packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!83 fix CVE-2019-8842

Browse Source 
From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2022-07-15 03:25:20 +00:00 committed by Gitee
commit 21914def93
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2019-8842.patch Normal file
View File

@ -0,0 +1,41 @@
From 82e3ee0e3230287b76a76fb8f16b92ca6e50b444 Mon Sep 17 00:00:00 2001
From: steve algernon <salgernon@eapple.com>
Date: Fri, 24 Apr 2020 13:37:30 -0700
Subject: [PATCH] Update version to 2.3.3 for:
CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
CVE-2019-8842 - cups/ipp.c: ippReadIO
And build issues due to warnings.
---
CHANGES.md | 11 ++++++++++-
INSTALL.md | 2 +-
README.md | 2 +-
config-scripts/cups-compiler.m4 | 6 ++----
configure | 24 +++++++++++-------------
configure.ac | 2 +-
cups/cups.h | 4 ++--
cups/cupspm.md | 2 +-
cups/ipp.c | 2 +-
cups/ppd.c | 3 +--
doc/help/cupspm.html | 2 +-
locale/cups.pot | 2 +-
ppdc/ppdc-source.cxx | 16 +++++++++-------
scheduler/printers.c | 2 +-
vcnet/config.h | 4 ++--
xcode/config.h | 4 ++--
16 files changed, 47 insertions(+), 41 deletions(-)
diff --git a/cups/ipp.c b/cups/ipp.c
index 1595b8b610..3d529346c2 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2956,7 +2956,7 @@ ippReadIO(void *src, /* I - Data source */
* Read 32-bit "extension" tag...
*/
- if ((*cb)(src, buffer, 4) < 1)
+ if ((*cb)(src, buffer, 4) < 4)
{
DEBUG_puts("1ippReadIO: Callback returned EOF/error");
_cupsBufferRelease((char *)buffer);

7
cups.spec
View File

@ -1,7 +1,7 @@
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.2.13 Version: 2.2.13
Release: 12 Release: 13
Summary: CUPS is the standards-based, open source printing system for linux operating systems. Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
@ -36,6 +36,8 @@ Patch22: CVE-2020-3898.patch
Patch6000: backport-CVE-2020-10001.patch Patch6000: backport-CVE-2020-10001.patch
Patch6001: backport-to-make-sure-service-start-in-the-right-order.patch Patch6001: backport-to-make-sure-service-start-in-the-right-order.patch
Patch6002: backport-CVE-2022-26691.patch Patch6002: backport-CVE-2022-26691.patch
#Partial backport of 82e3ee0e3230287b76a76fb8f16b92ca6e50b444
Patch6003: CVE-2019-8842.patch
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@ -327,6 +329,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png %doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog %changelog
* Thu Jul 14 2022 zhouwenpei <zhouwenpei1@h-partners.com> 2.2.13-13
- fix CVE-2019-8842
* Thu Jun 9 2022 hanhui <hanhui15@h-partners.com> 2.2.13-12 * Thu Jun 9 2022 hanhui <hanhui15@h-partners.com> 2.2.13-12
- fix CVE-2022-26691 - fix CVE-2022-26691