several fixes

debian/changelog

@@ -1,3 +1,15 @@
+cups (2.4.2-5deepin4) unstable; urgency=medium
+
+  * Format debian/patches.
+  * Set Author to Zdenek Dohnal in debian/patches/0013-CVE-2023-32324.patch
+  * 0023-Fix-OpenSSL-crash-bug-tls-pointer-wasn-t-cleared-aft.patch
+  * CVE-2024-35235
+  * regression of fix for CVE-2024-35235
+  * CVE-2025-58060
+  * CVE-2025-58364
+
+ -- Tianyu Chen <sweetyfish@deepin.org>  Mon, 15 Sep 2025 10:30:43 +0800
+
 cups (2.4.2-5deepin3) unstable; urgency=medium
 
   * Fix bug

debian/patches/0001-fix-Refactor-part-of-server-settings-code.patch

@@ -1,5 +1,4 @@
-From fd2567c66b7f38e1d9f2608d5de91f6a9ddd962a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=88=98=E8=8E=89?= <liuli@uniontech.com>
+From: =?utf-8?b?5YiY6I6J?= <liuli@uniontech.com>
 Date: Mon, 20 Jun 2022 16:39:30 +0800
 Subject: [PATCH] fix: Refactor part of server settings code
 
@@ -17,11 +16,11 @@ share_printers  remote_any   remote_admin  Listen      Browsering Location-/   L
 
 Change-Id: Id3347d31c1885397b5908a79c1a18e02300784a4
 ---
- cups/adminutil.c | 193 ++++++++++++++---------------------------------
+ cups/adminutil.c | 193 ++++++++++++++++---------------------------------------
  1 file changed, 57 insertions(+), 136 deletions(-)
 
 diff --git a/cups/adminutil.c b/cups/adminutil.c
-index d66918cb7..ccb669a5d 100644
+index d66918c..ccb669a 100644
 --- a/cups/adminutil.c
 +++ b/cups/adminutil.c
 @@ -1,7 +1,7 @@
@@ -421,6 +420,3 @@ index d66918cb7..ccb669a5d 100644
 
     /*
      * Save the new values...
--- 
-2.20.1
-

debian/patches/0002-CVE-2023-4504.patch

@@ -1,4 +1,3 @@
-From 61ecf34f141cf792814717d7a102f512920c734c Mon Sep 17 00:00:00 2001
 From: Thorsten Alteholz <debian@alteholz.de>
 Date: Wed, 20 Sep 2023 04:55:44 +0200
 Subject: [PATCH] CVE-2023-4504
@@ -9,10 +8,10 @@ Change-Id: I6bd8eef98676057722d9b35e58045642b491431d
  1 file changed, 13 insertions(+), 1 deletion(-)
 
 diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
-index 8727ad576..473d73367 100644
+index fbe52f3..89ef158 100644
 --- a/cups/raster-interpret.c
 +++ b/cups/raster-interpret.c
-@@ -1115,7 +1115,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
+@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
 
  	    cur ++;
 
@@ -33,6 +32,3 @@ index 8727ad576..473d73367 100644
  	      *valptr++ = '\b';
  	    else if (*cur == 'f')
  	      *valptr++ = '\f';
--- 
-2.20.1
-

debian/patches/0003-CVE-2023-32360.patch

@@ -1,4 +1,3 @@
-From 0f28d2acb84ff87ebb2b770946e64a6b7d3feac1 Mon Sep 17 00:00:00 2001
 From: Thorsten Alteholz <debian@alteholz.de>
 Date: Wed, 20 Sep 2023 04:56:47 +0200
 Subject: [PATCH] CVE-2023-32360
@@ -9,7 +8,7 @@ Change-Id: Ifd31ea60022da94db1f83b2ab33245377fd69094
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
-index b25884907..a07536f3e 100644
+index b258849..a07536f 100644
 --- a/conf/cupsd.conf.in
 +++ b/conf/cupsd.conf.in
 @@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
@@ -27,6 +26,3 @@ index b25884907..a07536f3e 100644
      Require user @OWNER @SYSTEM
      Order deny,allow
    </Limit>
--- 
-2.20.1
-

debian/patches/0004-check-colormodel-also-for-CMYK.patch

@@ -1,4 +1,3 @@
-From 15105e805ea7a8e50041f3026b9c9c924f3e86ee Mon Sep 17 00:00:00 2001
 From: Thorsten Alteholz <debian@alteholz.de>
 Date: Sat, 2 Dec 2023 00:00:38 +0100
 Subject: [PATCH] check colormodel also for CMYK
@@ -9,7 +8,7 @@ Change-Id: I83d593f217415c00fd32e4cbaf8c821796373090
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/scheduler/printers.c b/scheduler/printers.c
-index 4efa613f3..2fbdaad5b 100644
+index 4efa613..2fbdaad 100644
 --- a/scheduler/printers.c
 +++ b/scheduler/printers.c
 @@ -4509,7 +4509,7 @@ load_ppd(cupsd_printer_t *p)		/* I - Printer */
@@ -21,6 +20,3 @@ index 4efa613f3..2fbdaad5b 100644
            p->num_options = cupsAddOption("print-color-mode", "monochrome", p->num_options, &p->options);
        }
      }
--- 
-2.20.1
-

debian/patches/0005-feat-enable-lpd-to-encode-title.patch

@@ -1,16 +1,15 @@
-From 5e5615eec66839b24306e0f4b117b726cef8ae8c Mon Sep 17 00:00:00 2001
 From: LIU Li <liuli@uniontech.com>
 Date: Thu, 6 Jun 2024 10:40:03 +0800
 Subject: [PATCH] feat: enable lpd to encode title
 
 Signed-off-by: LIU Li <liuli@uniontech.com>
 Change-Id: I93edcea9103926db3cc8ea1e865bd5ee514f6d78
 ---
- backend/lpd.c | 202 +++++++++++++++++++++++++++++++++++++++++++++++++-
+ backend/lpd.c | 202 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
  1 file changed, 200 insertions(+), 2 deletions(-)
 
 diff --git a/backend/lpd.c b/backend/lpd.c
-index c4aab8b98..7bb4269ac 100644
+index c4aab8b..7bb4269 100644
 --- a/backend/lpd.c
 +++ b/backend/lpd.c
 @@ -32,6 +32,7 @@
@@ -267,6 +266,3 @@ index c4aab8b98..7bb4269ac 100644
 
  /*
   * 'lpd_command()' - Send an LPR command sequence and wait for a reply.
--- 
-2.20.1
-

debian/patches/0006-fixed-CVE-2024-47175.patch

@@ -1,4 +1,3 @@
-From 3cc9627beec09bd6516de8ec287e7c74fec3a694 Mon Sep 17 00:00:00 2001
 From: angie_j_dou <doucaixia@uniontech.com>
 Date: Sat, 28 Sep 2024 12:12:46 +0800
 Subject: [PATCH] fixed: CVE-2024-47175
@@ -8,11 +7,11 @@ Subject: [PATCH] fixed: CVE-2024-47175
 Logs:
 Change-Id: Ieb8ab6bebd369aecb1ab9788dcd480ddaab62997
 ---
- cups/ppd-cache.c | 153 +++++++++++++++++++++++++++++++++++++----------
+ cups/ppd-cache.c | 153 ++++++++++++++++++++++++++++++++++++++++++++-----------
  1 file changed, 123 insertions(+), 30 deletions(-)
 
 diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
-index 886181319..05babe983 100644
+index 8861813..05babe9 100644
 --- a/cups/ppd-cache.c
 +++ b/cups/ppd-cache.c
 @@ -42,6 +42,7 @@ static void	pwg_ppdize_resolution(ipp_attribute_t *attr, int element, int *xres,
@@ -289,6 +288,3 @@ index 886181319..05babe983 100644
 +  }
 +  cupsFilePuts(fp, ": \"\"\n");
 +}
--- 
-2.20.1
-

debian/patches/0007-Feat-add-audit-log-to-CUPS.patch

@@ -1,21 +1,20 @@
-From c224a7dff8fb6d03d34fb1bf8085dd6fffaf293a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=88=98=E8=8E=89?= <liuli@uniontech.com>
+From: =?utf-8?b?5YiY6I6J?= <liuli@uniontech.com>
 Date: Tue, 12 Jul 2022 15:14:53 +0800
 Subject: [PATCH] Feat: add audit log to CUPS
 MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
+Content-Type: text/plain; charset="utf-8"
 Content-Transfer-Encoding: 8bit
 
 log to /var/log/cups/os_audit.log
 
 Signed-off-by: 刘莉 <liuli@uniontech.com>
 Change-Id: I9e3ee7176b158a381db9274f11aeb34ab5bc62b9
 ---
- scheduler/subscriptions.c | 160 +++++++++++++++++++++++++++++++++++++-
+ scheduler/subscriptions.c | 160 ++++++++++++++++++++++++++++++++++++++++++++--
  1 file changed, 156 insertions(+), 4 deletions(-)
 
 diff --git a/scheduler/subscriptions.c b/scheduler/subscriptions.c
-index 2dbb28f85..0bcdfe457 100644
+index 2dbb28f..0bcdfe4 100644
 --- a/scheduler/subscriptions.c
 +++ b/scheduler/subscriptions.c
 @@ -39,8 +39,157 @@ static void	cupsd_send_notification(cupsd_subscription_t *sub,
@@ -204,6 +203,3 @@ index 2dbb28f85..0bcdfe457 100644
 
        ippAddString(temp->attrs, IPP_TAG_EVENT_NOTIFICATION, IPP_TAG_TEXT,
  		   "notify-text", NULL, ftext);
--- 
-2.20.1
-

debian/patches/0013-CVE-2023-32324.patch

@@ -1,6 +1,6 @@
-From: Thorsten Alteholz <debian@alteholz.de>
-Date: Wed, 31 May 2023 23:08:29 +0200
-Subject: CVE-2023-32324
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 1 Jun 2023 12:04:00 +0200
+Subject: cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
 
 ---
  cups/string.c | 3 +++

debian/patches/0017-Compatible-with-printer-driver-which-runs-on-V20.patch

@@ -1,4 +1,3 @@
-From 6fb8a6f40e09b068780ac7ecdf0b68886015096e Mon Sep 17 00:00:00 2001
 From: reddevillg <reddevillg@gmail.com>
 Date: Wed, 4 Dec 2024 15:28:30 +0800
 Subject: [PATCH] Compatible with printer driver which runs on V20
@@ -7,11 +6,11 @@ If deepin-compatible-ctl exist, use it to run external process.
 
 Change-Id: Ifa668bb6dae6f6ff311dd2ec43a68737b8885516
 ---
- scheduler/process.c | 47 ++++++++++++++++++++++++++++++++-------------
+ scheduler/process.c | 47 ++++++++++++++++++++++++++++++++++-------------
  1 file changed, 34 insertions(+), 13 deletions(-)
 
 diff --git a/scheduler/process.c b/scheduler/process.c
-index 1492e767d..b2158d4e4 100644
+index 1492e76..b2158d4 100644
 --- a/scheduler/process.c
 +++ b/scheduler/process.c
 @@ -478,7 +478,10 @@ cupsdStartProcess(
@@ -87,6 +86,3 @@ index 1492e767d..b2158d4e4 100644
    }
 
    if (LogLevel == CUPSD_LOG_DEBUG2)
--- 
-2.20.1
-

debian/patches/0023-Fix-OpenSSL-crash-bug-tls-pointer-wasn-t-cleared-aft.patch

@@ -0,0 +1,22 @@
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Tue, 7 Jun 2022 13:45:29 -0400
+Subject: Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing
+ it (Issue #409)
+
+---
+ cups/tls-openssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
+index c3e5774..6db9f8a 100644
+--- a/cups/tls-openssl.c
++++ b/cups/tls-openssl.c
+@@ -1152,6 +1152,8 @@ _httpTLSStop(http_t *http)		// I - Connection to server
+   SSL_shutdown(http->tls);
+   SSL_CTX_free(context);
+   SSL_free(http->tls);
++
++  http->tls = NULL;
+ }
+
+

debian/patches/0024-Fix-domain-socket-handling-fixes-CVE-2024-35235.patch

@@ -0,0 +1,96 @@
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Tue, 11 Jun 2024 16:19:11 +0200
+Subject: Fix domain socket handling (fixes CVE-2024-35235)
+
+- Check status of unlink and bind system calls.
+- Don't allow extra domain sockets when running from launchd/systemd.
+- Validate length of domain socket path (< sizeof(sun_path))
+
+Fixes CVE-2024-35235, written by Mike Sweet
+---
+ cups/http-addr.c | 36 +++++++++++++++++++-----------------
+ scheduler/conf.c | 20 ++++++++++++++++++++
+ 2 files changed, 39 insertions(+), 17 deletions(-)
+
+diff --git a/cups/http-addr.c b/cups/http-addr.c
+index 114a644..3d3b6b9 100644
+--- a/cups/http-addr.c
++++ b/cups/http-addr.c
+@@ -206,27 +206,29 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
+     * Remove any existing domain socket file...
+     */
+
+-    unlink(addr->un.sun_path);
+-
+-   /*
+-    * Save the current umask and set it to 0 so that all users can access
+-    * the domain socket...
+-    */
+-
+-    mask = umask(0);
++    if ((status = unlink(addr->un.sun_path)) < 0)
++    {
++      DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+
+-   /*
+-    * Bind the domain socket...
+-    */
++      if (errno == ENOENT)
++	status = 0;
++    }
+
+-    status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
++    if (!status)
++    {
++      // Save the current umask and set it to 0 so that all users can access
++      // the domain socket...
++      mask = umask(0);
+
+-   /*
+-    * Restore the umask and fix permissions...
+-    */
++      // Bind the domain socket...
++      if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
++      {
++	DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
++      }
+
+-    umask(mask);
+-    chmod(addr->un.sun_path, 0140777);
++      // Restore the umask...
++      umask(mask);
++    }
+   }
+   else
+ #endif /* AF_LOCAL */
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index cb49078..fc0cec7 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -3076,6 +3076,26 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+       cupsd_listener_t	*lis;		/* New listeners array */
+
+
++     /*
++      * If we are launched on-demand, do not use domain sockets from the config
++      * file.  Also check that the domain socket path is not too long...
++      */
++
++#ifdef HAVE_ONDEMAND
++      if (*value == '/' && OnDemand)
++      {
++        if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
++          cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
++        continue;
++      }
++#endif // HAVE_ONDEMAND
++
++      if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
++      {
++        cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
++        continue;
++      }
++
+      /*
+       * Get the address list...
+       */