From 1d5b1e1dd387f0ba007449c98d8d1f90ae2a2db1 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Sat, 28 Sep 2024 03:30:29 +0300 Subject: [PATCH] import cups-filters-1.28.7-17.el9_4 --- ...location-from-server-if-available-ot.patch | 29 ++ ...ibutes5-Validate-response-attributes.patch | 19 + SOURCES/cups-filters-CVE-2024-47175.patch | 376 ++++++++++++++++++ SPECS/cups-filters.spec | 37 +- 4 files changed, 456 insertions(+), 5 deletions(-) create mode 100644 SOURCES/0001-Use-description-location-from-server-if-available-ot.patch create mode 100644 SOURCES/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch create mode 100644 SOURCES/cups-filters-CVE-2024-47175.patch diff --git a/SOURCES/0001-Use-description-location-from-server-if-available-ot.patch b/SOURCES/0001-Use-description-location-from-server-if-available-ot.patch new file mode 100644 index 0000000..8cdf96a --- /dev/null +++ b/SOURCES/0001-Use-description-location-from-server-if-available-ot.patch @@ -0,0 +1,29 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index d4396d7..6dba2ed 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -8793,6 +8793,10 @@ gboolean update_cups_queues(gpointer unused) { + IPP_PRINTER_IDLE); + /* ... and accepting jobs */ + ippAddBoolean(request, IPP_TAG_PRINTER, "printer-is-accepting-jobs", 1); ++ // Location (only if the remote server actually provides a location string) ++ if (p->location && p->location[0]) ++ ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, ++ "printer-location", NULL, p->location); + num_options = 0; + options = NULL; + /* Device URI: ipp(s)://:631/printers/ +@@ -8808,6 +8812,13 @@ gboolean update_cups_queues(gpointer unused) { + num_options = cupsAddOption(p->options[i].name, + p->options[i].value, + num_options, &options); ++ ++ // Description (only if the remote server actually provides a description ++ // string) ++ if (p->info && p->info[0]) ++ num_options = cupsAddOption("printer-info", p->info, ++ num_options, &options); ++ + /* Encode option list into IPP attributes */ + cupsEncodeOptions2(request, num_options, options, IPP_TAG_OPERATION); + cupsEncodeOptions2(request, num_options, options, IPP_TAG_PRINTER); diff --git a/SOURCES/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch b/SOURCES/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch new file mode 100644 index 0000000..fde51bd --- /dev/null +++ b/SOURCES/0001-cfGetPrinterAttributes5-Validate-response-attributes.patch @@ -0,0 +1,19 @@ +diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c +index 2c3b740..6b2b784 100644 +--- a/cupsfilters/ipp.c ++++ b/cupsfilters/ipp.c +@@ -377,6 +377,14 @@ get_printer_attributes5(http_t *http_printer, + total_attrs); + ippDelete(response); + } else { ++ ++ // Check if the response is valid ++ if (!ippValidateAttributes(response)) ++ { ++ ippDelete(response); ++ response = NULL; ++ } ++ + /* Suitable response, we are done */ + if (have_http == 0) httpClose(http_printer); + if (uri) free(uri); diff --git a/SOURCES/cups-filters-CVE-2024-47175.patch b/SOURCES/cups-filters-CVE-2024-47175.patch new file mode 100644 index 0000000..215cd65 --- /dev/null +++ b/SOURCES/cups-filters-CVE-2024-47175.patch @@ -0,0 +1,376 @@ +diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c +index 4e16383..1f3a7d8 100644 +--- a/cupsfilters/ppdgenerator.c ++++ b/cupsfilters/ppdgenerator.c +@@ -92,6 +92,7 @@ typedef struct _pwg_finishings_s /**** PWG finishings mapping data ****/ + static void pwg_ppdize_name(const char *ipp, char *name, size_t namesize); + static void pwg_ppdize_resolution(ipp_attribute_t *attr, int element, + int *xres, int *yres, char *name, size_t namesize); ++static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid); + + /* + * '_cupsSetError()' - Set the last PPD generator status-message. +@@ -1581,9 +1582,10 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + ipp_t *media_col, /* Media collection */ + *media_size; /* Media size collection */ + char make[256], /* Make and model */ +- *model, /* Model name */ ++ *mptr, // Pointer into make and model + ppdname[PPD_MAX_NAME]; + /* PPD keyword */ ++ const char *model; /* Model name */ + int i, j, /* Looping vars */ + count = 0, /* Number of values */ + bottom, /* Largest bottom margin */ +@@ -1663,6 +1665,68 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + return (NULL); + } + ++ // ++ // Get a sanitized make and model... ++ // ++ ++ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr)) ++ { ++ // Sanitize the model name to only contain PPD-safe characters. ++ strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); ++ ++ for (mptr = make; *mptr; mptr ++) ++ { ++ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"') ++ { ++ // Truncate the make and model on the first bad character... ++ *mptr = '\0'; ++ break; ++ } ++ } ++ ++ while (mptr > make) ++ { ++ // Strip trailing whitespace... ++ mptr --; ++ if (*mptr == ' ') ++ *mptr = '\0'; ++ } ++ ++ if (!make[0]) ++ { ++ // Use a default make and model if nothing remains... ++ strlcpy(make, "Unknown", sizeof(make)); ++ } ++ } ++ else ++ { ++ // Use a default make and model... ++ strlcpy(make, "Unknown", sizeof(make)); ++ } ++ ++ if (!strncasecmp(make, "Hewlett Packard ", 16) || !strncasecmp(make, "Hewlett-Packard ", 16)) ++ { ++ // Normalize HP printer make and model... ++ model = make + 16; ++ strlcpy(make, "HP", sizeof(make)); ++ ++ if (!strncasecmp(model, "HP ", 3)) ++ model += 3; ++ } ++ else if ((mptr = strchr(make, ' ')) != NULL) ++ { ++ // Separate "MAKE MODEL"... ++ while (*mptr && *mptr == ' ') ++ *mptr++ = '\0'; ++ ++ model = mptr; ++ } ++ else ++ { ++ // No separate model name... ++ model = "Printer"; ++ } ++ + /* + * Standard stuff for PPD file... + */ +@@ -1682,24 +1746,6 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + ippContainsString(attr, "faxout")) + is_fax = 1; + +- if ((attr = ippFindAttribute(response, "printer-make-and-model", +- IPP_TAG_TEXT)) != NULL) +- strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); +- else if (make_model && make_model[0] != '\0') +- strlcpy(make, make_model, sizeof(make)); +- else +- strlcpy(make, "Unknown Printer", sizeof(make)); +- +- if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || +- !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) { +- model = make + 16; +- strlcpy(make, "HP", sizeof(make)); +- } +- else if ((model = strchr(make, ' ')) != NULL) +- *model++ = '\0'; +- else +- model = make; +- + cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); + cupsFilePrintf(fp, "*ModelName: \"%s %s\"\n", make, model); + cupsFilePrintf(fp, "*Product: \"(%s %s)\"\n", make, model); +@@ -1796,14 +1842,11 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + cupsFilePuts(fp, "*cupsSNMPSupplies: False\n"); + cupsFilePuts(fp, "*cupsLanguages: \"en\"\n"); + +- if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != +- NULL) ++ if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) + cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); + +- if ((attr = ippFindAttribute(response, "printer-charge-info-uri", +- IPP_TAG_URI)) != NULL) +- cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, +- NULL)); ++ if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) ++ cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); + + /* Message catalogs for UI strings */ + if (opt_strings_catalog == NULL) { +@@ -1811,7 +1854,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + load_opt_strings_catalog(NULL, opt_strings_catalog); + } + if ((attr = ippFindAttribute(response, "printer-strings-uri", +- IPP_TAG_URI)) != NULL) { ++ IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) ++ { + printer_opt_strings_catalog = optArrayNew(); + load_opt_strings_catalog(ippGetString(attr, 0, NULL), + printer_opt_strings_catalog); +@@ -2553,13 +2597,15 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + break; + } + if (j >= 0) +- cupsFilePrintf(fp, "*InputSlot %s/%s: \"<>setpagedevice\"\n", +- ppdname, human_readable, j); ++ { ++ cupsFilePrintf(fp, "*InputSlot %s: \"<>setpagedevice\"\n", ppdname, j); ++ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable); ++ } + else +- cupsFilePrintf(fp, "*InputSlot %s%s%s: \"\"\n", +- ppdname, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ { ++ cupsFilePrintf(fp, "*InputSlot %s%s%s:\"\"\n", ppdname, human_readable ? "/" : "", human_readable ? human_readable : ""); ++ ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable); ++ } + } + cupsFilePuts(fp, "*CloseUI: *InputSlot\n"); + } +@@ -2743,11 +2789,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, media_types[j][1]); + break; + } +- cupsFilePrintf(fp, "*MediaType %s%s%s: \"<>setpagedevice\"\n", +- ppdname, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : ""), +- ppdname); ++ cupsFilePrintf(fp, "*MediaType %s: \"<>setpagedevice\"\n", ppdname, ppdname); ++ ppd_put_string(fp, lang, "MediaType", ppdname, human_readable); + } + cupsFilePuts(fp, "*CloseUI: *MediaType\n"); + } +@@ -3184,10 +3227,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, output_bins[j][1]); + break; + } +- cupsFilePrintf(fp, "*OutputBin %s%s%s: \"\"\n", +- ppdname, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname); ++ ppd_put_string(fp, lang, "OutputBin", ppdname, human_readable); + outputorderinfofound = 0; + faceupdown = 1; + firsttolast = 1; +@@ -3425,9 +3466,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, finishings[j][1]); + break; + } +- cupsFilePrintf(fp, "*StapleLocation %s%s%s: \"\"\n", ppd_keyword, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword); ++ ppd_put_string(fp, lang, "StapleLocation", ppd_keyword, human_readable); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", + value, keyword, ppd_keyword); + } +@@ -3518,9 +3558,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, finishings[j][1]); + break; + } +- cupsFilePrintf(fp, "*FoldType %s%s%s: \"\"\n", ppd_keyword, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword); ++ ppd_put_string(fp, lang, "FoldType", ppd_keyword, human_readable); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", + value, keyword, ppd_keyword); + } +@@ -3618,9 +3657,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, finishings[j][1]); + break; + } +- cupsFilePrintf(fp, "*PunchMedia %s%s%s: \"\"\n", ppd_keyword, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword); ++ ppd_put_string(fp, lang, "PunchMedia", ppd_keyword, human_readable); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", + value, keyword, ppd_keyword); + } +@@ -3711,9 +3749,8 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + human_readable = (char *)_cupsLangString(lang, finishings[j][1]); + break; + } +- cupsFilePrintf(fp, "*CutMedia %s%s%s: \"\"\n", ppd_keyword, +- (human_readable ? "/" : ""), +- (human_readable ? human_readable : "")); ++ cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword); ++ ppd_put_string(fp, lang, "CutMedia", ppd_keyword, human_readable); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", + value, keyword, ppd_keyword); + } +@@ -3759,8 +3796,9 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + printer_opt_strings_catalog); + if (human_readable == NULL) + human_readable = (char *)keyword; +- cupsFilePrintf(fp, "*cupsFinishingTemplate %s/%s: \"\n", keyword, +- human_readable); ++ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); ++ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); ++ ppd_put_string(fp, lang, "cupsFinishingTemplate", ppdname, human_readable); + for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; + finishing_attr = ippNextAttribute(finishing_col)) { + if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) { +@@ -4072,13 +4110,11 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + if (!preset || !preset_name) + continue; + +- if ((localized_name = lookup_option((char *)preset_name, +- opt_strings_catalog, +- printer_opt_strings_catalog)) == NULL) +- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name); +- else +- cupsFilePrintf(fp, "*APPrinterPreset %s/%s: \"\n", preset_name, +- localized_name); ++ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); ++ ++ localized_name = lookup_option((char *)preset_name, opt_strings_catalog, printer_opt_strings_catalog); ++ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname); ++ ppd_put_string(fp, lang, "APPrinterPreset", ppdname, localized_name); + + for (member = ippFirstAttribute(preset); member; + member = ippNextAttribute(preset)) { +@@ -4119,7 +4155,10 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + ippGetString(ippFindAttribute(fin_col, + "finishing-template", + IPP_TAG_ZERO), 0, NULL)) != NULL) +- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword); ++ { ++ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); ++ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname); ++ } + } + } else if (!strcmp(member_name, "media")) { + /* +@@ -4152,14 +4191,14 @@ ppdCreateFromIPP2(char *buffer, /* I - Filename buffer */ + IPP_TAG_ZERO), 0, + NULL)) != NULL) { + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); +- cupsFilePrintf(fp, "*InputSlot %s\n", keyword); ++ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname); + } + + if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", + IPP_TAG_ZERO), 0, + NULL)) != NULL) { + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); +- cupsFilePrintf(fp, "*MediaType %s\n", keyword); ++ cupsFilePrintf(fp, "*MediaType %s\n", ppdname); + } + } else if (!strcmp(member_name, "print-quality")) { + /* +@@ -4422,15 +4461,28 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ + *end; /* End of name buffer */ + + ++ if (!ipp || !_cups_isalnum(*ipp)) ++ { ++ *name = '\0'; ++ return; ++ } ++ + *name = (char)toupper(*ipp++); + + for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;) { +- if (*ipp == '-') { ++ if (*ipp == '-' && isalnum(ipp[1])) ++ { + ipp ++; +- if (_cups_isalpha(*ipp)) +- *ptr++ = (char)toupper(*ipp++ & 255); +- } else ++ *ptr++ = (char)toupper(*ipp++ & 255); ++ } ++ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || isalnum(*ipp)) ++ { + *ptr++ = *ipp++; ++ } ++ else ++ { ++ ipp ++; ++ } + } + + *ptr = '\0'; +@@ -4467,4 +4519,39 @@ pwg_ppdize_resolution( + snprintf(name, namesize, "%dx%ddpi", *xres, *yres); + } + } ++ ++ ++/* ++ * 'ppd_put_strings()' - Write localization attributes to a PPD file. ++ */ ++ ++static void ++ppd_put_string(cups_file_t *fp, /* I - PPD file */ ++ cups_lang_t *lang, /* I - Language */ ++ const char *ppd_option,/* I - PPD option */ ++ const char *ppd_choice,/* I - PPD choice */ ++ const char *text) /* I - Localized text */ ++{ ++ if (!text) ++ return; ++ ++ // Add the first line of localized text... ++#if CUPS_VERSION_MAJOR > 2 ++ cupsFilePrintf(fp, "*%s.%s %s/", cupsLangGetName(lang), ppd_option, ppd_choice); ++#else ++ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); ++#endif // CUPS_VERSION_MAJOR > 2 ++ ++ while (*text && *text != '\n') ++ { ++ // Escape ":" and "<"... ++ if (*text == ':' || *text == '<') ++ cupsFilePrintf(fp, "<%02X>", *text); ++ else ++ cupsFilePutChar(fp, *text); ++ ++ text ++; ++ } ++ cupsFilePuts(fp, ": \"\"\n"); ++} + #endif /* HAVE_CUPS_1_6 */ diff --git a/SPECS/cups-filters.spec b/SPECS/cups-filters.spec index 8960309..c3ef3e8 100644 --- a/SPECS/cups-filters.spec +++ b/SPECS/cups-filters.spec @@ -11,7 +11,7 @@ Summary: OpenPrinting CUPS filters and backends Name: cups-filters Version: 1.28.7 -Release: 13%{?dist} +Release: 17%{?dist} # For a breakdown of the licensing, see COPYING file # GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*, @@ -40,6 +40,12 @@ Patch02: 0001-cups-browsed.c-Make-NotifLeaseDuration-configurable-.patch Patch03: 0001-libcupsfilters-Fix-page-range-like-10-in-pdftopdf-fi.patch # CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend Patch04: beh-cve2023.patch +# RHEL-16026 Cups Browsed does not correctly pull printer location and description information from print server +Patch05: 0001-Use-description-location-from-server-if-available-ot.patch +# CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file +Patch06: cups-filters-CVE-2024-47175.patch +# CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes +Patch07: 0001-cfGetPrinterAttributes5-Validate-response-attributes.patch # autogen.sh @@ -108,8 +114,6 @@ BuildRequires: systemd-rpm-macros %if 0%{?fedora} Recommends: nss-mdns %endif -# Avahi is needed for device discovery for newer (2012+) devices and its sharing - make it recommended -Recommends: avahi # ippfind is used in driverless backend, not needed classic PPD based print queue Recommends: cups-ipptool @@ -134,7 +138,6 @@ Requires: poppler-utils # cups-browsed # cups-browsed needs to have cups.service to run -Requires: cups Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -223,6 +226,7 @@ The package provides filters and cups-brf backend needed for braille printing. %else --disable-braille \ %endif + --with-browseremoteprotocols=none\ --with-remote-cups-local-queue-naming=RemoteName %make_build @@ -276,6 +280,14 @@ do fi done +# Set BrowseRemoteProtocols to none in light of CVE-2024-47176 +if ! grep -Fxq "# added by post scriptlet" %{_sysconfdir}/cups/cups-browsed.conf +then + cp %{_sysconfdir}/cups/cups-browsed.conf %{_sysconfdir}/cups/cups-browsed.conf.rpmsave + sed -i "s/^\s*BrowseRemoteProtocols.*/# added by post scriptlet\nBrowseRemoteProtocols none/" %{_sysconfdir}/cups/cups-browsed.conf +fi + + %preun %systemd_preun cups-browsed.service @@ -344,7 +356,7 @@ done %{_mandir}/man1/driverless.1.gz %{_mandir}/man5/cups-browsed.conf.5.gz %{_mandir}/man8/cups-browsed.8.gz -%config(noreplace) %{_sysconfdir}/cups/cups-browsed.conf +%config(noreplace) %verify(not size filedigest mtime) %{_sysconfdir}/cups/cups-browsed.conf %{_unitdir}/cups-browsed.service %files libs @@ -408,6 +420,21 @@ done %endif %changelog +* Fri Sep 27 2024 Zdenek Dohnal - 1.28.7-17 +- fix rpmverify error + +* Thu Sep 26 2024 Zdenek Dohnal - 1.28.7-16 +- CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file +- CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes +- CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source + +* Mon Feb 26 2024 Zdenek Dohnal - 1.28.7-15 +- RHEL-19201 redhat-lsb unnecessary pulls in cups and avahi dependencies + +* Wed Dec 20 2023 Zdenek Dohnal - 1.28.7-14 +- RHEL-19201 redhat-lsb unnecessary pulls in cups and avahi dependencies +- RHEL-16026 Cups Browsed does not correctly pull printer location and description information from print server + * Tue Aug 08 2023 Zdenek Dohnal - 1.28.7-13 - 2229784 - Add textonly driver back, but as lftocrlf