diff --git a/.gitignore b/.gitignore index bd08816..5acdaaa 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /libppd-2.0b4.tar.gz /libppd-2.0rc1.tar.gz /libppd-2.0rc2.tar.gz +/libppd-2.0.0.tar.gz diff --git a/0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch b/0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch deleted file mode 100644 index 86580e1..0000000 --- a/0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 30b35cc751bc312a1f82db849b1c80dbd8d32aa4 Mon Sep 17 00:00:00 2001 -From: Till Kamppeter -Date: Sat, 5 Aug 2023 19:15:16 +0200 -Subject: [PATCH] Decode "JCLToPDFInterpreter" value in ppdEmitJCLPDF() - -In ppdEmitJCLPDF() the "JCLToPDFInterpreter" value from the PPD file -is read out without decoding, producing broken PJL before the PDF -print data output for "classic" (non-driverless) PDF printing. - -Also promoted the static function "ppd_decode()" of ppd/ppd.c into -the API function "ppdDecode()". - -Fixes #24. ---- - ppd/ppd-emit.c | 5 ++++- - ppd/ppd.c | 23 +++++++++++------------ - ppd/ppd.h | 1 + - 3 files changed, 16 insertions(+), 13 deletions(-) - -diff --git a/ppd/ppd-emit.c b/ppd/ppd-emit.c -index a3ea6f12..72c42861 100644 ---- a/ppd/ppd-emit.c -+++ b/ppd/ppd-emit.c -@@ -386,7 +386,7 @@ ppdEmitJCLPDF(ppd_file_t *ppd, // I - PPD file record - // collate? - { - ppd_attr_t *attr; // PPD attribute -- const char *jcl_pdf = NULL; -+ char *jcl_pdf = NULL; - char *ptr; // Pointer into JCL string - char temp[65], // Local title string - displaymsg[33]; // Local display string -@@ -403,7 +403,10 @@ ppdEmitJCLPDF(ppd_file_t *ppd, // I - PPD file record - jcl_pdf = ppd->jcl_pdf; - #else - if ((attr = ppdFindAttr(ppd, "JCLToPDFInterpreter", NULL)) != NULL) -+ { - jcl_pdf = attr->value; -+ ppdDecode(jcl_pdf); // Decode quoted string -+ } - #endif - - if ((!ppd->jcl_ps && hw_copies < 0) || -diff --git a/ppd/ppd.c b/ppd/ppd.c -index 4354efc7..a8c47810 100644 ---- a/ppd/ppd.c -+++ b/ppd/ppd.c -@@ -70,7 +70,6 @@ static int ppd_compare_choices(ppd_choice_t *a, ppd_choice_t *b); - static int ppd_compare_coptions(ppd_coption_t *a, - ppd_coption_t *b); - static int ppd_compare_options(ppd_option_t *a, ppd_option_t *b); --static int ppd_decode(char *string); - static void ppd_free_filters(ppd_file_t *ppd); - static void ppd_free_group(ppd_group_t *group); - static void ppd_free_option(ppd_option_t *option); -@@ -872,23 +871,23 @@ ppdOpenWithLocalization( - else if (!strcmp(keyword, "JCLBegin")) - { - ppd->jcl_begin = strdup(string); -- ppd_decode(ppd->jcl_begin); // Decode quoted string -+ ppdDecode(ppd->jcl_begin); // Decode quoted string - } - else if (!strcmp(keyword, "JCLEnd")) - { - ppd->jcl_end = strdup(string); -- ppd_decode(ppd->jcl_end); // Decode quoted string -+ ppdDecode(ppd->jcl_end); // Decode quoted string - } - else if (!strcmp(keyword, "JCLToPSInterpreter")) - { - ppd->jcl_ps = strdup(string); -- ppd_decode(ppd->jcl_ps); // Decode quoted string -+ ppdDecode(ppd->jcl_ps); // Decode quoted string - } - #if HAVE_CUPS_3_X - else if (!strcmp(keyword, "JCLToPDFInterpreter")) - { - ppd->jcl_pdf = strdup(string); -- ppd_decode(ppd->jcl_pdf); // Decode quoted string -+ ppdDecode(ppd->jcl_pdf); // Decode quoted string - } - #endif - else if (!strcmp(keyword, "AccurateScreensSupport")) -@@ -1164,7 +1163,7 @@ ppdOpenWithLocalization( - choice->code = strdup(string); - - if (custom_option->section == PPD_ORDER_JCL) -- ppd_decode(choice->code); -+ ppdDecode(choice->code); - } - - // -@@ -1628,7 +1627,7 @@ ppdOpenWithLocalization( - // Fix up the text... - // - -- ppd_decode(sptr); -+ ppdDecode(sptr); - - // - // Find/add the group... -@@ -2079,7 +2078,7 @@ ppdOpenWithLocalization( - strlcpy(choice->text, name, sizeof(choice->text)); - - if (option->section == PPD_ORDER_JCL) -- ppd_decode(string); // Decode quoted string -+ ppdDecode(string); // Decode quoted string - - choice->code = string; - string = NULL; // Don't add as an attribute below -@@ -2583,11 +2582,11 @@ ppd_compare_options(ppd_option_t *a, // I - First option - - - // --// 'ppd_decode()' - Decode a string value... -+// 'ppdDecode()' - Decode a string value with hex-encoded characters - // - --static int // O - Length of decoded string --ppd_decode(char *string) // I - String to decode -+int // O - Length of decoded string -+ppdDecode(char *string) // I - String to decode - { - char *inptr, // Input pointer - *outptr; // Output pointer -@@ -3415,7 +3414,7 @@ ppd_read(cups_file_t *fp, // I - File to read from - } - - *textptr = '\0'; -- textlen = ppd_decode(text); -+ textlen = ppdDecode(text); - - if (textlen > PPD_MAX_TEXT && pg->ppd_conform == PPD_CONFORM_STRICT) - { -diff --git a/ppd/ppd.h b/ppd/ppd.h -index 64933091..85a0d317 100644 ---- a/ppd/ppd.h -+++ b/ppd/ppd.h -@@ -721,6 +721,7 @@ extern int ppdResolveConflicts(ppd_file_t *ppd, - cups_option_t **options); - - // **** New in libppd 2.0.0: Formerly CUPS-private functions **** -+extern int ppdDecode(char *string); - extern int ppdConvertOptions(ipp_t *request, - ppd_file_t *ppd, - ppd_cache_t *pc, --- -2.41.0 - diff --git a/0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch b/0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch deleted file mode 100644 index 2ecf93b..0000000 --- a/0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 62d43bb80f8ce5eeae0c71d081532a0be9ff2983 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Fri, 26 May 2023 14:05:00 +0200 -Subject: [PATCH] ppd/ppd-ipp.c: Use make when constructing printer-make-model - attr - -We used only PPD Nickname which does not contain manufacturer in some -drivers (like Utax) when constructing printer-make-and-model IPP -attribute, and then used the attribute when matching with strings -representing manufacturers in filter functions. - -This caused internal hacks for specific printer manufacturers weren't -applied, causing breakage during printing. ---- - ppd/ppd-ipp.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/ppd/ppd-ipp.c b/ppd/ppd-ipp.c -index 59556242..374e8a8e 100644 ---- a/ppd/ppd-ipp.c -+++ b/ppd/ppd-ipp.c -@@ -1381,8 +1381,11 @@ ppdLoadAttributes( - } - - // printer-make-andXS-model -+ char make_model[128]; // Manufacturer and Model value -+ -+ snprintf(make_model, sizeof(make_model), "%s %s", ppd->manufacturer, ppd->nickname); - ippAddString(attrs, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-make-and-model", -- NULL, ppd->nickname); -+ NULL, make_model); - - // printer-resolution-default - ippAddResolution(attrs, IPP_TAG_PRINTER, "printer-resolution-default", --- -2.40.1 - diff --git a/0001-raster-interpret.c-Fix-CVE-2023-4504.patch b/0001-raster-interpret.c-Fix-CVE-2023-4504.patch deleted file mode 100644 index 917bd14..0000000 --- a/0001-raster-interpret.c-Fix-CVE-2023-4504.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 262c909ac5b8676d1c221584c5a760e5e83fae66 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Mon, 4 Sep 2023 17:07:14 +0200 -Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 - -We didn't check for end of buffer if it looks there is an escaped -character - check for NULL terminator there and if found, return NULL -as return value and in `ptr`, because a lone backslash is not -a valid PostScript character. ---- - ppd/raster-interpret.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/ppd/raster-interpret.c b/ppd/raster-interpret.c -index 91f6c0d3..d120d2fc 100644 ---- a/ppd/raster-interpret.c -+++ b/ppd/raster-interpret.c -@@ -1270,7 +1270,19 @@ ppd_scan_ps(_ppd_ps_stack_t *st, // I - Stack - - cur ++; - -- if (*cur == 'b') -+ /* -+ * Return NULL if we reached NULL terminator, a lone backslash -+ * is not a valid character in PostScript. -+ */ -+ -+ if (!*cur) -+ { -+ *ptr = NULL; -+ -+ return (NULL); -+ } -+ -+ if (*cur == 'b') - *valptr++ = '\b'; - else if (*cur == 'f') - *valptr++ = '\f'; --- -2.41.0 - diff --git a/libppd-disable-testppdfile.patch b/libppd-disable-testppdfile.patch deleted file mode 100644 index f01201b..0000000 --- a/libppd-disable-testppdfile.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 4bb9472b..21a2fb45 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -143,6 +143,7 @@ EXTRA_DIST += \ - ppd/test2.ppd \ - ppd/README.md - -+if ENABLE_TESTPPDFILE - # ================ - # PPD test utility - # ================ -@@ -159,6 +160,7 @@ testppdfile_CFLAGS = \ - -I$(srcdir)/ppd/ \ - $(CUPS_CFLAGS) \ - $(LIBCUPSFILTERS_CFLAGS) -+endif - - # =========================== - # ppdc PPD compiler utilities diff --git a/libppd.spec b/libppd.spec index ee72bd5..e7c478d 100644 --- a/libppd.spec +++ b/libppd.spec @@ -1,14 +1,12 @@ %global _hardened_build 1 -%global upstream_version 2.0rc2 - # don't build libppd-tools until CUPS 3.x drops them %bcond_with tools Name: libppd Epoch: 1 -Version: 2.0~rc2 -Release: 4%{?dist} +Version: 2.0.0 +Release: 1%{?dist} Summary: Library for retro-fitting legacy printer drivers # the CUPS exception text is the same as LLVM exception, so using that name with @@ -16,18 +14,10 @@ Summary: Library for retro-fitting legacy printer drivers # https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/A7GFSD6M3GYGSI32L2FC5KB22DUAEQI3/ License: Apache-2.0 WITH LLVM-exception URL: https://github.com/OpenPrinting/libppd -Source0: %{URL}/releases/download/%{upstream_version}/%{name}-%{upstream_version}.tar.gz +Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz # Patches -# https://github.com/OpenPrinting/libppd/pull/18 -Patch0001: libppd-disable-testppdfile.patch -# https://github.com/OpenPrinting/libppd/pull/21 -Patch0002: 0001-ppd-ppd-ipp.c-Use-make-when-constructing-printer-mak.patch -# https://github.com/OpenPrinting/libppd/commit/30b35cc751bc312a1f82db849b1c80dbd8d32aa4 -Patch0003: 0001-Decode-JCLToPDFInterpreter-value-in-ppdEmitJCLPDF.patch -# https://github.com/OpenPrinting/libppd/commit/262c909ac5 -Patch0004: 0001-raster-interpret.c-Fix-CVE-2023-4504.patch # for autogen.sh @@ -105,7 +95,7 @@ PPD files from *.drv files. %endif %prep -%autosetup -n %{name}-%{upstream_version} -S git +%autosetup -S git %build @@ -200,6 +190,9 @@ rm -rf %{buildroot}%{_datadir}/ppdc %endif %changelog +* Thu Oct 19 2023 Zdenek Dohnal - 1:2.0.0-1 +- 2240389 - libppd-2.0.0 is available + * Wed Sep 20 2023 Zdenek Dohnal - 1:2.0~rc2-4 - CVE-2023-4504 libppd: Postscript Parsing Heap Overflow diff --git a/sources b/sources index f79751d..7a23cad 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libppd-2.0rc2.tar.gz) = 6a8e1edefa191649ba02f93099fb1e05e96f3ce4ebe284d0280ed397d60a655c19bca356d92cfeb47a16e02ad456455a79af50a5b47e341699e39f440036f4e9 +SHA512 (libppd-2.0.0.tar.gz) = 9eff31bcb7088f9957b1bb7933619316d66c2f0fbbc1656afc654ba067aab47f2187a15fd6d99a8037edb553bc73d2abf4d4e07fd781e040bdebbc5f0d103f99