From c2486be5df1d5e36b07aa6963fe9c8b35795ec7a94d19d07e485fde0cc3eb041 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Mon, 30 May 2022 08:55:44 +0000 Subject: [PATCH] Accepting request 979802 from home:jsmeix:branches:Printing CUPS version upgrade to 2.4.2 which includes a fix for CVE-2022-26691 (#bsc1199474) OBS-URL: https://build.opensuse.org/request/show/979802 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=387 --- cups-2.4.1-source.tar.gz | 3 -- cups-2.4.1-source.tar.gz.sig | Bin 119 -> 0 bytes cups-2.4.2-source.tar.gz | 3 ++ cups-2.4.2-source.tar.gz.sig | Bin 0 -> 118 bytes cups.changes | 46 +++++++++++++++++++++++++++ cups.spec | 14 ++++---- downgrade-autoconf-requirement.patch | 10 +++--- 7 files changed, 60 insertions(+), 16 deletions(-) delete mode 100644 cups-2.4.1-source.tar.gz delete mode 100644 cups-2.4.1-source.tar.gz.sig create mode 100644 cups-2.4.2-source.tar.gz create mode 100644 cups-2.4.2-source.tar.gz.sig diff --git a/cups-2.4.1-source.tar.gz b/cups-2.4.1-source.tar.gz deleted file mode 100644 index 30c5a01..0000000 --- a/cups-2.4.1-source.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c7339f75f8d4f2dec50c673341a45fc06b6885bb6d4366d6bf59a4e6c10ae178 -size 8113914 diff --git a/cups-2.4.1-source.tar.gz.sig b/cups-2.4.1-source.tar.gz.sig deleted file mode 100644 index a27b14870d947ab93b7bd19ac5fe17a354f32ff6317e4cf184d31e0da9d815e5..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGVvrS6WGQG`u#`)0QVPFC!-FS5x@Tsq$*)ws%|`?o8=>BCA#V>{Ekp`(|z0h?b<>mhVM?s3Qs59jEksl>xdRT9&E!s ThiTSrGvSN>550I({g4d+Qe-i1 literal 0 HcmV?d00001 diff --git a/cups.changes b/cups.changes index 140a9d4..7e3b197 100644 --- a/cups.changes +++ b/cups.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Mon May 30 08:12:20 UTC 2022 - jsmeix@suse.de + +- Version upgrade to 2.4.2: + See https://github.com/openprinting/cups/releases + CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474) + together with LibreSSL/OpenSSL and minimal AIX support. + * Fixed certificate strings comparison + for Local authorization (CVE-2022-26691) + * The `cupsFileOpen` function no longer opens files + for append in read-write mode (Issue #291) + * The cupsd daemon removed processing temporary + queue (Issue #364) + * Fixed delay in IPP backend if GNUTLS is used and endpoint + doesn't confirm closing the connection (Issue #365) + * Fixed conditional jump based on uninitialized value + in cups/ppd.c (Issue #329) + * Fixed CSS related issues in CUPS Web UI (Issue #344) + * Fixed copyright in CUPS Web UI trailer template (Issue #346) + * mDNS hostname in device uri is not resolved when installaling + a permanent IPP Everywhere queue (Issues #340, #343) + * The `lpstat` command now reports when the scheduler + is not running (Issue #352) + * Updated the man pages concerning the `-h` option (Issue #357) + * Re-added LibreSSL/OpenSSL support (Issue #362) + * Updated the Solaris smf service file (Issue #368) + * Fixed a regression in lpoptions option support (Issue #370) + * The scheduler now regenerates the PPD cache information after + changing the "cupsd.conf" file (Issue #371) + * Updated the scheduler to set "auth-info-required" + to "username,password" if a backend reports it needs + authentication info but doesn't set a method + for authentication (Issue #373) + * Updated the configure script to look for the OpenSSL library + the old way if pkg-config is not available (Issue #375) + * Fixed the prototype for the `httpWriteResponse` + function (Issue #380) + * Brought back minimal AIX support (Issue #389) + * `cupsGetResponse` did not always set the last error. + * Fixed a number of old references to the Apple CUPS web page. + * Restored the default/generic printer icon file + for the web interface. + * Removed old stylesheet classes that are no longer used + by the web interface. +- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2 + ------------------------------------------------------------------- Mon Apr 4 12:45:16 UTC 2022 - jsmeix@suse.de diff --git a/cups.spec b/cups.spec index 70800e2..3d61a0d 100644 --- a/cups.spec +++ b/cups.spec @@ -30,18 +30,18 @@ Name: cups # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.4.1 +Version: 2.4.2 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: https://openprinting.github.io/cups # To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz -Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz +# wget --no-check-certificate -O cups-2.4.2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig -Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig +# wget --no-check-certificate -O cups-2.4.2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz.sig # To make Source2 use e.g. # gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 # gpg --export --armor 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 >cups.keyring @@ -51,7 +51,7 @@ Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring # gpg --list-keys | grep -1 'Zdenek Dohnal' -# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz +# gpg --verify cups-2.4.2-source.tar.gz.sig cups-2.4.2-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz @@ -318,7 +318,7 @@ printer drivers for CUPS. %patch107 -p1 -b harden_cups.service.orig # Patch108 downgrade-autoconf-requirement.patch # downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: -%patch108 -p1 -b downgrade-autoconf-requirement.orig +%patch108 -b downgrade-autoconf-requirement.orig %build # Remove ".SILENT" rule for verbose build output diff --git a/downgrade-autoconf-requirement.patch b/downgrade-autoconf-requirement.patch index f7cb617..c205f32 100644 --- a/downgrade-autoconf-requirement.patch +++ b/downgrade-autoconf-requirement.patch @@ -1,8 +1,6 @@ -diff --git a/configure.ac b/configure.ac -index a8c6c1040..6ace74a8d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more +--- configure.ac.orig 2022-05-26 08:17:21.000000000 +0200 ++++ configure.ac 2022-05-30 10:26:29.258674533 +0200 +@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. dnl information. dnl @@ -12,4 +10,4 @@ index a8c6c1040..6ace74a8d 100644 +AC_PREREQ([2.69]) dnl Package name and version... - AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) + AC_INIT([CUPS],[2.4.2],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])