--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package cups/2.2.10-6+deb10u4
- From: Didier 'OdyX' Raboud <odyx@debian.org>
- Date: Sat, 28 Nov 2020 12:15:49 +0100
- Message-id: <160656214975.340394.7873654306970552868.reportbug@gyllingar>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-printing@lists.debian.org
#961345 affects Debian stable for certain printers/conditions; it's a daemon
crash with "invalid free()". As far as I could tell, it's likely a regression,
but due to causes external to CUPS.
This is the proposed changelog entry:
cups (2.2.10-6+deb10u4) buster; urgency=medium
* Backport upstream fix:
- backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
(Closes: #961345)
-- Didier Raboud <odyx@debian.org> Sat, 28 Nov 2020 12:09:48 +0100
The only backported patch is from https://github.com/OpenPrinting/cups/pull/43,
which got merged upstream. Full debdiff attached.
Could I upload?
Cheers,
OdyX
diff -Nru cups-2.2.10/debian/changelog cups-2.2.10/debian/changelog
--- cups-2.2.10/debian/changelog 2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/changelog 2020-11-28 12:09:48.000000000 +0100
@@ -1,3 +1,11 @@
+cups (2.2.10-6+deb10u4) buster; urgency=medium
+
+ * Backport upstream fix:
+ - backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
+ (Closes: #961345)
+
+ -- Didier Raboud <odyx@debian.org> Sat, 28 Nov 2020 12:09:48 +0100
+
cups (2.2.10-6+deb10u3) buster; urgency=medium
* Backport upstream security fixes:
diff -Nru cups-2.2.10/debian/.git-dpm cups-2.2.10/debian/.git-dpm
--- cups-2.2.10/debian/.git-dpm 2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/.git-dpm 2020-11-28 11:47:32.000000000 +0100
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-f1b7b7e074291c85366a60f7a197dea19e62c9cf
-f1b7b7e074291c85366a60f7a197dea19e62c9cf
+e512765460ec633ad43872436b243021f252a69a
+e512765460ec633ad43872436b243021f252a69a
25b2338346ef3abbb93ea88476887cba7b2b86f8
25b2338346ef3abbb93ea88476887cba7b2b86f8
cups_2.2.10.orig.tar.gz
diff -Nru cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
--- cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch 1970-01-01 01:00:00.000000000 +0100
+++ cups-2.2.10/debian/patches/0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch 2020-11-28 11:47:32.000000000 +0100
@@ -0,0 +1,46 @@
+From e512765460ec633ad43872436b243021f252a69a Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Mon, 9 Nov 2020 07:40:20 +0100
+Subject: backend,scheduler/ipp.c: Fix 'printer-alert' invalid free
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The fix is created by Bernhard Übelacker from apple/cups #5826.
+
+Bug-Upstream: https://github.com/OpenPrinting/apple/pull/5826
+Bug-Upstream: https://github.com/OpenPrinting/cups/pull/43
+Bug-Debian: https://bugs.debian.org/961345
+---
+ backend/ipp.c | 2 +-
+ scheduler/ipp.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/backend/ipp.c b/backend/ipp.c
+index bc678f50a..3b65ea3af 100644
+--- a/backend/ipp.c
++++ b/backend/ipp.c
+@@ -3056,7 +3056,7 @@ report_printer_state(ipp_t *ipp) /* I - IPP response */
+ * Report alerts and messages...
+ */
+
+- if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_TEXT)) != NULL)
++ if ((pa = ippFindAttribute(ipp, "printer-alert", IPP_TAG_STRING)) != NULL)
+ report_attr(pa);
+
+ if ((pam = ippFindAttribute(ipp, "printer-alert-message",
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index 9be8a7f3b..cb12d49c4 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -4908,8 +4908,8 @@ copy_printer_attrs(
+ }
+
+ if (printer->alert && (!ra || cupsArrayFind(ra, "printer-alert")))
+- ippAddString(con->response, IPP_TAG_PRINTER, IPP_TAG_STRING,
+- "printer-alert", NULL, printer->alert);
++ ippAddOctetString(con->response, IPP_TAG_PRINTER,
++ "printer-alert", printer->alert, (int)strlen(printer->alert));
+
+ if (printer->alert_description &&
+ (!ra || cupsArrayFind(ra, "printer-alert-description")))
diff -Nru cups-2.2.10/debian/patches/series cups-2.2.10/debian/patches/series
--- cups-2.2.10/debian/patches/series 2020-04-25 16:27:21.000000000 +0200
+++ cups-2.2.10/debian/patches/series 2020-11-28 11:47:32.000000000 +0100
@@ -49,3 +49,4 @@
0049-CVE-2019-2228-Fix-ippSetValueTag-validation-of-defau.patch
0050-CVE-2020-3898-heap-buffer-overflow-in-libcups-s-ppdF.patch
0051-CVE-2019-8842-The-ippReadIO-function-may-under-read-.patch
+0052-backend-scheduler-ipp.c-Fix-printer-alert-invalid-fr.patch
--- End Message ---