From 1b5500ecb863f2418792838c00b015cd1173e559 Mon Sep 17 00:00:00 2001 From: Till Kamppeter Date: Wed, 1 Sep 2010 00:53:53 +0200 Subject: Added two patches to fix some segfaults in 4.0.5. --- debian/changelog | 20 +++++-- debian/patches/series | 2 + debian/patches/strncpy-tochar-use-isempty.patch | 69 +++++++++++++++++++++++++ debian/patches/unhtmlify-segfault.patch | 56 ++++++++++++++++++++ 4 files changed, 142 insertions(+), 5 deletions(-) create mode 100644 debian/patches/series create mode 100644 debian/patches/strncpy-tochar-use-isempty.patch create mode 100644 debian/patches/unhtmlify-segfault.patch diff --git a/debian/changelog b/debian/changelog index 79b975a..4f2f5ba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,24 @@ foomatic-filters (4.0.5-0ubuntu3) UNRELEASED; urgency=low + [ Till Kamppeter ] + * debian/patches/unhtmlify-segfault.patch: Made sure that the unhtmlify() + function does not write the zero byte to mark the string end beyond the + buffer. Also use a much larger buffer for parsing + "*FoomaticRIPOptionPrototype:" in the PPD file (Upstream bug #515). + * debian/patches/strncpy-tochar-use-isempty.patch: In strncpy_tochar() use + the isempty() function to check whether the input string is empty + (Upstream bug #514). + [ Translation updates ] * Italian (Luca Monducci, Closes: #593957) * Russian (Yuri Kozlov, Closes: #593907) * Swedish (Martin Bagge, Closes: #594078) + [ Didier Raboud ] * Substitute the fallacious use of dpkg-vendor in the postinst by build-time distro detection. - -- Didier Raboud Wed, 18 Aug 2010 13:27:54 +0200 + -- Till Kamppeter Wed, 1 Sep 2010 00:43:03 +0200 foomatic-filters (4.0.5-0ubuntu2) maverick; urgency=low @@ -18,7 +28,7 @@ foomatic-filters (4.0.5-0ubuntu2) maverick; urgency=low * Packaging fixes (Closes: #235829, #254682) * Bump Standards to 3.9.1.0 - -- Till Kampeter Tue, 10 Aug 2010 19:18:03 +0200 + -- Till Kamppeter Tue, 10 Aug 2010 19:18:03 +0200 foomatic-filters (4.0.5-0ubuntu1) maverick; urgency=low @@ -67,7 +77,7 @@ foomatic-filters (4.0.5-0ubuntu1) maverick; urgency=low - Rework some Conflicts/Breaks - Update debian/copyright - -- Till Kampeter Tue, 10 Aug 2010 18:59:03 +0200 + -- Till Kamppeter Tue, 10 Aug 2010 18:59:03 +0200 foomatic-filters (4.0.4-0ubuntu2) maverick; urgency=low @@ -78,7 +88,7 @@ foomatic-filters (4.0.4-0ubuntu2) maverick; urgency=low This patch contains the changes which are planned to be introduced in Foomatic 4.0.5, so this can be considered a test release for 4.0.5. - -- Till Kampeter Tue, 8 Jun 2010 17:47:03 +0200 + -- Till Kamppeter Tue, 8 Jun 2010 17:47:03 +0200 foomatic-filters (4.0.4-0ubuntu1) lucid; urgency=low @@ -105,7 +115,7 @@ foomatic-filters (4.0.4-0ubuntu1) lucid; urgency=low * debian/control: Removed build dependency on libgs-dev, foomatic-rip does not need libgs any more. - -- Till Kampeter Mon, 15 Feb 2010 17:14:03 +0100 + -- Till Kamppeter Mon, 15 Feb 2010 17:14:03 +0100 foomatic-filters (4.0.3-0ubuntu4) lucid; urgency=low diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..07477d4 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +strncpy-tochar-use-isempty.patch +unhtmlify-segfault.patch diff --git a/debian/patches/strncpy-tochar-use-isempty.patch b/debian/patches/strncpy-tochar-use-isempty.patch new file mode 100644 index 0000000..7fb83ac --- /dev/null +++ b/debian/patches/strncpy-tochar-use-isempty.patch @@ -0,0 +1,69 @@ +=== modified file 'ChangeLog' +--- foomatic-filters/ChangeLog 2010-08-10 10:06:19 +0000 ++++ foomatic-filters/ChangeLog 2010-08-27 18:01:04 +0000 +@@ -1,3 +1,8 @@ ++2010-08-27 Till Kamppeter ++ ++ * util.c: In strncpy_tochar() use the isempty() function to check ++ whether the input string is empty (bug #514). ++ + 2010-08-10 Till Kamppeter + + * Tagged branch for release 4.0.5. +@@ -10,34 +15,36 @@ + page size in the prototype string for the custom page size + working. Before, only substitution of %0 and %1 worked reliably. + Thanks to Lutz Sammer (johns98 at web dot de) for reporting this +- problem. ++ problem (see also bug 514, comment #1). + + * options.c: Make custom page size settings also work if the custom + size is set via embedded PostScript code and the comment to mark + the selected option setting is only "%% FoomaticRIPOptionSetting: + PageSize=Custom", without the size and unit parameters. Thanks to +- Lutz Sammer for reporting this problem. ++ Lutz Sammer for reporting this problem (see also bug 514, comment #1). + + 2010-07-02 Till Kamppeter + + * spooler.c: Config file for the default printer in spooler-less + (direct) printing mode was not read correctly. Thanks to Lutz +- Sammer (johns98 at web dot de) for reporting this problem. ++ Sammer (johns98 at web dot de) for reporting this problem (see ++ also bug 514, comment #1). + + * spooler.c: Fixed error message output if a printer's PPD is missing + in spooler-less mode. There was a segfault due to the printer name + not specified in the _log() function call. Thanks to Lutz Sammer +- for reporting this problem. ++ for reporting this problem (see also bug 514, comment #1). + + * util.c: The isempty() function did not consider NULL as an empty + string. This caused segfaults when a string is considered non-empty + but in fact it is NULL. Thanks to Lutz Sammer for reporting this +- problem. ++ problem (see also bug 514, comment #1). + + * util.c: strncpy_tochar() did not check whether the input string + is empty and returned a pointer one character beyond the input + string, leading to segfaults in the code calling this function. +- Thanks to Lutz Sammer for reporting this problem. ++ Thanks to Lutz Sammer for reporting this problem (see also bug 514, ++ comment #1). + + 2010-06-08 Till Kamppeter + + +=== modified file 'util.c' +--- foomatic-filters/util.c 2010-07-02 15:57:09 +0000 ++++ foomatic-filters/util.c 2010-08-27 18:01:04 +0000 +@@ -272,7 +272,7 @@ + { + const char *psrc = src; + char *pdest = dest; +- if (!*psrc) { ++ if (isempty(psrc)) { + return NULL; + } + while (*psrc && --max > 0 && !strchr(stopchars, *psrc)) { + diff --git a/debian/patches/unhtmlify-segfault.patch b/debian/patches/unhtmlify-segfault.patch new file mode 100644 index 0000000..c30875d --- /dev/null +++ b/debian/patches/unhtmlify-segfault.patch @@ -0,0 +1,56 @@ +=== modified file 'ChangeLog' +--- foomatic-filters/ChangeLog 2010-08-27 18:01:04 +0000 ++++ foomatic-filters/ChangeLog 2010-08-27 23:41:04 +0000 +@@ -1,5 +1,10 @@ + 2010-08-27 Till Kamppeter + ++ * options.c: Made sure that the unhtmlify() function does not write ++ the zero byte to mark the string end beyond the buffer. Also use a ++ much larger buffer for parsing "*FoomaticRIPOptionPrototype:" in ++ the PPD file (bug #515). ++ + * util.c: In strncpy_tochar() use the isempty() function to check + whether the input string is empty (bug #514). + + +=== modified file 'options.c' +--- foomatic-filters/options.c 2010-07-07 21:49:47 +0000 ++++ foomatic-filters/options.c 2010-08-27 23:41:04 +0000 +@@ -1088,8 +1088,9 @@ + const char *repl; + struct tm *t = localtime(&job->time); + char tmpstr[10]; ++ size_t s; + +- while (*psrc && pdest - dest < size) { ++ while (*psrc && pdest - dest < size - 1) { + + if (*psrc == '&') { + psrc++; +@@ -1154,8 +1155,12 @@ + } + + if (repl) { +- strncpy(pdest, repl, size - (pdest - dest)); +- pdest += strlen(repl); ++ s = size - (pdest - dest) - 1; ++ strncpy(pdest, repl, s); ++ if (s < strlen(repl)) ++ pdest += s; ++ else ++ pdest += strlen(repl); + psrc = strchr(psrc, ';') +1; + } + else { +@@ -1601,8 +1606,8 @@ + /* "*FoomaticRIPOptionPrototype