[git.ipfire.org] IPFire 2.x development tree branch, next, updated. b720e702885654c142baaff07e3f9a8979c78d5c
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via b720e702885654c142baaff07e3f9a8979c78d5c (commit) via 5929298ea152233443ed2f9258383a40c9c4f8e7 (commit) via 28aeeb573574a204cdb73f3ab846b522e97016ac (commit) via 5b64ed2e3634be2d500120976d7175178da4440c (commit) from c9ab30c5d31979ea7056261c9867cf42644b4a0d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b720e702885654c142baaff07e3f9a8979c78d5c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 14 17:15:00 2015 +0200
cups: Update to 1.7.5 and fix for CVE-2015-1158 and CVE-2015-1159
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5929298ea152233443ed2f9258383a40c9c4f8e7 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 14 17:04:21 2015 +0200
pcre: Fix CVE-2015-5073
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 28aeeb573574a204cdb73f3ab846b522e97016ac Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 14 16:58:47 2015 +0200
Move Core Update 92 to archive
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5b64ed2e3634be2d500120976d7175178da4440c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 14 16:58:13 2015 +0200
Start Core Update 93
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/{92 => 93}/exclude | 0 .../{oldcore/88 => core/93}/filelists/files | 1 + .../{oldcore/91 => core/93}/filelists/pcre | 0 config/rootfiles/core/{92 => 93}/meta | 0 config/rootfiles/{oldcore/82 => core/93}/update.sh | 18 +- config/rootfiles/oldcore/{91 => 92}/exclude | 0 .../{core => oldcore}/92/filelists/ca-certificates | 0 .../{core => oldcore}/92/filelists/conntrack-tools | 0 .../rootfiles/{core => oldcore}/92/filelists/curl | 0 .../{core => oldcore}/92/filelists/dnsmasq | 0 .../rootfiles/{core => oldcore}/92/filelists/files | 0 .../{core => oldcore}/92/filelists/iptables | 0 .../{core => oldcore}/92/filelists/libgcrypt | 0 .../{core => oldcore}/92/filelists/libgpg-error | 0 .../92/filelists/libnetfilter_conntrack | 0 .../92/filelists/libnetfilter_cthelper | 0 .../92/filelists/libnetfilter_cttimeout | 0 .../92/filelists/libnetfilter_queue | 0 .../{core => oldcore}/92/filelists/libnfnetlink | 0 .../{core => oldcore}/92/filelists/libpcap | 0 .../{core => oldcore}/92/filelists/libusb | 0 .../{core => oldcore}/92/filelists/libusb-compat | 0 .../{core => oldcore}/92/filelists/openssh | 0 .../{core => oldcore}/92/filelists/openssl | 0 .../{core => oldcore}/92/filelists/python | 0 .../{core => oldcore}/92/filelists/rrdtool | 0 .../rootfiles/{core => oldcore}/92/filelists/squid | 0 config/rootfiles/oldcore/{91 => 92}/meta | 0 config/rootfiles/{core => oldcore}/92/update.sh | 0 lfs/cups | 7 +- lfs/pcre | 2 + make.sh | 2 +- src/patches/cups-str4609.patch | 423 +++++++++++++++++++++ ...overflow-for-forward-reference-within-bac.patch | 68 ++++ ...overflow-for-named-recursive-back-referen.patch | 87 +++++ 35 files changed, 594 insertions(+), 14 deletions(-) rename config/rootfiles/core/{92 => 93}/exclude (100%) copy config/rootfiles/{oldcore/88 => core/93}/filelists/files (63%) copy config/rootfiles/{oldcore/91 => core/93}/filelists/pcre (100%) rename config/rootfiles/core/{92 => 93}/meta (100%) copy config/rootfiles/{oldcore/82 => core/93}/update.sh (92%) copy config/rootfiles/oldcore/{91 => 92}/exclude (100%) rename config/rootfiles/{core => oldcore}/92/filelists/ca-certificates (100%) rename config/rootfiles/{core => oldcore}/92/filelists/conntrack-tools (100%) rename config/rootfiles/{core => oldcore}/92/filelists/curl (100%) rename config/rootfiles/{core => oldcore}/92/filelists/dnsmasq (100%) rename config/rootfiles/{core => oldcore}/92/filelists/files (100%) rename config/rootfiles/{core => oldcore}/92/filelists/iptables (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libgcrypt (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libgpg-error (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libnetfilter_conntrack (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libnetfilter_cthelper (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libnetfilter_cttimeout (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libnetfilter_queue (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libnfnetlink (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libpcap (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libusb (100%) rename config/rootfiles/{core => oldcore}/92/filelists/libusb-compat (100%) rename config/rootfiles/{core => oldcore}/92/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/92/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/92/filelists/python (100%) rename config/rootfiles/{core => oldcore}/92/filelists/rrdtool (100%) rename config/rootfiles/{core => oldcore}/92/filelists/squid (100%) copy config/rootfiles/oldcore/{91 => 92}/meta (100%) rename config/rootfiles/{core => oldcore}/92/update.sh (100%) create mode 100644 src/patches/cups-str4609.patch create mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch create mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch
Difference in files: diff --git a/config/rootfiles/core/92/exclude b/config/rootfiles/core/92/exclude deleted file mode 100644 index 18e9b4d..0000000 --- a/config/rootfiles/core/92/exclude +++ /dev/null @@ -1,20 +0,0 @@ -boot/config.txt -etc/collectd.custom -etc/ipsec.conf -etc/ipsec.secrets -etc/ipsec.user.conf -etc/ipsec.user.secrets -etc/localtime -etc/shadow -etc/ssh/ssh_config -etc/ssh/sshd_config -etc/ssl/openssl.cnf -etc/sudoers -etc/sysconfig/firewall.local -etc/sysconfig/rc.local -etc/udev/rules.d/30-persistent-network.rules -srv/web/ipfire/html/proxy.pac -var/ipfire/ovpn -var/log/cache -var/state/dhcp/dhcpd.leases -var/updatecache diff --git a/config/rootfiles/core/92/filelists/ca-certificates b/config/rootfiles/core/92/filelists/ca-certificates deleted file mode 120000 index 320fea8..0000000 --- a/config/rootfiles/core/92/filelists/ca-certificates +++ /dev/null @@ -1 +0,0 @@ -../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/conntrack-tools b/config/rootfiles/core/92/filelists/conntrack-tools deleted file mode 120000 index 88fbe06..0000000 --- a/config/rootfiles/core/92/filelists/conntrack-tools +++ /dev/null @@ -1 +0,0 @@ -../../../common/conntrack-tools \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/curl b/config/rootfiles/core/92/filelists/curl deleted file mode 120000 index 4b84bef..0000000 --- a/config/rootfiles/core/92/filelists/curl +++ /dev/null @@ -1 +0,0 @@ -../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/dnsmasq b/config/rootfiles/core/92/filelists/dnsmasq deleted file mode 120000 index d469c74..0000000 --- a/config/rootfiles/core/92/filelists/dnsmasq +++ /dev/null @@ -1 +0,0 @@ -../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/files b/config/rootfiles/core/92/filelists/files deleted file mode 100644 index 9c5a302..0000000 --- a/config/rootfiles/core/92/filelists/files +++ /dev/null @@ -1,10 +0,0 @@ -etc/system-release -etc/issue -srv/web/ipfire/cgi-bin/connections.cgi -srv/web/ipfire/cgi-bin/dhcp.cgi -srv/web/ipfire/cgi-bin/vpnmain.cgi -srv/web/ipfire/cgi-bin/webaccess.cgi -var/ipfire/graphs.pl -var/ipfire/network-functions.pl -var/ipfire/langs -var/ipfire/urlfilter/bin/autoupdate.pl diff --git a/config/rootfiles/core/92/filelists/iptables b/config/rootfiles/core/92/filelists/iptables deleted file mode 120000 index 8caf12b..0000000 --- a/config/rootfiles/core/92/filelists/iptables +++ /dev/null @@ -1 +0,0 @@ -../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libgcrypt b/config/rootfiles/core/92/filelists/libgcrypt deleted file mode 120000 index 2df12a2..0000000 --- a/config/rootfiles/core/92/filelists/libgcrypt +++ /dev/null @@ -1 +0,0 @@ -../../../common/libgcrypt \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libgpg-error b/config/rootfiles/core/92/filelists/libgpg-error deleted file mode 120000 index cad4313..0000000 --- a/config/rootfiles/core/92/filelists/libgpg-error +++ /dev/null @@ -1 +0,0 @@ -../../../common/libgpg-error \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libnetfilter_conntrack b/config/rootfiles/core/92/filelists/libnetfilter_conntrack deleted file mode 120000 index 6ef5cc4..0000000 --- a/config/rootfiles/core/92/filelists/libnetfilter_conntrack +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_conntrack \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libnetfilter_cthelper b/config/rootfiles/core/92/filelists/libnetfilter_cthelper deleted file mode 120000 index 02fac03..0000000 --- a/config/rootfiles/core/92/filelists/libnetfilter_cthelper +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_cthelper \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libnetfilter_cttimeout b/config/rootfiles/core/92/filelists/libnetfilter_cttimeout deleted file mode 120000 index 6b1b980..0000000 --- a/config/rootfiles/core/92/filelists/libnetfilter_cttimeout +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_cttimeout \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libnetfilter_queue b/config/rootfiles/core/92/filelists/libnetfilter_queue deleted file mode 120000 index 9344b04..0000000 --- a/config/rootfiles/core/92/filelists/libnetfilter_queue +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_queue \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libnfnetlink b/config/rootfiles/core/92/filelists/libnfnetlink deleted file mode 120000 index 605e72d..0000000 --- a/config/rootfiles/core/92/filelists/libnfnetlink +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnfnetlink \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libpcap b/config/rootfiles/core/92/filelists/libpcap deleted file mode 120000 index c7f9f52..0000000 --- a/config/rootfiles/core/92/filelists/libpcap +++ /dev/null @@ -1 +0,0 @@ -../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libusb b/config/rootfiles/core/92/filelists/libusb deleted file mode 120000 index edbe8c2..0000000 --- a/config/rootfiles/core/92/filelists/libusb +++ /dev/null @@ -1 +0,0 @@ -../../../common/libusb \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/libusb-compat b/config/rootfiles/core/92/filelists/libusb-compat deleted file mode 120000 index 35c3237..0000000 --- a/config/rootfiles/core/92/filelists/libusb-compat +++ /dev/null @@ -1 +0,0 @@ -../../../common/libusb-compat \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/openssh b/config/rootfiles/core/92/filelists/openssh deleted file mode 120000 index d8c77fd..0000000 --- a/config/rootfiles/core/92/filelists/openssh +++ /dev/null @@ -1 +0,0 @@ -../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/openssl b/config/rootfiles/core/92/filelists/openssl deleted file mode 120000 index e011a92..0000000 --- a/config/rootfiles/core/92/filelists/openssl +++ /dev/null @@ -1 +0,0 @@ -../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/python b/config/rootfiles/core/92/filelists/python deleted file mode 120000 index ffe6e2c..0000000 --- a/config/rootfiles/core/92/filelists/python +++ /dev/null @@ -1 +0,0 @@ -../../../common/python \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/rrdtool b/config/rootfiles/core/92/filelists/rrdtool deleted file mode 120000 index 7a82e41..0000000 --- a/config/rootfiles/core/92/filelists/rrdtool +++ /dev/null @@ -1 +0,0 @@ -../../../common/rrdtool \ No newline at end of file diff --git a/config/rootfiles/core/92/filelists/squid b/config/rootfiles/core/92/filelists/squid deleted file mode 120000 index 2dc8372..0000000 --- a/config/rootfiles/core/92/filelists/squid +++ /dev/null @@ -1 +0,0 @@ -../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/92/meta b/config/rootfiles/core/92/meta deleted file mode 100644 index d547fa8..0000000 --- a/config/rootfiles/core/92/meta +++ /dev/null @@ -1 +0,0 @@ -DEPS="" diff --git a/config/rootfiles/core/92/update.sh b/config/rootfiles/core/92/update.sh deleted file mode 100644 index 083561f..0000000 --- a/config/rootfiles/core/92/update.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 3 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2015 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/usr/local/bin/backupctrl exclude >/dev/null 2>&1 - -# Remove old core updates from pakfire cache to save space... -core=92 -for (( i=1; i<=$core; i++ )) -do - rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire -done - -# Stop services -/etc/init.d/squid stop -/etc/init.d/ipsec stop - -# Extract files -extract_files - -# Update Language cache -/usr/local/bin/update-lang-cache - -# Regenerate IPsec configuration -sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi - -rm -f /bin/[ - -# Start services -if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then - /etc/init.d/ipsec start -fi -/etc/init.d/squid start - -# This update need a reboot... -touch /var/run/need_reboot - -# Finish -/etc/init.d/fireinfo start -sendprofile -# Update grub config to display new core version -if [ -e /boot/grub/grub.cfg ]; then - grub-mkconfig > /boot/grub/grub.cfg -fi -sync - -# Don't report the exitcode last command -exit 0 diff --git a/config/rootfiles/core/93/exclude b/config/rootfiles/core/93/exclude new file mode 100644 index 0000000..18e9b4d --- /dev/null +++ b/config/rootfiles/core/93/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/93/filelists/files b/config/rootfiles/core/93/filelists/files new file mode 100644 index 0000000..168c7d1 --- /dev/null +++ b/config/rootfiles/core/93/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +var/ipfire/langs diff --git a/config/rootfiles/core/93/filelists/pcre b/config/rootfiles/core/93/filelists/pcre new file mode 120000 index 0000000..b390d9a --- /dev/null +++ b/config/rootfiles/core/93/filelists/pcre @@ -0,0 +1 @@ +../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/93/meta b/config/rootfiles/core/93/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/93/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/93/update.sh b/config/rootfiles/core/93/update.sh new file mode 100644 index 0000000..737cb64 --- /dev/null +++ b/config/rootfiles/core/93/update.sh @@ -0,0 +1,55 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2015 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=93 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Extract files +extract_files + +# Update Language cache +/usr/local/bin/update-lang-cache + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig > /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/92/exclude b/config/rootfiles/oldcore/92/exclude new file mode 100644 index 0000000..18e9b4d --- /dev/null +++ b/config/rootfiles/oldcore/92/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/92/filelists/ca-certificates b/config/rootfiles/oldcore/92/filelists/ca-certificates new file mode 120000 index 0000000..320fea8 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/conntrack-tools b/config/rootfiles/oldcore/92/filelists/conntrack-tools new file mode 120000 index 0000000..88fbe06 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/conntrack-tools @@ -0,0 +1 @@ +../../../common/conntrack-tools \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/curl b/config/rootfiles/oldcore/92/filelists/curl new file mode 120000 index 0000000..4b84bef --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/dnsmasq b/config/rootfiles/oldcore/92/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/files b/config/rootfiles/oldcore/92/filelists/files new file mode 100644 index 0000000..9c5a302 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/files @@ -0,0 +1,10 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/connections.cgi +srv/web/ipfire/cgi-bin/dhcp.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +srv/web/ipfire/cgi-bin/webaccess.cgi +var/ipfire/graphs.pl +var/ipfire/network-functions.pl +var/ipfire/langs +var/ipfire/urlfilter/bin/autoupdate.pl diff --git a/config/rootfiles/oldcore/92/filelists/iptables b/config/rootfiles/oldcore/92/filelists/iptables new file mode 120000 index 0000000..8caf12b --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/iptables @@ -0,0 +1 @@ +../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libgcrypt b/config/rootfiles/oldcore/92/filelists/libgcrypt new file mode 120000 index 0000000..2df12a2 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libgcrypt @@ -0,0 +1 @@ +../../../common/libgcrypt \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libgpg-error b/config/rootfiles/oldcore/92/filelists/libgpg-error new file mode 120000 index 0000000..cad4313 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libgpg-error @@ -0,0 +1 @@ +../../../common/libgpg-error \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libnetfilter_conntrack b/config/rootfiles/oldcore/92/filelists/libnetfilter_conntrack new file mode 120000 index 0000000..6ef5cc4 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libnetfilter_conntrack @@ -0,0 +1 @@ +../../../common/libnetfilter_conntrack \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libnetfilter_cthelper b/config/rootfiles/oldcore/92/filelists/libnetfilter_cthelper new file mode 120000 index 0000000..02fac03 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libnetfilter_cthelper @@ -0,0 +1 @@ +../../../common/libnetfilter_cthelper \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libnetfilter_cttimeout b/config/rootfiles/oldcore/92/filelists/libnetfilter_cttimeout new file mode 120000 index 0000000..6b1b980 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libnetfilter_cttimeout @@ -0,0 +1 @@ +../../../common/libnetfilter_cttimeout \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libnetfilter_queue b/config/rootfiles/oldcore/92/filelists/libnetfilter_queue new file mode 120000 index 0000000..9344b04 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libnetfilter_queue @@ -0,0 +1 @@ +../../../common/libnetfilter_queue \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libnfnetlink b/config/rootfiles/oldcore/92/filelists/libnfnetlink new file mode 120000 index 0000000..605e72d --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libnfnetlink @@ -0,0 +1 @@ +../../../common/libnfnetlink \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libpcap b/config/rootfiles/oldcore/92/filelists/libpcap new file mode 120000 index 0000000..c7f9f52 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libpcap @@ -0,0 +1 @@ +../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libusb b/config/rootfiles/oldcore/92/filelists/libusb new file mode 120000 index 0000000..edbe8c2 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libusb @@ -0,0 +1 @@ +../../../common/libusb \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/libusb-compat b/config/rootfiles/oldcore/92/filelists/libusb-compat new file mode 120000 index 0000000..35c3237 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/libusb-compat @@ -0,0 +1 @@ +../../../common/libusb-compat \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/openssh b/config/rootfiles/oldcore/92/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/openssl b/config/rootfiles/oldcore/92/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/python b/config/rootfiles/oldcore/92/filelists/python new file mode 120000 index 0000000..ffe6e2c --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/python @@ -0,0 +1 @@ +../../../common/python \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/rrdtool b/config/rootfiles/oldcore/92/filelists/rrdtool new file mode 120000 index 0000000..7a82e41 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/rrdtool @@ -0,0 +1 @@ +../../../common/rrdtool \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/filelists/squid b/config/rootfiles/oldcore/92/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/oldcore/92/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/92/meta b/config/rootfiles/oldcore/92/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/oldcore/92/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/oldcore/92/update.sh b/config/rootfiles/oldcore/92/update.sh new file mode 100644 index 0000000..083561f --- /dev/null +++ b/config/rootfiles/oldcore/92/update.sh @@ -0,0 +1,68 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2015 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=92 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/squid stop +/etc/init.d/ipsec stop + +# Extract files +extract_files + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Regenerate IPsec configuration +sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi + +rm -f /bin/[ + +# Start services +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi +/etc/init.d/squid start + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig > /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/lfs/cups b/lfs/cups index 60f7e21..0c51687 100644 --- a/lfs/cups +++ b/lfs/cups @@ -24,7 +24,7 @@
include Config
-VER = 1.7.0 +VER = 1.7.5
THISAPP = cups-$(VER) DL_FILE = $(THISAPP)-source.tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/cups-$(VER) TARGET = $(DIR_INFO)/$(THISAPP) PROG = cups -PAK_VER = 10 +PAK_VER = 11
DEPS = "ghostscript"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5ab496a2ce27017fcdb3d7ec4818a75a +$(DL_FILE)_MD5 = 5d893edc2957005f78e2b2423fdace2e
install : $(TARGET)
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/cups-str4609.patch cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ diff --git a/lfs/pcre b/lfs/pcre index 175afc0..8f207da 100644 --- a/lfs/pcre +++ b/lfs/pcre @@ -70,6 +70,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-static \ diff --git a/make.sh b/make.sh index 4ed64a2..b9615c0 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="92" # Core Level (Filename) +CORE="93" # Core Level (Filename) PAKFIRE_CORE="92" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan diff --git a/src/patches/cups-str4609.patch b/src/patches/cups-str4609.patch new file mode 100644 index 0000000..2a9761b --- /dev/null +++ b/src/patches/cups-str4609.patch @@ -0,0 +1,423 @@ +diff -up cups-1.7.5/cgi-bin/ipp-var.c.str4609 cups-1.7.5/cgi-bin/ipp-var.c +--- cups-1.7.5/cgi-bin/ipp-var.c.str4609 2014-05-22 15:59:21.000000000 +0200 ++++ cups-1.7.5/cgi-bin/ipp-var.c 2015-06-10 10:31:45.297965345 +0200 +@@ -1206,21 +1206,7 @@ cgiSetIPPObjectVars( + * Rewrite URIs... + */ + +- if (!strcmp(name, "member_uris")) +- { +- char url[1024]; /* URL for class member... */ +- +- +- cgiRewriteURL(attr->values[i].string.text, url, +- sizeof(url), NULL); +- +- snprintf(valptr, sizeof(value) - (valptr - value), +- "<A HREF="%s">%s</A>", url, +- strrchr(attr->values[i].string.text, '/') + 1); +- } +- else +- cgiRewriteURL(attr->values[i].string.text, valptr, +- sizeof(value) - (valptr - value), NULL); ++ cgiRewriteURL(attr->values[i].string.text, valptr, sizeof(value) - (valptr - value), NULL); + break; + } + +diff -up cups-1.7.5/cgi-bin/template.c.str4609 cups-1.7.5/cgi-bin/template.c +--- cups-1.7.5/cgi-bin/template.c.str4609 2014-03-05 22:11:32.000000000 +0100 ++++ cups-1.7.5/cgi-bin/template.c 2015-06-10 10:31:45.297965345 +0200 +@@ -659,39 +659,7 @@ cgi_puts(const char *s, /* I - String + while (*s) + { + if (*s == '<') +- { +- /* +- * Pass <A HREF="url"> and </A>, otherwise quote it... +- */ +- +- if (!_cups_strncasecmp(s, "<A HREF="", 9)) +- { +- fputs("<A HREF="", out); +- s += 9; +- +- while (*s && *s != '"') +- { +- if (*s == '&') +- fputs("&", out); +- else +- putc(*s, out); +- +- s ++; +- } +- +- if (*s) +- s ++; +- +- fputs("">", out); +- } +- else if (!_cups_strncasecmp(s, "</A>", 4)) +- { +- fputs("</A>", out); +- s += 3; +- } +- else +- fputs("<", out); +- } ++ fputs("<", out); + else if (*s == '>') + fputs(">", out); + else if (*s == '"') +diff -up cups-1.7.5/scheduler/client.c.str4609 cups-1.7.5/scheduler/client.c +--- cups-1.7.5/scheduler/client.c.str4609 2015-06-10 10:31:45.280965399 +0200 ++++ cups-1.7.5/scheduler/client.c 2015-06-10 10:31:45.300965335 +0200 +@@ -598,7 +598,12 @@ cupsdCloseClient(cupsd_client_t *con) /* + httpClearCookie(HTTP(con)); + httpClearFields(HTTP(con)); + +- cupsdClearString(&con->filename); ++ if (con->filename) ++ { ++ unlink(con->filename); ++ cupsdClearString(&con->filename); ++ } ++ + cupsdClearString(&con->command); + cupsdClearString(&con->options); + cupsdClearString(&con->query_string); +diff -up cups-1.7.5/scheduler/env.c.str4609 cups-1.7.5/scheduler/env.c +--- cups-1.7.5/scheduler/env.c.str4609 2015-06-10 10:31:45.208965629 +0200 ++++ cups-1.7.5/scheduler/env.c 2015-06-10 10:31:45.300965335 +0200 +@@ -131,6 +131,13 @@ cupsdSetEnv(const char *name, /* I - Na + return; + + /* ++ * Do not allow dynamic linker variables when running as root... ++ */ ++ ++ if (!RunUser && (!strncmp(name, "DYLD_", 5) || !strncmp(name, "LD_", 3))) ++ return; ++ ++ /* + * See if this variable has already been defined... + */ + +diff -up cups-1.7.5/scheduler/ipp.c.str4609 cups-1.7.5/scheduler/ipp.c +--- cups-1.7.5/scheduler/ipp.c.str4609 2015-06-10 10:31:45.287965377 +0200 ++++ cups-1.7.5/scheduler/ipp.c 2015-06-10 10:31:45.299965339 +0200 +@@ -412,8 +412,7 @@ cupsdProcessIPPRequest( + * Remote unauthenticated user masquerading as local root... + */ + +- _cupsStrFree(username->values[0].string.text); +- username->values[0].string.text = _cupsStrAlloc(RemoteRoot); ++ ippSetString(con->request, &username, 0, RemoteRoot); + } + } + +@@ -1576,7 +1575,7 @@ add_job(cupsd_client_t *con, /* I - Cl + cupsdSetString(&job->username, con->username); + + if (attr) +- cupsdSetString(&attr->values[0].string.text, con->username); ++ ippSetString(job->attrs, &attr, 0, con->username); + } + else if (attr) + { +@@ -1594,9 +1593,8 @@ add_job(cupsd_client_t *con, /* I - Cl + "job-originating-user-name", NULL, job->username); + else + { +- attr->group_tag = IPP_TAG_JOB; +- _cupsStrFree(attr->name); +- attr->name = _cupsStrAlloc("job-originating-user-name"); ++ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB); ++ ippSetName(job->attrs, &attr, "job-originating-user-name"); + } + + if (con->username[0] || auth_info) +@@ -1630,48 +1628,11 @@ add_job(cupsd_client_t *con, /* I - Cl + * Also, we can only have 1 value and it must be a name value. + */ + +- switch (attr->value_tag) +- { +- case IPP_TAG_STRING : +- case IPP_TAG_TEXTLANG : +- case IPP_TAG_NAMELANG : +- case IPP_TAG_TEXT : +- case IPP_TAG_NAME : +- case IPP_TAG_KEYWORD : +- case IPP_TAG_URI : +- case IPP_TAG_URISCHEME : +- case IPP_TAG_CHARSET : +- case IPP_TAG_LANGUAGE : +- case IPP_TAG_MIMETYPE : +- /* +- * Free old strings... +- */ +- +- for (i = 0; i < attr->num_values; i ++) +- { +- _cupsStrFree(attr->values[i].string.text); +- attr->values[i].string.text = NULL; +- if (attr->values[i].string.language) +- { +- _cupsStrFree(attr->values[i].string.language); +- attr->values[i].string.language = NULL; +- } +- } +- +- default : +- break; +- } +- +- /* +- * Use the default connection hostname instead... +- */ +- +- attr->value_tag = IPP_TAG_NAME; +- attr->num_values = 1; +- attr->values[0].string.text = _cupsStrAlloc(con->http.hostname); ++ ippDeleteAttribute(job->attrs, attr); ++ ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-originating-host-name", NULL, con->http.hostname); + } +- +- attr->group_tag = IPP_TAG_JOB; ++ else ++ ippSetGroupTag(job->attrs, &attr, IPP_TAG_JOB); + } + else + { +@@ -1767,8 +1728,8 @@ add_job(cupsd_client_t *con, /* I - Cl + + attr = ippAddStrings(job->attrs, IPP_TAG_JOB, IPP_TAG_NAME, "job-sheets", + 2, NULL, NULL); +- attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]); +- attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]); ++ ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); ++ ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); + } + + job->job_sheets = attr; +@@ -1794,7 +1755,7 @@ add_job(cupsd_client_t *con, /* I - Cl + * Force the leading banner to have the classification on it... + */ + +- cupsdSetString(&attr->values[0].string.text, Classification); ++ ippSetString(job->attrs, &attr, 0, Classification); + + cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED " + "job-sheets="%s,none", " +@@ -1811,7 +1772,7 @@ add_job(cupsd_client_t *con, /* I - Cl + * Can't put two different security markings on the same document! + */ + +- cupsdSetString(&attr->values[1].string.text, attr->values[0].string.text); ++ ippSetString(job->attrs, &attr, 1, attr->values[0].string.text); + + cupsdLogJob(job, CUPSD_LOG_NOTICE, "CLASSIFICATION FORCED " + "job-sheets="%s,%s", " +@@ -1851,18 +1812,18 @@ add_job(cupsd_client_t *con, /* I - Cl + if (attr->num_values > 1 && + !strcmp(attr->values[0].string.text, attr->values[1].string.text)) + { +- cupsdSetString(&(attr->values[0].string.text), Classification); +- cupsdSetString(&(attr->values[1].string.text), Classification); ++ ippSetString(job->attrs, &attr, 0, Classification); ++ ippSetString(job->attrs, &attr, 1, Classification); + } + else + { + if (attr->num_values == 1 || + strcmp(attr->values[0].string.text, "none")) +- cupsdSetString(&(attr->values[0].string.text), Classification); ++ ippSetString(job->attrs, &attr, 0, Classification); + + if (attr->num_values > 1 && + strcmp(attr->values[1].string.text, "none")) +- cupsdSetString(&(attr->values[1].string.text), Classification); ++ ippSetString(job->attrs, &attr, 1, Classification); + } + + if (attr->num_values > 1) +@@ -3098,8 +3059,8 @@ authenticate_job(cupsd_client_t *con, / + + if (attr) + { +- attr->value_tag = IPP_TAG_KEYWORD; +- cupsdSetString(&(attr->values[0].string.text), "no-hold"); ++ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD); ++ ippSetString(job->attrs, &attr, 0, "no-hold"); + } + + /* +@@ -8224,11 +8185,7 @@ print_job(cupsd_client_t *con, /* I - + filetype->type); + + if (format) +- { +- _cupsStrFree(format->values[0].string.text); +- +- format->values[0].string.text = _cupsStrAlloc(mimetype); +- } ++ ippSetString(con->request, &format, 0, mimetype); + else + ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_MIMETYPE, + "document-format", NULL, mimetype); +@@ -8765,10 +8722,8 @@ release_job(cupsd_client_t *con, /* I - + + if (attr) + { +- _cupsStrFree(attr->values[0].string.text); +- +- attr->value_tag = IPP_TAG_KEYWORD; +- attr->values[0].string.text = _cupsStrAlloc("no-hold"); ++ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD); ++ ippSetString(job->attrs, &attr, 0, "no-hold"); + + cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED, cupsdFindDest(job->dest), job, + "Job job-hold-until value changed by user."); +@@ -9461,11 +9416,7 @@ send_document(cupsd_client_t *con, /* I + + if ((jformat = ippFindAttribute(job->attrs, "document-format", + IPP_TAG_MIMETYPE)) != NULL) +- { +- _cupsStrFree(jformat->values[0].string.text); +- +- jformat->values[0].string.text = _cupsStrAlloc(mimetype); +- } ++ ippSetString(job->attrs, &jformat, 0, mimetype); + else + ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_MIMETYPE, + "document-format", NULL, mimetype); +diff -up cups-1.7.5/scheduler/job.c.str4609 cups-1.7.5/scheduler/job.c +--- cups-1.7.5/scheduler/job.c.str4609 2015-06-10 10:31:45.288965374 +0200 ++++ cups-1.7.5/scheduler/job.c 2015-06-10 10:31:45.299965339 +0200 +@@ -375,7 +375,7 @@ cupsdCheckJobs(void) + + if ((attr = ippFindAttribute(job->attrs, "job-actual-printer-uri", + IPP_TAG_URI)) != NULL) +- cupsdSetString(&attr->values[0].string.text, printer->uri); ++ ippSetString(job->attrs, &attr, 0, printer->uri); + else + ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_URI, + "job-actual-printer-uri", NULL, printer->uri); +@@ -2109,7 +2109,7 @@ cupsdMoveJob(cupsd_job_t *job, /* I + + if ((attr = ippFindAttribute(job->attrs, "job-printer-uri", + IPP_TAG_URI)) != NULL) +- cupsdSetString(&(attr->values[0].string.text), p->uri); ++ ippSetString(job->attrs, &attr, 0, p->uri); + + cupsdAddEvent(CUPSD_EVENT_JOB_STOPPED, p, job, + "Job #%d moved from %s to %s.", job->id, olddest, +@@ -2306,7 +2306,7 @@ cupsdSetJobHoldUntil(cupsd_job_t *job, / + attr = ippFindAttribute(job->attrs, "job-hold-until", IPP_TAG_NAME); + + if (attr) +- cupsdSetString(&(attr->values[0].string.text), when); ++ ippSetString(job->attrs, &attr, 0, when); + else + attr = ippAddString(job->attrs, IPP_TAG_JOB, IPP_TAG_KEYWORD, + "job-hold-until", NULL, when); +@@ -2560,8 +2560,8 @@ cupsdSetJobState( + + if (attr) + { +- attr->value_tag = IPP_TAG_KEYWORD; +- cupsdSetString(&(attr->values[0].string.text), "no-hold"); ++ ippSetValueTag(job->attrs, &attr, IPP_TAG_KEYWORD); ++ ippSetString(job->attrs, &attr, 0, "no-hold"); + } + + default : +@@ -4598,7 +4598,7 @@ start_job(cupsd_job_t *job, /* I - + "job-printer-state-message", + IPP_TAG_TEXT); + if (job->printer_message) +- cupsdSetString(&(job->printer_message->values[0].string.text), ""); ++ ippSetString(job->attrs, &job->printer_message, 0, ""); + + ippSetString(job->attrs, &job->reasons, 0, "job-printing"); + cupsdSetJobState(job, IPP_JOB_PROCESSING, CUPSD_JOB_DEFAULT, NULL); +@@ -5216,15 +5216,14 @@ update_job_attrs(cupsd_job_t *job, /* I + if (job->state_value != IPP_JOB_PROCESSING && + job->status_level == CUPSD_LOG_INFO) + { +- cupsdSetString(&(job->printer_message->values[0].string.text), ""); ++ ippSetString(job->attrs, &job->printer_message, 0, ""); + + job->dirty = 1; + cupsdMarkDirty(CUPSD_DIRTY_JOBS); + } + else if (job->printer->state_message[0] && do_message) + { +- cupsdSetString(&(job->printer_message->values[0].string.text), +- job->printer->state_message); ++ ippSetString(job->attrs, &job->printer_message, 0, job->printer->state_message); + + job->dirty = 1; + cupsdMarkDirty(CUPSD_DIRTY_JOBS); +diff -up cups-1.7.5/scheduler/main.c.str4609 cups-1.7.5/scheduler/main.c +--- cups-1.7.5/scheduler/main.c.str4609 2015-06-10 10:31:45.265965447 +0200 ++++ cups-1.7.5/scheduler/main.c 2015-06-10 10:31:45.300965335 +0200 +@@ -1205,8 +1205,8 @@ cupsdAddString(cups_array_t **a, /* IO - + if (!*a) + *a = cupsArrayNew3((cups_array_func_t)strcmp, NULL, + (cups_ahash_func_t)NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ (cups_acopy_func_t)strdup, ++ (cups_afree_func_t)free); + + return (cupsArrayAdd(*a, (char *)s)); + } +@@ -1236,7 +1236,7 @@ cupsdClearString(char **s) /* O - Strin + { + if (s && *s) + { +- _cupsStrFree(*s); ++ free(*s); + *s = NULL; + } + } +@@ -1317,10 +1317,10 @@ cupsdSetString(char **s, /* O - N + return; + + if (*s) +- _cupsStrFree(*s); ++ free(*s); + + if (v) +- *s = _cupsStrAlloc(v); ++ *s = strdup(v); + else + *s = NULL; + } +@@ -1351,13 +1351,13 @@ cupsdSetStringf(char **s, /* O - + vsnprintf(v, sizeof(v), f, ap); + va_end(ap); + +- *s = _cupsStrAlloc(v); ++ *s = strdup(v); + } + else + *s = NULL; + + if (olds) +- _cupsStrFree(olds); ++ free(olds); + } + + +@@ -1804,8 +1804,7 @@ process_children(void) + } + + if (job->printer_message) +- cupsdSetString(&(job->printer_message->values[0].string.text), +- message); ++ ippSetString(job->attrs, &job->printer_message, 0, message); + } + } + diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch new file mode 100644 index 0000000..16fd45c --- /dev/null +++ b/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch @@ -0,0 +1,68 @@ +From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001 +From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 +Date: Tue, 23 Jun 2015 16:34:53 +0000 +Subject: [PATCH] Fix buffer overflow for forward reference within backward + assertion with excess closing parenthesis. Bugzilla 1651. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is upstream commit ported to 8.37: + +commit 764692f9aea9eab50fdba6cb537441d8b34c6c37 +Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 +Date: Tue Jun 23 16:34:53 2015 +0000 + + Fix buffer overflow for forward reference within backward assertion with excess + closing parenthesis. Bugzilla 1651. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +It fixes CVE-2015-5073. + +Signed-off-by: Petr Písař ppisar@redhat.com +--- + pcre_compile.c | 2 +- + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 3 +++ + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index 6f06912..b66b1f6 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The + exceptional ones forgo this. We scan the pattern to check that they are fixed + length, and set their lengths. */ + +-if (cd->check_lookbehind) ++if (errorcode == 0 && cd->check_lookbehind) + { + pcre_uchar *cc = (pcre_uchar *)codestart; + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 83bb471..5cc9ce6 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4154,4 +4154,6 @@ backtracking verbs. --/ + + "(?J)(?'d'(?'d'\g{d}))" + ++/(?=di(?<=(?1))|(?=(.))))/ ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 7dff52a..4decb8d 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17 + + "(?J)(?'d'(?'d'\g{d}))" + ++/(?=di(?<=(?1))|(?=(.))))/ ++Failed: unmatched parentheses at offset 23 ++ + /-- End of testinput2 --/ +-- +2.4.3 + diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch new file mode 100644 index 0000000..c97849f --- /dev/null +++ b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch @@ -0,0 +1,87 @@ +From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001 +From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 +Date: Fri, 15 May 2015 17:17:03 +0000 +Subject: [PATCH] Fix buffer overflow for named recursive back reference when + the name is duplicated. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream commit ported to pcre-8.37: + +commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 +Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 +Date: Fri May 15 17:17:03 2015 +0000 + + Fix buffer overflow for named recursive back reference when the name is + duplicated. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +This fixes CVE-2015-3210. + +Signed-off-by: Petr Písař ppisar@redhat.com +--- + pcre_compile.c | 16 ++++++++++++++-- + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 2 ++ + 3 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index 0efad26..6f06912 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7173,14 +7173,26 @@ for (;; ptr++) + number. If the name is not found, set the value to 0 for a forward + reference. */ + ++ recno = 0; + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) + { + if (namelen == ng->length && + STRNCMP_UC_UC(name, ng->name, namelen) == 0) +- break; ++ { ++ open_capitem *oc; ++ recno = ng->number; ++ if (is_recurse) break; ++ for (oc = cd->open_caps; oc != NULL; oc = oc->next) ++ { ++ if (oc->number == recno) ++ { ++ oc->flag = TRUE; ++ break; ++ } ++ } ++ } + } +- recno = (i < cd->names_found)? ng->number : 0; + + /* Count named back references. */ + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 58fe53b..83bb471 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4152,4 +4152,6 @@ backtracking verbs. --/ + + /((?2){73}(?2))((?1))/ + ++"(?J)(?'d'(?'d'\g{d}))" ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index b718df0..7dff52a 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 + + /((?2){73}(?2))((?1))/ + ++"(?J)(?'d'(?'d'\g{d}))" ++ + /-- End of testinput2 --/ +-- +2.4.3 +
hooks/post-receive -- IPFire 2.x development tree
-
git@ipfire.org