Accepting request 1094634 from home:jsmeix:branches:Printing

Fix for CVE-2023-34241 use-after-free in cupsdAcceptClient() bsc#1212230

OBS-URL: https://build.opensuse.org/request/show/1094634
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=399

cups-2.4.2-CVE-2023-34241.patch

@@ -0,0 +1,46 @@
+--- scheduler/client.c.orig	2022-05-26 08:17:21.000000000 +0200
++++ scheduler/client.c	2023-06-22 12:47:25.329404393 +0200
+@@ -193,13 +193,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+    /*
+     * Can't have an unresolved IP address with double-lookups enabled...
+     */
+-
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+-                    "Name lookup failed - connection from %s closed!",
++                    "Name lookup failed - closing connection from %s!",
+                     httpGetHostname(con->http, NULL, 0));
+-
++    httpClose(con->http);
+     free(con);
+     return;
+   }
+@@ -234,12 +231,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+       * Can't have a hostname that doesn't resolve to the same IP address
+       * with double-lookups enabled...
+       */
+-
+-      httpClose(con->http);
+-
+       cupsdLogClient(con, CUPSD_LOG_WARN,
+-                      "IP lookup failed - connection from %s closed!",
++                      "IP lookup failed - closing connection from %s!",
+                       httpGetHostname(con->http, NULL, 0));
++      httpClose(con->http);
+       free(con);
+       return;
+     }
+@@ -256,11 +251,10 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+ 
+   if (!hosts_access(&wrap_req))
+   {
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+                     "Connection from %s refused by /etc/hosts.allow and "
+ 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
++    httpClose(con->http);
+     free(con);
+     return;
+   }

cups.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jun 22 10:50:34 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
+
+- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
+  "use-after-free in cupsdAcceptClient()"
+  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
+  bsc#1212230
+
 -------------------------------------------------------------------
 Thu Jun  1 11:31:26 UTC 2023 - Johannes Meixner <jsmeix@suse.com>
 

cups.spec

@@ -107,6 +107,11 @@ Patch108:       downgrade-autoconf-requirement.patch
 # https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
 # https://bugzilla.suse.com/show_bug.cgi?id=1211643
 Patch109:       cups-2.4.2-CVE-2023-32324.patch
+# Patch110 cups-2.4.2-CVE-2023-34241.patch
+# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()"
+# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
+# https://bugzilla.suse.com/show_bug.cgi?id=1212230
+Patch110:       cups-2.4.2-CVE-2023-34241.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
@@ -339,6 +344,11 @@ printer drivers for CUPS.
 # https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
 # https://bugzilla.suse.com/show_bug.cgi?id=1211643
 %patch109 -b cups-2.4.2-CVE-2023-32324.orig
+# Patch110 cups-2.4.2-CVE-2023-34241.patch
+# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()"
+# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
+# https://bugzilla.suse.com/show_bug.cgi?id=1212230
+%patch110 -b cups-2.4.2-CVE-2023-34241.orig
 
 %build
 # Remove ".SILENT" rule for verbose build output