update to new upstream

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
1 month ago · 229f51a978
2 changed files with 123 additions and 8 deletions
--- a/SOURCES/cups-deprecate-drivers.patch
+++ b/SOURCES/cups-deprecate-drivers.patch
@ -167,11 +167,11 @@ index 4498a8c..8776874 100755
				@@ -167,11 +167,11 @@ index 4498a8c..8776874 100755
 count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
 -if test $count != 8; then
 -	echo "FAIL: $count warning messages, expected 8."
-+if test $count != 10; then
-+	echo "FAIL: $count warning messages, expected 10."
+if test $count != 9; then
+	echo "FAIL: $count warning messages, expected 9."
 	$GREP '^W ' $BASE/log/error_log
 -	echo "    <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
-+	echo "    <p>FAIL: $count warning messages, expected 10.</p>" >>$strfile
+	echo "    <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
 	echo "    <pre>" >>$strfile
 	$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&amp;/g' -e '1,$s/</&lt;/g' >>$strfile
 	echo "    </pre>" >>$strfile
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@ -7,6 +7,13 @@
				@@ -7,6 +7,13 @@
 # but we use lib for compatibility with 3rd party drivers (at upstream request).
 %global cups_serverbin %{_exec_prefix}/lib/cups

+# we still need something for python2...
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%bcond_without python3
+%else
+%bcond_with python3
+%endif
+
 #%%global prever rc1
 #%%global VERSION %%{version}%%{prever}
 %global VERSION %{version}
@ -17,7 +24,7 @@ Summary: CUPS printing system
				@@ -17,7 +24,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 13%{?dist}.1
+Release: 24%{?dist}
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -26,6 +33,8 @@ Source0: https://github.com/OpenPrinting/cups/releases/download/v%{VERSION}/cups
				@@ -26,6 +33,8 @@ Source0: https://github.com/OpenPrinting/cups/releases/download/v%{VERSION}/cups
 Source1: cupsprinter.png
 # cups_serverbin macro definition for use during builds
 Source2: macros.cups
+# CVE-2023-32360 migration script
+Source3: upgrade_get_document.py.in

 # PAM enablement, very old patch, not even git can track when or why
 # the patch was added.
@ -97,8 +106,32 @@ Patch25: cups-fips-restrict-md5.patch
				@@ -97,8 +106,32 @@ Patch25: cups-fips-restrict-md5.patch
 # Memory leak fixes (bug #1964975)
 # https://github.com/OpenPrinting/cups/pull/322
 Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
+# 2073266 - 30-second delays printing to Windows 2016 server via HTTPS
+Patch27: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
+# 2091997 - manpage update to acknowledge order dependency of -h option
+Patch28: 0001-Update-man-pages-for-h-option-Issue-357.patch
 # CVE-2022-26691 cups: authorization bypass when using "local" authorization
-Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
+Patch29: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
+# 2189919 - CGI scripts don't work with local Negotiate authentication
+Patch30: cups-local-negotiate.patch
+# 2217177 - Delays printing to lpd when reserved ports are exhausted
+Patch31: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
+# 2217284 - The command "cancel -x <job>" does not remove job files
+Patch32: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
+# 2217954 - Enlarge backlog queue for listen() in cupsd
+Patch33: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
+# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+Patch35: 0001-cups-strlcpy-handle-zero-size.patch
+# CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
+Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+Patch37: cups-preservejobfiles-leak.patch
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch


 ##### Patches removed because IMHO they aren't no longer needed
@ -165,6 +198,13 @@ Requires(post): grep, sed
				@@ -165,6 +198,13 @@ Requires(post): grep, sed
 Requires(preun): systemd
 Requires(postun): systemd

+# for upgrade-get-document script
+%if %{with python3}
+Requires(post): python3
+%else
+Requires(post): python
+%endif
+

 %package client
 Summary: CUPS printing system - client programs
@ -327,9 +367,32 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
				@@ -327,9 +367,32 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch25 -p1 -b .restrict-md5
 # 1964975 - Memory leak fixes
 %patch26 -p1 -b .memleak-fixes
+# 2073266 - 30-second delays printing to Windows 2016 server via HTTPS
+%patch27 -p1 -b .gnutlsbye
+# 2091997 - manpage update to acknowledge order dependency of -h option
+%patch28 -p1 -b .manpage-update
 # CVE-2022-26691 cups: authorization bypass when using "local" authorization
-%patch27 -p1 -b .cve26691
-
+%patch29 -p1 -b .cve26691
+# 2189919 - CGI scripts don't work with local Negotiate authentication
+%patch30 -p1 -b .local-negotiate
+# 2217177 - Delays printing to lpd when reserved ports are exhausted
+%patch31 -p1 -b .lpd-delay
+# 2217284 - The command "cancel -x <job>" does not remove job files
+%patch32 -p1 -b .purge-job
+# 2217954 - Enlarge backlog queue for listen() in cupsd
+%patch33 -p1 -b .listen-backlog
+# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+%patch34 -p1 -b .cve34241
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+%patch35 -p1 -b .cve32324
+# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
+%patch36 -p1 -b .get-document-auth
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+%patch37 -p1 -b .preservejobfiles-leak
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+%patch38 -p1 -b .log-stderr
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+%patch39 -p1 -b .cupsgetjobs-pollhup

 %if %{lspp}
 # LSPP support.
@ -493,6 +556,15 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
				@@ -493,6 +556,15 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
 /^\([^%].*\)/d
 ' > %{name}.lang

+# install get-document upgrade script
+install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/upgrade_get_document
+
+%if %{with python3}
+  sed -i 's,@PYTHON_SHEBANG@,#!/usr/bin/python3,' %{buildroot}%{_sbindir}/upgrade_get_document
+%else
+  sed -i 's,@PYTHON_SHEBANG@,#!/usr/bin/python,' %{buildroot}%{_sbindir}/upgrade_get_document
+%endif
+
 %post
 %systemd_post %{name}.path %{name}.socket %{name}.service

@ -540,6 +612,8 @@ do
				@@ -540,6 +612,8 @@ do
 done
 %endif

+%{_sbindir}/upgrade_get_document
+
 exit 0

 %post client
@ -753,9 +827,50 @@ rm -f %{cups_serverbin}/backend/smb
				@@ -753,9 +827,50 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz

 %changelog
-* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1
+* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24
+- revert RHEL-19205 - new packages are not needed
+
+* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-23
+- RHEL-19205 Recommend new cups-filters subpackages with weak dep for better upgrade exp
+- RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+
+* Thu Nov 02 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-22
+- RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+- RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+
+* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21
+- bump the spec because the previous build was made with buildroot 9.2
+
+* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-20
+- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
+
+* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
+- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+
+* Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
+- 2217177 - Delays printing to lpd when reserved ports are exhausted
+- 2217284 - The command "cancel -x <job>" does not remove job files
+- 2217954 - Enlarge backlog queue for listen() in cupsd
+
+* Wed Apr 26 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-18
+- 2189919 - CGI scripts don't work with local Negotiate authentication
+
+* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
+- RHEL-314 - Enable fmf tests in centos stream
+
+* Thu Mar 23 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
+- RHEL-317 - upstream test suite fails due uncorrect number of expected warnings
+
+* Thu Jun 16 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16
 - CVE-2022-26691 cups: authorization bypass when using "local" authorization

+* Fri Jun 10 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-15
+- 2091997 - update man pages to mention order dependency of -h option
+
+* Fri Apr 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-14
+- 2073266 - 30-second delays printing to Windows 2016 server via HTTPS
+
 * Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13
 - 1964975 - added fix for uninit jump into the leaks patch