From: Anil Dongare <[email protected]> Pick the upstream patch [1] as mentioned in [2].
[1] https://github.com/OpenPrinting/cups/commit/928a86b1b794f738f0a3dc87561b2e054bff7ce4 [2] https://security-tracker.debian.org/tracker/CVE-2026-39314 Signed-off-by: Anil Dongare <[email protected]> --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2026-39314.patch | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-39314.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 2e6bf698e0..7bfa890b3d 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -29,6 +29,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://CVE-2026-34980-regression_p2.patch \ file://CVE-2026-34979.patch \ file://CVE-2026-34990.patch \ + file://CVE-2026-39314.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"; diff --git a/meta/recipes-extended/cups/cups/CVE-2026-39314.patch b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch new file mode 100644 index 0000000000..2ebefb3bc5 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2026-39314.patch @@ -0,0 +1,56 @@ +From 65c463ada188915d6700d92ce48a9a14949ca413 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <[email protected]> +Date: Sun, 5 Apr 2026 10:45:25 -0400 +Subject: [PATCH] Range check job-password-supported. + +CVE: CVE-2026-39314 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/928a86b1b794f738f0a3dc87561b2e054bff7ce4] + +Backport Changes: +- Rebase CHANGES.md placement and cups/ppd-cache.c context to the CUPS 2.4.11 + source carried by this recipe. + +(cherry picked from commit 928a86b1b794f738f0a3dc87561b2e054bff7ce4) +Signed-off-by: Anil Dongare <[email protected]> +--- + CHANGES.md | 1 + + cups/ppd-cache.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/CHANGES.md b/CHANGES.md +index 4eeebef..082b9f7 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -15,6 +15,7 @@ Changes in CUPS v2.4.10 (2024-06-18) + job's options string. + - CVE-2026-34990: The scheduler incorrectly allowed local certificates over the + loopback interface. ++- Fixed the range check for job password strings. + - Fixed error handling when reading a mixed `1setOf` attribute. + - Fixed scheduler start if there is only domain socket to listen on (Issue #985) + +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index e750fcc..08e0db8 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -1,7 +1,7 @@ + /* + * PPD cache implementation for CUPS. + * +- * Copyright © 2022-2024 by OpenPrinting. ++ * Copyright © 2022-2026 by OpenPrinting. + * Copyright © 2010-2021 by Apple Inc. + * + * Licensed under Apache License v2.0. See the file "LICENSE" for more +@@ -3432,7 +3432,7 @@ _ppdCreateFromIPP2( + * Password/PIN printing... + */ + +- if ((attr = ippFindAttribute(supported, "job-password-supported", IPP_TAG_INTEGER)) != NULL) ++ if ((attr = ippFindAttribute(supported, "job-password-supported", IPP_TAG_INTEGER)) != NULL && ippGetInteger(attr, 0) > 0) + { + char pattern[33]; /* Password pattern */ + int maxlen = ippGetInteger(attr, 0); +-- +2.43.7 + -- 2.44.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#239356): https://lists.openembedded.org/g/openembedded-core/message/239356 Mute This Topic: https://lists.openembedded.org/mt/119938950/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
