gsoc:google-summer-code-2025-openprinting-projects
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
gsoc:google-summer-code-2025-openprinting-projects [2025/01/27 19:40] ttfish update four security-related projects |
gsoc:google-summer-code-2025-openprinting-projects [2025/03/10 11:52] (current) till [Port CUPS and Printer Applications to Zephyr] |
||
|---|---|---|---|
| Line 217: | Line 217: | ||
| system-config-printer was already updated for CUPS 3.x in [[https://github.com/TheJayas/GSoC-2024-Final-Report|last year's GSoC]]. Here we want system-config-printer use the new pyCUPS now, for optimization and minimization of code duplication. | system-config-printer was already updated for CUPS 3.x in [[https://github.com/TheJayas/GSoC-2024-Final-Report|last year's GSoC]]. Here we want system-config-printer use the new pyCUPS now, for optimization and minimization of code duplication. | ||
| - | Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), TBD | + | Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), Zdenek Dohnal, Printing Maintainer at Red Hat (zdohnal at redhat dot com), TBD |
| Desired knowledge: Python, C, CUPS | Desired knowledge: Python, C, CUPS | ||
| Line 245: | Line 245: | ||
| =====Utilizing OSS-Fuzz-Gen to Improve Fuzz Testing for OpenPrinting Projects===== | =====Utilizing OSS-Fuzz-Gen to Improve Fuzz Testing for OpenPrinting Projects===== | ||
| - | **Security- and AI-Related project** | + | **Security- and AI-related project** |
| 1 contributor full-size (350 hours), Level of difficulty: Hard | 1 contributor full-size (350 hours), Level of difficulty: Hard | ||
| Line 280: | Line 280: | ||
| =====Integrating OSS-Fuzz for Go-Based and Python-Based OpenPrinting Projects===== | =====Integrating OSS-Fuzz for Go-Based and Python-Based OpenPrinting Projects===== | ||
| - | **Security-Related project** | + | **Security-related project** |
| 1 contributor medium-size (175 hours), Level of difficulty: Intermediate | 1 contributor medium-size (175 hours), Level of difficulty: Intermediate | ||
| Line 309: | Line 309: | ||
| =====System/Fuzz Testing of Printing Protocols===== | =====System/Fuzz Testing of Printing Protocols===== | ||
| - | **Security-Related project** | + | **Security-related project** |
| 1 contributor full-size (350 hours), Level of difficulty: Hard | 1 contributor full-size (350 hours), Level of difficulty: Hard | ||
| Line 334: | Line 334: | ||
| =====Security Auditing for OpenPrinting Projects===== | =====Security Auditing for OpenPrinting Projects===== | ||
| - | **Security-Related project** | + | **Security-related project** |
| 1 contributor full-size (350 hours), Level of difficulty: Intermediate | 1 contributor full-size (350 hours), Level of difficulty: Intermediate | ||
| - | OpenPrinting projects play a critical role in the printing infrastructure of countless systems, making their security paramount. Inspired by security auditing reports from other open source communities (CNCF: [[https://www.cncf.io/blog/2025/01/16/announcing-the-results-of-the-karmada-security-audit/|Karmada Security Audit for Karmada]], [[https://www.cncf.io/blog/2023/04/19/new-kubernetes-security-audit-complete-and-open-sourced/|Security Audit for Kubernetes]] and [[https://openssf.org/blog/2023/02/01/independent-security-audit-impact-report/|Security Audit for OpenSSF]]), we believe a comprehensive security auditing report could significantly enhance the robustness and reliability of these projects. This initiative will leverage advanced software analysis methods to conduct thorough security audits. | + | OpenPrinting projects play a critical role in the printing infrastructure of countless systems, making their security paramount. Inspired by security auditing reports from other open source communities (CNCF: [[https://www.cncf.io/blog/2025/01/16/announcing-the-results-of-the-karmada-security-audit/|Security Audit for Karmada]], [[https://www.cncf.io/blog/2023/04/19/new-kubernetes-security-audit-complete-and-open-sourced/|Security Audit for Kubernetes]] and [[https://openssf.org/blog/2023/02/01/independent-security-audit-impact-report/|Security Audit for OpenSSF]]), we believe a comprehensive security auditing report could significantly enhance the robustness and reliability of these projects. This initiative will leverage advanced software analysis methods to conduct thorough security audits. |
| The audit process includes scoring OpenPrinting projects using OpenSSF’s Security Scorecard and examining the projects and their dependencies with respect to testing status, which encompasses adherence to continuous integration (CI) test best practices and test coverage assessments. Furthermore, dynamic testing should also be considered, for example, end-to-end fuzzing techniques such as [[https://github.com/AFLplusplus/AFLplusplus|AFLplusplus]], which assists in the successful detection of [[https://www.cve.org/CVERecord?id=CVE-2024-47076|CVE-2024-47076]]. Static analysis tools including [[https://github.com/danmar/cppcheck|cppcheck]] and [[https://github.com/david-a-wheeler/flawfinder|flawfinder]], [[https://valgrind.org/|Valgrind]] can be employed for checking the implementation flaws. The overall security audit should include dynamic software analysis methodologies to cover more extensive aspects of OpenPrinting projects. | The audit process includes scoring OpenPrinting projects using OpenSSF’s Security Scorecard and examining the projects and their dependencies with respect to testing status, which encompasses adherence to continuous integration (CI) test best practices and test coverage assessments. Furthermore, dynamic testing should also be considered, for example, end-to-end fuzzing techniques such as [[https://github.com/AFLplusplus/AFLplusplus|AFLplusplus]], which assists in the successful detection of [[https://www.cve.org/CVERecord?id=CVE-2024-47076|CVE-2024-47076]]. Static analysis tools including [[https://github.com/danmar/cppcheck|cppcheck]] and [[https://github.com/david-a-wheeler/flawfinder|flawfinder]], [[https://valgrind.org/|Valgrind]] can be employed for checking the implementation flaws. The overall security audit should include dynamic software analysis methodologies to cover more extensive aspects of OpenPrinting projects. | ||
| Line 404: | Line 404: | ||
| Desired knowledge: C, Go, image processing and evaluation, computer vision, OCR | Desired knowledge: C, Go, image processing and evaluation, computer vision, OCR | ||
| + | |||
| + | Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | ||
| + | |||
| + | =====Port CUPS and Printer Applications to Zephyr===== | ||
| + | |||
| + | Probably many of you have already thought about that one can take an SBC, install Linux and [[https://openprinting.github.io/cups|CUPS]] or a Printer Application on it, and connect this to an old printer which is still mechanically perfect but needs a driver which is not available any more for some operating systems. Suddenly the printer turns into a modern, driverless IPP printer which can be used with any operating system. | ||
| + | |||
| + | But it is a little awkward having a little box dangling behind the printer which also occupies a power outlet. Also one can perhaps also make use of much cheaper SBC. | ||
| + | |||
| + | Imagine you could buy a tiny board for a few dollars and put it somewhere inside the printer and grab its power from the printer's power supply. | ||
| + | |||
| + | Such tiny boards are often not powerful enough to run Linux, but there is also the much more lightweight [[https://www.zephyrproject.org/|Zephyr]] operating system. This is a system for IoT applications on low-footprint hardware. | ||
| + | |||
| + | And this scenario does not only serve for cheap DIY solutions to save old printers, it also can be a base for cost-effective printer firmware development. | ||
| + | |||
| + | This project is about investigating whether one could run the components of the free software printing stack, as [[https://openprinting.github.io/cups|CUPS]], [[https://github.com/michaelrsweet/pappl/|PAPPL]], [[https://github.com/OpenPrinting/libcupsfilters|libcupsfilters]], ... under the Zephyr operating system, and actually let this tiny print server execute printer drivers and print on legacy printers. Also the handling of print data and the need of resources here needs to be investigated. Can we hold several pages? Can we use [[https://ghostscript.com/|Ghostscript]]? Or do we have to stream raster print data from the client to the printer? | ||
| + | |||
| + | Most desirable is to do this with PAPPL (Printer APPlication Library), as it is designed to emulate a driverless IPP printer in software, including the so-called "Gadget" mode to appear as an IPP-over-USB device when connecting the power supply USB port of the SBC with the client computer's USB. | ||
| + | |||
| + | Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), Iuliana Prodan (iuliana dot prodan at nxp dot com), Zephyr developers TBD | ||
| + | |||
| + | Desired knowledge: C, Zephyr, USB, network | ||
| Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects) | ||
| Line 429: | Line 451: | ||
| To prevent man-in-the-middle attacks between a client and a network IPP printer with encrypted connection, the first time when a new network printer is accessed, the printer's certificate is loaded from the printer and saved locally. On subsequent accesses the printer's certificate is compared to the locally saved one and on mismatch the error is logged and the printing does not happen. | To prevent man-in-the-middle attacks between a client and a network IPP printer with encrypted connection, the first time when a new network printer is accessed, the printer's certificate is loaded from the printer and saved locally. On subsequent accesses the printer's certificate is compared to the locally saved one and on mismatch the error is logged and the printing does not happen. | ||
| - | often this happens without ant attck, just on a change of the printer configuration or a printer firmware update. Then theuser screams on internet platforms, ehen they are lucky finds information about this problem and how to remove the old certificate to make the CUPS replace it by the current one and the printer print again. | + | often this happens without an attack, just on a change of the printer configuration or a printer firmware update. Then the user screams on internet platforms, when they are lucky finds information about this problem and how to remove the old certificate to make the CUPS replace it by the current one and the printer print again. |
| To solve this nasty problem, we came to the conclusion to [[https://github.com/OpenPrinting/cups/issues/1072#issuecomment-2537216779|pop up a dialog which allows to remove the certificate file ("Reset certificte") by clicking a button.]]. | To solve this nasty problem, we came to the conclusion to [[https://github.com/OpenPrinting/cups/issues/1072#issuecomment-2537216779|pop up a dialog which allows to remove the certificate file ("Reset certificte") by clicking a button.]]. | ||
| Line 471: | Line 493: | ||
| =====cups-filters: Create OCR filter to deliver scans as searchable PDFs===== | =====cups-filters: Create OCR filter to deliver scans as searchable PDFs===== | ||
| - | 1 contributor half-size (175 hrs), Level of difficulty: Intermediate | + | 1 contributor medium-size (175 hrs), Level of difficulty: Intermediate |
| Scanning with IPP Scan gives the user the possibility to request the scanned image in PDF format. If the IPP Scan server is a Scanner Application, a filter function from cups-filters would convert the the raster image coming from the scanner into PDF. | Scanning with IPP Scan gives the user the possibility to request the scanned image in PDF format. If the IPP Scan server is a Scanner Application, a filter function from cups-filters would convert the the raster image coming from the scanner into PDF. | ||
gsoc/google-summer-code-2025-openprinting-projects.1738006851.txt.gz · Last modified: 2025/01/27 19:40 by ttfish
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
