Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2231913/?format=api
{ "id": 2231913, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2231913/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260501152758.2610763-8-bernd@kuhls.net/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/1.2/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260501152758.2610763-8-bernd@kuhls.net>", "list_archive_url": null, "date": "2026-05-01T15:27:43", "name": "[v4,07/21] package/cups-filters: add upstream patch to fix CVE-2025-64524", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "1fa55abc9a5c6e481195a2bba64f8534a0920b4a", "submitter": { "id": 86624, "url": "http://patchwork.ozlabs.org/api/1.2/people/86624/?format=api", "name": "Bernd Kuhls", "email": "bernd@kuhls.net" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260501152758.2610763-8-bernd@kuhls.net/mbox/", "series": [ { "id": 502474, "url": "http://patchwork.ozlabs.org/api/1.2/series/502474/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=502474", "date": "2026-05-01T15:27:39", "name": "package/gcc: add version 16.1.0", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/502474/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2231913/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2231913/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Tp6tJnC1;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6ZhB4VCDz1yHZ\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Sat, 02 May 2026 01:28:58 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id C55FD8567E;\n\tFri, 1 May 2026 15:28:56 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id vXkvhjXz2lmY; Fri, 1 May 2026 15:28:54 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id B0E2685679;\n\tFri, 1 May 2026 15:28:54 +0000 (UTC)", "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id 3ADAF293\n for <buildroot@buildroot.org>; Fri, 1 May 2026 15:28:53 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 2C6A76F6F7\n for <buildroot@buildroot.org>; Fri, 1 May 2026 15:28:53 +0000 (UTC)", "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id ABowxolBDdn8 for <buildroot@buildroot.org>;\n Fri, 1 May 2026 15:28:52 +0000 (UTC)", "from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 207FE6F6DF\n for <buildroot@buildroot.org>; Fri, 1 May 2026 15:28:52 +0000 (UTC)", "from fli4l.lan.fli4l (p4fd6c2eb.dip0.t-ipconnect.de\n [79.214.194.235])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 240F2A4C0238;\n Fri, 1 May 2026 17:28:02 +0200 (CEST)", "from bruckner.lan.fli4l ([192.168.1.1]:42324)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.2)\n (envelope-from <bernd@kuhls.net>) id 1wIpmZ-00000000172-1ARo;\n Fri, 01 May 2026 15:27:58 +0000" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp1.osuosl.org B0E2685679", "OpenDKIM Filter v2.11.0 smtp3.osuosl.org 207FE6F6DF" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777649334;\n\tbh=ehtopKHZiPL/OFhw5Z2KlPz2CBaj/ubkeOhjg9cfxM4=;\n\th=From:To:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t Cc:From;\n\tb=Tp6tJnC1Bu/FmiNbBYx7c8eK61ndULx3np+cr6ZA/2M7BB4o4yFS9TDnHdFXppAPR\n\t /8++q/Ql9M53ErjVADxpiS9DFNZDKyISXm7dt0PqxAZ7exqQOzScWJXJfb2Ln7/d9B\n\t NiozHaUw9bXrdVEl6m/UUCR6SWBgRw7SssSVc4L/tPlJmJKYPh92WnrSXBFKGX7tu/\n\t 69H1Hj0Hx3dNvtp1iWUFZfL1ySadriB5qtc8QosPrNidpo5VDOtCYWI+B3AstTji1J\n\t Uc97oX2NFMy8QLUdZlQBmeFzT0jd937tTlPxMJ/NvvZCvc9RYmJ4kDDGOkukLqfnK0\n\t pNf1wMwj2Leow==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp3.osuosl.org 207FE6F6DF", "From": "Bernd Kuhls <bernd@kuhls.net>", "To": "buildroot@buildroot.org", "Date": "Fri, 1 May 2026 17:27:43 +0200", "Message-ID": "<20260501152758.2610763-8-bernd@kuhls.net>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260501152758.2610763-1-bernd@kuhls.net>", "References": "<20260501152758.2610763-1-bernd@kuhls.net>", "MIME-Version": "1.0", "X-Spamd-Bar": "+", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1777649282;\n bh=BJoBuznYYTEeeh2g9M5tvamlydTqu6Cqv+qZ4iHiMDw=;\n h=From:To:Cc:Subject:Date:In-Reply-To:From;\n b=ttIv/+l0bfUtY3f89wI4kR4n+oiI7gXka5KHQ9On2tWEIe0UUcT/UJ0CPp1TlpV65\n 4IkwzuuTMt7xd4fjQsW/oDeS4X8YZ+a2GSmoew7+c8fvu0Ahfv+Z1DeCEFGi/LPy7l\n +e/x7vrho8El4MfhkthejMR3afwExi9+bQ7dTvvNPcQe2+FI9MRyGhqfDmjAtUZSvB\n lbxEUJhAIJOK2tCD/njO6BbRoC5yr9gXGFoiTkByFeJj1Kdrs5J6fWl1mRpbPoGJOA\n egMTMf71tLpviS0rbQitQJc7wYKq8XVtJ9zntHXnjGHNgUvdmQspQ1bqZKapzMk9h1\n KeetpMoE+dICA==", "X-Mailman-Original-Authentication-Results": [ "smtp3.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net", "smtp3.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=ttIv/+l0" ], "Subject": "[Buildroot] [PATCH v4 07/21] package/cups-filters: add upstream\n patch to fix CVE-2025-64524", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "Cc": "Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>,\n Tudor Holton <buildroot@tudorholton.com>,\n Fabrice Fontaine <fontaine.fabrice@gmail.com>,\n Angelo Compagnucci <angelo.compagnucci@gmail.com>,\n Olivier Schonken <olivier.schonken@gmail.com>,\n Thomas Petazzoni <thomas.petazzoni@bootlin.com>,\n Romain Naour <romain.naour@gmail.com>,\n Giulio Benetti <giulio.benetti@benettiengineering.com>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Signed-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n ...ix-infinite-loop-caused-by-crafted-f.patch | 83 +++++++++++++++++++\n package/cups-filters/cups-filters.mk | 3 +\n 2 files changed, 86 insertions(+)\n create mode 100644 package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch", "diff": "diff --git a/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch b/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\nnew file mode 100644\nindex 0000000000..e9900e5672\n--- /dev/null\n+++ b/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\n@@ -0,0 +1,83 @@\n+From b03866fd2e251a6d822a5e8c807c8d47b4d2dce2 Mon Sep 17 00:00:00 2001\n+From: Zdenek Dohnal <zdohnal@redhat.com>\n+Date: Wed, 12 Nov 2025 16:02:20 +0100\n+Subject: [PATCH] rastertopclx.c: Fix infinite loop caused by crafted file\n+\n+Infinite loop happened because of crafted input raster file, which led\n+into heap buffer overflow of `CompressBuf` array.\n+\n+Based on comments there should be always some `count` when compressing\n+the data, and processing of crafted file ended with offset and count\n+being 0.\n+\n+Fixes CVE-2025-64524\n+\n+Upstream: https://github.com/OpenPrinting/cups-filters/commit/b03866fd2e251a6d822a5e8c807c8d47b4d2dce2\n+\n+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>\n+---\n+ filter/rastertopclx.c | 25 +++++++++++++++++++++++--\n+ 1 file changed, 23 insertions(+), 2 deletions(-)\n+\n+diff --git a/filter/rastertopclx.c b/filter/rastertopclx.c\n+index 3e7c129da..1015308da 100644\n+--- a/filter/rastertopclx.c\n++++ b/filter/rastertopclx.c\n+@@ -818,10 +818,10 @@ StartPage(ppd_file_t *ppd,\t/* I - PPD file */\n+ }\n+ \n+ if (header->cupsCompression)\n+- CompBuffer = malloc(DotBufferSize * 4);\n++ CompBuffer = calloc(DotBufferSize * 4, sizeof(unsigned char));\n+ \n+ if (header->cupsCompression >= 3)\n+- SeedBuffer = malloc(DotBufferSize);\n++ SeedBuffer = calloc(DotBufferSize, sizeof(unsigned char));\n+ \n+ SeedInvalid = 1;\n+ \n+@@ -1152,6 +1152,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+ seed ++;\n+ count ++;\n+ }\n++\n++\t //\n++\t // Bail out if we don't have count to compress\n++\t //\n++\n++\t if (count == 0)\n++\t break;\n+ \t }\n+ \n+ /*\n+@@ -1245,6 +1252,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+ \n+ count = line_ptr - start;\n+ \n++\t //\n++\t // Bail out if we don't have count to compress\n++\t //\n++\n++\t if (count == 0)\n++\t break;\n++\n+ #if 0\n+ fprintf(stderr, \"DEBUG: offset=%d, count=%d, comp_ptr=%p(%d of %d)...\\n\",\n+ \t offset, count, comp_ptr, comp_ptr - CompBuffer,\n+@@ -1416,6 +1430,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+ \n+ count = (line_ptr - start) / 3;\n+ \n++\t //\n++\t // Bail out if we don't have count to compress\n++\t //\n++\n++\t if (count == 0)\n++\t break;\n++\n+ /*\n+ * Place mode 10 compression data in the buffer; each sequence\n+ \t * starts with a command byte that looks like:\n+-- \n+2.47.3\n+\ndiff --git a/package/cups-filters/cups-filters.mk b/package/cups-filters/cups-filters.mk\nindex dcfb2e9500..6bc4610376 100644\n--- a/package/cups-filters/cups-filters.mk\n+++ b/package/cups-filters/cups-filters.mk\n@@ -13,6 +13,9 @@ CUPS_FILTERS_CPE_ID_VENDOR = linuxfoundation\n # 0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch\n CUPS_FILTERS_IGNORE_CVES += CVE-2023-24805\n \n+# 0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\n+CUPS_FILTERS_IGNORE_CVES += CVE-2025-64524\n+\n CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg\n \n CUPS_FILTERS_CONF_OPTS = \\\n", "prefixes": [ "v4", "07/21" ] }