From f083cb8e2f992eee1c05cf928d2fcf81a66494ee Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Sat, 6 Feb 2021 17:30:04 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/cups.git#7083485948ccbec92c565cac7c12c5dfaddc0484 --- .gitignore | 1 + ...ether-option-variable-exists-or-not-.patch | 35 ---------- cups-2.2.8-source.tar.gz.sig | Bin 585 -> 0 bytes cups-2.3.3op2-source.tar.gz.sig | Bin 0 -> 566 bytes cups-helpcgi-segfault.patch | 13 ---- cups.spec | 23 ++----- cve-2020-10001-ippReadIO-buffer.patch | 61 ------------------ sources | 2 +- 8 files changed, 7 insertions(+), 128 deletions(-) delete mode 100644 0001-Add-check-for-whether-option-variable-exists-or-not-.patch delete mode 100644 cups-2.2.8-source.tar.gz.sig create mode 100644 cups-2.3.3op2-source.tar.gz.sig delete mode 100644 cups-helpcgi-segfault.patch delete mode 100644 cve-2020-10001-ippReadIO-buffer.patch diff --git a/.gitignore b/.gitignore index fac2d0d..30cd92a 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ cups-1.4.4-source.tar.bz2 /cups-2.3.1-source.tar.gz /cups-2.3.3-source.tar.gz /cups-2.3.3op1-source.tar.gz +/cups-2.3.3op2-source.tar.gz diff --git a/0001-Add-check-for-whether-option-variable-exists-or-not-.patch b/0001-Add-check-for-whether-option-variable-exists-or-not-.patch deleted file mode 100644 index f93498d..0000000 --- a/0001-Add-check-for-whether-option-variable-exists-or-not-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 96a6f61db6eb0fc450e00168903b795c57b033cb Mon Sep 17 00:00:00 2001 -From: = -Date: Sat, 23 Jan 2021 00:44:09 +0530 -Subject: [PATCH] Add check for whether 'option' variable exists or not for - closeUI and JCLCloseUI lines in ppd.c - ---- - cups/ppd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cups/ppd.c b/cups/ppd.c -index ae411cb3a..a82c8a584 100644 ---- a/cups/ppd.c -+++ b/cups/ppd.c -@@ -1496,7 +1496,7 @@ _ppdOpen( - goto error; - } - -- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)) -+ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))) - { - /* - * "*DefaultOption: Custom..." may set the default to a custom value -@@ -1531,7 +1531,7 @@ _ppdOpen( - goto error; - } - -- if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)) -+ if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))) - { - /* - * "*DefaultOption: Custom..." may set the default to a custom value --- -2.26.2 - diff --git a/cups-2.2.8-source.tar.gz.sig b/cups-2.2.8-source.tar.gz.sig deleted file mode 100644 index 278cb83362b05106cf96d4eca8989ada5ee19ba9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 585 zcmV-P0=E5$0!9P?0SW*x79j*h(1Vn2Ff}MEJj$B%G!Q~H+L!AE0$Uf)f)X5aWn*=6 zX>@r&V|8$IE^l&Y0162Z^fVAcHQJZ!JF^e~&(&saVhEQ-zDHy&E@3j1?rCLMq{g9KJb65_&@ z69t^A(4XdKocu6u5mkl`NaL8=5)g|gH4l>qUwGD|vg@6=FYzC%Xe3}r%bRASs%w*d z33+a&W=^t^=!l?IbW#iO%nGog+A+*i$0Z!!>)b%-skT!qX*Kb51oyIB?xYRJlLrvv z5rrY$5DQs!Yi9(xXBZfB>9NWhLuVYEgpO#ic5}+VRz+mG)F;m64V?baf{OnlmL{op z2ia8o(mcJTqtyBhuTOyM=$1;W|9u$G?1IYFc3|dsS@lFRYx>m)eraD-y;bUoW(~F( z-EngwH22Wix%8I7xtcIT3HCH|zf$vPNhK%PBG)nuFpLrHhtjYec(Pb2?hjgeQ$-iT z{ZCxYCa{$Z&D53=;!EXKPp~N=m}8>diQ_JXyG+yOz7*NZ&rZ%KL9=l;`7S>y*wLAF XUojQytsGUq2d$GVW!D4-#X~C5RBI8L diff --git a/cups-2.3.3op2-source.tar.gz.sig b/cups-2.3.3op2-source.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000..360376cec6fcb3b1d27f843fee93e4e298fe9a33 GIT binary patch literal 566 zcmV-60?GY}0y6{v0SW*e79j+LRAgogXlkoAR10sJm06%Cfmu}r0$>AOu9`P^e~CK&a-KLEl`2zGwEswOk3Rvy*uef?$Kq+bl91ywCLrb@MWGRqsH zfLIEh39!1irG*u@$!xGqiKJOF9JA)?QQDzUGR$`(g$WZSbe0Z_)&gs~yU%#av!~EP z$s%f%HDFlAM#}_jXclSo_PIi2A%%$ZiNv_&&9&))?BT?gy&wKb&A<|+`R#2X+}bEM zSX^g(z%+}armukJzh?Ba#fQuM%LHwO(w3E+4F|e0h2AEKErEx3@+RADq@SQLiayc#t@Uu+5xdPcDx(*jbXTJL(*GegX1 z<4j4JMz=a3Ug_h+_iVw6cAO=@0T~_#tsMHDB!r~fY_!W*5RPwt98#SIogqzR=WWS7 zi_2U0muvKjE&I~H5iiRA44+ClyMqh^dm;TimZKR-L530oVKz%8tdaVNv9x!I$Ho!) zx?OBW0ppoycg?10WkI0!d4GRzc4<>`zL;+ljkw|uP(|VhrR;bVf@ua$hf@0ryD>j6 EGLy3qA^-pY literal 0 HcmV?d00001 diff --git a/cups-helpcgi-segfault.patch b/cups-helpcgi-segfault.patch deleted file mode 100644 index 67f48cc..0000000 --- a/cups-helpcgi-segfault.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/cgi-bin/help-index.c b/cgi-bin/help-index.c -index ce97e47..3da1010 100644 ---- a/cgi-bin/help-index.c -+++ b/cgi-bin/help-index.c -@@ -579,7 +579,7 @@ helpSearchIndex(help_index_t *hi, /* I - Index */ - */ - - for (; node; node = (help_node_t *)cupsArrayNext(hi->nodes)) -- if (section && strcmp(node->section, section)) -+ if (node->section && section && strcmp(node->section, section)) - continue; - else if (filename && strcmp(node->filename, filename)) - continue; diff --git a/cups.spec b/cups.spec index 63b0bd3..d62f548 100644 --- a/cups.spec +++ b/cups.spec @@ -11,13 +11,13 @@ #%%global VERSION %%{version}%%{prever} %global VERSION %{version} # Openprinting version -%global OP_VER op1 +%global OP_VER op2 Summary: CUPS printing system Name: cups Epoch: 1 Version: 2.3.3%{OP_VER} -Release: 4%{?dist} +Release: 1%{?dist} License: ASL 2.0 Url: http://www.cups.org/ # Apple stopped uploading the new versions into github, use OpenPrinting fork @@ -69,15 +69,6 @@ Patch100: cups-lspp.patch %endif #### UPSTREAM PATCHES (starts with 1000) #### -# backported from upstream -Patch1000: cve-2020-10001-ippReadIO-buffer.patch -# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV -# help.cgi segfaulted because it compared NULL in strcmp() -# backported from upstream https://github.com/OpenPrinting/cups/pull/81 -Patch1001: cups-helpcgi-segfault.patch -# 1909980 - cupsd crashes on parsing malformed Brother PPD -# backported from upstream https://github.com/OpenPrinting/cups/pull/78 -Patch1002: 0001-Add-check-for-whether-option-variable-exists-or-not-.patch ##### Patches removed because IMHO they aren't no longer needed ##### but still I'll leave them in git in case their removal @@ -278,13 +269,6 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch13 -p1 -b .dymo-deviceid # UPSTREAM PATCHES -# cve-2020-10001 -%patch1000 -p1 -b .cve2020-10001 -# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV -%patch1001 -p1 -b .helpcgi-segfault -# 1909980 - cupsd crashes on parsing malformed Brother PPD -%patch1002 -p1 -b .malformed-ppd-crash - %if %{lspp} @@ -691,6 +675,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog +* Tue Feb 02 2021 Zdenek Dohnal - 1:2.3.3op2-1 +- 1923828 - cups-2.3.3op2 is available + * Mon Feb 01 2021 Zdenek Dohnal - 1:2.3.3op1-4 - fix for CVE-2020-10001 - recommend nss-mdns for Fedora to have a working default for now diff --git a/cve-2020-10001-ippReadIO-buffer.patch b/cve-2020-10001-ippReadIO-buffer.patch deleted file mode 100644 index efc6492..0000000 --- a/cve-2020-10001-ippReadIO-buffer.patch +++ /dev/null @@ -1,61 +0,0 @@ -Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it -reads tagged string values (nameWithLanguage and textWithLanguage). The -previous code verified that the length of the sub-strings (language identifier -and name/text value) did not exceed the size of the allocated buffer (1 byte -larger than the maximum IPP value size of 32767 bytes), but did not validate -against the length of the actual IPP value. - -The issues introduced by this vulnerability include: - -- Potential information disclosure by copying uninitialized areas of memory into - an IPP string value. -- Potential Denial of Service by supplying/using invalid string values when - strict validation has been disabled by the system administrator. - -This change ensures that: - -1. The language identifier does not extend beyond the end of the IPP value. -2. The length of the name/text string is within the IPP value. -3. The name/text string is within the IPP value. - -diff --git a/cups/ipp.c b/cups/ipp.c -index 3d529346c..adbb26fba 100644 ---- a/cups/ipp.c -+++ b/cups/ipp.c -@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */ - unsigned char *buffer, /* Data buffer */ - string[IPP_MAX_TEXT], - /* Small string buffer */ -- *bufptr; /* Pointer into buffer */ -+ *bufptr, /* Pointer into buffer */ -+ *bufend; /* End of buffer */ - ipp_attribute_t *attr; /* Current attribute */ - ipp_tag_t tag; /* Current tag */ - ipp_tag_t value_tag; /* Current value tag */ -@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */ - } - - bufptr = buffer; -+ bufend = buffer + n; - - /* - * text-with-language and name-with-language are composite -@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */ - - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string)) -+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string)) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP language length overflows value."), 1); -@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */ - bufptr += 2 + n; - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) -+ if ((bufptr + 2 + n) > bufend) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP string length overflows value."), 1); - diff --git a/sources b/sources index 47d80ab..4eafbc3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cups-2.3.3op1-source.tar.gz) = 89949b4190288d5464f425cbff6b854e9da96ba3071e4e0d595ad581797b2db4724f49d884f3ea43e372ed4d0faec72839b0b7182cdde13b96f2824d619a4843 +SHA512 (cups-2.3.3op2-source.tar.gz) = db27dd6fb616bd7ad895b2bdf4ea7b010501358a50dc8f2e7e29558d1cfc088a572b1b35ac512654d3ed410c84df87dc34ca636533a4499117253915d4763117