Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
@ -1,2 +0,0 @@
|
||||
b5e3389fb9450bfed377c95c0230c029c053acc4 SOURCES/cups-2.2.6-source.tar.gz
|
||||
79ee155bed4c18088be472a6e364f37ad6e410a6 SOURCES/cupsprinter.png
|
||||
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
||||
1
|
||||
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,4 @@
|
||||
SOURCES/cups-2.2.6-source.tar.gz
|
||||
SOURCES/cupsprinter.png
|
||||
/cups-2.2.6-source.tar.gz
|
||||
/cupsprinter.png
|
||||
|
||||
46
CVE-2025-58364.patch
Normal file
46
CVE-2025-58364.patch
Normal file
@ -0,0 +1,46 @@
|
||||
diff -up cups-2.2.6/cups/ipp.c.cve-2025-58364 cups-2.2.6/cups/ipp.c
|
||||
--- cups-2.2.6/cups/ipp.c.cve-2025-58364 2025-10-22 10:15:10.072426099 +0200
|
||||
+++ cups-2.2.6/cups/ipp.c 2025-10-22 10:20:00.117427768 +0200
|
||||
@@ -3050,34 +3050,6 @@ ippReadIO(void *src, /* I - Data
|
||||
*/
|
||||
|
||||
tag = (ipp_tag_t)buffer[0];
|
||||
- if (tag == IPP_TAG_EXTENSION)
|
||||
- {
|
||||
- /*
|
||||
- * Read 32-bit "extension" tag...
|
||||
- */
|
||||
-
|
||||
- if ((*cb)(src, buffer, 4) < 1)
|
||||
- {
|
||||
- DEBUG_puts("1ippReadIO: Callback returned EOF/error");
|
||||
- _cupsBufferRelease((char *)buffer);
|
||||
- return (IPP_STATE_ERROR);
|
||||
- }
|
||||
-
|
||||
- tag = (ipp_tag_t)((((((buffer[0] << 8) | buffer[1]) << 8) |
|
||||
- buffer[2]) << 8) | buffer[3]);
|
||||
-
|
||||
- if (tag & IPP_TAG_CUPS_CONST)
|
||||
- {
|
||||
- /*
|
||||
- * Fail if the high bit is set in the tag...
|
||||
- */
|
||||
-
|
||||
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1);
|
||||
- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag));
|
||||
- _cupsBufferRelease((char *)buffer);
|
||||
- return (IPP_STATE_ERROR);
|
||||
- }
|
||||
- }
|
||||
|
||||
if (tag == IPP_TAG_END)
|
||||
{
|
||||
@@ -3286,6 +3258,7 @@ ippReadIO(void *src, /* I - Data
|
||||
|
||||
if ((*cb)(src, buffer, (size_t)n) < n)
|
||||
{
|
||||
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1);
|
||||
DEBUG_puts("1ippReadIO: unable to read name.");
|
||||
_cupsBufferRelease((char *)buffer);
|
||||
return (IPP_STATE_ERROR);
|
||||
@ -22,7 +22,7 @@ Summary: CUPS printing system
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.2.6
|
||||
Release: 63%{?dist}
|
||||
Release: 64%{?dist}
|
||||
License: GPLv2+ and LGPLv2 with exceptions and AML
|
||||
Url: http://www.cups.org/
|
||||
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
||||
@ -193,6 +193,8 @@ Patch95: 0001-ppdize-preset-and-template-names.patch
|
||||
Patch96: 0001-Fix-make-and-model-whitespace-trimming-Issue-1096.patch
|
||||
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
|
||||
Patch97: CVE-2025-58060.patch
|
||||
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
|
||||
Patch98: CVE-2025-58364.patch
|
||||
|
||||
Patch1000: cups-lspp.patch
|
||||
|
||||
@ -523,6 +525,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
|
||||
%patch96 -p1 -b .make-model-trim
|
||||
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
|
||||
%patch97 -p1 -b .cve-2025-58060
|
||||
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
|
||||
%patch98 -p1 -b .cve-2025-58364
|
||||
|
||||
|
||||
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
|
||||
@ -950,6 +954,9 @@ rm -f %{cups_serverbin}/backend/smb
|
||||
%{_mandir}/man5/ipptoolfile.5.gz
|
||||
|
||||
%changelog
|
||||
* Wed Oct 22 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-64
|
||||
- RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
|
||||
|
||||
* Thu Sep 04 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-63
|
||||
- RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
|
||||
|
||||
28
gating.yaml
Normal file
28
gating.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
|
||||
|
||||
#Rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
|
||||
|
||||
#gating rhel
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-*
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user