import UBI cups-2.2.6-54.el8_9

2023-11-14 18:51:11 +00:00 · 2023-11-14 18:51:11 +00:00 · b1f8ca4f28
commit b1f8ca4f28
parent 4991be94be
6 changed files with 230 additions and 6 deletions
--- a/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
+++ b/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
@ -0,0 +1,21 @@
 diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
 --- cups-2.3.3op2/backend/lpd.c.lpd-delay	2021-02-01 22:10:25.000000000 +0100
 +++ cups-2.3.3op2/backend/lpd.c	2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int	abort_job = 0;		/* Non-zero i
 #define RESERVE_NONE		0	/* Don't reserve a priviledged port */
 #define RESERVE_RFC1179		1	/* Reserve port 721-731 */
 -#define RESERVE_ANY		2	/* Reserve port 1-1023 */
 +#define RESERVE_ANY		2	/* Reserve port 512-1023 */
 /*
@@ -778,7 +778,7 @@ lpd_queue(const char      *hostname,	/*
       if (lport < 721 && reserve == RESERVE_RFC1179)
 	lport = 731;
 -      else if (lport < 1)
 +      else if (lport < 512)
 	lport = 1023;
 #ifdef HAVE_GETEUID
--- a/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
+++ b/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
@ -0,0 +1,64 @@
 From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
 From: Rose <83477269+AtariDreams@users.noreply.github.com>
 Date: Thu, 1 Jun 2023 11:33:39 -0400
 Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
 httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
 We have to log the hostname first.
 ---
 scheduler/client.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)
 diff --git a/scheduler/client.c b/scheduler/client.c
 index 91e441188..327473a4d 100644
 --- a/scheduler/client.c
 +++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
    /*
     * Can't have an unresolved IP address with double-lookups enabled...
     */
 -
 -    httpClose(con->http);
 -
     cupsdLogClient(con, CUPSD_LOG_WARN,
 -                    "Name lookup failed - connection from %s closed!",
 +                    "Name lookup failed - closing connection from %s!",
                     httpGetHostname(con->http, NULL, 0));
 +    httpClose(con->http);
     free(con);
     return;
   }
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
       * with double-lookups enabled...
       */
 -      httpClose(con->http);
 -
       cupsdLogClient(con, CUPSD_LOG_WARN,
 -                      "IP lookup failed - connection from %s closed!",
 +                      "IP lookup failed - closing connection from %s!",
                       httpGetHostname(con->http, NULL, 0));
 +
 +      httpClose(con->http);
       free(con);
       return;
     }
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
   if (!hosts_access(&wrap_req))
   {
 -    httpClose(con->http);
 -
     cupsdLogClient(con, CUPSD_LOG_WARN,
                     "Connection from %s refused by /etc/hosts.allow and "
 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
 +
 +    httpClose(con->http);
     free(con);
     return;
   }
 -- 
 2.41.0
--- a/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
+++ b/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
@ -0,0 +1,48 @@
 From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
 From: Bryan Mason <bmason@redhat.com>
 Date: Tue, 27 Jun 2023 04:18:46 -0700
 Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
 single job (#742)
 The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
 operation; however, the correct attribute to use for Cancel-job is
 "purge-job" (singular), not "purge-jobs" (plural).  As a result, job
 files are not removed from /var/spool/cups when "cancel -x <job>" is
 executed.
 This patch resolves the issue by adding "purge-job" when the IPP
 operation is Cancel-Job and "purge-jobs" for other IPP operations
 (Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
 ---
 systemv/cancel.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/systemv/cancel.c b/systemv/cancel.c
 index 572f413e1..f5b8e12b5 100644
 --- a/systemv/cancel.c
 +++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int  argc,				/* I - Number of command-line arguments */
       *    attributes-natural-language
       *    printer-uri + job-id *or* job-uri
       *    [requesting-user-name]
 +      *    [purge-job] or [purge-jobs]
       */
       request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int  argc,				/* I - Number of command-line arguments */
                      "requesting-user-name", NULL, cupsUser());
       if (purge)
 -	ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
 +      {
 +	if (op == IPP_CANCEL_JOB)
 +	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
 +	else
 +	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
 +      }
      /*
       * Do the request and get back a response...
 -- 
 2.41.0
--- a/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
+++ b/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
@ -0,0 +1,35 @@
 From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
 From: Vasilis Liaskovitis <vliaskovitis@suse.com>
 Date: Wed, 1 Mar 2023 13:46:28 +0100
 Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
 #308)
 Use a listen queue size of INT_MAX, which should default to the maximum
 supported queue size on the system.
 This avoids the problem of the listening backlog queue getting full when
 there are too many requests at the same time. The problem was observed
 with the previous backlog size (128) by customers when submitting large
 batches of print jobs, resulting in some jobs getting lost.
 Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
 ---
 cups/http-addr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/cups/http-addr.c b/cups/http-addr.c
 index a61ee0449..6aeeb8074 100644
 --- a/cups/http-addr.c
 +++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
   * Listen...
   */
 -  if (listen(fd, 5))
 +  if (listen(fd, INT_MAX))
   {
     _cupsSetHTTPError(HTTP_STATUS_ERROR);
 -- 
 2.41.0
--- a/SOURCES/0001-cups-strlcpy-handle-zero-size.patch
+++ b/SOURCES/0001-cups-strlcpy-handle-zero-size.patch
@ -0,0 +1,26 @@
 From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
 From: Michael R Sweet <michael.r.sweet@gmail.com>
 Date: Wed, 17 May 2023 12:59:57 -0400
 Subject: [PATCH] Consensus fix.
 ---
 cups/string.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/cups/string.c b/cups/string.c
 index 00454203c..b4fc12050 100644
 --- a/cups/string.c
 +++ b/cups/string.c
@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
   size_t	srclen;			/* Length of source string */
 +  if (size == 0)
 +    return (0);
 +
  /*
   * Figure out how much room is needed...
   */
 -- 
 2.40.1
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@ -22,7 +22,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.6
-Release: 51%{?dist}.2
+Release: 54%{?dist}
 License: GPLv2+ and LGPLv2 with exceptions and AML
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -152,8 +152,18 @@ Patch77: cups-retry-current-job-man.patch
 Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
 # 2130391 - Kerberized IPP Printing Fails
 Patch79: cups-kerberos.patch
 # 2217178 - Delays printing to lpd when reserved ports are exhausted
 Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
 # 2217283 - The command "cancel -x <job>" does not remove job files
 Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
 # 2217955 - Enlarge backlog queue for listen() in cupsd
 Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
 # CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 Patch84: 0001-cups-strlcpy-handle-zero-size.patch
 # CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
-Patch80: 0001-Require-authentication-for-CUPS-Get-Document.patch
+Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
 Patch1000: cups-lspp.patch
@ -443,8 +453,18 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch78 -p1 -b .manpage-update
 # 2130391 - Kerberized IPP Printing Fails
 %patch79 -p1 -b .kerberos
 # 2217178 - Delays printing to lpd when reserved ports are exhausted
 %patch80 -p1 -b .lpd-delay
 # 2217283 - The command "cancel -x <job>" does not remove job files
 %patch81 -p1 -b .purge-job
 # 2217955 - Enlarge backlog queue for listen() in cupsd
 %patch82 -p1 -b .listen-backlog
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 %patch83 -p1 -b .cve34241
 # CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 %patch84 -p1 -b .cve32324
 # CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
-%patch80 -p1 -b .get-document-auth
+%patch85 -p1 -b .get-document-auth
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -871,12 +891,22 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 %changelog
-* Mon Sep 11 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51.2
+* Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
- RHEL-2975 - cups pulls an unneeded dependency on python3
+- RHEL-2612 - cups pulls an unneeded dependency on python3
-* Tue Aug 15 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51.1
+* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
 * Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
 - 2217178 - Delays printing to lpd when reserved ports are exhausted
 - 2217283 - The command "cancel -x <job>" does not remove job files
 - 2217955 - Enlarge backlog queue for listen() in cupsd
 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 - CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 * Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
 - RHEL-316 - Enable fmf tests in centos stream
 * Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
 - 2130391 - Kerberized IPP Printing Fails