aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/cups/APKBUILD12
-rw-r--r--main/cups/CVE-2022-26691.patch33
2 files changed, 42 insertions, 3 deletions
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD
index 4fa0420991..1242f32726 100644
--- a/main/cups/APKBUILD
+++ b/main/cups/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cups
pkgver=2.3.3
-pkgrel=2
+pkgrel=3
pkgdesc="The CUPS Printing System"
url="https://www.cups.org/"
arch="all"
@@ -20,9 +20,12 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenPrinting/cups/archive/v$
cupsd.initd
cups-no-export-ssllibs.patch
default-config-no-gssapi.patch
+ CVE-2022-26691.patch
"
# secfixes:
+# 2.3.3-r3:
+# - CVE-2022-26691
# 2.3.3-r0:
# - CVE-2020-3898
# - CVE-2019-8842
@@ -131,8 +134,11 @@ _mv() {
done
}
-sha512sums="5a43ef98f83c1783221155c01de940f3679023251709931ef28572c7b00620b36252afe894e86f2f08a527008dc2c95dc8af4129f0ab28a28663be8d3ccc3418 cups-2.3.3.tar.gz
+sha512sums="
+5a43ef98f83c1783221155c01de940f3679023251709931ef28572c7b00620b36252afe894e86f2f08a527008dc2c95dc8af4129f0ab28a28663be8d3ccc3418 cups-2.3.3.tar.gz
cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate
2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd
7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch
-ac1ec4453d6a4b641d40089c77d3b776963d90efb092851c8d93deceb6068b111dee71171967ffb7ad0f5adb424398a43f51feb7d5d9734287cfb9e419efaa93 default-config-no-gssapi.patch"
+ac1ec4453d6a4b641d40089c77d3b776963d90efb092851c8d93deceb6068b111dee71171967ffb7ad0f5adb424398a43f51feb7d5d9734287cfb9e419efaa93 default-config-no-gssapi.patch
+691509ee6cd05c6ccb07f4785096f7e94791cde9c87ebebe951e0d45d2f9292a88e7415ef272761090be0758ec14bde489325a07c9967e04deb7922d1205662d CVE-2022-26691.patch
+"
diff --git a/main/cups/CVE-2022-26691.patch b/main/cups/CVE-2022-26691.patch
new file mode 100644
index 0000000000..d1f2d37ca3
--- /dev/null
+++ b/main/cups/CVE-2022-26691.patch
@@ -0,0 +1,33 @@
+Patch-Source: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
+From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 May 2022 06:27:04 +0200
+Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
+ CVE-2022-26691)
+
+The previous algorithm didn't expect the strings can have a different
+length, so one string can be a substring of the other and such substring
+was reported as equal to the longer string.
+---
+ CHANGES.md | 1 +
+ scheduler/cert.c | 9 ++++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/scheduler/cert.c b/scheduler/cert.c
+index b268bf1b2..9b65b96c9 100644
+--- a/scheduler/cert.c
++++ b/scheduler/cert.c
+@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
+ b ++;
+ }
+
+- return (result);
++ /*
++ * The while loop finishes when *a == '\0' or *b == '\0'
++ * so after the while loop either both *a and *b == '\0',
++ * or one points inside a string, so when we apply logical OR on *a,
++ * *b and result, we get a non-zero return value if the compared strings don't match.
++ */
++
++ return (result | *a | *b);
+ }