rpms
/
cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI cups-2.2.6-54.el8_9

This commit is contained in:
eabdullin 2023-11-14 18:51:11 +00:00
parent 4991be94be
commit b1f8ca4f28
6 changed files with 230 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

64
SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch Normal file
View File

@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

48
SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch Normal file
View File

@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.
This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

35
SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch Normal file
View File

@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)
Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.
This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 5))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

26
SOURCES/0001-cups-strlcpy-handle-zero-size.patch Normal file
View File

@ -0,0 +1,26 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

42
SPECS/cups.spec
View File

@ -22,7 +22,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 51%{?dist}.2
Release: 54%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -152,8 +152,18 @@ Patch77: cups-retry-current-job-man.patch
Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
# 2130391 - Kerberized IPP Printing Fails
Patch79: cups-kerberos.patch
# 2217178 - Delays printing to lpd when reserved ports are exhausted
Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
# 2217283 - The command "cancel -x <job>" does not remove job files
Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
# 2217955 - Enlarge backlog queue for listen() in cupsd
Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
Patch84: 0001-cups-strlcpy-handle-zero-size.patch
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
Patch80: 0001-Require-authentication-for-CUPS-Get-Document.patch
Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
Patch1000: cups-lspp.patch
@ -443,8 +453,18 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch78 -p1 -b .manpage-update
# 2130391 - Kerberized IPP Printing Fails
%patch79 -p1 -b .kerberos
# 2217178 - Delays printing to lpd when reserved ports are exhausted
%patch80 -p1 -b .lpd-delay
# 2217283 - The command "cancel -x <job>" does not remove job files
%patch81 -p1 -b .purge-job
# 2217955 - Enlarge backlog queue for listen() in cupsd
%patch82 -p1 -b .listen-backlog
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
%patch83 -p1 -b .cve34241
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
%patch84 -p1 -b .cve32324
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
%patch80 -p1 -b .get-document-auth
%patch85 -p1 -b .get-document-auth
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -871,12 +891,22 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Mon Sep 11 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51.2
- RHEL-2975 - cups pulls an unneeded dependency on python3
* Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
- RHEL-2612 - cups pulls an unneeded dependency on python3
* Tue Aug 15 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51.1
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
- 2217178 - Delays printing to lpd when reserved ports are exhausted
- 2217283 - The command "cancel -x <job>" does not remove job files
- 2217955 - Enlarge backlog queue for listen() in cupsd
- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- RHEL-316 - Enable fmf tests in centos stream
* Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- 2130391 - Kerberized IPP Printing Fails