Patch cupsd issues triggered by the CVE-2024-35235 fix

Resolves: RHEL-40386

cups-check-for-listeners.patch

@@ -0,0 +1,94 @@
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index c113eb3..77ce179 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
+ 
+   cupsdDeleteAllListeners();
+ 
++ /*
++  * Allocate Listeners array
++  */
++
++  Listeners = cupsArrayNew(NULL, NULL);
++
++  if (!Listeners)
++  {
++    fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
++    return (0);
++  }
++
+   old_remote_port = RemotePort;
+   RemotePort      = 0;
+ 
+@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
+     }
+   }
+ 
+- /*
+-  * Check that we have at least one listen/port line; if not, report this
+-  * as an error and exit!
+-  */
+-
+-  if (cupsArrayCount(Listeners) == 0)
+-  {
+-   /*
+-    * No listeners!
+-    */
+-
+-    cupsdLogMessage(CUPSD_LOG_EMERG,
+-                    "No valid Listen or Port lines were found in the "
+-		    "configuration file.");
+-
+-   /*
+-    * Commit suicide...
+-    */
+-
+-    cupsdEndProcess(getpid(), 0);
+-  }
+-
+  /*
+   * Set the default locale using the language and charset...
+   */
+@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+         * Allocate another listener...
+ 	*/
+ 
+-        if (!Listeners)
+-	  Listeners = cupsArrayNew(NULL, NULL);
+-
+-	if (!Listeners)
+-	{
+-          cupsdLogMessage(CUPSD_LOG_ERROR,
+-	                  "Unable to allocate %s at line %d - %s.",
+-	                  line, linenum, strerror(errno));
+-          break;
+-	}
+-
+         if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
+ 	{
+           cupsdLogMessage(CUPSD_LOG_ERROR,
+diff --git a/scheduler/main.c b/scheduler/main.c
+index a6e2c3a..b935c52 100644
+--- a/scheduler/main.c
++++ b/scheduler/main.c
+@@ -2113,6 +2113,21 @@ service_checkin(void)
+     service_add_listener(fd, 0);
+   }
+ #endif /* HAVE_LAUNCHD */
++
++  if (cupsArrayCount(Listeners) == 0)
++  {
++   /*
++    * No listeners!
++    */
++
++    cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
++
++   /*
++    * Commit suicide...
++    */
++
++    cupsdEndProcess(getpid(), 0);
++  }
+ }

cups-socket-remove-on-stop.patch

@@ -0,0 +1,12 @@
+diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
+index 613b977a6..1deee826a 100644
+--- a/scheduler/org.cups.cupsd.socket.in
++++ b/scheduler/org.cups.cupsd.socket.in
+@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
+ 
+ [Socket]
+ ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
++RemoveOnStop=on
+ 
+ [Install]
+ WantedBy=sockets.target

cups.spec

@@ -22,7 +22,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.6
-Release: 59%{?dist}
+Release: 60%{?dist}
 License: GPLv2+ and LGPLv2 with exceptions and AML
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -170,10 +170,22 @@ Patch86: cups-preservejob-leak.patch
 Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
 # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
 Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
-# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/a436956
 Patch89: 0001-Fix-domain-socket-handling.patch
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/pull/31
 Patch90: cups-require-cups-socket.patch
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/3448c52
+Patch91: cups-socket-remove-on-stop.patch
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/7adb508
+# https://github.com/OpenPrinting/cups/commit/824f49f
+# https://github.com/OpenPrinting/cups/commit/56b9728
+# https://github.com/OpenPrinting/cups/commit/74f437b
+# https://github.com/OpenPrinting/cups/commit/fb0c914
+Patch92: cups-check-for-listeners.patch
 
 Patch1000: cups-lspp.patch
 
@@ -481,10 +493,22 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch87 -p1 -b .message-stderr
 # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
 %patch88 -p1 -b .cupsgetjobs-pollhup
-# CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/a436956
 %patch89 -p1 -b .cve2024-35235
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 # https://github.com/OpenPrinting/cups/pull/31
 %patch90 -p1 -b .cups-require-cups-socket
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/3448c52
+%patch91 -p1 -b .cups-remove-on-stop
+# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/7adb508
+# https://github.com/OpenPrinting/cups/commit/824f49f
+# https://github.com/OpenPrinting/cups/commit/56b9728
+# https://github.com/OpenPrinting/cups/commit/74f437b
+# https://github.com/OpenPrinting/cups/commit/fb0c914
+%patch92 -p1 -b .cups-check-for-listeners
 
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
 
@@ -911,6 +935,11 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com>  - 1:2.2.6-60
+- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
+- Delete the domain socket file after stopping the cups.socket service
+- Fix cupsd Listener checks
+
 * Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59
 - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
 - Require cups.socket in cupsd service file