fix CVE-2020-3898
This commit is contained in:
seuzw
parent
89cfaa7721
commit
b2f53ce65d
60
CVE-2020-3898.patch
Normal file
60
CVE-2020-3898.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From 82e3ee0e3230287b76a76fb8f16b92ca6e50b444 Mon Sep 17 00:00:00 2001
|
||||
From: steve algernon <salgernon@eapple.com>
|
||||
Date: Fri, 24 Apr 2020 13:37:30 -0700
|
||||
Subject: [PATCH] Update version to 2.3.3 for:
|
||||
|
||||
CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
|
||||
|
||||
And build issues due to warnings.
|
||||
---
|
||||
cups/ppd.c | 3 +--
|
||||
ppdc/ppdc-source.cxx | 14 ++++++++------
|
||||
2 files changed, 9 insertions(+), 8 deletions(-)
|
||||
|
||||
https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444
|
||||
|
||||
diff --git a/cups/ppd.c b/cups/ppd.c
|
||||
index f96dac0..8db30c5 100644
|
||||
--- a/cups/ppd.c
|
||||
+++ b/cups/ppd.c
|
||||
@@ -1730,8 +1730,7 @@ _ppdOpen(
|
||||
constraint->choice1, constraint->option2,
|
||||
constraint->choice2))
|
||||
{
|
||||
- case 0 : /* Error */
|
||||
- case 1 : /* Error */
|
||||
+ default : /* Error */
|
||||
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
|
||||
goto error;
|
||||
|
||||
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
|
||||
index 5add810..383f018 100644
|
||||
--- a/ppdc/ppdc-source.cxx
|
||||
+++ b/ppdc/ppdc-source.cxx
|
||||
@@ -1746,15 +1746,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
|
||||
|
||||
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
|
||||
{
|
||||
- case 0 :
|
||||
- _cupsLangPrintf(stderr,
|
||||
- _("ppdc: Bad resolution name \"%s\" on line %d of "
|
||||
- "%s."), name, fp->line, fp->filename);
|
||||
- break;
|
||||
case 1 :
|
||||
ydpi = xdpi;
|
||||
break;
|
||||
- }
|
||||
+ case 2 :
|
||||
+ break;
|
||||
+ default :
|
||||
+ _cupsLangPrintf(stderr,
|
||||
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
|
||||
+ "%s."), name, fp->line, fp->filename);
|
||||
+ break;
|
||||
+}
|
||||
|
||||
// Create the necessary PS commands...
|
||||
snprintf(command, sizeof(command),
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.2.13
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
|
||||
License: GPLv2+ and LGPLv2+ with exceptions and AML
|
||||
Url: http://www.cups.org/
|
||||
@ -33,6 +33,7 @@ Patch18: cups-lpr-help.patch
|
||||
Patch19: cups-filter-debug.patch
|
||||
Patch20: cups-dymo-deviceid.patch
|
||||
Patch21: custom-option-keywords-did-not.patch
|
||||
Patch22: CVE-2020-3898.patch
|
||||
|
||||
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
|
||||
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
|
||||
@ -325,6 +326,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
|
||||
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
|
||||
|
||||
%changelog
|
||||
* Tue Sep 1 2020 zhaowei <zhaowei23@huawei.com> 2.2.13-3
|
||||
- Type:CVE
|
||||
- ID:CVE-2020-3898
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2020-3898
|
||||
|
||||
* Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> 2.2.13-2
|
||||
- Type:rebuild
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user