diff --git a/backport-Fix-CVE-2024-35235-regression.patch b/backport-Fix-CVE-2024-35235-regression.patch new file mode 100644 index 0000000000000000000000000000000000000000..9482e7ef7a28a2495f124fc662f45fcbf0626f40 --- /dev/null +++ b/backport-Fix-CVE-2024-35235-regression.patch @@ -0,0 +1,52 @@ +From 6131f6a73c188f3db0ec94ae488991ce80cfd7ea Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Fri, 14 Jun 2024 15:10:21 -0400 +Subject: [PATCH] Don't abort early if there are no listen sockets after + loading cupsd.conf (Issue #985) + +--- + scheduler/conf.c | 2 +- + scheduler/main.c | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index ebf8ca8ccd..34b30e56d1 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -1048,7 +1048,7 @@ cupsdReadConfiguration(void) + * as an error and exit! + */ + +- if (cupsArrayCount(Listeners) == 0) ++ if (cupsArrayCount(Listeners) == 0 && !OnDemand) + { + /* + * No listeners! +diff --git a/scheduler/main.c b/scheduler/main.c +index 4472863081..70f3159df6 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -2036,6 +2036,23 @@ service_checkin(void) + service_add_listener(fd, 0); + } + #endif /* HAVE_LAUNCHD */ ++ ++ if (cupsArrayCount(Listeners) == 0) ++ { ++ /* ++ * No listeners! ++ */ ++ ++ cupsdLogMessage(CUPSD_LOG_EMERG, ++ "No valid Listen or Port lines were found in the " ++ "configuration file."); ++ ++ /* ++ * Commit suicide... ++ */ ++ ++ cupsdEndProcess(getpid(), 0); ++ } + } + + diff --git a/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch b/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch deleted file mode 100644 index 6179fe9e104016562f0264c141d162d61a10d4a4..0000000000000000000000000000000000000000 --- a/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch +++ /dev/null @@ -1,46 +0,0 @@ -From ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Wed, 12 Jan 2022 08:12:24 -0500 -Subject: [PATCH] Remove legacy code for RIP_MAX_CACHE environment variable - (Issue #323) - -Reference:https://github.com/OpenPrinting/cups/commit/ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 - ---- - CHANGES.md | 12 +++++++++--- - scheduler/job.c | 7 ++----- - 2 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/scheduler/job.c b/scheduler/job.c -index fd69f71c9c..fbacc4cd12 100644 ---- a/scheduler/job.c -+++ b/scheduler/job.c -@@ -541,10 +541,8 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - /* PRINTER_LOCATION env variable */ - printer_name[255], - /* PRINTER env variable */ -- *printer_state_reasons = NULL, -+ *printer_state_reasons = NULL; - /* PRINTER_STATE_REASONS env var */ -- rip_max_cache[255]; -- /* RIP_MAX_CACHE env variable */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -749,7 +747,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - - raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") && - !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw"); -- -+ - if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) || - (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1)) - { -@@ -1051,7 +1049,6 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - envp[envc ++] = apple_language; - #endif /* __APPLE__ */ - envp[envc ++] = ppd; -- envp[envc ++] = rip_max_cache; - envp[envc ++] = content_type; - envp[envc ++] = device_uri; - envp[envc ++] = printer_info; diff --git a/cups.spec b/cups.spec index 87edc039ea56e2727ff61eba470182d0ae921d20..63ca877597401f34e3f41c43e3d03f90b2acac99 100644 --- a/cups.spec +++ b/cups.spec @@ -3,7 +3,7 @@ Name: cups Epoch: 1 Version: 2.4.7 -Release: 3 +Release: 4 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 Url: https://openprinting.github.io/cups/ @@ -26,6 +26,7 @@ Patch10: cups-web-devices-timeout.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch Patch6005: backport-Fix-CVE-2024-35235.patch +Patch6006: backport-Fix-CVE-2024-35235-regression.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -448,6 +449,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Aug 14 2024 Funda Wang - 1:2.4.7-4 +- Fix regression of fixing CVE-2024-35235 (upstream issue#985) + * Wed Jun 12 2024 baiguo - 1:2.4.7-3 - fix CVE-2024-35235