diff options
| author | Armin Kuster <akuster@mvista.com> | 2016-02-01 09:46:10 -0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-03-03 11:11:39 +0000 |
| commit | 83af960b7d9596b5355d1b8cf757ff14d087d0dc (patch) | |
| tree | 8491e0f35e6502d12683420e99452a42ee536d28 | |
| parent | 9a6a7150d9d027a36306b516c3549cbe00ab21a8 (diff) | |
| download | poky-83af960b7d9596b5355d1b8cf757ff14d087d0dc.tar.gz | |
foomatic-filters: Security fixes CVE-2015-8327
CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
this time with the recipe changes.
(From OE-Core master rev: 62d6876033476592a8ca35f4e563c996120a687b)
(From OE-Core rev: 9ca5534b1d8ce71eb150964e11ce79ba79ced7e4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch | 23 | ||||
| -rw-r--r-- | meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb | 1 |
2 files changed, 24 insertions, 0 deletions
diff --git a/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch b/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch new file mode 100644 index 0000000000..aaedc88aa3 --- /dev/null +++ b/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | |||
| 4 | http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 | ||
| 5 | |||
| 6 | Hand applied change to util.c. Fix was for cups-filters but also applied to foomatic-filters. | ||
| 7 | |||
| 8 | CVE: CVE-2015-8327 | ||
| 9 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 10 | |||
| 11 | Index: util.c | ||
| 12 | =================================================================== | ||
| 13 | --- a/util.c | ||
| 14 | +++ b/util.c | ||
| 15 | @@ -31,7 +31,7 @@ | ||
| 16 | #include <assert.h> | ||
| 17 | |||
| 18 | |||
| 19 | -const char* shellescapes = "|;<>&!$\'\"#*?()[]{}"; | ||
| 20 | +const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; | ||
| 21 | |||
| 22 | const char * temp_dir() | ||
| 23 | { | ||
diff --git a/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb b/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb index 7d0d717abb..58ef1f5b0d 100644 --- a/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb +++ b/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb | |||
| @@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/foomatic-filters-${PV}/COPYING;md5=393a5ca | |||
| 18 | SRC_URI = "http://www.openprinting.org/download/foomatic/foomatic-filters-${PV}.tar.gz" | 18 | SRC_URI = "http://www.openprinting.org/download/foomatic/foomatic-filters-${PV}.tar.gz" |
| 19 | 19 | ||
| 20 | SRC_URI += "file://CVE-2015-8560.patch \ | 20 | SRC_URI += "file://CVE-2015-8560.patch \ |
| 21 | file://CVE-2015-8327.patch \ | ||
| 21 | " | 22 | " |
| 22 | 23 | ||
| 23 | SRC_URI[md5sum] = "b05f5dcbfe359f198eef3df5b283d896" | 24 | SRC_URI[md5sum] = "b05f5dcbfe359f198eef3df5b283d896" |