diff --git a/backport-CVE-2024-35235.patch b/backport-CVE-2024-35235.patch new file mode 100755 index 00000000..0927cd00 --- /dev/null +++ b/backport-CVE-2024-35235.patch @@ -0,0 +1,96 @@ +From 5c3e5a3996ea2215a4ad30dea4c953e4a10a2e4d Mon Sep 17 00:00:00 2001 +From: cai-zihua +Date: Thu, 11 Jul 2024 15:25:04 +0800 +Subject: [PATCH] 2 + +Change-Id: I21ab06577dff0ce7e2fc2af8bde7ac83080c9ee8 +--- + cups-2.4.0/cups/http-addr.c | 38 ++++++++++++++++++------------------- + cups-2.4.0/scheduler/conf.c | 19 +++++++++++++++++++ + 2 files changed, 38 insertions(+), 19 deletions(-) + +diff --git a/cups-2.4.0/cups/http-addr.c b/cups-2.4.0/cups/http-addr.c +index 114a6449..c07f092f 100644 +--- a/cups-2.4.0/cups/http-addr.c ++++ b/cups-2.4.0/cups/http-addr.c +@@ -205,28 +205,28 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + /* + * Remove any existing domain socket file... + */ ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); + +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); +- +- /* +- * Bind the domain socket... +- */ +- +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (errno == ENOENT) ++ status = 0; ++ } + +- /* +- * Restore the umask and fix permissions... +- */ ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); ++ } + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/cups-2.4.0/scheduler/conf.c b/cups-2.4.0/scheduler/conf.c +index e44736b7..a5ba6cba 100644 +--- a/cups-2.4.0/scheduler/conf.c ++++ b/cups-2.4.0/scheduler/conf.c +@@ -3073,6 +3073,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + + cupsd_listener_t *lis; /* New listeners array */ + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } + + /* + * Get the address list... +-- +2.25.1 + diff --git a/cups.spec b/cups.spec old mode 100644 new mode 100755 index 71f64264..1a544c03 --- a/cups.spec +++ b/cups.spec @@ -16,7 +16,7 @@ Name: cups Epoch: 1 Version: 2.4.0 -Release: 10 +Release: 11 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 WITH LLVM-exception Url: https://openprinting.github.io/cups/ @@ -465,6 +465,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Jun 12 2024 baiguo - 1:2.4.0-11 +- fix CVE-2024-35235 + * Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 - fix CVE-2023-4504 diff --git a/install.py b/install.py index 06ad8477..96779b8f 100755 --- a/install.py +++ b/install.py @@ -47,6 +47,7 @@ def move_file(src_path, dst_path): "ohos-modify-pthread.patch", "ohos-add-openssl.patch", "backport-CVE-2023-4504.patch", + "backport-CVE-2024-35235.patch", "config.h" ] for file in files: @@ -75,6 +76,7 @@ def do_patch(target_dir): "ohos-modify-pthread.patch", "ohos-add-openssl.patch", "backport-CVE-2023-4504.patch", + "backport-CVE-2024-35235.patch", "ohos_ip_conflict.patch" ]