rpms/cups
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI cups-2.3.3op2-21.el9

Browse Source
This commit is contained in:
eabdullin 2023-11-07 11:38:42 +00:00
parent 6625f5268c
commit 8eacf61976
8 changed files with 369 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

64
SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch Normal file
View File

@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

48
SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch Normal file
View File

@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.
This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

35
SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch Normal file
View File

@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)
Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.
This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 128))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

34
SOURCES/0001-cups-strlcpy-handle-zero-size.patch Normal file
View File

@ -0,0 +1,34 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,6 +1,7 @@
/*
* String functions for CUPS.
*
+ * Copyright © 2023 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

6
SOURCES/cups-deprecate-drivers.patch
View File

@ -167,11 +167,11 @@ index 4498a8c..8776874 100755
count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
-if test $count != 8; then
- echo "FAIL: $count warning messages, expected 8."
+if test $count != 10; then
+ echo "FAIL: $count warning messages, expected 10."
+if test $count != 9; then
+ echo "FAIL: $count warning messages, expected 9."
$GREP '^W ' $BASE/log/error_log
- echo " <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
+ echo " <p>FAIL: $count warning messages, expected 10.</p>" >>$strfile
+ echo " <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
echo " <pre>" >>$strfile
$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&amp;/g' -e '1,$s/</&lt;/g' >>$strfile
echo " </pre>" >>$strfile

115
SOURCES/cups-local-negotiate.patch Normal file
View File

@ -0,0 +1,115 @@
diff --git a/cups/auth.c b/cups/auth.c
index db45bbb..b6fec6b 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
# define cups_gss_printf(major, minor, message)
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int cups_is_local_connection(http_t *http);
static int cups_local_auth(http_t *http);
@@ -174,10 +175,10 @@ cupsDoAuthentication(
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
#ifdef HAVE_GSSAPI
- if (!_cups_strcasecmp(scheme, "Negotiate"))
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
{
/*
- * Kerberos authentication...
+ * Kerberos authentication to remote server...
*/
int gss_status; /* Auth status */
@@ -201,7 +202,9 @@ cupsDoAuthentication(
}
else
#endif /* HAVE_GSSAPI */
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
+ if (_cups_strcasecmp(scheme, "Basic") &&
+ _cups_strcasecmp(scheme, "Digest") &&
+ _cups_strcasecmp(scheme, "Negotiate"))
{
/*
* Other schemes not yet supported...
@@ -215,7 +218,7 @@ cupsDoAuthentication(
* See if we should retry the current username:password...
*/
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
+ if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
@@ -295,7 +298,7 @@ cupsDoAuthentication(
}
}
- if (http->authstring)
+ if (http->authstring && http->authstring[0])
{
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int /* O - 0 if not a local connection */
+ /* 1 if local connection */
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+{
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ return 0;
+ return 1;
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
* See if we are accessing localhost...
*/
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ if (!cups_is_local_connection(http))
{
DEBUG_puts("8cups_local_auth: Not a local connection!");
return (1);
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
}
# endif /* HAVE_AUTHORIZATION_H */
-# ifdef HAVE_GSSAPI
- if (cups_auth_find(www_auth, "Negotiate"))
- return (1);
-# endif /* HAVE_GSSAPI */
-
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
/*
* See if we can authenticate using the peer credentials provided over a
diff --git a/scheduler/client.c b/scheduler/client.c
index 89c76bf..40708d9 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
}
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
{
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
- else
-#endif /* SO_PEERCRED && AF_LOCAL */
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
}
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
{
/*
- * Add a "trc" (try root certification) parameter for local non-Kerberos
+ * Add a "trc" (try root certification) parameter for local
* requests when the request requires system group membership - then the
* client knows the root certificate can/should be used.
*

53
SPECS/cups.spec
View File

@ -24,7 +24,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.3.3%{OP_VER}
Release: 16%{?dist}.1
Release: 21%{?dist}
License: ASL 2.0
Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -112,8 +112,20 @@ Patch27: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
Patch28: 0001-Update-man-pages-for-h-option-Issue-357.patch
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
Patch29: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
# 2189919 - CGI scripts don't work with local Negotiate authentication
Patch30: cups-local-negotiate.patch
# 2217177 - Delays printing to lpd when reserved ports are exhausted
Patch31: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
# 2217284 - The command "cancel -x <job>" does not remove job files
Patch32: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
# 2217954 - Enlarge backlog queue for listen() in cupsd
Patch33: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
Patch35: 0001-cups-strlcpy-handle-zero-size.patch
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
Patch30: 0001-Require-authentication-for-CUPS-Get-Document.patch
Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch
##### Patches removed because IMHO they aren't no longer needed
@ -355,8 +367,20 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch28 -p1 -b .manpage-update
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
%patch29 -p1 -b .cve26691
# 2189919 - CGI scripts don't work with local Negotiate authentication
%patch30 -p1 -b .local-negotiate
# 2217177 - Delays printing to lpd when reserved ports are exhausted
%patch31 -p1 -b .lpd-delay
# 2217284 - The command "cancel -x <job>" does not remove job files
%patch32 -p1 -b .purge-job
# 2217954 - Enlarge backlog queue for listen() in cupsd
%patch33 -p1 -b .listen-backlog
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
%patch34 -p1 -b .cve34241
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
%patch35 -p1 -b .cve32324
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
%patch30 -p1 -b .get-document-auth
%patch36 -p1 -b .get-document-auth
%if %{lspp}
# LSPP support.
@ -791,9 +815,30 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz
%changelog
* Tue Aug 15 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16.1
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21
- bump the spec because the previous build was made with buildroot 9.2
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-20
- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
* Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
- 2217177 - Delays printing to lpd when reserved ports are exhausted
- 2217284 - The command "cancel -x <job>" does not remove job files
- 2217954 - Enlarge backlog queue for listen() in cupsd
* Wed Apr 26 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-18
- 2189919 - CGI scripts don't work with local Negotiate authentication
* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
- RHEL-314 - Enable fmf tests in centos stream
* Thu Mar 23 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
- RHEL-317 - upstream test suite fails due uncorrect number of expected warnings
* Thu Jun 16 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16
- CVE-2022-26691 cups: authorization bypass when using "local" authorization