Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 200691 Details for
Bug 252210
<net-fs/netatalk-2.0.5-r1: Command Injection (CVE-2008-5718)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
netatalk-2.0.4-CVE-2008-5718.patch
netatalk-2.0.4-CVE-2008-5718.patch (text/plain), 4.33 KB, created by
Robert Buchholz (RETIRED)
on 2009-08-09 15:48:25 UTC
(
hide
)
Description:
netatalk-2.0.4-CVE-2008-5718.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-08-09 15:48:25 UTC
Size:
4.33 KB
patch
obsolete
>From fd6a1699073b82d12750f6a7f1a6661243ec1796 Mon Sep 17 00:00:00 2001 >From: franklahm <franklahm@users.sourceforge.net> >Date: Mon, 20 Jul 2009 09:03:54 +0000 >Subject: [PATCH] Remove variable expansion for BSD printers. Fixes CVE-2008-5718. > >--- > NEWS | 5 +++++ > VERSION | 2 +- > etc/papd/lp.c | 6 +++--- > man/man5/papd.conf.5.tmpl | 25 ++++++------------------- > 4 files changed, 15 insertions(+), 23 deletions(-) > >diff --git a/NEWS b/NEWS >index f3565dc..a43fbf7 100644 >--- a/NEWS >+++ b/NEWS >@@ -1,3 +1,8 @@ >+Changes in 2.0.5 >+================ >+ >+* FIX: papd: Remove variable expansion for BSD printers. Fixes CVE-2008-5718. >+ > Changes in 2.0.4 > ================ > >diff --git a/VERSION b/VERSION >index 2165f8f..4e99edd 100644 >--- a/VERSION >+++ b/VERSION >@@ -1 +1 @@ >-2.0.4 >+2.0.5dev >diff --git a/etc/papd/lp.c b/etc/papd/lp.c >index 4b36dd6..e3a149b 100644 >--- a/etc/papd/lp.c >+++ b/etc/papd/lp.c >@@ -1,5 +1,5 @@ > /* >- * $Id: lp.c,v 1.14.8.4.2.8 2009/02/04 22:33:11 didg Exp $ >+ * $Id: lp.c,v 1.14.8.4.2.9 2009/07/20 09:03:54 franklahm Exp $ > * > * Copyright (c) 1990,1994 Regents of The University of Michigan. > * All Rights Reserved. See COPYRIGHT. >@@ -586,9 +586,9 @@ int lp_open( out, sat ) > } > > lp_setup_comments(CH_UNIX); >- pipe_cmd = pipexlate(printer->p_printer); >+ pipe_cmd = printer->p_printer; > if (!pipe_cmd) { >- LOG(log_error, logtype_papd, "lp_open: can't generate pipe cmd" ); >+ LOG(log_error, logtype_papd, "lp_open: no pipe cmd" ); > spoolerror( out, NULL ); > return( -1 ); > } >diff --git a/man/man5/papd.conf.5.tmpl b/man/man5/papd.conf.5.tmpl >index d707eaa..b282537 100644 >--- a/man/man5/papd.conf.5.tmpl >+++ b/man/man5/papd.conf.5.tmpl >@@ -43,7 +43,7 @@ printername may be just a name (\fBPrinter 1\fR), or it may be a full name in nb > Systems using a BSD printing system should make use of a pipe to the printing command in question within the > \fBpr\fR > option (eg\&. >-\fBpr=|/usr/bin/lpr \-J%J \-u%U\fR)\&. Note: When printing using a pipe, papd recognizes several wildcards: %F will be replaced by the name present in the "%%For:" comment in the PostScript stream, same with %J for the "%%Title:" comment\&. %U will be substituted with the login name (the latter applies only when authenticated printing is in effect)\&. >+\fBpr=|/usr/bin/lpr)\&. > .PP > When CUPS support is compiled in, then > \fBcupsautoadd \fR >@@ -148,39 +148,26 @@ HP Printer:\e > .\} > > .PP >-An alternative to the technique outlined above is to direct papd\'s output via a pipe into another program\&. Using this mechanism almost all printing systems can be driven\&. Netatalk supplies three "wildcards" that get substituted with values of the already printed job: >-\fB%F\fR, >-\fB%U\fR >-and >-\fB%J\fR\&. Using these wildcards, one can pass those parameters directly to programs or implement small wrapper scripts to call the printing system in question\&. >+An alternative to the technique outlined above is to direct papd\'s output via a pipe into another program\&. Using this mechanism almost all printing systems can be driven\&. > .PP > \fBExample.\ \&papd.conf examples using pipes\fR > .PP > The first spooler is known as HP 8100\&. It pipes the print job to > \fB/usr/bin/lpr\fR >-for printing using the value of the >-\fI%%Title: \fR >-comment as job name\&. PSSP authenticated printing is enabled, as is CAP\-style authenticated printing\&. Both methods support guest and cleartext authentication as specified by the \'\fBam\fR\' option\&. The PPD used is >-/etc/atalk/ppds/hp8100\&.ppd\&. The second spooler is called "Dump PostScript" and uses a pipe to >-\fBcat\fR >-to send the raw PostScript code into the user\'s home directory into a file called like the printjob\&. >+for printing. >+PSSP authenticated printing is enabled, as is CAP\-style authenticated printing\&. Both methods support guest and cleartext authentication as specified by the \'\fBam\fR\' option\&. The PPD used is >+/etc/atalk/ppds/hp8100\&.ppd\&. > .sp > .if n \{\ > .RS 4 > .\} > .nf > HP 8100:\e >- :pr=|/usr/bin/lpr \-Plp \-J"%J":\e >+ :pr=|/usr/bin/lpr \-Plp:\e > :sp:\e > :ca=/tmp/print:\e > :am=uams_guest\&.so,uams_pam\&.so:\e > :pd=/etc/atalk/ppds/hp8100\&.ppd: >- >-Dump PostScript:LaserWriter@Server:\e >- :pr=|cat >/home/%U/%J\-prn\&.out:\e >- :pd=/usr/share/lib/ppd/mooralana\&.ppd:\e >- :sp:au:op=lp:\e >- :am=uams_clrtxt\&.so: > .fi > .if n \{\ > .RE >-- >1.6.3.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=200691">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 252210
: 200691
