cups-filters 2.0rc2 Release

OpenPrinting · Jun 20, 2023 · fe184fd · fe184fd
1 parent 8f27403
commit fe184fd
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 4 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,4 +1,45 @@
-# CHANGES - OpenPrinting CUPS Filters v2.0rc1 - 2023-04-12
+# CHANGES - OpenPrinting CUPS Filters v2.0rc2 - 2023-06-20
+
+## CHANGES IN V2.0rc2 (20th June 2023)
+
+- beh backend: Use `execv()` instead of `system()` - CVE-2023-24805
+  With `execv()` command line arguments are passed as separate strings
+  and not the full command line in a single string. This prevents
+  arbitrary command execution by escaping the quoting of the arguments
+  in a job with forged job title.
+
+- beh backend: Extra checks against odd/forged input - CVE-2023-24805
+
+  * Do not allow `/` in the scheme of the URI (= backend executable
+    name), to assure that only backends inside
+    `/usr/lib/cups/backend/` are used.
+
+  * Pre-define scheme buffer to empty string, to be defined for case
+    of URI being NULL.
+
+  * URI must have `:`, to split off scheme, otherwise error.
+
+  * Check return value of `snprintf()` to create call path for
+    backend, to error out on truncation of a too long scheme or on
+    complete failure due to a completely odd scheme.
+
+- beh backend: Further improvements - CVE-2023-24805
+
+  * Use `strncat()` instead of `strncpy()` for getting scheme from
+    URI, the latter does not require setting terminating zero byte in
+    case of truncation.
+
+  * Also exclude `.` or `..` as scheme, as directories are not valid
+    CUPS backends.
+
+  * Do not use `fprintf()` in `sigterm_handler()`, to not interfere
+    with a `fprintf()` which could be running in the main process when
+    `sigterm_handler()` is triggered.
+
+  * Use `static volatile int` for global variable job_canceled.
+
+- `parallel` backend: Added missing `#include` lines
+
 
 ## CHANGES IN V2.0rc1 (12th April 2023)
 

diff --git a/INSTALL b/INSTALL
@@ -1,4 +1,4 @@
-INSTALL - OpenPrinting CUPS Filters v2.0rc1 - 2023-04-12
+INSTALL - OpenPrinting CUPS Filters v2.0rc2 - 2023-06-20
 --------------------------------------------------------
 
 This file describes how to compile and install OpenPrinting CUPS

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# OpenPrinting CUPS Filters v2.0rc1 - 2023-04-12
+# OpenPrinting CUPS Filters v2.0rc2 - 2023-06-20
 
 Looking for compile instructions?  Read the file "INSTALL"
 instead...

diff --git a/configure.ac b/configure.ac
@@ -5,7 +5,7 @@ AC_PREREQ([2.65])
 # ====================
 # Version informations
 # ====================
-AC_INIT([cups-filters], [2.0rc1], [https://github.com/OpenPrinting/cups-filters/issues], [cups-filters], [https://github.com/OpenPrinting/cups-filters/])
+AC_INIT([cups-filters], [2.0rc2], [https://github.com/OpenPrinting/cups-filters/issues], [cups-filters], [https://github.com/OpenPrinting/cups-filters/])
 cups_filters_version="AC_PACKAGE_VERSION"
 cups_filters_version_major="`echo AC_PACKAGE_VERSION | awk -F. '{print $1}'`"
 cups_filters_version_major="`echo AC_PACKAGE_VERSION | awk -F. '{printf("%d\n",$2);}'`"