[Buildroot] Call for volunteer(s): cups security bump

Gustavo Zacarias gustavo at zacarias.com.ar
Fri May 23 14:04:21 UTC 2014


Hi all.

I'm one of the people who is regularly involved in patching/bumping
packages when security bugs are discovered and i've got a list of
packages in need of love.
This is a call for volunteers because i think it's important to keep the
package base clean regarding security vulnerabilities.

Right now i have one outstanding package that is in dire need of a
version bump: cups.
If you're a regular cups user for your buildroot project(s) then this
might be of benefit/interest to you.
Normally i'd love to do it myself but my free time availability isn't
that great and my test bed consists of a lonely printer so it isn't much
to talk home about.

It ain't simple since a lot of things changed from our current 1.3.x
branch to the latest 1.7.x, most notably it talks to usb printers via
libusb rather than the kernel and foomatic-filters is deprecated in
favour of cups-filter, among a bunch of new deps (packages) needed to
build it.
If you need to know what bugs afflict it just look at:
http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-14145/Apple-Cups.html
Cups 1.3.11 was released on 2 july 2009, so at least any CVE-2010*+
probably(1) affects it, and some of the CVE-2009* entries too.

Any takers for this?
Regards.

Note 1: if it's new functionality from a newer branch it may not,
optionally part of bumping is looking at those details to quote them in
the commit log.


More information about the buildroot mailing list