!83 fix CVE-2019-8842

From: @zhouwenpei Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-07-15 03:25:20 +00:00 · 2022-07-15 03:25:20 +00:00 · 21914def93
commit 21914def93
parent f1bb1583f8 825c90e481
2 changed files with 47 additions and 1 deletions
--- a/CVE-2019-8842.patch
+++ b/CVE-2019-8842.patch
@ -0,0 +1,41 @@
+From 82e3ee0e3230287b76a76fb8f16b92ca6e50b444 Mon Sep 17 00:00:00 2001
+From: steve algernon <salgernon@eapple.com>
+Date: Fri, 24 Apr 2020 13:37:30 -0700
+Subject: [PATCH] Update version to 2.3.3 for:
+
+CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
+CVE-2019-8842 - cups/ipp.c: ippReadIO
+
+And build issues due to warnings.
+---
+ CHANGES.md                      | 11 ++++++++++-
+ INSTALL.md                      |  2 +-
+ README.md                       |  2 +-
+ config-scripts/cups-compiler.m4 |  6 ++----
+ configure                       | 24 +++++++++++-------------
+ configure.ac                    |  2 +-
+ cups/cups.h                     |  4 ++--
+ cups/cupspm.md                  |  2 +-
+ cups/ipp.c                      |  2 +-
+ cups/ppd.c                      |  3 +--
+ doc/help/cupspm.html            |  2 +-
+ locale/cups.pot                 |  2 +-
+ ppdc/ppdc-source.cxx            | 16 +++++++++-------
+ scheduler/printers.c            |  2 +-
+ vcnet/config.h                  |  4 ++--
+ xcode/config.h                  |  4 ++--
+ 16 files changed, 47 insertions(+), 41 deletions(-)
+
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 1595b8b610..3d529346c2 100644
+--- a/cups/ipp.c
+++ b/cups/ipp.c
+@@ -2956,7 +2956,7 @@ ippReadIO(void       *src,		/* I - Data source */
+             * Read 32-bit "extension" tag...
+             */
+ 
+-	    if ((*cb)(src, buffer, 4) < 1)
+	    if ((*cb)(src, buffer, 4) < 4)
+ 	    {
+ 	      DEBUG_puts("1ippReadIO: Callback returned EOF/error");
+ 	      _cupsBufferRelease((char *)buffer);
--- a/cups.spec
+++ b/cups.spec
@ -1,7 +1,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.2.13
-Release: 12
+Release: 13
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: GPLv2+ and LGPLv2+ with exceptions and AML
 Url:     http://www.cups.org/
@ -36,6 +36,8 @@ Patch22: CVE-2020-3898.patch
 Patch6000: backport-CVE-2020-10001.patch
 Patch6001: backport-to-make-sure-service-start-in-the-right-order.patch
 Patch6002: backport-CVE-2022-26691.patch
+#Partial backport of 82e3ee0e3230287b76a76fb8f16b92ca6e50b444
+Patch6003: CVE-2019-8842.patch

 Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
 Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@ -327,6 +329,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png

 %changelog
+* Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> 2.2.13-13
+- fix CVE-2019-8842
+
 * Thu Jun 9 2022 hanhui <hanhui15@h-partners.com> 2.2.13-12
 - fix CVE-2022-26691