- up to 1.28.17

- changing Source0 to github page

diff --git a/cups-filters-1.28.17-CVE-2023-24805.patch b/cups-filters-1.28.17-CVE-2023-24805.patch
new file mode 100644 (file)
index 0000000..58b5625
--- /dev/null
+++ b/cups-filters-1.28.17-CVE-2023-24805.patch
@@ -0,0 +1,225 @@
+Modified version from:
+
+  https://packages.debian.org/de/sid/cups-filters
+
+  From: Thorsten Alteholz <debian@alteholz.de>
+  Date: Fri, 19 May 2023 10:49:35 +0200
+  Subject: fix CVE-2023-24805
+
+Original patch:
+
+https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65
+
+From 8f274035756c04efeb77eb654e9d4c4447287d65 Mon Sep 17 00:00:00 2001
+From: Till Kamppeter <till.kamppeter@gmail.com>
+Date: Wed, 17 May 2023 11:12:37 +0200
+Subject: [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x
+
+* beh backend: Use execv() instead of system() - CVE-2023-24805
+
+With execv() command line arguments are passed as separate strings and
+not the full command line in a single string. This prevents arbitrary
+command execution by escaping the quoting of the arguments in a job
+with forged job title.
+
+* beh backend: Extra checks against odd/forged input - CVE-2023-24805
+
+- Do not allow '/' in the scheme of the URI (= backend executable
+  name), to assure that only backends inside /usr/lib/cups/backend/
+  are used.
+
+- Pre-define scheme buffer to empty string, to be defined for case of
+  uri being NULL.
+
+- URI must have ':', to split off scheme, otherwise error.
+
+- Check return value of snprintf() to create call path for backend, to
+  error out on truncation of a too long scheme or on complete failure
+  due to a completely odd scheme.
+
+* beh backend: Further improvements - CVE-2023-24805
+
+- Use strncat() instead of strncpy() for getting scheme from URI, the latter
+  does not require setting terminating zero byte in case of truncation.
+
+- Also exclude "." or ".." as scheme, as directories are not valid CUPS
+  backends.
+
+- Do not use fprintf() in sigterm_handler(), to not interfere with a
+  fprintf() which could be running in the main process when
+  sigterm_handler() is triggered.
+
+- Use "static volatile int" for global variable job_canceled.
+
+---
+ backend/beh.c | 107 +++++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 84 insertions(+), 23 deletions(-)
+
+diff --git a/backend/beh.c b/backend/beh.c
+index 225fd27..8d51235 100644
+--- a/backend/beh.c
++++ b/backend/beh.c
+@@ -22,12 +22,13 @@
+ #include "backend-private.h"
+ #include <cups/array.h>
+ #include <ctype.h>
++#include <sys/wait.h>
+ 
+ /*
+  * Local globals...
+  */
+ 
+-static int            job_canceled = 0; /* Set to 1 on SIGTERM */
++static volatile int   job_canceled = 0; /* Set to 1 on SIGTERM */
+ 
+ /*
+  * Local functions...
+@@ -213,21 +214,40 @@ call_backend(char *uri,                 /* I - URI of final destination */
+            char **argv,               /* I - Command-line arguments */
+            char *filename) {          /* I - File name of input data */
+   const char  *cups_serverbin;        /* Location of programs */
++  char          *backend_argv[8];     /* Arguments for backend */
+   char                scheme[1024],           /* Scheme from URI */
+                 *ptr,                 /* Pointer into scheme */
+-              cmdline[65536];         /* Backend command line */
+-  int           retval;
++              backend_path[2048];     /* Backend path */
++  int           pid = 0,              /* Process ID of backend */
++                wait_pid,             /* Process ID from wait() */
++                wait_status,          /* Status from child */
++                retval = 0;
++  int           bytes;
+ 
+  /*
+   * Build the backend command line...
+   */
+ 
+-  strncpy(scheme, uri, sizeof(scheme) - 1);
+-  if (strlen(uri) > 1023)
+-    scheme[1023] = '\0';
++  scheme[0] = '\0';
++  strncat(scheme, uri, sizeof(scheme) - 1);
+   if ((ptr = strchr(scheme, ':')) != NULL)
+     *ptr = '\0';
+-
++  else {
++    fprintf(stderr,
++          "ERROR: beh: Invalid URI, no colon (':') to mark end of scheme part.\n");
++    exit (CUPS_BACKEND_FAILED);
++  }
++  if (strchr(scheme, '/')) {
++    fprintf(stderr,
++          "ERROR: beh: Invalid URI, scheme contains a slash ('/').\n");
++    exit (CUPS_BACKEND_FAILED);
++  }
++  if (!strcmp(scheme, ".") || !strcmp(scheme, "..")) {
++    fprintf(stderr,
++          "ERROR: beh: Invalid URI, scheme (\"%s\") is a directory.\n",
++          scheme);
++    exit (CUPS_BACKEND_FAILED);
++  }
+   if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
+     cups_serverbin = CUPS_SERVERBIN;
+ 
+@@ -235,16 +255,29 @@ call_backend(char *uri,                 /* I - URI of final destination */
+     fprintf(stderr,
+           "ERROR: beh: Direct output into a file not supported.\n");
+     exit (CUPS_BACKEND_FAILED);
+-  } else
+-    snprintf(cmdline, sizeof(cmdline),
+-           "%s/backend/%s '%s' '%s' '%s' '%s' '%s' %s",
+-           cups_serverbin, scheme, argv[1], argv[2], argv[3],
+-           /* Apply number of copies only if beh was called with a
+-              file name and not with the print data in stdin, as
+-              backends should handle copies only if they are called
+-              with a file name */
+-           (argc == 6 ? "1" : argv[4]),
+-           argv[5], filename);
++  }
++
++  backend_argv[0] = uri;
++  backend_argv[1] = argv[1];
++  backend_argv[2] = argv[2];
++  backend_argv[3] = argv[3];
++  /* Apply number of copies only if beh was called with a file name
++     and not with the print data in stdin, as backends should handle
++     copies only if they are called with a file name */
++  backend_argv[4] = (argc == 6 ? "1" : argv[4]);
++  backend_argv[5] = argv[5];
++  backend_argv[6] = filename;
++  backend_argv[7] = NULL;
++
++  bytes = snprintf(backend_path, sizeof(backend_path),
++                 "%s/backend/%s", cups_serverbin, scheme);
++  if (bytes < 0 || bytes >= sizeof(backend_path))
++  {
++    fprintf(stderr,
++          "ERROR: beh: Invalid scheme (\"%s\"), could not determing backend path.\n",
++          scheme);
++    return (CUPS_BACKEND_FAILED);
++  }
+ 
+  /*
+   * Overwrite the device URI and run the actual backend...
+@@ -253,18 +286,44 @@ call_backend(char *uri,                 /* I - URI of final destination */
+   setenv("DEVICE_URI", uri, 1);
+ 
+   fprintf(stderr,
+-        "DEBUG: beh: Executing backend command line \"%s\"...\n",
+-        cmdline);
++        "DEBUG: beh: Executing backend command line \"%s '%s' '%s' '%s' '%s' '%s' %s\"...\n",
++        backend_path, backend_argv[1], backend_argv[2], backend_argv[3],
++        backend_argv[4], backend_argv[5], backend_argv[6]);
+   fprintf(stderr,
+         "DEBUG: beh: Using device URI: %s\n",
+         uri);
+ 
+-  retval = system(cmdline) >> 8;
++  if ((pid = fork()) == 0) {
++   /*
++    * Child comes here...
++    */
++
++    /* Run the backend */
++    execv(backend_path, backend_argv);
+ 
+-  if (retval == -1)
+     fprintf(stderr, "ERROR: Unable to execute backend command line: %s\n",
+           strerror(errno));
+ 
++    exit(1);
++  } else if (pid < 0) {
++   /*
++    * Unable to fork!
++    */
++
++    return (CUPS_BACKEND_FAILED);
++  }
++
++  while ((wait_pid = wait(&wait_status)) < 0 && errno == EINTR);
++
++  if (wait_pid >= 0 && wait_status) {
++    if (WIFEXITED(wait_status))
++      retval = WEXITSTATUS(wait_status);
++    else if (WTERMSIG(wait_status) != SIGTERM)
++      retval = WTERMSIG(wait_status);
++    else
++      retval = 0;
++  }
++
+   return (retval);
+ }
+ 
+@@ -277,8 +336,10 @@ static void
+ sigterm_handler(int sig) {            /* I - Signal number (unused) */
+   (void)sig;
+ 
+-  fprintf(stderr,
+-        "DEBUG: beh: Job canceled.\n");
++  const char * const msg = "DEBUG: beh: Job canceled.\n";
++  /* The if() is to eliminate the return value and silence the warning
++     about an unused return value. */
++  if (write(2, msg, strlen(msg)));
+ 
+   if (job_canceled)
+     _exit(CUPS_BACKEND_OK);

diff --git a/cups-filters-1.28.17-c++17.patch b/cups-filters-1.28.17-c++17.patch
new file mode 100644 (file)
index 0000000..ce70ce5
--- /dev/null
+++ b/cups-filters-1.28.17-c++17.patch
@@ -0,0 +1,28 @@
+
+From 104fba23b1c0c67c92777b3165c6dca99558a656 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 6 Feb 2023 18:13:52 -0800
+Subject: [PATCH] use noexcept(false) instead of throw() from c++17 onwards
+
+C++17 removed dynamic exception specifications [1]
+they had been deprecated since C++11, replace
+throw(whatever) with noexcept(false).
+
+[1] https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/filter/pdftoraster.cxx
++++ b/filter/pdftoraster.cxx
+@@ -2148,7 +2148,11 @@ int main(int argc, char *argv[]) {
+ /* For compatibility with g++ >= 4.7 compilers _GLIBCXX_THROW
+  *  should be used as a guard, otherwise use traditional definition */
+ #ifndef _GLIBCXX_THROW
++#if __cplusplus < 201703L
+ #define _GLIBCXX_THROW throw
++#else
++#define _GLIBCXX_THROW(x) noexcept(false)
++#endif
+ #endif
+ 
+ void * operator new(size_t size) _GLIBCXX_THROW (std::bad_alloc)
+

diff --git a/cups-filters.spec b/cups-filters.spec
index e460c6f8f321a9bd4660f76b9e92b07258259e47..b418b7acdd1103e97fdaf183bc457b93f1c6bb7e 100644 (file)
--- a/cups-filters.spec
+++ b/cups-filters.spec
@@ -11,8 +11,8 @@
 Summary:       OpenPrinting CUPS filters and backends
 Summary(pl.UTF-8):     Filtry i backendy CUPS-a z projektu OpenPrinting
 Name:          cups-filters
-Version:       1.28.16
-Release:       2
+Version:       1.28.17
+Release:       1
 # For a breakdown of the licensing, see COPYING file
 # GPLv2:   filters: commandto*, imagetoraster, pdftops, rasterto*,
 #                   imagetopdf, pstopdf, texttopdf
@@ -24,11 +24,14 @@ Release:    2
 # MIT:     filters: gstoraster, pdftopdf, pdftoraster
 License:       GPL v2, GPL v2+, GPL v3, GPL v3+, LGPL v2+, MIT
 Group:         Applications/Printing
-Source0:       https://www.openprinting.org/download/cups-filters/%{name}-%{version}.tar.xz
-# Source0-md5: 24bed15110499fd652d65d6baab85ca6
+#Source0:      https://www.openprinting.org/download/cups-filters/%{name}-%{version}.tar.xz
+Source0:       https://github.com/OpenPrinting/cups-filters/releases/download/%{version}/%{name}-%{version}.tar.xz
+# Source0-md5: 74741eb5ba32331676f88be468259d1f
 Patch0:                %{name}-php.patch
 Patch1:                %{name}-php7.patch
 Patch2:                %{name}-php73.patch
+Patch3:                %{name}-1.28.17-c++17.patch
+Patch4:                %{name}-1.28.17-CVE-2023-24805.patch
 URL:           http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters
 BuildRequires: autoconf >= 2.65
 BuildRequires: automake >= 1:1.11
@@ -41,6 +44,7 @@ BuildRequires:        fonts-TTF-DejaVu
 BuildRequires: freetype-devel >= 2
 BuildRequires: gettext-tools >= 0.18.3
 # /usr/bin/gs, for features detection
+%{?with_php:BuildRequires:     %{php_name}-devel}
 BuildRequires: ghostscript
 BuildRequires: glib2-devel >= 1:2.30.2
 BuildRequires: lcms2-devel >= 2
@@ -53,7 +57,6 @@ BuildRequires:        libtiff-devel
 BuildRequires: libtool
 BuildRequires: openldap-devel
 %{?with_perl:BuildRequires:    perl-devel}
-%{?with_php:BuildRequires:     %{php_name}-devel}
 BuildRequires: pkgconfig >= 1:0.20
 BuildRequires: poppler-cpp-devel >= 0.19
 # /usr/bin/pdftops, for features detection
@@ -251,8 +254,11 @@ Moduł PHP do ogólnego systemu druku dla Uniksa.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
+export CXXFLAGS="%{rpmcxxflags} -std=c++17"
 %{__aclocal}
 %{__autoconf}
 %{__automake}