Fixed
Status Update
No update yet.
Comments
al...@google.com
Sandboxed RCE is... not great.
Andrew, this needs to be handled by the CUPS CrOS printing team ASAP as a high-severity bug.
Andrew, this needs to be handled by the CUPS CrOS printing team ASAP as a high-severity bug.
ys...@google.com
Also, do we even need zeroconf?
ca...@careem.com
Zeroconf is a critical feature for the product. Assigning to Sean to look at as Justin (who worked a lot on this) is ooo a lot of this week, including now.
ca...@careem.com
We usually mark high-severity bugs as P1 (sandboxed code exec is high-severity per our ratings at http://www.chromium.org/developers/severity-guidelines ), but we do expect it to be fixed in the current milestone and backported to stable.
Thanks!
Thanks!
ca...@careem.com
I'm looking into this. We can likely disable downloading arbitrary PPDs from untrusted servers.
ho...@google.com
os...@google.com
os...@google.com
There are two patches from upstream that restrict what filters we accept which will prevent the pstopxl filter being configured for zeroconf printers.
https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41
https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b
Description
Bumping constraintlayout-core to 1.1.0 from 1.0.4 I got runtime exceptions due to binary incompatibilities between the two versions.
In particular I see incompatibilities with the `androidx.constraintlayout.core.state.Dimension` class.
For example the core version bundled with constraintlayout 2.1.4 (core-1.0.4) had the method `public static Dimension Fixed(int value)` which now is not available anymore (renamed to `public static Dimension createFixed(int value)` ?)
Here is the commit that broke incompatibility for the case above:
Would it be possible to restore compatibility in the new core so we are able to update?