From 466dc626fbce641881be13d214a927be05635fed Mon Sep 17 00:00:00 2001 From: psykose Date: Fri, 27 Sep 2024 01:09:22 +0200 Subject: [PATCH] main/libcupsfilters: backport cve patch --- main/libcupsfilters/patches/cve.patch | 33 +++++++++++++++++++++++++++ main/libcupsfilters/template.py | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 main/libcupsfilters/patches/cve.patch diff --git a/main/libcupsfilters/patches/cve.patch b/main/libcupsfilters/patches/cve.patch new file mode 100644 index 0000000000..8cb73bca44 --- /dev/null +++ b/main/libcupsfilters/patches/cve.patch @@ -0,0 +1,33 @@ +From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 Sep 2024 23:09:29 +0200 +Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes + before return + +The destination can be corrupted or forged, so validate the response +to strenghten security measures. + +Fixes CVE-2024-47076 +--- + cupsfilters/ipp.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c +index 8d6a9b3d..db10cb3f 100644 +--- a/cupsfilters/ipp.c ++++ b/cupsfilters/ipp.c +@@ -404,6 +404,14 @@ cfGetPrinterAttributes5(http_t *http_printer, + ippDelete(response2); + } + } ++ ++ // Check if the response is valid ++ if (!ippValidateAttributes(response)) ++ { ++ ippDelete(response); ++ response = NULL; ++ } ++ + if (have_http == 0) httpClose(http_printer); + if (uri) free(uri); + return (response); diff --git a/main/libcupsfilters/template.py b/main/libcupsfilters/template.py index 08683b59d0..7a59c8cbc7 100644 --- a/main/libcupsfilters/template.py +++ b/main/libcupsfilters/template.py @@ -1,6 +1,6 @@ pkgname = "libcupsfilters" pkgver = "2.0.0" -pkgrel = 1 +pkgrel = 2 build_style = "gnu_configure" configure_args = [ # TODO mupdf deptree