diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:33:50 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 07:39:08 +0000 |
commit | e2856516886b7cf35fe1cf5be0eb646ea76ca687 (patch) | |
tree | 4c75674016efb1543e84c6ce9bb52dba4df16c44 | |
parent | 8009421a6bb2d34a9b42b9b96110a7ad454db783 (diff) |
main/cups: security fix (CVE-2014-3537,CVE-2014-5029,5030,5031)
fixes #3251
-rw-r--r-- | main/cups/APKBUILD | 10 | ||||
-rw-r--r-- | main/cups/CVE-2014-3537.patch | 51 | ||||
-rw-r--r-- | main/cups/CVE-2014-5029_5030_5031.patch | 89 |
3 files changed, 147 insertions, 3 deletions
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD index 20a723615e8..86b1869335b 100644 --- a/main/cups/APKBUILD +++ b/main/cups/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cups -pkgver=1.6.1 +pkgver=1.6.2 pkgrel=1 pkgdesc="The CUPS Printing System" url="http://www.cups.org/" @@ -19,6 +19,8 @@ source="http://www.cups.org/software/$pkgver/$pkgname-$pkgver-source.tar.bz2 $pkgname.logrotate cupsd.initd CVE-2014-2856.patch + CVE-2014-3537.patch + CVE-2014-5029_5030_5031.patch " @@ -112,7 +114,9 @@ client() { usr/sbin/reject } -md5sums="87ade07e3d1efd03c9c3add949cf9c00 cups-1.6.1-source.tar.bz2 +md5sums="13c8b2b2336d42001abe4899766b62dc cups-1.6.2-source.tar.bz2 f861b18f4446c43918c8643dcbbd7f6d cups.logrotate 1154ed66fdcfa0523f929a369079f43c cupsd.initd -09c0def850cf68d5f0bd4adcb39192ba CVE-2014-2856.patch" +09c0def850cf68d5f0bd4adcb39192ba CVE-2014-2856.patch +e7b557c8515d17bda174caf39dc774ad CVE-2014-3537.patch +749673017347dacc336a60555e6c7a58 CVE-2014-5029_5030_5031.patch" diff --git a/main/cups/CVE-2014-3537.patch b/main/cups/CVE-2014-3537.patch new file mode 100644 index 00000000000..f947c9b9c27 --- /dev/null +++ b/main/cups/CVE-2014-3537.patch @@ -0,0 +1,51 @@ +Index: scheduler/client.c +=================================================================== +--- ./scheduler/client.c (revision 11982) ++++ ./scheduler/client.c (working copy) +@@ -2961,7 +2961,7 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- if ((status = stat(filename, filestats)) != 0) ++ if ((status = lstat(filename, filestats)) != 0) + { + /* + * Drop the language prefix and try the root directory... +@@ -2973,14 +2973,35 @@ + if ((ptr = strchr(filename, '?')) != NULL) + *ptr = '\0'; + +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + } + + /* +- * If we're found a directory, get the index.html file instead... ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. + */ + ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_WARN, "Symlinks such as \"%s\" are not allowed.", filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_WARN, "Files/directories such as \"%s\" must be world-readable.", filename); ++ return (NULL); ++ } ++ ++ /* ++ * If we've found a directory, get the index.html file instead... ++ */ ++ + if (!status && S_ISDIR(filestats->st_mode)) + { + /* diff --git a/main/cups/CVE-2014-5029_5030_5031.patch b/main/cups/CVE-2014-5029_5030_5031.patch new file mode 100644 index 00000000000..d80768a92a9 --- /dev/null +++ b/main/cups/CVE-2014-5029_5030_5031.patch @@ -0,0 +1,89 @@ +Index: scheduler/client.c +=================================================================== +--- ./scheduler/client.c (revision 12054) ++++ ./scheduler/client.c (working copy) +@@ -3310,7 +3310,7 @@ + * then fallback to the default one... + */ + +- if ((status = stat(filename, filestats)) != 0 && language[0] && ++ if ((status = lstat(filename, filestats)) != 0 && language[0] && + strncmp(con->uri, "/icons/", 7) && + strncmp(con->uri, "/ppd/", 5) && + strncmp(con->uri, "/rss/", 5) && +@@ -3408,13 +3408,13 @@ + plen = len - (ptr - filename); + + strlcpy(ptr, "index.html", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + + #ifdef HAVE_JAVA + if (status) + { + strlcpy(ptr, "index.class", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_JAVA */ + +@@ -3422,7 +3422,7 @@ + if (status) + { + strlcpy(ptr, "index.pl", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PERL */ + +@@ -3430,7 +3430,7 @@ + if (status) + { + strlcpy(ptr, "index.php", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PHP */ + +@@ -3438,18 +3438,39 @@ + if (status) + { + strlcpy(ptr, "index.pyc", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + + if (status) + { + strlcpy(ptr, "index.py", plen); +- status = stat(filename, filestats); ++ status = lstat(filename, filestats); + } + #endif /* HAVE_PYTHON */ + + } + while (status && language[0]); ++ ++ /* ++ * If we've found a symlink, 404 the sucker to avoid disclosing information. ++ */ ++ ++ if (!status && S_ISLNK(filestats->st_mode)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); ++ return (NULL); ++ } ++ ++ /* ++ * Similarly, if the file/directory does not have world read permissions, do ++ * not allow access... ++ */ ++ ++ if (!status && !(filestats->st_mode & S_IROTH)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); ++ return (NULL); ++ } + } + + cupsdLogMessage(CUPSD_LOG_DEBUG2, |