From: msweet Date: Wed, 19 Feb 2014 20:18:10 +0000 (+0000) Subject: Mirror fixes from trunk. X-Git-Tag: release-2.1.4~16^2~59 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1576ab1c78bcbccd496dea52e548000cf756d13d;p=thirdparty%2Fcups.git Mirror fixes from trunk. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/branches/branch-1.7@11623 a1ca3aef-8c08-0410-bb20-df032aa958be --- diff --git a/CHANGES.txt b/CHANGES.txt index 3c6c138398..4ce1a1b375 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -3,6 +3,16 @@ CHANGES.txt - 1.7.2 - 2014-02-19 CHANGES IN CUPS V1.7.2 + - Security: The scheduler now blocks URLs containing embedded HTML + (STR #4356) + - The dnssd backend did not always report all discovered printers using + Avahi (STR #4365) + - The Zebra printer driver did not properly handle negative "label top" + values (STR #4354) + - The scheduler did not always update the MakeModel value in + printers.conf after updating the driver (STR #4264) + - The LPD mini daemon did not support print jobs larger than 2GB + (STR #4351) - Fixed a bug in the status reading code when sending a compressed data stream to an IPP printer/server () - The IPP backend might not include all job attributes in Validate-Job diff --git a/backend/dnssd.c b/backend/dnssd.c index 9cea92e037..91773fd4c1 100644 --- a/backend/dnssd.c +++ b/backend/dnssd.c @@ -95,6 +95,7 @@ static int job_canceled = 0; static AvahiSimplePoll *simple_poll = NULL; /* Poll information */ static int got_data = 0; /* Got data from poll? */ +static int browsers = 0; /* Number of running browsers */ #endif /* HAVE_AVAHI */ @@ -345,6 +346,7 @@ main(int argc, /* I - Number of command-line args */ return (1); } + browsers = 6; avahi_service_browser_new(client, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, "_fax-ipp._tcp", NULL, 0, @@ -558,7 +560,11 @@ main(int argc, /* I - Number of command-line args */ fprintf(stderr, "DEBUG: sent=%d, count=%d\n", sent, count); +#ifdef HAVE_AVAHI + if (sent == cupsArrayCount(devices) && browsers == 0) +#else if (sent == cupsArrayCount(devices)) +#endif /* HAVE_AVAHI */ break; } } @@ -710,9 +716,12 @@ browse_callback( break; case AVAHI_BROWSER_REMOVE: - case AVAHI_BROWSER_ALL_FOR_NOW: case AVAHI_BROWSER_CACHE_EXHAUSTED: break; + + case AVAHI_BROWSER_ALL_FOR_NOW: + browsers--; + break; } } diff --git a/filter/rastertolabel.c b/filter/rastertolabel.c index f5d80256ae..bd1965c6a4 100644 --- a/filter/rastertolabel.c +++ b/filter/rastertolabel.c @@ -567,7 +567,7 @@ EndPage(ppd_file_t *ppd, /* I - PPD file */ */ if (header->cupsRowStep != 200) - printf("^LT%u\n", header->cupsRowStep); + printf("^LT%d\n", header->cupsRowStep); /* * Set media type... diff --git a/scheduler/client.c b/scheduler/client.c index fc8946a158..d453bbef08 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -3707,6 +3707,14 @@ is_path_absolute(const char *path) /* I - Input path */ if (path[0] != '/') return (0); + /* + * Check for "<" or quotes in the path and reject since this is probably + * someone trying to inject HTML... + */ + + if (strchr(path, '<') != NULL || strchr(path, '\"') != NULL || strchr(path, '\'') != NULL) + return (0); + /* * Check for "/.." in the path... */ diff --git a/scheduler/cups-lpd.c b/scheduler/cups-lpd.c index f175f66691..3011d515d4 100644 --- a/scheduler/cups-lpd.c +++ b/scheduler/cups-lpd.c @@ -1,27 +1,16 @@ /* * "$Id$" * - * Line Printer Daemon interface for CUPS. + * Line Printer Daemon interface for CUPS. * - * Copyright 2007-2012 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products, all rights reserved. + * Copyright 2007-2014 by Apple Inc. + * Copyright 1997-2006 by Easy Software Products, all rights reserved. * - * These coded instructions, statements, and computer programs are the - * property of Apple Inc. and are protected by Federal copyright - * law. Distribution and use rights are outlined in the file "LICENSE.txt" - * which should have been included with this file. If this file is - * file is missing or damaged, see the license at "http://www.cups.org/". - * - * Contents: - * - * main() - Process an incoming LPD request... - * create_job() - Create a new print job. - * get_printer() - Get the named printer and its options. - * print_file() - Add a file to the current job. - * recv_print_job() - Receive a print job from the client. - * remove_jobs() - Cancel one or more jobs. - * send_state() - Send the queue state. - * smart_gets() - Get a line of text, removing the trailing CR and/or LF. + * These coded instructions, statements, and computer programs are the + * property of Apple Inc. and are protected by Federal copyright + * law. Distribution and use rights are outlined in the file "LICENSE.txt" + * which should have been included with this file. If this file is + * file is missing or damaged, see the license at "http://www.cups.org/". */ /* @@ -781,7 +770,8 @@ recv_print_job( int fd; /* Temporary file */ FILE *fp; /* File pointer */ char filename[1024]; /* Temporary filename */ - int bytes; /* Bytes received */ + ssize_t bytes; /* Bytes received */ + size_t total; /* Total bytes */ char line[256], /* Line from file/stdin */ command, /* Command from line */ *count, /* Number of bytes */ @@ -965,15 +955,15 @@ recv_print_job( * Copy the data or control file from the client... */ - for (i = atoi(count); i > 0; i -= bytes) + for (total = (size_t)strtoll(count, NULL, 10); total > 0; total -= (size_t)bytes) { - if (i > sizeof(line)) - bytes = sizeof(line); + if (total > sizeof(line)) + bytes = (ssize_t)sizeof(line); else - bytes = i; + bytes = (ssize_t)total; - if ((bytes = fread(line, 1, bytes, stdin)) > 0) - bytes = write(fd, line, bytes); + if ((bytes = (ssize_t)fread(line, 1, (size_t)bytes, stdin)) > 0) + bytes = write(fd, line, (size_t)bytes); if (bytes < 1) { diff --git a/scheduler/printers.c b/scheduler/printers.c index 7a5ee0c56c..7ba9f06b4d 100644 --- a/scheduler/printers.c +++ b/scheduler/printers.c @@ -50,7 +50,6 @@ static int compare_printers(void *first, void *second, void *data); static void delete_printer_filters(cupsd_printer_t *p); static void dirty_printer(cupsd_printer_t *p); static void load_ppd(cupsd_printer_t *p); -static void log_ipp_conformance(cupsd_printer_t *p, const char *reason); static ipp_t *new_media_col(_pwg_size_t *size, const char *source, const char *type); static void write_xml_string(cups_file_t *fp, const char *s); @@ -2486,10 +2485,6 @@ cupsdSetPrinterReasons( if (i >= p->num_reasons) { - if (!strncmp(reason, "cups-ipp-missing-", 17) || - !strncmp(reason, "cups-ipp-wrong-", 15)) - log_ipp_conformance(p, reason); - if (i >= (int)(sizeof(p->reasons) / sizeof(p->reasons[0]))) { cupsdLogMessage(CUPSD_LOG_ALERT, @@ -3678,6 +3673,8 @@ load_ppd(cupsd_printer_t *p) /* I - Printer */ _ppdCacheDestroy(p->pc); p->pc = NULL; + cupsdClearString(&(p->make_model)); + if (cache_info.st_mtime >= ppd_info.st_mtime) { cupsdLogMessage(CUPSD_LOG_DEBUG, "load_ppd: Loading %s...", cache_name); @@ -4850,83 +4847,6 @@ load_ppd(cupsd_printer_t *p) /* I - Printer */ } -/* - * 'log_ipp_conformance()' - Log an IPP conformance issue with a printer. - */ - -static void -log_ipp_conformance( - cupsd_printer_t *p, /* I - Printer */ - const char *reason) /* I - Printer state reason */ -{ - const char *message; /* Message to log */ -#ifdef __APPLE__ - aslmsg aslm; /* Apple System Log message */ -#endif /* __APPLE__ */ - - - /* - * Strip the leading "cups-ipp-" from the reason and create a log message for - * it... - */ - - reason += 9; - if (!strcmp(reason, "missing-cancel-job")) - message = "Printer does not support REQUIRED Cancel-Job operation."; - else if (!strcmp(reason, "missing-get-job-attributes")) - message = "Printer does not support REQUIRED Get-Job-Attributes operation."; - else if (!strcmp(reason, "missing-print-job")) - message = "Printer does not support REQUIRED Print-Job operation."; - else if (!strcmp(reason, "missing-validate-job")) - message = "Printer does not support REQUIRED Validate-Job operation."; - else if (!strcmp(reason, "missing-get-printer-attributes")) - message = "Printer does not support REQUIRED Get-Printer-Attributes operation."; - else if (!strcmp(reason, "missing-send-document")) - message = "Printer supports Create-Job but not Send-Document operation."; - else if (!strcmp(reason, "missing-job-history")) - message = "Printer does not provide REQUIRED job history."; - else if (!strcmp(reason, "missing-job-id")) - message = "Printer does not provide REQUIRED job-id attribute."; - else if (!strcmp(reason, "missing-job-state")) - message = "Printer does not provide REQUIRED job-state attribute."; - else if (!strcmp(reason, "missing-operations-supported")) - message = "Printer does not provide REQUIRED operations-supported " - "attribute."; - else if (!strcmp(reason, "missing-printer-is-accepting-jobs")) - message = "Printer does not provide REQUIRED printer-is-accepting-jobs " - "attribute."; - else if (!strcmp(reason, "missing-printer-state-reasons")) - message = "Printer does not provide REQUIRED printer-state-reasons " - "attribute."; - else if (!strcmp(reason, "wrong-http-version")) - message = "Printer does not use REQUIRED HTTP/1.1 transport."; - else - message = "Unknown IPP conformance failure."; - - cupsdLogMessage(CUPSD_LOG_WARN, "%s: %s", p->name, message); - -#ifdef __APPLE__ - /* - * Report the failure information to Apple if the user opts into providing - * feedback to Apple... - */ - - aslm = asl_new(ASL_TYPE_MSG); - if (aslm) - { - asl_set(aslm, "com.apple.message.domain", "com.apple.printing.ipp.conformance"); - asl_set(aslm, "com.apple.message.domain_scope", "com.apple.printing.ipp.conformance"); - asl_set(aslm, "com.apple.message.signature", reason); - asl_set(aslm, "com.apple.message.signature2", - p->make_model ? p->make_model : "Unknown"); - asl_log(NULL, aslm, ASL_LEVEL_NOTICE, "%s: %s", - p->make_model ? p->make_model : "Unknown", message); - asl_free(aslm); - } -#endif /* __APPLE__ */ -} - - /* * 'new_media_col()' - Create a media-col collection value. */