Fix regression of fixing CVE-2024-35235 (upstream issue#985)

(cherry picked from commit 15f5a582b453d062f26d0cf0e6cef10a4f15488d)
2024-08-30 16:09:39 +08:00 · 2024-08-30 16:09:39 +08:00 · 1aa59514f2
commit 1aa59514f2
parent 8c8652ff4e
2 changed files with 57 additions and 1 deletions
--- a/backport-Fix-CVE-2024-35235-regression.patch
+++ b/backport-Fix-CVE-2024-35235-regression.patch
@ -0,0 +1,52 @@
+From 6131f6a73c188f3db0ec94ae488991ce80cfd7ea Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Fri, 14 Jun 2024 15:10:21 -0400
+Subject: [PATCH] Don't abort early if there are no listen sockets after
+ loading cupsd.conf (Issue #985)
+
+---
+ scheduler/conf.c |  2 +-
+ scheduler/main.c | 17 +++++++++++++++++
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index ebf8ca8ccd..34b30e56d1 100644
+--- a/scheduler/conf.c
+++ b/scheduler/conf.c
+@@ -1048,7 +1048,7 @@ cupsdReadConfiguration(void)
+   * as an error and exit!
+   */
+ 
+-  if (cupsArrayCount(Listeners) == 0)
+  if (cupsArrayCount(Listeners) == 0 && !OnDemand)
+   {
+    /*
+     * No listeners!
+diff --git a/scheduler/main.c b/scheduler/main.c
+index 4472863081..70f3159df6 100644
+--- a/scheduler/main.c
+++ b/scheduler/main.c
+@@ -2036,6 +2036,23 @@ service_checkin(void)
+     service_add_listener(fd, 0);
+   }
+ #endif /* HAVE_LAUNCHD */
+
+  if (cupsArrayCount(Listeners) == 0)
+  {
+   /*
+    * No listeners!
+    */
+
+    cupsdLogMessage(CUPSD_LOG_EMERG,
+                    "No valid Listen or Port lines were found in the "
+		    "configuration file.");
+
+   /*
+    * Commit suicide...
+    */
+
+    cupsdEndProcess(getpid(), 0);
+  }
+ }
+ 
+ 
--- a/cups.spec
+++ b/cups.spec
@ -3,7 +3,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.4.0
-Release: 11
+Release: 12
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: Apache-2.0 WITH LLVM-exception
 Url:     https://openprinting.github.io/cups/
@ -32,6 +32,7 @@ Patch6004: fix-httpAddrGetList-test-case-fail.patch
 Patch6005: backport-CVE-2023-34241.patch
 Patch6006: backport-CVE-2023-4504.patch
 Patch6007: backport-Fix-CVE-2024-35235.patch
+Patch6008: backport-Fix-CVE-2024-35235-regression.patch

 BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
 BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
@ -453,6 +454,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png

 %changelog
+* Wed Aug 14 2024 Funda Wang <fundawang@yeah.net> - 1:2.4.0-12
+- Fix regression of fixing CVE-2024-35235 (upstream issue#985)
+
 * Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.0-11
 - fix CVE-2024-35235