From 9f094d628bb71a898fd4207db6b42c42a40e9251 Mon Sep 17 00:00:00 2001 From: zhuhongbo Date: Fri, 5 Dec 2025 13:13:33 +0800 Subject: [PATCH] fix cve CVE-2025-58060 --- cups-CVE-2025-58060.patch | 141 ++++++++++++++++++++++++++++++++++++++ cups.spec | 7 +- 2 files changed, 147 insertions(+), 1 deletion(-) create mode 100644 cups-CVE-2025-58060.patch diff --git a/cups-CVE-2025-58060.patch b/cups-CVE-2025-58060.patch new file mode 100644 index 0000000..8dbfd3c --- /dev/null +++ b/cups-CVE-2025-58060.patch @@ -0,0 +1,141 @@ +From 15550004a70eef49889aec7a8beea86b4a7e856f Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Fri, 5 Dec 2025 16:01:44 +0800 +Subject: [PATCH] fix cve CVE-2025-58060 + +--- + scheduler/auth.c | 18 ++++++++++++++++ + scheduler/client.h | 1 + + scheduler/conf.h | 3 +++ + scheduler/log.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 75 insertions(+) + +diff --git a/scheduler/auth.c b/scheduler/auth.c +index 56111f1..1831655 100644 +--- a/scheduler/auth.c ++++ b/scheduler/auth.c +@@ -635,6 +635,15 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + + int userlen; /* Username:password length */ + ++ /* ++ * Only allow Basic if enabled... ++ */ ++ ++ if (type != CUPSD_AUTH_BASIC) ++ { ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled."); ++ return; ++ } + + authorization += 5; + while (isspace(*authorization & 255)) +@@ -1031,6 +1040,15 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + /* Output token for username */ + gss_name_t client_name; /* Client name */ + ++ /* ++ * Only allow Kerberos if enabled... ++ */ ++ ++ if (type != CUPSD_AUTH_NEGOTIATE) ++ { ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled."); ++ return; ++ } + + # ifdef __APPLE__ + /* +diff --git a/scheduler/client.h b/scheduler/client.h +index f18c728..2f63903 100644 +--- a/scheduler/client.h ++++ b/scheduler/client.h +@@ -31,6 +31,7 @@ + + struct cupsd_client_s + { ++ int number; /* Connection number */ + http_t http; /* HTTP client connection */ + ipp_t *request, /* IPP request information */ + *response; /* IPP response information */ +diff --git a/scheduler/conf.h b/scheduler/conf.h +index 15ca256..1f7702c 100644 +--- a/scheduler/conf.h ++++ b/scheduler/conf.h +@@ -296,6 +296,9 @@ extern int cupsdCheckProgram(const char *filename, cupsd_printer_t *p); + extern int cupsdDefaultAuthType(void); + extern void cupsdFreeAliases(cups_array_t *aliases); + extern char *cupsdGetDateTime(struct timeval *t, cupsd_time_t format); ++extern int cupsdLogClient(cupsd_client_t *con, int level, ++ const char *message, ...) ++ __attribute__((__format__(__printf__, 3, 4))); + extern void cupsdLogFCMessage(void *context, _cups_fc_result_t result, + const char *message); + #ifdef HAVE_GSSAPI +diff --git a/scheduler/log.c b/scheduler/log.c +index 4ecd6b5..1dcb12a 100644 +--- a/scheduler/log.c ++++ b/scheduler/log.c +@@ -464,6 +464,59 @@ cupsdLogGSSMessage( + } + #endif /* HAVE_GSSAPI */ + ++/* ++ * 'cupsdLogClient()' - Log a client message. ++ */ ++ ++int /* O - 1 on success, 0 on error */ ++cupsdLogClient(cupsd_client_t *con, /* I - Client connection */ ++ int level, /* I - Log level */ ++ const char *message, /* I - Printf-style message string */ ++ ...) /* I - Additional arguments as needed */ ++{ ++ va_list ap, ap2; /* Argument pointers */ ++ char clientmsg[1024];/* Format string for client message */ ++ int status; /* Formatting status */ ++ ++ ++ /* ++ * See if we want to log this message... ++ */ ++ ++ if (TestConfigFile || !ErrorLog) ++ return (1); ++ ++ if (level > LogLevel) ++ return (1); ++ ++ /* ++ * Format and write the log message... ++ */ ++ ++ if (con) ++ snprintf(clientmsg, sizeof(clientmsg), "[Client %d] %s", con->number, ++ message); ++ else ++ strlcpy(clientmsg, message, sizeof(clientmsg)); ++ ++ va_start(ap, message); ++ ++ do ++ { ++ va_copy(ap2, ap); ++ status = format_log_line(clientmsg, ap2); ++ va_end(ap2); ++ } ++ while (status == 0); ++ ++ va_end(ap); ++ ++ if (status > 0) ++ return (cupsdWriteErrorLog(level, log_line)); ++ else ++ return (cupsdWriteErrorLog(CUPSD_LOG_ERROR, ++ "Unable to allocate memory for log line.")); ++} + + /* + * 'cupsdLogJob()' - Log a job message. +-- +2.39.3 + diff --git a/cups.spec b/cups.spec index 6b1f198..36730f5 100644 --- a/cups.spec +++ b/cups.spec @@ -18,7 +18,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 1.6.3 -Release: 52%{?dist} +Release: 52%{?dist}.1 License: GPLv2 Group: System Environment/Daemons Url: http://www.cups.org/ @@ -122,6 +122,7 @@ Patch82: cups-memory-consumption.patch Patch83: cups-cupsdsavejob-sigsegv.patch Patch84: cups-cve-rebound-fix.patch Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch +Patch86: cups-CVE-2025-58060.patch Patch100: cups-lspp.patch @@ -444,6 +445,7 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch84 -p1 -b .cve-rebound-fix # CVE-2023-32360 cups: Information leak through Cups-Get-Document operation %patch85 -p1 -b .get-document-auth +%patch86 -p1 -b .CVE-2025-58060 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in @@ -852,6 +854,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Wed Dec 03 2025 zhuhongbo - 1:1.6.3-52.1 +- cve: fix cve CVE-2025-58060 + * Tue Aug 15 2023 Bryan Mason - 1:1.6.3-52 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation -- Gitee