libcupsfilters: patch CVE-2025-64503

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503

Pick the patch that explicitly refernces the CVE ID in its message.
(The NVD advisory mentions only the cups-filters patch, but
the developer indicated the CVE ID in the libcupsfilters patch also)

Between this recipe version and the patch the project has decided to
eliminate c++ from the project, and use c only. The patch however
is straightforward enough that it could be backported with very small
modifications.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch

@@ -0,0 +1,45 @@
+From 7b5275f86f9011ac260409e7456bf21e05541bce Mon Sep 17 00:00:00 2001
+From: Till Kamppeter <till.kamppeter@gmail.com>
+Date: Mon, 10 Nov 2025 21:10:56 +0100
+Subject: [PATCH] Fix out-of-bounds write in cfFilterPDFToRaster()
+
+PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated.
+
+Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m
+
+https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
+
+Fixes CVE-2025-64503
+
+CVE: CVE-2025-64503
+Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ cupsfilters/pdftoraster.cxx | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx
+index f51c41f..075c206 100644
+--- a/cupsfilters/pdftoraster.cxx
++++ b/cupsfilters/pdftoraster.cxx
+@@ -1609,6 +1609,20 @@ out_page(pdftoraster_doc_t *doc,
+     doc->header.cupsPageSize[0] = l;
+   else
+     doc->header.cupsPageSize[1] = l;
++
++  //
++  // Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt
++  // https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372
++  //
++  if (doc->header.cupsPageSize[0] > 14400) {
++    fprintf(stderr, "ERROR: Page width is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[0]);
++    doc->header.cupsPageSize[0] = 14400;
++  }
++  if (doc->header.cupsPageSize[1] > 14400) {
++    fprintf(stderr, "ERROR: Page height is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[1]);
++    doc->header.cupsPageSize[1] = 14400;
++  }
++
+   if (rotate == 90 || rotate == 270)
+   {
+     doc->header.cupsImagingBBox[0] =

meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb

@@ -5,12 +5,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aab2024bd2a475438a154cd1640c9684"
 
 DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff"
 
-SRC_URI = " \
-	https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
-	file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
-	file://0001-CVE-2024-47076.patch \
-	file://CVE-2025-57812.patch \
-"
+SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+           file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
+           file://0001-CVE-2024-47076.patch \
+           file://CVE-2025-57812.patch \
+           file://CVE-2025-64503.patch \
+           "
 SRC_URI[sha256sum] = "542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601"
 
 inherit autotools gettext pkgconfig github-releases