Overview

File cups-1.7.5-CVE-2025-61915.patch of Package cups.41812

--- conf/cups-files.conf.in.orig	2013-07-26 23:27:27.000000000 +0200
+++ conf/cups-files.conf.in	2025-11-25 16:17:23.999079151 +0100
@@ -20,6 +20,9 @@
 SystemGroup @CUPS_SYSTEM_GROUPS@
 @CUPS_SYSTEM_AUTHKEY@
 
+# Are Unix domain socket peer credentials used for authorization?
+PeerCred @CUPS_PEER_CRED@
+
 # User that is substituted for unauthenticated (remote) root accesses...
 #RemoteRoot remroot
 
--- config-scripts/cups-defaults.m4.orig	2012-11-26 20:37:04.000000000 +0100
+++ config-scripts/cups-defaults.m4	2025-11-25 16:23:46.566906509 +0100
@@ -77,6 +77,15 @@ AC_ARG_WITH(log_level, [  --with-log-lev
 AC_SUBST(CUPS_LOG_LEVEL)
 AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LOG_LEVEL, "$CUPS_LOG_LEVEL")
 
+dnl Default PeerCred
+AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
+    CUPS_PEER_CRED="$withval"
+], [
+    CUPS_PEER_CRED="on"
+])
+AC_SUBST([CUPS_PEER_CRED])
+AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
+
 dnl Default AccessLogLevel
 AC_ARG_WITH(access_log_level, [  --with-access-log-level set default AccessLogLevel value, default=actions],
 	CUPS_ACCESS_LOG_LEVEL="$withval",
--- config.h.in.orig	2014-02-27 16:57:59.000000000 +0100
+++ config.h.in	2025-11-25 16:26:45.304580866 +0100
@@ -90,6 +90,14 @@
 
 
 /*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+
+/*
  * Default MaxCopies value...
  */
 
--- configure.orig	2014-07-31 02:26:37.000000000 +0200
+++ configure	2025-11-25 16:33:46.252681657 +0100
@@ -626,6 +626,7 @@ CUPS_DEFAULT_SHARED
 CUPS_BROWSE_LOCAL_PROTOCOLS
 CUPS_BROWSING
 CUPS_ACCESS_LOG_LEVEL
+CUPS_PEER_CRED
 CUPS_LOG_LEVEL
 CUPS_FATAL_ERRORS
 CUPS_LOG_FILE_PERM
@@ -868,6 +869,7 @@ with_cupsd_file_perm
 with_log_file_perm
 with_fatal_errors
 with_log_level
+with_peer_cred
 with_access_log_level
 enable_browsing
 with_local_protocols
@@ -1585,6 +1587,7 @@ Optional Packages:
   --with-log-file-perm    set default LogFilePerm value, default=0644
   --with-fatal-errors     set default FatalErrors value, default=config
   --with-log-level        set default LogLevel value, default=warn
+  --with-peer-cred        set default PeerCred value (on/off/root-only), default=on
   --with-access-log-level set default AccessLogLevel value, default=actions
   --with-local-protocols  set default BrowseLocalProtocols, default=""
   --with-cups-user        set default user for CUPS
@@ -9321,6 +9324,19 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
+
+# Check whether --with-peer_cred was given.
+if test "${with_peer_cred+set}" = set; then :
+  withval=$with_peer_cred; CUPS_PEER_CRED="$withval"
+else
+  CUPS_PEER_CRED="on"
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define CUPS_DEFAULT_PEER_CRED "$CUPS_PEER_CRED"
+_ACEOF
+
+
 
 # Check whether --with-access_log_level was given.
 if test "${with_access_log_level+set}" = set; then :
--- scheduler/auth.c.orig	2025-11-25 16:12:56.952197322 +0100
+++ scheduler/auth.c	2025-11-25 16:45:56.204030691 +0100
@@ -501,7 +501,7 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
   }
 #endif /* HAVE_AUTHORIZATION_H */
 #if defined(SO_PEERCRED) && defined(AF_LOCAL)
-  else if (!strncmp(authorization, "PeerCred ", 9) &&
+  else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
            con->http.hostaddr->addr.sa_family == AF_LOCAL)
   {
    /*
@@ -546,6 +546,12 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
     }
 #endif /* HAVE_AUTHORIZATION_H */
 
+    if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || con->http.state == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
+    {
+      cupsdLogMessage(CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
+      return;
+    }
+
     if ((pwd = getpwnam(authorization + 9)) == NULL)
     {
       cupsdLogMessage(CUPSD_LOG_ERROR,
--- scheduler/auth.h.orig	2013-05-29 13:51:34.000000000 +0200
+++ scheduler/auth.h	2025-11-25 16:54:54.861414837 +0100
@@ -56,6 +56,10 @@
 #define CUPSD_AUTH_LIMIT_ALL	127	/* Limit all requests */
 #define CUPSD_AUTH_LIMIT_IPP	128	/* Limit IPP requests */
 
+#define CUPSD_PEERCRED_OFF	0	/* Don't allow PeerCred authorization */
+#define CUPSD_PEERCRED_ON	1	/* Allow PeerCred authorization for all users */
+#define CUPSD_PEERCRED_ROOTONLY	2	/* Allow PeerCred authorization for root user */
+
 #define IPP_ANY_OPERATION	(ipp_op_t)0
 					/* Any IPP operation */
 #define IPP_BAD_OPERATION	(ipp_op_t)-1
@@ -113,6 +117,9 @@ typedef struct cupsd_client_s cupsd_clie
 
 VAR cups_array_t	*Locations	VALUE(NULL);
 					/* Authorization locations */
+VAR int			PeerCred        VALUE(CUPSD_PEERCRED_ON);
+					/* Allow PeerCred authorization? */
+
 #ifdef HAVE_SSL
 VAR http_encryption_t	DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
 					/* Default encryption for authentication */
--- scheduler/conf.c.orig	2025-11-25 16:12:56.944197243 +0100
+++ scheduler/conf.c	2025-11-25 17:33:25.560574223 +0100
@@ -45,6 +45,7 @@ typedef enum
 {
   CUPSD_VARTYPE_INTEGER,		/* Integer option */
   CUPSD_VARTYPE_TIME,			/* Time interval option */
+  CUPSD_VARTYPE_NULLSTRING,		/* String option or NULL/empty string */
   CUPSD_VARTYPE_STRING,			/* String option */
   CUPSD_VARTYPE_BOOLEAN,		/* Boolean option */
   CUPSD_VARTYPE_PATHNAME		/* File/directory name option */
@@ -66,7 +67,7 @@ static const cupsd_var_t	cupsd_vars[] =
 {
   { "AutoPurgeJobs", 		&JobAutoPurge,		CUPSD_VARTYPE_BOOLEAN },
 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
-  { "BrowseDNSSDSubTypes",	&DNSSDSubTypes,		CUPSD_VARTYPE_STRING },
+  { "BrowseDNSSDSubTypes",	&DNSSDSubTypes,		CUPSD_VARTYPE_NULLSTRING },
 #endif /* HAVE_DNSSD || HAVE_AVAHI */
   { "BrowseWebIF",		&BrowseWebIF,		CUPSD_VARTYPE_BOOLEAN },
   { "Browsing",			&Browsing,		CUPSD_VARTYPE_BOOLEAN },
@@ -113,7 +114,7 @@ static const cupsd_var_t	cupsd_vars[] =
   { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter,	CUPSD_VARTYPE_INTEGER },
   { "MaxSubscriptionsPerUser",	&MaxSubscriptionsPerUser,	CUPSD_VARTYPE_INTEGER },
   { "MultipleOperationTimeout",	&MultipleOperationTimeout,	CUPSD_VARTYPE_TIME },
-  { "PageLogFormat",		&PageLogFormat,		CUPSD_VARTYPE_STRING },
+  { "PageLogFormat",		&PageLogFormat,		CUPSD_VARTYPE_NULLSTRING },
   { "PreserveJobFiles",		&JobFiles,		CUPSD_VARTYPE_TIME },
   { "PreserveJobHistory",	&JobHistory,		CUPSD_VARTYPE_TIME },
   { "ReloadTimeout",		&ReloadTimeout,		CUPSD_VARTYPE_TIME },
@@ -759,6 +760,13 @@ cupsdReadConfiguration(void)
   LaunchdTimeout = 10;
 #endif /* HAVE_LAUNCHD */
 
+  if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
+    PeerCred = CUPSD_PEERCRED_OFF;
+  else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
+    PeerCred = CUPSD_PEERCRED_ROOTONLY;
+  else
+    PeerCred = CUPSD_PEERCRED_ON;
+
  /*
   * Setup environment variables...
   */
@@ -1757,7 +1765,7 @@ get_addr_and_mask(const char *value,	/*
 
     family  = AF_INET6;
 
-    for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
+    for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
     {
       if (*ptr == ']')
         break;
@@ -1906,7 +1914,7 @@ get_addr_and_mask(const char *value,	/*
 #ifdef AF_INET6
       if (family == AF_INET6)
       {
-        if (i > 128)
+        if (i < 0 || i > 128)
 	  return (0);
 
         i = 128 - i;
@@ -1940,7 +1948,7 @@ get_addr_and_mask(const char *value,	/*
       else
 #endif /* AF_INET6 */
       {
-        if (i > 32)
+        if (i < 0 || i > 32)
 	  return (0);
 
         mask[0] = 0xffffffff;
@@ -2823,7 +2831,17 @@ parse_variable(
 	cupsdSetString((char **)var->ptr, temp);
 	break;
 
+    case CUPSD_VARTYPE_NULLSTRING :
+	cupsdSetString((char **)var->ptr, value);
+	break;
+
     case CUPSD_VARTYPE_STRING :
+	if (!value)
+	{
+	  cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
+	  return (0);
+	}
+
 	cupsdSetString((char **)var->ptr, value);
 	break;
   }
@@ -3277,9 +3295,10 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
 		      line, value ? " " : "", value ? value : "", linenum,
 		      ConfigurationFile, CupsFilesFile);
     }
-    else
-      parse_variable(ConfigurationFile, linenum, line, value,
-                     sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
+    else if (!parse_variable(ConfigurationFile, linenum, line, value,
+                             sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
+            (FatalErrors & CUPSD_FATAL_CONFIG))
+      return (0);
   }
 
   return (1);
@@ -3414,6 +3433,31 @@ read_cups_files_conf(cups_file_t *fp)	/*
            break;
       }
     }
+    else if (!_cups_strcasecmp(line, "PeerCred") && value)
+    {
+     /*
+      * PeerCred {off,on,root-only}
+      */
+
+      if (!_cups_strcasecmp(value, "off"))
+      {
+        PeerCred = CUPSD_PEERCRED_OFF;
+      }
+      else if (!_cups_strcasecmp(value, "on"))
+      {
+        PeerCred = CUPSD_PEERCRED_ON;
+      }
+      else if (!_cups_strcasecmp(value, "root-only"))
+      {
+        PeerCred = CUPSD_PEERCRED_ROOTONLY;
+      }
+      else
+      {
+       cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
+        if (FatalErrors & CUPSD_FATAL_CONFIG)
+          return (0);
+      }
+    }
     else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
     {
      /*
--- test/run-stp-tests.sh.orig	2013-11-06 21:09:03.000000000 +0100
+++ test/run-stp-tests.sh	2025-11-26 08:35:15.553308973 +0100
@@ -475,7 +475,7 @@ EOF
 
 cat >/tmp/cups-$user/cups-files.conf <<EOF
 FileDevice yes
-Printcap
+Printcap /tmp/printcap
 User $user
 ServerRoot /tmp/cups-$user
 StateDir /tmp/cups-$user
--- vcnet/config.h.orig	2013-05-29 13:51:34.000000000 +0200
+++ vcnet/config.h	2025-11-26 08:36:47.666604944 +0100
@@ -155,6 +155,13 @@
 
 
 /*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+/*
  * Default MaxCopies value...
  */
 
--- xcode/config.h.orig	2013-03-11 14:57:36.000000000 +0100
+++ xcode/config.h	2025-11-26 08:44:00.012680586 +0100
@@ -90,6 +90,13 @@
 
 
 /*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+/*
  * Default MaxCopies value...
  */
 
--- doc/help/man-cups-files.conf.html.orig	2013-07-31 20:16:09.000000000 +0200
+++ doc/help/man-cups-files.conf.html	2025-11-26 09:03:12.820827797 +0100
@@ -107,6 +107,22 @@ automatically with a list of available p
 legacy applications); specifying Printcap with no filename
 disables printcap generation.
 </dd>
+<dt>PeerCred on
+</dt>
+<dd></dd>
+<dt>PeerCred off
+</dt>
+<dd></dd>
+<dt>PeerCred root-only
+</dt>
+<dd></dd>
+<dd>Specifies whether peer credentials are used
+for authorization when communicating over the UNIX domain socket.
+When "on" (default), the peer credentials of any user are accepted for authorization.
+The value "off" disables the use of peer credentials entirely,
+while the value "root-only" allows peer credentials only for the root user.
+Note: for security reasons, the "on" setting is reduced to "root-only" for authorization of PUT requests.
+</dd>
 <dt>RemoteRoot user-name
 </dt>
 <dd></dd>
--- man/cups-files.conf.man.in.orig	2013-07-26 23:27:27.000000000 +0200
+++ man/cups-files.conf.man.in	2025-11-26 09:01:03.851026287 +0100
@@ -95,6 +95,18 @@ automatically with a list of available p
 legacy applications); specifying Printcap with no filename
 disables printcap generation.
 .TP 5
+PeerCred off
+.TP 5
+PeerCred on
+.TP 5
+PeerCred root-only
+.br
+Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When \fIon\fR, the peer credentials of any user are accepted for authorization.
+The value \fIoff\fR disables the use of peer credentials entirely,
+while the value \fIroot-only\fR allows peer credentials only for the root user.
+Note: for security reasons, the \fIon\fR setting is reduced to \fIroot-only\fR for authorization of PUT requests.
+.TP 5
 RemoteRoot user-name
 .br
 Specifies the username that is associated with unauthenticated root
openSUSE Build Service is sponsored by
Places