diff options
Diffstat (limited to 'patches')
-rw-r--r-- | patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt | 11 | ||||
-rw-r--r-- | patches/source/cups-filters/CVE-2023-24805.patch | 167 | ||||
-rwxr-xr-x | patches/source/cups-filters/cups-filters.SlackBuild | 147 | ||||
-rw-r--r-- | patches/source/cups-filters/cups-filters.url | 1 | ||||
-rw-r--r-- | patches/source/cups-filters/doinst.sh | 27 | ||||
-rw-r--r-- | patches/source/cups-filters/slack-desc | 19 |
6 files changed, 372 insertions, 0 deletions
diff --git a/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt b/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..f8e50be74 --- /dev/null +++ b/patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +cups-filters: cups-filters (backends and filters for CUPS) +cups-filters: +cups-filters: This package provides backends, filters, and other software that was +cups-filters: once part of the core CUPS distribution but is no longer included. +cups-filters: In addition it contains additional filters and software developed +cups-filters: independently. +cups-filters: +cups-filters: +cups-filters: +cups-filters: +cups-filters: diff --git a/patches/source/cups-filters/CVE-2023-24805.patch b/patches/source/cups-filters/CVE-2023-24805.patch new file mode 100644 index 000000000..e84312a82 --- /dev/null +++ b/patches/source/cups-filters/CVE-2023-24805.patch @@ -0,0 +1,167 @@ +--- ./backend/beh.c.orig 2023-01-24 19:38:24.000000000 -0600 ++++ ./backend/beh.c 2023-05-19 13:08:27.724167656 -0500 +@@ -22,12 +22,14 @@ + #include "backend-private.h" + #include <cups/array.h> + #include <ctype.h> ++#include <sys/wait.h> ++ + + /* + * Local globals... + */ + +-static int job_canceled = 0; /* Set to 1 on SIGTERM */ ++static volatile int job_canceled = 0; /* Set to 1 on SIGTERM */ + + /* + * Local functions... +@@ -213,21 +215,44 @@ + char **argv, /* I - Command-line arguments */ + char *filename) { /* I - File name of input data */ + const char *cups_serverbin; /* Location of programs */ ++ char *backend_argv[8]; // Arguments for called CUPS backend + char scheme[1024], /* Scheme from URI */ + *ptr, /* Pointer into scheme */ +- cmdline[65536]; /* Backend command line */ +- int retval; ++ backend_path[2048]; // Backend path ++ int pid, ++ wait_pid, ++ wait_status, ++ retval = 0; ++ int bytes; ++ + + /* + * Build the backend command line... + */ + +- strncpy(scheme, uri, sizeof(scheme) - 1); +- if (strlen(uri) > 1023) +- scheme[1023] = '\0'; ++ scheme[0] = '\0'; ++ strncat(scheme, uri, sizeof(scheme) - 1); + if ((ptr = strchr(scheme, ':')) != NULL) + *ptr = '\0'; +- ++ else ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme part.\n"); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ if (strchr(scheme, '/')) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n"); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ if (!strcmp(scheme, ".") || !strcmp(scheme, "..")) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid URI, scheme (\"%s\") is a directory.\n", ++ scheme); ++ exit (CUPS_BACKEND_FAILED); ++ } + if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL) + cups_serverbin = CUPS_SERVERBIN; + +@@ -235,16 +260,26 @@ + fprintf(stderr, + "ERROR: beh: Direct output into a file not supported.\n"); + exit (CUPS_BACKEND_FAILED); +- } else +- snprintf(cmdline, sizeof(cmdline), +- "%s/backend/%s '%s' '%s' '%s' '%s' '%s' %s", +- cups_serverbin, scheme, argv[1], argv[2], argv[3], +- /* Apply number of copies only if beh was called with a +- file name and not with the print data in stdin, as +- backends should handle copies only if they are called +- with a file name */ +- (argc == 6 ? "1" : argv[4]), +- argv[5], filename); ++ } ++ ++ backend_argv[0] = uri; ++ backend_argv[1] = argv[1]; ++ backend_argv[2] = argv[2]; ++ backend_argv[3] = argv[3]; ++ backend_argv[4] = (argc == 6 ? "1" : argv[4]); ++ backend_argv[5] = argv[5]; ++ backend_argv[6] = filename; ++ backend_argv[7] = NULL; ++ ++ bytes = snprintf(backend_path, sizeof(backend_path), ++ "%s/backend/%s", cups_serverbin, scheme); ++ if (bytes < 0 || bytes >= sizeof(backend_path)) ++ { ++ fprintf(stderr, ++ "ERROR: beh: Invalid scheme (\"%s\"), could not determing backend path.\n", ++ scheme); ++ exit (CUPS_BACKEND_FAILED); ++ } + + /* + * Overwrite the device URI and run the actual backend... +@@ -253,17 +288,41 @@ + setenv("DEVICE_URI", uri, 1); + + fprintf(stderr, +- "DEBUG: beh: Executing backend command line \"%s\"...\n", +- cmdline); ++ "DEBUG: beh: Executing backend command line \"%s '%s' '%s' '%s' '%s' '%s'%s%s\"...\n", ++ backend_path, backend_argv[1], backend_argv[2], backend_argv[3], ++ backend_argv[4], backend_argv[5], ++ (backend_argv[6] && backend_argv[6][0] ? " " : ""), ++ (backend_argv[6] && backend_argv[6][0] ? backend_argv[6] : "")); + fprintf(stderr, + "DEBUG: beh: Using device URI: %s\n", + uri); + +- retval = system(cmdline) >> 8; ++ if ((pid = fork()) == 0) ++ { ++ retval = execv(backend_path, backend_argv); ++ ++ if (retval == -1) ++ fprintf(stderr, "ERROR: Unable to execute backend: %s\n", ++ strerror(errno)); ++ exit (CUPS_BACKEND_FAILED); ++ } ++ else if (pid < 0) ++ { ++ fprintf(stderr, "ERROR: Unable to fork for backend\n"); ++ return (CUPS_BACKEND_FAILED); ++ } ++ ++ while ((wait_pid = wait(&wait_status)) < 0 && errno == EINTR); + +- if (retval == -1) +- fprintf(stderr, "ERROR: Unable to execute backend command line: %s\n", +- strerror(errno)); ++ if (wait_pid >= 0 && wait_status) ++ { ++ if (WIFEXITED(wait_status)) ++ retval = WEXITSTATUS(wait_status); ++ else if (WTERMSIG(wait_status) != SIGTERM) ++ retval = WTERMSIG(wait_status); ++ else ++ retval = 0; ++ } + + return (retval); + } +@@ -277,8 +336,10 @@ + sigterm_handler(int sig) { /* I - Signal number (unused) */ + (void)sig; + +- fprintf(stderr, +- "DEBUG: beh: Job canceled.\n"); ++ const char * const msg = "DEBUG: beh: Job canceled.\n"; ++ // The if() is to eliminate the return value and silence the warning ++ // about an unused return value. ++ if (write(2, msg, strlen(msg))); + + if (job_canceled) + _exit(CUPS_BACKEND_OK); diff --git a/patches/source/cups-filters/cups-filters.SlackBuild b/patches/source/cups-filters/cups-filters.SlackBuild new file mode 100755 index 000000000..df671a376 --- /dev/null +++ b/patches/source/cups-filters/cups-filters.SlackBuild @@ -0,0 +1,147 @@ +#!/bin/bash + +# Copyright 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=cups-filters +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +zcat $CWD/CVE-2023-24805.patch.gz | patch -p1 --verbose || exit 1 + +if [ ! -r configure ]; then + if [ -x ./autogen.sh ]; then + NOCONFIGURE=1 ./autogen.sh + else + autoreconf -vif + fi +fi +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS -std=c++17 -fpermissive" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --infodir=/usr/info \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --with-test-font-path=/usr/share/fonts/TTF/DejaVuSans.ttf \ + --without-php \ + --disable-avahi \ + --disable-mutool \ + --disable-static \ + --with-browseremoteprotocols=cups \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/etc/rc.d +mv $PKG/etc/init.d/cups-browsed $PKG/etc/rc.d/rc.cups-browsed +chmod 0644 $PKG/etc/rc.d/rc.cups-browsed +rm -rf $PKG/etc/init.d $PKG/etc/rc{0,2,3,5}.d + +find $PKG/etc -type f -exec mv {} {}.new \; + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS COPYING* INSTALL ChangeLog NEWS README* THANKS TODO \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/cups-filters/cups-filters.url b/patches/source/cups-filters/cups-filters.url new file mode 100644 index 000000000..7b1d5cdfa --- /dev/null +++ b/patches/source/cups-filters/cups-filters.url @@ -0,0 +1 @@ +http://www.openprinting.org/download/cups-filters/ diff --git a/patches/source/cups-filters/doinst.sh b/patches/source/cups-filters/doinst.sh new file mode 100644 index 000000000..35b624517 --- /dev/null +++ b/patches/source/cups-filters/doinst.sh @@ -0,0 +1,27 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +config etc/cups/cups-browsed.conf.new +preserve_perms etc/rc.d/rc.cups-browsed.new + diff --git a/patches/source/cups-filters/slack-desc b/patches/source/cups-filters/slack-desc new file mode 100644 index 000000000..9c2590f3b --- /dev/null +++ b/patches/source/cups-filters/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +cups-filters: cups-filters (backends and filters for CUPS) +cups-filters: +cups-filters: This package provides backends, filters, and other software that was +cups-filters: once part of the core CUPS distribution but is no longer included. +cups-filters: In addition it contains additional filters and software developed +cups-filters: independently. +cups-filters: +cups-filters: +cups-filters: +cups-filters: +cups-filters: |