| Message ID | 20231112013617.24303-1-f_l_k@t-online.de |
|---|---|
| State | New |
| Headers | show |
| Series | cups: Upgrade 2.4.6 -> 2.4.7 | expand |
Hello, This fails: reproducible: https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3912/steps/12/logs/errors lib32: https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7998/steps/11/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5334/steps/11/logs/stdio musl: https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8115/steps/12/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8143/steps/11/logs/stdio no-x11: https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/12/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/15/logs/stdio On 12/11/2023 02:36:17+0100, Markus Volk wrote: > Changes in CUPS v2.4.7 (2023-09-20) > ----------------------------------- > > - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript > in PPD files > - Added OpenSSL support for cupsHashData (Issue #762) > - Fixed delays in lpd backend (Issue #741) > - Fixed extensive logging in scheduler (Issue #604) > - Fixed hanging of `lpstat` on IBM AIX (Issue #773) > - Fixed hanging of `lpstat` on Solaris (Issue #156) > - Fixed printing to stderr if we can't open cups-files.conf (Issue #777) > - Fixed purging job files via `cancel -x` (Issue #742) > - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) > - Fixed a bug in the PPD command interpretation code (Issue #768) > > Signed-off-by: Markus Volk <f_l_k@t-online.de> > --- > meta/recipes-extended/cups/cups.inc | 1 - > .../cups/cups/CVE-2023-4504.patch | 42 ------------------- > .../cups/{cups_2.4.6.bb => cups_2.4.7.bb} | 2 +- > 3 files changed, 1 insertion(+), 44 deletions(-) > delete mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch > rename meta/recipes-extended/cups/{cups_2.4.6.bb => cups_2.4.7.bb} (51%) > > diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc > index fa32c38549..36feaddcf8 100644 > --- a/meta/recipes-extended/cups/cups.inc > +++ b/meta/recipes-extended/cups/cups.inc > @@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ > file://0004-cups-fix-multilib-install-file-conflicts.patch \ > file://volatiles.99_cups \ > file://cups-volatiles.conf \ > - file://CVE-2023-4504.patch \ > " > > GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" > diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch > deleted file mode 100644 > index e52e43a209..0000000000 > --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch > +++ /dev/null > @@ -1,42 +0,0 @@ > -CVE: CVE-2023-4504 > -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] > -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> > - > -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 > -From: Zdenek Dohnal <zdohnal@redhat.com> > -Date: Wed, 20 Sep 2023 14:45:17 +0200 > -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 > - > -We didn't check for end of buffer if it looks there is an escaped > -character - check for NULL terminator there and if found, return NULL > -as return value and in `ptr`, because a lone backslash is not > -a valid PostScript character. > ---- > - cups/raster-interpret.c | 14 +++++++++++++- > - 1 files changed, 13 insertions(+), 1 deletion(-) > - > -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c > -index 6fcf731b5..b8655c8c6 100644 > ---- a/cups/raster-interpret.c > -+++ b/cups/raster-interpret.c > -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ > - > - cur ++; > - > -- if (*cur == 'b') > -+ /* > -+ * Return NULL if we reached NULL terminator, a lone backslash > -+ * is not a valid character in PostScript. > -+ */ > -+ > -+ if (!*cur) > -+ { > -+ *ptr = NULL; > -+ > -+ return (NULL); > -+ } > -+ > -+ if (*cur == 'b') > - *valptr++ = '\b'; > - else if (*cur == 'f') > - *valptr++ = '\f'; > diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb b/meta/recipes-extended/cups/cups_2.4.7.bb > similarity index 51% > rename from meta/recipes-extended/cups/cups_2.4.6.bb > rename to meta/recipes-extended/cups/cups_2.4.7.bb > index 58029fdbd4..f4b0282e4c 100644 > --- a/meta/recipes-extended/cups/cups_2.4.6.bb > +++ b/meta/recipes-extended/cups/cups_2.4.7.bb > @@ -2,4 +2,4 @@ require cups.inc > > LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" > > -SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" > +SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c" > -- > 2.42.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#190442): https://lists.openembedded.org/g/openembedded-core/message/190442 > Mute This Topic: https://lists.openembedded.org/mt/102536625/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi, | hash.c:16:12: fatal error: gnutls/crypto.h: No such file or directory | 16 | # include <gnutls/crypto.h> it fails because there is no tls implementation activated by default. I do my builds with gnutls enabled and removing the bbappend that contains the packageconfig makes this problem reproducible for me. My question is, is it a reasonable standard to build without encryption? As I understand it, the correct solution would be to add tls support by default (adding --with-tls=openssl also fixes the issue). Maybe we could do something like this? PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=openssl,gnutls" Which tls implementation should be used by default? I know oe-core prefers openssl, but there have been known issues with it recently: <https://github.com/void-linux/void-packages/pull/41193> On Sun, Nov 12 2023 at 08:21:35 PM +01:00:00, Alexandre Belloni <alexandre.belloni@bootlin.com> wrote: > Hello, > > This fails: > > reproducible: > <https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3912/steps/12/logs/errors> > > lib32: > <https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7998/steps/11/logs/stdio> > <https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5334/steps/11/logs/stdio> > > > musl: > <https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8115/steps/12/logs/stdio> > <https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8143/steps/11/logs/stdio> > > > no-x11: > <https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/12/logs/stdio> > <https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/15/logs/stdio> > > On 12/11/2023 02:36:17+0100, Markus Volk wrote: >> Changes in CUPS v2.4.7 (2023-09-20) >> ----------------------------------- >> >> - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading >> Postscript >> in PPD files >> - Added OpenSSL support for cupsHashData (Issue #762) >> - Fixed delays in lpd backend (Issue #741) >> - Fixed extensive logging in scheduler (Issue #604) >> - Fixed hanging of `lpstat` on IBM AIX (Issue #773) >> - Fixed hanging of `lpstat` on Solaris (Issue #156) >> - Fixed printing to stderr if we can't open cups-files.conf (Issue >> #777) >> - Fixed purging job files via `cancel -x` (Issue #742) >> - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) >> - Fixed a bug in the PPD command interpretation code (Issue #768) >> >> Signed-off-by: Markus Volk <f_l_k@t-online.de >> <mailto:f_l_k@t-online.de>> >> --- >> meta/recipes-extended/cups/cups.inc | 1 - >> .../cups/cups/CVE-2023-4504.patch | 42 >> ------------------- >> .../cups/{cups_2.4.6.bb => cups_2.4.7.bb} | 2 +- >> 3 files changed, 1 insertion(+), 44 deletions(-) >> delete mode 100644 >> meta/recipes-extended/cups/cups/CVE-2023-4504.patch >> rename meta/recipes-extended/cups/{cups_2.4.6.bb => cups_2.4.7.bb} >> (51%) >> >> diff --git a/meta/recipes-extended/cups/cups.inc >> b/meta/recipes-extended/cups/cups.inc >> index fa32c38549..36feaddcf8 100644 >> --- a/meta/recipes-extended/cups/cups.inc >> +++ b/meta/recipes-extended/cups/cups.inc >> @@ -15,7 +15,6 @@ SRC_URI = >> "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ >> >> file://0004-cups-fix-multilib-install-file-conflicts.patch >> <file://0004-cups-fix-multilib-install-file-conflicts.patch/> \ >> file://volatiles.99_cups <file://volatiles.99_cups/> \ >> file://cups-volatiles.conf >> <file://cups-volatiles.conf/> \ >> - file://CVE-2023-4504.patch >> <file://cve-2023-4504.patch/> \ >> " >> >> GITHUB_BASE_URI = "<https://github.com/OpenPrinting/cups/releases>" >> diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >> b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >> deleted file mode 100644 >> index e52e43a209..0000000000 >> --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >> +++ /dev/null >> @@ -1,42 +0,0 @@ >> -CVE: CVE-2023-4504 >> -Upstream-Status: Backport >> [<https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31> >> ] >> -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com >> <mailto:chee.yang.lee@intel.com>> >> - >> -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 >> 2001 >> -From: Zdenek Dohnal <zdohnal@redhat.com >> <mailto:zdohnal@redhat.com>> >> -Date: Wed, 20 Sep 2023 14:45:17 +0200 >> -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 >> - >> -We didn't check for end of buffer if it looks there is an escaped >> -character - check for NULL terminator there and if found, return >> NULL >> -as return value and in `ptr`, because a lone backslash is not >> -a valid PostScript character. >> ---- >> - cups/raster-interpret.c | 14 +++++++++++++- >> - 1 files changed, 13 insertions(+), 1 deletion(-) >> - >> -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c >> -index 6fcf731b5..b8655c8c6 100644 >> ---- a/cups/raster-interpret.c >> -+++ b/cups/raster-interpret.c >> -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - >> Stack */ >> - >> - cur ++; >> - >> -- if (*cur == 'b') >> -+ /* >> -+ * Return NULL if we reached NULL terminator, a lone backslash >> -+ * is not a valid character in PostScript. >> -+ */ >> -+ >> -+ if (!*cur) >> -+ { >> -+ *ptr = NULL; >> -+ >> -+ return (NULL); >> -+ } >> -+ >> -+ if (*cur == 'b') >> - *valptr++ = '\b'; >> - else if (*cur == 'f') >> - *valptr++ = '\f'; >> diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb >> b/meta/recipes-extended/cups/cups_2.4.7.bb >> similarity index 51% >> rename from meta/recipes-extended/cups/cups_2.4.6.bb >> rename to meta/recipes-extended/cups/cups_2.4.7.bb >> index 58029fdbd4..f4b0282e4c 100644 >> --- a/meta/recipes-extended/cups/cups_2.4.6.bb >> +++ b/meta/recipes-extended/cups/cups_2.4.7.bb >> @@ -2,4 +2,4 @@ require cups.inc >> >> LIC_FILES_CHKSUM = >> "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" >> <file://license;md5=3b83ef96387f14655fc854ddc3c6bd57/> >> >> -SRC_URI[sha256sum] = >> "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" >> +SRC_URI[sha256sum] = >> "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c" >> -- >> 2.42.0 >> > >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#190442): >> <https://lists.openembedded.org/g/openembedded-core/message/190442> >> Mute This Topic: >> <https://lists.openembedded.org/mt/102536625/3617179> >> Group Owner: openembedded-core+owner@lists.openembedded.org >> <mailto:openembedded-core+owner@lists.openembedded.org> >> Unsubscribe: >> <https://lists.openembedded.org/g/openembedded-core/unsub> >> [alexandre.belloni@bootlin.com >> <mailto:alexandre.belloni@bootlin.com>] >> -=-=-=-=-=-=-=-=-=-=-=- >> > > > -- > Alexandre Belloni, co-owner and COO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com <https://bootlin.com/>
I've sent a v2 that would fix the issue by adding openssl tls support by default. tls can be switched to gnutls by using PACKAGECONFIG On Sun, Nov 12 2023 at 09:59:39 PM +01:00:00, Markus Volk <f_l_k@t-online.de> wrote: > Hi, > > | hash.c:16:12: fatal error: gnutls/crypto.h: No such file or > directory > | 16 | # include <gnutls/crypto.h> > > it fails because there is no tls implementation activated by default. > I do my builds with gnutls enabled and removing the bbappend that > contains the packageconfig makes this problem reproducible for me. My > question is, is it a reasonable standard to build without encryption? > As I understand it, the correct solution would be to add tls support > by default (adding --with-tls=openssl also fixes the issue). Maybe > we could do something like this? > PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=openssl,gnutls" > > Which tls implementation should be used by default? I know oe-core > prefers openssl, but there have been known issues with it recently: > <https://github.com/void-linux/void-packages/pull/41193> > > On Sun, Nov 12 2023 at 08:21:35 PM +01:00:00, Alexandre Belloni > <alexandre.belloni@bootlin.com> wrote: >> Hello, >> >> This fails: >> >> reproducible: >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/3912/steps/12/logs/errors> >> >> lib32: >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/7998/steps/11/logs/stdio> >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/108/builds/5334/steps/11/logs/stdio> >> >> >> musl: >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/8115/steps/12/logs/stdio> >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8143/steps/11/logs/stdio> >> >> >> no-x11: >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/12/logs/stdio> >> <https://autobuilder.yoctoproject.org/typhoon/#/builders/40/builds/8123/steps/15/logs/stdio> >> >> On 12/11/2023 02:36:17+0100, Markus Volk wrote: >>> Changes in CUPS v2.4.7 (2023-09-20) >>> ----------------------------------- >>> >>> - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading >>> Postscript >>> in PPD files >>> - Added OpenSSL support for cupsHashData (Issue #762) >>> - Fixed delays in lpd backend (Issue #741) >>> - Fixed extensive logging in scheduler (Issue #604) >>> - Fixed hanging of `lpstat` on IBM AIX (Issue #773) >>> - Fixed hanging of `lpstat` on Solaris (Issue #156) >>> - Fixed printing to stderr if we can't open cups-files.conf (Issue >>> #777) >>> - Fixed purging job files via `cancel -x` (Issue #742) >>> - Fixed RFC 1179 port reserving behavior in LPD backend (Issue >>> #743) >>> - Fixed a bug in the PPD command interpretation code (Issue #768) >>> >>> Signed-off-by: Markus Volk <f_l_k@t-online.de >>> <mailto:f_l_k@t-online.de>> >>> --- >>> meta/recipes-extended/cups/cups.inc | 1 - >>> .../cups/cups/CVE-2023-4504.patch | 42 >>> ------------------- >>> .../cups/{cups_2.4.6.bb => cups_2.4.7.bb} | 2 +- >>> 3 files changed, 1 insertion(+), 44 deletions(-) >>> delete mode 100644 >>> meta/recipes-extended/cups/cups/CVE-2023-4504.patch >>> rename meta/recipes-extended/cups/{cups_2.4.6.bb => >>> cups_2.4.7.bb} (51%) >>> >>> diff --git a/meta/recipes-extended/cups/cups.inc >>> b/meta/recipes-extended/cups/cups.inc >>> index fa32c38549..36feaddcf8 100644 >>> --- a/meta/recipes-extended/cups/cups.inc >>> +++ b/meta/recipes-extended/cups/cups.inc >>> @@ -15,7 +15,6 @@ SRC_URI = >>> "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ >>> >>> file://0004-cups-fix-multilib-install-file-conflicts.patch >>> <file://0004-cups-fix-multilib-install-file-conflicts.patch/> \ >>> file://volatiles.99_cups <file://volatiles.99_cups/> \ >>> file://cups-volatiles.conf >>> <file://cups-volatiles.conf/> \ >>> - file://CVE-2023-4504.patch >>> <file://cve-2023-4504.patch/> \ >>> " >>> >>> GITHUB_BASE_URI = >>> "<https://github.com/OpenPrinting/cups/releases>" >>> diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >>> b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >>> deleted file mode 100644 >>> index e52e43a209..0000000000 >>> --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch >>> +++ /dev/null >>> @@ -1,42 +0,0 @@ >>> -CVE: CVE-2023-4504 >>> -Upstream-Status: Backport >>> [<https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31> >>> ] >>> -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com >>> <mailto:chee.yang.lee@intel.com>> >>> - >>> -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 >>> 2001 >>> -From: Zdenek Dohnal <zdohnal@redhat.com >>> <mailto:zdohnal@redhat.com>> >>> -Date: Wed, 20 Sep 2023 14:45:17 +0200 >>> -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 >>> - >>> -We didn't check for end of buffer if it looks there is an escaped >>> -character - check for NULL terminator there and if found, return >>> NULL >>> -as return value and in `ptr`, because a lone backslash is not >>> -a valid PostScript character. >>> ---- >>> - cups/raster-interpret.c | 14 +++++++++++++- >>> - 1 files changed, 13 insertions(+), 1 deletion(-) >>> - >>> -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c >>> -index 6fcf731b5..b8655c8c6 100644 >>> ---- a/cups/raster-interpret.c >>> -+++ b/cups/raster-interpret.c >>> -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - >>> Stack */ >>> - >>> - cur ++; >>> - >>> -- if (*cur == 'b') >>> -+ /* >>> -+ * Return NULL if we reached NULL terminator, a lone >>> backslash >>> -+ * is not a valid character in PostScript. >>> -+ */ >>> -+ >>> -+ if (!*cur) >>> -+ { >>> -+ *ptr = NULL; >>> -+ >>> -+ return (NULL); >>> -+ } >>> -+ >>> -+ if (*cur == 'b') >>> - *valptr++ = '\b'; >>> - else if (*cur == 'f') >>> - *valptr++ = '\f'; >>> diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb >>> b/meta/recipes-extended/cups/cups_2.4.7.bb >>> similarity index 51% >>> rename from meta/recipes-extended/cups/cups_2.4.6.bb >>> rename to meta/recipes-extended/cups/cups_2.4.7.bb >>> index 58029fdbd4..f4b0282e4c 100644 >>> --- a/meta/recipes-extended/cups/cups_2.4.6.bb >>> +++ b/meta/recipes-extended/cups/cups_2.4.7.bb >>> @@ -2,4 +2,4 @@ require cups.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" >>> <file://license;md5=3b83ef96387f14655fc854ddc3c6bd57/> >>> >>> -SRC_URI[sha256sum] = >>> "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" >>> +SRC_URI[sha256sum] = >>> "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c" >>> -- >>> 2.42.0 >>> >> >>> >>> >>> >> >> >> -- >> Alexandre Belloni, co-owner and COO, Bootlin >> Embedded Linux and Kernel engineering >> https://bootlin.com <https://bootlin.com/>
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index fa32c38549..36feaddcf8 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ - file://CVE-2023-4504.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch deleted file mode 100644 index e52e43a209..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch +++ /dev/null @@ -1,42 +0,0 @@ -CVE: CVE-2023-4504 -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> - -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal <zdohnal@redhat.com> -Date: Wed, 20 Sep 2023 14:45:17 +0200 -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 - -We didn't check for end of buffer if it looks there is an escaped -character - check for NULL terminator there and if found, return NULL -as return value and in `ptr`, because a lone backslash is not -a valid PostScript character. ---- - cups/raster-interpret.c | 14 +++++++++++++- - 1 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c -index 6fcf731b5..b8655c8c6 100644 ---- a/cups/raster-interpret.c -+++ b/cups/raster-interpret.c -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ - - cur ++; - -- if (*cur == 'b') -+ /* -+ * Return NULL if we reached NULL terminator, a lone backslash -+ * is not a valid character in PostScript. -+ */ -+ -+ if (!*cur) -+ { -+ *ptr = NULL; -+ -+ return (NULL); -+ } -+ -+ if (*cur == 'b') - *valptr++ = '\b'; - else if (*cur == 'f') - *valptr++ = '\f'; diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb b/meta/recipes-extended/cups/cups_2.4.7.bb similarity index 51% rename from meta/recipes-extended/cups/cups_2.4.6.bb rename to meta/recipes-extended/cups/cups_2.4.7.bb index 58029fdbd4..f4b0282e4c 100644 --- a/meta/recipes-extended/cups/cups_2.4.6.bb +++ b/meta/recipes-extended/cups/cups_2.4.7.bb @@ -2,4 +2,4 @@ require cups.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" +SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c"
Changes in CUPS v2.4.7 (2023-09-20) ----------------------------------- - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files - Added OpenSSL support for cupsHashData (Issue #762) - Fixed delays in lpd backend (Issue #741) - Fixed extensive logging in scheduler (Issue #604) - Fixed hanging of `lpstat` on IBM AIX (Issue #773) - Fixed hanging of `lpstat` on Solaris (Issue #156) - Fixed printing to stderr if we can't open cups-files.conf (Issue #777) - Fixed purging job files via `cancel -x` (Issue #742) - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) - Fixed a bug in the PPD command interpretation code (Issue #768) Signed-off-by: Markus Volk <f_l_k@t-online.de> --- meta/recipes-extended/cups/cups.inc | 1 - .../cups/cups/CVE-2023-4504.patch | 42 ------------------- .../cups/{cups_2.4.6.bb => cups_2.4.7.bb} | 2 +- 3 files changed, 1 insertion(+), 44 deletions(-) delete mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch rename meta/recipes-extended/cups/{cups_2.4.6.bb => cups_2.4.7.bb} (51%)