summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2024-09-26 23:12:07 +0100
committerSam James <sam@gentoo.org>2024-09-26 23:12:07 +0100
commit429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4 (patch)
treee31dc4aea92c8227650159db05d01f8dbc1ce308
parentnet-print/libppd: add CVE-2024-47175 patch (diff)
downloadgentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.tar.gz
gentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.tar.bz2
gentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.zip
net-print/libcupsfilters: add 2.1_beta1
Similar rationale to 7eba3af91f1fd96ebb7491890479e7aef6c649ac in terms of why a beta. Bug: https://bugs.gentoo.org/940312 Bug: https://bugs.gentoo.org/940311 Bug: https://bugs.gentoo.org/940313 Bug: https://bugs.gentoo.org/940314 Bug: https://bugs.gentoo.org/940315 Bug: https://bugs.gentoo.org/940316 Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r--net-print/libcupsfilters/Manifest1
-rw-r--r--net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch31
-rw-r--r--net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild75
3 files changed, 107 insertions, 0 deletions
diff --git a/net-print/libcupsfilters/Manifest b/net-print/libcupsfilters/Manifest
index 9145aecf6f6d..0ebcb3991370 100644
--- a/net-print/libcupsfilters/Manifest
+++ b/net-print/libcupsfilters/Manifest
@@ -1 +1,2 @@
DIST libcupsfilters-2.0.0.tar.xz 1279856 BLAKE2B ce9d839bb700017c303c1301c7a97fd02e3657a908e685377be49557d995574a7fc5a31d4fcbda5eeb9ba2d3cd07858224540dbf0bc9fa078cfd25a58ee15a41 SHA512 279bff6dcfa76312b10dae97480914345defd90eab79c4716d4553870f73e0f9db404786fd7e2948a86ae5aedb10dca0c2984ccb4222acbd4e835cd572030d6a
+DIST libcupsfilters-2.1b1.tar.xz 1443976 BLAKE2B 043174e47c6c5de5393cfb4d6f41e3839646932cff42cf677319b2ea22fe8408fbf1d1edfb3b99c1d2c36916a92993069a40ed5f75552d47d88300e283b6aa84 SHA512 5b0cd2472f54188dda13b091f82b257ba926e12065c225ddbde9cab97597baa6d855f09d7352b7d7ee4af8416fc9c3ddb3c75e0c6a0a201b366d047abe47ecef
diff --git a/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch b/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch
new file mode 100644
index 000000000000..016d086ea2b1
--- /dev/null
+++ b/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch
@@ -0,0 +1,31 @@
+https://bugs.gentoo.org/940313
+https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
+
+From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 Sep 2024 23:09:29 +0200
+Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
+ before return
+
+The destination can be corrupted or forged, so validate the response
+to strenghten security measures.
+
+Fixes CVE-2024-47076
+--- a/cupsfilters/ipp.c
++++ b/cupsfilters/ipp.c
+@@ -404,6 +404,14 @@ cfGetPrinterAttributes5(http_t *http_printer,
+ ippDelete(response2);
+ }
+ }
++
++ // Check if the response is valid
++ if (!ippValidateAttributes(response))
++ {
++ ippDelete(response);
++ response = NULL;
++ }
++
+ if (have_http == 0) httpClose(http_printer);
+ if (uri) free(uri);
+ return (response);
+
diff --git a/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild b/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild
new file mode 100644
index 000000000000..6fc8a01f0022
--- /dev/null
+++ b/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild
@@ -0,0 +1,75 @@
+# Copyright 2023-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit libtool
+
+DESCRIPTION="library for developing printing features, split out of cups-filters"
+HOMEPAGE="https://github.com/OpenPrinting/libcupsfilters"
+SRC_URI="https://github.com/OpenPrinting/libcupsfilters/releases/download/${PV/_beta/b}/${P/_beta/b}.tar.xz"
+S="${WORKDIR}"/${P/_beta/b}
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="dbus exif jpeg pdf +poppler +postscript png test tiff"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ >=app-text/qpdf-8.3.0:=
+ media-libs/fontconfig
+ media-libs/lcms:2
+ >=net-print/cups-2
+ !<net-print/cups-filters-2.0.0
+
+ exif? ( media-libs/libexif )
+ dbus? ( sys-apps/dbus )
+ jpeg? ( media-libs/libjpeg-turbo:= )
+ pdf? ( app-text/mupdf )
+ postscript? ( app-text/ghostscript-gpl[cups] )
+ poppler? ( >=app-text/poppler-0.32:=[cxx] )
+ png? ( media-libs/libpng:= )
+ tiff? ( media-libs/tiff:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ >=sys-devel/gettext-0.18.3
+ virtual/pkgconfig
+ test? ( media-fonts/dejavu )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-CVE-2024-47076.patch
+)
+
+src_prepare() {
+ default
+
+ # respect --as-needed
+ elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --enable-imagefilters
+ --localstatedir="${EPREFIX}"/var
+ --with-cups-rundir="${EPREFIX}"/run/cups
+
+ $(use_enable exif)
+ $(use_enable dbus)
+ $(use_enable poppler)
+ $(use_enable postscript ghostscript)
+ $(use_enable pdf mutool)
+ $(use_with jpeg)
+ $(use_with png)
+ $(use_with tiff)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+}