2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 87f220590f..4d0c52eab8 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
           file://cups-volatiles.conf \
           file://CVE-2023-32324.patch \
           file://CVE-2023-34241.patch \
+           file://CVE-2023-32360.patch \
           "
 UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
new file mode 100644
index 0000000000..f1b0f9f918
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -0,0 +1,35 @@
+From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Thu, 14 Sep 2023 09:16:45 +0000
+Subject: [PATCH] Require authentication for CUPS-Get-Document.
+CVE: CVE-2023-32360
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913]
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ conf/cupsd.conf.in | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
+index b258849..08f5070 100644
+--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
+@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
+     Order deny,allow
+   </Limit>
+-  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit CUPS-Get-Document>
+    AuthType Defaul
+     Require user @OWNER @SYSTEM
+     Order deny,allow
+   </Limit>
+--
+2.35.5

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 87f220590f..4d0c52eab8 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
17	file://cups-volatiles.conf \	17	file://cups-volatiles.conf \
18	file://CVE-2023-32324.patch \	18	file://CVE-2023-32324.patch \
19	file://CVE-2023-34241.patch \	19	file://CVE-2023-34241.patch \
		20	file://CVE-2023-32360.patch \
20	"	21	"
21		22
22	UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"	23	UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"


diff --git a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch new file mode 100644 index 0000000000..f1b0f9f918 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -0,0 +1,35 @@
		1	From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
		2	From: Michael R Sweet <michael.r.sweet@gmail.com>
		3	Date: Thu, 14 Sep 2023 09:16:45 +0000
		4	Subject: [PATCH] Require authentication for CUPS-Get-Document.
		5
		6	CVE: CVE-2023-32360
		7
		8	Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913]
		9
		10	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
		11	---
		12	conf/cupsd.conf.in \| 8 +++++++-
		13	1 file changed, 7 insertions(+), 1 deletion(-)
		14
		15	diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
		16	index b258849..08f5070 100644
		17	--- a/conf/cupsd.conf.in
		18	+++ b/conf/cupsd.conf.in
		19	@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
		20	Order deny,allow
		21	</Limit>
		22
		23	- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
		24	+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
		25	+ Require user @OWNER @SYSTEM
		26	+ Order deny,allow
		27	+ </Limit>
		28	+
		29	+ <Limit CUPS-Get-Document>
		30	+ AuthType Defaul
		31	Require user @OWNER @SYSTEM
		32	Order deny,allow
		33	</Limit>
		34	--
		35	2.35.5