diff options
| author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-09-27 18:33:36 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-28 12:37:47 +0100 |
| commit | 83b4083fdc15c39fe2a4527ea8f1c0d88001cc40 (patch) | |
| tree | 6bb35e7604bb4c915b9f7c0486777d80cd29b622 | |
| parent | 65ad609bd75c4ae9e4c79a22a22e15a74a76f6c0 (diff) | |
| download | poky-83b4083fdc15c39fe2a4527ea8f1c0d88001cc40.tar.gz | |
cups: fix CVE-2023-4504
(From OE-Core rev: d359aae352279f865f7dce33be293c3d26623737)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/cups/cups.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2023-4504.patch | 42 |
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 36feaddcf8..fa32c38549 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc | |||
| @@ -15,6 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ | |||
| 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ | 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ |
| 16 | file://volatiles.99_cups \ | 16 | file://volatiles.99_cups \ |
| 17 | file://cups-volatiles.conf \ | 17 | file://cups-volatiles.conf \ |
| 18 | file://CVE-2023-4504.patch \ | ||
| 18 | " | 19 | " |
| 19 | 20 | ||
| 20 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" | 21 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" |
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch new file mode 100644 index 0000000000..e52e43a209 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch | |||
| @@ -0,0 +1,42 @@ | |||
| 1 | CVE: CVE-2023-4504 | ||
| 2 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] | ||
| 3 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
| 4 | |||
| 5 | From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 | ||
| 6 | From: Zdenek Dohnal <zdohnal@redhat.com> | ||
| 7 | Date: Wed, 20 Sep 2023 14:45:17 +0200 | ||
| 8 | Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 | ||
| 9 | |||
| 10 | We didn't check for end of buffer if it looks there is an escaped | ||
| 11 | character - check for NULL terminator there and if found, return NULL | ||
| 12 | as return value and in `ptr`, because a lone backslash is not | ||
| 13 | a valid PostScript character. | ||
| 14 | --- | ||
| 15 | cups/raster-interpret.c | 14 +++++++++++++- | ||
| 16 | 1 files changed, 13 insertions(+), 1 deletion(-) | ||
| 17 | |||
| 18 | diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c | ||
| 19 | index 6fcf731b5..b8655c8c6 100644 | ||
| 20 | --- a/cups/raster-interpret.c | ||
| 21 | +++ b/cups/raster-interpret.c | ||
| 22 | @@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ | ||
| 23 | |||
| 24 | cur ++; | ||
| 25 | |||
| 26 | - if (*cur == 'b') | ||
| 27 | + /* | ||
| 28 | + * Return NULL if we reached NULL terminator, a lone backslash | ||
| 29 | + * is not a valid character in PostScript. | ||
| 30 | + */ | ||
| 31 | + | ||
| 32 | + if (!*cur) | ||
| 33 | + { | ||
| 34 | + *ptr = NULL; | ||
| 35 | + | ||
| 36 | + return (NULL); | ||
| 37 | + } | ||
| 38 | + | ||
| 39 | + if (*cur == 'b') | ||
| 40 | *valptr++ = '\b'; | ||
| 41 | else if (*cur == 'f') | ||
| 42 | *valptr++ = '\f'; | ||