[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1074438: marked as done (bullseye-pu: cups/2.3.3op2-3+deb11u8)

Your message dated Sat, 31 Aug 2024 12:30:55 +0100
with message-id <27c418b1a49ffc566f1b9635359e59f6a742be26.camel@adam-barratt.org.uk>
and subject line Closing bugs for 11.11
has caused the Debian Bug report #1074438,
regarding bullseye-pu: cups/2.3.3op2-3+deb11u8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1074438: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074438
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
I know, I am rather late, but while preparing a new version of cups for unstable, I found an upstream regression for the latest fix of CVE-2024-35235. Four other commits are needed as well when cups only uses a domain socket for communication. In unstable I got #1073852 and #1074074, so this seems to be a valid use case. 


  Thorsten

PS. to maybe quicken things, I already uploaded the package


diff -Nru cups-2.3.3op2/debian/changelog cups-2.3.3op2/debian/changelog
--- cups-2.3.3op2/debian/changelog	2024-06-11 19:33:32.000000000 +0200
+++ cups-2.3.3op2/debian/changelog	2024-06-25 22:16:49.000000000 +0200
@@ -1,3 +1,10 @@
+cups (2.3.3op2-3+deb11u8) bullseye; urgency=medium
+
+  * fix regression of CVE-2024-35235 in case only domain sockets
+    are used
+
+ -- Thorsten Alteholz <debian@alteholz.de>  Tue, 25 Jun 2024 22:16:49 +0200
+
 cups (2.3.3op2-3+deb11u7) bullseye; urgency=medium
 
   * CVE-2024-35235 (Closes: #1073002)
diff -Nru cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch
--- cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0022-CVE-2024-35235-regression1.patch	2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,47 @@
+commit 7adb50839710f908af11a2f0a7d4b7aa506af2b8
+Author: Michael R Sweet <msweet@msweet.org>
+Date:   Fri Jun 14 15:09:41 2024 -0400
+
+    Don't abort early if there are no listen sockets after loading cupsd.conf (Issue #985)
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c	2024-06-26 14:29:33.834864098 +0200
++++ cups-2.3.3op2/scheduler/conf.c	2024-06-26 14:29:33.834864098 +0200
+@@ -1063,7 +1063,7 @@
+   * as an error and exit!
+   */
+ 
+-  if (cupsArrayCount(Listeners) == 0)
++  if (cupsArrayCount(Listeners) == 0 && !OnDemand)
+   {
+    /*
+     * No listeners!
+Index: cups-2.3.3op2/scheduler/main.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/main.c	2024-06-26 14:29:33.834864098 +0200
++++ cups-2.3.3op2/scheduler/main.c	2024-06-26 14:29:33.834864098 +0200
+@@ -2040,6 +2040,23 @@
+     service_add_listener(fd, 0);
+   }
+ #endif /* HAVE_LAUNCHD */
++
++  if (cupsArrayCount(Listeners) == 0)
++  {
++   /*
++    * No listeners!
++    */
++
++    cupsdLogMessage(CUPSD_LOG_EMERG,
++                    "No valid Listen or Port lines were found in the "
++		    "configuration file.");
++
++   /*
++    * Commit suicide...
++    */
++
++    cupsdEndProcess(getpid(), 0);
++  }
+ }
+ 
+ 
diff -Nru cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch
--- cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0023-CVE-2024-35235-regression2.patch	2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,22 @@
+commit 824f49f24d6babc2c02215ee6303fee7ce6a553a
+Author: Michael R Sweet <msweet@msweet.org>
+Date:   Fri Jun 14 15:16:11 2024 -0400
+
+    Fix builds without on-demand support.
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c	2024-06-26 16:08:52.549951772 +0200
++++ cups-2.3.3op2/scheduler/conf.c	2024-06-26 16:08:52.545951766 +0200
+@@ -1063,7 +1063,11 @@
+   * as an error and exit!
+   */
+ 
++#ifdef HAVE_ONDEMAND
+   if (cupsArrayCount(Listeners) == 0 && !OnDemand)
++#else
++  if (cupsArrayCount(Listeners) == 0)
++#endif // HAVE_ONDEMAND
+   {
+    /*
+     * No listeners!
diff -Nru cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch
--- cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0024-CVE-2024-35235-regression3.patch	2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,102 @@
+commit 74f437b7d20be44bacbbbc792da69ff9c82dfe8f
+Author: Zdenek Dohnal <zdohnal@redhat.com>
+Date:   Tue Jun 18 10:43:30 2024 +0200
+
+    scheduler: Fix cupsd activated on-demand via socket
+    
+    If only the expected cups.sock is set as listener in cupsd.conf, the
+    array Listeners was NULL. To prevent copying the code, do the array
+    allocation earlier and have only one check for Listeners, in
+    service_checkin() which is run every time cupsd starts.
+    
+    Fixes #985
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c	2024-06-28 16:22:55.876537369 +0200
++++ cups-2.3.3op2/scheduler/conf.c	2024-06-28 16:22:55.876537369 +0200
+@@ -563,6 +563,18 @@
+ 
+   cupsdDeleteAllListeners();
+ 
++ /*
++  * Allocate array Listeners
++  */
++
++  Listeners = cupsArrayNew(NULL, NULL);
++
++  if (!Listeners)
++  {
++    fprintf(stderr, "Unable to allocate memory for array Listeners.");
++    return (0);
++  }
++
+   old_remote_port = RemotePort;
+   RemotePort      = 0;
+ 
+@@ -1059,32 +1071,6 @@
+   }
+ 
+  /*
+-  * Check that we have at least one listen/port line; if not, report this
+-  * as an error and exit!
+-  */
+-
+-#ifdef HAVE_ONDEMAND
+-  if (cupsArrayCount(Listeners) == 0 && !OnDemand)
+-#else
+-  if (cupsArrayCount(Listeners) == 0)
+-#endif // HAVE_ONDEMAND
+-  {
+-   /*
+-    * No listeners!
+-    */
+-
+-    cupsdLogMessage(CUPSD_LOG_EMERG,
+-                    "No valid Listen or Port lines were found in the "
+-		    "configuration file.");
+-
+-   /*
+-    * Commit suicide...
+-    */
+-
+-    cupsdEndProcess(getpid(), 0);
+-  }
+-
+- /*
+   * Set the default locale using the language and charset...
+   */
+ 
+@@ -3145,17 +3131,6 @@
+         * Allocate another listener...
+ 	*/
+ 
+-        if (!Listeners)
+-	  Listeners = cupsArrayNew(NULL, NULL);
+-
+-	if (!Listeners)
+-	{
+-          cupsdLogMessage(CUPSD_LOG_ERROR,
+-	                  "Unable to allocate %s at line %d - %s.",
+-	                  line, linenum, strerror(errno));
+-          break;
+-	}
+-
+         if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
+ 	{
+           cupsdLogMessage(CUPSD_LOG_ERROR,
+Index: cups-2.3.3op2/scheduler/main.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/main.c	2024-06-28 16:22:55.876537369 +0200
++++ cups-2.3.3op2/scheduler/main.c	2024-06-28 16:22:55.876537369 +0200
+@@ -2047,9 +2047,7 @@
+     * No listeners!
+     */
+ 
+-    cupsdLogMessage(CUPSD_LOG_EMERG,
+-                    "No valid Listen or Port lines were found in the "
+-		    "configuration file.");
++    cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+ 
+    /*
+     * Commit suicide...
diff -Nru cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch
--- cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch	1970-01-01 01:00:00.000000000 +0100
+++ cups-2.3.3op2/debian/patches/0025-CVE-2024-35235-regression4.patch	2024-06-25 22:16:49.000000000 +0200
@@ -0,0 +1,19 @@
+commit fb0c914e0d998e23d1ec24c4213fb35c7a931594
+Author: Zdenek Dohnal <zdohnal@redhat.com>
+Date:   Tue Jun 18 10:50:51 2024 +0200
+
+    conf.c: Add newline to fprintf
+
+Index: cups-2.3.3op2/scheduler/conf.c
+===================================================================
+--- cups-2.3.3op2.orig/scheduler/conf.c	2024-06-28 16:23:01.192542610 +0200
++++ cups-2.3.3op2/scheduler/conf.c	2024-06-28 16:23:01.188542606 +0200
+@@ -571,7 +571,7 @@
+ 
+   if (!Listeners)
+   {
+-    fprintf(stderr, "Unable to allocate memory for array Listeners.");
++    fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+     return (0);
+   }
+ 
diff -Nru cups-2.3.3op2/debian/patches/series cups-2.3.3op2/debian/patches/series
--- cups-2.3.3op2/debian/patches/series	2024-06-11 13:15:04.000000000 +0200
+++ cups-2.3.3op2/debian/patches/series	2024-06-25 22:16:49.000000000 +0200
@@ -19,3 +19,7 @@
 0019-CVE-2023-32360.patch
 0020-CVE-2023-4504.patch
 0021-CVE-2024-35235.patch
+0022-CVE-2024-35235-regression1.patch
+0023-CVE-2024-35235-regression2.patch
+0024-CVE-2024-35235-regression3.patch
+0025-CVE-2024-35235-regression4.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.11

Hi,

Each of these bugs relates to an update including in today's final
bullseye 11.11 point release.

Regards,

Adam

--- End Message ---
Reply to: