diff --git a/backport-CVE-2023-4504.patch b/backport-CVE-2023-4504.patch new file mode 100644 index 0000000..816afd4 --- /dev/null +++ b/backport-CVE-2023-4504.patch @@ -0,0 +1,44 @@ +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. + +Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 +Conflict:Unmodified CHANGES.md + +--- + filter/interpret.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/filter/interpret.c b/filter/interpret.c +index 031b1d5..191e759 100644 +--- a/filter/interpret.c ++++ b/filter/interpret.c +@@ -1117,7 +1117,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; +-- +2.27.0 \ No newline at end of file diff --git a/cups.spec b/cups.spec index 5e712c3..001be7e 100644 --- a/cups.spec +++ b/cups.spec @@ -1,7 +1,7 @@ Name: cups Epoch: 1 Version: 2.2.13 -Release: 17 +Release: 19 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: GPLv2+ and LGPLv2+ with exceptions and AML Url: http://www.cups.org/ @@ -40,7 +40,9 @@ Patch6002: backport-CVE-2022-26691.patch Patch6003: CVE-2019-8842.patch Patch6004: backport-CVE-2023-32324.patch Patch6005: fix-httpAddrGetList-test-case-fail.patch -Patch6006: backport-CVE-2023-34241.patch +Patch6006: fix-verifying-that-history-still-exists-test-case-fail.patch +Patch6007: backport-CVE-2023-34241.patch +Patch6008: backport-CVE-2023-4504.patch Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat @@ -335,6 +337,12 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Fri Sep 22 2023 zhouwenpei - 1:2.2.13-19 +- fix CVE-2023-4504 + +* Mon Jun 26 2023 zhangpan - 1:2.2.13-18 +- fix test case fail + * Mon Jun 26 2023 zhouwenpei - 1:2.2.13-17 - fix CVE-2023-34241 diff --git a/fix-verifying-that-history-still-exists-test-case-fail.patch b/fix-verifying-that-history-still-exists-test-case-fail.patch new file mode 100644 index 0000000..a7d4f6e --- /dev/null +++ b/fix-verifying-that-history-still-exists-test-case-fail.patch @@ -0,0 +1,25 @@ +From 033bc4df3a58022b93e1cef8387b04d08dddd1fe Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Sat, 28 Nov 2020 08:43:46 -0500 +Subject: [PATCH] Force a 5 second sleep to wait for the job control file to be + written. + +Reference:https://github.com/OpenPrinting/cups/commit/033bc4df3a58022b93e1cef8387b04d08dddd1fe +Conflict:NA + +--- + test/run-stp-tests.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh +index d93388408a..4498a8c103 100755 +--- a/test/run-stp-tests.sh ++++ b/test/run-stp-tests.sh +@@ -845,6 +845,7 @@ else + echo "PASS" + echo " PASSED" >>$strfile + ++ sleep 5 + ./waitjobs.sh >>$strfile + + echo $ac_n "Verifying that history still exists: $ac_c"