diff options
author | Ross Burton <ross.burton@arm.com> | 2023-07-03 12:45:58 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-07-10 11:36:34 +0100 |
commit | 7379a88457283bd597820a35a33088f688950c73 (patch) | |
tree | da116758591fd49a0495595ec7801928aab02d9e | |
parent | 3f122cb1f457c509e84f91c19fd67a52201cb95e (diff) | |
download | poky-7379a88457283bd597820a35a33088f688950c73.tar.gz |
cups: upgrade to 2.4.6
This resolves CVE-2023-34241.
(From OE-Core rev: 829c742b5461c4599d304541e0da0915dc44146c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-extended/cups/cups.inc | 1 | ||||
-rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-32324.patch | 36 | ||||
-rw-r--r-- | meta/recipes-extended/cups/cups_2.4.6.bb (renamed from meta/recipes-extended/cups/cups_2.4.2.bb) | 2 |
3 files changed, 1 insertions, 38 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index d77758fd3f..da320b1085 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc | |||
@@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ | |||
15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ | 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ |
16 | file://volatiles.99_cups \ | 16 | file://volatiles.99_cups \ |
17 | file://cups-volatiles.conf \ | 17 | file://cups-volatiles.conf \ |
18 | file://CVE-2023-32324.patch \ | ||
19 | " | 18 | " |
20 | 19 | ||
21 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" | 20 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" |
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32324.patch b/meta/recipes-extended/cups/cups/CVE-2023-32324.patch deleted file mode 100644 index 40b89c9899..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2023-32324.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From 07cbffd11107eed3aaf1c64e35552aec20f792da Mon Sep 17 00:00:00 2001 | ||
2 | From: Zdenek Dohnal <zdohnal@redhat.com> | ||
3 | Date: Thu, 1 Jun 2023 12:04:00 +0200 | ||
4 | Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) | ||
5 | |||
6 | CVE: CVE-2023-32324 | ||
7 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/fd8bc2d32589] | ||
8 | |||
9 | (cherry picked from commit fd8bc2d32589d1fd91fe1c0521be2a7c0462109e) | ||
10 | Signed-off-by: Sanjay Chitroda <schitrod@cisco.com> | ||
11 | --- | ||
12 | cups/string.c | 4 ++++ | ||
13 | 1 file changed, 4 insertions(+) | ||
14 | |||
15 | diff --git a/cups/string.c b/cups/string.c | ||
16 | index 93cdad19..6ef58515 100644 | ||
17 | --- a/cups/string.c | ||
18 | +++ b/cups/string.c | ||
19 | @@ -1,6 +1,7 @@ | ||
20 | /* | ||
21 | * String functions for CUPS. | ||
22 | * | ||
23 | + * Copyright © 2023 by OpenPrinting. | ||
24 | * Copyright © 2007-2019 by Apple Inc. | ||
25 | * Copyright © 1997-2007 by Easy Software Products. | ||
26 | * | ||
27 | @@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ | ||
28 | size_t srclen; /* Length of source string */ | ||
29 | |||
30 | |||
31 | + if (size == 0) | ||
32 | + return (0); | ||
33 | + | ||
34 | /* | ||
35 | * Figure out how much room is needed... | ||
36 | */ | ||
diff --git a/meta/recipes-extended/cups/cups_2.4.2.bb b/meta/recipes-extended/cups/cups_2.4.6.bb index f5ca749bac..58029fdbd4 100644 --- a/meta/recipes-extended/cups/cups_2.4.2.bb +++ b/meta/recipes-extended/cups/cups_2.4.6.bb | |||
@@ -2,4 +2,4 @@ require cups.inc | |||
2 | 2 | ||
3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" | 3 | LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" |
4 | 4 | ||
5 | SRC_URI[sha256sum] = "f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908" | 5 | SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" |