From d43cd9419d2cb01285c778489bc00ffc31eb0eba Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Nov 04 2021 11:43:27 +0000 Subject: no httpMD5 functions --- diff --git a/0001-cups-md5passwd.c-Stub-out-httpMD5-functions.patch b/0001-cups-md5passwd.c-Stub-out-httpMD5-functions.patch new file mode 100644 index 0000000..0acd3a5 --- /dev/null +++ b/0001-cups-md5passwd.c-Stub-out-httpMD5-functions.patch @@ -0,0 +1,120 @@ +From 3e217bff90829cf7d53ceacb553a7abaad3cb4db Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 Aug 2021 15:45:40 +0200 +Subject: [PATCH] cups/md5passwd.c: Stub out httpMD5* functions + +--- + CHANGES.md | 1 + + cups/md5passwd.c | 60 +++++++++++++++++++----------------------------- + 2 files changed, 25 insertions(+), 36 deletions(-) + +diff --git a/cups/md5passwd.c b/cups/md5passwd.c +index 9af5de23c..5c9a64e06 100644 +--- a/cups/md5passwd.c ++++ b/cups/md5passwd.c +@@ -19,6 +19,9 @@ + /* + * 'httpMD5()' - Compute the MD5 sum of the username:group:password. + * ++ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0 ++ * it produces an empty string. Please use @link cupsDoAuthentication@ instead. ++ * + * @deprecated@ + */ + +@@ -28,22 +31,13 @@ httpMD5(const char *username, /* I - User name */ + const char *passwd, /* I - Password string */ + char md5[33]) /* O - MD5 string */ + { +- unsigned char sum[16]; /* Sum data */ +- char line[256]; /* Line to sum */ +- +- +- /* +- * Compute the MD5 sum of the user name, group name, and password. +- */ ++ (void)username; ++ (void)realm; ++ (void)passwd; + +- snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd); +- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); ++ md5[0] = '\0'; + +- /* +- * Return the sum... +- */ +- +- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33)); ++ return (NULL); + } + + +@@ -52,6 +46,9 @@ httpMD5(const char *username, /* I - User name */ + * with the server-supplied nonce value, method, and + * request-uri. + * ++ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0 ++ * it produces an empty string. Please use @link cupsDoAuthentication@ instead. ++ * + * @deprecated@ + */ + +@@ -61,35 +58,22 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */ + const char *resource, /* I - Resource path */ + char md5[33]) /* IO - MD5 sum */ + { +- unsigned char sum[16]; /* Sum data */ +- char line[1024]; /* Line of data */ +- char a2[33]; /* Hash of method and resource */ +- ++ (void)nonce; ++ (void)method; ++ (void)resource; + +- /* +- * First compute the MD5 sum of the method and resource... +- */ ++ md5[0] = '\0'; + +- snprintf(line, sizeof(line), "%s:%s", method, resource); +- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); +- cupsHashString(sum, sizeof(sum), a2, sizeof(a2)); +- +- /* +- * Then combine A1 (MD5 of username, realm, and password) with the nonce +- * and A2 (method + resource) values to get the final MD5 sum for the +- * request... +- */ +- +- snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2); +- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); +- +- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33)); ++ return (NULL); + } + + + /* + * 'httpMD5String()' - Convert an MD5 sum to a character string. + * ++ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0 ++ * it produces an empty string. Please use @link cupsDoAuthentication@ instead. ++ * + * @deprecated@ + */ + +@@ -98,5 +82,9 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */ + char md5[33]) + /* O - MD5 sum in hex */ + { +- return ((char *)cupsHashString(sum, 16, md5, 33)); ++ (void)sum; ++ ++ md5[0] = '\0'; ++ ++ return (NULL); + } +-- +2.31.1 + diff --git a/cups.spec b/cups.spec index 693c63a..89193b4 100644 --- a/cups.spec +++ b/cups.spec @@ -91,6 +91,8 @@ Patch20: 0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch Patch21: 0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch # 2006715 - Trying to restart and hold a job doesn't work Patch22: cups-restart-job-hold-until.patch +# stub out httpMD5 functions +Patch23: 0001-cups-md5passwd.c-Stub-out-httpMD5-functions.patch ##### Patches removed because IMHO they aren't no longer needed ##### but still I'll leave them in git in case their removal @@ -310,6 +312,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch21 -p1 -b .banner-rawfile # 2006715 - Trying to restart and hold a job doesn't work %patch22 -p1 -b .restart-hold-job +# no httpMD5 functions +%patch23 -p1 -b .no-httpmd5 %if %{lspp} @@ -659,6 +663,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog +* Thu Nov 04 2021 Zdenek Dohnal - 1:2.3.3op2-9 +- no httpMD5 functions + * Wed Nov 03 2021 Zdenek Dohnal - 1:2.3.3op2-9 - 2018950 - Unauthenticated users can't move print jobs in Web UI - 1999957 - Printing of banner before PCL file only prints banner