From b2f53ce65dc3a8a23f3a86618bd198154021bddb Mon Sep 17 00:00:00 2001
From: seuzw <930zhaowei@163.com>
Date: Tue, 1 Sep 2020 22:07:58 +0800
Subject: [PATCH] fix CVE-2020-3898

---
 CVE-2020-3898.patch | 60 +++++++++++++++++++++++++++++++++++++++++++++
 cups.spec           |  9 ++++++-
 2 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-3898.patch

diff --git a/CVE-2020-3898.patch b/CVE-2020-3898.patch
new file mode 100644
index 0000000..d6ff58e
--- /dev/null
+++ b/CVE-2020-3898.patch
@@ -0,0 +1,60 @@
+From 82e3ee0e3230287b76a76fb8f16b92ca6e50b444 Mon Sep 17 00:00:00 2001
+From: steve algernon <salgernon@eapple.com>
+Date: Fri, 24 Apr 2020 13:37:30 -0700
+Subject: [PATCH] Update version to 2.3.3 for:
+
+CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
+
+And build issues due to warnings.
+---
+ cups/ppd.c           |  3 +--
+ ppdc/ppdc-source.cxx | 14 ++++++++------
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444
+
+diff --git a/cups/ppd.c b/cups/ppd.c
+index f96dac0..8db30c5 100644
+--- a/cups/ppd.c
++++ b/cups/ppd.c
+@@ -1730,8 +1730,7 @@ _ppdOpen(
+                      constraint->choice1, constraint->option2,
+ 		     constraint->choice2))
+       {
+-        case 0 : /* Error */
+-	case 1 : /* Error */
++        default : /* Error */
+ 	    pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
+ 	    goto error;
+ 
+diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
+index 5add810..383f018 100644
+--- a/ppdc/ppdc-source.cxx
++++ b/ppdc/ppdc-source.cxx
+@@ -1746,15 +1746,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
+ 
+   switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
+   {
+-    case 0 :
+-        _cupsLangPrintf(stderr,
+-	                _("ppdc: Bad resolution name \"%s\" on line %d of "
+-			  "%s."), name, fp->line, fp->filename);
+-        break;
+     case 1 :
+         ydpi = xdpi;
+ 	break;
+-  }
++    case 2 :
++        break;
++    default :
++        _cupsLangPrintf(stderr,
++                  _("ppdc: Bad resolution name \"%s\" on line %d of "
++        "%s."), name, fp->line, fp->filename);
++        break;
++}
+ 
+   // Create the necessary PS commands...
+   snprintf(command, sizeof(command),
+-- 
+2.23.0
+
diff --git a/cups.spec b/cups.spec
index 002e72f..0fb9eb1 100644
--- a/cups.spec
+++ b/cups.spec
@@ -1,7 +1,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.2.13
-Release: 2
+Release: 3
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: GPLv2+ and LGPLv2+ with exceptions and AML
 Url:     http://www.cups.org/
@@ -33,6 +33,7 @@ Patch18: cups-lpr-help.patch
 Patch19: cups-filter-debug.patch
 Patch20: cups-dymo-deviceid.patch
 Patch21: custom-option-keywords-did-not.patch
+Patch22: CVE-2020-3898.patch
 
 Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
 Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@@ -325,6 +326,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png
 
 %changelog
+* Tue Sep 1 2020 zhaowei <zhaowei23@huawei.com> 2.2.13-3
+- Type:CVE
+- ID:CVE-2020-3898
+- SUG:NA
+- DESC:fix CVE-2020-3898
+
 * Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> 2.2.13-2
 - Type:rebuild
 - ID:NA