[cups/f16] Don't enable IP-based systemd socket activation by default (bug #842365).
Tim Waugh
twaugh at fedoraproject.org
Mon Jan 7 12:22:11 UTC 2013
commit 4dfe590c74963768ce96704f0d84fae39ba71acc
Author: Tim Waugh <twaugh at redhat.com>
Date: Tue Jul 24 16:43:58 2012 +0100
Don't enable IP-based systemd socket activation by default (bug #842365).
Resolves: rhbz#842365 rhbz#891945
(cherry picked from commit 6ef39188975c03f6132a98c8cad20ce80b3d95d9)
cups-systemd-socket.patch | 5 +----
cups.spec | 4 +++-
2 files changed, 4 insertions(+), 5 deletions(-)
---
diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch
index ed74fac..ff0e348 100644
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@@ -116,15 +116,12 @@ diff -up cups-1.5.2/data/cups.service.in.systemd-socket cups-1.5.2/data/cups.ser
diff -up cups-1.5.2/data/cups.socket.in.systemd-socket cups-1.5.2/data/cups.socket.in
--- cups-1.5.2/data/cups.socket.in.systemd-socket 2012-03-16 14:50:57.150449788 +0000
+++ cups-1.5.2/data/cups.socket.in 2012-03-16 14:50:57.150449788 +0000
-@@ -0,0 +1,11 @@
+@@ -0,0 +1,8 @@
+[Unit]
+Description=CUPS Printing Service Sockets
+
+[Socket]
+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
-+ListenStream=631
-+ListenDatagram=0.0.0.0:631
-+BindIPv6Only=ipv6-only
+
+[Install]
+WantedBy=sockets.target
diff --git a/cups.spec b/cups.spec
index 84fab23..34539cc 100644
--- a/cups.spec
+++ b/cups.spec
@@ -19,7 +19,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.5.4
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -706,6 +706,8 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Jan 4 2013 Tim Waugh <twaugh at redhat.com> 1:1.5.4-12
- Avoid misleading error message when configuration cannot be read.
+- Don't enable IP-based systemd socket activation by default
+ (bug #842365, bug #891945, CVE-2012-6094).
* Thu Dec 6 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.4-11
- Additional fix relating to CVE-2012-5519 to avoid misleading error
More information about the scm-commits
mailing list