Please allow cups 1.3.8-1lenny1 into testing

To: debian-release@lists.debian.org
Subject: Please allow cups 1.3.8-1lenny1 into testing
From: Martin Pitt <mpitt@debian.org>
Date: Sat, 6 Sep 2008 10:19:12 +0200
Message-id: <[🔎] 20080906081912.GE17021@piware.de>
Mail-followup-to: Martin Pitt <mpitt@debian.org>, debian-release@lists.debian.org

Hello release team,

I recently cherrypicked some cups fixes from the alioth svn trunk
(experimental packages) into a lenny branch, for stuff which really
ought to get fixed in Lenny (including an RC bug):

 cups (1.3.8-1lenny1) unstable; urgency=medium
 .
   Cherrypick bug fixes from trunk/experimental which need to go into Lenny.
   Urgency medium because of an RC bug fix.
 .
   [ Johan Kiviniemi ]
   * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c,
     which caused filters not to have /bin in their PATH.
   * debian/filters/pstopdf:
     - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via
       cupsfilter) made all other users (including cups itself) unable to run
       the filter because of no permission to open the logfile.
     - Put unquoted variables into quotes where appropriate.
     - Never create an outfile in the same directory as the given infile; the
       process might not have write access there.
     - set -e.
 .
   [ Martin Pitt ]
   * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168)
   * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1
     changelog.

The package built successfully everywhere now (build runs a test suite
and fails if one of the tests fail).

debdiff is attached, please let me know if you have any questions.
Thank you!

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

=== modified file 'debian/changelog'
--- debian/changelog	2008-07-23 06:59:24 +0000
+++ debian/changelog	2008-09-02 06:48:20 +0000
@@ -1,3 +1,27 @@
+cups (1.3.8-1lenny1) unstable; urgency=medium
+
+  Cherrypick bug fixes from trunk/experimental which need to go into Lenny.
+  Urgency medium because of an RC bug fix.
+
+  [ Johan Kiviniemi ]
+  * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c,
+    which caused filters not to have /bin in their PATH.
+  * debian/filters/pstopdf:
+    - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via
+      cupsfilter) made all other users (including cups itself) unable to run
+      the filter because of no permission to open the logfile.
+    - Put unquoted variables into quotes where appropriate.
+    - Never create an outfile in the same directory as the given infile; the
+      process might not have write access there.
+    - set -e.
+
+  [ Martin Pitt ]
+  * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168)
+  * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1
+    changelog.
+
+ -- Martin Pitt <mpitt@debian.org>  Tue, 02 Sep 2008 08:33:58 +0200
+
 cups (1.3.8-1) unstable; urgency=low
 
   * New upstream release: some 20 bug fixes, no new features (see
@@ -230,7 +254,10 @@
 cupsys (1.3.6-1) unstable; urgency=low
 
   * New upstream bugfix release.
-    - Fixes (CVE-2008-0882, bug #467653).
+    - Fixes buffer overflows in filter/hpgl-input.c, possibly exploitable to
+      run arbitrary code with crafted HP-GL files. (CVE-2008-0053)
+    - Fixes double free vulnerability in process_browse_data(),
+      exploitable to remote DoS. (CVE-2008-0882, bug #467653)
   * Remove the following patches which are upstream now:
     - fix_regression_reactivate_net_ifaces_changes_detection.dpatch
     - web-interface-breaks-default-auth-setting.dpatch

=== modified file 'debian/filters/pstopdf'
--- debian/filters/pstopdf	2005-10-08 13:53:02 +0000
+++ debian/filters/pstopdf	2008-09-02 06:38:15 +0000
@@ -11,6 +11,8 @@
 # NO WARRANTY AT ALL
 #
 
+set -e
+
 PSTOPDF=/usr/bin/ps2pdf13
 OPTIONS="-r150 -dAutoRotatePages=/None -dAutoFilterColorImages=false -dColorImageFilter=/FlateEncode -dNOPLATFONTS"
 
@@ -23,46 +25,13 @@
 
 fi
 
-jobid=$1
-
-#infile=`mktemp /tmp/$jobid.pstopdf.in.XXXXXX`
-#if [ $? -ne 0 ]; then
-#  echo "ERROR: Error creating tmpfile $infile" >&2
-#  exit 1
-#fi
-#outfile=`mktemp /tmp/$jobid.pstopdf.out.XXXXXX`
-#if [ $? -ne 0 ]; then
-#  echo "ERROR: Error creating tmpfile $outfile" >&2
-#  exit 1
-#fi
-
-if [ $# -eq 6 ]; then
-
-  echo "INFO: file is $6" >&2
-  #cp $6 $infile
-  #rm -f $6
-
-  infile="$6"
-  outfile="$infile".pdf
-
-  $PSTOPDF $OPTIONS "$infile" "$outfile" 2>&1 >> /tmp/pstopdf.log
-
-else
-
-  outfile=`mktemp /tmp/$jobid.pstopdf.out.XXXXXX`
-  if [ $? -ne 0 ]; then
-    echo "ERROR: Error creating tmpfile $outfile" >&2
-    exit 1
-  fi
-
-  $PSTOPDF $OPTIONS - "$outfile" 2>&1 >> /tmp/pstopdf.log
-
-fi
-
-cat $outfile
-
-# cp "$infile" "$outfile" /tmp/cups/
-
-rm -f "$outfile"
-
-exit 0
+jobid="$1"
+outfile=$(mktemp "${TMPDIR:-/tmp}/$jobid.pstopdf.out.XXXXXX")
+trap 'rm -f "$outfile"' 0 1 2 13 15
+
+infile="${6:--}"
+
+$PSTOPDF $OPTIONS "$infile" "$outfile" >&2
+
+cat "$outfile"
+

=== modified file 'debian/libcups2.shlibs'
--- debian/libcups2.shlibs	2008-05-23 08:14:05 +0000
+++ debian/libcups2.shlibs	2008-09-02 06:38:53 +0000
@@ -1,1 +1,1 @@
-libcups 2 libcups2 (>= 1.3.7)
+libcups 2 libcups2 (>= 1.3.8)

=== modified file 'debian/libcupsimage2.shlibs'
--- debian/libcupsimage2.shlibs	2007-08-14 18:16:40 +0000
+++ debian/libcupsimage2.shlibs	2008-09-02 06:38:53 +0000
@@ -1,1 +1,1 @@
-libcupsimage 2 libcupsimage2 (>= 1.3.0)
+libcupsimage 2 libcupsimage2 (>= 1.3.8)

=== modified file 'debian/patches/00list'
--- debian/patches/00list	2008-07-23 06:17:53 +0000
+++ debian/patches/00list	2008-09-02 06:35:50 +0000
@@ -24,6 +24,7 @@
 reactivate_recommended_driver.dpatch
 include_krb5_h_in_job_h.dpatch
 search_mime_files_in_usr_share.dpatch
+cupsfilter-path-typo.dpatch
 
 # Ubuntu patches
 ubuntu-disable-browsing.dpatch

=== added file 'debian/patches/cupsfilter-path-typo.dpatch'
--- debian/patches/cupsfilter-path-typo.dpatch	1970-01-01 00:00:00 +0000
+++ debian/patches/cupsfilter-path-typo.dpatch	2008-09-02 06:35:50 +0000
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## cupsfilter-path-typo.dpatch by Johan Kiviniemi <debian@johan.kiviniemi.name>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix a typo in cupsfilter, causing filters not to have /bin in their
+## DP: PATH.
+
+@DPATCH@
+diff -urNad cups-1.3.8~/scheduler/cupsfilter.c cups-1.3.8/scheduler/cupsfilter.c
+--- cups-1.3.8~/scheduler/cupsfilter.c	2008-08-13 12:14:17.803302953 +0300
++++ cups-1.3.8/scheduler/cupsfilter.c	2008-08-13 12:14:36.815297551 +0300
+@@ -928,7 +928,7 @@
+   }
+ 
+   snprintf(line, sizeof(line),
+-           "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR ":/bin/usr/bin",
++           "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR ":/bin:/usr/bin",
+ 	   ServerBin);
+   set_string(&Path, line);
+

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Please allow cups 1.3.8-1lenny1 into testing
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Re: Please hint ttf-dejavu
Next by Date: Re: Bug#497871: php-suhosin: please package suhosin 0.9.27 and try to get it in lenny
Previous by thread: Re: Please hint maint-guide 1.2.14 maint-guide_1.2.14 for lenny
Next by thread: Re: Please allow cups 1.3.8-1lenny1 into testing
Index(es):
- Date
- Thread