foomatic-filters: Security fixes CVE-2015-8327

CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character this time with the recipe changes. (From OE-Core master rev: 62d6876033476592a8ca35f4e563c996120a687b) (From OE-Core rev: 9ca5534b1d8ce71eb150964e11ce79ba79ced7e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 21:09:03 +02:00 · 2016-02-01 09:46:10 -08:00 · 2016-02-01 09:46:10 -08:00 · 83af960b7d
commit 83af960b7d
parent 9a6a7150d9
2 changed files with 24 additions and 0 deletions
--- a/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch
+++ b/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch
@ -0,0 +1,23 @@
+Upstream-Status: Backport
+
+
+http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
+
+Hand applied change to util.c. Fix was for cups-filters but also applied to foomatic-filters.
+
+CVE: CVE-2015-8327
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: util.c
+===================================================================
+--- a/util.c
+++ b/util.c
+@@ -31,7 +31,7 @@
+ #include <assert.h>
+ 
+ 
+-const char* shellescapes = "|;<>&!$\'\"#*?()[]{}";
+const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}";
+ 
+ const char * temp_dir()
+ {
--- a/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb
+++ b/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb
@ -18,6 +18,7 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/foomatic-filters-${PV}/COPYING;md5=393a5ca
 SRC_URI = "http://www.openprinting.org/download/foomatic/foomatic-filters-${PV}.tar.gz"

 SRC_URI += "file://CVE-2015-8560.patch \
+            file://CVE-2015-8327.patch \
           "

 SRC_URI[md5sum] = "b05f5dcbfe359f198eef3df5b283d896"