diff --git a/backport-Also-fix-cupsfilter.patch b/backport-Also-fix-cupsfilter.patch deleted file mode 100644 index df8c7dc..0000000 --- a/backport-Also-fix-cupsfilter.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3a1a81d7b882c06451a39a19a87aca7ec44742e6 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Wed, 12 Jan 2022 08:33:58 -0500 -Subject: [PATCH] Also fix cupsfilter (Issue #323) - -Reference:https://github.com/OpenPrinting/cups/commit/3a1a81d7b882c06451a39a19a87aca7ec44742e6 - ---- - scheduler/cupsfilter.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/scheduler/cupsfilter.c b/scheduler/cupsfilter.c -index c6dbb8debb..a03e77de76 100644 ---- a/scheduler/cupsfilter.c -+++ b/scheduler/cupsfilter.c -@@ -981,7 +981,6 @@ exec_filters(mime_type_t *srctype, /* I - Source type */ - printer_info[255], /* PRINTER_INFO env variable */ - printer_location[255], /* PRINTER_LOCATION env variable */ - printer_name[255], /* PRINTER env variable */ -- rip_max_cache[1024], /* RIP_MAX_CACHE */ - userenv[1024], /* USER */ - #if CUPS_SNAP - fontconfig_file[1024], /* FONTCONFIG_FILE */ -@@ -1133,7 +1132,6 @@ exec_filters(mime_type_t *srctype, /* I - Source type */ - envp[i ++] = printer_info; - envp[i ++] = printer_location; - envp[i ++] = printer_name; -- envp[i ++] = rip_max_cache; - envp[i ++] = userenv; - envp[i ++] = "CHARSET=utf-8"; - if (final_content_type[0]) diff --git a/backport-CVE-2022-26691.patch b/backport-CVE-2022-26691.patch deleted file mode 100644 index 1152b2d..0000000 --- a/backport-CVE-2022-26691.patch +++ /dev/null @@ -1,34 +0,0 @@ -From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Thu, 26 May 2022 06:27:04 +0200 -Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes - CVE-2022-26691) - -The previous algorithm didn't expect the strings can have a different -length, so one string can be a substring of the other and such substring -was reported as equal to the longer string. - -Reference:https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 - ---- - scheduler/cert.c | 9 ++++++++- - 1 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/scheduler/cert.c b/scheduler/cert.c -index b268bf1b2..9b65b96c9 100644 ---- a/scheduler/cert.c -+++ b/scheduler/cert.c -@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ - b ++; - } - -- return (result); -+ /* -+ * The while loop finishes when *a == '\0' or *b == '\0' -+ * so after the while loop either both *a and *b == '\0', -+ * or one points inside a string, so when we apply logical OR on *a, -+ * *b and result, we get a non-zero return value if the compared strings don't match. -+ */ -+ -+ return (result | *a | *b); - } diff --git a/backport-CVE-2023-32324.patch b/backport-CVE-2023-32324.patch deleted file mode 100644 index c5c2672..0000000 --- a/backport-CVE-2023-32324.patch +++ /dev/null @@ -1,37 +0,0 @@ -From fd8bc2d32589d1fd91fe1c0521be2a7c0462109e Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Thu, 1 Jun 2023 12:04:00 +0200 -Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) - -Reference:https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e -Conflict:NA - ---- - cups/string.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cups/string.c b/cups/string.c -index 93cdad1..5def888 100644 ---- a/cups/string.c -+++ b/cups/string.c -@@ -1,6 +1,7 @@ - /* - * String functions for CUPS. - * -+ * Copyright © 2023 by OpenPrinting. - * Copyright © 2007-2019 by Apple Inc. - * Copyright © 1997-2007 by Easy Software Products. - * -@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ - size_t srclen; /* Length of source string */ - - -+ if (size == 0) -+ return (0); -+ - /* - * Figure out how much room is needed... - */ --- -2.27.0 - diff --git a/backport-CVE-2023-34241.patch b/backport-CVE-2023-34241.patch deleted file mode 100644 index 8f1d863..0000000 --- a/backport-CVE-2023-34241.patch +++ /dev/null @@ -1,65 +0,0 @@ -From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 -From: Rose <83477269+AtariDreams@users.noreply.github.com> -Date: Thu, 1 Jun 2023 11:33:39 -0400 -Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection - -httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. - -We have to log the hostname first. - -Reference:https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 -Conflict:NA ---- - scheduler/client.c | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/scheduler/client.c b/scheduler/client.c -index 91e441188c..327473a4d1 100644 ---- a/scheduler/client.c -+++ b/scheduler/client.c -@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ - /* - * Can't have an unresolved IP address with double-lookups enabled... - */ -- -- httpClose(con->http); -- - cupsdLogClient(con, CUPSD_LOG_WARN, -- "Name lookup failed - connection from %s closed!", -+ "Name lookup failed - closing connection from %s!", - httpGetHostname(con->http, NULL, 0)); - -+ httpClose(con->http); - free(con); - return; - } -@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ - * with double-lookups enabled... - */ - -- httpClose(con->http); -- - cupsdLogClient(con, CUPSD_LOG_WARN, -- "IP lookup failed - connection from %s closed!", -+ "IP lookup failed - closing connection from %s!", - httpGetHostname(con->http, NULL, 0)); -+ -+ httpClose(con->http); - free(con); - return; - } -@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ - - if (!hosts_access(&wrap_req)) - { -- httpClose(con->http); -- - cupsdLogClient(con, CUPSD_LOG_WARN, - "Connection from %s refused by /etc/hosts.allow and " - "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); -+ -+ httpClose(con->http); - free(con); - return; - } - diff --git a/backport-CVE-2023-4504.patch b/backport-CVE-2023-4504.patch deleted file mode 100644 index e254746..0000000 --- a/backport-CVE-2023-4504.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Wed, 20 Sep 2023 14:45:17 +0200 -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 - -We didn't check for end of buffer if it looks there is an escaped -character - check for NULL terminator there and if found, return NULL -as return value and in `ptr`, because a lone backslash is not -a valid PostScript character. - -Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 -Conflict:Patch context adaptation - ---- - cups/raster-interpret.c | 14 +++++++++++++- - 1 files changed, 14 insertions(+) - -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c -index 6fcf731b5..b8655c8c6 100644 ---- a/cups/raster-interpret.c -+++ b/cups/raster-interpret.c -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ - - cur ++; - -- if (*cur == 'b') -+ /* -+ * Return NULL if we reached NULL terminator, a lone backslash -+ * is not a valid character in PostScript. -+ */ -+ -+ if (!*cur) -+ { -+ *ptr = NULL; -+ -+ return (NULL); -+ } -+ -+ if (*cur == 'b') - *valptr++ = '\b'; - else if (*cur == 'f') - *valptr++ = '\f'; - - diff --git a/cups-2.4.0-source.tar.gz b/cups-2.4.7-source.tar.gz similarity index 53% rename from cups-2.4.0-source.tar.gz rename to cups-2.4.7-source.tar.gz index aa8d49f..fea8d37 100644 Binary files a/cups-2.4.0-source.tar.gz and b/cups-2.4.7-source.tar.gz differ diff --git a/cups.spec b/cups.spec index a8e9030..93969fb 100644 --- a/cups.spec +++ b/cups.spec @@ -2,8 +2,8 @@ Name: cups Epoch: 1 -Version: 2.4.0 -Release: 10 +Version: 2.4.7 +Release: 1 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 Url: https://openprinting.github.io/cups/ @@ -24,13 +24,7 @@ Patch8: cups-freebind.patch Patch9: cups-ipp-multifile.patch Patch10: cups-web-devices-timeout.patch -Patch6000: backport-CVE-2022-26691.patch -Patch6001: backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch -Patch6002: backport-Also-fix-cupsfilter.patch -Patch6003: backport-CVE-2023-32324.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch -Patch6005: backport-CVE-2023-34241.patch -Patch6006: backport-CVE-2023-4504.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -452,6 +446,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Fri Dec 29 2023 wangrui - 1:2.4.7-1 +- update to 2.4.7 version + * Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 - fix CVE-2023-4504