diff options
Diffstat (limited to 'meta/recipes-extended/cups')
| -rw-r--r-- | meta/recipes-extended/cups/cups.inc | 5 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch | 73 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch | 151 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch | 119 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch | 249 | ||||
| -rw-r--r-- | meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch | 40 |
6 files changed, 637 insertions, 0 deletions
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index b70ba3ae58..5590eb0fa0 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc | |||
| @@ -15,6 +15,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ | |||
| 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ | 15 | file://0004-cups-fix-multilib-install-file-conflicts.patch \ |
| 16 | file://volatiles.99_cups \ | 16 | file://volatiles.99_cups \ |
| 17 | file://cups-volatiles.conf \ | 17 | file://cups-volatiles.conf \ |
| 18 | file://CVE-2024-47175-1.patch \ | ||
| 19 | file://CVE-2024-47175-2.patch \ | ||
| 20 | file://CVE-2024-47175-3.patch \ | ||
| 21 | file://CVE-2024-47175-4.patch \ | ||
| 22 | file://CVE-2024-47175-5.patch \ | ||
| 18 | " | 23 | " |
| 19 | 24 | ||
| 20 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" | 25 | GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" |
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch new file mode 100644 index 0000000000..8ec720ea0d --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-1.patch | |||
| @@ -0,0 +1,73 @@ | |||
| 1 | From 9939a70b750edd9d05270060cc5cf62ca98cfbe5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael R Sweet <msweet@msweet.org> | ||
| 3 | Date: Mon, 9 Sep 2024 10:03:10 -0400 | ||
| 4 | Subject: [PATCH] Mirror IPP Everywhere printer changes from master. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5] | ||
| 7 | CVE: CVE-2024-47175 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | --- | ||
| 10 | cups/ppd-cache.c | 10 +++++----- | ||
| 11 | scheduler/ipp.c | 7 +++++++ | ||
| 12 | 2 files changed, 12 insertions(+), 5 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c | ||
| 15 | index e750fcc..cd2d6cb 100644 | ||
| 16 | --- a/cups/ppd-cache.c | ||
| 17 | +++ b/cups/ppd-cache.c | ||
| 18 | @@ -3317,10 +3317,10 @@ _ppdCreateFromIPP2( | ||
| 19 | } | ||
| 20 | cupsFilePuts(fp, "\"\n"); | ||
| 21 | |||
| 22 | - if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL) | ||
| 23 | + if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 24 | cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); | ||
| 25 | |||
| 26 | - if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL) | ||
| 27 | + if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 28 | cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); | ||
| 29 | |||
| 30 | if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL) | ||
| 31 | @@ -3389,10 +3389,10 @@ _ppdCreateFromIPP2( | ||
| 32 | if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0)) | ||
| 33 | cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n"); | ||
| 34 | |||
| 35 | - if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL) | ||
| 36 | + if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 37 | cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL)); | ||
| 38 | |||
| 39 | - if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL) | ||
| 40 | + if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) | ||
| 41 | { | ||
| 42 | char prefix = '\"'; // Prefix for string | ||
| 43 | |||
| 44 | @@ -3410,7 +3410,7 @@ _ppdCreateFromIPP2( | ||
| 45 | cupsFilePuts(fp, "\"\n"); | ||
| 46 | } | ||
| 47 | |||
| 48 | - if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL) | ||
| 49 | + if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr)) | ||
| 50 | { | ||
| 51 | char prefix = '\"'; // Prefix for string | ||
| 52 | |||
| 53 | diff --git a/scheduler/ipp.c b/scheduler/ipp.c | ||
| 54 | index 37623c5..836e41d 100644 | ||
| 55 | --- a/scheduler/ipp.c | ||
| 56 | +++ b/scheduler/ipp.c | ||
| 57 | @@ -5417,6 +5417,13 @@ create_local_bg_thread( | ||
| 58 | } | ||
| 59 | } | ||
| 60 | |||
| 61 | + // Validate response from printer... | ||
| 62 | + if (!ippValidateAttributes(response)) | ||
| 63 | + { | ||
| 64 | + cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Printer returned invalid data: %s", printer->name, cupsLastErrorString()); | ||
| 65 | + return (NULL); | ||
| 66 | + } | ||
| 67 | + | ||
| 68 | // TODO: Grab printer icon file... | ||
| 69 | httpClose(http); | ||
| 70 | |||
| 71 | -- | ||
| 72 | 2.25.1 | ||
| 73 | |||
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch new file mode 100644 index 0000000000..11e8209626 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-2.patch | |||
| @@ -0,0 +1,151 @@ | |||
| 1 | From 04bb2af4521b56c1699a2c2431c56c05a7102e69 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael R Sweet <msweet@msweet.org> | ||
| 3 | Date: Mon, 9 Sep 2024 14:05:42 -0400 | ||
| 4 | Subject: [PATCH] Refactor make-and-model code. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69] | ||
| 7 | CVE: CVE-2024-47175 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | --- | ||
| 10 | cups/ppd-cache.c | 103 +++++++++++++++++++++++++++++++++++++++-------- | ||
| 11 | 1 file changed, 87 insertions(+), 16 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c | ||
| 14 | index cd2d6cb..a4d7403 100644 | ||
| 15 | --- a/cups/ppd-cache.c | ||
| 16 | +++ b/cups/ppd-cache.c | ||
| 17 | @@ -3197,9 +3197,10 @@ _ppdCreateFromIPP2( | ||
| 18 | ipp_t *media_col, /* Media collection */ | ||
| 19 | *media_size; /* Media size collection */ | ||
| 20 | char make[256], /* Make and model */ | ||
| 21 | - *model, /* Model name */ | ||
| 22 | + *mptr, /* Pointer into make and model */ | ||
| 23 | ppdname[PPD_MAX_NAME]; | ||
| 24 | /* PPD keyword */ | ||
| 25 | + const char *model; /* Model name */ | ||
| 26 | int i, j, /* Looping vars */ | ||
| 27 | count, /* Number of values */ | ||
| 28 | bottom, /* Largest bottom margin */ | ||
| 29 | @@ -3260,34 +3261,104 @@ _ppdCreateFromIPP2( | ||
| 30 | } | ||
| 31 | |||
| 32 | /* | ||
| 33 | - * Standard stuff for PPD file... | ||
| 34 | + * Get a sanitized make and model... | ||
| 35 | */ | ||
| 36 | |||
| 37 | - cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); | ||
| 38 | - cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); | ||
| 39 | - cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); | ||
| 40 | - cupsFilePuts(fp, "*LanguageVersion: English\n"); | ||
| 41 | - cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); | ||
| 42 | - cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); | ||
| 43 | - cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); | ||
| 44 | - cupsFilePuts(fp, "*FileSystem: False\n"); | ||
| 45 | - cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); | ||
| 46 | + if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr)) | ||
| 47 | + { | ||
| 48 | + /* | ||
| 49 | + * Sanitize the model name to only contain PPD-safe characters. | ||
| 50 | + */ | ||
| 51 | |||
| 52 | - if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL) | ||
| 53 | strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); | ||
| 54 | + | ||
| 55 | + for (mptr = make; *mptr; mptr ++) | ||
| 56 | + { | ||
| 57 | + if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"') | ||
| 58 | + { | ||
| 59 | + /* | ||
| 60 | + * Truncate the make and model on the first bad character... | ||
| 61 | + */ | ||
| 62 | + | ||
| 63 | + *mptr = '\0'; | ||
| 64 | + break; | ||
| 65 | + } | ||
| 66 | + } | ||
| 67 | + | ||
| 68 | + while (mptr > make) | ||
| 69 | + { | ||
| 70 | + /* | ||
| 71 | + * Strip trailing whitespace... | ||
| 72 | + */ | ||
| 73 | + | ||
| 74 | + mptr --; | ||
| 75 | + if (*mptr == ' ') | ||
| 76 | + *mptr = '\0'; | ||
| 77 | + } | ||
| 78 | + | ||
| 79 | + if (!make[0]) | ||
| 80 | + { | ||
| 81 | + /* | ||
| 82 | + * Use a default make and model if nothing remains... | ||
| 83 | + */ | ||
| 84 | + | ||
| 85 | + strlcpy(make, "Unknown", sizeof(make)); | ||
| 86 | + } | ||
| 87 | + } | ||
| 88 | else | ||
| 89 | - strlcpy(make, "Unknown Printer", sizeof(make)); | ||
| 90 | + { | ||
| 91 | + /* | ||
| 92 | + * Use a default make and model... | ||
| 93 | + */ | ||
| 94 | + | ||
| 95 | + strlcpy(make, "Unknown", sizeof(make)); | ||
| 96 | + } | ||
| 97 | |||
| 98 | if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) | ||
| 99 | { | ||
| 100 | + /* | ||
| 101 | + * Normalize HP printer make and model... | ||
| 102 | + */ | ||
| 103 | + | ||
| 104 | model = make + 16; | ||
| 105 | strlcpy(make, "HP", sizeof(make)); | ||
| 106 | + | ||
| 107 | + if (!_cups_strncasecmp(model, "HP ", 3)) | ||
| 108 | + model += 3; | ||
| 109 | + } | ||
| 110 | + else if ((mptr = strchr(make, ' ')) != NULL) | ||
| 111 | + { | ||
| 112 | + /* | ||
| 113 | + * Separate "MAKE MODEL"... | ||
| 114 | + */ | ||
| 115 | + | ||
| 116 | + while (*mptr && *mptr == ' ') | ||
| 117 | + *mptr++ = '\0'; | ||
| 118 | + | ||
| 119 | + model = mptr; | ||
| 120 | } | ||
| 121 | - else if ((model = strchr(make, ' ')) != NULL) | ||
| 122 | - *model++ = '\0'; | ||
| 123 | else | ||
| 124 | - model = make; | ||
| 125 | + { | ||
| 126 | + /* | ||
| 127 | + * No separate model name... | ||
| 128 | + */ | ||
| 129 | |||
| 130 | + model = "Printer"; | ||
| 131 | + } | ||
| 132 | + | ||
| 133 | + /* | ||
| 134 | + * Standard stuff for PPD file... | ||
| 135 | + */ | ||
| 136 | + | ||
| 137 | + cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); | ||
| 138 | + cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); | ||
| 139 | + cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); | ||
| 140 | + cupsFilePuts(fp, "*LanguageVersion: English\n"); | ||
| 141 | + cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); | ||
| 142 | + cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); | ||
| 143 | + cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); | ||
| 144 | + cupsFilePuts(fp, "*FileSystem: False\n"); | ||
| 145 | + cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); | ||
| 146 | cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); | ||
| 147 | cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); | ||
| 148 | cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); | ||
| 149 | -- | ||
| 150 | 2.25.1 | ||
| 151 | |||
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch new file mode 100644 index 0000000000..e7d012fb8a --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-3.patch | |||
| @@ -0,0 +1,119 @@ | |||
| 1 | From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael R Sweet <msweet@msweet.org> | ||
| 3 | Date: Mon, 9 Sep 2024 15:59:57 -0400 | ||
| 4 | Subject: [PATCH] PPDize preset and template names. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/e0630cd18f76340d302000f2bf6516e99602b844] | ||
| 7 | CVE: CVE-2024-47175 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | --- | ||
| 10 | cups/ppd-cache.c | 33 ++++++++++++++++++++++++--------- | ||
| 11 | 1 file changed, 24 insertions(+), 9 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c | ||
| 14 | index a4d7403..53c22be 100644 | ||
| 15 | --- a/cups/ppd-cache.c | ||
| 16 | +++ b/cups/ppd-cache.c | ||
| 17 | @@ -4976,12 +4976,14 @@ _ppdCreateFromIPP2( | ||
| 18 | |||
| 19 | cupsArrayAdd(templates, (void *)keyword); | ||
| 20 | |||
| 21 | + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 22 | + | ||
| 23 | snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); | ||
| 24 | if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 25 | if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 26 | msgstr = keyword; | ||
| 27 | |||
| 28 | - cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword); | ||
| 29 | + cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); | ||
| 30 | for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) | ||
| 31 | { | ||
| 32 | if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) | ||
| 33 | @@ -4994,7 +4996,7 @@ _ppdCreateFromIPP2( | ||
| 34 | } | ||
| 35 | } | ||
| 36 | cupsFilePuts(fp, "\"\n"); | ||
| 37 | - cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr); | ||
| 38 | + cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); | ||
| 39 | cupsFilePuts(fp, "*End\n"); | ||
| 40 | } | ||
| 41 | |||
| 42 | @@ -5040,7 +5042,8 @@ _ppdCreateFromIPP2( | ||
| 43 | if (!preset || !preset_name) | ||
| 44 | continue; | ||
| 45 | |||
| 46 | - cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name); | ||
| 47 | + pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); | ||
| 48 | + cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname); | ||
| 49 | for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset)) | ||
| 50 | { | ||
| 51 | member_name = ippGetName(member); | ||
| 52 | @@ -5081,7 +5084,10 @@ _ppdCreateFromIPP2( | ||
| 53 | fin_col = ippGetCollection(member, i); | ||
| 54 | |||
| 55 | if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL) | ||
| 56 | - cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword); | ||
| 57 | + { | ||
| 58 | + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 59 | + cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname); | ||
| 60 | + } | ||
| 61 | } | ||
| 62 | } | ||
| 63 | else if (!strcmp(member_name, "media")) | ||
| 64 | @@ -5108,13 +5114,13 @@ _ppdCreateFromIPP2( | ||
| 65 | if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL) | ||
| 66 | { | ||
| 67 | pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 68 | - cupsFilePrintf(fp, "*InputSlot %s\n", keyword); | ||
| 69 | + cupsFilePrintf(fp, "*InputSlot %s\n", ppdname); | ||
| 70 | } | ||
| 71 | |||
| 72 | if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL) | ||
| 73 | { | ||
| 74 | pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 75 | - cupsFilePrintf(fp, "*MediaType %s\n", keyword); | ||
| 76 | + cupsFilePrintf(fp, "*MediaType %s\n", ppdname); | ||
| 77 | } | ||
| 78 | } | ||
| 79 | else if (!strcmp(member_name, "print-quality")) | ||
| 80 | @@ -5160,7 +5166,10 @@ _ppdCreateFromIPP2( | ||
| 81 | cupsFilePuts(fp, "\"\n*End\n"); | ||
| 82 | |||
| 83 | if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) | ||
| 84 | - cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name); | ||
| 85 | + { | ||
| 86 | + pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); | ||
| 87 | + cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); | ||
| 88 | + } | ||
| 89 | } | ||
| 90 | } | ||
| 91 | |||
| 92 | @@ -5544,7 +5553,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ | ||
| 93 | *end; /* End of name buffer */ | ||
| 94 | |||
| 95 | |||
| 96 | - if (!ipp) | ||
| 97 | + if (!ipp || !_cups_isalnum(*ipp)) | ||
| 98 | { | ||
| 99 | *name = '\0'; | ||
| 100 | return; | ||
| 101 | @@ -5559,8 +5568,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ | ||
| 102 | ipp ++; | ||
| 103 | *ptr++ = (char)toupper(*ipp++ & 255); | ||
| 104 | } | ||
| 105 | - else | ||
| 106 | + else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp)) | ||
| 107 | + { | ||
| 108 | *ptr++ = *ipp++; | ||
| 109 | + } | ||
| 110 | + else | ||
| 111 | + { | ||
| 112 | + ipp ++; | ||
| 113 | + } | ||
| 114 | } | ||
| 115 | |||
| 116 | *ptr = '\0'; | ||
| 117 | -- | ||
| 118 | 2.25.1 | ||
| 119 | |||
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch new file mode 100644 index 0000000000..7665513485 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-4.patch | |||
| @@ -0,0 +1,249 @@ | |||
| 1 | From 1e6ca5913eceee906038bc04cc7ccfbe2923bdfd Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael R Sweet <msweet@msweet.org> | ||
| 3 | Date: Mon, 23 Sep 2024 09:36:39 -0400 | ||
| 4 | Subject: [PATCH] Quote PPD localized strings. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd] | ||
| 7 | CVE: CVE-2024-47175 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | --- | ||
| 10 | cups/ppd-cache.c | 93 +++++++++++++++++++++++++++--------------------- | ||
| 11 | 1 file changed, 53 insertions(+), 40 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c | ||
| 14 | index 53c22be..f425ac0 100644 | ||
| 15 | --- a/cups/ppd-cache.c | ||
| 16 | +++ b/cups/ppd-cache.c | ||
| 17 | @@ -32,6 +32,7 @@ | ||
| 18 | static int cups_connect(http_t **http, const char *url, char *resource, size_t ressize); | ||
| 19 | static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize); | ||
| 20 | static const char *ppd_inputslot_for_keyword(_ppd_cache_t *pc, const char *keyword); | ||
| 21 | +static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid); | ||
| 22 | static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value); | ||
| 23 | static void pwg_add_message(cups_array_t *a, const char *msg, const char *str); | ||
| 24 | static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b); | ||
| 25 | @@ -3394,7 +3395,7 @@ _ppdCreateFromIPP2( | ||
| 26 | if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 27 | cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); | ||
| 28 | |||
| 29 | - if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL) | ||
| 30 | + if ((attr = ippFindAttribute(supported, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 31 | { | ||
| 32 | http_t *http = NULL; /* Connection to printer */ | ||
| 33 | char stringsfile[1024]; /* Temporary strings file */ | ||
| 34 | @@ -3438,7 +3439,7 @@ _ppdCreateFromIPP2( | ||
| 35 | |||
| 36 | response = cupsDoRequest(http, request, resource); | ||
| 37 | |||
| 38 | - if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL) | ||
| 39 | + if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) | ||
| 40 | cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword, ippGetString(attr, 0, NULL)); | ||
| 41 | |||
| 42 | ippDelete(response); | ||
| 43 | @@ -4044,18 +4045,16 @@ _ppdCreateFromIPP2( | ||
| 44 | cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname); | ||
| 45 | |||
| 46 | for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++) | ||
| 47 | + { | ||
| 48 | if (!strcmp(sources[j], keyword)) | ||
| 49 | { | ||
| 50 | snprintf(msgid, sizeof(msgid), "media-source.%s", keyword); | ||
| 51 | |||
| 52 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 53 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 54 | - msgstr = keyword; | ||
| 55 | - | ||
| 56 | cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j); | ||
| 57 | - cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, msgstr); | ||
| 58 | + ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid); | ||
| 59 | break; | ||
| 60 | } | ||
| 61 | + } | ||
| 62 | } | ||
| 63 | cupsFilePuts(fp, "*CloseUI: *InputSlot\n"); | ||
| 64 | } | ||
| 65 | @@ -4081,12 +4080,9 @@ _ppdCreateFromIPP2( | ||
| 66 | pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 67 | |||
| 68 | snprintf(msgid, sizeof(msgid), "media-type.%s", keyword); | ||
| 69 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 70 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 71 | - msgstr = keyword; | ||
| 72 | |||
| 73 | cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname); | ||
| 74 | - cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr); | ||
| 75 | + ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid); | ||
| 76 | } | ||
| 77 | cupsFilePuts(fp, "*CloseUI: *MediaType\n"); | ||
| 78 | } | ||
| 79 | @@ -4547,12 +4543,9 @@ _ppdCreateFromIPP2( | ||
| 80 | pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 81 | |||
| 82 | snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword); | ||
| 83 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 84 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 85 | - msgstr = keyword; | ||
| 86 | |||
| 87 | cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname); | ||
| 88 | - cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr); | ||
| 89 | + ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid); | ||
| 90 | |||
| 91 | if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL) | ||
| 92 | { | ||
| 93 | @@ -4671,9 +4664,6 @@ _ppdCreateFromIPP2( | ||
| 94 | cupsArrayAdd(names, (char *)keyword); | ||
| 95 | |||
| 96 | snprintf(msgid, sizeof(msgid), "finishings.%d", value); | ||
| 97 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 98 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 99 | - msgstr = keyword; | ||
| 100 | |||
| 101 | if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) | ||
| 102 | ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; | ||
| 103 | @@ -4688,7 +4678,7 @@ _ppdCreateFromIPP2( | ||
| 104 | continue; | ||
| 105 | |||
| 106 | cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword); | ||
| 107 | - cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); | ||
| 108 | + ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid); | ||
| 109 | cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword); | ||
| 110 | } | ||
| 111 | |||
| 112 | @@ -4751,9 +4741,6 @@ _ppdCreateFromIPP2( | ||
| 113 | cupsArrayAdd(names, (char *)keyword); | ||
| 114 | |||
| 115 | snprintf(msgid, sizeof(msgid), "finishings.%d", value); | ||
| 116 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 117 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 118 | - msgstr = keyword; | ||
| 119 | |||
| 120 | if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) | ||
| 121 | ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; | ||
| 122 | @@ -4768,7 +4755,7 @@ _ppdCreateFromIPP2( | ||
| 123 | continue; | ||
| 124 | |||
| 125 | cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword); | ||
| 126 | - cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); | ||
| 127 | + ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid); | ||
| 128 | cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword); | ||
| 129 | } | ||
| 130 | |||
| 131 | @@ -4839,9 +4826,6 @@ _ppdCreateFromIPP2( | ||
| 132 | cupsArrayAdd(names, (char *)keyword); | ||
| 133 | |||
| 134 | snprintf(msgid, sizeof(msgid), "finishings.%d", value); | ||
| 135 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 136 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 137 | - msgstr = keyword; | ||
| 138 | |||
| 139 | if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) | ||
| 140 | ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; | ||
| 141 | @@ -4856,7 +4840,7 @@ _ppdCreateFromIPP2( | ||
| 142 | continue; | ||
| 143 | |||
| 144 | cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword); | ||
| 145 | - cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); | ||
| 146 | + ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid); | ||
| 147 | cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword); | ||
| 148 | } | ||
| 149 | |||
| 150 | @@ -4927,9 +4911,6 @@ _ppdCreateFromIPP2( | ||
| 151 | cupsArrayAdd(names, (char *)keyword); | ||
| 152 | |||
| 153 | snprintf(msgid, sizeof(msgid), "finishings.%d", value); | ||
| 154 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 155 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 156 | - msgstr = keyword; | ||
| 157 | |||
| 158 | if (value == IPP_FINISHINGS_TRIM) | ||
| 159 | ppd_keyword = "Auto"; | ||
| 160 | @@ -4937,7 +4918,7 @@ _ppdCreateFromIPP2( | ||
| 161 | ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES]; | ||
| 162 | |||
| 163 | cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword); | ||
| 164 | - cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); | ||
| 165 | + ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid); | ||
| 166 | cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword); | ||
| 167 | } | ||
| 168 | |||
| 169 | @@ -4979,9 +4960,6 @@ _ppdCreateFromIPP2( | ||
| 170 | pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); | ||
| 171 | |||
| 172 | snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); | ||
| 173 | - if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) | ||
| 174 | - if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) | ||
| 175 | - msgstr = keyword; | ||
| 176 | |||
| 177 | cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); | ||
| 178 | for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) | ||
| 179 | @@ -4996,7 +4974,7 @@ _ppdCreateFromIPP2( | ||
| 180 | } | ||
| 181 | } | ||
| 182 | cupsFilePuts(fp, "\"\n"); | ||
| 183 | - cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); | ||
| 184 | + ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid); | ||
| 185 | cupsFilePuts(fp, "*End\n"); | ||
| 186 | } | ||
| 187 | |||
| 188 | @@ -5165,11 +5143,9 @@ _ppdCreateFromIPP2( | ||
| 189 | |||
| 190 | cupsFilePuts(fp, "\"\n*End\n"); | ||
| 191 | |||
| 192 | - if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) | ||
| 193 | - { | ||
| 194 | - pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); | ||
| 195 | - cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); | ||
| 196 | - } | ||
| 197 | + snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name); | ||
| 198 | + pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); | ||
| 199 | + ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid); | ||
| 200 | } | ||
| 201 | } | ||
| 202 | |||
| 203 | @@ -5440,6 +5416,43 @@ cups_get_url(http_t **http, /* IO - Current HTTP connection */ | ||
| 204 | } | ||
| 205 | |||
| 206 | |||
| 207 | +/* | ||
| 208 | + * 'ppd_put_strings()' - Write localization attributes to a PPD file. | ||
| 209 | + */ | ||
| 210 | + | ||
| 211 | +static void | ||
| 212 | +ppd_put_string(cups_file_t *fp, /* I - PPD file */ | ||
| 213 | + cups_lang_t *lang, /* I - Language */ | ||
| 214 | + cups_array_t *strings, /* I - Strings */ | ||
| 215 | + const char *ppd_option,/* I - PPD option */ | ||
| 216 | + const char *ppd_choice,/* I - PPD choice */ | ||
| 217 | + const char *pwg_msgid) /* I - PWG message ID */ | ||
| 218 | +{ | ||
| 219 | + const char *text; /* Localized text */ | ||
| 220 | + | ||
| 221 | + | ||
| 222 | + if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text)) | ||
| 223 | + { | ||
| 224 | + if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid) | ||
| 225 | + return; | ||
| 226 | + } | ||
| 227 | + | ||
| 228 | + // Add the first line of localized text... | ||
| 229 | + cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); | ||
| 230 | + while (*text && *text != '\n') | ||
| 231 | + { | ||
| 232 | + // Escape ":" and "<"... | ||
| 233 | + if (*text == ':' || *text == '<') | ||
| 234 | + cupsFilePrintf(fp, "<%02X>", *text); | ||
| 235 | + else | ||
| 236 | + cupsFilePutChar(fp, *text); | ||
| 237 | + | ||
| 238 | + text ++; | ||
| 239 | + } | ||
| 240 | + cupsFilePuts(fp, ": \"\"\n"); | ||
| 241 | +} | ||
| 242 | + | ||
| 243 | + | ||
| 244 | /* | ||
| 245 | * 'pwg_add_finishing()' - Add a finishings value. | ||
| 246 | */ | ||
| 247 | -- | ||
| 248 | 2.25.1 | ||
| 249 | |||
diff --git a/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch b/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch new file mode 100644 index 0000000000..77a30857e2 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2024-47175-5.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From 2abe1ba8a66864aa82cd9836b37e57103b8e1a3b Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael R Sweet <msweet@msweet.org> | ||
| 3 | Date: Mon, 23 Sep 2024 10:11:31 -0400 | ||
| 4 | Subject: [PATCH] Fix warnings for unused vars. | ||
| 5 | |||
| 6 | Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b] | ||
| 7 | CVE: CVE-2024-47175 | ||
| 8 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 9 | --- | ||
| 10 | cups/ppd-cache.c | 6 ++---- | ||
| 11 | 1 file changed, 2 insertions(+), 4 deletions(-) | ||
| 12 | |||
| 13 | diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c | ||
| 14 | index f425ac0..d2533b7 100644 | ||
| 15 | --- a/cups/ppd-cache.c | ||
| 16 | +++ b/cups/ppd-cache.c | ||
| 17 | @@ -3223,8 +3223,7 @@ _ppdCreateFromIPP2( | ||
| 18 | int have_qdraft = 0,/* Have draft quality? */ | ||
| 19 | have_qhigh = 0; /* Have high quality? */ | ||
| 20 | char msgid[256]; /* Message identifier (attr.value) */ | ||
| 21 | - const char *keyword, /* Keyword value */ | ||
| 22 | - *msgstr; /* Localized string */ | ||
| 23 | + const char *keyword; /* Keyword value */ | ||
| 24 | cups_array_t *strings = NULL;/* Printer strings file */ | ||
| 25 | struct lconv *loc = localeconv(); | ||
| 26 | /* Locale data */ | ||
| 27 | @@ -5010,9 +5009,8 @@ _ppdCreateFromIPP2( | ||
| 28 | { | ||
| 29 | ipp_t *preset = ippGetCollection(attr, i); | ||
| 30 | /* Preset collection */ | ||
| 31 | - const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL), | ||
| 32 | + const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL); | ||
| 33 | /* Preset name */ | ||
| 34 | - *localized_name; /* Localized preset name */ | ||
| 35 | ipp_attribute_t *member; /* Member attribute in preset */ | ||
| 36 | const char *member_name; /* Member attribute name */ | ||
| 37 | char member_value[256]; /* Member attribute value */ | ||
| 38 | -- | ||
| 39 | 2.25.1 | ||
| 40 | |||