packages/cups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!120 fix CVE-2023-4504

Browse Source 
From: @zhouwenpei 
Reviewed-by: @leeffo 
Signed-off-by: @leeffo
This commit is contained in:
openeuler-ci-bot 2023-09-25 08:28:15 +00:00 committed by Gitee
commit 66889e64d0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
backport-CVE-2023-4504.patch Normal file
View File

@ -0,0 +1,44 @@
From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 20 Sep 2023 14:45:17 +0200
Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
We didn't check for end of buffer if it looks there is an escaped
character - check for NULL terminator there and if found, return NULL
as return value and in `ptr`, because a lone backslash is not
a valid PostScript character.
Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
Conflict:Patch context adaptation
---
cups/raster-interpret.c | 14 +++++++++++++-
1 files changed, 14 insertions(+)
diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
index 6fcf731b5..b8655c8c6 100644
--- a/cups/raster-interpret.c
+++ b/cups/raster-interpret.c
@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */
cur ++;
- if (*cur == 'b')
+ /*
+ * Return NULL if we reached NULL terminator, a lone backslash
+ * is not a valid character in PostScript.
+ */
+
+ if (!*cur)
+ {
+ *ptr = NULL;
+
+ return (NULL);
+ }
+
+ if (*cur == 'b')
*valptr++ = '\b';
else if (*cur == 'f')
*valptr++ = '\f';

6
cups.spec
View File

@ -3,7 +3,7 @@
Name: cups
Epoch: 1
Version: 2.4.0
Release: 9
Release: 10
Summary: CUPS is the standards-based, open source printing system for linux operating systems.
License: Apache-2.0
Url: https://openprinting.github.io/cups/
@ -30,6 +30,7 @@ Patch6002: backport-Also-fix-cupsfilter.patch
Patch6003: backport-CVE-2023-32324.patch
Patch6004: fix-httpAddrGetList-test-case-fail.patch
Patch6005: backport-CVE-2023-34241.patch
Patch6006: backport-CVE-2023-4504.patch
BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0)
BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups
@ -451,6 +452,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb
%doc %{_datadir}/%{name}/www/apple-touch-icon.png
%changelog
* Fri Sep 22 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 1:2.4.0-10
- fix CVE-2023-4504
* Thu Aug 3 2023 dongjinguang <dongjinguang@huawei.com> - 1:2.4.0-9
- DESC: The license is changed to Apache V2.0