rpms/hplip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

OSH fixes after CVE-2026-8631

Browse Source 
Resolves: RHEL-178718
This commit is contained in:
Zdenek Dohnal 2026-06-12 11:54:51 +02:00
parent 1d300793a2
commit 5fd973cd2c
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
hplip-CVE-2026-8631-osh.patch Normal file
View File

@ -0,0 +1,35 @@
diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp
index 1952ef2..0b3208a 100644
--- a/prnt/hpcups/genPCLm.cpp
+++ b/prnt/hpcups/genPCLm.cpp
@@ -1921,8 +1921,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
#ifdef SUPPORT_WHITE_STRIPS
int whiteStripLen=0;
if(!safe_mul_int_positive(thisHeight, currSourceWidth, &whiteStripLen) ||
- !safe_mul_int_positive(whiteStripLen, srcNumComponents, &whiteStripLen))
+ !safe_mul_int_positive(thisHeight, srcNumComponents, &whiteStripLen))
+ {
+ free(newStripPtr);
return(errorOutAndCleanUp());
+ }
bool whiteStrip=isWhiteStrip(pInBuffer, whiteStripLen);
if(DebugIt2)
{
@@ -1944,11 +1947,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh
ubyte whitePt=0xff;
size_t tmpStripSize=0;
if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize))
+ {
+ free(newStripPtr);
return(errorOutAndCleanUp());
+ }
ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize);
if(!tmpStrip)
+ {
+ free(newStripPtr);
return(errorOutAndCleanUp());
+ }
memset(tmpStrip,whitePt,tmpStripSize);

11
hplip.spec
View File

@ -7,7 +7,7 @@
Summary: HP Linux Imaging and Printing Project
Name: hplip
Version: 3.18.4
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2+ and MIT and BSD and IJG and Public Domain and GPLv2+ with exceptions and ISC
Url: https://developers.hp.com/hp-linux-imaging-and-printing
@ -53,6 +53,8 @@ Patch33: hplip-CVE-2026-8632.patch
# via integer overflow in hpcups
# https://redhat.atlassian.net/browse/RHEL-178718
Patch34: hplip-CVE-2026-8631.patch
# OSH fixes after CVE-2026-8631
Patch35: hplip-CVE-2026-8631-osh.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: python3-pillow
@ -265,6 +267,8 @@ rm prnt/hpcups/ErnieFilter.{cpp,h} prnt/hpijs/ernieplatform.h
%patch -P 33 -p1 -b .CVE-2026-8632
# CVE-2026-8631 - integer overflow in hpcups
%patch -P 34 -p1 -b .CVE-2026-8631
# OSH fixes after CVE-2026-8631
%patch -P 35 -p1 -b .CVE-2026-8631-osh
sed -i.duplex-constraints \
-e 's,\(UIConstraints.* \*Duplex\),//\1,' \
@ -550,7 +554,10 @@ rm -f %{buildroot}%{_sysconfdir}/xdg/autostart/hplip-systray.desktop
%config(noreplace) %{_sysconfdir}/sane.d/dll.d/hpaio
%changelog
* Tue Jun 10 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-11
* Fri Jun 12 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-12
- OSH fixes after CVE-2026-8631
* Tue Jun 09 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.18.4-11
- CVE-2026-8631 hplip: Arbitrary code execution and privilege escalation
via integer overflow in hpcups