packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!74 fix CVE-2022-26691

Browse Source 
From: @shirely16 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2022-06-10 08:36:23 +00:00 committed by Gitee
commit 1efd190601
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2022-26691.patch Normal file
View File

@ -0,0 +1,34 @@
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 May 2022 06:27:04 +0200
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
CVE-2022-26691)
The previous algorithm didn't expect the strings can have a different
length, so one string can be a substring of the other and such substring
was reported as equal to the longer string.
Reference:https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
---
scheduler/cert.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/scheduler/cert.c b/scheduler/cert.c
index b268bf1b2..9b65b96c9 100644
--- a/scheduler/cert.c
+++ b/scheduler/cert.c
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
b ++;
}
- return (result);
+ /*
+ * The while loop finishes when *a == '\0' or *b == '\0'
+ * so after the while loop either both *a and *b == '\0',
+ * or one points inside a string, so when we apply logical OR on *a,
+ * *b and result, we get a non-zero return value if the compared strings don't match.
+ */
+
+ return (result | *a | *b);
}

7
cups.spec
View File

@ -3,7 +3,7 @@
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.4.0 Version: 2.4.0
Release: 2 Release: 3
Summary: CUPS is the standards-based, open source printing system for linux operating systems. Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: https://openprinting.github.io/cups/ Url: https://openprinting.github.io/cups/
@ -24,6 +24,8 @@ Patch8: cups-freebind.patch
Patch9: cups-ipp-multifile.patch Patch9: cups-ipp-multifile.patch
Patch10: cups-web-devices-timeout.patch Patch10: cups-web-devices-timeout.patch
Patch6000: backport-CVE-2022-26691.patch
BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
BuildRequires: automake zlib-devel gcc gcc-c++ libselinux-devel audit-libs-devel make BuildRequires: automake zlib-devel gcc gcc-c++ libselinux-devel audit-libs-devel make
@ -444,6 +446,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png %doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog %changelog
* Thu Jun 9 2022 hanhui <hanhui15@h-partners.com> - 2.4.0-3
- fix CVE-2022-26691
* Thu May 12 2022 zhanzhimin <zhanzhimin@h-partners.com> - 2.4.0-2 * Thu May 12 2022 zhanzhimin <zhanzhimin@h-partners.com> - 2.4.0-2
- fix official website address - fix official website address