diff options
author | Sam James <sam@gentoo.org> | 2024-09-26 23:12:07 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-09-26 23:12:07 +0100 |
commit | 429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4 (patch) | |
tree | e31dc4aea92c8227650159db05d01f8dbc1ce308 | |
parent | net-print/libppd: add CVE-2024-47175 patch (diff) | |
download | gentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.tar.gz gentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.tar.bz2 gentoo-429f7f1f7ec1dd9e83c4b556e829f95f9e8c50f4.zip |
net-print/libcupsfilters: add 2.1_beta1
Similar rationale to 7eba3af91f1fd96ebb7491890479e7aef6c649ac in terms
of why a beta.
Bug: https://bugs.gentoo.org/940312
Bug: https://bugs.gentoo.org/940311
Bug: https://bugs.gentoo.org/940313
Bug: https://bugs.gentoo.org/940314
Bug: https://bugs.gentoo.org/940315
Bug: https://bugs.gentoo.org/940316
Signed-off-by: Sam James <sam@gentoo.org>
3 files changed, 107 insertions, 0 deletions
diff --git a/net-print/libcupsfilters/Manifest b/net-print/libcupsfilters/Manifest index 9145aecf6f6d..0ebcb3991370 100644 --- a/net-print/libcupsfilters/Manifest +++ b/net-print/libcupsfilters/Manifest @@ -1 +1,2 @@ DIST libcupsfilters-2.0.0.tar.xz 1279856 BLAKE2B ce9d839bb700017c303c1301c7a97fd02e3657a908e685377be49557d995574a7fc5a31d4fcbda5eeb9ba2d3cd07858224540dbf0bc9fa078cfd25a58ee15a41 SHA512 279bff6dcfa76312b10dae97480914345defd90eab79c4716d4553870f73e0f9db404786fd7e2948a86ae5aedb10dca0c2984ccb4222acbd4e835cd572030d6a +DIST libcupsfilters-2.1b1.tar.xz 1443976 BLAKE2B 043174e47c6c5de5393cfb4d6f41e3839646932cff42cf677319b2ea22fe8408fbf1d1edfb3b99c1d2c36916a92993069a40ed5f75552d47d88300e283b6aa84 SHA512 5b0cd2472f54188dda13b091f82b257ba926e12065c225ddbde9cab97597baa6d855f09d7352b7d7ee4af8416fc9c3ddb3c75e0c6a0a201b366d047abe47ecef diff --git a/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch b/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch new file mode 100644 index 000000000000..016d086ea2b1 --- /dev/null +++ b/net-print/libcupsfilters/files/libcupsfilters-2.1_beta1-CVE-2024-47076.patch @@ -0,0 +1,31 @@ +https://bugs.gentoo.org/940313 +https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018 + +From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal <zdohnal@redhat.com> +Date: Thu, 26 Sep 2024 23:09:29 +0200 +Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes + before return + +The destination can be corrupted or forged, so validate the response +to strenghten security measures. + +Fixes CVE-2024-47076 +--- a/cupsfilters/ipp.c ++++ b/cupsfilters/ipp.c +@@ -404,6 +404,14 @@ cfGetPrinterAttributes5(http_t *http_printer, + ippDelete(response2); + } + } ++ ++ // Check if the response is valid ++ if (!ippValidateAttributes(response)) ++ { ++ ippDelete(response); ++ response = NULL; ++ } ++ + if (have_http == 0) httpClose(http_printer); + if (uri) free(uri); + return (response); + diff --git a/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild b/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild new file mode 100644 index 000000000000..6fc8a01f0022 --- /dev/null +++ b/net-print/libcupsfilters/libcupsfilters-2.1_beta1.ebuild @@ -0,0 +1,75 @@ +# Copyright 2023-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit libtool + +DESCRIPTION="library for developing printing features, split out of cups-filters" +HOMEPAGE="https://github.com/OpenPrinting/libcupsfilters" +SRC_URI="https://github.com/OpenPrinting/libcupsfilters/releases/download/${PV/_beta/b}/${P/_beta/b}.tar.xz" +S="${WORKDIR}"/${P/_beta/b} + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="dbus exif jpeg pdf +poppler +postscript png test tiff" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=app-text/qpdf-8.3.0:= + media-libs/fontconfig + media-libs/lcms:2 + >=net-print/cups-2 + !<net-print/cups-filters-2.0.0 + + exif? ( media-libs/libexif ) + dbus? ( sys-apps/dbus ) + jpeg? ( media-libs/libjpeg-turbo:= ) + pdf? ( app-text/mupdf ) + postscript? ( app-text/ghostscript-gpl[cups] ) + poppler? ( >=app-text/poppler-0.32:=[cxx] ) + png? ( media-libs/libpng:= ) + tiff? ( media-libs/tiff:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + >=sys-devel/gettext-0.18.3 + virtual/pkgconfig + test? ( media-fonts/dejavu ) +" + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2024-47076.patch +) + +src_prepare() { + default + + # respect --as-needed + elibtoolize +} + +src_configure() { + local myeconfargs=( + --enable-imagefilters + --localstatedir="${EPREFIX}"/var + --with-cups-rundir="${EPREFIX}"/run/cups + + $(use_enable exif) + $(use_enable dbus) + $(use_enable poppler) + $(use_enable postscript ghostscript) + $(use_enable pdf mutool) + $(use_with jpeg) + $(use_with png) + $(use_with tiff) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die +} |