packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix regression of fixing CVE-2024-35235 (upstream issue#985)

Browse Source 
(cherry picked from commit be911a8909ae120039e39a712140a7037a589ce4)
This commit is contained in:
Funda Wang 2024-08-30 16:07:35 +08:00 committed by openeuler-sync-bot
parent e1aaa0aa9b
commit dfad1e568c
3 changed files with 57 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
backport-Fix-CVE-2024-35235-regression.patch Normal file
View File

@ -0,0 +1,52 @@
From 6131f6a73c188f3db0ec94ae488991ce80cfd7ea Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Fri, 14 Jun 2024 15:10:21 -0400
Subject: [PATCH] Don't abort early if there are no listen sockets after
loading cupsd.conf (Issue #985)
---
scheduler/conf.c | 2 +-
scheduler/main.c | 17 +++++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/scheduler/conf.c b/scheduler/conf.c
index ebf8ca8ccd..34b30e56d1 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -1048,7 +1048,7 @@ cupsdReadConfiguration(void)
* as an error and exit!
*/
- if (cupsArrayCount(Listeners) == 0)
+ if (cupsArrayCount(Listeners) == 0 && !OnDemand)
{
/*
* No listeners!
diff --git a/scheduler/main.c b/scheduler/main.c
index 4472863081..70f3159df6 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -2036,6 +2036,23 @@ service_checkin(void)
service_add_listener(fd, 0);
}
#endif /* HAVE_LAUNCHD */
+
+ if (cupsArrayCount(Listeners) == 0)
+ {
+ /*
+ * No listeners!
+ */
+
+ cupsdLogMessage(CUPSD_LOG_EMERG,
+ "No valid Listen or Port lines were found in the "
+ "configuration file.");
+
+ /*
+ * Commit suicide...
+ */
+
+ cupsdEndProcess(getpid(), 0);
+ }
}

46
backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch
View File

@ -1,46 +0,0 @@
From ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 12 Jan 2022 08:12:24 -0500
Subject: [PATCH] Remove legacy code for RIP_MAX_CACHE environment variable
(Issue #323)
Reference:https://github.com/OpenPrinting/cups/commit/ee02b74ad03b52a5226f80dd2f551c1b565cdbb2
---
CHANGES.md | 12 +++++++++---
scheduler/job.c | 7 ++-----
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/scheduler/job.c b/scheduler/job.c
index fd69f71c9c..fbacc4cd12 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -541,10 +541,8 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
/* PRINTER_LOCATION env variable */
printer_name[255],
/* PRINTER env variable */
- *printer_state_reasons = NULL,
+ *printer_state_reasons = NULL;
/* PRINTER_STATE_REASONS env var */
- rip_max_cache[255];
- /* RIP_MAX_CACHE env variable */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -749,7 +747,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") &&
!strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw");
-
+
if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) ||
(!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1))
{
@@ -1051,7 +1049,6 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
envp[envc ++] = apple_language;
#endif /* __APPLE__ */
envp[envc ++] = ppd;
- envp[envc ++] = rip_max_cache;
envp[envc ++] = content_type;
envp[envc ++] = device_uri;
envp[envc ++] = printer_info;

6
cups.spec
View File

@ -3,7 +3,7 @@
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.4.7 Version: 2.4.7
Release: 3 Release: 4
Summary: CUPS is the standards-based, open source printing system for linux operating systems. Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: Apache-2.0 License: Apache-2.0
Url: https://openprinting.github.io/cups/ Url: https://openprinting.github.io/cups/
@ -26,6 +26,7 @@ Patch10: cups-web-devices-timeout.patch
Patch6004: fix-httpAddrGetList-test-case-fail.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch
Patch6005: backport-Fix-CVE-2024-35235.patch Patch6005: backport-Fix-CVE-2024-35235.patch
Patch6006: backport-Fix-CVE-2024-35235-regression.patch
BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
@ -448,6 +449,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png %doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog %changelog
* Wed Aug 14 2024 Funda Wang <fundawang@yeah.net> - 1:2.4.7-4
- Fix regression of fixing CVE-2024-35235 (upstream issue#985)
* Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.7-3 * Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.7-3
- fix CVE-2024-35235 - fix CVE-2024-35235