Import CUPS v1.7.5release-1.7.5branch-1.7

12 files changed, 92 insertions, 38 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 26076645f..d05ce49e6 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,17 @@
-CHANGES.txt - 1.7.4 - 2014-07-08
+CHANGES.txt - 1.7.5 - 2014-07-30
 --------------------------------
 
+CHANGES IN CUPS V1.7.5
+
+	- Security: Addressed some more situations where symlinked files would
+	  be served by the web interface (STR #4455)
+	- The LPD backend did not work with some versions of glibc (STR #4452)
+	- CGI scripts did not work (STR #4454)
+	- The cupsd.conf man page did not list the ErrorPolicy directive
+	  (STR #4457)
+	- Updated the Brazilian Portuguese translation (STR #4456)
+
+
 CHANGES IN CUPS V1.7.4
 
 	- Security: The web interface incorrectly served symlinked files and
@@ -25,7 +36,6 @@ CHANGES IN CUPS V1.7.4
 	- Fixed a bug in the CUPS_SC_GET_DEVICE_ID handling by the network
 	  backends (STR #4447)
 	- Added USB quirk rule for Lexmark E230 (STR #4448)
-	- The LPD backend did not work with some versions of glibc (STR #4452)
 
 
 CHANGES IN CUPS V1.7.3
diff --git a/INSTALL.txt b/INSTALL.txt
index 05d3b39b8..26cb7c03c 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,4 +1,4 @@
-INSTALL - CUPS v1.7.4 - 2014-06-10
+INSTALL - CUPS v1.7.5 - 2014-07-30
 ----------------------------------
 
 This file describes how to compile and install CUPS from source code. For more
diff --git a/README.txt b/README.txt
index 489dc2a1e..de91fe8a8 100644
--- a/README.txt
+++ b/README.txt
@@ -1,4 +1,4 @@
-README - CUPS v1.7.4 - 2014-06-10
+README - CUPS v1.7.5 - 2014-07-30
 ---------------------------------
 
 Looking for compile instructions?  Read the file "INSTALL.txt" instead...
diff --git a/backend/lpd.c b/backend/lpd.c
index 9490950a7..f95f6ba5f 100644
--- a/backend/lpd.c
+++ b/backend/lpd.c
@@ -1,5 +1,5 @@
 /*
- * "$Id: lpd.c 12005 2014-07-08 15:46:59Z msweet $"
+ * "$Id: lpd.c 12025 2014-07-15 13:00:17Z msweet $"
  *
  *   Line Printer Daemon backend for CUPS.
  *
@@ -1276,7 +1276,7 @@ rresvport_af(int *port,			/* IO - Port number to bind to */
     * Try binding the port to the socket; return if all is OK...
     */
 
-    if (!bind(fd, (struct sockaddr *)&addr, httpAddrSize(&addr)))
+    if (!bind(fd, (struct sockaddr *)&addr, httpAddrLength(&addr)))
       return (fd);
 
    /*
@@ -1331,5 +1331,5 @@ sigterm_handler(int sig)		/* I - Signal */
 
 
 /*
- * End of "$Id: lpd.c 12005 2014-07-08 15:46:59Z msweet $".
+ * End of "$Id: lpd.c 12025 2014-07-15 13:00:17Z msweet $".
  */
diff --git a/config-scripts/cups-common.m4 b/config-scripts/cups-common.m4
index a8e016b67..c79070d89 100644
--- a/config-scripts/cups-common.m4
+++ b/config-scripts/cups-common.m4
@@ -20,7 +20,7 @@ dnl Set the name of the config header file...
 AC_CONFIG_HEADER(config.h)
 
 dnl Version number information...
-CUPS_VERSION=1.7.4
+CUPS_VERSION=1.7.5
 CUPS_REVISION=
 #if test -z "$CUPS_REVISION" -a -d .svn; then
 #	CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`"
diff --git a/configure b/configure
index e27240704..04a23df9a 100755
--- a/configure
+++ b/configure
@@ -2517,7 +2517,7 @@ esac
 ac_config_headers="$ac_config_headers config.h"
 
 
-CUPS_VERSION=1.7.4
+CUPS_VERSION=1.7.5
 CUPS_REVISION=
 #if test -z "$CUPS_REVISION" -a -d .svn; then
 #	CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`"
diff --git a/cups/cups.h b/cups/cups.h
index 2af4f533d..3a1e8d1fd 100644
--- a/cups/cups.h
+++ b/cups/cups.h
@@ -1,5 +1,5 @@
 /*
- * "$Id: cups.h 11978 2014-07-02 10:35:09Z msweet $"
+ * "$Id: cups.h 12025 2014-07-15 13:00:17Z msweet $"
  *
  * API definitions for CUPS.
  *
@@ -49,10 +49,10 @@ extern "C" {
  * Constants...
  */
 
-#  define CUPS_VERSION			1.0704
+#  define CUPS_VERSION			1.0705
 #  define CUPS_VERSION_MAJOR		1
 #  define CUPS_VERSION_MINOR		7
-#  define CUPS_VERSION_PATCH		4
+#  define CUPS_VERSION_PATCH		5
 
 #  define CUPS_BC_FD			3
 					/* Back-channel file descriptor for
@@ -623,5 +623,5 @@ extern const char	*cupsUserAgent(void) _CUPS_API_1_7;
 #endif /* !_CUPS_CUPS_H_ */
 
 /*
- * End of "$Id: cups.h 11978 2014-07-02 10:35:09Z msweet $".
+ * End of "$Id: cups.h 12025 2014-07-15 13:00:17Z msweet $".
  */
diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 227ccfe2f..542d9c159 100644
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -227,6 +227,22 @@ milliseconds.
 <dd>Specifies the level of encryption that is required for a particular
 location.
 </dd>
+<dt>ErrorPolicy abort-job
+</dt>
+<dd>Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
+</dd>
+<dt>ErrorPolicy retry-job
+</dt>
+<dd>Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
+</dd>
+<dt>ErrorPolicy retry-this-job
+</dt>
+<dd>Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
+</dd>
+<dt>ErrorPolicy stop-printer
+</dt>
+<dd>Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
+</dd>
 <dt>FilterLimit limit
 </dt>
 <dd></dd>
diff --git a/locale/cups_pt_BR.po b/locale/cups_pt_BR.po
index 664892dae..7b070c168 100644
--- a/locale/cups_pt_BR.po
+++ b/locale/cups_pt_BR.po
@@ -14,17 +14,17 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: CUPS 1.7.2\n"
+"Project-Id-Version: CUPS 1.7.4\n"
 "Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
 "POT-Creation-Date: 2014-05-09 13:32-0700\n"
-"PO-Revision-Date: 2014-04-30 23:57-0300\n"
+"PO-Revision-Date: 2014-07-22 00:19-0300\n"
 "Last-Translator: Rafael Ferreira <rafael.f.f1@gmail.com>\n"
 "Language-Team: Brazilian Portuguese <traducao-cups-pt-br@googlegroups.com>\n"
 "Language: pt_BR\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.6.4\n"
+"X-Generator: Poedit 1.6.5\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
 msgid "\t\t(all)"
@@ -3742,7 +3742,7 @@ msgid "No active connection"
 msgstr "Nenhuma conexão ativa"
 
 msgid "No active connection."
-msgstr ""
+msgstr "Nenhuma conexão ativa."
 
 #, c-format
 msgid "No active jobs on %s."
@@ -3799,7 +3799,7 @@ msgid "No printer-uri in request."
 msgstr "Nenhum printer-uri na requisição."
 
 msgid "No request sent."
-msgstr ""
+msgstr "Nenhuma requisição enviada."
 
 msgid "No request-id"
 msgstr "Nenhum request-id"
diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
index 3435f3939..3e427c33a 100644
--- a/man/cupsd.conf.man.in
+++ b/man/cupsd.conf.man.in
@@ -1,5 +1,5 @@
 .\"
-.\" "$Id: cupsd.conf.man.in 11109 2013-07-08 21:15:13Z msweet $"
+.\" "$Id: cupsd.conf.man.in 12060 2014-07-28 14:04:41Z msweet $"
 .\"
 .\"   cupsd.conf man page for CUPS.
 .\"
@@ -12,7 +12,7 @@
 .\"   which should have been included with this file.  If this file is
 .\"   file is missing or damaged, see the license at "http://www.cups.org/".
 .\"
-.TH cupsd.conf 5 "CUPS" "8 July 2013" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc."
 .SH NAME
 cupsd.conf \- server configuration file for cups
 .SH DESCRIPTION
@@ -180,6 +180,18 @@ Encryption Required
 Specifies the level of encryption that is required for a particular
 location.
 .TP 5
+ErrorPolicy abort-job
+Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
+.TP 5
+ErrorPolicy retry-job
+Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
+.TP 5
+ErrorPolicy retry-this-job
+Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
+.TP 5
+ErrorPolicy stop-printer
+Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
+.TP 5
 FilterLimit limit
 .br
 Specifies the maximum cost of filters that are run concurrently.
@@ -521,5 +533,5 @@ http://localhost:631/help
 .SH COPYRIGHT
 Copyright 2007-2013 by Apple Inc.
 .\"
-.\" End of "$Id: cupsd.conf.man.in 11109 2013-07-08 21:15:13Z msweet $".
+.\" End of "$Id: cupsd.conf.man.in 12060 2014-07-28 14:04:41Z msweet $".
 .\"
diff --git a/packaging/cups.spec b/packaging/cups.spec
index c6da18713..998cf753e 100644
--- a/packaging/cups.spec
+++ b/packaging/cups.spec
@@ -45,12 +45,12 @@
 
 Summary: CUPS
 Name: cups
-Version: 1.7.4
+Version: 1.7.5
 Release: 1
 Epoch: 1
 License: GPL
 Group: System Environment/Daemons
-Source: http://www.cups.org/software/1.7.4/cups-1.7.4-source.tar.bz2
+Source: http://www.cups.org/software/1.7.5/cups-1.7.5-source.tar.bz2
 Url: http://www.cups.org
 Packager: Anonymous <anonymous@foo.com>
 Vendor: Apple Inc.
diff --git a/scheduler/client.c b/scheduler/client.c
index e87f9efcc..51a11acb1 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1,5 +1,5 @@
 /*
- * "$Id: client.c 12009 2014-07-09 17:02:38Z msweet $"
+ * "$Id: client.c 12057 2014-07-22 14:03:19Z msweet $"
  *
  * Client routines for the CUPS scheduler.
  *
@@ -3310,7 +3310,7 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
   * then fallback to the default one...
   */
 
-  if ((status = stat(filename, filestats)) != 0 && language[0] &&
+  if ((status = lstat(filename, filestats)) != 0 && language[0] &&
       strncmp(con->uri, "/icons/", 7) &&
       strncmp(con->uri, "/ppd/", 5) &&
       strncmp(con->uri, "/rss/", 5) &&
@@ -3408,13 +3408,13 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
       plen = len - (ptr - filename);
 
       strlcpy(ptr, "index.html", plen);
-      status = stat(filename, filestats);
+      status = lstat(filename, filestats);
 
 #ifdef HAVE_JAVA
       if (status)
       {
 	strlcpy(ptr, "index.class", plen);
-	status = stat(filename, filestats);
+	status = lstat(filename, filestats);
       }
 #endif /* HAVE_JAVA */
 
@@ -3422,7 +3422,7 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
       if (status)
       {
 	strlcpy(ptr, "index.pl", plen);
-	status = stat(filename, filestats);
+	status = lstat(filename, filestats);
       }
 #endif /* HAVE_PERL */
 
@@ -3430,7 +3430,7 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
       if (status)
       {
 	strlcpy(ptr, "index.php", plen);
-	status = stat(filename, filestats);
+	status = lstat(filename, filestats);
       }
 #endif /* HAVE_PHP */
 
@@ -3438,18 +3438,39 @@ get_file(cupsd_client_t *con,		/* I  - Client connection */
       if (status)
       {
 	strlcpy(ptr, "index.pyc", plen);
-	status = stat(filename, filestats);
+	status = lstat(filename, filestats);
       }
 
       if (status)
       {
 	strlcpy(ptr, "index.py", plen);
-	status = stat(filename, filestats);
+	status = lstat(filename, filestats);
       }
 #endif /* HAVE_PYTHON */
 
     }
     while (status && language[0]);
+
+   /*
+    * If we've found a symlink, 404 the sucker to avoid disclosing information.
+    */
+
+    if (!status && S_ISLNK(filestats->st_mode))
+    {
+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename);
+      return (NULL);
+    }
+
+   /*
+    * Similarly, if the file/directory does not have world read permissions, do
+    * not allow access...
+    */
+
+    if (!status && !(filestats->st_mode & S_IROTH))
+    {
+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+      return (NULL);
+    }
   }
 
   cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -3812,12 +3833,7 @@ pipe_command(cupsd_client_t *con,	/* I - Client connection */
   argv[0] = command;
 
   if (options)
-  {
-    commptr = options;
-    if (*commptr == ' ')
-      commptr ++;
-    strlcpy(argbuf, commptr, sizeof(argbuf));
-  }
+    strlcpy(argbuf, options, sizeof(argbuf));
   else
     argbuf[0] = '\0';
 
@@ -4395,5 +4411,5 @@ write_pipe(cupsd_client_t *con)		/* I - Client connection */
 
 
 /*
- * End of "$Id: client.c 12009 2014-07-09 17:02:38Z msweet $".
+ * End of "$Id: client.c 12057 2014-07-22 14:03:19Z msweet $".
  */