Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cups for openSUSE:Factory checked in
at 2021-02-07 15:14:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cups (Old)
and /work/SRC/openSUSE:Factory/.cups.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups"
Sun Feb 7 15:14:14 2021 rev:152 rq:868667 version:2.3.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/cups/cups.changes 2020-10-26
16:12:24.222721224 +0100
+++ /work/SRC/openSUSE:Factory/.cups.new.28504/cups.changes 2021-02-07
15:14:23.821410694 +0100
@@ -1,0 +2,6 @@
+Tue Feb 2 14:22:38 CET 2021 - jsm...@suse.de
+
+- CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
+ access to uninitialized buffer in ipp.c
+
+-------------------------------------------------------------------
New:
----
CVE-2020-10001.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cups.spec ++++++
--- /var/tmp/diff_new_pack.JaWln0/_old 2021-02-07 15:14:25.065412024 +0100
+++ /var/tmp/diff_new_pack.JaWln0/_new 2021-02-07 15:14:25.097412058 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cups
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -75,6 +75,9 @@
Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
Patch104: cups-config-libs.patch
+# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
+# access to uninitialized buffer in ipp.c
+Patch105: CVE-2020-10001.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes
@@ -296,6 +299,9 @@
%patch103 -b do_not_strip_recommended_from_PPDs.orig
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
%patch104 -b cups-config-libs.orig
+# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
+# access to uninitialized buffer in ipp.c
+%patch105 -b CVE-2020-10001.orig
%build
# Remove ".SILENT" rule for verbose build output
++++++ CVE-2020-10001.patch ++++++
--- cups/ipp.c.orig 2021-01-11 10:53:43.080847679 +0100
+++ cups/ipp.c 2021-01-11 12:03:56.010423238 +0100
@@ -2965,7 +2965,8 @@ ippReadIO(void *src, /* I - Data
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3524,6 +3525,7 @@ ippReadIO(void *src, /* I - Data
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3537,7 +3539,7 @@ ippReadIO(void *src, /* I - Data
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >=
(int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3564,7 +3566,7 @@ ippReadIO(void *src, /* I - Data
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);
