import UBI cups-2.3.3op2-38.el9_8
This commit is contained in:
AlmaLinux RelEng Bot
parent
5f7d9c0015
commit
e9cc55d271
@ -0,0 +1,29 @@
|
||||
From c0b8e48125044510d6cd6858258a15fc742b97e0 Mon Sep 17 00:00:00 2001
|
||||
From: Michael R Sweet <msweet@msweet.org>
|
||||
Date: Wed, 2 Apr 2025 15:14:58 -0400
|
||||
Subject: [PATCH] Drop non-keyword characters from PPD names (Issue #1118)
|
||||
|
||||
---
|
||||
CHANGES.md | 1 +
|
||||
cups/ppd-cache.c | 7 +------
|
||||
2 files changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
|
||||
index 5d61f7c9f..a4c2b4c5b 100644
|
||||
--- a/cups/ppd-cache.c
|
||||
+++ b/cups/ppd-cache.c
|
||||
@@ -5680,11 +5680,6 @@ pwg_unppdize_name(const char *ppd, /* I - PPD keyword */
|
||||
nodash = 1;
|
||||
}
|
||||
}
|
||||
- else
|
||||
- {
|
||||
- *ptr++ = *ppd;
|
||||
- nodash = 0;
|
||||
- }
|
||||
|
||||
if (nodash == 0)
|
||||
{
|
||||
--
|
||||
2.50.1
|
||||
|
||||
@ -0,0 +1,44 @@
|
||||
From e2419c698922fb65ef62250a4588104021449b55 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Fri, 6 Mar 2026 08:31:47 +0100
|
||||
Subject: [PATCH] tls-gnutls.c: Do not check for errno after I/O operations
|
||||
|
||||
Based on gnutls_record_send/recv man pages, we should use the return
|
||||
value of the functions as indicator what happened in the function and do
|
||||
not look into errno at all.
|
||||
|
||||
Checking the errno value caused infinity loop in cupsd on busy servers
|
||||
if there were enough connection errors when cupsd wrote the response.
|
||||
|
||||
The patch is provided by Paul Zirnik from SUSE - thank you for the
|
||||
patch!
|
||||
|
||||
Fixes #827
|
||||
---
|
||||
cups/tls-gnutls.c | 4 ++--
|
||||
|
||||
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
|
||||
index 64f2af372..5769d6313 100644
|
||||
--- a/cups/tls-gnutls.c
|
||||
+++ b/cups/tls-gnutls.c
|
||||
@@ -1208,7 +1208,7 @@ _httpTLSRead(http_t *http, /* I - Connection to server */
|
||||
|
||||
result = gnutls_record_recv(http->tls, buf, (size_t)len);
|
||||
|
||||
- if (result < 0 && !errno)
|
||||
+ if (result < 0)
|
||||
{
|
||||
/*
|
||||
* Convert GNU TLS error to errno value...
|
||||
@@ -1669,7 +1669,7 @@ _httpTLSWrite(http_t *http, /* I - Connection to server */
|
||||
|
||||
result = gnutls_record_send(http->tls, buf, (size_t)len);
|
||||
|
||||
- if (result < 0 && !errno)
|
||||
+ if (result < 0)
|
||||
{
|
||||
/*
|
||||
* Convert GNU TLS error to errno value...
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -24,7 +24,7 @@ Summary: CUPS printing system
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.3.3%{OP_VER}
|
||||
Release: 34%{?dist}.2
|
||||
Release: 38%{?dist}
|
||||
License: ASL 2.0
|
||||
Url: http://www.cups.org/
|
||||
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
||||
@ -165,21 +165,25 @@ Patch51: 0001-Add-NoSystem-SSLOptions-value.patch
|
||||
Patch52: CVE-2025-58060.patch
|
||||
# RHEL-113078 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
|
||||
Patch53: CVE-2025-58364.patch
|
||||
# RHEL-129746 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
# RHEL-102665 The KONICA MINOLTA C352 is not distributed using cups-browsed and the included ppd file
|
||||
# https://github.com/OpenPrinting/cups/commit/c0b8e48125044
|
||||
Patch54: 0001-Drop-non-keyword-characters-from-PPD-names-Issue-111.patch
|
||||
# RHEL-129747 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
# 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
|
||||
# cups-CVE-2025-58436.patch
|
||||
# 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
|
||||
Patch54: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
|
||||
Patch55: cups-CVE-2025-58436.patch
|
||||
Patch56: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
|
||||
# RHEL-129738 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
# 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch (use-after-free fix, OSH report)
|
||||
Patch55: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
|
||||
Patch56: cups-CVE-2025-58436.patch
|
||||
Patch57: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
|
||||
Patch58: 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch
|
||||
# RHEL-129740 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
# 0001-Fix-various-issues-in-cupsd.patch
|
||||
# 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
|
||||
Patch57: 0001-Fix-various-issues-in-cupsd.patch
|
||||
Patch58: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
|
||||
# fix use-after-free reported by OSH
|
||||
# https://github.com/OpenPrinting/cups/pull/1454
|
||||
Patch59: 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch
|
||||
Patch59: 0001-Fix-various-issues-in-cupsd.patch
|
||||
Patch60: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
|
||||
# RHEL-147214 - endless poll loop in http_write when POLLHUP is returned
|
||||
Patch61: 0001-tls-gnutls.c-Do-not-check-for-errno-after-I-O-operat.patch
|
||||
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
@ -205,6 +209,8 @@ BuildRequires: pkgconfig(dbus-1)
|
||||
BuildRequires: pkgconfig(gnutls)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: pkgconfig(libusb-1.0)
|
||||
# Make sure we have __python3 macro
|
||||
BuildRequires: python-srpm-macros
|
||||
# Make sure we get postscriptdriver tags.
|
||||
BuildRequires: python3-cups
|
||||
BuildRequires: systemd
|
||||
@ -471,15 +477,19 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
||||
%patch52 -p1 -b .cve-2025-58060
|
||||
# RHEL-113078 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
|
||||
%patch53 -p1 -b .cve-2025-58364
|
||||
# RHEL-129746 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
%patch54 -p1 -b .use-usessl
|
||||
%patch55 -p1 -b .slow-client
|
||||
%patch56 -p1 -b .gtk-infinite-loop
|
||||
# RHEL-129738 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
%patch57 -p1 -b .config-issues
|
||||
%patch58 -p1 -b .ignore-unknown
|
||||
# RHEL-102665 The KONICA MINOLTA C352 is not distributed using cups-browsed and the included ppd file
|
||||
%patch54 -p1 -b .drop-brackets
|
||||
# RHEL-129747 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
%patch55 -p1 -b .use-usessl
|
||||
%patch56 -p1 -b .slow-client
|
||||
%patch57 -p1 -b .gtk-infinite-loop
|
||||
# fix use-after-free reported by OSH
|
||||
%patch59 -p1 -b .osh-use-after-free
|
||||
%patch58 -p1 -b .osh-use-after-free
|
||||
# RHEL-129740 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
%patch59 -p1 -b .config-issues
|
||||
%patch60 -p1 -b .ignore-unknown
|
||||
# RHEL-147214 - endless poll loop in http_write when POLLHUP is returned
|
||||
%patch61 -p1 -b .httpwrite-endless-poll
|
||||
|
||||
|
||||
%if %{lspp}
|
||||
@ -615,6 +625,8 @@ d %{_rundir}/cups 0755 root lp -
|
||||
d %{_rundir}/cups/certs 0511 lp sys -
|
||||
|
||||
d /var/spool/cups/tmp - - - 30d
|
||||
|
||||
d /var/log/cups 0755 root lp -
|
||||
EOF
|
||||
|
||||
# /usr/lib/tmpfiles.d/cups-lp.conf (bug #812641)
|
||||
@ -844,7 +856,7 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_datadir}/pixmaps/cupsprinter.png
|
||||
%dir %attr(1770,root,lp) %{_localstatedir}/spool/cups/tmp
|
||||
%dir %attr(0710,root,lp) %{_localstatedir}/spool/cups
|
||||
%dir %attr(0755,lp,sys) %{_localstatedir}/log/cups
|
||||
%dir %attr(0755,root,lp) %{_localstatedir}/log/cups
|
||||
%{_mandir}/man[1578]/*
|
||||
# client subpackage
|
||||
%exclude %{_mandir}/man1/lp*.1.gz
|
||||
@ -945,12 +957,18 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_mandir}/man7/ippeveps.7.gz
|
||||
|
||||
%changelog
|
||||
* Fri Dec 12 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-34.2
|
||||
- fix use-after-free reported by OSH
|
||||
* Mon Mar 09 2026 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-38
|
||||
- RHEL-147214 - endless poll loop in http_write when POLLHUP is returned
|
||||
|
||||
* Tue Dec 09 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-34.1
|
||||
- RHEL-129746 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
- RHEL-129738 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
* Fri Dec 12 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-37
|
||||
- RHEL-129747 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
|
||||
- RHEL-129740 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
|
||||
|
||||
* Tue Nov 18 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-36
|
||||
- RHEL-122629 [image-mode] Missing /var/log/cups
|
||||
|
||||
* Thu Oct 02 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-35
|
||||
- RHEL-102665 The KONICA MINOLTA C352 is not distributed using cups-browsed and the included ppd file
|
||||
|
||||
* Thu Sep 11 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-34
|
||||
- RHEL-112435 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
|
||||
|
||||
Loading…
Reference in New Issue
Block a user