From 15fef9fb901f779cb4631f6e9a74ed8aebeebecf Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Tue, 19 May 2026 15:06:31 -0400 Subject: [PATCH] import CS cups-2.4.10-17.el10 --- ...-characters-from-PPD-names-Issue-111.patch | 29 +++++++++ ...not-check-for-errno-after-I-O-operat.patch | 44 +++++++++++++ cups.spec | 64 +++++++++++++------ 3 files changed, 116 insertions(+), 21 deletions(-) create mode 100644 0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch create mode 100644 0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch diff --git a/0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch b/0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch new file mode 100644 index 0000000..9d2cbba --- /dev/null +++ b/0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch @@ -0,0 +1,29 @@ +From c0b8e48125044510d6cd6858258a15fc742b97e0 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 2 Apr 2025 15:14:58 -0400 +Subject: [PATCH] Drop non-keyword characters from PPD names (Issue #1118) + +--- + CHANGES.md | 1 + + cups/ppd-cache.c | 7 +------ + 2 files changed, 2 insertions(+), 6 deletions(-) + +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index 5d61f7c9f..a4c2b4c5b 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -5680,11 +5680,6 @@ pwg_unppdize_name(const char *ppd, /* I - PPD keyword */ + nodash = 1; + } + } +- else +- { +- *ptr++ = *ppd; +- nodash = 0; +- } + + if (nodash == 0) + { +-- +2.50.1 + diff --git a/0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch b/0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch new file mode 100644 index 0000000..1ddfebd --- /dev/null +++ b/0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch @@ -0,0 +1,44 @@ +From e2419c698922fb65ef62250a4588104021449b55 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Fri, 6 Mar 2026 08:31:47 +0100 +Subject: [PATCH] tls-gnutls.c: Do not check for errno after I/O operations + +Based on gnutls_record_send/recv man pages, we should use the return +value of the functions as indicator what happened in the function and do +not look into errno at all. + +Checking the errno value caused infinity loop in cupsd on busy servers +if there were enough connection errors when cupsd wrote the response. + +The patch is provided by Paul Zirnik from SUSE - thank you for the +patch! + +Fixes #827 +--- + cups/tls-gnutls.c | 4 ++-- + +diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c +index 64f2af372..5769d6313 100644 +--- a/cups/tls-gnutls.c ++++ b/cups/tls-gnutls.c +@@ -1208,7 +1208,7 @@ _httpTLSRead(http_t *http, /* I - Connection to server */ + + result = gnutls_record_recv(http->tls, buf, (size_t)len); + +- if (result < 0 && !errno) ++ if (result < 0) + { + /* + * Convert GNU TLS error to errno value... +@@ -1669,7 +1669,7 @@ _httpTLSWrite(http_t *http, /* I - Connection to server */ + + result = gnutls_record_send(http->tls, buf, (size_t)len); + +- if (result < 0 && !errno) ++ if (result < 0) + { + /* + * Convert GNU TLS error to errno value... +-- +2.53.0 + diff --git a/cups.spec b/cups.spec index 724dd99..0545e5f 100644 --- a/cups.spec +++ b/cups.spec @@ -22,7 +22,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 2.4.10 -Release: 12%{?dist}.2 +Release: 17%{?dist} # backend/failover.c - BSD-3-Clause # cups/md5* - Zlib # scheduler/colorman.c - Apache-2.0 WITH LLVM-exception AND BSD-2-Clause @@ -109,21 +109,26 @@ Patch1013: 0001-Add-NoSystem-SSLOptions-value.patch Patch1014: CVE-2025-58060.patch # RHEL-113073 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS Patch1015: CVE-2025-58364.patch -# RHEL-129721 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack +# RHEL-108945 The KONICA MINOLTA C352 is not distributed using cups-browsed and the included ppd file +# https://github.com/OpenPrinting/cups/commit/c0b8e481250445 +Patch1016: 0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch +# RHEL-129723 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack # 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch # cups-CVE-2025-58436.patch # 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch -Patch1016: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch -Patch1017: cups-CVE-2025-58436.patch -Patch1018: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch -# RHEL-129715 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues +Patch1017: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch +Patch1018: cups-CVE-2025-58436.patch +Patch1019: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch +# RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues # 0001-Fix-various-issues-in-cupsd.patch # 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch -Patch1019: 0001-Fix-various-issues-in-cupsd.patch -Patch1020: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch +Patch1020: 0001-Fix-various-issues-in-cupsd.patch +Patch1021: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch # fix use-after-free reported after fix for CVE-2025-58436 # https://github.com/OpenPrinting/cups/pull/1454 -Patch1021: 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch +Patch1022: 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch +# RHEL-154276 endless poll loop in http_write when POLLHUP is returned +Patch1023: 0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch ##### Patches removed because IMHO they aren't no longer needed @@ -149,6 +154,8 @@ BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(gnutls) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libusb-1.0) +# make sure we have __python3 macro +BuildRequires: python-srpm-macros # Make sure we get postscriptdriver tags. BuildRequires: python3-cups BuildRequires: systemd @@ -385,15 +392,19 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch -P 1014 -p1 -b .cve-2025-58060 # RHEL-113073 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS %patch -P 1015 -p1 -b .cve-2025-58364 -# RHEL-129721 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack -%patch -P 1016 -p1 -b .use-usessl -%patch -P 1017 -p1 -b .slow-client -%patch -P 1018 -p1 -b .gtk-infinite-loop -# RHEL-129715 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues -%patch -P 1019 -p1 -b .config-issues -%patch -P 1020 -p1 -b .ignore-unknown +# drop nonIPP characters from keywords +%patch -P 1016 -p1 -b .drop-brackets +# RHEL-129723 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack +%patch -P 1017 -p1 -b .use-usessl +%patch -P 1018 -p1 -b .slow-client +%patch -P 1019 -p1 -b .gtk-infinite-loop +# RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues +%patch -P 1020 -p1 -b .config-issues +%patch -P 1021 -p1 -b .ignore-unknown # fix use-after-free reported after fix for CVE-2025-58436 -%patch -P 1021 -p1 -b .osh-use-after-free +%patch -P 1022 -p1 -b .osh-use-after-free +# RHEL-154276 endless poll loop in http_write when POLLHUP is returned +%patch -P 1023 -p1 -b .http-endless-poll-loop # Log to the system journal by default (bug #1078781, bug #1519331). @@ -530,6 +541,8 @@ d %{_rundir}/cups 0755 root lp - d %{_rundir}/cups/certs 0511 lp sys - d /var/spool/cups/tmp - - - 30d + +d /var/log/cups 0755 root lp - EOF # /usr/lib/tmpfiles.d/cups-lp.conf (bug #812641) @@ -863,12 +876,21 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog -* Fri Dec 12 2025 Zdenek Dohnal - 1:2.4.10-12.2 +* Mon Mar 09 2026 Zdenek Dohnal - 1:2.4.10-17 +- RHEL-154276 endless poll loop in http_write when POLLHUP is returned + +* Fri Dec 12 2025 Zdenek Dohnal - 1:2.4.10-16 - fix use-after-free reported by OSH -* Fri Dec 05 2025 Zdenek Dohnal - 1:2.4.10-12.1 -- RHEL-129721 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack -- RHEL-129715 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues +* Thu Nov 27 2025 Zdenek Dohnal - 1:2.4.10-15 +- RHEL-129723 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack +- RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues + +* Tue Nov 18 2025 Zdenek Dohnal - 1:2.4.10-14 +- RHEL-122293 [image-mode] Missing /var/log/cups + +* Tue Sep 16 2025 Zdenek Dohnal - 1:2.4.10-13 +- RHEL-108945 The KONICA MINOLTA C352 is not distributed using cups-browsed and the included ppd file * Thu Sep 11 2025 Zdenek Dohnal - 1:2.4.10-12 - RHEL-112419 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling