current/SOURCES/hplip-CVE-2013-0200.patch

diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp
--- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200     2013-01-22 10:57:13.651460928 +0000
+++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp   2013-01-22 10:57:34.087541538 +0000
@@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups
         {
             char    szFileName[32];
             memset(szFileName, 0, sizeof(szFileName));
-            snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number);
+            snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number);
             if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
                 cups_header.cupsColorSpace == CUPS_CSPACE_RGB)
             {
-                cfp = fopen (szFileName, "w");
-                chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+               int fd = mkstemp (szFileName);
+               if (fd != -1)
+                   cfp = fdopen (fd, "w");
             }
             if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW ||
                 cups_header.cupsColorSpace == CUPS_CSPACE_K)
             {
-                szFileName[17] = 'k';
-                kfp = fopen (szFileName, "w");
-                chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+               int fd;
+               snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number);
+               fd = mkstemp (szFileName);
+               if (fd != -1)
+                   kfp = fdopen (fd, "w");
             }
             dbglog("9......\n");
             WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);
diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp
--- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200   2012-04-10 09:32:37.000000000 +0100
+++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 +0000
@@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL
     m_fp = NULL;
     if (iLogLevel & SAVE_PCL_FILE)
     {
+       int     fd;
         char    fname[32];
-        sprintf(fname, "/tmp/hpcups_job%d.out", job_id);
-        m_fp = fopen(fname, "w");
-        chmod(fname, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+        sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id);
+       fd = mkstemp (fname);
+       if (fd != -1)
+           m_fp = fdopen(fd, "w");
     }
 }
 
diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp
--- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200     2013-01-22 10:57:12.219455275 +0000
+++ hplip-3.12.4/prnt/hpijs/hpijs.cpp   2013-01-22 10:57:34.089541549 +0000
@@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS)
 
     if (pSS->m_iLogLevel & SAVE_PCL_FILE)
     {
+       int     fd;
         char    szFileName[32];
-       sprintf (szFileName, "/tmp/hpijs_%d.out", getpid());
-       pSS->outfp = fopen (szFileName, "w");
-       if (pSS->outfp)
-       {
-           chmod (szFileName, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-       }
+       sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid());
+       fd = mkstemp (szFileName);
+       if (fd != -1)
+           pSS->outfp = fdopen (fd, "w");
     }
 }
 
diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c
--- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200   2012-04-10 09:32:37.000000000 +0100
+++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 +0000
@@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id)
     g_fp_outdbgps = NULL;
     if (g_savepsfile & SAVE_PS_FILE)
     {
+       int     fd;
         char    sfile_name[FILE_NAME_SIZE] = {0};
-        sprintf(sfile_name, DBG_PSFILE, szjob_id);
-        g_fp_outdbgps= fopen(sfile_name, "w");
-        chmod(sfile_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+        sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id);
+       fd = mkstemp (sfile_name);
+       if (fd != -1)
+           g_fp_outdbgps = fdopen(fd, "w");
     }
 }
 
1	luigiwalser	399969	diff -up hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp
2			--- hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp.CVE-2013-0200 2013-01-22 10:57:13.651460928 +0000
3			+++ hplip-3.12.4/prnt/hpcups/HPCupsFilter.cpp 2013-01-22 10:57:34.087541538 +0000
4			@@ -637,19 +637,22 @@ int HPCupsFilter::processRasterData(cups
5			{
6			char szFileName[32];
7			memset(szFileName, 0, sizeof(szFileName));
8			- snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp", current_page_number);
9			+ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterc_%d.bmp.XXXXXX", current_page_number);
10			if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW \|\|
11			cups_header.cupsColorSpace == CUPS_CSPACE_RGB)
12			{
13			- cfp = fopen (szFileName, "w");
14			- chmod (szFileName, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
15			+ int fd = mkstemp (szFileName);
16			+ if (fd != -1)
17			+ cfp = fdopen (fd, "w");
18			}
19			if (cups_header.cupsColorSpace == CUPS_CSPACE_RGBW \|\|
20			cups_header.cupsColorSpace == CUPS_CSPACE_K)
21			{
22			- szFileName[17] = 'k';
23			- kfp = fopen (szFileName, "w");
24			- chmod (szFileName, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
25			+ int fd;
26			+ snprintf (szFileName, sizeof(szFileName), "/tmp/hpcupsfilterk_%d.bmp.XXXXXX", current_page_number);
27			+ fd = mkstemp (szFileName);
28			+ if (fd != -1)
29			+ kfp = fdopen (fd, "w");
30			}
31			dbglog("9......\n");
32			WriteBMPHeader (cfp, cups_header.cupsWidth, cups_header.cupsHeight, COLOR_RASTER);
33			diff -up hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpcups/SystemServices.cpp
34			--- hplip-3.12.4/prnt/hpcups/SystemServices.cpp.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100
35			+++ hplip-3.12.4/prnt/hpcups/SystemServices.cpp 2013-01-22 10:57:34.088541545 +0000
36			@@ -36,10 +36,12 @@ SystemServices::SystemServices(int iLogL
37			m_fp = NULL;
38			if (iLogLevel & SAVE_PCL_FILE)
39			{
40			+ int fd;
41			char fname[32];
42			- sprintf(fname, "/tmp/hpcups_job%d.out", job_id);
43			- m_fp = fopen(fname, "w");
44			- chmod(fname, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
45			+ sprintf(fname, "/tmp/hpcups_job%d.out.XXXXXX", job_id);
46			+ fd = mkstemp (fname);
47			+ if (fd != -1)
48			+ m_fp = fdopen(fd, "w");
49			}
50			}
51
52			diff -up hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 hplip-3.12.4/prnt/hpijs/hpijs.cpp
53			--- hplip-3.12.4/prnt/hpijs/hpijs.cpp.CVE-2013-0200 2013-01-22 10:57:12.219455275 +0000
54			+++ hplip-3.12.4/prnt/hpijs/hpijs.cpp 2013-01-22 10:57:34.089541549 +0000
55			@@ -96,13 +96,12 @@ void setLogLevel(UXServices *pSS)
56
57			if (pSS->m_iLogLevel & SAVE_PCL_FILE)
58			{
59			+ int fd;
60			char szFileName[32];
61			- sprintf (szFileName, "/tmp/hpijs_%d.out", getpid());
62			- pSS->outfp = fopen (szFileName, "w");
63			- if (pSS->outfp)
64			- {
65			- chmod (szFileName, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
66			- }
67			+ sprintf (szFileName, "/tmp/hpijs_%d.out.XXXXXX", getpid());
68			+ fd = mkstemp (szFileName);
69			+ if (fd != -1)
70			+ pSS->outfp = fdopen (fd, "w");
71			}
72			}
73
74			diff -up hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 hplip-3.12.4/prnt/hpps/hppsfilter.c
75			--- hplip-3.12.4/prnt/hpps/hppsfilter.c.CVE-2013-0200 2012-04-10 09:32:37.000000000 +0100
76			+++ hplip-3.12.4/prnt/hpps/hppsfilter.c 2013-01-22 10:57:34.089541549 +0000
77			@@ -92,10 +92,12 @@ void open_dbg_outfile(char* szjob_id)
78			g_fp_outdbgps = NULL;
79			if (g_savepsfile & SAVE_PS_FILE)
80			{
81			+ int fd;
82			char sfile_name[FILE_NAME_SIZE] = {0};
83			- sprintf(sfile_name, DBG_PSFILE, szjob_id);
84			- g_fp_outdbgps= fopen(sfile_name, "w");
85			- chmod(sfile_name, S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH);
86			+ sprintf(sfile_name, DBG_PSFILE ".XXXXXX", szjob_id);
87			+ fd = mkstemp (sfile_name);
88			+ if (fd != -1)
89			+ g_fp_outdbgps = fdopen(fd, "w");
90			}
91			}
92