Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cups for openSUSE:Factory checked in 
at 2023-06-04 00:11:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cups (Old)
 and      /work/SRC/openSUSE:Factory/.cups.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cups"

Sun Jun  4 00:11:47 2023 rev:167 rq:1090272 version:2.4.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/cups/cups.changes        2022-12-13 
18:55:17.711148147 +0100
+++ /work/SRC/openSUSE:Factory/.cups.new.15902/cups.changes     2023-06-04 
00:11:48.301247946 +0200
@@ -1,0 +2,8 @@
+Thu Jun  1 11:31:26 UTC 2023 - Johannes Meixner <jsm...@suse.com>
+
+- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
+  "Heap buffer overflow in cupsd"
+  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
+  bsc#1211643
+
+-------------------------------------------------------------------

New:
----
  cups-2.4.2-CVE-2023-32324.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cups.spec ++++++
--- /var/tmp/diff_new_pack.9TdXlO/_old  2023-06-04 00:11:49.121252848 +0200
+++ /var/tmp/diff_new_pack.9TdXlO/_new  2023-06-04 00:11:49.129252896 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package cups
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -102,6 +102,11 @@
 # Patch108 downgrade-autoconf-requirement.patch
 # downgrades the autoconf requirement to the autoconf available in Tumbleweed 
as of this writing:
 Patch108:       downgrade-autoconf-requirement.patch
+# Patch109 cups-2.4.2-CVE-2023-32324.patch
+# fixes CVE-2023-32324 "Heap buffer overflow in cupsd"
+# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
+# https://bugzilla.suse.com/show_bug.cgi?id=1211643
+Patch109:       cups-2.4.2-CVE-2023-32324.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
@@ -329,6 +334,11 @@
 # Patch108 downgrade-autoconf-requirement.patch
 # downgrades the autoconf requirement to the autoconf available in Tumbleweed 
as of this writing:
 %patch108 -b downgrade-autoconf-requirement.orig
+# Patch109 cups-2.4.2-CVE-2023-32324.patch
+# fixes CVE-2023-32324 "Heap buffer overflow in cupsd"
+# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
+# https://bugzilla.suse.com/show_bug.cgi?id=1211643
+%patch109 -b cups-2.4.2-CVE-2023-32324.orig
 
 %build
 # Remove ".SILENT" rule for verbose build output




++++++ cups-2.4.2-CVE-2023-32324.patch ++++++
--- cups/string.c.orig  2022-05-26 08:17:21.000000000 +0200
+++ cups/string.c       2023-06-01 13:26:33.175494819 +0200
@@ -730,6 +730,9 @@ _cups_strlcpy(char       *dst,              /* O - D
   size_t       srclen;                 /* Length of source string */
 
 
+  if (size == 0)
+    return (0);
+
  /*
   * Figure out how much room is needed...
   */

Reply via email to