branch master updated: gnu: cups: Add replacement to fix CVE-2020-10001.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: gnu: cups: Add replacement to fix CVE-2020-10001.

From:	guix-commits
Subject:	branch master updated: gnu: cups: Add replacement to fix CVE-2020-10001.
Date:	Wed, 23 Jun 2021 12:46:05 -0400

This is an automated email from the git hooks/post-receive script.

nckx pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new 620669f  gnu: cups: Add replacement to fix CVE-2020-10001.
620669f is described below

commit 620669fd17306c2edb21c64a99fa47160fefb319
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Wed Jun 23 12:52:21 2021 +0200

    gnu: cups: Add replacement to fix CVE-2020-10001.
    
    * gnu/packages/patches/cups-CVE-2020-10001.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/cups.scm (cups-minimal/fixed): New variable.
    (cups-minimal)[replacement]: Assign it to new field.
---
 gnu/local.mk                                   |  1 +
 gnu/packages/cups.scm                          |  6 ++++
 gnu/packages/patches/cups-CVE-2020-10001.patch | 47 ++++++++++++++++++++++++++
 3 files changed, 54 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index f7ff9af..fb6c25d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -929,6 +929,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/crda-optional-gcrypt.patch              \
   %D%/packages/patches/clucene-contribs-lib.patch               \
   %D%/packages/patches/cube-nocheck.patch                      \
+  %D%/packages/patches/cups-CVE-2020-10001.patch               \
   %D%/packages/patches/curl-use-ssl-cert-env.patch             \
   %D%/packages/patches/curl-7.76-use-ssl-cert-env.patch        \
   %D%/packages/patches/curl-7.77-tls-priority-string.patch     \
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 5a15cd5..2dab881 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -252,6 +252,7 @@ filters for the PDF-centric printing workflow introduced by 
OpenPrinting.")
   (package
     (name "cups-minimal")
     (version "2.3.3")
+    (replacement cups-minimal/fixed)
     (source
      (origin
        (method url-fetch)
@@ -312,6 +313,11 @@ device-specific programs to convert and print many types 
of files.")
     ;; CUPS is Apache 2.0 with exceptions, see the NOTICE file.
     (license license:asl2.0)))
 
+(define cups-minimal/fixed
+  (package-with-extra-patches
+   cups-minimal
+   (search-patches "cups-CVE-2020-10001.patch")))
+
 (define-public cups
   (package/inherit cups-minimal
     (name "cups")
diff --git a/gnu/packages/patches/cups-CVE-2020-10001.patch 
b/gnu/packages/patches/cups-CVE-2020-10001.patch
new file mode 100644
index 0000000..1b16c7d
--- /dev/null
+++ b/gnu/packages/patches/cups-CVE-2020-10001.patch
@@ -0,0 +1,47 @@
+From efbea1742bd30f842fbbfb87a473e5c84f4162f9 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Mon, 1 Feb 2021 15:02:32 -0500
+Subject: [PATCH] Fix a buffer (read) overflow in ippReadIO (CVE-2020-10001)
+
+---
+
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 3d529346c..adbb26fba 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2866,7 +2866,8 @@ ippReadIO(void       *src,               /* I - Data 
source */
+   unsigned char               *buffer,        /* Data buffer */
+                       string[IPP_MAX_TEXT],
+                                       /* Small string buffer */
+-                      *bufptr;        /* Pointer into buffer */
++                      *bufptr,        /* Pointer into buffer */
++                      *bufend;        /* End of buffer */
+   ipp_attribute_t     *attr;          /* Current attribute */
+   ipp_tag_t           tag;            /* Current tag */
+   ipp_tag_t           value_tag;      /* Current value tag */
+@@ -3441,6 +3442,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+               }
+ 
+                 bufptr = buffer;
++                bufend = buffer + n;
+ 
+              /*
+               * text-with-language and name-with-language are composite
+@@ -3454,7 +3456,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+ 
+               n = (bufptr[0] << 8) | bufptr[1];
+ 
+-              if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= 
(int)sizeof(string))
++              if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
+               {
+                 _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+                               _("IPP language length overflows value."), 1);
+@@ -3481,7 +3483,7 @@ ippReadIO(void       *src,               /* I - Data 
source */
+                 bufptr += 2 + n;
+               n = (bufptr[0] << 8) | bufptr[1];
+ 
+-              if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
++              if ((bufptr + 2 + n) > bufend)
+               {
+                 _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
+                               _("IPP string length overflows value."), 1);

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: gnu: cups: Add replacement to fix CVE-2020-10001., guix-commits <=

Prev by Date: branch master updated: .guix-authorizations: Update bavier's key.
Next by Date: branch master updated: gnu: Add desec-certbot-hook.
Previous by thread: branch master updated: .guix-authorizations: Update bavier's key.
Next by thread: branch master updated: gnu: Add desec-certbot-hook.
Index(es):
- Date
- Thread