Fix CVE-2024-35235 for cups :2.0

SPECS/cups/CVE-2024-35235.patch

@@ -0,0 +1,96 @@
+From 192f5bd1b197e577b2332d4fdc8038c6b2993d6e Mon Sep 17 00:00:00 2001
+From: kavyasree <[email protected]>
+Date: Thu, 21 Nov 2024 13:46:00 +0530
+Subject: [PATCH] Fix CVE-2024-35235
+
+---
+ cups/http-addr.c | 37 +++++++++++++++++++------------------
+ scheduler/conf.c | 20 ++++++++++++++++++++
+ 2 files changed, 39 insertions(+), 18 deletions(-)
+
+diff --git a/cups/http-addr.c b/cups/http-addr.c
+index 8e81c6f..d65d4cc 100644
+--- a/cups/http-addr.c
++++ b/cups/http-addr.c
+@@ -199,28 +199,29 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
+    /*
+     * Remove any existing domain socket file...
+     */
++    if ((status = unlink(addr->un.sun_path)) < 0)
++    {
++      DEBUG_printf("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno));
+
+-    unlink(addr->un.sun_path);
+-
+-   /*
+-    * Save the current umask and set it to 0 so that all users can access
+-    * the domain socket...
+-    */
+-
+-    mask = umask(0);
+-
+-   /*
+-    * Bind the domain socket...
+-    */
+
+-    status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
++   if (errno == ENOENT)
++	status = 0;
++    }
+
+-   /*
+-    * Restore the umask and fix permissions...
+-    */
++    if (!status)
++    {
++      // Save the current umask and set it to 0 so that all users can access
++      // the domain socket...
++      mask = umask(0);
+
+-    umask(mask);
+-    chmod(addr->un.sun_path, 0140777);
++    // Bind the domain socket...
++      if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
++      {
++	DEBUG_printf("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno));
++      }
++      // Restore the umask...
++      umask(mask);
++    }
+   }
+   else
+ #endif /* AF_LOCAL */
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index 74531a8..180ef9b 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -3071,6 +3071,26 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+       cupsd_listener_t	*lis;		/* New listeners array */
+
+
++     /*
++      * If we are launched on-demand, do not use domain sockets from the config
++      * file.  Also check that the domain socket path is not too long...
++      */
++
++#ifdef HAVE_ONDEMAND
++      if (*value == '/' && OnDemand)
++      {
++        if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
++          cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
++        continue;
++      }
++#endif // HAVE_ONDEMAND
++
++      if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
++      {
++        cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
++        continue;
++      }
++
+      /*
+       * Get the address list...
+       */
+-- 
+2.34.1
+

SPECS/cups/cups.spec

@@ -12,7 +12,7 @@
 Summary:        CUPS printing system
 Name:           cups
 Version:        2.3.3%{OP_VER}
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        ASL 2.0 with exceptions
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -64,6 +64,7 @@ Patch14:        CVE-2023-4504.patch
 Patch15:        CVE-2023-32324.patch
 Patch16:        CVE-2023-34241.patch
 Patch17:        CVE-2022-26691.patch
+Patch18:	CVE-2024-35235.patch
 #### UPSTREAM PATCHES (starts with 1000) ####
 ##### Patches removed because IMHO they aren't no longer needed
 ##### but still I'll leave them in git in case their removal
@@ -657,6 +658,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz
 
 %changelog
+* Thu Nov 21 2024 Kavya Sree Kaitepalli <[email protected]> - 2.3.3op2-9
+- Add patch for CVE-2024-35235
+
 * Tue May 21 2024 Lanze Liu <[email protected]> - 2.3.3op2-8
 - Add patch for CVE-2022-26691.