# HG changeset patch # User Mohana Rao Gorai # Date 1397625884 25200 # Node ID a27acdae98ecca567e47e57cb6ef45b35db9d4b9 # Parent 17fef665b8197ce79e2abbddd93dadd02411dc1d 17406738 problem in UTILITY/HPLIP diff -r 17fef665b819 -r a27acdae98ec components/hplip/Makefile --- a/components/hplip/Makefile Tue Apr 15 21:43:26 2014 -0700 +++ b/components/hplip/Makefile Tue Apr 15 22:24:44 2014 -0700 @@ -19,13 +19,13 @@ # # CDDL HEADER END # -# Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. # include ../../make-rules/shared-macros.mk COMPONENT_NAME= hplip COMPONENT_VERSION= 3.10.9 -COMPONENT_PROJECT_URL= http://hplipopensource.com/hplip-web/ +COMPONENT_PROJECT_URL= http://hplipopensource.com/hplip-web/index.html COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ diff -r 17fef665b819 -r a27acdae98ec components/hplip/patches/05_Bug17406738.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/hplip/patches/05_Bug17406738.patch Tue Apr 15 22:24:44 2014 -0700 @@ -0,0 +1,78 @@ +Description: fix for CVE-2013-0200 (insecure temporary files) +Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701185 +Original Bug: https://bugzilla.redhat.com/show_bug.cgi?id=902163 + +----------------------------------------------------------------------- +--- a/prnt/hpcups/SystemServices.cpp Tue Apr 10 01:32:37 2012 ++++ b/prnt/hpcups/SystemServices.cpp Tue Jan 28 03:22:40 2014 +@@ -36,9 +36,12 @@ + m_fp = NULL; + if (iLogLevel & SAVE_PCL_FILE) + { +- char fname[32]; +- sprintf(fname, "/tmp/hpcups_job%d.out", job_id); +- m_fp = fopen(fname, "w"); ++ char fname[40]; ++ int fd; ++ sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id); ++ fd = mkstemp (fname); ++ if (fd != -1) ++ m_fp = fdopen(fd, "w"); + chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + } + } +--- a/prnt/hpijs/hpijs.cpp Tue Apr 10 01:32:39 2012 ++++ b/prnt/hpijs/hpijs.cpp Tue Jan 28 03:20:35 2014 +@@ -97,12 +97,13 @@ + if (pSS->m_iLogLevel & SAVE_PCL_FILE) + { + char szFileName[32]; +- sprintf (szFileName, "/tmp/hpijs_%d.out", getpid()); +- pSS->outfp = fopen (szFileName, "w"); +- if (pSS->outfp) +- { +- chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); +- } ++ int fd; ++ sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid()); ++ fd = mkstemp (szFileName); ++ if (fd != -1) ++ pSS->outfp = fdopen (fd, "w"); ++ if (pSS->outfp) ++ chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + } + } + +--- a/prnt/hpcups/HPCupsFilter.cpp Tue Jan 28 03:06:22 2014 ++++ b/prnt/hpcups/HPCupsFilter.cpp Tue Jan 28 03:17:49 2014 +@@ -602,20 +602,25 @@ + + if (m_iLogLevel & SAVE_INPUT_RASTERS) + { +- char szFileName[32]; ++ char szFileName[44]; + memset(szFileName, 0, sizeof(szFileName)); +- snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number); ++ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number); + if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || + cups_header.cupsColorSpace == CUPS_CSPACE_RGB) + { +- cfp = fopen (szFileName, "w"); ++ int fd = mkstemp (szFileName); ++ if (fd != -1) ++ cfp = fdopen (fd, "w"); + chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + } + if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW || + cups_header.cupsColorSpace == CUPS_CSPACE_K) + { +- szFileName[17] = 'k'; +- kfp = fopen (szFileName, "w"); ++ int fd; ++ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number); ++ fd = mkstemp (szFileName); ++ if (fd != -1) ++ kfp = fdopen (fd, "w"); + chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + } + WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);