rpms
/
cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources 

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/cups.git#062d1b76c54865ab08aaa38de4f099e463555d2e
This commit is contained in:
DistroBaker 2021-02-01 13:57:43 +00:00
parent 58eeb0701f
commit 72209ce1da
4 changed files with 150 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0001-Add-check-for-whether-option-variable-exists-or-not-.patch Normal file
View File

@ -0,0 +1,35 @@
From 96a6f61db6eb0fc450e00168903b795c57b033cb Mon Sep 17 00:00:00 2001
From: = <awesomepranshu@gmail.com>
Date: Sat, 23 Jan 2021 00:44:09 +0530
Subject: [PATCH] Add check for whether 'option' variable exists or not for
closeUI and JCLCloseUI lines in ppd.c
---
cups/ppd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cups/ppd.c b/cups/ppd.c
index ae411cb3a..a82c8a584 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1496,7 +1496,7 @@ _ppdOpen(
goto error;
}
- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))
+ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)))
{
/*
* "*DefaultOption: Custom..." may set the default to a custom value
@@ -1531,7 +1531,7 @@ _ppdOpen(
goto error;
}
- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))
+ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)))
{
/*
* "*DefaultOption: Custom..." may set the default to a custom value
--
2.26.2

13
cups-helpcgi-segfault.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/cgi-bin/help-index.c b/cgi-bin/help-index.c
index ce97e47..3da1010 100644
--- a/cgi-bin/help-index.c
+++ b/cgi-bin/help-index.c
@@ -579,7 +579,7 @@ helpSearchIndex(help_index_t *hi, /* I - Index */
*/
for (; node; node = (help_node_t *)cupsArrayNext(hi->nodes))
- if (section && strcmp(node->section, section))
+ if (node->section && section && strcmp(node->section, section))
continue;
else if (filename && strcmp(node->filename, filename))
continue;

42
cups.spec
View File

@ -17,7 +17,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.3.3%{OP_VER}
Release: 3%{?dist}
Release: 4%{?dist}
License: ASL 2.0
Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -69,6 +69,15 @@ Patch100: cups-lspp.patch
%endif
#### UPSTREAM PATCHES (starts with 1000) ####
# backported from upstream
Patch1000: cve-2020-10001-ippReadIO-buffer.patch
# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV
# help.cgi segfaulted because it compared NULL in strcmp()
# backported from upstream https://github.com/OpenPrinting/cups/pull/81
Patch1001: cups-helpcgi-segfault.patch
# 1909980 - cupsd crashes on parsing malformed Brother PPD
# backported from upstream https://github.com/OpenPrinting/cups/pull/78
Patch1002: 0001-Add-check-for-whether-option-variable-exists-or-not-.patch
##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal
@ -109,6 +118,11 @@ BuildRequires: audit-libs-devel
# getaddrinfo from glibc needs nss-mdns or systemd-resolved for resolving
# mdns .local addresses. Don't require a specific package for now and let
# the user to decide what to use
# just recommend nss-mdns for Fedora for now to have working default, but
# don't hardwire it for resolved users
%if 0%{?fedora}
Recommends: nss-mdns
%endif
# avahi is needed for mDNS discovery and sharing queues
Recommends: avahi
@ -170,6 +184,11 @@ Requires: avahi
# mdns address resolver (nss-mdns or systemd-resolved) is needed too,
# but don't require a specific package for now and let the user to choose
# what to use
# just recommend nss-mdns for Fedora for now to have working default, but
# don't hardwire it for resolved users
%if 0%{?fedora}
Recommends: nss-mdns
%endif
%package printerapp
Summary: CUPS printing system - tools for printer application
@ -179,6 +198,11 @@ Requires: avahi
# mdns address resolver (nss-mdns or systemd-resolved) is needed too,
# but don't require a specific package for now and let the user to choose
# what to use
# just recommend nss-mdns for Fedora for now to have working default, but
# don't hardwire it for resolved users
%if 0%{?fedora}
Recommends: nss-mdns
%endif
%description
CUPS printing system provides a portable printing layer for
@ -253,6 +277,16 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
# Added IEEE 1284 Device ID for a Dymo device (bug #747866).
%patch13 -p1 -b .dymo-deviceid
# UPSTREAM PATCHES
# cve-2020-10001
%patch1000 -p1 -b .cve2020-10001
# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV
%patch1001 -p1 -b .helpcgi-segfault
# 1909980 - cupsd crashes on parsing malformed Brother PPD
%patch1002 -p1 -b .malformed-ppd-crash
%if %{lspp}
# LSPP support.
%patch100 -p1 -b .lspp
@ -657,6 +691,12 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz
%changelog
* Mon Feb 01 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op1-4
- fix for CVE-2020-10001
- recommend nss-mdns for Fedora to have a working default for now
- 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV
- 1909980 - cupsd crashes on parsing malformed Brother PPD
* Thu Jan 28 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op1-3
- remove nss-mdns dependency - let the user decide whether use resolved or nss-mdns
- remove cups dependency on cups-ipptool - actually not needed

61
cve-2020-10001-ippReadIO-buffer.patch Normal file
View File

@ -0,0 +1,61 @@
Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it
reads tagged string values (nameWithLanguage and textWithLanguage). The
previous code verified that the length of the sub-strings (language identifier
and name/text value) did not exceed the size of the allocated buffer (1 byte
larger than the maximum IPP value size of 32767 bytes), but did not validate
against the length of the actual IPP value.
The issues introduced by this vulnerability include:
- Potential information disclosure by copying uninitialized areas of memory into
an IPP string value.
- Potential Denial of Service by supplying/using invalid string values when
strict validation has been disabled by the system administrator.
This change ensures that:
1. The language identifier does not extend beyond the end of the IPP value.
2. The length of the name/text string is within the IPP value.
3. The name/text string is within the IPP value.
diff --git a/cups/ipp.c b/cups/ipp.c
index 3d529346c..adbb26fba 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);