import cups-2.3.3op2-13.el9_0.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
d507193e9f
commit
a69708c1f2
@ -0,0 +1,35 @@
|
||||
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Thu, 26 May 2022 06:27:04 +0200
|
||||
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
|
||||
CVE-2022-26691)
|
||||
|
||||
The previous algorithm didn't expect the strings can have a different
|
||||
length, so one string can be a substring of the other and such substring
|
||||
was reported as equal to the longer string.
|
||||
---
|
||||
CHANGES.md | 1 +
|
||||
scheduler/cert.c | 9 ++++++++-
|
||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scheduler/cert.c b/scheduler/cert.c
|
||||
index b268bf1b2..9b65b96c9 100644
|
||||
--- a/scheduler/cert.c
|
||||
+++ b/scheduler/cert.c
|
||||
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
|
||||
b ++;
|
||||
}
|
||||
|
||||
- return (result);
|
||||
+ /*
|
||||
+ * The while loop finishes when *a == '\0' or *b == '\0'
|
||||
+ * so after the while loop either both *a and *b == '\0',
|
||||
+ * or one points inside a string, so when we apply bitwise OR on *a,
|
||||
+ * *b and result, we get a non-zero return value if the compared strings don't match.
|
||||
+ */
|
||||
+
|
||||
+ return (result | *a | *b);
|
||||
}
|
||||
--
|
||||
2.36.1
|
||||
|
||||
@ -17,7 +17,7 @@ Summary: CUPS printing system
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.3.3%{OP_VER}
|
||||
Release: 13%{?dist}
|
||||
Release: 13%{?dist}.1
|
||||
License: ASL 2.0
|
||||
Url: http://www.cups.org/
|
||||
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
||||
@ -97,6 +97,8 @@ Patch25: cups-fips-restrict-md5.patch
|
||||
# Memory leak fixes (bug #1964975)
|
||||
# https://github.com/OpenPrinting/cups/pull/322
|
||||
Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
|
||||
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
|
||||
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
@ -325,6 +327,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
||||
%patch25 -p1 -b .restrict-md5
|
||||
# 1964975 - Memory leak fixes
|
||||
%patch26 -p1 -b .memleak-fixes
|
||||
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
%patch27 -p1 -b .cve26691
|
||||
|
||||
|
||||
%if %{lspp}
|
||||
@ -749,6 +753,9 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_mandir}/man7/ippeveps.7.gz
|
||||
|
||||
%changelog
|
||||
* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1
|
||||
- CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
|
||||
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13
|
||||
- 1964975 - added fix for uninit jump into the leaks patch
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user