rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import cups-2.2.6-35.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-04-24 03:06:24 +00:00 committed by Andrew Lukoshko
parent 78169470c3
commit ccf9b37f8c
4 changed files with 118 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SOURCES/cups-autostart-when-enabled.patch Normal file
View File

@ -0,0 +1,10 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index 307d69b..add238b 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -10,4 +10,4 @@ Restart=on-failure
[Install]
Also=cups.socket cups.path
-WantedBy=printer.target
+WantedBy=printer.target multi-user.target

71
SOURCES/cups-memory-consumption.patch
View File

@ -401,7 +401,7 @@ index 464c09a..cb67468 100644
}
}
diff --git a/cups/ppd.c b/cups/ppd.c
index 8276988..db849ac 100644
index 8276988..6782a85 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -34,8 +34,6 @@
@ -571,7 +571,7 @@ index 8276988..db849ac 100644
/*
* Allocate memory for the PPD file record...
*/
@@ -651,8 +628,8 @@ _ppdOpen(
@@ -651,12 +628,15 @@ _ppdOpen(
{
pg->ppd_status = PPD_ALLOC_ERROR;
@ -582,7 +582,14 @@ index 8276988..db849ac 100644
return (NULL);
}
@@ -735,6 +712,8 @@ _ppdOpen(
+ free(string);
+ string = NULL;
+
ppd->language_level = 2;
ppd->color_device = 0;
ppd->colorspace = PPD_CS_N;
@@ -735,6 +715,8 @@ _ppdOpen(
strncmp(ll, keyword, ll_len)))
{
DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword));
@ -591,7 +598,7 @@ index 8276988..db849ac 100644
continue;
}
else if (localization == _PPD_LOCALIZATION_ICC_PROFILES)
@@ -754,6 +733,8 @@ _ppdOpen(
@@ -754,6 +736,8 @@ _ppdOpen(
if (i >= (int)(sizeof(color_keywords) / sizeof(color_keywords[0])))
{
DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword));
@ -600,7 +607,7 @@ index 8276988..db849ac 100644
continue;
}
}
@@ -849,7 +830,7 @@ _ppdOpen(
@@ -849,7 +833,7 @@ _ppdOpen(
* Say all PPD files are UTF-8, since we convert to UTF-8...
*/
@ -609,7 +616,7 @@ index 8276988..db849ac 100644
encoding = _ppdGetEncoding(string);
}
else if (!strcmp(keyword, "LanguageVersion"))
@@ -870,10 +851,10 @@ _ppdOpen(
@@ -870,10 +854,10 @@ _ppdOpen(
cupsCharsetToUTF8(utf8, string, sizeof(utf8), encoding);
@ -622,7 +629,7 @@ index 8276988..db849ac 100644
}
else if (!strcmp(keyword, "Product"))
ppd->product = string;
@@ -883,17 +864,17 @@ _ppdOpen(
@@ -883,17 +867,17 @@ _ppdOpen(
ppd->ttrasterizer = string;
else if (!strcmp(keyword, "JCLBegin"))
{
@ -643,7 +650,7 @@ index 8276988..db849ac 100644
ppd_decode(ppd->jcl_ps); /* Decode quoted string */
}
else if (!strcmp(keyword, "AccurateScreensSupport"))
@@ -961,10 +942,10 @@ _ppdOpen(
@@ -961,10 +945,10 @@ _ppdOpen(
ppd->num_filters ++;
/*
@ -656,7 +663,7 @@ index 8276988..db849ac 100644
}
else if (!strcmp(keyword, "Throughput"))
ppd->throughput = atoi(string);
@@ -987,7 +968,7 @@ _ppdOpen(
@@ -987,7 +971,7 @@ _ppdOpen(
}
ppd->fonts = tempfonts;
@ -665,7 +672,7 @@ index 8276988..db849ac 100644
ppd->num_fonts ++;
}
else if (!strncmp(keyword, "ParamCustom", 11))
@@ -1152,7 +1133,7 @@ _ppdOpen(
@@ -1152,7 +1136,7 @@ _ppdOpen(
strlcpy(choice->text, text[0] ? text : _("Custom"),
sizeof(choice->text));
@ -674,13 +681,12 @@ index 8276988..db849ac 100644
if (custom_option->section == PPD_ORDER_JCL)
ppd_decode(choice->code);
@@ -1201,59 +1182,23 @@ _ppdOpen(
@@ -1201,59 +1185,23 @@ _ppdOpen(
else if (!strcmp(string, "Plus90"))
ppd->landscape = 90;
}
- else if (!strcmp(keyword, "Emulators") && string)
+ else if (!strcmp(keyword, "Emulators") && string && ppd->num_emulations == 0)
{
- {
- for (count = 1, sptr = string; sptr != NULL;)
- if ((sptr = strchr(sptr, ' ')) != NULL)
- {
@ -712,7 +718,8 @@ index 8276988..db849ac 100644
- }
- }
- else if (!strncmp(keyword, "StartEmulator_", 14))
- {
+ else if (!strcmp(keyword, "Emulators") && string && ppd->num_emulations == 0)
{
- ppd_decode(string);
+ /*
+ * Issue #5562: Samsung printer drivers incorrectly use Emulators keyword
@ -748,7 +755,7 @@ index 8276988..db849ac 100644
}
else if (!strcmp(keyword, "JobPatchFile"))
{
@@ -1408,7 +1353,7 @@ _ppdOpen(
@@ -1408,7 +1356,7 @@ _ppdOpen(
option->section = PPD_ORDER_ANY;
@ -757,7 +764,7 @@ index 8276988..db849ac 100644
string = NULL;
/*
@@ -1436,7 +1381,7 @@ _ppdOpen(
@@ -1436,7 +1384,7 @@ _ppdOpen(
strlcpy(choice->text,
custom_attr->text[0] ? custom_attr->text : _("Custom"),
sizeof(choice->text));
@ -766,7 +773,7 @@ index 8276988..db849ac 100644
}
}
else if (!strcmp(keyword, "JCLOpenUI"))
@@ -1515,7 +1460,7 @@ _ppdOpen(
@@ -1515,7 +1463,7 @@ _ppdOpen(
option->section = PPD_ORDER_JCL;
group = NULL;
@ -775,7 +782,7 @@ index 8276988..db849ac 100644
string = NULL;
/*
@@ -1539,14 +1484,14 @@ _ppdOpen(
@@ -1539,14 +1487,14 @@ _ppdOpen(
strlcpy(choice->text,
custom_attr->text[0] ? custom_attr->text : _("Custom"),
sizeof(choice->text));
@ -792,7 +799,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (!strcmp(keyword, "OpenGroup"))
@@ -1593,14 +1538,14 @@ _ppdOpen(
@@ -1593,14 +1541,14 @@ _ppdOpen(
if (group == NULL)
goto error;
@ -809,7 +816,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (!strcmp(keyword, "OrderDependency"))
@@ -1658,7 +1603,7 @@ _ppdOpen(
@@ -1658,7 +1606,7 @@ _ppdOpen(
option->order = order;
}
@ -818,7 +825,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (!strncmp(keyword, "Default", 7))
@@ -1901,7 +1846,7 @@ _ppdOpen(
@@ -1901,7 +1849,7 @@ _ppdOpen(
* Don't add this one as an attribute...
*/
@ -827,7 +834,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (!strcmp(keyword, "PaperDimension"))
@@ -1923,7 +1868,7 @@ _ppdOpen(
@@ -1923,7 +1871,7 @@ _ppdOpen(
size->width = (float)_cupsStrScand(string, &sptr, loc);
size->length = (float)_cupsStrScand(sptr, NULL, loc);
@ -836,7 +843,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (!strcmp(keyword, "ImageableArea"))
@@ -1947,7 +1892,7 @@ _ppdOpen(
@@ -1947,7 +1895,7 @@ _ppdOpen(
size->right = (float)_cupsStrScand(sptr, &sptr, loc);
size->top = (float)_cupsStrScand(sptr, NULL, loc);
@ -845,7 +852,7 @@ index 8276988..db849ac 100644
string = NULL;
}
else if (option != NULL &&
@@ -2003,7 +1948,7 @@ _ppdOpen(
@@ -2003,7 +1951,7 @@ _ppdOpen(
(mask & (PPD_KEYWORD | PPD_STRING)) == (PPD_KEYWORD | PPD_STRING))
ppd_add_attr(ppd, keyword, name, text, string);
else
@ -854,7 +861,7 @@ index 8276988..db849ac 100644
}
/*
@@ -2016,7 +1961,8 @@ _ppdOpen(
@@ -2016,7 +1964,8 @@ _ppdOpen(
goto error;
}
@ -864,7 +871,7 @@ index 8276988..db849ac 100644
/*
* Reset language preferences...
@@ -2098,8 +2044,8 @@ _ppdOpen(
@@ -2098,8 +2047,8 @@ _ppdOpen(
error:
@ -875,7 +882,7 @@ index 8276988..db849ac 100644
ppdClose(ppd);
@@ -2537,9 +2483,9 @@ ppd_free_filters(ppd_file_t *ppd) /* I - PPD file */
@@ -2537,9 +2486,9 @@ ppd_free_filters(ppd_file_t *ppd) /* I - PPD file */
if (ppd->num_filters > 0)
{
for (i = ppd->num_filters, filter = ppd->filters; i > 0; i --, filter ++)
@ -887,7 +894,7 @@ index 8276988..db849ac 100644
ppd->num_filters = 0;
ppd->filters = NULL;
@@ -2566,7 +2512,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */
@@ -2566,7 +2515,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */
i --, option ++)
ppd_free_option(option);
@ -896,7 +903,7 @@ index 8276988..db849ac 100644
}
if (group->num_subgroups > 0)
@@ -2576,7 +2522,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */
@@ -2576,7 +2525,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */
i --, subgroup ++)
ppd_free_group(subgroup);
@ -905,7 +912,7 @@ index 8276988..db849ac 100644
}
}
@@ -2598,10 +2544,10 @@ ppd_free_option(ppd_option_t *option) /* I - Option to free */
@@ -2598,10 +2547,10 @@ ppd_free_option(ppd_option_t *option) /* I - Option to free */
i > 0;
i --, choice ++)
{
@ -918,7 +925,7 @@ index 8276988..db849ac 100644
}
}
@@ -3338,7 +3284,7 @@ ppd_read(cups_file_t *fp, /* I - File to read from */
@@ -3338,7 +3287,7 @@ ppd_read(cups_file_t *fp, /* I - File to read from */
lineptr ++;
}
@ -927,7 +934,7 @@ index 8276988..db849ac 100644
mask |= PPD_STRING;
}
@@ -3460,7 +3406,7 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
@@ -3460,7 +3409,7 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
filter += ppd->num_filters;
ppd->num_filters ++;

42
SOURCES/cups-ppdopen-heap-overflow.patch Normal file
View File

@ -0,0 +1,42 @@
diff --git a/cups/ppd.c b/cups/ppd.c
index ff52df2e..199cf034 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1719,8 +1719,7 @@ _ppdOpen(
constraint->choice1, constraint->option2,
constraint->choice2))
{
- case 0 : /* Error */
- case 1 : /* Error */
+ default : /* Error */
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
goto error;
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index c25d4966..236c00db 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
{
- case 0 :
- _cupsLangPrintf(stderr,
- _("ppdc: Bad resolution name \"%s\" on line %d of "
- "%s."), name, fp->line, fp->filename);
- break;
case 1 :
ydpi = xdpi;
break;
- }
+ case 2 :
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
+ "%s."), name, fp->line, fp->filename);
+ break;
+}
// Create the necessary PS commands...
snprintf(command, sizeof(command),

29
SPECS/cups.spec
View File

@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
Release: 33%{?dist}
Release: 35%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -89,6 +89,10 @@ Patch50: cups-do-not-advertise-http-methods.patch
Patch51: 0001-Multiple-security-disclosure-issues.patch
# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created
Patch52: cups-memory-consumption.patch
# 1784884 - cups.service doesn't execute automatically on request
Patch53: cups-autostart-when-enabled.patch
# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
Patch54: cups-ppdopen-heap-overflow.patch
Patch100: cups-lspp.patch
@ -321,6 +325,10 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch51 -p1 -b .cve-in-scheduler
# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created
%patch52 -p1 -b .memory-consumption
# 1784884 - cups.service doesn't execute automatically on request
%patch53 -p1 -b .autostart-when-enabled
# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
%patch54 -p1 -b .ppdopen-heap-overflow
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -516,7 +524,12 @@ do
done
%endif
%{_bindir}/rm /var/cache/cups/*.data
%{_bindir}/rm /var/cache/cups/*.data > /dev/null 2>&1
if [ -e /etc/systemd/system/printer.target.wants/cups.service ]
then
%{_bindir}/systemctl enable cups.service > /dev/null 2>&1
fi
exit 0
@ -726,6 +739,18 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Tue Apr 21 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-35
- 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
* Mon Apr 20 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data'
* Thu Apr 09 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1784884 - cups.service doesn't execute automatically on request
* Wed Apr 08 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1822135 - _ppdOpen() leaks 'string' variable
* Fri Feb 14 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-33
- fix more memory leaks found by coverity in 1775668