cups 2.4.11: Fix CVE-2025-61915

Upstream Repository: https://github.com/OpenPrinting/cups.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61915 Type: Security Fix CVE: CVE-2025-61915 Score: 6.7 Patch: https://github.com/OpenPrinting/cups/commit/db8d560262c2 (From OE-Core rev: ca252aac4e50b7ed8864bf7482a86fe7129e737e) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepak Rathore <deeratho@cisco.com> 2025-12-12 07:14:16 -0800
committer: Steve Sakoman <steve@sakoman.com> 2025-12-31 07:49:31 -0800
commit: 85e5f0fa1e4a1fa1549d9544f69ae3afbc747266 (patch)
tree: dfe4cf9e4f9e2a01b31cd04578c025fe15e4bef9 /meta
parent: 15a18fae405a4cb261401042bc513c0df9129205 (diff)
download: poky-85e5f0fa1e4a1fa1549d9544f69ae3afbc747266.tar.gz
2 files changed, 492 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index cf3df32306..12668ca023 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -18,6 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
           file://CVE-2025-58060.patch \
           file://CVE-2025-58364.patch \
           file://CVE-2025-58436.patch \
+           file://CVE-2025-61915.patch \
           "
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2025-61915.patch b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch
new file mode 100644
index 0000000000..ad91c66b73
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch
@@ -0,0 +1,491 @@
+From 3ff24bbe1d0e11a2edb5cac0ae421b8e95220651 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 21 Nov 2025 07:36:36 +0100
+Subject: [PATCH] Fix various issues in cupsd
+Various issues were found by @SilverPlate3, recognized as CVE-2025-61915:
+- out of bound write when handling IPv6 addresses,
+- cupsd crash caused by null dereference when ErrorPolicy value is empty,
+On the top of that, Mike Sweet noticed vulnerability via domain socket,
+exploitable locally if attacker has access to domain socket and knows username
+of user within a group which is present in CUPS system groups:
+- rewrite of cupsd.conf via PeerCred authorization via domain socket
+The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf,
+which controls whether PeerCred is enabled/disabled for user in CUPS system groups.
+Fixes CVE-2025-61915
+CVE: CVE-2025-61915
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/db8d560262c2]
+(cherry picked from commit db8d560262c22a21ee1e55dfd62fa98d9359bcb0)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ conf/cups-files.conf.in              |  3 ++
+ config-scripts/cups-defaults.m4      |  9 +++++
+ config.h.in                          |  7 ++++
+ configure                            | 22 ++++++++++
+ doc/help/man-cups-files.conf.html    |  9 ++++-
+ man/cups-files.conf.5                | 17 ++++++--
+ scheduler/auth.c                     |  8 +++-
+ scheduler/auth.h                     |  7 ++++
+ scheduler/client.c                   |  2 +-
+ scheduler/conf.c                     | 60 ++++++++++++++++++++++++----
+ test/run-stp-tests.sh                |  2 +-
+ vcnet/config.h                       |  7 ++++
+ xcode/CUPS.xcodeproj/project.pbxproj |  2 -
+ xcode/config.h                       |  7 ++++
+ 14 files changed, 145 insertions(+), 17 deletions(-)
+diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in
+index 27d8be96f..bc999e420 100644
+--- a/conf/cups-files.conf.in
+++ b/conf/cups-files.conf.in
+@@ -22,6 +22,9 @@
+ SystemGroup @CUPS_SYSTEM_GROUPS@
+ @CUPS_SYSTEM_AUTHKEY@
+# Are Unix domain socket peer credentials used for authorization?
+PeerCred @CUPS_PEER_CRED@
+
+ # User that is substituted for unauthenticated (remote) root accesses...
+ #RemoteRoot remroot
+diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4
+index 27e5bc472..b4f03d624 100644
+--- a/config-scripts/cups-defaults.m4
+++ b/config-scripts/cups-defaults.m4
+@@ -129,6 +129,15 @@ AC_ARG_WITH([log_level], AS_HELP_STRING([--with-log-level], [set default LogLeve
+ AC_SUBST([CUPS_LOG_LEVEL])
+ AC_DEFINE_UNQUOTED([CUPS_DEFAULT_LOG_LEVEL], ["$CUPS_LOG_LEVEL"], [Default LogLevel value.])
+dnl Default PeerCred
+AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
+    CUPS_PEER_CRED="$withval"
+], [
+    CUPS_PEER_CRED="on"
+])
+AC_SUBST([CUPS_PEER_CRED])
+AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
+
+ dnl Default AccessLogLevel
+ AC_ARG_WITH(access_log_level, [  --with-access-log-level set default AccessLogLevel value, default=none],
+        CUPS_ACCESS_LOG_LEVEL="$withval",
+diff --git a/config.h.in b/config.h.in
+index 6940b9604..222b3b5bf 100644
+--- a/config.h.in
+++ b/config.h.in
+@@ -86,6 +86,13 @@
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+ /*
+  * Default MaxCopies value...
+  */
+diff --git a/configure b/configure
+index f8147c9d6..f456c8588 100755
+--- a/configure
+++ b/configure
+@@ -672,6 +672,7 @@ CUPS_BROWSING
+ CUPS_SYNC_ON_CLOSE
+ CUPS_PAGE_LOG_FORMAT
+ CUPS_ACCESS_LOG_LEVEL
+CUPS_PEER_CRED
+ CUPS_LOG_LEVEL
+ CUPS_FATAL_ERRORS
+ CUPS_ERROR_POLICY
+@@ -925,6 +926,7 @@ with_max_log_size
+ with_error_policy
+ with_fatal_errors
+ with_log_level
+with_peer_cred
+ with_access_log_level
+ enable_page_logging
+ enable_sync_on_close
+@@ -1661,6 +1663,8 @@ Optional Packages:
+   --with-error-policy     set default ErrorPolicy value, default=stop-printer
+   --with-fatal-errors     set default FatalErrors value, default=config
+   --with-log-level        set default LogLevel value, default=warn
+  --with-peer-cred        set default PeerCred value (on/off/root-only),
+                          default=on
+   --with-access-log-level set default AccessLogLevel value, default=none
+   --with-local-protocols  set default BrowseLocalProtocols, default=""
+   --with-cups-user        set default user for CUPS
+@@ -11718,6 +11722,24 @@ printf "%s\n" "#define CUPS_DEFAULT_LOG_LEVEL \"$CUPS_LOG_LEVEL\"" >>confdefs.h
+# Check whether --with-peer_cred was given.
+if test ${with_peer_cred+y}
+then :
+  withval=$with_peer_cred;
+    CUPS_PEER_CRED="$withval"
+
+else $as_nop
+
+    CUPS_PEER_CRED="on"
+
+fi
+
+
+
+printf "%s\n" "#define CUPS_DEFAULT_PEER_CRED \"$CUPS_PEER_CRED\"" >>confdefs.h
+
+
+
+ # Check whether --with-access_log_level was given.
+ if test ${with_access_log_level+y}
+ then :
+diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html
+index c0c775dec..5a9ddefeb 100644
+--- a/doc/help/man-cups-files.conf.html
+++ b/doc/help/man-cups-files.conf.html
+@@ -119,6 +119,13 @@ The default is "/var/log/cups/page_log".
+ <dt><a name="PassEnv"></a><b>PassEnv </b><i>variable </i>[ ... <i>variable </i>]
+ <dd style="margin-left: 5.0em">Passes the specified environment variable(s) to child processes.
+ Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
+<dt><a name="PeerCred"></a><b>PeerCred off</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred on</b>
+<dd style="margin-left: 5.0em"><dt><b>PeerCred root-only</b>
+<dd style="margin-left: 5.0em">Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When <b>on</b>, the peer credentials of any user are accepted for authorization.
+The value <b>off</b> disables the use of peer credentials entirely, while the value <b>root-only</b> allows peer credentials only for the root user.
+Note: for security reasons, the <b>on</b> setting is reduced to <b>root-only</b> for authorization of PUT requests.
+ <dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
+ <dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
+ The default is "remroot".
+@@ -207,7 +214,7 @@ command is used instead.
+ <a href="man-subscriptions.conf.html?TOPIC=Man+Pages"><b>subscriptions.conf</b>(5),</a>
+ CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
+ <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
+-Copyright &copy; 2020-2023 by OpenPrinting.
+Copyright &copy; 2020-2025 by OpenPrinting.
+ </body>
+ </html>
+diff --git a/man/cups-files.conf.5 b/man/cups-files.conf.5
+index 8358b62a1..107072c3c 100644
+--- a/man/cups-files.conf.5
+++ b/man/cups-files.conf.5
+@@ -1,14 +1,14 @@
+ .\"
+ .\" cups-files.conf man page for CUPS.
+ .\"
+-.\" Copyright © 2020-2024 by OpenPrinting.
+.\" Copyright © 2020-2025 by OpenPrinting.
+ .\" Copyright © 2007-2019 by Apple Inc.
+ .\" Copyright © 1997-2006 by Easy Software Products.
+ .\"
+ .\" Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ .\" information.
+ .\"
+-.TH cups-files.conf 5 "CUPS" "2021-03-06" "OpenPrinting"
+.TH cups-files.conf 5 "CUPS" "2025-10-08" "OpenPrinting"
+ .SH NAME
+ cups\-files.conf \- file and directory configuration file for cups
+ .SH DESCRIPTION
+@@ -166,6 +166,17 @@ The default is "/var/log/cups/page_log".
+ \fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
+ Passes the specified environment variable(s) to child processes.
+ Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
+.\"#PeerCred
+.TP 5
+\fBPeerCred off\fR
+.TP 5
+\fBPeerCred on\fR
+.TP 5
+\fBPeerCred root-only\fR
+Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
+When \fBon\fR, the peer credentials of any user are accepted for authorization.
+The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user.
+Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests.
+ .\"#RemoteRoot
+ .TP 5
+ \fBRemoteRoot \fIusername\fR
+@@ -289,4 +300,4 @@ command is used instead.
+ .BR subscriptions.conf (5),
+ CUPS Online Help (http://localhost:631/help)
+ .SH COPYRIGHT
+-Copyright \[co] 2020-2024 by OpenPrinting.
+Copyright \[co] 2020-2025 by OpenPrinting.
+diff --git a/scheduler/auth.c b/scheduler/auth.c
+index 3c9aa72aa..bd0d28a0e 100644
+--- a/scheduler/auth.c
+++ b/scheduler/auth.c
+@@ -398,7 +398,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+   }
+ #endif /* HAVE_AUTHORIZATION_H */
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+-  else if (!strncmp(authorization, "PeerCred ", 9) &&
+  else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
+            con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
+   {
+    /*
+@@ -441,6 +441,12 @@ cupsdAuthorize(cupsd_client_t *con)        /* I - Client connection */
+     }
+ #endif /* HAVE_AUTHORIZATION_H */
+    if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
+    {
+      cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
+      return;
+    }
+
+     if ((pwd = getpwnam(authorization + 9)) == NULL)
+     {
+       cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9);
+diff --git a/scheduler/auth.h b/scheduler/auth.h
+index ee98e92c7..fdf71213f 100644
+--- a/scheduler/auth.h
+++ b/scheduler/auth.h
+@@ -50,6 +50,10 @@
+ #define CUPSD_AUTH_LIMIT_ALL   127     /* Limit all requests */
+ #define CUPSD_AUTH_LIMIT_IPP   128     /* Limit IPP requests */
+#define CUPSD_PEERCRED_OFF     0       /* Don't allow PeerCred authorization */
+#define CUPSD_PEERCRED_ON      1       /* Allow PeerCred authorization for all users */
+#define CUPSD_PEERCRED_ROOTONLY        2       /* Allow PeerCred authorization for root user */
+
+ #define IPP_ANY_OPERATION      (ipp_op_t)0
+                                        /* Any IPP operation */
+ #define IPP_BAD_OPERATION      (ipp_op_t)-1
+@@ -105,6 +109,9 @@ typedef struct
+ VAR cups_array_t       *Locations      VALUE(NULL);
+                                        /* Authorization locations */
+VAR int                        PeerCred        VALUE(CUPSD_PEERCRED_ON);
+                                       /* Allow PeerCred authorization? */
+
+ #ifdef HAVE_TLS
+ VAR http_encryption_t  DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
+                                        /* Default encryption for authentication */
+diff --git a/scheduler/client.c b/scheduler/client.c
+index d495d9a75..81db4aa52 100644
+--- a/scheduler/client.c
+++ b/scheduler/client.c
+@@ -2204,7 +2204,7 @@ cupsdSendHeader(
+       auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str);
+ #if defined(SO_PEERCRED) && defined(AF_LOCAL)
+-      if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+      if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+       {
+         strlcpy(auth_key, ", PeerCred", auth_size);
+         auth_key += 10;
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index 3184d72f0..6accf0590 100644
+--- a/scheduler/conf.c
+++ b/scheduler/conf.c
+@@ -47,6 +47,7 @@ typedef enum
+ {
+   CUPSD_VARTYPE_INTEGER,               /* Integer option */
+   CUPSD_VARTYPE_TIME,                  /* Time interval option */
+  CUPSD_VARTYPE_NULLSTRING,            /* String option or NULL/empty string */
+   CUPSD_VARTYPE_STRING,                        /* String option */
+   CUPSD_VARTYPE_BOOLEAN,               /* Boolean option */
+   CUPSD_VARTYPE_PATHNAME,              /* File/directory name option */
+@@ -69,7 +70,7 @@ static const cupsd_var_t      cupsd_vars[] =
+ {
+   { "AutoPurgeJobs",           &JobAutoPurge,          CUPSD_VARTYPE_BOOLEAN },
+ #ifdef HAVE_DNSSD
+-  { "BrowseDNSSDSubTypes",     &DNSSDSubTypes,         CUPSD_VARTYPE_STRING },
+  { "BrowseDNSSDSubTypes",     &DNSSDSubTypes,         CUPSD_VARTYPE_NULLSTRING },
+ #endif /* HAVE_DNSSD */
+   { "BrowseWebIF",             &BrowseWebIF,           CUPSD_VARTYPE_BOOLEAN },
+   { "Browsing",                        &Browsing,              CUPSD_VARTYPE_BOOLEAN },
+@@ -120,7 +121,7 @@ static const cupsd_var_t    cupsd_vars[] =
+   { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter,  CUPSD_VARTYPE_INTEGER },
+   { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser,       CUPSD_VARTYPE_INTEGER },
+   { "MultipleOperationTimeout",        &MultipleOperationTimeout,      CUPSD_VARTYPE_TIME },
+-  { "PageLogFormat",           &PageLogFormat,         CUPSD_VARTYPE_STRING },
+  { "PageLogFormat",           &PageLogFormat,         CUPSD_VARTYPE_NULLSTRING },
+   { "PreserveJobFiles",                &JobFiles,              CUPSD_VARTYPE_TIME },
+   { "PreserveJobHistory",      &JobHistory,            CUPSD_VARTYPE_TIME },
+   { "ReloadTimeout",           &ReloadTimeout,         CUPSD_VARTYPE_TIME },
+@@ -791,6 +792,13 @@ cupsdReadConfiguration(void)
+   IdleExitTimeout = 60;
+ #endif /* HAVE_ONDEMAND */
+  if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
+    PeerCred = CUPSD_PEERCRED_OFF;
+  else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
+    PeerCred = CUPSD_PEERCRED_ROOTONLY;
+  else
+    PeerCred = CUPSD_PEERCRED_ON;
+
+  /*
+   * Setup environment variables...
+   */
+@@ -1831,7 +1839,7 @@ get_addr_and_mask(const char *value,      /* I - String from config file */
+     family  = AF_INET6;
+-    for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
+    for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
+     {
+       if (*ptr == ']')
+         break;
+@@ -1977,7 +1985,7 @@ get_addr_and_mask(const char *value,      /* I - String from config file */
+ #ifdef AF_INET6
+       if (family == AF_INET6)
+       {
+-        if (i > 128)
+        if (i < 0 || i > 128)
+          return (0);
+         i = 128 - i;
+@@ -2011,7 +2019,7 @@ get_addr_and_mask(const char *value,      /* I - String from config file */
+       else
+ #endif /* AF_INET6 */
+       {
+-        if (i > 32)
+        if (i < 0 || i > 32)
+          return (0);
+         mask[0] = 0xffffffff;
+@@ -2921,7 +2929,17 @@ parse_variable(
+        cupsdSetString((char **)var->ptr, temp);
+        break;
+    case CUPSD_VARTYPE_NULLSTRING :
+       cupsdSetString((char **)var->ptr, value);
+       break;
+
+     case CUPSD_VARTYPE_STRING :
+        if (!value)
+        {
+         cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
+         return (0);
+        }
+
+        cupsdSetString((char **)var->ptr, value);
+        break;
+   }
+@@ -3436,9 +3454,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
+                      line, value ? " " : "", value ? value : "", linenum,
+                      ConfigurationFile, CupsFilesFile);
+     }
+-    else
+-      parse_variable(ConfigurationFile, linenum, line, value,
+-                     sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
+    else if (!parse_variable(ConfigurationFile, linenum, line, value,
+                            sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
+            (FatalErrors & CUPSD_FATAL_CONFIG))
+      return (0);
+   }
+   return (1);
+@@ -3597,6 +3616,31 @@ read_cups_files_conf(cups_file_t *fp)    /* I - File to read from */
+            break;
+       }
+     }
+    else if (!_cups_strcasecmp(line, "PeerCred") && value)
+    {
+     /*
+      * PeerCred {off,on,root-only}
+      */
+
+      if (!_cups_strcasecmp(value, "off"))
+      {
+        PeerCred = CUPSD_PEERCRED_OFF;
+      }
+      else if (!_cups_strcasecmp(value, "on"))
+      {
+        PeerCred = CUPSD_PEERCRED_ON;
+      }
+      else if (!_cups_strcasecmp(value, "root-only"))
+      {
+        PeerCred = CUPSD_PEERCRED_ROOTONLY;
+      }
+      else
+      {
+       cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
+        if (FatalErrors & CUPSD_FATAL_CONFIG)
+          return (0);
+      }
+    }
+     else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
+     {
+      /*
+diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
+index 39b53c3e4..2089f7944 100755
+--- a/test/run-stp-tests.sh
+++ b/test/run-stp-tests.sh
+@@ -512,7 +512,7 @@ fi
+ cat >$BASE/cups-files.conf <<EOF
+ FileDevice yes
+-Printcap
+Printcap $BASE/printcap
+ User $user
+ ServerRoot $BASE
+ StateDir $BASE
+diff --git a/vcnet/config.h b/vcnet/config.h
+index 7fc459217..76f5adbb7 100644
+--- a/vcnet/config.h
+++ b/vcnet/config.h
+@@ -169,6 +169,13 @@ typedef unsigned long useconds_t;
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+ /*
+  * Default MaxCopies value...
+  */
+diff --git a/xcode/CUPS.xcodeproj/project.pbxproj b/xcode/CUPS.xcodeproj/project.pbxproj
+index 597946440..54ac652a1 100644
+--- a/xcode/CUPS.xcodeproj/project.pbxproj
+++ b/xcode/CUPS.xcodeproj/project.pbxproj
+@@ -3433,7 +3433,6 @@
+                72220FB313330BCE00FCA411 /* mime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = mime.c; path = ../scheduler/mime.c; sourceTree = "<group>"; };
+                72220FB413330BCE00FCA411 /* mime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mime.h; path = ../scheduler/mime.h; sourceTree = "<group>"; };
+                72220FB513330BCE00FCA411 /* type.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = type.c; path = ../scheduler/type.c; sourceTree = "<group>"; };
+-               7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "org.cups.cups-lpd.plist"; path = "../scheduler/org.cups.cups-lpd.plist"; sourceTree = SOURCE_ROOT; };
+                7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = org.cups.cupsd.plist; path = ../scheduler/org.cups.cupsd.plist; sourceTree = SOURCE_ROOT; };
+                7226369D18AE73BB004ED309 /* config.h.in */ = {isa = PBXFileReference; lastKnownFileType = text; name = config.h.in; path = ../config.h.in; sourceTree = "<group>"; };
+                722A24EE2178D00C000CAB20 /* debug-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "debug-internal.h"; path = "../cups/debug-internal.h"; sourceTree = "<group>"; };
+@@ -5055,7 +5054,6 @@
+                        isa = PBXGroup;
+                        children = (
+                                72E65BDC18DC852700097E89 /* Makefile */,
+-                               7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */,
+                                72E65BD518DC818400097E89 /* org.cups.cups-lpd.plist.in */,
+                                7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */,
+                                72220F6913330B0C00FCA411 /* auth.c */,
+diff --git a/xcode/config.h b/xcode/config.h
+index e4a63f69d..366da777e 100644
+--- a/xcode/config.h
+++ b/xcode/config.h
+@@ -88,6 +88,13 @@
+ #define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
+/*
+ * Default PeerCred value...
+ */
+
+#define CUPS_DEFAULT_PEER_CRED "on"
+
+
+ /*
+  * Default MaxCopies value...
+  */
+--
+2.44.1
author	Deepak Rathore <deeratho@cisco.com>	2025-12-12 07:14:16 -0800
committer	Steve Sakoman <steve@sakoman.com>	2025-12-31 07:49:31 -0800
commit	85e5f0fa1e4a1fa1549d9544f69ae3afbc747266 (patch)
tree	dfe4cf9e4f9e2a01b31cd04578c025fe15e4bef9 /meta
parent	15a18fae405a4cb261401042bc513c0df9129205 (diff)
download	poky-85e5f0fa1e4a1fa1549d9544f69ae3afbc747266.tar.gz

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index cf3df32306..12668ca023 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc
@@ -18,6 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
18	file://CVE-2025-58060.patch \	18	file://CVE-2025-58060.patch \
19	file://CVE-2025-58364.patch \	19	file://CVE-2025-58364.patch \
20	file://CVE-2025-58436.patch \	20	file://CVE-2025-58436.patch \
		21	file://CVE-2025-61915.patch \
21	"	22	"
22		23
23	GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"	24	GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"


diff --git a/meta/recipes-extended/cups/cups/CVE-2025-61915.patch b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch new file mode 100644 index 0000000000..ad91c66b73 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch
@@ -0,0 +1,491 @@
		1	From 3ff24bbe1d0e11a2edb5cac0ae421b8e95220651 Mon Sep 17 00:00:00 2001
		2	From: Zdenek Dohnal <zdohnal@redhat.com>
		3	Date: Fri, 21 Nov 2025 07:36:36 +0100
		4	Subject: [PATCH] Fix various issues in cupsd
		5
		6	Various issues were found by @SilverPlate3, recognized as CVE-2025-61915:
		7
		8	- out of bound write when handling IPv6 addresses,
		9	- cupsd crash caused by null dereference when ErrorPolicy value is empty,
		10
		11	On the top of that, Mike Sweet noticed vulnerability via domain socket,
		12	exploitable locally if attacker has access to domain socket and knows username
		13	of user within a group which is present in CUPS system groups:
		14
		15	- rewrite of cupsd.conf via PeerCred authorization via domain socket
		16
		17	The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf,
		18	which controls whether PeerCred is enabled/disabled for user in CUPS system groups.
		19
		20	Fixes CVE-2025-61915
		21
		22	CVE: CVE-2025-61915
		23	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/db8d560262c2]
		24
		25	(cherry picked from commit db8d560262c22a21ee1e55dfd62fa98d9359bcb0)
		26	Signed-off-by: Deepak Rathore <deeratho@cisco.com>
		27	---
		28	conf/cups-files.conf.in \| 3 ++
		29	config-scripts/cups-defaults.m4 \| 9 +++++
		30	config.h.in \| 7 ++++
		31	configure \| 22 ++++++++++
		32	doc/help/man-cups-files.conf.html \| 9 ++++-
		33	man/cups-files.conf.5 \| 17 ++++++--
		34	scheduler/auth.c \| 8 +++-
		35	scheduler/auth.h \| 7 ++++
		36	scheduler/client.c \| 2 +-
		37	scheduler/conf.c \| 60 ++++++++++++++++++++++++----
		38	test/run-stp-tests.sh \| 2 +-
		39	vcnet/config.h \| 7 ++++
		40	xcode/CUPS.xcodeproj/project.pbxproj \| 2 -
		41	xcode/config.h \| 7 ++++
		42	14 files changed, 145 insertions(+), 17 deletions(-)
		43
		44	diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in
		45	index 27d8be96f..bc999e420 100644
		46	--- a/conf/cups-files.conf.in
		47	+++ b/conf/cups-files.conf.in
		48	@@ -22,6 +22,9 @@
		49	SystemGroup @CUPS_SYSTEM_GROUPS@
		50	@CUPS_SYSTEM_AUTHKEY@
		51
		52	+# Are Unix domain socket peer credentials used for authorization?
		53	+PeerCred @CUPS_PEER_CRED@
		54	+
		55	# User that is substituted for unauthenticated (remote) root accesses...
		56	#RemoteRoot remroot
		57
		58	diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4
		59	index 27e5bc472..b4f03d624 100644
		60	--- a/config-scripts/cups-defaults.m4
		61	+++ b/config-scripts/cups-defaults.m4
		62	@@ -129,6 +129,15 @@ AC_ARG_WITH([log_level], AS_HELP_STRING([--with-log-level], [set default LogLeve
		63	AC_SUBST([CUPS_LOG_LEVEL])
		64	AC_DEFINE_UNQUOTED([CUPS_DEFAULT_LOG_LEVEL], ["$CUPS_LOG_LEVEL"], [Default LogLevel value.])
		65
		66	+dnl Default PeerCred
		67	+AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [
		68	+ CUPS_PEER_CRED="$withval"
		69	+], [
		70	+ CUPS_PEER_CRED="on"
		71	+])
		72	+AC_SUBST([CUPS_PEER_CRED])
		73	+AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.])
		74	+
		75	dnl Default AccessLogLevel
		76	AC_ARG_WITH(access_log_level, [ --with-access-log-level set default AccessLogLevel value, default=none],
		77	CUPS_ACCESS_LOG_LEVEL="$withval",
		78	diff --git a/config.h.in b/config.h.in
		79	index 6940b9604..222b3b5bf 100644
		80	--- a/config.h.in
		81	+++ b/config.h.in
		82	@@ -86,6 +86,13 @@
		83	#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
		84
		85
		86	+/*
		87	+ * Default PeerCred value...
		88	+ */
		89	+
		90	+#define CUPS_DEFAULT_PEER_CRED "on"
		91	+
		92	+
		93	/*
		94	* Default MaxCopies value...
		95	*/
		96	diff --git a/configure b/configure
		97	index f8147c9d6..f456c8588 100755
		98	--- a/configure
		99	+++ b/configure
		100	@@ -672,6 +672,7 @@ CUPS_BROWSING
		101	CUPS_SYNC_ON_CLOSE
		102	CUPS_PAGE_LOG_FORMAT
		103	CUPS_ACCESS_LOG_LEVEL
		104	+CUPS_PEER_CRED
		105	CUPS_LOG_LEVEL
		106	CUPS_FATAL_ERRORS
		107	CUPS_ERROR_POLICY
		108	@@ -925,6 +926,7 @@ with_max_log_size
		109	with_error_policy
		110	with_fatal_errors
		111	with_log_level
		112	+with_peer_cred
		113	with_access_log_level
		114	enable_page_logging
		115	enable_sync_on_close
		116	@@ -1661,6 +1663,8 @@ Optional Packages:
		117	--with-error-policy set default ErrorPolicy value, default=stop-printer
		118	--with-fatal-errors set default FatalErrors value, default=config
		119	--with-log-level set default LogLevel value, default=warn
		120	+ --with-peer-cred set default PeerCred value (on/off/root-only),
		121	+ default=on
		122	--with-access-log-level set default AccessLogLevel value, default=none
		123	--with-local-protocols set default BrowseLocalProtocols, default=""
		124	--with-cups-user set default user for CUPS
		125	@@ -11718,6 +11722,24 @@ printf "%s\n" "#define CUPS_DEFAULT_LOG_LEVEL \"$CUPS_LOG_LEVEL\"" >>confdefs.h
		126
		127
		128
		129	+# Check whether --with-peer_cred was given.
		130	+if test ${with_peer_cred+y}
		131	+then :
		132	+ withval=$with_peer_cred;
		133	+ CUPS_PEER_CRED="$withval"
		134	+
		135	+else $as_nop
		136	+
		137	+ CUPS_PEER_CRED="on"
		138	+
		139	+fi
		140	+
		141	+
		142	+
		143	+printf "%s\n" "#define CUPS_DEFAULT_PEER_CRED \"$CUPS_PEER_CRED\"" >>confdefs.h
		144	+
		145	+
		146	+
		147	# Check whether --with-access_log_level was given.
		148	if test ${with_access_log_level+y}
		149	then :
		150	diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html
		151	index c0c775dec..5a9ddefeb 100644
		152	--- a/doc/help/man-cups-files.conf.html
		153	+++ b/doc/help/man-cups-files.conf.html
		154	@@ -119,6 +119,13 @@ The default is "/var/log/cups/page_log".
		155	<dt><a name="PassEnv"></a><b>PassEnv </b><i>variable </i>[ ... <i>variable </i>]
		156	<dd style="margin-left: 5.0em">Passes the specified environment variable(s) to child processes.
		157	Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
		158	+<dt><a name="PeerCred"></a><b>PeerCred off</b>
		159	+<dd style="margin-left: 5.0em"><dt><b>PeerCred on</b>
		160	+<dd style="margin-left: 5.0em"><dt><b>PeerCred root-only</b>
		161	+<dd style="margin-left: 5.0em">Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
		162	+When <b>on</b>, the peer credentials of any user are accepted for authorization.
		163	+The value <b>off</b> disables the use of peer credentials entirely, while the value <b>root-only</b> allows peer credentials only for the root user.
		164	+Note: for security reasons, the <b>on</b> setting is reduced to <b>root-only</b> for authorization of PUT requests.
		165	<dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
		166	<dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
		167	The default is "remroot".
		168	@@ -207,7 +214,7 @@ command is used instead.
		169	<a href="man-subscriptions.conf.html?TOPIC=Man+Pages"><b>subscriptions.conf</b>(5),</a>
		170	CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
		171	<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
		172	-Copyright © 2020-2023 by OpenPrinting.
		173	+Copyright © 2020-2025 by OpenPrinting.
		174
		175	</body>
		176	</html>
		177	diff --git a/man/cups-files.conf.5 b/man/cups-files.conf.5
		178	index 8358b62a1..107072c3c 100644
		179	--- a/man/cups-files.conf.5
		180	+++ b/man/cups-files.conf.5
		181	@@ -1,14 +1,14 @@
		182	.\"
		183	.\" cups-files.conf man page for CUPS.
		184	.\"
		185	-.\" Copyright © 2020-2024 by OpenPrinting.
		186	+.\" Copyright © 2020-2025 by OpenPrinting.
		187	.\" Copyright © 2007-2019 by Apple Inc.
		188	.\" Copyright © 1997-2006 by Easy Software Products.
		189	.\"
		190	.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
		191	.\" information.
		192	.\"
		193	-.TH cups-files.conf 5 "CUPS" "2021-03-06" "OpenPrinting"
		194	+.TH cups-files.conf 5 "CUPS" "2025-10-08" "OpenPrinting"
		195	.SH NAME
		196	cups\-files.conf \- file and directory configuration file for cups
		197	.SH DESCRIPTION
		198	@@ -166,6 +166,17 @@ The default is "/var/log/cups/page_log".
		199	\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
		200	Passes the specified environment variable(s) to child processes.
		201	Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
		202	+.\"#PeerCred
		203	+.TP 5
		204	+\fBPeerCred off\fR
		205	+.TP 5
		206	+\fBPeerCred on\fR
		207	+.TP 5
		208	+\fBPeerCred root-only\fR
		209	+Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket.
		210	+When \fBon\fR, the peer credentials of any user are accepted for authorization.
		211	+The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user.
		212	+Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests.
		213	.\"#RemoteRoot
		214	.TP 5
		215	\fBRemoteRoot \fIusername\fR
		216	@@ -289,4 +300,4 @@ command is used instead.
		217	.BR subscriptions.conf (5),
		218	CUPS Online Help (http://localhost:631/help)
		219	.SH COPYRIGHT
		220	-Copyright \[co] 2020-2024 by OpenPrinting.
		221	+Copyright \[co] 2020-2025 by OpenPrinting.
		222	diff --git a/scheduler/auth.c b/scheduler/auth.c
		223	index 3c9aa72aa..bd0d28a0e 100644
		224	--- a/scheduler/auth.c
		225	+++ b/scheduler/auth.c
		226	@@ -398,7 +398,7 @@ cupsdAuthorize(cupsd_client_t con) / I - Client connection */
		227	}
		228	#endif /* HAVE_AUTHORIZATION_H */
		229	#if defined(SO_PEERCRED) && defined(AF_LOCAL)
		230	- else if (!strncmp(authorization, "PeerCred ", 9) &&
		231	+ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) &&
		232	con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
		233	{
		234	/*
		235	@@ -441,6 +441,12 @@ cupsdAuthorize(cupsd_client_t con) / I - Client connection */
		236	}
		237	#endif /* HAVE_AUTHORIZATION_H */
		238
		239	+ if ((PeerCred == CUPSD_PEERCRED_ROOTONLY \|\| httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root"))
		240	+ {
		241	+ cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9);
		242	+ return;
		243	+ }
		244	+
		245	if ((pwd = getpwnam(authorization + 9)) == NULL)
		246	{
		247	cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9);
		248	diff --git a/scheduler/auth.h b/scheduler/auth.h
		249	index ee98e92c7..fdf71213f 100644
		250	--- a/scheduler/auth.h
		251	+++ b/scheduler/auth.h
		252	@@ -50,6 +50,10 @@
		253	#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
		254	#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
		255
		256	+#define CUPSD_PEERCRED_OFF 0 /* Don't allow PeerCred authorization */
		257	+#define CUPSD_PEERCRED_ON 1 /* Allow PeerCred authorization for all users */
		258	+#define CUPSD_PEERCRED_ROOTONLY 2 /* Allow PeerCred authorization for root user */
		259	+
		260	#define IPP_ANY_OPERATION (ipp_op_t)0
		261	/* Any IPP operation */
		262	#define IPP_BAD_OPERATION (ipp_op_t)-1
		263	@@ -105,6 +109,9 @@ typedef struct
		264
		265	VAR cups_array_t *Locations VALUE(NULL);
		266	/* Authorization locations */
		267	+VAR int PeerCred VALUE(CUPSD_PEERCRED_ON);
		268	+ /* Allow PeerCred authorization? */
		269	+
		270	#ifdef HAVE_TLS
		271	VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
		272	/* Default encryption for authentication */
		273	diff --git a/scheduler/client.c b/scheduler/client.c
		274	index d495d9a75..81db4aa52 100644
		275	--- a/scheduler/client.c
		276	+++ b/scheduler/client.c
		277	@@ -2204,7 +2204,7 @@ cupsdSendHeader(
		278	auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str);
		279
		280	#if defined(SO_PEERCRED) && defined(AF_LOCAL)
		281	- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
		282	+ if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
		283	{
		284	strlcpy(auth_key, ", PeerCred", auth_size);
		285	auth_key += 10;
		286	diff --git a/scheduler/conf.c b/scheduler/conf.c
		287	index 3184d72f0..6accf0590 100644
		288	--- a/scheduler/conf.c
		289	+++ b/scheduler/conf.c
		290	@@ -47,6 +47,7 @@ typedef enum
		291	{
		292	CUPSD_VARTYPE_INTEGER, /* Integer option */
		293	CUPSD_VARTYPE_TIME, /* Time interval option */
		294	+ CUPSD_VARTYPE_NULLSTRING, /* String option or NULL/empty string */
		295	CUPSD_VARTYPE_STRING, /* String option */
		296	CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
		297	CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
		298	@@ -69,7 +70,7 @@ static const cupsd_var_t cupsd_vars[] =
		299	{
		300	{ "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
		301	#ifdef HAVE_DNSSD
		302	- { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
		303	+ { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_NULLSTRING },
		304	#endif /* HAVE_DNSSD */
		305	{ "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
		306	{ "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
		307	@@ -120,7 +121,7 @@ static const cupsd_var_t cupsd_vars[] =
		308	{ "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
		309	{ "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
		310	{ "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
		311	- { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
		312	+ { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_NULLSTRING },
		313	{ "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
		314	{ "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
		315	{ "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
		316	@@ -791,6 +792,13 @@ cupsdReadConfiguration(void)
		317	IdleExitTimeout = 60;
		318	#endif /* HAVE_ONDEMAND */
		319
		320	+ if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off"))
		321	+ PeerCred = CUPSD_PEERCRED_OFF;
		322	+ else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only"))
		323	+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
		324	+ else
		325	+ PeerCred = CUPSD_PEERCRED_ON;
		326	+
		327	/*
		328	* Setup environment variables...
		329	*/
		330	@@ -1831,7 +1839,7 @@ get_addr_and_mask(const char value, / I - String from config file */
		331
		332	family = AF_INET6;
		333
		334	- for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
		335	+ for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++)
		336	{
		337	if (*ptr == ']')
		338	break;
		339	@@ -1977,7 +1985,7 @@ get_addr_and_mask(const char value, / I - String from config file */
		340	#ifdef AF_INET6
		341	if (family == AF_INET6)
		342	{
		343	- if (i > 128)
		344	+ if (i < 0 \|\| i > 128)
		345	return (0);
		346
		347	i = 128 - i;
		348	@@ -2011,7 +2019,7 @@ get_addr_and_mask(const char value, / I - String from config file */
		349	else
		350	#endif /* AF_INET6 */
		351	{
		352	- if (i > 32)
		353	+ if (i < 0 \|\| i > 32)
		354	return (0);
		355
		356	mask[0] = 0xffffffff;
		357	@@ -2921,7 +2929,17 @@ parse_variable(
		358	cupsdSetString((char **)var->ptr, temp);
		359	break;
		360
		361	+ case CUPSD_VARTYPE_NULLSTRING :
		362	+ cupsdSetString((char **)var->ptr, value);
		363	+ break;
		364	+
		365	case CUPSD_VARTYPE_STRING :
		366	+ if (!value)
		367	+ {
		368	+ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename);
		369	+ return (0);
		370	+ }
		371	+
		372	cupsdSetString((char **)var->ptr, value);
		373	break;
		374	}
		375	@@ -3436,9 +3454,10 @@ read_cupsd_conf(cups_file_t fp) / I - File to read from */
		376	line, value ? " " : "", value ? value : "", linenum,
		377	ConfigurationFile, CupsFilesFile);
		378	}
		379	- else
		380	- parse_variable(ConfigurationFile, linenum, line, value,
		381	- sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
		382	+ else if (!parse_variable(ConfigurationFile, linenum, line, value,
		383	+ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) &&
		384	+ (FatalErrors & CUPSD_FATAL_CONFIG))
		385	+ return (0);
		386	}
		387
		388	return (1);
		389	@@ -3597,6 +3616,31 @@ read_cups_files_conf(cups_file_t fp) / I - File to read from */
		390	break;
		391	}
		392	}
		393	+ else if (!_cups_strcasecmp(line, "PeerCred") && value)
		394	+ {
		395	+ /*
		396	+ * PeerCred {off,on,root-only}
		397	+ */
		398	+
		399	+ if (!_cups_strcasecmp(value, "off"))
		400	+ {
		401	+ PeerCred = CUPSD_PEERCRED_OFF;
		402	+ }
		403	+ else if (!_cups_strcasecmp(value, "on"))
		404	+ {
		405	+ PeerCred = CUPSD_PEERCRED_ON;
		406	+ }
		407	+ else if (!_cups_strcasecmp(value, "root-only"))
		408	+ {
		409	+ PeerCred = CUPSD_PEERCRED_ROOTONLY;
		410	+ }
		411	+ else
		412	+ {
		413	+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile);
		414	+ if (FatalErrors & CUPSD_FATAL_CONFIG)
		415	+ return (0);
		416	+ }
		417	+ }
		418	else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
		419	{
		420	/*
		421	diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
		422	index 39b53c3e4..2089f7944 100755
		423	--- a/test/run-stp-tests.sh
		424	+++ b/test/run-stp-tests.sh
		425	@@ -512,7 +512,7 @@ fi
		426
		427	cat >$BASE/cups-files.conf <<EOF
		428	FileDevice yes
		429	-Printcap
		430	+Printcap $BASE/printcap
		431	User $user
		432	ServerRoot $BASE
		433	StateDir $BASE
		434	diff --git a/vcnet/config.h b/vcnet/config.h
		435	index 7fc459217..76f5adbb7 100644
		436	--- a/vcnet/config.h
		437	+++ b/vcnet/config.h
		438	@@ -169,6 +169,13 @@ typedef unsigned long useconds_t;
		439	#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
		440
		441
		442	+/*
		443	+ * Default PeerCred value...
		444	+ */
		445	+
		446	+#define CUPS_DEFAULT_PEER_CRED "on"
		447	+
		448	+
		449	/*
		450	* Default MaxCopies value...
		451	*/
		452	diff --git a/xcode/CUPS.xcodeproj/project.pbxproj b/xcode/CUPS.xcodeproj/project.pbxproj
		453	index 597946440..54ac652a1 100644
		454	--- a/xcode/CUPS.xcodeproj/project.pbxproj
		455	+++ b/xcode/CUPS.xcodeproj/project.pbxproj
		456	@@ -3433,7 +3433,6 @@
		457	72220FB313330BCE00FCA411 /* mime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = mime.c; path = ../scheduler/mime.c; sourceTree = "<group>"; };
		458	72220FB413330BCE00FCA411 /* mime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mime.h; path = ../scheduler/mime.h; sourceTree = "<group>"; };
		459	72220FB513330BCE00FCA411 /* type.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = type.c; path = ../scheduler/type.c; sourceTree = "<group>"; };
		460	- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "org.cups.cups-lpd.plist"; path = "../scheduler/org.cups.cups-lpd.plist"; sourceTree = SOURCE_ROOT; };
		461	7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = org.cups.cupsd.plist; path = ../scheduler/org.cups.cupsd.plist; sourceTree = SOURCE_ROOT; };
		462	7226369D18AE73BB004ED309 /* config.h.in */ = {isa = PBXFileReference; lastKnownFileType = text; name = config.h.in; path = ../config.h.in; sourceTree = "<group>"; };
		463	722A24EE2178D00C000CAB20 /* debug-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "debug-internal.h"; path = "../cups/debug-internal.h"; sourceTree = "<group>"; };
		464	@@ -5055,7 +5054,6 @@
		465	isa = PBXGroup;
		466	children = (
		467	72E65BDC18DC852700097E89 /* Makefile */,
		468	- 7226369B18AE6D19004ED309 /* org.cups.cups-lpd.plist */,
		469	72E65BD518DC818400097E89 /* org.cups.cups-lpd.plist.in */,
		470	7226369C18AE6D19004ED309 /* org.cups.cupsd.plist */,
		471	72220F6913330B0C00FCA411 /* auth.c */,
		472	diff --git a/xcode/config.h b/xcode/config.h
		473	index e4a63f69d..366da777e 100644
		474	--- a/xcode/config.h
		475	+++ b/xcode/config.h
		476	@@ -88,6 +88,13 @@
		477	#define CUPS_DEFAULT_ERROR_POLICY "stop-printer"
		478
		479
		480	+/*
		481	+ * Default PeerCred value...
		482	+ */
		483	+
		484	+#define CUPS_DEFAULT_PEER_CRED "on"
		485	+
		486	+
		487	/*
		488	* Default MaxCopies value...
		489	*/
		490	--
		491	2.44.1