SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch

@@ -1,21 +0,0 @@
-diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
---- cups-2.3.3op2/backend/lpd.c.lpd-delay	2021-02-01 22:10:25.000000000 +0100
-+++ cups-2.3.3op2/backend/lpd.c	2023-06-28 17:28:52.465476261 +0200
-@@ -63,7 +63,7 @@ static int	abort_job = 0;		/* Non-zero i
- 
- #define RESERVE_NONE		0	/* Don't reserve a priviledged port */
- #define RESERVE_RFC1179		1	/* Reserve port 721-731 */
--#define RESERVE_ANY		2	/* Reserve port 1-1023 */
-+#define RESERVE_ANY		2	/* Reserve port 512-1023 */
- 
- 
- /*
-@@ -778,7 +778,7 @@ lpd_queue(const char      *hostname,	/*
- 
-       if (lport < 721 && reserve == RESERVE_RFC1179)
- 	lport = 731;
--      else if (lport < 1)
-+      else if (lport < 512)
- 	lport = 1023;
- 
- #ifdef HAVE_GETEUID

SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch

@@ -1,64 +0,0 @@
-From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
-From: Rose <83477269+AtariDreams@users.noreply.github.com>
-Date: Thu, 1 Jun 2023 11:33:39 -0400
-Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
-
-httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
-
-We have to log the hostname first.
----
- scheduler/client.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/scheduler/client.c b/scheduler/client.c
-index 91e441188..327473a4d 100644
---- a/scheduler/client.c
-+++ b/scheduler/client.c
-@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
-    /*
-     * Can't have an unresolved IP address with double-lookups enabled...
-     */
--
--    httpClose(con->http);
--
-     cupsdLogClient(con, CUPSD_LOG_WARN,
--                    "Name lookup failed - connection from %s closed!",
-+                    "Name lookup failed - closing connection from %s!",
-                     httpGetHostname(con->http, NULL, 0));
- 
-+    httpClose(con->http);
-     free(con);
-     return;
-   }
-@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
-       * with double-lookups enabled...
-       */
- 
--      httpClose(con->http);
--
-       cupsdLogClient(con, CUPSD_LOG_WARN,
--                      "IP lookup failed - connection from %s closed!",
-+                      "IP lookup failed - closing connection from %s!",
-                       httpGetHostname(con->http, NULL, 0));
-+
-+      httpClose(con->http);
-       free(con);
-       return;
-     }
-@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
- 
-   if (!hosts_access(&wrap_req))
-   {
--    httpClose(con->http);
--
-     cupsdLogClient(con, CUPSD_LOG_WARN,
-                     "Connection from %s refused by /etc/hosts.allow and "
- 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
-+
-+    httpClose(con->http);
-     free(con);
-     return;
-   }
--- 
-2.41.0
-

SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch

@@ -1,31 +0,0 @@
-From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
-From: Michael R Sweet <michael.r.sweet@gmail.com>
-Date: Tue, 6 Dec 2022 09:04:01 -0500
-Subject: [PATCH] Require authentication for CUPS-Get-Document.
-
----
- conf/cupsd.conf.in | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
-index b25884907..a07536f3e 100644
---- a/conf/cupsd.conf.in
-+++ b/conf/cupsd.conf.in
-@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
-     Order deny,allow
-   </Limit>
- 
--  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
-+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
-+    Require user @OWNER @SYSTEM
-+    Order deny,allow
-+  </Limit>
-+
-+  <Limit CUPS-Get-Document>
-+    AuthType Default
-     Require user @OWNER @SYSTEM
-     Order deny,allow
-   </Limit>
--- 
-2.41.0
-

SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch

@@ -1,48 +0,0 @@
-From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
-From: Bryan Mason <bmason@redhat.com>
-Date: Tue, 27 Jun 2023 04:18:46 -0700
-Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
- single job (#742)
-
-The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
-operation; however, the correct attribute to use for Cancel-job is
-"purge-job" (singular), not "purge-jobs" (plural).  As a result, job
-files are not removed from /var/spool/cups when "cancel -x <job>" is
-executed.
-
-This patch resolves the issue by adding "purge-job" when the IPP
-operation is Cancel-Job and "purge-jobs" for other IPP operations
-(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
----
- systemv/cancel.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/systemv/cancel.c b/systemv/cancel.c
-index 572f413e1..f5b8e12b5 100644
---- a/systemv/cancel.c
-+++ b/systemv/cancel.c
-@@ -260,6 +260,7 @@ main(int  argc,				/* I - Number of command-line arguments */
-       *    attributes-natural-language
-       *    printer-uri + job-id *or* job-uri
-       *    [requesting-user-name]
-+      *    [purge-job] or [purge-jobs]
-       */
- 
-       request = ippNewRequest(op);
-@@ -294,7 +295,12 @@ main(int  argc,				/* I - Number of command-line arguments */
-                      "requesting-user-name", NULL, cupsUser());
- 
-       if (purge)
--	ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
-+      {
-+	if (op == IPP_CANCEL_JOB)
-+	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
-+	else
-+	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
-+      }
- 
-      /*
-       * Do the request and get back a response...
--- 
-2.41.0
-

SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch

@@ -1,35 +0,0 @@
-From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
-From: Vasilis Liaskovitis <vliaskovitis@suse.com>
-Date: Wed, 1 Mar 2023 13:46:28 +0100
-Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
- #308)
-
-Use a listen queue size of INT_MAX, which should default to the maximum
-supported queue size on the system.
-
-This avoids the problem of the listening backlog queue getting full when
-there are too many requests at the same time. The problem was observed
-with the previous backlog size (128) by customers when submitting large
-batches of print jobs, resulting in some jobs getting lost.
-
-Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
----
- cups/http-addr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cups/http-addr.c b/cups/http-addr.c
-index a61ee0449..6aeeb8074 100644
---- a/cups/http-addr.c
-+++ b/cups/http-addr.c
-@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
-   * Listen...
-   */
- 
--  if (listen(fd, 5))
-+  if (listen(fd, INT_MAX))
-   {
-     _cupsSetHTTPError(HTTP_STATUS_ERROR);
- 
--- 
-2.41.0
-

SOURCES/0001-cups-strlcpy-handle-zero-size.patch

@@ -1,26 +0,0 @@
-From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
-From: Michael R Sweet <michael.r.sweet@gmail.com>
-Date: Wed, 17 May 2023 12:59:57 -0400
-Subject: [PATCH] Consensus fix.
-
----
- cups/string.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/cups/string.c b/cups/string.c
-index 00454203c..b4fc12050 100644
---- a/cups/string.c
-+++ b/cups/string.c
-@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
-   size_t	srclen;			/* Length of source string */
- 
- 
-+  if (size == 0)
-+    return (0);
-+
-  /*
-   * Figure out how much room is needed...
-   */
--- 
-2.40.1
-

SOURCES/upgrade_get_document.py.in

@@ -1,171 +0,0 @@
-@PYTHON_SHEBANG@
-
-"""
-Upgrade script to enable authentication for CUPS-Get-Document in
-default policy
-"""
-
-import os
-import sys
-from shutil import copy
-
-
-def get_cupsd_conf():
-    """
-    Get all lines from cupsd.conf
-    """
-    if not os.path.exists('/etc/cups/cupsd.conf'):
-        return None
-
-    lines = []
-    with open('/etc/cups/cupsd.conf', 'r') as conf:
-        lines = conf.readlines()
-
-    return lines
-
-
-def get_default_policy(lines):
-    """
-    Get the default policy lines
-
-    :param list lines: lines from cupsd.conf
-    """
-    default_policy = []
-    in_policy = False
-
-    for line in lines:
-        if not in_policy and not line.lstrip().startswith('<Policy default>'):
-            continue
-
-        default_policy.append(line)
-
-        if line.lstrip().startswith('</Policy>'):
-            return default_policy
-
-        in_policy = True
-
-    return default_policy
-
-
-def get_limit_with_document(lines):
-    """
-    Get <Limit> scope which defines CUPS-Get-Document operation
-
-    :param list lines: Lines containing the default policy
-    """
-    limit = []
-    in_limit = False
-
-    for line in lines:
-        if not in_limit and not line.lstrip().startswith('<Limit'):
-            continue
-
-        if (not in_limit and line.lstrip().startswith('<Limit') and
-            not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
-            continue
-
-        limit.append(line)
-
-        if line.lstrip().startswith('</Limit>'):
-            return limit
-
-        in_limit = True
-
-    return limit
-
-
-def check_for_authtype(lines):
-    """
-    Check if <Limit> defining CUPS-Get-Document defines
-    any authentication
-
-    :param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
-    """
-    for line in lines:
-        if line.lstrip().startswith('AuthType'):
-            return True
-    return False
-
-
-def migrate_cupsd_conf(lines):
-    """
-    Make changes to cupsd.conf contents to use authentication
-    for CUPS-Get-Document
-
-    :param list lines: Lines from cupsd.conf
-    """
-    new_lines = []
-    in_policy = False
-    create_document_limit = False
-
-    for line in lines:
-        if (in_policy and line.lstrip().startswith('<Limit') and
-            not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
-            'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
-            line = line.replace(' CUPS-Get-Document', '')
-            create_document_limit = True
-
-        if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
-            new_lines.append('\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
-                             '# added during upgrade\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
-                             '<Limit CUPS-Get-Document>\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
-                             'AuthType Default\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
-                             'Require user @OWNER @SYSTEM\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
-                             'Order deny,allow\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
-                             '</Limit>\n')
-            create_document_limit = False
-
-        new_lines.append(line)
-
-        if not in_policy:
-            if line.lstrip().startswith('<Policy default>'):
-                in_policy = True
-            continue
-
-        if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
-            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
-                             '# added during upgrade\n')
-            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
-                             'AuthType Default\n')
-            continue
-
-        if line.lstrip().startswith('</Policy>'):
-            in_policy = False
-            continue
-
-    return new_lines
-
-
-def apply_changes(lines):
-    """
-    Backup the original file if there is no .rpmsave already and
-    apply changes to the actual cupsd.conf
-
-    :param list lines: New lines for cupsd.conf
-    """
-    if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
-        copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
-
-    with open('/etc/cups/cupsd.conf', 'w') as conf:
-        conf.writelines(lines)
-
-
-
-content = get_cupsd_conf()
-if content is None:
-    sys.exit(1)
-
-if check_for_authtype(get_limit_with_document(get_default_policy(content))):
-    sys.exit(0)
-
-new_content = migrate_cupsd_conf(content)
-
-apply_changes(new_content)
-
-sys.exit(0)

SPECS/cups.spec

@@ -7,13 +7,6 @@
 # but we use lib for compatibility with 3rd party drivers (at upstream request).
 %global cups_serverbin %{_exec_prefix}/lib/cups
 
-# we still need something for python2...
-%if 0%{?rhel} >= 8 || 0%{?fedora}
-%global __python %{__python3}
-%else
-%global __python /usr/bin/python2
-%endif
-
 #%%global prever rc1
 #%%global VERSION %%{version}%%{prever}
 %global VERSION %{version}
@@ -22,7 +15,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.6
-Release: 54%{?dist}
+Release: 51%{?dist}
 License: GPLv2+ and LGPLv2 with exceptions and AML
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -33,8 +26,6 @@ Source6: cups.logrotate
 # Backend for NCP protocol
 Source7: ncp.backend
 Source8: macros.cups
-# CVE-2023-32360 migration script
-Source9: upgrade_get_document.py.in
 
 Patch1: cups-no-gzip-man.patch
 Patch2: cups-system-auth.patch
@@ -152,18 +143,6 @@ Patch77: cups-retry-current-job-man.patch
 Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
 # 2130391 - Kerberized IPP Printing Fails
 Patch79: cups-kerberos.patch
-# 2217178 - Delays printing to lpd when reserved ports are exhausted
-Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
-# 2217283 - The command "cancel -x <job>" does not remove job files
-Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
-# 2217955 - Enlarge backlog queue for listen() in cupsd
-Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
-# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
-Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
-# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
-Patch84: 0001-cups-strlcpy-handle-zero-size.patch
-# CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
-Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
 
 Patch1000: cups-lspp.patch
 
@@ -210,9 +189,6 @@ Requires(post): grep, sed
 Requires(preun): systemd
 Requires(postun): systemd
 
-# for upgrade-get-document script
-Requires(post): %{__python}
-
 # We ship udev rules which use setfacl.
 Requires: systemd
 Requires: acl
@@ -453,18 +429,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch78 -p1 -b .manpage-update
 # 2130391 - Kerberized IPP Printing Fails
 %patch79 -p1 -b .kerberos
-# 2217178 - Delays printing to lpd when reserved ports are exhausted
-%patch80 -p1 -b .lpd-delay
-# 2217283 - The command "cancel -x <job>" does not remove job files
-%patch81 -p1 -b .purge-job
-# 2217955 - Enlarge backlog queue for listen() in cupsd
-%patch82 -p1 -b .listen-backlog
-# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
-%patch83 -p1 -b .cve34241
-# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
-%patch84 -p1 -b .cve32324
-# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
-%patch85 -p1 -b .get-document-auth
 
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
 
@@ -614,11 +578,6 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
 /^\([^%].*\)/d
 ' > %{name}.lang
 
-# install get-document upgrade script
-install -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/upgrade_get_document
-
-sed -i 's,@PYTHON_SHEBANG@,#!%{__python},' %{buildroot}%{_sbindir}/upgrade_get_document
-
 %post
 %systemd_post %{name}.path %{name}.socket %{name}.service
 
@@ -681,8 +640,6 @@ fi
 grep '^\s*IdleExitTimeout' %{_sysconfdir}/cups/cupsd.conf &> /dev/null || echo -e '\nIdleExitTimeout 0' \
 >> %{_sysconfdir}/cups/cupsd.conf
 
-%{_sbindir}/upgrade_get_document
-
 exit 0
 
 %post client
@@ -891,22 +848,6 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
-* Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
-- RHEL-2612 - cups pulls an unneeded dependency on python3
-
-* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
-- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
-
-* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
-- 2217178 - Delays printing to lpd when reserved ports are exhausted
-- 2217283 - The command "cancel -x <job>" does not remove job files
-- 2217955 - Enlarge backlog queue for listen() in cupsd
-- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
-- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
-
-* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
-- RHEL-316 - Enable fmf tests in centos stream
-
 * Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
 - 2130391 - Kerberized IPP Printing Fails