parent
54992e0f93
commit
1448cd80c0
@ -0,0 +1,21 @@
|
||||
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
|
||||
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
|
||||
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
|
||||
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
|
||||
|
||||
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
|
||||
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
|
||||
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
|
||||
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
|
||||
|
||||
|
||||
/*
|
||||
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
|
||||
|
||||
if (lport < 721 && reserve == RESERVE_RFC1179)
|
||||
lport = 731;
|
||||
- else if (lport < 1)
|
||||
+ else if (lport < 512)
|
||||
lport = 1023;
|
||||
|
||||
#ifdef HAVE_GETEUID
|
@ -0,0 +1,64 @@
|
||||
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
|
||||
From: Rose <83477269+AtariDreams@users.noreply.github.com>
|
||||
Date: Thu, 1 Jun 2023 11:33:39 -0400
|
||||
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
|
||||
|
||||
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
|
||||
|
||||
We have to log the hostname first.
|
||||
---
|
||||
scheduler/client.c | 16 +++++++---------
|
||||
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/scheduler/client.c b/scheduler/client.c
|
||||
index 91e441188..327473a4d 100644
|
||||
--- a/scheduler/client.c
|
||||
+++ b/scheduler/client.c
|
||||
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||
/*
|
||||
* Can't have an unresolved IP address with double-lookups enabled...
|
||||
*/
|
||||
-
|
||||
- httpClose(con->http);
|
||||
-
|
||||
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||
- "Name lookup failed - connection from %s closed!",
|
||||
+ "Name lookup failed - closing connection from %s!",
|
||||
httpGetHostname(con->http, NULL, 0));
|
||||
|
||||
+ httpClose(con->http);
|
||||
free(con);
|
||||
return;
|
||||
}
|
||||
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||
* with double-lookups enabled...
|
||||
*/
|
||||
|
||||
- httpClose(con->http);
|
||||
-
|
||||
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||
- "IP lookup failed - connection from %s closed!",
|
||||
+ "IP lookup failed - closing connection from %s!",
|
||||
httpGetHostname(con->http, NULL, 0));
|
||||
+
|
||||
+ httpClose(con->http);
|
||||
free(con);
|
||||
return;
|
||||
}
|
||||
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
|
||||
|
||||
if (!hosts_access(&wrap_req))
|
||||
{
|
||||
- httpClose(con->http);
|
||||
-
|
||||
cupsdLogClient(con, CUPSD_LOG_WARN,
|
||||
"Connection from %s refused by /etc/hosts.allow and "
|
||||
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
|
||||
+
|
||||
+ httpClose(con->http);
|
||||
free(con);
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,48 @@
|
||||
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
|
||||
From: Bryan Mason <bmason@redhat.com>
|
||||
Date: Tue, 27 Jun 2023 04:18:46 -0700
|
||||
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
|
||||
single job (#742)
|
||||
|
||||
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
|
||||
operation; however, the correct attribute to use for Cancel-job is
|
||||
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
|
||||
files are not removed from /var/spool/cups when "cancel -x <job>" is
|
||||
executed.
|
||||
|
||||
This patch resolves the issue by adding "purge-job" when the IPP
|
||||
operation is Cancel-Job and "purge-jobs" for other IPP operations
|
||||
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
|
||||
---
|
||||
systemv/cancel.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/systemv/cancel.c b/systemv/cancel.c
|
||||
index 572f413e1..f5b8e12b5 100644
|
||||
--- a/systemv/cancel.c
|
||||
+++ b/systemv/cancel.c
|
||||
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
|
||||
* attributes-natural-language
|
||||
* printer-uri + job-id *or* job-uri
|
||||
* [requesting-user-name]
|
||||
+ * [purge-job] or [purge-jobs]
|
||||
*/
|
||||
|
||||
request = ippNewRequest(op);
|
||||
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
|
||||
"requesting-user-name", NULL, cupsUser());
|
||||
|
||||
if (purge)
|
||||
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
|
||||
+ {
|
||||
+ if (op == IPP_CANCEL_JOB)
|
||||
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
|
||||
+ else
|
||||
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Do the request and get back a response...
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,35 @@
|
||||
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
|
||||
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
|
||||
Date: Wed, 1 Mar 2023 13:46:28 +0100
|
||||
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
|
||||
#308)
|
||||
|
||||
Use a listen queue size of INT_MAX, which should default to the maximum
|
||||
supported queue size on the system.
|
||||
|
||||
This avoids the problem of the listening backlog queue getting full when
|
||||
there are too many requests at the same time. The problem was observed
|
||||
with the previous backlog size (128) by customers when submitting large
|
||||
batches of print jobs, resulting in some jobs getting lost.
|
||||
|
||||
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
|
||||
---
|
||||
cups/http-addr.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cups/http-addr.c b/cups/http-addr.c
|
||||
index a61ee0449..6aeeb8074 100644
|
||||
--- a/cups/http-addr.c
|
||||
+++ b/cups/http-addr.c
|
||||
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
|
||||
* Listen...
|
||||
*/
|
||||
|
||||
- if (listen(fd, 128))
|
||||
+ if (listen(fd, INT_MAX))
|
||||
{
|
||||
_cupsSetHTTPError(HTTP_STATUS_ERROR);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
@ -0,0 +1,115 @@
|
||||
diff --git a/cups/auth.c b/cups/auth.c
|
||||
index db45bbb..b6fec6b 100644
|
||||
--- a/cups/auth.c
|
||||
+++ b/cups/auth.c
|
||||
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
|
||||
# define cups_gss_printf(major, minor, message)
|
||||
# endif /* DEBUG */
|
||||
#endif /* HAVE_GSSAPI */
|
||||
+static int cups_is_local_connection(http_t *http);
|
||||
static int cups_local_auth(http_t *http);
|
||||
|
||||
|
||||
@@ -174,10 +175,10 @@ cupsDoAuthentication(
|
||||
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
|
||||
|
||||
#ifdef HAVE_GSSAPI
|
||||
- if (!_cups_strcasecmp(scheme, "Negotiate"))
|
||||
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
|
||||
{
|
||||
/*
|
||||
- * Kerberos authentication...
|
||||
+ * Kerberos authentication to remote server...
|
||||
*/
|
||||
|
||||
int gss_status; /* Auth status */
|
||||
@@ -201,7 +202,9 @@ cupsDoAuthentication(
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_GSSAPI */
|
||||
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
|
||||
+ if (_cups_strcasecmp(scheme, "Basic") &&
|
||||
+ _cups_strcasecmp(scheme, "Digest") &&
|
||||
+ _cups_strcasecmp(scheme, "Negotiate"))
|
||||
{
|
||||
/*
|
||||
* Other schemes not yet supported...
|
||||
@@ -215,7 +218,7 @@ cupsDoAuthentication(
|
||||
* See if we should retry the current username:password...
|
||||
*/
|
||||
|
||||
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
|
||||
+ if (http->digest_tries > 1 || !http->userpass[0])
|
||||
{
|
||||
/*
|
||||
* Nope - get a new password from the user...
|
||||
@@ -295,7 +298,7 @@ cupsDoAuthentication(
|
||||
}
|
||||
}
|
||||
|
||||
- if (http->authstring)
|
||||
+ if (http->authstring && http->authstring[0])
|
||||
{
|
||||
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
|
||||
|
||||
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
|
||||
# endif /* DEBUG */
|
||||
#endif /* HAVE_GSSAPI */
|
||||
|
||||
+static int /* O - 0 if not a local connection */
|
||||
+ /* 1 if local connection */
|
||||
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
|
||||
+{
|
||||
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||
+ return 0;
|
||||
+ return 1;
|
||||
+}
|
||||
|
||||
/*
|
||||
* 'cups_local_auth()' - Get the local authorization certificate if
|
||||
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||
* See if we are accessing localhost...
|
||||
*/
|
||||
|
||||
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||
+ if (!cups_is_local_connection(http))
|
||||
{
|
||||
DEBUG_puts("8cups_local_auth: Not a local connection!");
|
||||
return (1);
|
||||
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||
}
|
||||
# endif /* HAVE_AUTHORIZATION_H */
|
||||
|
||||
-# ifdef HAVE_GSSAPI
|
||||
- if (cups_auth_find(www_auth, "Negotiate"))
|
||||
- return (1);
|
||||
-# endif /* HAVE_GSSAPI */
|
||||
-
|
||||
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||
/*
|
||||
* See if we can authenticate using the peer credentials provided over a
|
||||
diff --git a/scheduler/client.c b/scheduler/client.c
|
||||
index 89c76bf..40708d9 100644
|
||||
--- a/scheduler/client.c
|
||||
+++ b/scheduler/client.c
|
||||
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
|
||||
}
|
||||
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
|
||||
{
|
||||
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
|
||||
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
|
||||
- else
|
||||
-#endif /* SO_PEERCRED && AF_LOCAL */
|
||||
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
|
||||
}
|
||||
|
||||
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||
{
|
||||
/*
|
||||
- * Add a "trc" (try root certification) parameter for local non-Kerberos
|
||||
+ * Add a "trc" (try root certification) parameter for local
|
||||
* requests when the request requires system group membership - then the
|
||||
* client knows the root certificate can/should be used.
|
||||
*
|
Loading…
Reference in new issue