[scarthgap,4/8] cups: Fix CVE-2026-34979

Message ID	20260623113037.28968-4-adongare@cisco.com
State	New
Headers	show Return-Path: <adongare@cisco.com> ip: 173.37.86.77, mailfrom: adongare@cisco.com) IronPort-Data: A9a23:vZn1m6P8iQfY9KfvrR30lsFynXyQoLVcMsEvi/4bfWQNrUpx1GNWy DFKWW6BbP2PNmanc9FwPd6zoEMH7MWGx9NqTXM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCeaphyFTmE+kvF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZh6mJTqYb/WV/lV e/a+ZWFZgf7gWUsawr41orawP9RlKWq0N8nlgRWicBj5Df2i3QTBZQDEqC9R1OQapVUBOOzW 9HYx7i/+G7Dlz91Yj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnBaPpIACRYpQRw/ZwNlMDxG4 I4lWZSYEW/FN0BX8QgXe0Ew/ypWZcWq9FJbSJSymZT78qHIT5fj69c/Tx4TbdYUw7Y0J2NE0 O42OTxRQSnW0opawJrjIgVtrt4oIM+uOMYUvWttiGiAS/0nWpvEBa7N4Le03h9p2ZsIRqmYP ZdEL2MzPHwsYDUXUrsTIJsym+Gnj2PyWzZZs1mS46Ew5gA/ySQtgei9aIGLJoDiqcN9xHuCi 0XA1GnACD4LNYe2kxi3+GuLibqa9c/8cMdIfFGizdZtmFCVy2kZBREaWFf+qv6jh2a6WslDM AoT4icooK04+UCnQ9W7WAe3yENopTYGUNZWVul/4waXx++NukCSB3MPSXhKb9lOWNIKeAHGH 2Shx7vBbQGDepXPIZ5B3t94dQ+PBBU= IronPort-HdrOrdr: A9a23:fg/dVqqdarICrgozVTChejMaV5rzeYIsimQD101hICG9vPb2qy nIpoV96faaslcssR0b9OxofZPwI080lqQFhbX5X43DYOCOggLBR+tfBMnZsljd8kbFmNK1u5 0NT0FWMqyXMbEDt7eY3CCIV/A93dKA7Kekwc3az3trUEVWTpsI1XYBNu5eeXcGPzWvwvECZe Kh2vY= From: "Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)" <adongare@cisco.com> To: openembedded-core@lists.openembedded.org Cc: xe-linux-external@cisco.com, to@cisco.com, Anil Dongare <adongare@cisco.com> Subject: [OE-core] [scarthgap] [PATCH 4/8] cups: Fix CVE-2026-34979 Date: Tue, 23 Jun 2026 04:30:28 -0700 Message-ID: <20260623113037.28968-4-adongare@cisco.com> In-Reply-To: <20260623113037.28968-1-adongare@cisco.com> References: <20260623113037.28968-1-adongare@cisco.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,1/8] cups: Fix CVE-2026-27447 \| expand [scarthgap,1/8] cups: Fix CVE-2026-27447 [scarthgap,2/8] cups: Fix CVE-2026-34978 [scarthgap,3/8] cups: Fix CVE-2026-34980 [scarthgap,4/8] cups: Fix CVE-2026-34979 [scarthgap,5/8] cups: Fix CVE-2026-34990 [scarthgap,6/8] cups: Fix CVE-2026-39314 [scarthgap,7/8] cups: Fix CVE-2026-39316 [scarthgap,8/8] cups: Fix CVE-2026-41079

Message ID

20260623113037.28968-4-adongare@cisco.com

State

New

Headers

IronPort-Data: A9a23:vZn1m6P8iQfY9KfvrR30lsFynXyQoLVcMsEvi/4bfWQNrUpx1GNWy
 DFKWW6BbP2PNmanc9FwPd6zoEMH7MWGx9NqTXM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h
 ykmQoCeaphyFTmE+kvF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZh6mJTqYb/WV/lV
 e/a+ZWFZgf7gWUsawr41orawP9RlKWq0N8nlgRWicBj5Df2i3QTBZQDEqC9R1OQapVUBOOzW
 9HYx7i/+G7Dlz91Yj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnBaPpIACRYpQRw/ZwNlMDxG4
 I4lWZSYEW/FN0BX8QgXe0Ew/ypWZcWq9FJbSJSymZT78qHIT5fj69c/Tx4TbdYUw7Y0J2NE0
 O42OTxRQSnW0opawJrjIgVtrt4oIM+uOMYUvWttiGiAS/0nWpvEBa7N4Le03h9p2ZsIRqmYP
 ZdEL2MzPHwsYDUXUrsTIJsym+Gnj2PyWzZZs1mS46Ew5gA/ySQtgei9aIGLJoDiqcN9xHuCi
 0XA1GnACD4LNYe2kxi3+GuLibqa9c/8cMdIfFGizdZtmFCVy2kZBREaWFf+qv6jh2a6WslDM
 AoT4icooK04+UCnQ9W7WAe3yENopTYGUNZWVul/4waXx++NukCSB3MPSXhKb9lOWNIKeAHGH
 2Shx7vBbQGDepXPIZ5B3t94dQ+PBBU=
IronPort-HdrOrdr: A9a23:fg/dVqqdarICrgozVTChejMaV5rzeYIsimQD101hICG9vPb2qy
 nIpoV96faaslcssR0b9OxofZPwI080lqQFhbX5X43DYOCOggLBR+tfBMnZsljd8kbFmNK1u5
 0NT0FWMqyXMbEDt7eY3CCIV/A93dKA7Kekwc3az3trUEVWTpsI1XYBNu5eeXcGPzWvwvECZe
 Kh2vY=
From: "Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)"
 <adongare@cisco.com>
To: openembedded-core@lists.openembedded.org
Cc: xe-linux-external@cisco.com, to@cisco.com,
	Anil Dongare <adongare@cisco.com>
Subject: [OE-core] [scarthgap] [PATCH 4/8] cups: Fix CVE-2026-34979
Date: Tue, 23 Jun 2026 04:30:28 -0700
Message-ID: <20260623113037.28968-4-adongare@cisco.com>
In-Reply-To: <20260623113037.28968-1-adongare@cisco.com>
References: <20260623113037.28968-1-adongare@cisco.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,1/8] cups: Fix CVE-2026-27447 | expand

Commit Message

Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) June 23, 2026, 11:30 a.m. UTC

From: Anil Dongare <adongare@cisco.com>

Pick the upstream patch [1] as mentioned in [2].

[1] https://github.com/OpenPrinting/cups/commit/0ff8897367c7341f2500770c3977038cdd7c0214
[2] https://security-tracker.debian.org/tracker/CVE-2026-34979

Signed-off-by: Anil Dongare <adongare@cisco.com>
---
 meta/recipes-extended/cups/cups.inc           |  1 +
 .../cups/cups/CVE-2026-34979.patch            | 73 +++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34979.patch

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index dc5b971195..7dedb2daef 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -27,6 +27,7 @@  SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
            file://CVE-2026-34980.patch \
            file://CVE-2026-34980-regression_p1.patch \
            file://CVE-2026-34980-regression_p2.patch \
+           file://CVE-2026-34979.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34979.patch b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch
new file mode 100644
index 0000000000..4adb6415b1
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch
@@ -0,0 +1,73 @@ 
+From 471b4dc802455c7c59f9fd594fec8b6f3acb0db5 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Tue, 31 Mar 2026 14:50:06 -0400
+Subject: [PATCH] Expand allocation of options string.
+
+CVE: CVE-2026-34979
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/0ff8897367c7341f2500770c3977038cdd7c0214]
+
+Backport Changes:
+- Rebase CHANGES.md placement and scheduler/job.c IPP length context to the
+  CUPS 2.4.11 source carried by this recipe.
+
+(cherry picked from commit 0ff8897367c7341f2500770c3977038cdd7c0214)
+Signed-off-by: Anil Dongare <adongare@cisco.com>
+---
+ CHANGES.md      |  2 ++
+ scheduler/job.c | 16 ++++------------
+ 2 files changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/CHANGES.md b/CHANGES.md
+index 9863c17..f203e9a 100644
+--- a/CHANGES.md
++++ b/CHANGES.md
+@@ -11,6 +11,8 @@ Changes in CUPS v2.4.10 (2024-06-18)
+   directory.
+ - CVE-2026-34980: The scheduler did not filter control characters from option
+   values.
++- CVE-2026-34979: The scheduler did not always allocate enough memory for a
++  job's options string.
+ - Fixed error handling when reading a mixed `1setOf` attribute.
+ - Fixed scheduler start if there is only domain socket to listen on (Issue #985)
+ 
+diff --git a/scheduler/job.c b/scheduler/job.c
+index 915ba94..880c25f 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -4195,18 +4195,6 @@ ipp_length(ipp_t *ipp)			/* I - IPP request */
+ 
+   for (attr = ipp->attrs; attr != NULL; attr = attr->next)
+   {
+-   /*
+-    * Skip attributes that won't be sent to filters...
+-    */
+-
+-    if (attr->value_tag == IPP_TAG_NOVALUE ||
+-	attr->value_tag == IPP_TAG_MIMETYPE ||
+-	attr->value_tag == IPP_TAG_NAMELANG ||
+-	attr->value_tag == IPP_TAG_TEXTLANG ||
+-	attr->value_tag == IPP_TAG_URI ||
+-	attr->value_tag == IPP_TAG_URISCHEME)
+-      continue;
+-
+    /*
+     * Add space for a leading space and commas between each value.
+     * For the first attribute, the leading space isn't used, so the
+@@ -4282,10 +4270,14 @@ ipp_length(ipp_t *ipp)			/* I - IPP request */
+ 
+       case IPP_TAG_TEXT :
+       case IPP_TAG_NAME :
++      case IPP_TAG_TEXTLANG :
++      case IPP_TAG_NAMELANG :
++      case IPP_TAG_MIMETYPE :
+       case IPP_TAG_KEYWORD :
+       case IPP_TAG_CHARSET :
+       case IPP_TAG_LANGUAGE :
+       case IPP_TAG_URI :
++      case IPP_TAG_URISCHEME :
+          /*
+ 	  * Strings can contain characters that need quoting.  We need
+ 	  * at least 2 * len + 2 characters to cover the quotes and
+-- 
+2.43.7
+

[scarthgap,4/8] cups: Fix CVE-2026-34979

Commit Message

Patch