From 35fa9488cb768bb6d94f69268678e3d5b61dd237 Mon Sep 17 00:00:00 2001 From: Markus Volk Date: Mon, 13 Nov 2023 21:31:57 +0100 Subject: cups: Upgrade 2.4.6 -> 2.4.7 - enable tls by default to fix: | hash.c:16:12: fatal error: gnutls/crypto.h: No such file or directory | 16 | # include Changes in CUPS v2.4.7 (2023-09-20) ----------------------------------- - CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files - Added OpenSSL support for cupsHashData (Issue #762) - Fixed delays in lpd backend (Issue #741) - Fixed extensive logging in scheduler (Issue #604) - Fixed hanging of `lpstat` on IBM AIX (Issue #773) - Fixed hanging of `lpstat` on Solaris (Issue #156) - Fixed printing to stderr if we can't open cups-files.conf (Issue #777) - Fixed purging job files via `cancel -x` (Issue #742) - Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) - Fixed a bug in the PPD command interpretation code (Issue #768) (From OE-Core rev: 0e33d6fc646e76390e5bf8a0f7b38bd15c83729c) Signed-off-by: Markus Volk Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-extended/cups/cups.inc | 8 +++-- .../recipes-extended/cups/cups/CVE-2023-4504.patch | 42 ---------------------- meta/recipes-extended/cups/cups_2.4.6.bb | 5 --- meta/recipes-extended/cups/cups_2.4.7.bb | 5 +++ 4 files changed, 10 insertions(+), 50 deletions(-) delete mode 100644 meta/recipes-extended/cups/cups/CVE-2023-4504.patch delete mode 100644 meta/recipes-extended/cups/cups_2.4.6.bb create mode 100644 meta/recipes-extended/cups/cups_2.4.7.bb diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index fa32c38549..ff5f55e62a 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -15,7 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ - file://CVE-2023-4504.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" @@ -38,10 +37,13 @@ GROUPADD_PARAM:${PN} = "--system lpadmin" SYSTEMD_SERVICE:${PN} = "cups.socket cups.path cups.service cups-lpd.socket" PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', '', d)} \ - ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}" + ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)} \ + openssl \ +" PACKAGECONFIG[avahi] = "--with-dnssd=avahi,--with-dnssd=no,avahi" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl" -PACKAGECONFIG[gnutls] = "--with-tls=gnutls,--with-tls=no,gnutls" +PACKAGECONFIG[gnutls] = "--with-tls=gnutls,,gnutls,,,openssl" +PACKAGECONFIG[openssl] = "--with-tls=openssl,,openssl,,,gnutls" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch deleted file mode 100644 index e52e43a209..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch +++ /dev/null @@ -1,42 +0,0 @@ -CVE: CVE-2023-4504 -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 ] -Signed-off-by: Lee Chee Yang - -From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Wed, 20 Sep 2023 14:45:17 +0200 -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 - -We didn't check for end of buffer if it looks there is an escaped -character - check for NULL terminator there and if found, return NULL -as return value and in `ptr`, because a lone backslash is not -a valid PostScript character. ---- - cups/raster-interpret.c | 14 +++++++++++++- - 1 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c -index 6fcf731b5..b8655c8c6 100644 ---- a/cups/raster-interpret.c -+++ b/cups/raster-interpret.c -@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ - - cur ++; - -- if (*cur == 'b') -+ /* -+ * Return NULL if we reached NULL terminator, a lone backslash -+ * is not a valid character in PostScript. -+ */ -+ -+ if (!*cur) -+ { -+ *ptr = NULL; -+ -+ return (NULL); -+ } -+ -+ if (*cur == 'b') - *valptr++ = '\b'; - else if (*cur == 'f') - *valptr++ = '\f'; diff --git a/meta/recipes-extended/cups/cups_2.4.6.bb b/meta/recipes-extended/cups/cups_2.4.6.bb deleted file mode 100644 index 58029fdbd4..0000000000 --- a/meta/recipes-extended/cups/cups_2.4.6.bb +++ /dev/null @@ -1,5 +0,0 @@ -require cups.inc - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI[sha256sum] = "58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262" diff --git a/meta/recipes-extended/cups/cups_2.4.7.bb b/meta/recipes-extended/cups/cups_2.4.7.bb new file mode 100644 index 0000000000..f4b0282e4c --- /dev/null +++ b/meta/recipes-extended/cups/cups_2.4.7.bb @@ -0,0 +1,5 @@ +require cups.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI[sha256sum] = "dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c" -- cgit v1.2.3-54-g00ecf