Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,86 +0,0 @@
|
|||||||
diff --git a/cups/http-addr.c b/cups/http-addr.c
|
|
||||||
index 61c86384b..e86dcb622 100644
|
|
||||||
--- a/cups/http-addr.c
|
|
||||||
+++ b/cups/http-addr.c
|
|
||||||
@@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
|
|
||||||
{
|
|
||||||
mode_t mask; /* Umask setting */
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Remove any existing domain socket file...
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- unlink(addr->un.sun_path);
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Save the current umask and set it to 0 so that all users can access
|
|
||||||
- * the domain socket...
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- mask = umask(0);
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Bind the domain socket...
|
|
||||||
- */
|
|
||||||
+ // Remove any existing domain socket file...
|
|
||||||
+ if ((status = unlink(addr->un.sun_path)) < 0)
|
|
||||||
+ {
|
|
||||||
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
|
||||||
+ if (errno == ENOENT)
|
|
||||||
+ status = 0;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
|
|
||||||
+ if (!status)
|
|
||||||
+ {
|
|
||||||
+ // Save the current umask and set it to 0 so that all users can access
|
|
||||||
+ // the domain socket...
|
|
||||||
+ mask = umask(0);
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Restore the umask and fix permissions...
|
|
||||||
- */
|
|
||||||
+ // Bind the domain socket...
|
|
||||||
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
|
|
||||||
+ {
|
|
||||||
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- umask(mask);
|
|
||||||
- chmod(addr->un.sun_path, 0140777);
|
|
||||||
+ // Restore the umask...
|
|
||||||
+ umask(mask);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* AF_LOCAL */
|
|
||||||
diff --git a/scheduler/conf.c b/scheduler/conf.c
|
|
||||||
index bc52d2add..93de8cf77 100644
|
|
||||||
--- a/scheduler/conf.c
|
|
||||||
+++ b/scheduler/conf.c
|
|
||||||
@@ -3055,6 +3055,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
||||||
|
|
||||||
cupsd_listener_t *lis; /* New listeners array */
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * If we are launched on-demand, do not use domain sockets from the config
|
|
||||||
+ * file. Also check that the domain socket path is not too long...
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#ifdef HAVE_ONDEMAND
|
|
||||||
+ if (*value == '/' && OnDemand)
|
|
||||||
+ {
|
|
||||||
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
|
|
||||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+#endif // HAVE_ONDEMAND
|
|
||||||
+
|
|
||||||
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
|
|
||||||
+ {
|
|
||||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Get the address list...
|
|
@ -1,94 +0,0 @@
|
|||||||
diff --git a/scheduler/conf.c b/scheduler/conf.c
|
|
||||||
index c113eb3..77ce179 100644
|
|
||||||
--- a/scheduler/conf.c
|
|
||||||
+++ b/scheduler/conf.c
|
|
||||||
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
|
|
||||||
|
|
||||||
cupsdDeleteAllListeners();
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * Allocate Listeners array
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ Listeners = cupsArrayNew(NULL, NULL);
|
|
||||||
+
|
|
||||||
+ if (!Listeners)
|
|
||||||
+ {
|
|
||||||
+ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
|
|
||||||
+ return (0);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
old_remote_port = RemotePort;
|
|
||||||
RemotePort = 0;
|
|
||||||
|
|
||||||
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Check that we have at least one listen/port line; if not, report this
|
|
||||||
- * as an error and exit!
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- if (cupsArrayCount(Listeners) == 0)
|
|
||||||
- {
|
|
||||||
- /*
|
|
||||||
- * No listeners!
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- cupsdLogMessage(CUPSD_LOG_EMERG,
|
|
||||||
- "No valid Listen or Port lines were found in the "
|
|
||||||
- "configuration file.");
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Commit suicide...
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- cupsdEndProcess(getpid(), 0);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* Set the default locale using the language and charset...
|
|
||||||
*/
|
|
||||||
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
||||||
* Allocate another listener...
|
|
||||||
*/
|
|
||||||
|
|
||||||
- if (!Listeners)
|
|
||||||
- Listeners = cupsArrayNew(NULL, NULL);
|
|
||||||
-
|
|
||||||
- if (!Listeners)
|
|
||||||
- {
|
|
||||||
- cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
||||||
- "Unable to allocate %s at line %d - %s.",
|
|
||||||
- line, linenum, strerror(errno));
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
|
|
||||||
{
|
|
||||||
cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
||||||
diff --git a/scheduler/main.c b/scheduler/main.c
|
|
||||||
index a6e2c3a..b935c52 100644
|
|
||||||
--- a/scheduler/main.c
|
|
||||||
+++ b/scheduler/main.c
|
|
||||||
@@ -2113,6 +2113,21 @@ service_checkin(void)
|
|
||||||
service_add_listener(fd, 0);
|
|
||||||
}
|
|
||||||
#endif /* HAVE_LAUNCHD */
|
|
||||||
+
|
|
||||||
+ if (cupsArrayCount(Listeners) == 0)
|
|
||||||
+ {
|
|
||||||
+ /*
|
|
||||||
+ * No listeners!
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Commit suicide...
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ cupsdEndProcess(getpid(), 0);
|
|
||||||
+ }
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
|
|
||||||
index c02412fb0..18b5e0386 100644
|
|
||||||
--- a/scheduler/org.cups.cupsd.service.in
|
|
||||||
+++ b/scheduler/org.cups.cupsd.service.in
|
|
||||||
@@ -2,6 +2,7 @@
|
|
||||||
Description=CUPS Scheduler
|
|
||||||
Documentation=man:cupsd(8)
|
|
||||||
After=network.target nss-user-lookup.target
|
|
||||||
+Requires=cups.socket
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=@sbindir@/cupsd -l
|
|
@ -1,12 +0,0 @@
|
|||||||
diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
|
|
||||||
index 613b977a6..1deee826a 100644
|
|
||||||
--- a/scheduler/org.cups.cupsd.socket.in
|
|
||||||
+++ b/scheduler/org.cups.cupsd.socket.in
|
|
||||||
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
|
|
||||||
|
|
||||||
[Socket]
|
|
||||||
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
|
|
||||||
+RemoveOnStop=on
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=sockets.target
|
|
@ -22,7 +22,7 @@ Summary: CUPS printing system
|
|||||||
Name: cups
|
Name: cups
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.2.6
|
Version: 2.2.6
|
||||||
Release: 60%{?dist}
|
Release: 57%{?dist}
|
||||||
License: GPLv2+ and LGPLv2 with exceptions and AML
|
License: GPLv2+ and LGPLv2 with exceptions and AML
|
||||||
Url: http://www.cups.org/
|
Url: http://www.cups.org/
|
||||||
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
|
||||||
@ -170,22 +170,6 @@ Patch86: cups-preservejob-leak.patch
|
|||||||
Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
|
Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
|
||||||
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
|
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
|
||||||
Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
|
Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/a436956
|
|
||||||
Patch89: 0001-Fix-domain-socket-handling.patch
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/pull/31
|
|
||||||
Patch90: cups-require-cups-socket.patch
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/3448c52
|
|
||||||
Patch91: cups-socket-remove-on-stop.patch
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/7adb508
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/824f49f
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/56b9728
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/74f437b
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/fb0c914
|
|
||||||
Patch92: cups-check-for-listeners.patch
|
|
||||||
|
|
||||||
Patch1000: cups-lspp.patch
|
Patch1000: cups-lspp.patch
|
||||||
|
|
||||||
@ -493,22 +477,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
|
|||||||
%patch87 -p1 -b .message-stderr
|
%patch87 -p1 -b .message-stderr
|
||||||
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
|
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
|
||||||
%patch88 -p1 -b .cupsgetjobs-pollhup
|
%patch88 -p1 -b .cupsgetjobs-pollhup
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/a436956
|
|
||||||
%patch89 -p1 -b .cve2024-35235
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/pull/31
|
|
||||||
%patch90 -p1 -b .cups-require-cups-socket
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/3448c52
|
|
||||||
%patch91 -p1 -b .cups-remove-on-stop
|
|
||||||
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/7adb508
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/824f49f
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/56b9728
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/74f437b
|
|
||||||
# https://github.com/OpenPrinting/cups/commit/fb0c914
|
|
||||||
%patch92 -p1 -b .cups-check-for-listeners
|
|
||||||
|
|
||||||
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
|
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
|
||||||
|
|
||||||
@ -935,18 +903,6 @@ rm -f %{cups_serverbin}/backend/smb
|
|||||||
%{_mandir}/man5/ipptoolfile.5.gz
|
%{_mandir}/man5/ipptoolfile.5.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-60
|
|
||||||
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
- Delete the domain socket file after stopping the cups.socket service
|
|
||||||
- Fix cupsd Listener checks
|
|
||||||
|
|
||||||
* Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59
|
|
||||||
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
- Require cups.socket in cupsd service file
|
|
||||||
|
|
||||||
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-58
|
|
||||||
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
|
|
||||||
|
|
||||||
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57
|
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57
|
||||||
- revert RHEL-19200 - no new subpackages are needed
|
- revert RHEL-19200 - no new subpackages are needed
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user