From: steve algernon <salgernon@eapple.com>
Date: Fri, 24 Apr 2020 20:37:30 +0000 (-0700)
Subject: Update version to 2.3.3 for:
X-Git-Tag: v2.3.3^0
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fcups.git;a=commitdiff_plain;h=82e3ee0e3230287b76a76fb8f16b92ca6e50b444

Update version to 2.3.3 for:

CVE-2020-3898 - cups/ppd.c, ppdc/ppdc-source.cxx
CVE-2019-8842 - cups/ipp.c: ippReadIO

And build issues due to warnings.
---

diff --git a/CHANGES.md b/CHANGES.md
index 6af792b82..df7289268 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,15 @@
-CHANGES - 2.3.2 - 2019-12-18
+CHANGES - 2.3.3 - 2020-04-24
 ============================
 
+Changes in CUPS v2.3.3
+----------------------
+
+- CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+  constraint.  `ppdcSource::get_resolution` function did not handle
+  invalid resolution strings.
+- CVE-2019-8842: The `ippReadIO` function may under-read an extension
+  field.
+- Fixed WARNING_OPTIONS support for GCC 9.x
 
 Changes in CUPS v2.3.2
 ----------------------
diff --git a/INSTALL.md b/INSTALL.md
index f8801347a..37cc94b6b 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1,4 +1,4 @@
-INSTALL - CUPS v2.3.1 - 2019-12-13
+INSTALL - CUPS v2.3.3 - 2020-04-24
 ==================================
 
 This file describes how to compile and install CUPS from source code. For more
diff --git a/README.md b/README.md
index 6e15a93e7..700213d78 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-README - CUPS v2.3.1 - 2019-12-13
+README - CUPS v2.3.3 - 2020-04-24
 =================================
 
 INTRODUCTION
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
index 63ea1f470..86e8bc488 100644
--- a/config-scripts/cups-compiler.m4
+++ b/config-scripts/cups-compiler.m4
@@ -175,10 +175,8 @@ if test -n "$GCC"; then
 	# doesn't trigger...
 	gccversion=`$CC --version | head -1 | awk '{print $NF}'`
 	case "$gccversion" in
-		1.* | 2.* | 3.* | 4.* | 5.* | 6.* | \(clang-*)
-			;;
-		*)
-			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-format-overflow -Wno-tautological-compare"
+		7.* | 8.*)
+			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-tautological-compare"
 			;;
 	esac
 
diff --git a/configure b/configure
index e06b17f59..7a7a12f89 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for CUPS 2.3.2.
+# Generated by GNU Autoconf 2.69 for CUPS 2.3.3.
 #
 # Report bugs to <https://github.com/apple/cups/issues>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='CUPS'
 PACKAGE_TARNAME='cups'
-PACKAGE_VERSION='2.3.2'
-PACKAGE_STRING='CUPS 2.3.2'
+PACKAGE_VERSION='2.3.3'
+PACKAGE_STRING='CUPS 2.3.3'
 PACKAGE_BUGREPORT='https://github.com/apple/cups/issues'
 PACKAGE_URL='https://www.cups.org/'
 
@@ -1467,7 +1467,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures CUPS 2.3.2 to adapt to many kinds of systems.
+\`configure' configures CUPS 2.3.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1532,7 +1532,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of CUPS 2.3.2:";;
+     short | recursive ) echo "Configuration of CUPS 2.3.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1713,7 +1713,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-CUPS configure 2.3.2
+CUPS configure 2.3.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2177,7 +2177,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by CUPS $as_me 2.3.2, which was
+It was created by CUPS $as_me 2.3.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2694,7 +2694,7 @@ done
 ac_config_headers="$ac_config_headers config.h"
 
 
-CUPS_VERSION="2.3.2"
+CUPS_VERSION="2.3.3"
 CUPS_REVISION=""
 CUPS_BUILD="cups-$CUPS_VERSION"
 
@@ -6911,9 +6911,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 	# doesn't trigger...
 	gccversion=`$CC --version | head -1 | awk '{print $NF}'`
 	case "$gccversion" in
-		1.* | 2.* | 3.* | 4.* | 5.* | 6.* | \(clang-*)
-			;;
-		*)
+		7.* | 8.* | 9.*)
 			WARNING_OPTIONS="$WARNING_OPTIONS -Wno-format-truncation -Wno-format-overflow -Wno-tautological-compare"
 			;;
 	esac
@@ -10387,7 +10385,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by CUPS $as_me 2.3.2, which was
+This file was extended by CUPS $as_me 2.3.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -10450,7 +10448,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-CUPS config.status 2.3.2
+CUPS config.status 2.3.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index eff353b7e..dbf3bda38 100644
--- a/configure.ac
+++ b/configure.ac
@@ -12,7 +12,7 @@ dnl We need at least autoconf 2.60...
 AC_PREREQ(2.60)
 
 dnl Package name and version...
-AC_INIT([CUPS], [2.3.2], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])
+AC_INIT([CUPS], [2.3.3], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])
 
 sinclude(config-scripts/cups-opsys.m4)
 sinclude(config-scripts/cups-common.m4)
diff --git a/cups/cups.h b/cups/cups.h
index 6d48141e5..74955ebd6 100644
--- a/cups/cups.h
+++ b/cups/cups.h
@@ -42,10 +42,10 @@ extern "C" {
  * Constants...
  */
 
-#  define CUPS_VERSION			2.0302
+#  define CUPS_VERSION			2.0303
 #  define CUPS_VERSION_MAJOR		2
 #  define CUPS_VERSION_MINOR		3
-#  define CUPS_VERSION_PATCH		2
+#  define CUPS_VERSION_PATCH		3
 
 #  define CUPS_BC_FD			3
 					/* Back-channel file descriptor for
diff --git a/cups/cupspm.md b/cups/cupspm.md
index d4d6d7c55..b6e09baa9 100644
--- a/cups/cupspm.md
+++ b/cups/cupspm.md
@@ -2,7 +2,7 @@
 title: CUPS Programming Manual
 author: Michael R Sweet
 copyright: Copyright © 2007-2019 by Apple Inc. All Rights Reserved.
-version: 2.3.1
+version: 2.3.3
 ...
 
 > Please [file issues on Github](https://github.com/apple/cups/issues) to
diff --git a/cups/ipp.c b/cups/ipp.c
index 1595b8b61..3d529346c 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2956,7 +2956,7 @@ ippReadIO(void       *src,		/* I - Data source */
             * Read 32-bit "extension" tag...
             */
 
-	    if ((*cb)(src, buffer, 4) < 1)
+	    if ((*cb)(src, buffer, 4) < 4)
 	    {
 	      DEBUG_puts("1ippReadIO: Callback returned EOF/error");
 	      _cupsBufferRelease((char *)buffer);
diff --git a/cups/ppd.c b/cups/ppd.c
index ff52df2e1..199cf0348 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1719,8 +1719,7 @@ _ppdOpen(
                      constraint->choice1, constraint->option2,
 		     constraint->choice2))
       {
-        case 0 : /* Error */
-	case 1 : /* Error */
+        default : /* Error */
 	    pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
 	    goto error;
 
diff --git a/doc/help/cupspm.html b/doc/help/cupspm.html
index 9b48cde34..fbe4f6d88 100644
--- a/doc/help/cupspm.html
+++ b/doc/help/cupspm.html
@@ -8,7 +8,7 @@
     <meta name="creator" content="codedoc v3.1">
     <meta name="author" content="Michael R Sweet">
     <meta name="copyright" content="Copyright &#xa9; 2007-2019 by Apple Inc. All Rights Reserved.">
-    <meta name="version" content="2.3.1">
+    <meta name="version" content="2.3.3">
     <style type="text/css"><!--
 body, p, h1, h2, h3, h4 {
   font-family: sans-serif;
diff --git a/locale/cups.pot b/locale/cups.pot
index ebe0ba3ee..679d18560 100644
--- a/locale/cups.pot
+++ b/locale/cups.pot
@@ -23,7 +23,7 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: CUPS 2.3.1\n"
+"Project-Id-Version: CUPS 2.3.3\n"
 "Report-Msgid-Bugs-To: https://github.com/apple/cups/issues\n"
 "POT-Creation-Date: 2019-12-18 20:19-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index c25d49668..b28c4724f 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
 
   switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
   {
-    case 0 :
-        _cupsLangPrintf(stderr,
-	                _("ppdc: Bad resolution name \"%s\" on line %d of "
-			  "%s."), name, fp->line, fp->filename);
-        break;
     case 1 :
         ydpi = xdpi;
-	break;
-  }
+        break;
+    case 2 :
+        break;
+    default :
+        _cupsLangPrintf(stderr,
+                  _("ppdc: Bad resolution name \"%s\" on line %d of "
+        "%s."), name, fp->line, fp->filename);
+        break;
+}
 
   // Create the necessary PS commands...
   snprintf(command, sizeof(command),
diff --git a/scheduler/printers.c b/scheduler/printers.c
index 80690397d..e341bdb00 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -446,7 +446,7 @@ cupsdCreateCommonData(void)
 
   /* cups-version */
   ippAddString(CommonData, IPP_TAG_PRINTER, IPP_TAG_TEXT | IPP_TAG_COPY,
-               "cups-version", NULL, CUPS_SVERSION + 6);
+               "cups-version", NULL, &CUPS_SVERSION[6]);
 
   /* generated-natural-language-supported (no IPP_TAG_COPY) */
   ippAddString(CommonData, IPP_TAG_PRINTER, IPP_TAG_LANGUAGE,
diff --git a/vcnet/config.h b/vcnet/config.h
index 6c87f98b5..76fc7fd5f 100644
--- a/vcnet/config.h
+++ b/vcnet/config.h
@@ -97,8 +97,8 @@ typedef unsigned long useconds_t;
  * Version of software...
  */
 
-#define CUPS_SVERSION "CUPS v2.3.2"
-#define CUPS_MINIMAL "CUPS/2.3.2"
+#define CUPS_SVERSION "CUPS v2.3.3"
+#define CUPS_MINIMAL "CUPS/2.3.3"
 
 
 /*
diff --git a/xcode/config.h b/xcode/config.h
index 782a62ff8..5953431a3 100644
--- a/xcode/config.h
+++ b/xcode/config.h
@@ -18,8 +18,8 @@
  * Version of software...
  */
 
-#define CUPS_SVERSION "CUPS v2.3.2"
-#define CUPS_MINIMAL "CUPS/2.3.2"
+#define CUPS_SVERSION "CUPS v2.3.3"
+#define CUPS_MINIMAL "CUPS/2.3.3"
 
 
 /*