Comment 40 for bug 2003259

I reviewed libcupsfilters 2.0~b4-0ubuntu5 as checked into lunar. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.

libcupsfilters contains backends, filters, and other software that was
once part of the core CUPS distribution. It contains more filters and software
developed once Apple stopped maintaining this library. For compiling and using
this package CUPS (2.2.2 or newer), libcupsfilters 2.x, and libppd are needed.

- CVE History:
  - No history of CVE found
- Build-Depends?
  - avahi, ghostscript, cups, dbus, glib2.0, pkgconfig, qpdf, tiff, poppler,
    zlib, exif
- pre/post inst/rm scripts?
  - NA
- init scripts?
  - NA
- systemd units?
  - NA
- dbus services?
  - NA
- setuid binaries?
  - NA
- binaries in PATH?
  - libcupsfilters-tests_2.0~b4-0ubuntu5_amd64.deb:
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/test-analyze
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/test-pdf
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/test-ps
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/test1284
    -rwxr-xr-x root/root 18752 2023-02-24 13:43 ./usr/bin/testcmyk
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/testdither
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/testimage
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/testpdf1
    -rwxr-xr-x root/root 14656 2023-02-24 13:43 ./usr/bin/testpdf2
    -rwxr-xr-x root/root 14728 2023-02-24 13:43 ./usr/bin/testrgb
- sudo fragments?
  - NA
- polkit files?
  - NA
- udev rules?
  - NA
- unit tests / autopkgtests?
  - All the unit tests are resides in ./cupsfilters/test\*.c files.
    Also, drive test is defined in ./test-driver script. These test cases are
    included in autopkgtests and it is working as expected.
- cron jobs?
  - NA
- Build logs:
  - Lintian throws the following Warningsi and Errors
    E: libcupsfilters source: missing-build-dependency-for-dh-addon pkgkde_symbolshelper (does not satisfy pkg-kde-tools:any) [debian/rules]
    W: libcupsfilters source: build-depends-on-obsolete-package Build-Depends: libfontconfig1-dev => libfontconfig-dev
    W: libcupsfilters source: dependency-is-not-multi-archified libcupsfilters2 depends on libcupsfilters2-common (multi-arch: no)
    W: libcupsfilters-tests: no-manual-page [usr/bin/test-analyze]
    W: libcupsfilters-tests: no-manual-page [usr/bin/test-pdf]
    W: libcupsfilters-tests: no-manual-page [usr/bin/test-ps]
    W: libcupsfilters-tests: no-manual-page [usr/bin/test1284]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testcmyk]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testdither]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testimage]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testpdf1]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testpdf2]
    W: libcupsfilters-tests: no-manual-page [usr/bin/testrgb]
    W: libcupsfilters2: symbols-file-contains-debian-revision on symbol Floyd16x16@Base and 388 others (libcupsfilters.so.2) [symbols]
    W: libcupsfilters2: wrong-name-for-upstream-changelog [usr/share/doc/libcupsfilters2/CHANGES.md.gz]

    E: Lintian run failed (runtime error)
  - This seems ok

- Processes spawned?
  - ./cupsfilters/ghostscript.c, ./cupsfilters/ipp.c, and
    ./cupsfilters/filter.c files tries to use execvpe(), execvp() and execve()
    functions to parse the command line arguments.
  - This seems ok
- Memory management?
  - There are many memory calls like malloc(), calloc(), memcpy(), memmove()
    etc. These calls are being checked, strcpy and sprintf seems fine
  - some coverity reports on memory management will be forwarded to upstream,
    nothing concerning.
- File IO?
  - file descriptior being open and close by ./cupsfilters/texttotext.c,
    ./cupsfilters/fontembed/sfnt.c, ./cupsfilters/bannertopdf.c,
    ./cupsfilters/pdftopdf/pdftopdf.cxx, ./cupsfilters/ipp.c,
    ./cupsfilters/imagetopdf.c, ./cupsfilters/filter.c files, but all looks
    good.
- Logging?
  - All good
- Environment variable usage?
  - It cant be abused. They're all fix size here
- Use of privileged functions?
  - ./cupsfilters/ieee1284.c uses ioctl() to get the 1284 device ID which seems
    fine
- Use of cryptography / random number sources etc?
  - NA
- Use of temp files?
  - just to create pwg file temporary, ./cupsfilters/mupdftopwg.c file uses these
    ./cupsfilters/mupdftopwg.c:33:#define CUPS_IPTEMPFILE "/tmp/ip-XXXXXX"
    ./cupsfilters/mupdftopwg.c:34:#define CUPS_OPTEMPFILE "/tmp/op-XXXXXX"
- Use of networking?
  - uses http to connect to CUPS, seems fine.
- Use of WebKit?
  - NA
- Use of PolicyKit?
  - NA

- Any significant cppcheck results?
  - Few realloc memory free issue, sent it to upstream for their attention
- Any significant Coverity results?
  - Some null pointer dereference issue, untrusted loop bound, Uninitialized
    pointer read and possible Out-of-bounds access issue, worth to check. It
    will be send to upstream for their attention.
- Any significant shellcheck results?
  - No
- Any significant bandit results?
  - No

libcupsfilter containing common code for print data conversion filters,
printer drivers, printer model identification and distinction, PDF file
manipulation, PDF font embedding, color space conversion etc. The new
"cups-filters" and "cups-filters-core-drivers" depend on "libcupsfilters2"
and "libppd2" providing the common functionality they need

All the internal functionality of the filters which formerly was in
the individual filter executables cups-filters has moved into libcupsfilters

Security team ACK for promoting libcupsfilters to main