cups: update to 2.4.11

There are several CVEs targeting the CUPS software, some of them for various subpackages such as cups-browsed, or libppd. These subpackages often borrow lots of code from the mainline CUPS package, causing CVEs to be theoretically applicable in both places. These CVEs can be combined and exploited for remote command execution as described in https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ These CVEs for CUPS and various CUPS related packages include: - CVE-2024-47176 - CVE-2024-47076 - CVE-2024-47175 - CVE-2024-47177 While Photon is *NOT* at risk of this particular exploit chain, because we don't have the cups-browsed service, CVEs such as CVE-2024-47175 which applies to libppd also affects the same code in mainline CUPS and should be patched. There are 5 commits needed to remediate this exploit in mainline CUPS, as described in https://www.openwall.com/lists/oss-security/2024/09/27/3 Update to the latest subversion 2.4.11 in order to consume these fixes. Change-Id: Ieff8b832dfeb1004c1dcd3b7dd93b0c834a88ffd Reviewed-on: http://photon-gerrit.lvn.broadcom.net/c/photon/+/24932 Reviewed-by: Harinadh Dommaraju <harinadh.dommaraju@broadcom.com> Reviewed-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> Tested-by: gerrit-photon <svc.photon-ci@broadcom.com>
vmware · Dec 17, 2024 · d007e98 · d007e98
1 parent af3c100
commit d007e98
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/SPECS/cups/cups.spec b/SPECS/cups/cups.spec
@@ -1,15 +1,15 @@
 Summary:        The Common UNIX Printing System
 Name:           cups
-Version:        2.4.7
-Release:        4%{?dist}
+Version:        2.4.11
+Release:        1%{?dist}
 License:        LGPLv2+
 URL:            https://openprinting.github.io/cups
 Group:          System Environment/Libraries
 Vendor:         VMware, Inc.
 Distribution:   Photon
 
-Source0:        https://github.com/OpenPrinting/cups/releases/download/v%{version}/cups-%{version}.tar.gz
-%define sha512  %{name}=27ca505a2868aa7bc248bac892aafe2a837633e73b6059d3ab4812264e3b0e786ef075751e8cc4300ce6bc43ef095e3d77dd3fce88ce8e72ca69b65093427bca
+Source0:        https://github.com/OpenPrinting/cups/releases/download/v%{version}/cups-%{version}-source.tar.gz
+%define sha512  %{name}=5868f069cb5eaa5c74e703ed7773914376fb819ebabd7881df8726092eab390c8a1db75c4d08377a836a87807765ad2c16a15b406ab0580fdda2b176e2da3162
 
 BuildRequires:  automake
 BuildRequires:  dbus-devel
@@ -91,6 +91,8 @@ rm -rf %{buildroot}/*
 %{_libdir}/pkgconfig/cups.pc
 
 %changelog
+* Tue Dec 10 2024 Brennan Lamoreaux <brennan.lamoreaux@broadcom.com> 2.4.11-1
+- Update to latest version
 * Wed Feb 07 2024 Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> 2.4.7-4
 - Bump version as a part of dbus upgrade
 * Fri Nov 24 2023 Shreenidhi Shedi <sshedi@vmware.com> 2.4.7-3

diff --git a/SPECS/gtk3/gtk3.spec b/SPECS/gtk3/gtk3.spec
@@ -1,7 +1,7 @@
 Summary:        GUI library.
 Name:           gtk3
 Version:        3.23.3
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        LGPLv2+
 URL:            http://www.gtk.org
 Group:          System Environment/Libraries
@@ -160,6 +160,8 @@ rm -rf %{buildroot}/*
 %{_sysconfdir}/gtk-3.0/
 
 %changelog
+* Mon Dec 16 2024 Brennan Lamoreaux <brennan.lamoreaux@broadcom.com> 3.23.3-10
+- Bump version as part of cups upgrade
 * Thu Mar 28 2024 Ashwin Dayanand Kamat <ashwin.kamat@broadcom.com> 3.23.3-9
 - Bump version as a part of libxml2 upgrade
 * Tue Feb 20 2024 Ashwin Dayanand Kamat <ashwin.kamat@broadcom.com> 3.23.3-8

diff --git a/SPECS/openjdk/openjdk11.spec b/SPECS/openjdk/openjdk11.spec
@@ -5,7 +5,7 @@
 Summary:        OpenJDK
 Name:           openjdk11
 Version:        11.0.20
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GNU General Public License V2
 URL:            https://github.com/openjdk/jdk11u
 Group:          Development/Tools
@@ -246,6 +246,8 @@ rm -rf %{buildroot}/* %{_libdir}/jvm/OpenJDK-*
 %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/lib/src.zip
 
 %changelog
+* Mon Dec 16 2024 Brennan Lamoreaux <brennan.lamoreaux@broadcom.com> 11.0.20-7
+- Version bump as a part of cups upgrade
 * Fri Sep 29 2023 Srish Srinivasan <ssrish@vmware.com> 11.0.20-6
 - Version bump as a part of cups upgrade
 * Mon Sep 04 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 11.0.20-5

diff --git a/SPECS/openjdk/openjdk17.spec b/SPECS/openjdk/openjdk17.spec
@@ -5,7 +5,7 @@
 Summary:    OpenJDK
 Name:       openjdk17
 Version:    17.0.8
-Release:    2%{?dist}
+Release:    3%{?dist}
 License:    GNU General Public License V2
 URL:        https://github.com/openjdk/jdk17u
 Group:      Development/Tools
@@ -231,6 +231,8 @@ rm -rf %{buildroot}/* %{_libdir}/jvm/OpenJDK-*
 %{_libdir}/jvm/OpenJDK-%{jdk_major_version}/lib/src.zip
 
 %changelog
+* Mon Dec 16 2024 Brennan Lamoreaux <brennan.lamoreaux@broadcom.com> 17.0.8-3
+- Version bump as a part of cups upgrade
 * Fri Sep 29 2023 Srish Srinivasan <ssrish@vmware.com> 17.0.8-2
 - Version bump as a part of cups upgrade
 * Wed Aug 23 2023 Shreenidhi Shedi <sshedi@vmware.com> 17.0.8-1