rpms/libppd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

2240389 - libppd-2.0.0 is available

Browse Source
This commit is contained in:
Zdenek Dohnal 2023-10-19 09:02:20 +02:00
parent 719bc77110
commit a20bae3fcb
7 changed files with 9 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
/libppd-2.0b4.tar.gz
/libppd-2.0rc1.tar.gz
/libppd-2.0rc2.tar.gz
/libppd-2.0.0.tar.gz

149
0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch
View File

@ -1,149 +0,0 @@
From 30b35cc751bc312a1f82db849b1c80dbd8d32aa4 Mon Sep 17 00:00:00 2001
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Sat, 5 Aug 2023 19:15:16 +0200
Subject: [PATCH] Decode "JCLToPDFInterpreter" value in ppdEmitJCLPDF()
In ppdEmitJCLPDF() the "JCLToPDFInterpreter" value from the PPD file
is read out without decoding, producing broken PJL before the PDF
print data output for "classic" (non-driverless) PDF printing.
Also promoted the static function "ppd_decode()" of ppd/ppd.c into
the API function "ppdDecode()".
Fixes #24.
---
ppd/ppd-emit.c | 5 ++++-
ppd/ppd.c | 23 +++++++++++------------
ppd/ppd.h | 1 +
3 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/ppd/ppd-emit.c b/ppd/ppd-emit.c
index a3ea6f12..72c42861 100644
--- a/ppd/ppd-emit.c
+++ b/ppd/ppd-emit.c
@@ -386,7 +386,7 @@ ppdEmitJCLPDF(ppd_file_t *ppd, // I - PPD file record
// collate?
{
ppd_attr_t *attr; // PPD attribute
- const char *jcl_pdf = NULL;
+ char *jcl_pdf = NULL;
char *ptr; // Pointer into JCL string
char temp[65], // Local title string
displaymsg[33]; // Local display string
@@ -403,7 +403,10 @@ ppdEmitJCLPDF(ppd_file_t *ppd, // I - PPD file record
jcl_pdf = ppd->jcl_pdf;
#else
if ((attr = ppdFindAttr(ppd, "JCLToPDFInterpreter", NULL)) != NULL)
+ {
jcl_pdf = attr->value;
+ ppdDecode(jcl_pdf); // Decode quoted string
+ }
#endif
if ((!ppd->jcl_ps && hw_copies < 0) ||
diff --git a/ppd/ppd.c b/ppd/ppd.c
index 4354efc7..a8c47810 100644
--- a/ppd/ppd.c
+++ b/ppd/ppd.c
@@ -70,7 +70,6 @@ static int ppd_compare_choices(ppd_choice_t *a, ppd_choice_t *b);
static int ppd_compare_coptions(ppd_coption_t *a,
ppd_coption_t *b);
static int ppd_compare_options(ppd_option_t *a, ppd_option_t *b);
-static int ppd_decode(char *string);
static void ppd_free_filters(ppd_file_t *ppd);
static void ppd_free_group(ppd_group_t *group);
static void ppd_free_option(ppd_option_t *option);
@@ -872,23 +871,23 @@ ppdOpenWithLocalization(
else if (!strcmp(keyword, "JCLBegin"))
{
ppd->jcl_begin = strdup(string);
- ppd_decode(ppd->jcl_begin); // Decode quoted string
+ ppdDecode(ppd->jcl_begin); // Decode quoted string
}
else if (!strcmp(keyword, "JCLEnd"))
{
ppd->jcl_end = strdup(string);
- ppd_decode(ppd->jcl_end); // Decode quoted string
+ ppdDecode(ppd->jcl_end); // Decode quoted string
}
else if (!strcmp(keyword, "JCLToPSInterpreter"))
{
ppd->jcl_ps = strdup(string);
- ppd_decode(ppd->jcl_ps); // Decode quoted string
+ ppdDecode(ppd->jcl_ps); // Decode quoted string
}
#if HAVE_CUPS_3_X
else if (!strcmp(keyword, "JCLToPDFInterpreter"))
{
ppd->jcl_pdf = strdup(string);
- ppd_decode(ppd->jcl_pdf); // Decode quoted string
+ ppdDecode(ppd->jcl_pdf); // Decode quoted string
}
#endif
else if (!strcmp(keyword, "AccurateScreensSupport"))
@@ -1164,7 +1163,7 @@ ppdOpenWithLocalization(
choice->code = strdup(string);
if (custom_option->section == PPD_ORDER_JCL)
- ppd_decode(choice->code);
+ ppdDecode(choice->code);
}
//
@@ -1628,7 +1627,7 @@ ppdOpenWithLocalization(
// Fix up the text...
//
- ppd_decode(sptr);
+ ppdDecode(sptr);
//
// Find/add the group...
@@ -2079,7 +2078,7 @@ ppdOpenWithLocalization(
strlcpy(choice->text, name, sizeof(choice->text));
if (option->section == PPD_ORDER_JCL)
- ppd_decode(string); // Decode quoted string
+ ppdDecode(string); // Decode quoted string
choice->code = string;
string = NULL; // Don't add as an attribute below
@@ -2583,11 +2582,11 @@ ppd_compare_options(ppd_option_t *a, // I - First option
//
-// 'ppd_decode()' - Decode a string value...
+// 'ppdDecode()' - Decode a string value with hex-encoded characters
//
-static int // O - Length of decoded string
-ppd_decode(char *string) // I - String to decode
+int // O - Length of decoded string
+ppdDecode(char *string) // I - String to decode
{
char *inptr, // Input pointer
*outptr; // Output pointer
@@ -3415,7 +3414,7 @@ ppd_read(cups_file_t *fp, // I - File to read from
}
*textptr = '\0';
- textlen = ppd_decode(text);
+ textlen = ppdDecode(text);
if (textlen > PPD_MAX_TEXT && pg->ppd_conform == PPD_CONFORM_STRICT)
{
diff --git a/ppd/ppd.h b/ppd/ppd.h
index 64933091..85a0d317 100644
--- a/ppd/ppd.h
+++ b/ppd/ppd.h
@@ -721,6 +721,7 @@ extern int ppdResolveConflicts(ppd_file_t *ppd,
cups_option_t **options);
// **** New in libppd 2.0.0: Formerly CUPS-private functions ****
+extern int ppdDecode(char *string);
extern int ppdConvertOptions(ipp_t *request,
ppd_file_t *ppd,
ppd_cache_t *pc,
--
2.41.0

37
0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch
View File

@ -1,37 +0,0 @@
From 62d43bb80f8ce5eeae0c71d081532a0be9ff2983 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 26 May 2023 14:05:00 +0200
Subject: [PATCH] ppd/ppd-ipp.c: Use make when constructing printer-make-model
attr
We used only PPD Nickname which does not contain manufacturer in some
drivers (like Utax) when constructing printer-make-and-model IPP
attribute, and then used the attribute when matching with strings
representing manufacturers in filter functions.
This caused internal hacks for specific printer manufacturers weren't
applied, causing breakage during printing.
---
ppd/ppd-ipp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ppd/ppd-ipp.c b/ppd/ppd-ipp.c
index 59556242..374e8a8e 100644
--- a/ppd/ppd-ipp.c
+++ b/ppd/ppd-ipp.c
@@ -1381,8 +1381,11 @@ ppdLoadAttributes(
}
// printer-make-andXS-model
+ char make_model[128]; // Manufacturer and Model value
+
+ snprintf(make_model, sizeof(make_model), "%s %s", ppd->manufacturer, ppd->nickname);
ippAddString(attrs, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-make-and-model",
- NULL, ppd->nickname);
+ NULL, make_model);
// printer-resolution-default
ippAddResolution(attrs, IPP_TAG_PRINTER, "printer-resolution-default",
--
2.40.1

41
0001-raster-interpret.c-Fix-CVE-2023-4504.patch
View File

@ -1,41 +0,0 @@
From 262c909ac5b8676d1c221584c5a760e5e83fae66 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 4 Sep 2023 17:07:14 +0200
Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504
We didn't check for end of buffer if it looks there is an escaped
character - check for NULL terminator there and if found, return NULL
as return value and in `ptr`, because a lone backslash is not
a valid PostScript character.
---
ppd/raster-interpret.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/ppd/raster-interpret.c b/ppd/raster-interpret.c
index 91f6c0d3..d120d2fc 100644
--- a/ppd/raster-interpret.c
+++ b/ppd/raster-interpret.c
@@ -1270,7 +1270,19 @@ ppd_scan_ps(_ppd_ps_stack_t *st, // I - Stack
cur ++;
- if (*cur == 'b')
+ /*
+ * Return NULL if we reached NULL terminator, a lone backslash
+ * is not a valid character in PostScript.
+ */
+
+ if (!*cur)
+ {
+ *ptr = NULL;
+
+ return (NULL);
+ }
+
+ if (*cur == 'b')
*valptr++ = '\b';
else if (*cur == 'f')
*valptr++ = '\f';
--
2.41.0

20
libppd-disable-testppdfile.patch
View File

@ -1,20 +0,0 @@
diff --git a/Makefile.am b/Makefile.am
index 4bb9472b..21a2fb45 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -143,6 +143,7 @@ EXTRA_DIST += \
ppd/test2.ppd \
ppd/README.md
+if ENABLE_TESTPPDFILE
# ================
# PPD test utility
# ================
@@ -159,6 +160,7 @@ testppdfile_CFLAGS = \
-I$(srcdir)/ppd/ \
$(CUPS_CFLAGS) \
$(LIBCUPSFILTERS_CFLAGS)
+endif
# ===========================
# ppdc PPD compiler utilities

21
libppd.spec
View File

@ -1,14 +1,12 @@
%global _hardened_build 1
%global upstream_version 2.0rc2
# don't build libppd-tools until CUPS 3.x drops them
%bcond_with tools
Name: libppd
Epoch: 1
Version: 2.0~rc2
Release: 4%{?dist}
Version: 2.0.0
Release: 1%{?dist}
Summary: Library for retro-fitting legacy printer drivers
# the CUPS exception text is the same as LLVM exception, so using that name with
@ -16,18 +14,10 @@ Summary: Library for retro-fitting legacy printer drivers
# https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/A7GFSD6M3GYGSI32L2FC5KB22DUAEQI3/
License: Apache-2.0 WITH LLVM-exception
URL: https://github.com/OpenPrinting/libppd
Source0: %{URL}/releases/download/%{upstream_version}/%{name}-%{upstream_version}.tar.gz
Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz
# Patches
# https://github.com/OpenPrinting/libppd/pull/18
Patch0001: libppd-disable-testppdfile.patch
# https://github.com/OpenPrinting/libppd/pull/21
Patch0002: 0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch
# https://github.com/OpenPrinting/libppd/commit/30b35cc751bc312a1f82db849b1c80dbd8d32aa4
Patch0003: 0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch
# https://github.com/OpenPrinting/libppd/commit/262c909ac5
Patch0004: 0001-raster-interpret.c-Fix-CVE-2023-4504.patch
# for autogen.sh
@ -105,7 +95,7 @@ PPD files from *.drv files.
%endif
%prep
%autosetup -n %{name}-%{upstream_version} -S git
%autosetup -S git
%build
@ -200,6 +190,9 @@ rm -rf %{buildroot}%{_datadir}/ppdc
%endif
%changelog
* Thu Oct 19 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-1
- 2240389 - libppd-2.0.0 is available
* Wed Sep 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~rc2-4
- CVE-2023-4504 libppd: Postscript Parsing Heap Overflow

2
sources
View File

@ -1 +1 @@
SHA512 (libppd-2.0rc2.tar.gz) = 6a8e1edefa191649ba02f93099fb1e05e96f3ce4ebe284d0280ed397d60a655c19bca356d92cfeb47a16e02ad456455a79af50a5b47e341699e39f440036f4e9
SHA512 (libppd-2.0.0.tar.gz) = 9eff31bcb7088f9957b1bb7933619316d66c2f0fbbc1656afc654ba067aab47f2187a15fd6d99a8037edb553bc73d2abf4d4e07fd781e040bdebbc5f0d103f99