cups: Upgrade 2.4.6 -> 2.4.7

- enable tls by default to fix: | hash.c:16:12: fatal error: gnutls/crypto.h: No such file or directory | 16 | # include <gnutls/crypto.h> Changes in CUPS v2.4.7 (2023-09-20) ----------------------------------- - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files - Added OpenSSL support for cupsHashData (Issue #762) - Fixed delays in lpd backend (Issue #741) - Fixed extensive logging in scheduler (Issue #604) - Fixed hanging of `lpstat` on IBM AIX (Issue #773) - Fixed hanging of `lpstat` on Solaris (Issue #156) - Fixed printing to stderr if we can't open cups-files.conf (Issue #777) - Fixed purging job files via `cancel -x` (Issue #742) - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) - Fixed a bug in the PPD command interpretation code (Issue #768) (From OE-Core rev: 0e33d6fc646e76390e5bf8a0f7b38bd15c83729c) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Markus Volk <f_l_k@t-online.de> 2023-11-13 21:31:57 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20 15:30:52 +0000
commit: 35fa9488cb768bb6d94f69268678e3d5b61dd237 (patch)
tree: d12b920da770999d2f9d985aed0c97e27649039b
parent: fc5cb5ce35105abe6a9a19c984bf515d58b0845c (diff)
download: poky-35fa9488cb768bb6d94f69268678e3d5b61dd237.tar.gz
3 files changed, 6 insertions, 46 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index fa32c38549..ff5f55e62a 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
           file://0004-cups-fix-multilib-install-file-conflicts.patch \
           file://volatiles.99_cups \
           file://cups-volatiles.conf \
-           file://CVE-2023-4504.patch \
           "
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
@@ -38,10 +37,13 @@ GROUPADD_PARAM:${PN} = "--system lpadmin"
 SYSTEMD_SERVICE:${PN} = "cups.socket cups.path cups.service cups-lpd.socket"
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', '', d)} \
-                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)} \
+                   openssl \
+"
 PACKAGECONFIG[avahi] = "--with-dnssd=avahi,--with-dnssd=no,avahi"
 PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
-PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls"
+PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls,,,openssl"
+PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl,,,gnutls"
 PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
 PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
 PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
deleted file mode 100644
index e52e43a209..0000000000
--- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-CVE: CVE-2023-4504
-Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ]
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
-From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Wed, 20 Sep 2023 14:45:17 +0200
-Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
-We didn't check for end of buffer if it looks there is an escaped
-character - check for NULL terminator there and if found, return NULL
-as return value and in `ptr`, because a lone backslash is not
-a valid PostScript character.
---
- cups/raster-interpret.c | 14 +++++++++++++-
- 1 files changed, 13 insertions(+), 1 deletion(-)
-diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
-index 6fcf731b5..b8655c8c6 100644
--- a/cups/raster-interpret.c
-+++ b/cups/raster-interpret.c
-@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st,            /* I  - Stack */
- 
-            cur ++;
- 
-            if (*cur == 'b')
-+          /*
-+           * Return NULL if we reached NULL terminator, a lone backslash
-+           * is not a valid character in PostScript.
-+           */
-+
-+           if (!*cur)
-+           {
-+             *ptr = NULL;
-+
-+             return (NULL);
-+           }
-+
-+           if (*cur == 'b')
-              *valptr++ = '\b';
-            else if (*cur == 'f')
-              *valptr++ = '\f';
diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb b/meta/recipes-extended/cups/cups_2.4.7.bb
index 58029fdbd4..f4b0282e4c 100644
--- a/meta/recipes-extended/cups/cups_2.4.6.bb
+++ b/meta/recipes-extended/cups/cups_2.4.7.bb
@@ -2,4 +2,4 @@ require cups.inc
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262"
+SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c"
author	Markus Volk <f_l_k@t-online.de>	2023-11-13 21:31:57 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-20 15:30:52 +0000
commit	35fa9488cb768bb6d94f69268678e3d5b61dd237 (patch)
tree	d12b920da770999d2f9d985aed0c97e27649039b
parent	fc5cb5ce35105abe6a9a19c984bf515d58b0845c (diff)
download	poky-35fa9488cb768bb6d94f69268678e3d5b61dd237.tar.gz

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index fa32c38549..ff5f55e62a 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc
@@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
15	file://0004-cups-fix-multilib-install-file-conflicts.patch \	15	file://0004-cups-fix-multilib-install-file-conflicts.patch \
16	file://volatiles.99_cups \	16	file://volatiles.99_cups \
17	file://cups-volatiles.conf \	17	file://cups-volatiles.conf \
18	file://CVE-2023-4504.patch \
19	"	18	"
20		19
21	GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"	20	GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
@@ -38,10 +37,13 @@ GROUPADD_PARAM:${PN} = "--system lpadmin"
38	SYSTEMD_SERVICE:${PN} = "cups.socket cups.path cups.service cups-lpd.socket"	37	SYSTEMD_SERVICE:${PN} = "cups.socket cups.path cups.service cups-lpd.socket"
39		38
40	PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', '', d)} \	39	PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', '', d)} \
41	${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"	40	${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)} \
		41	openssl \
		42	"
42	PACKAGECONFIG[avahi] = "--with-dnssd=avahi,--with-dnssd=no,avahi"	43	PACKAGECONFIG[avahi] = "--with-dnssd=avahi,--with-dnssd=no,avahi"
43	PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"	44	PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
44	PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls"	45	PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls,,,openssl"
		46	PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl,,,gnutls"
45	PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"	47	PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
46	PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"	48	PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
47	PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"	49	PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"


diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch deleted file mode 100644 index e52e43a209..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	CVE: CVE-2023-4504
2	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ]
3	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
4
5	From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
6	From: Zdenek Dohnal <zdohnal@redhat.com>
7	Date: Wed, 20 Sep 2023 14:45:17 +0200
8	Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
9
10	We didn't check for end of buffer if it looks there is an escaped
11	character - check for NULL terminator there and if found, return NULL
12	as return value and in `ptr`, because a lone backslash is not
13	a valid PostScript character.
14	---
15	cups/raster-interpret.c \| 14 +++++++++++++-
16	1 files changed, 13 insertions(+), 1 deletion(-)
17
18	diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
19	index 6fcf731b5..b8655c8c6 100644
20	--- a/cups/raster-interpret.c
21	+++ b/cups/raster-interpret.c
22	@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t st, / I - Stack */
23
24	cur ++;
25
26	- if (*cur == 'b')
27	+ /*
28	+ * Return NULL if we reached NULL terminator, a lone backslash
29	+ * is not a valid character in PostScript.
30	+ */
31	+
32	+ if (!*cur)
33	+ {
34	+ *ptr = NULL;
35	+
36	+ return (NULL);
37	+ }
38	+
39	+ if (*cur == 'b')
40	*valptr++ = '\b';
41	else if (*cur == 'f')
42	*valptr++ = '\f';


diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb b/meta/recipes-extended/cups/cups_2.4.7.bb index 58029fdbd4..f4b0282e4c 100644 --- a/meta/recipes-extended/cups/cups_2.4.6.bb +++ b/meta/recipes-extended/cups/cups_2.4.7.bb
@@ -2,4 +2,4 @@ require cups.inc
2		2
3	LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"	3	LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
4		4
5	SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262"	5	SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c"