import cups-2.3.3op2-13.el9_0.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
d507193e9f
commit
a69708c1f2
@ -0,0 +1,35 @@
|
|||||||
|
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||||
|
Date: Thu, 26 May 2022 06:27:04 +0200
|
||||||
|
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
|
||||||
|
CVE-2022-26691)
|
||||||
|
|
||||||
|
The previous algorithm didn't expect the strings can have a different
|
||||||
|
length, so one string can be a substring of the other and such substring
|
||||||
|
was reported as equal to the longer string.
|
||||||
|
---
|
||||||
|
CHANGES.md | 1 +
|
||||||
|
scheduler/cert.c | 9 ++++++++-
|
||||||
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/scheduler/cert.c b/scheduler/cert.c
|
||||||
|
index b268bf1b2..9b65b96c9 100644
|
||||||
|
--- a/scheduler/cert.c
|
||||||
|
+++ b/scheduler/cert.c
|
||||||
|
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
|
||||||
|
b ++;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return (result);
|
||||||
|
+ /*
|
||||||
|
+ * The while loop finishes when *a == '\0' or *b == '\0'
|
||||||
|
+ * so after the while loop either both *a and *b == '\0',
|
||||||
|
+ * or one points inside a string, so when we apply bitwise OR on *a,
|
||||||
|
+ * *b and result, we get a non-zero return value if the compared strings don't match.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ return (result | *a | *b);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.36.1
|
||||||
|
|
||||||
@ -17,7 +17,7 @@ Summary: CUPS printing system
|
|||||||
Name: cups
|
Name: cups
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.3.3%{OP_VER}
|
Version: 2.3.3%{OP_VER}
|
||||||
Release: 13%{?dist}
|
Release: 13%{?dist}.1
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
Url: http://www.cups.org/
|
Url: http://www.cups.org/
|
||||||
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
||||||
@ -97,6 +97,8 @@ Patch25: cups-fips-restrict-md5.patch
|
|||||||
# Memory leak fixes (bug #1964975)
|
# Memory leak fixes (bug #1964975)
|
||||||
# https://github.com/OpenPrinting/cups/pull/322
|
# https://github.com/OpenPrinting/cups/pull/322
|
||||||
Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
|
Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
|
||||||
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||||
|
Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
|
||||||
|
|
||||||
|
|
||||||
##### Patches removed because IMHO they aren't no longer needed
|
##### Patches removed because IMHO they aren't no longer needed
|
||||||
@ -325,6 +327,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
|||||||
%patch25 -p1 -b .restrict-md5
|
%patch25 -p1 -b .restrict-md5
|
||||||
# 1964975 - Memory leak fixes
|
# 1964975 - Memory leak fixes
|
||||||
%patch26 -p1 -b .memleak-fixes
|
%patch26 -p1 -b .memleak-fixes
|
||||||
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||||
|
%patch27 -p1 -b .cve26691
|
||||||
|
|
||||||
|
|
||||||
%if %{lspp}
|
%if %{lspp}
|
||||||
@ -749,6 +753,9 @@ rm -f %{cups_serverbin}/backend/smb
|
|||||||
%{_mandir}/man7/ippeveps.7.gz
|
%{_mandir}/man7/ippeveps.7.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1
|
||||||
|
- CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||||
|
|
||||||
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13
|
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13
|
||||||
- 1964975 - added fix for uninit jump into the leaks patch
|
- 1964975 - added fix for uninit jump into the leaks patch
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user