rpms/cups
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues

Browse Source 
Resolves: RHEL-129716
This commit is contained in:
Zdenek Dohnal 2025-12-04 14:33:09 +01:00
parent cec3bbab49
commit dfe48aa41e
3 changed files with 512 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

460
0001-Fix-various-issues-in-cupsd.patch Normal file
View File

@ -0,0 +1,460 @@
From db8d560262c22a21ee1e55dfd62fa98d9359bcb0 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 21 Nov 2025 07:36:36 +0100
Subject: [PATCH] Fix various issues in cupsd
Various issues were found by @SilverPlate3, recognized as CVE-2025-61915:
- out of bound write when handling IPv6 addresses,
- cupsd crash caused by null dereference when ErrorPolicy value is empty,
On the top of that, Mike Sweet noticed vulnerability via domain socket,
exploitable locally if attacker has access to domain socket and knows username
of user within a group which is present in CUPS system groups:
- rewrite of cupsd.conf via PeerCred authorization via domain socket
The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf,
which controls whether PeerCred is enabled/disabled for user in CUPS system groups.
Fixes CVE-2025-61915
---
conf/cups-files.conf.in | 3 ++
config-scripts/cups-defaults.m4 | 9 +++++
config.h.in | 7 ++++
configure | 22 ++++++++++
doc/help/man-cups-files.conf.html | 9 ++++-
man/cups-files.conf.5 | 17 ++++++--
scheduler/auth.c | 8 +++-
scheduler/auth.h | 7 ++++
scheduler/client.c | 2 +-
scheduler/conf.c | 60 ++++++++++++++++++++++++----
test/run-stp-tests.sh | 2 +-
vcnet/config.h | 7 ++++
xcode/CUPS.xcodeproj/project.pbxproj | 2 -
xcode/config.h | 7 ++++
14 files changed, 145 insertions(+), 17 deletions(-)
diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in
index f96f745ae..6db139297 100644
--- a/conf/cups-files.conf.in
+++ b/conf/cups-files.conf.in
@@ -22,6 +22,9 @@
SystemGroup @CUPS_SYSTEM_GROUPS@
@CUPS_SYSTEM_AUTHKEY@
+# Are Unix domain socket peer credentials used for authorization?
+PeerCred @CUPS_PEER_CRED@
+
# User that is substituted for unauthenticated (remote) root accesses...
#RemoteRoot remroot
diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4
index 999a8849d..fc9ba4a02 100644
--- a/config-scripts/cups-defaults.m4
+++ b/config-scripts/cups-defaults.m4
@@ -95,6 +95,15 @@ AC_ARG_WITH([log_level], AS_HELP_STRING([--with-log-level], [set default LogLeve
AC_SUBST([CUPS_LOG_LEVEL])
AC_DEFINE_UNQUOTED([CUPS_DEFAULT_LOG_LEVEL], ["$CUPS_LOG_LEVEL"], [Default LogLevel value.])
+dnl Default PeerCred
+AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
+ CUPS_PEER_CRED="$withval"
+], [
+ CUPS_PEER_CRED="on"
+])
+AC_SUBST([CUPS_PEER_CRED])
+AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
+
dnl Default AccessLogLevel
AC_ARG_WITH(access_log_level, [ --with-access-log-level set default AccessLogLevel value, default=none],
CUPS_ACCESS_LOG_LEVEL="$withval",
diff --git a/config.h.in b/config.h.in
index 207df66a7..37c279088 100644
--- a/config.h.in
+++ b/config.h.in
@@ -86,6 +86,13 @@
#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
/*
* Default MaxCopies value...
*/
diff --git a/configure b/configure
index a38ebded9..1721634ba 100755
--- a/configure
+++ b/configure
@@ -670,6 +670,7 @@ CUPS_BROWSING
CUPS_SYNC_ON_CLOSE
CUPS_PAGE_LOG_FORMAT
CUPS_ACCESS_LOG_LEVEL
+CUPS_PEER_CRED
CUPS_LOG_LEVEL
CUPS_FATAL_ERRORS
CUPS_ERROR_POLICY
@@ -919,6 +920,7 @@ with_max_log_size
with_error_policy
with_fatal_errors
with_log_level
+with_peer_cred
with_access_log_level
enable_page_logging
enable_sync_on_close
@@ -1652,6 +1654,8 @@ Optional Packages:
--with-error-policy set default ErrorPolicy value, default=stop-printer
--with-fatal-errors set default FatalErrors value, default=config
--with-log-level set default LogLevel value, default=warn
+ --with-peer-cred set default PeerCred value (on/off/root-only),
+ default=on
--with-access-log-level set default AccessLogLevel value, default=none
--with-local-protocols set default BrowseLocalProtocols, default=""
--with-cups-user set default user for CUPS
@@ -11651,6 +11655,24 @@ printf "%s\n" "#define CUPS_DEFAULT_LOG_LEVEL \"$CUPS_LOG_LEVEL\"" >>confdefs.h
+# Check whether --with-peer_cred was given.
+if test ${with_peer_cred+y}
+then :
+ withval=$with_peer_cred;
+ CUPS_PEER_CRED="$withval"
+
+else $as_nop
+
+ CUPS_PEER_CRED="on"
+
+fi
+
+
+
+printf "%s\n" "#define CUPS_DEFAULT_PEER_CRED \"$CUPS_PEER_CRED\"" >>confdefs.h
+
+
+
# Check whether --with-access_log_level was given.
if test ${with_access_log_level+y}
then :
diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html
index 440f033d5..5a9ddefeb 100644
--- a/doc/help/man-cups-files.conf.html
+++ b/doc/help/man-cups-files.conf.html
@@ -119,6 +119,13 @@ The default is "/var/log/cups/page_log".
<dt><a name="PassEnv"></a><b>PassEnv </b><i>variable </i>[ ... <i>variable </i>]
<dd style="margin-left: 5.0em">Passes the specified environment variable(s) to child processes.
Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
+<dt><a name="PeerCred"></a><b>PeerCred off</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred on</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred root-only</b>
+<dd style="margin-left: 5.0em">Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When <b>on</b>, the peer credentials of any user are accepted for authorization.
+The value <b>off</b> disables the use of peer credentials entirely, while the value <b>root-only</b> allows peer credentials only for the root user.
+Note: for security reasons, the <b>on</b> setting is reduced to <b>root-only</b> for authorization of PUT requests.
<dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
<dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
The default is "remroot".
diff --git a/man/cups-files.conf.5 b/man/cups-files.conf.5
index ec16c9e13..18ce2be00 100644
--- a/man/cups-files.conf.5
+++ b/man/cups-files.conf.5
@@ -166,6 +166,17 @@ The default is "/var/log/cups/page_log".
\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
Passes the specified environment variable(s) to child processes.
Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
+.\"#PeerCred
+.TP 5
+\fBPeerCred off\fR
+.TP 5
+\fBPeerCred on\fR
+.TP 5
+\fBPeerCred root-only\fR
+Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When \fBon\fR, the peer credentials of any user are accepted for authorization.
+The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user.
+Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests.
.\"#RemoteRoot
.TP 5
\fBRemoteRoot \fIusername\fR
@@ -289,4 +300,4 @@ command is used instead.
.BR subscriptions.conf (5),
CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright \[co] 2020-2024 by OpenPrinting.
+Copyright \[co] 2020-2025 by OpenPrinting.
diff --git a/scheduler/auth.c b/scheduler/auth.c
index 3c9aa72aa..bd0d28a0e 100644
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -398,7 +398,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
}
#endif /* HAVE_AUTHORIZATION_H */
#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- else if (!strncmp(authorization, "PeerCred ", 9) &&
+ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
{
/*
@@ -441,6 +441,12 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
}
#endif /* HAVE_AUTHORIZATION_H */
+ if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
+ {
+ cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
+ return;
+ }
+
if ((pwd = getpwnam(authorization + 9)) == NULL)
{
cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9);
diff --git a/scheduler/auth.h b/scheduler/auth.h
index ee98e92c7..fdf71213f 100644
--- a/scheduler/auth.h
+++ b/scheduler/auth.h
@@ -50,6 +50,10 @@
#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
+#define CUPSD_PEERCRED_OFF 0 /* Don't allow PeerCred authorization */
+#define CUPSD_PEERCRED_ON 1 /* Allow PeerCred authorization for all users */
+#define CUPSD_PEERCRED_ROOTONLY 2 /* Allow PeerCred authorization for root user */
+
#define IPP_ANY_OPERATION (ipp_op_t)0
/* Any IPP operation */
#define IPP_BAD_OPERATION (ipp_op_t)-1
@@ -105,6 +109,9 @@ typedef struct
VAR cups_array_t *Locations VALUE(NULL);
/* Authorization locations */
+VAR int PeerCred VALUE(CUPSD_PEERCRED_ON);
+ /* Allow PeerCred authorization? */
+
#ifdef HAVE_TLS
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
/* Default encryption for authentication */
diff --git a/scheduler/client.c b/scheduler/client.c
index 9593c9138..d961c15db 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2208,7 +2208,7 @@ cupsdSendHeader(
auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str);
#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+ if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{
strlcpy(auth_key, ", PeerCred", auth_size);
auth_key += 10;
diff --git a/scheduler/conf.c b/scheduler/conf.c
index db4104ec5..7d6da0252 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -47,6 +47,7 @@ typedef enum
{
CUPSD_VARTYPE_INTEGER, /* Integer option */
CUPSD_VARTYPE_TIME, /* Time interval option */
+ CUPSD_VARTYPE_NULLSTRING, /* String option or NULL/empty string */
CUPSD_VARTYPE_STRING, /* String option */
CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
@@ -69,7 +70,7 @@ static const cupsd_var_t cupsd_vars[] =
{
{ "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
#ifdef HAVE_DNSSD
- { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
+ { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_NULLSTRING },
#endif /* HAVE_DNSSD */
{ "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
{ "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
@@ -120,7 +121,7 @@ static const cupsd_var_t cupsd_vars[] =
{ "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
{ "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
{ "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
- { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
+ { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_NULLSTRING },
{ "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
{ "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
{ "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
@@ -791,6 +792,13 @@ cupsdReadConfiguration(void)
IdleExitTimeout = 60;
#endif /* HAVE_ONDEMAND */
+ if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
+ PeerCred = CUPSD_PEERCRED_OFF;
+ else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
+ else
+ PeerCred = CUPSD_PEERCRED_ON;
+
/*
* Setup environment variables...
*/
@@ -1842,7 +1850,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
family = AF_INET6;
- for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
+ for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
{
if (*ptr == ']')
break;
@@ -1988,7 +1996,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
#ifdef AF_INET6
if (family == AF_INET6)
{
- if (i > 128)
+ if (i < 0 || i > 128)
return (0);
i = 128 - i;
@@ -2022,7 +2030,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */
else
#endif /* AF_INET6 */
{
- if (i > 32)
+ if (i < 0 || i > 32)
return (0);
mask[0] = 0xffffffff;
@@ -2932,7 +2940,17 @@ parse_variable(
cupsdSetString((char **)var->ptr, temp);
break;
+ case CUPSD_VARTYPE_NULLSTRING :
+ cupsdSetString((char **)var->ptr, value);
+ break;
+
case CUPSD_VARTYPE_STRING :
+ if (!value)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
+ return (0);
+ }
+
cupsdSetString((char **)var->ptr, value);
break;
}
@@ -3449,9 +3467,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
line, value ? " " : "", value ? value : "", linenum,
ConfigurationFile, CupsFilesFile);
}
- else
- parse_variable(ConfigurationFile, linenum, line, value,
- sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
+ else if (!parse_variable(ConfigurationFile, linenum, line, value,
+ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
+ (FatalErrors & CUPSD_FATAL_CONFIG))
+ return (0);
}
return (1);
@@ -3610,6 +3629,31 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
break;
}
}
+ else if (!_cups_strcasecmp(line, "PeerCred") && value)
+ {
+ /*
+ * PeerCred {off,on,root-only}
+ */
+
+ if (!_cups_strcasecmp(value, "off"))
+ {
+ PeerCred = CUPSD_PEERCRED_OFF;
+ }
+ else if (!_cups_strcasecmp(value, "on"))
+ {
+ PeerCred = CUPSD_PEERCRED_ON;
+ }
+ else if (!_cups_strcasecmp(value, "root-only"))
+ {
+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
+ }
+ else
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
+ }
+ }
else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
{
/*
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
index 1c447edd7..8d677db71 100755
--- a/test/run-stp-tests.sh
+++ b/test/run-stp-tests.sh
@@ -512,7 +512,7 @@ fi
cat >$BASE/cups-files.conf <<EOF
FileDevice yes
-Printcap
+Printcap $BASE/printcap
User $user
ServerRoot $BASE
StateDir $BASE
diff --git a/vcnet/config.h b/vcnet/config.h
index dbc6f05d5..317c956a6 100644
--- a/vcnet/config.h
+++ b/vcnet/config.h
@@ -169,6 +169,13 @@ typedef unsigned long useconds_t;
#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
/*
* Default MaxCopies value...
*/
diff --git a/xcode/CUPS.xcodeproj/project.pbxproj b/xcode/CUPS.xcodeproj/project.pbxproj
index 597946440..54ac652a1 100644
--- a/xcode/CUPS.xcodeproj/project.pbxproj
+++ b/xcode/CUPS.xcodeproj/project.pbxproj
@@ -3433,7 +3433,6 @@
72220FB313330BCE00FCA411 /* mime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = mime.c; path = ../scheduler/mime.c; sourceTree = "<group>"; };
72220FB413330BCE00FCA411 /* mime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mime.h; path = ../scheduler/mime.h; sourceTree = "<group>"; };
72220FB513330BCE00FCA411 /* type.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = type.c; path = ../scheduler/type.c; sourceTree = "<group>"; };
- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "org.cups.cups-lpd.plist"; path = "../scheduler/org.cups.cups-lpd.plist"; sourceTree = SOURCE_ROOT; };
7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = org.cups.cupsd.plist; path = ../scheduler/org.cups.cupsd.plist; sourceTree = SOURCE_ROOT; };
7226369D18AE73BB004ED309 /* config.h.in */ = {isa = PBXFileReference; lastKnownFileType = text; name = config.h.in; path = ../config.h.in; sourceTree = "<group>"; };
722A24EE2178D00C000CAB20 /* debug-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "debug-internal.h"; path = "../cups/debug-internal.h"; sourceTree = "<group>"; };
@@ -5055,7 +5054,6 @@
isa = PBXGroup;
children = (
72E65BDC18DC852700097E89 /* Makefile */,
- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */,
72E65BD518DC818400097E89 /* org.cups.cups-lpd.plist.in */,
7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */,
72220F6913330B0C00FCA411 /* auth.c */,
diff --git a/xcode/config.h b/xcode/config.h
index e0ddd09dc..caec083ca 100644
--- a/xcode/config.h
+++ b/xcode/config.h
@@ -88,6 +88,13 @@
#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
/*
* Default MaxCopies value...
*/
--
2.52.0

43
0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch Normal file
View File

@ -0,0 +1,43 @@
From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 4 Dec 2025 09:04:37 +0100
Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive
Change the return value to do not trigger stopping the scheduler in case
of unknown directive, because stopping the scheduler on config errors
should only happen in case of syntax errors.
---
scheduler/conf.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/scheduler/conf.c b/scheduler/conf.c
index 7d6da0252..0e7be0ef4 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -2708,16 +2708,16 @@ parse_variable(
{
/*
* Unknown directive! Output an error message and continue...
+ *
+ * Return value 1 is on purpose - we ignore unknown directives to log
+ * error, but do not stop the scheduler in case error in configuration
+ * is set to be fatal.
*/
- if (!value)
- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
- line, linenum, filename);
- else
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
- line, linenum, filename);
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
+ line, linenum, filename);
- return (0);
+ return (1);
}
switch (var->type)
--
2.52.0

9
cups.spec
View File

@ -119,6 +119,11 @@ Patch1016: 0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch
Patch1017: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
Patch1018: cups-CVE-2025-58436.patch
Patch1019: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
# RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
# 0001-Fix-various-issues-in-cupsd.patch
# 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
Patch1020: 0001-Fix-various-issues-in-cupsd.patch
Patch1021: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
##### Patches removed because IMHO they aren't no longer needed
@ -388,6 +393,9 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch -P 1017 -p1 -b .use-usessl
%patch -P 1018 -p1 -b .slow-client
%patch -P 1019 -p1 -b .gtk-infinite-loop
# RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
%patch -P 1020 -p1 -b .config-issues
%patch -P 1021 -p1 -b .ignore-unknown
# Log to the system journal by default (bug #1078781, bug #1519331).
@ -861,6 +869,7 @@ rm -f %{cups_serverbin}/backend/smb
%changelog
* Thu Nov 27 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.4.10-15
- RHEL-129723 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
- RHEL-129716 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
* Tue Nov 18 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.4.10-14
- RHEL-122293 [image-mode] Missing /var/log/cups