rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS cups-2.2.6-54.el8

Browse Source
This commit is contained in:
eabdullin 2023-10-17 13:24:28 +00:00
parent 1028d5eb8b
commit 2dc60e1b7b
8 changed files with 456 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

64
SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch Normal file
View File

@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

31
SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch Normal file
View File

@ -0,0 +1,31 @@
From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 6 Dec 2022 09:04:01 -0500
Subject: [PATCH] Require authentication for CUPS-Get-Document.
---
conf/cupsd.conf.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index b25884907..a07536f3e 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
--
2.41.0

48
SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch Normal file
View File

@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.
This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

35
SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch Normal file
View File

@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)
Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.
This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 5))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

26
SOURCES/0001-cups-strlcpy-handle-zero-size.patch Normal file
View File

@ -0,0 +1,26 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

171
SOURCES/upgrade_get_document.py.in Executable file
View File

@ -0,0 +1,171 @@
@PYTHON_SHEBANG@
"""
Upgrade script to enable authentication for CUPS-Get-Document in
default policy
"""
import os
import sys
from shutil import copy
def get_cupsd_conf():
"""
Get all lines from cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf'):
return None
lines = []
with open('/etc/cups/cupsd.conf', 'r') as conf:
lines = conf.readlines()
return lines
def get_default_policy(lines):
"""
Get the default policy lines
:param list lines: lines from cupsd.conf
"""
default_policy = []
in_policy = False
for line in lines:
if not in_policy and not line.lstrip().startswith('<Policy default>'):
continue
default_policy.append(line)
if line.lstrip().startswith('</Policy>'):
return default_policy
in_policy = True
return default_policy
def get_limit_with_document(lines):
"""
Get <Limit> scope which defines CUPS-Get-Document operation
:param list lines: Lines containing the default policy
"""
limit = []
in_limit = False
for line in lines:
if not in_limit and not line.lstrip().startswith('<Limit'):
continue
if (not in_limit and line.lstrip().startswith('<Limit') and
not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
continue
limit.append(line)
if line.lstrip().startswith('</Limit>'):
return limit
in_limit = True
return limit
def check_for_authtype(lines):
"""
Check if <Limit> defining CUPS-Get-Document defines
any authentication
:param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
"""
for line in lines:
if line.lstrip().startswith('AuthType'):
return True
return False
def migrate_cupsd_conf(lines):
"""
Make changes to cupsd.conf contents to use authentication
for CUPS-Get-Document
:param list lines: Lines from cupsd.conf
"""
new_lines = []
in_policy = False
create_document_limit = False
for line in lines:
if (in_policy and line.lstrip().startswith('<Limit') and
not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
line = line.replace(' CUPS-Get-Document', '')
create_document_limit = True
if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
new_lines.append('\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'<Limit CUPS-Get-Document>\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'AuthType Default\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Require user @OWNER @SYSTEM\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Order deny,allow\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'</Limit>\n')
create_document_limit = False
new_lines.append(line)
if not in_policy:
if line.lstrip().startswith('<Policy default>'):
in_policy = True
continue
if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'AuthType Default\n')
continue
if line.lstrip().startswith('</Policy>'):
in_policy = False
continue
return new_lines
def apply_changes(lines):
"""
Backup the original file if there is no .rpmsave already and
apply changes to the actual cupsd.conf
:param list lines: New lines for cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
with open('/etc/cups/cupsd.conf', 'w') as conf:
conf.writelines(lines)
content = get_cupsd_conf()
if content is None:
sys.exit(1)
if check_for_authtype(get_limit_with_document(get_default_policy(content))):
sys.exit(0)
new_content = migrate_cupsd_conf(content)
apply_changes(new_content)
sys.exit(0)

61
SPECS/cups.spec
View File

@ -7,6 +7,13 @@
# but we use lib for compatibility with 3rd party drivers (at upstream request).
%global cups_serverbin %{_exec_prefix}/lib/cups
# we still need something for python2...
%if 0%{?rhel} >= 8 || 0%{?fedora}
%global __python %{__python3}
%else
%global __python /usr/bin/python2
%endif
#%%global prever rc1
#%%global VERSION %%{version}%%{prever}
%global VERSION %{version}
@ -15,7 +22,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 51%{?dist}
Release: 54%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -26,6 +33,8 @@ Source6: cups.logrotate
# Backend for NCP protocol
Source7: ncp.backend
Source8: macros.cups
# CVE-2023-32360 migration script
Source9: upgrade_get_document.py.in
Patch1: cups-no-gzip-man.patch
Patch2: cups-system-auth.patch
@ -143,6 +152,18 @@ Patch77: cups-retry-current-job-man.patch
Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
# 2130391 - Kerberized IPP Printing Fails
Patch79: cups-kerberos.patch
# 2217178 - Delays printing to lpd when reserved ports are exhausted
Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
# 2217283 - The command "cancel -x <job>" does not remove job files
Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
# 2217955 - Enlarge backlog queue for listen() in cupsd
Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
Patch84: 0001-cups-strlcpy-handle-zero-size.patch
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
Patch1000: cups-lspp.patch
@ -189,6 +210,9 @@ Requires(post): grep, sed
Requires(preun): systemd
Requires(postun): systemd
# for upgrade-get-document script
Requires(post): %{__python}
# We ship udev rules which use setfacl.
Requires: systemd
Requires: acl
@ -429,6 +453,18 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch78 -p1 -b .manpage-update
# 2130391 - Kerberized IPP Printing Fails
%patch79 -p1 -b .kerberos
# 2217178 - Delays printing to lpd when reserved ports are exhausted
%patch80 -p1 -b .lpd-delay
# 2217283 - The command "cancel -x <job>" does not remove job files
%patch81 -p1 -b .purge-job
# 2217955 - Enlarge backlog queue for listen() in cupsd
%patch82 -p1 -b .listen-backlog
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
%patch83 -p1 -b .cve34241
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
%patch84 -p1 -b .cve32324
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
%patch85 -p1 -b .get-document-auth
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -578,6 +614,11 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
/^\([^%].*\)/d
' > %{name}.lang
# install get-document upgrade script
install -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/upgrade_get_document
sed -i 's,@PYTHON_SHEBANG@,#!%{__python},' %{buildroot}%{_sbindir}/upgrade_get_document
%post
%systemd_post %{name}.path %{name}.socket %{name}.service
@ -640,6 +681,8 @@ fi
grep '^\s*IdleExitTimeout' %{_sysconfdir}/cups/cupsd.conf &> /dev/null || echo -e '\nIdleExitTimeout 0' \
>> %{_sysconfdir}/cups/cupsd.conf
%{_sbindir}/upgrade_get_document
exit 0
%post client
@ -848,6 +891,22 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
- RHEL-2612 - cups pulls an unneeded dependency on python3
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
- 2217178 - Delays printing to lpd when reserved ports are exhausted
- 2217283 - The command "cancel -x <job>" does not remove job files
- 2217955 - Enlarge backlog queue for listen() in cupsd
- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- RHEL-316 - Enable fmf tests in centos stream
* Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- 2130391 - Kerberized IPP Printing Fails