Update version to 2.3.3 for:

CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx CVE-2019-8842 - cups/ipp.c: ippReadIO And build issues due to warnings.
2020-04-24 13:37:30 -07:00
commit 82e3ee0e32
@@ -1,6 +1,15 @@
-CHANGES - 2.3.2 - 2019-12-18
+CHANGES - 2.3.3 - 2020-04-24
 ============================

+Changes in CUPS v2.3.3
+----------------------
+
+- CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+  constraint.  `ppdcSource::get_resolution` function did not handle
+  invalid resolution strings.
+- CVE-2019-8842: The `ippReadIO` function may under-read an extension
+  field.
+- Fixed WARNING_OPTIONS support for GCC 9.x

 Changes in CUPS v2.3.2
 ----------------------
@@ -1,4 +1,4 @@
-INSTALL - CUPS v2.3.1 - 2019-12-13
+INSTALL - CUPS v2.3.3 - 2020-04-24
 ==================================

 This file describes how to compile and install CUPS from source code. For more
@@ -1,4 +1,4 @@
-README - CUPS v2.3.1 - 2019-12-13
+README - CUPS v2.3.3 - 2020-04-24
 =================================

 INTRODUCTION
@@ -175,10 +175,8 @@ if test -n "$GCC"; then
 	# doesn't trigger...
 	gccversion=`$CC --version | head -1 | awk '{print $NF}'`
 	case "$gccversion" in
-		1.* | 2.* | 3.* | 4.* | 5.* | 6.* | \(clang-*)
-			;;
-		*)
-			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-format-overflow -Wno-tautological-compare"
+		7.* | 8.*)
+			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-tautological-compare"
 			;;
 	esac

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for CUPS 2.3.2.
+# Generated by GNU Autoconf 2.69 for CUPS 2.3.3.
 #
 # Report bugs to <https://github.com/apple/cups/issues>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='CUPS'
 PACKAGE_TARNAME='cups'
-PACKAGE_VERSION='2.3.2'
-PACKAGE_STRING='CUPS 2.3.2'
+PACKAGE_VERSION='2.3.3'
+PACKAGE_STRING='CUPS 2.3.3'
 PACKAGE_BUGREPORT='https://github.com/apple/cups/issues'
 PACKAGE_URL='https://www.cups.org/'

@@ -1467,7 +1467,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures CUPS 2.3.2 to adapt to many kinds of systems.
+\`configure' configures CUPS 2.3.3 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@@ -1532,7 +1532,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of CUPS 2.3.2:";;
+     short | recursive ) echo "Configuration of CUPS 2.3.3:";;
   esac
  cat <<\_ACEOF

@@ -1713,7 +1713,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-CUPS configure 2.3.2
+CUPS configure 2.3.3
 generated by GNU Autoconf 2.69

 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2177,7 +2177,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by CUPS $as_me 2.3.2, which was
+It was created by CUPS $as_me 2.3.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@
@@ -2694,7 +2694,7 @@ done
 ac_config_headers="$ac_config_headers config.h"


-CUPS_VERSION="2.3.2"
+CUPS_VERSION="2.3.3"
 CUPS_REVISION=""
 CUPS_BUILD="cups-$CUPS_VERSION"

@@ -6911,9 +6911,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 	# doesn't trigger...
 	gccversion=`$CC --version | head -1 | awk '{print $NF}'`
 	case "$gccversion" in
-		1.* | 2.* | 3.* | 4.* | 5.* | 6.* | \(clang-*)
-			;;
-		*)
+		7.* | 8.* | 9.*)
 			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-format-overflow -Wno-tautological-compare"
 			;;
 	esac
@@ -10387,7 +10385,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by CUPS $as_me 2.3.2, which was
+This file was extended by CUPS $as_me 2.3.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@@ -10450,7 +10448,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-CUPS config.status 2.3.2
+CUPS config.status 2.3.3
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

@@ -12,7 +12,7 @@ dnl We need at least autoconf 2.60...
 AC_PREREQ(2.60)

 dnl Package name and version...
-AC_INIT([CUPS], [2.3.2], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])
+AC_INIT([CUPS], [2.3.3], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])

 sinclude(config-scripts/cups-opsys.m4)
 sinclude(config-scripts/cups-common.m4)
@@ -42,10 +42,10 @@ extern "C" {
 * Constants...
 */

-#  define CUPS_VERSION			2.0302
+#  define CUPS_VERSION			2.0303
 #  define CUPS_VERSION_MAJOR		2
 #  define CUPS_VERSION_MINOR		3
-#  define CUPS_VERSION_PATCH		2
+#  define CUPS_VERSION_PATCH		3

 #  define CUPS_BC_FD			3
 					/* Back-channel file descriptor for
@@ -2,7 +2,7 @@
 title: CUPS Programming Manual
 author: Michael R Sweet
 copyright: Copyright © 2007-2019 by Apple Inc. All Rights Reserved.
-version: 2.3.1
+version: 2.3.3
 ...

 > Please [file issues on Github](https://github.com/apple/cups/issues) to
@@ -2956,7 +2956,7 @@ ippReadIO(void       *src,		/* I - Data source */
            * Read 32-bit "extension" tag...
            */

-	    if ((*cb)(src, buffer, 4) < 1)
+	    if ((*cb)(src, buffer, 4) < 4)
 	    {
 	      DEBUG_puts("1ippReadIO: Callback returned EOF/error");
 	      _cupsBufferRelease((char *)buffer);
@@ -1719,8 +1719,7 @@ _ppdOpen(
                     constraint->choice1, constraint->option2,
 		     constraint->choice2))
      {
-        case 0 : /* Error */
-	case 1 : /* Error */
+        default : /* Error */
 	    pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
 	    goto error;

@@ -8,7 +8,7 @@
    <meta name="creator" content="codedoc v3.1">
    <meta name="author" content="Michael R Sweet">
    <meta name="copyright" content="Copyright &#xa9; 2007-2019 by Apple Inc. All Rights Reserved.">
-    <meta name="version" content="2.3.1">
+    <meta name="version" content="2.3.3">
    <style type="text/css"><!--
 body, p, h1, h2, h3, h4 {
  font-family: sans-serif;
@@ -23,7 +23,7 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: CUPS 2.3.1\n"
+"Project-Id-Version: CUPS 2.3.3\n"
 "Report-Msgid-Bugs-To: https://github.com/apple/cups/issues\n"
 "POT-Creation-Date: 2019-12-18 20:19-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read

  switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
  {
-    case 0 :
-        _cupsLangPrintf(stderr,
-	                _("ppdc: Bad resolution name \"%s\" on line %d of "
-			  "%s."), name, fp->line, fp->filename);
-        break;
    case 1 :
        ydpi = xdpi;
-	break;
-  }
+        break;
+    case 2 :
+        break;
+    default :
+        _cupsLangPrintf(stderr,
+                  _("ppdc: Bad resolution name \"%s\" on line %d of "
+        "%s."), name, fp->line, fp->filename);
+        break;
+}

  // Create the necessary PS commands...
  snprintf(command, sizeof(command),
@@ -446,7 +446,7 @@ cupsdCreateCommonData(void)

  /* cups-version */
  ippAddString(CommonData, IPP_TAG_PRINTER, IPP_TAG_TEXT | IPP_TAG_COPY,
-               "cups-version", NULL, CUPS_SVERSION + 6);
+               "cups-version", NULL, &CUPS_SVERSION[6]);

  /* generated-natural-language-supported (no IPP_TAG_COPY) */
  ippAddString(CommonData, IPP_TAG_PRINTER, IPP_TAG_LANGUAGE,
@@ -97,8 +97,8 @@ typedef unsigned long useconds_t;
 * Version of software...
 */

-#define CUPS_SVERSION "CUPS v2.3.2"
-#define CUPS_MINIMAL "CUPS/2.3.2"
+#define CUPS_SVERSION "CUPS v2.3.3"
+#define CUPS_MINIMAL "CUPS/2.3.3"


 /*
@@ -18,8 +18,8 @@
 * Version of software...
 */

-#define CUPS_SVERSION "CUPS v2.3.2"
-#define CUPS_MINIMAL "CUPS/2.3.2"
+#define CUPS_SVERSION "CUPS v2.3.3"
+#define CUPS_MINIMAL "CUPS/2.3.3"


 /*