Accepting request 23676 from home:coolo:branches:openSUSE:Factory:branched

Copy from home:coolo:branches:openSUSE:Factory:branched/cups via accept of submit request 23676 revision 2.
Request was accepted with message:
thanks coolo

OBS-URL: https://build.opensuse.org/request/show/23676
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=176

cups-1.1.21-testppd_duplex.patch

@@ -1,14 +1,16 @@
---- cups-1.1.21/systemv/cupstestppd.c.orig	2004-08-23 20:36:50.000000000 +0200
-+++ cups-1.1.21/systemv/cupstestppd.c	2004-09-20 16:19:12.427769515 +0200
-@@ -854,6 +854,7 @@
- 	      strcmp(choice->choice, "DuplexTumble") &&
- 	      strcmp(choice->choice, "SimplexTumble"))
+Index: cups-1.3.11/systemv/cupstestppd.c
+===================================================================
+--- cups-1.3.11.orig/systemv/cupstestppd.c
++++ cups-1.3.11/systemv/cupstestppd.c
+@@ -931,6 +931,7 @@ main(int  argc,				/* I - Number of comm
+           if (size->left == 0.0 && size->bottom == 0.0 &&
+ 	      size->right == 0.0 && size->top == 0.0)
  	  {
 +#if 0
  	    if (verbose >= 0)
  	    {
  	      if (!errors && !verbose)
-@@ -865,6 +866,10 @@
+@@ -945,6 +946,10 @@ main(int  argc,				/* I - Number of comm
              }
  
  	    errors ++;
@@ -17,5 +19,5 @@
 +	             option->keyword, choice->choice);
 +#endif
  	  }
-       }
  
+ 	 /*

cups-1.2.0-ppdsdat_generation.patch

@@ -1,15 +1,17 @@
---- cups-1.2.0/scheduler/main.c.orig	2006-03-18 04:05:12.000000000 +0100
-+++ cups-1.2.0/scheduler/main.c	2006-03-29 19:02:22.000000000 +0200
-@@ -148,6 +148,7 @@
+Index: cups-1.3.11/scheduler/main.c
+===================================================================
+--- cups-1.3.11.orig/scheduler/main.c
++++ cups-1.3.11/scheduler/main.c
+@@ -172,6 +172,7 @@ main(int  argc,				/* I - Number of comm
    */
  
    fg = 0;
 +  ppds_generation = 0;
  
-   for (i = 1; i < argc; i ++)
-     if (argv[i][0] == '-')
-@@ -219,6 +220,10 @@
- #endif /* HAVE_LAUNCHD */
+ #ifdef HAVE_LAUNCHD
+   if (getenv("CUPSD_LAUNCHD"))
+@@ -272,6 +273,10 @@ main(int  argc,				/* I - Number of comm
+ 	      fg             = 1;
  	      break;
  
 +	  case 'P' : /* generate ppds only */
@@ -19,7 +21,7 @@
  	  default : /* Unknown option */
                _cupsLangPrintf(stderr, _("cupsd: Unknown option \"%c\" - "
  	                                "aborting!\n"), *opt);
-@@ -287,17 +292,18 @@
+@@ -340,17 +345,18 @@ main(int  argc,				/* I - Number of comm
          perror("cupsd");
  	return (1);
        }
@@ -39,9 +41,9 @@
 +      } else
 +	return (0);
      }
-   }
  
-@@ -482,6 +488,9 @@
+ #ifdef __OpenBSD__
+@@ -625,6 +631,9 @@ main(int  argc,				/* I - Number of comm
    }
  #endif /* __sgi */
  
@@ -51,7 +53,7 @@
   /*
    * Initialize authentication certificates...
    */
-@@ -2260,13 +2269,14 @@
+@@ -2031,13 +2040,14 @@ static void
  usage(int status)			/* O - Exit status */
  {
    _cupsLangPuts(status ? stderr : stdout,
@@ -68,21 +70,25 @@
    exit(status);
  }
  
---- cups-1.2.0/scheduler/cupsd.h.orig	2006-03-18 04:05:12.000000000 +0100
-+++ cups-1.2.0/scheduler/cupsd.h	2006-03-29 17:30:47.000000000 +0200
-@@ -202,6 +202,8 @@
- 				  char *envp[], int infd, int outfd,
- 				  int errfd, int backfd, int root, int *pid);
+Index: cups-1.3.11/scheduler/cupsd.h
+===================================================================
+--- cups-1.3.11.orig/scheduler/cupsd.h
++++ cups-1.3.11/scheduler/cupsd.h
+@@ -180,6 +180,8 @@ VAR PSQUpdateQuotaProcPtr PSQUpdateQuota
+ 
+ 
  
 +VAR int			ppds_generation;/* Generate ppds.dat and exit() */
 +
  
  /*
-  * End of "$Id: cupsd.h 5305 2006-03-18 03:05:12Z mike $".
---- cups-1.2.0/scheduler/conf.c.orig	2006-03-14 12:54:45.000000000 +0100
-+++ cups-1.2.0/scheduler/conf.c	2006-03-29 17:30:47.000000000 +0200
-@@ -716,6 +716,9 @@
-                       TempDir, strerror(errno));
+  * Prototypes...
+Index: cups-1.3.11/scheduler/conf.c
+===================================================================
+--- cups-1.3.11.orig/scheduler/conf.c
++++ cups-1.3.11/scheduler/conf.c
+@@ -941,6 +941,9 @@ cupsdReadConfiguration(void)
+       return (0);
    }
  
 +  if (ppds_generation > 0)

cups-1.2.11-testppd_filename.patch

@@ -1,6 +1,8 @@
---- cups-1.2.11/systemv/cupstestppd.c.orig	2007-05-10 13:47:54.000000000 +0200
-+++ cups-1.2.11/systemv/cupstestppd.c	2007-05-10 13:53:56.000000000 +0200
-@@ -92,6 +92,7 @@
+Index: cups-1.3.11/systemv/cupstestppd.c
+===================================================================
+--- cups-1.3.11.orig/systemv/cupstestppd.c
++++ cups-1.3.11/systemv/cupstestppd.c
+@@ -129,6 +129,7 @@ main(int  argc,				/* I - Number of comm
    int		i, j, k, m, n;		/* Looping vars */
    int		len;			/* Length of option name */
    char		*opt;			/* Option character */
@@ -8,7 +10,7 @@
    const char	*ptr;			/* Pointer into string */
    int		files;			/* Number of files */
    int		verbose;		/* Want verbose output? */
-@@ -315,6 +316,7 @@
+@@ -375,6 +376,7 @@ main(int  argc,				/* I - Number of comm
  
        errors     = 0;
        ppdversion = 43;
@@ -16,12 +18,12 @@
  
        if (verbose > 0)
          _cupsLangPuts(stdout,
-@@ -1545,7 +1547,7 @@
- 	 
+@@ -1171,7 +1173,7 @@ main(int  argc,				/* I - Number of comm
+ 
        if (verbose >= 0)
        {
 -        check_basics(argv[i]);
 +        check_basics(ppdfilename);
  
-        /*
- 	* Look for default keywords with no corresponding option...
+ 	if (warn & WARN_CONSTRAINTS)
+ 	  errors = check_constraints(ppd, errors, verbose, 1);

cups-1.3.11-CVE-2009-2820-regression-fix.patch

@@ -0,0 +1,27 @@
+--- cgi-bin/admin.c.after-cups-1.3.11-CVE-2009-2820-patch	2009-11-03 12:33:53.000000000 +0100
++++ cgi-bin/admin.c	2009-11-03 12:37:37.000000000 +0100
+@@ -486,6 +486,7 @@ do_am_class(http_t *http,		/* I - HTTP c
+   ipp_attribute_t *attr;		/* member-uris attribute */
+   char		uri[HTTP_MAX_URI];	/* Device or printer URI */
+   const char	*name,			/* Pointer to class name */
++		*op,			/* Operation name */
+ 		*ptr;			/* Pointer to CGI variable */
+   const char	*title;			/* Title of page */
+   static const char * const pattrs[] =	/* Requested printer attributes */
+@@ -497,6 +498,7 @@ do_am_class(http_t *http,		/* I - HTTP c
+ 
+ 
+   title = cgiText(modify ? _("Modify Class") : _("Add Class"));
++  op    = cgiGetVariable("OP");
+   name  = cgiGetVariable("PRINTER_NAME");
+ 
+   if (cgiGetVariable("PRINTER_LOCATION") == NULL)
+@@ -516,6 +518,8 @@ do_am_class(http_t *http,		/* I - HTTP c
+     */
+ 
+     cgiClearVariables();
++    if (op)
++      cgiSetVariable("OP", op);
+     if (name)
+       cgiSetVariable("PRINTER_NAME", name);
+ 

cups-1.3.11-CVE-2009-2820.patch

@@ -0,0 +1,424 @@
+diff -upr cups-1.3.11.orig/cgi-bin/admin.c cups-1.3.11/cgi-bin/admin.c
+--- cups-1.3.11.orig/cgi-bin/admin.c	2009-06-18 23:42:45.000000000 +0200
++++ cups-1.3.11/cgi-bin/admin.c	2009-10-21 11:43:02.000000000 +0200
+@@ -104,6 +104,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   cgiSetVariable("SECTION", "admin");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we have form data...
+@@ -134,16 +135,61 @@ main(int  argc,				/* I - Number of comm
+ 
+ 
+       if (getenv("HTTPS"))
+-        snprintf(prefix, sizeof(prefix), "https://%s:%s",
+-	         getenv("SERVER_NAME"), getenv("SERVER_PORT"));
++	snprintf(prefix, sizeof(prefix), "https://%s:%s",
++		 getenv("SERVER_NAME"), getenv("SERVER_PORT"));
+       else
+-        snprintf(prefix, sizeof(prefix), "http://%s:%s",
+-	         getenv("SERVER_NAME"), getenv("SERVER_PORT"));
++	snprintf(prefix, sizeof(prefix), "http://%s:%s",
++		 getenv("SERVER_NAME"), getenv("SERVER_PORT"));
++
++      fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix);
+ 
+       if ((url = cgiGetVariable("URL")) != NULL)
+-        printf("Location: %s%s\n\n", prefix, url);
++      {
++	char	encoded[1024],		/* Encoded URL string */
++		*ptr;			/* Pointer into encoded string */
++
++
++	ptr = encoded;
++	if (*url != '/')
++	  *ptr++ = '/';
++
++	for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++)
++	{
++	  if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128)
++	  {
++	   /*
++	    * Percent-encode this character; safe because we have at least 4
++	    * bytes left in the array...
++	    */
++
++	    sprintf(ptr, "%%%02X", *url & 255);
++	    ptr += 3;
++	  }
++	  else
++	    *ptr++ = *url;
++	}
++
++	*ptr = '\0';
++
++	if (*url)
++	{
++	 /*
++	  * URL was too long, just redirect to the admin page...
++	  */
++
++	  printf("Location: %s/admin\n\n", prefix);
++	}
++	else
++	{
++	 /*
++	  * URL is OK, redirect there...
++	  */
++
++	  printf("Location: %s%s\n\n", prefix, encoded);
++	}
++      }
+       else
+-        printf("Location: %s/admin\n\n", prefix);
++	printf("Location: %s/admin\n\n", prefix);
+     }
+     else if (!strcmp(op, "start-printer"))
+       do_printer_op(http, IPP_RESUME_PRINTER, cgiText(_("Start Printer")));
+@@ -293,6 +339,31 @@ do_add_rss_subscription(http_t *http)	/*
+     * and classes and (re)show the add page...
+     */
+ 
++    if (cgiGetVariable("EVENT_JOB_CREATED"))
++      cgiSetVariable("EVENT_JOB_CREATED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_COMPLETED"))
++      cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_STOPPED"))
++      cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED"))
++      cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_STOPPED"))
++      cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_ADDED"))
++      cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_MODIFIED"))
++      cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_DELETED"))
++      cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_STARTED"))
++      cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_STOPPED"))
++      cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_RESTARTED"))
++      cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_AUDIT"))
++      cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED");
++
+     request  = ippNewRequest(CUPS_GET_PRINTERS);
+     response = cupsDoRequest(http, request, "/");
+ 
+@@ -450,6 +521,10 @@ do_am_class(http_t *http,		/* I - HTTP c
+     * Do the request and get back a response...
+     */
+ 
++    cgiClearVariables();
++    if (name)
++      cgiSetVariable("PRINTER_NAME", name);
++
+     if ((response = cupsDoRequest(http, request, "/")) != NULL)
+     {
+      /*
+@@ -2336,7 +2411,9 @@ do_menu(http_t *http)			/* I - HTTP conn
+   if ((val = cupsGetOption("DefaultAuthType", num_settings,
+                            settings)) != NULL && !strcasecmp(val, "Negotiate"))
+     cgiSetVariable("KERBEROS", "CHECKED");
++  else
+ #endif /* HAVE_GSSAPI */
++  cgiSetVariable("KERBEROS", "");
+ 
+   cupsFreeOptions(num_settings, settings);
+ 
+diff -upr cups-1.3.11.orig/cgi-bin/cgi.h cups-1.3.11/cgi-bin/cgi.h
+--- cups-1.3.11.orig/cgi-bin/cgi.h	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/cgi.h	2009-10-21 11:42:42.000000000 +0200
+@@ -54,6 +54,7 @@ typedef struct cgi_file_s		/**** Uploade
+ extern void		cgiAbort(const char *title, const char *stylesheet,
+ 			         const char *format, ...);
+ extern int		cgiCheckVariables(const char *names);
++extern void		cgiClearVariables(void);
+ extern void		*cgiCompileSearch(const char *query);
+ extern void		cgiCopyTemplateFile(FILE *out, const char *tmpl);
+ extern void		cgiCopyTemplateLang(const char *tmpl);
+diff -upr cups-1.3.11.orig/cgi-bin/classes.c cups-1.3.11/cgi-bin/classes.c
+--- cups-1.3.11.orig/cgi-bin/classes.c	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/classes.c	2009-10-21 11:43:16.000000000 +0200
+@@ -69,6 +69,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   cgiSetVariable("SECTION", "classes");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we are displaying a printer or all classes...
+diff -upr cups-1.3.11.orig/cgi-bin/help.c cups-1.3.11/cgi-bin/help.c
+--- cups-1.3.11.orig/cgi-bin/help.c	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/help.c	2009-10-21 11:43:06.000000000 +0200
+@@ -63,6 +63,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   cgiSetVariable("SECTION", "help");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * Load the help index...
+@@ -102,7 +103,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   for (i = 0; i < argc; i ++)
+-    fprintf(stderr, "argv[%d]=\"%s\"\n", i, argv[i]);
++    fprintf(stderr, "DEBUG: argv[%d]=\"%s\"\n", i, argv[i]);
+ 
+   if ((helpfile = getenv("PATH_INFO")) != NULL)
+   {
+@@ -179,6 +180,12 @@ main(int  argc,				/* I - Number of comm
+   topic = cgiGetVariable("TOPIC");
+   si    = helpSearchIndex(hi, query, topic, helpfile);
+ 
++  cgiClearVariables();
++  if (query)
++    cgiSetVariable("QUERY", query);
++  if (topic)
++    cgiSetVariable("TOPIC", topic);
++
+   fprintf(stderr, "DEBUG: query=\"%s\", topic=\"%s\"\n",
+           query ? query : "(null)", topic ? topic : "(null)");
+ 
+diff -upr cups-1.3.11.orig/cgi-bin/ipp-var.c cups-1.3.11/cgi-bin/ipp-var.c
+--- cups-1.3.11.orig/cgi-bin/ipp-var.c	2009-03-05 19:44:14.000000000 +0100
++++ cups-1.3.11/cgi-bin/ipp-var.c	2009-10-21 11:42:57.000000000 +0200
+@@ -1220,7 +1220,9 @@ cgiShowJobs(http_t     *http,		/* I - Co
+   int			ascending,	/* Order of jobs (0 = descending) */
+ 			first,		/* First job to show */
+ 			count;		/* Number of jobs */
+-  const char		*var;		/* Form variable */
++  const char		*var,		/* Form variable */
++			*query,		/* Query string */
++			*section;	/* Section in web interface */
+   void			*search;	/* Search data */
+   char			url[1024],	/* URL for prev/next/this */
+ 			*urlptr,	/* Position in URL */
+@@ -1265,10 +1267,13 @@ cgiShowJobs(http_t     *http,		/* I - Co
+     * Get a list of matching job objects.
+     */
+ 
+-    if ((var = cgiGetVariable("QUERY")) != NULL)
+-      search = cgiCompileSearch(var);
++    if ((query = cgiGetVariable("QUERY")) != NULL)
++      search = cgiCompileSearch(query);
+     else
++    {
++      query  = NULL;
+       search = NULL;
++    }
+ 
+     jobs  = cgiGetIPPObjects(response, search);
+     count = cupsArrayCount(jobs);
+@@ -1293,16 +1298,27 @@ cgiShowJobs(http_t     *http,		/* I - Co
+     if (first < 0)
+       first = 0;
+ 
+-    sprintf(url, "%d", count);
+-    cgiSetVariable("TOTAL", url);
+-
+     if ((var = cgiGetVariable("ORDER")) != NULL)
+       ascending = !strcasecmp(var, "asc");
+     else
+-    {
+       ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed");
+-      cgiSetVariable("ORDER", ascending ? "asc" : "dec");
+-    }
++
++    section = cgiGetVariable("SECTION");
++
++    cgiClearVariables();
++
++    if (query)
++      cgiSetVariable("QUERY", query);
++
++    cgiSetVariable("ORDER", ascending ? "asc" : "dec");
++
++    cgiSetVariable("SECTION", section);
++
++    sprintf(url, "%d", count);
++    cgiSetVariable("TOTAL", url);
++
++    if (which_jobs)
++      cgiSetVariable("WHICH_JOBS", which_jobs);
+ 
+     if (ascending)
+     {
+@@ -1325,11 +1341,10 @@ cgiShowJobs(http_t     *http,		/* I - Co
+ 
+     urlend = url + sizeof(url);
+ 
+-    if ((var = cgiGetVariable("QUERY")) != NULL)
++    if (query != NULL)
+     {
+       if (dest)
+-        snprintf(url, sizeof(url), "/%s/%s?QUERY=", cgiGetVariable("SECTION"),
+-	         dest);
++        snprintf(url, sizeof(url), "/%s/%s?QUERY=", section, dest);
+       else
+         strlcpy(url, "/jobs/?QUERY=", sizeof(url));
+ 
+@@ -1344,7 +1359,7 @@ cgiShowJobs(http_t     *http,		/* I - Co
+     else
+     {
+       if (dest)
+-        snprintf(url, sizeof(url), "/%s/%s?", cgiGetVariable("SECTION"), dest);
++        snprintf(url, sizeof(url), "/%s/%s?", section, dest);
+       else
+         strlcpy(url, "/jobs/?", sizeof(url));
+ 
+diff -upr cups-1.3.11.orig/cgi-bin/jobs.c cups-1.3.11/cgi-bin/jobs.c
+--- cups-1.3.11.orig/cgi-bin/jobs.c	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/jobs.c	2009-10-21 11:43:13.000000000 +0200
+@@ -57,6 +57,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   cgiSetVariable("SECTION", "jobs");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * Connect to the HTTP server...
+diff -upr cups-1.3.11.orig/cgi-bin/printers.c cups-1.3.11/cgi-bin/printers.c
+--- cups-1.3.11.orig/cgi-bin/printers.c	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/printers.c	2009-10-21 11:42:30.000000000 +0200
+@@ -72,6 +72,7 @@ main(int  argc,				/* I - Number of comm
+   */
+ 
+   cgiSetVariable("SECTION", "printers");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we are displaying a printer or all printers...
+diff -upr cups-1.3.11.orig/cgi-bin/template.c cups-1.3.11/cgi-bin/template.c
+--- cups-1.3.11.orig/cgi-bin/template.c	2008-07-12 00:48:49.000000000 +0200
++++ cups-1.3.11/cgi-bin/template.c	2009-10-21 11:42:50.000000000 +0200
+@@ -639,6 +639,8 @@ cgi_puts(const char *s,			/* I - String
+       fputs("&gt;", out);
+     else if (*s == '\"')
+       fputs("&quot;", out);
++    else if (*s == '\'')
++      fputs("&#39;", out);
+     else if (*s == '&')
+       fputs("&amp;", out);
+     else
+@@ -659,7 +661,7 @@ cgi_puturi(const char *s,		/* I - String
+ {
+   while (*s)
+   {
+-    if (strchr("%&+ <>#=", *s) || *s & 128)
++    if (strchr("%@&+ <>#=", *s) || *s < ' ' || *s & 128)
+       fprintf(out, "%%%02X", *s & 255);
+     else
+       putc(*s, out);
+diff -upr cups-1.3.11.orig/cgi-bin/var.c cups-1.3.11/cgi-bin/var.c
+--- cups-1.3.11.orig/cgi-bin/var.c	2009-05-08 06:56:54.000000000 +0200
++++ cups-1.3.11/cgi-bin/var.c	2009-10-21 11:43:09.000000000 +0200
+@@ -15,6 +15,7 @@
+  * Contents:
+  *
+  *   cgiCheckVariables()        - Check for the presence of "required" variables.
++ *   cgiClearVariables()        - Clear all form variables.
+  *   cgiGetArray()              - Get an element from a form array...
+  *   cgiGetFile()               - Get the file (if any) that was submitted in the form.
+  *   cgiGetSize()               - Get the size of a form array value.
+@@ -135,6 +136,31 @@ cgiCheckVariables(const char *names)	/*
+ 
+ 
+ /*
++ * 'cgiClearVariables()' - Clear all form variables.
++ */
++
++void
++cgiClearVariables(void)
++{
++  int		i, j;			/* Looping vars */
++  _cgi_var_t	*v;			/* Current variable */
++
++
++  for (v = form_vars, i = form_count; i > 0; v ++, i --)
++  {
++    _cupsStrFree(v->name);
++    for (j = 0; j < v->nvalues; j ++)
++      if (v->values[j])
++        _cupsStrFree(v->values[j]);
++  }
++
++  form_count = 0;
++
++  cgi_unlink_file();
++}
++
++
++/*
+  * 'cgiGetArray()' - Get an element from a form array...
+  */
+ 
+@@ -154,7 +180,7 @@ cgiGetArray(const char *name,		/* I - Na
+   if (element < 0 || element >= var->nvalues)
+     return (NULL);
+ 
+-  return (var->values[element]);
++  return (_cupsStrAlloc(var->values[element]));
+ }
+ 
+ 
+@@ -209,7 +235,7 @@ cgiGetVariable(const char *name)	/* I -
+            var->values[var->nvalues - 1]);
+ #endif /* DEBUG */
+ 
+-  return ((var == NULL) ? NULL : var->values[var->nvalues - 1]);
++  return ((var == NULL) ? NULL : _cupsStrAlloc(var->values[var->nvalues - 1]));
+ }
+ 
+ 
+@@ -341,9 +367,9 @@ cgiSetArray(const char *name,		/* I - Na
+       var->nvalues = element + 1;
+     }
+     else if (var->values[element])
+-      free((char *)var->values[element]);
++      _cupsStrFree((char *)var->values[element]);
+ 
+-    var->values[element] = strdup(value);
++    var->values[element] = _cupsStrAlloc(value);
+   }
+ }
+ 
+@@ -388,7 +414,7 @@ cgiSetSize(const char *name,		/* I - Nam
+   {
+     for (i = size; i < var->nvalues; i ++)
+       if (var->values[i])
+-        free((void *)(var->values[i]));
++        _cupsStrFree((void *)(var->values[i]));
+   }
+ 
+   var->nvalues = size;
+@@ -421,9 +447,9 @@ cgiSetVariable(const char *name,	/* I -
+   {
+     for (i = 0; i < var->nvalues; i ++)
+       if (var->values[i])
+-        free((char *)var->values[i]);
++        _cupsStrFree((char *)var->values[i]);
+ 
+-    var->values[0] = strdup(value);
++    var->values[0] = _cupsStrAlloc(value);
+     var->nvalues   = 1;
+   }
+ }
+@@ -470,10 +496,10 @@ cgi_add_variable(const char *name,	/* I
+   if ((var->values = calloc(element + 1, sizeof(char *))) == NULL)
+     return;
+ 
+-  var->name            = strdup(name);
++  var->name            = _cupsStrAlloc(name);
+   var->nvalues         = element + 1;
+   var->avalues         = element + 1;
+-  var->values[element] = strdup(value);
++  var->values[element] = _cupsStrAlloc(value);
+ 
+   form_count ++;
+ }

cups-1.3.3-mime.patch

@@ -1,6 +1,8 @@
---- cups-1.3.3/conf/mime.types.orig	2007-07-11 23:46:42.000000000 +0200
-+++ cups-1.3.3/conf/mime.types	2007-10-15 18:39:02.000000000 +0200
-@@ -75,6 +75,8 @@
+Index: cups-1.3.11/conf/mime.types
+===================================================================
+--- cups-1.3.11.orig/conf/mime.types
++++ cups-1.3.11/conf/mime.types
+@@ -75,6 +75,8 @@ application/postscript		ai eps ps string
  				 contains(0,4096,"LANGUAGE = POSTSCRIPT") \
  				 (contains(0,4096,<0a>%!) + \
  				  !contains(0,4096,"ENTER LANGUAGE")))
@@ -9,11 +11,13 @@
  application/vnd.hp-HPGL		hpgl \
  				string(0,<1B>E<1B>%0B) \
  				string(0,<1B>%-1B) string(0,<201B>)\
---- cups-1.3.3/conf/mime.convs.in.orig	2007-08-02 19:58:59.000000000 +0200
-+++ cups-1.3.3/conf/mime.convs.in	2007-10-15 18:40:15.000000000 +0200
+Index: cups-1.3.11/conf/mime.convs.in
+===================================================================
+--- cups-1.3.11.orig/conf/mime.convs.in
++++ cups-1.3.11/conf/mime.convs.in
 @@ -40,6 +40,8 @@
  
- application/pdf		application/postscript	33	pdftops
+ application/pdf		application/vnd.cups-postscript	66	pdftops
  application/postscript	application/vnd.cups-postscript	66	pstops
 +#application/x-dvi	application/postscript	50	dvitops
 +application/netscape-ps	application/vnd.cups-postscript	33	ogonki

cups-1.3.3-pswrite.patch

@@ -1,6 +1,8 @@
---- cups-1.3.3/conf/mime.types.orig	2007-10-15 18:42:58.000000000 +0200
-+++ cups-1.3.3/conf/mime.types	2007-10-15 18:44:56.000000000 +0200
-@@ -76,7 +76,10 @@
+Index: cups-1.3.11/conf/mime.types
+===================================================================
+--- cups-1.3.11.orig/conf/mime.types
++++ cups-1.3.11/conf/mime.types
+@@ -76,7 +76,10 @@ application/postscript		ai eps ps string
  				 (contains(0,4096,<0a>%!) + \
  				  !contains(0,4096,"ENTER LANGUAGE")))
  #application/x-dvi		dvi string(0,<F702>)
@@ -12,10 +14,12 @@
  application/vnd.hp-HPGL		hpgl \
  				string(0,<1B>E<1B>%0B) \
  				string(0,<1B>%-1B) string(0,<201B>)\
---- cups-1.3.3/conf/mime.convs.in.orig	2007-10-15 18:42:58.000000000 +0200
-+++ cups-1.3.3/conf/mime.convs.in	2007-10-15 18:46:39.000000000 +0200
+Index: cups-1.3.11/conf/mime.convs.in
+===================================================================
+--- cups-1.3.11.orig/conf/mime.convs.in
++++ cups-1.3.11/conf/mime.convs.in
 @@ -41,7 +41,9 @@
- application/pdf		application/postscript	33	pdftops
+ application/pdf		application/vnd.cups-postscript	66	pdftops
  application/postscript	application/vnd.cups-postscript	66	pstops
  #application/x-dvi	application/postscript	50	dvitops
 -application/netscape-ps	application/vnd.cups-postscript	33	ogonki

cups.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Nov 11 11:56:12 CET 2009 - jsmeix@suse.de
+
+- cups-1.3.11-CVE-2009-2820-regression-fix.patch
+  fixes a regression which was introduced by
+  the previous cups-1.3.11-CVE-2009-2820.patch
+  which lets adding a class via CUPS Web Interface fail
+  with an 'Unknown operation "{op}"' error message
+  (CUPS STR #3401 and
+   Novell/Suse Bugzilla bnc#548317 starting at comment #24).
+- cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface
+  Cross-Site Scripting (XSS) and CRLF injection in HTTP headers
+  (CVE-2009-2820 and CUPS STR #3367 and
+   Novell/Suse Bugzilla bnc#548317).
+
+-------------------------------------------------------------------
+Tue Nov  3 19:09:12 UTC 2009 - coolo@novell.com
+
+- updated patches to apply with fuzz=0
+
 -------------------------------------------------------------------
 Wed Aug 26 21:43:03 CEST 2009 - meissner@suse.de
 

cups.spec

@@ -30,7 +30,7 @@ License:        GPL v2 or later
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.11
-Release:        3
+Release:        4
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux /usr/bin/pdftops
@@ -111,6 +111,13 @@ Patch22:        cups-1.3.7-additional_policies.patch
 # but would be only needed to satisfy 'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)'
 # in cups-pdf.m4 if only 'configure --with-pdftops=pdftops' was possible:
 Patch29:        full_path_to_configure_with-pdftops.patch
+# Patch30 fixes CUPS Web Interface Cross-Site Scripting (XSS) and CRLF injection in HTTP headers,
+# (CVE-2009-2820 and Novell/Suse Bugzilla bnc#548317):
+Patch30:        cups-1.3.11-CVE-2009-2820.patch
+# Patch31 fixes a regression which was introduced by Patch30
+# now adding a class via web interface fails with 'Unknown operation "{op}"'
+# (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
+Patch31:        cups-1.3.11-CVE-2009-2820-regression-fix.patch
 # Patch100 cups-1.1.23-testpage.patch is finally removed
 # since CUPS 1.3.10 because it was made for CUPS 1.1 and
 # it was no longer applied since CUPS 1.2 in Suse Linux 10.3 and
@@ -221,6 +228,13 @@ Authors:
 # Patch29 full_path_to_configure_with-pdftops.patch adds support
 # for 'configure --with-pdftops=/usr/bin/pdftops':
 %patch29
+# Patch30 fixes CUPS Web Interface Cross-Site Scripting (XSS) and CRLF injection in HTTP headers,
+# (CVE-2009-2820 and Novell/Suse Bugzilla bnc#548317):
+%patch30 -p1
+# Patch31 fixes a regression which was introduced by Patch30
+# now adding a class via web interface fails with 'Unknown operation "{op}"'
+# (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
+%patch31
 if [ -f /.buildenv ]; then
 	. /.buildenv
 	test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"