diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-09-21 19:19:07 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-09-22 06:59:46 +0200 |
commit | 5a04d2d705926c4691d26307b0125cfb290e6ee7 (patch) | |
tree | d72b5ffbc568245cbd2b3992eb815f4128a52e3d /source | |
parent | bae5a7d8587d3c1c7fd0ca466a80bb744833c012 (diff) | |
download | current-5a04d2d705926c4691d26307b0125cfb290e6ee7.tar.gz current-5a04d2d705926c4691d26307b0125cfb290e6ee7.tar.xz |
Wed Sep 21 19:19:07 UTC 202220220921191907
ap/cups-2.4.2-x86_64-3.txz: Rebuilt.
Fixed crash when using the CUPS web setup interface:
[PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
it (Issue #409).
Thanks to MisterL, bryjen, and kjhambrick.
Fixed an OpenSSL certificate loading issue:
[PATCH] The OpenSSL code path wasn't loading the full certificate
chain (Issue #465).
Thanks to tmmukunn.
Diffstat (limited to 'source')
-rw-r--r-- | source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch | 36 | ||||
-rw-r--r-- | source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch | 36 | ||||
-rwxr-xr-x | source/ap/cups/cups.SlackBuild | 9 | ||||
-rw-r--r-- | source/n/nghttp2/nghttp2.url | 1 |
4 files changed, 81 insertions, 1 deletions
diff --git a/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch b/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch new file mode 100644 index 000000000..f38baf8a7 --- /dev/null +++ b/source/ap/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch @@ -0,0 +1,36 @@ +From c0c403744b1bf4a9790a8fcaabcd60970cbefe06 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sweet@gmail.com> +Date: Tue, 7 Jun 2022 13:45:29 -0400 +Subject: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after + freeing it (Issue #409) + +--- + CHANGES.md | 1 + + cups/tls-openssl.c | 2 ++ + 2 files changed, 3 insertions(+) + +#diff --git a/CHANGES.md b/CHANGES.md +#index 8b78b003fa..befbf3ab44 100644 +#--- a/CHANGES.md +#+++ b/CHANGES.md +#@@ -6,6 +6,7 @@ Changes in CUPS v2.4.3 (TBA) +# +# - Added a title with device uri for found network printers (Issues #402, #393) +# - Fixed configuration on RISC-V machines (Issue #404) +#+- Fixed an OpenSSL crash bug (Issue #409) +# +# +# Changes in CUPS v2.4.2 (26th May 2022) +diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c +index c3e57742e8..6db9f8a9c2 100644 +--- a/cups/tls-openssl.c ++++ b/cups/tls-openssl.c +@@ -1152,6 +1152,8 @@ _httpTLSStop(http_t *http) // I - Connection to server + SSL_shutdown(http->tls); + SSL_CTX_free(context); + SSL_free(http->tls); ++ ++ http->tls = NULL; + } + + diff --git a/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch b/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch new file mode 100644 index 000000000..572ca0717 --- /dev/null +++ b/source/ap/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch @@ -0,0 +1,36 @@ +From cd84d7fde692237af4996d4a0e985a3eb4a293f0 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sweet@gmail.com> +Date: Mon, 5 Sep 2022 09:20:03 -0400 +Subject: [PATCH] The OpenSSL code path wasn't loading the full certificate + chain (Issue #465) + +--- + CHANGES.md | 1 + + cups/tls-openssl.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +#diff --git a/CHANGES.md b/CHANGES.md +#index f96677675a..81aef4e680 100644 +#--- a/CHANGES.md +#+++ b/CHANGES.md +#@@ -12,6 +12,7 @@ Changes in CUPS v2.4.3 (TBA) +# hostname (Issue #419) +# - Fixed an OpenSSL crash bug (Issue #409) +# - Fixed a potential SNMP OID value overflow issue (Issue #431) +#+- Fixed an OpenSSL certificate loading issue (Issue #465) +# - Look for default printer on network if needed (Issue ##452) +# - Now localize HTTP responses using the Content-Language value (Issue #426) +# - Raised file size limit for importing PPD via Web UI (Issue #433) +diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c +index ceb3abaedc..acc10fc420 100644 +--- a/cups/tls-openssl.c ++++ b/cups/tls-openssl.c +@@ -1055,7 +1055,7 @@ _httpTLSStart(http_t *http) // I - Connection to server + } + + SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM); +- SSL_CTX_use_certificate_file(context, crtfile, SSL_FILETYPE_PEM); ++ SSL_CTX_use_certificate_chain_file(context, crtfile); + } + + // Set TLS options... diff --git a/source/ap/cups/cups.SlackBuild b/source/ap/cups/cups.SlackBuild index 172af643d..1565cb15c 100755 --- a/source/ap/cups/cups.SlackBuild +++ b/source/ap/cups/cups.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cups VERSION=${VERSION:-$(echo $PKGNAM-2*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -81,6 +81,12 @@ cd cups-$VERSION || exit 1 sed -i.orig -e 's#$exec_prefix/lib/cups#$libdir/cups#g' configure +# Fix OpenSSL crash: +zcat $CWD/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch.gz | patch -p1 --verbose || exit 1 + +# Fix OpenSSL certificate loading issue: +zcat $CWD/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch.gz | patch -p1 --verbose || exit 1 + # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then PAM_OPTIONS="--enable-pam" @@ -94,6 +100,7 @@ CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ --libdir=/usr/lib${LIBDIRSUFFIX} \ + --with-pkgconfpath=/usr/lib${LIBDIRSUFFIX}/pkgconfig \ --enable-cdsassl=no \ --docdir=/usr/doc \ --mandir=/usr/man \ diff --git a/source/n/nghttp2/nghttp2.url b/source/n/nghttp2/nghttp2.url index 2477ed43f..70fb744a0 100644 --- a/source/n/nghttp2/nghttp2.url +++ b/source/n/nghttp2/nghttp2.url @@ -1 +1,2 @@ https://github.com/nghttp2/nghttp2 +https://github.com/nghttp2/nghttp2/releases/download/v1.50.0/nghttp2-1.50.0.tar.xz |