aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-12-10 15:03:26 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-12-10 15:03:26 -0300
commitd6c0e35faa16a91aaef997a0632d4622dedf2505 (patch)
tree6a036dea1815aa6c0a8f47d98e31c25cea59ff2c
parent4c2c932795f62983428bac01c0242a0d289252e1 (diff)
downloadaports-d6c0e35faa16a91aaef997a0632d4622dedf2505.tar.gz
aports-d6c0e35faa16a91aaef997a0632d4622dedf2505.tar.bz2
aports-d6c0e35faa16a91aaef997a0632d4622dedf2505.tar.xz
main/cups: fix CVE-2019-8842 and CVE-2020-3898
See: #11630
-rw-r--r--main/cups/APKBUILD11
-rw-r--r--main/cups/CVE-2019-8842.patch13
-rw-r--r--main/cups/CVE-2020-3898.patch14
3 files changed, 36 insertions, 2 deletions
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD
index dca520e27f..b1d0d3de30 100644
--- a/main/cups/APKBUILD
+++ b/main/cups/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cups
pkgver=2.2.12
-pkgrel=1
+pkgrel=2
pkgdesc="The CUPS Printing System"
url="https://www.cups.org/"
arch="all"
@@ -20,9 +20,14 @@ source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-so
cupsd.initd
cups-no-export-ssllibs.patch
default-config-no-gssapi.patch
+ CVE-2019-8842.patch
+ CVE-2020-3898.patch
"
# secfixes:
+# 2.2.12-r2:
+# - CVE-2019-8842
+# - CVE-2020-3898
# 2.2.12-r0:
# - CVE-2019-8696
# - CVE-2019-8675
@@ -134,4 +139,6 @@ sha512sums="b8e7be512938ad388d469d093ad0c882ab42ea1408c27a91340f8424aa0e79e588df
cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate
2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd
7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch
-98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch"
+98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch
+1a6dc3560c78eef28cad977abde076c02791e34fc05e53ce3137ac4ff1feb2f6bae5f64ba8733f44280ac4273d825372b29b15da6bb179776496f62a7d06462d CVE-2019-8842.patch
+560466d3721cd105ef1e6aa03d0cb6c55964e94f06fe80e2f8570d481941cfd03ac6940d0108e111ea7f4bee55460b93423975410890e105902c5a4ce3b79d77 CVE-2020-3898.patch"
diff --git a/main/cups/CVE-2019-8842.patch b/main/cups/CVE-2019-8842.patch
new file mode 100644
index 0000000000..2e1a212239
--- /dev/null
+++ b/main/cups/CVE-2019-8842.patch
@@ -0,0 +1,13 @@
+diff --git a/cups/ipp.c b/cups/ipp.c
+index b0762fd..dba4f31 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2960,7 +2960,7 @@ ippReadIO(void *src, /* I - Data source */
+ * Read 32-bit "extension" tag...
+ */
+
+- if ((*cb)(src, buffer, 4) < 1)
++ if ((*cb)(src, buffer, 4) < 4)
+ {
+ DEBUG_puts("1ippReadIO: Callback returned EOF/error");
+ _cupsBufferRelease((char *)buffer);
diff --git a/main/cups/CVE-2020-3898.patch b/main/cups/CVE-2020-3898.patch
new file mode 100644
index 0000000000..d797a0be1a
--- /dev/null
+++ b/main/cups/CVE-2020-3898.patch
@@ -0,0 +1,14 @@
+diff --git a/cups/ppd.c b/cups/ppd.c
+index 58d92c1..5bc7939 100644
+--- a/cups/ppd.c
++++ b/cups/ppd.c
+@@ -1730,8 +1730,7 @@ _ppdOpen(
+ constraint->choice1, constraint->option2,
+ constraint->choice2))
+ {
+- case 0 : /* Error */
+- case 1 : /* Error */
++ default : /* Error */
+ pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
+ goto error;
+