diff --git a/.gitignore b/.gitignore index 9a0f7b0..46a14b6 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,4 @@ cups-1.4.4-source.tar.bz2 /cups-2.4.2-source.tar.gz /cups-2.4.4-source.tar.gz /cups-2.4.5-source.tar.gz +/cups-2.4.6-source.tar.gz diff --git a/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch b/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch new file mode 100644 index 0000000..bf3ff7e --- /dev/null +++ b/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch @@ -0,0 +1,41 @@ +From d82c43db87ac421ad9830c77342ad68b1d4d20c3 Mon Sep 17 00:00:00 2001 +From: Bryan Mason +Date: Sat, 24 Jun 2023 12:31:23 -0700 +Subject: [PATCH 1/2] Fix delays printing to lpd when reserved ports are + exhausted + +cups_rresvport() doesn't reserve ports less than 512; however, +lpd_queue() continues decrementing the port number to 0. This leads +to delays of ~511 seconds once all ports between 512-1023 are +exhausted. Even when ports become available, lpd_queue() still tries +calling cups_rresvport() with port numbers less than 512, waiting one +second between each call. +--- + backend/lpd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/backend/lpd.c b/backend/lpd.c +index a7a44ab20..425b8512a 100644 +--- a/backend/lpd.c ++++ b/backend/lpd.c +@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero if we get SIGTERM */ + + #define RESERVE_NONE 0 /* Don't reserve a privileged port */ + #define RESERVE_RFC1179 1 /* Reserve port 721-731 */ +-#define RESERVE_ANY 2 /* Reserve port 1-1023 */ ++#define RESERVE_ANY 2 /* Reserve port 512-1023 */ + + + /* +@@ -775,7 +775,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ + + if (lport < 721 && reserve == RESERVE_RFC1179) + lport = 731; +- else if (lport < 1) ++ else if (lport < 512) + lport = 1023; + + #ifdef HAVE_GETEUID +-- +2.41.0 + diff --git a/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch b/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch new file mode 100644 index 0000000..fe5d29e --- /dev/null +++ b/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch @@ -0,0 +1,48 @@ +From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001 +From: Bryan Mason +Date: Tue, 27 Jun 2023 04:18:46 -0700 +Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a + single job (#742) + +The command "cancel -x " adds "purge-jobs true" to the Cancel-Job +operation; however, the correct attribute to use for Cancel-job is +"purge-job" (singular), not "purge-jobs" (plural). As a result, job +files are not removed from /var/spool/cups when "cancel -x " is +executed. + +This patch resolves the issue by adding "purge-job" when the IPP +operation is Cancel-Job and "purge-jobs" for other IPP operations +(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs) +--- + systemv/cancel.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/systemv/cancel.c b/systemv/cancel.c +index 572f413e1..f5b8e12b5 100644 +--- a/systemv/cancel.c ++++ b/systemv/cancel.c +@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */ + * attributes-natural-language + * printer-uri + job-id *or* job-uri + * [requesting-user-name] ++ * [purge-job] or [purge-jobs] + */ + + request = ippNewRequest(op); +@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */ + "requesting-user-name", NULL, cupsUser()); + + if (purge) +- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge); ++ { ++ if (op == IPP_CANCEL_JOB) ++ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge); ++ else ++ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge); ++ } + + /* + * Do the request and get back a response... +-- +2.41.0 + diff --git a/cups.spec b/cups.spec index 657bb48..f21bf1d 100644 --- a/cups.spec +++ b/cups.spec @@ -14,7 +14,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 -Version: 2.4.5 +Version: 2.4.6 Release: 1%{?dist} # the CUPS exception text is the same as LLVM exception, so using that name with # agreement from legal team @@ -70,6 +70,12 @@ Patch100: cups-lspp.patch %endif #### UPSTREAM PATCHES (starts with 1000) #### +# https://github.com/OpenPrinting/cups/pull/741 +# 2218123 - Delays printing to lpd when reserved ports are exhausted +Patch1000: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch +# https://github.com/OpenPrinting/cups/pull/742 +# 2218124 - The command "cancel -x " does not remove job files +Patch1001: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch ##### Patches removed because IMHO they aren't no longer needed @@ -289,6 +295,10 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch -P 13 -p1 -b .dymo-deviceid # UPSTREAM PATCHES +# 2218123 - Delays printing to lpd when reserved ports are exhausted +%patch -P 1000 -p1 -b .lpd-delay +# 2218124 - The command "cancel -x " does not remove job files +%patch -P 1001 -p1 -b .purge-job %if %{lspp} @@ -749,6 +759,12 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog +* Tue Jun 27 2023 Zdenek Dohnal - 1:2.4.6-1 +- 2218124 - The command "cancel -x " does not remove job files +- 2218123 - Delays printing to lpd when reserved ports are exhausted +- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c +- 2217043 - cups-2.4.6 is available + * Wed Jun 14 2023 Zdenek Dohnal - 1:2.4.5-1 - 2214860 - cups-2.4.5 is available diff --git a/sources b/sources index f685b6b..0580398 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cups-2.4.5-source.tar.gz) = ffa37468f28c95bd10db45739d1d442c21f9575f5b36543284f0821bae5d78167228543d7714b1a37c5701d31953e97ebd35cfdc8ec915894bce688431291701 +SHA512 (cups-2.4.6-source.tar.gz) = eb748680a748f599e4826c17054a24259d190e6c8e8339f6a7a37ee2a3f4c3fd1829e856b25a854cfdbee1b51279c70a0e847f6142225b8b68f1cd10c4ce4ce4