diff --git a/cups-ppdleak.patch b/cups-ppdleak.patch new file mode 100644 index 0000000..3354f76 --- /dev/null +++ b/cups-ppdleak.patch @@ -0,0 +1,22 @@ +diff --git a/ppdc/ppdc-import.cxx b/ppdc/ppdc-import.cxx +index 04b587d..60d8834 100644 +--- a/ppdc/ppdc-import.cxx ++++ b/ppdc/ppdc-import.cxx +@@ -27,7 +27,7 @@ ppdcSource::import_ppd(const char *f) // I - Filename + char line[256], // Comment line + *ptr; // Pointer into line + int cost; // Cost for filter +- ppd_file_t *ppd; // PPD file data ++ ppd_file_t *ppd = NULL; // PPD file data + ppd_group_t *group; // PPD group + ppd_option_t *option; // PPD option + ppd_choice_t *choice; // PPD choice +@@ -323,5 +323,8 @@ ppdcSource::import_ppd(const char *f) // I - Filename + } + } + ++ if (ppd) ++ ppdClose(ppd); ++ + return (1); + } diff --git a/cups-ppdopen-heap-overflow.patch b/cups-ppdopen-heap-overflow.patch deleted file mode 100644 index 4b725e1..0000000 --- a/cups-ppdopen-heap-overflow.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff --git a/cups/ppd.c b/cups/ppd.c -index ff52df2e..199cf034 100644 ---- a/cups/ppd.c -+++ b/cups/ppd.c -@@ -1719,8 +1719,7 @@ _ppdOpen( - constraint->choice1, constraint->option2, - constraint->choice2)) - { -- case 0 : /* Error */ -- case 1 : /* Error */ -+ default : /* Error */ - pg->ppd_status = PPD_BAD_UI_CONSTRAINTS; - goto error; - -diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx -index c25d4966..236c00db 100644 ---- a/ppdc/ppdc-source.cxx -+++ b/ppdc/ppdc-source.cxx -@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read - - switch (sscanf(name, "%dx%d", &xdpi, &ydpi)) - { -- case 0 : -- _cupsLangPrintf(stderr, -- _("ppdc: Bad resolution name \"%s\" on line %d of " -- "%s."), name, fp->line, fp->filename); -- break; - case 1 : - ydpi = xdpi; - break; -- } -+ case 2 : -+ break; -+ default : -+ _cupsLangPrintf(stderr, -+ _("ppdc: Bad resolution name \"%s\" on line %d of " -+ "%s."), name, fp->line, fp->filename); -+ break; -+} - - // Create the necessary PS commands... - snprintf(command, sizeof(command), diff --git a/cups-prioritize-print-color-mode.patch b/cups-prioritize-print-color-mode.patch new file mode 100644 index 0000000..feb7119 --- /dev/null +++ b/cups-prioritize-print-color-mode.patch @@ -0,0 +1,15 @@ +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index 5965e38..94a125a 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -3735,8 +3735,8 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ + */ + + if ((attr = ippFindAttribute(response, "urf-supported", IPP_TAG_KEYWORD)) == NULL) +- if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL) +- if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL) ++ if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL) ++ if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL) + attr = ippFindAttribute(response, "output-mode-supported", IPP_TAG_KEYWORD); + + if (attr) diff --git a/cups-rastertopwg-crash.patch b/cups-rastertopwg-crash.patch new file mode 100644 index 0000000..4c378b9 --- /dev/null +++ b/cups-rastertopwg-crash.patch @@ -0,0 +1,14 @@ +diff --git a/filter/rastertopwg.c b/filter/rastertopwg.c +index 1e63e4e..b3a2e87 100644 +--- a/filter/rastertopwg.c ++++ b/filter/rastertopwg.c +@@ -260,7 +260,8 @@ main(int argc, /* I - Number of command-line args */ + } + + if (inheader.cupsPageSizeName[0] && +- (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL) ++ (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL && ++ pwg_size->map.pwg) + { + strlcpy(outheader.cupsPageSizeName, pwg_size->map.pwg, + sizeof(outheader.cupsPageSizeName)); diff --git a/cups.spec b/cups.spec index d98329a..176c1c0 100644 --- a/cups.spec +++ b/cups.spec @@ -14,8 +14,8 @@ Summary: CUPS printing system Name: cups Epoch: 1 -Version: 2.3.1 -Release: 9%{?dist} +Version: 2.3.3 +Release: 1%{?dist} License: ASL 2.0 with exceptions for GPL2/LGPL2 Url: http://www.cups.org/ Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz @@ -89,14 +89,23 @@ Patch21: cups-dymo-deviceid.patch # 1822154 - cups.service doesn't execute automatically on request # https://github.com/apple/cups/issues/5708 Patch22: cups-autostart-when-enabled.patch +# needed for correct color support of Canon printers, which +# reports better options in print-color-mode-supported than +# in pwg-raster-document-type-supported +# https://github.com/apple/cups/pull/5722/ +Patch23: cups-prioritize-print-color-mode.patch +# leaks ppd struct in ppdc +# https://github.com/apple/cups/pull/5738/ +Patch24: cups-ppdleak.patch +# crashes with wide roll printers in rastertopwg filter +# https://github.com/apple/cups/pull/5773/ +Patch25: cups-rastertopwg-crash.patch # selinux and audit enablement for CUPS - needs work and CUPS upstream wants # to have these features implemented their way in the future Patch100: cups-lspp.patch #### UPSTREAM PATCHES #### -# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c -Patch23: cups-ppdopen-heap-overflow.patch ##### Patches removed because IMHO they aren't no longer needed ##### but still I'll leave them in git in case their removal @@ -301,10 +310,11 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch21 -p1 -b .dymo-deviceid # 1822154 - cups.service doesn't execute automatically on request %patch22 -p1 -b .autostart-when-enabled +%patch23 -p1 -b .print-color-mode +%patch24 -p1 -b .ppdleak +%patch25 -p1 -b .rastertopwg-crash #### UPSTREAMED PATCHES #### -# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c -%patch23 -p1 -b .ppdopen-heap-overflow # removed dbus patch - seems breaking things # Fix implementation of com.redhat.PrinterSpooler D-Bus object. @@ -731,6 +741,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippevepcl.7.gz %changelog +* Tue May 19 2020 Zdenek Dohnal - 1:2.3.3-1 +- 2.3.3 + * Tue Apr 21 2020 Zdenek Dohnal - 1:2.3.1-9 - 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c