2.3.3

cups-ppdleak.patch

@@ -0,0 +1,22 @@
+diff --git a/ppdc/ppdc-import.cxx b/ppdc/ppdc-import.cxx
+index 04b587d..60d8834 100644
+--- a/ppdc/ppdc-import.cxx
++++ b/ppdc/ppdc-import.cxx
+@@ -27,7 +27,7 @@ ppdcSource::import_ppd(const char *f)	// I - Filename
+   char		line[256],		// Comment line
+ 		*ptr;			// Pointer into line
+   int		cost;			// Cost for filter
+-  ppd_file_t	*ppd;			// PPD file data
++  ppd_file_t	*ppd = NULL;		// PPD file data
+   ppd_group_t	*group;			// PPD group
+   ppd_option_t	*option;		// PPD option
+   ppd_choice_t	*choice;		// PPD choice
+@@ -323,5 +323,8 @@ ppdcSource::import_ppd(const char *f)	// I - Filename
+     }
+   }
+ 
++  if (ppd)
++    ppdClose(ppd);
++
+   return (1);
+ }

cups-ppdopen-heap-overflow.patch

@@ -1,42 +0,0 @@
-diff --git a/cups/ppd.c b/cups/ppd.c
-index ff52df2e..199cf034 100644
---- a/cups/ppd.c
-+++ b/cups/ppd.c
-@@ -1719,8 +1719,7 @@ _ppdOpen(
-                      constraint->choice1, constraint->option2,
- 		     constraint->choice2))
-       {
--        case 0 : /* Error */
--	case 1 : /* Error */
-+        default : /* Error */
- 	    pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
- 	    goto error;
- 
-diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
-index c25d4966..236c00db 100644
---- a/ppdc/ppdc-source.cxx
-+++ b/ppdc/ppdc-source.cxx
-@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
- 
-   switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
-   {
--    case 0 :
--        _cupsLangPrintf(stderr,
--	                _("ppdc: Bad resolution name \"%s\" on line %d of "
--			  "%s."), name, fp->line, fp->filename);
--        break;
-     case 1 :
-         ydpi = xdpi;
- 	break;
--  }
-+    case 2 :
-+        break;
-+    default :
-+        _cupsLangPrintf(stderr,
-+                  _("ppdc: Bad resolution name \"%s\" on line %d of "
-+        "%s."), name, fp->line, fp->filename);
-+        break;
-+}
- 
-   // Create the necessary PS commands...
-   snprintf(command, sizeof(command),

cups-prioritize-print-color-mode.patch

@@ -0,0 +1,15 @@
+diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
+index 5965e38..94a125a 100644
+--- a/cups/ppd-cache.c
++++ b/cups/ppd-cache.c
+@@ -3735,8 +3735,8 @@ _ppdCreateFromIPP(char   *buffer,	/* I - Filename buffer */
+   */
+ 
+   if ((attr = ippFindAttribute(response, "urf-supported", IPP_TAG_KEYWORD)) == NULL)
+-    if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL)
+-      if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL)
++    if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL)
++      if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL)
+         attr = ippFindAttribute(response, "output-mode-supported", IPP_TAG_KEYWORD);
+ 
+   if (attr)

cups-rastertopwg-crash.patch

@@ -0,0 +1,14 @@
+diff --git a/filter/rastertopwg.c b/filter/rastertopwg.c
+index 1e63e4e..b3a2e87 100644
+--- a/filter/rastertopwg.c
++++ b/filter/rastertopwg.c
+@@ -260,7 +260,8 @@ main(int  argc,				/* I - Number of command-line args */
+     }
+ 
+     if (inheader.cupsPageSizeName[0] &&
+-        (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL)
++        (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL &&
++        pwg_size->map.pwg)
+     {
+       strlcpy(outheader.cupsPageSizeName, pwg_size->map.pwg,
+ 	      sizeof(outheader.cupsPageSizeName));

cups.spec

@@ -14,8 +14,8 @@
 Summary: CUPS printing system
 Name: cups
 Epoch: 1
-Version: 2.3.1
+Version: 2.3.3
-Release: 9%{?dist}
+Release: 1%{?dist}
 License: ASL 2.0 with exceptions for GPL2/LGPL2
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -89,14 +89,23 @@ Patch21: cups-dymo-deviceid.patch
 # 1822154 - cups.service doesn't execute automatically on request
 # https://github.com/apple/cups/issues/5708
 Patch22: cups-autostart-when-enabled.patch
+# needed for correct color support of Canon printers, which
+# reports better options in print-color-mode-supported than
+# in pwg-raster-document-type-supported
+# https://github.com/apple/cups/pull/5722/
+Patch23: cups-prioritize-print-color-mode.patch
+# leaks ppd struct in ppdc
+# https://github.com/apple/cups/pull/5738/
+Patch24: cups-ppdleak.patch
+# crashes with wide roll printers in rastertopwg filter
+# https://github.com/apple/cups/pull/5773/
+Patch25: cups-rastertopwg-crash.patch
 
 # selinux and audit enablement for CUPS - needs work and CUPS upstream wants
 # to have these features implemented their way in the future
 Patch100: cups-lspp.patch
 
 #### UPSTREAM PATCHES ####
-# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
-Patch23: cups-ppdopen-heap-overflow.patch
 
 ##### Patches removed because IMHO they aren't no longer needed
 ##### but still I'll leave them in git in case their removal
@@ -301,10 +310,11 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch21 -p1 -b .dymo-deviceid
 # 1822154 - cups.service doesn't execute automatically on request
 %patch22 -p1 -b .autostart-when-enabled
+%patch23 -p1 -b .print-color-mode
+%patch24 -p1 -b .ppdleak
+%patch25 -p1 -b .rastertopwg-crash
 
 #### UPSTREAMED PATCHES ####
-# 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
-%patch23 -p1 -b .ppdopen-heap-overflow
 
 # removed dbus patch - seems breaking things
 # Fix implementation of com.redhat.PrinterSpooler D-Bus object.
@@ -731,6 +741,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippevepcl.7.gz
 
 %changelog
+* Tue May 19 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3-1
+- 2.3.3
+
 * Tue Apr 21 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.1-9
 - 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c