From e2691f82c09c9e5d9e566792adf8712ce2f6f09a Mon Sep 17 00:00:00 2001 From: psykose Date: Thu, 26 May 2022 20:26:51 +0000 Subject: main/cups: backport fix for CVE-2022-26691 --- main/cups/APKBUILD | 12 +++++++++--- main/cups/CVE-2022-26691.patch | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 main/cups/CVE-2022-26691.patch diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD index 4fa04209912..1242f32726e 100644 --- a/main/cups/APKBUILD +++ b/main/cups/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=cups pkgver=2.3.3 -pkgrel=2 +pkgrel=3 pkgdesc="The CUPS Printing System" url="https://www.cups.org/" arch="all" @@ -20,9 +20,12 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenPrinting/cups/archive/v$ cupsd.initd cups-no-export-ssllibs.patch default-config-no-gssapi.patch + CVE-2022-26691.patch " # secfixes: +# 2.3.3-r3: +# - CVE-2022-26691 # 2.3.3-r0: # - CVE-2020-3898 # - CVE-2019-8842 @@ -131,8 +134,11 @@ _mv() { done } -sha512sums="5a43ef98f83c1783221155c01de940f3679023251709931ef28572c7b00620b36252afe894e86f2f08a527008dc2c95dc8af4129f0ab28a28663be8d3ccc3418 cups-2.3.3.tar.gz +sha512sums=" +5a43ef98f83c1783221155c01de940f3679023251709931ef28572c7b00620b36252afe894e86f2f08a527008dc2c95dc8af4129f0ab28a28663be8d3ccc3418 cups-2.3.3.tar.gz cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate 2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd 7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch -ac1ec4453d6a4b641d40089c77d3b776963d90efb092851c8d93deceb6068b111dee71171967ffb7ad0f5adb424398a43f51feb7d5d9734287cfb9e419efaa93 default-config-no-gssapi.patch" +ac1ec4453d6a4b641d40089c77d3b776963d90efb092851c8d93deceb6068b111dee71171967ffb7ad0f5adb424398a43f51feb7d5d9734287cfb9e419efaa93 default-config-no-gssapi.patch +691509ee6cd05c6ccb07f4785096f7e94791cde9c87ebebe951e0d45d2f9292a88e7415ef272761090be0758ec14bde489325a07c9967e04deb7922d1205662d CVE-2022-26691.patch +" diff --git a/main/cups/CVE-2022-26691.patch b/main/cups/CVE-2022-26691.patch new file mode 100644 index 00000000000..d1f2d37ca3b --- /dev/null +++ b/main/cups/CVE-2022-26691.patch @@ -0,0 +1,33 @@ +Patch-Source: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 +From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 May 2022 06:27:04 +0200 +Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes + CVE-2022-26691) + +The previous algorithm didn't expect the strings can have a different +length, so one string can be a substring of the other and such substring +was reported as equal to the longer string. +--- + CHANGES.md | 1 + + scheduler/cert.c | 9 ++++++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/scheduler/cert.c b/scheduler/cert.c +index b268bf1b2..9b65b96c9 100644 +--- a/scheduler/cert.c ++++ b/scheduler/cert.c +@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ + b ++; + } + +- return (result); ++ /* ++ * The while loop finishes when *a == '\0' or *b == '\0' ++ * so after the while loop either both *a and *b == '\0', ++ * or one points inside a string, so when we apply logical OR on *a, ++ * *b and result, we get a non-zero return value if the compared strings don't match. ++ */ ++ ++ return (result | *a | *b); + } -- cgit v1.2.3