import cups-2.3.3op2-21.el9

c9-beta imports/c9-beta/cups-2.3.3op2-21.el9
MSVSphere Packaging Team 1 year ago
commit 0cf134721c

@ -0,0 +1,2 @@
23108e0f6ca7d8caa1a6a6224f5322e21ba0a27d SOURCES/cups-2.3.3op2-source.tar.gz
79ee155bed4c18088be472a6e364f37ad6e410a6 SOURCES/cupsprinter.png

2
.gitignore vendored

@ -0,0 +1,2 @@
SOURCES/cups-2.3.3op2-source.tar.gz
SOURCES/cupsprinter.png

@ -0,0 +1,33 @@
diff -up cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout cups-2.3.3op2/conf/cupsd.conf.in
--- cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/conf/cupsd.conf.in 2021-11-29 11:37:02.426407322 +0100
@@ -28,6 +28,9 @@ DefaultAuthType Basic
# Web interface setting...
WebInterface @CUPS_WEBIF@
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
+IdleExitTimeout @EXIT_TIMEOUT@
+
# Restrict access to the server...
<Location />
Order allow,deny
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout cups-2.3.3op2/config-scripts/cups-defaults.m4
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:37:02.426407322 +0100
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 11:39:16.629262421 +0100
@@ -461,3 +461,16 @@ esac
AC_SUBST(CUPS_WEBIF)
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_WEBIF, $CUPS_DEFAULT_WEBIF)
+
+dnl Set default value of IdleExitTimeout
+AC_ARG_WITH([idle_exit_timeout], AS_HELP_STRING([--with-idle-exit-timeout], [set the default value for IdleExitTimeout, default=60]), [
+ AS_IF([test "x$withval" = "xno"], [
+ EXIT_TIMEOUT=0
+ ], [
+ EXIT_TIMEOUT=$withval
+ ])
+], [
+ EXIT_TIMEOUT=60
+])
+
+AC_SUBST([EXIT_TIMEOUT])

@ -0,0 +1,33 @@
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec cups-2.3.3op2/config-scripts/cups-defaults.m4
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec 2021-11-29 13:50:14.568976028 +0100
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 13:51:02.785567762 +0100
@@ -482,3 +482,18 @@ AC_ARG_WITH([idle_exit_timeout], AS_HELP
])
AC_SUBST([EXIT_TIMEOUT])
+
+dnl set TimeoutStartSec for cups.service
+dnl - if used as --without-*, it sets TimeoutStartSec to infinity
+AC_ARG_WITH([systemd-timeoutstartsec],
+ AS_HELP_STRING([--with-systemd-timeoutstartsec],
+ [set TimeoutStartSec value in cups.service, default=default value in systemd]), [
+ AS_IF([ test "x$withval" = "xno" ], [
+ TIMEOUTSTARTSEC="TimeoutStartSec=infinity"
+ ], [
+ TIMEOUTSTARTSEC="TimeoutStartSec=$withval"
+ ])
+], [
+ TIMEOUTSTARTSEC=""
+])
+AC_SUBST([TIMEOUTSTARTSEC])
diff -up cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/cups.service.in
--- cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100
+++ cups-2.3.3op2/scheduler/cups.service.in 2021-11-29 13:50:14.568976028 +0100
@@ -8,6 +8,7 @@ Requires=cups.socket
ExecStart=@sbindir@/cupsd -l
Type=notify
Restart=on-failure
+@TIMEOUTSTARTSEC@
[Install]
Also=cups.socket cups.path

@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

@ -0,0 +1,31 @@
From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 6 Dec 2022 09:04:01 -0500
Subject: [PATCH] Require authentication for CUPS-Get-Document.
---
conf/cupsd.conf.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index b25884907..a07536f3e 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
--
2.41.0

@ -0,0 +1,855 @@
From 4d6787bd98c2fac8dcc58f34125d299d82e622aa Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 2 May 2022 15:35:20 -0400
Subject: [PATCH] Update man pages for -h option (Issue #357)
---
doc/help/man-cancel.html | 7 ++++---
doc/help/man-cupsctl.html | 7 ++++---
doc/help/man-ipptool.html | 6 ++++++
doc/help/man-lp.html | 9 +++++----
doc/help/man-lpinfo.html | 9 +++++----
doc/help/man-lpmove.html | 9 +++++----
doc/help/man-lpoptions.html | 17 +++++++++--------
doc/help/man-lpq.html | 5 +++--
doc/help/man-lpr.html | 5 +++--
doc/help/man-lprm.html | 6 +++---
doc/help/man-lpstat.html | 5 +++--
man/cancel.1 | 9 +++++----
man/cupsctl.8 | 9 +++++----
man/lp.1 | 11 ++++++-----
man/lpinfo.8 | 11 ++++++-----
man/lpmove.8 | 11 ++++++-----
man/lpoptions.1 | 19 ++++++++++---------
man/lpq.1 | 7 ++++---
man/lpr.1 | 7 ++++---
man/lprm.1 | 8 ++++----
man/lpstat.1 | 11 ++++++-----
22 files changed, 107 insertions(+), 82 deletions(-)
diff --git a/doc/help/man-cancel.html b/doc/help/man-cancel.html
index d51bb2b91..a0b52369c 100644
--- a/doc/help/man-cancel.html
+++ b/doc/help/man-cancel.html
@@ -12,6 +12,9 @@ cancel - cancel jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cancel</b>
[
+<b>-h</b>
+<i>hostname[:port]</i>
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -19,9 +22,6 @@ cancel - cancel jobs
] [
<b>-a</b>
] [
-<b>-h</b>
-<i>hostname[:port]</i>
-] [
<b>-u</b>
<i>username</i>
] [
@@ -46,6 +46,7 @@ destinations if none is provided.
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>hostname</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-U </b><i>username</i>
<dd style="margin-left: 5.0em">Specifies the username to use when connecting to the server.
<dt><b>-u </b><i>username</i>
diff --git a/doc/help/man-cupsctl.html b/doc/help/man-cupsctl.html
index b3f892ef9..e5c98dccb 100644
--- a/doc/help/man-cupsctl.html
+++ b/doc/help/man-cupsctl.html
@@ -12,14 +12,14 @@ cupsctl - configure cupsd.conf options
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cupsctl</b>
[
+<b>-h</b>
+<i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<b>:</b><i>port</i>]
-] [
<b>--</b>[<b>no-</b>]<b>debug-logging</b>
] [
<b>--</b>[<b>no-</b>]<b>remote-admin</b>
@@ -45,6 +45,7 @@ The following options are recognized:
<dd style="margin-left: 5.0em">Specifies an alternate username to use when authenticating with the scheduler.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies the server address.
+Note: This option must occur before all others.
<dt><b>--</b>[<b>no-</b>]<b>debug-logging</b>
<dd style="margin-left: 5.0em">Enables (disables) debug logging to the <i>error_log</i> file.
<dt><b>--</b>[<b>no-</b>]<b>remote-admin</b>
diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html
index 81f67d77f..688454c69 100644
--- a/doc/help/man-ipptool.html
+++ b/doc/help/man-ipptool.html
@@ -59,6 +59,8 @@ ipptool - perform internet printing protocol requests
<b>-i</b>
<i>seconds</i>
] [
+<b>-j</b>
+] [
<b>-n</b>
<i>repeat-count</i>
] [
@@ -150,6 +152,10 @@ This option is incompatible with the <b>-i</b> (interval) and <b>-n</b> (repeat-
<i>testfile</i>
should be repeated at the specified interval.
This option is incompatible with the <b>-X</b> (XML plist output) option.
+<dt><b>-j</b>
+<dd style="margin-left: 5.0em">Specifies that
+<b>ipptool</b>
+will produce JSON output.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Specifies that plain text output is desired.
<dt><b>-n</b><i> repeat-count</i>
diff --git a/doc/help/man-lp.html b/doc/help/man-lp.html
index f70c088d3..6442e900d 100644
--- a/doc/help/man-lp.html
+++ b/doc/help/man-lp.html
@@ -12,6 +12,8 @@ lp - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -21,8 +23,6 @@ lp - print files
] [
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-m</b>
] [
<b>-n</b>
@@ -51,6 +51,8 @@ lp - print files
<br>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -58,8 +60,6 @@ lp - print files
] [
<b>-c</b>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-i</b>
<i>job-id</i>
] [
@@ -106,6 +106,7 @@ In CUPS, print files are always sent to the scheduler via IPP which has the same
<dd style="margin-left: 5.0em">Prints files to the named printer.
<dt><b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Chooses an alternate server.
+Note: This option must occur before all others.
<dt><b>-i </b><i>job-id</i>
<dd style="margin-left: 5.0em">Specifies an existing job to modify.
<dt><b>-m</b>
diff --git a/doc/help/man-lpinfo.html b/doc/help/man-lpinfo.html
index a1aed9421..30df7691c 100644
--- a/doc/help/man-lpinfo.html
+++ b/doc/help/man-lpinfo.html
@@ -12,10 +12,10 @@ lpinfo - show available devices or drivers (deprecated)
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--device-id</b>
@@ -40,10 +40,10 @@ lpinfo - show available devices or drivers (deprecated)
<br>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--exclude-schemes</b>
@@ -66,6 +66,7 @@ The first form (<i>-m</i>) lists the available drivers, while the second form (<
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Selects an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a "long" listing of devices or drivers.
<dt><b>--device-id </b><i>device-id-string</i>
diff --git a/doc/help/man-lpmove.html b/doc/help/man-lpmove.html
index d8019ee25..b0db753f9 100644
--- a/doc/help/man-lpmove.html
+++ b/doc/help/man-lpmove.html
@@ -12,10 +12,10 @@ lpmove - move a job or all jobs to a new destination
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -24,10 +24,10 @@ lpmove - move a job or all jobs to a new destination
<br>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -44,6 +44,7 @@ The <b>lpmove</b> command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="EXAMPLES">Examples</a></h2>
Move job 123 from "oldprinter" to "newprinter":
diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html
index 6dda87f64..6af78290b 100644
--- a/doc/help/man-lpoptions.html
+++ b/doc/help/man-lpoptions.html
@@ -12,9 +12,9 @@ lpoptions - display or set printer options and defaults
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
]
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
[
@@ -23,20 +23,20 @@ lpoptions - display or set printer options and defaults
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-o </b><i>option</i>[<b>=</b><i>value</i>] ...
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-r</b>
@@ -44,9 +44,9 @@ lpoptions - display or set printer options and defaults
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
]
<b>-x </b><i>destination</i>[<b>/</b><i>instance</i>]
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
@@ -72,6 +72,7 @@ If <i>instance</i> is supplied then that particular instance is used.
This option overrides the system default printer for the current user.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Uses an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Lists the printer specific options and their current settings.
<dt><b>-o </b><i>option</i>[<b>=</b><i>value</i>]
diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html
index 1c9e704ff..19e536d3c 100644
--- a/doc/help/man-lpq.html
+++ b/doc/help/man-lpq.html
@@ -12,13 +12,13 @@ lpq - show printer queue status
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpq</b>
[
+<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
-] [
<b>-P </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
<b>-a</b>
@@ -44,6 +44,7 @@ Jobs queued on the default destination will be shown if no printer or class is s
<dd style="margin-left: 5.0em">Reports jobs on all printers.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Requests a more verbose (long) reporting format.
</dl>
diff --git a/doc/help/man-lpr.html b/doc/help/man-lpr.html
index d044ab1a8..f9b19e1fe 100644
--- a/doc/help/man-lpr.html
+++ b/doc/help/man-lpr.html
@@ -12,10 +12,10 @@ lpr - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpr</b>
[
-<b>-E</b>
-] [
<b>-H </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
] [
@@ -67,6 +67,7 @@ The following options are recognized by <i>lpr</i>:
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-H </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-C "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-J "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-T "</b><i>name</i><b>"</b>
diff --git a/doc/help/man-lprm.html b/doc/help/man-lprm.html
index 7410320a3..dbe7f20de 100644
--- a/doc/help/man-lprm.html
+++ b/doc/help/man-lprm.html
@@ -12,14 +12,13 @@ lprm - cancel print jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lprm</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<i>:port</i>]
-] [
<b>-P</b>
<i>destination</i>[<i>/instance</i>]
] [
@@ -45,6 +44,7 @@ command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="CONFORMING_TO">Conforming To</a></h2>
The CUPS version of
diff --git a/doc/help/man-lpstat.html b/doc/help/man-lpstat.html
index f23089bbe..2c5dedc7c 100644
--- a/doc/help/man-lpstat.html
+++ b/doc/help/man-lpstat.html
@@ -12,6 +12,8 @@ lpstat - print cups status information
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpstat</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-H</b>
@@ -19,8 +21,6 @@ lpstat - print cups status information
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-l</b>
] [
<b>-W</b>
@@ -91,6 +91,7 @@ If no classes are specified then all classes are listed.
<dd style="margin-left: 5.0em">Shows all available destinations on the local network.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a long listing of printers, classes, or jobs.
<dt><b>-o </b>[<i>destination(s)</i>]
diff --git a/man/cancel.1 b/man/cancel.1
index 34a5d9fc0..caea0ed69 100644
--- a/man/cancel.1
+++ b/man/cancel.1
@@ -8,12 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH cancel 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cancel \- cancel jobs
.SH SYNOPSIS
.B cancel
[
+.B \-h
+.I hostname[:port]
+] [
.B \-E
] [
.B \-U
@@ -21,9 +24,6 @@ cancel \- cancel jobs
] [
.B \-a
] [
-.B \-h
-.I hostname[:port]
-] [
.B \-u
.I username
] [
@@ -50,6 +50,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-h \fIhostname\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-U \fIusername\fR
Specifies the username to use when connecting to the server.
diff --git a/man/cupsctl.8 b/man/cupsctl.8
index 1b1ff4183..7e50d07ac 100644
--- a/man/cupsctl.8
+++ b/man/cupsctl.8
@@ -8,20 +8,20 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH cupsctl 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cupsctl \- configure cupsd.conf options
.SH SYNOPSIS
.B cupsctl
[
+.B \-h
+\fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-\fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
] [
\fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR
@@ -49,6 +49,7 @@ Specifies an alternate username to use when authenticating with the scheduler.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies the server address.
+Note: This option must occur before all others.
.TP 5
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
Enables (disables) debug logging to the \fIerror_log\fR file.
diff --git a/man/lp.1 b/man/lp.1
index a54f904a5..4bdd2de7b 100644
--- a/man/lp.1
+++ b/man/lp.1
@@ -8,12 +8,14 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lp 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lp \- print files
.SH SYNOPSIS
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -23,8 +25,6 @@ lp \- print files
] [
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-m
] [
.B \-n
@@ -53,6 +53,8 @@ lp \- print files
.br
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -60,8 +62,6 @@ lp \- print files
] [
.B \-c
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-i
.I job-id
] [
@@ -113,6 +113,7 @@ Prints files to the named printer.
.TP 5
\fB\-h \fIhostname\fR[\fB:\fIport\fR]
Chooses an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-i \fIjob-id\fR
Specifies an existing job to modify.
diff --git a/man/lpinfo.8 b/man/lpinfo.8
index d238f9a60..d44b568d2 100644
--- a/man/lpinfo.8
+++ b/man/lpinfo.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpinfo 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpinfo \- show available devices or drivers (deprecated)
.SH SYNOPSIS
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-device\-id
@@ -42,10 +42,10 @@ lpinfo \- show available devices or drivers (deprecated)
.br
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-exclude\-schemes
@@ -69,6 +69,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Selects an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a "long" listing of devices or drivers.
diff --git a/man/lpmove.8 b/man/lpmove.8
index af3c6b63c..62adba654 100644
--- a/man/lpmove.8
+++ b/man/lpmove.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpmove 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpmove \- move a job or all jobs to a new destination
.SH SYNOPSIS
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -26,10 +26,10 @@ lpmove \- move a job or all jobs to a new destination
.br
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -48,6 +48,7 @@ Specifies an alternate username.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH EXAMPLES
Move job 123 from "oldprinter" to "newprinter":
.nf
diff --git a/man/lpoptions.1 b/man/lpoptions.1
index 372f46a37..2eb5b6010 100644
--- a/man/lpoptions.1
+++ b/man/lpoptions.1
@@ -8,15 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpoptions 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpoptions \- display or set printer options and defaults
.SH SYNOPSIS
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
]
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
[
@@ -25,20 +25,20 @@ lpoptions \- display or set printer options and defaults
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
\fB\-o \fIoption\fR[\fB=\fIvalue\fR] ...
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
.B \-r
@@ -46,9 +46,9 @@ lpoptions \- display or set printer options and defaults
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
]
\fB\-x \fIdestination\fR[\fB/\fIinstance\fR]
.SH DESCRIPTION
@@ -79,6 +79,7 @@ This option overrides the system default printer for the current user.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Uses an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Lists the printer specific options and their current settings.
diff --git a/man/lpq.1 b/man/lpq.1
index ce23a6c81..a81633ecb 100644
--- a/man/lpq.1
+++ b/man/lpq.1
@@ -8,19 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpq 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpq \- show printer queue status
.SH SYNOPSIS
.B lpq
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-P \fIdestination\fR[\fB/\fIinstance\fR]
] [
.B \-a
@@ -51,6 +51,7 @@ Reports jobs on all printers.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Requests a more verbose (long) reporting format.
diff --git a/man/lpr.1 b/man/lpr.1
index e5f9f9018..77a62b305 100644
--- a/man/lpr.1
+++ b/man/lpr.1
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpr 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpr \- print files
.SH SYNOPSIS
.B lpr
[
-.B \-E
-] [
\fB\-H \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
] [
@@ -70,6 +70,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-H \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-C "\fIname\fB"\fR
.TP 5
diff --git a/man/lprm.1 b/man/lprm.1
index 094166539..0cf88ac51 100644
--- a/man/lprm.1
+++ b/man/lprm.1
@@ -8,20 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lprm 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lprm \- cancel print jobs
.SH SYNOPSIS
.B lprm
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-.IR server [ :port ]
-] [
.B \-P
.IR destination [ /instance ]
] [
@@ -50,6 +49,7 @@ Specifies an alternate username.
.TP 5
\fB\-h \fIserver\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH CONFORMING TO
The CUPS version of
.B lprm
diff --git a/man/lpstat.1 b/man/lpstat.1
index 0a10cd9bc..88acff7b3 100644
--- a/man/lpstat.1
+++ b/man/lpstat.1
@@ -1,17 +1,20 @@
.\"
.\" lpstat man page for CUPS.
.\"
-.\" Copyright 2007-2019 by Apple Inc.
-.\" Copyright 1997-2006 by Easy Software Products.
+.\" Copyright © 2021-2022 by OpenPrinting.
+.\" Copyright © 2007-2019 by Apple Inc.
+.\" Copyright © 1997-2006 by Easy Software Products.
.\"
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more information.
.\"
-.TH lpstat 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpstat \- print cups status information
.SH SYNOPSIS
.B lpstat
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-H
@@ -19,8 +22,6 @@
.B \-U
.I username
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-l
] [
.B \-W
@@ -100,6 +101,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a long listing of printers, classes, or jobs.
@@ -145,4 +147,4 @@
.BR lprm (1),
CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright \[co] 2007-2019 by Apple Inc.
+Copyright \[co] 2021-2022 by OpenPrinting.

@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.
This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

@ -0,0 +1,16 @@
diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c
index 92f1501..7edc058 100644
--- a/cgi-bin/ipp-var.c
+++ b/cgi-bin/ipp-var.c
@@ -275,10 +275,7 @@ cgiMoveJobs(http_t *http, /* I - Connection to server */
*/
if ((user = getenv("REMOTE_USER")) == NULL)
- {
- puts("Status: 401\n");
- exit(0);
- }
+ user = "guest";
/*
* See if the user has already selected a new destination...

@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)
Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.
This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 128))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

@ -0,0 +1,53 @@
From d9924186325c89aefa56e36258f56f246dd2c4ad Mon Sep 17 00:00:00 2001
From: Richard Lescak <rlescak@redhat.com>
Date: Tue, 11 Jan 2022 10:53:34 +0100
Subject: [PATCH] cups/http.c,encode.c: Fix memory leaks
---
CHANGES.md | 3 ++-
cups/encode.c | 1 +
cups/http.c | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/cups/encode.c b/cups/encode.c
index 5bcbf6fe5..15b1c6b40 100644
--- a/cups/encode.c
+++ b/cups/encode.c
@@ -655,6 +655,7 @@ _cupsEncodeOption(
ippSetCollection(ipp, &attr, i, collection);
cupsEncodeOptions2(collection, num_cols, cols, IPP_TAG_JOB);
cupsFreeOptions(num_cols, cols);
+ ippDelete(collection);
break;
default :
diff --git a/cups/http.c b/cups/http.c
index bd41e6f8e..4b6a24bd3 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -4624,6 +4624,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */
* Restore the HTTP request data...
*/
+ httpClearFields(http);
memcpy(http->_fields, myhttp._fields, sizeof(http->_fields));
memcpy(http->fields, myhttp.fields, sizeof(http->fields));
diff --git a/cups/ppd.c b/cups/ppd.c
index 525df3592..54368ac4c 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -3430,12 +3430,12 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
srctype[256],
dstsuper[16], /* Destination MIME media type */
dsttype[256],
- program[1024], /* Command to run */
*ptr, /* Pointer into command to run */
buffer[1024], /* Re-written cupsFilter value */
**filter; /* Current filter */
int cost; /* Cost of filter */
+ char program[1024] = { 0 }; /* Command to run */
DEBUG_printf(("4ppd_update_filters(ppd=%p, cg=%p)", ppd, pg));

@ -0,0 +1,34 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,6 +1,7 @@
/*
* String functions for CUPS.
*
+ * Copyright © 2023 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

@ -0,0 +1,55 @@
From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 6 Apr 2022 15:04:45 +0200
Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR
The current mode for `gnutls_bye()` in client use cases strictly
follows TLS v1.2 standard, which in this particular part says:
```
Unless some other fatal alert has been transmitted, each party is
required to send a close_notify alert before closing the write
side of the connection. The other party MUST respond with a
close_notify alert of its own and close down the connection immediately,
discarding any pending writes. It is not required for the initiator
of the close to wait for the responding close_notify alert before
closing the read side of the connection.
```
and waits for the other side of TLS connection to confirm the close.
Unfortunately it can undesired for reasons:
- we support switching of TLS versions in CUPS, and this mode strictly
follows TLS v1.2 - so for older version this behavior is not expected
and can cause delays
- even some TLS v1.2 implementations (like Windows Server 2016) don't
comply TLS v1.2 behavior even if it says it does - in that case,
encrypted printing takes 30s till HTTP timeout is reached, because the
other side didn't send confirmation
- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference,
so we could end up with two TLS implementations in CUPS which will
behave differently
Since the standard defines that waiting for confirmation is not required
and due the problems above, I would propose using GNUTLS_SHUT_WR mode
regardless of HTTP mode.
---
cups/tls-gnutls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index c55995b2b..f87b4f4df 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */
int error; /* Error code */
- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR);
if (error != GNUTLS_E_SUCCESS)
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
--
2.35.1

@ -0,0 +1,35 @@
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 May 2022 06:27:04 +0200
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
CVE-2022-26691)
The previous algorithm didn't expect the strings can have a different
length, so one string can be a substring of the other and such substring
was reported as equal to the longer string.
---
CHANGES.md | 1 +
scheduler/cert.c | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/scheduler/cert.c b/scheduler/cert.c
index b268bf1b2..9b65b96c9 100644
--- a/scheduler/cert.c
+++ b/scheduler/cert.c
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
b ++;
}
- return (result);
+ /*
+ * The while loop finishes when *a == '\0' or *b == '\0'
+ * so after the while loop either both *a and *b == '\0',
+ * or one points inside a string, so when we apply bitwise OR on *a,
+ * *b and result, we get a non-zero return value if the compared strings don't match.
+ */
+
+ return (result | *a | *b);
}
--
2.36.1

@ -0,0 +1,38 @@
From 08e9b6e1f8497a8159d6bd7cd6dc96ae79a2e704 Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Thu, 15 Jul 2021 16:26:27 -0700
Subject: [PATCH] scheduler/job.c: use gziptoany for raw files (not just raw
printers)
---
scheduler/job.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scheduler/job.c b/scheduler/job.c
index d8c2efcc6..b448acda5 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -501,6 +501,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
int backroot; /* Run backend as root? */
int pid; /* Process ID of new filter process */
int banner_page; /* 1 if banner page, 0 otherwise */
+ int raw_file; /* 1 if file type is vnd.cups-raw */
int filterfds[2][2] = { { -1, -1 }, { -1, -1 } };
/* Pipes used between filters */
int envc; /* Number of environment variables */
@@ -746,8 +747,11 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
* Add decompression/raw filter as needed...
*/
+ raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") &&
+ !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw");
+
if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) ||
- (!job->printer->remote && job->printer->raw && job->num_files > 1))
+ (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1))
{
/*
* Add gziptoany filter to the front of the list...
--
2.31.1

@ -0,0 +1,12 @@
diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c
--- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200
@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I -
if ((ext = strrchr(dent->filename, '.')) != NULL)
if (!strcmp(ext, ".bck") ||
!strcmp(ext, ".bak") ||
+ !strcmp(ext, ".rpmnew") ||
+ !strcmp(ext, ".rpmsave") ||
!strcmp(ext, ".sav"))
continue;

@ -0,0 +1,16 @@
diff --git a/scheduler/main.c b/scheduler/main.c
index e1fa357..53ca94a 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -1760,6 +1760,11 @@ select_timeout(int fds) /* I - Number of descriptors returned */
/*
* Check for any job activity...
*/
+ if (JobHistoryUpdate && timeout > JobHistoryUpdate)
+ {
+ timeout = JobHistoryUpdate;
+ why = "update job history";
+ }
for (job = (cupsd_job_t *)cupsArrayFirst(ActiveJobs);
job;

@ -0,0 +1,177 @@
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index 02b9d9d..669cb65 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -619,6 +619,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
*oldinfo; /* Old printer information */
const cgi_file_t *file; /* Uploaded file, if any */
const char *var; /* CGI variable */
+ char *ppd_name = NULL; /* Pointer to PPD name */
char uri[HTTP_MAX_URI], /* Device or printer URI */
*uriptr, /* Pointer into URI */
evefile[1024] = ""; /* IPP Everywhere PPD file */
@@ -1124,12 +1125,12 @@ do_am_printer(http_t *http, /* I - HTTP connection */
if (!file)
{
- var = cgiGetVariable("PPD_NAME");
- if (!strcmp(var, "everywhere"))
+ ppd_name = cgiGetVariable("PPD_NAME");
+ if (!strcmp(ppd_name, "everywhere"))
get_printer_ppd(cgiGetVariable("DEVICE_URI"), evefile, sizeof(evefile));
- else if (strcmp(var, "__no_change__"))
+ else if (strcmp(ppd_name, "__no_change__"))
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "ppd-name",
- NULL, var);
+ NULL, ppd_name);
}
ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location",
@@ -1219,7 +1220,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiCopyTemplateLang("printer-modified.tmpl");
}
- else
+ else if (ppd_name && (strcmp(ppd_name, "everywhere") == 0 || strstr(ppd_name, "driverless")))
{
/*
* Set the printer options...
@@ -1229,6 +1230,16 @@ do_am_printer(http_t *http, /* I - HTTP connection */
do_set_options(http, 0);
return;
}
+ else
+ {
+ /*
+ * If we don't have an everywhere model, show printer-added
+ * template with warning about drivers going away...
+ */
+
+ cgiStartHTML(title);
+ cgiCopyTemplateLang("printer-added.tmpl");
+ }
cgiEndHTML();
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index 3bfe4a8..248bdba 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -950,6 +950,8 @@ cupsdLoadAllPrinters(void)
*value, /* Pointer to value */
*valueptr; /* Pointer into value */
cupsd_printer_t *p; /* Current printer */
+ int found_raw = 0; /* Flag whether raw queue is installed */
+ int found_driver = 0; /* Flag whether queue with classic driver is installed */
/*
@@ -1025,6 +1027,30 @@ cupsdLoadAllPrinters(void)
cupsdSetPrinterAttrs(p);
+ if ((p->device_uri && strncmp(p->device_uri, "ipp:", 4) && strncmp(p->device_uri, "ipps:", 5) && strncmp(p->device_uri, "implicitclass:", 14)) ||
+ !p->make_model ||
+ (p->make_model && strstr(p->make_model, "IPP Everywhere") == NULL && strstr(p->make_model, "driverless") == NULL))
+ {
+ /*
+ * Warn users about printer drivers and raw queues will be deprecated.
+ * It will warn users in the following scenarios:
+ * - the queue doesn't use ipp, ipps or implicitclass backend, which means
+ * it doesn't communicate via IPP and is raw or uses a driver for sure
+ * - the queue doesn't have make_model - it is raw
+ * - the queue uses a correct backend, but the model is not IPP Everywhere/driverless
+ */
+ if (!p->make_model)
+ {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s is a raw queue, which is deprecated.", p->name);
+ found_raw = 1;
+ }
+ else
+ {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s uses a printer driver, which is deprecated.", p->name);
+ found_driver = 1;
+ }
+ }
+
if (strncmp(p->device_uri, "file:", 5) && p->state != IPP_PRINTER_STOPPED)
{
/*
@@ -1415,6 +1441,12 @@ cupsdLoadAllPrinters(void)
}
}
+ if (found_raw)
+ cupsdLogMessage(CUPSD_LOG_WARN, "Raw queues are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
+
+ if (found_driver)
+ cupsdLogMessage(CUPSD_LOG_WARN, "Printer drivers are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
+
cupsFileClose(fp);
}
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index ca6d386..daf24d5 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -632,7 +632,7 @@ main(int argc, /* I - Number of command-line arguments */
num_options = cupsRemoveOption("ppd-name", num_options, &options);
}
- else if (ppd_name || file)
+ else if ((ppd_name && strncmp(ppd_name, "driverless:", 11)) || file)
{
_cupsLangPuts(stderr, _("lpadmin: Printer drivers are deprecated and will stop working in a future version of CUPS."));
}
diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl
index e916cf8..9c9b71f 100644
--- a/templates/choose-model.tmpl
+++ b/templates/choose-model.tmpl
@@ -39,7 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Current Driver - {current_make_and_model}</OPTION>:}
-{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model} - IPP Everywhere &trade;</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/printer-added.tmpl b/templates/printer-added.tmpl
index 0ccf6d3..9ebc835 100644
--- a/templates/printer-added.tmpl
+++ b/templates/printer-added.tmpl
@@ -1,4 +1,15 @@
-<H2 CLASS="title">Add Printer</H2>
+<H2 CLASS="title">Add Printer {printer_name}</H2>
<P>Printer <A HREF="/printers/{printer_name}">{printer_name}</A> has been added
successfully.
+
+<blockquote>
+<b>Note:<b>Printer drivers and raw queues are deprecated and will stop working in a future version of CUPS.
+</blockquote>
+
+<FORM ACTION="admin/" METHOD="POST">
+<INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}">
+<INPUT TYPE="HIDDEN" NAME="OP" VALUE="set-printer-options">
+<INPUT TYPE="HIDDEN" NAME="printer_name" VALUE="{printer_name}">
+<INPUT TYPE="SUBMIT" VALUE="Set Printer Options">
+</FORM>
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
index 4498a8c..8776874 100755
--- a/test/run-stp-tests.sh
+++ b/test/run-stp-tests.sh
@@ -1049,10 +1049,10 @@ fi
# Warning log messages
count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
-if test $count != 8; then
- echo "FAIL: $count warning messages, expected 8."
+if test $count != 9; then
+ echo "FAIL: $count warning messages, expected 9."
$GREP '^W ' $BASE/log/error_log
- echo " <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
+ echo " <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
echo " <pre>" >>$strfile
$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&amp;/g' -e '1,$s/</&lt;/g' >>$strfile
echo " </pre>" >>$strfile

@ -0,0 +1,27 @@
diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c
--- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200
@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De
_cups_strncasecmp(hostname, "Minolta", 7);
#endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
+ if (use_bc && !strncmp(uri, "usb:/dev/", 9))
+ use_bc = 0;
+
if ((device_fd = open_device(uri, &use_bc)) == -1)
{
if (getenv("CLASS") != NULL)
@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev
if (!strncmp(uri, "usb:/dev/", 9))
#ifdef __linux
{
- /*
- * Do not allow direct devices anymore...
- */
-
- errno = ENODEV;
- return (-1);
+ return (open(uri + 4, O_RDWR | O_EXCL));
}
else if (!strncmp(uri, "usb://", 6))
{

@ -0,0 +1,21 @@
diff -up cups-1.7b1/scheduler/ipp.c.driverd-timeout cups-1.7b1/scheduler/ipp.c
--- cups-1.7b1/scheduler/ipp.c.driverd-timeout 2013-04-19 12:24:43.003841810 +0200
+++ cups-1.7b1/scheduler/ipp.c 2013-04-19 12:24:43.204839107 +0200
@@ -4556,7 +4556,7 @@ copy_model(cupsd_client_t *con, /* I -
close(temppipe[1]);
/*
- * Wait up to 30 seconds for the PPD file to be copied...
+ * Wait up to 70 seconds for the PPD file to be copied...
*/
total = 0;
@@ -4576,7 +4576,7 @@ copy_model(cupsd_client_t *con, /* I -
FD_SET(temppipe[0], &input);
FD_SET(CGIPipes[0], &input);
- timeout.tv_sec = 30;
+ timeout.tv_sec = 70;
timeout.tv_usec = 0;
if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0)

@ -0,0 +1,11 @@
diff -up cups-2.3.1/ppdc/sample.drv.dymo-deviceid cups-2.3.1/ppdc/sample.drv
--- cups-2.3.1/ppdc/sample.drv.dymo-deviceid 2019-12-16 09:22:34.476492212 +0100
+++ cups-2.3.1/ppdc/sample.drv 2019-12-16 09:23:44.665003895 +0100
@@ -129,6 +129,7 @@ Version "2.3"
{
Manufacturer "DYMO"
ModelName "Label Printer"
+ Attribute "1284DeviceID" "" "MFG:DYMO;MDL:LabelWriter 400;"
Attribute NickName "" "DYMO Label Printer"
PCFileName "dymo.ppd"
DriverType label

@ -0,0 +1,876 @@
diff -up cups-2.3.3/backend/failover.c.failover cups-2.3.3/backend/failover.c
--- cups-2.3.3/backend/failover.c.failover 2020-06-11 08:49:20.515264358 +0200
+++ cups-2.3.3/backend/failover.c 2020-06-11 08:49:20.515264358 +0200
@@ -0,0 +1,837 @@
+/*
+ * Failover Backend for the Common UNIX Printing System (CUPS).
+ *
+ * Copyright (c) 2014, Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of Red Hat, Inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT,
+ * INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Original version by Clark Hale, Red Hat, Inc.
+ *
+ * This backend presents a fake printer that will choose the first
+ * available printer from a list of IPP URIs.
+ *
+ * Option failover contains a comma separated list of IPP URIs. The
+ * URIs are attempted in-order.
+ *
+ * Option failover-retries contains an integer that indicates how many
+ * times to iterate through the failover list before completely
+ * failing.
+ *
+ * Contents:
+ * main() - Checks each printer in a failover list, and
+ * sends job data to the first available printer
+ * move_job() - Sends and IPP Move-Job request
+ * check_printer() - Checks a printer's attributes to see
+ * if it's enabled and accepting jobs
+ * read_config() - Read the backends configuration from
+ * options
+ * get_printer_attributes() - Sends an IPP Get-Attributes request to
+ * a URI
+ * sigterm_handler() - Handle SIGTERM that cancels the job
+ * password_cb() - Password call back used to disable password
+ * prompt
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <cups/http-private.h>
+#include <cups/http.h>
+#include "backend-private.h"
+
+/*
+ * Return Values
+ */
+typedef enum fo_state_e
+{
+ FO_PRINTER_GOOD = 0,
+ FO_PRINTER_BAD,
+ FO_PRINTER_BUSY,
+ FO_AUTH_REQUIRED
+} fo_state_t;
+
+/*
+ * Constants
+ */
+#define FAILOVER_DEFAULT_RETRIES (3)
+#define FAILOVER_PASSWORD_RETRIES_MAX (3)
+
+/*
+ * Local Functions
+ */
+static int check_printer(const char *device_uri);
+static int read_config(cups_array_t *printer_array, int *retries,
+ const char *options);
+static int get_printer_attributes(const char *device_uri,
+ ipp_t **attributes);
+static int move_job(int jobid, const char *dest);
+static void sigterm_handler(int sig);
+static const char *password_cb(const char *);
+
+/*
+ * Global Variables
+ */
+static int job_canceled = 0; /* Job canceled */
+static char *password = NULL; /* password for device */
+static int password_retries = 0;
+static const char *auth_info_required = "none";
+
+/*
+ * 'main()' - Checks each printer in a failover list, and
+ * sends job data to the first available printer
+ * Usage:
+ * printer-uri job-id user title copies options [file]
+ *
+ * The printer-uri option is not used, but it still required to fit
+ * to the backend(7) standards.
+ */
+int
+main(int argc, char *argv[])
+{
+ const char *selected_uri = NULL; /* URI of selected printer */
+ const char *tmp_device_uri; /* Device URI to check */
+ cups_array_t *printer_array; /* Array of available printers */
+ int printer_count = 0; /* current printer array index */
+ int retry_max = 1; /* maximum retries before exit */
+ int retry_count = 0; /* current retry number */
+ int auth_failed_count = 0; /* auth failures per loop */
+ int rc = CUPS_BACKEND_OK;
+#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
+ struct sigaction action; /* Actions for POSIX signals */
+#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
+
+ /*
+ * Check args
+ */
+ if (argc == 1)
+ {
+ /*
+ * print out discovery data
+ */
+ char *backendName;
+
+ if ((backendName = strrchr(argv[0], '/')) != NULL)
+ backendName++;
+ else
+ backendName = argv[0];
+
+ _cupsLangPrintf(stderr,"network %s \"Unknown\" \"%s (%s)\"\n",
+ backendName,
+ _cupsLangString(cupsLangDefault(), _("Failover Printer")),
+ backendName);
+
+ return (CUPS_BACKEND_OK);
+ }
+ else if (argc < 6)
+ {
+ _cupsLangPrintf(stderr,
+ _("Usage: %s job-id user title copies options [file]"),
+ argv[0]);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ fprintf(stderr, "DEBUG: Failover backend starting up.\n");
+
+ /*
+ * Don't buffer status messages
+ */
+ setbuf(stderr, NULL);
+
+ /*
+ * Ignore SIGPIPE and catch SIGTERM signals...
+ */
+#ifdef HAVE_SIGSET
+ sigset(SIGPIPE, SIG_IGN);
+ sigset(SIGTERM, sigterm_handler);
+#elif defined(HAVE_SIGACTION)
+ memset(&action, 0, sizeof(action));
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+
+ sigemptyset(&action.sa_mask);
+ sigaddset(&action.sa_mask, SIGTERM);
+ action.sa_handler = sigterm_handler;
+ sigaction(SIGTERM, &action, NULL);
+#else
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGTERM, sigterm_handler);
+#endif /* HAVE_SIGSET */
+
+ printer_array = cupsArrayNew(NULL, NULL);
+
+ /*
+ * Read Configuration
+ */
+ if ((rc = read_config(printer_array, &retry_max,
+ argv[5])) != CUPS_BACKEND_OK)
+ {
+ fprintf(stderr, "ERROR: Failed to read configuration options!\n");
+ goto cleanup;
+ }
+
+ /*
+ * Main Retry Loop
+ */
+ for (retry_count = 0; retry_count < retry_max; retry_count++)
+ {
+ fprintf(stderr, "DEBUG: Retry loop #%d\n", retry_count + 1);
+
+ /*
+ * Reset Counters
+ */
+ printer_count = 0;
+ auth_failed_count = 0;
+
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
+
+ do
+ {
+ if (job_canceled)
+ {
+ fprintf(stderr, "DEBUG: Job Canceled\n");
+ goto cleanup;
+ }
+
+ fprintf(stderr,"DEBUG: Checking printer #%d: %s\n",
+ printer_count+1, tmp_device_uri);
+
+ rc = check_printer(tmp_device_uri);
+
+ // Printer is available and not busy.
+ if ( rc == FO_PRINTER_GOOD )
+ {
+ selected_uri = tmp_device_uri;
+ break;
+ }
+ // Printer is busy
+ else if (rc == FO_PRINTER_BUSY)
+ {
+ fprintf(stderr, "DEBUG: Waiting for job to complete.\n");
+ sleep(2);
+ continue;
+ }
+ // Authorization is required to access the printer.
+ else if (rc == FO_AUTH_REQUIRED)
+ {
+ auth_failed_count++;
+ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count);
+ }
+ // Printer is stopped or not accepting jobs
+ else
+ {
+ if (!printer_count)
+ fprintf(stderr, "INFO: Primary Printer, %s, not available. "
+ "Attempting Failovers...\n",
+ tmp_device_uri);
+ else
+ fprintf(stderr, "INFO: Failover Printer, %s, not available. "
+ "Attempting Failovers..\n",
+ tmp_device_uri);
+ printer_count++;
+ tmp_device_uri = (char *)cupsArrayNext(printer_array);
+ }
+ } while (tmp_device_uri != NULL);
+
+ if (selected_uri && !printer_count)
+ fprintf(stderr, "STATE: -primary-printer-failed\n");
+ else
+ fprintf(stderr, "STATE: +primary-printer-failed\n");
+
+ if (job_canceled)
+ {
+ fprintf(stderr, "DEBUG: Job Canceled\n");
+ goto cleanup;
+ }
+
+ if (!selected_uri && auth_failed_count == printer_count)
+ {
+ fprintf(stderr, "ERROR: All failover printers failed with "
+ "authorization issues.\n");
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
+ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
+ goto cleanup;
+ }
+ else if (!selected_uri && retry_count + 1 < retry_max)
+ {
+ fprintf(stderr, "INFO: No suitable printer found...retrying...\n");
+ sleep(2);
+ continue;
+ }
+ else if (selected_uri)
+ {
+ fprintf(stderr, "DEBUG: Using printer, %s.\n", selected_uri);
+ break;
+ }
+ }
+
+ if (!selected_uri)
+ {
+ fprintf(stderr, "ERROR: No suitable printer found. Aborting print\n");
+ rc = CUPS_BACKEND_FAILED;
+ goto cleanup;
+ }
+
+ rc = move_job(atoi(argv[1]), selected_uri);
+
+ if (job_canceled)
+ rc = CUPS_BACKEND_OK;
+
+cleanup :
+ if (job_canceled)
+ rc = CUPS_BACKEND_OK;
+
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
+ do
+ {
+ free((void *)tmp_device_uri);
+ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL);
+
+ cupsArrayDelete(printer_array);
+ sleep(2);
+ return (rc);
+}
+
+/*
+ * 'check_printer()' - Checks the status of a remote printer and returns
+ * back a good/bad/busy status.
+ */
+int
+check_printer(const char *device_uri)
+{
+ ipp_t *attributes = NULL; /* attributes for device_uri */
+ ipp_attribute_t *tmp_attribute; /* for examining attribs */
+ int rc = FO_PRINTER_GOOD; /* return code */
+ char *reason; /* printer state reason */
+ int i;
+
+ fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri);
+
+ rc = get_printer_attributes(device_uri, &attributes);
+ if ( rc != CUPS_BACKEND_OK )
+ {
+ fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n",
+ device_uri);
+ if ( rc == CUPS_BACKEND_AUTH_REQUIRED )
+ return (FO_AUTH_REQUIRED);
+ else
+ return (FO_PRINTER_BAD);
+ }
+
+ /*
+ * Check if printer is accepting jobs
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes,
+ "printer-is-accepting-jobs",
+ IPP_TAG_BOOLEAN)) != NULL &&
+ !tmp_attribute->values[0].boolean)
+ {
+ fprintf(stderr,
+ "DEBUG: Printer, %s, is not accepting jobs.\n",
+ device_uri);
+
+ rc = FO_PRINTER_BAD;
+ }
+
+ /*
+ * Check if printer is stopped or busy processing
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes,
+ "printer-state",
+ IPP_TAG_ENUM)) != NULL)
+ {
+ // Printer Stopped
+ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED )
+ {
+ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri);
+ rc = FO_PRINTER_BAD;
+ }
+ // Printer Busy
+ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING )
+ {
+ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri);
+ rc = FO_PRINTER_BUSY;
+ }
+ }
+
+ /*
+ * Parse through the printer-state-reasons
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes, "printer-state-reasons",
+ IPP_TAG_KEYWORD)) != NULL)
+ {
+ for (i = 0; i < tmp_attribute->num_values; i++)
+ {
+ reason = tmp_attribute->values[i].string.text;
+ int len = strlen(reason);
+
+ if (len > 8 && !strcmp(reason + len - 8, "-warning"))
+ {
+ fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason);
+ rc = FO_PRINTER_BAD;
+ }
+ else if (len > 6 && !strcmp(reason + len - 6, "-error"))
+ {
+ fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason);
+ rc = FO_PRINTER_BAD;
+ }
+ }
+ }
+
+ return (rc);
+}
+
+/*
+ * 'read_config()' - Parses the failover and failover-retries options
+ *
+ */
+static int
+read_config(cups_array_t *printer_array, int *retries, const char *options)
+{
+
+ const char *tmp; /* temporary ptr */
+ char *tok_tmp; /* temporary ptr for option parsing */
+ int jobopts_count = 0; /* number of options */
+ cups_option_t *jobopts = NULL; /* job options */
+
+
+ fprintf(stderr, "DEBUG: Reading Configuration.\n");
+ jobopts_count = cupsParseOptions(options, 0, &jobopts);
+
+ if (!jobopts_count)
+ {
+ fprintf(stderr,
+ "ERROR: No job options! Cannot find failover options!\n");
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Get attributes from the primary printer
+ */
+ fprintf(stderr, "DEBUG: Searching for failover option.\n");
+
+ if ((tmp = cupsGetOption("failover", jobopts_count, jobopts)) != NULL)
+ {
+ fprintf(stderr, "DEBUG: Failover option contents: %s.\n", tmp);
+
+ tok_tmp = strdup(tmp);
+
+ tmp = strtok(tok_tmp, ",");
+ do
+ {
+ cupsArrayAdd(printer_array, strdup(tmp));
+ } while ((tmp = strtok(NULL,",")) != NULL);
+
+ free(tok_tmp);
+ }
+ else
+ {
+ /*
+ * The queue is misconfigured, so return back CUPS_BACKEND_STOP
+ */
+ fprintf(stderr, "ERROR: failover option not specified!\n");
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Get the failover-retries value, if it exists.
+ */
+ fprintf(stderr, "DEBUG: Searching for failover-retries option.\n");
+
+ if ((tmp = cupsGetOption("failover-retries",
+ jobopts_count, jobopts)) != NULL)
+ {
+ fprintf(stderr, "DEBUG: failover-retries option contents: %s.\n", tmp);
+ *retries = atoi(tmp);
+ }
+ else
+ {
+ *retries = FAILOVER_DEFAULT_RETRIES;
+ fprintf(stderr, "DEBUG: Failed to get failover-retries option\n");
+ fprintf(stderr, "DEBUG: Defaulted to %d retries\n", *retries);
+ }
+
+ return (CUPS_BACKEND_OK);
+}
+
+/*
+ * 'get_printer_attributes()' - Sends an IPP Get-Attributes request to
+ * a URI
+ */
+int
+get_printer_attributes(const char *device_uri, ipp_t **attributes)
+{
+ char uri[HTTP_MAX_URI]; /* Updated URI without login */
+ int version; /* IPP version */
+ char scheme[256]; /* Scheme in URI */
+ ipp_status_t ipp_status; /* Status of IPP request */
+ char hostname[1024]; /* Hostname */
+ char resource[1024]; /* Resource infoo */
+ char addrname[256]; /* Address name */
+ int port; /* IPP Port number */
+ char portname[255]; /* Port as string */
+ http_t *http; /* HTTP connection */
+ ipp_t *request; /* IPP request */
+ int rc = CUPS_BACKEND_OK; /* Return Code */
+ char username[256]; /* Username for device URI */
+ char *option_ptr; /* for parsing resource opts */
+ const char * const pattrs[] = /* Printer attributes wanted */
+ {
+ "printer-is-accepting-jobs",
+ "printer-state",
+ "printer-state-reasons"
+ };
+
+ if (job_canceled)
+ return (CUPS_BACKEND_OK);
+
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
+ fprintf(stderr, "DEBUG: Device URL %s.\n", device_uri);
+
+ /*
+ * Parse device_uri
+ */
+ if (httpSeparateURI(HTTP_URI_CODING_ALL, device_uri, scheme, sizeof(scheme),
+ username, sizeof(username), hostname, sizeof(hostname),
+ &port, resource, sizeof(resource)) != HTTP_URI_OK)
+ {
+ fprintf(stderr, "ERROR: Problem parsing device_uri, %s\n", device_uri);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ if (!port)
+ port = IPP_PORT;
+
+ sprintf(portname, "%d", port);
+
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
+
+ /*
+ * Configure password
+ */
+ cupsSetPasswordCB(password_cb);
+
+ /*
+ * reset, in case a previous attempt for
+ * another printer left residue
+ */
+ cupsSetUser(NULL);
+ password = NULL;
+ password_retries = 0;
+
+ if (*username)
+ {
+ if ((password = strchr(username, ':')) != NULL)
+ {
+ *password = '\0';
+ password++;
+ }
+
+ cupsSetUser(username);
+ }
+ else if (!getuid())
+ {
+ const char *username_env;
+
+ if ((username_env = getenv("AUTH_USERNAME")) != NULL)
+ {
+ cupsSetUser(username_env);
+ password = getenv("AUTH_PASSWORD");
+ }
+ }
+
+ /*
+ * Try connecting to the remote server...
+ */
+ fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port);
+ _cupsLangPuts(stderr, _("INFO: Connecting to printer...\n"));
+
+ http = httpConnectEncrypt(hostname, port, cupsEncryption());
+
+ /*
+ * Deal the socket not being open.
+ */
+ if (!http)
+ {
+ int error = errno; /* Connection error */
+
+ switch (error)
+ {
+ case EHOSTDOWN :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "The printer may not exist or "
+ "is unavailable at this time.\n"));
+ break;
+ case EHOSTUNREACH :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "The printer is unreachable at this "
+ "time.\n"));
+ break;
+ case ECONNREFUSED :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "Connection Refused.\n"));
+ break;
+ default :
+ fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno));
+ break;
+ }
+
+ rc = CUPS_BACKEND_FAILED;
+ sleep(5);
+ goto prt_available_cleanup;
+ }
+
+
+#ifdef AF_INET6
+ if (http->hostaddr->addr.sa_family == AF_INET6)
+ fprintf(stderr, "DEBUG: Connected to [%s]:%d (IPv6)...\n",
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
+ ntohs(http->hostaddr->ipv6.sin6_port));
+ else
+#endif /* AF_INET6 */
+ if (http->hostaddr->addr.sa_family == AF_INET)
+ fprintf(stderr, "DEBUG: Connected to %s:%d (IPv4)...\n",
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
+ ntohs(http->hostaddr->ipv4.sin_port));
+
+ /*
+ * Search the resource string for options.
+ * We only care about version, for the moment.
+ */
+ version = 11;
+
+ if ((option_ptr = strchr(resource, '?')) != NULL)
+ {
+ *option_ptr++ = '\0';
+
+ if ((option_ptr = strstr(option_ptr, "version="))!=NULL)
+ {
+ int minor; /* minor version from URI */
+ int major; /* major version from URI */
+ char *version_str; /* ipp version */
+
+ option_ptr += 8;
+ version_str = option_ptr;
+
+ while (*option_ptr && *option_ptr != '&' && *option_ptr != '+')
+ option_ptr++;
+
+ if (*option_ptr)
+ *option_ptr = '\0';
+
+ sscanf(version_str, "%d.%d", &major, &minor);
+
+ version = (major * 10) + minor;
+
+ switch(version)
+ {
+ case 10 :
+ case 11 :
+ case 20 :
+ case 21 :
+ fprintf(stderr,
+ "DEBUG: Set version to %d from URI\n",
+ version);
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("DEBUG: Invalid version, %d, from URI. "
+ "Using default of 1.1 \n"),
+ version);
+ version = 11;
+ }
+ }
+ }
+
+
+ /*
+ * Build a URI for the printer. We can't use the URI in argv[0]
+ * because it might contain username:password information...
+ */
+ if (httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), scheme, NULL,
+ hostname, port, resource) != HTTP_URI_OK)
+ {
+ fprintf(stderr, "ERROR: Problem assembling printer URI from host %s, "
+ "port %d, resource %s\n", hostname, port, resource);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Build the IPP request...
+ */
+ request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
+ request->request.op.version[0] = version / 10;
+ request->request.op.version[1] = version % 10;
+
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri",
+ NULL, uri);
+
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD,
+ "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]),
+ NULL, pattrs);
+
+ /*
+ * Do the request...
+ */
+ fputs("DEBUG: Getting supported attributes...\n", stderr);
+
+ fprintf(stderr, "DEBUG: IPP Request Structure Built.\n");
+
+ *attributes = cupsDoRequest(http, request, resource);
+ ipp_status = cupsLastError();
+
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes: %s (%s)\n",
+ ippErrorString(ipp_status), cupsLastErrorString());
+
+ if (ipp_status > IPP_OK_CONFLICT)
+ {
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes returned %s.\n",
+ ippErrorString(ipp_status));
+ switch(ipp_status)
+ {
+ case IPP_FORBIDDEN :
+ case IPP_NOT_AUTHORIZED :
+ _cupsLangPuts(stderr, _("ERROR: Not Authorized.\n"));
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
+ break;
+ case IPP_PRINTER_BUSY :
+ case IPP_SERVICE_UNAVAILABLE :
+ _cupsLangPuts(stderr, _("ERROR: "
+ "The printer is not responding.\n"));
+ rc = CUPS_BACKEND_FAILED;
+ break;
+ case IPP_BAD_REQUEST :
+ case IPP_VERSION_NOT_SUPPORTED :
+ fprintf(stderr, "ERROR: Destination does not support IPP version %d\n",
+ version);
+ case IPP_NOT_FOUND :
+ _cupsLangPuts(stderr, _("ERROR: "
+ "The printer configuration is incorrect or the "
+ "printer no longer exists.\n"));
+ rc = CUPS_BACKEND_STOP;
+ break;
+ default :
+ rc = CUPS_BACKEND_FAILED;
+ }
+ goto prt_available_cleanup;
+ }
+
+prt_available_cleanup :
+ httpClose(http);
+ return (rc);
+}
+
+static int
+move_job(int jobid, /* Job ID */
+ const char *dest) /* Destination ipp address */
+{
+ ipp_t *request; /* IPP Request */
+ char job_uri[HTTP_MAX_URI]; /* job-uri */
+
+ http_t* http = httpConnectEncrypt(cupsServer(), ippPort(), cupsEncryption());
+
+ if (!http)
+ {
+ _cupsLangPrintf(stderr,
+ _("failover: Unable to connect to server: %s\n"),
+ strerror(errno));
+ return (CUPS_BACKEND_FAILED);
+ }
+
+ /*
+ * Build a CUPS_MOVE_JOB request, which requires the following
+ * attributes:
+ *
+ * job-uri/printer-uri
+ * job-printer-uri
+ * requesting-user-name
+ */
+
+ request = ippNewRequest(CUPS_MOVE_JOB);
+
+ snprintf(job_uri, sizeof(job_uri), "ipp://localhost/jobs/%d", jobid);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL,
+ job_uri);
+
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+ "requesting-user-name",
+ NULL, cupsUser());
+
+ ippAddString(request, IPP_TAG_JOB, IPP_TAG_URI, "job-printer-uri",
+ NULL, dest);
+
+ /*
+ * Do the request and get back a response...
+ */
+
+ ippDelete(cupsDoRequest(http, request, "/jobs"));
+
+ httpClose(http);
+
+ if (cupsLastError() > IPP_OK_CONFLICT)
+ {
+ _cupsLangPrintf(stderr, "failover: %s\n", cupsLastErrorString());
+ return (CUPS_BACKEND_FAILED);
+ }
+ else
+ return (CUPS_BACKEND_OK);
+}
+
+/*
+ * 'sigterm_handler()' - handles a sigterm, i.e. job canceled
+ */
+static void
+sigterm_handler(int sig)
+{
+ if (!job_canceled)
+ {
+ write(2, "DEBUG: Got SIGTERM.\n", 20);
+ job_canceled = 1;
+ }
+ else
+ {
+ /*
+ * Job has already been canceled, so just exit
+ */
+ exit(1);
+ }
+}
+
+/*
+ * 'password_cb()' - Disable the password prompt for cupsDoFileRequest().
+ */
+static const char * /* O - Password */
+password_cb(const char *prompt) /* I - Prompt (not used) */
+{
+ auth_info_required = "username,password";
+ password_retries++;
+
+ if(password_retries < FAILOVER_PASSWORD_RETRIES_MAX)
+ return (password);
+ else
+ return (NULL);
+}
diff -up cups-2.3.3/backend/Makefile.failover cups-2.3.3/backend/Makefile
--- cups-2.3.3/backend/Makefile.failover 2020-04-27 20:04:29.000000000 +0200
+++ cups-2.3.3/backend/Makefile 2020-06-11 08:52:31.212642019 +0200
@@ -22,6 +22,7 @@ include ../Makedefs
RBACKENDS = \
ipp \
lpd \
+ failover \
$(DNSSD_BACKEND)
UBACKENDS = \
snmp \
@@ -45,6 +46,7 @@ LIBOBJS = \
OBJS = \
ipp.o \
lpd.o \
+ failover.o \
dnssd.o \
snmp.o \
socket.o \
@@ -276,6 +278,15 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend
#
+# failover
+#
+
+failover: failover.o ../cups/$(LIBCUPS) libbackend.a
+ echo Linking $@...
+ $(LD_CC) $(ALL_LDFLAGS) -o failover failover.o libbackend.a $(LINKCUPS)
+
+
+#
# snmp
#

@ -0,0 +1,124 @@
diff --git a/cups/http-support.c b/cups/http-support.c
index a4bc079..9ee2309 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1430,6 +1430,12 @@ _httpSetDigestAuthString(
* Use old RFC 2069 Digest method...
*/
+ if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
+ {
+ DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
+ return (0);
+ }
+
/* H(A1) = H(username:realm:password) */
snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
diff --git a/cups/md5passwd.c b/cups/md5passwd.c
index 9af5de2..5c9a64e 100644
--- a/cups/md5passwd.c
+++ b/cups/md5passwd.c
@@ -19,6 +19,9 @@
/*
* 'httpMD5()' - Compute the MD5 sum of the username:group:password.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -28,22 +31,13 @@ httpMD5(const char *username, /* I - User name */
const char *passwd, /* I - Password string */
char md5[33]) /* O - MD5 string */
{
- unsigned char sum[16]; /* Sum data */
- char line[256]; /* Line to sum */
-
-
- /*
- * Compute the MD5 sum of the user name, group name, and password.
- */
+ (void)username;
+ (void)realm;
+ (void)passwd;
- snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
+ md5[0] = '\0';
- /*
- * Return the sum...
- */
-
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ return (NULL);
}
@@ -52,6 +46,9 @@ httpMD5(const char *username, /* I - User name */
* with the server-supplied nonce value, method, and
* request-uri.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -61,35 +58,22 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
const char *resource, /* I - Resource path */
char md5[33]) /* IO - MD5 sum */
{
- unsigned char sum[16]; /* Sum data */
- char line[1024]; /* Line of data */
- char a2[33]; /* Hash of method and resource */
-
+ (void)nonce;
+ (void)method;
+ (void)resource;
- /*
- * First compute the MD5 sum of the method and resource...
- */
+ md5[0] = '\0';
- snprintf(line, sizeof(line), "%s:%s", method, resource);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
- cupsHashString(sum, sizeof(sum), a2, sizeof(a2));
-
- /*
- * Then combine A1 (MD5 of username, realm, and password) with the nonce
- * and A2 (method + resource) values to get the final MD5 sum for the
- * request...
- */
-
- snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
-
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ return (NULL);
}
/*
* 'httpMD5String()' - Convert an MD5 sum to a character string.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -98,5 +82,9 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */
char md5[33])
/* O - MD5 sum in hex */
{
- return ((char *)cupsHashString(sum, 16, md5, 33));
+ (void)sum;
+
+ md5[0] = '\0';
+
+ return (NULL);
}

@ -0,0 +1,15 @@
diff -up cups-2.0.2/cups/http-addr.c.freebind cups-2.0.2/cups/http-addr.c
--- cups-2.0.2/cups/http-addr.c.freebind 2015-02-10 14:46:33.000000000 +0100
+++ cups-2.0.2/cups/http-addr.c 2015-02-10 14:50:35.074759141 +0100
@@ -186,6 +186,10 @@ httpAddrListen(http_addr_t *addr, /* I -
val = 1;
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, CUPS_SOCAST &val, sizeof(val));
+#ifdef __linux
+ setsockopt(fd, IPPROTO_IP, IP_FREEBIND, CUPS_SOCAST &val, sizeof(val));
+#endif /* __linux */
+
#ifdef IPV6_V6ONLY
if (addr->addr.sa_family == AF_INET6)
setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, CUPS_SOCAST &val, sizeof(val));
diff -up cups-2.0.2/scheduler/listen.c.freebind cups-2.0.2/scheduler/listen.c

@ -0,0 +1,49 @@
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
index 733b06c..bb770f0 100644
--- a/config-scripts/cups-compiler.m4
+++ b/config-scripts/cups-compiler.m4
@@ -123,21 +123,35 @@ if test -n "$GCC"; then
OPTIM="-fPIC $OPTIM"
fi
- # The -fstack-protector option is available with some versions of
- # GCC and adds "stack canaries" which detect when the return address
- # has been overwritten, preventing many types of exploit attacks.
- AC_MSG_CHECKING(whether compiler supports -fstack-protector)
+ # The -fstack-protector-strong and -fstack-protector options are available
+ # with some versions of# GCC and adds "stack canaries" which detect
+ # when the return address has been overwritten, preventing many types of exploit attacks.
+ # First check for -fstack-protector-strong, then for -fstack-protector...
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector-strong])
OLDCFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fstack-protector"
- AC_TRY_LINK(,,
+ CFLAGS="$CFLAGS -fstack-protector-strong"
+ AC_TRY_LINK(,,[
if test "x$LSB_BUILD" = xy; then
# Can't use stack-protector with LSB binaries...
OPTIM="$OPTIM -fno-stack-protector"
else
- OPTIM="$OPTIM -fstack-protector"
+ OPTIM="$OPTIM -fstack-protector-strong"
fi
- AC_MSG_RESULT(yes),
- AC_MSG_RESULT(no))
+ AC_MSG_RESULT(yes)
+ ], [
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector])
+ CFLAGS="$OLDCFLAGS -fstack-protector"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()], [
+ AS_IF([test "x$LSB_BUILD" = xy], [
+ # Can't use stack-protector with LSB binaries...
+ OPTIM="$OPTIM -fno-stack-protector"
+ ], [
+ OPTIM="$OPTIM -fstack-protector"
+ ])
+ ], [
+ AC_MSG_RESULT([no])
+ ])
+ ])
CFLAGS="$OLDCFLAGS"
if test "x$LSB_BUILD" != xy; then

@ -0,0 +1,15 @@
diff -up cups-1.7.0/backend/ipp.c.ipp-multifile cups-1.7.0/backend/ipp.c
--- cups-1.7.0/backend/ipp.c.ipp-multifile 2013-10-24 15:52:00.745814354 +0100
+++ cups-1.7.0/backend/ipp.c 2013-10-24 15:53:46.463266724 +0100
@@ -1758,7 +1758,10 @@ main(int argc, /* I - Number of comm
ippAddBoolean(request, IPP_TAG_OPERATION, "last-document",
(i + 1) >= num_files);
- if (document_format)
+ if (num_files > 1)
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE,
+ "document-format", NULL, "application/octet-stream");
+ else if (document_format)
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE,
"document-format", NULL, document_format);

@ -0,0 +1,115 @@
diff --git a/cups/auth.c b/cups/auth.c
index db45bbb..b6fec6b 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
# define cups_gss_printf(major, minor, message)
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int cups_is_local_connection(http_t *http);
static int cups_local_auth(http_t *http);
@@ -174,10 +175,10 @@ cupsDoAuthentication(
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
#ifdef HAVE_GSSAPI
- if (!_cups_strcasecmp(scheme, "Negotiate"))
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
{
/*
- * Kerberos authentication...
+ * Kerberos authentication to remote server...
*/
int gss_status; /* Auth status */
@@ -201,7 +202,9 @@ cupsDoAuthentication(
}
else
#endif /* HAVE_GSSAPI */
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
+ if (_cups_strcasecmp(scheme, "Basic") &&
+ _cups_strcasecmp(scheme, "Digest") &&
+ _cups_strcasecmp(scheme, "Negotiate"))
{
/*
* Other schemes not yet supported...
@@ -215,7 +218,7 @@ cupsDoAuthentication(
* See if we should retry the current username:password...
*/
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
+ if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
@@ -295,7 +298,7 @@ cupsDoAuthentication(
}
}
- if (http->authstring)
+ if (http->authstring && http->authstring[0])
{
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int /* O - 0 if not a local connection */
+ /* 1 if local connection */
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+{
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ return 0;
+ return 1;
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
* See if we are accessing localhost...
*/
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ if (!cups_is_local_connection(http))
{
DEBUG_puts("8cups_local_auth: Not a local connection!");
return (1);
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
}
# endif /* HAVE_AUTHORIZATION_H */
-# ifdef HAVE_GSSAPI
- if (cups_auth_find(www_auth, "Negotiate"))
- return (1);
-# endif /* HAVE_GSSAPI */
-
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
/*
* See if we can authenticate using the peer credentials provided over a
diff --git a/scheduler/client.c b/scheduler/client.c
index 89c76bf..40708d9 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
}
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
{
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
- else
-#endif /* SO_PEERCRED && AF_LOCAL */
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
}
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
{
/*
- * Add a "trc" (try root certification) parameter for local non-Kerberos
+ * Add a "trc" (try root certification) parameter for local
* requests when the request requires system group membership - then the
* client knows the root certificate can/should be used.
*

@ -0,0 +1,16 @@
diff --git a/scheduler/log.c b/scheduler/log.c
index 17331ff02..41ddb4cb9 100644
--- a/scheduler/log.c
+++ b/scheduler/log.c
@@ -569,11 +569,7 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
* Format and write the log message...
*/
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- if (job && strcmp(ErrorLog, "syslog"))
-#else
if (job)
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
snprintf(jobmsg, sizeof(jobmsg), "[Job %d] %s", job->id, message);
else
strlcpy(jobmsg, message, sizeof(jobmsg));

File diff suppressed because it is too large Load Diff

@ -0,0 +1,14 @@
diff -up cups-2.3.0/cups-config.in.multilib cups-2.3.0/cups-config.in
--- cups-2.3.0/cups-config.in.multilib 2019-10-07 12:10:09.508859587 +0200
+++ cups-2.3.0/cups-config.in 2019-10-07 12:11:56.614025934 +0200
@@ -17,7 +17,9 @@ prefix=@prefix@
exec_prefix=@exec_prefix@
bindir=@bindir@
includedir=@includedir@
-libdir=@libdir@
+# Fetch libdir from gnutls's pkg-config script. This is a bit
+# of a cheat, but the cups-devel package requires gnutls-devel anyway.
+libdir=`pkg-config --variable=libdir gnutls`
datarootdir=@datadir@
datadir=@datadir@
sysconfdir=@sysconfdir@

@ -0,0 +1,10 @@
diff -up cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs cups-2.2b2/config-scripts/cups-ssl.m4
--- cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs 2016-06-27 15:06:22.299980753 +0200
+++ cups-2.2b2/config-scripts/cups-ssl.m4 2016-06-27 15:08:00.953154042 +0200
@@ -102,5 +102,5 @@ AC_SUBST(IPPALIASES)
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)
-EXPORT_SSLLIBS="$SSLLIBS"
+EXPORT_SSLLIBS=""
AC_SUBST(EXPORT_SSLLIBS)

@ -0,0 +1,13 @@
diff --git a/scheduler/cups.service.in b/scheduler/cups.service.in
index a3fa0e8..baff51b 100644
--- a/scheduler/cups.service.in
+++ b/scheduler/cups.service.in
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=network.target sssd.service ypbind.service nslcd.service
+After=network.target nss-user-lookup.target nslcd.service
Requires=cups.socket
[Service]

@ -0,0 +1,20 @@
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index e0dbc4a..5e9a985 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -9891,11 +9891,10 @@ restart_job(cupsd_client_t *con, /* I - Client connection */
cupsdLogJob(job, CUPSD_LOG_DEBUG,
"Restarted by \"%s\" with job-hold-until=%s.",
username, attr->values[0].string.text);
- cupsdSetJobHoldUntil(job, attr->values[0].string.text, 0);
-
- cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED | CUPSD_EVENT_JOB_STATE,
- NULL, job, "Job restarted by user with job-hold-until=%s",
- attr->values[0].string.text);
+ cupsdSetJobHoldUntil(job, attr->values[0].string.text, 1);
+ cupsdSetJobState(job, IPP_JOB_HELD, CUPSD_JOB_DEFAULT,
+ "Job restarted by user with job-hold-until=%s",
+ attr->values[0].string.text);
}
else
{

@ -0,0 +1,38 @@
diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth
--- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200
@@ -0,0 +1,4 @@
+#%PAM-1.0
+# Use password-auth common PAM configuration for the daemon
+auth include password-auth
+account include password-auth
diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth
--- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile
--- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200
+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200
@@ -90,10 +90,16 @@ install-data:
done
-if test x$(PAMDIR) != x; then \
$(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \
- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
+ if test -f /etc/pam.d/password-auth; then \
+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \
+ elif test -f /etc/pam.d/system-auth; then \
+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \
else \
- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
+ else \
+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
+ fi ; \
fi ; \
fi

@ -0,0 +1,51 @@
diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c
--- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200
+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200
@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De
int device_fd; /* USB device */
ssize_t tbytes; /* Total number of bytes written */
struct termios opts; /* Parallel port options */
+ char *fixed_uri = strdup (uri);
+ char *p;
(void)argc;
(void)argv;
+ p = strchr (fixed_uri, ':');
+ if (p++ != NULL)
+ {
+ char *e;
+ p += strspn (p, "/");
+ e = strchr (p, '/');
+ if (e > p)
+ {
+ size_t mfrlen = e - p;
+ e++;
+ if (!strncasecmp (e, p, mfrlen))
+ {
+ char *x = e + mfrlen;
+ if (!strncmp (x, "%20", 3))
+ /* Take mfr name out of mdl name for compatibility with
+ * Fedora 11 before bug #507244 was fixed. */
+ strcpy (e, x + 3); puts(fixed_uri);
+ }
+ }
+ }
+
/*
* Open the USB port device...
*/
@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De
_cups_strncasecmp(hostname, "Minolta", 7);
#endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
- if (use_bc && !strncmp(uri, "usb:/dev/", 9))
+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9))
use_bc = 0;
- if ((device_fd = open_device(uri, &use_bc)) == -1)
+ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1)
{
if (getenv("CLASS") != NULL)
{

@ -0,0 +1,52 @@
diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c
--- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200
+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200
@@ -30,6 +30,11 @@
#include <sys/select.h>
+#ifdef __linux
+#include <sys/ioctl.h>
+#include <linux/lp.h>
+#endif /* __linux */
+
/*
* Local functions...
@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev
if (!strncmp(uri, "usb:/dev/", 9))
#ifdef __linux
{
- return (open(uri + 4, O_RDWR | O_EXCL));
+ fd = open(uri + 4, O_RDWR | O_EXCL);
+
+ if (fd != -1)
+ {
+ /*
+ * Tell the driver to return from write() with errno==ENOSPACE
+ * on paper-out.
+ */
+ unsigned int t = 1;
+ ioctl (fd, LPABORT, &t);
+ }
+
+ return fd;
}
else if (!strncmp(uri, "usb://", 6))
{
@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev
if (!strcmp(uri, device_uri))
{
/*
- * Yes, return this file descriptor...
+ * Yes, tell the driver to return from write() with
+ * errno==ENOSPACE on paper-out.
+ */
+ unsigned int t = 1;
+ ioctl (fd, LPABORT, &t);
+
+ /*
+ * Return this file descriptor...
*/
fprintf(stderr, "DEBUG: Printer using device file \"%s\"...\n",

@ -0,0 +1,27 @@
diff -up cups-2.3.3op2/backend/ipp.c.validate-retry cups-2.3.3op2/backend/ipp.c
--- cups-2.3.3op2/backend/ipp.c.validate-retry 2021-03-11 12:55:46.461135739 +0100
+++ cups-2.3.3op2/backend/ipp.c 2021-03-11 13:29:09.312859343 +0100
@@ -256,6 +256,7 @@ main(int argc, /* I - Number of comm
get_job_attrs = 0, /* Does printer support Get-Job-Attributes? */
send_document = 0, /* Does printer support Send-Document? */
validate_job = 0, /* Does printer support Validate-Job? */
+ validation_retried = 0, /* Indicate whether Validate-Job was retried */
copies, /* Number of copies for job */
copies_remaining; /* Number of copies remaining */
const char *content_type, /* CONTENT_TYPE environment variable */
@@ -1559,7 +1560,15 @@ main(int argc, /* I - Number of comm
ipp_status == IPP_STATUS_ERROR_BAD_REQUEST)
break;
else if (job_auth == NULL && ipp_status > IPP_STATUS_ERROR_BAD_REQUEST)
+ {
+ if (!validation_retried)
+ {
+ validation_retried = 1;
+ sleep(10);
+ continue;
+ }
goto cleanup;
+ }
}
/*

@ -0,0 +1,19 @@
diff -up cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout cups-1.7rc1/cgi-bin/admin.c
--- cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout 2013-05-29 12:51:34.000000000 +0100
+++ cups-1.7rc1/cgi-bin/admin.c 2013-08-16 16:01:17.308264287 +0100
@@ -1019,13 +1019,13 @@ do_am_printer(http_t *http, /* I - HTTP
}
/*
- * Scan for devices for up to 30 seconds...
+ * Scan for devices for up to 10 seconds...
*/
fputs("DEBUG: Getting list of devices...\n", stderr);
current_device = 0;
- if (cupsGetDevices(http, 5, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE,
+ if (cupsGetDevices(http, 10, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE,
(cups_device_cb_t)choose_device_cb,
(void *)title) == IPP_OK)
{

@ -0,0 +1 @@
%_cups_serverbin %(/usr/bin/cups-config --serverbin)

@ -0,0 +1,171 @@
@PYTHON_SHEBANG@
"""
Upgrade script to enable authentication for CUPS-Get-Document in
default policy
"""
import os
import sys
from shutil import copy
def get_cupsd_conf():
"""
Get all lines from cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf'):
return None
lines = []
with open('/etc/cups/cupsd.conf', 'r') as conf:
lines = conf.readlines()
return lines
def get_default_policy(lines):
"""
Get the default policy lines
:param list lines: lines from cupsd.conf
"""
default_policy = []
in_policy = False
for line in lines:
if not in_policy and not line.lstrip().startswith('<Policy default>'):
continue
default_policy.append(line)
if line.lstrip().startswith('</Policy>'):
return default_policy
in_policy = True
return default_policy
def get_limit_with_document(lines):
"""
Get <Limit> scope which defines CUPS-Get-Document operation
:param list lines: Lines containing the default policy
"""
limit = []
in_limit = False
for line in lines:
if not in_limit and not line.lstrip().startswith('<Limit'):
continue
if (not in_limit and line.lstrip().startswith('<Limit') and
not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
continue
limit.append(line)
if line.lstrip().startswith('</Limit>'):
return limit
in_limit = True
return limit
def check_for_authtype(lines):
"""
Check if <Limit> defining CUPS-Get-Document defines
any authentication
:param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
"""
for line in lines:
if line.lstrip().startswith('AuthType'):
return True
return False
def migrate_cupsd_conf(lines):
"""
Make changes to cupsd.conf contents to use authentication
for CUPS-Get-Document
:param list lines: Lines from cupsd.conf
"""
new_lines = []
in_policy = False
create_document_limit = False
for line in lines:
if (in_policy and line.lstrip().startswith('<Limit') and
not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
line = line.replace(' CUPS-Get-Document', '')
create_document_limit = True
if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
new_lines.append('\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'<Limit CUPS-Get-Document>\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'AuthType Default\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Require user @OWNER @SYSTEM\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Order deny,allow\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'</Limit>\n')
create_document_limit = False
new_lines.append(line)
if not in_policy:
if line.lstrip().startswith('<Policy default>'):
in_policy = True
continue
if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'AuthType Default\n')
continue
if line.lstrip().startswith('</Policy>'):
in_policy = False
continue
return new_lines
def apply_changes(lines):
"""
Backup the original file if there is no .rpmsave already and
apply changes to the actual cupsd.conf
:param list lines: New lines for cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
with open('/etc/cups/cupsd.conf', 'w') as conf:
conf.writelines(lines)
content = get_cupsd_conf()
if content is None:
sys.exit(1)
if check_for_authtype(get_limit_with_document(get_default_policy(content))):
sys.exit(0)
new_content = migrate_cupsd_conf(content)
apply_changes(new_content)
sys.exit(0)

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save