main/cups: backport security fix

main/cups/APKBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=cups
 pkgver=2.4.9
-pkgrel=0
+pkgrel=1
 pkgdesc="The CUPS Printing System"
 url="https://github.com/OpenPrinting/cups/"
 arch="all"
@@ -36,9 +36,12 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenPrinting/cups/archive/v$
 	cups-no-export-ssllibs.patch
 	cups-nostrip.patch
 	default-config-no-gssapi.patch
+	CVE-2024-47175.patch
 	"
 
 # secfixes:
+#   2.4.9-r1:
+#     - CVE-2024-47175
 #   2.4.9-r0:
 #     - CVE-2024-35235
 #   2.4.7-r0:
@@ -167,4 +170,5 @@ cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceed
 148eb01f0861e1cd0861a174a5c5262c49b079b27b972b4e90656b9b9357ec710e861604c30e897818f550e9c1cdcefcd8c8bc955ba4a333902a74cdd8dfb5a6  cups-no-export-ssllibs.patch
 7b2f1212b009d4e005eaf4fc288413bde57aff4ca664173202163e8f18be1ddc72c26ec84576a4850d63b08c6ce5948d57c77e81c4f4c85032d7ef7530b1eb81  cups-nostrip.patch
 c492f5e20a1bb73cf6bed86d0343659e839df4003aa1409bf608dd3ff05694d1e06ba26fd3786385d2c96dd668485dcef6cfee7f908416a2b125a8e30e82e670  default-config-no-gssapi.patch
+529c5ec8bf6590f13889a6278bab2c906a1bc34649317f5cad14a1aeee0cfeee48b486561d3c11a086d3688b191f8e723f6f89bc6c2a3191f75dcf28b8595e27  CVE-2024-47175.patch
 "

main/cups/CVE-2024-47175.patch

@@ -0,0 +1,51 @@
+Patch-Source: https://github.com/OpenPrinting/cups/commit/96b3bdf010e78880f5764e5032720379aa1116df
+
+From 96b3bdf010e78880f5764e5032720379aa1116df Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <msweet@msweet.org>
+Date: Sat, 7 Sep 2024 19:41:58 -0400
+Subject: [PATCH] Validate URIs and attribute names before putting them in the
+ generated PPD.
+
+---
+ cups/ppd-cache.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index 481963483..f219a2c08 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -3340,10 +3340,10 @@ _ppdCreateFromIPP(char   *buffer,	/* I - Filename buffer */
+ 
+   base_lang = cupsLangGet("en");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+  /*
+@@ -3356,10 +3356,10 @@ _ppdCreateFromIPP(char   *buffer,	/* I - Filename buffer */
+   if (ippGetBoolean(ippFindAttribute(supported, "job-accounting-user-id-supported", IPP_TAG_BOOLEAN), 0))
+     cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     for (i = 0, count = ippGetCount(attr), prefix = "*cupsMandatory: \""; i < count; i ++)
+     {
+@@ -3376,7 +3376,7 @@ _ppdCreateFromIPP(char   *buffer,	/* I - Filename buffer */
+       cupsFilePuts(fp, "\"\n");
+   }
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     for (i = 0, count = ippGetCount(attr), prefix = "*cupsRequested: \""; i < count; i ++)
+     {