fix CVE-2024-35235 Signed-off-by:caizihua1@huawei.com

Signed-off-by: cai-zihua <caizihua1@huawei.com>
2024-11-23 01:49:57 +00:00 · 2024-07-11 16:50:34 +08:00 · 2024-07-11 16:50:34 +08:00 · 7ac0f782dc
commit 7ac0f782dc
parent 01a284e3d8
3 changed files with 102 additions and 1 deletions
--- a/backport-CVE-2024-35235.patch
+++ b/backport-CVE-2024-35235.patch
@ -0,0 +1,96 @@
+From 5c3e5a3996ea2215a4ad30dea4c953e4a10a2e4d Mon Sep 17 00:00:00 2001
+From: cai-zihua <caizihua1@huawei.com>
+Date: Thu, 11 Jul 2024 15:25:04 +0800
+Subject: [PATCH] 2
+
+Change-Id: I21ab06577dff0ce7e2fc2af8bde7ac83080c9ee8
+---
+ cups-2.4.0/cups/http-addr.c | 38 ++++++++++++++++++-------------------
+ cups-2.4.0/scheduler/conf.c | 19 +++++++++++++++++++
+ 2 files changed, 38 insertions(+), 19 deletions(-)
+
+diff --git a/cups-2.4.0/cups/http-addr.c b/cups-2.4.0/cups/http-addr.c
+index 114a6449..c07f092f 100644
+--- a/cups-2.4.0/cups/http-addr.c
+++ b/cups-2.4.0/cups/http-addr.c
+@@ -205,28 +205,28 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
+    /*
+     * Remove any existing domain socket file...
+     */
+    if ((status = unlink(addr->un.sun_path)) < 0)
+    {
+      DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ 
+-    unlink(addr->un.sun_path);
+-
+-   /*
+-    * Save the current umask and set it to 0 so that all users can access
+-    * the domain socket...
+-    */
+-
+-    mask = umask(0);
+-
+-   /*
+-    * Bind the domain socket...
+-    */
+-
+-    status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
+      if (errno == ENOENT)
+	      status = 0;
+    }
+ 
+-   /*
+-    * Restore the umask and fix permissions...
+-    */
+    if (!status)
+    {
+      // Save the current umask and set it to 0 so that all users can access
+      // the domain socket...
+      mask = umask(0);
+      // Bind the domain socket...
+      if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
+      {
+	      DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
+      }
+ 
+-    umask(mask);
+-    chmod(addr->un.sun_path, 0140777);
+      // Restore the umask...
+      umask(mask);
+    }
+   }
+   else
+ #endif /* AF_LOCAL */
+diff --git a/cups-2.4.0/scheduler/conf.c b/cups-2.4.0/scheduler/conf.c
+index e44736b7..a5ba6cba 100644
+--- a/cups-2.4.0/scheduler/conf.c
+++ b/cups-2.4.0/scheduler/conf.c
+@@ -3073,6 +3073,25 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+ 
+       cupsd_listener_t	*lis;		/* New listeners array */
+ 
+     /*
+      * If we are launched on-demand, do not use domain sockets from the config
+      * file.  Also check that the domain socket path is not too long...
+      */
+
+#ifdef HAVE_ONDEMAND
+      if (*value == '/' && OnDemand)
+      {
+        if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
+          cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
+        continue;
+      }
+#endif // HAVE_ONDEMAND
+
+      if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
+      {
+        cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
+        continue;
+      }
+ 
+      /*
+       * Get the address list...
+-- 
+2.25.1
+
--- a/cups.spec
+++ b/cups.spec
@ -16,7 +16,7 @@
 Name:    cups
 Epoch:   1
 Version: 2.4.0
-Release: 10
+Release: 11
 Summary: CUPS is the standards-based, open source printing system for linux operating systems.
 License: Apache-2.0 WITH LLVM-exception
 Url:     https://openprinting.github.io/cups/
@ -465,6 +465,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
 %doc %{_datadir}/%{name}/www/apple-touch-icon.png

 %changelog
+* Wed Jun 12 2024 baiguo <baiguo@kylinos.cn> - 1:2.4.0-11
+- fix CVE-2024-35235
+
 * Fri Sep 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1:2.4.0-10
 - fix CVE-2023-4504

--- a/install.py
+++ b/install.py
@ -47,6 +47,7 @@ def move_file(src_path, dst_path):
        "ohos-modify-pthread.patch",
        "ohos-add-openssl.patch",
        "backport-CVE-2023-4504.patch",
+        "backport-CVE-2024-35235.patch",
        "config.h"
    ]
    for file in files:
@ -75,6 +76,7 @@ def do_patch(target_dir):
        "ohos-modify-pthread.patch",
        "ohos-add-openssl.patch",
        "backport-CVE-2023-4504.patch",
+        "backport-CVE-2024-35235.patch",
        "ohos_ip_conflict.patch"
    ]