packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-3898

Browse Source
This commit is contained in:
seuzw 2020-09-01 22:07:58 +08:00
parent 89cfaa7721
commit b2f53ce65d
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2020-3898.patch Normal file
View File

@ -0,0 +1,60 @@
From 82e3ee0e3230287b76a76fb8f16b92ca6e50b444 Mon Sep 17 00:00:00 2001
From: steve algernon <salgernon@eapple.com>
Date: Fri, 24 Apr 2020 13:37:30 -0700
Subject: [PATCH] Update version to 2.3.3 for:
CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
And build issues due to warnings.
---
cups/ppd.c | 3 +--
ppdc/ppdc-source.cxx | 14 ++++++++------
2 files changed, 9 insertions(+), 8 deletions(-)
https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444
diff --git a/cups/ppd.c b/cups/ppd.c
index f96dac0..8db30c5 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1730,8 +1730,7 @@ _ppdOpen(
constraint->choice1, constraint->option2,
constraint->choice2))
{
- case 0 : /* Error */
- case 1 : /* Error */
+ default : /* Error */
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
goto error;
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index 5add810..383f018 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1746,15 +1746,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
{
- case 0 :
- _cupsLangPrintf(stderr,
- _("ppdc: Bad resolution name \"%s\" on line %d of "
- "%s."), name, fp->line, fp->filename);
- break;
case 1 :
ydpi = xdpi;
break;
- }
+ case 2 :
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
+ "%s."), name, fp->line, fp->filename);
+ break;
+}
// Create the necessary PS commands...
snprintf(command, sizeof(command),
--
2.23.0

9
cups.spec
View File

@ -1,7 +1,7 @@
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.2.13 Version: 2.2.13
Release: 2 Release: 3
Summary: CUPS is the standards-based, open source printing system for linux operating systems. Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
@ -33,6 +33,7 @@ Patch18: cups-lpr-help.patch
Patch19: cups-filter-debug.patch Patch19: cups-filter-debug.patch
Patch20: cups-dymo-deviceid.patch Patch20: cups-dymo-deviceid.patch
Patch21: custom-option-keywords-did-not.patch Patch21: custom-option-keywords-did-not.patch
Patch22: CVE-2020-3898.patch
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
@ -325,6 +326,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png %doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog %changelog
* Tue Sep 1 2020 zhaowei <zhaowei23@huawei.com> 2.2.13-3
- Type:CVE
- ID:CVE-2020-3898
- SUG:NA
- DESC:fix CVE-2020-3898
* Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> 2.2.13-2 * Tue Aug 18 2020 chenyaqiang <chenyaqiang@huawei.com> 2.2.13-2
- Type:rebuild - Type:rebuild
- ID:NA - ID:NA