From patchwork Tue Sep 16 05:42:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 70286 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF409CAC599 for ; Tue, 16 Sep 2025 05:43:41 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.12338.1758001391641775634 for ; Mon, 15 Sep 2025 22:43:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: no key for signature: lookup google._domainkey.mvista.com on 100.100.100.100:53: no such host" header.i=@mvista.com header.s=google header.b=YNXW5tjm; spf=temperror, err=temporary DNS error (domain: mvista.com, ip: 209.85.210.177, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-772301f8ae2so4687997b3a.0 for ; Mon, 15 Sep 2025 22:42:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1758001369; x=1758606169; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/0ZrLHePVOs2EAVMI6eMAgljEyjM3Hm7Nuud5Vi/UQA=; b=YNXW5tjmcsObT7Td+Gk0ZSfOK1WbrARrgokh0v13GzD61TWk3S6dIect8DYBLG9GOA CYsKVQlvm8Bs3QsYzQLCAd1Cu5ljLs3vyp3VjPg94Ny8lhlvxwpDArdXfYfkm00znGM8 FNvOeae0DDWyIlDoitE3SYUQLNCUhWyBkotUs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758001369; x=1758606169; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/0ZrLHePVOs2EAVMI6eMAgljEyjM3Hm7Nuud5Vi/UQA=; b=lkbuDtTfDMF5hnfYh+5gVccNRM2VPvyk/NxCZGn60HGh4T+m/GccAGklcKYiTDmGvl rO11qGATLI1hz8e054yomvGtZ3sKMvD77xZNjDD1qgcs2Ac5sRH8Dm5y0XjMA8QzHw5m fusNLaWZWa+tCDQ1ghnO6boCCt2Hb61KotsO+c54V/Z78k+nzTX/+ZB5QxFtGOekZ5qw JjO4686CQwN3ZwJKBXoOOPiMyH0Mp0nFAgrfCFl2ud8Y3NYr2AYGrzu6aERaZKW/kz02 LequIPajItZ1mWyT0m1H2XFOsHYskUDWdGCNWr2ij/Sb5NMxoHGyVM5Zlyf48WgOg2hA FZ/w== X-Gm-Message-State: AOJu0YyDxRIqCAi3sJXvJYhc6FZCwBmEfJiFo9kCFlzoVnNoYsf44F9G eNlLF2aqFUBxnEBif91Krs2/BcCLAkuLexbGO2E+u+JKewn+Wx4ma76joxZzeRYriiXvur+mscr v0LFy3aA= X-Gm-Gg: ASbGncu5I6iASRzqYz9i5tPf+DMhnHB0ZmgW0yXEtVZ9M4vBPAuWM+U9iemWbGWkWea euyAr4JkmsBSnHaerRyNipy5vjC9Hk+EBceFFFXM55XeGgWabChqm1UjoxNcB9LxLD5dFd9KC6K 2+m1yGadaVUWyM5XeI0cycHumj1Xk70l4Dl79ClzjWpKjDNvGWc84Wp/QIM3ytCCMV4GIadz/z2 sa3Wov4VwV3FahsHXhwPWi5L95zVdzvtpxBxcU+tuQA7XRbFKfrloPXQi98Rr2mW9VSYK2h5LnO KlnjAjzkEyWAhQ0C8QLKK0T8+JRzkT2oV1zskxLaRGNZYZUZoy1cTLcfscvcUUzL8SmaUIaPt2J faC385n7XGqFQLwBRjY3PSsGLXzi1vyMNSA== X-Google-Smtp-Source: AGHT+IGzfSvif5eoCVPccl16VVFbUWOjlpDIU1siLexQw539zJ9jmUJ6lq3RvFBCPA2GlKx8whyiGA== X-Received: by 2002:a05:6a00:3cc8:b0:776:32e0:248f with SMTP id d2e1a72fcca58-77632e027famr10830705b3a.27.1758001368522; Mon, 15 Sep 2025 22:42:48 -0700 (PDT) Received: from localhost.localdomain ([49.207.214.94]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7760944a9a9sm14617516b3a.78.2025.09.15.22.42.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Sep 2025 22:42:47 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][scarthgap][PATCH v2 1/2] cups: upgrade 2.4.10 -> 2.4.11 Date: Tue, 16 Sep 2025 11:12:37 +0530 Message-Id: <20250916054238.117124-1-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Sep 2025 05:43:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223529 From: Vijay Anusuri Removed CVE-2024-47175 patches which is fixed by upgrade Chnagelog ========== v2.4.11 CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support (checkbox support, modifying printers) and others fixes. Detailed list of changes is available in CHANGES.md Signed-off-by: Vijay Anusuri --- meta/recipes-extended/cups/cups.inc | 5 - .../cups/cups/CVE-2024-47175-1.patch | 73 ----- .../cups/cups/CVE-2024-47175-2.patch | 151 ----------- .../cups/cups/CVE-2024-47175-3.patch | 119 --------- .../cups/cups/CVE-2024-47175-4.patch | 249 ------------------ .../cups/cups/CVE-2024-47175-5.patch | 40 --- .../cups/{cups_2.4.10.bb => cups_2.4.11.bb} | 2 +- 7 files changed, 1 insertion(+), 638 deletions(-) delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch delete mode 100644 meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch rename meta/recipes-extended/cups/{cups_2.4.10.bb => cups_2.4.11.bb} (51%) diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 5590eb0fa0..b70ba3ae58 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -15,11 +15,6 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ - file://CVE-2024-47175-1.patch \ - file://CVE-2024-47175-2.patch \ - file://CVE-2024-47175-3.patch \ - file://CVE-2024-47175-4.patch \ - file://CVE-2024-47175-5.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch deleted file mode 100644 index 8ec720ea0d..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 9939a70b750edd9d05270060cc5cf62ca98cfbe5 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Mon, 9 Sep 2024 10:03:10 -0400 -Subject: [PATCH] Mirror IPP Everywhere printer changes from master. - -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5] -CVE: CVE-2024-47175 -Signed-off-by: Hitendra Prajapati ---- - cups/ppd-cache.c | 10 +++++----- - scheduler/ipp.c | 7 +++++++ - 2 files changed, 12 insertions(+), 5 deletions(-) - -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index e750fcc..cd2d6cb 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -3317,10 +3317,10 @@ _ppdCreateFromIPP2( - } - cupsFilePuts(fp, "\"\n"); - -- if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); - -- if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - - if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL) -@@ -3389,10 +3389,10 @@ _ppdCreateFromIPP2( - if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0)) - cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n"); - -- if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - -- if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) - { - char prefix = '\"'; // Prefix for string - -@@ -3410,7 +3410,7 @@ _ppdCreateFromIPP2( - cupsFilePuts(fp, "\"\n"); - } - -- if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) - { - char prefix = '\"'; // Prefix for string - -diff --git a/scheduler/ipp.c b/scheduler/ipp.c -index 37623c5..836e41d 100644 ---- a/scheduler/ipp.c -+++ b/scheduler/ipp.c -@@ -5417,6 +5417,13 @@ create_local_bg_thread( - } - } - -+ // Validate response from printer... -+ if (!ippValidateAttributes(response)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Printer returned invalid data: %s", printer->name, cupsLastErrorString()); -+ return (NULL); -+ } -+ - // TODO: Grab printer icon file... - httpClose(http); - --- -2.25.1 - diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch deleted file mode 100644 index 11e8209626..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 04bb2af4521b56c1699a2c2431c56c05a7102e69 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Mon, 9 Sep 2024 14:05:42 -0400 -Subject: [PATCH] Refactor make-and-model code. - -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69] -CVE: CVE-2024-47175 -Signed-off-by: Hitendra Prajapati ---- - cups/ppd-cache.c | 103 +++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 87 insertions(+), 16 deletions(-) - -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index cd2d6cb..a4d7403 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -3197,9 +3197,10 @@ _ppdCreateFromIPP2( - ipp_t *media_col, /* Media collection */ - *media_size; /* Media size collection */ - char make[256], /* Make and model */ -- *model, /* Model name */ -+ *mptr, /* Pointer into make and model */ - ppdname[PPD_MAX_NAME]; - /* PPD keyword */ -+ const char *model; /* Model name */ - int i, j, /* Looping vars */ - count, /* Number of values */ - bottom, /* Largest bottom margin */ -@@ -3260,34 +3261,104 @@ _ppdCreateFromIPP2( - } - - /* -- * Standard stuff for PPD file... -+ * Get a sanitized make and model... - */ - -- cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); -- cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); -- cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); -- cupsFilePuts(fp, "*LanguageVersion: English\n"); -- cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); -- cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); -- cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); -- cupsFilePuts(fp, "*FileSystem: False\n"); -- cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); -+ if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr)) -+ { -+ /* -+ * Sanitize the model name to only contain PPD-safe characters. -+ */ - -- if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL) - strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); -+ -+ for (mptr = make; *mptr; mptr ++) -+ { -+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"') -+ { -+ /* -+ * Truncate the make and model on the first bad character... -+ */ -+ -+ *mptr = '\0'; -+ break; -+ } -+ } -+ -+ while (mptr > make) -+ { -+ /* -+ * Strip trailing whitespace... -+ */ -+ -+ mptr --; -+ if (*mptr == ' ') -+ *mptr = '\0'; -+ } -+ -+ if (!make[0]) -+ { -+ /* -+ * Use a default make and model if nothing remains... -+ */ -+ -+ strlcpy(make, "Unknown", sizeof(make)); -+ } -+ } - else -- strlcpy(make, "Unknown Printer", sizeof(make)); -+ { -+ /* -+ * Use a default make and model... -+ */ -+ -+ strlcpy(make, "Unknown", sizeof(make)); -+ } - - if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) - { -+ /* -+ * Normalize HP printer make and model... -+ */ -+ - model = make + 16; - strlcpy(make, "HP", sizeof(make)); -+ -+ if (!_cups_strncasecmp(model, "HP ", 3)) -+ model += 3; -+ } -+ else if ((mptr = strchr(make, ' ')) != NULL) -+ { -+ /* -+ * Separate "MAKE MODEL"... -+ */ -+ -+ while (*mptr && *mptr == ' ') -+ *mptr++ = '\0'; -+ -+ model = mptr; - } -- else if ((model = strchr(make, ' ')) != NULL) -- *model++ = '\0'; - else -- model = make; -+ { -+ /* -+ * No separate model name... -+ */ - -+ model = "Printer"; -+ } -+ -+ /* -+ * Standard stuff for PPD file... -+ */ -+ -+ cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); -+ cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); -+ cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); -+ cupsFilePuts(fp, "*LanguageVersion: English\n"); -+ cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); -+ cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); -+ cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); -+ cupsFilePuts(fp, "*FileSystem: False\n"); -+ cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); - cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); - cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); - cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); --- -2.25.1 - diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch deleted file mode 100644 index e7d012fb8a..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch +++ /dev/null @@ -1,119 +0,0 @@ -From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Mon, 9 Sep 2024 15:59:57 -0400 -Subject: [PATCH] PPDize preset and template names. - -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844] -CVE: CVE-2024-47175 -Signed-off-by: Hitendra Prajapati ---- - cups/ppd-cache.c | 33 ++++++++++++++++++++++++--------- - 1 file changed, 24 insertions(+), 9 deletions(-) - -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index a4d7403..53c22be 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -4976,12 +4976,14 @@ _ppdCreateFromIPP2( - - cupsArrayAdd(templates, (void *)keyword); - -+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); -+ - snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) - msgstr = keyword; - -- cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword); -+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); - for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) - { - if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) -@@ -4994,7 +4996,7 @@ _ppdCreateFromIPP2( - } - } - cupsFilePuts(fp, "\"\n"); -- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr); -+ cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); - cupsFilePuts(fp, "*End\n"); - } - -@@ -5040,7 +5042,8 @@ _ppdCreateFromIPP2( - if (!preset || !preset_name) - continue; - -- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name); -+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); -+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname); - for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset)) - { - member_name = ippGetName(member); -@@ -5081,7 +5084,10 @@ _ppdCreateFromIPP2( - fin_col = ippGetCollection(member, i); - - if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL) -- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword); -+ { -+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); -+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname); -+ } - } - } - else if (!strcmp(member_name, "media")) -@@ -5108,13 +5114,13 @@ _ppdCreateFromIPP2( - if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL) - { - pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); -- cupsFilePrintf(fp, "*InputSlot %s\n", keyword); -+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname); - } - - if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL) - { - pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); -- cupsFilePrintf(fp, "*MediaType %s\n", keyword); -+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname); - } - } - else if (!strcmp(member_name, "print-quality")) -@@ -5160,7 +5166,10 @@ _ppdCreateFromIPP2( - cupsFilePuts(fp, "\"\n*End\n"); - - if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) -- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name); -+ { -+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); -+ cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); -+ } - } - } - -@@ -5544,7 +5553,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ - *end; /* End of name buffer */ - - -- if (!ipp) -+ if (!ipp || !_cups_isalnum(*ipp)) - { - *name = '\0'; - return; -@@ -5559,8 +5568,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ - ipp ++; - *ptr++ = (char)toupper(*ipp++ & 255); - } -- else -+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp)) -+ { - *ptr++ = *ipp++; -+ } -+ else -+ { -+ ipp ++; -+ } - } - - *ptr = '\0'; --- -2.25.1 - diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch deleted file mode 100644 index 7665513485..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch +++ /dev/null @@ -1,249 +0,0 @@ -From 1e6ca5913eceee906038bc04cc7ccfbe2923bdfd Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Mon, 23 Sep 2024 09:36:39 -0400 -Subject: [PATCH] Quote PPD localized strings. - -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd] -CVE: CVE-2024-47175 -Signed-off-by: Hitendra Prajapati ---- - cups/ppd-cache.c | 93 +++++++++++++++++++++++++++--------------------- - 1 file changed, 53 insertions(+), 40 deletions(-) - -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index 53c22be..f425ac0 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -32,6 +32,7 @@ - static int cups_connect(http_t **http, const char *url, char *resource, size_t ressize); - static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize); - static const char *ppd_inputslot_for_keyword(_ppd_cache_t *pc, const char *keyword); -+static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid); - static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value); - static void pwg_add_message(cups_array_t *a, const char *msg, const char *str); - static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b); -@@ -3394,7 +3395,7 @@ _ppdCreateFromIPP2( - if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); - -- if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL) -+ if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - { - http_t *http = NULL; /* Connection to printer */ - char stringsfile[1024]; /* Temporary strings file */ -@@ -3438,7 +3439,7 @@ _ppdCreateFromIPP2( - - response = cupsDoRequest(http, request, resource); - -- if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL) -+ if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) - cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword, ippGetString(attr, 0, NULL)); - - ippDelete(response); -@@ -4044,18 +4045,16 @@ _ppdCreateFromIPP2( - cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname); - - for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++) -+ { - if (!strcmp(sources[j], keyword)) - { - snprintf(msgid, sizeof(msgid), "media-source.%s", keyword); - -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; -- - cupsFilePrintf(fp, "*InputSlot %s: \"<>setpagedevice\"\n", ppdname, j); -- cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, msgstr); -+ ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid); - break; - } -+ } - } - cupsFilePuts(fp, "*CloseUI: *InputSlot\n"); - } -@@ -4081,12 +4080,9 @@ _ppdCreateFromIPP2( - pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - - snprintf(msgid, sizeof(msgid), "media-type.%s", keyword); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - cupsFilePrintf(fp, "*MediaType %s: \"<>setpagedevice\"\n", ppdname, ppdname); -- cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr); -+ ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid); - } - cupsFilePuts(fp, "*CloseUI: *MediaType\n"); - } -@@ -4547,12 +4543,9 @@ _ppdCreateFromIPP2( - pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - - snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname); -- cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr); -+ ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid); - - if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL) - { -@@ -4671,9 +4664,6 @@ _ppdCreateFromIPP2( - cupsArrayAdd(names, (char *)keyword); - - snprintf(msgid, sizeof(msgid), "finishings.%d", value); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) - ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; -@@ -4688,7 +4678,7 @@ _ppdCreateFromIPP2( - continue; - - cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword); -- cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); -+ ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid); - cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword); - } - -@@ -4751,9 +4741,6 @@ _ppdCreateFromIPP2( - cupsArrayAdd(names, (char *)keyword); - - snprintf(msgid, sizeof(msgid), "finishings.%d", value); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) - ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; -@@ -4768,7 +4755,7 @@ _ppdCreateFromIPP2( - continue; - - cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword); -- cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); -+ ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid); - cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword); - } - -@@ -4839,9 +4826,6 @@ _ppdCreateFromIPP2( - cupsArrayAdd(names, (char *)keyword); - - snprintf(msgid, sizeof(msgid), "finishings.%d", value); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) - ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; -@@ -4856,7 +4840,7 @@ _ppdCreateFromIPP2( - continue; - - cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword); -- cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); -+ ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid); - cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword); - } - -@@ -4927,9 +4911,6 @@ _ppdCreateFromIPP2( - cupsArrayAdd(names, (char *)keyword); - - snprintf(msgid, sizeof(msgid), "finishings.%d", value); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - if (value == IPP_FINISHINGS_TRIM) - ppd_keyword = "Auto"; -@@ -4937,7 +4918,7 @@ _ppdCreateFromIPP2( - ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES]; - - cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword); -- cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); -+ ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid); - cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword); - } - -@@ -4979,9 +4960,6 @@ _ppdCreateFromIPP2( - pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); - - snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); -- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) -- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) -- msgstr = keyword; - - cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); - for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) -@@ -4996,7 +4974,7 @@ _ppdCreateFromIPP2( - } - } - cupsFilePuts(fp, "\"\n"); -- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); -+ ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid); - cupsFilePuts(fp, "*End\n"); - } - -@@ -5165,11 +5143,9 @@ _ppdCreateFromIPP2( - - cupsFilePuts(fp, "\"\n*End\n"); - -- if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) -- { -- pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); -- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); -- } -+ snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name); -+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); -+ ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid); - } - } - -@@ -5440,6 +5416,43 @@ cups_get_url(http_t **http, /* IO - Current HTTP connection */ - } - - -+/* -+ * 'ppd_put_strings()' - Write localization attributes to a PPD file. -+ */ -+ -+static void -+ppd_put_string(cups_file_t *fp, /* I - PPD file */ -+ cups_lang_t *lang, /* I - Language */ -+ cups_array_t *strings, /* I - Strings */ -+ const char *ppd_option,/* I - PPD option */ -+ const char *ppd_choice,/* I - PPD choice */ -+ const char *pwg_msgid) /* I - PWG message ID */ -+{ -+ const char *text; /* Localized text */ -+ -+ -+ if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text)) -+ { -+ if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid) -+ return; -+ } -+ -+ // Add the first line of localized text... -+ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); -+ while (*text && *text != '\n') -+ { -+ // Escape ":" and "<"... -+ if (*text == ':' || *text == '<') -+ cupsFilePrintf(fp, "<%02X>", *text); -+ else -+ cupsFilePutChar(fp, *text); -+ -+ text ++; -+ } -+ cupsFilePuts(fp, ": \"\"\n"); -+} -+ -+ - /* - * 'pwg_add_finishing()' - Add a finishings value. - */ --- -2.25.1 - diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch deleted file mode 100644 index 77a30857e2..0000000000 --- a/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2abe1ba8a66864aa82cd9836b37e57103b8e1a3b Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Mon, 23 Sep 2024 10:11:31 -0400 -Subject: [PATCH] Fix warnings for unused vars. - -Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b] -CVE: CVE-2024-47175 -Signed-off-by: Hitendra Prajapati ---- - cups/ppd-cache.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index f425ac0..d2533b7 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -3223,8 +3223,7 @@ _ppdCreateFromIPP2( - int have_qdraft = 0,/* Have draft quality? */ - have_qhigh = 0; /* Have high quality? */ - char msgid[256]; /* Message identifier (attr.value) */ -- const char *keyword, /* Keyword value */ -- *msgstr; /* Localized string */ -+ const char *keyword; /* Keyword value */ - cups_array_t *strings = NULL;/* Printer strings file */ - struct lconv *loc = localeconv(); - /* Locale data */ -@@ -5010,9 +5009,8 @@ _ppdCreateFromIPP2( - { - ipp_t *preset = ippGetCollection(attr, i); - /* Preset collection */ -- const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL), -+ const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL); - /* Preset name */ -- *localized_name; /* Localized preset name */ - ipp_attribute_t *member; /* Member attribute in preset */ - const char *member_name; /* Member attribute name */ - char member_value[256]; /* Member attribute value */ --- -2.25.1 - diff --git a/meta/recipes-extended/cups/cups_2.4.10.bb b/meta/recipes-extended/cups/cups_2.4.11.bb similarity index 51% rename from meta/recipes-extended/cups/cups_2.4.10.bb rename to meta/recipes-extended/cups/cups_2.4.11.bb index e16ad47cf5..71568295cb 100644 --- a/meta/recipes-extended/cups/cups_2.4.10.bb +++ b/meta/recipes-extended/cups/cups_2.4.11.bb @@ -2,4 +2,4 @@ require cups.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "d75757c2bc0f7a28b02ee4d52ca9e4b1aa1ba2affe16b985854f5336940e5ad7" +SRC_URI[sha256sum] = "9a88fe1da3a29a917c3fc67ce6eb3178399d68e1a548c6d86c70d9b13651fd71" From patchwork Tue Sep 16 05:42:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vijay Anusuri X-Patchwork-Id: 70287 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2064CAC598 for ; Tue, 16 Sep 2025 05:43:51 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.12339.1758001397687458971 for ; Mon, 15 Sep 2025 22:43:37 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: no key for signature: lookup google._domainkey.mvista.com on 100.100.100.100:53: no such host" header.i=@mvista.com header.s=google header.b=g1W2sgfv; spf=temperror, err=temporary DNS error (domain: mvista.com, ip: 209.85.210.173, mailfrom: vanusuri@mvista.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-77619f3f41aso2780761b3a.2 for ; Mon, 15 Sep 2025 22:42:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista.com; s=google; t=1758001373; x=1758606173; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=43YE9zGr6MvmpJEvMmZe/Dyav6NJhQkb1XxMCaRKHrw=; b=g1W2sgfvKP3ldliZRQ1RVHDJjx3GX2PVSaoqXcSgt6+a5L9a7l+lPhaqylaSe8MjOt 0A+nqAxDKw7zJmJxe522BxhmZMPHp1uTcbFDxxd1vAkkgQCrXrDp+xk2Em/pN0rB9um5 dHqs5AmYIfamrGJLPs13LCDZrnzRTP/a6uuJI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758001373; x=1758606173; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=43YE9zGr6MvmpJEvMmZe/Dyav6NJhQkb1XxMCaRKHrw=; b=norgiKKh7tGJOc/CFisfFEFJ22mRb0FA9vbKgJMjCqg8hxJRWZt6UfR0f9bWPEWvne kuWJqJssFyKdScMTBiMQQm//wfXGGmemfZ2no4JhJGiHHYbvqVmIhT9PoqeV/J2EzpWL twgf1xZfWDR6jRVwNJjrM8ubPXBntR+CYtLWAy4y5ORjMEnZrFcFsqZF1nwIRONgk3ix KjuNhAeodAt+QNtcHdV8mFpyJNL7ysBYCL7wBtKN4dPHVzv626JXXE441WbQdEQ1Q8MD OuTAdWDgfv0Wa77FIgMy+4mj1ttzXwp5BrGgRRmpZabwUB5U5gIJaCnXoh2usVgCrQZU NbpA== X-Gm-Message-State: AOJu0YwyBGOEEIuPThQcOPanEHglg6aR50dypaiYIaUJvcCtgBLn0NVk ojmAC5BAA3K6vJByQVLoK6KwMO8Y8EMvEBbsMniUoQc/ZCF0GKJvHFesXetHOqMH8jmmxePMuUR jd7cDPBc= X-Gm-Gg: ASbGncvrW+z++CjknqLHgpTM3BcjImxxR1B+Avk7yeahFavBBu69B0zOOUQ+VMMADNQ qpJP5rQH2ZGs0y5AqQK59AwJhmAoNnPAn9IHMdE4GtFmhY7GIUS0rIrVPyi6GlJT/HxWapF/FcY 1AgoLbwnlXhLDiMiaE+efuH7xk2y5ZP9Wv2049KWaPDimQ4fbwEOWiD8aZJLlYrHum0OWQICBPc TvZeaTxGIHtbMNDD6ceLn/I88kgEeG+E98lGh8EAR7yki8ifIORKH6AtLu0C1SG6hVLFX30QTQS lJWaRwYUS8b5MLCaWa4YhoujZxldaPaMQjp82wcmpD9DKBrh05crNhJRSmaj2KNkHomh1iz7fYU vZREaTwB/xV1gpMjxHMT6bDZaodr/uBXClg== X-Google-Smtp-Source: AGHT+IHQEtPtnVNVflicW4misyThEBdWzRvGSWVbAslShzJCdhFqr6NDm24U2h0+iUtISUhPUmrnAw== X-Received: by 2002:a05:6a20:432b:b0:245:fb85:ef58 with SMTP id adf61e73a8af0-2602c90cbe2mr21131432637.40.1758001372944; Mon, 15 Sep 2025 22:42:52 -0700 (PDT) Received: from localhost.localdomain ([49.207.214.94]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7760944a9a9sm14617516b3a.78.2025.09.15.22.42.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Sep 2025 22:42:52 -0700 (PDT) From: vanusuri@mvista.com To: openembedded-core@lists.openembedded.org Cc: Vijay Anusuri Subject: [OE-core][scarthgap][PATCH v2 2/2] cups: Fix for CVE-2025-58060 and CVE-2025-58364 Date: Tue, 16 Sep 2025 11:12:38 +0530 Message-Id: <20250916054238.117124-2-vanusuri@mvista.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20250916054238.117124-1-vanusuri@mvista.com> References: <20250916054238.117124-1-vanusuri@mvista.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 16 Sep 2025 05:43:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/223530 From: Vijay Anusuri Upstream-Status: Backport from https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221 & https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d Signed-off-by: Vijay Anusuri --- meta/recipes-extended/cups/cups.inc | 2 + .../cups/cups/CVE-2025-58060.patch | 60 ++++++++++++++++++ .../cups/cups/CVE-2025-58364.patch | 61 +++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58060.patch create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58364.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index b70ba3ae58..48c0ce5956 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -15,6 +15,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://0004-cups-fix-multilib-install-file-conflicts.patch \ file://volatiles.99_cups \ file://cups-volatiles.conf \ + file://CVE-2025-58060.patch \ + file://CVE-2025-58364.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2025-58060.patch b/meta/recipes-extended/cups/cups/CVE-2025-58060.patch new file mode 100644 index 0000000000..4162fa2c27 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2025-58060.patch @@ -0,0 +1,60 @@ +From 595d691075b1d396d2edfaa0a8fd0873a0a1f221 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 11 Sep 2025 14:44:59 +0200 +Subject: [PATCH] cupsd: Block authentication using alternate method + +Fixes: CVE-2025-58060 + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221] +CVE: CVE-2025-58060 +Signed-off-by: Vijay Anusuri +--- + scheduler/auth.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/scheduler/auth.c b/scheduler/auth.c +index 5fa53644d..3c9aa72aa 100644 +--- a/scheduler/auth.c ++++ b/scheduler/auth.c +@@ -513,6 +513,16 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + int userlen; /* Username:password length */ + + ++ /* ++ * Only allow Basic if enabled... ++ */ ++ ++ if (type != CUPSD_AUTH_BASIC) ++ { ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled."); ++ return; ++ } ++ + authorization += 5; + while (isspace(*authorization & 255)) + authorization ++; +@@ -558,7 +568,6 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + * Validate the username and password... + */ + +- if (type == CUPSD_AUTH_BASIC) + { + #if HAVE_LIBPAM + /* +@@ -727,6 +736,16 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + /* Output token for username */ + gss_name_t client_name; /* Client name */ + ++ /* ++ * Only allow Kerberos if enabled... ++ */ ++ ++ if (type != CUPSD_AUTH_NEGOTIATE) ++ { ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled."); ++ return; ++ } ++ + # ifdef __APPLE__ + /* + * If the weak-linked GSSAPI/Kerberos library is not present, don't try diff --git a/meta/recipes-extended/cups/cups/CVE-2025-58364.patch b/meta/recipes-extended/cups/cups/CVE-2025-58364.patch new file mode 100644 index 0000000000..2be36e3b7a --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2025-58364.patch @@ -0,0 +1,61 @@ +From e58cba9d6fceed4242980e51dbd1302cf638ab1d Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 11 Sep 2025 14:53:49 +0200 +Subject: [PATCH] libcups: Fix handling of extension tag in `ipp_read_io()` + +Fixes: CVE-2025-58364 + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d] +CVE: CVE-2025-58364 +Signed-off-by: Vijay Anusuri +--- + cups/ipp.c | 26 +------------------------- + 1 file changed, 1 insertion(+), 25 deletions(-) + +diff --git a/cups/ipp.c b/cups/ipp.c +index 47ba9fa..9b7bf3f 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -2949,31 +2949,6 @@ ippReadIO(void *src, /* I - Data source */ + */ + + tag = (ipp_tag_t)buffer[0]; +- if (tag == IPP_TAG_EXTENSION) +- { +- /* +- * Read 32-bit "extension" tag... +- */ +- +- if ((*cb)(src, buffer, 4) < 4) +- { +- DEBUG_puts("1ippReadIO: Callback returned EOF/error"); +- goto rollback; +- } +- +- tag = (ipp_tag_t)((buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | buffer[3]); +- +- if (tag & IPP_TAG_CUPS_CONST) +- { +- /* +- * Fail if the high bit is set in the tag... +- */ +- +- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP extension tag larger than 0x7FFFFFFF."), 1); +- DEBUG_printf(("1ippReadIO: bad tag 0x%x.", tag)); +- goto rollback; +- } +- } + + if (tag == IPP_TAG_END) + { +@@ -3196,6 +3171,7 @@ ippReadIO(void *src, /* I - Data source */ + + if ((*cb)(src, buffer, (size_t)n) < n) + { ++ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to read IPP attribute name."), 1); + DEBUG_puts("1ippReadIO: unable to read name."); + goto rollback; + } +-- +2.25.1 +