gnu: Remove dead cups-CVE-2020-10001.patch.

* gnu/packages/patches/cups-CVE-2020-10001.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Tobias Geerinckx-Rice 2021-06-23 18:53:11 +02:00
parent 9dea3f101f
commit a3d9af5eb1
No known key found for this signature in database
GPG Key ID: 0DB0FF884F556D79
2 changed files with 0 additions and 48 deletions

@ -934,7 +934,6 @@ dist_patch_DATA = \
%D%/packages/patches/crda-optional-gcrypt.patch \
%D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/cups-CVE-2020-10001.patch \
%D%/packages/patches/curl-use-ssl-cert-env.patch \
%D%/packages/patches/curl-7.77-tls-priority-string.patch \
%D%/packages/patches/cursynth-wave-rand.patch \

@ -1,47 +0,0 @@
From efbea1742bd30f842fbbfb87a473e5c84f4162f9 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 1 Feb 2021 15:02:32 -0500
Subject: [PATCH] Fix a buffer (read) overflow in ippReadIO (CVE-2020-10001)
---
diff --git a/cups/ipp.c b/cups/ipp.c
index 3d529346c..adbb26fba 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);