!99 [sync] PR-95: fix CVE-2023-32324

From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2023-06-05 09:31:38 +00:00 committed by Gitee
commit e5c91747fa
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions

View File

@ -0,0 +1,37 @@
From fd8bc2d32589d1fd91fe1c0521be2a7c0462109e Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 1 Jun 2023 12:04:00 +0200
Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324)
Reference:https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e
Conflict:NA
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 93cdad1..5def888 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,6 +1,7 @@
/*
* String functions for CUPS.
*
+ * Copyright © 2023 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.27.0

View File

@ -3,7 +3,7 @@
Name: cups
Epoch: 1
Version: 2.4.0
Release: 5
Release: 6
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: GPLv2+ and LGPLv2+ with exceptions and AML
Url: https://openprinting.github.io/cups/
@ -27,6 +27,7 @@ Patch10: cups-web-devices-timeout.patch
Patch6000: backport-CVE-2022-26691.patch
Patch6001: backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch
Patch6002: backport-Also-fix-cupsfilter.patch
Patch6003: backport-CVE-2023-32324.patch
BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
@ -448,6 +449,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog
* Sat Jun 3 2023 zhouwenpei <zhouwenpei@h-partners.com> - 1:2.4.0-6
- fix CVE-2023-32324
* Tue Feb 21 2023 zhouwenpei <zhouwenpei@h-partners.com> - 2.4.0-5
- fix update conflict of devel and help