summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2021-06-23 18:53:11 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2021-06-23 18:53:11 +0200
commita3d9af5eb11cb4b85d011cea3c0da4a1a5aede2f (patch)
tree6348672b5f304430f88acb4a1fd6dc0dae462639 /gnu/packages/patches
parent9dea3f101f252331c049c03f501398a5ec837ba9 (diff)
downloadguix-a3d9af5eb11cb4b85d011cea3c0da4a1a5aede2f.tar.gz
gnu: Remove dead cups-CVE-2020-10001.patch.
* gnu/packages/patches/cups-CVE-2020-10001.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/cups-CVE-2020-10001.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/gnu/packages/patches/cups-CVE-2020-10001.patch b/gnu/packages/patches/cups-CVE-2020-10001.patch
deleted file mode 100644
index 1b16c7d97c..0000000000
--- a/gnu/packages/patches/cups-CVE-2020-10001.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From efbea1742bd30f842fbbfb87a473e5c84f4162f9 Mon Sep 17 00:00:00 2001
-From: Michael R Sweet <msweet@msweet.org>
-Date: Mon, 1 Feb 2021 15:02:32 -0500
-Subject: [PATCH] Fix a buffer (read) overflow in ippReadIO (CVE-2020-10001)
-
----
-
-diff --git a/cups/ipp.c b/cups/ipp.c
-index 3d529346c..adbb26fba 100644
---- a/cups/ipp.c
-+++ b/cups/ipp.c
-@@ -2866,7 +2866,8 @@ ippReadIO(void       *src,		/* I - Data source */
-   unsigned char		*buffer,	/* Data buffer */
- 			string[IPP_MAX_TEXT],
- 					/* Small string buffer */
--			*bufptr;	/* Pointer into buffer */
-+			*bufptr,	/* Pointer into buffer */
-+			*bufend;	/* End of buffer */
-   ipp_attribute_t	*attr;		/* Current attribute */
-   ipp_tag_t		tag;		/* Current tag */
-   ipp_tag_t		value_tag;	/* Current value tag */
-@@ -3441,6 +3442,7 @@ ippReadIO(void       *src,		/* I - Data source */
- 		}
- 
-                 bufptr = buffer;
-+                bufend = buffer + n;
- 
- 	       /*
- 	        * text-with-language and name-with-language are composite
-@@ -3454,7 +3456,7 @@ ippReadIO(void       *src,		/* I - Data source */
- 
- 		n = (bufptr[0] << 8) | bufptr[1];
- 
--		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
-+		if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
- 		{
- 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
- 		                _("IPP language length overflows value."), 1);
-@@ -3481,7 +3483,7 @@ ippReadIO(void       *src,		/* I - Data source */
-                 bufptr += 2 + n;
- 		n = (bufptr[0] << 8) | bufptr[1];
- 
--		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
-+		if ((bufptr + 2 + n) > bufend)
- 		{
- 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
- 		                _("IPP string length overflows value."), 1);