All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/cups: bump to version 2.4.7
@ 2023-12-30 16:58 Fabrice Fontaine
  2023-12-30 18:01 ` Thomas Petazzoni via buildroot
  0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2023-12-30 16:58 UTC (permalink / raw)
  To: buildroot; +Cc: Olivier Schonken, Angelo Compagnucci, Fabrice Fontaine

Drop fifth patch (already in version)

https://github.com/OpenPrinting/cups/releases/tag/v2.4.7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...raster-interpret.c-Fix-CVE-2023-4504.patch | 45 -------------------
 package/cups/cups.hash                        |  2 +-
 package/cups/cups.mk                          |  5 +--
 3 files changed, 2 insertions(+), 50 deletions(-)
 delete mode 100644 package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch

diff --git a/package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch b/package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch
deleted file mode 100644
index d1dff4e1fa..0000000000
--- a/package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Wed, 20 Sep 2023 14:45:17 +0200
-Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
-
-We didn't check for end of buffer if it looks there is an escaped
-character - check for NULL terminator there and if found, return NULL
-as return value and in `ptr`, because a lone backslash is not
-a valid PostScript character.
-
-Upstream: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
-[Peter: drop CHANGES hunk]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- cups/raster-interpret.c | 14 +++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
-index 6fcf731b5..b8655c8c6 100644
---- a/cups/raster-interpret.c
-+++ b/cups/raster-interpret.c
-@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
- 
- 	    cur ++;
- 
--            if (*cur == 'b')
-+	   /*
-+	    * Return NULL if we reached NULL terminator, a lone backslash
-+	    * is not a valid character in PostScript.
-+	    */
-+
-+	    if (!*cur)
-+	    {
-+	      *ptr = NULL;
-+
-+	      return (NULL);
-+	    }
-+
-+	    if (*cur == 'b')
- 	      *valptr++ = '\b';
- 	    else if (*cur == 'f')
- 	      *valptr++ = '\f';
--- 
-2.30.2
-
diff --git a/package/cups/cups.hash b/package/cups/cups.hash
index 501d8c12a6..2d7bbf1aa9 100644
--- a/package/cups/cups.hash
+++ b/package/cups/cups.hash
@@ -1,4 +1,4 @@
 # Locally calculated:
-sha256  58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262  cups-2.4.6-source.tar.gz
+sha256  dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c  cups-2.4.7-source.tar.gz
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
 sha256  5320b6e3c252423e4153eb2dd63e57e3b630afb21139f44e43b02d85fe33e279  NOTICE
diff --git a/package/cups/cups.mk b/package/cups/cups.mk
index 4bc5eeedee..2ad5eeb5cf 100644
--- a/package/cups/cups.mk
+++ b/package/cups/cups.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CUPS_VERSION = 2.4.6
+CUPS_VERSION = 2.4.7
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
@@ -13,9 +13,6 @@ CUPS_CPE_ID_VENDOR = openprinting
 CUPS_SELINUX_MODULES = cups
 CUPS_INSTALL_STAGING = YES
 
-# 0005-raster-interpret.c-Fix-CVE-2023-4504.patch
-CUPS_IGNORE_CVES += CVE-2023-4504
-
 # Using autoconf, not autoheader, so we cannot use AUTORECONF = YES.
 define CUPS_RUN_AUTOCONF
 	cd $(@D); $(AUTOCONF) -f
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/cups: bump to version 2.4.7
  2023-12-30 16:58 [Buildroot] [PATCH 1/1] package/cups: bump to version 2.4.7 Fabrice Fontaine
@ 2023-12-30 18:01 ` Thomas Petazzoni via buildroot
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-12-30 18:01 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Olivier Schonken, Angelo Compagnucci, buildroot

On Sat, 30 Dec 2023 17:58:08 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Drop fifth patch (already in version)
> 
> https://github.com/OpenPrinting/cups/releases/tag/v2.4.7
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  ...raster-interpret.c-Fix-CVE-2023-4504.patch | 45 -------------------
>  package/cups/cups.hash                        |  2 +-
>  package/cups/cups.mk                          |  5 +--
>  3 files changed, 2 insertions(+), 50 deletions(-)
>  delete mode 100644 package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-12-30 18:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-30 16:58 [Buildroot] [PATCH 1/1] package/cups: bump to version 2.4.7 Fabrice Fontaine
2023-12-30 18:01 ` Thomas Petazzoni via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.