Hello release team, I recently cherrypicked some cups fixes from the alioth svn trunk (experimental packages) into a lenny branch, for stuff which really ought to get fixed in Lenny (including an RC bug):
cups (1.3.8-1lenny1) unstable; urgency=medium . Cherrypick bug fixes from trunk/experimental which need to go into Lenny. Urgency medium because of an RC bug fix. . [ Johan Kiviniemi ] * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c, which caused filters not to have /bin in their PATH. * debian/filters/pstopdf: - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via cupsfilter) made all other users (including cups itself) unable to run the filter because of no permission to open the logfile. - Put unquoted variables into quotes where appropriate. - Never create an outfile in the same directory as the given infile; the process might not have write access there. - set -e. . [ Martin Pitt ] * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168) * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1 changelog. The package built successfully everywhere now (build runs a test suite and fails if one of the tests fail). debdiff is attached, please let me know if you have any questions. Thank you! Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
=== modified file 'debian/changelog' --- debian/changelog 2008-07-23 06:59:24 +0000 +++ debian/changelog 2008-09-02 06:48:20 +0000 @@ -1,3 +1,27 @@ +cups (1.3.8-1lenny1) unstable; urgency=medium + + Cherrypick bug fixes from trunk/experimental which need to go into Lenny. + Urgency medium because of an RC bug fix. + + [ Johan Kiviniemi ] + * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c, + which caused filters not to have /bin in their PATH. + * debian/filters/pstopdf: + - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via + cupsfilter) made all other users (including cups itself) unable to run + the filter because of no permission to open the logfile. + - Put unquoted variables into quotes where appropriate. + - Never create an outfile in the same directory as the given infile; the + process might not have write access there. + - set -e. + + [ Martin Pitt ] + * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168) + * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1 + changelog. + + -- Martin Pitt <[EMAIL PROTECTED]> Tue, 02 Sep 2008 08:33:58 +0200 + cups (1.3.8-1) unstable; urgency=low * New upstream release: some 20 bug fixes, no new features (see @@ -230,7 +254,10 @@ cupsys (1.3.6-1) unstable; urgency=low * New upstream bugfix release. - - Fixes (CVE-2008-0882, bug #467653). + - Fixes buffer overflows in filter/hpgl-input.c, possibly exploitable to + run arbitrary code with crafted HP-GL files. (CVE-2008-0053) + - Fixes double free vulnerability in process_browse_data(), + exploitable to remote DoS. (CVE-2008-0882, bug #467653) * Remove the following patches which are upstream now: - fix_regression_reactivate_net_ifaces_changes_detection.dpatch - web-interface-breaks-default-auth-setting.dpatch === modified file 'debian/filters/pstopdf' --- debian/filters/pstopdf 2005-10-08 13:53:02 +0000 +++ debian/filters/pstopdf 2008-09-02 06:38:15 +0000 @@ -11,6 +11,8 @@ # NO WARRANTY AT ALL # +set -e + PSTOPDF=/usr/bin/ps2pdf13 OPTIONS="-r150 -dAutoRotatePages=/None -dAutoFilterColorImages=false -dColorImageFilter=/FlateEncode -dNOPLATFONTS" @@ -23,46 +25,13 @@ fi -jobid=$1 - -#infile=`mktemp /tmp/$jobid.pstopdf.in.XXXXXX` -#if [ $? -ne 0 ]; then -# echo "ERROR: Error creating tmpfile $infile" >&2 -# exit 1 -#fi -#outfile=`mktemp /tmp/$jobid.pstopdf.out.XXXXXX` -#if [ $? -ne 0 ]; then -# echo "ERROR: Error creating tmpfile $outfile" >&2 -# exit 1 -#fi - -if [ $# -eq 6 ]; then - - echo "INFO: file is $6" >&2 - #cp $6 $infile - #rm -f $6 - - infile="$6" - outfile="$infile".pdf - - $PSTOPDF $OPTIONS "$infile" "$outfile" 2>&1 >> /tmp/pstopdf.log - -else - - outfile=`mktemp /tmp/$jobid.pstopdf.out.XXXXXX` - if [ $? -ne 0 ]; then - echo "ERROR: Error creating tmpfile $outfile" >&2 - exit 1 - fi - - $PSTOPDF $OPTIONS - "$outfile" 2>&1 >> /tmp/pstopdf.log - -fi - -cat $outfile - -# cp "$infile" "$outfile" /tmp/cups/ - -rm -f "$outfile" - -exit 0 +jobid="$1" +outfile=$(mktemp "${TMPDIR:-/tmp}/$jobid.pstopdf.out.XXXXXX") +trap 'rm -f "$outfile"' 0 1 2 13 15 + +infile="${6:--}" + +$PSTOPDF $OPTIONS "$infile" "$outfile" >&2 + +cat "$outfile" + === modified file 'debian/libcups2.shlibs' --- debian/libcups2.shlibs 2008-05-23 08:14:05 +0000 +++ debian/libcups2.shlibs 2008-09-02 06:38:53 +0000 @@ -1,1 +1,1 @@ -libcups 2 libcups2 (>= 1.3.7) +libcups 2 libcups2 (>= 1.3.8) === modified file 'debian/libcupsimage2.shlibs' --- debian/libcupsimage2.shlibs 2007-08-14 18:16:40 +0000 +++ debian/libcupsimage2.shlibs 2008-09-02 06:38:53 +0000 @@ -1,1 +1,1 @@ -libcupsimage 2 libcupsimage2 (>= 1.3.0) +libcupsimage 2 libcupsimage2 (>= 1.3.8) === modified file 'debian/patches/00list' --- debian/patches/00list 2008-07-23 06:17:53 +0000 +++ debian/patches/00list 2008-09-02 06:35:50 +0000 @@ -24,6 +24,7 @@ reactivate_recommended_driver.dpatch include_krb5_h_in_job_h.dpatch search_mime_files_in_usr_share.dpatch +cupsfilter-path-typo.dpatch # Ubuntu patches ubuntu-disable-browsing.dpatch === added file 'debian/patches/cupsfilter-path-typo.dpatch' --- debian/patches/cupsfilter-path-typo.dpatch 1970-01-01 00:00:00 +0000 +++ debian/patches/cupsfilter-path-typo.dpatch 2008-09-02 06:35:50 +0000 @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## cupsfilter-path-typo.dpatch by Johan Kiviniemi <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix a typo in cupsfilter, causing filters not to have /bin in their +## DP: PATH. + [EMAIL PROTECTED]@ +diff -urNad cups-1.3.8~/scheduler/cupsfilter.c cups-1.3.8/scheduler/cupsfilter.c +--- cups-1.3.8~/scheduler/cupsfilter.c 2008-08-13 12:14:17.803302953 +0300 ++++ cups-1.3.8/scheduler/cupsfilter.c 2008-08-13 12:14:36.815297551 +0300 +@@ -928,7 +928,7 @@ + } + + snprintf(line, sizeof(line), +- "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR ":/bin/usr/bin", ++ "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR ":/bin:/usr/bin", + ServerBin); + set_string(&Path, line); +
signature.asc
Description: Digital signature