From 0439a9cb353de50132bedce195a97a57e4d2d487 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 22 Nov 2019 20:39:27 -0800 Subject: [PATCH 01/53] treewide: Replace bzero with memset bzero has been deprecated by POSIX 2008. It recommends the use of memset instead. --- backend/usb-darwin.c | 10 +++++----- scheduler/sysman.c | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/backend/usb-darwin.c b/backend/usb-darwin.c index 1c412da6f5..0d009f0ad9 100644 --- a/backend/usb-darwin.c +++ b/backend/usb-darwin.c @@ -1596,7 +1596,7 @@ static CFStringRef copy_printer_interface_deviceid(printer_interface_t printer, /* This request takes the 0 based configuration index. IOKit returns a 1 based configuration index */ configurationIndex -= 1; - bzero(&request, sizeof(request)); + memset(&request, 0, sizeof(request)); request.bmRequestType = USBmakebmRequestType(kUSBIn, kUSBClass, kUSBInterface); request.bRequest = kUSBPrintClassGetDeviceID; @@ -1638,7 +1638,7 @@ static CFStringRef copy_printer_interface_deviceid(printer_interface_t printer, IOUSBDevRequestTO request; IOUSBDeviceDescriptor desc; - bzero(&request, sizeof(request)); + memset(&request, 0, sizeof(request)); request.bmRequestType = USBmakebmRequestType( kUSBIn, kUSBStandard, kUSBDevice ); request.bRequest = kUSBRqGetDescriptor; @@ -1728,7 +1728,7 @@ static CFStringRef copy_printer_interface_indexed_description(printer_interface_ UInt8 description[256]; // Max possible descriptor length IOUSBDevRequestTO request; - bzero(description, 2); + memset(description, 0, 2); request.bmRequestType = USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice); request.bRequest = kUSBRqGetDescriptor; @@ -1742,7 +1742,7 @@ static CFStringRef copy_printer_interface_indexed_description(printer_interface_ err = (*printer)->ControlRequestTO(printer, 0, &request); if (err != kIOReturnSuccess && err != kIOReturnOverrun) { - bzero(description, request.wLength); + memset(description, 0, request.wLength); // Let's try again full length. Here's why: // On USB 2.0 controllers, we will not get an overrun error. We just get a "babble" error @@ -1775,7 +1775,7 @@ static CFStringRef copy_printer_interface_indexed_description(printer_interface_ request.wValue = (kUSBStringDesc << 8) | index; request.wIndex = language; - bzero(description, length); + memset(description, 0, length); request.wLength = (UInt16)length; request.pData = &description; request.completionTimeout = 0; diff --git a/scheduler/sysman.c b/scheduler/sysman.c index 56eb4e32a0..81e3ed43bf 100644 --- a/scheduler/sysman.c +++ b/scheduler/sysman.c @@ -425,7 +425,7 @@ sysEventThreadEntry(void) * Register for power state change notifications */ - bzero(&threadData, sizeof(threadData)); + memset(&threadData, 0, sizeof(threadData)); threadData.sysevent.powerKernelPort = IORegisterForSystemPower(&threadData, &powerNotifierPort, @@ -441,7 +441,7 @@ sysEventThreadEntry(void) * Register for system configuration change notifications */ - bzero(&storeContext, sizeof(storeContext)); + memset(&storeContext, 0, sizeof(storeContext)); storeContext.info = &threadData; store = SCDynamicStoreCreate(kCFAllocatorDefault, CFSTR("cupsd"), @@ -536,7 +536,7 @@ sysEventThreadEntry(void) * this later. */ - bzero(&timerContext, sizeof(timerContext)); + memset(&timerContext, 0, sizeof(timerContext)); timerContext.info = &threadData; threadData.timerRef = From 6918883fba4942931dc455b32545d6edf18dec5c Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Mon, 5 Apr 2021 15:09:07 -0400 Subject: [PATCH 02/53] Update Github repository to match macOS 11.2 CUPS sources (cups-494.1). --- CHANGES.md | 7 +- INSTALL.md | 2 +- README.md | 4 +- backend/usb-darwin.c | 55 +++++---------- backend/usb-libusb.c | 2 +- cgi-bin/var.c | 2 +- config-scripts/cups-compiler.m4 | 4 +- configure | 20 +++--- configure.ac | 4 +- cups/cups.h | 6 +- cups/cupspm.md | 4 +- cups/ipp.c | 11 +-- cups/ppd.c | 10 ++- doc/help/cupspm.html | 6 +- examples/testfile.txt | 120 ++++++++++++++++---------------- locale/cups.pot | 4 +- ppdc/ppdc-source.cxx | 2 +- scheduler/printers.c | 2 +- templates/Makefile | 2 - vcnet/config.h | 6 +- xcode/config.h | 6 +- 21 files changed, 137 insertions(+), 142 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index df7289268c..9e1b74c7e9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,11 @@ -CHANGES - 2.3.3 - 2020-04-24 +CHANGES - 2.3.4 - 2020-04-24 (IN PROGRESS) ============================ +Changes in CUPS v2.3.4 +---------------------- + +- CVE-20XX-YYYY: TODO rdar://61415567 embargo + Changes in CUPS v2.3.3 ---------------------- diff --git a/INSTALL.md b/INSTALL.md index 37cc94b6b0..a9482fb75c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,4 +1,4 @@ -INSTALL - CUPS v2.3.3 - 2020-04-24 +INSTALL - CUPS v2.3.4 - 2020-04-24 (IN PROGRESS) ================================== This file describes how to compile and install CUPS from source code. For more diff --git a/README.md b/README.md index 700213d787..375f8c340d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -README - CUPS v2.3.3 - 2020-04-24 +README - CUPS v2.3.4 - 2020-04-24 (IN PROGRESS) ================================= INTRODUCTION @@ -157,7 +157,7 @@ This will prevent the filters from misinterpreting your print file. LEGAL STUFF ----------- -Copyright © 2007-2019 by Apple Inc. +Copyright © 2007-2020 by Apple Inc. Copyright © 1997-2007 by Easy Software Products. CUPS is provided under the terms of the Apache License, Version 2.0 with diff --git a/backend/usb-darwin.c b/backend/usb-darwin.c index 0d009f0ad9..3f03630f01 100644 --- a/backend/usb-darwin.c +++ b/backend/usb-darwin.c @@ -288,11 +288,11 @@ static void status_timer_cb(CFRunLoopTimerRef timer, void *info); #define IS_64BIT 1 #define IS_NOT_64BIT 0 -#if defined(__i386__) || defined(__x86_64__) +#if defined(__arm64e__) static pid_t child_pid; /* Child PID */ -static void run_legacy_backend(int argc, char *argv[], int fd) _CUPS_NORETURN; /* Starts child backend process running as a ppc executable */ -#endif /* __i386__ || __x86_64__ */ -static void sigterm_handler(int sig); /* SIGTERM handler */ +static void run_legacy_backend(int argc, char *argv[], int fd) _CUPS_NORETURN; /* Starts child backend process running as a x86_64 executable */ +static void sigterm_handler(int sig); /* SIGTERM handler */ +#endif /* __arm64e__ */ static void sigquit_handler(int sig, siginfo_t *si, void *unused) _CUPS_NORETURN; #ifdef PARSE_PS_ERRORS @@ -436,18 +436,18 @@ print_device(const char *uri, /* I - Device URI */ status = registry_open(&driverBundlePath); -#if defined(__i386__) || defined(__x86_64__) +#if defined(__arm64e__) /* * If we were unable to load the class drivers for this printer it's - * probably because they're ppc or i386. In this case try to run this - * backend as i386 or ppc executables so we can use them... + * probably because they're x86_64 (or older). In this case try to run this + * backend as x86_64 so we can use them... */ if (status == -2) { run_legacy_backend(argc, argv, print_fd); /* Never returns here */ } -#endif /* __i386__ || __x86_64__ */ +#endif /* __arm64e__ */ if (status == -2) { @@ -2053,11 +2053,11 @@ static void setup_cfLanguage(void) } #pragma mark - -#if defined(__i386__) || defined(__x86_64__) +#if defined(__arm64e__) /*! * @function run_legacy_backend * - * @abstract Starts child backend process running as a ppc or i386 executable. + * @abstract Starts child backend process running as a x86_64 executable. * * @result Never returns; always calls exit(). * @@ -2076,18 +2076,14 @@ static void run_legacy_backend(int argc, /* - * If we're running as x86_64 or i386 and couldn't load the class driver - * (because it's ppc or i386), then try to re-exec ourselves in ppc or i386 - * mode to try again. If we don't have a ppc or i386 architecture we may be + * If we're running as ARM and couldn't load the class driver + * (because it's x86_64, i386 or ppc), then try to re-exec ourselves in x86_64 + * mode to try again. If we don't have that architecture we may be * running with the same architecture again so guard against this by setting * and testing an environment variable... */ -# ifdef __x86_64__ - usb_legacy_status = getenv("USB_I386_STATUS"); -# else - usb_legacy_status = getenv("USB_PPC_STATUS"); -# endif /* __x86_64__ */ + usb_legacy_status = getenv("USB_LEGACY_STATUS"); if (!usb_legacy_status) { @@ -2116,21 +2112,13 @@ static void run_legacy_backend(int argc, * Set the environment variable... */ -# ifdef __x86_64__ - setenv("USB_I386_STATUS", "1", false); -# else - setenv("USB_PPC_STATUS", "1", false); -# endif /* __x86_64__ */ + setenv("USB_LEGACY_STATUS", "1", false); /* * Tell the kernel to use the specified CPU architecture... */ -# ifdef __x86_64__ - cpu_type_t cpu = CPU_TYPE_I386; -# else - cpu_type_t cpu = CPU_TYPE_POWERPC; -# endif /* __x86_64__ */ + cpu_type_t cpu = CPU_TYPE_X86_64; size_t ocount = 1; posix_spawnattr_t attrs; @@ -2139,11 +2127,7 @@ static void run_legacy_backend(int argc, posix_spawnattr_setsigdefault(&attrs, &oldmask); if (posix_spawnattr_setbinpref_np(&attrs, 1, &cpu, &ocount) || ocount != 1) { -# ifdef __x86_64__ - perror("DEBUG: Unable to set binary preference to i386"); -# else - perror("DEBUG: Unable to set binary preference to ppc"); -# endif /* __x86_64__ */ + perror("DEBUG: Unable to set binary preference to X86_64"); _cupsLangPrintFilter(stderr, "ERROR", _("Unable to use legacy USB class driver.")); exit(CUPS_BACKEND_STOP); @@ -2217,8 +2201,6 @@ static void run_legacy_backend(int argc, exit(exitstatus); } -#endif /* __i386__ || __x86_64__ */ - /* * 'sigterm_handler()' - SIGTERM handler. @@ -2227,7 +2209,6 @@ static void run_legacy_backend(int argc, static void sigterm_handler(int sig) /* I - Signal */ { -#if defined(__i386__) || defined(__x86_64__) /* * If we started a child process pass the signal on to it... */ @@ -2253,8 +2234,8 @@ sigterm_handler(int sig) /* I - Signal */ _exit(CUPS_BACKEND_STOP); } } -#endif /* __i386__ || __x86_64__ */ } +#endif /* __arm64e__ */ /* diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c index 393fe65eee..d7c7623929 100644 --- a/backend/usb-libusb.c +++ b/backend/usb-libusb.c @@ -1,7 +1,7 @@ /* * LIBUSB interface code for CUPS. * - * Copyright 2007-2019 by Apple Inc. + * Copyright 2007-2020 by Apple Inc. * * Licensed under Apache License v2.0. See the file "LICENSE" for more * information. diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 349a218453..e8fc9cec87 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -1,7 +1,7 @@ /* * CGI form variable and array functions for CUPS. * - * Copyright © 2007-2019 by Apple Inc. + * Copyright © 2007-2020 by Apple Inc. * Copyright © 1997-2005 by Easy Software Products. * * Licensed under Apache License v2.0. See the file "LICENSE" for more diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4 index 86e8bc4887..2b619977cd 100644 --- a/config-scripts/cups-compiler.m4 +++ b/config-scripts/cups-compiler.m4 @@ -1,7 +1,7 @@ dnl dnl Compiler stuff for CUPS. dnl -dnl Copyright 2007-2018 by Apple Inc. +dnl Copyright 2007-2020 by Apple Inc. dnl Copyright 1997-2007 by Easy Software Products, all rights reserved. dnl dnl Licensed under Apache License v2.0. See the file "LICENSE" for more information. @@ -175,7 +175,7 @@ if test -n "$GCC"; then # doesn't trigger... gccversion=`$CC --version | head -1 | awk '{print $NF}'` case "$gccversion" in - 7.* | 8.*) + 7.* | 8.* | 9.*) WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-tautological-compare" ;; esac diff --git a/configure b/configure index 7a7a12f890..2958d78df0 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for CUPS 2.3.3. +# Generated by GNU Autoconf 2.69 for CUPS 2.3.4. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='CUPS' PACKAGE_TARNAME='cups' -PACKAGE_VERSION='2.3.3' -PACKAGE_STRING='CUPS 2.3.3' +PACKAGE_VERSION='2.3.4' +PACKAGE_STRING='CUPS 2.3.4' PACKAGE_BUGREPORT='https://github.com/apple/cups/issues' PACKAGE_URL='https://www.cups.org/' @@ -1467,7 +1467,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures CUPS 2.3.3 to adapt to many kinds of systems. +\`configure' configures CUPS 2.3.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1532,7 +1532,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of CUPS 2.3.3:";; + short | recursive ) echo "Configuration of CUPS 2.3.4:";; esac cat <<\_ACEOF @@ -1713,7 +1713,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -CUPS configure 2.3.3 +CUPS configure 2.3.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2177,7 +2177,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by CUPS $as_me 2.3.3, which was +It was created by CUPS $as_me 2.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2694,7 +2694,7 @@ done ac_config_headers="$ac_config_headers config.h" -CUPS_VERSION="2.3.3" +CUPS_VERSION="2.3.4" CUPS_REVISION="" CUPS_BUILD="cups-$CUPS_VERSION" @@ -10385,7 +10385,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by CUPS $as_me 2.3.3, which was +This file was extended by CUPS $as_me 2.3.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10448,7 +10448,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -CUPS config.status 2.3.3 +CUPS config.status 2.3.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index dbf3bda385..ae842ff7e5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ dnl dnl Configuration script for CUPS. dnl -dnl Copyright © 2007-2019 by Apple Inc. +dnl Copyright © 2007-2020 by Apple Inc. dnl Copyright © 1997-2007 by Easy Software Products, all rights reserved. dnl dnl Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -12,7 +12,7 @@ dnl We need at least autoconf 2.60... AC_PREREQ(2.60) dnl Package name and version... -AC_INIT([CUPS], [2.3.3], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/]) +AC_INIT([CUPS], [2.3.4], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/]) sinclude(config-scripts/cups-opsys.m4) sinclude(config-scripts/cups-common.m4) diff --git a/cups/cups.h b/cups/cups.h index 74955ebd6f..3793dfbe8e 100644 --- a/cups/cups.h +++ b/cups/cups.h @@ -1,7 +1,7 @@ /* * API definitions for CUPS. * - * Copyright © 2007-2019 by Apple Inc. + * Copyright © 2007-2020 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -42,10 +42,10 @@ extern "C" { * Constants... */ -# define CUPS_VERSION 2.0303 +# define CUPS_VERSION 2.0304 # define CUPS_VERSION_MAJOR 2 # define CUPS_VERSION_MINOR 3 -# define CUPS_VERSION_PATCH 3 +# define CUPS_VERSION_PATCH 4 # define CUPS_BC_FD 3 /* Back-channel file descriptor for diff --git a/cups/cupspm.md b/cups/cupspm.md index b6e09baa97..f271c89d36 100644 --- a/cups/cupspm.md +++ b/cups/cupspm.md @@ -1,8 +1,8 @@ --- title: CUPS Programming Manual author: Michael R Sweet -copyright: Copyright © 2007-2019 by Apple Inc. All Rights Reserved. -version: 2.3.3 +copyright: Copyright © 2007-2020 by Apple Inc. All Rights Reserved. +version: 2.3.4 ... > Please [file issues on Github](https://github.com/apple/cups/issues) to diff --git a/cups/ipp.c b/cups/ipp.c index 3d529346c2..f19747d619 100644 --- a/cups/ipp.c +++ b/cups/ipp.c @@ -1,7 +1,7 @@ /* * Internet Printing Protocol functions for CUPS. * - * Copyright © 2007-2019 by Apple Inc. + * Copyright © 2007-2020 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */ unsigned char *buffer, /* Data buffer */ string[IPP_MAX_TEXT], /* Small string buffer */ - *bufptr; /* Pointer into buffer */ + *bufptr, /* Pointer into buffer */ + *bufptrEnd; /* Pointer after valid buffer range */ ipp_attribute_t *attr; /* Current attribute */ ipp_tag_t tag; /* Current tag */ ipp_tag_t value_tag; /* Current value tag */ @@ -3441,6 +3442,8 @@ ippReadIO(void *src, /* I - Data source */ } bufptr = buffer; + bufptrEnd = &buffer[n]; + /* * text-with-language and name-with-language are composite @@ -3454,7 +3457,7 @@ ippReadIO(void *src, /* I - Data source */ n = (bufptr[0] << 8) | bufptr[1]; - if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string)) + if ((bufptr + 2 + n) > bufptrEnd || n >= (int)sizeof(string)) { _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP language length overflows value."), 1); @@ -3481,7 +3484,7 @@ ippReadIO(void *src, /* I - Data source */ bufptr += 2 + n; n = (bufptr[0] << 8) | bufptr[1]; - if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) + if ((bufptr + 2 + n) > bufptrEnd) { _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("IPP string length overflows value."), 1); diff --git a/cups/ppd.c b/cups/ppd.c index 199cf03484..cf84833a45 100644 --- a/cups/ppd.c +++ b/cups/ppd.c @@ -2335,8 +2335,16 @@ ppd_add_attr(ppd_file_t *ppd, /* I - PPD file data */ * Copy data over... */ + if (!_cups_strcasecmp(spec, "custom") || !_cups_strncasecmp(spec, "custom.", 7)) + { + temp->spec[0] = '_'; + strlcpy(temp->spec + 1, spec, sizeof(temp->spec) - 1); + } + else { + strlcpy(temp->spec, spec, sizeof(temp->spec)); + } + strlcpy(temp->name, name, sizeof(temp->name)); - strlcpy(temp->spec, spec, sizeof(temp->spec)); strlcpy(temp->text, text, sizeof(temp->text)); temp->value = (char *)value; diff --git a/doc/help/cupspm.html b/doc/help/cupspm.html index fbe4f6d88c..e9a80d9c3f 100644 --- a/doc/help/cupspm.html +++ b/doc/help/cupspm.html @@ -7,8 +7,8 @@ - - + +