rpms/cups
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c10
rpms:c9
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/cups-2.2.6-66.el8_10
rpms:imports/c10/cups-2.4.10-12.el10_1.2
rpms:imports/c9/cups-2.3.3op2-34.el9_7.2
rpms:imports/c10s/cups-2.4.10-16.el10
rpms:imports/c10s/cups-2.4.10-15.el10
rpms:imports/c8/cups-2.2.6-64.el8_10
rpms:imports/c10s/cups-2.4.10-14.el10
rpms:imports/c10/cups-2.4.10-12.el10_1
rpms:imports/c9/cups-2.3.3op2-34.el9_7
rpms:imports/c10s/cups-2.4.10-13.el10
rpms:imports/c10s/cups-2.4.10-12.el10
rpms:imports/c8/cups-2.2.6-63.el8_10
rpms:imports/c10/cups-2.4.10-11.el10_0.1
rpms:imports/c9/cups-2.3.3op2-33.el9_6.1
rpms:imports/c10/cups-2.4.10-11.el10_0
rpms:imports/c9/cups-2.3.3op2-33.el9
rpms:imports/c9-beta/cups-2.3.3op2-33.el9
rpms:imports/c8/cups-2.2.6-62.el8_10
rpms:imports/c10s/cups-2.4.10-11.el10
rpms:imports/c10s/cups-2.4.10-10.el10
rpms:imports/c10s/cups-2.4.10-9.el10
rpms:imports/c10s/cups-2.4.10-8.el10
rpms:imports/c10s/cups-2.4.10-7.el10
rpms:imports/c9/cups-2.3.3op2-31.el9_5
rpms:imports/c8/cups-2.2.6-61.el8_10
rpms:imports/c10s/cups-2.4.10-6.el10
rpms:imports/c9-beta/cups-2.3.3op2-30.el9
rpms:imports/c10s/cups-2.4.10-5.el10
rpms:imports/c9/cups-2.3.3op2-27.el9_4
rpms:imports/c10s/cups-2.4.10-3.el10
rpms:imports/c8/cups-2.2.6-60.el8_10
rpms:imports/c8/cups-2.2.6-57.el8
rpms:imports/c9/cups-2.3.3op2-24.el9
rpms:imports/c8/cups-2.2.6-54.el8_9
rpms:imports/c9/cups-2.3.3op2-21.el9
rpms:imports/c8-beta/cups-2.2.6-54.el8_9
rpms:imports/c9-beta/cups-2.3.3op2-21.el9
rpms:imports/c8/cups-2.2.6-51.el8_8.2
rpms:imports/c8/cups-2.2.6-51.el8_8.1
rpms:imports/c9/cups-2.3.3op2-16.el9_2.1
rpms:imports/c8/cups-2.2.6-51.el8
rpms:imports/c8-beta/cups-2.2.6-51.el8
rpms:imports/c8s/cups-2.2.6-51.el8
rpms:imports/c9/cups-2.3.3op2-16.el9
rpms:imports/c8/cups-2.2.6-50.el8
rpms:imports/c9-beta/cups-2.3.3op2-16.el9
rpms:imports/c8-beta/cups-2.2.6-50.el8
rpms:imports/c8s/cups-2.2.6-50.el8
rpms:imports/c8/cups-2.2.6-45.el8_6.2
rpms:imports/c9/cups-2.3.3op2-13.el9_0.1
rpms:imports/c8s/cups-2.2.6-46.el8
rpms:imports/c9/cups-2.3.3op2-13.el9
rpms:imports/c8s/cups-2.2.6-45.el8_6.1
rpms:imports/c8s/cups-2.2.6-45.el8
rpms:imports/c8/cups-2.2.6-44.el8
rpms:imports/c9-beta/cups-2.3.3op2-13.el9
rpms:imports/c8-beta/cups-2.2.6-44.el8
rpms:imports/c9-beta/cups-2.3.3op2-11.el9
rpms:imports/c8s/cups-2.2.6-44.el8
rpms:imports/c8s/cups-2.2.6-42.el8
rpms:imports/c9-beta/cups-2.3.3op2-10.el9
rpms:imports/c9-beta/cups-2.3.3op2-8.el9
rpms:imports/c8s/cups-2.2.6-41.el8
rpms:imports/c8/cups-2.2.6-40.el8
rpms:imports/c8-beta/cups-2.2.6-40.el8
rpms:imports/c8-beta/cups-2.2.6-38.el8
rpms:imports/c8-beta/cups-2.2.6-30.el8
rpms:imports/c8-beta/cups-2.2.6-27.el8
rpms:imports/c8s/cups-2.2.6-40.el8
rpms:imports/c8s/cups-2.2.6-39.el8
rpms:imports/c8s/cups-2.2.6-38.el8
rpms:imports/c8s/cups-2.2.6-35.el8
rpms:imports/c8s/cups-2.2.6-33.el8
rpms:imports/c8/cups-2.2.6-38.el8
rpms:imports/c8/cups-2.2.6-33.el8
rpms:imports/c8/cups-2.2.6-28.el8
rpms:imports/c8/cups-2.2.6-25.el8
..
compare: rpms:c8-beta
Branches Tags
rpms:c8
rpms:c10
rpms:c9
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c8/cups-2.2.6-66.el8_10
rpms:imports/c10/cups-2.4.10-12.el10_1.2
rpms:imports/c9/cups-2.3.3op2-34.el9_7.2
rpms:imports/c10s/cups-2.4.10-16.el10
rpms:imports/c10s/cups-2.4.10-15.el10
rpms:imports/c8/cups-2.2.6-64.el8_10
rpms:imports/c10s/cups-2.4.10-14.el10
rpms:imports/c10/cups-2.4.10-12.el10_1
rpms:imports/c9/cups-2.3.3op2-34.el9_7
rpms:imports/c10s/cups-2.4.10-13.el10
rpms:imports/c10s/cups-2.4.10-12.el10
rpms:imports/c8/cups-2.2.6-63.el8_10
rpms:imports/c10/cups-2.4.10-11.el10_0.1
rpms:imports/c9/cups-2.3.3op2-33.el9_6.1
rpms:imports/c10/cups-2.4.10-11.el10_0
rpms:imports/c9/cups-2.3.3op2-33.el9
rpms:imports/c9-beta/cups-2.3.3op2-33.el9
rpms:imports/c8/cups-2.2.6-62.el8_10
rpms:imports/c10s/cups-2.4.10-11.el10
rpms:imports/c10s/cups-2.4.10-10.el10
rpms:imports/c10s/cups-2.4.10-9.el10
rpms:imports/c10s/cups-2.4.10-8.el10
rpms:imports/c10s/cups-2.4.10-7.el10
rpms:imports/c9/cups-2.3.3op2-31.el9_5
rpms:imports/c8/cups-2.2.6-61.el8_10
rpms:imports/c10s/cups-2.4.10-6.el10
rpms:imports/c9-beta/cups-2.3.3op2-30.el9
rpms:imports/c10s/cups-2.4.10-5.el10
rpms:imports/c9/cups-2.3.3op2-27.el9_4
rpms:imports/c10s/cups-2.4.10-3.el10
rpms:imports/c8/cups-2.2.6-60.el8_10
rpms:imports/c8/cups-2.2.6-57.el8
rpms:imports/c9/cups-2.3.3op2-24.el9
rpms:imports/c8/cups-2.2.6-54.el8_9
rpms:imports/c9/cups-2.3.3op2-21.el9
rpms:imports/c8-beta/cups-2.2.6-54.el8_9
rpms:imports/c9-beta/cups-2.3.3op2-21.el9
rpms:imports/c8/cups-2.2.6-51.el8_8.2
rpms:imports/c8/cups-2.2.6-51.el8_8.1
rpms:imports/c9/cups-2.3.3op2-16.el9_2.1
rpms:imports/c8/cups-2.2.6-51.el8
rpms:imports/c8-beta/cups-2.2.6-51.el8
rpms:imports/c8s/cups-2.2.6-51.el8
rpms:imports/c9/cups-2.3.3op2-16.el9
rpms:imports/c8/cups-2.2.6-50.el8
rpms:imports/c9-beta/cups-2.3.3op2-16.el9
rpms:imports/c8-beta/cups-2.2.6-50.el8
rpms:imports/c8s/cups-2.2.6-50.el8
rpms:imports/c8/cups-2.2.6-45.el8_6.2
rpms:imports/c9/cups-2.3.3op2-13.el9_0.1
rpms:imports/c8s/cups-2.2.6-46.el8
rpms:imports/c9/cups-2.3.3op2-13.el9
rpms:imports/c8s/cups-2.2.6-45.el8_6.1
rpms:imports/c8s/cups-2.2.6-45.el8
rpms:imports/c8/cups-2.2.6-44.el8
rpms:imports/c9-beta/cups-2.3.3op2-13.el9
rpms:imports/c8-beta/cups-2.2.6-44.el8
rpms:imports/c9-beta/cups-2.3.3op2-11.el9
rpms:imports/c8s/cups-2.2.6-44.el8
rpms:imports/c8s/cups-2.2.6-42.el8
rpms:imports/c9-beta/cups-2.3.3op2-10.el9
rpms:imports/c9-beta/cups-2.3.3op2-8.el9
rpms:imports/c8s/cups-2.2.6-41.el8
rpms:imports/c8/cups-2.2.6-40.el8
rpms:imports/c8-beta/cups-2.2.6-40.el8
rpms:imports/c8-beta/cups-2.2.6-38.el8
rpms:imports/c8-beta/cups-2.2.6-30.el8
rpms:imports/c8-beta/cups-2.2.6-27.el8
rpms:imports/c8s/cups-2.2.6-40.el8
rpms:imports/c8s/cups-2.2.6-39.el8
rpms:imports/c8s/cups-2.2.6-38.el8
rpms:imports/c8s/cups-2.2.6-35.el8
rpms:imports/c8s/cups-2.2.6-33.el8
rpms:imports/c8/cups-2.2.6-38.el8
rpms:imports/c8/cups-2.2.6-33.el8
rpms:imports/c8/cups-2.2.6-28.el8
rpms:imports/c8/cups-2.2.6-25.el8

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

19 changed files with 182 additions and 1848 deletions
Show Stats Expand all files Collapse all files

26
SOURCES/0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
View File

@ -1,26 +0,0 @@
From 2dc021f33a3ea358c9f5c5c54643adc4c46a84a1 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Wed, 3 Dec 2025 07:25:30 -0500
Subject: [PATCH] Fix an infinite loop issue in GTK+ (Issue #1439)
---
CHANGES.md | 1 +
cups/http.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/cups/http.c b/cups/http.c
index 214e45158..31ed6ddc1 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -2779,7 +2779,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */
/* See whether our read buffer is full... */
DEBUG_printf(("2_httpUpdate: used=%d", http->used));
- if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer))
+ if (http->used < sizeof(http->buffer))
{
/* No, try filling in more data... */
if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0)
--
2.52.0

86
SOURCES/0001-Fix-domain-socket-handling.patch
View File

@ -1,86 +0,0 @@
diff --git a/cups/http-addr.c b/cups/http-addr.c
index 61c86384b..e86dcb622 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
{
mode_t mask; /* Umask setting */
- /*
- * Remove any existing domain socket file...
- */
-
- unlink(addr->un.sun_path);
-
- /*
- * Save the current umask and set it to 0 so that all users can access
- * the domain socket...
- */
-
- mask = umask(0);
-
- /*
- * Bind the domain socket...
- */
+ // Remove any existing domain socket file...
+ if ((status = unlink(addr->un.sun_path)) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ if (errno == ENOENT)
+ status = 0;
+ }
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
+ if (!status)
+ {
+ // Save the current umask and set it to 0 so that all users can access
+ // the domain socket...
+ mask = umask(0);
- /*
- * Restore the umask and fix permissions...
- */
+ // Bind the domain socket...
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ }
- umask(mask);
- chmod(addr->un.sun_path, 0140777);
+ // Restore the umask...
+ umask(mask);
+ }
}
else
#endif /* AF_LOCAL */
diff --git a/scheduler/conf.c b/scheduler/conf.c
index bc52d2add..93de8cf77 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -3055,6 +3055,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
cupsd_listener_t *lis; /* New listeners array */
+ /*
+ * If we are launched on-demand, do not use domain sockets from the config
+ * file. Also check that the domain socket path is not too long...
+ */
+
+#ifdef HAVE_ONDEMAND
+ if (*value == '/' && OnDemand)
+ {
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
+ continue;
+ }
+#endif // HAVE_ONDEMAND
+
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
+ continue;
+ }
/*
* Get the address list...

26
SOURCES/0001-Fix-make-and-model-whitespace-trimming-Issue-1096.patch
View File

@ -1,26 +0,0 @@
From 5cc470c8d95df40f32e8a401b2946886c91b03d1 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Fri, 15 Nov 2024 11:55:07 -0500
Subject: [PATCH] Fix make-and-model whitespace trimming (Issue #1096)
---
CHANGES.md | 1 +
cups/ppd-cache.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index a6163a0e1..a3198a795 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -3293,6 +3293,8 @@ _ppdCreateFromIPP2(
mptr --;
if (*mptr == ' ')
*mptr = '\0';
+ else
+ break;
}
if (!make[0])
--
2.47.0

283
SOURCES/0001-Fix-various-issues-in-cupsd.patch
View File

@ -1,283 +0,0 @@
diff -up cups-2.2.6/conf/cups-files.conf.in.config-issues cups-2.2.6/conf/cups-files.conf.in
--- cups-2.2.6/conf/cups-files.conf.in.config-issues 2025-12-10 09:55:08.849687904 +0100
+++ cups-2.2.6/conf/cups-files.conf.in 2025-12-10 09:55:08.963762383 +0100
@@ -19,6 +19,9 @@
SystemGroup @CUPS_SYSTEM_GROUPS@
@CUPS_SYSTEM_AUTHKEY@
+# Are Unix domain socket peer credentials used for authorization?
+PeerCred @CUPS_PEER_CRED@
+
# User that is substituted for unauthenticated (remote) root accesses...
#RemoteRoot remroot
diff -up cups-2.2.6/config.h.in.config-issues cups-2.2.6/config.h.in
--- cups-2.2.6/config.h.in.config-issues 2025-12-10 09:55:08.852849134 +0100
+++ cups-2.2.6/config.h.in 2025-12-10 09:56:38.680857561 +0100
@@ -88,6 +88,13 @@
/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+/*
* Default MaxCopies value...
*/
diff -up cups-2.2.6/config-scripts/cups-defaults.m4.config-issues cups-2.2.6/config-scripts/cups-defaults.m4
--- cups-2.2.6/config-scripts/cups-defaults.m4.config-issues 2025-12-10 09:55:08.913734163 +0100
+++ cups-2.2.6/config-scripts/cups-defaults.m4 2025-12-10 09:55:57.696584490 +0100
@@ -95,6 +95,15 @@ AC_ARG_WITH(log_level, [ --with-log-lev
AC_SUBST(CUPS_LOG_LEVEL)
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LOG_LEVEL, "$CUPS_LOG_LEVEL")
+dnl Default PeerCred
+AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
+ CUPS_PEER_CRED="$withval"
+], [
+ CUPS_PEER_CRED="on"
+])
+AC_SUBST([CUPS_PEER_CRED])
+AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
+
dnl Default AccessLogLevel
AC_ARG_WITH(access_log_level, [ --with-access-log-level set default AccessLogLevel value, default=none],
CUPS_ACCESS_LOG_LEVEL="$withval",
diff -up cups-2.2.6/doc/help/man-cups-files.conf.html.config-issues cups-2.2.6/doc/help/man-cups-files.conf.html
--- cups-2.2.6/doc/help/man-cups-files.conf.html.config-issues 2025-12-10 09:55:08.849902857 +0100
+++ cups-2.2.6/doc/help/man-cups-files.conf.html 2025-12-10 09:57:25.160598126 +0100
@@ -119,6 +119,13 @@ The server name may be included in filen
</pre>
The default is "/var/log/cups/page_log".
+<dt><a name="PeerCred"></a><b>PeerCred off</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred on</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred root-only</b>
+<dd style="margin-left: 5.0em">Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When <b>on</b>, the peer credentials of any user are accepted for authorization.
+The value <b>off</b> disables the use of peer credentials entirely, while the value <b>root-only</b> allows peer credentials only for the root user.
+Note: for security reasons, the <b>on</b> setting is reduced to <b>root-only</b> for authorization of PUT requests.
<dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
<dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
The default is "remroot".
diff -up cups-2.2.6/man/cups-files.conf.man.in.config-issues cups-2.2.6/man/cups-files.conf.man.in
--- cups-2.2.6/man/cups-files.conf.man.in.config-issues 2025-12-10 09:59:33.227883234 +0100
+++ cups-2.2.6/man/cups-files.conf.man.in 2025-12-10 09:59:57.400174430 +0100
@@ -162,6 +162,17 @@ The default is "/var/log/cups/page_log".
\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
Passes the specified environment variable(s) to child processes.
Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
+.\"#PeerCred
+.TP 5
+\fBPeerCred off\fR
+.TP 5
+\fBPeerCred on\fR
+.TP 5
+\fBPeerCred root-only\fR
+Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When \fBon\fR, the peer credentials of any user are accepted for authorization.
+The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user.
+Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests.
.\"#RemoteRoot
.TP 5
\fBRemoteRoot \fIusername\fR
diff -up cups-2.2.6/scheduler/auth.c.config-issues cups-2.2.6/scheduler/auth.c
--- cups-2.2.6/scheduler/auth.c.config-issues 2025-12-10 09:55:08.953939209 +0100
+++ cups-2.2.6/scheduler/auth.c 2025-12-10 09:55:08.965011783 +0100
@@ -401,7 +401,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I
}
#endif /* HAVE_AUTHORIZATION_H */
#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- else if (!strncmp(authorization, "PeerCred ", 9) &&
+ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
{
/*
@@ -444,6 +444,12 @@ cupsdAuthorize(cupsd_client_t *con) /* I
}
#endif /* HAVE_AUTHORIZATION_H */
+ if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
+ {
+ cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
+ return;
+ }
+
if ((pwd = getpwnam(authorization + 9)) == NULL)
{
cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9);
diff -up cups-2.2.6/scheduler/auth.h.config-issues cups-2.2.6/scheduler/auth.h
--- cups-2.2.6/scheduler/auth.h.config-issues 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/auth.h 2025-12-10 10:00:29.472254041 +0100
@@ -52,6 +52,10 @@
#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
+#define CUPSD_PEERCRED_OFF 0 /* Don't allow PeerCred authorization */
+#define CUPSD_PEERCRED_ON 1 /* Allow PeerCred authorization for all users */
+#define CUPSD_PEERCRED_ROOTONLY 2 /* Allow PeerCred authorization for root user */
+
#define IPP_ANY_OPERATION (ipp_op_t)0
/* Any IPP operation */
#define IPP_BAD_OPERATION (ipp_op_t)-1
@@ -109,6 +113,9 @@ typedef struct cupsd_client_s cupsd_clie
VAR cups_array_t *Locations VALUE(NULL);
/* Authorization locations */
+VAR int PeerCred VALUE(CUPSD_PEERCRED_ON);
+ /* Allow PeerCred authorization? */
+
#ifdef HAVE_SSL
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
/* Default encryption for authentication */
diff -up cups-2.2.6/scheduler/client.c.config-issues cups-2.2.6/scheduler/client.c
diff -up cups-2.2.6/scheduler/conf.c.config-issues cups-2.2.6/scheduler/conf.c
--- cups-2.2.6/scheduler/conf.c.config-issues 2025-12-10 09:55:08.946765727 +0100
+++ cups-2.2.6/scheduler/conf.c 2025-12-10 09:55:08.964315379 +0100
@@ -52,6 +52,7 @@ typedef enum
{
CUPSD_VARTYPE_INTEGER, /* Integer option */
CUPSD_VARTYPE_TIME, /* Time interval option */
+ CUPSD_VARTYPE_NULLSTRING, /* String option or NULL/empty string */
CUPSD_VARTYPE_STRING, /* String option */
CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
@@ -74,7 +75,7 @@ static const cupsd_var_t cupsd_vars[] =
{
{ "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
- { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
+ { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_NULLSTRING },
#endif /* HAVE_DNSSD || HAVE_AVAHI */
{ "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
{ "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
@@ -124,7 +125,7 @@ static const cupsd_var_t cupsd_vars[] =
{ "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
{ "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
{ "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
- { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
+ { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_NULLSTRING },
{ "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
{ "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
{ "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
@@ -807,6 +808,13 @@ cupsdReadConfiguration(void)
IdleExitTimeout = 60;
#endif /* HAVE_ONDEMAND */
+ if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
+ PeerCred = CUPSD_PEERCRED_OFF;
+ else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
+ else
+ PeerCred = CUPSD_PEERCRED_ON;
+
/*
* Setup environment variables...
*/
@@ -1837,7 +1845,7 @@ get_addr_and_mask(const char *value, /*
family = AF_INET6;
- for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
+ for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
{
if (*ptr == ']')
break;
@@ -1986,7 +1994,7 @@ get_addr_and_mask(const char *value, /*
#ifdef AF_INET6
if (family == AF_INET6)
{
- if (i > 128)
+ if (i < 0 || i > 128)
return (0);
i = 128 - i;
@@ -2020,7 +2028,7 @@ get_addr_and_mask(const char *value, /*
else
#endif /* AF_INET6 */
{
- if (i > 32)
+ if (i < 0 || i > 32)
return (0);
mask[0] = 0xffffffff;
@@ -2930,7 +2938,17 @@ parse_variable(
cupsdSetString((char **)var->ptr, temp);
break;
+ case CUPSD_VARTYPE_NULLSTRING :
+ cupsdSetString((char **)var->ptr, value);
+ break;
+
case CUPSD_VARTYPE_STRING :
+ if (!value)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
+ return (0);
+ }
+
cupsdSetString((char **)var->ptr, value);
break;
}
@@ -3438,9 +3456,10 @@ read_cupsd_conf(cups_file_t *fp) /* I -
line, value ? " " : "", value ? value : "", linenum,
ConfigurationFile, CupsFilesFile);
}
- else
- parse_variable(ConfigurationFile, linenum, line, value,
- sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
+ else if (!parse_variable(ConfigurationFile, linenum, line, value,
+ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
+ (FatalErrors & CUPSD_FATAL_CONFIG))
+ return (0);
}
return (1);
@@ -3575,6 +3594,31 @@ read_cups_files_conf(cups_file_t *fp) /*
break;
}
}
+ else if (!_cups_strcasecmp(line, "PeerCred") && value)
+ {
+ /*
+ * PeerCred {off,on,root-only}
+ */
+
+ if (!_cups_strcasecmp(value, "off"))
+ {
+ PeerCred = CUPSD_PEERCRED_OFF;
+ }
+ else if (!_cups_strcasecmp(value, "on"))
+ {
+ PeerCred = CUPSD_PEERCRED_ON;
+ }
+ else if (!_cups_strcasecmp(value, "root-only"))
+ {
+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
+ }
+ else
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
+ }
+ }
else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
{
/*
diff -up cups-2.2.6/test/run-stp-tests.sh.config-issues cups-2.2.6/test/run-stp-tests.sh
--- cups-2.2.6/test/run-stp-tests.sh.config-issues 2025-12-10 09:55:08.861374808 +0100
+++ cups-2.2.6/test/run-stp-tests.sh 2025-12-10 09:55:08.964582228 +0100
@@ -511,7 +511,7 @@ fi
cat >$BASE/cups-files.conf <<EOF
FileDevice yes
-Printcap
+Printcap $BASE/printcap
User $user
ServerRoot $BASE
StateDir $BASE

127
SOURCES/0001-Setting-the-timeout-should-also-timeout-the-TLS-nego.patch
View File

@ -1,127 +0,0 @@
From a7aabde8fee21c62795eba831fc2bc965c6e0149 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 20 Feb 2018 20:18:05 -0500
Subject: [PATCH] Setting the timeout should also timeout the TLS negotiation
(rdar://34938533)
---
cups/http.c | 6 +++---
cups/tls-darwin.c | 35 +++++++++++++++++++++++++++++++----
cups/tls-gnutls.c | 35 ++++++++++++++++++++++++++++++++---
cups/tls.c | 2 +-
4 files changed, 67 insertions(+), 11 deletions(-)
diff --git a/cups/http.c b/cups/http.c
index 9af77c1c5..4d0a2a78e 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -4027,7 +4027,7 @@ http_read(http_t *http, /* I - HTTP connection */
DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
- if (!http->blocking)
+ if (!http->blocking || http->timeout_value > 0.0)
{
while (!httpWait(http, http->wait_value))
{
@@ -4626,7 +4626,7 @@ http_write(http_t *http, /* I - HTTP connection */
{
DEBUG_printf(("3http_write: About to write %d bytes.", (int)length));
- if (http->timeout_cb)
+ if (http->timeout_value > 0.0)
{
#ifdef HAVE_POLL
struct pollfd pfd; /* Polled file descriptor */
@@ -4670,7 +4670,7 @@ http_write(http_t *http, /* I - HTTP connection */
http->error = errno;
return (-1);
}
- else if (nfds == 0 && !(*http->timeout_cb)(http, http->timeout_data))
+ else if (nfds == 0 && (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data)))
{
#ifdef WIN32
http->error = WSAEWOULDBLOCK;
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 0f0cd0028..bc3cdd07d 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1087,7 +1087,7 @@ http_gnutls_read(
http = (http_t *)ptr;
- if (!http->blocking)
+ if (!http->blocking || http->timeout_value > 0.0)
{
/*
* Make sure we have data before we read...
@@ -1245,6 +1245,9 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
char priority_string[2048];
/* Priority string */
int version; /* Current version */
+ double old_timeout; /* Old timeout value */
+ http_timeout_cb_t old_cb; /* Old timeout callback */
+ void *old_data; /* Old timeout data */
static const char * const versions[] =/* SSL/TLS versions */
{
"VERS-SSL3.0",
@@ -1578,6 +1581,24 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
#endif /* HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION */
gnutls_transport_set_push_function(http->tls, http_gnutls_write);
+ /*
+ * Enforce a minimum timeout of 10 seconds for the TLS handshake...
+ */
+
+ old_timeout = http->timeout_value;
+ old_cb = http->timeout_cb;
+ old_data = http->timeout_data;
+
+ if (!old_cb || old_timeout < 10.0)
+ {
+ DEBUG_puts("4_httpTLSStart: Setting timeout to 10 seconds.");
+ httpSetTimeout(http, 10.0, NULL, NULL);
+ }
+
+ /*
+ * Do the TLS handshake...
+ */
+
while ((status = gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
{
DEBUG_printf(("5_httpStartTLS: gnutls_handshake returned %d (%s)",
@@ -1595,10 +1616,18 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
free(credentials);
http->tls = NULL;
+ httpSetTimeout(http, old_timeout, old_cb, old_data);
+
return (-1);
}
}
+ /*
+ * Restore the previous timeout settings...
+ */
+
+ httpSetTimeout(http, old_timeout, old_cb, old_data);
+
http->tls_credentials = credentials;
return (0);
diff --git a/cups/tls.c b/cups/tls.c
index e8874004f..278439db2 100644
--- a/cups/tls.c
+++ b/cups/tls.c
@@ -30,7 +30,7 @@
/*
- * Local functions...
+ * Include platform-specific TLS code...
*/
#ifdef HAVE_SSL
--
2.52.0

12
SOURCES/0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
View File

@ -1,12 +0,0 @@
diff -up cups-2.2.6/cups/http.c.use-usessl cups-2.2.6/cups/http.c
--- cups-2.2.6/cups/http.c.use-usessl 2025-12-09 14:59:32.677174678 +0100
+++ cups-2.2.6/cups/http.c 2025-12-09 15:00:38.443279836 +0100
@@ -3152,7 +3152,7 @@ _httpWait(http_t *http, /* I - HTTP co
*/
#ifdef HAVE_SSL
- if (http->tls && _httpTLSPending(http))
+ if (usessl && http->tls && _httpTLSPending(http))
{
DEBUG_puts("5_httpWait: Return 1 since there is pending TLS data.");
return (1);

43
SOURCES/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
View File

@ -1,43 +0,0 @@
From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 4 Dec 2025 09:04:37 +0100
Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive
Change the return value to do not trigger stopping the scheduler in case
of unknown directive, because stopping the scheduler on config errors
should only happen in case of syntax errors.
---
scheduler/conf.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/scheduler/conf.c b/scheduler/conf.c
index 7d6da0252..0e7be0ef4 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -2708,16 +2708,16 @@ parse_variable(
{
/*
* Unknown directive! Output an error message and continue...
+ *
+ * Return value 1 is on purpose - we ignore unknown directives to log
+ * error, but do not stop the scheduler in case error in configuration
+ * is set to be fatal.
*/
- if (!value)
- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
- line, linenum, filename);
- else
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
- line, linenum, filename);
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
+ line, linenum, filename);
- return (0);
+ return (1);
}
switch (var->type)
--
2.52.0

40
SOURCES/0001-mirror-ipp-everywhere-printer-changes-from-master.patch
View File

@ -1,40 +0,0 @@
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 728d164..5089172 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -5773,6 +5773,18 @@ create_local_bg_thread(
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
}
+ // Validate response from printer...
+ if (!ippValidateAttributes(response))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "%s: The printer contains invalid attributes.", printer->name);
+
+ if (response)
+ ippDelete(response);
+
+ httpClose(http);
+ return (NULL);
+ }
+
// TODO: Grab printer icon file...
httpClose(http);
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index daf24d5..eba7551 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1226,6 +1226,12 @@ get_printer_ppd(
ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
+ if (response && !ippValidateAttributes(response))
+ {
+ _cupsLangPrintf(stderr, _("%s: The printer \"%s\" contains invalid IPP attributes."), "lpadmin", uri);
+ return (NULL);
+ }
+
if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE)
{
_cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString());

41
SOURCES/0001-ppdize-preset-and-template-names.patch
View File

@ -1,41 +0,0 @@
From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 9 Sep 2024 15:59:57 -0400
Subject: [PATCH] PPDize preset and template names.
---
cups/ppd-cache.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index 986c64f73..18c38d0ee 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -5543,7 +5552,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
*end; /* End of name buffer */
- if (!ipp)
+ if (!ipp || !_cups_isalnum(*ipp))
{
*name = '\0';
return;
@@ -5558,8 +5567,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
ipp ++;
*ptr++ = (char)toupper(*ipp++ & 255);
}
- else
+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
+ {
*ptr++ = *ipp++;
+ }
+ else
+ {
+ ipp ++;
+ }
}
*ptr = '\0';
--
2.46.1

136
SOURCES/0001-refactor-make-and-model-code.patch
View File

@ -1,136 +0,0 @@
diff -up cups-2.2.6/cups/ppd-cache.c.make-model-refact cups-2.2.6/cups/ppd-cache.c
--- cups-2.2.6/cups/ppd-cache.c.make-model-refact 2024-10-25 09:50:04.894056025 +0200
+++ cups-2.2.6/cups/ppd-cache.c 2024-10-25 09:51:15.832552712 +0200
@@ -2937,9 +2937,10 @@ _ppdCreateFromIPP(char *buffer, /* I -
*x_dim, *y_dim; /* Media dimensions */
ipp_t *media_size; /* Media size collection */
char make[256], /* Make and model */
- *model, /* Model name */
+ *mptr, /* Pointer into make and model */
ppdname[PPD_MAX_NAME];
/* PPD keyword */
+ const char *model; /* Model name */
int i, j, /* Looping vars */
count, /* Number of values */
bottom, /* Largest bottom margin */
@@ -3057,35 +3058,105 @@ _ppdCreateFromIPP(char *buffer, /* I -
}
/*
- * Standard stuff for PPD file...
+ * Get a sanitized make and model...
*/
- cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
- cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
- cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
- cupsFilePuts(fp, "*LanguageVersion: English\n");
- cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
- cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
- cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
- cupsFilePuts(fp, "*FileSystem: False\n");
- cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
+ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
+ {
+ /*
+ * Sanitize the model name to only contain PPD-safe characters.
+ */
- if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL)
strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+
+ for (mptr = make; *mptr; mptr ++)
+ {
+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
+ {
+ /*
+ * Truncate the make and model on the first bad character...
+ */
+
+ *mptr = '\0';
+ break;
+ }
+ }
+
+ while (mptr > make)
+ {
+ /*
+ * Strip trailing whitespace...
+ */
+
+ mptr --;
+ if (*mptr == ' ')
+ *mptr = '\0';
+ }
+
+ if (!make[0])
+ {
+ /*
+ * Use a default make and model if nothing remains...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+ }
else
- strlcpy(make, "Unknown Printer", sizeof(make));
+ {
+ /*
+ * Use a default make and model...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) ||
!_cups_strncasecmp(make, "Hewlett-Packard ", 16))
{
+ /*
+ * Normalize HP printer make and model...
+ */
+
model = make + 16;
strlcpy(make, "HP", sizeof(make));
+
+ if (!_cups_strncasecmp(model, "HP ", 3))
+ model += 3;
+ }
+ else if ((mptr = strchr(make, ' ')) != NULL)
+ {
+ /*
+ * Separate "MAKE MODEL"...
+ */
+
+ while (*mptr && *mptr == ' ')
+ *mptr++ = '\0';
+
+ model = mptr;
}
- else if ((model = strchr(make, ' ')) != NULL)
- *model++ = '\0';
else
- model = make;
+ {
+ /*
+ * No separate model name...
+ */
+
+ model = "Printer";
+ }
+
+ /*
+ * Standard stuff for PPD file...
+ */
+ cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
+ cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
+ cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
+ cupsFilePuts(fp, "*LanguageVersion: English\n");
+ cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
+ cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
+ cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
+ cupsFilePuts(fp, "*FileSystem: False\n");
+ cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);

29
SOURCES/0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch
View File

@ -1,29 +0,0 @@
From c1d2c631267f28131dd31df5b895b8bfb3005b0d Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 11 Dec 2025 15:12:55 +0100
Subject: [PATCH] scheduler: Fix possible use_after_free in `cupsdReadClient()`
If `cupsdSendHeader()` fails, we free the connection and return -1, but
in that case we try to free the connection again in `cupsdReadClient()`.
---
scheduler/client.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index f6166091e..63844d531 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2761,10 +2761,7 @@ check_start_tls(cupsd_client_t *con) /* I - Client connection */
httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))
- {
- cupsdCloseClient(con);
return (-1);
- }
}
return (1);
--
2.52.0

35
SOURCES/CVE-2025-58060.patch
View File

@ -1,35 +0,0 @@
diff --git a/scheduler/auth.c b/scheduler/auth.c
index e7d0006..d70e21e 100644
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -564,8 +564,12 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
switch (type)
{
default :
+ {
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled.");
+ return;
+ }
case CUPSD_AUTH_BASIC :
- {
+ {
#if HAVE_LIBPAM
/*
* Only use PAM to do authentication. This supports MD5
@@ -737,6 +741,16 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
gss_name_t client_name; /* Client name */
+ /*
+ * Only allow Kerberos if enabled...
+ */
+
+ if (type != CUPSD_AUTH_NEGOTIATE)
+ {
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled.");
+ return;
+ }
+
# ifdef __APPLE__
/*
* If the weak-linked GSSAPI/Kerberos library is not present, don't try

46
SOURCES/CVE-2025-58364.patch
View File

@ -1,46 +0,0 @@
diff -up cups-2.2.6/cups/ipp.c.cve-2025-58364 cups-2.2.6/cups/ipp.c
--- cups-2.2.6/cups/ipp.c.cve-2025-58364 2025-10-22 10:15:10.072426099 +0200
+++ cups-2.2.6/cups/ipp.c 2025-10-22 10:20:00.117427768 +0200
@@ -3050,34 +3050,6 @@ ippReadIO(void *src, /* I - Data
*/
tag = (ipp_tag_t)buffer[0];
- if (tag == IPP_TAG_EXTENSION)
- {
- /*
- * Read 32-bit "extension" tag...
- */
-
- if ((*cb)(src, buffer, 4) < 1)
- {
- DEBUG_puts("1ippReadIO: Callback returned EOF/error");
- _cupsBufferRelease((char *)buffer);
- return (IPP_STATE_ERROR);
- }
-
- tag = (ipp_tag_t)((((((buffer[0] << 8) | buffer[1]) << 8) |
- buffer[2]) << 8) | buffer[3]);
-
- if (tag & IPP_TAG_CUPS_CONST)
- {
- /*
- * Fail if the high bit is set in the tag...
- */
-
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1);
- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag));
- _cupsBufferRelease((char *)buffer);
- return (IPP_STATE_ERROR);
- }
- }
if (tag == IPP_TAG_END)
{
@@ -3286,6 +3258,7 @@ ippReadIO(void *src, /* I - Data
if ((*cb)(src, buffer, (size_t)n) < n)
{
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1);
DEBUG_puts("1ippReadIO: unable to read name.");
_cupsBufferRelease((char *)buffer);
return (IPP_STATE_ERROR);

524
SOURCES/cups-CVE-2025-58436.patch
View File

@ -1,524 +0,0 @@
diff -up cups-2.2.6/cups/http.c.slow-client cups-2.2.6/cups/http.c
--- cups-2.2.6/cups/http.c.slow-client 2025-12-09 15:13:08.505351097 +0100
+++ cups-2.2.6/cups/http.c 2025-12-09 15:16:54.210443194 +0100
@@ -52,7 +52,7 @@ static http_t *http_create(const char *
static void http_debug_hex(const char *prefix, const char *buffer,
int bytes);
#endif /* DEBUG */
-static ssize_t http_read(http_t *http, char *buffer, size_t length);
+static ssize_t http_read(http_t *http, char *buffer, size_t length, int timeout);
static ssize_t http_read_buffered(http_t *http, char *buffer, size_t length);
static ssize_t http_read_chunk(http_t *http, char *buffer, size_t length);
static int http_send(http_t *http, http_state_t request,
@@ -1209,7 +1209,7 @@ httpGets(char *line, /* I - Line to
return (NULL);
}
- bytes = http_read(http, http->buffer + http->used, (size_t)(HTTP_MAX_BUFFER - http->used));
+ bytes = http_read(http, http->buffer + http->used, (size_t)(_HTTP_MAX_BUFFER - http->used), http->wait_value);
DEBUG_printf(("4httpGets: read " CUPS_LLFMT " bytes.", CUPS_LLCAST bytes));
@@ -1724,24 +1724,13 @@ httpPeek(http_t *http, /* I - HTTP con
ssize_t buflen; /* Length of read for buffer */
- if (!http->blocking)
- {
- while (!httpWait(http, http->wait_value))
- {
- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
- continue;
-
- return (0);
- }
- }
-
if ((size_t)http->data_remaining > sizeof(http->buffer))
buflen = sizeof(http->buffer);
else
buflen = (ssize_t)http->data_remaining;
DEBUG_printf(("2httpPeek: Reading %d bytes into buffer.", (int)buflen));
- bytes = http_read(http, http->buffer, (size_t)buflen);
+ bytes = http_read(http, http->buffer, (size_t)buflen, http->wait_value);
DEBUG_printf(("2httpPeek: Read " CUPS_LLFMT " bytes into buffer.",
CUPS_LLCAST bytes));
@@ -1762,9 +1751,9 @@ httpPeek(http_t *http, /* I - HTTP con
int zerr; /* Decompressor error */
z_stream stream; /* Copy of decompressor stream */
- if (http->used > 0 && http->stream.avail_in < HTTP_MAX_BUFFER)
+ if (http->used > 0 && http->stream.avail_in < _HTTP_MAX_BUFFER)
{
- size_t buflen = buflen = HTTP_MAX_BUFFER - http->stream.avail_in;
+ size_t buflen = buflen = _HTTP_MAX_BUFFER - http->stream.avail_in;
/* Number of bytes to copy */
if (http->stream.avail_in > 0 &&
@@ -2022,7 +2011,7 @@ httpRead2(http_t *http, /* I - HTTP co
if (bytes == 0)
{
- ssize_t buflen = HTTP_MAX_BUFFER - (ssize_t)http->stream.avail_in;
+ ssize_t buflen = _HTTP_MAX_BUFFER - (ssize_t)http->stream.avail_in;
/* Additional bytes for buffer */
if (buflen > 0)
@@ -2893,7 +2882,7 @@ int /* O - 1 to continue, 0 to stop
_httpUpdate(http_t *http, /* I - HTTP connection */
http_status_t *status) /* O - Current HTTP status */
{
- char line[32768], /* Line from connection... */
+ char line[_HTTP_MAX_BUFFER], /* Line from connection... */
*value; /* Pointer to value on line */
http_field_t field; /* Field index */
int major, minor; /* HTTP version numbers */
@@ -2901,12 +2890,46 @@ _httpUpdate(http_t *http, /* I -
DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", (void *)http, (void *)status, httpStateString(http->state)));
+ /* When doing non-blocking I/O, make sure we have a whole line... */
+ if (!http->blocking)
+ {
+ ssize_t bytes; /* Bytes "peeked" from connection */
+
+ /* See whether our read buffer is full... */
+ DEBUG_printf(("2_httpUpdate: used=%d", http->used));
+
+ if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer))
+ {
+ /* No, try filling in more data... */
+ if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0)
+ {
+ DEBUG_printf(("2_httpUpdate: Read %d bytes.", (int)bytes));
+ http->used += (int)bytes;
+ }
+ }
+
+ /* Peek at the incoming data... */
+ if (!http->used || !memchr(http->buffer, '\n', (size_t)http->used))
+ {
+ /* Don't have a full line, tell the reader to try again when there is more data... */
+ DEBUG_puts("1_htttpUpdate: No newline in buffer yet.");
+ if ((size_t)http->used == sizeof(http->buffer))
+ *status = HTTP_STATUS_ERROR;
+ else
+ *status = HTTP_STATUS_CONTINUE;
+ return (0);
+ }
+
+ DEBUG_puts("2_httpUpdate: Found newline in buffer.");
+ }
+
/*
* Grab a single line from the connection...
*/
if (!httpGets(line, sizeof(line), http))
{
+ DEBUG_puts("1_httpUpdate: Error reading request line.");
*status = HTTP_STATUS_ERROR;
return (0);
}
@@ -4054,7 +4077,8 @@ http_debug_hex(const char *prefix, /* I
static ssize_t /* O - Number of bytes read or -1 on error */
http_read(http_t *http, /* I - HTTP connection */
char *buffer, /* I - Buffer */
- size_t length) /* I - Maximum bytes to read */
+ size_t length, /* I - Maximum bytes to read */
+ int timeout) /* I - Wait timeout */
{
ssize_t bytes; /* Bytes read */
@@ -4063,7 +4087,7 @@ http_read(http_t *http, /* I - HTTP co
if (!http->blocking || http->timeout_value > 0.0)
{
- while (!httpWait(http, http->wait_value))
+ while (!_httpWait(http, timeout, 1))
{
if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
continue;
@@ -4181,7 +4205,7 @@ http_read_buffered(http_t *http, /* I -
else
bytes = (ssize_t)length;
- DEBUG_printf(("2http_read: Grabbing %d bytes from input buffer.",
+ DEBUG_printf(("2http_read_buffered: Grabbing %d bytes from input buffer.",
(int)bytes));
memcpy(buffer, http->buffer, (size_t)bytes);
@@ -4191,7 +4215,7 @@ http_read_buffered(http_t *http, /* I -
memmove(http->buffer, http->buffer + bytes, (size_t)http->used);
}
else
- bytes = http_read(http, buffer, length);
+ bytes = http_read(http, buffer, length, http->wait_value);
return (bytes);
}
@@ -4536,15 +4560,15 @@ http_set_timeout(int fd, /* I - File
static void
http_set_wait(http_t *http) /* I - HTTP connection */
{
- if (http->blocking)
- {
- http->wait_value = (int)(http->timeout_value * 1000);
+ http->wait_value = (int)(http->timeout_value * 1000);
- if (http->wait_value <= 0)
+ if (http->wait_value <= 0)
+ {
+ if (http->blocking)
http->wait_value = 60000;
+ else
+ http->wait_value = 1000;
}
- else
- http->wait_value = 10000;
}
diff -up cups-2.2.6/cups/http-private.h.slow-client cups-2.2.6/cups/http-private.h
--- cups-2.2.6/cups/http-private.h.slow-client 2025-12-09 15:13:08.405517186 +0100
+++ cups-2.2.6/cups/http-private.h 2025-12-09 15:14:41.466141368 +0100
@@ -172,6 +172,7 @@ extern "C" {
* Constants...
*/
+# define _HTTP_MAX_BUFFER 32768 /* Size of read buffer */
# define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
# define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
# define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
@@ -298,8 +299,8 @@ struct _http_s /**** HTTP connection
http_encoding_t data_encoding; /* Chunked or not */
int _data_remaining;/* Number of bytes left (deprecated) */
int used; /* Number of bytes used in buffer */
- char buffer[HTTP_MAX_BUFFER];
- /* Buffer for incoming data */
+ char _buffer[HTTP_MAX_BUFFER];
+ /* Old read buffer (deprecated) */
int _auth_type; /* Authentication in use (deprecated) */
_cups_md5_state_t md5_state; /* MD5 state */
char nonce[HTTP_MAX_VALUE];
@@ -368,6 +369,8 @@ struct _http_s /**** HTTP connection
z_stream stream; /* (De)compression stream */
Bytef *sbuffer; /* (De)compression buffer */
# endif /* HAVE_LIBZ */
+ char buffer[_HTTP_MAX_BUFFER];
+ /* Read buffer */
};
# endif /* !_HTTP_NO_PRIVATE */
diff -up cups-2.2.6/scheduler/client.c.slow-client cups-2.2.6/scheduler/client.c
--- cups-2.2.6/scheduler/client.c.slow-client 2025-12-09 15:13:08.478315602 +0100
+++ cups-2.2.6/scheduler/client.c 2025-12-09 15:23:26.936553480 +0100
@@ -44,11 +44,11 @@
static int check_if_modified(cupsd_client_t *con,
struct stat *filestats);
-static int compare_clients(cupsd_client_t *a, cupsd_client_t *b,
- void *data);
#ifdef HAVE_SSL
-static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e);
+static int check_start_tls(cupsd_client_t *con);
#endif /* HAVE_SSL */
+static int compare_clients(cupsd_client_t *a, cupsd_client_t *b,
+ void *data);
static char *get_file(cupsd_client_t *con, struct stat *filestats,
char *filename, size_t len);
static http_status_t install_cupsd_conf(cupsd_client_t *con);
@@ -423,14 +423,20 @@ cupsdAcceptClient(cupsd_listener_t *lis)
if (lis->encryption == HTTP_ENCRYPTION_ALWAYS)
{
/*
- * https connection; go secure...
+ * HTTPS connection, force TLS negotiation...
*/
- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
- cupsdCloseClient(con);
+ con->tls_start = time(NULL);
+ con->encryption = HTTP_ENCRYPTION_ALWAYS;
}
else
+ {
+ /*
+ * HTTP connection, but check for HTTPS negotiation on first data...
+ */
+
con->auto_ssl = 1;
+ }
#endif /* HAVE_SSL */
}
@@ -673,17 +679,46 @@ cupsdReadClient(cupsd_client_t *con) /*
con->auto_ssl = 0;
- if (recv(httpGetFd(con->http), buf, 1, MSG_PEEK) == 1 &&
- (!buf[0] || !strchr("DGHOPT", buf[0])))
+ if (recv(httpGetFd(con->http), buf, 5, MSG_PEEK) == 5 && buf[0] == 0x16 && buf[1] == 3 && buf[2])
{
/*
- * Encrypt this connection...
+ * Client hello record, encrypt this connection...
*/
- cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw first byte %02X, auto-negotiating SSL/TLS session.", buf[0] & 255);
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw client hello record, auto-negotiating TLS session.");
+ con->tls_start = time(NULL);
+ con->encryption = HTTP_ENCRYPTION_ALWAYS;
+ }
+ }
- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS))
- cupsdCloseClient(con);
+ if (con->tls_start)
+ {
+ /*
+ * Try negotiating TLS...
+ */
+
+ int tls_status = check_start_tls(con);
+
+ if (tls_status < 0)
+ {
+ /*
+ * TLS negotiation failed, close the connection.
+ */
+
+ cupsdCloseClient(con);
+ return;
+ }
+ else if (tls_status == 0)
+ {
+ /*
+ * Nothing to do yet...
+ */
+
+ if ((time(NULL) - con->tls_start) > 5)
+ {
+ // Timeout, close the connection...
+ cupsdCloseClient(con);
+ }
return;
}
@@ -847,9 +882,7 @@ cupsdReadClient(cupsd_client_t *con) /*
* Parse incoming parameters until the status changes...
*/
- while ((status = httpUpdate(con->http)) == HTTP_STATUS_CONTINUE)
- if (!httpGetReady(con->http))
- break;
+ status = httpUpdate(con->http);
if (status != HTTP_STATUS_OK && status != HTTP_STATUS_CONTINUE)
{
@@ -999,11 +1032,10 @@ cupsdReadClient(cupsd_client_t *con) /*
return;
}
- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
- {
- cupsdCloseClient(con);
- return;
- }
+ con->tls_start = time(NULL);
+ con->tls_upgrade = 1;
+ con->encryption = HTTP_ENCRYPTION_REQUIRED;
+ return;
#else
if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE))
{
@@ -1042,32 +1074,11 @@ cupsdReadClient(cupsd_client_t *con) /*
if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION),
"Upgrade") && !httpIsEncrypted(con->http))
{
-#ifdef HAVE_SSL
- /*
- * Do encryption stuff...
- */
-
- httpClearFields(con->http);
-
- if (!cupsdSendHeader(con, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL,
- CUPSD_AUTH_NONE))
- {
- cupsdCloseClient(con);
- return;
- }
-
- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED))
- {
- cupsdCloseClient(con);
- return;
- }
-#else
if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE))
{
cupsdCloseClient(con);
return;
}
-#endif /* HAVE_SSL */
}
if ((status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK)
@@ -3003,6 +3014,69 @@ check_if_modified(
}
+#ifdef HAVE_SSL
+/*
+ * 'check_start_tls()' - Start encryption on a connection.
+ */
+
+static int /* O - 0 to continue, 1 on success, -1 on error */
+check_start_tls(cupsd_client_t *con) /* I - Client connection */
+{
+ unsigned char chello[4096]; /* Client hello record */
+ ssize_t chello_bytes; /* Bytes read/peeked */
+ int chello_len; /* Length of record */
+
+
+ /*
+ * See if we have a good and complete client hello record...
+ */
+
+ if ((chello_bytes = recv(httpGetFd(con->http), (char *)chello, sizeof(chello), MSG_PEEK)) < 5)
+ return (0); /* Not enough bytes (yet) */
+
+ if (chello[0] != 0x016 || chello[1] != 3 || chello[2] == 0)
+ return (-1); /* Not a TLS Client Hello record */
+
+ chello_len = (chello[3] << 8) | chello[4];
+
+ if ((chello_len + 5) > chello_bytes)
+ return (0); /* Not enough bytes yet */
+
+ /*
+ * OK, we do, try negotiating...
+ */
+
+ con->tls_start = 0;
+
+ if (httpEncryption(con->http, con->encryption))
+ {
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", cupsLastErrorString());
+ return (-1);
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted.");
+
+ if (con->tls_upgrade)
+ {
+ // Respond to the original OPTIONS command...
+ con->tls_upgrade = 0;
+
+ httpClearFields(con->http);
+ httpClearCookie(con->http);
+ httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
+
+ if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))
+ {
+ cupsdCloseClient(con);
+ return (-1);
+ }
+ }
+
+ return (1);
+}
+#endif /* HAVE_SSL */
+
+
/*
* 'compare_clients()' - Compare two client connections.
*/
@@ -3023,28 +3097,6 @@ compare_clients(cupsd_client_t *a, /* I
}
-#ifdef HAVE_SSL
-/*
- * 'cupsd_start_tls()' - Start encryption on a connection.
- */
-
-static int /* O - 0 on success, -1 on error */
-cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */
- http_encryption_t e) /* I - Encryption mode */
-{
- if (httpEncryption(con->http, e))
- {
- cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s",
- cupsLastErrorString());
- return (-1);
- }
-
- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted.");
- return (0);
-}
-#endif /* HAVE_SSL */
-
-
/*
* 'get_file()' - Get a filename and state info.
*/
diff -up cups-2.2.6/scheduler/client.h.slow-client cups-2.2.6/scheduler/client.h
--- cups-2.2.6/scheduler/client.h.slow-client 2025-12-09 15:13:08.395814648 +0100
+++ cups-2.2.6/scheduler/client.h 2025-12-09 15:36:24.758565531 +0100
@@ -59,6 +59,9 @@ struct cupsd_client_s
cups_lang_t *language; /* Language to use */
#ifdef HAVE_SSL
int auto_ssl; /* Automatic test for SSL/TLS */
+ time_t tls_start; /* Do TLS negotiation? */
+ int tls_upgrade; /* Doing TLS upgrade via OPTIONS? */
+ http_encryption_t encryption; /* Type of TLS negotiation */
#endif /* HAVE_SSL */
http_addr_t clientaddr; /* Client's server address */
char clientname[256];/* Client's server name for connection */
diff -up cups-2.2.6/scheduler/select.c.slow-client cups-2.2.6/scheduler/select.c
--- cups-2.2.6/scheduler/select.c.slow-client 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/select.c 2025-12-09 15:13:08.508485767 +0100
@@ -412,6 +412,9 @@ cupsdDoSelect(long timeout) /* I - Time
cupsd_in_select = 1;
+ // Prevent 100% CPU by releasing control before the kevent call...
+ usleep(1);
+
if (timeout >= 0 && timeout < 86400)
{
ktimeout.tv_sec = timeout;
@@ -458,6 +461,9 @@ cupsdDoSelect(long timeout) /* I - Time
struct epoll_event *event; /* Current event */
+ // Prevent 100% CPU by releasing control before the epoll_wait call...
+ usleep(1);
+
if (timeout >= 0 && timeout < 86400)
nfds = epoll_wait(cupsd_epoll_fd, cupsd_epoll_events, MaxFDs,
timeout * 1000);
@@ -550,6 +556,9 @@ cupsdDoSelect(long timeout) /* I - Time
}
}
+ // Prevent 100% CPU by releasing control before the poll call...
+ usleep(1);
+
if (timeout >= 0 && timeout < 86400)
nfds = poll(cupsd_pollfds, (nfds_t)count, timeout * 1000);
else
@@ -603,6 +612,9 @@ cupsdDoSelect(long timeout) /* I - Time
cupsd_current_input = cupsd_global_input;
cupsd_current_output = cupsd_global_output;
+ // Prevent 100% CPU by releasing control before the select call...
+ usleep(1);
+
if (timeout >= 0 && timeout < 86400)
{
stimeout.tv_sec = timeout;

94
SOURCES/cups-check-for-listeners.patch
View File

@ -1,94 +0,0 @@
diff --git a/scheduler/conf.c b/scheduler/conf.c
index c113eb3..77ce179 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
cupsdDeleteAllListeners();
+ /*
+ * Allocate Listeners array
+ */
+
+ Listeners = cupsArrayNew(NULL, NULL);
+
+ if (!Listeners)
+ {
+ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+ return (0);
+ }
+
old_remote_port = RemotePort;
RemotePort = 0;
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
}
}
- /*
- * Check that we have at least one listen/port line; if not, report this
- * as an error and exit!
- */
-
- if (cupsArrayCount(Listeners) == 0)
- {
- /*
- * No listeners!
- */
-
- cupsdLogMessage(CUPSD_LOG_EMERG,
- "No valid Listen or Port lines were found in the "
- "configuration file.");
-
- /*
- * Commit suicide...
- */
-
- cupsdEndProcess(getpid(), 0);
- }
-
/*
* Set the default locale using the language and charset...
*/
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
* Allocate another listener...
*/
- if (!Listeners)
- Listeners = cupsArrayNew(NULL, NULL);
-
- if (!Listeners)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate %s at line %d - %s.",
- line, linenum, strerror(errno));
- break;
- }
-
if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
diff --git a/scheduler/main.c b/scheduler/main.c
index a6e2c3a..b935c52 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -2113,6 +2113,21 @@ service_checkin(void)
service_add_listener(fd, 0);
}
#endif /* HAVE_LAUNCHD */
+
+ if (cupsArrayCount(Listeners) == 0)
+ {
+ /*
+ * No listeners!
+ */
+
+ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+
+ /*
+ * Commit suicide...
+ */
+
+ cupsdEndProcess(getpid(), 0);
+ }
}

346
SOURCES/cups-lspp.patch
View File

@ -1,11 +1,10 @@
diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in
--- cups-2.2.6/config.h.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/config.h.in 2024-08-15 14:55:07.310818870 +0200
@@ -730,4 +730,12 @@ static __inline int _cups_abs(int i) { r
diff -up cups-2.2.5/config.h.in.lspp cups-2.2.5/config.h.in
--- cups-2.2.5/config.h.in.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/config.h.in 2017-10-17 19:06:19.640228964 +0200
@@ -730,4 +730,11 @@ static __inline int _cups_abs(int i) { r
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
+
+/*
+ * Are we trying to meet LSPP requirements?
+ */
@ -14,9 +13,9 @@ diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in
+
+
#endif /* !_CUPS_CONFIG_H_ */
diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/cups-lspp.m4
--- cups-2.2.6/config-scripts/cups-lspp.m4.lspp 2024-08-15 14:55:07.310818870 +0200
+++ cups-2.2.6/config-scripts/cups-lspp.m4 2024-08-15 14:55:07.310818870 +0200
diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/cups-lspp.m4
--- cups-2.2.5/config-scripts/cups-lspp.m4.lspp 2017-10-17 19:06:19.640228964 +0200
+++ cups-2.2.5/config-scripts/cups-lspp.m4 2017-10-17 19:06:19.640228964 +0200
@@ -0,0 +1,36 @@
+dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -41,7 +40,7 @@ diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/c
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+
+if test x"$enable_lspp" != xno; then
+ case "$(uname)" in
+ case "$uname" in
+ Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h)
@ -54,9 +53,9 @@ diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/c
+ ;;
+ esac
+fi
diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac
--- cups-2.2.6/configure.ac.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/configure.ac 2024-08-15 14:55:07.310818870 +0200
diff -up cups-2.2.5/configure.ac.lspp cups-2.2.5/configure.ac
--- cups-2.2.5/configure.ac.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/configure.ac 2017-10-17 19:06:19.640228964 +0200
@@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4)
sinclude(config-scripts/cups-scripting.m4)
@ -66,9 +65,9 @@ diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac
INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES=""
LANGFILES=""
diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
--- cups-2.2.6/filter/common.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/filter/common.c 2024-08-15 14:55:07.310818870 +0200
diff -up cups-2.2.5/filter/common.c.lspp cups-2.2.5/filter/common.c
--- cups-2.2.5/filter/common.c.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/filter/common.c 2017-10-17 19:06:19.640228964 +0200
@@ -17,6 +17,12 @@
* Include necessary headers...
*/
@ -222,7 +221,7 @@ diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
+ else
+ {
+#endif /* !WITH_LSPP */
+
+
/*
* Set the classification + page label string...
*/
@ -237,9 +236,9 @@ diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
/*
diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c
--- cups-2.2.6/filter/pstops.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/filter/pstops.c 2024-08-15 14:55:07.311818856 +0200
diff -up cups-2.2.5/filter/pstops.c.lspp cups-2.2.5/filter/pstops.c
--- cups-2.2.5/filter/pstops.c.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/filter/pstops.c 2017-10-17 19:06:19.641228955 +0200
@@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /*
{
const char *classification; /* CLASSIFICATION environment variable */
@ -395,21 +394,21 @@ diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c
/*
diff -up cups-2.2.6/Makedefs.in.lspp cups-2.2.6/Makedefs.in
--- cups-2.2.6/Makedefs.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/Makedefs.in 2024-08-15 14:55:07.310818870 +0200
@@ -145,7 +145,7 @@ ARFLAGS = @ARFLAGS@
BACKLIBS = @BACKLIBS@
BUILDDIRS = @BUILDDIRS@
CFLAGS = @CPPFLAGS@ @CFLAGS@
-COMMONLIBS = @LIBS@
+COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
CXXLIBS = @CXXLIBS@
DBUS_NOTIFIER = @DBUS_NOTIFIER@
diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
--- cups-2.2.6/scheduler/client.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/client.c 2024-08-15 14:55:07.311818856 +0200
diff -up cups-2.2.5/Makedefs.in.lspp cups-2.2.5/Makedefs.in
--- cups-2.2.5/Makedefs.in.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/Makedefs.in 2017-10-17 19:06:19.641228955 +0200
@@ -161,7 +161,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f
@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ)
LINKCUPSIMAGE = @LINKCUPSIMAGE@
-LIBS = $(LINKCUPS) $(COMMONLIBS)
+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
--- cups-2.2.5/scheduler/client.c.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/client.c 2017-10-17 19:06:19.689228556 +0200
@@ -22,12 +22,20 @@
#define _HTTP_NO_PRIVATE
#include "cupsd.h"
@ -465,7 +464,7 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ /*
@ -476,7 +475,7 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon);
@ -491,19 +490,7 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
#ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{
@@ -522,6 +583,11 @@ cupsdCloseClient(cupsd_client_t *con) /*
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -562,6 +628,13 @@ cupsdReadClient(cupsd_client_t *con) /*
@@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con) /*
mime_type_t *type; /* MIME type of file */
cupsd_printer_t *p; /* Printer */
static unsigned request_id = 0; /* Request ID for temp files */
@ -517,10 +504,10 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
status = HTTP_STATUS_CONTINUE;
@@ -1924,7 +1997,73 @@ cupsdReadClient(cupsd_client_t *con) /*
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
@@ -1926,6 +1994,73 @@ cupsdReadClient(cupsd_client_t *con) /*
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
+#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
@ -581,17 +568,17 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
+ cupsdCloseClient(con);
+ return;
+ }
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ con->filename, context_str(tmpcon));
+ context_free(tmpcon);
+ context_free(clicon);
}
+ }
+#endif /* WITH_LSPP */
+ }
+
if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{
@@ -3456,6 +3595,49 @@ is_path_absolute(const char *path) /* I
if (!httpWait(con->http, 0))
@@ -3456,6 +3591,49 @@ is_path_absolute(const char *path) /* I
return (1);
}
@ -641,9 +628,9 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
/*
* 'pipe_command()' - Pipe the output of a command to the remote client.
diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h
--- cups-2.2.6/scheduler/client.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/client.h 2024-08-15 14:55:07.312818843 +0200
diff -up cups-2.2.5/scheduler/client.h.lspp cups-2.2.5/scheduler/client.h
--- cups-2.2.5/scheduler/client.h.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/client.h 2017-10-17 19:06:19.690228548 +0200
@@ -16,6 +16,13 @@
#endif /* HAVE_AUTHORIZATION_H */
@ -669,20 +656,19 @@ diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h
};
#define HTTP(con) ((con)->http)
@@ -139,6 +150,10 @@ extern void cupsdStopListening(void);
@@ -138,6 +149,9 @@ extern void cupsdStartListening(void);
extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */
+
#ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con);
extern int cupsdStartTLS(cupsd_client_t *con);
diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
--- cups-2.2.6/scheduler/conf.c.lspp 2024-08-15 14:55:07.306818923 +0200
+++ cups-2.2.6/scheduler/conf.c 2024-08-15 14:55:07.312818843 +0200
diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c
--- cups-2.2.5/scheduler/conf.c.lspp 2017-10-17 19:06:19.637228989 +0200
+++ cups-2.2.5/scheduler/conf.c 2017-10-17 19:06:19.691228540 +0200
@@ -40,6 +40,9 @@
# define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */
@ -740,7 +726,7 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled");
@@ -1277,7 +1306,19 @@ cupsdReadConfiguration(void)
@@ -1286,7 +1315,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification);
if (Classification)
@ -760,7 +746,7 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
/*
* Check the MaxClients setting, and then allocate memory for it...
@@ -3761,6 +3802,18 @@ read_location(cups_file_t *fp, /* I - C
@@ -3770,6 +3811,18 @@ read_location(cups_file_t *fp, /* I - C
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
@ -779,9 +765,9 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
/*
* 'read_policy()' - Read a <Policy name> definition.
diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h
--- cups-2.2.6/scheduler/conf.h.lspp 2024-08-15 14:55:07.250819672 +0200
+++ cups-2.2.6/scheduler/conf.h 2024-08-15 14:55:07.312818843 +0200
diff -up cups-2.2.5/scheduler/conf.h.lspp cups-2.2.5/scheduler/conf.h
--- cups-2.2.5/scheduler/conf.h.lspp 2017-10-17 19:06:19.585229421 +0200
+++ cups-2.2.5/scheduler/conf.h 2017-10-17 19:06:19.691228540 +0200
@@ -250,6 +250,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
#endif /* HAVE_SSL */
@ -806,10 +792,19 @@ diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h
/*
* Prototypes...
diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h
--- cups-2.2.6/scheduler/cupsd.h.lspp 2024-08-15 14:55:07.298819030 +0200
+++ cups-2.2.6/scheduler/cupsd.h 2024-08-15 14:55:07.312818843 +0200
@@ -36,6 +36,14 @@
diff -up cups-2.2.5/scheduler/cupsd.h.lspp cups-2.2.5/scheduler/cupsd.h
--- cups-2.2.5/scheduler/cupsd.h.lspp 2017-10-17 19:06:19.626229080 +0200
+++ cups-2.2.5/scheduler/cupsd.h 2017-10-17 19:06:19.691228540 +0200
@@ -11,6 +11,8 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
/*
* Include necessary headers.
@@ -36,13 +38,20 @@
# include <unistd.h>
#endif /* WIN32 */
@ -824,17 +819,27 @@ diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h
#include "mime.h"
#if defined(HAVE_CDSASSL)
@@ -248,4 +256,4 @@ extern void cupsdRunTimeout (cupsd_t
extern void cupsdUpdateTimeout (cupsd_timeout_t *timeout,
const struct timeval *tv);
extern void cupsdRemoveTimeout (cupsd_timeout_t *timeout);
-#endif /* HAVE_AVAHI */
\ No newline at end of file
+#endif /* HAVE_AVAHI */
diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
--- cups-2.2.6/scheduler/ipp.c.lspp 2024-08-15 14:55:07.268819431 +0200
+++ cups-2.2.6/scheduler/ipp.c 2024-08-15 14:56:15.961900807 +0200
@@ -37,6 +37,12 @@ extern int mbr_check_membership_by_id(uu
# include <CoreFoundation/CoreFoundation.h>
#endif /* HAVE_CDSASSL */
-
/*
* Some OS's don't have hstrerror(), most notably Solaris...
*/
diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
--- cups-2.2.5/scheduler/ipp.c.lspp 2017-10-17 19:06:19.599229305 +0200
+++ cups-2.2.5/scheduler/ipp.c 2017-10-17 19:06:19.695228506 +0200
@@ -14,6 +14,9 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -37,6 +40,14 @@ extern int mbr_check_membership_by_id(uu
# endif /* HAVE_MEMBERSHIPPRIV_H */
#endif /* __APPLE__ */
@ -843,11 +848,13 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -61,6 +67,9 @@ static void cancel_all_jobs(cupsd_client
@@ -61,6 +72,9 @@ static void cancel_all_jobs(cupsd_client
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient);
@ -857,7 +864,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1286,6 +1295,21 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1286,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl
"time-at-creation",
"time-at-processing"
};
@ -879,7 +886,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1607,6 +1631,106 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1597,6 +1626,106 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL);
}
@ -916,18 +923,18 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else
+ {
@ -986,7 +993,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1615,6 +1739,32 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1605,6 +1734,32 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL);
}
@ -1019,7 +1026,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request;
job->dirty = 1;
@@ -1802,6 +1952,29 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1794,6 +1949,29 @@ add_job(cupsd_client_t *con, /* I - Cl
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
@ -1049,7 +1056,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
job->job_sheets = attr;
@@ -1832,6 +2005,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1824,6 +2002,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
@ -1059,7 +1066,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
}
else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text,
@@ -1850,6 +2026,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1842,6 +2023,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1069,7 +1076,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
}
else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") &&
@@ -1870,6 +2049,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1862,6 +2046,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1079,14 +1086,14 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
}
}
else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1910,9 +2092,55 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1902,8 +2089,52 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
+#ifdef WITH_LSPP
+ override = 1;
+#endif /* WITH_LSPP */
+ }
}
+#ifdef WITH_LSPP
+ if (is_lspp_config() && AuditLog != -1)
+ {
@ -1120,22 +1127,19 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
+ }
+ cupsdClearString(&audit_message);
+ }
}
+ }
+
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
}
+
+#ifdef WITH_LSPP
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
+
+
/*
* See if we need to add the starting sheet...
*/
@@ -3694,6 +3922,128 @@ check_rss_recipient(
@@ -3686,6 +3917,128 @@ check_rss_recipient(
}
@ -1190,8 +1194,8 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init");
+ return -1;
+ }
+ }
+ }
+ }
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
@ -1207,8 +1211,8 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
+ return -1;
+ }
+ avc_entry_ref_init(&avcref);
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "read");
+ tclass = SECCLASS_FILE;
+ avr = FILE__READ;
+
+ /*
+ * Perform the check with the client as the subject, first with the job as the object
@ -1264,7 +1268,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
/*
* 'check_quotas()' - Check quotas for a printer and user.
*/
@@ -4150,6 +4500,15 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4142,6 +4495,15 @@ copy_banner(cupsd_client_t *con, /* I -
char attrname[255], /* Name of attribute */
*s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */
@ -1280,7 +1284,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4185,6 +4544,85 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4177,6 +4539,85 @@ copy_banner(cupsd_client_t *con, /* I -
fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group);
@ -1366,7 +1370,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
/*
* Try the localized banner file under the subdirectory...
@@ -4279,6 +4717,24 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4271,6 +4712,24 @@ copy_banner(cupsd_client_t *con, /* I -
else
s = attrname;
@ -1391,7 +1395,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
if (!strcmp(s, "printer-name"))
{
cupsFilePuts(out, job->dest);
@@ -6467,6 +6923,22 @@ get_job_attrs(cupsd_client_t *con, /* I
@@ -6459,6 +6918,22 @@ get_job_attrs(cupsd_client_t *con, /* I
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
@ -1414,7 +1418,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
/*
* Copy attributes...
*/
@@ -6864,6 +7336,11 @@ get_jobs(cupsd_client_t *con, /* I - C
@@ -6856,6 +7331,11 @@ get_jobs(cupsd_client_t *con, /* I - C
if (username[0] && _cups_strcasecmp(username, job->username))
continue;
@ -1426,7 +1430,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
if (count > 0)
ippAddSeparator(con->response);
@@ -11495,6 +11972,11 @@ validate_user(cupsd_job_t *job, /* I
@@ -11487,6 +11967,11 @@ validate_user(cupsd_job_t *job, /* I
strlcpy(username, get_username(con), userlen);
@ -1438,10 +1442,20 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
/*
* Check the username against the owner...
*/
diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
--- cups-2.2.6/scheduler/job.c.lspp 2024-08-15 14:55:07.278819298 +0200
+++ cups-2.2.6/scheduler/job.c 2024-08-15 14:55:07.316818790 +0200
@@ -26,6 +26,12 @@
diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
--- cups-2.2.5/scheduler/job.c.lspp 2017-10-17 19:06:19.607229238 +0200
+++ cups-2.2.5/scheduler/job.c 2017-10-17 19:06:19.696228498 +0200
@@ -11,6 +11,9 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -26,6 +29,14 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */
@ -1450,11 +1464,13 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Design Notes for Job Management
@@ -547,6 +553,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
@@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
/* PRINTER_STATE_REASONS env var */
rip_max_cache[255];
/* RIP_MAX_CACHE env variable */
@ -1469,7 +1485,7 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1083,6 +1097,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
@@ -1083,6 +1102,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
if (final_content_type[0])
envp[envc ++] = final_content_type;
@ -1488,7 +1504,7 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
+ cupsdClearString(&audit_message);
+ }
+ }
+ else
+ else
+ {
+ jobcon = context_new(job->scon);
+
@ -1537,18 +1553,6 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
if (Classification && !banner_page)
{
if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1464,6 +1539,11 @@ cupsdDeleteJob(cupsd_job_t *job, /
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
ippSetString(job->attrs, &job->reasons, 0, "none");
}
@ -1736,18 +1740,18 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else
+ {
@ -1819,13 +1823,16 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
/*
* Now start the first file in the job...
*/
diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
--- cups-2.2.6/scheduler/job.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/job.h 2024-08-15 14:55:07.316818790 +0200
@@ -11,6 +11,10 @@
diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h
--- cups-2.2.5/scheduler/job.h.lspp 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/job.h 2017-10-17 19:06:19.696228498 +0200
@@ -11,6 +11,13 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
+#ifdef WITH_LSPP
+#include <selinux/selinux.h>
+#endif /* WITH_LSPP */
@ -1833,7 +1840,7 @@ diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
/*
* Constants...
*/
@@ -88,6 +92,10 @@ struct cupsd_job_s /**** Job request *
@@ -88,6 +95,10 @@ struct cupsd_job_s /**** Job request *
int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */
@ -1844,9 +1851,9 @@ diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
};
typedef struct cupsd_joblog_s /**** Job log message ****/
diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
--- cups-2.2.6/scheduler/main.c.lspp 2024-08-15 14:55:07.299819017 +0200
+++ cups-2.2.6/scheduler/main.c 2024-08-15 14:55:07.316818790 +0200
diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c
--- cups-2.2.5/scheduler/main.c.lspp 2017-10-17 19:06:19.637228989 +0200
+++ cups-2.2.5/scheduler/main.c 2017-10-17 19:08:26.642173026 +0200
@@ -56,6 +56,9 @@
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
@ -1867,7 +1874,7 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
#ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */
#else
@@ -508,6 +514,25 @@ main(int argc, /* I - Number of comm
@@ -516,6 +522,25 @@ main(int argc, /* I - Number of comm
exit(errno);
}
@ -1893,7 +1900,7 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
/*
* Let the system know we are busy while we bring up cupsd...
*/
@@ -1219,6 +1244,11 @@ main(int argc, /* I - Number of comm
@@ -1227,6 +1252,11 @@ main(int argc, /* I - Number of comm
cupsdStopSelect();
@ -1905,10 +1912,19 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
return (!stop_scheduler);
}
diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
--- cups-2.2.6/scheduler/printers.c.lspp 2024-08-15 14:55:07.253819632 +0200
+++ cups-2.2.6/scheduler/printers.c 2024-08-15 14:55:07.317818776 +0200
@@ -35,6 +35,10 @@
diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c
--- cups-2.2.5/scheduler/printers.c.lspp 2017-10-17 19:06:19.587229404 +0200
+++ cups-2.2.5/scheduler/printers.c 2017-10-17 19:06:19.697228490 +0200
@@ -11,6 +11,8 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -35,6 +37,10 @@
# include <asl.h>
#endif /* __APPLE__ */
@ -1919,7 +1935,7 @@ diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
/*
* Local functions...
@@ -2212,6 +2216,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
@@ -2212,6 +2218,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */
*filter; /* Current filter */
@ -1933,7 +1949,7 @@ diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
@@ -2339,6 +2350,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
@@ -2339,6 +2352,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]);
}

12
SOURCES/cups-require-cups-socket.patch
View File

@ -1,12 +0,0 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index c02412fb0..18b5e0386 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -2,6 +2,7 @@
Description=CUPS Scheduler
Documentation=man:cupsd(8)
After=network.target nss-user-lookup.target
+Requires=cups.socket
[Service]
ExecStart=@sbindir@/cupsd -l

12
SOURCES/cups-socket-remove-on-stop.patch
View File

@ -1,12 +0,0 @@
diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
index 613b977a6..1deee826a 100644
--- a/scheduler/org.cups.cupsd.socket.in
+++ b/scheduler/org.cups.cupsd.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
+RemoveOnStop=on
[Install]
WantedBy=sockets.target

112
SPECS/cups.spec
View File

@ -22,7 +22,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 66%{?dist}
Release: 57%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -170,48 +170,6 @@ Patch86: cups-preservejob-leak.patch
Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
Patch89: 0001-Fix-domain-socket-handling.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/pull/31
Patch90: cups-require-cups-socket.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
Patch91: cups-socket-remove-on-stop.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
Patch92: cups-check-for-listeners.patch
# RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
Patch93: 0001-mirror-ipp-everywhere-printer-changes-from-master.patch
Patch94: 0001-refactor-make-and-model-code.patch
Patch95: 0001-ppdize-preset-and-template-names.patch
Patch96: 0001-Fix-make-and-model-whitespace-trimming-Issue-1096.patch
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
Patch97: CVE-2025-58060.patch
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
Patch98: CVE-2025-58364.patch
# RHEL-129729 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
# 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
# 0001-Setting-the-timeout-should-also-timeout-the-TLS-nego.patch
# cups-CVE-2025-58436.patch
# 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
Patch99: 0001-_httpWait-s-usessl-parameter-wasn-t-being-used.patch
Patch100: 0001-Setting-the-timeout-should-also-timeout-the-TLS-nego.patch
Patch101: cups-CVE-2025-58436.patch
Patch102: 0001-Fix-an-infinite-loop-issue-in-GTK-Issue-1439.patch
# RHEL-129720 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
# 0001-Fix-various-issues-in-cupsd.patch
# 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
Patch103: 0001-Fix-various-issues-in-cupsd.patch
Patch104: 0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch
# fix use-after-free reported by OSH
# https://github.com/OpenPrinting/cups/pull/1454
Patch105: 0001-scheduler-Fix-possible-use_after_free-in-cupsdReadCl.patch
Patch1000: cups-lspp.patch
@ -519,42 +477,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch87 -p1 -b .message-stderr
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
%patch88 -p1 -b .cupsgetjobs-pollhup
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
%patch89 -p1 -b .cve2024-35235
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/pull/31
%patch90 -p1 -b .cups-require-cups-socket
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
%patch91 -p1 -b .cups-remove-on-stop
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
%patch92 -p1 -b .cups-check-for-listeners
# RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
%patch93 -p1 -b .ippeve-validate
%patch94 -p1 -b .make-model-refact
%patch95 -p1 -b .ppdize-presets
%patch96 -p1 -b .make-model-trim
# RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
%patch97 -p1 -b .cve-2025-58060
# RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
%patch98 -p1 -b .cve-2025-58364
# RHEL-129729 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
%patch99 -p1 -b .use-usessl
%patch100 -p1 -b .timeout-tls
%patch101 -p1 -b .slow-client
%patch102 -p1 -b .gtk-infinite-loop
# RHEL-129720 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
%patch103 -p1 -b .config-issues
%patch104 -p1 -b .ignore-unknown
# fix use-after-free reported by OSH
%patch105 -p1 -b .osh-use-after-free
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -981,38 +903,6 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Fri Dec 12 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-66
- fix use-after-free reported by OSH
* Tue Dec 09 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-65
- RHEL-129729 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
- RHEL-129720 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
* Wed Oct 22 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-64
- RHEL-122045 CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
* Thu Sep 04 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-63
- RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
* Fri Oct 25 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-62
- RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
* Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-61
- RHEL-54038 cups source rpm doesn't actually build lspp support
- fix memory leaks caused by lspp
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-60
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
- Delete the domain socket file after stopping the cups.socket service
- Fix cupsd Listener checks
* Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
- Require cups.socket in cupsd service file
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-58
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57
- revert RHEL-19200 - no new subpackages are needed