From: Anil Dongare <[email protected]> Pick the upstream patch [1] as mentioned in [2].
[1] https://github.com/OpenPrinting/cups/commit/0ff8897367c7341f2500770c3977038cdd7c0214 [2] https://security-tracker.debian.org/tracker/CVE-2026-34979 Signed-off-by: Anil Dongare <[email protected]> --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2026-34979.patch | 73 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2026-34979.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index dc5b971195..7dedb2daef 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -27,6 +27,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \ file://CVE-2026-34980.patch \ file://CVE-2026-34980-regression_p1.patch \ file://CVE-2026-34980-regression_p2.patch \ + file://CVE-2026-34979.patch \ " GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"; diff --git a/meta/recipes-extended/cups/cups/CVE-2026-34979.patch b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch new file mode 100644 index 0000000000..4adb6415b1 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2026-34979.patch @@ -0,0 +1,73 @@ +From 471b4dc802455c7c59f9fd594fec8b6f3acb0db5 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <[email protected]> +Date: Tue, 31 Mar 2026 14:50:06 -0400 +Subject: [PATCH] Expand allocation of options string. + +CVE: CVE-2026-34979 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/0ff8897367c7341f2500770c3977038cdd7c0214] + +Backport Changes: +- Rebase CHANGES.md placement and scheduler/job.c IPP length context to the + CUPS 2.4.11 source carried by this recipe. + +(cherry picked from commit 0ff8897367c7341f2500770c3977038cdd7c0214) +Signed-off-by: Anil Dongare <[email protected]> +--- + CHANGES.md | 2 ++ + scheduler/job.c | 16 ++++------------ + 2 files changed, 6 insertions(+), 12 deletions(-) + +diff --git a/CHANGES.md b/CHANGES.md +index 9863c17..f203e9a 100644 +--- a/CHANGES.md ++++ b/CHANGES.md +@@ -11,6 +11,8 @@ Changes in CUPS v2.4.10 (2024-06-18) + directory. + - CVE-2026-34980: The scheduler did not filter control characters from option + values. ++- CVE-2026-34979: The scheduler did not always allocate enough memory for a ++ job's options string. + - Fixed error handling when reading a mixed `1setOf` attribute. + - Fixed scheduler start if there is only domain socket to listen on (Issue #985) + +diff --git a/scheduler/job.c b/scheduler/job.c +index 915ba94..880c25f 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -4195,18 +4195,6 @@ ipp_length(ipp_t *ipp) /* I - IPP request */ + + for (attr = ipp->attrs; attr != NULL; attr = attr->next) + { +- /* +- * Skip attributes that won't be sent to filters... +- */ +- +- if (attr->value_tag == IPP_TAG_NOVALUE || +- attr->value_tag == IPP_TAG_MIMETYPE || +- attr->value_tag == IPP_TAG_NAMELANG || +- attr->value_tag == IPP_TAG_TEXTLANG || +- attr->value_tag == IPP_TAG_URI || +- attr->value_tag == IPP_TAG_URISCHEME) +- continue; +- + /* + * Add space for a leading space and commas between each value. + * For the first attribute, the leading space isn't used, so the +@@ -4282,10 +4270,14 @@ ipp_length(ipp_t *ipp) /* I - IPP request */ + + case IPP_TAG_TEXT : + case IPP_TAG_NAME : ++ case IPP_TAG_TEXTLANG : ++ case IPP_TAG_NAMELANG : ++ case IPP_TAG_MIMETYPE : + case IPP_TAG_KEYWORD : + case IPP_TAG_CHARSET : + case IPP_TAG_LANGUAGE : + case IPP_TAG_URI : ++ case IPP_TAG_URISCHEME : + /* + * Strings can contain characters that need quoting. We need + * at least 2 * len + 2 characters to cover the quotes and +-- +2.43.7 + -- 2.44.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#239352): https://lists.openembedded.org/g/openembedded-core/message/239352 Mute This Topic: https://lists.openembedded.org/mt/119938946/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
