This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
gsoc:google-summer-code-2024-openprinting-projects [2024/02/07 18:39] till |
gsoc:google-summer-code-2024-openprinting-projects [2024/02/16 22:32] till |
||
---|---|---|---|
Line 34: | Line 34: | ||
* [[https://podcast.asknoahshow.com/368?t=2837|Ask Noah: Till Kamppeter on how OpenPrinting improved printing with Linux/Unix]] | * [[https://podcast.asknoahshow.com/368?t=2837|Ask Noah: Till Kamppeter on how OpenPrinting improved printing with Linux/Unix]] | ||
* [[https://www.youtube.com/watch?v=m5QKJH9tDjQ|Linux Saloon: Till Kamppeter about how he got Snap enthusiast]] | * [[https://www.youtube.com/watch?v=m5QKJH9tDjQ|Linux Saloon: Till Kamppeter about how he got Snap enthusiast]] | ||
+ | |||
+ | ====Talk about OpenPrinting==== | ||
+ | |||
+ | * [[https://fosdem.org/2024/schedule/event/fosdem-2024-1930-openprinting-we-make-printing-just-work-/|OpenPrinting - We make printing just work! Till Kamppeter, FOSDEM 2024, Brussels, Belgium]] | ||
====Printer Drivers get Printer Applications==== | ====Printer Drivers get Printer Applications==== | ||
Line 211: | Line 215: | ||
Code License: Apache 2.0, MIT, GPL-2+ and LGPL-2+ | Code License: Apache 2.0, MIT, GPL-2+ and LGPL-2+ | ||
+ | |||
+ | =====Integrating C-based OpenPrinting projects in OSS-Fuzz testing===== | ||
+ | |||
+ | 1 contributor full-size (350 hours), Level of difficulty: Intermediate | ||
+ | |||
+ | [[https://google.github.io/oss-fuzz|OSS-Fuzz]] is a project aimed at finding vulnerabilities in open-source projects that are critical to the Internet infrastructure. It is powered by Google and was initiated in response to [[https://heartbleed.com|Heartbleed]], an OpenSSL vulnerability that could have been discovered with classic vulnerability discovery techniques. The codebases integrated into OSS-Fuzz are run multiple times with randomly crafted inputs in an approach called fuzzing. | ||
+ | |||
+ | Most of OpenPrinting's code is written in C, which is susceptible to memory corruption bugs. OpenPrinting's projects do not use fuzzing, with a single exception: CUPS has a [[https://github.com/OpenPrinting/cups/blob/master/cups/fuzzipp.c|custom fuzzer]] run when testing the build, for a fixed number of iterations. | ||
+ | |||
+ | Due to the compatibility of C projects with OSS-Fuzz, we would like to abandon the existing fuzzer and integrate the following C-based OpenPrinting projects into OSS-Fuzz (projects in priority order): | ||
+ | |||
+ | * CUPS | ||
+ | * libcups | ||
+ | * cups-local | ||
+ | * cups-sharing | ||
+ | * libcupsfilters | ||
+ | * cups-filters | ||
+ | * cups-browsed | ||
+ | * PAPPL | ||
+ | * cpdb-libs | ||
+ | * cpdb-backend-cups | ||
+ | * libppd | ||
+ | * pappl-retrofit | ||
+ | |||
+ | The purpose is to use the Google Summer of Code timeframe to create a mature OSS-Fuzz integration that maximises the number of fuzzed projects and fuzzing efficiency, as measured by coverage and execution speed. | ||
+ | |||
+ | The contributor should work on: | ||
+ | |||
+ | * Coordinating with OpenPrinting which projects have highest priority and also which functionality of them, to get the best from the limited GSoC time | ||
+ | * Creating Docker-based build environments | ||
+ | * Writing libFuzzer fuzz targets | ||
+ | * Creating a corpus of data | ||
+ | * Understanding and implementing the [[https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/|OSS-Fuzz best practices]] | ||
+ | * Coordinating with the OpenPrinting developers to patch the vulnerabilities found by OSS-Fuzz | ||
+ | * Analysing the found vulnerabilities and interpreting their details to deduce vulnerability classes that can be mitigated in bulk. | ||
+ | |||
+ | Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), George-Andrei Iosif, Security Engineer at Canonical (andrei at iosif at canonical dot com, further members of Canonical's Security Team TBD | ||
+ | |||
+ | Desired knowledge: C, fuzzing | ||
+ | |||
+ | Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | ||
=====Replace QPDF by PDFio as PDF manipulation library in libcupsfilters (cfFilterPDFToPDF() filter function and others)===== | =====Replace QPDF by PDFio as PDF manipulation library in libcupsfilters (cfFilterPDFToPDF() filter function and others)===== |