summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cups
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2023-09-27 18:33:36 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-09-28 12:37:47 +0100
commit83b4083fdc15c39fe2a4527ea8f1c0d88001cc40 (patch)
tree6bb35e7604bb4c915b9f7c0486777d80cd29b622 /meta/recipes-extended/cups
parent65ad609bd75c4ae9e4c79a22a22e15a74a76f6c0 (diff)
downloadpoky-83b4083fdc15c39fe2a4527ea8f1c0d88001cc40.tar.gz
cups: fix CVE-2023-4504
(From OE-Core rev: d359aae352279f865f7dce33be293c3d26623737) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/cups')
-rw-r--r--meta/recipes-extended/cups/cups.inc1
-rw-r--r--meta/recipes-extended/cups/cups/CVE-2023-4504.patch42
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 36feaddcf8..fa32c38549 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -15,6 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
15 file://0004-cups-fix-multilib-install-file-conflicts.patch \ 15 file://0004-cups-fix-multilib-install-file-conflicts.patch \
16 file://volatiles.99_cups \ 16 file://volatiles.99_cups \
17 file://cups-volatiles.conf \ 17 file://cups-volatiles.conf \
18 file://CVE-2023-4504.patch \
18 " 19 "
19 20
20GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" 21GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 0000000000..e52e43a209
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,42 @@
1CVE: CVE-2023-4504
2Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ]
3Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
4
5From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
6From: Zdenek Dohnal <zdohnal@redhat.com>
7Date: Wed, 20 Sep 2023 14:45:17 +0200
8Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
9
10We didn't check for end of buffer if it looks there is an escaped
11character - check for NULL terminator there and if found, return NULL
12as return value and in `ptr`, because a lone backslash is not
13a valid PostScript character.
14---
15 cups/raster-interpret.c | 14 +++++++++++++-
16 1 files changed, 13 insertions(+), 1 deletion(-)
17
18diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
19index 6fcf731b5..b8655c8c6 100644
20--- a/cups/raster-interpret.c
21+++ b/cups/raster-interpret.c
22@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
23
24 cur ++;
25
26- if (*cur == 'b')
27+ /*
28+ * Return NULL if we reached NULL terminator, a lone backslash
29+ * is not a valid character in PostScript.
30+ */
31+
32+ if (!*cur)
33+ {
34+ *ptr = NULL;
35+
36+ return (NULL);
37+ }
38+
39+ if (*cur == 'b')
40 *valptr++ = '\b';
41 else if (*cur == 'f')
42 *valptr++ = '\f';