From b3c8dda8d969d90831481357bfc6ad3ad4591826 Mon Sep 17 00:00:00 2001 From: eaglegai Date: Mon, 8 Dec 2025 09:56:00 +0800 Subject: [PATCH] fix-an-infinite-loop-issue-in-GTK --- ...er-fix-an-infinite-loop-issue-in-GTK.patch | 39 +++++++++++++++++++ cups.spec | 6 ++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-58436-after-fix-an-infinite-loop-issue-in-GTK.patch diff --git a/backport-CVE-2025-58436-after-fix-an-infinite-loop-issue-in-GTK.patch b/backport-CVE-2025-58436-after-fix-an-infinite-loop-issue-in-GTK.patch new file mode 100644 index 0000000..b07c7f7 --- /dev/null +++ b/backport-CVE-2025-58436-after-fix-an-infinite-loop-issue-in-GTK.patch @@ -0,0 +1,39 @@ +From 2dc021f33a3ea358c9f5c5c54643adc4c46a84a1 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 3 Dec 2025 07:25:30 -0500 +Subject: [PATCH] Fix an infinite loop issue in GTK+ (Issue #1439) + +--- + CHANGES.md | 1 + + cups/http.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +Conflict:adjust context in CHANGES.md +Reference:https://github.com/OpenPrinting/cups/commit/2dc021f33a3ea358c9f5c5c54643adc4c46a84a1 + + +diff --git a/CHANGES.md b/CHANGES.md +index df89f2d28..da97b4c0a 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -10,6 +10,7 @@ Changes in CUPS v2.4.16 (YYYY-MM-DD) + - Fixed purging job files via `cancel -x` (Issue #742) + - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) + - Fixed a bug in the PPD command interpretation code (Issue #768) ++- Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439) + + + Changes in CUPS v2.4.6 (2023-06-22) +diff --git a/cups/http.c b/cups/http.c +index 214e45158..31ed6ddc1 100644 +--- a/cups/http.c ++++ b/cups/http.c +@@ -2779,7 +2779,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ + /* See whether our read buffer is full... */ + DEBUG_printf(("2_httpUpdate: used=%d", http->used)); + +- if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer)) ++ if (http->used < sizeof(http->buffer)) + { + /* No, try filling in more data... */ + if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0) diff --git a/cups.spec b/cups.spec index 3b047ed..65df2e1 100644 --- a/cups.spec +++ b/cups.spec @@ -3,7 +3,7 @@ Name: cups Epoch: 1 Version: 2.4.7 -Release: 9 +Release: 10 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 Url: https://openprinting.github.io/cups/ @@ -38,6 +38,7 @@ Patch6013: backport-CVE-2025-58060.patch Patch6014: backport-CVE-2025-58364.patch Patch6015: backport-CVE-2025-58436.patch Patch6016: backport-CVE-2025-61915.patch +Patch6017: backport-CVE-2025-58436-after-fix-an-infinite-loop-issue-in-GTK.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -429,6 +430,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc README.md CREDITS.md CHANGES.md %changelog +* Mon Dec 08 2025 gaihuiying - 1:2.4.7-10 +- fix an infinite loop issue in GTK + * Mon Dec 01 2025 Funda Wang - 1:2.4.7-9 - fix CVE-2025-61915 -- Gitee