diff --git a/cups-str3382.patch b/cups-str3382.patch new file mode 100644 index 0000000..2999c79 --- /dev/null +++ b/cups-str3382.patch @@ -0,0 +1,64 @@ +diff -up cups-1.4.1/cups/tempfile.c.str3382 cups-1.4.1/cups/tempfile.c +--- cups-1.4.1/cups/tempfile.c.str3382 2008-12-10 06:03:11.000000000 +0100 ++++ cups-1.4.1/cups/tempfile.c 2009-10-20 15:08:39.000000000 +0200 +@@ -35,6 +35,7 @@ + # include + #else + # include ++# include + #endif /* WIN32 || __EMX__ */ + + +@@ -56,7 +57,7 @@ cupsTempFd(char *filename, /* I - Point + char tmppath[1024]; /* Windows temporary directory */ + DWORD curtime; /* Current time */ + #else +- struct timeval curtime; /* Current time */ ++ mode_t old_umask; /* Old umask before using mkstemp() */ + #endif /* WIN32 */ + + +@@ -107,33 +108,25 @@ cupsTempFd(char *filename, /* I - Point + + snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir, + GetCurrentProcessId(), curtime); +-#else +- /* +- * Get the current time of day... +- */ +- +- gettimeofday(&curtime, NULL); +- +- /* +- * Format a string using the hex time values... +- */ +- +- snprintf(filename, len - 1, "%s/%08lx%05lx", tmpdir, +- (unsigned long)curtime.tv_sec, (unsigned long)curtime.tv_usec); +-#endif /* WIN32 */ + + /* + * Open the file in "exclusive" mode, making sure that we don't + * stomp on an existing file or someone's symlink crack... + */ + +-#ifdef WIN32 + fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, + _S_IREAD | _S_IWRITE); +-#elif defined(O_NOFOLLOW) +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); + #else +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); ++ ++ /* ++ * Use the standard mkstemp() call to make a temporary filename ++ * securely. -- andrew.wood@jdplc.com ++ */ ++ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); ++ ++ old_umask = umask(0077); ++ fd = mkstemp(filename); ++ umask(old_umask); + #endif /* WIN32 */ + + if (fd < 0 && errno != EEXIST) diff --git a/cups.spec b/cups.spec index dd4f5f6..f7b1798 100644 --- a/cups.spec +++ b/cups.spec @@ -9,7 +9,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.4.1 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/1.4.0/cups-%{version}-source.tar.bz2 @@ -56,6 +56,7 @@ Patch35: cups-cups-get-classes.patch Patch37: cups-avahi.patch Patch38: cups-str3332.patch Patch39: cups-str3356.patch +Patch40: cups-str3382.patch Patch100: cups-lspp.patch Epoch: 1 Url: http://www.cups.org/ @@ -216,6 +217,7 @@ gzip -n postscript.ppd %patch37 -p1 -b .avahi %patch38 -p1 -b .str3332 %patch39 -p1 -b .str3356 +%patch40 -p1 -b .str3382 %if %lspp %patch100 -p1 -b .lspp @@ -512,6 +514,9 @@ rm -rf $RPM_BUILD_ROOT %{php_extdir}/phpcups.so %changelog +* Tue Oct 20 2009 Jiri Popelka 1:1.4.1-6 +- Fix cups-lpd to create unique temporary data files (bug #529838). + * Mon Oct 19 2009 Tim Waugh 1:1.4.1-5 - Fixed German translation (bug #529575, STR #3380).