pool/cups
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1094635 from Printing

Browse Source 
Fix for CVE-2023-34241 use-after-free in cupsdAcceptClient() bsc#1212230 (forwarded request 1094634 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/1094635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=168
This commit is contained in:
Dominique Leuenberger 2023-06-23 19:52:02 +00:00 committed by Git OBS Bridge
commit def6dd861f
3 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
cups-2.4.2-CVE-2023-34241.patch Normal file
View File

@ -0,0 +1,46 @@
--- scheduler/client.c.orig 2022-05-26 08:17:21.000000000 +0200
+++ scheduler/client.c 2023-06-22 12:47:25.329404393 +0200
@@ -193,13 +193,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
-
+ httpClose(con->http);
free(con);
return;
}
@@ -234,12 +231,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
* Can't have a hostname that doesn't resolve to the same IP address
* with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +251,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}

8
cups.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jun 22 10:50:34 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
-------------------------------------------------------------------
Thu Jun 1 11:31:26 UTC 2023 - Johannes Meixner <jsmeix@suse.com>

10
cups.spec
View File

@ -107,6 +107,11 @@ Patch108: downgrade-autoconf-requirement.patch
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
# https://bugzilla.suse.com/show_bug.cgi?id=1211643
Patch109: cups-2.4.2-CVE-2023-32324.patch
# Patch110 cups-2.4.2-CVE-2023-34241.patch
# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()"
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
# https://bugzilla.suse.com/show_bug.cgi?id=1212230
Patch110: cups-2.4.2-CVE-2023-34241.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes
@ -339,6 +344,11 @@ printer drivers for CUPS.
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
# https://bugzilla.suse.com/show_bug.cgi?id=1211643
%patch109 -b cups-2.4.2-CVE-2023-32324.orig
# Patch110 cups-2.4.2-CVE-2023-34241.patch
# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()"
# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
# https://bugzilla.suse.com/show_bug.cgi?id=1212230
%patch110 -b cups-2.4.2-CVE-2023-34241.orig
%build
# Remove ".SILENT" rule for verbose build output