Added two patches to fix some segfaults in 4.0.5.

4 files changed, 142 insertions, 5 deletions

diff --git a/debian/changelog b/debian/changelog
index 79b975a..4f2f5ba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,24 @@
 foomatic-filters (4.0.5-0ubuntu3) UNRELEASED; urgency=low
 
+  [ Till Kamppeter ]
+  * debian/patches/unhtmlify-segfault.patch: Made sure that the unhtmlify()
+    function does not write the zero byte to mark the string end beyond the
+    buffer. Also use a much larger buffer for parsing
+    "*FoomaticRIPOptionPrototype:" in the PPD file (Upstream bug #515).
+  * debian/patches/strncpy-tochar-use-isempty.patch: In strncpy_tochar() use
+    the isempty() function to check whether the input string is empty
+    (Upstream bug #514).
+
   [ Translation updates ]
   * Italian (Luca Monducci, Closes: #593957)
   * Russian (Yuri Kozlov, Closes: #593907)
   * Swedish (Martin Bagge, Closes: #594078)
 
+  [ Didier Raboud ]
   * Substitute the fallacious use of dpkg-vendor in the postinst by build-time
     distro detection.
 
- -- Didier Raboud <didier@raboud.com>  Wed, 18 Aug 2010 13:27:54 +0200
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Wed,  1 Sep 2010 00:43:03 +0200
 
 foomatic-filters (4.0.5-0ubuntu2) maverick; urgency=low
 
@@ -18,7 +28,7 @@ foomatic-filters (4.0.5-0ubuntu2) maverick; urgency=low
   * Packaging fixes (Closes: #235829, #254682)
   * Bump Standards to 3.9.1.0
 
- -- Till Kampeter <till.kamppeter@gmail.com>  Tue, 10 Aug 2010 19:18:03 +0200
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Tue, 10 Aug 2010 19:18:03 +0200
 
 foomatic-filters (4.0.5-0ubuntu1) maverick; urgency=low
 
@@ -67,7 +77,7 @@ foomatic-filters (4.0.5-0ubuntu1) maverick; urgency=low
     - Rework some Conflicts/Breaks
     - Update debian/copyright
 
- -- Till Kampeter <till.kamppeter@gmail.com>  Tue, 10 Aug 2010 18:59:03 +0200
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Tue, 10 Aug 2010 18:59:03 +0200
 
 foomatic-filters (4.0.4-0ubuntu2) maverick; urgency=low
 
@@ -78,7 +88,7 @@ foomatic-filters (4.0.4-0ubuntu2) maverick; urgency=low
     This patch contains the changes which are planned to be introduced in
     Foomatic 4.0.5, so this can be considered a test release for 4.0.5.
 
- -- Till Kampeter <till.kamppeter@gmail.com>  Tue,  8 Jun 2010 17:47:03 +0200
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Tue,  8 Jun 2010 17:47:03 +0200
 
 foomatic-filters (4.0.4-0ubuntu1) lucid; urgency=low
 
@@ -105,7 +115,7 @@ foomatic-filters (4.0.4-0ubuntu1) lucid; urgency=low
   * debian/control: Removed build dependency on libgs-dev, foomatic-rip
     does not need libgs any more.
 
- -- Till Kampeter <till.kamppeter@gmail.com>  Mon, 15 Feb 2010 17:14:03 +0100
+ -- Till Kamppeter <till.kamppeter@gmail.com>  Mon, 15 Feb 2010 17:14:03 +0100
 
 foomatic-filters (4.0.3-0ubuntu4) lucid; urgency=low
 
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..07477d4
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+strncpy-tochar-use-isempty.patch
+unhtmlify-segfault.patch
diff --git a/debian/patches/strncpy-tochar-use-isempty.patch b/debian/patches/strncpy-tochar-use-isempty.patch
new file mode 100644
index 0000000..7fb83ac
--- /dev/null
+++ b/debian/patches/strncpy-tochar-use-isempty.patch
@@ -0,0 +1,69 @@
+=== modified file 'ChangeLog'
+--- foomatic-filters/ChangeLog	2010-08-10 10:06:19 +0000
++++ foomatic-filters/ChangeLog	2010-08-27 18:01:04 +0000
+@@ -1,3 +1,8 @@
++2010-08-27  Till Kamppeter <till.kamppeter@gmail.com>
++
++	* util.c: In strncpy_tochar() use the isempty() function to check
++	  whether the input string is empty (bug #514).
++
+ 2010-08-10  Till Kamppeter <till.kamppeter@gmail.com>
+ 
+ 	* Tagged branch for release 4.0.5.
+@@ -10,34 +15,36 @@
+ 	  page size in the prototype string for the custom page size
+ 	  working. Before, only substitution of %0 and %1 worked reliably.
+ 	  Thanks to Lutz Sammer (johns98 at web dot de) for reporting this
+-	  problem.
++	  problem (see also bug 514, comment #1).
+ 
+ 	* options.c: Make custom page size settings also work if the custom
+ 	  size is set via embedded PostScript code and the comment to mark
+ 	  the selected option setting is only "%% FoomaticRIPOptionSetting:
+ 	  PageSize=Custom", without the size and unit parameters. Thanks to
+-	  Lutz Sammer for reporting this problem.
++	  Lutz Sammer for reporting this problem (see also bug 514, comment #1).
+ 
+ 2010-07-02  Till Kamppeter <till.kamppeter@gmail.com>
+ 
+ 	* spooler.c: Config file for the default printer in spooler-less
+ 	  (direct) printing mode was not read correctly. Thanks to Lutz
+-	  Sammer (johns98 at web dot de) for reporting this problem.
++	  Sammer (johns98 at web dot de) for reporting this problem (see
++	  also bug 514, comment #1).
+ 
+ 	* spooler.c: Fixed error message output if a printer's PPD is missing
+ 	  in spooler-less mode. There was a segfault due to the printer name
+ 	  not specified in the _log() function call. Thanks to Lutz Sammer
+-	  for reporting this problem.
++	  for reporting this problem (see also bug 514, comment #1).
+ 
+ 	* util.c: The isempty() function did not consider NULL as an empty
+ 	  string. This caused segfaults when a string is considered non-empty
+ 	  but in fact it is NULL. Thanks to Lutz Sammer for reporting this
+-	  problem.
++	  problem (see also bug 514, comment #1).
+ 
+ 	* util.c: strncpy_tochar() did not check whether the input string
+ 	  is empty and returned a pointer one character beyond the input
+ 	  string, leading to segfaults in the code calling this function.
+-	  Thanks to Lutz Sammer for reporting this problem.
++	  Thanks to Lutz Sammer for reporting this problem (see also bug 514,
++	  comment #1).
+ 
+ 2010-06-08  Till Kamppeter <till.kamppeter@gmail.com>
+ 
+
+=== modified file 'util.c'
+--- foomatic-filters/util.c	2010-07-02 15:57:09 +0000
++++ foomatic-filters/util.c	2010-08-27 18:01:04 +0000
+@@ -272,7 +272,7 @@
+ {
+     const char *psrc = src;
+     char *pdest = dest;
+-    if (!*psrc) {
++    if (isempty(psrc)) {
+        return NULL;
+     }
+     while (*psrc && --max > 0 && !strchr(stopchars, *psrc)) {
+
diff --git a/debian/patches/unhtmlify-segfault.patch b/debian/patches/unhtmlify-segfault.patch
new file mode 100644
index 0000000..c30875d
--- /dev/null
+++ b/debian/patches/unhtmlify-segfault.patch
@@ -0,0 +1,56 @@
+=== modified file 'ChangeLog'
+--- foomatic-filters/ChangeLog	2010-08-27 18:01:04 +0000
++++ foomatic-filters/ChangeLog	2010-08-27 23:41:04 +0000
+@@ -1,5 +1,10 @@
+ 2010-08-27  Till Kamppeter <till.kamppeter@gmail.com>
+ 
++	* options.c: Made sure that the unhtmlify() function does not write
++	  the zero byte to mark the string end beyond the buffer. Also use a
++	  much larger buffer for parsing "*FoomaticRIPOptionPrototype:" in
++	  the PPD file (bug #515).
++
+ 	* util.c: In strncpy_tochar() use the isempty() function to check
+ 	  whether the input string is empty (bug #514).
+ 
+
+=== modified file 'options.c'
+--- foomatic-filters/options.c	2010-07-07 21:49:47 +0000
++++ foomatic-filters/options.c	2010-08-27 23:41:04 +0000
+@@ -1088,8 +1088,9 @@
+     const char *repl;
+     struct tm *t = localtime(&job->time);
+     char tmpstr[10];
++    size_t s;
+ 
+-    while (*psrc && pdest - dest < size) {
++    while (*psrc && pdest - dest < size - 1) {
+ 
+         if (*psrc == '&') {
+             psrc++;
+@@ -1154,8 +1155,12 @@
+             }
+ 
+             if (repl) {
+-                strncpy(pdest, repl, size - (pdest - dest));
+-                pdest += strlen(repl);
++	        s = size - (pdest - dest) - 1;
++                strncpy(pdest, repl, s);
++		if (s < strlen(repl))
++		  pdest += s;
++		else
++		  pdest += strlen(repl);
+                 psrc = strchr(psrc, ';') +1;
+             }
+             else {
+@@ -1601,8 +1606,8 @@
+             /* "*FoomaticRIPOptionPrototype <option>: <code>"
+                Used for numerical and string options only */
+             opt = assure_option(name);
+-            opt->proto = malloc(128);
+-            unhtmlify(opt->proto, 128, value->data);
++            opt->proto = malloc(65536);
++            unhtmlify(opt->proto, 65536, value->data);
+         }
+         else if (!strcmp(key, "FoomaticRIPOptionRange")) {
+             /* *FoomaticRIPOptionRange <option>: <min> <max>
+