Security fix for CVE-2008-5183.

Patch adapted from Red Hat's solution. ok ajacoutot@ (MAINTAINER)
2009-03-04 19:50:00 +00:00 · 2009-03-04 19:50:00 +00:00 · 98266ca12c
commit 98266ca12c
parent 6ee377f042
6 changed files with 185 additions and 8 deletions
--- a/print/cups/Makefile
+++ b/print/cups/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.37 2008/11/19 05:28:30 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.38 2009/03/04 19:50:00 jasper Exp $

 COMMENT=		Common Unix Printing System

 VERSION=		1.2.7
 DISTNAME=		cups-${VERSION}-source
-PKGNAME=		cups-${VERSION}p14
+PKGNAME=		cups-${VERSION}p15
 CATEGORIES=		print sysutils

 SHARED_LIBS+=		cups		3.0
--- a/print/cups/patches/patch-desktop_cups_desktop
+++ b/print/cups/patches/patch-desktop_cups_desktop
@ -1,6 +1,6 @@
-$OpenBSD: patch-desktop_cups_desktop,v 1.2 2009/02/15 18:57:27 jasper Exp $
+$OpenBSD: patch-desktop_cups_desktop,v 1.3 2009/03/04 19:50:00 jasper Exp $
 --- desktop/cups.desktop.orig	Thu Nov 16 14:34:44 2006
-+++ desktop/cups.desktop	Sun Feb 15 19:56:59 2009
+++ desktop/cups.desktop	Fri Feb 27 11:23:26 2009
@@ -1,7 +1,7 @@
 [Desktop Entry]
 Categories=Application;System;X-Red-Hat-Base;
--- a/print/cups/patches/patch-scheduler_ipp_c
+++ b/print/cups/patches/patch-scheduler_ipp_c
@ -0,0 +1,60 @@
+$OpenBSD: patch-scheduler_ipp_c,v 1.1 2009/03/04 19:50:00 jasper Exp $
+
+Security fix for CVE-2008-5183.
+Patch adapted from Red Hat's solution.
+
+--- scheduler/ipp.c.orig	Fri Oct 20 22:35:41 2006
+++ scheduler/ipp.c	Fri Feb 27 11:32:27 2009
+@@ -1888,24 +1888,25 @@ add_job_subscriptions(
+     if (mask == CUPSD_EVENT_NONE)
+       mask = CUPSD_EVENT_JOB_COMPLETED;
+ 
+-    sub = cupsdAddSubscription(mask, cupsdFindDest(job->dest), job, recipient,
+-                               0);
+    if ((sub = cupsdAddSubscription(mask, cupsdFindDest(job->dest), job,
+                                    recipient, 0)) != NULL)
+    {
+      sub->interval = interval;
+ 
+-    sub->interval = interval;
+      cupsdSetString(&sub->owner, job->username);
+ 
+-    cupsdSetString(&sub->owner, job->username);
+      if (user_data)
+      {
+	sub->user_data_len = user_data->values[0].unknown.length;
+	memcpy(sub->user_data, user_data->values[0].unknown.data,
+	       sub->user_data_len);
+      }
+ 
+-    if (user_data)
+-    {
+-      sub->user_data_len = user_data->values[0].unknown.length;
+-      memcpy(sub->user_data, user_data->values[0].unknown.data,
+-             sub->user_data_len);
+      ippAddSeparator(con->response);
+      ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_INTEGER,
+		    "notify-subscription-id", sub->id);
+     }
+ 
+-    ippAddSeparator(con->response);
+-    ippAddInteger(con->response, IPP_TAG_SUBSCRIPTION, IPP_TAG_INTEGER,
+-                  "notify-subscription-id", sub->id);
+-
+     if (attr)
+       attr = attr->next;
+   }
+@@ -4939,7 +4940,12 @@ create_subscription(
+     else
+       job = NULL;
+ 
+-    sub = cupsdAddSubscription(mask, printer, job, recipient, 0);
+    if ((sub = cupsdAddSubscription(mask, printer, job, recipient, 0)) == NULL)
+    {
+      send_ipp_status(con, IPP_TOO_MANY_SUBSCRIPTIONS,
+		      _("There are too many subscriptions."));
+      return;
+    }
+ 
+     if (job)
+       cupsdLogMessage(CUPSD_LOG_DEBUG, "Added subscription %d for job %d",
--- a/print/cups/patches/patch-scheduler_subscriptions_c
+++ b/print/cups/patches/patch-scheduler_subscriptions_c
@ -0,0 +1,63 @@
+$OpenBSD: patch-scheduler_subscriptions_c,v 1.1 2009/03/04 19:50:00 jasper Exp $
+
+Security fix for CVE-2008-5183.
+Patch adapted from Red Hat's solution.
+
+--- scheduler/subscriptions.c.orig	Fri Sep 29 04:26:29 2006
+++ scheduler/subscriptions.c	Fri Feb 27 11:31:46 2009
+@@ -349,8 +349,54 @@ cupsdAddSubscription(
+   * Limit the number of subscriptions...
+   */
+ 
+-  if (cupsArrayCount(Subscriptions) >= MaxSubscriptions)
+  if (MaxSubscriptions > 0 && cupsArrayCount(Subscriptions) >= MaxSubscriptions)
+  {
+    cupsdLogMessage(CUPSD_LOG_DEBUG,
+                    "cupsdAddSubscription: Reached MaxSubscriptions %d",
+		    MaxSubscriptions);
+     return (NULL);
+  }
+
+  if (MaxSubscriptionsPerJob > 0 && job)
+  {
+    int        count;			       /* Number of job subscriptions */
+
+    for (temp = (cupsd_subscription_t *)cupsArrayFirst(Subscriptions),
+	     count = 0;
+	 temp;
+	temp = (cupsd_subscription_t *)cupsArrayNext(Subscriptions))
+      if (temp->job == job)
+	count ++;
+
+    if (count >= MaxSubscriptionsPerJob)
+    {
+      cupsdLogMessage(CUPSD_LOG_DEBUG,
+		     "cupsdAddSubscription: Reached MaxSubscriptionsPerJob %d "
+		     "for job #%d", MaxSubscriptionsPerJob, job->id);
+      return (NULL);
+    }
+  }
+
+  if (MaxSubscriptionsPerPrinter > 0 && dest)
+  {
+    int        count;			       /* Number of printer subscriptions */
+
+    for (temp = (cupsd_subscription_t *)cupsArrayFirst(Subscriptions),
+	     count = 0;
+	 temp;
+	temp = (cupsd_subscription_t *)cupsArrayNext(Subscriptions))
+      if (temp->dest == dest)
+	count ++;
+
+    if (count >= MaxSubscriptionsPerPrinter)
+    {
+      cupsdLogMessage(CUPSD_LOG_DEBUG,
+		     "cupsdAddSubscription: Reached "
+		     "MaxSubscriptionsPerPrinter %d for %s",
+		     MaxSubscriptionsPerPrinter, dest->name);
+      return (NULL);
+    }
+  }
+ 
+  /*
+   * Allocate memory for this subscription...
--- a/print/cups/patches/patch-test_4_4-subscription-ops_test
+++ b/print/cups/patches/patch-test_4_4-subscription-ops_test
@ -0,0 +1,41 @@
+$OpenBSD: patch-test_4_4-subscription-ops_test,v 1.1 2009/03/04 19:50:00 jasper Exp $
+
+Security fix for CVE-2008-5183.
+Patch adapted from Red Hat's solution.
+
+*** test/4.4-subscription-ops.test.orig	Wed Aug 16 22:05:58 2006
+--- test/4.4-subscription-ops.test	Fri Feb 27 11:26:51 2009
+***************
+*** 117,120 ****
+--- 117,147 ----
+  	DISPLAY notify-events
+  }
+ {
+        # The name of the test...
+        NAME "Check MaxSubscriptions limits"
+ 
+        # The operation to use
+        OPERATION Create-Printer-Subscription
+        RESOURCE /
+ 
+        # The attributes to send
+        GROUP operation
+        ATTR charset attributes-charset utf-8
+        ATTR language attributes-natural-language en
+        ATTR uri printer-uri $method://$hostname:$port/printers/Test1
+ 
+ 	GROUP subscription
+        ATTR uri notify-recipient-uri testnotify://
+        ATTR keyword notify-events printer-state-changed
+        ATTR integer notify-lease-duration 5
+ 
+        # What statuses are OK?
+        STATUS client-error-too-many-subscriptions
+ 
+        # What attributes do we expect?
+        EXPECT attributes-charset
+        EXPECT attributes-natural-language
+ }
+ 
+  
+  #
--- a/print/cups/patches/patch-test_run-stp-tests_sh
+++ b/print/cups/patches/patch-test_run-stp-tests_sh
@ -1,6 +1,11 @@
-$OpenBSD: patch-test_run-stp-tests_sh,v 1.3 2007/03/17 18:28:02 deanna Exp $
--- test/run-stp-tests.sh.orig	Wed Nov 15 15:37:45 2006
-+++ test/run-stp-tests.sh	Fri Mar 16 16:50:33 2007
+$OpenBSD: patch-test_run-stp-tests_sh,v 1.4 2009/03/04 19:50:00 jasper Exp $
+
+Second chunk of this patch:
+Security fix for CVE-2008-5183.
+Patch adapted from Red Hat's solution.
+
+--- test/run-stp-tests.sh.orig	Wed Nov 15 21:37:45 2006
+++ test/run-stp-tests.sh	Fri Feb 27 11:25:28 2009
@@ -30,7 +30,7 @@ argcount=$#
 # Make the IPP test program...
 #
@ -10,7 +15,15 @@ $OpenBSD: patch-test_run-stp-tests_sh,v 1.3 2007/03/17 18:28:02 deanna Exp $
 
 #
 # Figure out the proper echo options...
-@@ -373,7 +373,7 @@ fi
+@@ -294,6 +294,7 @@ FontPath /tmp/cups-$user/share/fonts
+ DocumentRoot $root/doc
+ RequestRoot /tmp/cups-$user/spool
+ TempDir /tmp/cups-$user/spool/temp
+MaxSubscriptions 3
+ MaxLogSize 0
+ AccessLog /tmp/cups-$user/log/access_log
+ ErrorLog /tmp/cups-$user/log/error_log
+@@ -373,7 +374,7 @@ fi
 
 export LD_LIBRARY_PATH