Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at 2023-06-23 21:52:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cups (Old) and /work/SRC/openSUSE:Factory/.cups.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups" Fri Jun 23 21:52:02 2023 rev:168 rq:1094635 version:2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cups/cups.changes 2023-06-04 00:11:48.301247946 +0200 +++ /work/SRC/openSUSE:Factory/.cups.new.15902/cups.changes 2023-06-23 21:52:09.214470457 +0200 @@ -1,0 +2,8 @@ +Thu Jun 22 10:50:34 UTC 2023 - Johannes Meixner <jsm...@suse.com> + +- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241 + "use-after-free in cupsdAcceptClient()" + https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 + bsc#1212230 + +------------------------------------------------------------------- New: ---- cups-2.4.2-CVE-2023-34241.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.7YfaeI/_old 2023-06-23 21:52:10.118475368 +0200 +++ /var/tmp/diff_new_pack.7YfaeI/_new 2023-06-23 21:52:10.122475389 +0200 @@ -107,6 +107,11 @@ # https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 # https://bugzilla.suse.com/show_bug.cgi?id=1211643 Patch109: cups-2.4.2-CVE-2023-32324.patch +# Patch110 cups-2.4.2-CVE-2023-34241.patch +# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" +# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 +# https://bugzilla.suse.com/show_bug.cgi?id=1212230 +Patch110: cups-2.4.2-CVE-2023-34241.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -339,6 +344,11 @@ # https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 # https://bugzilla.suse.com/show_bug.cgi?id=1211643 %patch109 -b cups-2.4.2-CVE-2023-32324.orig +# Patch110 cups-2.4.2-CVE-2023-34241.patch +# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" +# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 +# https://bugzilla.suse.com/show_bug.cgi?id=1212230 +%patch110 -b cups-2.4.2-CVE-2023-34241.orig %build # Remove ".SILENT" rule for verbose build output ++++++ cups-2.4.2-CVE-2023-34241.patch ++++++ --- scheduler/client.c.orig 2022-05-26 08:17:21.000000000 +0200 +++ scheduler/client.c 2023-06-22 12:47:25.329404393 +0200 @@ -193,13 +193,10 @@ cupsdAcceptClient(cupsd_listener_t *lis) /* * Can't have an unresolved IP address with double-lookups enabled... */ - - httpClose(con->http); - cupsdLogClient(con, CUPSD_LOG_WARN, - "Name lookup failed - connection from %s closed!", + "Name lookup failed - closing connection from %s!", httpGetHostname(con->http, NULL, 0)); - + httpClose(con->http); free(con); return; } @@ -234,12 +231,10 @@ cupsdAcceptClient(cupsd_listener_t *lis) * Can't have a hostname that doesn't resolve to the same IP address * with double-lookups enabled... */ - - httpClose(con->http); - cupsdLogClient(con, CUPSD_LOG_WARN, - "IP lookup failed - connection from %s closed!", + "IP lookup failed - closing connection from %s!", httpGetHostname(con->http, NULL, 0)); + httpClose(con->http); free(con); return; } @@ -256,11 +251,10 @@ cupsdAcceptClient(cupsd_listener_t *lis) if (!hosts_access(&wrap_req)) { - httpClose(con->http); - cupsdLogClient(con, CUPSD_LOG_WARN, "Connection from %s refused by /etc/hosts.allow and " "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); + httpClose(con->http); free(con); return; }