Require cups.socket in cupsd service file

Resolves: RHEL-40386

cups-require-cups-socket.patch

@@ -0,0 +1,12 @@
+diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
+index c02412fb0..18b5e0386 100644
+--- a/scheduler/org.cups.cupsd.service.in
++++ b/scheduler/org.cups.cupsd.service.in
+@@ -2,6 +2,7 @@
+ Description=CUPS Scheduler
+ Documentation=man:cupsd(8)
+ After=network.target nss-user-lookup.target
++Requires=cups.socket
+ 
+ [Service]
+ ExecStart=@sbindir@/cupsd -l

cups.spec

@@ -22,7 +22,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.6
-Release: 58%{?dist}
+Release: 59%{?dist}
 License: GPLv2+ and LGPLv2 with exceptions and AML
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -172,6 +172,8 @@ Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
 Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
 # CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 Patch89: 0001-Fix-domain-socket-handling.patch
+# https://github.com/OpenPrinting/cups/pull/31
+Patch90: cups-require-cups-socket.patch
 
 Patch1000: cups-lspp.patch
 
@@ -481,6 +483,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch88 -p1 -b .cupsgetjobs-pollhup
 # CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
 %patch89 -p1 -b .cve2024-35235
+# https://github.com/OpenPrinting/cups/pull/31
+%patch90 -p1 -b .cups-require-cups-socket
 
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
 
@@ -907,6 +911,10 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59
+- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
+- Require cups.socket in cupsd service file
+
 * Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-58
 - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777