diff --git a/SOURCES/cups-autostart-when-enabled.patch b/SOURCES/cups-autostart-when-enabled.patch new file mode 100644 index 0000000..1cdefb6 --- /dev/null +++ b/SOURCES/cups-autostart-when-enabled.patch @@ -0,0 +1,10 @@ +diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in +index 307d69b..add238b 100644 +--- a/scheduler/org.cups.cupsd.service.in ++++ b/scheduler/org.cups.cupsd.service.in +@@ -10,4 +10,4 @@ Restart=on-failure + + [Install] + Also=cups.socket cups.path +-WantedBy=printer.target ++WantedBy=printer.target multi-user.target diff --git a/SOURCES/cups-memory-consumption.patch b/SOURCES/cups-memory-consumption.patch index 9418f36..5ccfbba 100644 --- a/SOURCES/cups-memory-consumption.patch +++ b/SOURCES/cups-memory-consumption.patch @@ -401,7 +401,7 @@ index 464c09a..cb67468 100644 } } diff --git a/cups/ppd.c b/cups/ppd.c -index 8276988..db849ac 100644 +index 8276988..6782a85 100644 --- a/cups/ppd.c +++ b/cups/ppd.c @@ -34,8 +34,6 @@ @@ -571,7 +571,7 @@ index 8276988..db849ac 100644 /* * Allocate memory for the PPD file record... */ -@@ -651,8 +628,8 @@ _ppdOpen( +@@ -651,12 +628,15 @@ _ppdOpen( { pg->ppd_status = PPD_ALLOC_ERROR; @@ -582,7 +582,14 @@ index 8276988..db849ac 100644 return (NULL); } -@@ -735,6 +712,8 @@ _ppdOpen( + ++ free(string); ++ string = NULL; ++ + ppd->language_level = 2; + ppd->color_device = 0; + ppd->colorspace = PPD_CS_N; +@@ -735,6 +715,8 @@ _ppdOpen( strncmp(ll, keyword, ll_len))) { DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); @@ -591,7 +598,7 @@ index 8276988..db849ac 100644 continue; } else if (localization == _PPD_LOCALIZATION_ICC_PROFILES) -@@ -754,6 +733,8 @@ _ppdOpen( +@@ -754,6 +736,8 @@ _ppdOpen( if (i >= (int)(sizeof(color_keywords) / sizeof(color_keywords[0]))) { DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); @@ -600,7 +607,7 @@ index 8276988..db849ac 100644 continue; } } -@@ -849,7 +830,7 @@ _ppdOpen( +@@ -849,7 +833,7 @@ _ppdOpen( * Say all PPD files are UTF-8, since we convert to UTF-8... */ @@ -609,7 +616,7 @@ index 8276988..db849ac 100644 encoding = _ppdGetEncoding(string); } else if (!strcmp(keyword, "LanguageVersion")) -@@ -870,10 +851,10 @@ _ppdOpen( +@@ -870,10 +854,10 @@ _ppdOpen( cupsCharsetToUTF8(utf8, string, sizeof(utf8), encoding); @@ -622,7 +629,7 @@ index 8276988..db849ac 100644 } else if (!strcmp(keyword, "Product")) ppd->product = string; -@@ -883,17 +864,17 @@ _ppdOpen( +@@ -883,17 +867,17 @@ _ppdOpen( ppd->ttrasterizer = string; else if (!strcmp(keyword, "JCLBegin")) { @@ -643,7 +650,7 @@ index 8276988..db849ac 100644 ppd_decode(ppd->jcl_ps); /* Decode quoted string */ } else if (!strcmp(keyword, "AccurateScreensSupport")) -@@ -961,10 +942,10 @@ _ppdOpen( +@@ -961,10 +945,10 @@ _ppdOpen( ppd->num_filters ++; /* @@ -656,7 +663,7 @@ index 8276988..db849ac 100644 } else if (!strcmp(keyword, "Throughput")) ppd->throughput = atoi(string); -@@ -987,7 +968,7 @@ _ppdOpen( +@@ -987,7 +971,7 @@ _ppdOpen( } ppd->fonts = tempfonts; @@ -665,7 +672,7 @@ index 8276988..db849ac 100644 ppd->num_fonts ++; } else if (!strncmp(keyword, "ParamCustom", 11)) -@@ -1152,7 +1133,7 @@ _ppdOpen( +@@ -1152,7 +1136,7 @@ _ppdOpen( strlcpy(choice->text, text[0] ? text : _("Custom"), sizeof(choice->text)); @@ -674,13 +681,12 @@ index 8276988..db849ac 100644 if (custom_option->section == PPD_ORDER_JCL) ppd_decode(choice->code); -@@ -1201,59 +1182,23 @@ _ppdOpen( +@@ -1201,59 +1185,23 @@ _ppdOpen( else if (!strcmp(string, "Plus90")) ppd->landscape = 90; } - else if (!strcmp(keyword, "Emulators") && string) -+ else if (!strcmp(keyword, "Emulators") && string && ppd->num_emulations == 0) - { +- { - for (count = 1, sptr = string; sptr != NULL;) - if ((sptr = strchr(sptr, ' ')) != NULL) - { @@ -712,7 +718,8 @@ index 8276988..db849ac 100644 - } - } - else if (!strncmp(keyword, "StartEmulator_", 14)) -- { ++ else if (!strcmp(keyword, "Emulators") && string && ppd->num_emulations == 0) + { - ppd_decode(string); + /* + * Issue #5562: Samsung printer drivers incorrectly use Emulators keyword @@ -748,7 +755,7 @@ index 8276988..db849ac 100644 } else if (!strcmp(keyword, "JobPatchFile")) { -@@ -1408,7 +1353,7 @@ _ppdOpen( +@@ -1408,7 +1356,7 @@ _ppdOpen( option->section = PPD_ORDER_ANY; @@ -757,7 +764,7 @@ index 8276988..db849ac 100644 string = NULL; /* -@@ -1436,7 +1381,7 @@ _ppdOpen( +@@ -1436,7 +1384,7 @@ _ppdOpen( strlcpy(choice->text, custom_attr->text[0] ? custom_attr->text : _("Custom"), sizeof(choice->text)); @@ -766,7 +773,7 @@ index 8276988..db849ac 100644 } } else if (!strcmp(keyword, "JCLOpenUI")) -@@ -1515,7 +1460,7 @@ _ppdOpen( +@@ -1515,7 +1463,7 @@ _ppdOpen( option->section = PPD_ORDER_JCL; group = NULL; @@ -775,7 +782,7 @@ index 8276988..db849ac 100644 string = NULL; /* -@@ -1539,14 +1484,14 @@ _ppdOpen( +@@ -1539,14 +1487,14 @@ _ppdOpen( strlcpy(choice->text, custom_attr->text[0] ? custom_attr->text : _("Custom"), sizeof(choice->text)); @@ -792,7 +799,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (!strcmp(keyword, "OpenGroup")) -@@ -1593,14 +1538,14 @@ _ppdOpen( +@@ -1593,14 +1541,14 @@ _ppdOpen( if (group == NULL) goto error; @@ -809,7 +816,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (!strcmp(keyword, "OrderDependency")) -@@ -1658,7 +1603,7 @@ _ppdOpen( +@@ -1658,7 +1606,7 @@ _ppdOpen( option->order = order; } @@ -818,7 +825,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (!strncmp(keyword, "Default", 7)) -@@ -1901,7 +1846,7 @@ _ppdOpen( +@@ -1901,7 +1849,7 @@ _ppdOpen( * Don't add this one as an attribute... */ @@ -827,7 +834,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (!strcmp(keyword, "PaperDimension")) -@@ -1923,7 +1868,7 @@ _ppdOpen( +@@ -1923,7 +1871,7 @@ _ppdOpen( size->width = (float)_cupsStrScand(string, &sptr, loc); size->length = (float)_cupsStrScand(sptr, NULL, loc); @@ -836,7 +843,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (!strcmp(keyword, "ImageableArea")) -@@ -1947,7 +1892,7 @@ _ppdOpen( +@@ -1947,7 +1895,7 @@ _ppdOpen( size->right = (float)_cupsStrScand(sptr, &sptr, loc); size->top = (float)_cupsStrScand(sptr, NULL, loc); @@ -845,7 +852,7 @@ index 8276988..db849ac 100644 string = NULL; } else if (option != NULL && -@@ -2003,7 +1948,7 @@ _ppdOpen( +@@ -2003,7 +1951,7 @@ _ppdOpen( (mask & (PPD_KEYWORD | PPD_STRING)) == (PPD_KEYWORD | PPD_STRING)) ppd_add_attr(ppd, keyword, name, text, string); else @@ -854,7 +861,7 @@ index 8276988..db849ac 100644 } /* -@@ -2016,7 +1961,8 @@ _ppdOpen( +@@ -2016,7 +1964,8 @@ _ppdOpen( goto error; } @@ -864,7 +871,7 @@ index 8276988..db849ac 100644 /* * Reset language preferences... -@@ -2098,8 +2044,8 @@ _ppdOpen( +@@ -2098,8 +2047,8 @@ _ppdOpen( error: @@ -875,7 +882,7 @@ index 8276988..db849ac 100644 ppdClose(ppd); -@@ -2537,9 +2483,9 @@ ppd_free_filters(ppd_file_t *ppd) /* I - PPD file */ +@@ -2537,9 +2486,9 @@ ppd_free_filters(ppd_file_t *ppd) /* I - PPD file */ if (ppd->num_filters > 0) { for (i = ppd->num_filters, filter = ppd->filters; i > 0; i --, filter ++) @@ -887,7 +894,7 @@ index 8276988..db849ac 100644 ppd->num_filters = 0; ppd->filters = NULL; -@@ -2566,7 +2512,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ +@@ -2566,7 +2515,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ i --, option ++) ppd_free_option(option); @@ -896,7 +903,7 @@ index 8276988..db849ac 100644 } if (group->num_subgroups > 0) -@@ -2576,7 +2522,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ +@@ -2576,7 +2525,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ i --, subgroup ++) ppd_free_group(subgroup); @@ -905,7 +912,7 @@ index 8276988..db849ac 100644 } } -@@ -2598,10 +2544,10 @@ ppd_free_option(ppd_option_t *option) /* I - Option to free */ +@@ -2598,10 +2547,10 @@ ppd_free_option(ppd_option_t *option) /* I - Option to free */ i > 0; i --, choice ++) { @@ -918,7 +925,7 @@ index 8276988..db849ac 100644 } } -@@ -3338,7 +3284,7 @@ ppd_read(cups_file_t *fp, /* I - File to read from */ +@@ -3338,7 +3287,7 @@ ppd_read(cups_file_t *fp, /* I - File to read from */ lineptr ++; } @@ -927,7 +934,7 @@ index 8276988..db849ac 100644 mask |= PPD_STRING; } -@@ -3460,7 +3406,7 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */ +@@ -3460,7 +3409,7 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */ filter += ppd->num_filters; ppd->num_filters ++; diff --git a/SOURCES/cups-ppdopen-heap-overflow.patch b/SOURCES/cups-ppdopen-heap-overflow.patch new file mode 100644 index 0000000..4b725e1 --- /dev/null +++ b/SOURCES/cups-ppdopen-heap-overflow.patch @@ -0,0 +1,42 @@ +diff --git a/cups/ppd.c b/cups/ppd.c +index ff52df2e..199cf034 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -1719,8 +1719,7 @@ _ppdOpen( + constraint->choice1, constraint->option2, + constraint->choice2)) + { +- case 0 : /* Error */ +- case 1 : /* Error */ ++ default : /* Error */ + pg->ppd_status = PPD_BAD_UI_CONSTRAINTS; + goto error; + +diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx +index c25d4966..236c00db 100644 +--- a/ppdc/ppdc-source.cxx ++++ b/ppdc/ppdc-source.cxx +@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read + + switch (sscanf(name, "%dx%d", &xdpi, &ydpi)) + { +- case 0 : +- _cupsLangPrintf(stderr, +- _("ppdc: Bad resolution name \"%s\" on line %d of " +- "%s."), name, fp->line, fp->filename); +- break; + case 1 : + ydpi = xdpi; + break; +- } ++ case 2 : ++ break; ++ default : ++ _cupsLangPrintf(stderr, ++ _("ppdc: Bad resolution name \"%s\" on line %d of " ++ "%s."), name, fp->line, fp->filename); ++ break; ++} + + // Create the necessary PS commands... + snprintf(command, sizeof(command), diff --git a/SPECS/cups.spec b/SPECS/cups.spec index e7b121a..2013ff7 100644 --- a/SPECS/cups.spec +++ b/SPECS/cups.spec @@ -15,7 +15,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 2.2.6 -Release: 33%{?dist} +Release: 35%{?dist} License: GPLv2+ and LGPLv2 with exceptions and AML Url: http://www.cups.org/ Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz @@ -89,6 +89,10 @@ Patch50: cups-do-not-advertise-http-methods.patch Patch51: 0001-Multiple-security-disclosure-issues.patch # 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created Patch52: cups-memory-consumption.patch +# 1784884 - cups.service doesn't execute automatically on request +Patch53: cups-autostart-when-enabled.patch +# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c +Patch54: cups-ppdopen-heap-overflow.patch Patch100: cups-lspp.patch @@ -321,6 +325,10 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch51 -p1 -b .cve-in-scheduler # 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created %patch52 -p1 -b .memory-consumption +# 1784884 - cups.service doesn't execute automatically on request +%patch53 -p1 -b .autostart-when-enabled +# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c +%patch54 -p1 -b .ppdopen-heap-overflow sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in @@ -516,7 +524,12 @@ do done %endif -%{_bindir}/rm /var/cache/cups/*.data +%{_bindir}/rm /var/cache/cups/*.data > /dev/null 2>&1 + +if [ -e /etc/systemd/system/printer.target.wants/cups.service ] +then + %{_bindir}/systemctl enable cups.service > /dev/null 2>&1 +fi exit 0 @@ -726,6 +739,18 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Tue Apr 21 2020 Zdenek Dohnal - 1:2.2.6-35 +- 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c + +* Mon Apr 20 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data' + +* Thu Apr 09 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1784884 - cups.service doesn't execute automatically on request + +* Wed Apr 08 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1822135 - _ppdOpen() leaks 'string' variable + * Fri Feb 14 2020 Zdenek Dohnal - 1:2.2.6-33 - fix more memory leaks found by coverity in 1775668