From 1aa59514f2978b7367dc1fcfb2c7214d9d4e9ae5 Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Fri, 30 Aug 2024 16:09:39 +0800 Subject: [PATCH] Fix regression of fixing CVE-2024-35235 (upstream issue#985) (cherry picked from commit 15f5a582b453d062f26d0cf0e6cef10a4f15488d) --- backport-Fix-CVE-2024-35235-regression.patch | 52 ++++++++++++++++++++ cups.spec | 6 ++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-CVE-2024-35235-regression.patch diff --git a/backport-Fix-CVE-2024-35235-regression.patch b/backport-Fix-CVE-2024-35235-regression.patch new file mode 100644 index 0000000..9482e7e --- /dev/null +++ b/backport-Fix-CVE-2024-35235-regression.patch @@ -0,0 +1,52 @@ +From 6131f6a73c188f3db0ec94ae488991ce80cfd7ea Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Fri, 14 Jun 2024 15:10:21 -0400 +Subject: [PATCH] Don't abort early if there are no listen sockets after + loading cupsd.conf (Issue #985) + +--- + scheduler/conf.c | 2 +- + scheduler/main.c | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index ebf8ca8ccd..34b30e56d1 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -1048,7 +1048,7 @@ cupsdReadConfiguration(void) + * as an error and exit! + */ + +- if (cupsArrayCount(Listeners) == 0) ++ if (cupsArrayCount(Listeners) == 0 && !OnDemand) + { + /* + * No listeners! +diff --git a/scheduler/main.c b/scheduler/main.c +index 4472863081..70f3159df6 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -2036,6 +2036,23 @@ service_checkin(void) + service_add_listener(fd, 0); + } + #endif /* HAVE_LAUNCHD */ ++ ++ if (cupsArrayCount(Listeners) == 0) ++ { ++ /* ++ * No listeners! ++ */ ++ ++ cupsdLogMessage(CUPSD_LOG_EMERG, ++ "No valid Listen or Port lines were found in the " ++ "configuration file."); ++ ++ /* ++ * Commit suicide... ++ */ ++ ++ cupsdEndProcess(getpid(), 0); ++ } + } + + diff --git a/cups.spec b/cups.spec index 6030e10..7bd7faa 100644 --- a/cups.spec +++ b/cups.spec @@ -3,7 +3,7 @@ Name: cups Epoch: 1 Version: 2.4.0 -Release: 11 +Release: 12 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 WITH LLVM-exception Url: https://openprinting.github.io/cups/ @@ -32,6 +32,7 @@ Patch6004: fix-httpAddrGetList-test-case-fail.patch Patch6005: backport-CVE-2023-34241.patch Patch6006: backport-CVE-2023-4504.patch Patch6007: backport-Fix-CVE-2024-35235.patch +Patch6008: backport-Fix-CVE-2024-35235-regression.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -453,6 +454,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Aug 14 2024 Funda Wang - 1:2.4.0-12 +- Fix regression of fixing CVE-2024-35235 (upstream issue#985) + * Wed Jun 12 2024 baiguo - 1:2.4.0-11 - fix CVE-2024-35235 -- Gitee