Brazilian Portuguese translation (STR #4456) + + CHANGES IN CUPS V1.7.4 - Security: The web interface incorrectly served symlinked files and @@ -25,7 +36,6 @@ CHANGES IN CUPS V1.7.4 - Fixed a bug in the CUPS_SC_GET_DEVICE_ID handling by the network backends (STR #4447) - Added USB quirk rule for Lexmark E230 (STR #4448) - - The LPD backend did not work with some versions of glibc (STR #4452) CHANGES IN CUPS V1.7.3 diff --git a/INSTALL.txt b/INSTALL.txt index 05d3b39b85..26cb7c03ca 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,4 +1,4 @@ -INSTALL - CUPS v1.7.4 - 2014-06-10 +INSTALL - CUPS v1.7.5 - 2014-07-30 ---------------------------------- This file describes how to compile and install CUPS from source code. For more diff --git a/README.txt b/README.txt index 489dc2a1e4..de91fe8a8f 100644 --- a/README.txt +++ b/README.txt @@ -1,4 +1,4 @@ -README - CUPS v1.7.4 - 2014-06-10 +README - CUPS v1.7.5 - 2014-07-30 --------------------------------- Looking for compile instructions? Read the file "INSTALL.txt" instead... diff --git a/backend/lpd.c b/backend/lpd.c index 9490950a73..f95f6ba5f6 100644 --- a/backend/lpd.c +++ b/backend/lpd.c @@ -1,5 +1,5 @@ /* - * "$Id: lpd.c 12005 2014-07-08 15:46:59Z msweet $" + * "$Id: lpd.c 12025 2014-07-15 13:00:17Z msweet $" * * Line Printer Daemon backend for CUPS. * @@ -1276,7 +1276,7 @@ rresvport_af(int *port, /* IO - Port number to bind to */ * Try binding the port to the socket; return if all is OK... */ - if (!bind(fd, (struct sockaddr *)&addr, httpAddrSize(&addr))) + if (!bind(fd, (struct sockaddr *)&addr, httpAddrLength(&addr))) return (fd); /* @@ -1331,5 +1331,5 @@ sigterm_handler(int sig) /* I - Signal */ /* - * End of "$Id: lpd.c 12005 2014-07-08 15:46:59Z msweet $". + * End of "$Id: lpd.c 12025 2014-07-15 13:00:17Z msweet $". */ diff --git a/config-scripts/cups-common.m4 b/config-scripts/cups-common.m4 index a8e016b671..c79070d891 100644 --- a/config-scripts/cups-common.m4 +++ b/config-scripts/cups-common.m4 @@ -20,7 +20,7 @@ dnl Set the name of the config header file... AC_CONFIG_HEADER(config.h) dnl Version number information... -CUPS_VERSION=1.7.4 +CUPS_VERSION=1.7.5 CUPS_REVISION= #if test -z "$CUPS_REVISION" -a -d .svn; then # CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`" diff --git a/configure b/configure index e272407046..04a23df9af 100755 --- a/configure +++ b/configure @@ -2517,7 +2517,7 @@ esac ac_config_headers="$ac_config_headers config.h" -CUPS_VERSION=1.7.4 +CUPS_VERSION=1.7.5 CUPS_REVISION= #if test -z "$CUPS_REVISION" -a -d .svn; then # CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`" diff --git a/cups/cups.h b/cups/cups.h index 2af4f533db..3a1e8d1fdd 100644 --- a/cups/cups.h +++ b/cups/cups.h @@ -1,5 +1,5 @@ /* - * "$Id: cups.h 11978 2014-07-02 10:35:09Z msweet $" + * "$Id: cups.h 12025 2014-07-15 13:00:17Z msweet $" * * API definitions for CUPS. * @@ -49,10 +49,10 @@ extern "C" { * Constants... */ -# define CUPS_VERSION 1.0704 +# define CUPS_VERSION 1.0705 # define CUPS_VERSION_MAJOR 1 # define CUPS_VERSION_MINOR 7 -# define CUPS_VERSION_PATCH 4 +# define CUPS_VERSION_PATCH 5 # define CUPS_BC_FD 3 /* Back-channel file descriptor for @@ -623,5 +623,5 @@ extern const char *cupsUserAgent(void) _CUPS_API_1_7; #endif /* !_CUPS_CUPS_H_ */ /* - * End of "$Id: cups.h 11978 2014-07-02 10:35:09Z msweet $". + * End of "$Id: cups.h 12025 2014-07-15 13:00:17Z msweet $". */ diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html index 227ccfe2fb..542d9c1593 100644 --- a/doc/help/man-cupsd.conf.html +++ b/doc/help/man-cupsd.conf.html @@ -227,6 +227,22 @@

Directives

Specifies the level of encryption that is required for a particular location.
+
ErrorPolicy abort-job +
+
Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer. +
+
ErrorPolicy retry-job +
+
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. +
+
ErrorPolicy retry-this-job +
+
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. +
+
ErrorPolicy stop-printer +
+
Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default. +
FilterLimit limit
diff --git a/locale/cups_pt_BR.po b/locale/cups_pt_BR.po index 664892daeb..7b070c1684 100644 --- a/locale/cups_pt_BR.po +++ b/locale/cups_pt_BR.po @@ -14,17 +14,17 @@ # msgid "" msgstr "" -"Project-Id-Version: CUPS 1.7.2\n" +"Project-Id-Version: CUPS 1.7.4\n" "Report-Msgid-Bugs-To: http://www.cups.org/str.php\n" "POT-Creation-Date: 2014-05-09 13:32-0700\n" -"PO-Revision-Date: 2014-04-30 23:57-0300\n" +"PO-Revision-Date: 2014-07-22 00:19-0300\n" "Last-Translator: Rafael Ferreira \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Poedit 1.6.4\n" +"X-Generator: Poedit 1.6.5\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" msgid "\t\t(all)" @@ -3742,7 +3742,7 @@ msgid "No active connection" msgstr "Nenhuma conexão ativa" msgid "No active connection." -msgstr "" +msgstr "Nenhuma conexão ativa." #, c-format msgid "No active jobs on %s." @@ -3799,7 +3799,7 @@ msgid "No printer-uri in request." msgstr "Nenhum printer-uri na requisição." msgid "No request sent." -msgstr "" +msgstr "Nenhuma requisição enviada." msgid "No request-id" msgstr "Nenhum request-id" diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in index 3435f3939a..3e427c33ad 100644 --- a/man/cupsd.conf.man.in +++ b/man/cupsd.conf.man.in @@ -1,5 +1,5 @@ .\" -.\" "$Id: cupsd.conf.man.in 11109 2013-07-08 21:15:13Z msweet $" +.\" "$Id: cupsd.conf.man.in 12060 2014-07-28 14:04:41Z msweet $" .\" .\" cupsd.conf man page for CUPS. .\" @@ -12,7 +12,7 @@ .\" which should have been included with this file. If this file is .\" file is missing or damaged, see the license at "http://www.cups.org/". .\" -.TH cupsd.conf 5 "CUPS" "8 July 2013" "Apple Inc." +.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc." .SH NAME cupsd.conf \- server configuration file for cups .SH DESCRIPTION @@ -180,6 +180,18 @@ Encryption Required Specifies the level of encryption that is required for a particular location. .TP 5 +ErrorPolicy abort-job +Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer. +.TP 5 +ErrorPolicy retry-job +Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. +.TP 5 +ErrorPolicy retry-this-job +Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. +.TP 5 +ErrorPolicy stop-printer +Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default. +.TP 5 FilterLimit limit .br Specifies the maximum cost of filters that are run concurrently. @@ -521,5 +533,5 @@ http://localhost:631/help .SH COPYRIGHT Copyright 2007-2013 by Apple Inc. .\" -.\" End of "$Id: cupsd.conf.man.in 11109 2013-07-08 21:15:13Z msweet $". +.\" End of "$Id: cupsd.conf.man.in 12060 2014-07-28 14:04:41Z msweet $". .\" diff --git a/packaging/cups.spec b/packaging/cups.spec index c6da187130..998cf753eb 100644 --- a/packaging/cups.spec +++ b/packaging/cups.spec @@ -45,12 +45,12 @@ Summary: CUPS Name: cups -Version: 1.7.4 +Version: 1.7.5 Release: 1 Epoch: 1 License: GPL Group: System Environment/Daemons -Source: http://www.cups.org/software/1.7.4/cups-1.7.4-source.tar.bz2 +Source: http://www.cups.org/software/1.7.5/cups-1.7.5-source.tar.bz2 Url: http://www.cups.org Packager: Anonymous Vendor: Apple Inc. diff --git a/scheduler/client.c b/scheduler/client.c index e87f9efcc3..51a11acb14 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1,5 +1,5 @@ /* - * "$Id: client.c 12009 2014-07-09 17:02:38Z msweet $" + * "$Id: client.c 12057 2014-07-22 14:03:19Z msweet $" * * Client routines for the CUPS scheduler. * @@ -3310,7 +3310,7 @@ get_file(cupsd_client_t *con, /* I - Client connection */ * then fallback to the default one... */ - if ((status = stat(filename, filestats)) != 0 && language[0] && + if ((status = lstat(filename, filestats)) != 0 && language[0] && strncmp(con->uri, "/icons/", 7) && strncmp(con->uri, "/ppd/", 5) && strncmp(con->uri, "/rss/", 5) && @@ -3408,13 +3408,13 @@ get_file(cupsd_client_t *con, /* I - Client connection */ plen = len - (ptr - filename); strlcpy(ptr, "index.html", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); #ifdef HAVE_JAVA if (status) { strlcpy(ptr, "index.class", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); } #endif /* HAVE_JAVA */ @@ -3422,7 +3422,7 @@ get_file(cupsd_client_t *con, /* I - Client connection */ if (status) { strlcpy(ptr, "index.pl", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); } #endif /* HAVE_PERL */ @@ -3430,7 +3430,7 @@ get_file(cupsd_client_t *con, /* I - Client connection */ if (status) { strlcpy(ptr, "index.php", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); } #endif /* HAVE_PHP */ @@ -3438,18 +3438,39 @@ get_file(cupsd_client_t *con, /* I - Client connection */ if (status) { strlcpy(ptr, "index.pyc", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); } if (status) { strlcpy(ptr, "index.py", plen); - status = stat(filename, filestats); + status = lstat(filename, filestats); } #endif /* HAVE_PYTHON */ } while (status && language[0]); + + /* + * If we've found a symlink, 404 the sucker to avoid disclosing information. + */ + + if (!status && S_ISLNK(filestats->st_mode)) + { + cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); + return (NULL); + } + + /* + * Similarly, if the file/directory does not have world read permissions, do + * not allow access... + */ + + if (!status && !(filestats->st_mode & S_IROTH)) + { + cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); + return (NULL); + } } cupsdLogMessage(CUPSD_LOG_DEBUG2, @@ -3812,12 +3833,7 @@ pipe_command(cupsd_client_t *con, /* I - Client connection */ argv[0] = command; if (options) - { - commptr = options; - if (*commptr == ' ') - commptr ++; - strlcpy(argbuf, commptr, sizeof(argbuf)); - } + strlcpy(argbuf, options, sizeof(argbuf)); else argbuf[0] = '\0'; @@ -4395,5 +4411,5 @@ write_pipe(cupsd_client_t *con) /* I - Client connection */ /* - * End of "$Id: client.c 12009 2014-07-09 17:02:38Z msweet $". + * End of "$Id: client.c 12057 2014-07-22 14:03:19Z msweet $". */