Patch cupsd issues triggered by the CVE-2024-35235 fix

Resolves: RHEL-39940
This commit is contained in:
Pavol Žáčik 2024-06-18 12:35:41 +02:00
parent 8d18f8ed9c
commit 25f004e8a6
No known key found for this signature in database
GPG Key ID: 5B5640AB63D575DE
3 changed files with 136 additions and 3 deletions

View File

@ -0,0 +1,94 @@
diff --git a/scheduler/conf.c b/scheduler/conf.c
index c113eb3..77ce179 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
cupsdDeleteAllListeners();
+ /*
+ * Allocate Listeners array
+ */
+
+ Listeners = cupsArrayNew(NULL, NULL);
+
+ if (!Listeners)
+ {
+ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+ return (0);
+ }
+
old_remote_port = RemotePort;
RemotePort = 0;
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
}
}
- /*
- * Check that we have at least one listen/port line; if not, report this
- * as an error and exit!
- */
-
- if (cupsArrayCount(Listeners) == 0)
- {
- /*
- * No listeners!
- */
-
- cupsdLogMessage(CUPSD_LOG_EMERG,
- "No valid Listen or Port lines were found in the "
- "configuration file.");
-
- /*
- * Commit suicide...
- */
-
- cupsdEndProcess(getpid(), 0);
- }
-
/*
* Set the default locale using the language and charset...
*/
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
* Allocate another listener...
*/
- if (!Listeners)
- Listeners = cupsArrayNew(NULL, NULL);
-
- if (!Listeners)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate %s at line %d - %s.",
- line, linenum, strerror(errno));
- break;
- }
-
if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
diff --git a/scheduler/main.c b/scheduler/main.c
index a6e2c3a..b935c52 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -2113,6 +2113,21 @@ service_checkin(void)
service_add_listener(fd, 0);
}
#endif /* HAVE_LAUNCHD */
+
+ if (cupsArrayCount(Listeners) == 0)
+ {
+ /*
+ * No listeners!
+ */
+
+ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+
+ /*
+ * Commit suicide...
+ */
+
+ cupsdEndProcess(getpid(), 0);
+ }
}

View File

@ -0,0 +1,12 @@
diff --git a/scheduler/cups.socket.in b/scheduler/cups.socket.in
index 613b977a6..1deee826a 100644
--- a/scheduler/cups.socket.in
+++ b/scheduler/cups.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
+RemoveOnStop=on
[Install]
WantedBy=sockets.target

View File

@ -24,7 +24,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.3.3%{OP_VER}
Release: 27%{?dist}
Release: 28%{?dist}
License: ASL 2.0
Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -137,8 +137,19 @@ Patch40: 0001-scheduler-Fix-sending-response-headers-to-client.patch
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
# https://github.com/OpenPrinting/cups/pull/456
Patch41: 0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch
# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
Patch42: 0001-Fix-domain-socket-handling.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
Patch43: cups-socket-remove-on-stop.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
Patch44: cups-check-for-listeners.patch
##### Patches removed because IMHO they aren't no longer needed
@ -404,8 +415,19 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch40 -p1 -b .sent-headers
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
%patch41 -p1 -b .root-lpoptions
# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
%patch42 -p1 -b .cve2024-35235
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
%patch43 -p1 -b .cups-socket-remove-on-stop.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
%patch44 -p1 -b .cups-check-for-listeners.patch
%if %{lspp}
# LSPP support.
@ -840,6 +862,11 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz
%changelog
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-28
- RHEL-39940 cups: Cupsd Listen arbitrary chmod 0140777
- Delete the domain socket file after stopping the cups.socket service
- Fix cupsd Listener checks
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777