--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cups/patches/CVE-2014-8166.patch Thu Apr 16 05:10:57 2015 -0700
@@ -0,0 +1,145 @@
+Source:
+http://openwall.com/lists/oss-security/2015/03/24/2
+
+diff -up cups-1.4.2/scheduler/dirsvc.c.ansi cups-1.4.2/scheduler/dirsvc.c
+--- scheduler/dirsvc.c.ansi 2014-07-09 13:15:37.087313176 +0100
++++ scheduler/dirsvc.c 2014-07-09 13:25:51.415720934 +0100
+@@ -3288,6 +3288,11 @@ process_browse_data(
+ if (hptr && !*hptr)
+ *hptr = '.'; /* Resource FQDN */
+
++ if (!cupsdValidateName(name)) {
++ cupsdLogMessage(CUPSD_LOG_DEBUG, "process_browse_data: invalid name...");
++ return;
++ }
++
+ if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames)
+ {
+ /*
+diff -up cups-1.4.2/scheduler/ipp.c.ansi cups-1.4.2/scheduler/ipp.c
+--- scheduler/ipp.c.ansi 2014-07-09 13:13:41.878674069 +0100
++++ scheduler/ipp.c 2014-07-09 13:20:03.451790768 +0100
+@@ -98,8 +98,6 @@
+ * url_encode_string() - URL-encode a string.
+ * user_allowed() - See if a user is allowed to print to a queue.
+ * validate_job() - Validate printer options and destination.
+- * validate_name() - Make sure the printer name only contains
+- * valid chars.
+ * validate_user() - Validate the user for the request.
+ */
+
+@@ -248,7 +246,6 @@ static void url_encode_attr(ipp_attribut
+ static char *url_encode_string(const char *s, char *buffer, int bufsize);
+ static int user_allowed(cupsd_printer_t *p, const char *username);
+ static void validate_job(cupsd_client_t *con, ipp_attribute_t *uri);
+-static int validate_name(const char *name);
+ static int validate_user(cupsd_job_t *job, cupsd_client_t *con,
+ const char *owner, char *username,
+ int userlen);
+@@ -985,7 +982,7 @@ add_class(cupsd_client_t *con, /* I -
+ * Do we have a valid printer name?
+ */
+
+- if (!validate_name(resource + 9))
++ if (!cupsdValidateName(resource + 9))
+ {
+ /*
+ * No, return an error...
+@@ -2577,7 +2574,7 @@ add_printer(cupsd_client_t *con, /* I -
+ * Do we have a valid printer name?
+ */
+
+- if (!validate_name(resource + 10))
++ if (!cupsdValidateName(resource + 10))
+ {
+ /*
+ * No, return an error...
+@@ -11842,32 +11839,6 @@ validate_job(cupsd_client_t *con, /* I
+ }
+
+
+-/*
+- * 'validate_name()' - Make sure the printer name only contains valid chars.
+- */
+-
+-static int /* O - 0 if name is no good, 1 if good */
+-validate_name(const char *name) /* I - Name to check */
+-{
+- const char *ptr; /* Pointer into name */
+-
+-
+- /*
+- * Scan the whole name...
+- */
+-
+- for (ptr = name; *ptr; ptr ++)
+- if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
+- return (0);
+-
+- /*
+- * All the characters are good; validate the length, too...
+- */
+-
+- return ((ptr - name) < 128);
+-}
+-
+-
+ /*
+ * 'validate_user()' - Validate the user for the request.
+ */
+diff -up cups-1.4.2/scheduler/printers.c.ansi cups-1.4.2/scheduler/printers.c
+--- scheduler/printers.c.ansi 2014-07-09 13:15:28.635266291 +0100
++++ scheduler/printers.c 2014-07-09 13:19:59.450768573 +0100
+@@ -38,6 +38,8 @@
+ * cupsdUpdatePrinterPPD() - Update keywords in a printer's PPD file.
+ * cupsdUpdatePrinters() - Update printers after a partial reload.
+ * cupsdValidateDest() - Validate a printer/class destination.
++ * cupsdValidateName() - Make sure the printer name only contains
++ * valid chars.
+ * cupsdWritePrintcap() - Write a pseudo-printcap file for older
+ * applications that need it...
+ * add_printer_defaults() - Add name-default attributes to the printer
+@@ -3265,6 +3267,32 @@ cupsdValidateDest(
+ }
+
+
++/*
++ * 'cupsdValidateName()' - Make sure the printer name only contains valid chars.
++ */
++
++int /* O - 0 if name is no good, 1 if good */
++cupsdValidateName(const char *name) /* I - Name to check */
++{
++ const char *ptr; /* Pointer into name */
++
++
++ /*
++ * Scan the whole name...
++ */
++
++ for (ptr = name; *ptr; ptr ++)
++ if ((*ptr > 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
++ return (0);
++
++ /*
++ * All the characters are good; validate the length, too...
++ */
++
++ return ((ptr - name) < 128);
++}
++
++
+ /*
+ * 'cupsdWritePrintcap()' - Write a pseudo-printcap file for older applications
+ * that need it...
+diff -up cups-1.4.2/scheduler/printers.h.ansi cups-1.4.2/scheduler/printers.h
+--- scheduler/printers.h.ansi 2014-07-09 13:14:09.982829975 +0100
++++ scheduler/printers.h 2014-07-09 13:17:38.719987911 +0100
+@@ -175,6 +175,7 @@ extern cupsd_quota_t *cupsdUpdateQuota(c
+ extern const char *cupsdValidateDest(const char *uri,
+ cups_ptype_t *dtype,
+ cupsd_printer_t **printer);
++extern int cupsdValidateName(const char *name);
+ extern void cupsdWritePrintcap(void);
+
+