diff --git a/cups b/cups index 73ab572..bcac86f 160000 --- a/cups +++ b/cups @@ -1 +1 @@ -Subproject commit 73ab5722ab4c73de5d2ffb013a8de9ec0cdf14ae +Subproject commit bcac86f70c38d6b023a84206cb232ad220fbaaca diff --git a/elemental-operator b/elemental-operator index 2386fd7..eef686f 160000 --- a/elemental-operator +++ b/elemental-operator @@ -1 +1 @@ -Subproject commit 2386fd7c84bacca2c42c4407991ce5c3d9f955de +Subproject commit eef686ff269c7d5cf17fa9c6fe40c14fbf0dce3a diff --git a/patchinfo.20241113112528922506.269002615871826/_patchinfo b/patchinfo.20241113112528922506.269002615871826/_patchinfo new file mode 100644 index 0000000..01bf569 --- /dev/null +++ b/patchinfo.20241113112528922506.269002615871826/_patchinfo @@ -0,0 +1,252 @@ + + + cups 2.4.7 in Tumbleweed snapshot 20240131 requires "group(ntadmin)" and pulls in samba as the only provider. + VUL-0: CVE-2024-35235: cups: Listen port arbitrary chmod 0140777 + + + + + + jsmeix + important + security + Security update for cups + This update for cups fixes the following issues: + +- Version upgrade to 2.4.11: + See https://github.com/openprinting/cups/releases + CUPS 2.4.11 brings several bug fixes regarding IPP response + validation, processing PPD values, Web UI support + (checkbox support, modifying printers) and others fixes. + Detailed list (from CHANGES.md): + * Updated the maximum file descriptor limit + for `cupsd` to 64k-1 (Issue #989) + * Fixed `lpoptions -d` with a discovered + but not added printer (Issue #833) + * Fixed incorrect error message for HTTP/IPP errors (Issue #893) + * Fixed JobPrivateAccess and SubscriptionPrivateAccess support + for "all" (Issue #990) + * Fixed issues with cupsGetDestMediaByXxx (Issue #993) + * Fixed adding and modifying of printers + via the web interface (Issue #998) + * Fixed HTTP PeerCred authentication + for domain users (Issue #1001) + * Fixed checkbox support (Issue #1008) + * Fixed printer state notifications (Issue #1013) + * Fixed IPP Everywhere printer setup (Issue #1033) + Issues are those at https://github.com/OpenPrinting/cups/issues + In particular CUPS 2.4.11 contains those commit regarding + IPP response validation and processing PPD values: + * "Quote PPD localized strings" + https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd + plus a cleanup to "Fix warnings for unused vars" + https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b + +- Version upgrade to 2.4.10: + See https://github.com/openprinting/cups/releases + CUPS 2.4.10 brings two fixes: + * Fixed error handling when reading a mixed 1setOf attribute. + * Fixed scheduler start if there is only domain socket + to listen on (Issue #985) which is fix for regression + after fix for CVE-2024-35235 in scenarios where is + no other listeners in cupsd.conf than domain socket + created on demand by systemd, launchd or upstart. + Issues are those at https://github.com/OpenPrinting/cups/issues +- Version upgrade to 2.4.9: + See https://github.com/openprinting/cups/releases + CUPS 2.4.9 brings security fix for CVE-2024-35235 and + several bug fixes regarding CUPS Web User Interface, + PPD generation and HTTP protocol implementation. + Detailed list (from CHANGES.md): + * Fixed domain socket handling (CVE-2024-35235) + * Fixed creating of `cupsUrfSupported` PPD keyword + (Issue #952) + * Fixed searching for destinations in web ui (Issue #954) + * Fixed TLS negotiation using OpenSSL with servers + that require the TLS SNI extension. + * Really raised `cups_enum_dests()` timeout for listing + available IPP printers (Issue #751)... + * Fixed `Host` header regression (Issue #967) + * Fixed DNS-SD lookups of local services with Avahi + (Issue #970) + * Fixed listing jobs in destinations in web ui. + (Apple issue #6204) + * Fixed showing search query in web ui help page. + (Issue #977) + Issues are those at https://github.com/OpenPrinting/cups/issues + Apple issues are those at https://github.com/apple/cups/issues + +- Update to version 2.4.8: + See https://github.com/openprinting/cups/releases + CUPS 2.4.8 brings many bug fixes which aggregated over the last + half a year. It brings the important fix for race conditions + and errors which can happen when installing permanent + IPP Everywhere printer, support for PAM modules password-auth + and system-auth and new option for lpstat which can show only + the successful jobs. + Detailed list (from CHANGES.md): + * Added warning if the device has to be asked for + 'all,media-col-database' separately (Issue #829) + * Added new value for 'lpstat' option '-W' - successfull - for + getting successfully printed jobs (Issue #830) + * Added support for PAM modules password-auth + and system-auth (Issue #892) + * Updated IPP Everywhere printer creation error + reporting (Issue #347) + * Updated and documented the MIME typing buffering + limit (Issue #925) + * Raised 'cups_enum_dests()' timeout for listing + available IPP printers (Issue #751) + * Now report an error for temporary printer defaults + with lpadmin (Issue #237) + * Fixed mapping of PPD InputSlot, MediaType, + and OutputBin values (Issue #238) + * Fixed "document-unprintable-error" handling (Issue #391) + * Fixed the web interface not showing an error + for a non-existent printer (Issue #423) + * Fixed printing of jobs with job name longer than 255 chars + on older printers (Issue #644) + * Really backported fix for Issue #742 + * Fixed 'cupsCopyDestInfo' device connection + detection (Issue #586) + * Fixed "Upgrade" header handling when there is + no TLS support (Issue #775) + * Fixed memory leak when unloading a job (Issue #813) + * Fixed memory leak when creating color profiles (Issue #815) + * Fixed a punch finishing bug in the IPP Everywhere + support (Issue #821) + * Fixed crash in 'scan_ps()' if incoming argument + is NULL (Issue #831) + * Fixed setting job state reasons for successful + jobs (Issue #832) + * Fixed infinite loop in IPP backend if hostname + is IP address with Kerberos (Issue #838) + * Added additional check on socket if 'revents' from 'poll()' + returns POLLHUP together with POLLIN or POLLOUT + in 'httpAddrConnect2()' (Issue #839) + * Fixed crash in 'ppdEmitString()' if 'size' is NULL (Issue #850) + * Fixed reporting 'media-source-supported' when + sharing printer which has numbers as strings instead of + keywords as 'InputSlot' values (Issue #859) + * Fixed IPP backend to support the "print-scaling" option + with IPP printers (Issue #862) + * Fixed potential race condition for the creation + of temporary queues (Issue #871) + * Fixed 'httpGets' timeout handling (Issue #879) + * Fixed checking for required attributes during + PPD generation (Issue #890) + * Fixed encoding of IPv6 addresses in HTTP requests (Issue #903) + * Fixed sending response headers to client (Issue #927) + * Fixed CGI program initialization and validation + of form checkbox and text fields. + Issues are those at https://github.com/OpenPrinting/cups/issues + +- Version upgrade to 2.4.7: + See https://github.com/openprinting/cups/releases + CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 + and several other changes, among them it is + adding OpenSSL support for cupsHashData function and bug fixes. + Detailed list: + * CVE-2023-4504 - Fixed Heap-based buffer overflow when + reading Postscript in PPD files + * Added OpenSSL support for cupsHashData (Issue #762) + * Fixed delays in lpd backend (Issue #741) + * Fixed extensive logging in scheduler (Issue #604) + * Fixed hanging of lpstat on IBM AIX (Issue #773) + * Fixed hanging of lpstat on Solaris (Issue #156) + * Fixed printing to stderr if we can't open cups-files.conf + (Issue #777) + * Fixed purging job files via cancel -x (Issue #742) + * Fixed RFC 1179 port reserving behavior in LPD backend + (Issue #743) + * Fixed a bug in the PPD command interpretation code + (Issue #768) + Issues are those at https://github.com/OpenPrinting/cups/issues +- Version upgrade to 2.4.6: + See https://github.com/openprinting/cups/releases + CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 + and two other bug fixes. + Detailed list: + * Fix linking error on old MacOS (Issue #715) + * Fix printing multiple files on specific printers (Issue #643) + * Fix use-after-free when logging warnings in case of failures + in cupsdAcceptClient() (fixes CVE-2023-34241) + Issues are those at https://github.com/OpenPrinting/cups/issues +- Version upgrade to 2.4.5: + See https://github.com/openprinting/cups/releases + CUPS 2.4.5 is a hotfix release for a bug which corrupted + locally saved certificates, which broke secured printing + via TLS after the first print job. +- Version upgrade to 2.4.4: + See https://github.com/openprinting/cups/releases + CUPS 2.4.4 release is created as a hotfix for segfault + in cupsGetNamedDest(), when caller tries to find + the default destination and the default destination + is not set on the machine. +- Version upgrade to 2.4.3: + See https://github.com/openprinting/cups/releases + CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements + and many bug fixes. CUPS now implements fallback for printers + with broken firmware, which is not capable of answering + to IPP request get-printer-attributes with all, + media-col-database - this enables driverless support for + bunch of printers which don't follow IPP Everywhere standard. + Aside from the CVE fix the most important fixes are around color + settings, printer application support fixes and OpenSSL support. + Detailed list of changes: + * Added a title with device uri for found network printers + (Issues #402, #393) + * Added new media sizes defined by IANA (Issues #501) + * Added quirk for GoDEX label printers (Issue #440) + * Fixed --enable-libtool-unsupported (Issue #394) + * Fixed configuration on RISC-V machines (Issue #404) + * Fixed the device_uri invalid pointer for driverless printers + with .local hostname (Issue #419) + * Fixed an OpenSSL crash bug (Issue #409) + * Fixed a potential SNMP OID value overflow issue (Issue #431) + * Fixed an OpenSSL certificate loading issue (Issue #465) + * Fixed Brazilian Portuguese translations (Issue #288) + * Fixed cupsd default keychain location when building + with OpenSSL (Issue #529) + * Fixed default color settings for CMYK printers as well + (Issue #500) + * Fixed duplicate PPD2IPP media-type names (Issue #688) + * Fixed possible heap buffer overflow in _cups_strlcpy() + (fixes CVE-2023-32324) + * Fixed InputSlot heuristic for photo sizes smaller than 5x7" + if there is no media-source in the request (Issue #569) + * Fixed invalid memory access during generating IPP Everywhere + queue (Issue #466) + * Fixed lprm if no destination is provided (Issue #457) + * Fixed memory leaks in create_local_bg_thread() (Issue #466) + * Fixed media size tolerance in ippeveprinter (Issue #487) + * Fixed passing command name without path into ippeveprinter + (Issue #629) + * Fixed saving strings file path in printers.conf (Issue #710) + * Fixed TLS certificate generation bugs (Issue #652) + * ippDeleteValues would not delete the last value (Issue #556) + * Ignore some of IPP defaults if the application sends + its PPD alternative (Issue #484) + * Make Letter the default size in ippevepcl (Issue #543) + * Now accessing Admin page in Web UI requires authentication + (Issue #518) + * Now look for default printer on network if needed (Issue #452) + * Now we poll media-col-database separately if we fail at first + (Issue #599) + * Now report fax attributes and values as needed (Issue #459) + * Now localize HTTP responses using the Content-Language value + (Issue #426) + * Raised file size limit for importing PPD via Web UI + (Issue #433) + * Raised maximum listen backlog size to INT MAX (Issue #626) + * Update print-color-mode if the printer is modified + via ColorModel PPD option (Issue #451) + * Use localhost when printing via printer application + (Issue #353) + * Write defaults into /etc/cups/lpoptions if we're root + (Issue #456) + Issues are those at https://github.com/OpenPrinting/cups/issues + + cups + +