1923828 - cups-2.3.3op2 is available

2021-02-02 07:45:15 +01:00 · 2021-02-02 07:45:15 +01:00 · 7083485948
commit 7083485948
parent 062d1b76c5
8 changed files with 7 additions and 128 deletions
--- a/.gitignore
+++ b/.gitignore
@ -94,3 +94,4 @@ cups-1.4.4-source.tar.bz2
 /cups-2.3.1-source.tar.gz
 /cups-2.3.3-source.tar.gz
 /cups-2.3.3op1-source.tar.gz
+/cups-2.3.3op2-source.tar.gz
--- a/0001-Add-check-for-whether-option-variable-exists-or-not-.patch
+++ b/0001-Add-check-for-whether-option-variable-exists-or-not-.patch
@ -1,35 +0,0 @@
-From 96a6f61db6eb0fc450e00168903b795c57b033cb Mon Sep 17 00:00:00 2001
-From: = <awesomepranshu@gmail.com>
-Date: Sat, 23 Jan 2021 00:44:09 +0530
-Subject: [PATCH] Add check for whether 'option' variable exists or not for
- closeUI and JCLCloseUI lines in ppd.c
-
---
- cups/ppd.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/cups/ppd.c b/cups/ppd.c
-index ae411cb3a..a82c8a584 100644
--- a/cups/ppd.c
-+++ b/cups/ppd.c
-@@ -1496,7 +1496,7 @@ _ppdOpen(
- 	goto error;
-       }
- 
-      if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))
-+      if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)))
-       {
-        /*
- 	* "*DefaultOption: Custom..." may set the default to a custom value
-@@ -1531,7 +1531,7 @@ _ppdOpen(
- 	goto error;
-       }
- 
-      if (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7))
-+      if (option && (!_cups_strcasecmp(option->defchoice, "custom") || !_cups_strncasecmp(option->defchoice, "custom.", 7)))
-       {
-        /*
- 	* "*DefaultOption: Custom..." may set the default to a custom value
-- 
-2.26.2
-
--- a/cups-2.2.8-source.tar.gz.sig
+++ b/cups-2.2.8-source.tar.gz.sig
--- a/cups-2.3.3op2-source.tar.gz.sig
+++ b/cups-2.3.3op2-source.tar.gz.sig
--- a/cups-helpcgi-segfault.patch
+++ b/cups-helpcgi-segfault.patch
@ -1,13 +0,0 @@
-diff --git a/cgi-bin/help-index.c b/cgi-bin/help-index.c
-index ce97e47..3da1010 100644
--- a/cgi-bin/help-index.c
-+++ b/cgi-bin/help-index.c
-@@ -579,7 +579,7 @@ helpSearchIndex(help_index_t *hi,	/* I - Index */
-   */
- 
-   for (; node; node = (help_node_t *)cupsArrayNext(hi->nodes))
-    if (section && strcmp(node->section, section))
-+    if (node->section && section && strcmp(node->section, section))
-       continue;
-     else if (filename && strcmp(node->filename, filename))
-       continue;
--- a/cups.spec
+++ b/cups.spec
@ -11,13 +11,13 @@
 #%%global VERSION %%{version}%%{prever}
 %global VERSION %{version}
 # Openprinting version
-%global OP_VER op1
+%global OP_VER op2

 Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -69,15 +69,6 @@ Patch100: cups-lspp.patch
 %endif

 #### UPSTREAM PATCHES (starts with 1000) ####
-# backported from upstream
-Patch1000: cve-2020-10001-ippReadIO-buffer.patch
-# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV
-# help.cgi segfaulted because it compared NULL in strcmp()
-# backported from upstream https://github.com/OpenPrinting/cups/pull/81
-Patch1001: cups-helpcgi-segfault.patch
-# 1909980 - cupsd crashes on parsing malformed Brother PPD
-# backported from upstream https://github.com/OpenPrinting/cups/pull/78
-Patch1002: 0001-Add-check-for-whether-option-variable-exists-or-not-.patch

 ##### Patches removed because IMHO they aren't no longer needed
 ##### but still I'll leave them in git in case their removal
@ -278,13 +269,6 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch13 -p1 -b .dymo-deviceid

 # UPSTREAM PATCHES
-# cve-2020-10001
-%patch1000 -p1 -b .cve2020-10001
-# 1921881 - [abrt] cups: __strcmp_avx2(): help.cgi killed by SIGSEGV
-%patch1001 -p1 -b .helpcgi-segfault
-# 1909980 - cupsd crashes on parsing malformed Brother PPD
-%patch1002 -p1 -b .malformed-ppd-crash
-


 %if %{lspp}
@ -691,6 +675,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz

 %changelog
+* Tue Feb 02 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-1
+- 1923828 - cups-2.3.3op2 is available
+
 * Mon Feb 01 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op1-4
 - fix for CVE-2020-10001
 - recommend nss-mdns for Fedora to have a working default for now
--- a/cve-2020-10001-ippReadIO-buffer.patch
+++ b/cve-2020-10001-ippReadIO-buffer.patch
@ -1,61 +0,0 @@
-Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it
-reads tagged string values (nameWithLanguage and textWithLanguage).  The
-previous code verified that the length of the sub-strings (language identifier
-and name/text value) did not exceed the size of the allocated buffer (1 byte
-larger than the maximum IPP value size of 32767 bytes), but did not validate
-against the length of the actual IPP value.
-
-The issues introduced by this vulnerability include:
-
- Potential information disclosure by copying uninitialized areas of memory into
-  an IPP string value.
- Potential Denial of Service by supplying/using invalid string values when
-  strict validation has been disabled by the system administrator.
-
-This change ensures that:
-
-1. The language identifier does not extend beyond the end of the IPP value.
-2. The length of the name/text string is within the IPP value.
-3. The name/text string is within the IPP value.
-
-diff --git a/cups/ipp.c b/cups/ipp.c
-index 3d529346c..adbb26fba 100644
--- a/cups/ipp.c
-+++ b/cups/ipp.c
-@@ -2866,7 +2866,8 @@ ippReadIO(void       *src,		/* I - Data source */
-   unsigned char		*buffer,	/* Data buffer */
- 			string[IPP_MAX_TEXT],
- 					/* Small string buffer */
-			*bufptr;	/* Pointer into buffer */
-+			*bufptr,	/* Pointer into buffer */
-+			*bufend;	/* End of buffer */
-   ipp_attribute_t	*attr;		/* Current attribute */
-   ipp_tag_t		tag;		/* Current tag */
-   ipp_tag_t		value_tag;	/* Current value tag */
-@@ -3441,6 +3442,7 @@ ippReadIO(void       *src,		/* I - Data source */
- 		}
-
-                 bufptr = buffer;
-+                bufend = buffer + n;
-
- 	       /*
- 	        * text-with-language and name-with-language are composite
-@@ -3454,7 +3456,7 @@ ippReadIO(void       *src,		/* I - Data source */
-
- 		n = (bufptr[0] << 8) | bufptr[1];
-
-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
-+		if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
- 		{
- 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
- 		                _("IPP language length overflows value."), 1);
-@@ -3481,7 +3483,7 @@ ippReadIO(void       *src,		/* I - Data source */
-                 bufptr += 2 + n;
- 		n = (bufptr[0] << 8) | bufptr[1];
-
-		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
-+		if ((bufptr + 2 + n) > bufend)
- 		{
- 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
- 		                _("IPP string length overflows value."), 1);
-
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cups-2.3.3op1-source.tar.gz) = 89949b4190288d5464f425cbff6b854e9da96ba3071e4e0d595ad581797b2db4724f49d884f3ea43e372ed4d0faec72839b0b7182cdde13b96f2824d619a4843
+SHA512 (cups-2.3.3op2-source.tar.gz) = db27dd6fb616bd7ad895b2bdf4ea7b010501358a50dc8f2e7e29558d1cfc088a572b1b35ac512654d3ed410c84df87dc34ca636533a4499117253915d4763117