From 96ddd83eb25a9231efec2498dea0be6b0f75035b Mon Sep 17 00:00:00 2001
From: David Beauchamp <david@archlinuxarm.org>
Date: Wed, 16 Mar 2022 16:22:10 -0400
Subject: [PATCH] extra/hplip to 3.22.2-2

---
 .../0024-fix-possible-stack-buffer.overflows.patch    | 11 +++++++++++
 extra/hplip/PKGBUILD                                  |  6 +++++-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 extra/hplip/0024-fix-possible-stack-buffer.overflows.patch

diff --git a/extra/hplip/0024-fix-possible-stack-buffer.overflows.patch b/extra/hplip/0024-fix-possible-stack-buffer.overflows.patch
new file mode 100644
index 000000000..dcaf5b388
--- /dev/null
+++ b/extra/hplip/0024-fix-possible-stack-buffer.overflows.patch
@@ -0,0 +1,11 @@
+--- hplip-3.22.2/scan/sane/bb_ledm.c	2022-02-23 08:41:05.000000000 +0100
++++ hplip-3.22.2/scan/sane/bb_ledm.c.new	2022-03-12 21:10:05.818054984 +0100
+@@ -1015,7 +1015,7 @@
+   c +=11;
+   char BinaryURL[30];
+   i = 0;
+-  while(*c != '<')
++  while(*c != '<' && i < 29)
+   {
+      BinaryURL[i++] = *c ;
+      c++;
diff --git a/extra/hplip/PKGBUILD b/extra/hplip/PKGBUILD
index 70e332f88..07ba63d66 100644
--- a/extra/hplip/PKGBUILD
+++ b/extra/hplip/PKGBUILD
@@ -8,7 +8,7 @@
 
 pkgname=hplip
 pkgver=3.22.2
-pkgrel=1
+pkgrel=2
 epoch=1
 pkgdesc="Drivers for HP DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet"
 arch=('x86_64')
@@ -31,6 +31,7 @@ source=(https://downloads.sourceforge.net/${pkgname}/$pkgname-$pkgver.tar.gz{,.a
         disable_upgrade.patch
         0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch
         0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch
+        0024-fix-possible-stack-buffer.overflows.patch
         0001-Remove-ImageProcessor.patch
         # use the one from Fedora
         hplip-configure-python.patch
@@ -40,6 +41,7 @@ sha512sums=('9cde954a11bae2e2ad6120d8fe103ab52409c906dde4c1e82fa7a9e5e265e0a71e0
             'SKIP'
             'ee0bd240568a7dbb4dc6ef64dba28ea84c4bedf7d688d054960c686666f8f0bc4562961c40845107ef0c936e60d3e676bffb2a1ba708039690bb0520cda3a525'
             '22aeb5b851f78bc6bc62e0bc3da99fecaf42d7604af41e2f3343f8d3666541f7b06b7d1a7d0ddf24f1731ac7b12dfe582375a98e3b94dfa323d6ce954549ca67'
+            '460f4447faf688981bafebda71b0f144e662368ad87e944cb01834750ae133b1aad2a1c50e6ee168adf972cfe04ca0857da6ff1124d176f93c342f2a1273b962'
             '763949a0bc460dcc9faefc86f2a91cf342781bfce696ed0c3826758572dd03ac266bbeb7b6a4f9376ac298d7d3c9c4def42d94921a8e1d1695e39396e36d95ff'
             '7f402ed13341ac9a01f28ecdb97effcd15f5fa9d123e554d4dd78e9f5ed01bcf7b4fe7400c53ddf5e7068f9ffd858d8fefe060e2fcacea0a0524145d78e315cc'
             '089c102357ea5fd55d81ae76aaff62713f780fd84500c3b92ecd6b2bb11ccdc3a162978548e9a5f9e98a8354a5be3997e416c52daa18eda4621ed79a29d6fea8'
@@ -56,6 +58,8 @@ prepare() {
  patch -Np1 -i "${srcdir}"/0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch
  # fix some handling unicode file names FS#58412
  patch -Np1 -i "${srcdir}"/0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch
+ # address possible stack buffer overflows - FS#48112 / https://bugs.launchpad.net/hplip/+bug/1544099
+ patch -Np1 -i "${srcdir}"/0024-fix-possible-stack-buffer.overflows.patch
  # Workaround patch for missing Python3 transition of the old
  # (pre-USB-storage) photo memory card support (pcardext) - Debian patch
  patch -Np1 -i "${srcdir}"/python3.diff