openembedded-core.git/meta/recipes-extended/cups, branch danny Mirror of openembedded-core cups CVE-2011-3170 2013-01-07T11:31:48+00:00 Li Wang li.wang@windriver.com 2013-01-07T11:10:01+00:00 1f555a6a45eb68011cbe759acf486ac507a6599c the patch come from: http://cups.org/strfiles/3914/str3914.patch The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 [YOCTO #3583] [ CQID: WIND00299594 ] Upstream-Status: Backport (From OE-Core rev: c82517bb667484854eaa05b6e9efd9ee0f164fec) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
the patch come from:
http://cups.org/strfiles/3914/str3914.patch

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170

[YOCTO #3583]
[ CQID: WIND00299594 ]
Upstream-Status: Backport

(From OE-Core rev: c82517bb667484854eaa05b6e9efd9ee0f164fec)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups - CVE-2011-2896 2013-01-07T11:31:41+00:00 Li Wang li.wang@windriver.com 2013-01-07T11:10:00+00:00 1518fc8febbe99fc7ce9b86e087f8bb1c02552d8 the patch come from: http://cups.org/strfiles/3867/str3867.patch The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896 [YOCTO #3582] [ CQID: WIND00299595 ] Upstream-Status: Backport (From OE-Core rev: 0742b7aecaada435f90f39f26914906a5eb1fd4f) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
the patch come from:
http://cups.org/strfiles/3867/str3867.patch

The LZW decompressor in the LWZReadByte function in giftoppm.c
in the David Koblas GIF decoder in PBMPLUS, as used in the
gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7,
the LZWReadByte function in plug-ins/common/file-gif-load.c
in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c
in XPCE in SWI-Prolog 5.10.4 and earlier, and other products,
does not properly handle code words that are absent from the
decompression table when encountered, which allows remote attackers to
trigger an infinite loop or a heap-based buffer overflow, and possibly
execute arbitrary code, via a crafted compressed stream, a related
issue to CVE-2006-1168 and CVE-2011-2895.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896

[YOCTO #3582]
[ CQID: WIND00299595 ]
Upstream-Status: Backport

(From OE-Core rev: 0742b7aecaada435f90f39f26914906a5eb1fd4f)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups: CVE-2012-5519 2013-01-07T11:31:34+00:00 Li Wang li.wang@windriver.com 2013-01-07T11:09:59+00:00 5031fedc6f8d7232fd934c66237c6dd1d84af05f lpadmin to (limited) root privilege escalation http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5519 http://www.cups.org/strfiles/4223/str4223v2-1.4.4-debian.patch [YOCTO #3579] [ CQID: WIND00392016 ] Upstream-Status: Backport (From OE-Core rev: 9f6964b489ef3e0f175bf33a94ab819408875da8) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
lpadmin to (limited) root privilege escalation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5519
http://www.cups.org/strfiles/4223/str4223v2-1.4.4-debian.patch

[YOCTO #3579]
[ CQID: WIND00392016 ]
Upstream-Status: Backport

(From OE-Core rev: 9f6964b489ef3e0f175bf33a94ab819408875da8)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups: disable pdftops 2012-08-23T10:15:51+00:00 Saul Wold sgw@linux.intel.com 2012-08-22T20:32:18+00:00 90bccaa290d2bc04c7ea1bbeb2cddb3509d0d380 This ensure a reliable built without host contamination, this will also disable the usage of ghostscript. [YOCTO #2966] Signed-off-by: Saul Wold <sgw@linux.intel.com> 
This ensure a reliable built without host contamination, this
will also disable the usage of ghostscript.

[YOCTO #2966]

Signed-off-by: Saul Wold <sgw@linux.intel.com>
cups_1.4.6.bb: Fix build on ppc64 2012-07-26T13:39:48+00:00 Khem Raj raj.khem@gmail.com 2012-07-22T23:54:17+00:00 c8de655e8f5b2ac8b72428252645022458460912 ppc64 uses lib64 and usr/lib64 for library paths so we need to train cups build system Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
ppc64 uses lib64 and usr/lib64 for library paths
so we need to train cups build system

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Convert tab indentation in python functions into four-space 2012-07-19T09:17:30+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2012-07-11T17:33:43+00:00 604d46c686d06d62d5a07b9c7f4fa170f99307d8 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups: clean up FILE after PACKAGE reorder 2012-06-20T04:59:52+00:00 Saul Wold sgw@linux.intel.com 2012-06-06T01:22:53+00:00 83f5bd8d2ae2f83060851d76ab87d01da7c4278b Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta: replace os.system with subprocess.call 2012-05-30T09:56:15+00:00 Robert Yang liezhi.yang@windriver.com 2012-05-29T14:53:06+00:00 a07d03cc6f67c88feb9813ae7deb6e4a93552dfe Replace os.system with subprocess.call since the older function would fail (more or less) silently if the executed program cannot be found More info: http://docs.python.org/library/subprocess.html#subprocess-replacements [YOCTO #2454] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Replace os.system with subprocess.call since the older function would
fail (more or less) silently if the executed program cannot be found

More info:
http://docs.python.org/library/subprocess.html#subprocess-replacements

[YOCTO #2454]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups: Ensure cups-config has correct target paths, not sysroot ones for cups_serverbin and cups_datadir variables 2012-03-16T16:46:28+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2012-03-16T15:17:09+00:00 edb8eb566968d386f6995b95d54bc7c25a50b02a These are used by dependent packages to know where to install cups related pieces into therefore we need to remove the sysroot prefix from these. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
These are used by dependent packages to know where to install cups related
pieces into therefore we need to remove the sysroot prefix from these.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta: Convert getVar/getVarFlag(xxx, 1) -> (xxx, True) 2012-03-05T18:33:18+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2012-03-03T10:59:25+00:00 41bc192c0b5795561b239872008c91a867732219 Using "1" with getVar is bad coding style and "True" is preferred. This patch is a sed over the meta directory of the form: sed \ -e 's:\(\.getVar([^,()]*, \)1 *):\1True):g' \ -e 's:\(\.getVarFlag([^,()]*, [^,()]*, \)1 *):\1True):g' \ -i `grep -ril getVar *` Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Using "1" with getVar is bad coding style and "True" is preferred.
This patch is a sed over the meta directory of the form:

sed \
 -e 's:\(\.getVar([^,()]*, \)1 *):\1True):g' \
 -e 's:\(\.getVarFlag([^,()]*, [^,()]*, \)1 *):\1True):g' \
 -i `grep -ril getVar *`

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>