From d506ae732013d2f848dfa31e0ecc5871fd32311d Mon Sep 17 00:00:00 2001 From: 15549494042 Date: Thu, 1 Feb 2024 20:41:50 +0800 Subject: [PATCH 1/9] Modifying conflicts between WiFi and P2P IP addresses Singed-off-by:dongzhengkuan@huawei.com Signed-off-by: 15549494042 --- install.py | 12 ++- ohos_ip_conflict_01.patch | 25 +++++ ohos_ip_conflict_02.patch | 193 ++++++++++++++++++++++++++++++++++++++ ohos_ip_conflict_03.patch | 35 +++++++ ohos_ip_conflict_04.patch | 123 ++++++++++++++++++++++++ ohos_ip_conflict_05.patch | 13 +++ 6 files changed, 400 insertions(+), 1 deletion(-) create mode 100644 ohos_ip_conflict_01.patch create mode 100644 ohos_ip_conflict_02.patch create mode 100644 ohos_ip_conflict_03.patch create mode 100644 ohos_ip_conflict_04.patch create mode 100644 ohos_ip_conflict_05.patch diff --git a/install.py b/install.py index e4847d28..d30b1729 100755 --- a/install.py +++ b/install.py @@ -39,6 +39,11 @@ def copy_file(dir): def move_file(src_path, dst_path): files = [ + "ohos_ip_conflict_01.patch", + "ohos_ip_conflict_02.patch", + "ohos_ip_conflict_03.patch", + "ohos_ip_conflict_04.patch", + "ohos_ip_conflict_05.patch", "backport-CVE-2022-26691.patch", "backport-CVE-2023-32324.patch", "backport-CVE-2023-34241.patch", @@ -73,7 +78,12 @@ def do_patch(target_dir): "ohos-multi-file-print.patch", "ohos-modify-pthread.patch", "ohos-add-openssl.patch", - "backport-CVE-2023-4504.patch" + "backport-CVE-2023-4504.patch", + "ohos_ip_conflict_01.patch", + "ohos_ip_conflict_02.patch", + "ohos_ip_conflict_03.patch", + "ohos_ip_conflict_04.patch", + "ohos_ip_conflict_05.patch" ] for patch in patch_file: diff --git a/ohos_ip_conflict_01.patch b/ohos_ip_conflict_01.patch new file mode 100644 index 00000000..8b655850 --- /dev/null +++ b/ohos_ip_conflict_01.patch @@ -0,0 +1,25 @@ +diff --git a/cups-2.4.0/cups/http.h b/cups-2.4.0/cups/http.h +index 6c45301e..ac166970 100644 +--- a/cups-2.4.0/cups/http.h ++++ b/cups-2.4.0/cups/http.h +@@ -556,10 +556,11 @@ extern int httpSetCredentials(http_t *http, cups_array_t *certs) _CUPS_API_1_5; + extern void httpSetTimeout(http_t *http, double timeout, http_timeout_cb_t cb, void *user_data) _CUPS_API_1_5; + + /**** New in CUPS 1.6/macOS 10.8 ****/ +-extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel) _CUPS_API_1_6; ++extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel, const char *nic) _CUPS_API_1_6; + extern http_state_t httpGetState(http_t *http) _CUPS_API_1_6; + extern http_version_t httpGetVersion(http_t *http) _CUPS_API_1_6; + extern int httpReconnect2(http_t *http, int msec, int *cancel) _CUPS_API_1_6; ++extern int httpReconnect3(http_t *http, int msec, int *cancel, const char *nic) _CUPS_API_1_6; + + + /**** New in CUPS 1.7/macOS 10.9 ****/ +@@ -569,6 +570,7 @@ extern int httpAddrListen(http_addr_t *addr, int port) _CUPS_API_1_7; + extern int httpAddrPort(http_addr_t *addr) _CUPS_API_1_7; + extern char *httpAssembleUUID(const char *server, int port, const char *name, int number, char *buffer, size_t bufsize) _CUPS_API_1_7; + extern http_t *httpConnect2(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel) _CUPS_API_1_7; ++extern http_t *httpConnect3(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel, const char *nic) _CUPS_API_1_7; + extern const char *httpGetContentEncoding(http_t *http) _CUPS_API_1_7; + extern http_status_t httpGetExpect(http_t *http) _CUPS_API_1_7; + extern ssize_t httpPeek(http_t *http, char *buffer, size_t length) _CUPS_API_1_7; diff --git a/ohos_ip_conflict_02.patch b/ohos_ip_conflict_02.patch new file mode 100644 index 00000000..6bd3fdef --- /dev/null +++ b/ohos_ip_conflict_02.patch @@ -0,0 +1,193 @@ +diff --git a/cups-2.4.0/cups/http.c b/cups-2.4.0/cups/http.c +index 66dd3b07..e98c0550 100644 +--- a/cups-2.4.0/cups/http.c ++++ b/cups-2.4.0/cups/http.c +@@ -476,6 +476,53 @@ httpConnect2( + return (NULL); + } + ++/* ++ * 'httpConnect3()' - Connect to a HTTP server. ++ * ++ * @since CUPS 1.7/macOS 10.9@ ++ */ ++ ++http_t * /* O - New HTTP connection */ ++httpConnect3( ++ const char *host, /* I - Host to connect to */ ++ int port, /* I - Port number */ ++ http_addrlist_t *addrlist, /* I - List of addresses or @code NULL@ to lookup */ ++ int family, /* I - Address family to use or @code AF_UNSPEC@ for any */ ++ http_encryption_t encryption, /* I - Type of encryption to use */ ++ int blocking, /* I - 1 for blocking connection, 0 for non-blocking */ ++ int msec, /* I - Connection timeout in milliseconds, 0 means don't connect */ ++ int *cancel, /* I - Pointer to "cancel" variable */ ++ const char *nic) ++{ ++ http_t *http; /* New HTTP connection */ ++ ++ ++ DEBUG_printf(("httpConnect2(host=\"%s\", port=%d, addrlist=%p, family=%d, encryption=%d, blocking=%d, msec=%d, cancel=%p)", host, port, (void *)addrlist, family, encryption, blocking, msec, (void *)cancel)); ++ ++ /* ++ * Create the HTTP structure... ++ */ ++ ++ if ((http = http_create(host, port, addrlist, family, encryption, blocking, ++ _HTTP_MODE_CLIENT)) == NULL) ++ return (NULL); ++ ++ /* ++ * Optionally connect to the remote system... ++ */ ++ ++ if (msec == 0 || !httpReconnect3(http, msec, cancel, nic)) ++ return (http); ++ ++ /* ++ * Could not connect to any known address - bail out! ++ */ ++ ++ httpClose(http); ++ ++ return (NULL); ++} ++ + + /* + * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption. +@@ -2397,7 +2444,133 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ + httpAddrPort(&(current->addr)))); + #endif /* DEBUG */ + +- if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, cancel)) == NULL) ++ if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, cancel, NULL)) == NULL) ++ { ++ /* ++ * Unable to connect... ++ */ ++ ++#ifdef _WIN32 ++ http->error = WSAGetLastError(); ++#else ++ http->error = errno; ++#endif /* _WIN32 */ ++ http->status = HTTP_STATUS_ERROR; ++ ++ DEBUG_printf(("1httpReconnect2: httpAddrConnect failed: %s", ++ strerror(http->error))); ++ ++ return (-1); ++ } ++ ++ DEBUG_printf(("2httpReconnect2: New socket=%d", http->fd)); ++ ++ if (http->timeout_value > 0) ++ http_set_timeout(http->fd, http->timeout_value); ++ ++ http->hostaddr = &(addr->addr); ++ http->error = 0; ++ ++#ifdef HAVE_TLS ++ if (http->encryption == HTTP_ENCRYPTION_ALWAYS) ++ { ++ /* ++ * Always do encryption via SSL. ++ */ ++ ++ if (_httpTLSStart(http) != 0) ++ { ++ httpAddrClose(NULL, http->fd); ++ http->fd = -1; ++ ++ return (-1); ++ } ++ } ++ else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls_upgrade) ++ return (http_tls_upgrade(http)); ++#endif /* HAVE_TLS */ ++ ++ DEBUG_printf(("1httpReconnect2: Connected to %s:%d...", ++ httpAddrString(http->hostaddr, temp, sizeof(temp)), ++ httpAddrPort(http->hostaddr))); ++ ++ return (0); ++} ++ ++/* ++ * 'httpReconnect3()' - Reconnect to a HTTP server with timeout and optional ++ * cancel. ++ */ ++ ++int /* O - 0 on success, non-zero on failure */ ++httpReconnect3(http_t *http, /* I - HTTP connection */ ++ int msec, /* I - Timeout in milliseconds */ ++ int *cancel, /* I - Pointer to "cancel" variable */ ++ const char *nic) ++{ ++ http_addrlist_t *addr; /* Connected address */ ++#ifdef DEBUG ++ http_addrlist_t *current; /* Current address */ ++ char temp[256]; /* Temporary address string */ ++#endif /* DEBUG */ ++ ++ ++ DEBUG_printf(("httpReconnect2(http=%p, msec=%d, cancel=%p)", (void *)http, msec, (void *)cancel)); ++ ++ if (!http) ++ { ++ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(EINVAL), 0); ++ return (-1); ++ } ++ ++#ifdef HAVE_TLS ++ if (http->tls) ++ { ++ DEBUG_puts("2httpReconnect2: Shutting down SSL/TLS..."); ++ _httpTLSStop(http); ++ } ++#endif /* HAVE_TLS */ ++ ++ /* ++ * Close any previously open socket... ++ */ ++ ++ if (http->fd >= 0) ++ { ++ DEBUG_printf(("2httpReconnect2: Closing socket %d...", http->fd)); ++ ++ httpAddrClose(NULL, http->fd); ++ ++ http->fd = -1; ++ } ++ ++ /* ++ * Reset all state (except fields, which may be reused)... ++ */ ++ ++ http->state = HTTP_STATE_WAITING; ++ http->version = HTTP_VERSION_1_1; ++ http->keep_alive = HTTP_KEEPALIVE_OFF; ++ memset(&http->_hostaddr, 0, sizeof(http->_hostaddr)); ++ http->data_encoding = HTTP_ENCODING_FIELDS; ++ http->_data_remaining = 0; ++ http->used = 0; ++ http->data_remaining = 0; ++ http->hostaddr = NULL; ++ http->wused = 0; ++ ++ /* ++ * Connect to the server... ++ */ ++ ++#ifdef DEBUG ++ for (current = http->addrlist; current; current = current->next) ++ DEBUG_printf(("2httpReconnect2: Address %s:%d", ++ httpAddrString(&(current->addr), temp, sizeof(temp)), ++ httpAddrPort(&(current->addr)))); ++#endif /* DEBUG */ ++ ++ if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, cancel, NULL)) == NULL) + { + /* + * Unable to connect... diff --git a/ohos_ip_conflict_03.patch b/ohos_ip_conflict_03.patch new file mode 100644 index 00000000..6a95a2e5 --- /dev/null +++ b/ohos_ip_conflict_03.patch @@ -0,0 +1,35 @@ +diff --git a/cups-2.4.0/cups/http-addrlist.c b/cups-2.4.0/cups/http-addrlist.c +index 6e73464c..36b410e8 100644 +--- a/cups-2.4.0/cups/http-addrlist.c ++++ b/cups-2.4.0/cups/http-addrlist.c +@@ -39,7 +39,7 @@ httpAddrConnect( + { + DEBUG_printf(("httpAddrConnect(addrlist=%p, sock=%p)", (void *)addrlist, (void *)sock)); + +- return (httpAddrConnect2(addrlist, sock, 30000, NULL)); ++ return (httpAddrConnect2(addrlist, sock, 30000, NULL, NULL)); + } + + +@@ -55,7 +55,8 @@ httpAddrConnect2( + http_addrlist_t *addrlist, /* I - List of potential addresses */ + int *sock, /* O - Socket */ + int msec, /* I - Timeout in milliseconds */ +- int *cancel) /* I - Pointer to "cancel" variable */ ++ int *cancel /* I - Pointer to "cancel" variable */ ++ const char *nic) + { + int val; /* Socket option value */ + #ifndef _WIN32 +@@ -164,6 +165,11 @@ httpAddrConnect2( + setsockopt(fds[nfds], SOL_SOCKET, SO_NOSIGPIPE, CUPS_SOCAST &val, sizeof(val)); + #endif /* SO_NOSIGPIPE */ + ++ if (nic != NULL) { ++ val = 1; ++ setsockopt(fds[nfds], SOL_SOCKET, SO_BINDTODEVICE, nic, sizeof(nic)); ++ } ++ + /* + * Using TCP_NODELAY improves responsiveness, especially on systems + * with a slow loopback interface... diff --git a/ohos_ip_conflict_04.patch b/ohos_ip_conflict_04.patch new file mode 100644 index 00000000..18cbe080 --- /dev/null +++ b/ohos_ip_conflict_04.patch @@ -0,0 +1,123 @@ +diff --git a/cups-2.4.0/backend/ipp.c b/cups-2.4.0/backend/ipp.c +index c4b34668..60b867a0 100644 +--- a/cups-2.4.0/backend/ipp.c ++++ b/cups-2.4.0/backend/ipp.c +@@ -64,6 +64,7 @@ typedef struct _cups_monitor_s /**** Monitoring data ****/ + ipp_jstate_t job_state; /* Current job state */ + ipp_pstate_t printer_state; /* Current printer state */ + int retryable; /* Is this a job that should be retried? */ ++ const char *nic; + } _cups_monitor_t; + + +@@ -273,6 +274,7 @@ main(int argc, /* I - Number of command-line args */ + ppd_file_t *ppd = NULL; /* PPD file */ + _ppd_cache_t *pc = NULL; /* PPD cache and mapping data */ + fd_set input; /* Input set for select() */ ++ const char *nic = NULL; + + + /* +@@ -651,6 +653,10 @@ main(int argc, /* I - Number of command-line args */ + password = getenv("AUTH_PASSWORD"); + } + ++ num_options = cupsParseOptions(argv[5], 0, &options); ++ nic = cupsGetOption("nic", num_options, options); ++ fprintf(stderr, "DEBUG: nic %s\n", nic); ++ + /* + * Try finding the remote server... + */ +@@ -659,8 +665,11 @@ main(int argc, /* I - Number of command-line args */ + + addrlist = backendLookup(hostname, port, &job_canceled); + +- http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, +- 0, NULL); ++ if (nic != NULL) { ++ http = httpConnect3(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL, nic); ++ } else { ++ http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL); ++ } + httpSetTimeout(http, 30.0, timeout_cb, NULL); + + /* +@@ -701,7 +710,7 @@ main(int argc, /* I - Number of command-line args */ + fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port); + _cupsLangPrintFilter(stderr, "INFO", _("Connecting to printer.")); + +- if (httpReconnect2(http, 30000, NULL)) ++ if (nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL)) + { + int error = errno; /* Connection error */ + +@@ -986,7 +995,7 @@ main(int argc, /* I - Number of command-line args */ + version = 10; + } + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + } + else if (ipp_status == IPP_STATUS_ERROR_NOT_FOUND) + { +@@ -1018,7 +1027,7 @@ main(int argc, /* I - Number of command-line args */ + _("Unable to get printer status.")); + sleep(10); + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + } + + ippDelete(supported); +@@ -1450,6 +1459,7 @@ main(int argc, /* I - Number of command-line args */ + monitor.job_state = IPP_JSTATE_PENDING; + monitor.printer_state = IPP_PSTATE_IDLE; + monitor.retryable = argc == 6 && document_format && strcmp(document_format, "image/pwg-raster") && strcmp(document_format, "image/urf"); ++ monitor.nic = nic; + + fprintf(stderr, "DEBUG: retryable=%d\n", monitor.retryable); + +@@ -2063,7 +2073,7 @@ main(int argc, /* I - Number of command-line args */ + * Do the request... + */ + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + response = cupsDoRequest(http, request, resource); + ipp_status = cupsLastError(); + +@@ -2457,8 +2467,13 @@ monitor_printer( + * Make a copy of the printer connection... + */ + +- http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, +- monitor->encryption, 1, 0, NULL); ++ if (monitor->nic != NULL) { ++ http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, ++ monitor->encryption, 1, 0, NULL, monitor->nic); ++ } else { ++ http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, ++ monitor->encryption, 1, 0, NULL); ++ } + httpSetTimeout(http, 30.0, timeout_cb, NULL); + if (username[0]) + cupsSetUser(username); +@@ -2480,7 +2495,7 @@ monitor_printer( + */ + + if (httpGetFd(http) < 0) +- httpReconnect2(http, 30000, NULL); ++ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); + + if (httpGetFd(http) >= 0) + { +@@ -2702,7 +2717,7 @@ monitor_printer( + if (job_canceled > 0 && monitor->job_id > 0) + { + if (httpGetFd(http) < 0) +- httpReconnect2(http, 30000, NULL); ++ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); + + if (httpGetFd(http) >= 0) + { diff --git a/ohos_ip_conflict_05.patch b/ohos_ip_conflict_05.patch new file mode 100644 index 00000000..d1606d29 --- /dev/null +++ b/ohos_ip_conflict_05.patch @@ -0,0 +1,13 @@ +diff --git a/cups-2.4.0/tools/ippeveprinter.c b/cups-2.4.0/tools/ippeveprinter.c +index 2da5ed52..39274b6f 100644 +--- a/cups-2.4.0/tools/ippeveprinter.c ++++ b/cups-2.4.0/tools/ippeveprinter.c +@@ -6842,7 +6842,7 @@ process_job(ippeve_job_t *job) /* I - Job */ + + if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL) + fprintf(stderr, "[Job %d] Unable to find \"%s\": %s\n", job->id, host, cupsLastErrorString()); +- else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel))) ++ else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel), NULL)) + fprintf(stderr, "[Job %d] Unable to connect to \"%s\": %s\n", job->id, host, cupsLastErrorString()); + + httpAddrFreeList(addrlist); -- Gitee From 6c63990be6574607c39f80b62129f8fae0511871 Mon Sep 17 00:00:00 2001 From: 15549494042 Date: Thu, 1 Feb 2024 20:51:05 +0800 Subject: [PATCH 2/9] Modifying conflicts between WiFi and P2P IP addresses Singed-off-by:dongzhengkuan@huawei.com Signed-off-by: 15549494042 --- ohos_ip_conflict_04.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ohos_ip_conflict_04.patch b/ohos_ip_conflict_04.patch index 18cbe080..2c4b578c 100644 --- a/ohos_ip_conflict_04.patch +++ b/ohos_ip_conflict_04.patch @@ -94,7 +94,7 @@ index c4b34668..60b867a0 100644 - http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, - monitor->encryption, 1, 0, NULL); + if (monitor->nic != NULL) { -+ http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, ++ http = httpConnect3(monitor->hostname, monitor->port, NULL, AF_UNSPEC, + monitor->encryption, 1, 0, NULL, monitor->nic); + } else { + http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, -- Gitee From f4327772cbb9402fce9823dc75e93c41214d270a Mon Sep 17 00:00:00 2001 From: 15549494042 Date: Fri, 2 Feb 2024 15:41:36 +0800 Subject: [PATCH 3/9] Modifying conflicts between WiFi and P2P IP addresses Singed-off-by:dongzhengkuan@huawei.com Signed-off-by: 15549494042 --- ohos_ip_conflict_01.patch | 6 +++--- ohos_ip_conflict_02.patch | 6 +++--- ohos_ip_conflict_03.patch | 8 ++++---- ohos_ip_conflict_04.patch | 6 +++--- ohos_ip_conflict_05.patch | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ohos_ip_conflict_01.patch b/ohos_ip_conflict_01.patch index 8b655850..389b02b5 100644 --- a/ohos_ip_conflict_01.patch +++ b/ohos_ip_conflict_01.patch @@ -1,7 +1,7 @@ -diff --git a/cups-2.4.0/cups/http.h b/cups-2.4.0/cups/http.h +diff --git a/cups/http.h b/cups/http.h index 6c45301e..ac166970 100644 ---- a/cups-2.4.0/cups/http.h -+++ b/cups-2.4.0/cups/http.h +--- a/cups/http.h ++++ b/cups/http.h @@ -556,10 +556,11 @@ extern int httpSetCredentials(http_t *http, cups_array_t *certs) _CUPS_API_1_5; extern void httpSetTimeout(http_t *http, double timeout, http_timeout_cb_t cb, void *user_data) _CUPS_API_1_5; diff --git a/ohos_ip_conflict_02.patch b/ohos_ip_conflict_02.patch index 6bd3fdef..dcd3656b 100644 --- a/ohos_ip_conflict_02.patch +++ b/ohos_ip_conflict_02.patch @@ -1,7 +1,7 @@ -diff --git a/cups-2.4.0/cups/http.c b/cups-2.4.0/cups/http.c +diff --git a/cups/http.c b/cups/http.c index 66dd3b07..e98c0550 100644 ---- a/cups-2.4.0/cups/http.c -+++ b/cups-2.4.0/cups/http.c +--- a/cups/http.c ++++ b/cups/http.c @@ -476,6 +476,53 @@ httpConnect2( return (NULL); } diff --git a/ohos_ip_conflict_03.patch b/ohos_ip_conflict_03.patch index 6a95a2e5..aec42ac0 100644 --- a/ohos_ip_conflict_03.patch +++ b/ohos_ip_conflict_03.patch @@ -1,7 +1,7 @@ -diff --git a/cups-2.4.0/cups/http-addrlist.c b/cups-2.4.0/cups/http-addrlist.c +diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c index 6e73464c..36b410e8 100644 ---- a/cups-2.4.0/cups/http-addrlist.c -+++ b/cups-2.4.0/cups/http-addrlist.c +--- a/cups/http-addrlist.c ++++ b/cups/http-addrlist.c @@ -39,7 +39,7 @@ httpAddrConnect( { DEBUG_printf(("httpAddrConnect(addrlist=%p, sock=%p)", (void *)addrlist, (void *)sock)); @@ -16,7 +16,7 @@ index 6e73464c..36b410e8 100644 int *sock, /* O - Socket */ int msec, /* I - Timeout in milliseconds */ - int *cancel) /* I - Pointer to "cancel" variable */ -+ int *cancel /* I - Pointer to "cancel" variable */ ++ int *cancel, /* I - Pointer to "cancel" variable */ + const char *nic) { int val; /* Socket option value */ diff --git a/ohos_ip_conflict_04.patch b/ohos_ip_conflict_04.patch index 2c4b578c..ed08c09a 100644 --- a/ohos_ip_conflict_04.patch +++ b/ohos_ip_conflict_04.patch @@ -1,7 +1,7 @@ -diff --git a/cups-2.4.0/backend/ipp.c b/cups-2.4.0/backend/ipp.c +diff --git a/backend/ipp.c b/backend/ipp.c index c4b34668..60b867a0 100644 ---- a/cups-2.4.0/backend/ipp.c -+++ b/cups-2.4.0/backend/ipp.c +--- a/backend/ipp.c ++++ b/backend/ipp.c @@ -64,6 +64,7 @@ typedef struct _cups_monitor_s /**** Monitoring data ****/ ipp_jstate_t job_state; /* Current job state */ ipp_pstate_t printer_state; /* Current printer state */ diff --git a/ohos_ip_conflict_05.patch b/ohos_ip_conflict_05.patch index d1606d29..22db9cf1 100644 --- a/ohos_ip_conflict_05.patch +++ b/ohos_ip_conflict_05.patch @@ -1,7 +1,7 @@ -diff --git a/cups-2.4.0/tools/ippeveprinter.c b/cups-2.4.0/tools/ippeveprinter.c +diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 2da5ed52..39274b6f 100644 ---- a/cups-2.4.0/tools/ippeveprinter.c -+++ b/cups-2.4.0/tools/ippeveprinter.c +--- a/tools/ippeveprinter.c ++++ b/tools/ippeveprinter.c @@ -6842,7 +6842,7 @@ process_job(ippeve_job_t *job) /* I - Job */ if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL) -- Gitee From e36be6d239b8ebc8f1999e82c750d39621734b69 Mon Sep 17 00:00:00 2001 From: 15549494042 Date: Sun, 4 Feb 2024 14:06:17 +0800 Subject: [PATCH 4/9] Modifying conflicts between WiFi and P2P IP addresses Singed-off-by:dongzhengkuan@huawei.com Signed-off-by: 15549494042 --- install.py | 12 +- ...onflict_02.patch => ohos_ip_conflict.patch | 196 ++++++++++++++++++ ohos_ip_conflict_01.patch | 25 --- ohos_ip_conflict_03.patch | 35 ---- ohos_ip_conflict_04.patch | 123 ----------- ohos_ip_conflict_05.patch | 13 -- 6 files changed, 198 insertions(+), 206 deletions(-) rename ohos_ip_conflict_02.patch => ohos_ip_conflict.patch (38%) delete mode 100644 ohos_ip_conflict_01.patch delete mode 100644 ohos_ip_conflict_03.patch delete mode 100644 ohos_ip_conflict_04.patch delete mode 100644 ohos_ip_conflict_05.patch diff --git a/install.py b/install.py index d30b1729..06ad8477 100755 --- a/install.py +++ b/install.py @@ -39,11 +39,7 @@ def copy_file(dir): def move_file(src_path, dst_path): files = [ - "ohos_ip_conflict_01.patch", - "ohos_ip_conflict_02.patch", - "ohos_ip_conflict_03.patch", - "ohos_ip_conflict_04.patch", - "ohos_ip_conflict_05.patch", + "ohos_ip_conflict.patch", "backport-CVE-2022-26691.patch", "backport-CVE-2023-32324.patch", "backport-CVE-2023-34241.patch", @@ -79,11 +75,7 @@ def do_patch(target_dir): "ohos-modify-pthread.patch", "ohos-add-openssl.patch", "backport-CVE-2023-4504.patch", - "ohos_ip_conflict_01.patch", - "ohos_ip_conflict_02.patch", - "ohos_ip_conflict_03.patch", - "ohos_ip_conflict_04.patch", - "ohos_ip_conflict_05.patch" + "ohos_ip_conflict.patch" ] for patch in patch_file: diff --git a/ohos_ip_conflict_02.patch b/ohos_ip_conflict.patch similarity index 38% rename from ohos_ip_conflict_02.patch rename to ohos_ip_conflict.patch index dcd3656b..ab8d2188 100644 --- a/ohos_ip_conflict_02.patch +++ b/ohos_ip_conflict.patch @@ -1,3 +1,28 @@ +diff --git a/cups/http.h b/cups/http.h +index 6c45301e..ac166970 100644 +--- a/cups/http.h ++++ b/cups/http.h +@@ -556,10 +556,11 @@ extern int httpSetCredentials(http_t *http, cups_array_t *certs) _CUPS_API_1_5; + extern void httpSetTimeout(http_t *http, double timeout, http_timeout_cb_t cb, void *user_data) _CUPS_API_1_5; + + /**** New in CUPS 1.6/macOS 10.8 ****/ +-extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel) _CUPS_API_1_6; ++extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel, const char *nic) _CUPS_API_1_6; + extern http_state_t httpGetState(http_t *http) _CUPS_API_1_6; + extern http_version_t httpGetVersion(http_t *http) _CUPS_API_1_6; + extern int httpReconnect2(http_t *http, int msec, int *cancel) _CUPS_API_1_6; ++extern int httpReconnect3(http_t *http, int msec, int *cancel, const char *nic) _CUPS_API_1_6; + + + /**** New in CUPS 1.7/macOS 10.9 ****/ +@@ -569,6 +570,7 @@ extern int httpAddrListen(http_addr_t *addr, int port) _CUPS_API_1_7; + extern int httpAddrPort(http_addr_t *addr) _CUPS_API_1_7; + extern char *httpAssembleUUID(const char *server, int port, const char *name, int number, char *buffer, size_t bufsize) _CUPS_API_1_7; + extern http_t *httpConnect2(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel) _CUPS_API_1_7; ++extern http_t *httpConnect3(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel, const char *nic) _CUPS_API_1_7; + extern const char *httpGetContentEncoding(http_t *http) _CUPS_API_1_7; + extern http_status_t httpGetExpect(http_t *http) _CUPS_API_1_7; + extern ssize_t httpPeek(http_t *http, char *buffer, size_t length) _CUPS_API_1_7; diff --git a/cups/http.c b/cups/http.c index 66dd3b07..e98c0550 100644 --- a/cups/http.c @@ -191,3 +216,174 @@ index 66dd3b07..e98c0550 100644 { /* * Unable to connect... +diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c +index 6e73464c..36b410e8 100644 +--- a/cups/http-addrlist.c ++++ b/cups/http-addrlist.c +@@ -39,7 +39,7 @@ httpAddrConnect( + { + DEBUG_printf(("httpAddrConnect(addrlist=%p, sock=%p)", (void *)addrlist, (void *)sock)); + +- return (httpAddrConnect2(addrlist, sock, 30000, NULL)); ++ return (httpAddrConnect2(addrlist, sock, 30000, NULL, NULL)); + } + + +@@ -55,7 +55,8 @@ httpAddrConnect2( + http_addrlist_t *addrlist, /* I - List of potential addresses */ + int *sock, /* O - Socket */ + int msec, /* I - Timeout in milliseconds */ +- int *cancel) /* I - Pointer to "cancel" variable */ ++ int *cancel, /* I - Pointer to "cancel" variable */ ++ const char *nic) + { + int val; /* Socket option value */ + #ifndef _WIN32 +@@ -164,6 +165,11 @@ httpAddrConnect2( + setsockopt(fds[nfds], SOL_SOCKET, SO_NOSIGPIPE, CUPS_SOCAST &val, sizeof(val)); + #endif /* SO_NOSIGPIPE */ + ++ if (nic != NULL) { ++ val = 1; ++ setsockopt(fds[nfds], SOL_SOCKET, SO_BINDTODEVICE, nic, sizeof(nic)); ++ } ++ + /* + * Using TCP_NODELAY improves responsiveness, especially on systems + * with a slow loopback interface... +diff --git a/backend/ipp.c b/backend/ipp.c +index c4b34668..60b867a0 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -64,6 +64,7 @@ typedef struct _cups_monitor_s /**** Monitoring data ****/ + ipp_jstate_t job_state; /* Current job state */ + ipp_pstate_t printer_state; /* Current printer state */ + int retryable; /* Is this a job that should be retried? */ ++ const char *nic; + } _cups_monitor_t; + + +@@ -273,6 +274,7 @@ main(int argc, /* I - Number of command-line args */ + ppd_file_t *ppd = NULL; /* PPD file */ + _ppd_cache_t *pc = NULL; /* PPD cache and mapping data */ + fd_set input; /* Input set for select() */ ++ const char *nic = NULL; + + + /* +@@ -651,6 +653,10 @@ main(int argc, /* I - Number of command-line args */ + password = getenv("AUTH_PASSWORD"); + } + ++ num_options = cupsParseOptions(argv[5], 0, &options); ++ nic = cupsGetOption("nic", num_options, options); ++ fprintf(stderr, "DEBUG: nic %s\n", nic); ++ + /* + * Try finding the remote server... + */ +@@ -659,8 +665,11 @@ main(int argc, /* I - Number of command-line args */ + + addrlist = backendLookup(hostname, port, &job_canceled); + +- http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, +- 0, NULL); ++ if (nic != NULL) { ++ http = httpConnect3(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL, nic); ++ } else { ++ http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL); ++ } + httpSetTimeout(http, 30.0, timeout_cb, NULL); + + /* +@@ -701,7 +710,7 @@ main(int argc, /* I - Number of command-line args */ + fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port); + _cupsLangPrintFilter(stderr, "INFO", _("Connecting to printer.")); + +- if (httpReconnect2(http, 30000, NULL)) ++ if (nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL)) + { + int error = errno; /* Connection error */ + +@@ -986,7 +995,7 @@ main(int argc, /* I - Number of command-line args */ + version = 10; + } + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + } + else if (ipp_status == IPP_STATUS_ERROR_NOT_FOUND) + { +@@ -1018,7 +1027,7 @@ main(int argc, /* I - Number of command-line args */ + _("Unable to get printer status.")); + sleep(10); + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + } + + ippDelete(supported); +@@ -1450,6 +1459,7 @@ main(int argc, /* I - Number of command-line args */ + monitor.job_state = IPP_JSTATE_PENDING; + monitor.printer_state = IPP_PSTATE_IDLE; + monitor.retryable = argc == 6 && document_format && strcmp(document_format, "image/pwg-raster") && strcmp(document_format, "image/urf"); ++ monitor.nic = nic; + + fprintf(stderr, "DEBUG: retryable=%d\n", monitor.retryable); + +@@ -2063,7 +2073,7 @@ main(int argc, /* I - Number of command-line args */ + * Do the request... + */ + +- httpReconnect2(http, 30000, NULL); ++ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); + response = cupsDoRequest(http, request, resource); + ipp_status = cupsLastError(); + +@@ -2457,8 +2467,13 @@ monitor_printer( + * Make a copy of the printer connection... + */ + +- http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, +- monitor->encryption, 1, 0, NULL); ++ if (monitor->nic != NULL) { ++ http = httpConnect3(monitor->hostname, monitor->port, NULL, AF_UNSPEC, ++ monitor->encryption, 1, 0, NULL, monitor->nic); ++ } else { ++ http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, ++ monitor->encryption, 1, 0, NULL); ++ } + httpSetTimeout(http, 30.0, timeout_cb, NULL); + if (username[0]) + cupsSetUser(username); +@@ -2480,7 +2495,7 @@ monitor_printer( + */ + + if (httpGetFd(http) < 0) +- httpReconnect2(http, 30000, NULL); ++ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); + + if (httpGetFd(http) >= 0) + { +@@ -2702,7 +2717,7 @@ monitor_printer( + if (job_canceled > 0 && monitor->job_id > 0) + { + if (httpGetFd(http) < 0) +- httpReconnect2(http, 30000, NULL); ++ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); + + if (httpGetFd(http) >= 0) + { +diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c +index 2da5ed52..39274b6f 100644 +--- a/tools/ippeveprinter.c ++++ b/tools/ippeveprinter.c +@@ -6842,7 +6842,7 @@ process_job(ippeve_job_t *job) /* I - Job */ + + if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL) + fprintf(stderr, "[Job %d] Unable to find \"%s\": %s\n", job->id, host, cupsLastErrorString()); +- else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel))) ++ else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel), NULL)) + fprintf(stderr, "[Job %d] Unable to connect to \"%s\": %s\n", job->id, host, cupsLastErrorString()); + + httpAddrFreeList(addrlist); diff --git a/ohos_ip_conflict_01.patch b/ohos_ip_conflict_01.patch deleted file mode 100644 index 389b02b5..00000000 --- a/ohos_ip_conflict_01.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/cups/http.h b/cups/http.h -index 6c45301e..ac166970 100644 ---- a/cups/http.h -+++ b/cups/http.h -@@ -556,10 +556,11 @@ extern int httpSetCredentials(http_t *http, cups_array_t *certs) _CUPS_API_1_5; - extern void httpSetTimeout(http_t *http, double timeout, http_timeout_cb_t cb, void *user_data) _CUPS_API_1_5; - - /**** New in CUPS 1.6/macOS 10.8 ****/ --extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel) _CUPS_API_1_6; -+extern http_addrlist_t *httpAddrConnect2(http_addrlist_t *addrlist, int *sock, int msec, int *cancel, const char *nic) _CUPS_API_1_6; - extern http_state_t httpGetState(http_t *http) _CUPS_API_1_6; - extern http_version_t httpGetVersion(http_t *http) _CUPS_API_1_6; - extern int httpReconnect2(http_t *http, int msec, int *cancel) _CUPS_API_1_6; -+extern int httpReconnect3(http_t *http, int msec, int *cancel, const char *nic) _CUPS_API_1_6; - - - /**** New in CUPS 1.7/macOS 10.9 ****/ -@@ -569,6 +570,7 @@ extern int httpAddrListen(http_addr_t *addr, int port) _CUPS_API_1_7; - extern int httpAddrPort(http_addr_t *addr) _CUPS_API_1_7; - extern char *httpAssembleUUID(const char *server, int port, const char *name, int number, char *buffer, size_t bufsize) _CUPS_API_1_7; - extern http_t *httpConnect2(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel) _CUPS_API_1_7; -+extern http_t *httpConnect3(const char *host, int port, http_addrlist_t *addrlist, int family, http_encryption_t encryption, int blocking, int msec, int *cancel, const char *nic) _CUPS_API_1_7; - extern const char *httpGetContentEncoding(http_t *http) _CUPS_API_1_7; - extern http_status_t httpGetExpect(http_t *http) _CUPS_API_1_7; - extern ssize_t httpPeek(http_t *http, char *buffer, size_t length) _CUPS_API_1_7; diff --git a/ohos_ip_conflict_03.patch b/ohos_ip_conflict_03.patch deleted file mode 100644 index aec42ac0..00000000 --- a/ohos_ip_conflict_03.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c -index 6e73464c..36b410e8 100644 ---- a/cups/http-addrlist.c -+++ b/cups/http-addrlist.c -@@ -39,7 +39,7 @@ httpAddrConnect( - { - DEBUG_printf(("httpAddrConnect(addrlist=%p, sock=%p)", (void *)addrlist, (void *)sock)); - -- return (httpAddrConnect2(addrlist, sock, 30000, NULL)); -+ return (httpAddrConnect2(addrlist, sock, 30000, NULL, NULL)); - } - - -@@ -55,7 +55,8 @@ httpAddrConnect2( - http_addrlist_t *addrlist, /* I - List of potential addresses */ - int *sock, /* O - Socket */ - int msec, /* I - Timeout in milliseconds */ -- int *cancel) /* I - Pointer to "cancel" variable */ -+ int *cancel, /* I - Pointer to "cancel" variable */ -+ const char *nic) - { - int val; /* Socket option value */ - #ifndef _WIN32 -@@ -164,6 +165,11 @@ httpAddrConnect2( - setsockopt(fds[nfds], SOL_SOCKET, SO_NOSIGPIPE, CUPS_SOCAST &val, sizeof(val)); - #endif /* SO_NOSIGPIPE */ - -+ if (nic != NULL) { -+ val = 1; -+ setsockopt(fds[nfds], SOL_SOCKET, SO_BINDTODEVICE, nic, sizeof(nic)); -+ } -+ - /* - * Using TCP_NODELAY improves responsiveness, especially on systems - * with a slow loopback interface... diff --git a/ohos_ip_conflict_04.patch b/ohos_ip_conflict_04.patch deleted file mode 100644 index ed08c09a..00000000 --- a/ohos_ip_conflict_04.patch +++ /dev/null @@ -1,123 +0,0 @@ -diff --git a/backend/ipp.c b/backend/ipp.c -index c4b34668..60b867a0 100644 ---- a/backend/ipp.c -+++ b/backend/ipp.c -@@ -64,6 +64,7 @@ typedef struct _cups_monitor_s /**** Monitoring data ****/ - ipp_jstate_t job_state; /* Current job state */ - ipp_pstate_t printer_state; /* Current printer state */ - int retryable; /* Is this a job that should be retried? */ -+ const char *nic; - } _cups_monitor_t; - - -@@ -273,6 +274,7 @@ main(int argc, /* I - Number of command-line args */ - ppd_file_t *ppd = NULL; /* PPD file */ - _ppd_cache_t *pc = NULL; /* PPD cache and mapping data */ - fd_set input; /* Input set for select() */ -+ const char *nic = NULL; - - - /* -@@ -651,6 +653,10 @@ main(int argc, /* I - Number of command-line args */ - password = getenv("AUTH_PASSWORD"); - } - -+ num_options = cupsParseOptions(argv[5], 0, &options); -+ nic = cupsGetOption("nic", num_options, options); -+ fprintf(stderr, "DEBUG: nic %s\n", nic); -+ - /* - * Try finding the remote server... - */ -@@ -659,8 +665,11 @@ main(int argc, /* I - Number of command-line args */ - - addrlist = backendLookup(hostname, port, &job_canceled); - -- http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, -- 0, NULL); -+ if (nic != NULL) { -+ http = httpConnect3(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL, nic); -+ } else { -+ http = httpConnect2(hostname, port, addrlist, AF_UNSPEC, cupsEncryption(), 1, 0, NULL); -+ } - httpSetTimeout(http, 30.0, timeout_cb, NULL); - - /* -@@ -701,7 +710,7 @@ main(int argc, /* I - Number of command-line args */ - fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port); - _cupsLangPrintFilter(stderr, "INFO", _("Connecting to printer.")); - -- if (httpReconnect2(http, 30000, NULL)) -+ if (nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL)) - { - int error = errno; /* Connection error */ - -@@ -986,7 +995,7 @@ main(int argc, /* I - Number of command-line args */ - version = 10; - } - -- httpReconnect2(http, 30000, NULL); -+ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); - } - else if (ipp_status == IPP_STATUS_ERROR_NOT_FOUND) - { -@@ -1018,7 +1027,7 @@ main(int argc, /* I - Number of command-line args */ - _("Unable to get printer status.")); - sleep(10); - -- httpReconnect2(http, 30000, NULL); -+ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); - } - - ippDelete(supported); -@@ -1450,6 +1459,7 @@ main(int argc, /* I - Number of command-line args */ - monitor.job_state = IPP_JSTATE_PENDING; - monitor.printer_state = IPP_PSTATE_IDLE; - monitor.retryable = argc == 6 && document_format && strcmp(document_format, "image/pwg-raster") && strcmp(document_format, "image/urf"); -+ monitor.nic = nic; - - fprintf(stderr, "DEBUG: retryable=%d\n", monitor.retryable); - -@@ -2063,7 +2073,7 @@ main(int argc, /* I - Number of command-line args */ - * Do the request... - */ - -- httpReconnect2(http, 30000, NULL); -+ nic != NULL ? httpReconnect3(http, 30000, NULL, nic) : httpReconnect2(http, 30000, NULL); - response = cupsDoRequest(http, request, resource); - ipp_status = cupsLastError(); - -@@ -2457,8 +2467,13 @@ monitor_printer( - * Make a copy of the printer connection... - */ - -- http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, -- monitor->encryption, 1, 0, NULL); -+ if (monitor->nic != NULL) { -+ http = httpConnect3(monitor->hostname, monitor->port, NULL, AF_UNSPEC, -+ monitor->encryption, 1, 0, NULL, monitor->nic); -+ } else { -+ http = httpConnect2(monitor->hostname, monitor->port, NULL, AF_UNSPEC, -+ monitor->encryption, 1, 0, NULL); -+ } - httpSetTimeout(http, 30.0, timeout_cb, NULL); - if (username[0]) - cupsSetUser(username); -@@ -2480,7 +2495,7 @@ monitor_printer( - */ - - if (httpGetFd(http) < 0) -- httpReconnect2(http, 30000, NULL); -+ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); - - if (httpGetFd(http) >= 0) - { -@@ -2702,7 +2717,7 @@ monitor_printer( - if (job_canceled > 0 && monitor->job_id > 0) - { - if (httpGetFd(http) < 0) -- httpReconnect2(http, 30000, NULL); -+ monitor->nic != NULL ? httpReconnect3(http, 30000, NULL, monitor->nic) : httpReconnect2(http, 30000, NULL); - - if (httpGetFd(http) >= 0) - { diff --git a/ohos_ip_conflict_05.patch b/ohos_ip_conflict_05.patch deleted file mode 100644 index 22db9cf1..00000000 --- a/ohos_ip_conflict_05.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c -index 2da5ed52..39274b6f 100644 ---- a/tools/ippeveprinter.c -+++ b/tools/ippeveprinter.c -@@ -6842,7 +6842,7 @@ process_job(ippeve_job_t *job) /* I - Job */ - - if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL) - fprintf(stderr, "[Job %d] Unable to find \"%s\": %s\n", job->id, host, cupsLastErrorString()); -- else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel))) -+ else if (!httpAddrConnect2(addrlist, &mystdout, 30000, &(job->cancel), NULL)) - fprintf(stderr, "[Job %d] Unable to connect to \"%s\": %s\n", job->id, host, cupsLastErrorString()); - - httpAddrFreeList(addrlist); -- Gitee From 8df7c04618c00897ac40672777149768482daf9b Mon Sep 17 00:00:00 2001 From: tongkai0808fh Date: Mon, 19 Feb 2024 08:19:47 +0000 Subject: [PATCH 5/9] =?UTF-8?q?=E7=AC=AC=E4=B8=89=E6=96=B9cups=E9=83=A8?= =?UTF-8?q?=E4=BB=B6=E7=8B=AC=E7=AB=8B=E7=BC=96=E8=AF=91=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: tongkai0808fh --- bundle.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bundle.json b/bundle.json index bab7c8a1..474dd1c6 100644 --- a/bundle.json +++ b/bundle.json @@ -32,7 +32,17 @@ "sub_component": [ "//third_party/cups:third_party_cups" ], - "inner_kits": [], + "inner_kits": [ + { + "name": "//third_party/cups:cups", + "header": { + "header_files": [ + "config.h" + ], + "header_base": "//third_party/cups" + } + } + ], "test": [] } } -- Gitee From c31168f3fc7347fb1c6bfb367c8d2c652c1cfb85 Mon Sep 17 00:00:00 2001 From: zhengzhihao Date: Sat, 1 Jun 2024 12:11:40 +0800 Subject: [PATCH 6/9] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=96=B0=E7=9A=84patch?= =?UTF-8?q?=20=20Signed-off-by:zhengzhihao3@huawei.com?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhengzhihao --- README.OpenSource | 6 +++--- backport-CVE-2023-4504.patch | 23 +++++++++++++++++++++-- cups.spec | 11 +++++++++-- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/README.OpenSource b/README.OpenSource index 548790dc..0285ac07 100644 --- a/README.OpenSource +++ b/README.OpenSource @@ -3,9 +3,9 @@ "Name" : "cups", "License" : "Apache 2.0 License", "License File" : "LICENSE", - "Version Number" : "2.4.0-4.oe2203sp1", - "Owner" : "dongzhengkuan@huawei.com", - "Upstream URL" : "https://repo.openeuler.org/openEuler-22.03-LTS-SP1/source/Packages/cups-2.4.0-4.oe2203sp1.src.rpm", + "Version Number" : "2.4.0-10.oe2203sp3", + "Owner" : "caizihua1@huawei.com", + "Upstream URL" : "https://repo.openeuler.org/openEuler-22.03-LTS-SP3/source/Packages/cups-2.4.0-10.oe2203sp3.src.rpm", "Description" : "OpenPrinting CUPS is the most current version of CUPS, a standards-based, open source printing system for Linux® and other Unix®-like operating systems" } ] diff --git a/backport-CVE-2023-4504.patch b/backport-CVE-2023-4504.patch index 86465d7c..e254746c 100644 --- a/backport-CVE-2023-4504.patch +++ b/backport-CVE-2023-4504.patch @@ -1,8 +1,25 @@ +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. + +Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 +Conflict:Patch context adaptation + +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 files changed, 14 insertions(+) + diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c -index fbe52f37..c24388d2 100644 +index 6fcf731b5..b8655c8c6 100644 --- a/cups/raster-interpret.c +++ b/cups/raster-interpret.c -@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ +@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ cur ++; @@ -23,3 +40,5 @@ index fbe52f37..c24388d2 100644 *valptr++ = '\b'; else if (*cur == 'f') *valptr++ = '\f'; + + diff --git a/cups.spec b/cups.spec index 8d0ae213..71f64264 100644 --- a/cups.spec +++ b/cups.spec @@ -16,9 +16,9 @@ Name: cups Epoch: 1 Version: 2.4.0 -Release: 8 +Release: 10 Summary: CUPS is the standards-based, open source printing system for linux operating systems. -License: GPLv2+ and LGPLv2+ with exceptions and AML +License: Apache-2.0 WITH LLVM-exception Url: https://openprinting.github.io/cups/ # Apple stopped uploading the new versions into github, use OpenPrinting fork Source0: https://github.com/OpenPrinting/cups/releases/download/v%{version}/cups-%{version}-source.tar.gz @@ -43,6 +43,7 @@ Patch6002: backport-Also-fix-cupsfilter.patch Patch6003: backport-CVE-2023-32324.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch Patch6005: backport-CVE-2023-34241.patch +Patch6006: backport-CVE-2023-4504.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -464,6 +465,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 +- fix CVE-2023-4504 + +* Wed Jul 19 2023 haomimi - 1:2.4.0-9 +- DESC:The license is changed to apache 2.0 + * Mon Jun 26 2023 zhouwenpei - 1:2.4.0-8 - fix CVE-2023-34241 -- Gitee From 7ac0f782dc92dbf7372ee85e683c2dbcd1f5236e Mon Sep 17 00:00:00 2001 From: cai-zihua Date: Thu, 11 Jul 2024 16:50:34 +0800 Subject: [PATCH 7/9] fix CVE-2024-35235 Signed-off-by:caizihua1@huawei.com Signed-off-by: cai-zihua --- backport-CVE-2024-35235.patch | 96 +++++++++++++++++++++++++++++++++++ cups.spec | 5 +- install.py | 2 + 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100755 backport-CVE-2024-35235.patch mode change 100644 => 100755 cups.spec diff --git a/backport-CVE-2024-35235.patch b/backport-CVE-2024-35235.patch new file mode 100755 index 00000000..0927cd00 --- /dev/null +++ b/backport-CVE-2024-35235.patch @@ -0,0 +1,96 @@ +From 5c3e5a3996ea2215a4ad30dea4c953e4a10a2e4d Mon Sep 17 00:00:00 2001 +From: cai-zihua +Date: Thu, 11 Jul 2024 15:25:04 +0800 +Subject: [PATCH] 2 + +Change-Id: I21ab06577dff0ce7e2fc2af8bde7ac83080c9ee8 +--- + cups-2.4.0/cups/http-addr.c | 38 ++++++++++++++++++------------------- + cups-2.4.0/scheduler/conf.c | 19 +++++++++++++++++++ + 2 files changed, 38 insertions(+), 19 deletions(-) + +diff --git a/cups-2.4.0/cups/http-addr.c b/cups-2.4.0/cups/http-addr.c +index 114a6449..c07f092f 100644 +--- a/cups-2.4.0/cups/http-addr.c ++++ b/cups-2.4.0/cups/http-addr.c +@@ -205,28 +205,28 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + /* + * Remove any existing domain socket file... + */ ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); + +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); +- +- /* +- * Bind the domain socket... +- */ +- +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (errno == ENOENT) ++ status = 0; ++ } + +- /* +- * Restore the umask and fix permissions... +- */ ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); ++ } + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/cups-2.4.0/scheduler/conf.c b/cups-2.4.0/scheduler/conf.c +index e44736b7..a5ba6cba 100644 +--- a/cups-2.4.0/scheduler/conf.c ++++ b/cups-2.4.0/scheduler/conf.c +@@ -3073,6 +3073,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + + cupsd_listener_t *lis; /* New listeners array */ + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } + + /* + * Get the address list... +-- +2.25.1 + diff --git a/cups.spec b/cups.spec old mode 100644 new mode 100755 index 71f64264..1a544c03 --- a/cups.spec +++ b/cups.spec @@ -16,7 +16,7 @@ Name: cups Epoch: 1 Version: 2.4.0 -Release: 10 +Release: 11 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 WITH LLVM-exception Url: https://openprinting.github.io/cups/ @@ -465,6 +465,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Jun 12 2024 baiguo - 1:2.4.0-11 +- fix CVE-2024-35235 + * Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 - fix CVE-2023-4504 diff --git a/install.py b/install.py index 06ad8477..96779b8f 100755 --- a/install.py +++ b/install.py @@ -47,6 +47,7 @@ def move_file(src_path, dst_path): "ohos-modify-pthread.patch", "ohos-add-openssl.patch", "backport-CVE-2023-4504.patch", + "backport-CVE-2024-35235.patch", "config.h" ] for file in files: @@ -75,6 +76,7 @@ def do_patch(target_dir): "ohos-modify-pthread.patch", "ohos-add-openssl.patch", "backport-CVE-2023-4504.patch", + "backport-CVE-2024-35235.patch", "ohos_ip_conflict.patch" ] -- Gitee From c64e878f4526169d462c17e6b7710827e012ff48 Mon Sep 17 00:00:00 2001 From: zhengzhihao Date: Sun, 21 Jul 2024 18:41:18 +0800 Subject: [PATCH 8/9] =?UTF-8?q?ROM=E7=BC=96=E8=AF=91=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhengzhihao --- BUILD.gn | 1 + 1 file changed, 1 insertion(+) diff --git a/BUILD.gn b/BUILD.gn index 6259de3d..83c5128d 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -252,6 +252,7 @@ config("cups_config") { "-Wno-int-conversion", "-D_FORTIFY_SOURCE=2", "-fstack-protector-all", + "-Os", ] } -- Gitee From 84421df8a1775bb0bc1a683ab2e473278511f60f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=A2=81=E6=B4=8B?= Date: Wed, 24 Jul 2024 16:27:53 +0800 Subject: [PATCH 9/9] =?UTF-8?q?cups=20=E5=86=85=E5=AD=98=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 袁洋 --- BUILD.gn | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/BUILD.gn b/BUILD.gn index 83c5128d..496ca345 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -252,6 +252,10 @@ config("cups_config") { "-Wno-int-conversion", "-D_FORTIFY_SOURCE=2", "-fstack-protector-all", + "-fdata-sections", + "-ffunction-sections", + "-fno-asynchronous-unwind-tables", + "-fno-unwind-tables", "-Os", ] } -- Gitee