rpms/cups
6
0
Fork 0
Code Issues Pull Requests Releases Activity

1700664 - Stop advertising the HTTP methods that are supported

Browse Source
This commit is contained in:
Zdenek Dohnal 2019-04-17 14:43:21 +02:00
parent 891224fd44
commit 798d194948
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cups-dont-send-http-options-field.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/scheduler/client.c b/scheduler/client.c
index d057602..8960516 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1023,8 +1023,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
}
httpClearFields(con->http);
- httpSetField(con->http, HTTP_FIELD_ALLOW,
- "GET, HEAD, OPTIONS, POST, PUT");
httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))

15
cups.spec
View File

@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.2.11 Version: 2.2.11
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ and LGPLv2+ with exceptions and AML License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -95,6 +95,13 @@ Patch18: cups-filter-debug.patch
# add device id for dymo printer # add device id for dymo printer
Patch29: cups-dymo-deviceid.patch Patch29: cups-dymo-deviceid.patch
#### UPSTREAM PATCHES ####
# possible security issue - all answers tell to
# possible attacker supported options, which
# can narrow the attack vector - do not send it
# in regular message
Patch40: cups-dont-send-http-options-field.patch
##### Patches removed because IMHO they aren't no longer needed ##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal ##### but still I'll leave them in git in case their removal
##### breaks something. ##### breaks something.
@ -336,6 +343,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch100 -p1 -b .lspp %patch100 -p1 -b .lspp
%endif %endif
#### UPSTREAMED PATCHES ####
%patch40 -p1 -b .dont-send-http-options-field
# if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be # if cupsd is set to log into /var/log/cups, then 'MaxLogSize 0' needs to be
# in cupsd.conf to disable cupsd logrotate functionality and use logrotated # in cupsd.conf to disable cupsd logrotate functionality and use logrotated
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -741,6 +751,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz %{_mandir}/man5/ipptoolfile.5.gz
%changelog %changelog
* Wed Apr 17 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.11-2
- 1700664 - Stop advertising the HTTP methods that are supported
* Tue Mar 26 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.11-1 * Tue Mar 26 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.11-1
- 2.2.11 - 2.2.11