From 247ca23aa0425ba1e2b5a026e8f2c57d71e3fe5d Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Fri, 27 Sep 2024 19:01:42 +0200 Subject: [PATCH] cups: apply patches for CVE-2024-47175 Based on the information provided in https://www.openwall.com/lists/oss-security/2024/09/27/3 https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 (cherry picked from commit 053e3fe1f4b5602f05084dba63be651592069231) --- pkgs/misc/cups/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/pkgs/misc/cups/default.nix b/pkgs/misc/cups/default.nix index 396914479d4a5..b59dc2f19feec 100644 --- a/pkgs/misc/cups/default.nix +++ b/pkgs/misc/cups/default.nix @@ -56,6 +56,31 @@ stdenv.mkDerivation rec { includes = [ "scheduler/conf.c" ]; hash = "sha256-2jQFHUFav8XDfqA/PVKNvbUnZI34na8Wbuu4XRy3uqc="; }) + (fetchpatch { + name = "CVE-2024-47175_0.patch"; + url = "https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5.patch"; + hash = "sha256-Nt6/JwoaHkzFxCl1BuXOQRfki8Oquk2rIwvw7qekTQI="; + }) + (fetchpatch { + name = "CVE-2024-47175_1.patch"; + url = "https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69.patch"; + hash = "sha256-ZyvVAv96pK6ldSQf5IOiIXk8xYeNJOWNHX0S5pyn6pw="; + }) + (fetchpatch { + name = "CVE-2024-47175_2.patch"; + url = "https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844.patch"; + hash = "sha256-uDUOIwkRGZo+XXheDt+HGsXujtEJ3b4o5yNWdnz5uIY="; + }) + (fetchpatch { + name = "CVE-2024-47175_3.patch"; + url = "https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd.patch"; + hash = "sha256-SiYUsa+DUNPua0/r/rvzzRAYra2AP49ImbyWG5RnCI0="; + }) + (fetchpatch { + name = "CVE-2024-47175_4.patch"; + url = "https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b.patch"; + hash = "sha256-oeZ3nNmPMkusxZhmmKOCcD/AD+QzkVE8acNXapGK/Ew="; + }) ]; postPatch = ''