openeuler-ci-bot
Gitee
commit
08056a7cf0
40
CVE-2019-2228.patch
Normal file
40
CVE-2019-2228.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From a7f63f254bcb43f52dc45ab5d883ae6517678544 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael R Sweet <michael.r.sweet@gmail.com>
|
||||||
|
Date: Fri, 13 Dec 2019 09:30:46 -0500
|
||||||
|
Subject: [PATCH] CVE-2019-2228: Fix ippSetValueTag validation of default
|
||||||
|
language.
|
||||||
|
|
||||||
|
---
|
||||||
|
CHANGES.md | 2 ++
|
||||||
|
cups/ipp.c | 2 +-
|
||||||
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/CHANGES.md b/CHANGES.md
|
||||||
|
index 7220dc9..06f96bc 100644
|
||||||
|
--- a/CHANGES.md
|
||||||
|
+++ b/CHANGES.md
|
||||||
|
@@ -5,6 +5,8 @@ CHANGES - 2.2.8 - 2018-06-05
|
||||||
|
Changes in CUPS v2.2.8
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
+- CVE-2019-2228: The `ippSetValuetag` function did not validate the default
|
||||||
|
+ language value.
|
||||||
|
- Additional changes for the scheduler to substitute default values for invalid
|
||||||
|
job attributes when running in "relaxed conformance" mode (Issue #5229)
|
||||||
|
- The `ipptool` program no longer checks for duplicate attributes when running
|
||||||
|
diff --git a/cups/ipp.c b/cups/ipp.c
|
||||||
|
index 5807de8..1143550 100644
|
||||||
|
--- a/cups/ipp.c
|
||||||
|
+++ b/cups/ipp.c
|
||||||
|
@@ -4654,7 +4654,7 @@ ippSetValueTag(
|
||||||
|
return (0);
|
||||||
|
|
||||||
|
if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name &&
|
||||||
|
- !strcmp(ipp->attrs->next->name, "attributes-natural-language"))
|
||||||
|
+ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Use the language code from the IPP message...
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: cups
|
Name: cups
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.2.8
|
Version: 2.2.8
|
||||||
Release: 8
|
Release: 9
|
||||||
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
|
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
|
||||||
License: GPLv2+ and LGPLv2+ with exceptions and AML
|
License: GPLv2+ and LGPLv2+ with exceptions and AML
|
||||||
Url: http://www.cups.org/
|
Url: http://www.cups.org/
|
||||||
@ -39,6 +39,7 @@ Patch44: cups-ippeve-webui.patch
|
|||||||
Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch
|
Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch
|
||||||
Patch6000: CVE-2018-4300.patch
|
Patch6000: CVE-2018-4300.patch
|
||||||
Patch6001: CVE-2019-8675-CVE-2019-8696.patch
|
Patch6001: CVE-2019-8675-CVE-2019-8696.patch
|
||||||
|
Patch6002: CVE-2019-2228.patch
|
||||||
|
|
||||||
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
|
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
|
||||||
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
|
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
|
||||||
@ -331,6 +332,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
|
|||||||
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
|
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 26 chenzhen <chenzhen44@huawei.com> - 2.2.8-9
|
||||||
|
- Type:cves
|
||||||
|
- ID:CVE-2019-2228
|
||||||
|
- SUG:restart
|
||||||
|
- DESC: fix CVE-2019-2228
|
||||||
|
|
||||||
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.8-8
|
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.8-8
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user