Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
I know, I am rather late, but while preparing a new version of cups for
unstable, I found an upstream regression for the latest fix of
CVE-2024-35235. Four other commits are needed as well when cups only uses
a domain socket for communication.
In unstable I got #1073852 and #1074074, so this seems to be a valid use
case.
Thorsten
PS. to maybe quicken things, I already uploaded the package
diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog 2024-06-11 19:33:32.000000000 +0200
+++ cups-2.3.3op2/debian/changelog 2024-06-25 22:16:49.000000000 +0200
@@ -1,3 +1,10 @@
+cups (2.3.3op2-3+deb11u8) bullseye; urgency=medium
+
+ * fix regression of CVE-2024-35235 in case only domain sockets
+ are used
+
+ -- Thorsten Alteholz <deb...@alteholz.de> Tue, 25 Jun 2024 22:16:49 +0200
+
cups (2.3.3op2-3+deb11u7) bullseye; urgency=medium
* CVE-2024-35235 (Closes: #1073002)
diff -Nru cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch
cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch
--- cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch
1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch
2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,47 @@
+commit 7adb50839710f908af11a2f0a7d4b7aa506af2b8
+Author: Michael R Sweet <msw...@msweet.org>
+Date: Fri Jun 14 15:09:41 2024 -0400
+
+ Don't abort early if there are no listen sockets after loading cupsd.conf
(Issue #985)
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c 2024-06-26 14:29:33.834864098
+0200
++++ cups-2.3.3op2/scheduler/conf.c 2024-06-26 14:29:33.834864098 +0200
+@@ -1063,7 +1063,7 @@
+ * as an error and exit!
+ */
+
+- if (cupsArrayCount(Listeners) == 0)
++ if (cupsArrayCount(Listeners) == 0 && !OnDemand)
+ {
+ /*
+ * No listeners!
+Index: cups-2.3.3op2/scheduler/main.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/main.c 2024-06-26 14:29:33.834864098
+0200
++++ cups-2.3.3op2/scheduler/main.c 2024-06-26 14:29:33.834864098 +0200
+@@ -2040,6 +2040,23 @@
+ service_add_listener(fd, 0);
+ }
+ #endif /* HAVE_LAUNCHD */
++
++ if (cupsArrayCount(Listeners) == 0)
++ {
++ /*
++ * No listeners!
++ */
++
++ cupsdLogMessage(CUPSD_LOG_EMERG,
++ "No valid Listen or Port lines were found in the "
++ "configuration file.");
++
++ /*
++ * Commit suicide...
++ */
++
++ cupsdEndProcess(getpid(), 0);
++ }
+ }
+
+
diff -Nru cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch
cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch
--- cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch
1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch
2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,22 @@
+commit 824f49f24d6babc2c02215ee6303fee7ce6a553a
+Author: Michael R Sweet <msw...@msweet.org>
+Date: Fri Jun 14 15:16:11 2024 -0400
+
+ Fix builds without on-demand support.
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c 2024-06-26 16:08:52.549951772
+0200
++++ cups-2.3.3op2/scheduler/conf.c 2024-06-26 16:08:52.545951766 +0200
+@@ -1063,7 +1063,11 @@
+ * as an error and exit!
+ */
+
++#ifdef HAVE_ONDEMAND
+ if (cupsArrayCount(Listeners) == 0 && !OnDemand)
++#else
++ if (cupsArrayCount(Listeners) == 0)
++#endif // HAVE_ONDEMAND
+ {
+ /*
+ * No listeners!
diff -Nru cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch
cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch
--- cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch
1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch
2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,102 @@
+commit 74f437b7d20be44bacbbbc792da69ff9c82dfe8f
+Author: Zdenek Dohnal <zdoh...@redhat.com>
+Date: Tue Jun 18 10:43:30 2024 +0200
+
+ scheduler: Fix cupsd activated on-demand via socket
+
+ If only the expected cups.sock is set as listener in cupsd.conf, the
+ array Listeners was NULL. To prevent copying the code, do the array
+ allocation earlier and have only one check for Listeners, in
+ service_checkin() which is run every time cupsd starts.
+
+ Fixes #985
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c 2024-06-28 16:22:55.876537369
+0200
++++ cups-2.3.3op2/scheduler/conf.c 2024-06-28 16:22:55.876537369 +0200
+@@ -563,6 +563,18 @@
+
+ cupsdDeleteAllListeners();
+
++ /*
++ * Allocate array Listeners
++ */
++
++ Listeners = cupsArrayNew(NULL, NULL);
++
++ if (!Listeners)
++ {
++ fprintf(stderr, "Unable to allocate memory for array Listeners.");
++ return (0);
++ }
++
+ old_remote_port = RemotePort;
+ RemotePort = 0;
+
+@@ -1059,32 +1071,6 @@
+ }
+
+ /*
+- * Check that we have at least one listen/port line; if not, report this
+- * as an error and exit!
+- */
+-
+-#ifdef HAVE_ONDEMAND
+- if (cupsArrayCount(Listeners) == 0 && !OnDemand)
+-#else
+- if (cupsArrayCount(Listeners) == 0)
+-#endif // HAVE_ONDEMAND
+- {
+- /*
+- * No listeners!
+- */
+-
+- cupsdLogMessage(CUPSD_LOG_EMERG,
+- "No valid Listen or Port lines were found in the "
+- "configuration file.");
+-
+- /*
+- * Commit suicide...
+- */
+-
+- cupsdEndProcess(getpid(), 0);
+- }
+-
+- /*
+ * Set the default locale using the language and charset...
+ */
+
+@@ -3145,17 +3131,6 @@
+ * Allocate another listener...
+ */
+
+- if (!Listeners)
+- Listeners = cupsArrayNew(NULL, NULL);
+-
+- if (!Listeners)
+- {
+- cupsdLogMessage(CUPSD_LOG_ERROR,
+- "Unable to allocate %s at line %d - %s.",
+- line, linenum, strerror(errno));
+- break;
+- }
+-
+ if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+Index: cups-2.3.3op2/scheduler/main.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/main.c 2024-06-28 16:22:55.876537369
+0200
++++ cups-2.3.3op2/scheduler/main.c 2024-06-28 16:22:55.876537369 +0200
+@@ -2047,9 +2047,7 @@
+ * No listeners!
+ */
+
+- cupsdLogMessage(CUPSD_LOG_EMERG,
+- "No valid Listen or Port lines were found in the "
+- "configuration file.");
++ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+
+ /*
+ * Commit suicide...
diff -Nru cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch
cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch
--- cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch
1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch
2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,19 @@
+commit fb0c914e0d998e23d1ec24c4213fb35c7a931594
+Author: Zdenek Dohnal <zdoh...@redhat.com>
+Date: Tue Jun 18 10:50:51 2024 +0200
+
+ conf.c: Add newline to fprintf
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c 2024-06-28 16:23:01.192542610
+0200
++++ cups-2.3.3op2/scheduler/conf.c 2024-06-28 16:23:01.188542606 +0200
+@@ -571,7 +571,7 @@
+
+ if (!Listeners)
+ {
+- fprintf(stderr, "Unable to allocate memory for array Listeners.");
++ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+ return (0);
+ }
+
diff -Nru cups-2.3.3op2/debian/patches/series
cups-2.3.3op2/debian/patches/series
--- cups-2.3.3op2/debian/patches/series 2024-06-11 13:15:04.000000000 +0200
+++ cups-2.3.3op2/debian/patches/series 2024-06-25 22:16:49.000000000 +0200
@@ -19,3 +19,7 @@
0019-CVE-2023-32360.patch
0020-CVE-2023-4504.patch
0021-CVE-2024-35235.patch
+0022-CVE-2024-35235-regression1.patch
+0023-CVE-2024-35235-regression2.patch
+0024-CVE-2024-35235-regression3.patch
+0025-CVE-2024-35235-regression4.patch
