From 83cf0be5503139bf2224849d17df6497d962ef0c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Fri, 8 Jul 2022 02:12:51 +0000 Subject: [PATCH] import cups-2.2.6-50.el8 --- ...ate-man-pages-for-h-option-Issue-357.patch | 899 ++++++++++++++++++ ...-Fix-string-comparison-fixes-CVE-202.patch | 35 + SOURCES/cups-retry-current-job-man.patch | 52 + SPECS/cups.spec | 26 +- 4 files changed, 1011 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch create mode 100644 SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch create mode 100644 SOURCES/cups-retry-current-job-man.patch diff --git a/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch b/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch new file mode 100644 index 0000000..c6ec7e5 --- /dev/null +++ b/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch @@ -0,0 +1,899 @@ +From 4d6787bd98c2fac8dcc58f34125d299d82e622aa Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Mon, 2 May 2022 15:35:20 -0400 +Subject: [PATCH] Update man pages for -h option (Issue #357) + +--- + CHANGES.md | 1 + + doc/help/man-cancel.html | 7 ++++--- + doc/help/man-cupsctl.html | 7 ++++--- + doc/help/man-ipptool.html | 6 ++++++ + doc/help/man-lp.html | 9 +++++---- + doc/help/man-lpinfo.html | 9 +++++---- + doc/help/man-lpmove.html | 9 +++++---- + doc/help/man-lpoptions.html | 17 +++++++++-------- + doc/help/man-lpq.html | 5 +++-- + doc/help/man-lpr.html | 5 +++-- + doc/help/man-lprm.html | 6 +++--- + doc/help/man-lpstat.html | 5 +++-- + man/cancel.1 | 9 +++++---- + man/cupsctl.8 | 9 +++++---- + man/lp.1 | 11 ++++++----- + man/lpinfo.8 | 11 ++++++----- + man/lpmove.8 | 11 ++++++----- + man/lpoptions.1 | 19 ++++++++++--------- + man/lpq.1 | 7 ++++--- + man/lpr.1 | 7 ++++--- + man/lprm.1 | 8 ++++---- + man/lpstat.1 | 11 ++++++----- + 22 files changed, 107 insertions(+), 82 deletions(-) + +diff --git a/doc/help/man-cancel.html b/doc/help/man-cancel.html +index d51bb2b91..a0b52369c 100644 +--- a/doc/help/man-cancel.html ++++ b/doc/help/man-cancel.html +@@ -12,6 +12,9 @@ cancel - cancel jobs +

Synopsis

+ cancel + [ ++-h ++hostname[:port] ++] [ + -E + ] [ + -U +@@ -19,9 +22,6 @@ cancel - cancel jobs + ] [ + -a + ] [ +--h +-hostname[:port] +-] [ + -u + username + ] [ +@@ -46,6 +46,7 @@ destinations if none is provided. +
Forces encryption when connecting to the server. +
-h hostname[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-U username +
Specifies the username to use when connecting to the server. +
-u username +diff --git a/doc/help/man-cupsctl.html b/doc/help/man-cupsctl.html +index b3f892ef9..e5c98dccb 100644 +--- a/doc/help/man-cupsctl.html ++++ b/doc/help/man-cupsctl.html +@@ -12,14 +12,14 @@ cupsctl - configure cupsd.conf options +

Synopsis

+ cupsctl + [ ++-h ++server[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h +-server[:port] +-] [ + --[no-]debug-logging + ] [ + --[no-]remote-admin +@@ -45,6 +45,7 @@ The following options are recognized: +
Specifies an alternate username to use when authenticating with the scheduler. +
-h server[:port] +
Specifies the server address. ++Note: This option must occur before all others. +
--[no-]debug-logging +
Enables (disables) debug logging to the error_log file. +
--[no-]remote-admin +diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html +index 81f67d77f..688454c69 100644 +--- a/doc/help/man-ipptool.html ++++ b/doc/help/man-ipptool.html +@@ -59,6 +59,8 @@ ipptool - perform internet printing protocol requests + -i + seconds + ] [ ++-j ++] [ + -n + repeat-count + ] [ +@@ -150,6 +152,10 @@ This option is incompatible with the -i (interval) and -n (repeat- + testfile + should be repeated at the specified interval. + This option is incompatible with the -X (XML plist output) option. ++
-j ++
Specifies that ++ipptool ++will produce JSON output. +
-l +
Specifies that plain text output is desired. +
-n repeat-count +diff --git a/doc/help/man-lp.html b/doc/help/man-lp.html +index f70c088d3..6442e900d 100644 +--- a/doc/help/man-lp.html ++++ b/doc/help/man-lp.html +@@ -12,6 +12,8 @@ lp - print files +

Synopsis

+ lp + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U +@@ -21,8 +23,6 @@ lp - print files + ] [ + -d destination[/instance] + ] [ +--h hostname[:port] +-] [ + -m + ] [ + -n +@@ -51,6 +51,8 @@ lp - print files +
+ lp + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U +@@ -58,8 +60,6 @@ lp - print files + ] [ + -c + ] [ +--h hostname[:port] +-] [ + -i + job-id + ] [ +@@ -106,6 +106,7 @@ In CUPS, print files are always sent to the scheduler via IPP which has the same +
Prints files to the named printer. +
-h hostname[:port] +
Chooses an alternate server. ++Note: This option must occur before all others. +
-i job-id +
Specifies an existing job to modify. +
-m +diff --git a/doc/help/man-lpinfo.html b/doc/help/man-lpinfo.html +index a1aed9421..30df7691c 100644 +--- a/doc/help/man-lpinfo.html ++++ b/doc/help/man-lpinfo.html +@@ -12,10 +12,10 @@ lpinfo - show available devices or drivers (deprecated) +

Synopsis

+ lpinfo + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -l + ] [ + --device-id +@@ -40,10 +40,10 @@ lpinfo - show available devices or drivers (deprecated) +
+ lpinfo + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -l + ] [ + --exclude-schemes +@@ -66,6 +66,7 @@ The first form (-m) lists the available drivers, while the second form (< +
Forces encryption when connecting to the server. +
-h server[:port] +
Selects an alternate server. ++Note: This option must occur before all others. +
-l +
Shows a "long" listing of devices or drivers. +
--device-id device-id-string +diff --git a/doc/help/man-lpmove.html b/doc/help/man-lpmove.html +index d8019ee25..b0db753f9 100644 +--- a/doc/help/man-lpmove.html ++++ b/doc/help/man-lpmove.html +@@ -12,10 +12,10 @@ lpmove - move a job or all jobs to a new destination +

Synopsis

+ lpmove + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -U + username + ] +@@ -24,10 +24,10 @@ lpmove - move a job or all jobs to a new destination +
+ lpmove + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -U + username + ] +@@ -44,6 +44,7 @@ The lpmove command supports the following options: +
Specifies an alternate username. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. + +

Examples

+ Move job 123 from "oldprinter" to "newprinter": +diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html +index 6dda87f64..6af78290b 100644 +--- a/doc/help/man-lpoptions.html ++++ b/doc/help/man-lpoptions.html +@@ -12,12 +12,12 @@ +

Synopsis

+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] ++] [ ++-E ++] [ ++-U ++username + ] + -d destination[/instance] + [ +@@ -26,26 +26,26 @@ +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] + ] [ ++-E ++] [ ++-U ++username ++] [ + -p destination[/instance] + ] + -o option[=value] ... +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] + ] [ ++-E ++] [ ++-U ++username ++] [ + -p destination[/instance] + ] + -r +@@ -53,12 +53,12 @@ +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] ++] [ ++-E ++] [ ++-U ++username + ] + -x destination[/instance] +

Description

+@@ -84,6 +84,7 @@ + This option overrides the system default printer for the current user. +
-h server[:port] +
Uses an alternate server. ++Note: This option must occur before all others. +
-l +
Lists the printer specific options and their current settings. +
-o option[=value] +@@ -119,7 +120,7 @@ + lprm(1), + CUPS Online Help (http://localhost:631/help) +

Copyright

+-Copyright © 2007-2017 by Apple Inc. ++Copyright © 2021-2022 by OpenPrinting. + + + +diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html +index 1c9e704ff..19e536d3c 100644 +--- a/doc/help/man-lpq.html ++++ b/doc/help/man-lpq.html +@@ -12,13 +12,13 @@ lpq - show printer queue status +

Synopsis

+ lpq + [ ++-h server[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h server[:port] +-] [ + -P destination[/instance] + ] [ + -a +@@ -44,6 +44,7 @@ Jobs queued on the default destination will be shown if no printer or class is s +
Reports jobs on all printers. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-l +
Requests a more verbose (long) reporting format. + +diff --git a/doc/help/man-lpr.html b/doc/help/man-lpr.html +index d044ab1a8..f9b19e1fe 100644 +--- a/doc/help/man-lpr.html ++++ b/doc/help/man-lpr.html +@@ -12,10 +12,10 @@ lpr - print files +

Synopsis

+ lpr + [ +--E +-] [ + -H server[:port] + ] [ ++-E ++] [ + -U + username + ] [ +@@ -67,6 +67,7 @@ The following options are recognized by lpr: +
Forces encryption when connecting to the server. +
-H server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-C "name" +
-J "name" +
-T "name" +diff --git a/doc/help/man-lprm.html b/doc/help/man-lprm.html +index 7410320a3..dbe7f20de 100644 +--- a/doc/help/man-lprm.html ++++ b/doc/help/man-lprm.html +@@ -12,14 +12,13 @@ lprm - cancel print jobs +

Synopsis

+ lprm + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h +-server[:port] +-] [ + -P + destination[/instance] + ] [ +@@ -45,6 +44,7 @@ command supports the following options: +
Specifies an alternate username. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. + +

Conforming To

+ The CUPS version of +diff --git a/doc/help/man-lpstat.html b/doc/help/man-lpstat.html +index f23089bbe..2c5dedc7c 100644 +--- a/doc/help/man-lpstat.html ++++ b/doc/help/man-lpstat.html +@@ -12,6 +12,8 @@ lpstat - print cups status information +

Synopsis

+ lpstat + [ ++-h hostname[:port] ++] [ + -E + ] [ + -H +@@ -19,8 +21,6 @@ lpstat - print cups status information + -U + username + ] [ +--h hostname[:port] +-] [ + -l + ] [ + -W +@@ -91,6 +91,7 @@ If no classes are specified then all classes are listed. +
Shows all available destinations on the local network. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-l +
Shows a long listing of printers, classes, or jobs. +
-o [destination(s)] +diff --git a/man/cancel.man b/man/cancel.man +index 34a5d9fc0..caea0ed69 100644 +--- a/man/cancel.man ++++ b/man/cancel.man +@@ -10,12 +10,15 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH cancel 1 "CUPS" "15 April 2014" "Apple Inc." ++.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + cancel \- cancel jobs + .SH SYNOPSIS + .B cancel + [ ++.B \-h ++.I hostname[:port] ++] [ + .B \-E + ] [ + .B \-U +@@ -23,9 +26,6 @@ + ] [ + .B \-a + ] [ +-.B \-h +-.I hostname[:port] +-] [ + .B \-u + .I username + ] [ +@@ -52,6 +52,7 @@ + .TP 5 + \fB\-h \fIhostname\fR[\fI:port\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-U \fIusername\fR + Specifies the username to use when connecting to the server. +diff --git a/man/cupsctl.man b/man/cupsctl.man +index 1b1ff4183..7e50d07ac 100644 +--- a/man/cupsctl.man ++++ b/man/cupsctl.man +@@ -10,20 +10,20 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH cupsctl 8 "CUPS" "30 May 2016" "Apple Inc." ++.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + cupsctl \- configure cupsd.conf options + .SH SYNOPSIS + .B cupsctl + [ ++.B \-h ++\fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-.B \-h +-\fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR + ] [ + \fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR +@@ -51,6 +51,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies the server address. ++Note: This option must occur before all others. + .TP 5 + \fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR + Enables (disables) debug logging to the \fIerror_log\fR file. +diff --git a/man/lp.man b/man/lp.man +index a54f904a5..4bdd2de7b 100644 +--- a/man/lp.man ++++ b/man/lp.man +@@ -10,12 +10,14 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lp 1 "CUPS" "2 May 2016" "Apple Inc." ++.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lp \- print files + .SH SYNOPSIS + .B lp + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U +@@ -25,8 +27,6 @@ + ] [ + \fB\-d \fIdestination\fR[\fB/\fIinstance\fR] + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-m + ] [ + .B \-n +@@ -55,6 +55,8 @@ + .br + .B lp + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U +@@ -62,8 +64,6 @@ + ] [ + .B \-c + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-i + .I job-id + ] [ +@@ -115,6 +115,7 @@ + .TP 5 + \fB\-h \fIhostname\fR[\fB:\fIport\fR] + Chooses an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-i \fIjob-id\fR + Specifies an existing job to modify. +diff --git a/man/lpinfo.man b/man/lpinfo.man +index d238f9a60..d44b568d2 100644 +--- a/man/lpinfo.man ++++ b/man/lpinfo.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpinfo 8 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpinfo \- show available devices or drivers + .SH SYNOPSIS + .B lpinfo + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-l + ] [ + .B \-\-device\-id +@@ -44,10 +44,10 @@ + .br + .B lpinfo + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-l + ] [ + .B \-\-exclude\-schemes +@@ -71,6 +71,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Selects an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Shows a "long" listing of devices or drivers. +diff --git a/man/lpmove.man b/man/lpmove.man +index af3c6b63c..62adba654 100644 +--- a/man/lpmove.man ++++ b/man/lpmove.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpmove 8 "CUPS" "26 May 2016" "Apple Inc." ++.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpmove \- move a job or all jobs to a new destination + .SH SYNOPSIS + .B lpmove + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] +@@ -28,10 +28,10 @@ + .br + .B lpmove + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] +@@ -50,6 +50,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .SH EXAMPLES + Move job 123 from "oldprinter" to "newprinter": + .nf +diff --git a/man/lpoptions.man.in b/man/lpoptions.man.in +index 372f46a37..2eb5b6010 100644 +--- a/man/lpoptions.man.in ++++ b/man/lpoptions.man.in +@@ -10,18 +10,18 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpoptions 1 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpoptions \- display or set printer options and defaults + .SH SYNOPSIS + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username +-] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] + ] + \fB\-d \fIdestination\fR[\fB/\fIinstance\fR] + [ +@@ -30,13 +30,13 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-p \fIdestination\fR[\fB/\fIinstance\fR] + ] + \fB\-o \fIoption\fR[\fB=\fIvalue\fR] ... +@@ -43,13 +43,13 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-p \fIdestination\fR[\fB/\fIinstance\fR] + ] + .B \-r +@@ -57,12 +57,12 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username +-] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] + ] + \fB\-x \fIdestination\fR[\fB/\fIinstance\fR] + .SH DESCRIPTION +@@ -96,6 +96,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Uses an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Lists the printer specific options and their current settings. +diff --git a/man/lpq.man b/man/lpq.man +index ce23a6c81..a81633ecb 100644 +--- a/man/lpq.man ++++ b/man/lpq.man +@@ -10,19 +10,19 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpq 1 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpq \- show printer queue status + .SH SYNOPSIS + .B lpq + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-P \fIdestination\fR[\fB/\fIinstance\fR] + ] [ + .B \-a +@@ -53,6 +53,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Requests a more verbose (long) reporting format. +diff --git a/man/lpr.man b/man/lpr.man +index e5f9f9018..77a62b305 100644 +--- a/man/lpr.man ++++ b/man/lpr.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpr 1 "CUPS" "2 May 2016" "Apple Inc." ++.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpr \- print files + .SH SYNOPSIS + .B lpr + [ +-.B \-E +-] [ + \fB\-H \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] [ +@@ -72,6 +72,7 @@ + .TP 5 + \fB\-H \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-C "\fIname\fB"\fR + .TP 5 +diff --git a/man/lprm.man b/man/lprm.man +index 094166539..0cf88ac51 100644 +--- a/man/lprm.man ++++ b/man/lprm.man +@@ -10,20 +10,19 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lprm 1 "CUPS" "22 May 2014" "Apple Inc." ++.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lprm \- cancel print jobs + .SH SYNOPSIS + .B lprm + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-.B \-h +-.IR server [ :port ] +-] [ + .B \-P + .IR destination [ /instance ] + ] [ +@@ -52,6 +51,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fI:port\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .SH CONFORMING TO + The CUPS version of + .B lprm +diff --git a/man/lpstat.man b/man/lpstat.man +index 0a10cd9bc..88acff7b3 100644 +--- a/man/lpstat.man ++++ b/man/lpstat.man +@@ -1,8 +1,8 @@ + .\" + .\" lpstat man page for CUPS. + .\" +-.\" Copyright 2007-2017 by Apple Inc. +-.\" Copyright 1997-2006 by Easy Software Products. ++.\" Copyright © 2007-2019 by Apple Inc. ++.\" Copyright © 1997-2006 by Easy Software Products. + .\" + .\" These coded instructions, statements, and computer programs are the + .\" property of Apple Inc. and are protected by Federal copyright +@@ -10,12 +10,14 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpstat 1 "CUPS" "26 May 2017" "Apple Inc." ++.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpstat \- print cups status information + .SH SYNOPSIS + .B lpstat + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-H +@@ -23,8 +25,6 @@ + .B \-U + .I username + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-l + ] [ + .B \-W +@@ -104,6 +104,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Shows a long listing of printers, classes, or jobs. diff --git a/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch new file mode 100644 index 0000000..0aa9c99 --- /dev/null +++ b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch @@ -0,0 +1,35 @@ +From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 May 2022 06:27:04 +0200 +Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes + CVE-2022-26691) + +The previous algorithm didn't expect the strings can have a different +length, so one string can be a substring of the other and such substring +was reported as equal to the longer string. +--- + CHANGES.md | 1 + + scheduler/cert.c | 9 ++++++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/scheduler/cert.c b/scheduler/cert.c +index b268bf1b2..9b65b96c9 100644 +--- a/scheduler/cert.c ++++ b/scheduler/cert.c +@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ + b ++; + } + +- return (result); ++ /* ++ * The while loop finishes when *a == '\0' or *b == '\0' ++ * so after the while loop either both *a and *b == '\0', ++ * or one points inside a string, so when we apply bitwise OR on *a, ++ * *b and result, we get a non-zero return value if the compared strings don't match. ++ */ ++ ++ return (result | *a | *b); + } +-- +2.36.1 + diff --git a/SOURCES/cups-retry-current-job-man.patch b/SOURCES/cups-retry-current-job-man.patch new file mode 100644 index 0000000..0d879c6 --- /dev/null +++ b/SOURCES/cups-retry-current-job-man.patch @@ -0,0 +1,52 @@ +diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html +index 9082348..8ab1ce8 100644 +--- a/doc/help/man-cupsd.conf.html ++++ b/doc/help/man-cupsd.conf.html +@@ -90,7 +90,7 @@ The default value is "30". +
Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer. +
ErrorPolicy retry-job +
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. +-
ErrorPolicy retry-this-job ++
ErrorPolicy retry-current-job +
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. +
ErrorPolicy stop-printer +
Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default. +diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in +index 53a028d..ba12b07 100644 +--- a/man/cupsd.conf.man.in ++++ b/man/cupsd.conf.man.in +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR +diff --git a/man/cupsd.conf.man.in.privilege-escalation b/man/cupsd.conf.man.in.privilege-escalation +index ab89e15..130ea8a 100644 +--- a/man/cupsd.conf.man.in.privilege-escalation ++++ b/man/cupsd.conf.man.in.privilege-escalation +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR +diff --git a/man/cupsd.conf.man.in.remove-weak-ciphers b/man/cupsd.conf.man.in.remove-weak-ciphers +index 5516780..35065ca 100644 +--- a/man/cupsd.conf.man.in.remove-weak-ciphers ++++ b/man/cupsd.conf.man.in.remove-weak-ciphers +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR diff --git a/SPECS/cups.spec b/SPECS/cups.spec index d38d764..4291486 100644 --- a/SPECS/cups.spec +++ b/SPECS/cups.spec @@ -15,7 +15,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 2.2.6 -Release: 46%{?dist} +Release: 50%{?dist} License: GPLv2+ and LGPLv2 with exceptions and AML Url: http://www.cups.org/ Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz @@ -135,6 +135,12 @@ Patch73: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch Patch74: 0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch # 2074736 - CUPS is too chatty about "Removing document files." in debug mode Patch75: cups-cupsd-too-chatty.patch +# CVE-2022-26691 cups: authorization bypass when using "local" authorization +Patch76: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch +# 2084257 - ErrorPolicy documentation is incorrect +Patch77: cups-retry-current-job-man.patch +# 1910415 - manpage update to acknowledge order dependency of -h option +Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch Patch1000: cups-lspp.patch @@ -413,6 +419,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch74 -p1 -b .lp-long-time # 2074736 - CUPS is too chatty about "Removing document files." in debug mode %patch75 -p1 -b .cupsd-too-chatty +# CVE-2022-26691 cups: authorization bypass when using "local" authorization +%patch76 -p1 -b .cve26691 +# 2084257 - ErrorPolicy documentation is incorrect +%patch77 -p1 -b .retry-current-job-man +# 1910415 - manpage update to acknowledge order dependency of -h option +%patch78 -p1 -b .manpage-update sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in @@ -832,6 +844,18 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Fri Jul 01 2022 Richard Lescak - 1:2.2.6-50 +- 1910415 - corrected manpage patch, one lpoptions usage wasn't changed + +* Thu Jun 16 2022 Richard Lescak - 1:2.2.6-49 +- 1910415 - manpage update to acknowledge order dependency of -h option + +* Tue May 31 2022 Zdenek Dohnal - 1:2.2.6-48 +- 2084257 - ErrorPolicy documentation is incorrect + +* Thu May 26 2022 Zdenek Dohnal - 1:2.2.6-47 +- CVE-2022-26691 cups: authorization bypass when using "local" authorization + * Fri May 13 2022 Zdenek Dohnal - 1:2.2.6-46 - 2074684 - lp to a remote server takes a long time - 2074736 - CUPS is too chatty about "Removing document files." in debug mode