commit cups for openSUSE:Leap:15.2

Thu, 30 Apr 2020 09:52:15 -0700 

Hello community,

here is the log from the commit of package cups for openSUSE:Leap:15.2 checked 
in at 2020-04-30 18:51:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/cups (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.cups.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cups"

Thu Apr 30 18:51:16 2020 rev:30 rq:797246 version:2.2.7

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/cups/cups.changes      2020-01-15 
14:51:21.565449709 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.cups.new.2738/cups.changes    2020-04-30 
18:51:23.828592609 +0200
@@ -1,0 +2,6 @@
+Mon Apr  6 10:59:36 CEST 2020 - [email protected]
+
+- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
+  heap-buffer-overflow in libcups ppdFindOption() function
+
+-------------------------------------------------------------------

New:
----
  cups-2.2.7-CVE-2020-3898.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cups.spec ++++++
--- /var/tmp/diff_new_pack.GZ2XyH/_old  2020-04-30 18:51:24.896594885 +0200
+++ /var/tmp/diff_new_pack.GZ2XyH/_new  2020-04-30 18:51:24.900594893 +0200
@@ -92,6 +92,9 @@
 # and some other security/disclosure issues
 # https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
 Patch107:       cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch
+# Patch108 cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
+# heap-buffer-overflow in libcups ppdFindOption() function
+Patch108:       cups-2.2.7-CVE-2020-3898.patch
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
@@ -363,6 +366,9 @@
 # and some other security/disclosure issues
 # https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
 %patch107 -b CVE-2019-8675.CVE-2019-8696.orig
+# Patch108 cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
+# heap-buffer-overflow in libcups ppdFindOption() function
+%patch108 -b CVE-2020-3898.orig
 
 %build
 # Remove ".SILENT" rule for verbose build output




++++++ cups-2.2.7-CVE-2020-3898.patch ++++++
--- cups/ppd.c.orig     2018-03-23 04:48:36.000000000 +0100
+++ cups/ppd.c  2020-04-06 11:52:56.257015366 +0200
@@ -1753,8 +1753,7 @@ _ppdOpen(
                      constraint->choice1, constraint->option2,
                     constraint->choice2))
       {
-        case 0 : /* Error */
-       case 1 : /* Error */
+       default : /* Error */
            pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
            goto error;
 
--- ppdc/ppdc-source.cxx.orig   2018-03-23 04:48:36.000000000 +0100
+++ ppdc/ppdc-source.cxx        2020-04-06 11:59:29.061404709 +0200
@@ -1746,14 +1746,16 @@ ppdcSource::get_resolution(ppdcFile *fp)
 
   switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
   {
-    case 0 :
-        _cupsLangPrintf(stderr,
-                       _("ppdc: Bad resolution name \"%s\" on line %d of "
-                         "%s."), name, fp->line, fp->filename);
-        break;
     case 1 :
         ydpi = xdpi;
        break;
+    case 2 :
+        break;
+    default :
+        _cupsLangPrintf(stderr,
+                       _("ppdc: Bad resolution name \"%s\" on line %d of "
+                         "%s."), name, fp->line, fp->filename);
+        break;
   }
 
   // Create the necessary PS commands...

Reply via email to