[notify] libcupsfilters: added fix for CVE-2024-47076

2024-10-03 12:38:26 +02:00 · 2024-10-03 12:38:26 +02:00 · ba5f35f74e
commit ba5f35f74e
parent 59be788f4d
3 changed files with 41 additions and 4 deletions
--- a/libcupsfilters/.signature
+++ b/libcupsfilters/.signature
@ -1,5 +1,6 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/TnU9xW2ff/xTTSJ0K8ayH/2JZtBsxeshuKXBCvG+WeM2GVSy4kVqd62iupKYiRyBV76UMX6IA6DRbCZUo8FjAQ=
-SHA256 (Pkgfile) = d2de09fd08b1a7637da23c89167b335861c1378ca03885e6c8f7e1cda2b4f704
+RWSE3ohX2g5d/QkmKppbpZ0xQSaJ8OOazgaRegkU5+gswx/Ol9mnv2kWPs79NbMVAd1BlX1e6x7HQCJIUBP847rrUb6KZZRDNgc=
+SHA256 (Pkgfile) = 5a4d3209c0e6b2ed50390d44cdeda6e702483836467b97cac54847b152dadc5f
 SHA256 (.footprint) = 06ee6a5b22ad7118145f97f5546a7d405c1f7fb48fa5511f6960b4dc8246bd37
 SHA256 (libcupsfilters-2.0.0.tar.xz) = 542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601
+SHA256 (validate-response-attributes.patch) = c3d24aacad3c5641c12a4371697cc6ca602e30604aa79ab2a061f1c8bbb65cf7
--- a/libcupsfilters/Pkgfile
+++ b/libcupsfilters/Pkgfile
@ -6,12 +6,15 @@

 name=libcupsfilters
 version=2.0.0
-release=1
-source=(https://github.com/OpenPrinting/libcupsfilters/releases/download/$version/$name-$version.tar.xz)
+release=2
+source=(https://github.com/OpenPrinting/libcupsfilters/releases/download/$version/$name-$version.tar.xz
+	validate-response-attributes.patch)

 build() {
 	cd $name-$version

+	patch -p1 -i $SRC/validate-response-attributes.patch
+
 	prt-get isinst dbus || PKGMK_LIBCUPSFILTERS+=' --disable-dbus'
 	prt-get isinst libexif || PKGMK_LIBCUPSFILTERS+=' --disable-exif'
 	prt-get isinst mupdf || PKGMK_LIBCUPSFILTERS+=' --disable-mutool'
--- a/libcupsfilters/validate-response-attributes.patch
+++ b/libcupsfilters/validate-response-attributes.patch
@ -0,0 +1,33 @@
+From 95576ec3d20c109332d14672a807353cdc551018 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 Sep 2024 23:09:29 +0200
+Subject: [PATCH] cfGetPrinterAttributes5(): Validate response attributes
+ before return
+
+The destination can be corrupted or forged, so validate the response
+to strenghten security measures.
+
+Fixes CVE-2024-47076
+---
+ cupsfilters/ipp.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
+index 8d6a9b3d..db10cb3f 100644
+--- a/cupsfilters/ipp.c
+++ b/cupsfilters/ipp.c
+@@ -404,6 +404,14 @@ cfGetPrinterAttributes5(http_t *http_printer,
+ 	    ippDelete(response2);
+ 	  }
+ 	}
+
+	// Check if the response is valid
+	if (!ippValidateAttributes(response))
+	{
+	  ippDelete(response);
+	  response = NULL;
+	}
+
+ 	if (have_http == 0) httpClose(http_printer);
+ 	if (uri) free(uri);
+ 	return (response);