import cups-2.3.3op2-13.el9_0.1
This commit is contained in:
		
							parent
							
								
									d507193e9f
								
							
						
					
					
						commit
						a69708c1f2
					
				| @ -0,0 +1,35 @@ | |||||||
|  | From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Zdenek Dohnal <zdohnal@redhat.com> | ||||||
|  | Date: Thu, 26 May 2022 06:27:04 +0200 | ||||||
|  | Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes | ||||||
|  |  CVE-2022-26691) | ||||||
|  | 
 | ||||||
|  | The previous algorithm didn't expect the strings can have a different | ||||||
|  | length, so one string can be a substring of the other and such substring | ||||||
|  | was reported as equal to the longer string. | ||||||
|  | ---
 | ||||||
|  |  CHANGES.md       | 1 + | ||||||
|  |  scheduler/cert.c | 9 ++++++++- | ||||||
|  |  2 files changed, 9 insertions(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/scheduler/cert.c b/scheduler/cert.c
 | ||||||
|  | index b268bf1b2..9b65b96c9 100644
 | ||||||
|  | --- a/scheduler/cert.c
 | ||||||
|  | +++ b/scheduler/cert.c
 | ||||||
|  | @@ -444,5 +444,12 @@ ctcompare(const char *a,		/* I - First string */
 | ||||||
|  |      b ++; | ||||||
|  |    } | ||||||
|  |   | ||||||
|  | -  return (result);
 | ||||||
|  | + /*
 | ||||||
|  | +  * The while loop finishes when *a == '\0' or *b == '\0'
 | ||||||
|  | +  * so after the while loop either both *a and *b == '\0',
 | ||||||
|  | +  * or one points inside a string, so when we apply bitwise OR on *a,
 | ||||||
|  | +  * *b and result, we get a non-zero return value if the compared strings don't match.
 | ||||||
|  | +  */
 | ||||||
|  | +
 | ||||||
|  | +  return (result | *a | *b);
 | ||||||
|  |  } | ||||||
|  | -- 
 | ||||||
|  | 2.36.1 | ||||||
|  | 
 | ||||||
| @ -17,7 +17,7 @@ Summary: CUPS printing system | |||||||
| Name: cups | Name: cups | ||||||
| Epoch: 1 | Epoch: 1 | ||||||
| Version: 2.3.3%{OP_VER} | Version: 2.3.3%{OP_VER} | ||||||
| Release: 13%{?dist} | Release: 13%{?dist}.1 | ||||||
| License: ASL 2.0 | License: ASL 2.0 | ||||||
| Url: http://www.cups.org/ | Url: http://www.cups.org/ | ||||||
| # Apple stopped uploading the new versions into github, use OpenPrinting fork | # Apple stopped uploading the new versions into github, use OpenPrinting fork | ||||||
| @ -97,6 +97,8 @@ Patch25: cups-fips-restrict-md5.patch | |||||||
| # Memory leak fixes (bug #1964975) | # Memory leak fixes (bug #1964975) | ||||||
| # https://github.com/OpenPrinting/cups/pull/322 | # https://github.com/OpenPrinting/cups/pull/322 | ||||||
| Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch | Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch | ||||||
|  | # CVE-2022-26691 cups: authorization bypass when using "local" authorization | ||||||
|  | Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| ##### Patches removed because IMHO they aren't no longer needed | ##### Patches removed because IMHO they aren't no longer needed | ||||||
| @ -325,6 +327,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in | |||||||
| %patch25 -p1 -b .restrict-md5 | %patch25 -p1 -b .restrict-md5 | ||||||
| # 1964975 - Memory leak fixes | # 1964975 - Memory leak fixes | ||||||
| %patch26 -p1 -b .memleak-fixes | %patch26 -p1 -b .memleak-fixes | ||||||
|  | # CVE-2022-26691 cups: authorization bypass when using "local" authorization | ||||||
|  | %patch27 -p1 -b .cve26691 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %if %{lspp} | %if %{lspp} | ||||||
| @ -749,6 +753,9 @@ rm -f %{cups_serverbin}/backend/smb | |||||||
| %{_mandir}/man7/ippeveps.7.gz | %{_mandir}/man7/ippeveps.7.gz | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1 | ||||||
|  | - CVE-2022-26691 cups: authorization bypass when using "local" authorization | ||||||
|  | 
 | ||||||
| * Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13 | * Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13 | ||||||
| - 1964975 - added fix for uninit jump into the leaks patch | - 1964975 - added fix for uninit jump into the leaks patch | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user