NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1561b6b56f
kumquat-buildroot/package/cups-filters/cups-filters.mk
Fabrice Fontaine 738029bc12 package/cups-filters: fix CVE-2023-24805 
Fix CVE-2023-24805: cups-filters contains backends, filters, and other
software required to get the cups printing service working on operating
systems other than macos. If you use the Backend Error Handler (beh) to
create an accessible network printer, this security vulnerability can
cause remote code execution. `beh.c` contains the line `retval =
system(cmdline) >> 8;` which calls the `system` command with the operand
`cmdline`. `cmdline` contains multiple user controlled, unsanitized
values. As a result an attacker with network access to the hosted print
server can exploit this vulnerability to inject system commands which
are executed in the context of the running server. This issue has been
addressed in commit `8f2740357` and is expected to be bundled in the
next release. Users are advised to upgrade when possible and to restrict
access to network printers in the meantime.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-04 21:15:11 +01:00

97 lines
2.6 KiB
Makefile
Raw Blame History

################################################################################
#
# cups-filters
#
################################################################################
CUPS_FILTERS_VERSION = 1.28.17
CUPS_FILTERS_SITE = https://github.com/OpenPrinting/cups-filters/releases/download/$(CUPS_FILTERS_VERSION)
CUPS_FILTERS_LICENSE = GPL-2.0, GPL-2.0+, GPL-3.0, GPL-3.0+, LGPL-2, LGPL-2.1+, MIT, BSD-4-Clause
CUPS_FILTERS_LICENSE_FILES = COPYING
CUPS_FILTERS_CPE_ID_VENDOR = linuxfoundation
# 0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch
CUPS_FILTERS_IGNORE_CVES += CVE-2023-24805
CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg
CUPS_FILTERS_CONF_OPTS = \
--disable-mutool \
--disable-foomatic \
--disable-braille \
--enable-imagefilters \
--with-cups-config=$(STAGING_DIR)/usr/bin/cups-config \
--with-sysroot=$(STAGING_DIR) \
--with-pdftops=pdftops \
--with-jpeg \
--with-test-font-path=/dev/null \
--without-rcdir
ifeq ($(BR2_PACKAGE_LIBPNG),y)
CUPS_FILTERS_CONF_OPTS += --with-png
CUPS_FILTERS_DEPENDENCIES += libpng
else
CUPS_FILTERS_CONF_OPTS += --without-png
endif
ifeq ($(BR2_PACKAGE_TIFF),y)
CUPS_FILTERS_CONF_OPTS += --with-tiff
CUPS_FILTERS_DEPENDENCIES += tiff
else
CUPS_FILTERS_CONF_OPTS += --without-tiff
endif
ifeq ($(BR2_PACKAGE_DBUS),y)
CUPS_FILTERS_CONF_OPTS += --enable-dbus
CUPS_FILTERS_DEPENDENCIES += dbus
else
CUPS_FILTERS_CONF_OPTS += --disable-dbus
endif
ifeq ($(BR2_PACKAGE_AVAHI_LIBAVAHI_CLIENT),y)
CUPS_FILTERS_DEPENDENCIES += avahi
CUPS_FILTERS_CONF_OPTS += --enable-avahi
else
CUPS_FILTERS_CONF_OPTS += --disable-avahi
endif
ifeq ($(BR2_PACKAGE_GHOSTSCRIPT),y)
CUPS_FILTERS_DEPENDENCIES += ghostscript
CUPS_FILTERS_CONF_OPTS += --enable-ghostscript
else
CUPS_FILTERS_CONF_OPTS += --disable-ghostscript
endif
ifeq ($(BR2_PACKAGE_IJS),y)
CUPS_FILTERS_DEPENDENCIES += ijs
CUPS_FILTERS_CONF_OPTS += --enable-ijs
else
CUPS_FILTERS_CONF_OPTS += --disable-ijs
endif
ifeq ($(BR2_PACKAGE_POPPLER),y)
CUPS_FILTERS_DEPENDENCIES += poppler
CUPS_FILTERS_CONF_OPTS += --enable-poppler
else
CUPS_FILTERS_CONF_OPTS += --disable-poppler
endif
ifeq ($(BR2_PACKAGE_LIBEXIF),y)
CUPS_FILTERS_CONF_OPTS += --enable-exif
CUPS_FILTERS_DEPENDENCIES += libexif
else
CUPS_FILTERS_CONF_OPTS += --disable-exif
endif
define CUPS_FILTERS_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/cups-filters/S82cups-browsed \
$(TARGET_DIR)/etc/init.d/S82cups-browsed
endef
define CUPS_FILTERS_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 0755 $(@D)/utils/cups-browsed.service \
$(TARGET_DIR)/usr/lib/systemd/system/cups-browsed.service
endef
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink