package/cups: bump to version 2.4.7

Drop fifth patch (already in version) https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-12-30 17:58:08 +01:00 · 2023-12-30 17:58:08 +01:00 · 55c80fdfb3
commit 55c80fdfb3
parent 00e5f52f2f
3 changed files with 2 additions and 50 deletions
--- a/package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch
+++ b/package/cups/0005-raster-interpret.c-Fix-CVE-2023-4504.patch
@ -1,45 +0,0 @@
-From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Wed, 20 Sep 2023 14:45:17 +0200
-Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
-
-We didn't check for end of buffer if it looks there is an escaped
-character - check for NULL terminator there and if found, return NULL
-as return value and in `ptr`, because a lone backslash is not
-a valid PostScript character.
-
-Upstream: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31
-[Peter: drop CHANGES hunk]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- cups/raster-interpret.c | 14 +++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c
-index 6fcf731b5..b8655c8c6 100644
--- a/cups/raster-interpret.c
-+++ b/cups/raster-interpret.c
-@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st,		/* I  - Stack */
- 
- 	    cur ++;
- 
-            if (*cur == 'b')
-+	   /*
-+	    * Return NULL if we reached NULL terminator, a lone backslash
-+	    * is not a valid character in PostScript.
-+	    */
-+
-+	    if (!*cur)
-+	    {
-+	      *ptr = NULL;
-+
-+	      return (NULL);
-+	    }
-+
-+	    if (*cur == 'b')
- 	      *valptr++ = '\b';
- 	    else if (*cur == 'f')
- 	      *valptr++ = '\f';
-- 
-2.30.2
-
--- a/package/cups/cups.hash
+++ b/package/cups/cups.hash
@ -1,4 +1,4 @@
 # Locally calculated:
-sha256  58e970cf1955e1cc87d0847c32526d9c2ccee335e5f0e3882b283138ba0e7262  cups-2.4.6-source.tar.gz
+sha256  dd54228dd903526428ce7e37961afaed230ad310788141da75cebaa08362cf6c  cups-2.4.7-source.tar.gz
 sha256  cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30  LICENSE
 sha256  5320b6e3c252423e4153eb2dd63e57e3b630afb21139f44e43b02d85fe33e279  NOTICE
--- a/package/cups/cups.mk
+++ b/package/cups/cups.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-CUPS_VERSION = 2.4.6
+CUPS_VERSION = 2.4.7
 CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
 CUPS_SITE = https://github.com/OpenPrinting/cups/releases/download/v$(CUPS_VERSION)
 CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
@ -13,9 +13,6 @@ CUPS_CPE_ID_VENDOR = openprinting
 CUPS_SELINUX_MODULES = cups
 CUPS_INSTALL_STAGING = YES

-# 0005-raster-interpret.c-Fix-CVE-2023-4504.patch
-CUPS_IGNORE_CVES += CVE-2023-4504
-
 # Using autoconf, not autoheader, so we cannot use AUTORECONF = YES.
 define CUPS_RUN_AUTOCONF
 	cd $(@D); $(AUTOCONF) -f