pool/cups
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1090271 from home:jsmeix:branches:Printing

Browse Source 
Fix for CVE-2023-32324 Heap buffer overflow in cupsd bsc#1211643

OBS-URL: https://build.opensuse.org/request/show/1090271
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=397
This commit is contained in:
Johannes Meixner 2023-06-01 11:45:21 +00:00 committed by Git OBS Bridge
parent efb414dc4d
commit 098676ac8a
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cups-2.4.2-CVE-2023-32324.patch Normal file
View File

@ -0,0 +1,12 @@
--- cups/string.c.orig 2022-05-26 08:17:21.000000000 +0200
+++ cups/string.c 2023-06-01 13:26:33.175494819 +0200
@@ -730,6 +730,9 @@ _cups_strlcpy(char *dst, /* O - D
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/

8
cups.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jun 1 11:31:26 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
"Heap buffer overflow in cupsd"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
-------------------------------------------------------------------
Mon Dec 12 12:23:49 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>

12
cups.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package cups
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -102,6 +102,11 @@ Patch107: harden_cups.service.patch
# Patch108 downgrade-autoconf-requirement.patch
# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing:
Patch108: downgrade-autoconf-requirement.patch
# Patch109 cups-2.4.2-CVE-2023-32324.patch
# fixes CVE-2023-32324 "Heap buffer overflow in cupsd"
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
# https://bugzilla.suse.com/show_bug.cgi?id=1211643
Patch109: cups-2.4.2-CVE-2023-32324.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes
@ -329,6 +334,11 @@ printer drivers for CUPS.
# Patch108 downgrade-autoconf-requirement.patch
# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing:
%patch108 -b downgrade-autoconf-requirement.orig
# Patch109 cups-2.4.2-CVE-2023-32324.patch
# fixes CVE-2023-32324 "Heap buffer overflow in cupsd"
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
# https://bugzilla.suse.com/show_bug.cgi?id=1211643
%patch109 -b cups-2.4.2-CVE-2023-32324.orig
%build
# Remove ".SILENT" rule for verbose build output