Andreas Radke pushed to branch main at Arch Linux / Packaging / Packages /
cups-browsed
Commits:
4e5ddd50 by Andreas Radke at 2024-09-27T13:38:04+02:00
upgpkg: 2.0.1-2; don't browse old cups protocol by default - CVE-2024-47176
- - - - -
3 changed files:
- .SRCINFO
- + CVE-2024-47176.patch
- PKGBUILD
Changes:
=====================================
.SRCINFO
=====================================
@@ -1,7 +1,7 @@
pkgbase = cups-browsed
pkgdesc = a helper daemon to browse the network for remote CUPS queues
and IPP network printers
pkgver = 2.0.1
- pkgrel = 1
+ pkgrel = 2
url = https://wiki.linuxfoundation.org/openprinting/cups-filters
arch = x86_64
license = Apache-2.0 WITH LLVM-exception
@@ -15,6 +15,8 @@ pkgbase = cups-browsed
depends = libldap
backup = etc/cups/cups-browsed.conf
source =
https://github.com/OpenPrinting/cups-browsed/releases/download/2.0.1/cups-browsed-2.0.1.tar.xz
+ source = CVE-2024-47176.patch
sha256sums =
ebed1b49dea593912b15fe55f88b691c1a0ac7d6c42178e9526ea949d00ef01a
+ sha256sums =
cef22036f4512dc813e6ea2536558c2111919134b93b23b6d3f239d3fad1fa4a
pkgname = cups-browsed
=====================================
CVE-2024-47176.patch
=====================================
@@ -0,0 +1,28 @@
+From 1debe6b140c37e0aa928559add4abcc95ce54aa2 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <[email protected]>
+Date: Thu, 26 Sep 2024 23:03:32 +0200
+Subject: [PATCH] Default BrowseRemoteProtocols should not include "cups"
+ protocol
+
+Works around CVE-2024-47176, the fix will be complete removal of CUPS
+Browsing functionality
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index d07b184c..84de9129 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -183,9 +183,9 @@ else
+ fi
+
+ AC_ARG_WITH([browseremoteprotocols],
+- [AS_HELP_STRING([--with-browseremoteprotocols=value], [Set which
protocols to listen for in cups-browsed (default: dnssd cups)])],
++ [AS_HELP_STRING([--with-browseremoteprotocols=value], [Set which
protocols to listen for in cups-browsed (default: dnssd)])],
+ [with_browseremoteprotocols="$withval"],
+- [with_browseremoteprotocols="dnssd cups"]
++ [with_browseremoteprotocols="dnssd"]
+ )
+ BROWSEREMOTEPROTOCOLS="$with_browseremoteprotocols"
+ AC_SUBST(BROWSEREMOTEPROTOCOLS)
=====================================
PKGBUILD
=====================================
@@ -2,7 +2,7 @@
pkgname=cups-browsed
pkgver=2.0.1
-pkgrel=1
+pkgrel=2
pkgdesc="a helper daemon to browse the network for remote CUPS queues and IPP
network printers"
arch=('x86_64')
url="https://wiki.linuxfoundation.org/openprinting/cups-filters";
@@ -11,8 +11,17 @@ depends=('libcups' 'libcupsfilters' 'libppd'
'avahi' 'glib2' 'glibc' 'libldap')
makedepends=('glib2-devel')
backup=(etc/cups/cups-browsed.conf)
-source=(https://github.com/OpenPrinting/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.xz)
-sha256sums=('ebed1b49dea593912b15fe55f88b691c1a0ac7d6c42178e9526ea949d00ef01a')
+source=(https://github.com/OpenPrinting/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.xz
+ CVE-2024-47176.patch)
+sha256sums=('ebed1b49dea593912b15fe55f88b691c1a0ac7d6c42178e9526ea949d00ef01a'
+ 'cef22036f4512dc813e6ea2536558c2111919134b93b23b6d3f239d3fad1fa4a')
+
+prepare() {
+ cd "$pkgname"-$pkgver
+ # default to dnssd only browsing
+ patch -Np1 -i ../CVE-2024-47176.patch
+ autoreconf -vfi
+}
build() {
cd "$pkgname"-$pkgver
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/cups-browsed/-/commit/4e5ddd505a67a91502381304db11862522178053
--
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/cups-browsed/-/commit/4e5ddd505a67a91502381304db11862522178053
You're receiving this email because of your account on gitlab.archlinux.org.
