From 09379275c58b69c689168eae20cb1389b0c2cb27 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Jan 07 2013 12:16:05 +0000
Subject: Don't enable IP-based systemd socket activation by default (bug #842365).


Resolves: rhbz#842365 rhbz#891945
(cherry picked from commit 6ef39188975c03f6132a98c8cad20ce80b3d95d9)

---

diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch
index 09d17d4..234555f 100644
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@@ -117,15 +117,12 @@ diff -up cups-1.5.2/data/cups.service.in.systemd-socket cups-1.5.2/data/cups.ser
 diff -up cups-1.5.2/data/cups.socket.in.systemd-socket cups-1.5.2/data/cups.socket.in
 --- cups-1.5.2/data/cups.socket.in.systemd-socket	2012-03-16 14:50:57.150449788 +0000
 +++ cups-1.5.2/data/cups.socket.in	2012-03-16 14:50:57.150449788 +0000
-@@ -0,0 +1,11 @@
+@@ -0,0 +1,8 @@
 +[Unit]
 +Description=CUPS Printing Service Sockets
 +
 +[Socket]
 +ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
-+ListenStream=631
-+ListenDatagram=0.0.0.0:631
-+BindIPv6Only=ipv6-only
 +
 +[Install]
 +WantedBy=sockets.target
diff --git a/cups.spec b/cups.spec
index 9fe8d4b..d843642 100644
--- a/cups.spec
+++ b/cups.spec
@@ -740,6 +740,8 @@ rm -f %{cups_serverbin}/backend/smb
 %changelog
 * Fri Jan  4 2013 Tim Waugh <twaugh@redhat.com> 1:1.5.4-18
 - Avoid misleading error message when configuration cannot be read.
+- Don't enable IP-based systemd socket activation by default
+  (bug #842365, bug #891945, CVE-2012-6094).
 
 * Thu Dec  6 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.4-17
 - Additional fix relating to CVE-2012-5519 to avoid misleading error