From: Anil Dongare <[email protected]>

Pick the upstream patch [1] as mentioned in [2].

[1] 
https://github.com/OpenPrinting/cups/commit/928a86b1b794f738f0a3dc87561b2e054bff7ce4
[2] https://security-tracker.debian.org/tracker/CVE-2026-39314

Signed-off-by: Anil Dongare <[email protected]>
---
 meta/recipes-extended/cups/cups.inc           |  1 +
 .../cups/cups/CVE-2026-39314.patch            | 56 +++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-39314.patch

diff --git a/meta/recipes-extended/cups/cups.inc 
b/meta/recipes-extended/cups/cups.inc
index 2e6bf698e0..7bfa890b3d 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -29,6 +29,7 @@ SRC_URI = 
"${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
            file://CVE-2026-34980-regression_p2.patch \
            file://CVE-2026-34979.patch \
            file://CVE-2026-34990.patch \
+           file://CVE-2026-39314.patch \
            "
 
 GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases";
diff --git a/meta/recipes-extended/cups/cups/CVE-2026-39314.patch 
b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch
new file mode 100644
index 0000000000..2ebefb3bc5
--- /dev/null
+++ b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch
@@ -0,0 +1,56 @@
+From 65c463ada188915d6700d92ce48a9a14949ca413 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <[email protected]>
+Date: Sun, 5 Apr 2026 10:45:25 -0400
+Subject: [PATCH] Range check job-password-supported.
+
+CVE: CVE-2026-39314
+Upstream-Status: Backport 
[https://github.com/OpenPrinting/cups/commit/928a86b1b794f738f0a3dc87561b2e054bff7ce4]
+
+Backport Changes:
+- Rebase CHANGES.md placement and cups/ppd-cache.c context to the CUPS 2.4.11
+  source carried by this recipe.
+
+(cherry picked from commit 928a86b1b794f738f0a3dc87561b2e054bff7ce4)
+Signed-off-by: Anil Dongare <[email protected]>
+---
+ CHANGES.md       | 1 +
+ cups/ppd-cache.c | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGES.md b/CHANGES.md
+index 4eeebef..082b9f7 100644
+--- a/CHANGES.md
++++ b/CHANGES.md
+@@ -15,6 +15,7 @@ Changes in CUPS v2.4.10 (2024-06-18)
+   job's options string.
+ - CVE-2026-34990: The scheduler incorrectly allowed local certificates over 
the
+   loopback interface.
++- Fixed the range check for job password strings.
+ - Fixed error handling when reading a mixed `1setOf` attribute.
+ - Fixed scheduler start if there is only domain socket to listen on (Issue 
#985)
+ 
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index e750fcc..08e0db8 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -1,7 +1,7 @@
+ /*
+  * PPD cache implementation for CUPS.
+  *
+- * Copyright © 2022-2024 by OpenPrinting.
++ * Copyright © 2022-2026 by OpenPrinting.
+  * Copyright © 2010-2021 by Apple Inc.
+  *
+  * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+@@ -3432,7 +3432,7 @@ _ppdCreateFromIPP2(
+   * Password/PIN printing...
+   */
+ 
+-  if ((attr = ippFindAttribute(supported, "job-password-supported", 
IPP_TAG_INTEGER)) != NULL)
++  if ((attr = ippFindAttribute(supported, "job-password-supported", 
IPP_TAG_INTEGER)) != NULL && ippGetInteger(attr, 0) > 0)
+   {
+     char      pattern[33];            /* Password pattern */
+     int               maxlen = ippGetInteger(attr, 0);
+-- 
+2.43.7
+
-- 
2.44.4

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#239356): 
https://lists.openembedded.org/g/openembedded-core/message/239356
Mute This Topic: https://lists.openembedded.org/mt/119938950/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

  • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org
    • ... Yoann Congal via lists.openembedded.org

Reply via email to