Patch cupsd issues triggered by the CVE-2024-35235 fix

Resolves: RHEL-39940
2024-06-18 12:35:41 +02:00 · 2024-06-18 12:35:41 +02:00 · 25f004e8a6
commit 25f004e8a6
parent 8d18f8ed9c
3 changed files with 136 additions and 3 deletions
--- a/cups-check-for-listeners.patch
+++ b/cups-check-for-listeners.patch
@ -0,0 +1,94 @@
 diff --git a/scheduler/conf.c b/scheduler/conf.c
 index c113eb3..77ce179 100644
 --- a/scheduler/conf.c
 +++ b/scheduler/conf.c
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
   cupsdDeleteAllListeners();
 + /*
 +  * Allocate Listeners array
 +  */
 +
 +  Listeners = cupsArrayNew(NULL, NULL);
 +
 +  if (!Listeners)
 +  {
 +    fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
 +    return (0);
 +  }
 +
   old_remote_port = RemotePort;
   RemotePort      = 0;
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
     }
   }
 - /*
 -  * Check that we have at least one listen/port line; if not, report this
 -  * as an error and exit!
 -  */
 -
 -  if (cupsArrayCount(Listeners) == 0)
 -  {
 -   /*
 -    * No listeners!
 -    */
 -
 -    cupsdLogMessage(CUPSD_LOG_EMERG,
 -                    "No valid Listen or Port lines were found in the "
 -		    "configuration file.");
 -
 -   /*
 -    * Commit suicide...
 -    */
 -
 -    cupsdEndProcess(getpid(), 0);
 -  }
 -
  /*
   * Set the default locale using the language and charset...
   */
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
         * Allocate another listener...
 	*/
 -        if (!Listeners)
 -	  Listeners = cupsArrayNew(NULL, NULL);
 -
 -	if (!Listeners)
 -	{
 -          cupsdLogMessage(CUPSD_LOG_ERROR,
 -	                  "Unable to allocate %s at line %d - %s.",
 -	                  line, linenum, strerror(errno));
 -          break;
 -	}
 -
         if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
 	{
           cupsdLogMessage(CUPSD_LOG_ERROR,
 diff --git a/scheduler/main.c b/scheduler/main.c
 index a6e2c3a..b935c52 100644
 --- a/scheduler/main.c
 +++ b/scheduler/main.c
@@ -2113,6 +2113,21 @@ service_checkin(void)
     service_add_listener(fd, 0);
   }
 #endif /* HAVE_LAUNCHD */
 +
 +  if (cupsArrayCount(Listeners) == 0)
 +  {
 +   /*
 +    * No listeners!
 +    */
 +
 +    cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
 +
 +   /*
 +    * Commit suicide...
 +    */
 +
 +    cupsdEndProcess(getpid(), 0);
 +  }
 }
--- a/cups-socket-remove-on-stop.patch
+++ b/cups-socket-remove-on-stop.patch
@ -0,0 +1,12 @@
 diff --git a/scheduler/cups.socket.in b/scheduler/cups.socket.in
 index 613b977a6..1deee826a 100644
 --- a/scheduler/cups.socket.in
 +++ b/scheduler/cups.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
 [Socket]
 ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
 +RemoveOnStop=on
 [Install]
 WantedBy=sockets.target
--- a/cups.spec
+++ b/cups.spec
@ -24,7 +24,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 27%{?dist}
+Release: 28%{?dist}
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -137,8 +137,19 @@ Patch40: 0001-scheduler-Fix-sending-response-headers-to-client.patch
 # RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
 # https://github.com/OpenPrinting/cups/pull/456
 Patch41: 0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch
-# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/a436956
 Patch42: 0001-Fix-domain-socket-handling.patch
 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/3448c52
 Patch43: cups-socket-remove-on-stop.patch
 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/7adb508
 # https://github.com/OpenPrinting/cups/commit/824f49f
 # https://github.com/OpenPrinting/cups/commit/56b9728
 # https://github.com/OpenPrinting/cups/commit/74f437b
 # https://github.com/OpenPrinting/cups/commit/fb0c914
 Patch44: cups-check-for-listeners.patch
 ##### Patches removed because IMHO they aren't no longer needed
@ -404,8 +415,19 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch40 -p1 -b .sent-headers
 # RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
 %patch41 -p1 -b .root-lpoptions
-# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/a436956
 %patch42 -p1 -b .cve2024-35235
 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/3448c52
 %patch43 -p1 -b .cups-socket-remove-on-stop.patch
 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/commit/7adb508
 # https://github.com/OpenPrinting/cups/commit/824f49f
 # https://github.com/OpenPrinting/cups/commit/56b9728
 # https://github.com/OpenPrinting/cups/commit/74f437b
 # https://github.com/OpenPrinting/cups/commit/fb0c914
 %patch44 -p1 -b .cups-check-for-listeners.patch
 %if %{lspp}
 # LSPP support.
@ -840,6 +862,11 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz
 %changelog
 * Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-28
 - RHEL-39940 cups: Cupsd Listen arbitrary chmod 0140777
 - Delete the domain socket file after stopping the cups.socket service
 - Fix cupsd Listener checks
 * Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27
 - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777