PR#4: Fix for CVE-2017-18248 (#1561296) - rpms/cups

Pavel Zhukov • 6 years ago

b7d926d

cups-dbus_crash.patch

file added

+38

		`@@ -0,0 +1,38 @@`
		`+ commit 49fa4983f25b64ec29d548ffa3b9782426007df3`
		`+ Author: Michael Sweet <michael.r.sweet@gmail.com>`
		`+ Date: Mon Oct 23 16:23:43 2017 -0400`
		`+`
		`+ DBUS notifications could crash the scheduler (Issue #5143)`
		`+`
		`+ - scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.`
		`+`
		`+ diff --git a/scheduler/ipp.c b/scheduler/ipp.c`
		`+ index e6743cdcb..5cf980ab3 100644`
		`+ --- a/scheduler/ipp.c`
		`+ +++ b/scheduler/ipp.c`
		`+ @@ -1597,6 +1597,16 @@ add_job(cupsd_client_t con, / I - Client connection */`
		`+ return (NULL);`
		`+ }`
		`+`
		`+ + attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);`
		`+ +`
		`+ + if (attr && !ippValidateAttribute(attr))`
		`+ + {`
		`+ + send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());`
		`+ + if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)`
		`+ + attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;`
		`+ + return (NULL);`
		`+ + }`
		`+ +`
		`+ if ((job = cupsdAddJob(priority, printer->name)) == NULL)`
		`+ {`
		`+ send_ipp_status(con, IPP_INTERNAL_ERROR,`
		`+ @@ -1615,8 +1625,6 @@ add_job(cupsd_client_t con, / I - Client connection */`
		`+ add_job_uuid(job);`
		`+ apply_printer_defaults(printer, job);`
		`+`
		`+ - attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);`
		`+ -`
		`+ if (con->username[0])`
		`+ {`
		`+ cupsdSetString(&job->username, con->username);`

cups.spec

file modified

+8 -2

		`@@ -15,7 +15,7 @@`
		`Name: cups`
		`Epoch: 1`
		`Version: 2.2.2`
		`- Release: 8%{?dist}`
		`+ Release: 9%{?dist}`
		`License: GPLv2`
		`Url: http://www.cups.org/`
		`Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz`
		`@@ -63,6 +63,7 @@`
		`Patch36: cups-web-devices-timeout.patch`
		`Patch37: cups-synconclose.patch`
		`Patch39: cups-ypbind.patch`
		`+ Patch40: cups-dbus_crash.patch`

		`Patch100: cups-lspp.patch`

		`@@ -258,12 +259,14 @@`
		`%patch37 -p1 -b .synconclose`
		`# CUPS may fail to start if NIS groups are used (bug #1494558)`
		`%patch39 -p1 -b .ypbind`
		`-`
		`+ # https://bugzilla.redhat.com/show_bug.cgi?id=1561298`
		`+ %patch40 -p1 -b .dbus_notify`
		`%if %{lspp}`
		`# LSPP support.`
		`%patch100 -p1 -b .lspp`
		`%endif`

		`+`
		`sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in`

		`# Log to the system journal by default (bug #1078781).`
		`@@ -623,6 +626,9 @@`
		`%{_mandir}/man5/ipptoolfile.5.gz`

		`%changelog`
		`+ * Wed Mar 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 1:2.2.2-9`
		`+ - Fix for CVE-2017-18248`
		`+`
		`* Fri Jan 12 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.2-8`
		`- 1437345 - Remove cups-resolv_reload.patch`