Compare commits
11 Commits
Author | SHA1 | Date |
---|---|---|
Zdenek Dohnal | e8eef8ded5 | |
Zdenek Dohnal | 61a3d70231 | |
Zdenek Dohnal | 0f96a790ab | |
Zdenek Dohnal | dd512aa47b | |
Zdenek Dohnal | edfb698cd5 | |
Zdenek Dohnal | f7aa22567f | |
Zdenek Dohnal | bf17baea94 | |
Zdenek Dohnal | 2c5f9f5cc6 | |
Zdenek Dohnal | 1e7b65bf9b | |
Zdenek Dohnal | 1ebb8f29ba | |
Richard Lescak | 21df78564a |
|
@ -0,0 +1 @@
|
|||
1
|
|
@ -0,0 +1,18 @@
|
|||
diff --git a/cups/ppd.c b/cups/ppd.c
|
||||
index 525df3592..54368ac4c 100644
|
||||
--- a/cups/ppd.c
|
||||
+++ b/cups/ppd.c
|
||||
@@ -3430,12 +3430,12 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
|
||||
srctype[256],
|
||||
dstsuper[16], /* Destination MIME media type */
|
||||
dsttype[256],
|
||||
- program[1024], /* Command to run */
|
||||
*ptr, /* Pointer into command to run */
|
||||
buffer[1024], /* Re-written cupsFilter value */
|
||||
**filter; /* Current filter */
|
||||
int cost; /* Cost of filter */
|
||||
|
||||
+ char program[1024] = { 0 }; /* Command to run */
|
||||
|
||||
DEBUG_printf(("4ppd_update_filters(ppd=%p, cg=%p)", ppd, pg));
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From d9924186325c89aefa56e36258f56f246dd2c4ad Mon Sep 17 00:00:00 2001
|
||||
From: Richard Lescak <rlescak@redhat.com>
|
||||
Date: Tue, 11 Jan 2022 10:53:34 +0100
|
||||
Subject: [PATCH] cups/http.c,encode.c: Fix memory leaks
|
||||
|
||||
---
|
||||
CHANGES.md | 3 ++-
|
||||
cups/encode.c | 1 +
|
||||
cups/http.c | 1 +
|
||||
3 files changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cups/encode.c b/cups/encode.c
|
||||
index 5bcbf6fe5..15b1c6b40 100644
|
||||
--- a/cups/encode.c
|
||||
+++ b/cups/encode.c
|
||||
@@ -655,6 +655,7 @@ _cupsEncodeOption(
|
||||
ippSetCollection(ipp, &attr, i, collection);
|
||||
cupsEncodeOptions2(collection, num_cols, cols, IPP_TAG_JOB);
|
||||
cupsFreeOptions(num_cols, cols);
|
||||
+ ippDelete(collection);
|
||||
break;
|
||||
|
||||
default :
|
||||
diff --git a/cups/http.c b/cups/http.c
|
||||
index bd41e6f8e..4b6a24bd3 100644
|
||||
--- a/cups/http.c
|
||||
+++ b/cups/http.c
|
||||
@@ -4624,6 +4624,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */
|
||||
* Restore the HTTP request data...
|
||||
*/
|
||||
|
||||
+ httpClearFields(http);
|
||||
memcpy(http->_fields, myhttp._fields, sizeof(http->_fields));
|
||||
memcpy(http->fields, myhttp.fields, sizeof(http->fields));
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Wed, 6 Apr 2022 15:04:45 +0200
|
||||
Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR
|
||||
|
||||
The current mode for `gnutls_bye()` in client use cases strictly
|
||||
follows TLS v1.2 standard, which in this particular part says:
|
||||
|
||||
```
|
||||
Unless some other fatal alert has been transmitted, each party is
|
||||
required to send a close_notify alert before closing the write
|
||||
side of the connection. The other party MUST respond with a
|
||||
close_notify alert of its own and close down the connection immediately,
|
||||
discarding any pending writes. It is not required for the initiator
|
||||
of the close to wait for the responding close_notify alert before
|
||||
closing the read side of the connection.
|
||||
```
|
||||
|
||||
and waits for the other side of TLS connection to confirm the close.
|
||||
|
||||
Unfortunately it can undesired for reasons:
|
||||
- we support switching of TLS versions in CUPS, and this mode strictly
|
||||
follows TLS v1.2 - so for older version this behavior is not expected
|
||||
and can cause delays
|
||||
- even some TLS v1.2 implementations (like Windows Server 2016) don't
|
||||
comply TLS v1.2 behavior even if it says it does - in that case,
|
||||
encrypted printing takes 30s till HTTP timeout is reached, because the
|
||||
other side didn't send confirmation
|
||||
- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference,
|
||||
so we could end up with two TLS implementations in CUPS which will
|
||||
behave differently
|
||||
|
||||
Since the standard defines that waiting for confirmation is not required
|
||||
and due the problems above, I would propose using GNUTLS_SHUT_WR mode
|
||||
regardless of HTTP mode.
|
||||
---
|
||||
cups/tls-gnutls.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
|
||||
index c55995b2b..f87b4f4df 100644
|
||||
--- a/cups/tls-gnutls.c
|
||||
+++ b/cups/tls-gnutls.c
|
||||
@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */
|
||||
int error; /* Error code */
|
||||
|
||||
|
||||
- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
|
||||
+ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR);
|
||||
if (error != GNUTLS_E_SUCCESS)
|
||||
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
|
||||
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Thu, 26 May 2022 06:27:04 +0200
|
||||
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
|
||||
CVE-2022-26691)
|
||||
|
||||
The previous algorithm didn't expect the strings can have a different
|
||||
length, so one string can be a substring of the other and such substring
|
||||
was reported as equal to the longer string.
|
||||
---
|
||||
CHANGES.md | 1 +
|
||||
scheduler/cert.c | 9 ++++++++-
|
||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scheduler/cert.c b/scheduler/cert.c
|
||||
index b268bf1b2..9b65b96c9 100644
|
||||
--- a/scheduler/cert.c
|
||||
+++ b/scheduler/cert.c
|
||||
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
|
||||
b ++;
|
||||
}
|
||||
|
||||
- return (result);
|
||||
+ /*
|
||||
+ * The while loop finishes when *a == '\0' or *b == '\0'
|
||||
+ * so after the while loop either both *a and *b == '\0',
|
||||
+ * or one points inside a string, so when we apply bitwise OR on *a,
|
||||
+ * *b and result, we get a non-zero return value if the compared strings don't match.
|
||||
+ */
|
||||
+
|
||||
+ return (result | *a | *b);
|
||||
}
|
||||
--
|
||||
2.36.1
|
||||
|
|
@ -154,11 +154,11 @@ index 4498a8c..8776874 100755
|
|||
count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
|
||||
-if test $count != 8; then
|
||||
- echo "FAIL: $count warning messages, expected 8."
|
||||
+if test $count != 10; then
|
||||
+ echo "FAIL: $count warning messages, expected 10."
|
||||
+if test $count != 9; then
|
||||
+ echo "FAIL: $count warning messages, expected 9."
|
||||
$GREP '^W ' $BASE/log/error_log
|
||||
- echo " <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
|
||||
+ echo " <p>FAIL: $count warning messages, expected 10.</p>" >>$strfile
|
||||
+ echo " <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
|
||||
echo " <pre>" >>$strfile
|
||||
$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&/g' -e '1,$s/</</g' >>$strfile
|
||||
echo " </pre>" >>$strfile
|
||||
|
|
41
cups.spec
41
cups.spec
|
@ -17,7 +17,7 @@ Summary: CUPS printing system
|
|||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.3.3%{OP_VER}
|
||||
Release: 11%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: ASL 2.0
|
||||
Url: https://openprinting.github.io/cups/
|
||||
# Apple stopped uploading the new versions into github, use OpenPrinting fork
|
||||
|
@ -103,6 +103,16 @@ Patch26: 0001-cups-http-support.c-Apply-DigestOptions-to-RFC-2069-.patch
|
|||
Patch27: 0001-Add-with-idle-exit-timeout-configure-option.patch
|
||||
# 2018953 - RFE: Implement TimeoutStartSec configuration during build
|
||||
Patch28: 0001-Add-with-systemd-timeoutstartsec-configure-option.patch
|
||||
# Memory leak fixes
|
||||
# https://github.com/OpenPrinting/cups/pull/322
|
||||
Patch29: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
|
||||
# uninitialized value in cups library on ppc64le
|
||||
# https://github.com/OpenPrinting/cups/pull/329
|
||||
Patch30: 0001-cups-fix-uninit-value-jump.patch
|
||||
# 2073268 - 30-second delays printing to Windows 2016 server via HTTPS
|
||||
Patch31: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
|
||||
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
Patch32: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
|
||||
|
||||
##### Patches removed because IMHO they aren't no longer needed
|
||||
##### but still I'll leave them in git in case their removal
|
||||
|
@ -334,6 +344,14 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
|
|||
%patch27 -p1 -b .conf-idleexittimeout
|
||||
# 2018953 - RFE: Implement TimeoutStartSec configuration during build
|
||||
%patch28 -p1 -b .conf-timeoutstartsec
|
||||
# Memory leak fixes
|
||||
%patch29 -p1 -b .memleak-fixes
|
||||
# uninitialized value in PPD CUPS API
|
||||
%patch30 -p1 -b .ppd-memleak
|
||||
# 2073268 - 30-second delays printing to Windows 2016 server via HTTPS
|
||||
%patch31 -p1 -b .gnutlsbye
|
||||
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
%patch32 -p1 -b .cve26691
|
||||
|
||||
|
||||
%if %{lspp}
|
||||
|
@ -710,6 +728,27 @@ rm -f %{cups_serverbin}/backend/smb
|
|||
%{_mandir}/man7/ippeveps.7.gz
|
||||
|
||||
%changelog
|
||||
* Tue May 31 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-18
|
||||
- CVE-2022-26691 cups: authorization bypass when using "local" authorization
|
||||
|
||||
* Fri Apr 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
|
||||
- 2073268 - 30-second delays printing to Windows 2016 server via HTTPS
|
||||
|
||||
* Mon Mar 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16
|
||||
- let ipp-usb recommendation in only for F36+... (bz#2063241,2061851,2061843)
|
||||
|
||||
* Thu Feb 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-15
|
||||
- jump based on uninitialized value in PPD related CUPS API on ppc64le
|
||||
|
||||
* Wed Feb 16 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-14
|
||||
- recommend ipp-usb for devices which support IPP-over-USB
|
||||
|
||||
* Thu Jan 20 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13
|
||||
- Fix number of expected warnings in test suite
|
||||
|
||||
* Wed Jan 12 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-12
|
||||
- Fix memory leaks in http_tls_upgrade() and _cupsEncodeOption()
|
||||
|
||||
* Mon Nov 29 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-11
|
||||
- 2018957 - RFE: Implement IdleExitTimeout configuration during build
|
||||
- 2018953 - RFE: Implement TimeoutStartSec configuration during build
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
#Rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
#gating rhel
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-*
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}
|
|
@ -0,0 +1,6 @@
|
|||
summary: Test plan with cups tests
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/cups.git
|
||||
execute:
|
||||
how: tmt
|
Loading…
Reference in New Issue