Description of problem: The /usr/sbin/cupsd daemon crashes on startup with a segmentation violation in a CUPS-internal function, cups_strcasecmp(). Version-Release number of selected component (if applicable): 2.3.3op-1.fc32 How reproducible: 100% Steps to Reproduce: 1. Use DNF to upgrade from 2.3.3-18.fc32 to 2.2.3op1-1.fc32 (the version currently in the Fedora 32 upgrades repo) 2. 3. Actual results: /usr/sbin/cupsd crashes on startup Expected results: Normal cupsd startup Additional info: Since this prevents printing from the system, I've marked this as 'high' severity because there are times when printing is critical to daily work, though of course, not to use of the system per se. [root@xxxxxxxx coredump]# systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/usr/lib/systemd/system/cups.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/cups.service.d └─server.conf Active: failed (Result: core-dump) since Tue 2020-12-22 17:07:20 JST; 18min ago TriggeredBy: ● cups.socket ● cups.path Docs: man:cupsd(8) Process: 1605 ExecStart=/usr/sbin/cupsd -l (code=dumped, signal=SEGV) Main PID: 1605 (code=dumped, signal=SEGV) CPU: 25ms Dec 22 17:07:18 xxxxxxxx.xxxxxxxx.xx systemd[1]: Stopped CUPS Scheduler. Dec 22 17:07:18 xxxxxxxx.xxxxxxxx.xx systemd[1]: Starting CUPS Scheduler... Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: cups.service: Main process exited, code=dumped, status=11/SEGV Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: cups.service: Failed with result 'core-dump'. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: Failed to start CUPS Scheduler. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: cups.service: Scheduled restart job, restart counter is at 5. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: Stopped CUPS Scheduler. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: cups.service: Start request repeated too quickly. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: cups.service: Failed with result 'core-dump'. Dec 22 17:07:20 xxxxxxxx.xxxxxxxx.xx systemd[1]: Failed to start CUPS Scheduler. [root@xxxxxxxx log]# coredumpctl dump PID: 1605 (cupsd) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Tue 2020-12-22 17:07:19 JST (25min ago) Command Line: /usr/sbin/cupsd -l Executable: /usr/sbin/cupsd Control Group: /system.slice/cups.service Unit: cups.service Slice: system.slice Boot ID: 5bc50b8ba0764f1f8d45da5d389efb3d Machine ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Hostname: xxxxxxxx.xxxxxxxx.xx Storage: /var/lib/systemd/coredump/core.cupsd.0.5bc50b8ba0764f1f8d45da5d389efb3d.1605.1608624439000000.lz4 Message: Process 1605 (cupsd) of user 0 dumped core. Stack trace of thread 1605: #0 0x00007f8a9763d5b8 _cups_strcasecmp (libcups.so.2 + 0x535b8) #1 0x00007f8a9764bcb2 _ppdOpen (libcups.so.2 + 0x61cb2) #2 0x00007f8a9764cc38 _ppdOpenFile (libcups.so.2 + 0x62c38) #3 0x00005591940c74eb colord_register_printer (cupsd + 0x1a4eb) #4 0x00005591940c7f2d cupsdStartColor (cupsd + 0x1af2d) #5 0x0000559194100474 cupsdStartServer (cupsd + 0x53474) #6 0x00005591940baaa3 main (cupsd + 0xdaa3) #7 0x00007f8a97447042 __libc_start_main (libc.so.6 + 0x27042) #8 0x00005591940bc0ee _start (cupsd + 0xf0ee)
Just to add, I did not specifically upgrade CUPS. This was just part of a normal daily 'dnf upgrade' on two systems here that are configured for printing. The result was identical (daemon crashes) on both systems.
Adding an additional note that this problem is confirmed in Fedora 33 with cups-2.3.3op1-1.fc33, so I'm updating the Fedora version.
Created attachment 1742515 [details] Brother MFCJ6710CDW PPD
Given the traceback, it's obvious that the segmentation violation occurs in the context of parsing a PPD file. The only user-installed PPD file is a vendor-supplied PPD for the Brother MFCJ6710CDW printer, which has been working fine since 2012, and for which no updates are available from the vendor. Removing that PPD file from /etc/cups does indeed allow cupsd to start, however printing is suboptimal because the default PPD does not support various features of the printer. In addition, a segmentation violation while parsing a file in root context suggests the possibility of a locally-exploitable security vulnerability, possibly leading to privilege escalation or arbitrary code execution if CUPS can be coerced into parsing a specially crafted PPD file. With that in mind, you might now want to leave this report publicly available until a patch/update is available. I tried to change the "group" to 'Security' but the option is greyed out for me, and I'm now sure what to do about that.
Hi BZ, thank you for reporting the issue! It is a known issue upstream https://github.com/OpenPrinting/cups/issues/64 , I will look into it in the future. It is caused by Brother PPD file, because the PPD is malformed (no *OpenUI tag, it is commented out). You can comment/comment out this part of PPD for now: *%=== Reverse Printing ================================ *%OpenUI *BRReverse/Reverse Printing: PickOne *%OrderDependency: 30 AnySetup *BRReverse *%DefaultBRReverse: OFF *%BRReverse OFF/Off: " " *%BRReverse ON/On: " " *CloseUI: *BRReverse and reinstall your print queue with it. But cupsd mustn't crash on malformed PPD like this.
FEDORA-2021-db2b870848 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-db2b870848
FEDORA-2021-ccae3986cc has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ccae3986cc
FEDORA-2021-ccae3986cc has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ccae3986cc` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ccae3986cc See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-db2b870848 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-db2b870848` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-db2b870848 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-db5caaeb91 has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-db5caaeb91` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-db5caaeb91 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-ef84cd3f69 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ef84cd3f69` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ef84cd3f69 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-ef84cd3f69 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-db5caaeb91 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.