| Message ID | 20260101121459.7191-3-peter.marko@siemens.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | Yoann Congal |
| Headers | show |
| Series | [kirkstone,1/3] cups: patch CVE-2025-58436 | expand |
Le jeu. 1 janv. 2026 à 13:15, Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> a écrit : > From: Peter Marko <peter.marko@siemens.com> > > Patch for CVE-2025-61915 by mistake causes fatal error on unknown > directives in configuration files. > The default configuration already contains unknown directive in > non-systemd setups: > Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf > > Backport fix for this from 2.4.x branch which reverts this behavior. > Hello Peter, It looks like master needs the same patch. Can you send this there as well? Thanks! > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > meta/recipes-extended/cups/cups.inc | 1 + > ...pping-scheduler-on-unknown-directive.patch | 43 +++++++++++++++++++ > 2 files changed, 44 insertions(+) > create mode 100644 > meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > > diff --git a/meta/recipes-extended/cups/cups.inc > b/meta/recipes-extended/cups/cups.inc > index ce55a8ef6fa..f70c4e7026a 100644 > --- a/meta/recipes-extended/cups/cups.inc > +++ b/meta/recipes-extended/cups/cups.inc > @@ -29,6 +29,7 @@ SRC_URI = " > https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ > file://CVE-2025-58364.patch \ > file://CVE-2025-58436.patch \ > file://CVE-2025-61915.patch \ > + > file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \ > " > > UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" > diff --git > a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > new file mode 100644 > index 00000000000..572a8941f40 > --- /dev/null > +++ > b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > @@ -0,0 +1,43 @@ > +From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001 > +From: Zdenek Dohnal <zdohnal@redhat.com> > +Date: Thu, 4 Dec 2025 09:04:37 +0100 > +Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive > + > +Change the return value to do not trigger stopping the scheduler in case > +of unknown directive, because stopping the scheduler on config errors > +should only happen in case of syntax errors. > + > +Upstream-Status: Backport [ > https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3 > ] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + scheduler/conf.c | 14 +++++++------- > + 1 file changed, 7 insertions(+), 7 deletions(-) > + > +diff --git a/scheduler/conf.c b/scheduler/conf.c > +index 7d6da0252..0e7be0ef4 100644 > +--- a/scheduler/conf.c > ++++ b/scheduler/conf.c > +@@ -2695,16 +2695,16 @@ parse_variable( > + { > + /* > + * Unknown directive! Output an error message and continue... > ++ * > ++ * Return value 1 is on purpose - we ignore unknown directives to log > ++ * error, but do not stop the scheduler in case error in configuration > ++ * is set to be fatal. > + */ > + > +- if (!value) > +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d > of %s.", > +- line, linenum, filename); > +- else > +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d > of %s.", > +- line, linenum, filename); > ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of > %s.", > ++ line, linenum, filename); > + > +- return (0); > ++ return (1); > + } > + > + switch (var->type) > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#228819): > https://lists.openembedded.org/g/openembedded-core/message/228819 > Mute This Topic: https://lists.openembedded.org/mt/117024509/4316185 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hello Yoann, This patch is included in v2.4.16 which is the version in oe-core master. That can be verified by clicking on the patch link and seeing v2.4.16 tag. Therefore this patch cannot be applied (second time) there. Best Regards, Peter From: Yoann Congal <yoann.congal@smile.fr> Sent: Monday, January 12, 2026 11:56 To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core][kirkstone][PATCH 3/3] cups: allow unknown directives in conf files Le jeu. 1 janv. 2026 à 13:15, Peter Marko via lists.openembedded.org<http://lists.openembedded.org> <peter.marko=siemens.com@lists.openembedded.org<mailto:siemens.com@lists.openembedded.org>> a écrit : From: Peter Marko <peter.marko@siemens.com<mailto:peter.marko@siemens.com>> Patch for CVE-2025-61915 by mistake causes fatal error on unknown directives in configuration files. The default configuration already contains unknown directive in non-systemd setups: Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf Backport fix for this from 2.4.x branch which reverts this behavior. Hello Peter, It looks like master needs the same patch. Can you send this there as well? Thanks! Signed-off-by: Peter Marko <peter.marko@siemens.com<mailto:peter.marko@siemens.com>> --- meta/recipes-extended/cups/cups.inc | 1 + ...pping-scheduler-on-unknown-directive.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index ce55a8ef6fa..f70c4e7026a 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -29,6 +29,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${<https://github.com/OpenPrinting/cups/releases/download/v$%7BPV%7D/cups-$%7B> file://CVE-2025-58364.patch \ file://CVE-2025-58436.patch \ file://CVE-2025-61915.patch \ + file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch new file mode 100644 index 00000000000..572a8941f40 --- /dev/null +++ b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch @@ -0,0 +1,43 @@ +From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com<mailto:zdohnal@redhat.com>> +Date: Thu, 4 Dec 2025 09:04:37 +0100 +Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive + +Change the return value to do not trigger stopping the scheduler in case +of unknown directive, because stopping the scheduler on config errors +should only happen in case of syntax errors. + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3] +Signed-off-by: Peter Marko <peter.marko@siemens.com<mailto:peter.marko@siemens.com>> +--- + scheduler/conf.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 7d6da0252..0e7be0ef4 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -2695,16 +2695,16 @@ parse_variable( + { + /* + * Unknown directive! Output an error message and continue... ++ * ++ * Return value 1 is on purpose - we ignore unknown directives to log ++ * error, but do not stop the scheduler in case error in configuration ++ * is set to be fatal. + */ + +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", +- line, linenum, filename); +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", +- line, linenum, filename); ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", ++ line, linenum, filename); + +- return (0); ++ return (1); + } + + switch (var->type) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#228819): https://lists.openembedded.org/g/openembedded-core/message/228819 Mute This Topic: https://lists.openembedded.org/mt/117024509/4316185 Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [yoann.congal@smile.fr<mailto:yoann.congal@smile.fr>] -=-=-=-=-=-=-=-=-=-=-=- -- Yoann Congal Smile ECS
Le lun. 12 janv. 2026 à 12:04, Marko, Peter <Peter.Marko@siemens.com> a écrit : > Hello Yoann, > > > > This patch is included in v2.4.16 which is the version in oe-core master. > > That can be verified by clicking on the patch link and seeing v2.4.16 tag. > > Therefore this patch cannot be applied (second time) there. > Oh right, I missed that. All good. Thanks! > > > Best Regards, > > Peter > > > > *From:* Yoann Congal <yoann.congal@smile.fr> > *Sent:* Monday, January 12, 2026 11:56 > *To:* Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > *Cc:* openembedded-core@lists.openembedded.org > *Subject:* Re: [OE-core][kirkstone][PATCH 3/3] cups: allow unknown > directives in conf files > > > > Le jeu. 1 janv. 2026 à 13:15, Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> a écrit : > > From: Peter Marko <peter.marko@siemens.com> > > Patch for CVE-2025-61915 by mistake causes fatal error on unknown > directives in configuration files. > The default configuration already contains unknown directive in > non-systemd setups: > Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf > > Backport fix for this from 2.4.x branch which reverts this behavior. > > > > Hello Peter, > > > > It looks like master needs the same patch. > > Can you send this there as well? > > > > Thanks! > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > meta/recipes-extended/cups/cups.inc | 1 + > ...pping-scheduler-on-unknown-directive.patch | 43 +++++++++++++++++++ > 2 files changed, 44 insertions(+) > create mode 100644 > meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > > diff --git a/meta/recipes-extended/cups/cups.inc > b/meta/recipes-extended/cups/cups.inc > index ce55a8ef6fa..f70c4e7026a 100644 > --- a/meta/recipes-extended/cups/cups.inc > +++ b/meta/recipes-extended/cups/cups.inc > @@ -29,6 +29,7 @@ SRC_URI = " > https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ > file://CVE-2025-58364.patch \ > file://CVE-2025-58436.patch \ > file://CVE-2025-61915.patch \ > + > file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \ > " > > UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" > diff --git > a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > new file mode 100644 > index 00000000000..572a8941f40 > --- /dev/null > +++ > b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch > @@ -0,0 +1,43 @@ > +From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001 > +From: Zdenek Dohnal <zdohnal@redhat.com> > +Date: Thu, 4 Dec 2025 09:04:37 +0100 > +Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive > + > +Change the return value to do not trigger stopping the scheduler in case > +of unknown directive, because stopping the scheduler on config errors > +should only happen in case of syntax errors. > + > +Upstream-Status: Backport [ > https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3 > ] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + scheduler/conf.c | 14 +++++++------- > + 1 file changed, 7 insertions(+), 7 deletions(-) > + > +diff --git a/scheduler/conf.c b/scheduler/conf.c > +index 7d6da0252..0e7be0ef4 100644 > +--- a/scheduler/conf.c > ++++ b/scheduler/conf.c > +@@ -2695,16 +2695,16 @@ parse_variable( > + { > + /* > + * Unknown directive! Output an error message and continue... > ++ * > ++ * Return value 1 is on purpose - we ignore unknown directives to log > ++ * error, but do not stop the scheduler in case error in configuration > ++ * is set to be fatal. > + */ > + > +- if (!value) > +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d > of %s.", > +- line, linenum, filename); > +- else > +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d > of %s.", > +- line, linenum, filename); > ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of > %s.", > ++ line, linenum, filename); > + > +- return (0); > ++ return (1); > + } > + > + switch (var->type) > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#228819): > https://lists.openembedded.org/g/openembedded-core/message/228819 > Mute This Topic: https://lists.openembedded.org/mt/117024509/4316185 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > yoann.congal@smile.fr] > -=-=-=-=-=-=-=-=-=-=-=- > > > > -- > > Yoann Congal > > Smile ECS >
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index ce55a8ef6fa..f70c4e7026a 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -29,6 +29,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://CVE-2025-58364.patch \ file://CVE-2025-58436.patch \ file://CVE-2025-61915.patch \ + file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch new file mode 100644 index 00000000000..572a8941f40 --- /dev/null +++ b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch @@ -0,0 +1,43 @@ +From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Thu, 4 Dec 2025 09:04:37 +0100 +Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive + +Change the return value to do not trigger stopping the scheduler in case +of unknown directive, because stopping the scheduler on config errors +should only happen in case of syntax errors. + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + scheduler/conf.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 7d6da0252..0e7be0ef4 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -2695,16 +2695,16 @@ parse_variable( + { + /* + * Unknown directive! Output an error message and continue... ++ * ++ * Return value 1 is on purpose - we ignore unknown directives to log ++ * error, but do not stop the scheduler in case error in configuration ++ * is set to be fatal. + */ + +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", +- line, linenum, filename); +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", +- line, linenum, filename); ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", ++ line, linenum, filename); + +- return (0); ++ return (1); + } + + switch (var->type)