cups: Backport fix for CVE-2023-32360 and CVE-2023-4504

Upstream commits: https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 & https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 (From OE-Core rev: d14dce8ba2a8b4bf05c7c5ea7292b0c2c327f088) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-10-03 09:07:59 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-10-13 05:47:07 -1000
commit: e3ae311c5f19cb96c37ddfa04d0f498db611a9b4 (patch)
tree: 8c1cbfea0ce45014c677ebb4930473c182d87fd7
parent: 278d77034e08df0d49860705aa72d91e4af73d61 (diff)
download: poky-e3ae311c5f19cb96c37ddfa04d0f498db611a9b4.tar.gz
3 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 1d2377486a..6cfe314f20 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -16,6 +16,8 @@ SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.t
           file://CVE-2022-26691.patch \
           file://CVE-2023-32324.patch \
           file://CVE-2023-34241.patch \
+           file://CVE-2023-32360.patch \
+           file://CVE-2023-4504.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
new file mode 100644
index 0000000000..4d39e1e57f
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -0,0 +1,31 @@
+From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Tue, 6 Dec 2022 09:04:01 -0500
+Subject: [PATCH] Require authentication for CUPS-Get-Document.
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913]
+CVE: CVE-2023-32360
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ conf/cupsd.conf.in | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
+index b258849078..a07536f3e4 100644
+--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
+@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
+     Order deny,allow
+   </Limit>
+ 
+-  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit CUPS-Get-Document>
+    AuthType Default
+     Require user @OWNER @SYSTEM
+     Order deny,allow
+   </Limit>
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
new file mode 100644
index 0000000000..be0db1fbd4
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,40 @@
+From a9a7daa77699bd58001c25df8a61a8029a217ddf Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 1 Sep 2023 16:47:29 +0200
+Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
+We didn't check for end of buffer if it looks there is an escaped
+character - check for NULL terminator there and if found, return NULL
+as return value and in `ptr`, because a lone backslash is not
+a valid PostScript character.
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31]
+CVE: CVE-2023-4504
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ cups/raster-interpret.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+--- a/cups/raster-interpret.c
+++ b/cups/raster-interpret.c
+@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st,            /* I  - S
+ 
+            cur ++;
+ 
+-            if (*cur == 'b')
+          /*
+           * Return NULL if we reached NULL terminator, a lone backslash
+            * is not a valid character in PostScript.
+           */
+
+           if (!*cur)
+           {
+             *ptr = NULL;
+
+             return (NULL);
+           }
+
+           if (*cur == 'b')
+              *valptr++ = '\b';
+            else if (*cur == 'f')
+              *valptr++ = '\f';
author	Vijay Anusuri <vanusuri@mvista.com>	2023-10-03 09:07:59 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-10-13 05:47:07 -1000
commit	e3ae311c5f19cb96c37ddfa04d0f498db611a9b4 (patch)
tree	8c1cbfea0ce45014c677ebb4930473c182d87fd7
parent	278d77034e08df0d49860705aa72d91e4af73d61 (diff)
download	poky-e3ae311c5f19cb96c37ddfa04d0f498db611a9b4.tar.gz

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 1d2377486a..6cfe314f20 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc
@@ -16,6 +16,8 @@ SRC_URI = "https://github.com/apple/cups/releases/download/v${PV}/${BP}-source.t
16	file://CVE-2022-26691.patch \	16	file://CVE-2022-26691.patch \
17	file://CVE-2023-32324.patch \	17	file://CVE-2023-32324.patch \
18	file://CVE-2023-34241.patch \	18	file://CVE-2023-34241.patch \
		19	file://CVE-2023-32360.patch \
		20	file://CVE-2023-4504.patch \
19	"	21	"
20		22
21	UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases"	23	UPSTREAM_CHECK_URI = "https://github.com/apple/cups/releases"


diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch new file mode 100644 index 0000000000..4d39e1e57f --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -0,0 +1,31 @@
		1	From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
		2	From: Michael R Sweet <michael.r.sweet@gmail.com>
		3	Date: Tue, 6 Dec 2022 09:04:01 -0500
		4	Subject: [PATCH] Require authentication for CUPS-Get-Document.
		5
		6	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913]
		7	CVE: CVE-2023-32360
		8	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		9	---
		10	conf/cupsd.conf.in \| 8 +++++++-
		11	1 file changed, 7 insertions(+), 1 deletion(-)
		12
		13	diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
		14	index b258849078..a07536f3e4 100644
		15	--- a/conf/cupsd.conf.in
		16	+++ b/conf/cupsd.conf.in
		17	@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
		18	Order deny,allow
		19	</Limit>
		20
		21	- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
		22	+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
		23	+ Require user @OWNER @SYSTEM
		24	+ Order deny,allow
		25	+ </Limit>
		26	+
		27	+ <Limit CUPS-Get-Document>
		28	+ AuthType Default
		29	Require user @OWNER @SYSTEM
		30	Order deny,allow
		31	</Limit>


diff --git a/meta/recipes-extended/cups/cups/CVE-2023-4504.patch b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch new file mode 100644 index 0000000000..be0db1fbd4 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-4504.patch
@@ -0,0 +1,40 @@
		1	From a9a7daa77699bd58001c25df8a61a8029a217ddf Mon Sep 17 00:00:00 2001
		2	From: Zdenek Dohnal <zdohnal@redhat.com>
		3	Date: Fri, 1 Sep 2023 16:47:29 +0200
		4	Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
		5
		6	We didn't check for end of buffer if it looks there is an escaped
		7	character - check for NULL terminator there and if found, return NULL
		8	as return value and in `ptr`, because a lone backslash is not
		9	a valid PostScript character.
		10
		11	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31]
		12	CVE: CVE-2023-4504
		13	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		14	---
		15	cups/raster-interpret.c \| 14 +++++++++++++-
		16	1 file changed, 13 insertions(+), 1 deletion(-)
		17
		18	--- a/cups/raster-interpret.c
		19	+++ b/cups/raster-interpret.c
		20	@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t st, / I - S
		21
		22	cur ++;
		23
		24	- if (*cur == 'b')
		25	+ /*
		26	+ * Return NULL if we reached NULL terminator, a lone backslash
		27	+ * is not a valid character in PostScript.
		28	+ */
		29	+
		30	+ if (!*cur)
		31	+ {
		32	+ *ptr = NULL;
		33	+
		34	+ return (NULL);
		35	+ }
		36	+
		37	+ if (*cur == 'b')
		38	*valptr++ = '\b';
		39	else if (*cur == 'f')
		40	*valptr++ = '\f';