Projects
Mega-LLVM:24.03
cups
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:cups.spec
Changed
@@ -3,7 +3,7 @@ Name: cups Epoch: 1 Version: 2.4.7 -Release: 2 +Release: 4 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 Url: https://openprinting.github.io/cups/ @@ -25,6 +25,8 @@ Patch10: cups-web-devices-timeout.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch +Patch6005: backport-Fix-CVE-2024-35235.patch +Patch6006: backport-Fix-CVE-2024-35235-regression.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -447,6 +449,12 @@ %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Aug 14 2024 Funda Wang <fundawang@yeah.net> - 1:2.4.7-4 +- Fix regression of fixing CVE-2024-35235 (upstream issue#985) + +* Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.7-3 +- fix CVE-2024-35235 + * Tue Mar 26 2024 zhaojunfei <junfei.oerv@isrc.iscas.ac.cn> - 1:2.4.7-2 - fix pkgconfig file generating - eliminate deprecated configure parameters
View file
_service:tar_scm:backport-Fix-CVE-2024-35235-regression.patch
Added
@@ -0,0 +1,52 @@ +From 6131f6a73c188f3db0ec94ae488991ce80cfd7ea Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <msweet@msweet.org> +Date: Fri, 14 Jun 2024 15:10:21 -0400 +Subject: PATCH Don't abort early if there are no listen sockets after + loading cupsd.conf (Issue #985) + +--- + scheduler/conf.c | 2 +- + scheduler/main.c | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index ebf8ca8ccd..34b30e56d1 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -1048,7 +1048,7 @@ cupsdReadConfiguration(void) + * as an error and exit! + */ + +- if (cupsArrayCount(Listeners) == 0) ++ if (cupsArrayCount(Listeners) == 0 && !OnDemand) + { + /* + * No listeners! +diff --git a/scheduler/main.c b/scheduler/main.c +index 4472863081..70f3159df6 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -2036,6 +2036,23 @@ service_checkin(void) + service_add_listener(fd, 0); + } + #endif /* HAVE_LAUNCHD */ ++ ++ if (cupsArrayCount(Listeners) == 0) ++ { ++ /* ++ * No listeners! ++ */ ++ ++ cupsdLogMessage(CUPSD_LOG_EMERG, ++ "No valid Listen or Port lines were found in the " ++ "configuration file."); ++ ++ /* ++ * Commit suicide... ++ */ ++ ++ cupsdEndProcess(getpid(), 0); ++ } + } + +
View file
_service:tar_scm:backport-Fix-CVE-2024-35235.patch
Added
@@ -0,0 +1,95 @@ +From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Mon, 3 Jun 2024 18:53:58 +020 +Subject: PATCH Fix domain socket handling +Reference: https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2 + +--- + cups/http-addr.c | 37 +++++++++++++++++++------------------ + scheduler/conf.c | 19 +++++++++++++++++++ + 2 files changed, 38 insertions(+), 18 deletions(-) + +diff --git a/cups/http-addr.c b/cups/http-addr.c +index 254857c..29a821f 100644 +--- a/cups/http-addr.c ++++ b/cups/http-addr.c +@@ -210,27 +210,28 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + * Remove any existing domain socket file... + */ + +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); +- +- /* +- * Bind the domain socket... +- */ ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); + +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (errno == ENOENT) ++ status = 0; ++ } + +- /* +- * Restore the umask and fix permissions... +- */ ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); ++ } + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 4fa7eb1..8e54c47 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -3082,6 +3082,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + + cupsd_listener_t *lis; /* New listeners array */ + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } + + /* + * Get the address list... +-- +2.27.0 +
View file
_service:tar_scm:backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch
Deleted
@@ -1,46 +0,0 @@ -From ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Wed, 12 Jan 2022 08:12:24 -0500 -Subject: PATCH Remove legacy code for RIP_MAX_CACHE environment variable - (Issue #323) - -Reference:https://github.com/OpenPrinting/cups/commit/ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 - ---- - CHANGES.md | 12 +++++++++--- - scheduler/job.c | 7 ++----- - 2 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/scheduler/job.c b/scheduler/job.c -index fd69f71c9c..fbacc4cd12 100644 ---- a/scheduler/job.c -+++ b/scheduler/job.c -@@ -541,10 +541,8 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - /* PRINTER_LOCATION env variable */ - printer_name255, - /* PRINTER env variable */ -- *printer_state_reasons = NULL, -+ *printer_state_reasons = NULL; - /* PRINTER_STATE_REASONS env var */ -- rip_max_cache255; -- /* RIP_MAX_CACHE env variable */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -749,7 +747,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - - raw_file = !strcmp(job->filetypesjob->current_file->super, "application") && - !strcmp(job->filetypesjob->current_file->type, "vnd.cups-raw"); -- -+ - if ((job->compressionsjob->current_file && (!job->printer->remote || job->num_files == 1)) || - (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1)) - { -@@ -1051,7 +1049,6 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ - envpenvc ++ = apple_language; - #endif /* __APPLE__ */ - envpenvc ++ = ppd; -- envpenvc ++ = rip_max_cache; - envpenvc ++ = content_type; - envpenvc ++ = device_uri; - envpenvc ++ = printer_info;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2