diff --git a/backport-CVE-2023-4504.patch b/backport-CVE-2023-4504.patch new file mode 100644 index 0000000000000000000000000000000000000000..e254746c5658e21862e3406725bd6181b5891a94 --- /dev/null +++ b/backport-CVE-2023-4504.patch @@ -0,0 +1,44 @@ +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. + +Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 +Conflict:Patch context adaptation + +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 files changed, 14 insertions(+) + +diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c +index 6fcf731b5..b8655c8c6 100644 +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; + + diff --git a/cups.spec b/cups.spec index cdd368a209eba4ebcfa039628b43dd4fa38d5c88..28a832a9068c1178ff9f4376917f4751811a2bc9 100644 --- a/cups.spec +++ b/cups.spec @@ -3,7 +3,7 @@ Name: cups Epoch: 1 Version: 2.4.0 -Release: 9 +Release: 10 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: Apache-2.0 WITH LLVM-exception Url: https://openprinting.github.io/cups/ @@ -30,6 +30,7 @@ Patch6002: backport-Also-fix-cupsfilter.patch Patch6003: backport-CVE-2023-32324.patch Patch6004: fix-httpAddrGetList-test-case-fail.patch Patch6005: backport-CVE-2023-34241.patch +Patch6006: backport-CVE-2023-4504.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups @@ -451,6 +452,9 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 +- fix CVE-2023-4504 + * Wed Jul 19 2023 haomimi - 1:2.4.0-9 - DESC:The license is changed to apache 2.0