{"id":2231678,"url":"http://patchwork.ozlabs.org/api/patches/2231678/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260501062316.1942112-8-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260501062316.1942112-8-bernd@kuhls.net>","list_archive_url":null,"date":"2026-05-01T06:23:00","name":"[v3,07/21] package/cups-filters: add upstream patch to fix CVE-2025-64524","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"1fa55abc9a5c6e481195a2bba64f8534a0920b4a","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260501062316.1942112-8-bernd@kuhls.net/mbox/","series":[{"id":502425,"url":"http://patchwork.ozlabs.org/api/series/502425/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=502425","date":"2026-05-01T06:22:53","name":"package/gcc: add version 16.1.0","version":3,"mbox":"http://patchwork.ozlabs.org/series/502425/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231678/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231678/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=dxecx2cC;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6Lc53KXwz1xqf\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Fri, 01 May 2026 16:24:37 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 98602420B0;\n\tFri,  1 May 2026 06:24:35 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id g1hHtllh9vuo; Fri,  1 May 2026 06:24:34 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id AA66B4234B;\n\tFri,  1 May 2026 06:24:34 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id A24EC293\n for <buildroot@buildroot.org>; Fri,  1 May 2026 06:24:32 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 888CC420B0\n for <buildroot@buildroot.org>; Fri,  1 May 2026 06:24:32 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id BXiHUYpXIXLX for <buildroot@buildroot.org>;\n Fri,  1 May 2026 06:24:31 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 762B2420A8\n for <buildroot@buildroot.org>; Fri,  1 May 2026 06:24:31 +0000 (UTC)","from fli4l.lan.fli4l (p4fd6c2eb.dip0.t-ipconnect.de\n [79.214.194.235])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 1A429A4C2A33;\n Fri,  1 May 2026 08:23:27 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:38120)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.2)\n (envelope-from <bernd@kuhls.net>) id 1wIhHR-000000007tD-0cHU;\n Fri, 01 May 2026 06:23:16 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org AA66B4234B","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 762B2420A8"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777616674;\n\tbh=ehtopKHZiPL/OFhw5Z2KlPz2CBaj/ubkeOhjg9cfxM4=;\n\th=From:To:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t Cc:From;\n\tb=dxecx2cCCoWzgYxH05aZpI1qERD5JEINP5J16LlUL3GwY1WxtYx6AaGSp8uuNEWRG\n\t 17WXHjNfsXPLlvs5udmZXBtN3T6+RPIp6nPeM0PYCmrMn9F3+iDm8xg9whD8aYwKWu\n\t lVCvGIkc3pILWiLWn6Nuwv5me6fXfpgGaI/XD0p0FTm2+kElSgOv2e5lza3EtmpaXm\n\t cnGX+wrZdU7RPig+Fz18yzbqajeX4N2N8BW7mZ+Dkr2PhLllThhHGZTENkdI8Yvsi4\n\t jtgUPY19kVxzP8tHJw04qLFd1zqMrVg0vu7u8rjvB0+I1xiJzK1/AlHFhR9rnxW5tM\n\t EFectWjien8sw==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 762B2420A8","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Fri,  1 May 2026 08:23:00 +0200","Message-ID":"<20260501062316.1942112-8-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260501062316.1942112-1-bernd@kuhls.net>","References":"<20260501062316.1942112-1-bernd@kuhls.net>","MIME-Version":"1.0","X-Spamd-Bar":"+","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1777616607;\n bh=BJoBuznYYTEeeh2g9M5tvamlydTqu6Cqv+qZ4iHiMDw=;\n h=From:To:Cc:Subject:Date:In-Reply-To:From;\n b=mdr92WalKLKSR/rnEnl9j01VtoOHJGpmZw4YYreGIRdPKq4m8HpGEsQjs+EXzXV/Q\n FYa0pqrGM42ZThGtSRqvy1ZC9Z722fcQ2SDOYaeAjrtlngs06l0ilzvsHihstNvpn+\n 7Vl7QJjMVn7tEKTP7eNZ8TXx2Uu3RUn5As2eOYqbV4Piv2nqQQrhpezuLD/E8rF64N\n C7WOTIUSQKgLTR5AQvVJy4jbNZhhUfXdPJpiojaUqIQKalF4NY9cSN4mje1LQK+VKC\n c0A92WsJZUMtpCFyiigiV1oq35uqqwRwP6gXcHHyv/uUJfK84iNITOYAq4SDjbIO38\n Z6BrBbLlSAqzA==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=mdr92Wal"],"Subject":"[Buildroot] [PATCH v3 07/21] package/cups-filters: add upstream\n patch to fix CVE-2025-64524","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Cc":"Zoltan Gyarmati <mr.zoltan.gyarmati@gmail.com>,\n Tudor Holton <buildroot@tudorholton.com>,\n Fabrice Fontaine <fontaine.fabrice@gmail.com>,\n Angelo Compagnucci <angelo.compagnucci@gmail.com>,\n Olivier Schonken <olivier.schonken@gmail.com>,\n Thomas Petazzoni <thomas.petazzoni@bootlin.com>,\n Romain Naour <romain.naour@gmail.com>,\n Giulio Benetti <giulio.benetti@benettiengineering.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"Signed-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n ...ix-infinite-loop-caused-by-crafted-f.patch | 83 +++++++++++++++++++\n package/cups-filters/cups-filters.mk          |  3 +\n 2 files changed, 86 insertions(+)\n create mode 100644 package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch","diff":"diff --git a/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch b/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\nnew file mode 100644\nindex 0000000000..e9900e5672\n--- /dev/null\n+++ b/package/cups-filters/0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\n@@ -0,0 +1,83 @@\n+From b03866fd2e251a6d822a5e8c807c8d47b4d2dce2 Mon Sep 17 00:00:00 2001\n+From: Zdenek Dohnal <zdohnal@redhat.com>\n+Date: Wed, 12 Nov 2025 16:02:20 +0100\n+Subject: [PATCH] rastertopclx.c: Fix infinite loop caused by crafted file\n+\n+Infinite loop happened because of crafted input raster file, which led\n+into heap buffer overflow of `CompressBuf` array.\n+\n+Based on comments there should be always some `count` when compressing\n+the data, and processing of crafted file ended with offset and count\n+being 0.\n+\n+Fixes CVE-2025-64524\n+\n+Upstream: https://github.com/OpenPrinting/cups-filters/commit/b03866fd2e251a6d822a5e8c807c8d47b4d2dce2\n+\n+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>\n+---\n+ filter/rastertopclx.c | 25 +++++++++++++++++++++++--\n+ 1 file changed, 23 insertions(+), 2 deletions(-)\n+\n+diff --git a/filter/rastertopclx.c b/filter/rastertopclx.c\n+index 3e7c129da..1015308da 100644\n+--- a/filter/rastertopclx.c\n++++ b/filter/rastertopclx.c\n+@@ -818,10 +818,10 @@ StartPage(ppd_file_t         *ppd,\t/* I - PPD file */\n+   }\n+ \n+   if (header->cupsCompression)\n+-    CompBuffer = malloc(DotBufferSize * 4);\n++    CompBuffer = calloc(DotBufferSize * 4, sizeof(unsigned char));\n+ \n+   if (header->cupsCompression >= 3)\n+-    SeedBuffer = malloc(DotBufferSize);\n++    SeedBuffer = calloc(DotBufferSize, sizeof(unsigned char));\n+ \n+   SeedInvalid = 1;\n+ \n+@@ -1152,6 +1152,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+               seed ++;\n+               count ++;\n+             }\n++\n++\t    //\n++\t    // Bail out if we don't have count to compress\n++\t    //\n++\n++\t    if (count == 0)\n++\t      break;\n+ \t  }\n+ \n+          /*\n+@@ -1245,6 +1252,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+ \n+             count = line_ptr - start;\n+ \n++\t    //\n++\t    // Bail out if we don't have count to compress\n++\t    //\n++\n++\t    if (count == 0)\n++\t      break;\n++\n+ #if 0\n+             fprintf(stderr, \"DEBUG: offset=%d, count=%d, comp_ptr=%p(%d of %d)...\\n\",\n+ \t            offset, count, comp_ptr, comp_ptr - CompBuffer,\n+@@ -1416,6 +1430,13 @@ CompressData(unsigned char *line,\t/* I - Data to compress */\n+ \n+             count = (line_ptr - start) / 3;\n+ \n++\t    //\n++\t    // Bail out if we don't have count to compress\n++\t    //\n++\n++\t    if (count == 0)\n++\t      break;\n++\n+            /*\n+             * Place mode 10 compression data in the buffer; each sequence\n+ \t    * starts with a command byte that looks like:\n+-- \n+2.47.3\n+\ndiff --git a/package/cups-filters/cups-filters.mk b/package/cups-filters/cups-filters.mk\nindex dcfb2e9500..6bc4610376 100644\n--- a/package/cups-filters/cups-filters.mk\n+++ b/package/cups-filters/cups-filters.mk\n@@ -13,6 +13,9 @@ CUPS_FILTERS_CPE_ID_VENDOR = linuxfoundation\n # 0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch\n CUPS_FILTERS_IGNORE_CVES += CVE-2023-24805\n \n+# 0002-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch\n+CUPS_FILTERS_IGNORE_CVES += CVE-2025-64524\n+\n CUPS_FILTERS_DEPENDENCIES = cups libglib2 lcms2 qpdf fontconfig freetype jpeg\n \n CUPS_FILTERS_CONF_OPTS = \\\n","prefixes":["v3","07/21"]}