[cups/f16] Don't enable IP-based systemd socket activation by default (bug #842365).

Tim Waugh twaugh at fedoraproject.org
Mon Jan 7 12:22:11 UTC 2013 

commit 4dfe590c74963768ce96704f0d84fae39ba71acc
Author: Tim Waugh <twaugh at redhat.com>
Date:   Tue Jul 24 16:43:58 2012 +0100

    Don't enable IP-based systemd socket activation by default (bug #842365).
    
    Resolves: rhbz#842365 rhbz#891945
    (cherry picked from commit 6ef39188975c03f6132a98c8cad20ce80b3d95d9)

 cups-systemd-socket.patch |    5 +----
 cups.spec                 |    4 +++-
 2 files changed, 4 insertions(+), 5 deletions(-)
---
diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch
index ed74fac..ff0e348 100644
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@@ -116,15 +116,12 @@ diff -up cups-1.5.2/data/cups.service.in.systemd-socket cups-1.5.2/data/cups.ser
 diff -up cups-1.5.2/data/cups.socket.in.systemd-socket cups-1.5.2/data/cups.socket.in
 --- cups-1.5.2/data/cups.socket.in.systemd-socket	2012-03-16 14:50:57.150449788 +0000
 +++ cups-1.5.2/data/cups.socket.in	2012-03-16 14:50:57.150449788 +0000
-@@ -0,0 +1,11 @@
+@@ -0,0 +1,8 @@
 +[Unit]
 +Description=CUPS Printing Service Sockets
 +
 +[Socket]
 +ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
-+ListenStream=631
-+ListenDatagram=0.0.0.0:631
-+BindIPv6Only=ipv6-only
 +
 +[Install]
 +WantedBy=sockets.target
diff --git a/cups.spec b/cups.spec
index 84fab23..34539cc 100644
--- a/cups.spec
+++ b/cups.spec
@@ -19,7 +19,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.5.4
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -706,6 +706,8 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Fri Jan  4 2013 Tim Waugh <twaugh at redhat.com> 1:1.5.4-12
 - Avoid misleading error message when configuration cannot be read.
+- Don't enable IP-based systemd socket activation by default
+  (bug #842365, bug #891945, CVE-2012-6094).
 
 * Thu Dec  6 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.4-11
 - Additional fix relating to CVE-2012-5519 to avoid misleading error

More information about the scm-commits mailing list