Bug#976018: buster-pu: package cups/2.2.10-6+deb10u4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#976018: buster-pu: package cups/2.2.10-6+deb10u4
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Sat, 28 Nov 2020 12:15:49 +0100
Message-id: <[🔎] 160656214975.340394.7873654306970552868.reportbug@gyllingar>
Reply-to: Didier 'OdyX' Raboud <odyx@debian.org>, 976018@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-printing@lists.debian.org

#961345 affects Debian stable for certain printers/conditions; it's a daemon
crash with "invalid free()". As far as I could tell, it's likely a regression,
but due to causes external to CUPS.

This is the proposed changelog entry:
    cups (2.2.10-6+deb10u4) buster; urgency=medium
    
      * Backport upstream fix:
        - backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
          (Closes: #961345)
    
     -- Didier Raboud <odyx@debian.org>  Sat, 28 Nov 2020 12:09:48 +0100

The only backported patch is from https://github.com/OpenPrinting/cups/pull/43,
which got merged upstream. Full debdiff attached.

Could I upload?

Cheers,

OdyX

diff -Nru cups-2.2.10/debian/changelog cups-2.2.10/debian/changelog
--- cups-2.2.10/debian/changelog	2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/changelog	2020-11-28 12:09:48.000000000 +0100
@@ -1,3 +1,11 @@
+cups (2.2.10-6+deb10u4) buster; urgency=medium
+
+  * Backport upstream fix:
+    - backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
+      (Closes: #961345)
+
+ -- Didier Raboud <odyx@debian.org>  Sat, 28 Nov 2020 12:09:48 +0100
+
 cups (2.2.10-6+deb10u3) buster; urgency=medium
 
   * Backport upstream security fixes:
diff -Nru cups-2.2.10/debian/.git-dpm cups-2.2.10/debian/.git-dpm
--- cups-2.2.10/debian/.git-dpm	2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/.git-dpm	2020-11-28 11:47:32.000000000 +0100
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-f1b7b7e074291c85366a60f7a197dea19e62c9cf
-f1b7b7e074291c85366a60f7a197dea19e62c9cf
+e512765460ec633ad43872436b243021f252a69a
+e512765460ec633ad43872436b243021f252a69a
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 25b2338346ef3abbb93ea88476887cba7b2b86f8
 cups_2.2.10.orig.tar.gz
diff -Nru cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
--- cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch	2020-11-28 11:47:32.000000000 +0100
@@ -0,0 +1,46 @@
+From e512765460ec633ad43872436b243021f252a69a Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 9 Nov 2020 07:40:20 +0100
+Subject: backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The fix is created by Bernhard Übelacker from apple/cups #5826.
+
+Bug-Upstream: https://github.com/OpenPrinting/apple/pull/5826
+Bug-Upstream: https://github.com/OpenPrinting/cups/pull/43
+Bug-Debian: https://bugs.debian.org/961345
+---
+ backend/ipp.c   | 2 +-
+ scheduler/ipp.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/backend/ipp.c b/backend/ipp.c
+index bc678f50a..3b65ea3af 100644
+--- a/backend/ipp.c
++++ b/backend/ipp.c
+@@ -3056,7 +3056,7 @@ report_printer_state(ipp_t *ipp)	/* I - IPP response */
+   * Report alerts and messages...
+   */
+ 
+-  if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_TEXT)) != NULL)
++  if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_STRING)) != NULL)
+     report_attr(pa);
+ 
+   if ((pam = ippFindAttribute(ipp, "printer-alert-message",
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index 9be8a7f3b..cb12d49c4 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -4908,8 +4908,8 @@ copy_printer_attrs(
+   }
+ 
+   if (printer->alert && (!ra || cupsArrayFind(ra, "printer-alert")))
+-    ippAddString(con->response, IPP_TAG_PRINTER, IPP_TAG_STRING,
+-                 "printer-alert", NULL, printer->alert);
++    ippAddOctetString(con->response, IPP_TAG_PRINTER,
++                 "printer-alert", printer->alert, (int)strlen(printer->alert));
+ 
+   if (printer->alert_description &&
+       (!ra || cupsArrayFind(ra, "printer-alert-description")))
diff -Nru cups-2.2.10/debian/patches/series cups-2.2.10/debian/patches/series
--- cups-2.2.10/debian/patches/series	2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/patches/series	2020-11-28 11:47:32.000000000 +0100
@@ -49,3 +49,4 @@
 0049-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch
 0050-CVE-2020-3898-heap-buffer-overflow-in-libcups-s-ppdF.patch
 0051-CVE-2019-8842-The-ippReadIO-function-may-under-read-.patch
+0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch

Reply to:

Prev by Date: Bug#961345: marked as done (cups: daemon crashes with invalid free())
Next by Date: Processing of cups_2.3.3op1-2_source.changes
Previous by thread: Bug#961345: marked as done (cups: daemon crashes with invalid free())
Next by thread: Processing of cups_2.3.3op1-2_source.changes
Index(es):
- Date
- Thread