mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
cups: Fix for CVE-2025-58060 and CVE-2025-58364
Upstream-Status: Backport from595d691075&e58cba9d6f(From OE-Core rev: 6f3b7e6efdf14d080b74a48d8cdc445255e9025f) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
Steve Sakoman
parent
d4f27582ea
commit
c0775e4999
|
|
@ -15,6 +15,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
|
|||
file://0004-cups-fix-multilib-install-file-conflicts.patch \
|
||||
file://volatiles.99_cups \
|
||||
file://cups-volatiles.conf \
|
||||
file://CVE-2025-58060.patch \
|
||||
file://CVE-2025-58364.patch \
|
||||
"
|
||||
|
||||
GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
|
||||
|
|
|
|||
60
meta/recipes-extended/cups/cups/CVE-2025-58060.patch
Normal file
60
meta/recipes-extended/cups/cups/CVE-2025-58060.patch
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
From 595d691075b1d396d2edfaa0a8fd0873a0a1f221 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Thu, 11 Sep 2025 14:44:59 +0200
|
||||
Subject: [PATCH] cupsd: Block authentication using alternate method
|
||||
|
||||
Fixes: CVE-2025-58060
|
||||
|
||||
Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221]
|
||||
CVE: CVE-2025-58060
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
scheduler/auth.c | 21 ++++++++++++++++++++-
|
||||
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scheduler/auth.c b/scheduler/auth.c
|
||||
index 5fa53644d..3c9aa72aa 100644
|
||||
--- a/scheduler/auth.c
|
||||
+++ b/scheduler/auth.c
|
||||
@@ -513,6 +513,16 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
|
||||
int userlen; /* Username:password length */
|
||||
|
||||
|
||||
+ /*
|
||||
+ * Only allow Basic if enabled...
|
||||
+ */
|
||||
+
|
||||
+ if (type != CUPSD_AUTH_BASIC)
|
||||
+ {
|
||||
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled.");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
authorization += 5;
|
||||
while (isspace(*authorization & 255))
|
||||
authorization ++;
|
||||
@@ -558,7 +568,6 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
|
||||
* Validate the username and password...
|
||||
*/
|
||||
|
||||
- if (type == CUPSD_AUTH_BASIC)
|
||||
{
|
||||
#if HAVE_LIBPAM
|
||||
/*
|
||||
@@ -727,6 +736,16 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
|
||||
/* Output token for username */
|
||||
gss_name_t client_name; /* Client name */
|
||||
|
||||
+ /*
|
||||
+ * Only allow Kerberos if enabled...
|
||||
+ */
|
||||
+
|
||||
+ if (type != CUPSD_AUTH_NEGOTIATE)
|
||||
+ {
|
||||
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled.");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
# ifdef __APPLE__
|
||||
/*
|
||||
* If the weak-linked GSSAPI/Kerberos library is not present, don't try
|
||||
61
meta/recipes-extended/cups/cups/CVE-2025-58364.patch
Normal file
61
meta/recipes-extended/cups/cups/CVE-2025-58364.patch
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
From e58cba9d6fceed4242980e51dbd1302cf638ab1d Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Thu, 11 Sep 2025 14:53:49 +0200
|
||||
Subject: [PATCH] libcups: Fix handling of extension tag in `ipp_read_io()`
|
||||
|
||||
Fixes: CVE-2025-58364
|
||||
|
||||
Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d]
|
||||
CVE: CVE-2025-58364
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
cups/ipp.c | 26 +-------------------------
|
||||
1 file changed, 1 insertion(+), 25 deletions(-)
|
||||
|
||||
diff --git a/cups/ipp.c b/cups/ipp.c
|
||||
index 47ba9fa..9b7bf3f 100644
|
||||
--- a/cups/ipp.c
|
||||
+++ b/cups/ipp.c
|
||||
@@ -2949,31 +2949,6 @@ ippReadIO(void *src, /* I - Data source */
|
||||
*/
|
||||
|
||||
tag = (ipp_tag_t)buffer[0];
|
||||
- if (tag == IPP_TAG_EXTENSION)
|
||||
- {
|
||||
- /*
|
||||
- * Read 32-bit "extension" tag...
|
||||
- */
|
||||
-
|
||||
- if ((*cb)(src, buffer, 4) < 4)
|
||||
- {
|
||||
- DEBUG_puts("1ippReadIO: Callback returned EOF/error");
|
||||
- goto rollback;
|
||||
- }
|
||||
-
|
||||
- tag = (ipp_tag_t)((buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]);
|
||||
-
|
||||
- if (tag & IPP_TAG_CUPS_CONST)
|
||||
- {
|
||||
- /*
|
||||
- * Fail if the high bit is set in the tag...
|
||||
- */
|
||||
-
|
||||
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1);
|
||||
- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag));
|
||||
- goto rollback;
|
||||
- }
|
||||
- }
|
||||
|
||||
if (tag == IPP_TAG_END)
|
||||
{
|
||||
@@ -3196,6 +3171,7 @@ ippReadIO(void *src, /* I - Data source */
|
||||
|
||||
if ((*cb)(src, buffer, (size_t)n) < n)
|
||||
{
|
||||
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1);
|
||||
DEBUG_puts("1ippReadIO: unable to read name.");
|
||||
goto rollback;
|
||||
}
|
||||
--
|
||||
2.25.1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user