Merge branch 'f12' into f13
This commit is contained in:
commit
fdb76c9047
47
cups-CVE-2010-2941.patch
Normal file
47
cups-CVE-2010-2941.patch
Normal file
@ -0,0 +1,47 @@
|
||||
diff -up cups-1.4.4/cups/ipp.c.CVE-2010-2941 cups-1.4.4/cups/ipp.c
|
||||
--- cups-1.4.4/cups/ipp.c.CVE-2010-2941 2010-04-23 19:56:34.000000000 +0100
|
||||
+++ cups-1.4.4/cups/ipp.c 2010-11-11 11:30:28.566745595 +0000
|
||||
@@ -1275,7 +1275,9 @@ ippReadIO(void *src, /* I - Data
|
||||
|
||||
attr->value_tag = tag;
|
||||
}
|
||||
- else if ((value_tag >= IPP_TAG_TEXTLANG &&
|
||||
+ else if (value_tag == IPP_TAG_TEXTLANG ||
|
||||
+ value_tag == IPP_TAG_NAMELANG ||
|
||||
+ (value_tag >= IPP_TAG_TEXT &&
|
||||
value_tag <= IPP_TAG_MIMETYPE))
|
||||
{
|
||||
/*
|
||||
@@ -1283,8 +1285,9 @@ ippReadIO(void *src, /* I - Data
|
||||
* forms; accept sets of differing values...
|
||||
*/
|
||||
|
||||
- if ((tag < IPP_TAG_TEXTLANG || tag > IPP_TAG_MIMETYPE) &&
|
||||
- tag != IPP_TAG_NOVALUE)
|
||||
+ if (tag != IPP_TAG_TEXTLANG && tag != IPP_TAG_NAMELANG &&
|
||||
+ (tag < IPP_TAG_TEXT || tag > IPP_TAG_MIMETYPE) &&
|
||||
+ tag != IPP_TAG_NOVALUE)
|
||||
{
|
||||
DEBUG_printf(("1ippReadIO: 1setOf value tag %x(%s) != %x(%s)",
|
||||
value_tag, ippTagString(value_tag), tag,
|
||||
@@ -2766,6 +2769,7 @@ _ippFreeAttr(ipp_attribute_t *attr) /* I
|
||||
{
|
||||
case IPP_TAG_TEXT :
|
||||
case IPP_TAG_NAME :
|
||||
+ case IPP_TAG_RESERVED_STRING :
|
||||
case IPP_TAG_KEYWORD :
|
||||
case IPP_TAG_URI :
|
||||
case IPP_TAG_URISCHEME :
|
||||
diff -up cups-1.4.4/cups/ipp.h.CVE-2010-2941 cups-1.4.4/cups/ipp.h
|
||||
--- cups-1.4.4/cups/ipp.h.CVE-2010-2941 2010-04-23 19:56:34.000000000 +0100
|
||||
+++ cups-1.4.4/cups/ipp.h 2010-11-11 11:30:28.568745537 +0000
|
||||
@@ -93,7 +93,8 @@ typedef enum ipp_tag_e /**** Format ta
|
||||
IPP_TAG_END_COLLECTION, /* End of collection value */
|
||||
IPP_TAG_TEXT = 0x41, /* Text value */
|
||||
IPP_TAG_NAME, /* Name value */
|
||||
- IPP_TAG_KEYWORD = 0x44, /* Keyword value */
|
||||
+ IPP_TAG_RESERVED_STRING, /* Reserved for future string value @private@ */
|
||||
+ IPP_TAG_KEYWORD, /* Keyword value */
|
||||
IPP_TAG_URI, /* URI value */
|
||||
IPP_TAG_URISCHEME, /* URI scheme value */
|
||||
IPP_TAG_CHARSET, /* Character set value */
|
15
cups-autotype-crash.patch
Normal file
15
cups-autotype-crash.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -up cups-1.4.4/scheduler/ipp.c.autotype-crash cups-1.4.4/scheduler/ipp.c
|
||||
--- cups-1.4.4/scheduler/ipp.c.autotype-crash 2010-10-15 15:25:15.093421917 +0100
|
||||
+++ cups-1.4.4/scheduler/ipp.c 2010-10-15 15:25:49.645296947 +0100
|
||||
@@ -10481,8 +10481,9 @@ send_document(cupsd_client_t *con, /* I
|
||||
if (!filetype)
|
||||
filetype = mimeType(MimeDatabase, super, type);
|
||||
|
||||
- cupsdLogJob(job, CUPSD_LOG_DEBUG, "Request file type is %s/%s.",
|
||||
- filetype->super, filetype->type);
|
||||
+ if (filetype)
|
||||
+ cupsdLogJob(job, CUPSD_LOG_DEBUG, "Request file type is %s/%s.",
|
||||
+ filetype->super, filetype->type);
|
||||
}
|
||||
else
|
||||
filetype = mimeType(MimeDatabase, super, type);
|
13
cups.spec
13
cups.spec
@ -8,7 +8,7 @@
|
||||
Summary: Common Unix Printing System
|
||||
Name: cups
|
||||
Version: 1.4.4
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Daemons
|
||||
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
|
||||
@ -67,10 +67,12 @@ Patch35: cups-dnssd-deviceid.patch
|
||||
Patch36: cups-ricoh-deviceid-oid.patch
|
||||
Patch37: cups-texttops-rotate-page.patch
|
||||
Patch38: cups-str3608.patch
|
||||
Patch39: cups-autotype-crash.patch
|
||||
|
||||
Patch100: cups-lspp.patch
|
||||
|
||||
## SECURITY PATCHES:
|
||||
Patch200: cups-CVE-2010-2941.patch
|
||||
|
||||
Epoch: 1
|
||||
Url: http://www.cups.org/
|
||||
@ -279,6 +281,8 @@ module.
|
||||
# Avoid empty notify-subscribed-event attributes (bug #606909, STR
|
||||
# #3608).
|
||||
%patch38 -p1 -b .str3608
|
||||
# Don't crash when MIME database could not be loaded (bug #610088).
|
||||
%patch39 -p1 -b .autotype-crash
|
||||
|
||||
%if %lspp
|
||||
# LSPP support.
|
||||
@ -286,6 +290,8 @@ module.
|
||||
%endif
|
||||
|
||||
# SECURITY PATCHES:
|
||||
# Fix cupsd memory corruption vulnerability (CVE-2010-2941, bug #652161).
|
||||
%patch200 -p1 -b .CVE-2010-2941
|
||||
|
||||
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
|
||||
|
||||
@ -578,6 +584,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{php_extdir}/phpcups.so
|
||||
|
||||
%changelog
|
||||
* Thu Nov 11 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-11
|
||||
- Applied patch to fix cupsd memory corruption vulnerability
|
||||
(CVE-2010-2941, bug #652161).
|
||||
- Don't crash when MIME database could not be loaded (bug #610088).
|
||||
|
||||
* Fri Sep 17 2010 Tim Waugh <twaugh@redhat.com> 1:1.4.4-10
|
||||
- Perform locking for gnutls and avoid libgcrypt's broken
|
||||
locking (bug #607159).
|
||||
|
Loading…
Reference in New Issue
Block a user