!148 fix CVE-2024-35235
From: @baiguoguo Reviewed-by: @dou33 Signed-off-by: @dou33
This commit is contained in:
openeuler-ci-bot
Gitee
commit
00069d21c7
94
backport-Fix-CVE-2024-35235.patch
Normal file
94
backport-Fix-CVE-2024-35235.patch
Normal file
@ -0,0 +1,94 @@
|
||||
From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Mon, 3 Jun 2024 18:53:58 +020
|
||||
Subject: [PATCH] Fix domain socket handling
|
||||
Reference: https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2
|
||||
---
|
||||
cups/http-addr.c | 38 +++++++++++++++++++-------------------
|
||||
scheduler/conf.c | 19 +++++++++++++++++++
|
||||
2 files changed, 38 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/cups/http-addr.c b/cups/http-addr.c
|
||||
index 71e61f5..1905c46 100644
|
||||
--- a/cups/http-addr.c
|
||||
+++ b/cups/http-addr.c
|
||||
@@ -206,27 +206,27 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
|
||||
* Remove any existing domain socket file...
|
||||
*/
|
||||
|
||||
- unlink(addr->un.sun_path);
|
||||
-
|
||||
- /*
|
||||
- * Save the current umask and set it to 0 so that all users can access
|
||||
- * the domain socket...
|
||||
- */
|
||||
-
|
||||
- mask = umask(0);
|
||||
-
|
||||
- /*
|
||||
- * Bind the domain socket...
|
||||
- */
|
||||
-
|
||||
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
|
||||
+ if ((status = unlink(addr->un.sun_path)) < 0)
|
||||
+ {
|
||||
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
||||
+ if (errno == ENOENT)
|
||||
+ status = 0;
|
||||
+ }
|
||||
|
||||
- /*
|
||||
- * Restore the umask and fix permissions...
|
||||
- */
|
||||
+ if (!status)
|
||||
+ {
|
||||
+ // Save the current umask and set it to 0 so that all users can access
|
||||
+ // the domain socket...
|
||||
+ mask = umask(0);
|
||||
+ // Bind the domain socket...
|
||||
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
|
||||
+ {
|
||||
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
|
||||
+ }
|
||||
|
||||
- umask(mask);
|
||||
- chmod(addr->un.sun_path, 0140777);
|
||||
+ // Restore the umask...
|
||||
+ umask(mask);
|
||||
+ }
|
||||
}
|
||||
else
|
||||
#endif /* AF_LOCAL */
|
||||
diff --git a/scheduler/conf.c b/scheduler/conf.c
|
||||
index 4200b57..dc08652 100644
|
||||
--- a/scheduler/conf.c
|
||||
+++ b/scheduler/conf.c
|
||||
@@ -3103,6 +3103,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
||||
|
||||
cupsd_listener_t *lis; /* New listeners array */
|
||||
|
||||
+ /*
|
||||
+ * If we are launched on-demand, do not use domain sockets from the config
|
||||
+ * file. Also check that the domain socket path is not too long...
|
||||
+ */
|
||||
+
|
||||
+#ifdef HAVE_ONDEMAND
|
||||
+ if (*value == '/' && OnDemand)
|
||||
+ {
|
||||
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
|
||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
|
||||
+ continue;
|
||||
+ }
|
||||
+#endif // HAVE_ONDEMAND
|
||||
+
|
||||
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
|
||||
+ {
|
||||
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
|
||||
+ continue;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Get the address list...
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Name: cups
|
||||
Epoch: 1
|
||||
Version: 2.2.13
|
||||
Release: 19
|
||||
Release: 20
|
||||
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
|
||||
License: GPLv2+ and LGPLv2+ with exceptions and AML
|
||||
Url: http://www.cups.org/
|
||||
@ -43,6 +43,7 @@ Patch6005: fix-httpAddrGetList-test-case-fail.patch
|
||||
Patch6006: fix-verifying-that-history-still-exists-test-case-fail.patch
|
||||
Patch6007: backport-CVE-2023-34241.patch
|
||||
Patch6008: backport-CVE-2023-4504.patch
|
||||
Patch6009: backport-Fix-CVE-2024-35235.patch
|
||||
|
||||
Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd
|
||||
Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat
|
||||
@ -337,6 +338,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
|
||||
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
|
||||
|
||||
%changelog
|
||||
* Thu Jun 20 2024 baiguo <baiguo@kylinos.cn> - 1:2.2.13-20
|
||||
- fix CVE-2024-35235
|
||||
|
||||
* Fri Sep 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1:2.2.13-19
|
||||
- fix CVE-2023-4504
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user