Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at 2023-06-04 00:11:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cups (Old) and /work/SRC/openSUSE:Factory/.cups.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups" Sun Jun 4 00:11:47 2023 rev:167 rq:1090272 version:2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cups/cups.changes 2022-12-13 18:55:17.711148147 +0100 +++ /work/SRC/openSUSE:Factory/.cups.new.15902/cups.changes 2023-06-04 00:11:48.301247946 +0200 @@ -1,0 +2,8 @@ +Thu Jun 1 11:31:26 UTC 2023 - Johannes Meixner <jsm...@suse.com> + +- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324 + "Heap buffer overflow in cupsd" + https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 + bsc#1211643 + +------------------------------------------------------------------- New: ---- cups-2.4.2-CVE-2023-32324.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.9TdXlO/_old 2023-06-04 00:11:49.121252848 +0200 +++ /var/tmp/diff_new_pack.9TdXlO/_new 2023-06-04 00:11:49.129252896 +0200 @@ -1,7 +1,7 @@ # # spec file for package cups # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -102,6 +102,11 @@ # Patch108 downgrade-autoconf-requirement.patch # downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: Patch108: downgrade-autoconf-requirement.patch +# Patch109 cups-2.4.2-CVE-2023-32324.patch +# fixes CVE-2023-32324 "Heap buffer overflow in cupsd" +# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 +# https://bugzilla.suse.com/show_bug.cgi?id=1211643 +Patch109: cups-2.4.2-CVE-2023-32324.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -329,6 +334,11 @@ # Patch108 downgrade-autoconf-requirement.patch # downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: %patch108 -b downgrade-autoconf-requirement.orig +# Patch109 cups-2.4.2-CVE-2023-32324.patch +# fixes CVE-2023-32324 "Heap buffer overflow in cupsd" +# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 +# https://bugzilla.suse.com/show_bug.cgi?id=1211643 +%patch109 -b cups-2.4.2-CVE-2023-32324.orig %build # Remove ".SILENT" rule for verbose build output ++++++ cups-2.4.2-CVE-2023-32324.patch ++++++ --- cups/string.c.orig 2022-05-26 08:17:21.000000000 +0200 +++ cups/string.c 2023-06-01 13:26:33.175494819 +0200 @@ -730,6 +730,9 @@ _cups_strlcpy(char *dst, /* O - D size_t srclen; /* Length of source string */ + if (size == 0) + return (0); + /* * Figure out how much room is needed... */