From 55e26c5ae4e53d2891894616b77004db98e0af64 Mon Sep 17 00:00:00 2001 From: kavyasree Date: Thu, 21 Nov 2024 14:11:01 +0530 Subject: [PATCH 1/2] Fix CVE-2024-35235 --- SPECS/cups/CVE-2024-35235.patch | 96 +++++++++++++++++++++++++++++++++ SPECS/cups/cups.spec | 6 ++- 2 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 SPECS/cups/CVE-2024-35235.patch diff --git a/SPECS/cups/CVE-2024-35235.patch b/SPECS/cups/CVE-2024-35235.patch new file mode 100644 index 00000000000..8da60c5d966 --- /dev/null +++ b/SPECS/cups/CVE-2024-35235.patch @@ -0,0 +1,96 @@ +From 192f5bd1b197e577b2332d4fdc8038c6b2993d6e Mon Sep 17 00:00:00 2001 +From: kavyasree +Date: Thu, 21 Nov 2024 13:46:00 +0530 +Subject: [PATCH] Fix CVE-2024-35235 + +--- + cups/http-addr.c | 37 +++++++++++++++++++------------------ + scheduler/conf.c | 20 ++++++++++++++++++++ + 2 files changed, 39 insertions(+), 18 deletions(-) + +diff --git a/cups/http-addr.c b/cups/http-addr.c +index 8e81c6f..d65d4cc 100644 +--- a/cups/http-addr.c ++++ b/cups/http-addr.c +@@ -199,28 +199,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + /* + * Remove any existing domain socket file... + */ ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)); + +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); +- +- /* +- * Bind the domain socket... +- */ + +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (errno == ENOENT) ++ status = 0; ++ } + +- /* +- * Restore the umask and fix permissions... +- */ ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)); ++ } ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 74531a8..180ef9b 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -3071,6 +3071,26 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + cupsd_listener_t *lis; /* New listeners array */ + + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } ++ + /* + * Get the address list... + */ +-- +2.34.1 + diff --git a/SPECS/cups/cups.spec b/SPECS/cups/cups.spec index 3b8ee8fb045..9f972893ea1 100644 --- a/SPECS/cups/cups.spec +++ b/SPECS/cups/cups.spec @@ -12,7 +12,7 @@ Summary: CUPS printing system Name: cups Version: 2.3.3%{OP_VER} -Release: 8%{?dist} +Release: 9%{?dist} License: ASL 2.0 with exceptions Vendor: Microsoft Corporation Distribution: Mariner @@ -64,6 +64,7 @@ Patch14: CVE-2023-4504.patch Patch15: CVE-2023-32324.patch Patch16: CVE-2023-34241.patch Patch17: CVE-2022-26691.patch +Patch18: CVE-2024-35235.patch #### UPSTREAM PATCHES (starts with 1000) #### ##### Patches removed because IMHO they aren't no longer needed ##### but still I'll leave them in git in case their removal @@ -657,6 +658,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog +* Thu Nov 21 2024 Kavya Sree Kaitepalli - 2.3.3op2-9 +- Add patch for CVe-2024-35235 + * Tue May 21 2024 Lanze Liu - 2.3.3op2-8 - Add patch for CVE-2022-26691. From 9f60b335f40d757babc00b5642f0099427ee8650 Mon Sep 17 00:00:00 2001 From: kavyasree Date: Thu, 21 Nov 2024 14:25:58 +0530 Subject: [PATCH 2/2] Update changelog --- SPECS/cups/cups.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/cups/cups.spec b/SPECS/cups/cups.spec index 9f972893ea1..b795cba3100 100644 --- a/SPECS/cups/cups.spec +++ b/SPECS/cups/cups.spec @@ -659,7 +659,7 @@ rm -f %{cups_serverbin}/backend/smb %changelog * Thu Nov 21 2024 Kavya Sree Kaitepalli - 2.3.3op2-9 -- Add patch for CVe-2024-35235 +- Add patch for CVE-2024-35235 * Tue May 21 2024 Lanze Liu - 2.3.3op2-8 - Add patch for CVE-2022-26691.