commit cups-filters for openSUSE:Factory

Thu, 19 Feb 2026 05:20:22 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cups-filters for openSUSE:Factory 
checked in at 2026-02-19 14:19:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cups-filters (Old)
 and      /work/SRC/openSUSE:Factory/.cups-filters.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cups-filters"

Thu Feb 19 14:19:59 2026 rev:62 rq:1333703 version:1.28.17

Changes:
--------
--- /work/SRC/openSUSE:Factory/cups-filters/cups-filters.changes        
2025-11-20 14:47:39.623486157 +0100
+++ /work/SRC/openSUSE:Factory/.cups-filters.new.1977/cups-filters.changes      
2026-02-19 14:20:01.466387807 +0100
@@ -1,0 +2,10 @@
+Thu Feb 12 12:16:20 UTC 2026 - Johannes Meixner <[email protected]>
+
+- Updated cups-filters-1.28.17-CVE-2024-47175.patch
+  because the former version caused a regression
+  "Error about PPD file during 'driverless' printer setup"
+  (boo#1256868) and
+  "ppd pull out from [driverless] printer feature broken"
+  (bsc#1256977)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cups-filters.spec ++++++
--- /var/tmp/diff_new_pack.eKAUlr/_old  2026-02-19 14:20:03.726480548 +0100
+++ /var/tmp/diff_new_pack.eKAUlr/_new  2026-02-19 14:20:03.730480712 +0100
@@ -1,6 +1,7 @@
 #
 # spec file for package cups-filters
 #
+# Copyright (c) 2026 SUSE LLC
 # Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
@@ -110,6 +111,9 @@
 # backported to cups-filters 1.28.17 to fix CVE-2024-47175
 # "lack of input sanitization in _ppdCreateFromIPP()"
 # see https://bugzilla.suse.com/show_bug.cgi?id=1230932
+# and https://bugzilla.suse.com/show_bug.cgi?id=1246533
+# and https://bugzilla.suse.com/show_bug.cgi?id=1256868
+# and https://bugzilla.suse.com/show_bug.cgi?id=1256977
 Patch110:       cups-filters-1.28.17-CVE-2024-47175.patch
 # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285412
 # newer cups code in git does not use qpdf, no upstream handling required

++++++ cups-filters-1.28.17-CVE-2024-47175.patch ++++++
--- /var/tmp/diff_new_pack.eKAUlr/_old  2026-02-19 14:20:03.802483667 +0100
+++ /var/tmp/diff_new_pack.eKAUlr/_new  2026-02-19 14:20:03.806483831 +0100
@@ -1,14 +1,5 @@
---- cups-filters-1.28.17.original/cupsfilters/ppdgenerator.c   2023-01-25 
02:41:08.000000000 +0100
-+++ cups-filters-1.28.17.patched/cupsfilters/ppdgenerator.c    2025-09-17 
10:16:21.157012186 +0200
-@@ -67,7 +67,7 @@
-  * than CUPS 2.2.x. We have also an additional test and development
-  * platform for this code. Taken from cups/ppd-cache.c,
-  * cups/string-private.h, cups/string.c.
-- * 
-+ *
-  * The advantage of PPD generation instead of working with System V
-  * interface scripts is that the print dialogs of the clients do not
-  * need to ask the printer for its options via IPP. So we have access
+--- cups-filters-1.28.17.original/cupsfilters/ppdgenerator.c.orig      
2023-01-25 02:41:08.000000000 +0100
++++ cups-filters-1.28.17.patched/cupsfilters/ppdgenerator.c    2026-02-12 
13:05:28.379947106 +0100
 @@ -92,6 +92,7 @@ typedef struct _pwg_finishings_s     /**** P
  static void   pwg_ppdize_name(const char *ipp, char *name, size_t namesize);
  static void   pwg_ppdize_resolution(ipp_attribute_t *attr, int element,
@@ -177,26 +168,7 @@
      printer_opt_strings_catalog = optArrayNew();
      load_opt_strings_catalog(ippGetString(attr, 0, NULL),
                             printer_opt_strings_catalog);
-@@ -1926,18 +1972,8 @@ ppdCreateFromIPP2(char         *buffer,
-       if (attr) format = ippGetString(attr, i, NULL);
-       /* Add format to list of supported PDLs, skip duplicates */
-       if (!cupsArrayFind(pdl_list, (void *)format))
--      cupsArrayAdd(pdl_list, (void *)format);
--      if (attr)
--      /* Next format in attribute */
--      i ++;
--      else {
--      /* Find the next format in the string pdl, if there is none left,
--         go to the terminating zero */
--      while (!isspace(*format) && *format != ',' && *format != '\0')
--        format ++;
-       while ((isspace(*format) || *format == ',') && *format != '\0')
-         format ++;
--      }
-     }
-   }
- 
-@@ -2110,7 +2146,7 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -2110,7 +2156,7 @@ ppdCreateFromIPP2(char         *buffer,
    if (manual_copies == 1)
      cupsFilePuts(fp, "*cupsManualCopies: True\n");
  
@@ -205,7 +177,7 @@
       Use "printer-resolution-supported" attribute */
    if (common_res == NULL) {
      if ((attr = ippFindAttribute(response, "printer-resolution-supported",
-@@ -2577,13 +2613,15 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -2577,13 +2623,15 @@ ppdCreateFromIPP2(char         *buffer,
          break;
        }
        if (j >= 0)
@@ -227,7 +199,7 @@
      }
      cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
    }
-@@ -2767,11 +2805,8 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -2767,11 +2815,8 @@ ppdCreateFromIPP2(char         *buffer,
            human_readable = (char *)_cupsLangString(lang, media_types[j][1]);
            break;
          }
@@ -241,7 +213,7 @@
      }
      cupsFilePuts(fp, "*CloseUI: *MediaType\n");
    }
-@@ -3204,11 +3239,8 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -3204,11 +3249,8 @@ ppdCreateFromIPP2(char         *buffer,
  
      human_readable = lookup_option("output-bin", opt_strings_catalog,
                                   printer_opt_strings_catalog);
@@ -255,7 +227,7 @@
      attr2 = ippFindAttribute(response, "printer-output-tray", IPP_TAG_STRING);
      for (i = 0; i < count; i ++) {
        keyword = ippGetString(attr, i, NULL);
-@@ -3466,9 +3498,8 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -3466,9 +3508,8 @@ ppdCreateFromIPP2(char         *buffer,
              human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
              break;
            }
@@ -267,7 +239,7 @@
        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n",
                       value, keyword, ppd_keyword);
        }
-@@ -3559,9 +3590,8 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -3559,9 +3600,8 @@ ppdCreateFromIPP2(char         *buffer,
              human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
              break;
            }
@@ -279,7 +251,7 @@
        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n",
                       value, keyword, ppd_keyword);
        }
-@@ -3659,9 +3689,8 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -3659,9 +3699,8 @@ ppdCreateFromIPP2(char         *buffer,
              human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
              break;
            }
@@ -291,7 +263,7 @@
        cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n",
                       value, keyword, ppd_keyword);
        }
-@@ -3800,8 +3829,9 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -3800,8 +3839,9 @@ ppdCreateFromIPP2(char         *buffer,
                                     printer_opt_strings_catalog);
        if (human_readable == NULL)
        human_readable = (char *)keyword;
@@ -303,7 +275,7 @@
        for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr;
           finishing_attr = ippNextAttribute(finishing_col)) {
          if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) {
-@@ -4113,13 +4143,13 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -4113,13 +4153,13 @@ ppdCreateFromIPP2(char         *buffer,
        if (!preset || !preset_name)
          continue;
  
@@ -324,7 +296,7 @@
  
        for (member = ippFirstAttribute(preset); member;
           member = ippNextAttribute(preset)) {
-@@ -4160,7 +4190,10 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -4160,7 +4200,10 @@ ppdCreateFromIPP2(char         *buffer,
                 ippGetString(ippFindAttribute(fin_col,
                                               "finishing-template",
                                               IPP_TAG_ZERO), 0, NULL)) != NULL)
@@ -336,7 +308,7 @@
            }
          } else if (!strcmp(member_name, "media")) {
           /*
-@@ -4193,14 +4226,14 @@ ppdCreateFromIPP2(char         *buffer,
+@@ -4193,14 +4236,14 @@ ppdCreateFromIPP2(char         *buffer,
                                                       IPP_TAG_ZERO), 0,
                                      NULL)) != NULL) {
              pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
@@ -353,7 +325,42 @@
          }
          } else if (!strcmp(member_name, "print-quality")) {
         /*
-@@ -4509,4 +4542,35 @@ pwg_ppdize_resolution(
+@@ -4464,15 +4507,29 @@ pwg_ppdize_name(const char *ipp,       /* I -
+       *end;                           /* End of name buffer */
+ 
+ 
++  if (!ipp || !isalnum(*ipp))
++  {
++    *name = '\0';
++    return;
++  }
++
+   *name = (char)toupper(*ipp++);
+ 
+-  for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;) {
+-    if (*ipp == '-') {
++  for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;)
++  {
++    if (*ipp == '-' && isalnum(ipp[1]))
++    {
+       ipp ++;
+-      if (_cups_isalpha(*ipp))
+-      *ptr++ = (char)toupper(*ipp++ & 255);
+-    } else
++      *ptr++ = (char)toupper(*ipp++ & 255);
++    }
++    else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || isalnum(*ipp))
++    {
+       *ptr++ = *ipp++;
++    }
++    else
++    {
++      ipp ++;
++    }
+   }
+ 
+   *ptr = '\0';
+@@ -4509,4 +4566,35 @@ pwg_ppdize_resolution(
        snprintf(name, namesize, "%dx%ddpi", *xres, *yres);
    }
  }

Reply via email to