From 5d5e489315f7964a81ea0da85ee5cc17ccd3381c Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 29 Mar 2024 15:26:28 +0300 Subject: [PATCH] import cups-2.2.6-57.el8 --- .cups.metadata | 2 + .gitignore | 2 + ...MinTLS-and-MaxTLS-options-Issue-5119.patch | 497 ++ ...h-idle-exit-timeout-configure-option.patch | 33 + ...emd-timeoutstartsec-configure-option.patch | 33 + ...nux-session-cookies-used-a-predictab.patch | 22 + SOURCES/0001-Fix-default-TLS-versions.patch | 24 + ...ing-to-lpd-when-reserved-ports-are-e.patch | 21 + ...-handling-of-MaxJobTime-0-Issue-5438.patch | 43 + ...ege-escalation-to-root-and-sandbox-b.patch | 481 ++ ...-cupsIPPSupplies-and-cupsSNMPSupplie.patch | 62 + ...y-leaks-found-by-Coverity-Issue-5375.patch | 206 + ...ulti-file-jobs-Issue-5359-Issue-5413.patch | 56 + ...tpGetHostname-BEFORE-closing-the-con.patch | 64 + ...-Multiple-security-disclosure-issues.patch | 183 + ...CUPS-servers-has-been-fixed-Issue-52.patch | 562 +++ SOURCES/0001-Remove-web-log-buttons.patch | 98 + ...authentication-for-CUPS-Get-Document.patch | 31 + ...uld-crash-while-adding-an-IPP-Everyw.patch | 22 + ...ate-man-pages-for-h-option-Issue-357.patch | 899 ++++ ...Dest-for-legacy-printing-APIs-Issue-.patch | 109 + ...stead-of-purge-jobs-when-canceling-a.patch | 48 + ...c-Use-guest-user-for-Move-Job-when-n.patch | 16 + ...sGetNamedDest-set-IPP_STATUS_ERROR_N.patch | 65 + ...-Set-listen-backlog-size-to-INT_MAX-.patch | 35 + .../0001-cups-strlcpy-handle-zero-size.patch | 26 + ...s-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch | 55 + ...-Check-for-error-if-POLLHUP-is-in-va.patch | 43 + ...-Fix-string-comparison-fixes-CVE-202.patch | 35 + ...-Print-to-stderr-if-we-don-t-open-cu.patch | 36 + ...use-gziptoany-for-raw-files-not-just.patch | 38 + SOURCES/cups-autostart-when-enabled.patch | 10 + SOURCES/cups-avahi-address.patch | 95 + SOURCES/cups-avahi-no-threaded.patch | 1025 +++++ SOURCES/cups-banners.patch | 12 + SOURCES/cups-cupsd-too-chatty.patch | 12 + SOURCES/cups-cve202010001.patch | 61 + SOURCES/cups-direct-usb.patch | 27 + SOURCES/cups-dirtyclean.patch | 13 + SOURCES/cups-dnssd-deviceid.patch | 38 + .../cups-do-not-advertise-http-methods.patch | 13 + SOURCES/cups-driverd-timeout.patch | 21 + SOURCES/cups-dymo-deviceid.patch | 11 + SOURCES/cups-eggcups.patch | 130 + SOURCES/cups-etimedout.patch | 25 + SOURCES/cups-failover-backend.patch | 877 ++++ SOURCES/cups-filter-debug.patch | 32 + SOURCES/cups-fips-compliance.patch | 371 ++ SOURCES/cups-fix-preservejob-times.patch | 110 + SOURCES/cups-freebind.patch | 15 + SOURCES/cups-hp-deviceid-oid.patch | 21 + SOURCES/cups-ipp-multifile.patch | 15 + SOURCES/cups-ippeve-web-support.patch | 315 ++ SOURCES/cups-kerberos.patch | 23 + SOURCES/cups-logrotate.patch | 63 + SOURCES/cups-logs.patch | 100 + SOURCES/cups-lpr-help.patch | 48 + SOURCES/cups-lspp.patch | 1997 ++++++++ SOURCES/cups-memory-consumption.patch | 1220 +++++ SOURCES/cups-multilib.patch | 16 + SOURCES/cups-no-export-ssllibs.patch | 10 + SOURCES/cups-no-gzip-man.patch | 18 + SOURCES/cups-peercred.patch | 11 + SOURCES/cups-pid.patch | 37 + SOURCES/cups-ppdopen-heap-overflow.patch | 42 + SOURCES/cups-preservejob-leak.patch | 31 + SOURCES/cups-rastertoepson-crash.patch | 13 + SOURCES/cups-res_init.patch | 26 + SOURCES/cups-restart-job-hold-until.patch | 20 + SOURCES/cups-retry-current-job-man.patch | 52 + SOURCES/cups-ricoh-deviceid-oid.patch | 21 + SOURCES/cups-serverbin-compat.patch | 193 + SOURCES/cups-sssd.patch | 13 + SOURCES/cups-str3382.patch | 62 + SOURCES/cups-strict-ppd-line-length.patch | 30 + SOURCES/cups-substitute-bad-attrs.patch | 141 + SOURCES/cups-synconclose.patch | 48 + SOURCES/cups-system-auth.patch | 38 + SOURCES/cups-systemd-socket.patch | 73 + SOURCES/cups-uri-compat.patch | 51 + SOURCES/cups-usb-paperout.patch | 52 + SOURCES/cups-use-ipp1.1.patch | 12 + SOURCES/cups-validate-1st.patch | 28 + SOURCES/cups-web-devices-timeout.patch | 19 + SOURCES/cups-ypbind.patch | 12 + SOURCES/cups.logrotate | 5 + SOURCES/macros.cups | 1 + SOURCES/ncp.backend | 51 + SOURCES/upgrade_get_document.py.in | 171 + SPECS/cups.spec | 4004 +++++++++++++++++ 90 files changed, 15848 insertions(+) create mode 100644 .cups.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-Add-support-for-MinTLS-and-MaxTLS-options-Issue-5119.patch create mode 100644 SOURCES/0001-Add-with-idle-exit-timeout-configure-option.patch create mode 100644 SOURCES/0001-Add-with-systemd-timeoutstartsec-configure-option.patch create mode 100644 SOURCES/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch create mode 100644 SOURCES/0001-Fix-default-TLS-versions.patch create mode 100644 SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch create mode 100644 SOURCES/0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch create mode 100644 SOURCES/0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch create mode 100644 SOURCES/0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch create mode 100644 SOURCES/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch create mode 100644 SOURCES/0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch create mode 100644 SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch create mode 100644 SOURCES/0001-Multiple-security-disclosure-issues.patch create mode 100644 SOURCES/0001-Printing-to-old-CUPS-servers-has-been-fixed-Issue-52.patch create mode 100644 SOURCES/0001-Remove-web-log-buttons.patch create mode 100644 SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch create mode 100644 SOURCES/0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch create mode 100644 SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch create mode 100644 SOURCES/0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch create mode 100644 SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch create mode 100644 SOURCES/0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch create mode 100644 SOURCES/0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch create mode 100644 SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch create mode 100644 SOURCES/0001-cups-strlcpy-handle-zero-size.patch create mode 100644 SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch create mode 100644 SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch create mode 100644 SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch create mode 100644 SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch create mode 100644 SOURCES/0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch create mode 100644 SOURCES/cups-autostart-when-enabled.patch create mode 100644 SOURCES/cups-avahi-address.patch create mode 100644 SOURCES/cups-avahi-no-threaded.patch create mode 100644 SOURCES/cups-banners.patch create mode 100644 SOURCES/cups-cupsd-too-chatty.patch create mode 100644 SOURCES/cups-cve202010001.patch create mode 100644 SOURCES/cups-direct-usb.patch create mode 100644 SOURCES/cups-dirtyclean.patch create mode 100644 SOURCES/cups-dnssd-deviceid.patch create mode 100644 SOURCES/cups-do-not-advertise-http-methods.patch create mode 100644 SOURCES/cups-driverd-timeout.patch create mode 100644 SOURCES/cups-dymo-deviceid.patch create mode 100644 SOURCES/cups-eggcups.patch create mode 100644 SOURCES/cups-etimedout.patch create mode 100644 SOURCES/cups-failover-backend.patch create mode 100644 SOURCES/cups-filter-debug.patch create mode 100644 SOURCES/cups-fips-compliance.patch create mode 100644 SOURCES/cups-fix-preservejob-times.patch create mode 100644 SOURCES/cups-freebind.patch create mode 100644 SOURCES/cups-hp-deviceid-oid.patch create mode 100644 SOURCES/cups-ipp-multifile.patch create mode 100644 SOURCES/cups-ippeve-web-support.patch create mode 100644 SOURCES/cups-kerberos.patch create mode 100644 SOURCES/cups-logrotate.patch create mode 100644 SOURCES/cups-logs.patch create mode 100644 SOURCES/cups-lpr-help.patch create mode 100644 SOURCES/cups-lspp.patch create mode 100644 SOURCES/cups-memory-consumption.patch create mode 100644 SOURCES/cups-multilib.patch create mode 100644 SOURCES/cups-no-export-ssllibs.patch create mode 100644 SOURCES/cups-no-gzip-man.patch create mode 100644 SOURCES/cups-peercred.patch create mode 100644 SOURCES/cups-pid.patch create mode 100644 SOURCES/cups-ppdopen-heap-overflow.patch create mode 100644 SOURCES/cups-preservejob-leak.patch create mode 100644 SOURCES/cups-rastertoepson-crash.patch create mode 100644 SOURCES/cups-res_init.patch create mode 100644 SOURCES/cups-restart-job-hold-until.patch create mode 100644 SOURCES/cups-retry-current-job-man.patch create mode 100644 SOURCES/cups-ricoh-deviceid-oid.patch create mode 100644 SOURCES/cups-serverbin-compat.patch create mode 100644 SOURCES/cups-sssd.patch create mode 100644 SOURCES/cups-str3382.patch create mode 100644 SOURCES/cups-strict-ppd-line-length.patch create mode 100644 SOURCES/cups-substitute-bad-attrs.patch create mode 100644 SOURCES/cups-synconclose.patch create mode 100644 SOURCES/cups-system-auth.patch create mode 100644 SOURCES/cups-systemd-socket.patch create mode 100644 SOURCES/cups-uri-compat.patch create mode 100644 SOURCES/cups-usb-paperout.patch create mode 100644 SOURCES/cups-use-ipp1.1.patch create mode 100644 SOURCES/cups-validate-1st.patch create mode 100644 SOURCES/cups-web-devices-timeout.patch create mode 100644 SOURCES/cups-ypbind.patch create mode 100644 SOURCES/cups.logrotate create mode 100644 SOURCES/macros.cups create mode 100755 SOURCES/ncp.backend create mode 100755 SOURCES/upgrade_get_document.py.in create mode 100644 SPECS/cups.spec diff --git a/.cups.metadata b/.cups.metadata new file mode 100644 index 0000000..8869656 --- /dev/null +++ b/.cups.metadata @@ -0,0 +1,2 @@ +b5e3389fb9450bfed377c95c0230c029c053acc4 SOURCES/cups-2.2.6-source.tar.gz +79ee155bed4c18088be472a6e364f37ad6e410a6 SOURCES/cupsprinter.png diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c5e2c0a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/cups-2.2.6-source.tar.gz +SOURCES/cupsprinter.png diff --git a/SOURCES/0001-Add-support-for-MinTLS-and-MaxTLS-options-Issue-5119.patch b/SOURCES/0001-Add-support-for-MinTLS-and-MaxTLS-options-Issue-5119.patch new file mode 100644 index 0000000..810b9ca --- /dev/null +++ b/SOURCES/0001-Add-support-for-MinTLS-and-MaxTLS-options-Issue-5119.patch @@ -0,0 +1,497 @@ +diff -up cups-2.2.6/cups/http-private.h.remove-weak-ciphers cups-2.2.6/cups/http-private.h +--- cups-2.2.6/cups/http-private.h.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/cups/http-private.h 2018-08-07 11:53:54.985633959 +0200 +@@ -180,13 +180,17 @@ extern "C" { + + # define _HTTP_TLS_NONE 0 /* No TLS options */ + # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ +-# define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */ +-# define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */ +-# define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */ +-# define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */ +-# define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */ ++# define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */ ++# define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */ + # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */ + ++# define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */ ++# define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */ ++# define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */ ++# define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */ ++# define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */ ++# define _HTTP_TLS_MAX 5 /* Highest known TLS version */ ++ + + /* + * Types and functions for SSL support... +@@ -442,7 +446,7 @@ extern void _httpTLSInitialize(void); + extern size_t _httpTLSPending(http_t *http); + extern int _httpTLSRead(http_t *http, char *buf, int len); + extern int _httpTLSSetCredentials(http_t *http); +-extern void _httpTLSSetOptions(int options); ++extern void _httpTLSSetOptions(int options, int min_version, int max_version); + extern int _httpTLSStart(http_t *http); + extern void _httpTLSStop(http_t *http); + extern int _httpTLSWrite(http_t *http, const char *buf, int len); +diff -up cups-2.2.6/cups/tlscheck.c.remove-weak-ciphers cups-2.2.6/cups/tlscheck.c +--- cups-2.2.6/cups/tlscheck.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/cups/tlscheck.c 2018-08-07 11:53:54.987633942 +0200 +@@ -54,6 +54,8 @@ main(int argc, /* I - Number of comm + int af = AF_UNSPEC, /* Address family */ + tls_options = _HTTP_TLS_NONE, + /* TLS options */ ++ tls_min_version = _HTTP_TLS_1_0, ++ tls_max_version = _HTTP_TLS_MAX, + verbose = 0; /* Verbosity */ + ipp_t *request, /* IPP Get-Printer-Attributes request */ + *response; /* IPP Get-Printer-Attributes response */ +@@ -88,11 +90,12 @@ main(int argc, /* I - Number of comm + } + else if (!strcmp(argv[i], "--no-tls10")) + { +- tls_options |= _HTTP_TLS_DENY_TLS10; ++ tls_min_version = _HTTP_TLS_1_1; + } + else if (!strcmp(argv[i], "--tls10")) + { +- tls_options |= _HTTP_TLS_ONLY_TLS10; ++ tls_min_version = _HTTP_TLS_1_0; ++ tls_max_version = _HTTP_TLS_1_0; + } + else if (!strcmp(argv[i], "--rc4")) + { +@@ -148,7 +151,7 @@ main(int argc, /* I - Number of comm + if (!port) + port = 631; + +- _httpTLSSetOptions(tls_options); ++ _httpTLSSetOptions(tls_options, tls_min_version, tls_max_version); + + http = httpConnect2(server, port, NULL, af, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL); + if (!http) +diff -up cups-2.2.6/cups/tls-darwin.c.remove-weak-ciphers cups-2.2.6/cups/tls-darwin.c +--- cups-2.2.6/cups/tls-darwin.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/cups/tls-darwin.c 2018-08-07 11:53:54.986633951 +0200 +@@ -53,7 +53,9 @@ static char *tls_keypath = NULL; + /* Server cert keychain path */ + static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; + /* Mutex for keychain/certs */ +-static int tls_options = -1;/* Options for TLS connections */ ++static int tls_options = -1,/* Options for TLS connections */ ++ tls_min_version = _HTTP_TLS_1_0, ++ tls_max_version = _HTTP_TLS_MAX; + + + /* +@@ -1139,10 +1141,16 @@ _httpTLSRead(http_t *http, /* I - HTTP + */ + + void +-_httpTLSSetOptions(int options) /* I - Options */ ++_httpTLSSetOptions(int options, /* I - Options */ ++ int min_version, /* I - Minimum TLS version */ ++ int max_version) /* I - Maximum TLS version */ + { + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) +- tls_options = options; ++ { ++ tls_options = options; ++ tls_min_version = min_version; ++ tls_max_version = max_version; ++ } + } + + +@@ -1174,7 +1182,7 @@ _httpTLSStart(http_t *http) /* I - HTTP + { + DEBUG_puts("4_httpTLSStart: Setting defaults."); + _cupsSetDefaults(); +- DEBUG_printf(("4_httpTLSStart: tls_options=%x", tls_options)); ++ DEBUG_printf(("4_httpTLSStart: tls_options=%x, tls_min_version=%d, tls_max_version=%d", tls_options, tls_min_version, tls_max_version)); + } + + #ifdef HAVE_SECKEYCHAINOPEN +@@ -1217,22 +1225,23 @@ _httpTLSStart(http_t *http) /* I - HTTP + + if (!error) + { +- SSLProtocol minProtocol; +- +- if (tls_options & _HTTP_TLS_DENY_TLS10) +- minProtocol = kTLSProtocol11; +- else if (tls_options & _HTTP_TLS_ALLOW_SSL3) +- minProtocol = kSSLProtocol3; +- else +- minProtocol = kTLSProtocol1; ++ static const SSLProtocol protocols[] = /* Min/max protocol versions */ ++ { ++ kSSLProtocol3, ++ kTLSProtocol1, ++ kTLSProtocol11, ++ kTLSProtocol12, ++ kTLSProtocol13, ++ kTLSProtocolMaxSupported ++ }; + +- error = SSLSetProtocolVersionMin(http->tls, minProtocol); +- DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", minProtocol, (int)error)); ++ error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]); ++ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error)); + +- if (!error && (tls_options & _HTTP_TLS_ONLY_TLS10)) ++ if (!error) + { +- error = SSLSetProtocolVersionMax(http->tls, kTLSProtocol1); +- DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(kTLSProtocol1), error=%d", (int)error)); ++ error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]); ++ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error)); + } + } + +diff -up cups-2.2.6/cups/tls-gnutls.c.remove-weak-ciphers cups-2.2.6/cups/tls-gnutls.c +--- cups-2.2.6/cups/tls-gnutls.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/cups/tls-gnutls.c 2018-08-07 11:58:45.164114342 +0200 +@@ -35,7 +35,9 @@ static char *tls_keypath = NULL; + /* Server cert keychain path */ + static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; + /* Mutex for keychain/certs */ +-static int tls_options = -1;/* Options for TLS connections */ ++static int tls_options = -1,/* Options for TLS connections */ ++ tls_min_version = _HTTP_TLS_1_0, ++ tls_max_version = _HTTP_TLS_MAX; + + + /* +@@ -1224,10 +1226,16 @@ _httpTLSSetCredentials(http_t *http) /* + */ + + void +-_httpTLSSetOptions(int options) /* I - Options */ ++_httpTLSSetOptions(int options, /* I - Options */ ++ int min_version, /* I - Minimum TLS version */ ++ int max_version) /* I - Maximum TLS version */ + { + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) +- tls_options = options; ++ { ++ tls_options = options; ++ tls_min_version = min_version; ++ tls_max_version = max_version; ++ } + } + + +@@ -1245,6 +1253,16 @@ _httpTLSStart(http_t *http) /* I - Conn + /* TLS credentials */ + char priority_string[2048]; + /* Priority string */ ++ int version; /* Current version */ ++ static const char * const versions[] =/* SSL/TLS versions */ ++ { ++ "VERS-SSL3.0", ++ "VERS-TLS1.0", ++ "VERS-TLS1.1", ++ "VERS-TLS1.2", ++ "VERS-TLS1.3", ++ "VERS-TLS-ALL" ++ }; + + + DEBUG_printf(("3_httpTLSStart(http=%p)", http)); +@@ -1506,14 +1524,40 @@ _httpTLSStart(http_t *http) /* I - Conn + + strlcpy(priority_string, "NORMAL", sizeof(priority_string)); + +- if (tls_options & _HTTP_TLS_DENY_TLS10) +- strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string)); +- else if (tls_options & _HTTP_TLS_ALLOW_SSL3) ++ if (tls_max_version < _HTTP_TLS_MAX) ++ { ++ /* ++ * Require specific TLS versions... ++ */ ++ ++ strlcat(priority_string, ":-VERS-TLS-ALL", sizeof(priority_string)); ++ for (version = tls_min_version; version <= tls_max_version; version ++) ++ { ++ strlcat(priority_string, ":+", sizeof(priority_string)); ++ strlcat(priority_string, versions[version], sizeof(priority_string)); ++ } ++ } ++ else if (tls_min_version == _HTTP_TLS_SSL3) ++ { ++ /* ++ * Allow all versions of TLS and SSL/3.0... ++ */ ++ + strlcat(priority_string, ":+VERS-TLS-ALL:+VERS-SSL3.0", sizeof(priority_string)); +- else if (tls_options & _HTTP_TLS_ONLY_TLS10) +- strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string)); ++ } + else +- strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string)); ++ { ++ /* ++ * Require a minimum version... ++ */ ++ ++ strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string)); ++ for (version = 0; version < tls_min_version; version ++) ++ { ++ strlcat(priority_string, ":-", sizeof(priority_string)); ++ strlcat(priority_string, versions[version], sizeof(priority_string)); ++ } ++ } + + if (tls_options & _HTTP_TLS_ALLOW_RC4) + strlcat(priority_string, ":+ARCFOUR-128", sizeof(priority_string)); +diff -up cups-2.2.6/cups/tls-sspi.c.remove-weak-ciphers cups-2.2.6/cups/tls-sspi.c +--- cups-2.2.6/cups/tls-sspi.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/cups/tls-sspi.c 2018-08-07 11:53:54.986633951 +0200 +@@ -52,7 +52,9 @@ + * Local globals... + */ + +-static int tls_options = -1;/* Options for TLS connections */ ++static int tls_options = -1,/* Options for TLS connections */ ++ tls_min_version = _HTTP_TLS_1_0, ++ tls_max_version = _HTTP_TLS_MAX; + + + /* +@@ -914,7 +916,11 @@ void + _httpTLSSetOptions(int options) /* I - Options */ + { + if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0) +- tls_options = options; ++ { ++ tls_options = options; ++ tls_min_version = min_version; ++ tls_max_version = max_version; ++ } + } + + +@@ -1782,14 +1788,14 @@ http_sspi_find_credentials( + #else + if (http->mode == _HTTP_MODE_SERVER) + { +- if (tls_options & _HTTP_TLS_ALLOW_SSL3) ++ if (tls_min_version == _HTTP_TLS_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER; + } + else + { +- if (tls_options & _HTTP_TLS_ALLOW_SSL3) ++ if (tls_min_version == _HTTP_TLS_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT; +diff -up cups-2.2.6/cups/usersys.c.remove-weak-ciphers cups-2.2.6/cups/usersys.c +--- cups-2.2.6/cups/usersys.c.remove-weak-ciphers 2018-08-07 11:53:54.945634283 +0200 ++++ cups-2.2.6/cups/usersys.c 2018-08-07 11:53:54.987633942 +0200 +@@ -54,7 +54,9 @@ + typedef struct _cups_client_conf_s /**** client.conf config data ****/ + { + #ifdef HAVE_SSL +- int ssl_options; /* SSLOptions values */ ++ int ssl_options, /* SSLOptions values */ ++ ssl_min_version,/* Minimum SSL/TLS version */ ++ ssl_max_version;/* Maximum SSL/TLS version */ + #endif /* HAVE_SSL */ + int trust_first, /* Trust on first use? */ + any_root, /* Allow any (e.g., self-signed) root */ +@@ -957,7 +959,7 @@ _cupsSetDefaults(void) + cg->validate_certs = cc.validate_certs; + + #ifdef HAVE_SSL +- _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT); ++ _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version); + #endif /* HAVE_SSL */ + } + +@@ -1336,7 +1338,9 @@ cups_set_ssl_options( + * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None] + */ + +- int options = _HTTP_TLS_NONE; /* SSL/TLS options */ ++ int options = _HTTP_TLS_NONE, /* SSL/TLS options */ ++ min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */ ++ max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */ + char temp[256], /* Copy of value */ + *start, /* Start of option */ + *end; /* End of option */ +@@ -1364,20 +1368,38 @@ cups_set_ssl_options( + if (!_cups_strcasecmp(start, "AllowRC4")) + options |= _HTTP_TLS_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) +- options |= _HTTP_TLS_ALLOW_SSL3; ++ min_version = _HTTP_TLS_SSL3; + else if (!_cups_strcasecmp(start, "AllowDH")) + options |= _HTTP_TLS_ALLOW_DH; + else if (!_cups_strcasecmp(start, "DenyCBC")) + options |= _HTTP_TLS_DENY_CBC; + else if (!_cups_strcasecmp(start, "DenyTLS1.0")) +- options |= _HTTP_TLS_DENY_TLS10; ++ min_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.0")) ++ max_version = _HTTP_TLS_1_0; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.1")) ++ max_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.2")) ++ max_version = _HTTP_TLS_1_2; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.3")) ++ max_version = _HTTP_TLS_1_3; ++ else if (!_cups_strcasecmp(start, "MinTLS1.0")) ++ min_version = _HTTP_TLS_1_0; ++ else if (!_cups_strcasecmp(start, "MinTLS1.1")) ++ min_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MinTLS1.2")) ++ min_version = _HTTP_TLS_1_2; ++ else if (!_cups_strcasecmp(start, "MinTLS1.3")) ++ min_version = _HTTP_TLS_1_3; + else if (!_cups_strcasecmp(start, "None")) + options = _HTTP_TLS_NONE; + } + +- cc->ssl_options = options; ++ cc->ssl_options = options; ++ cc->ssl_max_version = max_version; ++ cc->ssl_min_version = min_version; + +- DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x", (void *)cc, value, options)); ++ DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version)); + } + #endif /* HAVE_SSL */ + +diff -up cups-2.2.6/man/client.conf.man.in.remove-weak-ciphers cups-2.2.6/man/client.conf.man.in +--- cups-2.2.6/man/client.conf.man.in.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/man/client.conf.man.in 2018-08-07 11:53:54.987633942 +0200 +@@ -10,7 +10,7 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc." ++.TH client.conf 5 "CUPS" "3 November 2017" "Apple Inc." + .SH NAME + client.conf \- client configuration file for cups + .SH DESCRIPTION +@@ -56,7 +56,7 @@ Specifies the address and optionally the + \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR + Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. + .TP 5 +-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] ++\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR] + .TP 5 + \fBSSLOptions None\fR + Sets encryption options (only in /etc/cups/client.conf). +@@ -68,6 +68,9 @@ The \fIAllowRC4\fR option enables the 12 + The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. + The \fIDenyCBC\fR option disables all CBC cipher suites. + The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. ++The \fMinTLS\fR options set the minimum TLS version to support. ++The \fMaxTLS\fR options set the maximum TLS version to support. ++Not all operating systems support TLS 1.3 at this time. + .TP 5 + \fBTrustOnFirstUse Yes\fR + .TP 5 +diff -up cups-2.2.6/man/cupsd.conf.man.in.remove-weak-ciphers cups-2.2.6/man/cupsd.conf.man.in +--- cups-2.2.6/man/cupsd.conf.man.in.remove-weak-ciphers 2018-08-07 11:53:54.981633991 +0200 ++++ cups-2.2.6/man/cupsd.conf.man.in 2018-08-07 11:53:54.987633942 +0200 +@@ -432,10 +432,11 @@ The default is "Minimal". + Listens on the specified address and port for encrypted connections. + .\"#SSLOptions + .TP 5 +-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] ++.TP 5 ++\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR] + .TP 5 + \fBSSLOptions None\fR +-Sets encryption options. ++Sets encryption options (only in /etc/cups/client.conf). + By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. + Security is reduced when \fIAllow\fR options are used. + Security is enhanced when \fIDeny\fR options are used. +@@ -444,6 +445,9 @@ The \fIAllowRC4\fR option enables the 12 + The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. + The \fIDenyCBC\fR option disables all CBC cipher suites. + The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. ++The \fMinTLS\fR options set the minimum TLS version to support. ++The \fMaxTLS\fR options set the maximum TLS version to support. ++Not all operating systems support TLS 1.3 at this time. + .\"#SSLPort + .TP 5 + \fBSSLPort \fIport\fR +diff -up cups-2.2.6/scheduler/conf.c.remove-weak-ciphers cups-2.2.6/scheduler/conf.c +--- cups-2.2.6/scheduler/conf.c.remove-weak-ciphers 2018-08-07 11:53:54.981633991 +0200 ++++ cups-2.2.6/scheduler/conf.c 2018-08-07 11:53:54.988633934 +0200 +@@ -630,7 +630,7 @@ cupsdReadConfiguration(void) + cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); + # endif /* HAVE_GNUTLS */ + +- _httpTLSSetOptions(0); ++ _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX); + #endif /* HAVE_SSL */ + + language = cupsLangDefault(); +@@ -3024,7 +3024,9 @@ read_cupsd_conf(cups_file_t *fp) /* I - + * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyCBC] [DenyTLS1.0] [None] + */ + +- int options = 0; /* SSL/TLS options */ ++ int options = _HTTP_TLS_NONE,/* SSL/TLS options */ ++ min_version = _HTTP_TLS_1_0, ++ max_version = _HTTP_TLS_MAX; + + if (value) + { +@@ -3048,24 +3050,40 @@ read_cupsd_conf(cups_file_t *fp) /* I - + * Compare... + */ + +- if (!_cups_strcasecmp(start, "AllowRC4")) ++ if (!_cups_strcasecmp(start, "AllowRC4")) + options |= _HTTP_TLS_ALLOW_RC4; +- else if (!_cups_strcasecmp(start, "AllowSSL3")) +- options |= _HTTP_TLS_ALLOW_SSL3; ++ else if (!_cups_strcasecmp(start, "AllowSSL3")) ++ min_version = _HTTP_TLS_SSL3; + else if (!_cups_strcasecmp(start, "AllowDH")) + options |= _HTTP_TLS_ALLOW_DH; + else if (!_cups_strcasecmp(start, "DenyCBC")) + options |= _HTTP_TLS_DENY_CBC; + else if (!_cups_strcasecmp(start, "DenyTLS1.0")) +- options |= _HTTP_TLS_DENY_TLS10; +- else if (!_cups_strcasecmp(start, "None")) +- options = 0; ++ min_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.0")) ++ max_version = _HTTP_TLS_1_0; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.1")) ++ max_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.2")) ++ max_version = _HTTP_TLS_1_2; ++ else if (!_cups_strcasecmp(start, "MaxTLS1.3")) ++ max_version = _HTTP_TLS_1_3; ++ else if (!_cups_strcasecmp(start, "MinTLS1.0")) ++ min_version = _HTTP_TLS_1_0; ++ else if (!_cups_strcasecmp(start, "MinTLS1.1")) ++ min_version = _HTTP_TLS_1_1; ++ else if (!_cups_strcasecmp(start, "MinTLS1.2")) ++ min_version = _HTTP_TLS_1_2; ++ else if (!_cups_strcasecmp(start, "MinTLS1.3")) ++ min_version = _HTTP_TLS_1_3; ++ else if (!_cups_strcasecmp(start, "None")) ++ options = _HTTP_TLS_NONE; + else if (_cups_strcasecmp(start, "NoEmptyFragments")) + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum); + } + } + +- _httpTLSSetOptions(options); ++ _httpTLSSetOptions(options, min_version, max_version); + } + #endif /* HAVE_SSL */ + else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") diff --git a/SOURCES/0001-Add-with-idle-exit-timeout-configure-option.patch b/SOURCES/0001-Add-with-idle-exit-timeout-configure-option.patch new file mode 100644 index 0000000..5a638e1 --- /dev/null +++ b/SOURCES/0001-Add-with-idle-exit-timeout-configure-option.patch @@ -0,0 +1,33 @@ +diff -up cups-2.2.6/conf/cupsd.conf.in.idleexittimeout cups-2.2.6/conf/cupsd.conf.in +--- cups-2.2.6/conf/cupsd.conf.in.idleexittimeout 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/conf/cupsd.conf.in 2021-11-29 11:45:37.416058954 +0100 +@@ -22,6 +22,9 @@ DefaultAuthType Basic + # Web interface setting... + WebInterface @CUPS_WEBIF@ + ++# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) ++IdleExitTimeout @EXIT_TIMEOUT@ ++ + # Restrict access to the server... + + Order allow,deny +diff -up cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout cups-2.2.6/config-scripts/cups-defaults.m4 +--- cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:45:37.416058954 +0100 ++++ cups-2.2.6/config-scripts/cups-defaults.m4 2021-11-29 11:46:31.680612421 +0100 +@@ -425,3 +425,16 @@ esac + + AC_SUBST(CUPS_WEBIF) + AC_DEFINE_UNQUOTED(CUPS_DEFAULT_WEBIF, $CUPS_DEFAULT_WEBIF) ++ ++dnl Set default value of IdleExitTimeout ++AC_ARG_WITH([idle_exit_timeout], AS_HELP_STRING([--with-idle-exit-timeout], [set the default value for IdleExitTimeout, default=60]), [ ++ AS_IF([test "x$withval" = "xno"], [ ++ EXIT_TIMEOUT=0 ++ ], [ ++ EXIT_TIMEOUT=$withval ++ ]) ++], [ ++ EXIT_TIMEOUT=60 ++]) ++ ++AC_SUBST([EXIT_TIMEOUT]) diff --git a/SOURCES/0001-Add-with-systemd-timeoutstartsec-configure-option.patch b/SOURCES/0001-Add-with-systemd-timeoutstartsec-configure-option.patch new file mode 100644 index 0000000..af83a6c --- /dev/null +++ b/SOURCES/0001-Add-with-systemd-timeoutstartsec-configure-option.patch @@ -0,0 +1,33 @@ +diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec cups-2.3.3op2/config-scripts/cups-defaults.m4 +--- cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec 2021-11-29 13:50:14.568976028 +0100 ++++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 13:51:02.785567762 +0100 +@@ -482,3 +482,18 @@ AC_ARG_WITH([idle_exit_timeout], AS_HELP + ]) + + AC_SUBST([EXIT_TIMEOUT]) ++ ++dnl set TimeoutStartSec for cups.service ++dnl - if used as --without-*, it sets TimeoutStartSec to infinity ++AC_ARG_WITH([systemd-timeoutstartsec], ++ AS_HELP_STRING([--with-systemd-timeoutstartsec], ++ [set TimeoutStartSec value in cups.service, default=default value in systemd]), [ ++ AS_IF([ test "x$withval" = "xno" ], [ ++ TIMEOUTSTARTSEC="TimeoutStartSec=infinity" ++ ], [ ++ TIMEOUTSTARTSEC="TimeoutStartSec=$withval" ++ ]) ++], [ ++ TIMEOUTSTARTSEC="" ++]) ++AC_SUBST([TIMEOUTSTARTSEC]) +diff -up cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/org.cups.cupsd.service.in +--- cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100 ++++ cups-2.3.3op2/scheduler/org.cups.cupsd.service.in 2021-11-29 13:50:14.568976028 +0100 +@@ -8,6 +8,7 @@ Requires=cups.socket + ExecStart=@sbindir@/cupsd -l + Type=notify + Restart=on-failure ++@TIMEOUTSTARTSEC@ + + [Install] + Also=cups.socket cups.path diff --git a/SOURCES/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch b/SOURCES/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch new file mode 100644 index 0000000..2745b5d --- /dev/null +++ b/SOURCES/0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch @@ -0,0 +1,22 @@ +diff --git a/cgi-bin/var.c b/cgi-bin/var.c +index 316b67f05..12f3c8344 100644 +--- a/cgi-bin/var.c ++++ b/cgi-bin/var.c +@@ -1186,6 +1186,7 @@ cgi_set_sid(void) + const char *remote_addr, /* REMOTE_ADDR */ + *server_name, /* SERVER_NAME */ + *server_port; /* SERVER_PORT */ ++ struct timeval curtime; /* Current time */ + + + if ((remote_addr = getenv("REMOTE_ADDR")) == NULL) +@@ -1195,7 +1196,8 @@ cgi_set_sid(void) + if ((server_port = getenv("SERVER_PORT")) == NULL) + server_port = "SERVER_PORT"; + +- CUPS_SRAND(time(NULL)); ++ gettimeofday(&curtime, NULL); ++ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec); + snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X", + remote_addr, server_name, server_port, + (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, diff --git a/SOURCES/0001-Fix-default-TLS-versions.patch b/SOURCES/0001-Fix-default-TLS-versions.patch new file mode 100644 index 0000000..b3821d6 --- /dev/null +++ b/SOURCES/0001-Fix-default-TLS-versions.patch @@ -0,0 +1,24 @@ +diff -up cups-2.2.6/cups/usersys.c.defaulttls cups-2.2.6/cups/usersys.c +--- cups-2.2.6/cups/usersys.c.defaulttls 2018-09-03 12:10:36.111230611 +0200 ++++ cups-2.2.6/cups/usersys.c 2018-09-03 12:12:41.307074414 +0200 +@@ -1166,11 +1166,15 @@ cups_init_client_conf( + + memset(cc, 0, sizeof(_cups_client_conf_t)); + +- cc->encryption = (http_encryption_t)-1; +- cc->trust_first = -1; +- cc->any_root = -1; +- cc->expired_certs = -1; +- cc->validate_certs = -1; ++#ifdef HAVE_SSL ++ cc->ssl_min_version = _HTTP_TLS_1_0; ++ cc->ssl_max_version = _HTTP_TLS_MAX; ++#endif /* HAVE_SSL */ ++ cc->encryption = (http_encryption_t)-1; ++ cc->trust_first = -1; ++ cc->any_root = -1; ++ cc->expired_certs = -1; ++ cc->validate_certs = -1; + + /* + * Load settings from the org.cups.PrintingPrefs plist (which trump diff --git a/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch b/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch new file mode 100644 index 0000000..fdec951 --- /dev/null +++ b/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch @@ -0,0 +1,21 @@ +diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c +--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100 ++++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200 +@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i + + #define RESERVE_NONE 0 /* Don't reserve a priviledged port */ + #define RESERVE_RFC1179 1 /* Reserve port 721-731 */ +-#define RESERVE_ANY 2 /* Reserve port 1-1023 */ ++#define RESERVE_ANY 2 /* Reserve port 512-1023 */ + + + /* +@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /* + + if (lport < 721 && reserve == RESERVE_RFC1179) + lport = 731; +- else if (lport < 1) ++ else if (lport < 512) + lport = 1023; + + #ifdef HAVE_GETEUID diff --git a/SOURCES/0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch b/SOURCES/0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch new file mode 100644 index 0000000..e7f586c --- /dev/null +++ b/SOURCES/0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch @@ -0,0 +1,43 @@ +From 3e4dd41459dabc5d18edbe06eb5b81291885204b Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 5 Dec 2018 12:18:19 -0500 +Subject: [PATCH] Fix handling of MaxJobTime 0 (Issue #5438) + +--- + CHANGES.md | 5 +++-- + scheduler/job.c | 4 +++- + scheduler/printers.c | 2 +- + 3 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/scheduler/job.c b/scheduler/job.c +index 3cbe56aa8..638f256db 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -5148,8 +5148,10 @@ update_job(cupsd_job_t *job) /* I - Job to check */ + + if (cancel_after) + job->cancel_time = time(NULL) + ippGetInteger(cancel_after, 0); +- else ++ else if (MaxJobTime > 0) + job->cancel_time = time(NULL) + MaxJobTime; ++ else ++ job->cancel_time = 0; + } + } + } +diff --git a/scheduler/printers.c b/scheduler/printers.c +index bb99907ad..68239d85d 100644 +--- a/scheduler/printers.c ++++ b/scheduler/printers.c +@@ -3370,7 +3370,7 @@ add_printer_defaults(cupsd_printer_t *p)/* I - Printer */ + "document-format-default", NULL, "application/octet-stream"); + + if (!cupsGetOption("job-cancel-after", p->num_options, p->options)) +- ippAddInteger(p->attrs, IPP_TAG_PRINTER, IPP_TAG_INTEGER, ++ ippAddInteger(p->attrs, IPP_TAG_PRINTER, MaxJobTime > 0 ? IPP_TAG_INTEGER : IPP_TAG_NOVALUE, + "job-cancel-after-default", MaxJobTime); + + if (!cupsGetOption("job-hold-until", p->num_options, p->options)) +-- +2.31.1 + diff --git a/SOURCES/0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch b/SOURCES/0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch new file mode 100644 index 0000000..dfb74a1 --- /dev/null +++ b/SOURCES/0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch @@ -0,0 +1,481 @@ +From d47f6aec436e0e9df6554436e391471097686ecc Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Tue, 8 May 2018 15:24:21 -0700 +Subject: [PATCH] Fix local privilege escalation to root and sandbox bypasses + in scheduler (rdar://37836779, rdar://37836995, rdar://37837252, + rdar://37837581) + +--- + man/cups-files.conf.man.in | 10 ++ + man/cupsd.conf.man.in | 8 -- + scheduler/conf.c | 201 +++++++++++++++++++++++-------------- + scheduler/job.c | 12 +++ + scheduler/process.c | 16 +-- + scheduler/server.c | 20 +++- + test/run-stp-tests.sh | 11 +- + 7 files changed, 179 insertions(+), 99 deletions(-) + +diff --git a/man/cups-files.conf.man.in b/man/cups-files.conf.man.in +index 7b96d687d..baf3cb6af 100644 +--- a/man/cups-files.conf.man.in ++++ b/man/cups-files.conf.man.in +@@ -153,6 +153,11 @@ The server name may be included in filenames using the string "%s", for example: + + .fi + The default is "/var/log/cups/page_log". ++.\"#PassEnv ++.TP 5 ++\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR] ++Passes the specified environment variable(s) to child processes. ++Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive. + .\"#RemoteRoot + .TP 5 + \fBRemoteRoot \fIusername\fR +@@ -187,6 +192,11 @@ macOS uses its keychain database to store certificates and keys while other plat + \fBServerRoot \fIdirectory\fR + Specifies the directory containing the server configuration files. + The default is "/etc/cups". ++.\"#SetEnv ++.TP 5 ++\fBSetEnv \fIvariable value\fR ++Set the specified environment variable to be passed to child processes. ++Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive. + .\"#StateDir + .TP 5 + \fBStateDir \fIdirectory\fR +diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in +index 3ffc80e42..36c849398 100644 +--- a/man/cupsd.conf.man.in ++++ b/man/cupsd.conf.man.in +@@ -349,10 +349,6 @@ The default is "1048576" (1MB). + \fBMultipleOperationTimeout \fIseconds\fR + Specifies the maximum amount of time to allow between files in a multiple file print job. + The default is "300" (5 minutes). +-.\"#PassEnv +-.TP 5 +-\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR] +-Passes the specified environment variable(s) to child processes. + .\"#Policy + .TP 5 + \fB \fR... \fB\fR +@@ -433,10 +429,6 @@ Specifies what information is included in the Server header of HTTP responses. + command. + "Full" reports "CUPS 2.0.0 (UNAME) IPP/2.0". + The default is "Minimal". +-.\"#SetEnv +-.TP 5 +-\fBSetEnv \fIvariable value\fR +-Set the specified environment variable to be passed to child processes. + .\"#SSLListen + .TP 5 + \fBSSLListen \fIipv4-address\fB:\fIport\fR +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 67a91e7a6..b51c6060c 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -2929,13 +2929,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + /* Line from file */ + temp[HTTP_MAX_BUFFER], + /* Temporary buffer for value */ +- *value, /* Pointer to value */ +- *valueptr; /* Pointer into value */ ++ *value; /* Pointer to value */ + int valuelen; /* Length of value */ + http_addrlist_t *addrlist, /* Address list */ + *addr; /* Current address */ +- cups_file_t *incfile; /* Include file */ +- char incname[1024]; /* Include filename */ + + + /* +@@ -2950,28 +2947,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + * Decode the directive... + */ + +- if (!_cups_strcasecmp(line, "Include") && value) +- { +- /* +- * Include filename +- */ +- +- if (value[0] == '/') +- strlcpy(incname, value, sizeof(incname)); +- else +- snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value); +- +- if ((incfile = cupsFileOpen(incname, "rb")) == NULL) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Unable to include config file \"%s\" - %s", +- incname, strerror(errno)); +- else +- { +- read_cupsd_conf(incfile); +- cupsFileClose(incfile); +- } +- } +- else if (!_cups_strcasecmp(line, " +@@ -3367,31 +3343,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.", + value, linenum, ConfigurationFile); + } +- else if (!_cups_strcasecmp(line, "PassEnv") && value) +- { +- /* +- * PassEnv variable [... variable] +- */ +- +- for (; *value;) +- { +- for (valuelen = 0; value[valuelen]; valuelen ++) +- if (_cups_isspace(value[valuelen]) || value[valuelen] == ',') +- break; +- +- if (value[valuelen]) +- { +- value[valuelen] = '\0'; +- valuelen ++; +- } +- +- cupsdSetEnv(value, NULL); +- +- for (value += valuelen; *value; value ++) +- if (!_cups_isspace(*value) || *value != ',') +- break; +- } +- } + else if (!_cups_strcasecmp(line, "ServerAlias") && value) + { + /* +@@ -3420,30 +3371,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + break; + } + } +- else if (!_cups_strcasecmp(line, "SetEnv") && value) +- { +- /* +- * SetEnv variable value +- */ +- +- for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++); +- +- if (*valueptr) +- { +- /* +- * Found a value... +- */ +- +- while (isspace(*valueptr & 255)) +- *valueptr++ = '\0'; +- +- cupsdSetEnv(value, valueptr); +- } +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Missing value for SetEnv directive on line %d of %s.", +- linenum, ConfigurationFile); +- } + else if (!_cups_strcasecmp(line, "AccessLog") || + !_cups_strcasecmp(line, "CacheDir") || + !_cups_strcasecmp(line, "ConfigFilePerm") || +@@ -3457,6 +3384,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + !_cups_strcasecmp(line, "LogFilePerm") || + !_cups_strcasecmp(line, "LPDConfigFile") || + !_cups_strcasecmp(line, "PageLog") || ++ !_cups_strcasecmp(line, "PassEnv") || + !_cups_strcasecmp(line, "Printcap") || + !_cups_strcasecmp(line, "PrintcapFormat") || + !_cups_strcasecmp(line, "RemoteRoot") || +@@ -3466,6 +3394,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + !_cups_strcasecmp(line, "ServerKey") || + !_cups_strcasecmp(line, "ServerKeychain") || + !_cups_strcasecmp(line, "ServerRoot") || ++ !_cups_strcasecmp(line, "SetEnv") || + !_cups_strcasecmp(line, "SMBConfigFile") || + !_cups_strcasecmp(line, "StateDir") || + !_cups_strcasecmp(line, "SystemGroup") || +@@ -3495,10 +3424,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + static int /* O - 1 on success, 0 on failure */ + read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ + { +- int linenum; /* Current line number */ ++ int i, /* Looping var */ ++ linenum; /* Current line number */ + char line[HTTP_MAX_BUFFER], /* Line from file */ + *value; /* Value from line */ + struct group *group; /* Group */ ++ static const char * const prohibited_env[] = ++ { /* Prohibited environment variables */ ++ "APPLE_LANGUAGE", ++ "AUTH_DOMAIN", ++ "AUTH_INFO_REQUIRED", ++ "AUTH_NEGOTIATE", ++ "AUTH_PASSWORD", ++ "AUTH_UID", ++ "AUTH_USERNAME", ++ "CHARSET", ++ "CLASS", ++ "CLASSIFICATION", ++ "CONTENT_TYPE", ++ "CUPS_CACHEDIR", ++ "CUPS_DATADIR", ++ "CUPS_DOCROOT", ++ "CUPS_FILETYPE", ++ "CUPS_FONTPATH", ++ "CUPS_MAX_MESSAGE", ++ "CUPS_REQUESTROOT", ++ "CUPS_SERVERBIN", ++ "CUPS_SERVERROOT", ++ "CUPS_STATEDIR", ++ "DEVICE_URI", ++ "FINAL_CONTENT_TYPE", ++ "HOME", ++ "LANG", ++ "PPD", ++ "PRINTER", ++ "PRINTER_INFO", ++ "PRINTER_LOCATION", ++ "PRINTER_STATE_REASONS", ++ "RIP_CACHE", ++ "SERVER_ADMIN", ++ "SOFTWARE", ++ "TMPDIR", ++ "USER" ++ }; + + + /* +@@ -3536,6 +3504,47 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ + } + } + } ++ else if (!_cups_strcasecmp(line, "PassEnv") && value) ++ { ++ /* ++ * PassEnv variable [... variable] ++ */ ++ ++ int valuelen; /* Length of variable name */ ++ ++ for (; *value;) ++ { ++ for (valuelen = 0; value[valuelen]; valuelen ++) ++ if (_cups_isspace(value[valuelen]) || value[valuelen] == ',') ++ break; ++ ++ if (value[valuelen]) ++ { ++ value[valuelen] = '\0'; ++ valuelen ++; ++ } ++ ++ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++) ++ { ++ if (!strcmp(value, prohibited_env[i])) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile); ++ ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ else ++ break; ++ } ++ } ++ ++ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0]))) ++ cupsdSetEnv(value, NULL); ++ ++ for (value += valuelen; *value; value ++) ++ if (!_cups_isspace(*value) || *value != ',') ++ break; ++ } ++ } + else if (!_cups_strcasecmp(line, "PrintcapFormat") && value) + { + /* +@@ -3581,6 +3590,46 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ + return (0); + } + } ++ else if (!_cups_strcasecmp(line, "SetEnv") && value) ++ { ++ /* ++ * SetEnv variable value ++ */ ++ ++ char *valueptr; /* Pointer to environment variable value */ ++ ++ for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++); ++ ++ if (*valueptr) ++ { ++ /* ++ * Found a value... ++ */ ++ ++ while (isspace(*valueptr & 255)) ++ *valueptr++ = '\0'; ++ ++ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++) ++ { ++ if (!strcmp(value, prohibited_env[i])) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set on line %d of %s.", value, linenum, CupsFilesFile); ++ ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ else ++ break; ++ } ++ } ++ ++ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0]))) ++ cupsdSetEnv(value, valueptr); ++ } ++ else ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Missing value for SetEnv directive on line %d of %s.", ++ linenum, ConfigurationFile); ++ } + else if (!_cups_strcasecmp(line, "SystemGroup") && value) + { + /* +diff --git a/scheduler/job.c b/scheduler/job.c +index 61cda44e2..5ced0b9d1 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -4779,6 +4779,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */ + job->profile = cupsdCreateProfile(job->id, 0); + job->bprofile = cupsdCreateProfile(job->id, 1); + ++#ifdef HAVE_SANDBOX_H ++ if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF) ++ { ++ /* ++ * Failure to create the sandbox profile means something really bad has ++ * happened and we need to shutdown immediately. ++ */ ++ ++ return; ++ } ++#endif /* HAVE_SANDBOX_H */ ++ + /* + * Create the status pipes and buffer... + */ +diff --git a/scheduler/process.c b/scheduler/process.c +index b8d49d8f0..3c1c6ba4f 100644 +--- a/scheduler/process.c ++++ b/scheduler/process.c +@@ -98,9 +98,13 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ + + if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL) + { ++ /* ++ * This should never happen, and is fatal when sandboxing is enabled. ++ */ ++ + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s", +- strerror(errno)); ++ cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno)); ++ kill(getpid(), SIGTERM); + return (NULL); + } + +@@ -197,10 +201,8 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ + " #\"^%s/\"" /* TempDir/... */ + " #\"^%s$\"" /* CacheDir */ + " #\"^%s/\"" /* CacheDir/... */ +- " #\"^%s$\"" /* StateDir */ +- " #\"^%s/\"" /* StateDir/... */ + "))\n", +- temp, temp, cache, cache, state, state); ++ temp, temp, cache, cache); + /* Read common folders */ + cupsFilePrintf(fp, + "(allow file-read-data file-read-metadata\n" +@@ -242,8 +244,10 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ + " #\"^%s/\"" /* ServerBin/... */ + " #\"^%s$\"" /* ServerRoot */ + " #\"^%s/\"" /* ServerRoot/... */ ++ " #\"^%s$\"" /* StateDir */ ++ " #\"^%s/\"" /* StateDir/... */ + "))\n", +- request, request, bin, bin, root, root); ++ request, request, bin, bin, root, root, state, state); + if (Sandboxing == CUPSD_SANDBOXING_RELAXED) + { + /* Limited write access to /Library/Printers/... */ +diff --git a/scheduler/server.c b/scheduler/server.c +index cecbabe67..a4033791b 100644 +--- a/scheduler/server.c ++++ b/scheduler/server.c +@@ -34,16 +34,28 @@ void + cupsdStartServer(void) + { + /* +- * Start color management (as needed)... ++ * Create the default security profile... + */ + +- cupsdStartColor(); ++ DefaultProfile = cupsdCreateProfile(0, 1); ++ ++#ifdef HAVE_SANDBOX_H ++ if (!DefaultProfile && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF) ++ { ++ /* ++ * Failure to create the sandbox profile means something really bad has ++ * happened and we need to shutdown immediately. ++ */ ++ ++ return; ++ } ++#endif /* HAVE_SANDBOX_H */ + + /* +- * Create the default security profile... ++ * Start color management (as needed)... + */ + +- DefaultProfile = cupsdCreateProfile(0, 1); ++ cupsdStartColor(); + + /* + * Startup all the networking stuff... +diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh +index 7eb269a67..f83bd5d91 100755 +--- a/test/run-stp-tests.sh ++++ b/test/run-stp-tests.sh +@@ -489,11 +489,6 @@ StrictConformance Yes + Browsing Off + Listen localhost:$port + Listen $BASE/sock +-PassEnv DYLD_LIBRARY_PATH +-PassEnv LD_LIBRARY_PATH +-PassEnv LD_PRELOAD +-PassEnv LOCALEDIR +-PassEnv SHLIB_PATH + MaxSubscriptions 3 + MaxLogSize 0 + AccessLogLevel actions +@@ -529,6 +524,12 @@ TempDir $BASE/spool/temp + AccessLog $BASE/log/access_log + ErrorLog $BASE/log/error_log + PageLog $BASE/log/page_log ++ ++PassEnv DYLD_LIBRARY_PATH ++PassEnv LD_LIBRARY_PATH ++PassEnv LD_PRELOAD ++PassEnv LOCALEDIR ++PassEnv SHLIB_PATH + EOF + + if test $ssltype != 0 -a `uname` = Darwin; then +-- +2.17.1 + diff --git a/SOURCES/0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch b/SOURCES/0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch new file mode 100644 index 0000000..8f8fa71 --- /dev/null +++ b/SOURCES/0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch @@ -0,0 +1,62 @@ +From 9539c53065170e97836503074e770d7b5fbf9f83 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Tue, 16 Jul 2019 09:27:13 -0400 +Subject: [PATCH] Fix lpadmin with cupsIPPSupplies and cupsSNMPSupplies (Issue + #5610) + +--- + CHANGES.md | 2 ++ + systemv/lpadmin.c | 9 +++++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c +index f428368d4..ca6d386b2 100644 +--- a/systemv/lpadmin.c ++++ b/systemv/lpadmin.c +@@ -1467,6 +1467,7 @@ set_printer_options( + (boolval = cupsGetOption("cupsIPPSupplies", num_options, + options)) != NULL) + { ++ ppdchanged = 1; + wrote_ipp_supplies = 1; + cupsFilePrintf(out, "*cupsIPPSupplies: %s\n", + (!_cups_strcasecmp(boolval, "true") || +@@ -1477,6 +1478,7 @@ set_printer_options( + (boolval = cupsGetOption("cupsSNMPSupplies", num_options, + options)) != NULL) + { ++ ppdchanged = 1; + wrote_snmp_supplies = 1; + cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n", + (!_cups_strcasecmp(boolval, "true") || +@@ -1537,6 +1539,8 @@ set_printer_options( + (boolval = cupsGetOption("cupsIPPSupplies", num_options, + options)) != NULL) + { ++ ppdchanged = 1; ++ + cupsFilePrintf(out, "*cupsIPPSupplies: %s\n", + (!_cups_strcasecmp(boolval, "true") || + !_cups_strcasecmp(boolval, "yes") || +@@ -1547,6 +1551,8 @@ set_printer_options( + (boolval = cupsGetOption("cupsSNMPSupplies", num_options, + options)) != NULL) + { ++ ppdchanged = 1; ++ + cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n", + (!_cups_strcasecmp(boolval, "true") || + !_cups_strcasecmp(boolval, "yes") || +@@ -1561,8 +1567,7 @@ set_printer_options( + * Do the request... + */ + +- ippDelete(cupsDoFileRequest(http, request, "/admin/", +- ppdchanged ? tempfile : file)); ++ ippDelete(cupsDoFileRequest(http, request, "/admin/", ppdchanged ? tempfile : file)); + + /* + * Clean up temp files... (TODO: catch signals in case we CTRL-C during +-- +2.31.1 + diff --git a/SOURCES/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch b/SOURCES/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch new file mode 100644 index 0000000..ec224c3 --- /dev/null +++ b/SOURCES/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch @@ -0,0 +1,206 @@ +diff --git a/backend/ipp.c b/backend/ipp.c +index 32eb3aaa4..2a880bd75 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -3612,6 +3612,8 @@ update_reasons(ipp_attribute_t *attr, /* I - printer-state-reasons or NULL */ + } + } + ++ cupsArrayDelete(new_reasons); ++ + _cupsMutexUnlock(&report_mutex); + + /* +diff --git a/cgi-bin/search.c b/cgi-bin/search.c +index 3956afc33..ad1f5ed0e 100644 +--- a/cgi-bin/search.c ++++ b/cgi-bin/search.c +@@ -361,4 +362,5 @@ void + cgiFreeSearch(void *search) /* I - Search context */ + { + regfree((regex_t *)search); ++ free(search); + } +diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c +index 5d510140b..688901a7d 100644 +--- a/cups/http-addrlist.c ++++ b/cups/http-addrlist.c +@@ -612,6 +613,7 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p + if (!temp) + { + httpAddrFreeList(first); ++ freeaddrinfo(results); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); + return (NULL); + } +diff --git a/cups/http.c b/cups/http.c +index a9235b087..d9332cc83 100644 +--- a/cups/http.c ++++ b/cups/http.c +@@ -3915,7 +3915,7 @@ http_create( + if ((http = calloc(sizeof(http_t), 1)) == NULL) + { + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); +- httpAddrFreeList(addrlist); ++ httpAddrFreeList(myaddrlist); + return (NULL); + } + +diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx +index be24cebae..4e8cba7bb 100644 +--- a/ppdc/ppdc-source.cxx ++++ b/ppdc/ppdc-source.cxx +@@ -2665,6 +2666,7 @@ ppdcSource::scan_file(ppdcFile *fp, // I - File to read + // Add it to the current option... + if (!o) + { ++ c->release(); + _cupsLangPrintf(stderr, + _("ppdc: Choice found on line %d of %s with no " + "Option."), fp->line, fp->filename); +diff --git a/scheduler/cups-driverd.cxx b/scheduler/cups-driverd.cxx +index 657eee0a0..b518a9325 100644 +--- a/scheduler/cups-driverd.cxx ++++ b/scheduler/cups-driverd.cxx +@@ -153,7 +153,7 @@ static ppd_info_t *add_ppd(const char *filename, const char *name, + size_t size, int model_number, int type, + const char *scheme); + static int cat_drv(const char *name, int request_id); +-static int cat_ppd(const char *name, int request_id); ++static void cat_ppd(const char *name, int request_id); + static int cat_static(const char *name, int request_id); + static int cat_tar(const char *name, int request_id); + static int compare_inodes(struct stat *a, struct stat *b); +@@ -163,12 +163,12 @@ static int compare_names(const ppd_info_t *p0, + const ppd_info_t *p1); + static int compare_ppds(const ppd_info_t *p0, + const ppd_info_t *p1); +-static int dump_ppds_dat(const char *filename); ++static void dump_ppds_dat(const char *filename); + static void free_array(cups_array_t *a); + static cups_file_t *get_file(const char *name, int request_id, + const char *subdir, char *buffer, + size_t bufsize, char **subfile); +-static int list_ppds(int request_id, int limit, const char *opt); ++static void list_ppds(int request_id, int limit, const char *opt); + static int load_drivers(cups_array_t *include, + cups_array_t *exclude); + static int load_drv(const char *filename, const char *name, +@@ -204,13 +204,13 @@ main(int argc, /* I - Number of command-line args */ + */ + + if (argc == 3 && !strcmp(argv[1], "cat")) +- return (cat_ppd(argv[2], 0)); ++ cat_ppd(argv[2], 0); + else if ((argc == 2 || argc == 3) && !strcmp(argv[1], "dump")) +- return (dump_ppds_dat(argv[2])); ++ dump_ppds_dat(argv[2]); + else if (argc == 4 && !strcmp(argv[1], "get")) +- return (cat_ppd(argv[3], atoi(argv[2]))); ++ cat_ppd(argv[3], atoi(argv[2])); + else if (argc == 5 && !strcmp(argv[1], "list")) +- return (list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4])); ++ list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]); + else + { + fputs("Usage: cups-driverd cat ppd-name\n", stderr); +@@ -428,7 +428,7 @@ cat_drv(const char *name, /* I - PPD name */ + * 'cat_ppd()' - Copy a PPD file to stdout. + */ + +-static int /* O - Exit code */ ++static void + cat_ppd(const char *name, /* I - PPD name */ + int request_id) /* I - Request ID for response? */ + { +@@ -445,7 +445,7 @@ cat_ppd(const char *name, /* I - PPD name */ + if (strstr(name, "../")) + { + fputs("ERROR: Invalid PPD name.\n", stderr); +- return (1); ++ exit(1); + } + + strlcpy(scheme, name, sizeof(scheme)); +@@ -475,11 +475,11 @@ cat_ppd(const char *name, /* I - PPD name */ + puts("Content-Type: application/ipp\n"); + + if (!scheme[0]) +- return (cat_static(name, request_id)); ++ exit(cat_static(name, request_id)); + else if (!strcmp(scheme, "drv")) +- return (cat_drv(name, request_id)); ++ exit(cat_drv(name, request_id)); + else if (!strcmp(scheme, "file")) +- return (cat_tar(name, request_id)); ++ exit(cat_tar(name, request_id)); + else + { + /* +@@ -517,7 +517,7 @@ cat_ppd(const char *name, /* I - PPD name */ + cupsdSendIPPTrailer(); + } + +- return (1); ++ exit(1); + } + + /* +@@ -547,15 +547,15 @@ cat_ppd(const char *name, /* I - PPD name */ + + fprintf(stderr, "ERROR: [cups-driverd] Unable to execute \"%s\" - %s\n", + line, strerror(errno)); +- return (1); ++ exit(1); + } + } + + /* +- * Return with no errors... ++ * Exit with no errors... + */ + +- return (0); ++ exit(0); + } + + +@@ -778,7 +778,7 @@ compare_ppds(const ppd_info_t *p0, /* I - First PPD file */ + * 'dump_ppds_dat()' - Dump the contents of the ppds.dat file. + */ + +-static int /* O - Exit status */ ++static void + dump_ppds_dat(const char *filename) /* I - Filename */ + { + char temp[1024]; /* ppds.dat filename */ +@@ -810,7 +810,7 @@ dump_ppds_dat(const char *filename) /* I - Filename */ + ppd->record.make_and_model, ppd->record.device_id, + ppd->record.scheme); + +- return (0); ++ exit(0); + } + + +@@ -1004,7 +1004,7 @@ get_file(const char *name, /* I - Name */ + * 'list_ppds()' - List PPD files. + */ + +-static int /* O - Exit code */ ++static void + list_ppds(int request_id, /* I - Request ID */ + int limit, /* I - Limit */ + const char *opt) /* I - Option argument */ +@@ -1566,7 +1566,7 @@ list_ppds(int request_id, /* I - Request ID */ + if (request_id) + cupsdSendIPPTrailer(); + +- return (0); ++ exit(0); + } + + +-- +2.17.1 + diff --git a/SOURCES/0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch b/SOURCES/0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch new file mode 100644 index 0000000..2d7ca02 --- /dev/null +++ b/SOURCES/0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch @@ -0,0 +1,56 @@ +diff --git a/backend/socket.c b/backend/socket.c +index 675061dd9..68379e95b 100644 +--- a/backend/socket.c ++++ b/backend/socket.c +@@ -397,8 +397,10 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ + lseek(print_fd, 0, SEEK_SET); + } + +- tbytes = backendRunLoop(print_fd, device_fd, snmp_fd, &(addrlist->addr), 1, +- 0, backendNetworkSideCB); ++ if ((bytes = backendRunLoop(print_fd, device_fd, snmp_fd, &(addrlist->addr), 1, 0, backendNetworkSideCB)) < 0) ++ tbytes = -1; ++ else ++ tbytes = bytes; + + if (print_fd != 0 && tbytes >= 0) + _cupsLangPrintFilter(stderr, "INFO", _("Print file sent.")); +@@ -406,7 +408,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ + + fputs("STATE: +cups-waiting-for-job-completed\n", stderr); + +- if (waiteof) ++ if (waiteof && tbytes >= 0) + { + /* + * Shutdown the socket and wait for the other end to finish... +@@ -443,7 +445,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ + if (print_fd != 0) + close(print_fd); + +- return (CUPS_BACKEND_OK); ++ return (tbytes >= 0 ? CUPS_BACKEND_OK : CUPS_BACKEND_FAILED); + } + + +diff --git a/scheduler/main.c b/scheduler/main.c +index 4b3914ade..472b9946d 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -1472,9 +1472,16 @@ process_children(void) + (!job->filters[i] && WIFEXITED(old_status))) + { /* Backend and filter didn't crash */ + if (job->filters[i]) ++ { + job->status = status; /* Filter failed */ ++ } + else ++ { + job->status = -status; /* Backend failed */ ++ ++ if (job->current_file < job->num_files) ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_FORCE, "Canceling multi-file job due to backend failure."); ++ } + } + + if (job->state_value == IPP_JOB_PROCESSING && diff --git a/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch b/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch new file mode 100644 index 0000000..7c647bf --- /dev/null +++ b/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch @@ -0,0 +1,64 @@ +From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 +From: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Thu, 1 Jun 2023 11:33:39 -0400 +Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection + +httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. + +We have to log the hostname first. +--- + scheduler/client.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index 91e441188..327473a4d 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + /* + * Can't have an unresolved IP address with double-lookups enabled... + */ +- +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "Name lookup failed - connection from %s closed!", ++ "Name lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); + ++ httpClose(con->http); + free(con); + return; + } +@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + * with double-lookups enabled... + */ + +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "IP lookup failed - connection from %s closed!", ++ "IP lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + + if (!hosts_access(&wrap_req)) + { +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, + "Connection from %s refused by /etc/hosts.allow and " + "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +-- +2.41.0 + diff --git a/SOURCES/0001-Multiple-security-disclosure-issues.patch b/SOURCES/0001-Multiple-security-disclosure-issues.patch new file mode 100644 index 0000000..88f81f9 --- /dev/null +++ b/SOURCES/0001-Multiple-security-disclosure-issues.patch @@ -0,0 +1,183 @@ +From 2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Thu, 15 Aug 2019 14:06:47 -0400 +Subject: [PATCH] Multiple security/disclosure issues: + +- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251) +- Fixed IPP buffer overflow (rdar://50035411) +- Fixed memory disclosure issue in the scheduler (rdar://51373853) +- Fixed DoS issues in the scheduler (rdar://51373929) + +diff --git a/cups/http.c b/cups/http.c +index 266a15791..fbb1bf13c 100644 +--- a/cups/http.c ++++ b/cups/http.c +@@ -1860,7 +1860,7 @@ httpPrintf(http_t *http, /* I - HTTP connection */ + ...) /* I - Additional args as needed */ + { + ssize_t bytes; /* Number of bytes to write */ +- char buf[16384]; /* Buffer for formatted string */ ++ char buf[65536]; /* Buffer for formatted string */ + va_list ap; /* Variable argument pointer */ + + +@@ -1872,7 +1872,12 @@ httpPrintf(http_t *http, /* I - HTTP connection */ + + DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf)); + +- if (http->data_encoding == HTTP_ENCODING_FIELDS) ++ if (bytes > (ssize_t)(sizeof(buf) - 1)) ++ { ++ http->error = ENOMEM; ++ return (-1); ++ } ++ else if (http->data_encoding == HTTP_ENCODING_FIELDS) + return ((int)httpWrite2(http, buf, (size_t)bytes)); + else + { +diff --git a/cups/ipp.c b/cups/ipp.c +index 6fae52a00..1bd59cef1 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -4550,9 +4550,7 @@ ippSetValueTag( + break; + + case IPP_TAG_NAME : +- if (temp_tag != IPP_TAG_KEYWORD && temp_tag != IPP_TAG_URI && +- temp_tag != IPP_TAG_URISCHEME && temp_tag != IPP_TAG_LANGUAGE && +- temp_tag != IPP_TAG_MIMETYPE) ++ if (temp_tag != IPP_TAG_KEYWORD) + return (0); + + (*attr)->value_tag = (ipp_tag_t)(IPP_TAG_NAME | ((*attr)->value_tag & IPP_TAG_CUPS_CONST)); +@@ -4560,10 +4558,7 @@ ippSetValueTag( + + case IPP_TAG_NAMELANG : + case IPP_TAG_TEXTLANG : +- if (value_tag == IPP_TAG_NAMELANG && +- (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD && +- temp_tag != IPP_TAG_URI && temp_tag != IPP_TAG_URISCHEME && +- temp_tag != IPP_TAG_LANGUAGE && temp_tag != IPP_TAG_MIMETYPE)) ++ if (value_tag == IPP_TAG_NAMELANG && (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD)) + return (0); + + if (value_tag == IPP_TAG_TEXTLANG && temp_tag != IPP_TAG_TEXT) +diff --git a/cups/snmp.c b/cups/snmp.c +index 5cefee454..1d9da01f2 100644 +--- a/cups/snmp.c ++++ b/cups/snmp.c +@@ -1233,6 +1233,9 @@ asn1_get_integer( + int value; /* Integer value */ + + ++ if (*buffer >= bufend) ++ return (0); ++ + if (length > sizeof(int)) + { + (*buffer) += length; +@@ -1259,6 +1262,9 @@ asn1_get_length(unsigned char **buffer, /* IO - Pointer in buffer */ + unsigned length; /* Length */ + + ++ if (*buffer >= bufend) ++ return (0); ++ + length = **buffer; + (*buffer) ++; + +@@ -1301,6 +1307,9 @@ asn1_get_oid( + int number; /* OID number */ + + ++ if (*buffer >= bufend) ++ return (0); ++ + valend = *buffer + length; + oidptr = oid; + oidend = oid + oidsize - 1; +@@ -1349,9 +1358,12 @@ asn1_get_packed( + int value; /* Value */ + + ++ if (*buffer >= bufend) ++ return (0); ++ + value = 0; + +- while ((**buffer & 128) && *buffer < bufend) ++ while (*buffer < bufend && (**buffer & 128)) + { + value = (value << 7) | (**buffer & 127); + (*buffer) ++; +@@ -1379,6 +1391,9 @@ asn1_get_string( + char *string, /* I - String buffer */ + size_t strsize) /* I - String buffer size */ + { ++ if (*buffer >= bufend) ++ return (NULL); ++ + if (length > (unsigned)(bufend - *buffer)) + length = (unsigned)(bufend - *buffer); + +@@ -1421,6 +1436,9 @@ asn1_get_type(unsigned char **buffer, /* IO - Pointer in buffer */ + int type; /* Type */ + + ++ if (*buffer >= bufend) ++ return (0); ++ + type = **buffer; + (*buffer) ++; + +diff --git a/scheduler/client.c b/scheduler/client.c +index 923a6e67a..f693e7c49 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -564,6 +564,17 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + + cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdReadClient: error=%d, used=%d, state=%s, data_encoding=HTTP_ENCODING_%s, data_remaining=" CUPS_LLFMT ", request=%p(%s), file=%d", httpError(con->http), (int)httpGetReady(con->http), httpStateString(httpGetState(con->http)), httpIsChunked(con->http) ? "CHUNKED" : "LENGTH", CUPS_LLCAST httpGetRemaining(con->http), con->request, con->request ? ippStateString(ippGetState(con->request)) : "", con->file); + ++ if (httpError(con->http) == EPIPE && !httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) ++ { ++ /* ++ * Connection closed... ++ */ ++ ++ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); ++ cupsdCloseClient(con); ++ return; ++ } ++ + if (httpGetState(con->http) == HTTP_STATE_GET_SEND || + httpGetState(con->http) == HTTP_STATE_POST_SEND || + httpGetState(con->http) == HTTP_STATE_STATUS) +@@ -573,17 +584,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + * connection and we need to shut it down... + */ + +- if (!httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) +- { +- /* +- * Connection closed... +- */ +- +- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); +- cupsdCloseClient(con); +- return; +- } +- + cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on unexpected HTTP read state %s.", httpStateString(httpGetState(con->http))); + cupsdCloseClient(con); + return; +@@ -1950,6 +1950,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */ + strlcpy(location, httpGetField(con->http, HTTP_FIELD_LOCATION), sizeof(location)); + + httpClearFields(con->http); ++ httpClearCookie(con->http); + + httpSetField(con->http, HTTP_FIELD_LOCATION, location); + +-- +2.21.0 + diff --git a/SOURCES/0001-Printing-to-old-CUPS-servers-has-been-fixed-Issue-52.patch b/SOURCES/0001-Printing-to-old-CUPS-servers-has-been-fixed-Issue-52.patch new file mode 100644 index 0000000..de7ef28 --- /dev/null +++ b/SOURCES/0001-Printing-to-old-CUPS-servers-has-been-fixed-Issue-52.patch @@ -0,0 +1,562 @@ +diff --git a/cups/cups-private.h b/cups/cups-private.h +index 6fd66a9..1f66fd7 100644 +--- a/cups/cups-private.h ++++ b/cups/cups-private.h +@@ -237,13 +237,9 @@ extern void _cupsBufferRelease(char *b); + + extern http_t *_cupsConnect(void); + extern char *_cupsCreateDest(const char *name, const char *info, const char *device_id, const char *device_uri, char *uri, size_t urisize); +-extern int _cupsGet1284Values(const char *device_id, +- cups_option_t **values); +-extern const char *_cupsGetDestResource(cups_dest_t *dest, char *resource, +- size_t resourcesize); +-extern int _cupsGetDests(http_t *http, ipp_op_t op, +- const char *name, cups_dest_t **dests, +- cups_ptype_t type, cups_ptype_t mask); ++extern int _cupsGet1284Values(const char *device_id, cups_option_t **values); ++extern const char *_cupsGetDestResource(cups_dest_t *dest, unsigned flags, char *resource, size_t resourcesize); ++extern int _cupsGetDests(http_t *http, ipp_op_t op, const char *name, cups_dest_t **dests, cups_ptype_t type, cups_ptype_t mask); + extern const char *_cupsGetPassword(const char *prompt); + extern void _cupsGlobalLock(void); + extern _cups_globals_t *_cupsGlobals(void); +@@ -253,13 +249,10 @@ extern const char *_cupsGSSServiceName(void); + # endif /* HAVE_GSSAPI */ + extern int _cupsNextDelay(int current, int *previous); + extern void _cupsSetDefaults(void); +-extern void _cupsSetError(ipp_status_t status, const char *message, +- int localize); ++extern void _cupsSetError(ipp_status_t status, const char *message, int localize); + extern void _cupsSetHTTPError(http_status_t status); + # ifdef HAVE_GSSAPI +-extern int _cupsSetNegotiateAuthString(http_t *http, +- const char *method, +- const char *resource); ++extern int _cupsSetNegotiateAuthString(http_t *http, const char *method, const char *resource); + # endif /* HAVE_GSSAPI */ + extern char *_cupsUserDefault(char *name, size_t namesize); + +diff --git a/cups/dest-options.c b/cups/dest-options.c +index 51705a5..cfa28ce 100644 +--- a/cups/dest-options.c ++++ b/cups/dest-options.c +@@ -572,6 +572,7 @@ cupsCopyDestInfo( + cups_dest_t *dest) /* I - Destination */ + { + cups_dinfo_t *dinfo; /* Destination information */ ++ unsigned dflags; /* Destination flags */ + ipp_t *request, /* Get-Printer-Attributes request */ + *response; /* Supported attributes */ + int tries, /* Number of tries so far */ +@@ -581,6 +582,7 @@ cupsCopyDestInfo( + char resource[1024]; /* Resource path */ + int version; /* IPP version */ + ipp_status_t status; /* Status of request */ ++ _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ + static const char * const requested_attrs[] = + { /* Requested attributes */ + "job-template", +@@ -589,14 +591,25 @@ cupsCopyDestInfo( + }; + + +- DEBUG_printf(("cupsCopyDestSupported(http=%p, dest=%p(%s))", (void *)http, (void *)dest, dest ? dest->name : "")); ++ DEBUG_printf(("cupsCopyDestInfo(http=%p, dest=%p(%s))", (void *)http, (void *)dest, dest ? dest->name : "")); + + /* + * Get the default connection as needed... + */ + + if (!http) +- http = _cupsConnect(); ++ { ++ http = _cupsConnect(); ++ dflags = CUPS_DEST_FLAGS_NONE; ++ } ++#ifdef AF_LOCAL ++ else if (strcmp(http->hostname, cg->server) || (httpAddrFamily(http->hostaddr) != AF_LOCAL && cg->ipp_port != httpAddrPort(http->hostaddr))) ++#else ++ else if (strcmp(http->hostname, cg->server) || cg->ipp_port != httpAddrPort(http->hostaddr)) ++#endif /* AF_LOCAL */ ++ dflags = CUPS_DEST_FLAGS_DEVICE; ++ else ++ dflags = CUPS_DEST_FLAGS_NONE; + + /* + * Range check input... +@@ -609,8 +622,11 @@ cupsCopyDestInfo( + * Get the printer URI and resource path... + */ + +- if ((uri = _cupsGetDestResource(dest, resource, sizeof(resource))) == NULL) ++ if ((uri = _cupsGetDestResource(dest, dflags, resource, sizeof(resource))) == NULL) ++ { ++ DEBUG_puts("1cupsCopyDestInfo: Unable to get resource."); + return (NULL); ++ } + + /* + * Get the supported attributes... +@@ -628,28 +644,25 @@ cupsCopyDestInfo( + */ + + request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); +- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, +- uri); +- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, +- "requesting-user-name", NULL, cupsUser()); +- ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, +- "requested-attributes", +- (int)(sizeof(requested_attrs) / sizeof(requested_attrs[0])), +- NULL, requested_attrs); ++ ++ ippSetVersion(request, version / 10, version % 10); ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser()); ++ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(requested_attrs) / sizeof(requested_attrs[0])), NULL, requested_attrs); + response = cupsDoRequest(http, request, resource); + status = cupsLastError(); + + if (status > IPP_STATUS_OK_IGNORED_OR_SUBSTITUTED) + { +- DEBUG_printf(("cupsCopyDestSupported: Get-Printer-Attributes for '%s' " +- "returned %s (%s)", dest->name, ippErrorString(status), +- cupsLastErrorString())); ++ DEBUG_printf(("1cupsCopyDestInfo: Get-Printer-Attributes for '%s' returned %s (%s)", dest->name, ippErrorString(status), cupsLastErrorString())); + + ippDelete(response); + response = NULL; + +- if (status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED && version > 11) ++ if ((status == IPP_STATUS_ERROR_BAD_REQUEST || status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED) && version > 11) ++ { + version = 11; ++ } + else if (status == IPP_STATUS_ERROR_BUSY) + { + sleep((unsigned)delay); +@@ -665,7 +678,10 @@ cupsCopyDestInfo( + while (!response && tries < 10); + + if (!response) ++ { ++ DEBUG_puts("1cupsCopyDestInfo: Unable to get printer attributes."); + return (NULL); ++ } + + /* + * Allocate a cups_dinfo_t structure and return it... +@@ -678,6 +694,8 @@ cupsCopyDestInfo( + return (NULL); + } + ++ DEBUG_printf(("1cupsCopyDestInfo: version=%d, uri=\"%s\", resource=\"%s\".", version, uri, resource)); ++ + dinfo->version = version; + dinfo->uri = uri; + dinfo->resource = _cupsStrAlloc(resource); +diff --git a/cups/dest.c b/cups/dest.c +index 57a8dc9..3537572 100644 +--- a/cups/dest.c ++++ b/cups/dest.c +@@ -1103,13 +1103,16 @@ cupsGetDest(const char *name, /* I - Destination name or @code NULL@ for the d + * '_cupsGetDestResource()' - Get the resource path and URI for a destination. + */ + +-const char * /* O - Printer URI */ ++const char * /* O - URI */ + _cupsGetDestResource( + cups_dest_t *dest, /* I - Destination */ ++ unsigned flags, /* I - Destination flags */ + char *resource, /* I - Resource buffer */ + size_t resourcesize) /* I - Size of resource buffer */ + { +- const char *uri; /* Printer URI */ ++ const char *uri, /* URI */ ++ *device_uri, /* Device URI */ ++ *printer_uri; /* Printer URI */ + char scheme[32], /* URI scheme */ + userpass[256], /* Username and password (unused) */ + hostname[256]; /* Hostname */ +@@ -1132,25 +1135,46 @@ _cupsGetDestResource( + } + + /* +- * Grab the printer URI... ++ * Grab the printer and device URIs... + */ + +- if ((uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options)) == NULL) ++ device_uri = cupsGetOption("device-uri", dest->num_options, dest->options); ++ printer_uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options); ++ ++ DEBUG_printf(("1_cupsGetDestResource: device-uri=\"%s\", printer-uri-supported=\"%s\".", device_uri, printer_uri)); ++ ++#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI) ++ if (((flags & CUPS_DEST_FLAGS_DEVICE) || !printer_uri) && strstr(device_uri, "._tcp")) + { +- if ((uri = cupsGetOption("device-uri", dest->num_options, dest->options)) != NULL) ++ if ((device_uri = cups_dnssd_resolve(dest, device_uri, 5000, NULL, NULL, NULL)) != NULL) + { +-#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI) +- if (strstr(uri, "._tcp")) +- uri = cups_dnssd_resolve(dest, uri, 5000, NULL, NULL, NULL); +-#endif /* HAVE_DNSSD || HAVE_AVAHI */ ++ DEBUG_printf(("1_cupsGetDestResource: Resolved device-uri=\"%s\".", device_uri)); + } +- +- if (uri) ++ else + { +- DEBUG_printf(("1_cupsGetDestResource: Resolved printer-uri-supported=\"%s\"", uri)); ++ DEBUG_puts("1_cupsGetDestResource: Unable to resolve device."); + +- uri = _cupsCreateDest(dest->name, cupsGetOption("printer-info", dest->num_options, dest->options), NULL, uri, resource, resourcesize); ++ if (resource) ++ *resource = '\0'; ++ ++ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0); ++ ++ return (NULL); + } ++ } ++#endif /* HAVE_DNSSD || HAVE_AVAHI */ ++ ++ if (flags & CUPS_DEST_FLAGS_DEVICE) ++ { ++ uri = device_uri; ++ } ++ else if (printer_uri) ++ { ++ uri = printer_uri; ++ } ++ else ++ { ++ uri = _cupsCreateDest(dest->name, cupsGetOption("printer-info", dest->num_options, dest->options), NULL, device_uri, resource, resourcesize); + + if (uri) + { +@@ -1160,30 +1184,24 @@ _cupsGetDestResource( + + uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options); + } +- else +- { +- DEBUG_puts("1_cupsGetDestResource: No printer-uri-supported found."); ++ } + +- if (resource) +- *resource = '\0'; ++ if (!uri) ++ { ++ DEBUG_puts("1_cupsGetDestResource: No printer-uri-supported or device-uri found."); + +- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0); ++ if (resource) ++ *resource = '\0'; + +- return (NULL); +- } ++ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0); ++ ++ return (NULL); + } +- else ++ else if (httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme), userpass, sizeof(userpass), hostname, sizeof(hostname), &port, resource, (int)resourcesize) < HTTP_URI_STATUS_OK) + { +- DEBUG_printf(("1_cupsGetDestResource: printer-uri-supported=\"%s\"", uri)); ++ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad URI."), 1); + +- if (httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme), +- userpass, sizeof(userpass), hostname, sizeof(hostname), +- &port, resource, (int)resourcesize) < HTTP_URI_STATUS_OK) +- { +- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad printer-uri."), 1); +- +- return (NULL); +- } ++ return (NULL); + } + + DEBUG_printf(("1_cupsGetDestResource: resource=\"%s\"", resource)); +diff --git a/cups/testdest.c b/cups/testdest.c +index c5c2052..27060f6 100644 +--- a/cups/testdest.c ++++ b/cups/testdest.c +@@ -43,9 +43,12 @@ int /* O - Exit status */ + main(int argc, /* I - Number of command-line arguments */ + char *argv[]) /* I - Command-line arguments */ + { ++ int i; /* Looping var */ + http_t *http; /* Connection to destination */ + cups_dest_t *dest = NULL; /* Destination */ + cups_dinfo_t *dinfo; /* Destination info */ ++ unsigned dflags = CUPS_DEST_FLAGS_NONE; ++ /* Destination flags */ + + + if (argc < 2) +@@ -103,9 +106,17 @@ main(int argc, /* I - Number of command-line arguments */ + + return (0); + } +- else if (!strncmp(argv[1], "ipp://", 6) || !strncmp(argv[1], "ipps://", 7)) +- dest = cupsGetDestWithURI(NULL, argv[1]); +- else if (!strcmp(argv[1], "default")) ++ ++ i = 1; ++ if (!strcmp(argv[i], "--device")) ++ { ++ dflags = CUPS_DEST_FLAGS_DEVICE; ++ i ++; ++ } ++ ++ if (!strncmp(argv[i], "ipp://", 6) || !strncmp(argv[i], "ipps://", 7)) ++ dest = cupsGetDestWithURI(NULL, argv[i]); ++ else if (!strcmp(argv[i], "default")) + { + dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, NULL, NULL); + if (dest && dest->instance) +@@ -114,67 +125,70 @@ main(int argc, /* I - Number of command-line arguments */ + printf("default is \"%s\".\n", dest->name); + } + else +- dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, argv[1], NULL); ++ dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, argv[i], NULL); + + if (!dest) + { +- printf("testdest: Unable to get destination \"%s\": %s\n", argv[1], cupsLastErrorString()); ++ printf("testdest: Unable to get destination \"%s\": %s\n", argv[i], cupsLastErrorString()); + return (1); + } + +- if ((http = cupsConnectDest(dest, CUPS_DEST_FLAGS_NONE, 30000, NULL, NULL, 0, NULL, NULL)) == NULL) ++ i ++; ++ ++ if ((http = cupsConnectDest(dest, dflags, 30000, NULL, NULL, 0, NULL, NULL)) == NULL) + { +- printf("testdest: Unable to connect to destination \"%s\": %s\n", argv[1], cupsLastErrorString()); ++ printf("testdest: Unable to connect to destination \"%s\": %s\n", dest->name, cupsLastErrorString()); + return (1); + } + + if ((dinfo = cupsCopyDestInfo(http, dest)) == NULL) + { +- printf("testdest: Unable to get information for destination \"%s\": %s\n", argv[1], cupsLastErrorString()); ++ printf("testdest: Unable to get information for destination \"%s\": %s\n", dest->name, cupsLastErrorString()); + return (1); + } + +- if (argc == 2 || (!strcmp(argv[2], "supported") && argc < 6)) ++ if (i == argc || !strcmp(argv[i], "supported")) + { +- if (argc > 3) +- show_supported(http, dest, dinfo, argv[3], argv[4]); ++ i ++; ++ ++ if ((i + 1) < argc) ++ show_supported(http, dest, dinfo, argv[i], argv[i + 1]); + else if (argc > 2) +- show_supported(http, dest, dinfo, argv[3], NULL); ++ show_supported(http, dest, dinfo, argv[i], NULL); + else + show_supported(http, dest, dinfo, NULL, NULL); + } +- else if (!strcmp(argv[2], "conflicts") && argc > 3) ++ else if (!strcmp(argv[i], "conflicts") && (i + 1) < argc) + { +- int i, /* Looping var */ +- num_options = 0;/* Number of options */ ++ int num_options = 0;/* Number of options */ + cups_option_t *options = NULL;/* Options */ + +- for (i = 3; i < argc; i ++) ++ for (i ++; i < argc; i ++) + num_options = cupsParseOptions(argv[i], num_options, &options); + + show_conflicts(http, dest, dinfo, num_options, options); + } +- else if (!strcmp(argv[2], "default") && argc == 4) ++ else if (!strcmp(argv[i], "default") && (i + 1) < argc) + { +- show_default(http, dest, dinfo, argv[3]); ++ show_default(http, dest, dinfo, argv[i + 1]); + } +- else if (!strcmp(argv[2], "localize") && argc < 6) ++ else if (!strcmp(argv[i], "localize")) + { +- if (argc > 3) +- localize(http, dest, dinfo, argv[3], argv[4]); ++ i ++; ++ if ((i + 1) < argc) ++ localize(http, dest, dinfo, argv[i], argv[i + 1]); + else if (argc > 2) +- localize(http, dest, dinfo, argv[3], NULL); ++ localize(http, dest, dinfo, argv[i], NULL); + else + localize(http, dest, dinfo, NULL, NULL); + } +- else if (!strcmp(argv[2], "media")) ++ else if (!strcmp(argv[i], "media")) + { +- int i; /* Looping var */ + const char *name = NULL; /* Media name, if any */ + unsigned flags = CUPS_MEDIA_FLAGS_DEFAULT; + /* Media selection flags */ + +- for (i = 3; i < argc; i ++) ++ for (i ++; i < argc; i ++) + { + if (!strcmp(argv[i], "borderless")) + flags = CUPS_MEDIA_FLAGS_BORDERLESS; +@@ -192,19 +206,19 @@ main(int argc, /* I - Number of command-line arguments */ + + show_media(http, dest, dinfo, flags, name); + } +- else if (!strcmp(argv[2], "print") && argc > 3) ++ else if (!strcmp(argv[i], "print") && (i + 1) < argc) + { +- int i, /* Looping var */ +- num_options = 0;/* Number of options */ ++ int num_options = 0;/* Number of options */ + cups_option_t *options = NULL;/* Options */ ++ const char *filename = argv[i + 1]; + +- for (i = 4; i < argc; i ++) ++ for (i += 2; i < argc; i ++) + num_options = cupsParseOptions(argv[i], num_options, &options); + +- print_file(http, dest, dinfo, argv[3], num_options, options); ++ print_file(http, dest, dinfo, filename, num_options, options); + } + else +- usage(argv[2]); ++ usage(argv[i]); + + return (0); + } +@@ -740,9 +754,9 @@ usage(const char *arg) /* I - Argument for usage message */ + printf("testdest: Unknown option \"%s\".\n", arg); + + puts("Usage:"); +- puts(" ./testdest name [operation ...]"); +- puts(" ./testdest ipp://... [operation ...]"); +- puts(" ./testdest ipps://... [operation ...]"); ++ puts(" ./testdest [--device] name [operation ...]"); ++ puts(" ./testdest [--device] ipp://... [operation ...]"); ++ puts(" ./testdest [--device] ipps://... [operation ...]"); + puts(" ./testdest --enum [grayscale] [color] [duplex] [staple] [small]\n" + " [medium] [large]"); + puts(""); +diff --git a/test/ippserver.c b/test/ippserver.c +index 38b304f..c593d3a 100644 +--- a/test/ippserver.c ++++ b/test/ippserver.c +@@ -461,6 +461,7 @@ static AvahiClient *DNSSDClient = NULL; + #endif /* HAVE_DNSSD */ + + static int KeepFiles = 0, ++ MaxVersion = 20, + Verbosity = 0; + + +@@ -533,6 +534,23 @@ main(int argc, /* I - Number of command-line args */ + pin = 1; + break; + ++ case 'V' : /* -V max-version */ ++ i ++; ++ if (i >= argc) ++ usage(1); ++ ++ if (!strcmp(argv[i], "2.2")) ++ MaxVersion = 22; ++ else if (!strcmp(argv[i], "2.1")) ++ MaxVersion = 21; ++ else if (!strcmp(argv[i], "2.0")) ++ MaxVersion = 20; ++ else if (!strcmp(argv[i], "1.1")) ++ MaxVersion = 11; ++ else ++ usage(1); ++ break; ++ + case 'a' : /* -a attributes-file */ + i ++; + if (i >= argc) +@@ -1324,9 +1342,10 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default) + }; + static const char * const versions[] =/* ipp-versions-supported values */ + { +- "1.0", + "1.1", +- "2.0" ++ "2.0", ++ "2.1", ++ "2.2" + }; + static const char * const features[] =/* ipp-features-supported values */ + { +@@ -1738,7 +1757,12 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default) + + /* ipp-versions-supported */ + if (!ippFindAttribute(printer->attrs, "ipp-versions-supported", IPP_TAG_ZERO)) +- ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "ipp-versions-supported", sizeof(versions) / sizeof(versions[0]), NULL, versions); ++ { ++ int num_versions = MaxVersion == 11 ? 1 : MaxVersion == 20 ? 2 : MaxVersion == 21 ? 3 : 4; ++ /* Number of supported versions */ ++ ++ ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "ipp-versions-supported", num_versions, NULL, versions); ++ } + + /* job-account-id-default */ + if (!ippFindAttribute(printer->attrs, "job-account-id-default", IPP_TAG_ZERO)) +@@ -5800,15 +5824,24 @@ process_ipp(_ipp_client_t *client) /* I - Client */ + * Return an error, since we only support IPP 1.x and 2.x. + */ + +- respond_ipp(client, IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED, +- "Bad request version number %d.%d.", major, minor); ++ respond_ipp(client, IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED, "Bad request version number %d.%d.", major, minor); ++ } ++ else if ((major * 10 + minor) > MaxVersion) ++ { ++ if (httpGetState(client->http) != HTTP_STATE_POST_SEND) ++ httpFlush(client->http); /* Flush trailing (junk) data */ ++ ++ respond_http(client, HTTP_STATUS_BAD_REQUEST, NULL, NULL, 0); ++ return (0); + } + else if (ippGetRequestId(client->request) <= 0) +- respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "Bad request-id %d.", +- ippGetRequestId(client->request)); ++ { ++ respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "Bad request-id %d.", ippGetRequestId(client->request)); ++ } + else if (!ippFirstAttribute(client->request)) +- respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, +- "No attributes in request."); ++ { ++ respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "No attributes in request."); ++ } + else + { + /* +@@ -6877,8 +6910,7 @@ usage(int status) /* O - Exit status */ + { + if (!status) + { +- puts(CUPS_SVERSION " - Copyright 2010-2015 by Apple Inc. All rights " +- "reserved."); ++ puts(CUPS_SVERSION " - Copyright (c) 2010-2018 by Apple Inc. All rights reserved."); + puts(""); + } + +@@ -6888,6 +6920,7 @@ usage(int status) /* O - Exit status */ + puts("-2 Supports 2-sided printing (default=1-sided)"); + puts("-M manufacturer Manufacturer name (default=Test)"); + puts("-P PIN printing mode"); ++ puts("-V max-version Set maximum supported IPP version"); + puts("-a attributes-file Load printer attributes from file"); + puts("-c command Run command for every print job"); + printf("-d spool-directory Spool directory " diff --git a/SOURCES/0001-Remove-web-log-buttons.patch b/SOURCES/0001-Remove-web-log-buttons.patch new file mode 100644 index 0000000..a19d806 --- /dev/null +++ b/SOURCES/0001-Remove-web-log-buttons.patch @@ -0,0 +1,98 @@ +diff --git a/templates/admin.tmpl b/templates/admin.tmpl +index 101f960..5ebd813 100644 +--- a/templates/admin.tmpl ++++ b/templates/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/de/admin.tmpl b/templates/de/admin.tmpl +index fb2851a..f8ddeff 100644 +--- a/templates/de/admin.tmpl ++++ b/templates/de/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/es/admin.tmpl b/templates/es/admin.tmpl +index 097c65c..b83b1a0 100644 +--- a/templates/es/admin.tmpl ++++ b/templates/es/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/fr/admin.tmpl b/templates/fr/admin.tmpl +index 2fcd9c5..e365ff3 100644 +--- a/templates/fr/admin.tmpl ++++ b/templates/fr/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/ja/admin.tmpl b/templates/ja/admin.tmpl +index 13d6f13..f5fa750 100644 +--- a/templates/ja/admin.tmpl ++++ b/templates/ja/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/pt_BR/admin.tmpl b/templates/pt_BR/admin.tmpl +index b847bef..e11d889 100644 +--- a/templates/pt_BR/admin.tmpl ++++ b/templates/pt_BR/admin.tmpl +@@ -27,9 +27,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

+diff --git a/templates/ru/admin.tmpl b/templates/ru/admin.tmpl +index 49a168c..44b1493 100644 +--- a/templates/ru/admin.tmpl ++++ b/templates/ru/admin.tmpl +@@ -26,9 +26,6 @@ + +

+

+-
+-
+-
+

+ + {SETTINGS_ERROR?

{SETTINGS_MESSAGE}

diff --git a/SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch b/SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch new file mode 100644 index 0000000..e2852e1 --- /dev/null +++ b/SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch @@ -0,0 +1,31 @@ +From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Tue, 6 Dec 2022 09:04:01 -0500 +Subject: [PATCH] Require authentication for CUPS-Get-Document. + +--- + conf/cupsd.conf.in | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in +index b25884907..a07536f3e 100644 +--- a/conf/cupsd.conf.in ++++ b/conf/cupsd.conf.in +@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@ + Order deny,allow + + +- ++ ++ Require user @OWNER @SYSTEM ++ Order deny,allow ++ ++ ++ ++ AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + +-- +2.41.0 + diff --git a/SOURCES/0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch b/SOURCES/0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch new file mode 100644 index 0000000..e5b9e9e --- /dev/null +++ b/SOURCES/0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch @@ -0,0 +1,22 @@ +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 649995bb5..2396c9b58 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -4873,6 +4873,8 @@ copy_printer_attrs( + * and document-format attributes that may be provided by the client. + */ + ++ _cupsRWLockRead(&printer->lock); ++ + curtime = time(NULL); + + if (!ra || cupsArrayFind(ra, "marker-change-time")) +@@ -5034,6 +5036,8 @@ copy_printer_attrs( + if (printer->ppd_attrs) + copy_attrs(con->response, printer->ppd_attrs, ra, IPP_TAG_ZERO, 0, NULL); + copy_attrs(con->response, CommonData, ra, IPP_TAG_ZERO, IPP_TAG_COPY, NULL); ++ ++ _cupsRWUnlock(&printer->lock); + } + + diff --git a/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch b/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch new file mode 100644 index 0000000..c6ec7e5 --- /dev/null +++ b/SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch @@ -0,0 +1,899 @@ +From 4d6787bd98c2fac8dcc58f34125d299d82e622aa Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Mon, 2 May 2022 15:35:20 -0400 +Subject: [PATCH] Update man pages for -h option (Issue #357) + +--- + CHANGES.md | 1 + + doc/help/man-cancel.html | 7 ++++--- + doc/help/man-cupsctl.html | 7 ++++--- + doc/help/man-ipptool.html | 6 ++++++ + doc/help/man-lp.html | 9 +++++---- + doc/help/man-lpinfo.html | 9 +++++---- + doc/help/man-lpmove.html | 9 +++++---- + doc/help/man-lpoptions.html | 17 +++++++++-------- + doc/help/man-lpq.html | 5 +++-- + doc/help/man-lpr.html | 5 +++-- + doc/help/man-lprm.html | 6 +++--- + doc/help/man-lpstat.html | 5 +++-- + man/cancel.1 | 9 +++++---- + man/cupsctl.8 | 9 +++++---- + man/lp.1 | 11 ++++++----- + man/lpinfo.8 | 11 ++++++----- + man/lpmove.8 | 11 ++++++----- + man/lpoptions.1 | 19 ++++++++++--------- + man/lpq.1 | 7 ++++--- + man/lpr.1 | 7 ++++--- + man/lprm.1 | 8 ++++---- + man/lpstat.1 | 11 ++++++----- + 22 files changed, 107 insertions(+), 82 deletions(-) + +diff --git a/doc/help/man-cancel.html b/doc/help/man-cancel.html +index d51bb2b91..a0b52369c 100644 +--- a/doc/help/man-cancel.html ++++ b/doc/help/man-cancel.html +@@ -12,6 +12,9 @@ cancel - cancel jobs +

Synopsis

+ cancel + [ ++-h ++hostname[:port] ++] [ + -E + ] [ + -U +@@ -19,9 +22,6 @@ cancel - cancel jobs + ] [ + -a + ] [ +--h +-hostname[:port] +-] [ + -u + username + ] [ +@@ -46,6 +46,7 @@ destinations if none is provided. +
Forces encryption when connecting to the server. +
-h hostname[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-U username +
Specifies the username to use when connecting to the server. +
-u username +diff --git a/doc/help/man-cupsctl.html b/doc/help/man-cupsctl.html +index b3f892ef9..e5c98dccb 100644 +--- a/doc/help/man-cupsctl.html ++++ b/doc/help/man-cupsctl.html +@@ -12,14 +12,14 @@ cupsctl - configure cupsd.conf options +

Synopsis

+ cupsctl + [ ++-h ++server[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h +-server[:port] +-] [ + --[no-]debug-logging + ] [ + --[no-]remote-admin +@@ -45,6 +45,7 @@ The following options are recognized: +
Specifies an alternate username to use when authenticating with the scheduler. +
-h server[:port] +
Specifies the server address. ++Note: This option must occur before all others. +
--[no-]debug-logging +
Enables (disables) debug logging to the error_log file. +
--[no-]remote-admin +diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html +index 81f67d77f..688454c69 100644 +--- a/doc/help/man-ipptool.html ++++ b/doc/help/man-ipptool.html +@@ -59,6 +59,8 @@ ipptool - perform internet printing protocol requests + -i + seconds + ] [ ++-j ++] [ + -n + repeat-count + ] [ +@@ -150,6 +152,10 @@ This option is incompatible with the -i (interval) and -n (repeat- + testfile + should be repeated at the specified interval. + This option is incompatible with the -X (XML plist output) option. ++
-j ++
Specifies that ++ipptool ++will produce JSON output. +
-l +
Specifies that plain text output is desired. +
-n repeat-count +diff --git a/doc/help/man-lp.html b/doc/help/man-lp.html +index f70c088d3..6442e900d 100644 +--- a/doc/help/man-lp.html ++++ b/doc/help/man-lp.html +@@ -12,6 +12,8 @@ lp - print files +

Synopsis

+ lp + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U +@@ -21,8 +23,6 @@ lp - print files + ] [ + -d destination[/instance] + ] [ +--h hostname[:port] +-] [ + -m + ] [ + -n +@@ -51,6 +51,8 @@ lp - print files +
+ lp + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U +@@ -58,8 +60,6 @@ lp - print files + ] [ + -c + ] [ +--h hostname[:port] +-] [ + -i + job-id + ] [ +@@ -106,6 +106,7 @@ In CUPS, print files are always sent to the scheduler via IPP which has the same +
Prints files to the named printer. +
-h hostname[:port] +
Chooses an alternate server. ++Note: This option must occur before all others. +
-i job-id +
Specifies an existing job to modify. +
-m +diff --git a/doc/help/man-lpinfo.html b/doc/help/man-lpinfo.html +index a1aed9421..30df7691c 100644 +--- a/doc/help/man-lpinfo.html ++++ b/doc/help/man-lpinfo.html +@@ -12,10 +12,10 @@ lpinfo - show available devices or drivers (deprecated) +

Synopsis

+ lpinfo + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -l + ] [ + --device-id +@@ -40,10 +40,10 @@ lpinfo - show available devices or drivers (deprecated) +
+ lpinfo + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -l + ] [ + --exclude-schemes +@@ -66,6 +66,7 @@ The first form (-m) lists the available drivers, while the second form (< +
Forces encryption when connecting to the server. +
-h server[:port] +
Selects an alternate server. ++Note: This option must occur before all others. +
-l +
Shows a "long" listing of devices or drivers. +
--device-id device-id-string +diff --git a/doc/help/man-lpmove.html b/doc/help/man-lpmove.html +index d8019ee25..b0db753f9 100644 +--- a/doc/help/man-lpmove.html ++++ b/doc/help/man-lpmove.html +@@ -12,10 +12,10 @@ lpmove - move a job or all jobs to a new destination +

Synopsis

+ lpmove + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -U + username + ] +@@ -24,10 +24,10 @@ lpmove - move a job or all jobs to a new destination +
+ lpmove + [ +--E +-] [ + -h server[:port] + ] [ ++-E ++] [ + -U + username + ] +@@ -44,6 +44,7 @@ The lpmove command supports the following options: +
Specifies an alternate username. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. + +

Examples

+ Move job 123 from "oldprinter" to "newprinter": +diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html +index 6dda87f64..6af78290b 100644 +--- a/doc/help/man-lpoptions.html ++++ b/doc/help/man-lpoptions.html +@@ -12,12 +12,12 @@ +

Synopsis

+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] ++] [ ++-E ++] [ ++-U ++username + ] + -d destination[/instance] + [ +@@ -26,26 +26,26 @@ +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] + ] [ ++-E ++] [ ++-U ++username ++] [ + -p destination[/instance] + ] + -o option[=value] ... +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] + ] [ ++-E ++] [ ++-U ++username ++] [ + -p destination[/instance] + ] + -r +@@ -53,12 +53,12 @@ +
+ lpoptions + [ +--E +-] [ +--U +-username +-] [ + -h server[:port] ++] [ ++-E ++] [ ++-U ++username + ] + -x destination[/instance] +

Description

+@@ -84,6 +84,7 @@ + This option overrides the system default printer for the current user. +
-h server[:port] +
Uses an alternate server. ++Note: This option must occur before all others. +
-l +
Lists the printer specific options and their current settings. +
-o option[=value] +@@ -119,7 +120,7 @@ + lprm(1), + CUPS Online Help (http://localhost:631/help) +

Copyright

+-Copyright © 2007-2017 by Apple Inc. ++Copyright © 2021-2022 by OpenPrinting. + + + +diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html +index 1c9e704ff..19e536d3c 100644 +--- a/doc/help/man-lpq.html ++++ b/doc/help/man-lpq.html +@@ -12,13 +12,13 @@ lpq - show printer queue status +

Synopsis

+ lpq + [ ++-h server[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h server[:port] +-] [ + -P destination[/instance] + ] [ + -a +@@ -44,6 +44,7 @@ Jobs queued on the default destination will be shown if no printer or class is s +
Reports jobs on all printers. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-l +
Requests a more verbose (long) reporting format. + +diff --git a/doc/help/man-lpr.html b/doc/help/man-lpr.html +index d044ab1a8..f9b19e1fe 100644 +--- a/doc/help/man-lpr.html ++++ b/doc/help/man-lpr.html +@@ -12,10 +12,10 @@ lpr - print files +

Synopsis

+ lpr + [ +--E +-] [ + -H server[:port] + ] [ ++-E ++] [ + -U + username + ] [ +@@ -67,6 +67,7 @@ The following options are recognized by lpr: +
Forces encryption when connecting to the server. +
-H server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-C "name" +
-J "name" +
-T "name" +diff --git a/doc/help/man-lprm.html b/doc/help/man-lprm.html +index 7410320a3..dbe7f20de 100644 +--- a/doc/help/man-lprm.html ++++ b/doc/help/man-lprm.html +@@ -12,14 +12,13 @@ lprm - cancel print jobs +

Synopsis

+ lprm + [ ++-h hostname[:port] ++] [ + -E + ] [ + -U + username + ] [ +--h +-server[:port] +-] [ + -P + destination[/instance] + ] [ +@@ -45,6 +44,7 @@ command supports the following options: +
Specifies an alternate username. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. + +

Conforming To

+ The CUPS version of +diff --git a/doc/help/man-lpstat.html b/doc/help/man-lpstat.html +index f23089bbe..2c5dedc7c 100644 +--- a/doc/help/man-lpstat.html ++++ b/doc/help/man-lpstat.html +@@ -12,6 +12,8 @@ lpstat - print cups status information +

Synopsis

+ lpstat + [ ++-h hostname[:port] ++] [ + -E + ] [ + -H +@@ -19,8 +21,6 @@ lpstat - print cups status information + -U + username + ] [ +--h hostname[:port] +-] [ + -l + ] [ + -W +@@ -91,6 +91,7 @@ If no classes are specified then all classes are listed. +
Shows all available destinations on the local network. +
-h server[:port] +
Specifies an alternate server. ++Note: This option must occur before all others. +
-l +
Shows a long listing of printers, classes, or jobs. +
-o [destination(s)] +diff --git a/man/cancel.man b/man/cancel.man +index 34a5d9fc0..caea0ed69 100644 +--- a/man/cancel.man ++++ b/man/cancel.man +@@ -10,12 +10,15 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH cancel 1 "CUPS" "15 April 2014" "Apple Inc." ++.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + cancel \- cancel jobs + .SH SYNOPSIS + .B cancel + [ ++.B \-h ++.I hostname[:port] ++] [ + .B \-E + ] [ + .B \-U +@@ -23,9 +26,6 @@ + ] [ + .B \-a + ] [ +-.B \-h +-.I hostname[:port] +-] [ + .B \-u + .I username + ] [ +@@ -52,6 +52,7 @@ + .TP 5 + \fB\-h \fIhostname\fR[\fI:port\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-U \fIusername\fR + Specifies the username to use when connecting to the server. +diff --git a/man/cupsctl.man b/man/cupsctl.man +index 1b1ff4183..7e50d07ac 100644 +--- a/man/cupsctl.man ++++ b/man/cupsctl.man +@@ -10,20 +10,20 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH cupsctl 8 "CUPS" "30 May 2016" "Apple Inc." ++.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + cupsctl \- configure cupsd.conf options + .SH SYNOPSIS + .B cupsctl + [ ++.B \-h ++\fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-.B \-h +-\fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR + ] [ + \fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR +@@ -51,6 +51,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies the server address. ++Note: This option must occur before all others. + .TP 5 + \fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR + Enables (disables) debug logging to the \fIerror_log\fR file. +diff --git a/man/lp.man b/man/lp.man +index a54f904a5..4bdd2de7b 100644 +--- a/man/lp.man ++++ b/man/lp.man +@@ -10,12 +10,14 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lp 1 "CUPS" "2 May 2016" "Apple Inc." ++.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lp \- print files + .SH SYNOPSIS + .B lp + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U +@@ -25,8 +27,6 @@ + ] [ + \fB\-d \fIdestination\fR[\fB/\fIinstance\fR] + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-m + ] [ + .B \-n +@@ -55,6 +55,8 @@ + .br + .B lp + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U +@@ -62,8 +64,6 @@ + ] [ + .B \-c + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-i + .I job-id + ] [ +@@ -115,6 +115,7 @@ + .TP 5 + \fB\-h \fIhostname\fR[\fB:\fIport\fR] + Chooses an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-i \fIjob-id\fR + Specifies an existing job to modify. +diff --git a/man/lpinfo.man b/man/lpinfo.man +index d238f9a60..d44b568d2 100644 +--- a/man/lpinfo.man ++++ b/man/lpinfo.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpinfo 8 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpinfo \- show available devices or drivers + .SH SYNOPSIS + .B lpinfo + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-l + ] [ + .B \-\-device\-id +@@ -44,10 +44,10 @@ + .br + .B lpinfo + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-l + ] [ + .B \-\-exclude\-schemes +@@ -71,6 +71,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Selects an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Shows a "long" listing of devices or drivers. +diff --git a/man/lpmove.man b/man/lpmove.man +index af3c6b63c..62adba654 100644 +--- a/man/lpmove.man ++++ b/man/lpmove.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpmove 8 "CUPS" "26 May 2016" "Apple Inc." ++.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpmove \- move a job or all jobs to a new destination + .SH SYNOPSIS + .B lpmove + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] +@@ -28,10 +28,10 @@ + .br + .B lpmove + [ +-.B \-E +-] [ + \fB\-h \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] +@@ -50,6 +50,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .SH EXAMPLES + Move job 123 from "oldprinter" to "newprinter": + .nf +diff --git a/man/lpoptions.man.in b/man/lpoptions.man.in +index 372f46a37..2eb5b6010 100644 +--- a/man/lpoptions.man.in ++++ b/man/lpoptions.man.in +@@ -10,18 +10,18 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpoptions 1 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpoptions \- display or set printer options and defaults + .SH SYNOPSIS + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username +-] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] + ] + \fB\-d \fIdestination\fR[\fB/\fIinstance\fR] + [ +@@ -30,13 +30,13 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-p \fIdestination\fR[\fB/\fIinstance\fR] + ] + \fB\-o \fIoption\fR[\fB=\fIvalue\fR] ... +@@ -43,13 +43,13 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-p \fIdestination\fR[\fB/\fIinstance\fR] + ] + .B \-r +@@ -57,12 +57,12 @@ + .br + .B lpoptions + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username +-] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] + ] + \fB\-x \fIdestination\fR[\fB/\fIinstance\fR] + .SH DESCRIPTION +@@ -96,6 +96,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Uses an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Lists the printer specific options and their current settings. +diff --git a/man/lpq.man b/man/lpq.man +index ce23a6c81..a81633ecb 100644 +--- a/man/lpq.man ++++ b/man/lpq.man +@@ -10,19 +10,19 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpq 1 "CUPS" "12 June 2014" "Apple Inc." ++.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpq \- show printer queue status + .SH SYNOPSIS + .B lpq + [ ++\fB\-h \fIserver\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-\fB\-h \fIserver\fR[\fB:\fIport\fR] +-] [ + \fB\-P \fIdestination\fR[\fB/\fIinstance\fR] + ] [ + .B \-a +@@ -53,6 +53,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Requests a more verbose (long) reporting format. +diff --git a/man/lpr.man b/man/lpr.man +index e5f9f9018..77a62b305 100644 +--- a/man/lpr.man ++++ b/man/lpr.man +@@ -10,16 +10,16 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpr 1 "CUPS" "2 May 2016" "Apple Inc." ++.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpr \- print files + .SH SYNOPSIS + .B lpr + [ +-.B \-E +-] [ + \fB\-H \fIserver\fR[\fB:\fIport\fR] + ] [ ++.B \-E ++] [ + .B \-U + .I username + ] [ +@@ -72,6 +72,7 @@ + .TP 5 + \fB\-H \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + \fB\-C "\fIname\fB"\fR + .TP 5 +diff --git a/man/lprm.man b/man/lprm.man +index 094166539..0cf88ac51 100644 +--- a/man/lprm.man ++++ b/man/lprm.man +@@ -10,20 +10,19 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lprm 1 "CUPS" "22 May 2014" "Apple Inc." ++.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lprm \- cancel print jobs + .SH SYNOPSIS + .B lprm + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-U + .I username + ] [ +-.B \-h +-.IR server [ :port ] +-] [ + .B \-P + .IR destination [ /instance ] + ] [ +@@ -52,6 +51,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fI:port\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .SH CONFORMING TO + The CUPS version of + .B lprm +diff --git a/man/lpstat.man b/man/lpstat.man +index 0a10cd9bc..88acff7b3 100644 +--- a/man/lpstat.man ++++ b/man/lpstat.man +@@ -1,8 +1,8 @@ + .\" + .\" lpstat man page for CUPS. + .\" +-.\" Copyright 2007-2017 by Apple Inc. +-.\" Copyright 1997-2006 by Easy Software Products. ++.\" Copyright © 2007-2019 by Apple Inc. ++.\" Copyright © 1997-2006 by Easy Software Products. + .\" + .\" These coded instructions, statements, and computer programs are the + .\" property of Apple Inc. and are protected by Federal copyright +@@ -10,12 +10,14 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH lpstat 1 "CUPS" "26 May 2017" "Apple Inc." ++.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting" + .SH NAME + lpstat \- print cups status information + .SH SYNOPSIS + .B lpstat + [ ++\fB\-h \fIhostname\fR[\fB:\fIport\fR] ++] [ + .B \-E + ] [ + .B \-H +@@ -23,8 +25,6 @@ + .B \-U + .I username + ] [ +-\fB\-h \fIhostname\fR[\fB:\fIport\fR] +-] [ + .B \-l + ] [ + .B \-W +@@ -104,6 +104,7 @@ + .TP 5 + \fB\-h \fIserver\fR[\fB:\fIport\fR] + Specifies an alternate server. ++Note: This option must occur before all others. + .TP 5 + .B \-l + Shows a long listing of printers, classes, or jobs. diff --git a/SOURCES/0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch b/SOURCES/0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch new file mode 100644 index 0000000..5e96f57 --- /dev/null +++ b/SOURCES/0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch @@ -0,0 +1,109 @@ +From 7271db11d27fe436f0c743bed3be8a5c6f93f2c2 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Mon, 9 Apr 2018 09:50:19 -0400 +Subject: [PATCH] Use cupsGetNamedDest for legacy printing APIs (Issue #5288) + +--- + cups/util.c | 59 +++++----------------------- + xcode/CUPS.xcodeproj/project.pbxproj | 6 ++- + 2 files changed, 15 insertions(+), 50 deletions(-) + +diff --git a/cups/util.c b/cups/util.c +index ebc54d3cf..b15963e9e 100644 +--- a/cups/util.c ++++ b/cups/util.c +@@ -21,19 +22,6 @@ + #endif /* WIN32 || __EMX__ */ + + +-/* +- * Enumeration data and callback... +- */ +- +-typedef struct _cups_createdata_s +-{ +- const char *name; /* Destination name */ +- cups_dest_t *dest; /* Matching destination */ +-} _cups_createdata_t; +- +-static int cups_create_cb(_cups_createdata_t *data, unsigned flags, cups_dest_t *dest); +- +- + /* + * 'cupsCancelJob()' - Cancel a print job on the default server. + * +@@ -168,7 +156,7 @@ cupsCreateJob( + { + int job_id = 0; /* job-id value */ + ipp_status_t status; /* Create-Job status */ +- _cups_createdata_t data; /* Enumeration data */ ++ cups_dest_t *dest; /* Destination */ + cups_dinfo_t *info; /* Destination information */ + + +@@ -188,12 +176,7 @@ cupsCreateJob( + * Lookup the destination... + */ + +- data.name = name; +- data.dest = NULL; +- +- cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_create_cb, &data); +- +- if (!data.dest) ++ if ((dest = cupsGetNamedDest(http, name, NULL)) == NULL) + { + DEBUG_puts("1cupsCreateJob: Destination not found."); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0); +@@ -205,18 +188,18 @@ cupsCreateJob( + */ + + DEBUG_puts("1cupsCreateJob: Querying destination info."); +- if ((info = cupsCopyDestInfo(http, data.dest)) == NULL) ++ if ((info = cupsCopyDestInfo(http, dest)) == NULL) + { + DEBUG_puts("1cupsCreateJob: Query failed."); +- cupsFreeDests(1, data.dest); ++ cupsFreeDests(1, dest); + return (0); + } + +- status = cupsCreateDestJob(http, data.dest, info, &job_id, title, num_options, options); ++ status = cupsCreateDestJob(http, dest, info, &job_id, title, num_options, options); + DEBUG_printf(("1cupsCreateJob: cupsCreateDestJob returned %04x (%s)", status, ippErrorString(status))); + + cupsFreeDestInfo(info); +- cupsFreeDests(1, data.dest); ++ cupsFreeDests(1, dest); + + /* + * Return the job... +@@ -968,25 +951,3 @@ cupsStartDocument( + return (status); + } + +- +-/* +- * 'cups_create_cb()' - Find the destination for printing. +- */ +- +-static int /* O - 0 on match */ +-cups_create_cb( +- _cups_createdata_t *data, /* I - Data from cupsCreateJob call */ +- unsigned flags, /* I - Enumeration flags */ +- cups_dest_t *dest) /* I - Destination */ +-{ +- DEBUG_printf(("2cups_create_cb(data=%p(%s), flags=%08x, dest=%p(%s))", (void *)data, data->name, flags, (void *)dest, dest->name)); +- +- (void)flags; +- +- if (dest->instance || strcasecmp(data->name, dest->name)) +- return (1); +- +- cupsCopyDest(dest, 0, &data->dest); +- +- return (0); +-} +-- +2.35.1 + diff --git a/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch b/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch new file mode 100644 index 0000000..fe5d29e --- /dev/null +++ b/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch @@ -0,0 +1,48 @@ +From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001 +From: Bryan Mason +Date: Tue, 27 Jun 2023 04:18:46 -0700 +Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a + single job (#742) + +The command "cancel -x " adds "purge-jobs true" to the Cancel-Job +operation; however, the correct attribute to use for Cancel-job is +"purge-job" (singular), not "purge-jobs" (plural). As a result, job +files are not removed from /var/spool/cups when "cancel -x " is +executed. + +This patch resolves the issue by adding "purge-job" when the IPP +operation is Cancel-Job and "purge-jobs" for other IPP operations +(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs) +--- + systemv/cancel.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/systemv/cancel.c b/systemv/cancel.c +index 572f413e1..f5b8e12b5 100644 +--- a/systemv/cancel.c ++++ b/systemv/cancel.c +@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */ + * attributes-natural-language + * printer-uri + job-id *or* job-uri + * [requesting-user-name] ++ * [purge-job] or [purge-jobs] + */ + + request = ippNewRequest(op); +@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */ + "requesting-user-name", NULL, cupsUser()); + + if (purge) +- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge); ++ { ++ if (op == IPP_CANCEL_JOB) ++ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge); ++ else ++ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge); ++ } + + /* + * Do the request and get back a response... +-- +2.41.0 + diff --git a/SOURCES/0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch b/SOURCES/0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch new file mode 100644 index 0000000..d2c0716 --- /dev/null +++ b/SOURCES/0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch @@ -0,0 +1,16 @@ +diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c +index 92f1501..7edc058 100644 +--- a/cgi-bin/ipp-var.c ++++ b/cgi-bin/ipp-var.c +@@ -275,10 +275,7 @@ cgiMoveJobs(http_t *http, /* I - Connection to server */ + */ + + if ((user = getenv("REMOTE_USER")) == NULL) +- { +- puts("Status: 401\n"); +- exit(0); +- } ++ user = "guest"; + + /* + * See if the user has already selected a new destination... diff --git a/SOURCES/0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch b/SOURCES/0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch new file mode 100644 index 0000000..3d12cc0 --- /dev/null +++ b/SOURCES/0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch @@ -0,0 +1,65 @@ +From 4ddeb8544e2e5c63a405d9e093ac24704f3deb03 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Tue, 21 Jul 2020 12:54:22 +0200 +Subject: [PATCH] cups/dests.c: cupsGetNamedDest() - set + IPP_STATUS_ERROR_NOT_FOUND error if queue was not found lp.c/lpr.c: check for + IPP_STATUS_ERROR_NOT_FOUND and generate a proper message if hit + +--- + berkeley/lpr.c | 6 ++++++ + cups/dest.c | 3 +++ + systemv/lp.c | 6 ++++++ + 3 files changed, 15 insertions(+) + +diff --git a/berkeley/lpr.c b/berkeley/lpr.c +index 627fa6a4e..a8f78b881 100644 +--- a/berkeley/lpr.c ++++ b/berkeley/lpr.c +@@ -234,6 +234,12 @@ main(int argc, /* I - Number of command-line arguments */ + _cupsLangPrintf(stderr, _("%s: Error - add '/version=1.1' to server name."), argv[0]); + return (1); + } ++ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND) ++ { ++ _cupsLangPrintf(stderr, ++ _("%s: Error - The printer or class does not exist."), argv[0]); ++ return (1); ++ } + break; + + case '#' : /* Number of copies */ +diff --git a/cups/dest.c b/cups/dest.c +index cde987a09..2017792a7 100644 +--- a/cups/dest.c ++++ b/cups/dest.c +@@ -1839,7 +1839,10 @@ cupsGetNamedDest(http_t *http, /* I - Connection to server or @code CUPS_HTT + cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_name_cb, &data); + + if (!data.dest) ++ { ++ _cupsSetError(IPP_STATUS_ERROR_NOT_FOUND, _("The printer or class does not exist."), 1); + return (NULL); ++ } + + dest = data.dest; + } +diff --git a/systemv/lp.c b/systemv/lp.c +index 298c15825..d918b4b14 100644 +--- a/systemv/lp.c ++++ b/systemv/lp.c +@@ -161,6 +161,12 @@ main(int argc, /* I - Number of command-line arguments */ + "name."), argv[0]); + return (1); + } ++ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND) ++ { ++ _cupsLangPrintf(stderr, ++ _("%s: Error - The printer or class does not exist."), argv[0]); ++ return (1); ++ } + break; + + case 'f' : /* Form */ +-- +2.31.1 + diff --git a/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch b/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch new file mode 100644 index 0000000..d30c243 --- /dev/null +++ b/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch @@ -0,0 +1,35 @@ +From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001 +From: Vasilis Liaskovitis +Date: Wed, 1 Mar 2023 13:46:28 +0100 +Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes + #308) + +Use a listen queue size of INT_MAX, which should default to the maximum +supported queue size on the system. + +This avoids the problem of the listening backlog queue getting full when +there are too many requests at the same time. The problem was observed +with the previous backlog size (128) by customers when submitting large +batches of print jobs, resulting in some jobs getting lost. + +Signed-off-by: Vasilis Liaskovitis +--- + cups/http-addr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cups/http-addr.c b/cups/http-addr.c +index a61ee0449..6aeeb8074 100644 +--- a/cups/http-addr.c ++++ b/cups/http-addr.c +@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + * Listen... + */ + +- if (listen(fd, 5)) ++ if (listen(fd, INT_MAX)) + { + _cupsSetHTTPError(HTTP_STATUS_ERROR); + +-- +2.41.0 + diff --git a/SOURCES/0001-cups-strlcpy-handle-zero-size.patch b/SOURCES/0001-cups-strlcpy-handle-zero-size.patch new file mode 100644 index 0000000..45d36ad --- /dev/null +++ b/SOURCES/0001-cups-strlcpy-handle-zero-size.patch @@ -0,0 +1,26 @@ +From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 17 May 2023 12:59:57 -0400 +Subject: [PATCH] Consensus fix. + +--- + cups/string.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cups/string.c b/cups/string.c +index 00454203c..b4fc12050 100644 +--- a/cups/string.c ++++ b/cups/string.c +@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ + size_t srclen; /* Length of source string */ + + ++ if (size == 0) ++ return (0); ++ + /* + * Figure out how much room is needed... + */ +-- +2.40.1 + diff --git a/SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch b/SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch new file mode 100644 index 0000000..67e2edc --- /dev/null +++ b/SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch @@ -0,0 +1,55 @@ +From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 6 Apr 2022 15:04:45 +0200 +Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR + +The current mode for `gnutls_bye()` in client use cases strictly +follows TLS v1.2 standard, which in this particular part says: + +``` +Unless some other fatal alert has been transmitted, each party is +required to send a close_notify alert before closing the write +side of the connection. The other party MUST respond with a +close_notify alert of its own and close down the connection immediately, +discarding any pending writes. It is not required for the initiator +of the close to wait for the responding close_notify alert before +closing the read side of the connection. +``` + +and waits for the other side of TLS connection to confirm the close. + +Unfortunately it can undesired for reasons: +- we support switching of TLS versions in CUPS, and this mode strictly + follows TLS v1.2 - so for older version this behavior is not expected + and can cause delays +- even some TLS v1.2 implementations (like Windows Server 2016) don't + comply TLS v1.2 behavior even if it says it does - in that case, + encrypted printing takes 30s till HTTP timeout is reached, because the + other side didn't send confirmation +- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference, + so we could end up with two TLS implementations in CUPS which will + behave differently + +Since the standard defines that waiting for confirmation is not required +and due the problems above, I would propose using GNUTLS_SHUT_WR mode +regardless of HTTP mode. +--- + cups/tls-gnutls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c +index c55995b2b..f87b4f4df 100644 +--- a/cups/tls-gnutls.c ++++ b/cups/tls-gnutls.c +@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */ + int error; /* Error code */ + + +- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR); ++ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR); + if (error != GNUTLS_E_SUCCESS) + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0); + +-- +2.35.1 + diff --git a/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch b/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch new file mode 100644 index 0000000..a280b4f --- /dev/null +++ b/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch @@ -0,0 +1,43 @@ +diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c +--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup 2023-12-19 18:25:15.484637450 +0100 ++++ cups-2.2.6/cups/http-addrlist.c 2023-12-19 18:28:57.129163387 +0100 +@@ -313,6 +313,39 @@ httpAddrConnect2( + { + # ifdef HAVE_POLL + DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents)); ++ ++# ifdef _WIN32 ++ if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) || ++ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT)))) ++# else ++ if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) || ++ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT)))) ++# endif /* _WIN32 */ ++ { ++ // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing ++ // asynchronous connections. The solution seems to be to use getsockopt to ++ // check the SO_ERROR value and ignore the POLLHUP if there is no error or ++ // the error is EINPROGRESS. ++ ++ int sres, /* Return value from getsockopt() - 0, or -1 if error */ ++ serr; /* Option SO_ERROR value */ ++ socklen_t slen = sizeof(serr); /* Option value size */ ++ ++ sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen); ++ ++ if (sres || serr) ++ { ++ pfds[i].revents |= POLLERR; ++# ifdef DEBUG ++ DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr))); ++# endif ++ } ++ else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT))) ++ { ++ pfds[i].revents &= ~POLLHUP; ++ } ++ } ++ + if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP))) + # else + if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set)) diff --git a/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch new file mode 100644 index 0000000..0aa9c99 --- /dev/null +++ b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch @@ -0,0 +1,35 @@ +From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 May 2022 06:27:04 +0200 +Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes + CVE-2022-26691) + +The previous algorithm didn't expect the strings can have a different +length, so one string can be a substring of the other and such substring +was reported as equal to the longer string. +--- + CHANGES.md | 1 + + scheduler/cert.c | 9 ++++++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/scheduler/cert.c b/scheduler/cert.c +index b268bf1b2..9b65b96c9 100644 +--- a/scheduler/cert.c ++++ b/scheduler/cert.c +@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ + b ++; + } + +- return (result); ++ /* ++ * The while loop finishes when *a == '\0' or *b == '\0' ++ * so after the while loop either both *a and *b == '\0', ++ * or one points inside a string, so when we apply bitwise OR on *a, ++ * *b and result, we get a non-zero return value if the compared strings don't match. ++ */ ++ ++ return (result | *a | *b); + } +-- +2.36.1 + diff --git a/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch b/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch new file mode 100644 index 0000000..0c7f8c3 --- /dev/null +++ b/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch @@ -0,0 +1,36 @@ +From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Fri, 1 Sep 2023 17:11:54 +0200 +Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open + cups-files.conf + +In case cupsd can't open the cups-files.conf, the error message is lost +if journal and syslog don't exist or work on system (usually in +containers). + +Log the error into stderr at this place to get the error message if +needed. +--- + scheduler/conf.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index b18535162..4fa7eb1df 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -811,11 +811,7 @@ cupsdReadConfiguration(void) + cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile); + else + { +-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H +- sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); +-#else +- syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); +-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ ++ fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno)); + + return (0); + } +-- +2.41.0 + diff --git a/SOURCES/0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch b/SOURCES/0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch new file mode 100644 index 0000000..025361f --- /dev/null +++ b/SOURCES/0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch @@ -0,0 +1,38 @@ +From 08e9b6e1f8497a8159d6bd7cd6dc96ae79a2e704 Mon Sep 17 00:00:00 2001 +From: Bryan Mason +Date: Thu, 15 Jul 2021 16:26:27 -0700 +Subject: [PATCH] scheduler/job.c: use gziptoany for raw files (not just raw + printers) + +--- + scheduler/job.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/scheduler/job.c b/scheduler/job.c +index d8c2efcc6..b448acda5 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -501,6 +501,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ + int backroot; /* Run backend as root? */ + int pid; /* Process ID of new filter process */ + int banner_page; /* 1 if banner page, 0 otherwise */ ++ int raw_file; /* 1 if file type is vnd.cups-raw */ + int filterfds[2][2] = { { -1, -1 }, { -1, -1 } }; + /* Pipes used between filters */ + int envc; /* Number of environment variables */ +@@ -746,8 +747,11 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ + * Add decompression/raw filter as needed... + */ + ++ raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") && ++ !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw"); ++ + if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) || +- (!job->printer->remote && job->printer->raw && job->num_files > 1)) ++ (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1)) + { + /* + * Add gziptoany filter to the front of the list... +-- +2.31.1 + diff --git a/SOURCES/cups-autostart-when-enabled.patch b/SOURCES/cups-autostart-when-enabled.patch new file mode 100644 index 0000000..1cdefb6 --- /dev/null +++ b/SOURCES/cups-autostart-when-enabled.patch @@ -0,0 +1,10 @@ +diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in +index 307d69b..add238b 100644 +--- a/scheduler/org.cups.cupsd.service.in ++++ b/scheduler/org.cups.cupsd.service.in +@@ -10,4 +10,4 @@ Restart=on-failure + + [Install] + Also=cups.socket cups.path +-WantedBy=printer.target ++WantedBy=printer.target multi-user.target diff --git a/SOURCES/cups-avahi-address.patch b/SOURCES/cups-avahi-address.patch new file mode 100644 index 0000000..b8090ea --- /dev/null +++ b/SOURCES/cups-avahi-address.patch @@ -0,0 +1,95 @@ +diff -up cups-2.2b2/cups/http-support.c.avahi-address cups-2.2b2/cups/http-support.c +--- cups-2.2b2/cups/http-support.c.avahi-address 2016-06-24 17:43:35.000000000 +0200 ++++ cups-2.2b2/cups/http-support.c 2016-06-27 15:31:34.201361844 +0200 +@@ -2340,7 +2340,7 @@ http_resolve_cb( + const char *type, /* I - Registration type */ + const char *domain, /* I - Domain (unused) */ + const char *hostTarget, /* I - Hostname */ +- const AvahiAddress *address, /* I - Address (unused) */ ++ const AvahiAddress *address, /* I - Address */ + uint16_t port, /* I - Port number */ + AvahiStringList *txt, /* I - TXT record */ + AvahiLookupResultFlags flags, /* I - Lookup flags (unused) */ +@@ -2493,39 +2493,62 @@ http_resolve_cb( + * getting the IP address of the .local name and then do reverse-lookups... + */ + +- http_addrlist_t *addrlist, /* List of addresses */ +- *addr; /* Current address */ ++ http_addr_t addr; ++ size_t addrlen; ++ int error; + + DEBUG_printf(("5http_resolve_cb: Looking up \"%s\".", hostTarget)); + +- snprintf(fqdn, sizeof(fqdn), "%d", ntohs(port)); +- if ((addrlist = httpAddrGetList(hostTarget, AF_UNSPEC, fqdn)) != NULL) ++ switch (address->proto) + { +- for (addr = addrlist; addr; addr = addr->next) ++ case AVAHI_PROTO_INET: ++ addr.ipv4.sin_family = AF_INET; ++ addrlen = sizeof (addr.ipv4.sin_addr); ++ memcpy (&addr.ipv4.sin_addr, &address->data, addrlen); ++ break; ++ case AVAHI_PROTO_INET6: ++ addr.ipv6.sin6_family = AF_INET6; ++ addrlen = sizeof (addr.ipv6.sin6_addr); ++ memcpy (&addr.ipv6.sin6_addr, &address->data, addrlen); ++ break; ++ default: ++ DEBUG_printf(("8http_resolve_cb: unknown address family %d", ++ address->proto)); ++ addrlen = 0; ++ } ++ ++ if (addrlen > 0) { ++ error = getnameinfo(&addr.addr, httpAddrLength (&addr), ++ fqdn, sizeof(fqdn), NULL, 0, NI_NAMEREQD); ++ ++ if (!error) + { +- int error = getnameinfo(&(addr->addr.addr), (socklen_t)httpAddrLength(&(addr->addr)), fqdn, sizeof(fqdn), NULL, 0, NI_NAMEREQD); ++ DEBUG_printf(("8http_resolve_cb: Found \"%s\".", fqdn)); + +- if (!error) +- { +- DEBUG_printf(("5http_resolve_cb: Found \"%s\".", fqdn)); ++ if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn || ++ _cups_strcasecmp(hostptr, ".local")) + +- if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn || +- _cups_strcasecmp(hostptr, ".local")) +- { +- hostTarget = fqdn; +- break; +- } ++ { ++ hostTarget = fqdn; + } ++ } else { ++ avahi_address_snprint (fqdn, sizeof (fqdn), address); ++ hostTarget = fqdn; ++ + #ifdef DEBUG +- else +- DEBUG_printf(("5http_resolve_cb: \"%s\" did not resolve: %d", +- httpAddrString(&(addr->addr), fqdn, sizeof(fqdn)), +- error)); ++ DEBUG_printf(("8http_resolve_cb: \"%s\" did not resolve: %d", ++ fqdn, error)); + #endif /* DEBUG */ + } + +- httpAddrFreeList(addrlist); + } ++ } else { ++ /* ++ * Use the IP address that responded... ++ */ ++ ++ avahi_address_snprint (fqdn, sizeof (fqdn), address); ++ hostTarget = fqdn; + } + + /* diff --git a/SOURCES/cups-avahi-no-threaded.patch b/SOURCES/cups-avahi-no-threaded.patch new file mode 100644 index 0000000..942bbf5 --- /dev/null +++ b/SOURCES/cups-avahi-no-threaded.patch @@ -0,0 +1,1025 @@ +diff -up cups-2.2.5/scheduler/avahi.c.avahi-no-threaded cups-2.2.5/scheduler/avahi.c +--- cups-2.2.5/scheduler/avahi.c.avahi-no-threaded 2017-10-17 19:03:00.760881016 +0200 ++++ cups-2.2.5/scheduler/avahi.c 2017-10-17 19:03:00.760881016 +0200 +@@ -0,0 +1,441 @@ ++/* ++ * "$Id$" ++ * ++ * Avahi poll implementation for the CUPS scheduler. ++ * ++ * Copyright (C) 2010, 2011 Red Hat, Inc. ++ * Authors: ++ * Tim Waugh ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Contents: ++ * ++ * watch_read_cb - Read callback for file descriptor ++ * watch_write_cb - Write callback for file descriptor ++ * watched_fd_add_select() - Call cupsdAddSelect() as needed ++ * watch_new() - Create a new file descriptor watch ++ * watch_free() - Free a file descriptor watch ++ * watch_update() - Update watched events for a file descriptor ++ * watch_get_events() - Get events that happened for a file descriptor ++ * timeout_cb() - Run a timed Avahi callback ++ * timeout_new() - Set a wakeup time ++ * timeout_update() - Update the expiration time for a timeout ++ * timeout_free() - Free a timeout ++ * compare_watched_fds() - Compare watched file descriptors for array sorting ++ * avahi_cups_poll_new() - Create a new Avahi main loop object for CUPS ++ * avahi_cups_poll_free() - Free an Avahi main loop object for CUPS ++ * avahi_cups_poll_get() - Get the abstract poll API structure ++ */ ++ ++#include ++ ++#ifdef HAVE_AVAHI /* Applies to entire file... */ ++ ++/* ++ * Include necessary headers... ++ */ ++ ++#include "cupsd.h" ++ ++#if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) ++# include ++#endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ ++ ++#ifdef HAVE_AVAHI ++# include ++#endif /* HAVE_AVAHI */ ++ ++ ++typedef struct ++{ ++ AvahiCupsPoll *cups_poll; ++ ++ int fd; ++ AvahiWatchEvent occurred; ++ cups_array_t *watches; ++} cupsd_watched_fd_t; ++ ++struct AvahiWatch ++{ ++ cupsd_watched_fd_t *watched_fd; ++ ++ AvahiWatchEvent events; ++ AvahiWatchCallback callback; ++ void *userdata; ++}; ++ ++struct AvahiTimeout ++{ ++ AvahiCupsPoll *cups_poll; ++ AvahiTimeoutCallback callback; ++ void *userdata; ++ cupsd_timeout_t *cupsd_timeout; ++}; ++ ++/* ++ * Local functions... ++ */ ++ ++static AvahiWatch * watch_new(const AvahiPoll *api, ++ int fd, ++ AvahiWatchEvent events, ++ AvahiWatchCallback callback, ++ void *userdata); ++static void watch_free(AvahiWatch *watch); ++static void watch_update(AvahiWatch *watch, ++ AvahiWatchEvent events); ++static AvahiWatchEvent watch_get_events(AvahiWatch *watch); ++ ++ ++/* ++ * 'watch_read_cb' - Read callback for file descriptor ++ */ ++ ++static void ++watch_read_cb (void *userdata) ++{ ++ AvahiWatch *watch; ++ cupsd_watched_fd_t *watched_fd = userdata; ++ watched_fd->occurred |= AVAHI_WATCH_IN; ++ for (watch = (AvahiWatch *)cupsArrayFirst(watched_fd->watches); ++ watch; ++ watch = (AvahiWatch *)cupsArrayNext(watched_fd->watches)) ++ { ++ if (watch->events & watched_fd->occurred) ++ { ++ (watch->callback) (watch, watched_fd->fd, ++ AVAHI_WATCH_IN, watch->userdata); ++ watched_fd->occurred &= ~AVAHI_WATCH_IN; ++ break; ++ } ++ } ++} ++ ++ ++/* ++ * 'watch_write_cb' - Write callback for file descriptor ++ */ ++ ++static void ++watch_write_cb (void *userdata) ++{ ++ AvahiWatch *watch; ++ cupsd_watched_fd_t *watched_fd = userdata; ++ watched_fd->occurred |= AVAHI_WATCH_OUT; ++ for (watch = (AvahiWatch *)cupsArrayFirst(watched_fd->watches); ++ watch; ++ watch = (AvahiWatch *)cupsArrayNext(watched_fd->watches)) ++ { ++ if (watch->events & watched_fd->occurred) ++ { ++ (watch->callback) (watch, watched_fd->fd, ++ AVAHI_WATCH_OUT, watch->userdata); ++ watched_fd->occurred &= ~AVAHI_WATCH_OUT; ++ break; ++ } ++ } ++} ++ ++ ++/* ++ * 'watched_fd_add_select' - Call cupsdAddSelect() as needed ++ */ ++ ++static int /* O - Watches? */ ++watched_fd_add_select (cupsd_watched_fd_t *watched_fd) ++{ ++ AvahiWatch *watch; ++ cupsd_selfunc_t read_cb = NULL, write_cb = NULL; ++ int any_watches = 0; ++ ++ for (watch = (AvahiWatch *)cupsArrayFirst(watched_fd->watches); ++ watch; ++ watch = (AvahiWatch *)cupsArrayNext(watched_fd->watches)) ++ { ++ any_watches = 1; ++ if (watch->events & (AVAHI_WATCH_IN | ++ AVAHI_WATCH_ERR | ++ AVAHI_WATCH_HUP)) ++ { ++ read_cb = (cupsd_selfunc_t)watch_read_cb; ++ if (write_cb != NULL) ++ break; ++ } ++ ++ if (watch->events & AVAHI_WATCH_OUT) ++ { ++ write_cb = (cupsd_selfunc_t)watch_write_cb; ++ if (read_cb != NULL) ++ break; ++ } ++ } ++ ++ if (read_cb || write_cb) ++ cupsdAddSelect (watched_fd->fd, read_cb, write_cb, watched_fd); ++ else ++ cupsdRemoveSelect (watched_fd->fd); ++ ++ return (any_watches); ++} ++ ++/* ++ * 'watch_new' - Create a new file descriptor watch ++ */ ++ ++static AvahiWatch * ++watch_new (const AvahiPoll *api, ++ int fd, ++ AvahiWatchEvent events, ++ AvahiWatchCallback callback, ++ void *userdata) ++{ ++ cupsd_watched_fd_t key, *watched_fd; ++ AvahiCupsPoll *cups_poll = api->userdata; ++ AvahiWatch *watch = malloc(sizeof(AvahiWatch)); ++ if (watch == NULL) ++ return (NULL); ++ ++ watch->events = events; ++ watch->callback = callback; ++ watch->userdata = userdata; ++ ++ key.fd = fd; ++ watched_fd = cupsArrayFind (cups_poll->watched_fds, &key); ++ if (watched_fd == NULL) ++ { ++ watched_fd = malloc(sizeof(cupsd_watched_fd_t)); ++ if (watched_fd == NULL) ++ { ++ free (watch); ++ return (NULL); ++ } ++ ++ watched_fd->fd = fd; ++ watched_fd->occurred = 0; ++ watched_fd->cups_poll = cups_poll; ++ watched_fd->watches = cupsArrayNew (NULL, NULL); ++ cupsArrayAdd (cups_poll->watched_fds, watched_fd); ++ } ++ ++ watch->watched_fd = watched_fd; ++ cupsArrayAdd(watched_fd->watches, watch); ++ watched_fd_add_select (watched_fd); ++ return (watch); ++} ++ ++ ++/* ++ * 'watch_free' - Free a file descriptor watch ++ */ ++ ++static void ++watch_free (AvahiWatch *watch) ++{ ++ cupsd_watched_fd_t *watched_fd = watch->watched_fd; ++ AvahiCupsPoll *cups_poll = watched_fd->cups_poll; ++ ++ cupsArrayRemove (watched_fd->watches, watch); ++ free (watch); ++ ++ if (!watched_fd_add_select (watched_fd)) ++ { ++ /* No more watches */ ++ cupsArrayRemove (cups_poll->watched_fds, watched_fd); ++ free (watched_fd); ++ } ++} ++ ++ ++/* ++ * 'watch_update' - Update watched events for a file descriptor ++ */ ++ ++static void ++watch_update (AvahiWatch *watch, ++ AvahiWatchEvent events) ++{ ++ watch->events = events; ++ watched_fd_add_select (watch->watched_fd); ++} ++ ++ ++/* ++ * 'watch_get_events' - Get events that happened for a file descriptor ++ */ ++ ++static AvahiWatchEvent ++watch_get_events (AvahiWatch *watch) ++{ ++ return (watch->watched_fd->occurred); ++} ++ ++ ++/* ++ * 'timeout_cb()' - Run a timed Avahi callback ++ */ ++ ++static void ++timeout_cb (cupsd_timeout_t *cupsd_timeout, void *userdata) ++{ ++ AvahiTimeout *timeout = userdata; ++ (timeout->callback) (timeout, timeout->userdata); ++} ++ ++ ++/* ++ * 'timeout_new' - Set a wakeup time ++ */ ++ ++static AvahiTimeout * ++timeout_new (const AvahiPoll *api, ++ const struct timeval *tv, ++ AvahiTimeoutCallback callback, ++ void *userdata) ++{ ++ AvahiTimeout *timeout; ++ AvahiCupsPoll *cups_poll = api->userdata; ++ ++ timeout = malloc(sizeof(AvahiTimeout)); ++ if (timeout == NULL) ++ return (NULL); ++ ++ timeout->cups_poll = cups_poll; ++ timeout->callback = callback; ++ timeout->userdata = userdata; ++ timeout->cupsd_timeout = cupsdAddTimeout (tv, ++ (cupsd_timeoutfunc_t)timeout_cb, ++ timeout); ++ cupsArrayAdd (cups_poll->timeouts, timeout); ++ return (timeout); ++} ++ ++ ++/* ++ * 'timeout_update' - Update the expiration time for a timeout ++ */ ++ ++static void ++timeout_update (AvahiTimeout *timeout, ++ const struct timeval *tv) ++{ ++ cupsdUpdateTimeout (timeout->cupsd_timeout, tv); ++} ++ ++ ++/* ++ * ' timeout_free' - Free a timeout ++ */ ++ ++static void ++timeout_free (AvahiTimeout *timeout) ++{ ++ cupsArrayRemove (timeout->cups_poll->timeouts, timeout); ++ cupsdRemoveTimeout (timeout->cupsd_timeout); ++ free (timeout); ++} ++ ++ ++/* ++ * 'compare_watched_fds' - Compare watched file descriptors for array sorting ++ */ ++static int ++compare_watched_fds(cupsd_watched_fd_t *p0, ++ cupsd_watched_fd_t *p1) ++{ ++ /* ++ * Compare by fd (no two elements have the same fd) ++ */ ++ ++ if (p0->fd == p1->fd) ++ return 0; ++ ++ return (p0->fd < p1->fd ? -1 : 1); ++} ++ ++ ++/* ++ * 'avahi_cups_poll_new' - Create a new Avahi main loop object for CUPS ++ */ ++ ++AvahiCupsPoll * ++avahi_cups_poll_new (void) ++{ ++ AvahiCupsPoll *cups_poll = malloc(sizeof(AvahiCupsPoll)); ++ if (cups_poll == NULL) ++ return (NULL); ++ ++ cups_poll->watched_fds = cupsArrayNew ((cups_array_func_t)compare_watched_fds, ++ NULL); ++ cups_poll->timeouts = cupsArrayNew (NULL, NULL); ++ ++ cups_poll->api.userdata = cups_poll; ++ cups_poll->api.watch_new = watch_new; ++ cups_poll->api.watch_free = watch_free; ++ cups_poll->api.watch_update = watch_update; ++ cups_poll->api.watch_get_events = watch_get_events; ++ ++ cups_poll->api.timeout_new = timeout_new; ++ cups_poll->api.timeout_update = timeout_update; ++ cups_poll->api.timeout_free = timeout_free; ++ ++ return (cups_poll); ++} ++ ++ ++/* ++ * 'avahi_cups_poll_free' - Free an Avahi main loop object for CUPS ++ */ ++void ++avahi_cups_poll_free (AvahiCupsPoll *cups_poll) ++{ ++ cupsd_watched_fd_t *watched_fd; ++ ++ for (watched_fd = (cupsd_watched_fd_t*)cupsArrayFirst(cups_poll->watched_fds); ++ watched_fd; ++ watched_fd = (cupsd_watched_fd_t*)cupsArrayNext(cups_poll->watched_fds)) ++ cupsArrayClear (watched_fd->watches); ++ ++ cupsArrayClear (cups_poll->watched_fds); ++ cupsArrayClear (cups_poll->timeouts); ++} ++ ++ ++/* ++ * 'avahi_cups_poll_get' - Get the abstract poll API structure ++ */ ++ ++const AvahiPoll * ++avahi_cups_poll_get (AvahiCupsPoll *cups_poll) ++{ ++ return (&cups_poll->api); ++} ++ ++ ++#endif /* HAVE_AVAHI ... from top of file */ ++ ++/* ++ * End of "$Id$". ++ */ +diff -up cups-2.2.5/scheduler/avahi.h.avahi-no-threaded cups-2.2.5/scheduler/avahi.h +--- cups-2.2.5/scheduler/avahi.h.avahi-no-threaded 2017-10-17 19:03:00.760881016 +0200 ++++ cups-2.2.5/scheduler/avahi.h 2017-10-17 19:03:00.760881016 +0200 +@@ -0,0 +1,69 @@ ++/* ++ * "$Id$" ++ * ++ * Avahi poll implementation for the CUPS scheduler. ++ * ++ * Copyright (C) 2010, 2011 Red Hat, Inc. ++ * Authors: ++ * Tim Waugh ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++ ++#ifdef HAVE_AVAHI ++# include ++# include ++#endif /* HAVE_AVAHI */ ++ ++#ifdef HAVE_AUTHORIZATION_H ++# include ++#endif /* HAVE_AUTHORIZATION_H */ ++ ++ ++#ifdef HAVE_AVAHI ++typedef struct ++{ ++ AvahiPoll api; ++ cups_array_t *watched_fds; ++ cups_array_t *timeouts; ++} AvahiCupsPoll; ++#endif /* HAVE_AVAHI */ ++ ++/* ++ * Prototypes... ++ */ ++ ++#ifdef HAVE_AVAHI ++extern AvahiCupsPoll * avahi_cups_poll_new(void); ++extern void avahi_cups_poll_free(AvahiCupsPoll *cups_poll); ++extern const AvahiPoll *avahi_cups_poll_get(AvahiCupsPoll *cups_poll); ++#endif /* HAVE_AVAHI */ ++ ++ ++/* ++ * End of "$Id$". ++ */ +diff -up cups-2.2.5/scheduler/cupsd.h.avahi-no-threaded cups-2.2.5/scheduler/cupsd.h +--- cups-2.2.5/scheduler/cupsd.h.avahi-no-threaded 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/cupsd.h 2017-10-17 19:03:00.760881016 +0200 +@@ -118,6 +118,7 @@ extern const char *cups_hstrerror(int); + #include "colorman.h" + #include "conf.h" + #include "banners.h" ++#include "avahi.h" + #include "dirsvc.h" + #include "network.h" + #include "subscriptions.h" +@@ -138,6 +139,15 @@ extern const char *cups_hstrerror(int); + + typedef void (*cupsd_selfunc_t)(void *data); + ++#ifdef HAVE_AVAHI ++/* ++ * Timeout callback function type... ++ */ ++ ++typedef struct _cupsd_timeout_s cupsd_timeout_t; ++typedef void (*cupsd_timeoutfunc_t)(cupsd_timeout_t *timeout, void *data); ++#endif /* HAVE_AVAHI */ ++ + + /* + * Globals... +@@ -162,6 +172,9 @@ VAR int OnDemand VALUE(0); + /* Launched on demand */ + #endif /* HAVE_ONDEMAND */ + ++#ifdef HAVE_AVAHI ++VAR cups_array_t *Timeouts; /* Timed callbacks for main loop */ ++#endif /* HAVE_AVAHI */ + + /* + * Prototypes... +@@ -224,3 +237,15 @@ extern void cupsdStopSelect(void); + /* server.c */ + extern void cupsdStartServer(void); + extern void cupsdStopServer(void); ++ ++#ifdef HAVE_AVAHI ++extern void cupsdInitTimeouts(void); ++extern cupsd_timeout_t *cupsdAddTimeout (const struct timeval *tv, ++ cupsd_timeoutfunc_t cb, ++ void *data); ++extern cupsd_timeout_t *cupsdNextTimeout (long *delay); ++extern void cupsdRunTimeout (cupsd_timeout_t *timeout); ++extern void cupsdUpdateTimeout (cupsd_timeout_t *timeout, ++ const struct timeval *tv); ++extern void cupsdRemoveTimeout (cupsd_timeout_t *timeout); ++#endif /* HAVE_AVAHI */ +\ No newline at end of file +diff -up cups-2.2.5/scheduler/dirsvc.c.avahi-no-threaded cups-2.2.5/scheduler/dirsvc.c +--- cups-2.2.5/scheduler/dirsvc.c.avahi-no-threaded 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/dirsvc.c 2017-10-17 19:05:35.938592292 +0200 +@@ -193,7 +193,7 @@ cupsdStartBrowsing(void) + cupsdUpdateDNSSDName(); + + # else /* HAVE_AVAHI */ +- if ((DNSSDMaster = avahi_threaded_poll_new()) == NULL) ++ if ((DNSSDMaster = avahi_cups_poll_new()) == NULL) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create DNS-SD thread."); + +@@ -204,7 +204,7 @@ cupsdStartBrowsing(void) + { + int error; /* Error code, if any */ + +- DNSSDClient = avahi_client_new(avahi_threaded_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssdClientCallback, NULL, &error); ++ DNSSDClient = avahi_client_new(avahi_cups_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssdClientCallback, NULL, &error); + + if (DNSSDClient == NULL) + { +@@ -215,11 +215,9 @@ cupsdStartBrowsing(void) + if (FatalErrors & CUPSD_FATAL_BROWSE) + cupsdEndProcess(getpid(), 0); + +- avahi_threaded_poll_free(DNSSDMaster); ++ avahi_cups_poll_free(DNSSDMaster); + DNSSDMaster = NULL; + } +- else +- avahi_threaded_poll_start(DNSSDMaster); + } + # endif /* HAVE_DNSSD */ + } +@@ -635,7 +633,7 @@ dnssdClientCallback( + * Renew Avahi client... + */ + +- DNSSDClient = avahi_client_new(avahi_threaded_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssdClientCallback, NULL, &error); ++ DNSSDClient = avahi_client_new(avahi_cups_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssdClientCallback, NULL, &error); + + if (!DNSSDClient) + { +@@ -701,13 +699,7 @@ dnssdDeregisterInstance( + # else /* HAVE_AVAHI */ + if (*srv) + { +- if (!from_callback) +- avahi_threaded_poll_lock(DNSSDMaster); +- + avahi_entry_group_free(*srv); +- +- if (!from_callback) +- avahi_threaded_poll_unlock(DNSSDMaster); + } + # endif /* HAVE_DNSSD */ + +@@ -1029,16 +1021,10 @@ dnssdRegisterInstance( + (void)commit; + + # else /* HAVE_AVAHI */ +- if (!from_callback) +- avahi_threaded_poll_lock(DNSSDMaster); +- + if (!*srv) + *srv = avahi_entry_group_new(DNSSDClient, dnssdRegisterCallback, NULL); + if (!*srv) + { +- if (!from_callback) +- avahi_threaded_poll_unlock(DNSSDMaster); +- + cupsdLogMessage(CUPSD_LOG_WARN, "DNS-SD registration of \"%s\" failed: %s", + name, dnssdErrorString(avahi_client_errno(DNSSDClient))); + return (0); +@@ -1153,9 +1139,6 @@ dnssdRegisterInstance( + cupsdLogMessage(CUPSD_LOG_DEBUG, "DNS-SD commit of \"%s\" failed.", + name); + } +- +- if (!from_callback) +- avahi_threaded_poll_unlock(DNSSDMaster); + # endif /* HAVE_DNSSD */ + + if (error) +@@ -1326,9 +1309,6 @@ dnssdStop(void) + DNSSDMaster = NULL; + + # else /* HAVE_AVAHI */ +- if (DNSSDMaster) +- avahi_threaded_poll_stop(DNSSDMaster); +- + if (DNSSDClient) + { + avahi_client_free(DNSSDClient); +@@ -1337,7 +1317,7 @@ dnssdStop(void) + + if (DNSSDMaster) + { +- avahi_threaded_poll_free(DNSSDMaster); ++ avahi_cups_poll_free(DNSSDMaster); + DNSSDMaster = NULL; + } + # endif /* HAVE_DNSSD */ +diff -up cups-2.2.5/scheduler/dirsvc.h.avahi-no-threaded cups-2.2.5/scheduler/dirsvc.h +--- cups-2.2.5/scheduler/dirsvc.h.avahi-no-threaded 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/dirsvc.h 2017-10-17 19:03:00.761881007 +0200 +@@ -49,7 +49,7 @@ VAR cups_array_t *DNSSDPrinters VALUE(NU + VAR DNSServiceRef DNSSDMaster VALUE(NULL); + /* Master DNS-SD service reference */ + # else /* HAVE_AVAHI */ +-VAR AvahiThreadedPoll *DNSSDMaster VALUE(NULL); ++VAR AvahiCupsPoll *DNSSDMaster VALUE(NULL); + /* Master polling interface for Avahi */ + VAR AvahiClient *DNSSDClient VALUE(NULL); + /* Client information */ +diff -up cups-2.2.5/scheduler/main.c.avahi-no-threaded cups-2.2.5/scheduler/main.c +--- cups-2.2.5/scheduler/main.c.avahi-no-threaded 2017-10-17 19:03:00.753881074 +0200 ++++ cups-2.2.5/scheduler/main.c 2017-10-17 19:03:00.761881007 +0200 +@@ -131,7 +131,10 @@ main(int argc, /* I - Number of comm + int service_idle_exit; + /* Idle exit on select timeout? */ + #endif /* HAVE_ONDEMAND */ +- ++#ifdef HAVE_AVAHI ++ cupsd_timeout_t *tmo; /* Next scheduled timed callback */ ++ long tmo_delay; /* Time before it must be called */ ++#endif /* HAVE_AVAHI */ + + #ifdef HAVE_GETEUID + /* +@@ -610,6 +613,14 @@ main(int argc, /* I - Number of comm + + httpInitialize(); + ++#ifdef HAVE_AVAHI ++ /* ++ * Initialize timed callback structures. ++ */ ++ ++ cupsdInitTimeouts(); ++#endif /* HAVE_AVAHI */ ++ + cupsdStartServer(); + + /* +@@ -928,6 +939,16 @@ main(int argc, /* I - Number of comm + } + #endif /* __APPLE__ */ + ++#ifdef HAVE_AVAHI ++ /* ++ * If a timed callback is due, run it. ++ */ ++ ++ tmo = cupsdNextTimeout (&tmo_delay); ++ if (tmo && tmo_delay == 0) ++ cupsdRunTimeout (tmo); ++#endif /* HAVE_AVAHI */ ++ + #ifndef __APPLE__ + /* + * Update the network interfaces once a minute... +@@ -1632,6 +1653,10 @@ select_timeout(int fds) /* I - Number + cupsd_job_t *job; /* Job information */ + cupsd_printer_t *printer; /* Printer information */ + const char *why; /* Debugging aid */ ++#ifdef HAVE_AVAHI ++ cupsd_timeout_t *tmo; /* Timed callback */ ++ long tmo_delay; /* Seconds before calling it */ ++#endif /* HAVE_AVAHI */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, "select_timeout: JobHistoryUpdate=%ld", +@@ -1677,6 +1702,19 @@ select_timeout(int fds) /* I - Number + } + #endif /* __APPLE__ */ + ++#ifdef HAVE_AVAHI ++ /* ++ * See if there are any scheduled timed callbacks to run. ++ */ ++ ++ if ((tmo = cupsdNextTimeout(&tmo_delay)) != NULL && ++ (now + tmo_delay) < timeout) ++ { ++ timeout = tmo_delay; ++ why = "run a timed callback"; ++ } ++#endif /* HAVE_AVAHI */ ++ + /* + * Check whether we are accepting new connections... + */ +diff -up cups-2.2.5/scheduler/Makefile.avahi-no-threaded cups-2.2.5/scheduler/Makefile +--- cups-2.2.5/scheduler/Makefile.avahi-no-threaded 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/Makefile 2017-10-17 19:03:00.762880999 +0200 +@@ -15,6 +15,7 @@ include ../Makedefs + + CUPSDOBJS = \ + auth.o \ ++ avahi.o \ + banners.o \ + cert.o \ + classes.o \ +@@ -38,7 +39,8 @@ CUPSDOBJS = \ + server.o \ + statbuf.o \ + subscriptions.o \ +- sysman.o ++ sysman.o \ ++ timeout.o + LIBOBJS = \ + filter.o \ + mime.o \ +diff -up cups-2.2.5/scheduler/timeout.c.avahi-no-threaded cups-2.2.5/scheduler/timeout.c +--- cups-2.2.5/scheduler/timeout.c.avahi-no-threaded 2017-10-17 19:03:00.762880999 +0200 ++++ cups-2.2.5/scheduler/timeout.c 2017-10-17 19:03:00.762880999 +0200 +@@ -0,0 +1,235 @@ ++/* ++ * "$Id$" ++ * ++ * Timeout functions for the Common UNIX Printing System (CUPS). ++ * ++ * Copyright (C) 2010, 2011 Red Hat, Inc. ++ * Authors: ++ * Tim Waugh ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Contents: ++ * ++ * cupsdInitTimeouts() - Initialise timeout structure. ++ * cupsdAddTimeout() - Add a timed callback. ++ * cupsdNextTimeout() - Find the next enabled timed callback. ++ * cupsdUpdateTimeout() - Adjust the time of a timed callback or disable it. ++ * cupsdRemoveTimeout() - Discard a timed callback. ++ * compare_timeouts() - Compare timed callbacks for array sorting. ++ */ ++ ++#include ++ ++#ifdef HAVE_AVAHI /* Applies to entire file... */ ++ ++/* ++ * Include necessary headers... ++ */ ++ ++#include "cupsd.h" ++ ++#if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) ++# include ++#endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ ++ ++#ifdef HAVE_AVAHI ++# include ++#endif /* HAVE_AVAHI */ ++ ++ ++struct _cupsd_timeout_s ++{ ++ struct timeval when; ++ int enabled; ++ cupsd_timeoutfunc_t callback; ++ void *data; ++}; ++ ++/* ++ * Local functions... ++ */ ++ ++/* ++ * 'compare_timeouts()' - Compare timed callbacks for array sorting. ++ */ ++ ++static int ++compare_addrs (void *p0, void *p1) ++{ ++ if (p0 == p1) ++ return (0); ++ if (p0 < p1) ++ return (-1); ++ return (1); ++} ++ ++static int ++compare_timeouts (cupsd_timeout_t *p0, cupsd_timeout_t *p1) ++{ ++ int addrsdiff = compare_addrs (p0, p1); ++ int tvdiff; ++ ++ if (addrsdiff == 0) ++ return (0); ++ ++ if (!p0->enabled || !p1->enabled) ++ { ++ if (!p0->enabled && !p1->enabled) ++ return (addrsdiff); ++ ++ return (p0->enabled ? -1 : 1); ++ } ++ ++ tvdiff = avahi_timeval_compare (&p0->when, &p1->when); ++ if (tvdiff != 0) ++ return (tvdiff); ++ ++ return (addrsdiff); ++} ++ ++ ++/* ++ * 'cupsdInitTimeouts()' - Initialise timeout structures. ++ */ ++ ++void ++cupsdInitTimeouts(void) ++{ ++ Timeouts = cupsArrayNew ((cups_array_func_t)compare_timeouts, NULL); ++} ++ ++ ++/* ++ * 'cupsdAddTimeout()' - Add a timed callback. ++ */ ++ ++cupsd_timeout_t * /* O - Timeout handle */ ++cupsdAddTimeout(const struct timeval *tv, /* I - Absolute time */ ++ cupsd_timeoutfunc_t cb, /* I - Callback function */ ++ void *data) /* I - User data */ ++{ ++ cupsd_timeout_t *timeout; ++ ++ timeout = malloc (sizeof(cupsd_timeout_t)); ++ if (timeout != NULL) ++ { ++ timeout->enabled = (tv != NULL); ++ if (tv) ++ { ++ timeout->when.tv_sec = tv->tv_sec; ++ timeout->when.tv_usec = tv->tv_usec; ++ } ++ ++ timeout->callback = cb; ++ timeout->data = data; ++ cupsArrayAdd (Timeouts, timeout); ++ } ++ ++ return timeout; ++} ++ ++ ++/* ++ * 'cupsdNextTimeout()' - Find the next enabled timed callback. ++ */ ++ ++cupsd_timeout_t * /* O - Next enabled timeout or NULL */ ++cupsdNextTimeout(long *delay) /* O - Seconds before scheduled */ ++{ ++ cupsd_timeout_t *first = cupsArrayFirst (Timeouts); ++ struct timeval curtime; ++ ++ if (first && !first->enabled) ++ first = NULL; ++ ++ if (first && delay) ++ { ++ gettimeofday (&curtime, NULL); ++ if (avahi_timeval_compare (&curtime, &first->when) > 0) ++ { ++ *delay = 0; ++ } else { ++ *delay = 1 + first->when.tv_sec - curtime.tv_sec; ++ if (first->when.tv_usec < curtime.tv_usec) ++ (*delay)--; ++ } ++ } ++ ++ return (first); ++} ++ ++ ++/* ++ * 'cupsdRunTimeout()' - Run a timed callback. ++ */ ++ ++void ++cupsdRunTimeout(cupsd_timeout_t *timeout) /* I - Timeout */ ++{ ++ if (!timeout) ++ return; ++ timeout->enabled = 0; ++ if (!timeout->callback) ++ return; ++ timeout->callback (timeout, timeout->data); ++} ++ ++/* ++ * 'cupsdUpdateTimeout()' - Adjust the time of a timed callback or disable it. ++ */ ++ ++void ++cupsdUpdateTimeout(cupsd_timeout_t *timeout, /* I - Timeout */ ++ const struct timeval *tv) /* I - Absolute time or NULL */ ++{ ++ cupsArrayRemove (Timeouts, timeout); ++ timeout->enabled = (tv != NULL); ++ if (tv) ++ { ++ timeout->when.tv_sec = tv->tv_sec; ++ timeout->when.tv_usec = tv->tv_usec; ++ } ++ cupsArrayAdd (Timeouts, timeout); ++} ++ ++ ++/* ++ * 'cupsdRemoveTimeout()' - Discard a timed callback. ++ */ ++ ++void ++cupsdRemoveTimeout(cupsd_timeout_t *timeout) /* I - Timeout */ ++{ ++ cupsArrayRemove (Timeouts, timeout); ++ free (timeout); ++} ++ ++ ++#endif /* HAVE_AVAHI ... from top of file */ ++ ++/* ++ * End of "$Id$". ++ */ diff --git a/SOURCES/cups-banners.patch b/SOURCES/cups-banners.patch new file mode 100644 index 0000000..aa19282 --- /dev/null +++ b/SOURCES/cups-banners.patch @@ -0,0 +1,12 @@ +diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c +--- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200 ++++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200 +@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I - + if ((ext = strrchr(dent->filename, '.')) != NULL) + if (!strcmp(ext, ".bck") || + !strcmp(ext, ".bak") || ++ !strcmp(ext, ".rpmnew") || ++ !strcmp(ext, ".rpmsave") || + !strcmp(ext, ".sav")) + continue; + diff --git a/SOURCES/cups-cupsd-too-chatty.patch b/SOURCES/cups-cupsd-too-chatty.patch new file mode 100644 index 0000000..777f78d --- /dev/null +++ b/SOURCES/cups-cupsd-too-chatty.patch @@ -0,0 +1,12 @@ +diff -Napur cups-2.2.6-old/scheduler/job.c cups-2.2.6-new/scheduler/job.c +--- cups-2.2.6-old/scheduler/job.c 2022-04-12 17:32:00.635282080 -0700 ++++ cups-2.2.6-new/scheduler/job.c 2022-04-12 17:33:34.349452614 -0700 +@@ -474,7 +474,7 @@ cupsdCleanJobs(void) + cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history."); + cupsdDeleteJob(job, CUPSD_JOB_PURGE); + } +- else if (job->file_time && job->file_time <= curtime) ++ else if (job->file_time && job->file_time <= curtime && job->num_files > 0) + { + cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files."); + remove_job_files(job); diff --git a/SOURCES/cups-cve202010001.patch b/SOURCES/cups-cve202010001.patch new file mode 100644 index 0000000..efc6492 --- /dev/null +++ b/SOURCES/cups-cve202010001.patch @@ -0,0 +1,61 @@ +Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it +reads tagged string values (nameWithLanguage and textWithLanguage). The +previous code verified that the length of the sub-strings (language identifier +and name/text value) did not exceed the size of the allocated buffer (1 byte +larger than the maximum IPP value size of 32767 bytes), but did not validate +against the length of the actual IPP value. + +The issues introduced by this vulnerability include: + +- Potential information disclosure by copying uninitialized areas of memory into + an IPP string value. +- Potential Denial of Service by supplying/using invalid string values when + strict validation has been disabled by the system administrator. + +This change ensures that: + +1. The language identifier does not extend beyond the end of the IPP value. +2. The length of the name/text string is within the IPP value. +3. The name/text string is within the IPP value. + +diff --git a/cups/ipp.c b/cups/ipp.c +index 3d529346c..adbb26fba 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */ + unsigned char *buffer, /* Data buffer */ + string[IPP_MAX_TEXT], + /* Small string buffer */ +- *bufptr; /* Pointer into buffer */ ++ *bufptr, /* Pointer into buffer */ ++ *bufend; /* End of buffer */ + ipp_attribute_t *attr; /* Current attribute */ + ipp_tag_t tag; /* Current tag */ + ipp_tag_t value_tag; /* Current value tag */ +@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */ + } + + bufptr = buffer; ++ bufend = buffer + n; + + /* + * text-with-language and name-with-language are composite +@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */ + + n = (bufptr[0] << 8) | bufptr[1]; + +- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string)) ++ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string)) + { + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, + _("IPP language length overflows value."), 1); +@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */ + bufptr += 2 + n; + n = (bufptr[0] << 8) | bufptr[1]; + +- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) ++ if ((bufptr + 2 + n) > bufend) + { + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, + _("IPP string length overflows value."), 1); + diff --git a/SOURCES/cups-direct-usb.patch b/SOURCES/cups-direct-usb.patch new file mode 100644 index 0000000..4e25ce7 --- /dev/null +++ b/SOURCES/cups-direct-usb.patch @@ -0,0 +1,27 @@ +diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c +--- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200 ++++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200 +@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De + _cups_strncasecmp(hostname, "Minolta", 7); + #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ + ++ if (use_bc && !strncmp(uri, "usb:/dev/", 9)) ++ use_bc = 0; ++ + if ((device_fd = open_device(uri, &use_bc)) == -1) + { + if (getenv("CLASS") != NULL) +@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev + if (!strncmp(uri, "usb:/dev/", 9)) + #ifdef __linux + { +- /* +- * Do not allow direct devices anymore... +- */ +- +- errno = ENODEV; +- return (-1); ++ return (open(uri + 4, O_RDWR | O_EXCL)); + } + else if (!strncmp(uri, "usb://", 6)) + { diff --git a/SOURCES/cups-dirtyclean.patch b/SOURCES/cups-dirtyclean.patch new file mode 100644 index 0000000..390ed19 --- /dev/null +++ b/SOURCES/cups-dirtyclean.patch @@ -0,0 +1,13 @@ +diff --git a/scheduler/main.c b/scheduler/main.c +index 592531a..a6e2c3a 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -947,7 +947,7 @@ main(int argc, /* I - Number of command-line args */ + * Write dirty config/state files... + */ + +- if (DirtyCleanTime && current_time >= DirtyCleanTime && cupsArrayCount(Clients) == 0) ++ if (DirtyCleanTime && current_time >= DirtyCleanTime) + cupsdCleanDirty(); + + #ifdef __APPLE__ diff --git a/SOURCES/cups-dnssd-deviceid.patch b/SOURCES/cups-dnssd-deviceid.patch new file mode 100644 index 0000000..7bd2463 --- /dev/null +++ b/SOURCES/cups-dnssd-deviceid.patch @@ -0,0 +1,38 @@ +diff -up cups-2.1.4/backend/dnssd.c.dnssd-deviceid cups-2.1.4/backend/dnssd.c +--- cups-2.1.4/backend/dnssd.c.dnssd-deviceid 2016-06-15 14:36:19.922353606 +0200 ++++ cups-2.1.4/backend/dnssd.c 2016-06-15 14:45:45.794966648 +0200 +@@ -1188,15 +1188,22 @@ query_callback( + if (device->device_id) + free(device->device_id); + ++if (device_id[0]) ++{ ++ /* Mark this as the real device ID. */ ++ ptr = device_id + strlen(device_id); ++ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;"); ++} ++ + if (!device_id[0] && strcmp(model, "Unknown")) + { + if (make_and_model[0]) +- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;", ++ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", + make_and_model, model); + else if (!_cups_strncasecmp(model, "designjet ", 10)) +- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;", model + 10); ++ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model + 10); + else if (!_cups_strncasecmp(model, "stylus ", 7)) +- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;", model + 7); ++ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", model + 7); + else if ((ptr = strchr(model, ' ')) != NULL) + { + /* +@@ -1206,7 +1213,7 @@ query_callback( + memcpy(make_and_model, model, (size_t)(ptr - model)); + make_and_model[ptr - model] = '\0'; + +- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;", ++ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", + make_and_model, ptr + 1); + } + } diff --git a/SOURCES/cups-do-not-advertise-http-methods.patch b/SOURCES/cups-do-not-advertise-http-methods.patch new file mode 100644 index 0000000..541da15 --- /dev/null +++ b/SOURCES/cups-do-not-advertise-http-methods.patch @@ -0,0 +1,13 @@ +diff --git a/scheduler/client.c b/scheduler/client.c +index bf284e6..0382b01 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -1011,8 +1011,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + } + + httpClearFields(con->http); +- httpSetField(con->http, HTTP_FIELD_ALLOW, +- "GET, HEAD, OPTIONS, POST, PUT"); + httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0"); + + if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE)) diff --git a/SOURCES/cups-driverd-timeout.patch b/SOURCES/cups-driverd-timeout.patch new file mode 100644 index 0000000..b7240a3 --- /dev/null +++ b/SOURCES/cups-driverd-timeout.patch @@ -0,0 +1,21 @@ +diff -up cups-1.7b1/scheduler/ipp.c.driverd-timeout cups-1.7b1/scheduler/ipp.c +--- cups-1.7b1/scheduler/ipp.c.driverd-timeout 2013-04-19 12:24:43.003841810 +0200 ++++ cups-1.7b1/scheduler/ipp.c 2013-04-19 12:24:43.204839107 +0200 +@@ -4556,7 +4556,7 @@ copy_model(cupsd_client_t *con, /* I - + close(temppipe[1]); + + /* +- * Wait up to 30 seconds for the PPD file to be copied... ++ * Wait up to 70 seconds for the PPD file to be copied... + */ + + total = 0; +@@ -4576,7 +4576,7 @@ copy_model(cupsd_client_t *con, /* I - + FD_SET(temppipe[0], &input); + FD_SET(CGIPipes[0], &input); + +- timeout.tv_sec = 30; ++ timeout.tv_sec = 70; + timeout.tv_usec = 0; + + if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0) diff --git a/SOURCES/cups-dymo-deviceid.patch b/SOURCES/cups-dymo-deviceid.patch new file mode 100644 index 0000000..cc2995d --- /dev/null +++ b/SOURCES/cups-dymo-deviceid.patch @@ -0,0 +1,11 @@ +diff -up cups-1.6.2/ppdc/sample.drv.dymo-deviceid cups-1.6.2/ppdc/sample.drv +--- cups-1.6.2/ppdc/sample.drv.dymo-deviceid 2013-06-18 16:57:02.110662953 +0100 ++++ cups-1.6.2/ppdc/sample.drv 2013-06-18 16:58:56.513989117 +0100 +@@ -125,6 +125,7 @@ Version "1.5" + { + Manufacturer "Dymo" + ModelName "Label Printer" ++ Attribute "1284DeviceID" "" "MFG:DYMO;MDL:LabelWriter 400;" + Attribute NickName "" "Dymo Label Printer" + PCFileName "dymo.ppd" + DriverType label diff --git a/SOURCES/cups-eggcups.patch b/SOURCES/cups-eggcups.patch new file mode 100644 index 0000000..b1eb218 --- /dev/null +++ b/SOURCES/cups-eggcups.patch @@ -0,0 +1,130 @@ +diff -up cups-2.2.5/backend/ipp.c.eggcups cups-2.2.5/backend/ipp.c +--- cups-2.2.5/backend/ipp.c.eggcups 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/backend/ipp.c 2017-10-17 18:56:42.409024451 +0200 +@@ -149,6 +149,70 @@ static char tmpfilename[1024] = ""; + static char mandatory_attrs[1024] = ""; + /* cupsMandatory value */ + ++#if HAVE_DBUS ++#include ++ ++static DBusConnection *dbus_connection = NULL; ++ ++static int ++init_dbus (void) ++{ ++ DBusConnection *connection; ++ DBusError error; ++ ++ if (dbus_connection && ++ !dbus_connection_get_is_connected (dbus_connection)) { ++ dbus_connection_unref (dbus_connection); ++ dbus_connection = NULL; ++ } ++ ++ dbus_error_init (&error); ++ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error); ++ if (connection == NULL) { ++ dbus_error_free (&error); ++ return -1; ++ } ++ ++ dbus_connection = connection; ++ return 0; ++} ++ ++int ++dbus_broadcast_queued_remote (const char *printer_uri, ++ ipp_status_t status, ++ unsigned int local_job_id, ++ unsigned int remote_job_id, ++ const char *username, ++ const char *printer_name) ++{ ++ DBusMessage *message; ++ DBusMessageIter iter; ++ const char *errstr; ++ ++ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) { ++ if (init_dbus () || !dbus_connection) ++ return -1; ++ } ++ ++ errstr = ippErrorString (status); ++ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler", ++ "com.redhat.PrinterSpooler", ++ "JobQueuedRemote"); ++ dbus_message_iter_init_append (message, &iter); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username); ++ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name); ++ ++ dbus_connection_send (dbus_connection, message, NULL); ++ dbus_connection_flush (dbus_connection); ++ dbus_message_unref (message); ++ ++ return 0; ++} ++#endif /* HAVE_DBUS */ + + /* + * Local functions... +@@ -1743,6 +1807,15 @@ main(int argc, /* I - Number of comm + fprintf(stderr, "DEBUG: Print job accepted - job ID %d.\n", job_id); + } + ++#if HAVE_DBUS ++ dbus_broadcast_queued_remote (argv[0], ++ ipp_status, ++ atoi (argv[1]), ++ job_id, ++ argv[2], ++ getenv ("PRINTER")); ++#endif /* HAVE_DBUS */ ++ + ippDelete(response); + + if (job_canceled) +diff -up cups-2.2.5/backend/Makefile.eggcups cups-2.2.5/backend/Makefile +--- cups-2.2.5/backend/Makefile.eggcups 2017-10-17 18:56:42.409024451 +0200 ++++ cups-2.2.5/backend/Makefile 2017-10-17 18:59:11.696781116 +0200 +@@ -262,7 +262,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac + + ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a + echo Linking $@... +- $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) ++ $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) + $(RM) http + $(LN) ipp http + +diff -up cups-2.2.5/scheduler/subscriptions.c.eggcups cups-2.2.5/scheduler/subscriptions.c +--- cups-2.2.5/scheduler/subscriptions.c.eggcups 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/subscriptions.c 2017-10-17 18:56:42.409024451 +0200 +@@ -1291,13 +1291,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, + what = "PrinterAdded"; + else if (event & CUPSD_EVENT_PRINTER_DELETED) + what = "PrinterRemoved"; +- else if (event & CUPSD_EVENT_PRINTER_CHANGED) +- what = "QueueChanged"; + else if (event & CUPSD_EVENT_JOB_CREATED) + what = "JobQueuedLocal"; + else if ((event & CUPSD_EVENT_JOB_STATE) && job && + job->state_value == IPP_JOB_PROCESSING) + what = "JobStartedLocal"; ++ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED)) ++ what = "QueueChanged"; + else + return; + +@@ -1333,7 +1333,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, + dbus_message_append_iter_init(message, &iter); + if (dest) + dbus_message_iter_append_string(&iter, dest->name); +- if (job) ++ if (job && strcmp (what, "QueueChanged") != 0) + { + dbus_message_iter_append_uint32(&iter, job->id); + dbus_message_iter_append_string(&iter, job->username); diff --git a/SOURCES/cups-etimedout.patch b/SOURCES/cups-etimedout.patch new file mode 100644 index 0000000..31defda --- /dev/null +++ b/SOURCES/cups-etimedout.patch @@ -0,0 +1,25 @@ +diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c +index e4ffc3d..a989055 100644 +--- a/cups/http-addrlist.c ++++ b/cups/http-addrlist.c +@@ -240,7 +240,10 @@ httpAddrConnect2( + } + + if (!addrlist && nfds == 0) ++ { ++ errno = EHOSTDOWN; + break; ++ } + + /* + * See if we can connect to any of the addresses so far... +@@ -371,6 +374,9 @@ httpAddrConnect2( + remaining -= 250; + } + ++ if (remaining <= 0) ++ errno = ETIMEDOUT; ++ + while (nfds > 0) + { + nfds --; diff --git a/SOURCES/cups-failover-backend.patch b/SOURCES/cups-failover-backend.patch new file mode 100644 index 0000000..a92dad8 --- /dev/null +++ b/SOURCES/cups-failover-backend.patch @@ -0,0 +1,877 @@ +diff --git a/backend/Makefile b/backend/Makefile +index 3038682..6642016 100644 +--- a/backend/Makefile ++++ b/backend/Makefile +@@ -28,6 +28,7 @@ include ../Makedefs + RBACKENDS = \ + ipp \ + lpd \ ++ failover \ + $(DNSSD_BACKEND) + UBACKENDS = \ + snmp \ +@@ -51,6 +52,7 @@ LIBOBJS = \ + OBJS = \ + ipp.o \ + lpd.o \ ++ failover.o \ + dnssd.o \ + snmp.o \ + socket.o \ +@@ -275,6 +277,13 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend.a + echo Linking $@... + $(LD_CC) $(LDFLAGS) -o lpd lpd.o libbackend.a $(LIBS) + ++# ++# failover ++# ++ ++failover: failover.o ../cups/$(LIBCUPS) libbackend.a ++ echo Linking $@... ++ $(LD_CC) $(LDFLAGS) -o failover failover.o libbackend.a $(LIBS) + + # + # snmp +diff --git a/backend/failover.c b/backend/failover.c +new file mode 100644 +index 0000000..9affd8f +--- /dev/null ++++ b/backend/failover.c +@@ -0,0 +1,837 @@ ++/* ++ * Failover Backend for the Common UNIX Printing System (CUPS). ++ * ++ * Copyright (c) 2014, Red Hat, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * * Neither the name of Red Hat, Inc. nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, ++ * INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY ++ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE ++ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH ++ * DAMAGE. ++ * ++ * Original version by Clark Hale, Red Hat, Inc. ++ * ++ * This backend presents a fake printer that will choose the first ++ * available printer from a list of IPP URIs. ++ * ++ * Option failover contains a comma separated list of IPP URIs. The ++ * URIs are attempted in-order. ++ * ++ * Option failover-retries contains an integer that indicates how many ++ * times to iterate through the failover list before completely ++ * failing. ++ * ++ * Contents: ++ * main() - Checks each printer in a failover list, and ++ * sends job data to the first available printer ++ * move_job() - Sends and IPP Move-Job request ++ * check_printer() - Checks a printer's attributes to see ++ * if it's enabled and accepting jobs ++ * read_config() - Read the backends configuration from ++ * options ++ * get_printer_attributes() - Sends an IPP Get-Attributes request to ++ * a URI ++ * sigterm_handler() - Handle SIGTERM that cancels the job ++ * password_cb() - Password call back used to disable password ++ * prompt ++ */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "backend-private.h" ++ ++/* ++ * Return Values ++ */ ++typedef enum fo_state_e ++{ ++ FO_PRINTER_GOOD = 0, ++ FO_PRINTER_BAD, ++ FO_PRINTER_BUSY, ++ FO_AUTH_REQUIRED ++} fo_state_t; ++ ++/* ++ * Constants ++ */ ++#define FAILOVER_DEFAULT_RETRIES (3) ++#define FAILOVER_PASSWORD_RETRIES_MAX (3) ++ ++/* ++ * Local Functions ++ */ ++static int check_printer(const char *device_uri); ++static int read_config(cups_array_t *printer_array, int *retries, ++ const char *options); ++static int get_printer_attributes(const char *device_uri, ++ ipp_t **attributes); ++static int move_job(int jobid, const char *dest); ++static void sigterm_handler(int sig); ++static const char *password_cb(const char *); ++ ++/* ++ * Global Variables ++ */ ++static int job_canceled = 0; /* Job canceled */ ++static char *password = NULL; /* password for device */ ++static int password_retries = 0; ++static const char *auth_info_required = "none"; ++ ++/* ++ * 'main()' - Checks each printer in a failover list, and ++ * sends job data to the first available printer ++ * Usage: ++ * printer-uri job-id user title copies options [file] ++ * ++ * The printer-uri option is not used, but it still required to fit ++ * to the backend(7) standards. ++ */ ++int ++main(int argc, char *argv[]) ++{ ++ const char *selected_uri = NULL; /* URI of selected printer */ ++ const char *tmp_device_uri; /* Device URI to check */ ++ cups_array_t *printer_array; /* Array of available printers */ ++ int printer_count = 0; /* current printer array index */ ++ int retry_max = 1; /* maximum retries before exit */ ++ int retry_count = 0; /* current retry number */ ++ int auth_failed_count = 0; /* auth failures per loop */ ++ int rc = CUPS_BACKEND_OK; ++#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) ++ struct sigaction action; /* Actions for POSIX signals */ ++#endif /* HAVE_SIGACTION && !HAVE_SIGSET */ ++ ++ /* ++ * Check args ++ */ ++ if (argc == 1) ++ { ++ /* ++ * print out discovery data ++ */ ++ char *backendName; ++ ++ if ((backendName = strrchr(argv[0], '/')) != NULL) ++ backendName++; ++ else ++ backendName = argv[0]; ++ ++ _cupsLangPrintf(stderr,"network %s \"Unknown\" \"%s (%s)\"\n", ++ backendName, ++ _cupsLangString(cupsLangDefault(), _("Failover Printer")), ++ backendName); ++ ++ return (CUPS_BACKEND_OK); ++ } ++ else if (argc < 6) ++ { ++ _cupsLangPrintf(stderr, ++ _("Usage: %s job-id user title copies options [file]"), ++ argv[0]); ++ return (CUPS_BACKEND_STOP); ++ } ++ ++ fprintf(stderr, "DEBUG: Failover backend starting up.\n"); ++ ++ /* ++ * Don't buffer status messages ++ */ ++ setbuf(stderr, NULL); ++ ++ /* ++ * Ignore SIGPIPE and catch SIGTERM signals... ++ */ ++#ifdef HAVE_SIGSET ++ sigset(SIGPIPE, SIG_IGN); ++ sigset(SIGTERM, sigterm_handler); ++#elif defined(HAVE_SIGACTION) ++ memset(&action, 0, sizeof(action)); ++ action.sa_handler = SIG_IGN; ++ sigaction(SIGPIPE, &action, NULL); ++ ++ sigemptyset(&action.sa_mask); ++ sigaddset(&action.sa_mask, SIGTERM); ++ action.sa_handler = sigterm_handler; ++ sigaction(SIGTERM, &action, NULL); ++#else ++ signal(SIGPIPE, SIG_IGN); ++ signal(SIGTERM, sigterm_handler); ++#endif /* HAVE_SIGSET */ ++ ++ printer_array = cupsArrayNew(NULL, NULL); ++ ++ /* ++ * Read Configuration ++ */ ++ if ((rc = read_config(printer_array, &retry_max, ++ argv[5])) != CUPS_BACKEND_OK) ++ { ++ fprintf(stderr, "ERROR: Failed to read configuration options!\n"); ++ goto cleanup; ++ } ++ ++ /* ++ * Main Retry Loop ++ */ ++ for (retry_count = 0; retry_count < retry_max; retry_count++) ++ { ++ fprintf(stderr, "DEBUG: Retry loop #%d\n", retry_count + 1); ++ ++ /* ++ * Reset Counters ++ */ ++ printer_count = 0; ++ auth_failed_count = 0; ++ ++ tmp_device_uri = (char *)cupsArrayFirst(printer_array); ++ ++ do ++ { ++ if (job_canceled) ++ { ++ fprintf(stderr, "DEBUG: Job Canceled\n"); ++ goto cleanup; ++ } ++ ++ fprintf(stderr,"DEBUG: Checking printer #%d: %s\n", ++ printer_count+1, tmp_device_uri); ++ ++ rc = check_printer(tmp_device_uri); ++ ++ // Printer is available and not busy. ++ if ( rc == FO_PRINTER_GOOD ) ++ { ++ selected_uri = tmp_device_uri; ++ break; ++ } ++ // Printer is busy ++ else if (rc == FO_PRINTER_BUSY) ++ { ++ fprintf(stderr, "DEBUG: Waiting for job to complete.\n"); ++ sleep(2); ++ continue; ++ } ++ // Authorization is required to access the printer. ++ else if (rc == FO_AUTH_REQUIRED) ++ { ++ auth_failed_count++; ++ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count); ++ } ++ // Printer is stopped or not accepting jobs ++ else ++ { ++ if (!printer_count) ++ fprintf(stderr, "INFO: Primary Printer, %s, not available. " ++ "Attempting Failovers...\n", ++ tmp_device_uri); ++ else ++ fprintf(stderr, "INFO: Failover Printer, %s, not available. " ++ "Attempting Failovers..\n", ++ tmp_device_uri); ++ printer_count++; ++ tmp_device_uri = (char *)cupsArrayNext(printer_array); ++ } ++ } while (tmp_device_uri != NULL); ++ ++ if (selected_uri && !printer_count) ++ fprintf(stderr, "STATE: -primary-printer-failed\n"); ++ else ++ fprintf(stderr, "STATE: +primary-printer-failed\n"); ++ ++ if (job_canceled) ++ { ++ fprintf(stderr, "DEBUG: Job Canceled\n"); ++ goto cleanup; ++ } ++ ++ if (!selected_uri && auth_failed_count == printer_count) ++ { ++ fprintf(stderr, "ERROR: All failover printers failed with " ++ "authorization issues.\n"); ++ rc = CUPS_BACKEND_AUTH_REQUIRED; ++ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required); ++ goto cleanup; ++ } ++ else if (!selected_uri && retry_count + 1 < retry_max) ++ { ++ fprintf(stderr, "INFO: No suitable printer found...retrying...\n"); ++ sleep(2); ++ continue; ++ } ++ else if (selected_uri) ++ { ++ fprintf(stderr, "DEBUG: Using printer, %s.\n", selected_uri); ++ break; ++ } ++ } ++ ++ if (!selected_uri) ++ { ++ fprintf(stderr, "ERROR: No suitable printer found. Aborting print\n"); ++ rc = CUPS_BACKEND_FAILED; ++ goto cleanup; ++ } ++ ++ rc = move_job(atoi(argv[1]), selected_uri); ++ ++ if (job_canceled) ++ rc = CUPS_BACKEND_OK; ++ ++cleanup : ++ if (job_canceled) ++ rc = CUPS_BACKEND_OK; ++ ++ tmp_device_uri = (char *)cupsArrayFirst(printer_array); ++ do ++ { ++ free((void *)tmp_device_uri); ++ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL); ++ ++ cupsArrayDelete(printer_array); ++ sleep(2); ++ return (rc); ++} ++ ++/* ++ * 'check_printer()' - Checks the status of a remote printer and returns ++ * back a good/bad/busy status. ++ */ ++int ++check_printer(const char *device_uri) ++{ ++ ipp_t *attributes = NULL; /* attributes for device_uri */ ++ ipp_attribute_t *tmp_attribute; /* for examining attribs */ ++ int rc = FO_PRINTER_GOOD; /* return code */ ++ char *reason; /* printer state reason */ ++ int i; ++ ++ fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri); ++ ++ rc = get_printer_attributes(device_uri, &attributes); ++ if ( rc != CUPS_BACKEND_OK ) ++ { ++ fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n", ++ device_uri); ++ if ( rc == CUPS_BACKEND_AUTH_REQUIRED ) ++ return (FO_AUTH_REQUIRED); ++ else ++ return (FO_PRINTER_BAD); ++ } ++ ++ /* ++ * Check if printer is accepting jobs ++ */ ++ if ((tmp_attribute = ippFindAttribute(attributes, ++ "printer-is-accepting-jobs", ++ IPP_TAG_BOOLEAN)) != NULL && ++ !tmp_attribute->values[0].boolean) ++ { ++ fprintf(stderr, ++ "DEBUG: Printer, %s, is not accepting jobs.\n", ++ device_uri); ++ ++ rc = FO_PRINTER_BAD; ++ } ++ ++ /* ++ * Check if printer is stopped or busy processing ++ */ ++ if ((tmp_attribute = ippFindAttribute(attributes, ++ "printer-state", ++ IPP_TAG_ENUM)) != NULL) ++ { ++ // Printer Stopped ++ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED ) ++ { ++ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri); ++ rc = FO_PRINTER_BAD; ++ } ++ // Printer Busy ++ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING ) ++ { ++ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri); ++ rc = FO_PRINTER_BUSY; ++ } ++ } ++ ++ /* ++ * Parse through the printer-state-reasons ++ */ ++ if ((tmp_attribute = ippFindAttribute(attributes, "printer-state-reasons", ++ IPP_TAG_KEYWORD)) != NULL) ++ { ++ for (i = 0; i < tmp_attribute->num_values; i++) ++ { ++ reason = tmp_attribute->values[i].string.text; ++ int len = strlen(reason); ++ ++ if (len > 8 && !strcmp(reason + len - 8, "-warning")) ++ { ++ fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason); ++ rc = FO_PRINTER_BAD; ++ } ++ else if (len > 6 && !strcmp(reason + len - 6, "-error")) ++ { ++ fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason); ++ rc = FO_PRINTER_BAD; ++ } ++ } ++ } ++ ++ return (rc); ++} ++ ++/* ++ * 'read_config()' - Parses the failover and failover-retries options ++ * ++ */ ++static int ++read_config(cups_array_t *printer_array, int *retries, const char *options) ++{ ++ ++ const char *tmp; /* temporary ptr */ ++ char *tok_tmp; /* temporary ptr for option parsing */ ++ int jobopts_count = 0; /* number of options */ ++ cups_option_t *jobopts = NULL; /* job options */ ++ ++ ++ fprintf(stderr, "DEBUG: Reading Configuration.\n"); ++ jobopts_count = cupsParseOptions(options, 0, &jobopts); ++ ++ if (!jobopts_count) ++ { ++ fprintf(stderr, ++ "ERROR: No job options! Cannot find failover options!\n"); ++ return (CUPS_BACKEND_STOP); ++ } ++ ++ /* ++ * Get attributes from the primary printer ++ */ ++ fprintf(stderr, "DEBUG: Searching for failover option.\n"); ++ ++ if ((tmp = cupsGetOption("failover", jobopts_count, jobopts)) != NULL) ++ { ++ fprintf(stderr, "DEBUG: Failover option contents: %s.\n", tmp); ++ ++ tok_tmp = strdup(tmp); ++ ++ tmp = strtok(tok_tmp, ","); ++ do ++ { ++ cupsArrayAdd(printer_array, strdup(tmp)); ++ } while ((tmp = strtok(NULL,",")) != NULL); ++ ++ free(tok_tmp); ++ } ++ else ++ { ++ /* ++ * The queue is misconfigured, so return back CUPS_BACKEND_STOP ++ */ ++ fprintf(stderr, "ERROR: failover option not specified!\n"); ++ return (CUPS_BACKEND_STOP); ++ } ++ ++ /* ++ * Get the failover-retries value, if it exists. ++ */ ++ fprintf(stderr, "DEBUG: Searching for failover-retries option.\n"); ++ ++ if ((tmp = cupsGetOption("failover-retries", ++ jobopts_count, jobopts)) != NULL) ++ { ++ fprintf(stderr, "DEBUG: failover-retries option contents: %s.\n", tmp); ++ *retries = atoi(tmp); ++ } ++ else ++ { ++ *retries = FAILOVER_DEFAULT_RETRIES; ++ fprintf(stderr, "DEBUG: Failed to get failover-retries option\n"); ++ fprintf(stderr, "DEBUG: Defaulted to %d retries\n", *retries); ++ } ++ ++ return (CUPS_BACKEND_OK); ++} ++ ++/* ++ * 'get_printer_attributes()' - Sends an IPP Get-Attributes request to ++ * a URI ++ */ ++int ++get_printer_attributes(const char *device_uri, ipp_t **attributes) ++{ ++ char uri[HTTP_MAX_URI]; /* Updated URI without login */ ++ int version; /* IPP version */ ++ char scheme[256]; /* Scheme in URI */ ++ ipp_status_t ipp_status; /* Status of IPP request */ ++ char hostname[1024]; /* Hostname */ ++ char resource[1024]; /* Resource infoo */ ++ char addrname[256]; /* Address name */ ++ int port; /* IPP Port number */ ++ char portname[255]; /* Port as string */ ++ http_t *http; /* HTTP connection */ ++ ipp_t *request; /* IPP request */ ++ int rc = CUPS_BACKEND_OK; /* Return Code */ ++ char username[256]; /* Username for device URI */ ++ char *option_ptr; /* for parsing resource opts */ ++ const char * const pattrs[] = /* Printer attributes wanted */ ++ { ++ "printer-is-accepting-jobs", ++ "printer-state", ++ "printer-state-reasons" ++ }; ++ ++ if (job_canceled) ++ return (CUPS_BACKEND_OK); ++ ++ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n"); ++ fprintf(stderr, "DEBUG: Device URL %s.\n", device_uri); ++ ++ /* ++ * Parse device_uri ++ */ ++ if (httpSeparateURI(HTTP_URI_CODING_ALL, device_uri, scheme, sizeof(scheme), ++ username, sizeof(username), hostname, sizeof(hostname), ++ &port, resource, sizeof(resource)) != HTTP_URI_OK) ++ { ++ fprintf(stderr, "ERROR: Problem parsing device_uri, %s\n", device_uri); ++ return (CUPS_BACKEND_STOP); ++ } ++ ++ if (!port) ++ port = IPP_PORT; ++ ++ sprintf(portname, "%d", port); ++ ++ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n"); ++ ++ /* ++ * Configure password ++ */ ++ cupsSetPasswordCB(password_cb); ++ ++ /* ++ * reset, in case a previous attempt for ++ * another printer left residue ++ */ ++ cupsSetUser(NULL); ++ password = NULL; ++ password_retries = 0; ++ ++ if (*username) ++ { ++ if ((password = strchr(username, ':')) != NULL) ++ { ++ *password = '\0'; ++ password++; ++ } ++ ++ cupsSetUser(username); ++ } ++ else if (!getuid()) ++ { ++ const char *username_env; ++ ++ if ((username_env = getenv("AUTH_USERNAME")) != NULL) ++ { ++ cupsSetUser(username_env); ++ password = getenv("AUTH_PASSWORD"); ++ } ++ } ++ ++ /* ++ * Try connecting to the remote server... ++ */ ++ fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port); ++ _cupsLangPuts(stderr, _("INFO: Connecting to printer...\n")); ++ ++ http = httpConnectEncrypt(hostname, port, cupsEncryption()); ++ ++ /* ++ * Deal the socket not being open. ++ */ ++ if (!http) ++ { ++ int error = errno; /* Connection error */ ++ ++ switch (error) ++ { ++ case EHOSTDOWN : ++ _cupsLangPuts(stderr, _("WARNING: " ++ "The printer may not exist or " ++ "is unavailable at this time.\n")); ++ break; ++ case EHOSTUNREACH : ++ _cupsLangPuts(stderr, _("WARNING: " ++ "The printer is unreachable at this " ++ "time.\n")); ++ break; ++ case ECONNREFUSED : ++ _cupsLangPuts(stderr, _("WARNING: " ++ "Connection Refused.\n")); ++ break; ++ default : ++ fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno)); ++ break; ++ } ++ ++ rc = CUPS_BACKEND_FAILED; ++ sleep(5); ++ goto prt_available_cleanup; ++ } ++ ++ ++#ifdef AF_INET6 ++ if (http->hostaddr->addr.sa_family == AF_INET6) ++ fprintf(stderr, "DEBUG: Connected to [%s]:%d (IPv6)...\n", ++ httpAddrString(http->hostaddr, addrname, sizeof(addrname)), ++ ntohs(http->hostaddr->ipv6.sin6_port)); ++ else ++#endif /* AF_INET6 */ ++ if (http->hostaddr->addr.sa_family == AF_INET) ++ fprintf(stderr, "DEBUG: Connected to %s:%d (IPv4)...\n", ++ httpAddrString(http->hostaddr, addrname, sizeof(addrname)), ++ ntohs(http->hostaddr->ipv4.sin_port)); ++ ++ /* ++ * Search the resource string for options. ++ * We only care about version, for the moment. ++ */ ++ version = 11; ++ ++ if ((option_ptr = strchr(resource, '?')) != NULL) ++ { ++ *option_ptr++ = '\0'; ++ ++ if ((option_ptr = strstr(option_ptr, "version="))!=NULL) ++ { ++ int minor; /* minor version from URI */ ++ int major; /* major version from URI */ ++ char *version_str; /* ipp version */ ++ ++ option_ptr += 8; ++ version_str = option_ptr; ++ ++ while (*option_ptr && *option_ptr != '&' && *option_ptr != '+') ++ option_ptr++; ++ ++ if (*option_ptr) ++ *option_ptr = '\0'; ++ ++ sscanf(version_str, "%d.%d", &major, &minor); ++ ++ version = (major * 10) + minor; ++ ++ switch(version) ++ { ++ case 10 : ++ case 11 : ++ case 20 : ++ case 21 : ++ fprintf(stderr, ++ "DEBUG: Set version to %d from URI\n", ++ version); ++ break; ++ default : ++ _cupsLangPrintf(stderr, ++ _("DEBUG: Invalid version, %d, from URI. " ++ "Using default of 1.1 \n"), ++ version); ++ version = 11; ++ } ++ } ++ } ++ ++ ++ /* ++ * Build a URI for the printer. We can't use the URI in argv[0] ++ * because it might contain username:password information... ++ */ ++ if (httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), scheme, NULL, ++ hostname, port, resource) != HTTP_URI_OK) ++ { ++ fprintf(stderr, "ERROR: Problem assembling printer URI from host %s, " ++ "port %d, resource %s\n", hostname, port, resource); ++ return (CUPS_BACKEND_STOP); ++ } ++ ++ /* ++ * Build the IPP request... ++ */ ++ request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES); ++ request->request.op.version[0] = version / 10; ++ request->request.op.version[1] = version % 10; ++ ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", ++ NULL, uri); ++ ++ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, ++ "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), ++ NULL, pattrs); ++ ++ /* ++ * Do the request... ++ */ ++ fputs("DEBUG: Getting supported attributes...\n", stderr); ++ ++ fprintf(stderr, "DEBUG: IPP Request Structure Built.\n"); ++ ++ *attributes = cupsDoRequest(http, request, resource); ++ ipp_status = cupsLastError(); ++ ++ fprintf(stderr, "DEBUG: Get-Printer-Attributes: %s (%s)\n", ++ ippErrorString(ipp_status), cupsLastErrorString()); ++ ++ if (ipp_status > IPP_OK_CONFLICT) ++ { ++ fprintf(stderr, "DEBUG: Get-Printer-Attributes returned %s.\n", ++ ippErrorString(ipp_status)); ++ switch(ipp_status) ++ { ++ case IPP_FORBIDDEN : ++ case IPP_NOT_AUTHORIZED : ++ _cupsLangPuts(stderr, _("ERROR: Not Authorized.\n")); ++ rc = CUPS_BACKEND_AUTH_REQUIRED; ++ break; ++ case IPP_PRINTER_BUSY : ++ case IPP_SERVICE_UNAVAILABLE : ++ _cupsLangPuts(stderr, _("ERROR: " ++ "The printer is not responding.\n")); ++ rc = CUPS_BACKEND_FAILED; ++ break; ++ case IPP_BAD_REQUEST : ++ case IPP_VERSION_NOT_SUPPORTED : ++ fprintf(stderr, "ERROR: Destination does not support IPP version %d\n", ++ version); ++ case IPP_NOT_FOUND : ++ _cupsLangPuts(stderr, _("ERROR: " ++ "The printer configuration is incorrect or the " ++ "printer no longer exists.\n")); ++ rc = CUPS_BACKEND_STOP; ++ break; ++ default : ++ rc = CUPS_BACKEND_FAILED; ++ } ++ goto prt_available_cleanup; ++ } ++ ++prt_available_cleanup : ++ httpClose(http); ++ return (rc); ++} ++ ++static int ++move_job(int jobid, /* Job ID */ ++ const char *dest) /* Destination ipp address */ ++{ ++ ipp_t *request; /* IPP Request */ ++ char job_uri[HTTP_MAX_URI]; /* job-uri */ ++ ++ http_t* http = httpConnectEncrypt(cupsServer(), ippPort(), cupsEncryption()); ++ ++ if (!http) ++ { ++ _cupsLangPrintf(stderr, ++ _("failover: Unable to connect to server: %s\n"), ++ strerror(errno)); ++ return (CUPS_BACKEND_FAILED); ++ } ++ ++ /* ++ * Build a CUPS_MOVE_JOB request, which requires the following ++ * attributes: ++ * ++ * job-uri/printer-uri ++ * job-printer-uri ++ * requesting-user-name ++ */ ++ ++ request = ippNewRequest(CUPS_MOVE_JOB); ++ ++ snprintf(job_uri, sizeof(job_uri), "ipp://localhost/jobs/%d", jobid); ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, ++ job_uri); ++ ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, ++ "requesting-user-name", ++ NULL, cupsUser()); ++ ++ ippAddString(request, IPP_TAG_JOB, IPP_TAG_URI, "job-printer-uri", ++ NULL, dest); ++ ++ /* ++ * Do the request and get back a response... ++ */ ++ ++ ippDelete(cupsDoRequest(http, request, "/jobs")); ++ ++ httpClose(http); ++ ++ if (cupsLastError() > IPP_OK_CONFLICT) ++ { ++ _cupsLangPrintf(stderr, "failover: %s\n", cupsLastErrorString()); ++ return (CUPS_BACKEND_FAILED); ++ } ++ else ++ return (CUPS_BACKEND_OK); ++} ++ ++/* ++ * 'sigterm_handler()' - handles a sigterm, i.e. job canceled ++ */ ++static void ++sigterm_handler(int sig) ++{ ++ if (!job_canceled) ++ { ++ write(2, "DEBUG: Got SIGTERM.\n", 20); ++ job_canceled = 1; ++ } ++ else ++ { ++ /* ++ * Job has already been canceled, so just exit ++ */ ++ exit(1); ++ } ++} ++ ++/* ++ * 'password_cb()' - Disable the password prompt for cupsDoFileRequest(). ++ */ ++static const char * /* O - Password */ ++password_cb(const char *prompt) /* I - Prompt (not used) */ ++{ ++ auth_info_required = "username,password"; ++ password_retries++; ++ ++ if(password_retries < FAILOVER_PASSWORD_RETRIES_MAX) ++ return (password); ++ else ++ return (NULL); ++} diff --git a/SOURCES/cups-filter-debug.patch b/SOURCES/cups-filter-debug.patch new file mode 100644 index 0000000..96c82da --- /dev/null +++ b/SOURCES/cups-filter-debug.patch @@ -0,0 +1,32 @@ +diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c +--- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200 ++++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200 +@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I + + if (!filters) + { ++ mime_filter_t *current; ++ + cupsdLogJob(job, CUPSD_LOG_ERROR, + "Unable to convert file %d to printable format.", + job->current_file); + ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Required: %s/%s -> %s/%s", ++ job->filetypes[job->current_file]->super, ++ job->filetypes[job->current_file]->type, ++ job->printer->filetype->super, ++ job->printer->filetype->type); ++ ++ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs); ++ current; ++ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs)) ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Available: %s/%s -> %s/%s (%s)", ++ current->src->super, current->src->type, ++ current->dst->super, current->dst->type, ++ current->filter); ++ + abort_message = "Aborting job because it cannot be printed."; + abort_state = IPP_JOB_ABORTED; + diff --git a/SOURCES/cups-fips-compliance.patch b/SOURCES/cups-fips-compliance.patch new file mode 100644 index 0000000..df13e75 --- /dev/null +++ b/SOURCES/cups-fips-compliance.patch @@ -0,0 +1,371 @@ +diff --git a/cups/cups.h b/cups/cups.h +index 8f5c818..9d8c3a3 100644 +--- a/cups/cups.h ++++ b/cups/cups.h +@@ -606,6 +606,9 @@ extern ssize_t cupsHashData(const char *algorithm, const void *data, size_t dat + extern int cupsAddIntegerOption(const char *name, int value, int num_options, cups_option_t **options) _CUPS_API_2_2_4; + extern int cupsGetIntegerOption(const char *name, int num_options, cups_option_t *options) _CUPS_API_2_2_4; + ++/* New in CUPS 2.3 */ ++extern const char *cupsHashString(const unsigned char *hash, size_t hashsize, char *buffer, size_t bufsize); ++ + # ifdef __cplusplus + } + # endif /* __cplusplus */ +diff --git a/cups/hash.c b/cups/hash.c +index ede5461..8ebe20b 100644 +--- a/cups/hash.c ++++ b/cups/hash.c +@@ -21,6 +21,8 @@ + # include + #elif defined(HAVE_GNUTLS) + # include ++#else ++# include "md5-private.h" + #endif /* __APPLE__ */ + + +@@ -171,7 +173,9 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ + unsigned char temp[64]; /* Temporary hash buffer */ + size_t tempsize = 0; /* Truncate to this size? */ + +- if (!strcmp(algorithm, "sha")) ++ if (!strcmp(algorithm, "md5")) ++ alg = GNUTLS_DIG_MD5; ++ else if (!strcmp(algorithm, "sha")) + alg = GNUTLS_DIG_SHA1; + else if (!strcmp(algorithm, "sha2-224")) + alg = GNUTLS_DIG_SHA224; +@@ -219,10 +223,20 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ + + #else + /* +- * No hash support without CommonCrypto or GNU TLS... ++ * No hash support beyond MD5 without CommonCrypto or GNU TLS... + */ + +- if (hashsize < 64) ++ if (!strcmp(algorithm, "md5")) ++ { ++ _cups_md5_state_t state; /* MD5 state info */ ++ ++ _cupsMD5Init(&state); ++ _cupsMD5Append(&state, data, datalen); ++ _cupsMD5Finish(&state, hash); ++ ++ return (16); ++ } ++ else if (hashsize < 64) + goto too_small; + #endif /* __APPLE__ */ + +@@ -243,3 +257,51 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); + return (-1); + } ++ ++ ++/* ++ * 'cupsHashString()' - Format a hash value as a hexadecimal string. ++ * ++ * The passed buffer must be at least 2 * hashsize + 1 characters in length. ++ */ ++ ++const char * /* O - Formatted string */ ++cupsHashString( ++ const unsigned char *hash, /* I - Hash */ ++ size_t hashsize, /* I - Size of hash */ ++ char *buffer, /* I - String buffer */ ++ size_t bufsize) /* I - Size of string buffer */ ++{ ++ char *bufptr = buffer; /* Pointer into buffer */ ++ static const char *hex = "0123456789abcdef"; ++ /* Hex characters (lowercase!) */ ++ ++ ++ /* ++ * Range check input... ++ */ ++ ++ if (!hash || hashsize < 1 || !buffer || bufsize < (2 * hashsize + 1)) ++ { ++ if (buffer) ++ *buffer = '\0'; ++ return (NULL); ++ } ++ ++ /* ++ * Loop until we've converted the whole hash... ++ */ ++ ++ while (hashsize > 0) ++ { ++ *bufptr++ = hex[*hash >> 4]; ++ *bufptr++ = hex[*hash & 15]; ++ ++ hash ++; ++ hashsize --; ++ } ++ ++ *bufptr = '\0'; ++ ++ return (buffer); ++} +diff --git a/cups/md5passwd.c b/cups/md5passwd.c +index a9817aa..c9ffe04 100644 +--- a/cups/md5passwd.c ++++ b/cups/md5passwd.c +@@ -17,6 +17,7 @@ + * Include necessary headers... + */ + ++#include + #include "http-private.h" + #include "string-private.h" + +@@ -31,7 +32,6 @@ httpMD5(const char *username, /* I - User name */ + const char *passwd, /* I - Password string */ + char md5[33]) /* O - MD5 string */ + { +- _cups_md5_state_t state; /* MD5 state info */ + unsigned char sum[16]; /* Sum data */ + char line[256]; /* Line to sum */ + +@@ -41,15 +41,13 @@ httpMD5(const char *username, /* I - User name */ + */ + + snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd); +- _cupsMD5Init(&state); +- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line)); +- _cupsMD5Finish(&state, sum); ++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); + + /* + * Return the sum... + */ + +- return (httpMD5String(sum, md5)); ++ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33)); + } + + +@@ -65,7 +63,6 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */ + const char *resource, /* I - Resource path */ + char md5[33]) /* IO - MD5 sum */ + { +- _cups_md5_state_t state; /* MD5 state info */ + unsigned char sum[16]; /* Sum data */ + char line[1024]; /* Line of data */ + char a2[33]; /* Hash of method and resource */ +@@ -76,9 +73,7 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */ + */ + + snprintf(line, sizeof(line), "%s:%s", method, resource); +- _cupsMD5Init(&state); +- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line)); +- _cupsMD5Finish(&state, sum); ++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); + httpMD5String(sum, a2); + + /* +@@ -88,12 +83,9 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */ + */ + + snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2); ++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum)); + +- _cupsMD5Init(&state); +- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line)); +- _cupsMD5Finish(&state, sum); +- +- return (httpMD5String(sum, md5)); ++ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33)); + } + + +@@ -106,23 +98,5 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */ + char md5[33]) + /* O - MD5 sum in hex */ + { +- int i; /* Looping var */ +- char *md5ptr; /* Pointer into MD5 string */ +- static const char hex[] = "0123456789abcdef"; +- /* Hex digits */ +- +- +- /* +- * Convert the MD5 sum to hexadecimal... +- */ +- +- for (i = 16, md5ptr = md5; i > 0; i --, sum ++) +- { +- *md5ptr++ = hex[*sum >> 4]; +- *md5ptr++ = hex[*sum & 15]; +- } +- +- *md5ptr = '\0'; +- +- return (md5); ++ return ((char *)cupsHashString(sum, 16, md5, 33)); + } +diff --git a/scheduler/auth.c b/scheduler/auth.c +index 71df9dc..e7d0006 100644 +--- a/scheduler/auth.c ++++ b/scheduler/auth.c +@@ -72,9 +72,6 @@ static int check_authref(cupsd_client_t *con, const char *right); + static int compare_locations(cupsd_location_t *a, + cupsd_location_t *b); + static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data); +-#if !HAVE_LIBPAM +-static char *cups_crypt(const char *pw, const char *salt); +-#endif /* !HAVE_LIBPAM */ + static void free_authmask(cupsd_authmask_t *am, void *data); + #if HAVE_LIBPAM + static int pam_func(int, const struct pam_message **, +@@ -695,14 +692,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + * client... + */ + +- pass = cups_crypt(password, pw->pw_passwd); ++ pass = crypt(password, pw->pw_passwd); + + if (!pass || strcmp(pw->pw_passwd, pass)) + { + # ifdef HAVE_SHADOW_H + if (spw) + { +- pass = cups_crypt(password, spw->sp_pwdp); ++ pass = crypt(password, spw->sp_pwdp); + + if (pass == NULL || strcmp(spw->sp_pwdp, pass)) + { +@@ -1988,129 +1985,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */ + } + + +-#if !HAVE_LIBPAM +-/* +- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms, +- * as needed. +- */ +- +-static char * /* O - Encrypted password */ +-cups_crypt(const char *pw, /* I - Password string */ +- const char *salt) /* I - Salt (key) string */ +-{ +- if (!strncmp(salt, "$1$", 3)) +- { +- /* +- * Use MD5 passwords without the benefit of PAM; this is for +- * Slackware Linux, and the algorithm was taken from the +- * old shadow-19990827/lib/md5crypt.c source code... :( +- */ +- +- int i; /* Looping var */ +- unsigned long n; /* Output number */ +- int pwlen; /* Length of password string */ +- const char *salt_end; /* End of "salt" data for MD5 */ +- char *ptr; /* Pointer into result string */ +- _cups_md5_state_t state; /* Primary MD5 state info */ +- _cups_md5_state_t state2; /* Secondary MD5 state info */ +- unsigned char digest[16]; /* MD5 digest result */ +- static char result[120]; /* Final password string */ +- +- +- /* +- * Get the salt data between dollar signs, e.g. $1$saltdata$md5. +- * Get a maximum of 8 characters of salt data after $1$... +- */ +- +- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++) +- if (*salt_end == '$') +- break; +- +- /* +- * Compute the MD5 sum we need... +- */ +- +- pwlen = strlen(pw); +- +- _cupsMD5Init(&state); +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); +- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt); +- +- _cupsMD5Init(&state2); +- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); +- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3); +- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen); +- _cupsMD5Finish(&state2, digest); +- +- for (i = pwlen; i > 0; i -= 16) +- _cupsMD5Append(&state, digest, i > 16 ? 16 : i); +- +- for (i = pwlen; i > 0; i >>= 1) +- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1); +- +- _cupsMD5Finish(&state, digest); +- +- for (i = 0; i < 1000; i ++) +- { +- _cupsMD5Init(&state); +- +- if (i & 1) +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); +- else +- _cupsMD5Append(&state, digest, 16); +- +- if (i % 3) +- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3); +- +- if (i % 7) +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); +- +- if (i & 1) +- _cupsMD5Append(&state, digest, 16); +- else +- _cupsMD5Append(&state, (unsigned char *)pw, pwlen); +- +- _cupsMD5Finish(&state, digest); +- } +- +- /* +- * Copy the final sum to the result string and return... +- */ +- +- memcpy(result, salt, (size_t)(salt_end - salt)); +- ptr = result + (salt_end - salt); +- *ptr++ = '$'; +- +- for (i = 0; i < 5; i ++, ptr += 4) +- { +- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8); +- +- if (i < 4) +- n |= (unsigned)digest[i + 12]; +- else +- n |= (unsigned)digest[5]; +- +- to64(ptr, n, 4); +- } +- +- to64(ptr, (unsigned)digest[11], 2); +- ptr += 2; +- *ptr = '\0'; +- +- return (result); +- } +- else +- { +- /* +- * Use the standard crypt() function... +- */ +- +- return (crypt(pw, salt)); +- } +-} +-#endif /* !HAVE_LIBPAM */ +- +- + /* + * 'free_authmask()' - Free function for auth masks. + */ diff --git a/SOURCES/cups-fix-preservejob-times.patch b/SOURCES/cups-fix-preservejob-times.patch new file mode 100644 index 0000000..beed408 --- /dev/null +++ b/SOURCES/cups-fix-preservejob-times.patch @@ -0,0 +1,110 @@ +diff --git a/scheduler/job.c b/scheduler/job.c +index 82ef2eb..5d5e3aa 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -448,10 +448,20 @@ cupsdCleanJobs(void) + curtime = time(NULL); + JobHistoryUpdate = 0; + ++ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: curtime=%d", (int)curtime); ++ + for (job = (cupsd_job_t *)cupsArrayFirst(Jobs); + job; + job = (cupsd_job_t *)cupsArrayNext(Jobs)) + { ++ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: Job %d, state=%d, printer=%p, history_time=%d, file_time=%d", job->id, (int)job->state_value, (void *)job->printer, (int)job->history_time, (int)job->file_time); ++ ++ if ((job->history_time && job->history_time < JobHistoryUpdate) || !JobHistoryUpdate) ++ JobHistoryUpdate = job->history_time; ++ ++ if ((job->file_time && job->file_time < JobHistoryUpdate) || !JobHistoryUpdate) ++ JobHistoryUpdate = job->file_time; ++ + if (job->state_value >= IPP_JOB_CANCELED && !job->printer) + { + /* +@@ -462,26 +472,14 @@ cupsdCleanJobs(void) + (job->history_time && job->history_time <= curtime)) + { + cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history."); +- cupsdDeleteJob(job, CUPSD_JOB_PURGE); ++ cupsdDeleteJob(job, CUPSD_JOB_PURGE); + } + else if (job->file_time && job->file_time <= curtime) + { + cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files."); +- cupsdLogJob(job, CUPSD_LOG_DEBUG2, "curtime=%ld, job->file_time=%ld", (long)curtime, (long)job->file_time); + remove_job_files(job); + + cupsdMarkDirty(CUPSD_DIRTY_JOBS); +- +- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate) +- JobHistoryUpdate = job->history_time; +- } +- else +- { +- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate) +- JobHistoryUpdate = job->history_time; +- +- if (job->file_time < JobHistoryUpdate || !JobHistoryUpdate) +- JobHistoryUpdate = job->file_time; + } + } + } +@@ -1873,7 +1871,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ + job->completed_time = attr->values[0].integer; + + if (JobHistory < INT_MAX) +- job->history_time = attr->values[0].integer + JobHistory; ++ job->history_time = job->completed_time + JobHistory; + else + job->history_time = INT_MAX; + +@@ -1884,7 +1882,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ + JobHistoryUpdate = job->history_time; + + if (JobFiles < INT_MAX) +- job->file_time = attr->values[0].integer + JobFiles; ++ job->file_time = job->completed_time + JobFiles; + else + job->file_time = INT_MAX; + +@@ -3100,8 +3098,10 @@ cupsdUpdateJobs(void) + * Update history/file expiration times... + */ + ++ job->completed_time = attr->values[0].integer; ++ + if (JobHistory < INT_MAX) +- job->history_time = attr->values[0].integer + JobHistory; ++ job->history_time = job->completed_time + JobHistory; + else + job->history_time = INT_MAX; + +@@ -3115,7 +3115,7 @@ cupsdUpdateJobs(void) + JobHistoryUpdate = job->history_time; + + if (JobFiles < INT_MAX) +- job->file_time = attr->values[0].integer + JobFiles; ++ job->file_time = job->completed_time + JobFiles; + else + job->file_time = INT_MAX; + +@@ -4909,7 +4909,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */ + job->completed_time = curtime; + + if (JobHistory < INT_MAX && attr) +- job->history_time = attr->values[0].integer + JobHistory; ++ job->history_time = job->completed_time + JobHistory; + else + job->history_time = INT_MAX; + +@@ -4917,7 +4917,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */ + JobHistoryUpdate = job->history_time; + + if (JobFiles < INT_MAX && attr) +- job->file_time = curtime + JobFiles; ++ job->file_time = job->completed_time + JobFiles; + else + job->file_time = INT_MAX; + diff --git a/SOURCES/cups-freebind.patch b/SOURCES/cups-freebind.patch new file mode 100644 index 0000000..6d9ba43 --- /dev/null +++ b/SOURCES/cups-freebind.patch @@ -0,0 +1,15 @@ +diff -up cups-2.0.2/cups/http-addr.c.freebind cups-2.0.2/cups/http-addr.c +--- cups-2.0.2/cups/http-addr.c.freebind 2015-02-10 14:46:33.000000000 +0100 ++++ cups-2.0.2/cups/http-addr.c 2015-02-10 14:50:35.074759141 +0100 +@@ -186,6 +186,10 @@ httpAddrListen(http_addr_t *addr, /* I - + val = 1; + setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, CUPS_SOCAST &val, sizeof(val)); + ++#ifdef __linux ++ setsockopt(fd, IPPROTO_IP, IP_FREEBIND, CUPS_SOCAST &val, sizeof(val)); ++#endif /* __linux */ ++ + #ifdef IPV6_V6ONLY + if (addr->addr.sa_family == AF_INET6) + setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, CUPS_SOCAST &val, sizeof(val)); +diff -up cups-2.0.2/scheduler/listen.c.freebind cups-2.0.2/scheduler/listen.c diff --git a/SOURCES/cups-hp-deviceid-oid.patch b/SOURCES/cups-hp-deviceid-oid.patch new file mode 100644 index 0000000..da5136a --- /dev/null +++ b/SOURCES/cups-hp-deviceid-oid.patch @@ -0,0 +1,21 @@ +diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c +--- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200 ++++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200 +@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p + static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 }; + static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; + static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; ++static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; + static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; + static cups_array_t *DeviceURIs = NULL; + static int HostNameLookups = 0; +@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP + _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, + packet.community, CUPS_ASN1_GET_REQUEST, + DEVICE_PRODUCT, XeroxProductOID); ++ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, ++ packet.community, CUPS_ASN1_GET_REQUEST, ++ DEVICE_ID, HPDeviceIdOID); + break; + + case DEVICE_DESCRIPTION : diff --git a/SOURCES/cups-ipp-multifile.patch b/SOURCES/cups-ipp-multifile.patch new file mode 100644 index 0000000..beac7fa --- /dev/null +++ b/SOURCES/cups-ipp-multifile.patch @@ -0,0 +1,15 @@ +diff -up cups-1.7.0/backend/ipp.c.ipp-multifile cups-1.7.0/backend/ipp.c +--- cups-1.7.0/backend/ipp.c.ipp-multifile 2013-10-24 15:52:00.745814354 +0100 ++++ cups-1.7.0/backend/ipp.c 2013-10-24 15:53:46.463266724 +0100 +@@ -1758,7 +1758,10 @@ main(int argc, /* I - Number of comm + ippAddBoolean(request, IPP_TAG_OPERATION, "last-document", + (i + 1) >= num_files); + +- if (document_format) ++ if (num_files > 1) ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE, ++ "document-format", NULL, "application/octet-stream"); ++ else if (document_format) + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_MIMETYPE, + "document-format", NULL, document_format); + diff --git a/SOURCES/cups-ippeve-web-support.patch b/SOURCES/cups-ippeve-web-support.patch new file mode 100644 index 0000000..d799c23 --- /dev/null +++ b/SOURCES/cups-ippeve-web-support.patch @@ -0,0 +1,315 @@ +diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c +index a604a8a..e678f24 100644 +--- a/cgi-bin/admin.c ++++ b/cgi-bin/admin.c +@@ -974,6 +974,13 @@ do_am_printer(http_t *http, /* I - HTTP connection */ + + cgiSetVariable("TEMPLATE_NAME", template); + } ++ ++ /* ++ * Set DEVICE_URI to the actual device uri, without make and model from ++ * html form. ++ */ ++ ++ cgiSetVariable("DEVICE_URI", var); + } + } + +@@ -1137,6 +1144,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */ + else if (!file && + (!cgiGetVariable("PPD_NAME") || cgiGetVariable("SELECT_MAKE"))) + { ++ int ipp_everywhere = !strncmp(var, "ipp://", 6) || !strncmp(var, "ipps://", 7) || (!strncmp(var, "dnssd://", 8) && (strstr(var, "_ipp._tcp") || strstr(var, "_ipps._tcp"))); ++ + if (modify && !cgiGetVariable("SELECT_MAKE")) + { + /* +@@ -1282,9 +1291,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */ + cgiStartHTML(title); + if (!cgiGetVariable("PPD_MAKE")) + cgiSetVariable("PPD_MAKE", cgiGetVariable("CURRENT_MAKE")); +- if (!modify) +- cgiSetVariable("CURRENT_MAKE_AND_MODEL", +- cgiGetArray("PPD_MAKE_AND_MODEL", 0)); ++ if (ipp_everywhere) ++ cgiSetVariable("SHOW_IPP_EVERYWHERE", "1"); + cgiCopyTemplateLang("choose-model.tmpl"); + cgiEndHTML(); + } +@@ -4219,6 +4227,11 @@ get_printer_ppd(const char *uri, /* I - Printer URI */ + host[256], /* Hostname */ + resource[256]; /* Resource path */ + int port; /* Port number */ ++ static const char * const pattrs[] = /* Printer attributes we need */ ++ { ++ "all", ++ "media-col-database" ++ }; + + + /* +@@ -4259,6 +4272,7 @@ get_printer_ppd(const char *uri, /* I - Printer URI */ + + request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); ++ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs); + response = cupsDoRequest(http, request, resource); + + if (!_ppdCreateFromIPP(buffer, bufsize, response)) +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index e5f89ee..b8139c8 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -3089,8 +3089,8 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ + cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); + cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); + cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); +- cupsFilePrintf(fp, "*NickName: \"%s\"\n", model); +- cupsFilePrintf(fp, "*ShortNickName: \"%s\"\n", model); ++ cupsFilePrintf(fp, "*NickName: \"%s - IPP Everywhere\"\n", model); ++ cupsFilePrintf(fp, "*ShortNickName: \"%s - IPP Everywhere\"\n", model); + + if ((attr = ippFindAttribute(response, "color-supported", IPP_TAG_BOOLEAN)) != NULL && ippGetBoolean(attr, 0)) + cupsFilePuts(fp, "*ColorDevice: True\n"); +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 5e9a985..4ed3c39 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -5829,6 +5829,12 @@ create_local_bg_thread( + ipp_t *request, /* Request to printer */ + *response; /* Response from printer */ + ipp_attribute_t *attr; /* Attribute in response */ ++ ipp_status_t status; /* Status code */ ++ static const char * const pattrs[] = /* Printer attributes we need */ ++ { ++ "all", ++ "media-col-database" ++ }; + + + /* +@@ -5861,12 +5867,35 @@ create_local_bg_thread( + cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Connected to %s:%d, sending Get-Printer-Attributes request...", printer->name, host, port); + + request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); ++ ippSetVersion(request, 2, 0); + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri); +- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all"); ++ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs); + + response = cupsDoRequest(http, request, resource); ++ status = cupsLastError(); ++ ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString()); ++ ++ if (status == IPP_STATUS_ERROR_BAD_REQUEST || status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED) ++ { ++ /* ++ * Try request using IPP/1.1, in case we are talking to an old CUPS server or ++ * printer... ++ */ + +- cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s", printer->name, ippErrorString(cupsLastError())); ++ ippDelete(response); ++ ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Re-sending Get-Printer-Attributes request using IPP/1.1...", printer->name); ++ ++ request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); ++ ippSetVersion(request, 1, 1); ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri); ++ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all"); ++ ++ response = cupsDoRequest(http, request, resource); ++ ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString()); ++ } + + // TODO: Grab printer icon file... + httpClose(http); +@@ -5877,6 +5906,8 @@ create_local_bg_thread( + + if (_ppdCreateFromIPP(fromppd, sizeof(fromppd), response)) + { ++ _cupsRWLockWrite(&printer->lock); ++ + if ((!printer->info || !*(printer->info)) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL) + cupsdSetString(&printer->info, ippGetString(attr, 0, NULL)); + +@@ -5886,6 +5917,8 @@ create_local_bg_thread( + if ((!printer->geo_location || !*(printer->geo_location)) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL) + cupsdSetString(&printer->geo_location, ippGetString(attr, 0, NULL)); + ++ _cupsRWUnlock(&printer->lock); ++ + if ((from = cupsFileOpen(fromppd, "r")) == NULL) + { + cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Unable to read generated PPD: %s", printer->name, strerror(errno)); +diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c +index bb53565..f3510ca 100644 +--- a/systemv/lpadmin.c ++++ b/systemv/lpadmin.c +@@ -33,7 +33,7 @@ static int delete_printer_from_class(http_t *http, char *printer, + static int delete_printer_option(http_t *http, char *printer, + char *option); + static int enable_printer(http_t *http, char *printer); +-static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize); ++static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize, int *num_options, cups_option_t **options); + static cups_ptype_t get_printer_type(http_t *http, char *printer, char *uri, + size_t urisize); + static int set_printer_options(http_t *http, char *printer, +@@ -593,7 +593,7 @@ main(int argc, /* I - Number of command-line arguments */ + + if ((ppd_name = cupsGetOption("ppd-name", num_options, options)) != NULL && !strcmp(ppd_name, "everywhere") && (device_uri = cupsGetOption("device-uri", num_options, options)) != NULL) + { +- if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile))) == NULL) ++ if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile), &num_options, &options)) == NULL) + return (1); + + num_options = cupsRemoveOption("ppd-name", num_options, &options); +@@ -1144,20 +1144,29 @@ enable_printer(http_t *http, /* I - Server connection */ + * 'get_printer_ppd()' - Get an IPP Everywhere PPD file for the given URI. + */ + +-static char * /* O - Filename or NULL */ +-get_printer_ppd(const char *uri, /* I - Printer URI */ +- char *buffer, /* I - Filename buffer */ +- size_t bufsize) /* I - Size of filename buffer */ ++static char * /* O - Filename or NULL */ ++get_printer_ppd( ++ const char *uri, /* I - Printer URI */ ++ char *buffer, /* I - Filename buffer */ ++ size_t bufsize, /* I - Size of filename buffer */ ++ int *num_options, /* IO - Number of options */ ++ cups_option_t **options) /* IO - Options */ + { + http_t *http; /* Connection to printer */ + ipp_t *request, /* Get-Printer-Attributes request */ + *response; /* Get-Printer-Attributes response */ ++ ipp_attribute_t *attr; /* Attribute from response */ + char resolved[1024], /* Resolved URI */ + scheme[32], /* URI scheme */ + userpass[256], /* Username:password */ + host[256], /* Hostname */ + resource[256]; /* Resource path */ + int port; /* Port number */ ++ static const char * const pattrs[] = /* Attributes to use */ ++ { ++ "all", ++ "media-col-database" ++ }; + + + /* +@@ -1198,9 +1207,26 @@ get_printer_ppd(const char *uri, /* I - Printer URI */ + + request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); ++ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs); + response = cupsDoRequest(http, request, resource); + +- if (!_ppdCreateFromIPP(buffer, bufsize, response)) ++ if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE) ++ { ++ _cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString()); ++ buffer[0] = '\0'; ++ } ++ else if (_ppdCreateFromIPP(buffer, bufsize, response)) ++ { ++ if (!cupsGetOption("printer-geo-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL) ++ *num_options = cupsAddOption("printer-geo-location", ippGetString(attr, 0, NULL), *num_options, options); ++ ++ if (!cupsGetOption("printer-info", *num_options, *options) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL) ++ *num_options = cupsAddOption("printer-info", ippGetString(attr, 0, NULL), *num_options, options); ++ ++ if (!cupsGetOption("printer-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-location", IPP_TAG_TEXT)) != NULL) ++ *num_options = cupsAddOption("printer-location", ippGetString(attr, 0, NULL), *num_options, options); ++ } ++ else + _cupsLangPrintf(stderr, _("%s: Unable to create PPD file: %s"), "lpadmin", strerror(errno)); + + ippDelete(response); +diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl +index ee9338c..9c9b71f 100644 +--- a/templates/choose-model.tmpl ++++ b/templates/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + +diff --git a/templates/de/choose-model.tmpl b/templates/de/choose-model.tmpl +index cb9b6f3..c73ccb2 100644 +--- a/templates/de/choose-model.tmpl ++++ b/templates/de/choose-model.tmpl +@@ -39,6 +39,7 @@ Drucker {?printer_is_shared=?nicht:{?printer_is_shared=0?nicht:}} im Netzwerk fr + + + +diff --git a/templates/es/choose-model.tmpl b/templates/es/choose-model.tmpl +index 8a5a4ba..b5624f2 100644 +--- a/templates/es/choose-model.tmpl ++++ b/templates/es/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + +diff --git a/templates/fr/choose-model.tmpl b/templates/fr/choose-model.tmpl +index a4e771c..07cf93c 100644 +--- a/templates/fr/choose-model.tmpl ++++ b/templates/fr/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + +diff --git a/templates/ja/choose-model.tmpl b/templates/ja/choose-model.tmpl +index daf1375..6a6e4e4 100644 +--- a/templates/ja/choose-model.tmpl ++++ b/templates/ja/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + +diff --git a/templates/pt_BR/choose-model.tmpl b/templates/pt_BR/choose-model.tmpl +index 55d8bd8..0ed6a3c 100644 +--- a/templates/pt_BR/choose-model.tmpl ++++ b/templates/pt_BR/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + +diff --git a/templates/ru/choose-model.tmpl b/templates/ru/choose-model.tmpl +index 2f0d6d9..dedbd49 100644 +--- a/templates/ru/choose-model.tmpl ++++ b/templates/ru/choose-model.tmpl +@@ -39,6 +39,7 @@ + + + diff --git a/SOURCES/cups-kerberos.patch b/SOURCES/cups-kerberos.patch new file mode 100644 index 0000000..6d88c7f --- /dev/null +++ b/SOURCES/cups-kerberos.patch @@ -0,0 +1,23 @@ +diff --git a/backend/ipp.c b/backend/ipp.c +index f8bf7e1..8440d2f 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -422,8 +422,7 @@ main(int argc, /* I - Number of command-line args */ + * that way. + */ + +- if (!getuid() && (value = getenv("AUTH_UID")) != NULL && +- !getenv("AUTH_PASSWORD")) ++ if (!getuid() && (value = getenv("AUTH_UID")) != NULL) + { + uid_t uid = (uid_t)atoi(value); + /* User ID */ +@@ -457,7 +456,7 @@ main(int argc, /* I - Number of command-line args */ + + # else /* No XPC, just try to run as the user ID */ + if (uid > 0) +- seteuid(uid); ++ setuid(uid); + # endif /* HAVE_XPC */ + } + #endif /* HAVE_GSSAPI */ diff --git a/SOURCES/cups-logrotate.patch b/SOURCES/cups-logrotate.patch new file mode 100644 index 0000000..6b8eb8c --- /dev/null +++ b/SOURCES/cups-logrotate.patch @@ -0,0 +1,63 @@ +diff -up cups-2.1b1/scheduler/log.c.logrotate cups-2.1b1/scheduler/log.c +--- cups-2.1b1/scheduler/log.c.logrotate 2015-06-04 20:00:31.000000000 +0200 ++++ cups-2.1b1/scheduler/log.c 2015-06-29 13:25:09.623350218 +0200 +@@ -26,6 +26,9 @@ + # include + #endif /* HAVE_ASL_H */ + #include ++#include ++#include ++#include + + + /* +@@ -135,12 +138,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I + } + + /* +- * Format the filename as needed... ++ * Format the filename... + */ + +- if (!*lf || +- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize && +- MaxLogSize > 0)) ++ if (strncmp(logname, "/dev/", 5)) + { + /* + * Handle format strings... +@@ -254,6 +255,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I + /* + * Change ownership and permissions of non-device logs... + */ ++ ++ fchown(cupsFileNumber(*lf), RunUser, Group); ++ fchmod(cupsFileNumber(*lf), LogFilePerm); ++ } ++ } ++ ++ /* ++ * Has someone else (i.e. logrotate) already rotated the log for us? ++ */ ++ else if (strncmp(filename, "/dev/", 5)) ++ { ++ struct stat st; ++ if (stat(filename, &st) || st.st_size == 0) ++ { ++ /* File is either missing or has zero size. */ ++ ++ cupsFileClose(*lf); ++ if ((*lf = cupsFileOpen(filename, "a")) == NULL) ++ { ++ syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename, ++ strerror(errno)); ++ ++ return (0); ++ } ++ ++ /* ++ * Change ownership and permissions of non-device logs... ++ */ + + fchown(cupsFileNumber(*lf), RunUser, Group); + fchmod(cupsFileNumber(*lf), LogFilePerm); diff --git a/SOURCES/cups-logs.patch b/SOURCES/cups-logs.patch new file mode 100644 index 0000000..5698618 --- /dev/null +++ b/SOURCES/cups-logs.patch @@ -0,0 +1,100 @@ +diff --git a/scheduler/log.c b/scheduler/log.c +index 33cdac6..d66bbf9 100644 +--- a/scheduler/log.c ++++ b/scheduler/log.c +@@ -597,51 +597,6 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */ + if (level > LogLevel && LogDebugHistory <= 0) + return (1); + +-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H +- if (!strcmp(ErrorLog, "syslog")) +- { +- cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL; +- static const char * const job_states[] = +- { /* job-state strings */ +- "Pending", +- "PendingHeld", +- "Processing", +- "ProcessingStopped", +- "Canceled", +- "Aborted", +- "Completed" +- }; +- +- va_start(ap, message); +- +- do +- { +- va_copy(ap2, ap); +- status = format_log_line(message, ap2); +- va_end(ap2); +- } +- while (status == 0); +- +- va_end(ap); +- +- if (job) +- sd_journal_send("MESSAGE=%s", log_line, +- "PRIORITY=%i", log_levels[level], +- PWG_Event"=JobStateChanged", +- PWG_ServiceURI"=%s", printer ? printer->uri : "", +- PWG_JobID"=%d", job->id, +- PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING], +- PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0), +- NULL); +- else +- sd_journal_send("MESSAGE=%s", log_line, +- "PRIORITY=%i", log_levels[level], +- NULL); +- +- return (1); +- } +-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ +- + /* + * Format and write the log message... + */ +@@ -705,7 +660,43 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */ + return (1); + } + else if (level <= LogLevel) ++ { ++#ifdef HAVE_SYSTEMD_SD_JOURNAL_H ++ if (!strcmp(ErrorLog, "syslog")) ++ { ++ cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL; ++ static const char * const job_states[] = ++ { /* job-state strings */ ++ "Pending", ++ "PendingHeld", ++ "Processing", ++ "ProcessingStopped", ++ "Canceled", ++ "Aborted", ++ "Completed" ++ }; ++ ++ if (job) ++ sd_journal_send("MESSAGE=%s", log_line, ++ "PRIORITY=%i", log_levels[level], ++ PWG_Event"=JobStateChanged", ++ PWG_ServiceURI"=%s", printer ? printer->uri : "", ++ PWG_JobID"=%d", job->id, ++ PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING], ++ PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0), ++ NULL); ++ else ++ sd_journal_send("MESSAGE=%s", log_line, ++ "PRIORITY=%i", log_levels[level], ++ NULL); ++ ++ return (1); ++ } ++ else ++#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ ++ + return (cupsdWriteErrorLog(level, log_line)); ++ } + else + return (1); + } diff --git a/SOURCES/cups-lpr-help.patch b/SOURCES/cups-lpr-help.patch new file mode 100644 index 0000000..f025698 --- /dev/null +++ b/SOURCES/cups-lpr-help.patch @@ -0,0 +1,48 @@ +diff -up cups-2.2b2/berkeley/lpr.c.lpr-help cups-2.2b2/berkeley/lpr.c +--- cups-2.2b2/berkeley/lpr.c.lpr-help 2016-06-24 17:43:35.000000000 +0200 ++++ cups-2.2b2/berkeley/lpr.c 2016-06-27 15:11:30.646348752 +0200 +@@ -18,6 +18,31 @@ + #include + + ++static void ++usage (const char *name) ++{ ++ _cupsLangPrintf(stdout, ++"Usage: %s [OPTION] [ file(s) ]\n" ++"Print files.\n\n" ++" -E force encryption\n" ++" -H server[:port] specify alternate server\n" ++" -C title, -J title, -T title\n" ++" set the job name\n\n" ++" -P destination/instance print to named printer\n" ++" -U username specify alternate username\n" ++" -# num-copies set number of copies\n" ++" -h disable banner printing\n" ++" -l print without filtering\n" ++" -m send email on completion\n" ++" -o option[=value] set a job option\n" ++" -p format text file with header\n" ++" -q hold job for printing\n" ++" -r delete files after printing\n" ++"\nWith no file given, read standard input.\n" ++, name); ++} ++ ++ + /* + * 'main()' - Parse options and send files for printing. + */ +@@ -281,6 +306,12 @@ main(int argc, /* I - Number of comm + break; + + default : ++ if (!strcmp (argv[i], "--help")) ++ { ++ usage (argv[0]); ++ return (0); ++ } ++ + _cupsLangPrintf(stderr, _("%s: Error - unknown option \"%c\"."), argv[0], *opt); + return (1); + } diff --git a/SOURCES/cups-lspp.patch b/SOURCES/cups-lspp.patch new file mode 100644 index 0000000..13cfb16 --- /dev/null +++ b/SOURCES/cups-lspp.patch @@ -0,0 +1,1997 @@ +diff -up cups-2.2.5/config.h.in.lspp cups-2.2.5/config.h.in +--- cups-2.2.5/config.h.in.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/config.h.in 2017-10-17 19:06:19.640228964 +0200 +@@ -730,4 +730,11 @@ static __inline int _cups_abs(int i) { r + # endif /* __GNUC__ || __STDC_VERSION__ */ + #endif /* !HAVE_ABS && !abs */ + ++/* ++ * Are we trying to meet LSPP requirements? ++ */ ++ ++#undef WITH_LSPP ++ ++ + #endif /* !_CUPS_CONFIG_H_ */ +diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/cups-lspp.m4 +--- cups-2.2.5/config-scripts/cups-lspp.m4.lspp 2017-10-17 19:06:19.640228964 +0200 ++++ cups-2.2.5/config-scripts/cups-lspp.m4 2017-10-17 19:06:19.640228964 +0200 +@@ -0,0 +1,36 @@ ++dnl ++dnl LSPP code for the Common UNIX Printing System (CUPS). ++dnl ++dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P. ++dnl ++dnl This program is free software; you can redistribute it and/or modify ++dnl it under the terms of the GNU General Public License as published by ++dnl the Free Software Foundation; version 2. ++dnl ++dnl This program is distributed in the hope that it will be useful, but ++dnl WITHOUT ANY WARRANTY; without even the implied warranty of ++dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++dnl General Public License for more details. ++dnl ++dnl You should have received a copy of the GNU General Public License ++dnl along with this program; if not, write to the Free Software Foundation, ++dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA ++dnl ++ ++dnl Are we trying to meet LSPP requirements ++AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) ++ ++if test x"$enable_lspp" != xno; then ++ case "$uname" in ++ Linux) ++ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) ++ AC_CHECK_HEADER(libaudit.h) ++ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)]) ++ AC_CHECK_HEADER(selinux/selinux.h) ++ AC_DEFINE(WITH_LSPP) ++ ;; ++ *) ++ # All others ++ ;; ++ esac ++fi +diff -up cups-2.2.5/configure.ac.lspp cups-2.2.5/configure.ac +--- cups-2.2.5/configure.ac.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/configure.ac 2017-10-17 19:06:19.640228964 +0200 +@@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4) + sinclude(config-scripts/cups-defaults.m4) + sinclude(config-scripts/cups-scripting.m4) + ++sinclude(config-scripts/cups-lspp.m4) ++ + INSTALL_LANGUAGES="" + UNINSTALL_LANGUAGES="" + LANGFILES="" +diff -up cups-2.2.5/filter/common.c.lspp cups-2.2.5/filter/common.c +--- cups-2.2.5/filter/common.c.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/filter/common.c 2017-10-17 19:06:19.640228964 +0200 +@@ -17,6 +17,12 @@ + * Include necessary headers... + */ + ++#include "config.h" ++#ifdef WITH_LSPP ++#define _GNU_SOURCE ++#include ++#endif /* WITH_LSPP */ ++ + #include "common.h" + #include + +@@ -299,6 +305,18 @@ WriteLabelProlog(const char *label, /* I + { + const char *classification; /* CLASSIFICATION environment variable */ + const char *ptr; /* Temporary string pointer */ ++#ifdef WITH_LSPP ++ int i, /* counter */ ++ n, /* counter */ ++ lines, /* number of lines needed */ ++ line_len, /* index into tmp_label */ ++ label_len, /* length of the label in characters */ ++ label_index, /* index into the label */ ++ longest, /* length of the longest line */ ++ longest_line, /* index to the longest line */ ++ max_width; /* maximum width in characters */ ++ char **wrapped_label; /* label with line breaks */ ++#endif /* WITH_LSPP */ + + + /* +@@ -321,6 +339,124 @@ WriteLabelProlog(const char *label, /* I + return; + } + ++#ifdef WITH_LSPP ++ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) ++ { ++ /* ++ * Based on the 12pt fixed width font below determine the max_width ++ */ ++ max_width = width / 8; ++ longest_line = 0; ++ longest = 0; ++ classification += 5; // Skip the "LSPP:" ++ label_len = strlen(classification); ++ ++ if (label_len > max_width) ++ { ++ lines = 1 + (int)(label_len / max_width); ++ line_len = (int)(label_len / lines); ++ wrapped_label = malloc(sizeof(*wrapped_label) * lines); ++ label_index = i = n = 0; ++ while (classification[label_index]) ++ { ++ if ((label_index + line_len) > label_len) ++ break; ++ switch (classification[label_index + line_len + i]) ++ { ++ case ':': ++ case ',': ++ case '-': ++ i++; ++ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); ++ label_index += line_len + i; ++ i = 0; ++ break; ++ default: ++ i++; ++ break; ++ } ++ if ((i + line_len) == max_width) ++ { ++ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); ++ label_index = label_index + line_len + i; ++ i = 0; ++ } ++ } ++ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); ++ } ++ else ++ { ++ lines = 1; ++ wrapped_label = malloc(sizeof(*wrapped_label)); ++ wrapped_label[0] = (char*)classification; ++ } ++ ++ for (n = 0; n < lines; n++ ) ++ { ++ printf("userdict/ESPp%c(", ('a' + n)); ++ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) ++ if (*ptr < 32 || *ptr > 126) ++ printf("\\%03o", *ptr); ++ else ++ { ++ if (*ptr == '(' || *ptr == ')' || *ptr == '\\') ++ putchar('\\'); ++ ++ printf("%c", *ptr); ++ } ++ if (i > longest) ++ { ++ longest = i; ++ longest_line = n; ++ } ++ printf(")put\n"); ++ } ++ ++ /* ++ * For LSPP use a fixed width font so that line wrapping can be calculated ++ */ ++ ++ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); ++ ++ /* ++ * Finally, the procedure to write the labels on the page... ++ */ ++ ++ printf("userdict/ESPwl{\n" ++ " ESPlf setfont\n"); ++ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", ++ 'a' + longest_line, width * 0.5f); ++ for (n = 1; n < lines; n++) ++ printf(" dup"); ++ printf("\n 1 setgray\n"); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", ++ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", ++ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); ++ printf(" 0 setgray\n"); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", ++ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", ++ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); ++ for (n = 0; n < lines; n ++) ++ { ++ printf(" dup %.0f moveto ESPp%c show\n", ++ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); ++ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); ++ } ++ printf(" pop\n" ++ "}bind put\n"); ++ ++ /* ++ * Do some clean up at the end of the LSPP special case ++ */ ++ free(wrapped_label); ++ ++ } ++ else ++ { ++#endif /* !WITH_LSPP */ ++ + /* + * Set the classification + page label string... + */ +@@ -401,7 +537,10 @@ WriteLabelProlog(const char *label, /* I + printf(" %.0f moveto ESPpl show\n", top - 14.0); + puts("pop"); + puts("}bind put"); ++ } ++#ifdef WITH_LSPP + } ++#endif /* WITH_LSPP */ + + + /* +diff -up cups-2.2.5/filter/pstops.c.lspp cups-2.2.5/filter/pstops.c +--- cups-2.2.5/filter/pstops.c.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/filter/pstops.c 2017-10-17 19:06:19.641228955 +0200 +@@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /* + { + const char *classification; /* CLASSIFICATION environment variable */ + const char *ptr; /* Temporary string pointer */ ++#ifdef WITH_LSPP ++ int i, /* counter */ ++ n, /* counter */ ++ lines, /* number of lines needed */ ++ line_len, /* index into tmp_label */ ++ label_len, /* length of the label in characters */ ++ label_index, /* index into the label */ ++ longest, /* length of the longest line */ ++ longest_line, /* index to the longest line */ ++ max_width; /* maximum width in characters */ ++ char **wrapped_label; /* label with line breaks */ ++#endif /* WITH_LSPP */ + + + /* +@@ -3198,6 +3210,124 @@ write_label_prolog(pstops_doc_t *doc, /* + return; + } + ++#ifdef WITH_LSPP ++ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) ++ { ++ /* ++ * Based on the 12pt fixed width font below determine the max_width ++ */ ++ max_width = width / 8; ++ longest_line = 0; ++ longest = 0; ++ classification += 5; // Skip the "LSPP:" ++ label_len = strlen(classification); ++ ++ if (label_len > max_width) ++ { ++ lines = 1 + (int)(label_len / max_width); ++ line_len = (int)(label_len / lines); ++ wrapped_label = malloc(sizeof(*wrapped_label) * lines); ++ label_index = i = n = 0; ++ while (classification[label_index]) ++ { ++ if ((label_index + line_len) > label_len) ++ break; ++ switch (classification[label_index + line_len + i]) ++ { ++ case ':': ++ case ',': ++ case '-': ++ i++; ++ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); ++ label_index += line_len + i; ++ i = 0; ++ break; ++ default: ++ i++; ++ break; ++ } ++ if ((i + line_len) == max_width) ++ { ++ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); ++ label_index = label_index + line_len + i; ++ i = 0; ++ } ++ } ++ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); ++ } ++ else ++ { ++ lines = 1; ++ wrapped_label = malloc(sizeof(*wrapped_label)); ++ wrapped_label[0] = (char*)classification; ++ } ++ ++ for (n = 0; n < lines; n++ ) ++ { ++ printf("userdict/ESPp%c(", ('a' + n)); ++ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) ++ if (*ptr < 32 || *ptr > 126) ++ printf("\\%03o", *ptr); ++ else ++ { ++ if (*ptr == '(' || *ptr == ')' || *ptr == '\\') ++ putchar('\\'); ++ ++ printf("%c", *ptr); ++ } ++ if (i > longest) ++ { ++ longest = i; ++ longest_line = n; ++ } ++ printf(")put\n"); ++ } ++ ++ /* ++ * For LSPP use a fixed width font so that line wrapping can be calculated ++ */ ++ ++ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); ++ ++ /* ++ * Finally, the procedure to write the labels on the page... ++ */ ++ ++ printf("userdict/ESPwl{\n" ++ " ESPlf setfont\n"); ++ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", ++ 'a' + longest_line, width * 0.5f); ++ for (n = 1; n < lines; n++) ++ printf(" dup"); ++ printf("\n 1 setgray\n"); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", ++ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", ++ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); ++ printf(" 0 setgray\n"); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", ++ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); ++ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", ++ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); ++ for (n = 0; n < lines; n ++) ++ { ++ printf(" dup %.0f moveto ESPp%c show\n", ++ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); ++ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); ++ } ++ printf(" pop\n" ++ "}bind put\n"); ++ ++ /* ++ * Do some clean up at the end of the LSPP special case ++ */ ++ free(wrapped_label); ++ ++ } ++ else ++ { ++#endif /* !WITH_LSPP */ ++ + /* + * Set the classification + page label string... + */ +@@ -3276,7 +3406,10 @@ write_label_prolog(pstops_doc_t *doc, /* + doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); + doc_puts(doc, "pop\n"); + doc_puts(doc, "}bind put\n"); ++ } ++#ifdef WITH_LSPP + } ++#endif /* WITH_LSPP */ + + + /* +diff -up cups-2.2.5/Makedefs.in.lspp cups-2.2.5/Makedefs.in +--- cups-2.2.5/Makedefs.in.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/Makedefs.in 2017-10-17 19:06:19.641228955 +0200 +@@ -161,7 +161,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f + @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) + LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) + LINKCUPSIMAGE = @LINKCUPSIMAGE@ +-LIBS = $(LINKCUPS) $(COMMONLIBS) ++LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ + ONDEMANDFLAGS = @ONDEMANDFLAGS@ + ONDEMANDLIBS = @ONDEMANDLIBS@ + OPTIM = @OPTIM@ +diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c +--- cups-2.2.5/scheduler/client.c.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/client.c 2017-10-17 19:06:19.689228556 +0200 +@@ -22,12 +22,20 @@ + #define _HTTP_NO_PRIVATE + #include "cupsd.h" + ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif /* !defined(_GNU_SOURCE) */ + #ifdef __APPLE__ + # include + #endif /* __APPLE__ */ + #ifdef HAVE_TCPD_H + # include + #endif /* HAVE_TCPD_H */ ++#ifdef WITH_LSPP ++# include ++# include ++# include ++#endif /* WITH_LSPP */ + + + /* +@@ -268,6 +276,59 @@ cupsdAcceptClient(cupsd_listener_t *lis) + } + #endif /* HAVE_TCPD_H */ + ++#ifdef WITH_LSPP ++ if (is_lspp_config()) ++ { ++ struct ucred cr; ++ unsigned int cl=sizeof(cr); ++ ++ if (getsockopt(httpGetFd(con->http), SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) ++ { ++ /* ++ * client_pid_to_auid() can be racey ++ * In this case the pid is based on a socket connected to the client ++ */ ++ if ((con->auid = client_pid_to_auid(cr.pid)) == -1) ++ { ++ httpClose(con->http); ++ cupsdLogClient(con, CUPSD_LOG_ERROR, ++ "Unable to determine client auid for client pid=%d", ++ cr.pid); ++ free(con); ++ return; ++ } ++ cupsdLogClient(con, CUPSD_LOG_INFO, ++ "peer's pid=%d, uid=%d, gid=%d, auid=%d", ++ cr.pid, cr.uid, cr.gid, con->auid); ++ } ++ else ++ { ++ httpClose(con->http); ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed"); ++ free(con); ++ return; ++ } ++ ++ /* ++ * get the context of the peer connection ++ */ ++ if (getpeercon(httpGetFd(con->http), &con->scon)) ++ { ++ httpClose(con->http); ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed"); ++ free(con); ++ return; ++ } ++ ++ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon); ++ } ++ else ++ { ++ cupsdLogClient(con, CUPSD_LOG_DEBUG, "skipping getpeercon()"); ++ cupsdSetString(&con->scon, UNKNOWN_SL); ++ } ++#endif /* WITH_LSPP */ ++ + #ifdef AF_LOCAL + if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) + { +@@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con) /* + mime_type_t *type; /* MIME type of file */ + cupsd_printer_t *p; /* Printer */ + static unsigned request_id = 0; /* Request ID for temp files */ ++#ifdef WITH_LSPP ++ security_context_t spoolcon; /* context of the job file */ ++ context_t clicon; /* contex_t container for con->scon */ ++ context_t tmpcon; /* temp context to swap the level */ ++ char *clirange; /* SELinux sensitivity range */ ++ char *cliclearance; /* SELinux low end clearance */ ++#endif /* WITH_LSPP */ + + + status = HTTP_STATUS_CONTINUE; +@@ -1926,6 +1994,73 @@ cupsdReadClient(cupsd_client_t *con) /* + fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); + } + ++#ifdef WITH_LSPP ++ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) ++ { ++ if (getfilecon(con->filename, &spoolcon) == -1) ++ { ++ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); ++ cupsdCloseClient(con); ++ return; ++ } ++ clicon = context_new(con->scon); ++ tmpcon = context_new(spoolcon); ++ freecon(spoolcon); ++ if (!clicon || !tmpcon) ++ { ++ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); ++ if (clicon) ++ context_free(clicon); ++ if (tmpcon) ++ context_free(tmpcon); ++ cupsdCloseClient(con); ++ return; ++ } ++ clirange = (char *) context_range_get(clicon); ++ if (clirange) ++ { ++ clirange = strdup(clirange); ++ if ((cliclearance = strtok(clirange, "-")) != NULL) ++ { ++ if (context_range_set(tmpcon, cliclearance) == -1) ++ { ++ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); ++ free(clirange); ++ context_free(tmpcon); ++ context_free(clicon); ++ cupsdCloseClient(con); ++ return; ++ } ++ } ++ else ++ { ++ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) ++ { ++ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); ++ free(clirange); ++ context_free(tmpcon); ++ context_free(clicon); ++ cupsdCloseClient(con); ++ return; ++ } ++ } ++ free(clirange); ++ } ++ if (setfilecon(con->filename, context_str(tmpcon)) == -1) ++ { ++ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); ++ context_free(tmpcon); ++ context_free(clicon); ++ cupsdCloseClient(con); ++ return; ++ } ++ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s", ++ con->filename, context_str(tmpcon)); ++ context_free(tmpcon); ++ context_free(clicon); ++ } ++#endif /* WITH_LSPP */ ++ + if (httpGetState(con->http) != HTTP_STATE_POST_SEND) + { + if (!httpWait(con->http, 0)) +@@ -3456,6 +3591,49 @@ is_path_absolute(const char *path) /* I + return (1); + } + ++#ifdef WITH_LSPP ++/* ++ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid. ++ */ ++ ++uid_t client_pid_to_auid(pid_t clipid) ++{ ++ uid_t uid; ++ int len, in; ++ char buf[16] = {0}; ++ char fname[32] = {0}; ++ ++ ++ /* ++ * Hopefully this pid is still the one we are interested in. ++ */ ++ snprintf(fname, 32, "/proc/%d/loginuid", clipid); ++ in = open(fname, O_NOFOLLOW|O_RDONLY); ++ ++ if (in < 0) ++ return (uid_t) -1; ++ ++ errno = 0; ++ ++ do { ++ len = read(in, buf, sizeof(buf)); ++ } while (len < 0 && errno == EINTR); ++ ++ close(in); ++ ++ if (len < 0 || len >= sizeof(buf)) ++ return (uid_t) -1; ++ ++ errno = 0; ++ buf[len] = 0; ++ uid = strtol(buf, 0, 10); ++ ++ if (errno != 0) ++ return (uid_t) -1; ++ else ++ return uid; ++} ++#endif /* WITH_LSPP */ + + /* + * 'pipe_command()' - Pipe the output of a command to the remote client. +diff -up cups-2.2.5/scheduler/client.h.lspp cups-2.2.5/scheduler/client.h +--- cups-2.2.5/scheduler/client.h.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/client.h 2017-10-17 19:06:19.690228548 +0200 +@@ -16,6 +16,13 @@ + #endif /* HAVE_AUTHORIZATION_H */ + + ++/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ ++ ++#ifdef WITH_LSPP ++#include ++#endif /* WITH_LSPP */ ++ + /* + * HTTP client structure... + */ +@@ -65,6 +72,10 @@ struct cupsd_client_s + #ifdef HAVE_AUTHORIZATION_H + AuthorizationRef authref; /* Authorization ref */ + #endif /* HAVE_AUTHORIZATION_H */ ++#ifdef WITH_LSPP ++ security_context_t scon; /* Security context of connection */ ++ uid_t auid; /* Audit loginuid of the client */ ++#endif /* WITH_LSPP */ + }; + + #define HTTP(con) ((con)->http) +@@ -138,6 +149,9 @@ extern void cupsdStartListening(void); + extern void cupsdStopListening(void); + extern void cupsdUpdateCGI(void); + extern void cupsdWriteClient(cupsd_client_t *con); ++#ifdef WITH_LSPP ++extern uid_t client_pid_to_auid(pid_t clipid); ++#endif /* WITH_LSPP */ + + #ifdef HAVE_SSL + extern int cupsdEndTLS(cupsd_client_t *con); +diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c +--- cups-2.2.5/scheduler/conf.c.lspp 2017-10-17 19:06:19.637228989 +0200 ++++ cups-2.2.5/scheduler/conf.c 2017-10-17 19:06:19.691228540 +0200 +@@ -40,6 +40,9 @@ + # define INADDR_NONE 0xffffffff + #endif /* !INADDR_NONE */ + ++#ifdef WITH_LSPP ++# include ++#endif /* WITH_LSPP */ + + /* + * Configuration variable structure... +@@ -131,6 +134,10 @@ static const cupsd_var_t cupsd_vars[] = + { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, + { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN }, + { "Timeout", &Timeout, CUPSD_VARTYPE_TIME }, ++#ifdef WITH_LSPP ++ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, ++ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, ++#endif /* WITH_LSPP */ + { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } + }; + static const cupsd_var_t cupsfiles_vars[] = +@@ -544,6 +551,9 @@ cupsdReadConfiguration(void) + const char *tmpdir; /* TMPDIR environment variable */ + struct stat tmpinfo; /* Temporary directory info */ + cupsd_policy_t *p; /* Policy */ ++#ifdef WITH_LSPP ++ char *audit_message; /* Audit message string */ ++#endif /* WITH_LSPP */ + + + /* +@@ -866,6 +876,25 @@ cupsdReadConfiguration(void) + + RunUser = getuid(); + ++#ifdef WITH_LSPP ++ if (AuditLog != -1) ++ { ++ /* ++ * ClassifyOverride is set during read_configuration, if its ON, report it now ++ */ ++ if (ClassifyOverride) ++ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, ++ "[Config] ClassifyOverride=enabled Users can override print banners", ++ ServerName, NULL, NULL, 1); ++ /* ++ * PerPageLabel is set during read_configuration, if its OFF, report it now ++ */ ++ if (!PerPageLabels) ++ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, ++ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1); ++ } ++#endif /* WITH_LSPP */ ++ + cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", + RemotePort ? "enabled" : "disabled"); + +@@ -1286,7 +1315,19 @@ cupsdReadConfiguration(void) + cupsdClearString(&Classification); + + if (Classification) ++ { + cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification); ++#ifdef WITH_LSPP ++ if (AuditLog != -1) ++ { ++ audit_message = NULL; ++ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification); ++ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, ++ ServerName, NULL, NULL, 1); ++ cupsdClearString(&audit_message); ++ } ++#endif /* WITH_LSPP */ ++ } + + /* + * Check the MaxClients setting, and then allocate memory for it... +@@ -3770,6 +3811,18 @@ read_location(cups_file_t *fp, /* I - C + return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); + } + ++#ifdef WITH_LSPP ++int is_lspp_config() ++{ ++ if (Classification != NULL) ++ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) ++ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0) ++ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0)); ++ else ++ return 0; ++} ++#endif /* WITH_LSPP */ ++ + + /* + * 'read_policy()' - Read a definition. +diff -up cups-2.2.5/scheduler/conf.h.lspp cups-2.2.5/scheduler/conf.h +--- cups-2.2.5/scheduler/conf.h.lspp 2017-10-17 19:06:19.585229421 +0200 ++++ cups-2.2.5/scheduler/conf.h 2017-10-17 19:06:19.691228540 +0200 +@@ -250,6 +250,13 @@ VAR char *ServerKeychain VALUE(NULL); + /* Keychain holding cert + key */ + #endif /* HAVE_SSL */ + ++#ifdef WITH_LSPP ++VAR int AuditLog VALUE(-1), ++ /* File descriptor for audit */ ++ PerPageLabels VALUE(TRUE); ++ /* Put the label on each page */ ++#endif /* WITH_LSPP */ ++ + #ifdef HAVE_ONDEMAND + VAR int IdleExitTimeout VALUE(60); + /* Time after which an idle cupsd will exit */ +@@ -268,6 +275,9 @@ VAR int HaveServerCreds VALUE(0); + VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */ + #endif /* HAVE_GSSAPI */ + ++#ifdef WITH_LSPP ++extern int is_lspp_config(void); ++#endif /* WITH_LSPP */ + + /* + * Prototypes... +diff -up cups-2.2.5/scheduler/cupsd.h.lspp cups-2.2.5/scheduler/cupsd.h +--- cups-2.2.5/scheduler/cupsd.h.lspp 2017-10-17 19:06:19.626229080 +0200 ++++ cups-2.2.5/scheduler/cupsd.h 2017-10-17 19:06:19.691228540 +0200 +@@ -11,6 +11,8 @@ + * file is missing or damaged, see the license at "http://www.cups.org/". + */ + ++/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ + + /* + * Include necessary headers. +@@ -36,13 +38,20 @@ + # include + #endif /* WIN32 */ + ++#include "config.h" ++#ifdef WITH_LSPP ++# define MLS_CONFIG "mls" ++# define TE_CONFIG "te" ++# define SELINUX_CONFIG "SELinux" ++# define UNKNOWN_SL "UNKNOWN SL" ++#endif /* WITH_LSPP */ ++ + #include "mime.h" + + #if defined(HAVE_CDSASSL) + # include + #endif /* HAVE_CDSASSL */ + +- + /* + * Some OS's don't have hstrerror(), most notably Solaris... + */ +diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c +--- cups-2.2.5/scheduler/ipp.c.lspp 2017-10-17 19:06:19.599229305 +0200 ++++ cups-2.2.5/scheduler/ipp.c 2017-10-17 19:06:19.695228506 +0200 +@@ -14,6 +14,9 @@ + * missing or damaged, see the license at "http://www.cups.org/". + */ + ++/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ ++ + /* + * Include necessary headers... + */ +@@ -37,6 +40,14 @@ extern int mbr_check_membership_by_id(uu + # endif /* HAVE_MEMBERSHIPPRIV_H */ + #endif /* __APPLE__ */ + ++#ifdef WITH_LSPP ++#include ++#include ++#include ++#include ++#include ++#include ++#endif /* WITH_LSPP */ + + /* + * Local functions... +@@ -61,6 +72,9 @@ static void cancel_all_jobs(cupsd_client + static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); + static void cancel_subscription(cupsd_client_t *con, int id); + static int check_rss_recipient(const char *recipient); ++#ifdef WITH_LSPP ++static int check_context(cupsd_client_t *con, cupsd_job_t *job); ++#endif /* WITH_LSPP */ + static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); + static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); + static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, +@@ -1286,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl + "time-at-creation", + "time-at-processing" + }; ++#ifdef WITH_LSPP ++ char *audit_message; /* Audit message string */ ++ char *printerfile; /* device file pointed to by the printer */ ++ char *userheader = NULL; /* User supplied job-sheets[0] */ ++ char *userfooter = NULL; /* User supplied job-sheets[1] */ ++ int override = 0; /* Was a banner overrode on a job */ ++ security_id_t clisid; /* SELinux SID for the client */ ++ security_id_t psid; /* SELinux SID for the printer */ ++ context_t printercon; /* Printer's context string */ ++ struct stat printerstat; /* Printer's stat buffer */ ++ security_context_t devcon; /* Printer's SELinux context */ ++ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ ++ security_class_t tclass; /* Object class for the SELinux check */ ++ access_vector_t avr; /* Access method being requested */ ++#endif /* WITH_LSPP */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", +@@ -1597,6 +1626,106 @@ add_job(cupsd_client_t *con, /* I - Cl + return (NULL); + } + ++#ifdef WITH_LSPP ++ if (is_lspp_config()) ++ { ++ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name); ++ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes.")); ++ return (NULL); ++ } ++ ++ /* ++ * Perform an access check so that if the user gets feedback at enqueue time ++ */ ++ ++ printerfile = strstr(printer->device_uri, "/dev/"); ++ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) ++ printerfile = printer->device_uri + strlen("file:"); ++ ++ if (printerfile != NULL) ++ { ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s", ++ printerfile); ++ ++ if (lstat(printerfile, &printerstat) < 0) ++ { ++ if (errno != ENOENT) ++ { ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")); ++ return (NULL); ++ } ++ /* ++ * The printer does not exist, so for now assume it's a FileDevice ++ */ ++ tclass = SECCLASS_FILE; ++ avr = FILE__WRITE; ++ } ++ else if (S_ISCHR(printerstat.st_mode)) ++ { ++ tclass = SECCLASS_CHR_FILE; ++ avr = CHR_FILE__WRITE; ++ } ++ else if (S_ISREG(printerstat.st_mode)) ++ { ++ tclass = SECCLASS_FILE; ++ avr = FILE__WRITE; ++ } ++ else ++ { ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file")); ++ return (NULL); ++ } ++ static int avc_initialized = 0; ++ if (!avc_initialized++) ++ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); ++ avc_entry_ref_init(&avcref); ++ if (avc_context_to_sid(con->scon, &clisid) != 0) ++ { ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client")); ++ return (NULL); ++ } ++ if (getfilecon(printerfile, &devcon) == -1) ++ { ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer")); ++ return (NULL); ++ } ++ printercon = context_new(devcon); ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s", ++ context_str(printercon), con->scon); ++ context_free(printercon); ++ ++ if (avc_context_to_sid(devcon, &psid) != 0) ++ { ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer")); ++ freecon(devcon); ++ return (NULL); ++ } ++ freecon(devcon); ++ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) ++ { ++ /* ++ * The access check failed, so cancel the job and send an audit message ++ */ ++ if (AuditLog != -1) ++ { ++ audit_message = NULL; ++ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused" ++ " unable to access printer=%s", con->auid, ++ con->username, con->scon, printer->name); ++ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, ++ ServerName, NULL, NULL, 0); ++ cupsdClearString(&audit_message); ++ } ++ ++ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer")); ++ return (NULL); ++ } ++ } ++ } ++#endif /* WITH_LSPP */ ++ + if ((job = cupsdAddJob(priority, printer->name)) == NULL) + { + send_ipp_status(con, IPP_INTERNAL_ERROR, +@@ -1605,6 +1734,32 @@ add_job(cupsd_client_t *con, /* I - Cl + return (NULL); + } + ++#ifdef WITH_LSPP ++ if (is_lspp_config()) ++ { ++ /* ++ * duplicate the security context and auid of the connection into the job structure ++ */ ++ job->scon = strdup(con->scon); ++ job->auid = con->auid; ++ ++ /* ++ * add the security context to the request so that on a restart the security ++ * attributes will be able to be restored ++ */ ++ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", ++ NULL, job->scon); ++ } ++ else ++ { ++ /* ++ * Fill in the security context of the job as unlabeled ++ */ ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL); ++ cupsdSetString(&job->scon, UNKNOWN_SL); ++ } ++#endif /* WITH_LSPP */ ++ + job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); + job->attrs = con->request; + job->dirty = 1; +@@ -1794,6 +1949,29 @@ add_job(cupsd_client_t *con, /* I - Cl + ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); + ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); + } ++#ifdef WITH_LSPP ++ else ++ { ++ /* ++ * The option was present, so capture the user supplied strings ++ */ ++ userheader = strdup(attr->values[0].string.text); ++ ++ if (attr->num_values > 1) ++ userfooter = strdup(attr->values[1].string.text); ++ ++ if (Classification != NULL && (strcmp(userheader, Classification) == 0) ++ && userfooter &&(strcmp(userfooter, Classification) == 0)) ++ { ++ /* ++ * Since both values are Classification, the user is not trying to Override ++ */ ++ free(userheader); ++ if (userfooter) free(userfooter); ++ userheader = userfooter = NULL; ++ } ++ } ++#endif /* WITH_LSPP */ + + job->job_sheets = attr; + +@@ -1824,6 +2002,9 @@ add_job(cupsd_client_t *con, /* I - Cl + "job-sheets=\"%s,none\", " + "job-originating-user-name=\"%s\"", + Classification, job->username); ++#ifdef WITH_LSPP ++ override = 1; ++#endif /* WITH_LSPP */ + } + else if (attr->num_values == 2 && + strcmp(attr->values[0].string.text, +@@ -1842,6 +2023,9 @@ add_job(cupsd_client_t *con, /* I - Cl + "job-originating-user-name=\"%s\"", + attr->values[0].string.text, + attr->values[1].string.text, job->username); ++#ifdef WITH_LSPP ++ override = 1; ++#endif /* WITH_LSPP */ + } + else if (strcmp(attr->values[0].string.text, Classification) && + strcmp(attr->values[0].string.text, "none") && +@@ -1862,6 +2046,9 @@ add_job(cupsd_client_t *con, /* I - Cl + "job-originating-user-name=\"%s\"", + attr->values[0].string.text, + attr->values[1].string.text, job->username); ++#ifdef WITH_LSPP ++ override = 1; ++#endif /* WITH_LSPP */ + } + } + else if (strcmp(attr->values[0].string.text, Classification) && +@@ -1902,8 +2089,52 @@ add_job(cupsd_client_t *con, /* I - Cl + "job-sheets=\"%s\", " + "job-originating-user-name=\"%s\"", + Classification, job->username); ++#ifdef WITH_LSPP ++ override = 1; ++#endif /* WITH_LSPP */ + } ++#ifdef WITH_LSPP ++ if (is_lspp_config() && AuditLog != -1) ++ { ++ audit_message = NULL; ++ ++ if (userheader || userfooter) ++ { ++ if (!override) ++ { ++ /* ++ * The user overrode the banner, so audit it ++ */ ++ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" ++ " using banners=%s,%s", job->id, userheader, ++ userfooter, attr->values[0].string.text, ++ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); ++ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, ++ ServerName, NULL, NULL, 1); ++ } ++ else ++ { ++ /* ++ * The user tried to override the banner, audit the failure ++ */ ++ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" ++ " ignored banners=%s,%s", job->id, userheader, ++ userfooter, attr->values[0].string.text, ++ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); ++ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, ++ ServerName, NULL, NULL, 0); ++ } ++ cupsdClearString(&audit_message); ++ } ++ } ++ ++ if (userheader) ++ free(userheader); ++ if (userfooter) ++ free(userfooter); ++#endif /* WITH_LSPP */ + } ++ + + /* + * See if we need to add the starting sheet... +@@ -3686,6 +3917,128 @@ check_rss_recipient( + } + + ++#ifdef WITH_LSPP ++/* ++ * 'check_context()' - Check SELinux security context of a user and job ++ */ ++ ++static int /* O - 1 if OK, 0 if not, -1 on error */ ++check_context(cupsd_client_t *con, /* I - Client connection */ ++ cupsd_job_t *job) /* I - Job */ ++{ ++ int enforcing; /* is SELinux in enforcing mode */ ++ char filename[1024]; /* Filename of the spool file */ ++ security_id_t clisid; /* SELinux SID of the client */ ++ security_id_t jobsid; /* SELinux SID of the job */ ++ security_id_t filesid; /* SELinux SID of the spool file */ ++ struct avc_entry_ref avcref; /* AVC entry cache pointer */ ++ security_class_t tclass; /* SELinux security class */ ++ access_vector_t avr; /* SELinux access being queried */ ++ security_context_t spoolfilecon; /* SELinux context of the spool file */ ++ ++ ++ /* ++ * Validate the input to be sure there are contexts to work with... ++ */ ++ ++ if (con->scon == NULL || job->scon == NULL ++ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0 ++ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) ++ return -1; ++ ++ if ((enforcing = security_getenforce()) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Error while determining SELinux enforcement"); ++ return -1; ++ } ++ cupsdLogJob(job, CUPSD_LOG_DEBUG, ++ "check_context: client context %s job context %s", ++ con->scon, job->scon); ++ ++ ++ /* ++ * Initialize the avc engine... ++ */ ++ ++ static int avc_initialized = 0; ++ if (! avc_initialized++) ++ { ++ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init"); ++ return -1; ++ } ++ } ++ if (avc_context_to_sid(con->scon, &clisid) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "check_context: unable to convert %s to SELinux sid", ++ con->scon); ++ return -1; ++ } ++ if (avc_context_to_sid(job->scon, &jobsid) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "check_context: unable to convert %s to SELinux sid", ++ job->scon); ++ return -1; ++ } ++ avc_entry_ref_init(&avcref); ++ tclass = SECCLASS_FILE; ++ avr = FILE__READ; ++ ++ /* ++ * Perform the check with the client as the subject, first with the job as the object ++ * if that fails then with the spool file as the object... ++ */ ++ ++ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_INFO, ++ "check_context: SELinux denied access " ++ "based on the client context"); ++ ++ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); ++ if (getfilecon(filename, &spoolfilecon) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "check_context: Unable to get spoolfile context"); ++ return -1; ++ } ++ if (avc_context_to_sid(spoolfilecon, &filesid) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "check_context: Unable to determine the " ++ "SELinux sid for the spool file"); ++ freecon(spoolfilecon); ++ return -1; ++ } ++ freecon(spoolfilecon); ++ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_INFO, ++ "check_context: SELinux denied access to the spool file"); ++ return 0; ++ } ++ cupsdLogJob(job, CUPSD_LOG_INFO, ++ "check_context: SELinux allowed access to the spool file"); ++ return 1; ++ } ++ else ++ if (enforcing == 0) ++ cupsdLogJob(job, CUPSD_LOG_INFO, ++ "check_context: allowing operation due to permissive mode"); ++ else ++ cupsdLogJob(job, CUPSD_LOG_INFO, ++ "check_context: SELinux allowed access based on the " ++ "client context"); ++ ++ return 1; ++} ++#endif /* WITH_LSPP */ ++ ++ + /* + * 'check_quotas()' - Check quotas for a printer and user. + */ +@@ -4142,6 +4495,15 @@ copy_banner(cupsd_client_t *con, /* I - + char attrname[255], /* Name of attribute */ + *s; /* Pointer into name */ + ipp_attribute_t *attr; /* Attribute */ ++#ifdef WITH_LSPP ++ const char *mls_label; /* SL of print job */ ++ char *jobrange; /* SELinux sensitivity range */ ++ char *jobclearance; /* SELinux low end clearance */ ++ context_t jobcon; /* SELinux context of the job */ ++ context_t tmpcon; /* Temp context to set the level */ ++ security_context_t spoolcon; /* Context of the file in the spool */ ++#endif /* WITH_LSPP */ ++ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, +@@ -4177,6 +4539,85 @@ copy_banner(cupsd_client_t *con, /* I - + + fchmod(cupsFileNumber(out), 0640); + fchown(cupsFileNumber(out), RunUser, Group); ++#ifdef WITH_LSPP ++ if (job->scon != NULL && ++ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) ++ { ++ if (getfilecon(filename, &spoolcon) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to get the context of the banner file %s - %s", ++ filename, strerror(errno)); ++ job->num_files --; ++ return (0); ++ } ++ tmpcon = context_new(spoolcon); ++ jobcon = context_new(job->scon); ++ freecon(spoolcon); ++ if (!tmpcon || !jobcon) ++ { ++ if (tmpcon) ++ context_free(tmpcon); ++ if (jobcon) ++ context_free(jobcon); ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "copy_banner: Unable to get the SELinux contexts"); ++ job->num_files --; ++ return (0); ++ } ++ jobrange = (char *) context_range_get(jobcon); ++ if (jobrange) ++ { ++ jobrange = strdup(jobrange); ++ if ((jobclearance = strtok(jobrange, "-")) != NULL) ++ { ++ if (context_range_set(tmpcon, jobclearance) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "copy_banner: Unable to set the " ++ "level of the context for file %s - %s", ++ filename, strerror(errno)); ++ free(jobrange); ++ context_free(jobcon); ++ context_free(tmpcon); ++ job->num_files --; ++ return (0); ++ } ++ } ++ else ++ { ++ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "copy_banner: Unable to set the " ++ "level of the context for file %s - %s", ++ filename, strerror(errno)); ++ free(jobrange); ++ context_free(jobcon); ++ context_free(tmpcon); ++ job->num_files --; ++ return (0); ++ } ++ } ++ free(jobrange); ++ } ++ if (setfilecon(filename, context_str(tmpcon)) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "copy_banner: Unable to set the " ++ "context of the banner file %s - %s", ++ filename, strerror(errno)); ++ context_free(jobcon); ++ context_free(tmpcon); ++ job->num_files --; ++ return (0); ++ } ++ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", ++ filename, context_str(tmpcon)); ++ context_free(jobcon); ++ context_free(tmpcon); ++ } ++#endif /* WITH_LSPP */ + + /* + * Try the localized banner file under the subdirectory... +@@ -4271,6 +4712,24 @@ copy_banner(cupsd_client_t *con, /* I - + else + s = attrname; + ++#ifdef WITH_LSPP ++ if (strcmp(s, "mls-label") == 0) ++ { ++ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) ++ { ++ jobcon = context_new(job->scon); ++ if (_cups_strcasecmp(name, MLS_CONFIG) == 0) ++ mls_label = context_range_get(jobcon); ++ else if (_cups_strcasecmp(name, TE_CONFIG) == 0) ++ mls_label = context_type_get(jobcon); ++ else // default to using the whole context string ++ mls_label = context_str(jobcon); ++ cupsFilePuts(out, mls_label); ++ context_free(jobcon); ++ } ++ continue; ++ } ++#endif /* WITH_LSPP */ + if (!strcmp(s, "printer-name")) + { + cupsFilePuts(out, job->dest); +@@ -6459,6 +6918,22 @@ get_job_attrs(cupsd_client_t *con, /* I + + exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); + ++ ++#ifdef WITH_LSPP ++ /* ++ * Check SELinux... ++ */ ++ if (is_lspp_config() && check_context(con, job) != 1) ++ { ++ /* ++ * Unfortunately we have to lie to the user... ++ */ ++ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid); ++ return; ++ } ++#endif /* WITH_LSPP */ ++ ++ + /* + * Copy attributes... + */ +@@ -6856,6 +7331,11 @@ get_jobs(cupsd_client_t *con, /* I - C + if (username[0] && _cups_strcasecmp(username, job->username)) + continue; + ++#ifdef WITH_LSPP ++ if (is_lspp_config() && check_context(con, job) != 1) ++ continue; ++#endif /* WITH_LSPP */ ++ + if (count > 0) + ippAddSeparator(con->response); + +@@ -11487,6 +11967,11 @@ validate_user(cupsd_job_t *job, /* I + + strlcpy(username, get_username(con), userlen); + ++#ifdef WITH_LSPP ++ if (is_lspp_config() && check_context(con, job) != 1) ++ return 0; ++#endif /* WITH_LSPP */ ++ + /* + * Check the username against the owner... + */ +diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c +--- cups-2.2.5/scheduler/job.c.lspp 2017-10-17 19:06:19.607229238 +0200 ++++ cups-2.2.5/scheduler/job.c 2017-10-17 19:06:19.696228498 +0200 +@@ -11,6 +11,9 @@ + * missing or damaged, see the license at "http://www.cups.org/". + */ + ++/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ ++ + /* + * Include necessary headers... + */ +@@ -26,6 +29,14 @@ + # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ + #endif /* __APPLE__ */ + ++#ifdef WITH_LSPP ++#include ++#include ++#include ++#include ++#include ++#include ++#endif /* WITH_LSPP */ + + /* + * Design Notes for Job Management +@@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I + /* PRINTER_STATE_REASONS env var */ + rip_max_cache[255]; + /* RIP_MAX_CACHE env variable */ ++#ifdef WITH_LSPP ++ char *audit_message = NULL; /* Audit message string */ ++ context_t jobcon; /* SELinux context of the job */ ++ char *label_template = NULL; /* SL to put in classification ++ env var */ ++ const char *mls_label = NULL; /* SL to put in classification ++ env var */ ++#endif /* WITH_LSPP */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, +@@ -1083,6 +1102,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I + if (final_content_type[0]) + envp[envc ++] = final_content_type; + ++#ifdef WITH_LSPP ++ if (is_lspp_config()) ++ { ++ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) ++ { ++ if (AuditLog != -1) ++ { ++ audit_message = NULL; ++ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s", ++ job->id, job->auid, job->username, job->printer->name, title); ++ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message, ++ ServerName, NULL, NULL, 1); ++ cupsdClearString(&audit_message); ++ } ++ } ++ else ++ { ++ jobcon = context_new(job->scon); ++ ++ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL) ++ label_template = strdup(Classification); ++ else if (attr->num_values > 1 && ++ strcmp(attr->values[1].string.text, "none") != 0) ++ label_template = strdup(attr->values[1].string.text); ++ else ++ label_template = strdup(attr->values[0].string.text); ++ ++ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0) ++ mls_label = context_range_get(jobcon); ++ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0) ++ mls_label = context_type_get(jobcon); ++ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0) ++ mls_label = context_str(jobcon); ++ else ++ mls_label = label_template; ++ ++ if (mls_label && (PerPageLabels || banner_page)) ++ { ++ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label); ++ envp[envc ++] = classification; ++ } ++ ++ if ((AuditLog != -1) && !banner_page) ++ { ++ audit_message = NULL; ++ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s" ++ " obj=%s label=%s", job->id, job->auid, job->username, ++ job->printer->name, title, job->scon, mls_label?mls_label:"none"); ++ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, ++ ServerName, NULL, NULL, 1); ++ cupsdClearString(&audit_message); ++ } ++ context_free(jobcon); ++ free(label_template); ++ } ++ } ++ else ++ /* ++ * Fall through to the non-LSPP behavior ++ */ ++#endif /* WITH_LSPP */ + if (Classification && !banner_page) + { + if ((attr = ippFindAttribute(job->attrs, "job-sheets", +@@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J + ippSetString(job->attrs, &job->reasons, 0, "none"); + } + ++#ifdef WITH_LSPP ++ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL) ++ cupsdSetString(&job->scon, attr->values[0].string.text); ++ else if (is_lspp_config()) ++ { ++ /* ++ * There was no security context so delete the job ++ */ ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Missing or bad security-context attribute " ++ "in control file \"%s\"!", ++ jobfile); ++ goto error; ++ } ++#endif /* WITH_LSPP */ ++ + job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER); + job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); + job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); +@@ -2321,6 +2417,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J + { + char filename[1024]; /* Job control filename */ + cups_file_t *fp; /* Job file */ ++#ifdef WITH_LSPP ++ security_context_t spoolcon; /* context of the job control file */ ++ context_t jobcon; /* contex_t container for job->scon */ ++ context_t tmpcon; /* Temp context to swap the level */ ++ char *jobclearance; /* SELinux low end clearance */ ++ const char *jobrange; /* SELinux sensitivity range */ ++ char *jobrange_copy; /* SELinux sensitivity range */ ++#endif /* WITH_LSPP */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", +@@ -2343,6 +2447,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J + + fchown(cupsFileNumber(fp), RunUser, Group); + ++#ifdef WITH_LSPP ++ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) ++ { ++ if (getfilecon(filename, &spoolcon) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to get context of job control file \"%s\" - %s.", ++ filename, strerror(errno)); ++ return; ++ } ++ jobcon = context_new(job->scon); ++ tmpcon = context_new(spoolcon); ++ freecon(spoolcon); ++ if (!jobcon || !tmpcon) ++ { ++ if (jobcon) ++ context_free(jobcon); ++ if (tmpcon) ++ context_free(tmpcon); ++ cupsdLogJob(job, CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); ++ return; ++ } ++ jobrange = context_range_get(jobcon); ++ if (jobrange) ++ { ++ jobrange_copy = strdup(jobrange); ++ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL) ++ { ++ if (context_range_set(tmpcon, jobclearance) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to set the range for " ++ "job control file \"%s\" - %s.", ++ filename, strerror(errno)); ++ free(jobrange_copy); ++ context_free(tmpcon); ++ context_free(jobcon); ++ return; ++ } ++ } ++ else ++ { ++ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to set the range for " ++ "job control file \"%s\" - %s.", ++ filename, strerror(errno)); ++ free(jobrange_copy); ++ context_free(tmpcon); ++ context_free(jobcon); ++ return; ++ } ++ } ++ free(jobrange_copy); ++ } ++ if (setfilecon(filename, context_str(tmpcon)) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to set context of job control file \"%s\" - %s.", ++ filename, strerror(errno)); ++ context_free(tmpcon); ++ context_free(jobcon); ++ return; ++ } ++ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "New spool file context=%s", ++ context_str(tmpcon)); ++ context_free(tmpcon); ++ context_free(jobcon); ++ } ++#endif /* WITH_LSPP */ ++ + job->attrs->state = IPP_IDLE; + + if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, +@@ -3989,6 +4165,19 @@ get_options(cupsd_job_t *job, /* I - Jo + banner_page) + continue; + ++#ifdef WITH_LSPP ++ /* ++ * In LSPP mode refuse to honor the page-label ++ */ ++ if (is_lspp_config() && ++ !strcmp(attr->name, "page-label")) ++ { ++ cupsdLogJob(job, CUPSD_LOG_DEBUG, ++ "Ignoring page-label option due to LSPP mode"); ++ continue; ++ } ++#endif /* WITH_LSPP */ ++ + /* + * Otherwise add them to the list... + */ +@@ -4750,6 +4939,18 @@ start_job(cupsd_job_t *job, /* I - + cupsd_printer_t *printer) /* I - Printer to print job */ + { + const char *filename; /* Support filename */ ++#ifdef WITH_LSPP ++ char *audit_message = NULL; /* Audit message string */ ++ char *printerfile = NULL; /* Device file pointed to by the printer */ ++ security_id_t clisid; /* SELinux SID for the client */ ++ security_id_t psid; /* SELinux SID for the printer */ ++ context_t printercon; /* Printer's context string */ ++ struct stat printerstat; /* Printer's stat buffer */ ++ security_context_t devcon; /* Printer's SELinux context */ ++ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ ++ security_class_t tclass; /* Object class for the SELinux check */ ++ access_vector_t avr; /* Access method being requested */ ++#endif /* WITH_LSPP */ + ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs, + "job-cancel-after", + IPP_TAG_INTEGER); +@@ -4926,6 +5127,113 @@ start_job(cupsd_job_t *job, /* I - + fcntl(job->side_pipes[1], F_SETFD, + fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); + ++#ifdef WITH_LSPP ++ if (is_lspp_config()) ++ { ++ /* ++ * Perform an access check before printing, but only if the printer starts with /dev/ ++ */ ++ printerfile = strstr(printer->device_uri, "/dev/"); ++ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) ++ printerfile = printer->device_uri + strlen("file:"); ++ ++ if (printerfile != NULL) ++ { ++ cupsdLogJob(job, CUPSD_LOG_DEBUG, ++ "Attempting to check access on printer device %s", ++ printerfile); ++ if (lstat(printerfile, &printerstat) < 0) ++ { ++ if (errno != ENOENT) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to stat the printer"); ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ return ; ++ } ++ /* ++ * The printer does not exist, so for now assume it's a FileDevice ++ */ ++ tclass = SECCLASS_FILE; ++ avr = FILE__WRITE; ++ } ++ else if (S_ISCHR(printerstat.st_mode)) ++ { ++ tclass = SECCLASS_CHR_FILE; ++ avr = CHR_FILE__WRITE; ++ } ++ else if (S_ISREG(printerstat.st_mode)) ++ { ++ tclass = SECCLASS_FILE; ++ avr = FILE__WRITE; ++ } ++ else ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "StartJob: Printer is not a character device or " ++ "regular file"); ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ return ; ++ } ++ static int avc_initialized = 0; ++ if (!avc_initialized++) ++ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL); ++ avc_entry_ref_init(&avcref); ++ if (avc_context_to_sid(job->scon, &clisid) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to determine the SELinux sid for the job"); ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ return ; ++ } ++ if (getfilecon(printerfile, &devcon) == -1) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to get the SELinux context of %s", ++ printerfile); ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ return ; ++ } ++ printercon = context_new(devcon); ++ cupsdLogJob(job, CUPSD_LOG_DEBUG, ++ "Printer context %s client context %s", ++ context_str(printercon), job->scon); ++ context_free(printercon); ++ ++ if (avc_context_to_sid(devcon, &psid) != 0) ++ { ++ cupsdLogJob(job, CUPSD_LOG_ERROR, ++ "Unable to determine the SELinux sid for the printer"); ++ freecon(devcon); ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ return ; ++ } ++ freecon(devcon); ++ ++ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) ++ { ++ /* ++ * The access check failed, so cancel the job and send an audit message ++ */ ++ if (AuditLog != -1) ++ { ++ audit_message = NULL; ++ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled" ++ " unable to access printer=%s", job->id, ++ job->auid, (job->username)?job->username:"?", job->scon, printer->name); ++ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, ++ ServerName, NULL, NULL, 0); ++ cupsdClearString(&audit_message); ++ } ++ ++ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); ++ ++ return ; ++ } ++ } ++ } ++#endif /* WITH_LSPP */ ++ + /* + * Now start the first file in the job... + */ +diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h +--- cups-2.2.5/scheduler/job.h.lspp 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/job.h 2017-10-17 19:06:19.696228498 +0200 +@@ -11,6 +11,13 @@ + * missing or damaged, see the license at "http://www.cups.org/". + */ + ++/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ ++ ++#ifdef WITH_LSPP ++#include ++#endif /* WITH_LSPP */ ++ + /* + * Constants... + */ +@@ -88,6 +95,10 @@ struct cupsd_job_s /**** Job request * + int progress; /* Printing progress */ + int num_keywords; /* Number of PPD keywords */ + cups_option_t *keywords; /* PPD keywords */ ++#ifdef WITH_LSPP ++ security_context_t scon; /* Security context of job */ ++ uid_t auid; /* Audit loginuid for this job */ ++#endif /* WITH_LSPP */ + }; + + typedef struct cupsd_joblog_s /**** Job log message ****/ +diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c +--- cups-2.2.5/scheduler/main.c.lspp 2017-10-17 19:06:19.637228989 +0200 ++++ cups-2.2.5/scheduler/main.c 2017-10-17 19:08:26.642173026 +0200 +@@ -56,6 +56,9 @@ + # include + #endif /* HAVE_SYS_PARAM_H */ + ++#ifdef WITH_LSPP ++# include ++#endif /* WITH_LSPP */ + + /* + * Local functions... +@@ -122,6 +125,9 @@ main(int argc, /* I - Number of comm + #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) + struct sigaction action; /* Actions for POSIX signals */ + #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ ++#if WITH_LSPP ++ auditfail_t failmode; /* Action for audit_open failure */ ++#endif /* WITH_LSPP */ + #ifdef __APPLE__ + int use_sysman = 1; /* Use system management functions? */ + #else +@@ -516,6 +522,25 @@ main(int argc, /* I - Number of comm + exit(errno); + } + ++#ifdef WITH_LSPP ++ if ((AuditLog = audit_open()) < 0 ) ++ { ++ if (get_auditfail_action(&failmode) == 0) ++ { ++ if (failmode == FAIL_LOG) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem."); ++ AuditLog = -1; ++ } ++ else if (failmode == FAIL_TERMINATE) ++ { ++ fprintf(stderr, "cupsd: unable to start auditing, terminating"); ++ return -1; ++ } ++ } ++ } ++#endif /* WITH_LSPP */ ++ + /* + * Let the system know we are busy while we bring up cupsd... + */ +@@ -1227,6 +1252,11 @@ main(int argc, /* I - Number of comm + + cupsdStopSelect(); + ++#ifdef WITH_LSPP ++ if (AuditLog != -1) ++ audit_close(AuditLog); ++#endif /* WITH_LSPP */ ++ + return (!stop_scheduler); + } + +diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c +--- cups-2.2.5/scheduler/printers.c.lspp 2017-10-17 19:06:19.587229404 +0200 ++++ cups-2.2.5/scheduler/printers.c 2017-10-17 19:06:19.697228490 +0200 +@@ -11,6 +11,8 @@ + * missing or damaged, see the license at "http://www.cups.org/". + */ + ++/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ ++ + /* + * Include necessary headers... + */ +@@ -35,6 +37,10 @@ + # include + #endif /* __APPLE__ */ + ++#ifdef WITH_LSPP ++# include ++# include ++#endif /* WITH_LSPP */ + + /* + * Local functions... +@@ -2212,6 +2218,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + ipp_attribute_t *attr; /* Attribute data */ + char *name, /* Current user/group name */ + *filter; /* Current filter */ ++#ifdef WITH_LSPP ++ char *audit_message; /* Audit message string */ ++ char *printerfile; /* Path to a local printer dev */ ++ char *rangestr; /* Printer's range if its available */ ++ security_context_t devcon; /* Printer SELinux context */ ++ context_t printercon; /* context_t for the printer */ ++#endif /* WITH_LSPP */ + + + DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, +@@ -2339,6 +2352,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + attr->values[1].string.text = _cupsStrAlloc(Classification ? + Classification : p->job_sheets[1]); + } ++#ifdef WITH_LSPP ++ if (AuditLog != -1) ++ { ++ audit_message = NULL; ++ rangestr = NULL; ++ printercon = 0; ++ printerfile = strstr(p->device_uri, "/dev/"); ++ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0)) ++ printerfile = p->device_uri + strlen("file:"); ++ ++ if (printerfile != NULL) ++ { ++ if (getfilecon(printerfile, &devcon) == -1) ++ { ++ if(is_selinux_enabled()) ++ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context"); ++ } ++ else ++ { ++ printercon = context_new(devcon); ++ freecon(devcon); ++ } ++ } ++ ++ if (printercon && context_range_get(printercon)) ++ rangestr = strdup(context_range_get(printercon)); ++ else ++ rangestr = strdup("unknown"); ++ ++ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s", ++ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr); ++ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, ++ ServerName, NULL, NULL, 1); ++ if (printercon) ++ context_free(printercon); ++ free(rangestr); ++ cupsdClearString(&audit_message); ++ } ++#endif /* WITH_LSPP */ + } + + p->raw = 0; diff --git a/SOURCES/cups-memory-consumption.patch b/SOURCES/cups-memory-consumption.patch new file mode 100644 index 0000000..5ccfbba --- /dev/null +++ b/SOURCES/cups-memory-consumption.patch @@ -0,0 +1,1220 @@ +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index 925ab80..e5f89ee 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -508,24 +508,20 @@ _ppdCacheCreateWithFile( + else if (!_cups_strcasecmp(line, "Filter")) + { + if (!pc->filters) +- pc->filters = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->filters = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + cupsArrayAdd(pc->filters, value); + } + else if (!_cups_strcasecmp(line, "PreFilter")) + { + if (!pc->prefilters) +- pc->prefilters = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->prefilters = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + cupsArrayAdd(pc->prefilters, value); + } + else if (!_cups_strcasecmp(line, "Product")) + { +- pc->product = _cupsStrAlloc(value); ++ pc->product = strdup(value); + } + else if (!_cups_strcasecmp(line, "SingleFile")) + { +@@ -625,8 +621,8 @@ _ppdCacheCreateWithFile( + } + + map = pc->bins + pc->num_bins; +- map->pwg = _cupsStrAlloc(pwg_keyword); +- map->ppd = _cupsStrAlloc(ppd_keyword); ++ map->pwg = strdup(pwg_keyword); ++ map->ppd = strdup(ppd_keyword); + + pc->num_bins ++; + } +@@ -680,8 +676,8 @@ _ppdCacheCreateWithFile( + goto create_error; + } + +- size->map.pwg = _cupsStrAlloc(pwg_keyword); +- size->map.ppd = _cupsStrAlloc(ppd_keyword); ++ size->map.pwg = strdup(pwg_keyword); ++ size->map.ppd = strdup(ppd_keyword); + + pc->num_sizes ++; + } +@@ -709,15 +705,15 @@ _ppdCacheCreateWithFile( + + pwgFormatSizeName(pwg_keyword, sizeof(pwg_keyword), "custom", "max", + pc->custom_max_width, pc->custom_max_length, NULL); +- pc->custom_max_keyword = _cupsStrAlloc(pwg_keyword); ++ pc->custom_max_keyword = strdup(pwg_keyword); + + pwgFormatSizeName(pwg_keyword, sizeof(pwg_keyword), "custom", "min", + pc->custom_min_width, pc->custom_min_length, NULL); +- pc->custom_min_keyword = _cupsStrAlloc(pwg_keyword); ++ pc->custom_min_keyword = strdup(pwg_keyword); + } + else if (!_cups_strcasecmp(line, "SourceOption")) + { +- pc->source_option = _cupsStrAlloc(value); ++ pc->source_option = strdup(value); + } + else if (!_cups_strcasecmp(line, "NumSources")) + { +@@ -764,8 +760,8 @@ _ppdCacheCreateWithFile( + } + + map = pc->sources + pc->num_sources; +- map->pwg = _cupsStrAlloc(pwg_keyword); +- map->ppd = _cupsStrAlloc(ppd_keyword); ++ map->pwg = strdup(pwg_keyword); ++ map->ppd = strdup(ppd_keyword); + + pc->num_sources ++; + } +@@ -813,8 +809,8 @@ _ppdCacheCreateWithFile( + } + + map = pc->types + pc->num_types; +- map->pwg = _cupsStrAlloc(pwg_keyword); +- map->ppd = _cupsStrAlloc(ppd_keyword); ++ map->pwg = strdup(pwg_keyword); ++ map->ppd = strdup(ppd_keyword); + + pc->num_types ++; + } +@@ -844,13 +840,13 @@ _ppdCacheCreateWithFile( + pc->presets[print_color_mode] + print_quality); + } + else if (!_cups_strcasecmp(line, "SidesOption")) +- pc->sides_option = _cupsStrAlloc(value); ++ pc->sides_option = strdup(value); + else if (!_cups_strcasecmp(line, "Sides1Sided")) +- pc->sides_1sided = _cupsStrAlloc(value); ++ pc->sides_1sided = strdup(value); + else if (!_cups_strcasecmp(line, "Sides2SidedLong")) +- pc->sides_2sided_long = _cupsStrAlloc(value); ++ pc->sides_2sided_long = strdup(value); + else if (!_cups_strcasecmp(line, "Sides2SidedShort")) +- pc->sides_2sided_short = _cupsStrAlloc(value); ++ pc->sides_2sided_short = strdup(value); + else if (!_cups_strcasecmp(line, "Finishings")) + { + if (!pc->finishings) +@@ -871,13 +867,13 @@ _ppdCacheCreateWithFile( + else if (!_cups_strcasecmp(line, "MaxCopies")) + pc->max_copies = atoi(value); + else if (!_cups_strcasecmp(line, "ChargeInfoURI")) +- pc->charge_info_uri = _cupsStrAlloc(value); ++ pc->charge_info_uri = strdup(value); + else if (!_cups_strcasecmp(line, "JobAccountId")) + pc->account_id = !_cups_strcasecmp(value, "true"); + else if (!_cups_strcasecmp(line, "JobAccountingUserId")) + pc->accounting_user_id = !_cups_strcasecmp(value, "true"); + else if (!_cups_strcasecmp(line, "JobPassword")) +- pc->password = _cupsStrAlloc(value); ++ pc->password = strdup(value); + else if (!_cups_strcasecmp(line, "Mandatory")) + { + if (pc->mandatory) +@@ -888,9 +884,7 @@ _ppdCacheCreateWithFile( + else if (!_cups_strcasecmp(line, "SupportFile")) + { + if (!pc->support_files) +- pc->support_files = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->support_files = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + cupsArrayAdd(pc->support_files, value); + } +@@ -1130,8 +1124,8 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + */ + + new_size = old_size; +- _cupsStrFree(old_size->map.ppd); +- _cupsStrFree(old_size->map.pwg); ++ free(old_size->map.ppd); ++ free(old_size->map.pwg); + } + } + +@@ -1152,8 +1146,8 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + * Save this size... + */ + +- new_size->map.ppd = _cupsStrAlloc(ppd_size->name); +- new_size->map.pwg = _cupsStrAlloc(pwg_name); ++ new_size->map.ppd = strdup(ppd_size->name); ++ new_size->map.pwg = strdup(pwg_name); + new_size->width = new_width; + new_size->length = new_length; + new_size->left = new_left; +@@ -1173,14 +1167,14 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + pwgFormatSizeName(pwg_keyword, sizeof(pwg_keyword), "custom", "max", + PWG_FROM_POINTS(ppd->custom_max[0]), + PWG_FROM_POINTS(ppd->custom_max[1]), NULL); +- pc->custom_max_keyword = _cupsStrAlloc(pwg_keyword); ++ pc->custom_max_keyword = strdup(pwg_keyword); + pc->custom_max_width = PWG_FROM_POINTS(ppd->custom_max[0]); + pc->custom_max_length = PWG_FROM_POINTS(ppd->custom_max[1]); + + pwgFormatSizeName(pwg_keyword, sizeof(pwg_keyword), "custom", "min", + PWG_FROM_POINTS(ppd->custom_min[0]), + PWG_FROM_POINTS(ppd->custom_min[1]), NULL); +- pc->custom_min_keyword = _cupsStrAlloc(pwg_keyword); ++ pc->custom_min_keyword = strdup(pwg_keyword); + pc->custom_min_width = PWG_FROM_POINTS(ppd->custom_min[0]); + pc->custom_min_length = PWG_FROM_POINTS(ppd->custom_min[1]); + +@@ -1199,7 +1193,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + + if (input_slot) + { +- pc->source_option = _cupsStrAlloc(input_slot->keyword); ++ pc->source_option = strdup(input_slot->keyword); + + if ((pc->sources = calloc((size_t)input_slot->num_choices, sizeof(pwg_map_t))) == NULL) + { +@@ -1251,8 +1245,8 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + "_"); + } + +- map->pwg = _cupsStrAlloc(pwg_name); +- map->ppd = _cupsStrAlloc(choice->choice); ++ map->pwg = strdup(pwg_name); ++ map->ppd = strdup(choice->choice); + } + } + +@@ -1315,8 +1309,8 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + "_"); + } + +- map->pwg = _cupsStrAlloc(pwg_name); +- map->ppd = _cupsStrAlloc(choice->choice); ++ map->pwg = strdup(pwg_name); ++ map->ppd = strdup(choice->choice); + } + } + +@@ -1342,8 +1336,8 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + { + pwg_unppdize_name(choice->choice, pwg_keyword, sizeof(pwg_keyword), "_"); + +- map->pwg = _cupsStrAlloc(pwg_keyword); +- map->ppd = _cupsStrAlloc(choice->choice); ++ map->pwg = strdup(pwg_keyword); ++ map->ppd = strdup(choice->choice); + } + } + +@@ -1558,7 +1552,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + + if (duplex) + { +- pc->sides_option = _cupsStrAlloc(duplex->keyword); ++ pc->sides_option = strdup(duplex->keyword); + + for (i = duplex->num_choices, choice = duplex->choices; + i > 0; +@@ -1566,16 +1560,16 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + { + if ((!_cups_strcasecmp(choice->choice, "None") || + !_cups_strcasecmp(choice->choice, "False")) && !pc->sides_1sided) +- pc->sides_1sided = _cupsStrAlloc(choice->choice); ++ pc->sides_1sided = strdup(choice->choice); + else if ((!_cups_strcasecmp(choice->choice, "DuplexNoTumble") || + !_cups_strcasecmp(choice->choice, "LongEdge") || + !_cups_strcasecmp(choice->choice, "Top")) && !pc->sides_2sided_long) +- pc->sides_2sided_long = _cupsStrAlloc(choice->choice); ++ pc->sides_2sided_long = strdup(choice->choice); + else if ((!_cups_strcasecmp(choice->choice, "DuplexTumble") || + !_cups_strcasecmp(choice->choice, "ShortEdge") || + !_cups_strcasecmp(choice->choice, "Bottom")) && + !pc->sides_2sided_short) +- pc->sides_2sided_short = _cupsStrAlloc(choice->choice); ++ pc->sides_2sided_short = strdup(choice->choice); + } + } + +@@ -1583,9 +1577,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + * Copy filters and pre-filters... + */ + +- pc->filters = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->filters = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + cupsArrayAdd(pc->filters, + "application/vnd.cups-raw application/octet-stream 0 -"); +@@ -1642,9 +1634,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + + if ((ppd_attr = ppdFindAttr(ppd, "cupsPreFilter", NULL)) != NULL) + { +- pc->prefilters = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->prefilters = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + do + { +@@ -1661,7 +1651,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + */ + + if (ppd->product) +- pc->product = _cupsStrAlloc(ppd->product); ++ pc->product = strdup(ppd->product); + + /* + * Copy finishings mapping data... +@@ -1818,7 +1808,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + */ + + if ((ppd_attr = ppdFindAttr(ppd, "cupsChargeInfoURI", NULL)) != NULL) +- pc->charge_info_uri = _cupsStrAlloc(ppd_attr->value); ++ pc->charge_info_uri = strdup(ppd_attr->value); + + if ((ppd_attr = ppdFindAttr(ppd, "cupsJobAccountId", NULL)) != NULL) + pc->account_id = !_cups_strcasecmp(ppd_attr->value, "true"); +@@ -1827,7 +1817,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + pc->accounting_user_id = !_cups_strcasecmp(ppd_attr->value, "true"); + + if ((ppd_attr = ppdFindAttr(ppd, "cupsJobPassword", NULL)) != NULL) +- pc->password = _cupsStrAlloc(ppd_attr->value); ++ pc->password = strdup(ppd_attr->value); + + if ((ppd_attr = ppdFindAttr(ppd, "cupsMandatory", NULL)) != NULL) + pc->mandatory = _cupsArrayNewStrings(ppd_attr->value, ' '); +@@ -1836,9 +1826,7 @@ _ppdCacheCreateWithPPD(ppd_file_t *ppd) /* I - PPD file */ + * Support files... + */ + +- pc->support_files = cupsArrayNew3(NULL, NULL, NULL, 0, +- (cups_acopy_func_t)_cupsStrAlloc, +- (cups_afree_func_t)_cupsStrFree); ++ pc->support_files = cupsArrayNew3(NULL, NULL, NULL, 0, (cups_acopy_func_t)strdup, (cups_afree_func_t)free); + + for (ppd_attr = ppdFindAttr(ppd, "cupsICCProfile", NULL); + ppd_attr; +@@ -1894,8 +1882,8 @@ _ppdCacheDestroy(_ppd_cache_t *pc) /* I - PPD cache and mapping data */ + { + for (i = pc->num_bins, map = pc->bins; i > 0; i --, map ++) + { +- _cupsStrFree(map->pwg); +- _cupsStrFree(map->ppd); ++ free(map->pwg); ++ free(map->ppd); + } + + free(pc->bins); +@@ -1905,15 +1893,14 @@ _ppdCacheDestroy(_ppd_cache_t *pc) /* I - PPD cache and mapping data */ + { + for (i = pc->num_sizes, size = pc->sizes; i > 0; i --, size ++) + { +- _cupsStrFree(size->map.pwg); +- _cupsStrFree(size->map.ppd); ++ free(size->map.pwg); ++ free(size->map.ppd); + } + + free(pc->sizes); + } + +- if (pc->source_option) +- _cupsStrFree(pc->source_option); ++ free(pc->source_option); + + if (pc->sources) + { +@@ -1930,26 +1917,23 @@ _ppdCacheDestroy(_ppd_cache_t *pc) /* I - PPD cache and mapping data */ + { + for (i = pc->num_types, map = pc->types; i > 0; i --, map ++) + { +- _cupsStrFree(map->pwg); +- _cupsStrFree(map->ppd); ++ free(map->pwg); ++ free(map->ppd); + } + + free(pc->types); + } + +- if (pc->custom_max_keyword) +- _cupsStrFree(pc->custom_max_keyword); +- +- if (pc->custom_min_keyword) +- _cupsStrFree(pc->custom_min_keyword); ++ free(pc->custom_max_keyword); ++ free(pc->custom_min_keyword); + +- _cupsStrFree(pc->product); ++ free(pc->product); + cupsArrayDelete(pc->filters); + cupsArrayDelete(pc->prefilters); + cupsArrayDelete(pc->finishings); + +- _cupsStrFree(pc->charge_info_uri); +- _cupsStrFree(pc->password); ++ free(pc->charge_info_uri); ++ free(pc->password); + + cupsArrayDelete(pc->mandatory); + +diff --git a/cups/ppd-mark.c b/cups/ppd-mark.c +index 464c09a..cb67468 100644 +--- a/cups/ppd-mark.c ++++ b/cups/ppd-mark.c +@@ -890,9 +890,9 @@ ppd_mark_option(ppd_file_t *ppd, /* I - PPD file */ + case PPD_CUSTOM_PASSWORD : + case PPD_CUSTOM_STRING : + if (cparam->current.custom_string) +- _cupsStrFree(cparam->current.custom_string); ++ free(cparam->current.custom_string); + +- cparam->current.custom_string = _cupsStrAlloc(choice + 7); ++ cparam->current.custom_string = strdup(choice + 7); + break; + } + } +@@ -967,9 +967,9 @@ ppd_mark_option(ppd_file_t *ppd, /* I - PPD file */ + case PPD_CUSTOM_PASSWORD : + case PPD_CUSTOM_STRING : + if (cparam->current.custom_string) +- _cupsStrFree(cparam->current.custom_string); ++ free(cparam->current.custom_string); + +- cparam->current.custom_string = _cupsStrRetain(val->value); ++ cparam->current.custom_string = strdup(val->value); + break; + } + } +diff --git a/cups/ppd.c b/cups/ppd.c +index 8276988..6782a85 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -34,8 +34,6 @@ + * Definitions... + */ + +-#define ppd_free(p) if (p) free(p) /* Safe free macro */ +- + #define PPD_KEYWORD 1 /* Line contained a keyword */ + #define PPD_OPTION 2 /* Line contained an option name */ + #define PPD_TEXT 4 /* Line contained human-readable text */ +@@ -117,7 +115,6 @@ void + ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + { + int i; /* Looping var */ +- ppd_emul_t *emul; /* Current emulation */ + ppd_group_t *group; /* Current group */ + char **font; /* Current font */ + ppd_attr_t **attr; /* Current attribute */ +@@ -136,28 +133,12 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + * Free all strings at the top level... + */ + +- _cupsStrFree(ppd->lang_encoding); +- _cupsStrFree(ppd->nickname); +- if (ppd->patches) +- free(ppd->patches); +- _cupsStrFree(ppd->jcl_begin); +- _cupsStrFree(ppd->jcl_end); +- _cupsStrFree(ppd->jcl_ps); +- +- /* +- * Free any emulations... +- */ +- +- if (ppd->num_emulations > 0) +- { +- for (i = ppd->num_emulations, emul = ppd->emulations; i > 0; i --, emul ++) +- { +- _cupsStrFree(emul->start); +- _cupsStrFree(emul->stop); +- } +- +- ppd_free(ppd->emulations); +- } ++ free(ppd->lang_encoding); ++ free(ppd->nickname); ++ free(ppd->patches); ++ free(ppd->jcl_begin); ++ free(ppd->jcl_end); ++ free(ppd->jcl_ps); + + /* + * Free any UI groups, subgroups, and options... +@@ -168,7 +149,7 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + for (i = ppd->num_groups, group = ppd->groups; i > 0; i --, group ++) + ppd_free_group(group); + +- ppd_free(ppd->groups); ++ free(ppd->groups); + } + + cupsArrayDelete(ppd->options); +@@ -179,14 +160,14 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + */ + + if (ppd->num_sizes > 0) +- ppd_free(ppd->sizes); ++ free(ppd->sizes); + + /* + * Free any constraints... + */ + + if (ppd->num_consts > 0) +- ppd_free(ppd->consts); ++ free(ppd->consts); + + /* + * Free any filters... +@@ -201,9 +182,9 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + if (ppd->num_fonts > 0) + { + for (i = ppd->num_fonts, font = ppd->fonts; i > 0; i --, font ++) +- _cupsStrFree(*font); ++ free(*font); + +- ppd_free(ppd->fonts); ++ free(ppd->fonts); + } + + /* +@@ -211,7 +192,7 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + */ + + if (ppd->num_profiles > 0) +- ppd_free(ppd->profiles); ++ free(ppd->profiles); + + /* + * Free any attributes... +@@ -221,11 +202,11 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + { + for (i = ppd->num_attrs, attr = ppd->attrs; i > 0; i --, attr ++) + { +- _cupsStrFree((*attr)->value); +- ppd_free(*attr); ++ free((*attr)->value); ++ free(*attr); + } + +- ppd_free(ppd->attrs); ++ free(ppd->attrs); + } + + cupsArrayDelete(ppd->sorted_attrs); +@@ -247,7 +228,7 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + case PPD_CUSTOM_PASSCODE : + case PPD_CUSTOM_PASSWORD : + case PPD_CUSTOM_STRING : +- _cupsStrFree(cparam->current.custom_string); ++ free(cparam->current.custom_string); + break; + + default : +@@ -295,7 +276,7 @@ ppdClose(ppd_file_t *ppd) /* I - PPD file record */ + * Free the whole record... + */ + +- ppd_free(ppd); ++ free(ppd); + } + + +@@ -441,7 +422,6 @@ _ppdOpen( + _ppd_localization_t localization) /* I - Localization to load */ + { + int i, j, k; /* Looping vars */ +- int count; /* Temporary count */ + _ppd_line_t line; /* Line buffer */ + ppd_file_t *ppd; /* PPD file record */ + ppd_group_t *group, /* Current group */ +@@ -459,7 +439,6 @@ _ppdOpen( + /* Human-readable text from file */ + *string, /* Code/text from file */ + *sptr, /* Pointer into string */ +- *nameptr, /* Pointer into name */ + *temp, /* Temporary string pointer */ + **tempfonts; /* Temporary fonts pointer */ + float order; /* Order dependency number */ +@@ -633,16 +612,14 @@ _ppdOpen( + if (pg->ppd_status == PPD_OK) + pg->ppd_status = PPD_MISSING_PPDADOBE4; + +- _cupsStrFree(string); +- ppd_free(line.buffer); ++ free(string); ++ free(line.buffer); + + return (NULL); + } + + DEBUG_printf(("2_ppdOpen: keyword=%s, string=%p", keyword, string)); + +- _cupsStrFree(string); +- + /* + * Allocate memory for the PPD file record... + */ +@@ -651,12 +628,15 @@ _ppdOpen( + { + pg->ppd_status = PPD_ALLOC_ERROR; + +- _cupsStrFree(string); +- ppd_free(line.buffer); ++ free(string); ++ free(line.buffer); + + return (NULL); + } + ++ free(string); ++ string = NULL; ++ + ppd->language_level = 2; + ppd->color_device = 0; + ppd->colorspace = PPD_CS_N; +@@ -735,6 +715,8 @@ _ppdOpen( + strncmp(ll, keyword, ll_len))) + { + DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); ++ free(string); ++ string = NULL; + continue; + } + else if (localization == _PPD_LOCALIZATION_ICC_PROFILES) +@@ -754,6 +736,8 @@ _ppdOpen( + if (i >= (int)(sizeof(color_keywords) / sizeof(color_keywords[0]))) + { + DEBUG_printf(("2_ppdOpen: Ignoring localization: \"%s\"\n", keyword)); ++ free(string); ++ string = NULL; + continue; + } + } +@@ -849,7 +833,7 @@ _ppdOpen( + * Say all PPD files are UTF-8, since we convert to UTF-8... + */ + +- ppd->lang_encoding = _cupsStrAlloc("UTF-8"); ++ ppd->lang_encoding = strdup("UTF-8"); + encoding = _ppdGetEncoding(string); + } + else if (!strcmp(keyword, "LanguageVersion")) +@@ -870,10 +854,10 @@ _ppdOpen( + + + cupsCharsetToUTF8(utf8, string, sizeof(utf8), encoding); +- ppd->nickname = _cupsStrAlloc((char *)utf8); ++ ppd->nickname = strdup((char *)utf8); + } + else +- ppd->nickname = _cupsStrAlloc(string); ++ ppd->nickname = strdup(string); + } + else if (!strcmp(keyword, "Product")) + ppd->product = string; +@@ -883,17 +867,17 @@ _ppdOpen( + ppd->ttrasterizer = string; + else if (!strcmp(keyword, "JCLBegin")) + { +- ppd->jcl_begin = _cupsStrAlloc(string); ++ ppd->jcl_begin = strdup(string); + ppd_decode(ppd->jcl_begin); /* Decode quoted string */ + } + else if (!strcmp(keyword, "JCLEnd")) + { +- ppd->jcl_end = _cupsStrAlloc(string); ++ ppd->jcl_end = strdup(string); + ppd_decode(ppd->jcl_end); /* Decode quoted string */ + } + else if (!strcmp(keyword, "JCLToPSInterpreter")) + { +- ppd->jcl_ps = _cupsStrAlloc(string); ++ ppd->jcl_ps = strdup(string); + ppd_decode(ppd->jcl_ps); /* Decode quoted string */ + } + else if (!strcmp(keyword, "AccurateScreensSupport")) +@@ -961,10 +945,10 @@ _ppdOpen( + ppd->num_filters ++; + + /* +- * Retain a copy of the filter string... ++ * Make a copy of the filter string... + */ + +- *filter = _cupsStrRetain(string); ++ *filter = strdup(string); + } + else if (!strcmp(keyword, "Throughput")) + ppd->throughput = atoi(string); +@@ -987,7 +971,7 @@ _ppdOpen( + } + + ppd->fonts = tempfonts; +- ppd->fonts[ppd->num_fonts] = _cupsStrAlloc(name); ++ ppd->fonts[ppd->num_fonts] = strdup(name); + ppd->num_fonts ++; + } + else if (!strncmp(keyword, "ParamCustom", 11)) +@@ -1152,7 +1136,7 @@ _ppdOpen( + strlcpy(choice->text, text[0] ? text : _("Custom"), + sizeof(choice->text)); + +- choice->code = _cupsStrAlloc(string); ++ choice->code = strdup(string); + + if (custom_option->section == PPD_ORDER_JCL) + ppd_decode(choice->code); +@@ -1201,59 +1185,23 @@ _ppdOpen( + else if (!strcmp(string, "Plus90")) + ppd->landscape = 90; + } +- else if (!strcmp(keyword, "Emulators") && string) +- { +- for (count = 1, sptr = string; sptr != NULL;) +- if ((sptr = strchr(sptr, ' ')) != NULL) +- { +- count ++; +- while (*sptr == ' ') +- sptr ++; +- } +- +- ppd->num_emulations = count; +- if ((ppd->emulations = calloc((size_t)count, sizeof(ppd_emul_t))) == NULL) +- { +- pg->ppd_status = PPD_ALLOC_ERROR; +- +- goto error; +- } +- +- for (i = 0, sptr = string; i < count; i ++) +- { +- for (nameptr = ppd->emulations[i].name; +- *sptr != '\0' && *sptr != ' '; +- sptr ++) +- if (nameptr < (ppd->emulations[i].name + sizeof(ppd->emulations[i].name) - 1)) +- *nameptr++ = *sptr; +- +- *nameptr = '\0'; +- +- while (*sptr == ' ') +- sptr ++; +- } +- } +- else if (!strncmp(keyword, "StartEmulator_", 14)) ++ else if (!strcmp(keyword, "Emulators") && string && ppd->num_emulations == 0) + { +- ppd_decode(string); ++ /* ++ * Issue #5562: Samsung printer drivers incorrectly use Emulators keyword ++ * to configure themselves ++ * ++ * The Emulators keyword was loaded but never used by anything in CUPS, ++ * and has no valid purpose in CUPS. The old code was removed due to a ++ * memory leak (Issue #5475), so the following (new) code supports a single ++ * name for the Emulators keyword, allowing these drivers to work until we ++ * remove PPD and driver support entirely in a future version of CUPS. ++ */ + +- for (i = 0; i < ppd->num_emulations; i ++) +- if (!strcmp(keyword + 14, ppd->emulations[i].name)) +- { +- ppd->emulations[i].start = string; +- string = NULL; +- } +- } +- else if (!strncmp(keyword, "StopEmulator_", 13)) +- { +- ppd_decode(string); ++ ppd->num_emulations = 1; ++ ppd->emulations = calloc(1, sizeof(ppd_emul_t)); + +- for (i = 0; i < ppd->num_emulations; i ++) +- if (!strcmp(keyword + 13, ppd->emulations[i].name)) +- { +- ppd->emulations[i].stop = string; +- string = NULL; +- } ++ strlcpy(ppd->emulations[0].name, string, sizeof(ppd->emulations[0].name)); + } + else if (!strcmp(keyword, "JobPatchFile")) + { +@@ -1408,7 +1356,7 @@ _ppdOpen( + + option->section = PPD_ORDER_ANY; + +- _cupsStrFree(string); ++ free(string); + string = NULL; + + /* +@@ -1436,7 +1384,7 @@ _ppdOpen( + strlcpy(choice->text, + custom_attr->text[0] ? custom_attr->text : _("Custom"), + sizeof(choice->text)); +- choice->code = _cupsStrRetain(custom_attr->value); ++ choice->code = strdup(custom_attr->value); + } + } + else if (!strcmp(keyword, "JCLOpenUI")) +@@ -1515,7 +1463,7 @@ _ppdOpen( + option->section = PPD_ORDER_JCL; + group = NULL; + +- _cupsStrFree(string); ++ free(string); + string = NULL; + + /* +@@ -1539,14 +1487,14 @@ _ppdOpen( + strlcpy(choice->text, + custom_attr->text[0] ? custom_attr->text : _("Custom"), + sizeof(choice->text)); +- choice->code = _cupsStrRetain(custom_attr->value); ++ choice->code = strdup(custom_attr->value); + } + } + else if (!strcmp(keyword, "CloseUI") || !strcmp(keyword, "JCLCloseUI")) + { + option = NULL; + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strcmp(keyword, "OpenGroup")) +@@ -1593,14 +1541,14 @@ _ppdOpen( + if (group == NULL) + goto error; + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strcmp(keyword, "CloseGroup")) + { + group = NULL; + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strcmp(keyword, "OrderDependency")) +@@ -1658,7 +1606,7 @@ _ppdOpen( + option->order = order; + } + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strncmp(keyword, "Default", 7)) +@@ -1901,7 +1849,7 @@ _ppdOpen( + * Don't add this one as an attribute... + */ + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strcmp(keyword, "PaperDimension")) +@@ -1923,7 +1871,7 @@ _ppdOpen( + size->width = (float)_cupsStrScand(string, &sptr, loc); + size->length = (float)_cupsStrScand(sptr, NULL, loc); + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (!strcmp(keyword, "ImageableArea")) +@@ -1947,7 +1895,7 @@ _ppdOpen( + size->right = (float)_cupsStrScand(sptr, &sptr, loc); + size->top = (float)_cupsStrScand(sptr, NULL, loc); + +- _cupsStrFree(string); ++ free(string); + string = NULL; + } + else if (option != NULL && +@@ -2003,7 +1951,7 @@ _ppdOpen( + (mask & (PPD_KEYWORD | PPD_STRING)) == (PPD_KEYWORD | PPD_STRING)) + ppd_add_attr(ppd, keyword, name, text, string); + else +- _cupsStrFree(string); ++ free(string); + } + + /* +@@ -2016,7 +1964,8 @@ _ppdOpen( + goto error; + } + +- ppd_free(line.buffer); ++ free(string); ++ free(line.buffer); + + /* + * Reset language preferences... +@@ -2098,8 +2047,8 @@ _ppdOpen( + + error: + +- _cupsStrFree(string); +- ppd_free(line.buffer); ++ free(string); ++ free(line.buffer); + + ppdClose(ppd); + +@@ -2537,9 +2486,9 @@ ppd_free_filters(ppd_file_t *ppd) /* I - PPD file */ + if (ppd->num_filters > 0) + { + for (i = ppd->num_filters, filter = ppd->filters; i > 0; i --, filter ++) +- _cupsStrFree(*filter); ++ free(*filter); + +- ppd_free(ppd->filters); ++ free(ppd->filters); + + ppd->num_filters = 0; + ppd->filters = NULL; +@@ -2566,7 +2515,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ + i --, option ++) + ppd_free_option(option); + +- ppd_free(group->options); ++ free(group->options); + } + + if (group->num_subgroups > 0) +@@ -2576,7 +2525,7 @@ ppd_free_group(ppd_group_t *group) /* I - Group to free */ + i --, subgroup ++) + ppd_free_group(subgroup); + +- ppd_free(group->subgroups); ++ free(group->subgroups); + } + } + +@@ -2598,10 +2547,10 @@ ppd_free_option(ppd_option_t *option) /* I - Option to free */ + i > 0; + i --, choice ++) + { +- _cupsStrFree(choice->code); ++ free(choice->code); + } + +- ppd_free(option->choices); ++ free(option->choices); + } + } + +@@ -3338,7 +3287,7 @@ ppd_read(cups_file_t *fp, /* I - File to read from */ + lineptr ++; + } + +- *string = _cupsStrAlloc(lineptr); ++ *string = strdup(lineptr); + + mask |= PPD_STRING; + } +@@ -3460,7 +3409,7 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */ + filter += ppd->num_filters; + ppd->num_filters ++; + +- *filter = _cupsStrAlloc(buffer); ++ *filter = strdup(buffer); + } + while ((attr = ppdFindNextAttr(ppd, "cupsFilter2", NULL)) != NULL); + +diff --git a/cups/ppd.h b/cups/ppd.h +index fb33c08..1c852c7 100644 +--- a/cups/ppd.h ++++ b/cups/ppd.h +@@ -302,8 +302,8 @@ typedef struct ppd_file_s /**** PPD File ****/ + int throughput; /* Pages per minute */ + ppd_cs_t colorspace; /* Default colorspace */ + char *patches; /* Patch commands to be sent to printer */ +- int num_emulations; /* Number of emulations supported */ +- ppd_emul_t *emulations; /* Emulations and the code to invoke them */ ++ int num_emulations; /* Number of emulations supported (no longer supported) @private@ */ ++ ppd_emul_t *emulations; /* Emulations and the code to invoke them (no longer supported) @private@ */ + char *jcl_begin; /* Start JCL commands */ + char *jcl_ps; /* Enter PostScript interpreter */ + char *jcl_end; /* End JCL commands */ +diff --git a/cups/string.c b/cups/string.c +index 0d4ed0f..8f37caf 100644 +--- a/cups/string.c ++++ b/cups/string.c +@@ -316,6 +316,13 @@ _cupsStrFree(const char *s) /* I - String to free */ + + key = (_cups_sp_item_t *)(s - offsetof(_cups_sp_item_t, str)); + ++ if ((item = (_cups_sp_item_t *)cupsArrayFind(stringpool, key)) != NULL && ++ item == key) ++ { ++ /* ++ * Found it, dereference... ++ */ ++ + #ifdef DEBUG_GUARDS + if (key->guard != _CUPS_STR_GUARD) + { +@@ -325,13 +332,6 @@ _cupsStrFree(const char *s) /* I - String to free */ + } + #endif /* DEBUG_GUARDS */ + +- if ((item = (_cups_sp_item_t *)cupsArrayFind(stringpool, key)) != NULL && +- item == key) +- { +- /* +- * Found it, dereference... +- */ +- + item->ref_count --; + + if (!item->ref_count) +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 298b684..e0dbc4a 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -2918,8 +2918,7 @@ add_printer(cupsd_client_t *con, /* I - Client connection */ + if (!strcmp(attr->values[i].string.text, "none")) + continue; + +- printer->reasons[printer->num_reasons] = +- _cupsStrRetain(attr->values[i].string.text); ++ printer->reasons[printer->num_reasons] = _cupsStrAlloc(attr->values[i].string.text); + printer->num_reasons ++; + + if (!strcmp(attr->values[i].string.text, "paused") && +@@ -5437,8 +5436,7 @@ copy_printer_attrs( + + if ((p2_uri = ippFindAttribute(p2->attrs, "printer-uri-supported", + IPP_TAG_URI)) != NULL) +- member_uris->values[i].string.text = +- _cupsStrRetain(p2_uri->values[0].string.text); ++ member_uris->values[i].string.text = _cupsStrAlloc(p2_uri->values[0].string.text); + else + { + httpAssembleURIf(HTTP_URI_CODING_ALL, printer_uri, +diff --git a/scheduler/printers.c b/scheduler/printers.c +index 3ec16cf..f16552e 100644 +--- a/scheduler/printers.c ++++ b/scheduler/printers.c +@@ -54,8 +54,7 @@ static int compare_printers(void *first, void *second, void *data); + static void delete_printer_filters(cupsd_printer_t *p); + static void dirty_printer(cupsd_printer_t *p); + static void load_ppd(cupsd_printer_t *p); +-static ipp_t *new_media_col(pwg_size_t *size, const char *source, +- const char *type); ++static ipp_t *new_media_col(pwg_size_t *size); + static void write_xml_string(cups_file_t *fp, const char *s); + + +@@ -3873,21 +3872,19 @@ dirty_printer(cupsd_printer_t *p) /* I - Printer */ + static void + load_ppd(cupsd_printer_t *p) /* I - Printer */ + { +- int i, j, k; /* Looping vars */ ++ int i, j; /* Looping vars */ + char cache_name[1024]; /* Cache filename */ + struct stat cache_info; /* Cache file info */ + ppd_file_t *ppd; /* PPD file */ + char ppd_name[1024]; /* PPD filename */ + struct stat ppd_info; /* PPD file info */ +- int num_media; /* Number of media options */ ++ int num_media; /* Number of media values */ + ppd_size_t *size; /* Current PPD size */ + ppd_option_t *duplex, /* Duplex option */ + *output_bin, /* OutputBin option */ + *output_mode, /* OutputMode option */ + *resolution; /* (Set|JCL|)Resolution option */ +- ppd_choice_t *choice, /* Current PPD choice */ +- *input_slot, /* Current input slot */ +- *media_type; /* Current media type */ ++ ppd_choice_t *choice; /* Current PPD choice */ + ppd_attr_t *ppd_attr; /* PPD attribute */ + int xdpi, /* Horizontal resolution */ + ydpi; /* Vertical resolution */ +@@ -4147,18 +4144,7 @@ load_ppd(cupsd_printer_t *p) /* I - Printer */ + { + ipp_t *col; /* Collection value */ + +- input_slot = ppdFindMarkedChoice(ppd, "InputSlot"); +- media_type = ppdFindMarkedChoice(ppd, "MediaType"); +- col = new_media_col(pwgsize, +- input_slot ? +- _ppdCacheGetSource(p->pc, +- input_slot->choice) : +- NULL, +- media_type ? +- _ppdCacheGetType(p->pc, +- media_type->choice) : +- NULL); +- ++ col = new_media_col(pwgsize); + ippAddCollection(p->ppd_attrs, IPP_TAG_PRINTER, "media-col-default", + col); + ippDelete(col); +@@ -4354,89 +4340,19 @@ load_ppd(cupsd_printer_t *p) /* I - Printer */ + * media-col-database + */ + +- num_media = p->pc->num_sizes; +- if (p->pc->num_sources) ++ if ((attr = ippAddCollections(p->ppd_attrs, IPP_TAG_PRINTER, "media-col-database", p->pc->num_sizes, NULL)) != NULL) + { +- if (p->pc->num_types > 0) +- num_media += p->pc->num_sizes * p->pc->num_sources * +- p->pc->num_types; +- else +- num_media += p->pc->num_sizes * p->pc->num_sources; +- } +- else if (p->pc->num_types) +- num_media += p->pc->num_sizes * p->pc->num_types; ++ /* ++ * Add each page size without source or type... ++ */ + +- if ((attr = ippAddCollections(p->ppd_attrs, IPP_TAG_PRINTER, +- "media-col-database", num_media, +- NULL)) != NULL) +- { +- for (i = p->pc->num_sizes, pwgsize = p->pc->sizes, val = attr->values; +- i > 0; +- i --, pwgsize ++) ++ for (i = 0, pwgsize = p->pc->sizes; i < p->pc->num_sizes; i ++, pwgsize ++) + { +- /* +- * Start by adding the page size without source or type... +- */ ++ ipp_t *col = new_media_col(pwgsize); + +- ppdMarkOption(ppd, "PageSize", pwgsize->map.ppd); +- +- val->collection = new_media_col(pwgsize, NULL, NULL); +- val ++; +- +- /* +- * Then add the specific, supported combinations of size, source, and +- * type... +- */ +- +- if (p->pc->num_sources > 0) +- { +- for (j = p->pc->num_sources, pwgsource = p->pc->sources; +- j > 0; +- j --, pwgsource ++) +- { +- ppdMarkOption(ppd, "InputSlot", pwgsource->ppd); +- +- if (p->pc->num_types > 0) +- { +- for (k = p->pc->num_types, pwgtype = p->pc->types; +- k > 0; +- k --, pwgtype ++) +- { +- if (!ppdMarkOption(ppd, "MediaType", pwgtype->ppd)) +- { +- val->collection = new_media_col(pwgsize, pwgsource->pwg, +- pwgtype->pwg); +- val ++; +- } +- } +- } +- else if (!ppdConflicts(ppd)) +- { +- val->collection = new_media_col(pwgsize, pwgsource->pwg, NULL); +- val ++; +- } +- } +- } +- else if (p->pc->num_types > 0) +- { +- for (j = p->pc->num_types, pwgtype = p->pc->types; +- j > 0; +- j --, pwgtype ++) +- { +- if (!ppdMarkOption(ppd, "MediaType", pwgtype->ppd)) +- { +- val->collection = new_media_col(pwgsize, NULL, pwgtype->pwg); +- val ++; +- } +- } +- } ++ ippSetCollection(p->ppd_attrs, &attr, i, col); ++ ippDelete(col); + } +- +- /* +- * Update the number of media-col-database values... +- */ +- +- attr->num_values = val - attr->values; + } + } + +@@ -5134,9 +5050,7 @@ load_ppd(cupsd_printer_t *p) /* I - Printer */ + */ + + static ipp_t * /* O - Collection value */ +-new_media_col(pwg_size_t *size, /* I - media-size/margin values */ +- const char *source, /* I - media-source value */ +- const char *type) /* I - media-type value */ ++new_media_col(pwg_size_t *size) /* I - media-size/margin values */ + { + ipp_t *media_col, /* Collection value */ + *media_size; /* media-size value */ +@@ -5145,29 +5059,15 @@ new_media_col(pwg_size_t *size, /* I - media-size/margin values */ + media_col = ippNew(); + + media_size = ippNew(); +- ippAddInteger(media_size, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "x-dimension", size->width); +- ippAddInteger(media_size, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "y-dimension", size->length); ++ ippAddInteger(media_size, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "x-dimension", size->width); ++ ippAddInteger(media_size, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "y-dimension", size->length); + ippAddCollection(media_col, IPP_TAG_PRINTER, "media-size", media_size); + ippDelete(media_size); + +- ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "media-bottom-margin", size->bottom); +- ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "media-left-margin", size->left); +- ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "media-right-margin", size->right); +- ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, +- "media-top-margin", size->top); +- +- if (source) +- ippAddString(media_col, IPP_TAG_PRINTER, IPP_TAG_KEYWORD, "media-source", +- NULL, source); +- +- if (type) +- ippAddString(media_col, IPP_TAG_PRINTER, IPP_TAG_KEYWORD, "media-type", +- NULL, type); ++ ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "media-bottom-margin", size->bottom); ++ ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "media-left-margin", size->left); ++ ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "media-right-margin", size->right); ++ ippAddInteger(media_col, IPP_TAG_PRINTER, IPP_TAG_INTEGER, "media-top-margin", size->top); + + return (media_col); + } diff --git a/SOURCES/cups-multilib.patch b/SOURCES/cups-multilib.patch new file mode 100644 index 0000000..3c6bc39 --- /dev/null +++ b/SOURCES/cups-multilib.patch @@ -0,0 +1,16 @@ +diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in +--- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200 ++++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200 +@@ -22,8 +22,10 @@ prefix=@prefix@ + exec_prefix=@exec_prefix@ + bindir=@bindir@ + includedir=@includedir@ +-libdir=@libdir@ +-imagelibdir=@libdir@ ++# Fetch libdir from gnutls's pkg-config script. This is a bit ++# of a cheat, but the cups-devel package requires gnutls-devel anyway. ++libdir=`pkg-config --variable=libdir gnutls` ++imagelibdir=`pkg-config --variable=libdir gnutls` + datarootdir=@datadir@ + datadir=@datadir@ + sysconfdir=@sysconfdir@ diff --git a/SOURCES/cups-no-export-ssllibs.patch b/SOURCES/cups-no-export-ssllibs.patch new file mode 100644 index 0000000..14b4426 --- /dev/null +++ b/SOURCES/cups-no-export-ssllibs.patch @@ -0,0 +1,10 @@ +diff -up cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs cups-2.2b2/config-scripts/cups-ssl.m4 +--- cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs 2016-06-27 15:06:22.299980753 +0200 ++++ cups-2.2b2/config-scripts/cups-ssl.m4 2016-06-27 15:08:00.953154042 +0200 +@@ -102,5 +102,5 @@ AC_SUBST(IPPALIASES) + AC_SUBST(SSLFLAGS) + AC_SUBST(SSLLIBS) + +-EXPORT_SSLLIBS="$SSLLIBS" ++EXPORT_SSLLIBS="" + AC_SUBST(EXPORT_SSLLIBS) diff --git a/SOURCES/cups-no-gzip-man.patch b/SOURCES/cups-no-gzip-man.patch new file mode 100644 index 0000000..c476b7b --- /dev/null +++ b/SOURCES/cups-no-gzip-man.patch @@ -0,0 +1,18 @@ +diff -up cups-2.2.4/config-scripts/cups-manpages.m4.no-gzip-man cups-2.2.4/config-scripts/cups-manpages.m4 +--- cups-2.2.4/config-scripts/cups-manpages.m4.no-gzip-man 2017-06-30 20:37:09.470034273 +0200 ++++ cups-2.2.4/config-scripts/cups-manpages.m4 2017-06-30 20:39:15.982884832 +0200 +@@ -53,10 +53,10 @@ case "$host_os_name" in + ;; + linux* | gnu* | darwin*) + # Linux, GNU Hurd, and macOS +- MAN1EXT=1.gz +- MAN5EXT=5.gz +- MAN7EXT=7.gz +- MAN8EXT=8.gz ++ MAN1EXT=1 ++ MAN5EXT=5 ++ MAN7EXT=7 ++ MAN8EXT=8 + MAN8DIR=8 + ;; + *) diff --git a/SOURCES/cups-peercred.patch b/SOURCES/cups-peercred.patch new file mode 100644 index 0000000..a106abb --- /dev/null +++ b/SOURCES/cups-peercred.patch @@ -0,0 +1,11 @@ +diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c +--- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200 ++++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200 +@@ -52,6 +52,7 @@ + * Include necessary headers... + */ + ++#define _GNU_SOURCE + #include "cupsd.h" + #include + #ifdef HAVE_SHADOW_H diff --git a/SOURCES/cups-pid.patch b/SOURCES/cups-pid.patch new file mode 100644 index 0000000..23ffd47 --- /dev/null +++ b/SOURCES/cups-pid.patch @@ -0,0 +1,37 @@ +diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c +--- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200 ++++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200 +@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm + * Setup signal handlers for the parent... + */ + ++ pid_t pid; ++ + #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */ + sigset(SIGUSR1, parent_handler); + sigset(SIGCHLD, parent_handler); +@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm + signal(SIGHUP, SIG_IGN); + #endif /* HAVE_SIGSET */ + +- if (fork() > 0) ++ if ((pid = fork()) > 0) + { + /* + * OK, wait for the child to startup and send us SIGUSR1 or to crash +@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm + sleep(1); + + if (parent_signal == SIGUSR1) ++ { ++ FILE *f = fopen ("/var/run/cupsd.pid", "w"); ++ if (f) ++ { ++ fprintf (f, "%d\n", pid); ++ fclose (f); ++ } + return (0); ++ } + + if (wait(&i) < 0) + { diff --git a/SOURCES/cups-ppdopen-heap-overflow.patch b/SOURCES/cups-ppdopen-heap-overflow.patch new file mode 100644 index 0000000..4b725e1 --- /dev/null +++ b/SOURCES/cups-ppdopen-heap-overflow.patch @@ -0,0 +1,42 @@ +diff --git a/cups/ppd.c b/cups/ppd.c +index ff52df2e..199cf034 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -1719,8 +1719,7 @@ _ppdOpen( + constraint->choice1, constraint->option2, + constraint->choice2)) + { +- case 0 : /* Error */ +- case 1 : /* Error */ ++ default : /* Error */ + pg->ppd_status = PPD_BAD_UI_CONSTRAINTS; + goto error; + +diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx +index c25d4966..236c00db 100644 +--- a/ppdc/ppdc-source.cxx ++++ b/ppdc/ppdc-source.cxx +@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read + + switch (sscanf(name, "%dx%d", &xdpi, &ydpi)) + { +- case 0 : +- _cupsLangPrintf(stderr, +- _("ppdc: Bad resolution name \"%s\" on line %d of " +- "%s."), name, fp->line, fp->filename); +- break; + case 1 : + ydpi = xdpi; + break; +- } ++ case 2 : ++ break; ++ default : ++ _cupsLangPrintf(stderr, ++ _("ppdc: Bad resolution name \"%s\" on line %d of " ++ "%s."), name, fp->line, fp->filename); ++ break; ++} + + // Create the necessary PS commands... + snprintf(command, sizeof(command), diff --git a/SOURCES/cups-preservejob-leak.patch b/SOURCES/cups-preservejob-leak.patch new file mode 100644 index 0000000..c1c132d --- /dev/null +++ b/SOURCES/cups-preservejob-leak.patch @@ -0,0 +1,31 @@ +diff --git a/scheduler/colorman.c b/scheduler/colorman.c +index 8af4e5c..9bfdb0c 100644 +--- a/scheduler/colorman.c ++++ b/scheduler/colorman.c +@@ -1083,7 +1083,7 @@ colord_create_profile( + + dbus_message_iter_get_basic(&args, &profile_path); + cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path); +- cupsArrayAdd(profiles, strdup(profile_path)); ++ cupsArrayAdd(profiles, profile_path); + + out: + +diff --git a/scheduler/job.c b/scheduler/job.c +index 0223bee..47d4c72 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */ + job->num_files = 0; + } + ++ unload_job(job); ++ + if (job->history) + free_job_history(job); + +- unload_job(job); +- + cupsArrayRemove(Jobs, job); + cupsArrayRemove(ActiveJobs, job); + cupsArrayRemove(PrintingJobs, job); diff --git a/SOURCES/cups-rastertoepson-crash.patch b/SOURCES/cups-rastertoepson-crash.patch new file mode 100644 index 0000000..11f6673 --- /dev/null +++ b/SOURCES/cups-rastertoepson-crash.patch @@ -0,0 +1,13 @@ +diff --git a/filter/rastertoepson.c b/filter/rastertoepson.c +index 4efe669..e8fe0c6 100644 +--- a/filter/rastertoepson.c ++++ b/filter/rastertoepson.c +@@ -307,7 +307,7 @@ StartPage( + + if (DotBytes) + { +- if ((LineBuffers[0] = calloc((size_t)DotBytes, header->cupsWidth * (size_t)(Shingling + 1))) == NULL) ++ if ((LineBuffers[0] = calloc((size_t)DotBytes, (header->cupsWidth + 7) * (size_t)(Shingling + 1))) == NULL) + { + fputs("ERROR: Unable to allocate memory\n", stderr); + exit(1); diff --git a/SOURCES/cups-res_init.patch b/SOURCES/cups-res_init.patch new file mode 100644 index 0000000..3866521 --- /dev/null +++ b/SOURCES/cups-res_init.patch @@ -0,0 +1,26 @@ +diff -up cups-1.7b1/cups/http-addr.c.res_init cups-1.7b1/cups/http-addr.c +--- cups-1.7b1/cups/http-addr.c.res_init 2013-03-20 19:14:10.000000000 +0100 ++++ cups-1.7b1/cups/http-addr.c 2013-04-19 12:01:36.927512159 +0200 +@@ -319,7 +319,8 @@ httpAddrLookup( + + if (error) + { +- if (error == EAI_FAIL) ++ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || ++ error == EAI_NONAME) + cg->need_res_init = 1; + + return (httpAddrString(addr, name, namelen)); +diff -up cups-1.7b1/cups/http-addrlist.c.res_init cups-1.7b1/cups/http-addrlist.c +--- cups-1.7b1/cups/http-addrlist.c.res_init 2013-04-19 12:01:36.930512119 +0200 ++++ cups-1.7b1/cups/http-addrlist.c 2013-04-19 12:03:13.769229554 +0200 +@@ -581,7 +581,8 @@ httpAddrGetList(const char *hostname, /* + } + else + { +- if (error == EAI_FAIL) ++ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || ++ error == EAI_NONAME) + cg->need_res_init = 1; + + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, gai_strerror(error), 0); diff --git a/SOURCES/cups-restart-job-hold-until.patch b/SOURCES/cups-restart-job-hold-until.patch new file mode 100644 index 0000000..d235518 --- /dev/null +++ b/SOURCES/cups-restart-job-hold-until.patch @@ -0,0 +1,20 @@ +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index e0dbc4a..5e9a985 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -9891,11 +9891,10 @@ restart_job(cupsd_client_t *con, /* I - Client connection */ + cupsdLogJob(job, CUPSD_LOG_DEBUG, + "Restarted by \"%s\" with job-hold-until=%s.", + username, attr->values[0].string.text); +- cupsdSetJobHoldUntil(job, attr->values[0].string.text, 0); +- +- cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED | CUPSD_EVENT_JOB_STATE, +- NULL, job, "Job restarted by user with job-hold-until=%s", +- attr->values[0].string.text); ++ cupsdSetJobHoldUntil(job, attr->values[0].string.text, 1); ++ cupsdSetJobState(job, IPP_JOB_HELD, CUPSD_JOB_DEFAULT, ++ "Job restarted by user with job-hold-until=%s", ++ attr->values[0].string.text); + } + else + { diff --git a/SOURCES/cups-retry-current-job-man.patch b/SOURCES/cups-retry-current-job-man.patch new file mode 100644 index 0000000..0d879c6 --- /dev/null +++ b/SOURCES/cups-retry-current-job-man.patch @@ -0,0 +1,52 @@ +diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html +index 9082348..8ab1ce8 100644 +--- a/doc/help/man-cupsd.conf.html ++++ b/doc/help/man-cupsd.conf.html +@@ -90,7 +90,7 @@ The default value is "30". +
Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer. +
ErrorPolicy retry-job +
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. +-
ErrorPolicy retry-this-job ++
ErrorPolicy retry-current-job +
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. +
ErrorPolicy stop-printer +
Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default. +diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in +index 53a028d..ba12b07 100644 +--- a/man/cupsd.conf.man.in ++++ b/man/cupsd.conf.man.in +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR +diff --git a/man/cupsd.conf.man.in.privilege-escalation b/man/cupsd.conf.man.in.privilege-escalation +index ab89e15..130ea8a 100644 +--- a/man/cupsd.conf.man.in.privilege-escalation ++++ b/man/cupsd.conf.man.in.privilege-escalation +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR +diff --git a/man/cupsd.conf.man.in.remove-weak-ciphers b/man/cupsd.conf.man.in.remove-weak-ciphers +index 5516780..35065ca 100644 +--- a/man/cupsd.conf.man.in.remove-weak-ciphers ++++ b/man/cupsd.conf.man.in.remove-weak-ciphers +@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise + \fBErrorPolicy retry-job\fR + Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer. + .TP 5 +-\fBErrorPolicy retry-this-job\fR ++\fBErrorPolicy retry-current-job\fR + Specifies that a failed print job should be retried immediately unless otherwise specified for the printer. + .TP 5 + \fBErrorPolicy stop-printer\fR diff --git a/SOURCES/cups-ricoh-deviceid-oid.patch b/SOURCES/cups-ricoh-deviceid-oid.patch new file mode 100644 index 0000000..c148f95 --- /dev/null +++ b/SOURCES/cups-ricoh-deviceid-oid.patch @@ -0,0 +1,21 @@ +diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c +--- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200 ++++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200 +@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = { + static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; + static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; + static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; ++static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 }; + static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; + static cups_array_t *DeviceURIs = NULL; + static int HostNameLookups = 0; +@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP + packet.community, CUPS_ASN1_GET_REQUEST, + DEVICE_ID, LexmarkDeviceIdOID); + _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, ++ packet.community, CUPS_ASN1_GET_REQUEST, ++ DEVICE_ID, RicohDeviceIdOID); ++ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, + packet.community, CUPS_ASN1_GET_REQUEST, + DEVICE_PRODUCT, XeroxProductOID); + _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, diff --git a/SOURCES/cups-serverbin-compat.patch b/SOURCES/cups-serverbin-compat.patch new file mode 100644 index 0000000..5f51e23 --- /dev/null +++ b/SOURCES/cups-serverbin-compat.patch @@ -0,0 +1,193 @@ +diff -up cups-2.2rc1/scheduler/conf.c.serverbin-compat cups-2.2rc1/scheduler/conf.c +--- cups-2.2rc1/scheduler/conf.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200 ++++ cups-2.2rc1/scheduler/conf.c 2016-08-09 09:58:21.324033645 +0200 +@@ -609,6 +609,9 @@ cupsdReadConfiguration(void) + cupsdClearString(&ServerName); + cupsdClearString(&ServerAdmin); + cupsdSetString(&ServerBin, CUPS_SERVERBIN); ++#ifdef __x86_64__ ++ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups"); ++#endif /* __x86_64__ */ + cupsdSetString(&RequestRoot, CUPS_REQUESTS); + cupsdSetString(&CacheDir, CUPS_CACHEDIR); + cupsdSetString(&DataDir, CUPS_DATADIR); +@@ -1604,7 +1607,12 @@ cupsdReadConfiguration(void) + * Read the MIME type and conversion database... + */ + ++#ifdef __x86_64__ ++ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin, ++ ServerBin_compat); ++#else + snprintf(temp, sizeof(temp), "%s/filter", ServerBin); ++#endif + snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir); + + MimeDatabase = mimeNew(); +diff -up cups-2.2rc1/scheduler/conf.h.serverbin-compat cups-2.2rc1/scheduler/conf.h +--- cups-2.2rc1/scheduler/conf.h.serverbin-compat 2016-08-08 20:06:00.000000000 +0200 ++++ cups-2.2rc1/scheduler/conf.h 2016-08-09 09:58:21.325033636 +0200 +@@ -106,6 +106,10 @@ VAR char *ConfigurationFile VALUE(NULL) + /* Root directory for scheduler */ + *ServerBin VALUE(NULL), + /* Root directory for binaries */ ++#ifdef __x86_64__ ++ *ServerBin_compat VALUE(NULL), ++ /* Compat directory for binaries */ ++#endif /* __x86_64__ */ + *StateDir VALUE(NULL), + /* Root directory for state data */ + *RequestRoot VALUE(NULL), +diff -up cups-2.2rc1/scheduler/env.c.serverbin-compat cups-2.2rc1/scheduler/env.c +--- cups-2.2rc1/scheduler/env.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200 ++++ cups-2.2rc1/scheduler/env.c 2016-08-09 09:58:21.325033636 +0200 +@@ -212,8 +212,13 @@ cupsdUpdateEnv(void) + set_if_undefined("LD_PRELOAD", NULL); + set_if_undefined("NLSPATH", NULL); + if (find_env("PATH") < 0) ++#ifdef __x86_64__ ++ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR ++ ":/bin:/usr/bin", ServerBin, ServerBin_compat); ++#else /* ! defined(__x86_64__) */ + cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR + ":/bin:/usr/bin", ServerBin); ++#endif + set_if_undefined("SERVER_ADMIN", ServerAdmin); + set_if_undefined("SHLIB_PATH", NULL); + set_if_undefined("SOFTWARE", CUPS_MINIMAL); +diff -up cups-2.2rc1/scheduler/ipp.c.serverbin-compat cups-2.2rc1/scheduler/ipp.c +--- cups-2.2rc1/scheduler/ipp.c.serverbin-compat 2016-08-09 09:58:21.326033626 +0200 ++++ cups-2.2rc1/scheduler/ipp.c 2016-08-09 10:10:16.266127629 +0200 +@@ -2419,12 +2419,21 @@ add_printer(cupsd_client_t *con, /* I - + * Could not find device in list! + */ + ++#ifdef __x86_64__ ++ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat, ++ scheme); ++ if (access(srcfile, X_OK)) ++ { ++#endif /* __x86_64__ */ + send_ipp_status(con, IPP_NOT_POSSIBLE, + _("Bad device-uri scheme \"%s\"."), scheme); + if (!modify) + cupsdDeletePrinter(printer, 0); + + return; ++#ifdef __x86_64__ ++ } ++#endif /* __x86_64__ */ + } + } + +diff -up cups-2.2rc1/scheduler/job.c.serverbin-compat cups-2.2rc1/scheduler/job.c +--- cups-2.2rc1/scheduler/job.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200 ++++ cups-2.2rc1/scheduler/job.c 2016-08-09 09:58:21.327033616 +0200 +@@ -1126,8 +1126,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I + i ++, filter = (mime_filter_t *)cupsArrayNext(filters)) + { + if (filter->filter[0] != '/') +- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, +- filter->filter); ++ { ++ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, ++ filter->filter); ++#ifdef __x86_64__ ++ if (access(command, F_OK)) ++ { ++ snprintf(command, sizeof(command), "%s/filter/%s", ++ ServerBin_compat, filter->filter); ++ if (!access(command, F_OK)) ++ { ++ /* Not in the correct directory, but found it in the compat ++ * directory. Issue a warning. */ ++ cupsdLogMessage(CUPSD_LOG_INFO, ++ "Filter '%s' not in %s/filter!", ++ filter->filter, ServerBin); ++ } ++ else ++ { ++ /* Not in the compat directory either; make any error ++ * messages use the correct directory name then. */ ++ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, ++ filter->filter); ++ } ++ } ++#endif /* __x86_64__ */ ++ } + else + strlcpy(command, filter->filter, sizeof(command)); + +@@ -1283,6 +1307,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I + { + cupsdClosePipe(job->back_pipes); + cupsdClosePipe(job->side_pipes); ++#ifdef __x86_64__ ++ if (access(command, F_OK)) ++ { ++ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat, ++ scheme); ++ if (!access(command, F_OK)) ++ { ++ /* Not in the correct directory, but we found it in the compat ++ * directory. Issue a warning. */ ++ cupsdLogMessage(CUPSD_LOG_INFO, ++ "Backend '%s' not in %s/backend!", scheme, ++ ServerBin); ++ } ++ else ++ { ++ /* Not in the compat directory either; make any error ++ messages use the correct directory name then. */ ++ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin, ++ scheme); ++ } ++ } ++#endif /* __x86_64__ */ + + close(job->status_pipes[1]); + job->status_pipes[1] = -1; +diff -up cups-2.2rc1/scheduler/printers.c.serverbin-compat cups-2.2rc1/scheduler/printers.c +--- cups-2.2rc1/scheduler/printers.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200 ++++ cups-2.2rc1/scheduler/printers.c 2016-08-09 09:58:21.327033616 +0200 +@@ -967,9 +967,19 @@ cupsdLoadAllPrinters(void) + * Backend does not exist, stop printer... + */ + ++#ifdef __x86_64__ ++ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat, ++ p->device_uri); ++ if (access(line, 0)) ++ { ++#endif /* __x86_64__ */ ++ + p->state = IPP_PRINTER_STOPPED; + snprintf(p->state_message, sizeof(p->state_message), + "Backend %s does not exist!", line); ++#ifdef __x86_64__ ++ } ++#endif /* __x86_64__ */ + } + } + +@@ -3481,8 +3491,20 @@ add_printer_filter( + else + snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, program); + ++#ifdef __x86_64__ ++ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, ++ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) { ++ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat, ++ program); ++ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, ++ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) ++ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, ++ program); ++ } ++#else /* ! defined(__x86_64__) */ + _cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, + cupsdLogFCMessage, p); ++#endif + } + + /* diff --git a/SOURCES/cups-sssd.patch b/SOURCES/cups-sssd.patch new file mode 100644 index 0000000..b0a7d76 --- /dev/null +++ b/SOURCES/cups-sssd.patch @@ -0,0 +1,13 @@ +diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in +index 11e0662..6fb7a32 100644 +--- a/scheduler/org.cups.cupsd.service.in ++++ b/scheduler/org.cups.cupsd.service.in +@@ -1,7 +1,7 @@ + [Unit] + Description=CUPS Scheduler + Documentation=man:cupsd(8) +-After=network.target ypbind.service ++After=network.target nss-user-lookup.target + + [Service] + ExecStart=@sbindir@/cupsd -l diff --git a/SOURCES/cups-str3382.patch b/SOURCES/cups-str3382.patch new file mode 100644 index 0000000..b31bf37 --- /dev/null +++ b/SOURCES/cups-str3382.patch @@ -0,0 +1,62 @@ +diff -up cups-2.0rc1/cups/tempfile.c.str3382 cups-2.0rc1/cups/tempfile.c +--- cups-2.0rc1/cups/tempfile.c.str3382 2014-07-31 02:58:00.000000000 +0200 ++++ cups-2.0rc1/cups/tempfile.c 2014-09-12 14:06:42.560887827 +0200 +@@ -27,6 +27,7 @@ + # include + #else + # include ++# include + #endif /* WIN32 || __EMX__ */ + + +@@ -48,7 +49,7 @@ cupsTempFd(char *filename, /* I - Point + char tmppath[1024]; /* Windows temporary directory */ + DWORD curtime; /* Current time */ + #else +- struct timeval curtime; /* Current time */ ++ mode_t old_umask; /* Old umask before using mkstemp() */ + #endif /* WIN32 */ + + +@@ -98,32 +99,24 @@ cupsTempFd(char *filename, /* I - Point + */ + + snprintf(filename, (size_t)len - 1, "%s/%05lx%08lx", tmpdir, GetCurrentProcessId(), curtime); +-#else +- /* +- * Get the current time of day... +- */ +- +- gettimeofday(&curtime, NULL); +- +- /* +- * Format a string using the hex time values... +- */ +- +- snprintf(filename, (size_t)len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); +-#endif /* WIN32 */ + + /* + * Open the file in "exclusive" mode, making sure that we don't + * stomp on an existing file or someone's symlink crack... + */ + +-#ifdef WIN32 + fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, + _S_IREAD | _S_IWRITE); +-#elif defined(O_NOFOLLOW) +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); + #else +- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); ++ /* ++ * Use the standard mkstemp() call to make a temporary filename ++ * securely. -- andrew.wood@jdplc.com ++ */ ++ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); ++ ++ old_umask = umask(0077); ++ fd = mkstemp(filename); ++ umask(old_umask); + #endif /* WIN32 */ + + if (fd < 0 && errno != EEXIST) diff --git a/SOURCES/cups-strict-ppd-line-length.patch b/SOURCES/cups-strict-ppd-line-length.patch new file mode 100644 index 0000000..4ba1dd2 --- /dev/null +++ b/SOURCES/cups-strict-ppd-line-length.patch @@ -0,0 +1,30 @@ +diff -up cups-2.0rc1/cups/ppd.c.strict-ppd-line-length cups-2.0rc1/cups/ppd.c +--- cups-2.0rc1/cups/ppd.c.strict-ppd-line-length 2014-02-06 19:33:34.000000000 +0100 ++++ cups-2.0rc1/cups/ppd.c 2014-09-12 18:07:44.227773710 +0200 +@@ -2872,7 +2872,7 @@ ppd_read(cups_file_t *fp, /* I - Fil + *lineptr++ = (char)ch; + col ++; + +- if (col > (PPD_MAX_LINE - 1)) ++ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT) + { + /* + * Line is too long... +@@ -2933,7 +2933,7 @@ ppd_read(cups_file_t *fp, /* I - Fil + { + col ++; + +- if (col > (PPD_MAX_LINE - 1)) ++ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT) + { + /* + * Line is too long... +@@ -2992,7 +2992,7 @@ ppd_read(cups_file_t *fp, /* I - Fil + { + col ++; + +- if (col > (PPD_MAX_LINE - 1)) ++ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT) + { + /* + * Line is too long... diff --git a/SOURCES/cups-substitute-bad-attrs.patch b/SOURCES/cups-substitute-bad-attrs.patch new file mode 100644 index 0000000..37e65a1 --- /dev/null +++ b/SOURCES/cups-substitute-bad-attrs.patch @@ -0,0 +1,141 @@ +diff -up cups-2.2.7/scheduler/ipp.c.substitute-bad-attrs cups-2.2.7/scheduler/ipp.c +--- cups-2.2.7/scheduler/ipp.c.substitute-bad-attrs 2018-04-03 15:55:45.974344993 +0200 ++++ cups-2.2.7/scheduler/ipp.c 2018-04-03 16:15:06.723859881 +0200 +@@ -164,6 +164,7 @@ cupsdProcessIPPRequest( + ipp_attribute_t *uri = NULL; /* Printer or job URI attribute */ + ipp_attribute_t *username; /* requesting-user-name attr */ + int sub_id; /* Subscription ID */ ++ int valid = 1; /* Valid request? */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdProcessIPPRequest(%p[%d]): operation_id=%04x(%s)", con, con->number, con->request->request.op.operation_id, ippOpString(con->request->request.op.operation_id)); +@@ -423,20 +424,55 @@ cupsdProcessIPPRequest( + else + { + /* +- * OK, all the checks pass so far; make sure requesting-user-name is +- * not "root" from a remote host... ++ * OK, all the checks pass so far; validate "requesting-user-name" ++ * attribute value... + */ + +- if ((username = ippFindAttribute(con->request, "requesting-user-name", +- IPP_TAG_NAME)) != NULL) +- { +- /* +- * Check for root user... +- */ +- +- if (!strcmp(username->values[0].string.text, "root") && +- _cups_strcasecmp(con->http->hostname, "localhost") && +- strcmp(con->username, "root")) ++ if ((username = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_ZERO)) != NULL) ++ { ++ /* ++ * Validate "requesting-user-name"... ++ */ ++ ++ if (username->group_tag != IPP_TAG_OPERATION && StrictConformance) ++ { ++ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute in wrong group.", IPP_STATUS_ERROR_BAD_REQUEST, con->http->hostname); ++ send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("\"requesting-user-name\" attribute in wrong group.")); ++ valid = 0; ++ } ++ else if (username->value_tag != IPP_TAG_NAME && username->value_tag != IPP_TAG_NAMELANG) ++ { ++ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with wrong syntax.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname); ++ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax.")); ++ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL) ++ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; ++ valid = 0; ++ } ++ else if (!ippValidateAttribute(username)) ++ { ++ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with bad value.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname); ++ ++ if (StrictConformance) ++ { ++ /* ++ * Throw an error... ++ */ ++ ++ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax.")); ++ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL) ++ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; ++ valid = 0; ++ } ++ else ++ { ++ /* ++ * Map bad "requesting-user-name" to 'anonymous'... ++ */ ++ ++ ippSetString(con->request, &username, 0, "anonymous"); ++ } ++ } ++ else if (!strcmp(username->values[0].string.text, "root") && _cups_strcasecmp(con->http->hostname, "localhost") && strcmp(con->username, "root")) + { + /* + * Remote unauthenticated user masquerading as local root... +@@ -452,6 +488,8 @@ cupsdProcessIPPRequest( + else + sub_id = 0; + ++ if (valid) ++ { + /* + * Then try processing the operation... + */ +@@ -655,6 +693,7 @@ cupsdProcessIPPRequest( + ippOpString( + con->request->request.op.operation_id)); + break; ++ } + } + } + } +@@ -1615,27 +1654,34 @@ add_job(cupsd_client_t *con, /* I - Cl + _("Bad job-name value: Wrong type or count.")); + if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL) + attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; +- return (NULL); ++ ++ if (StrictConformance) ++ return (NULL); ++ ++ /* Don't use invalid attribute */ ++ ippDeleteAttribute(con->request, attr); ++ ++ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled"); + } + else if (!ippValidateAttribute(attr)) + { + send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"), + cupsLastErrorString()); ++ + if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL) + attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; +- return (NULL); +- } + +- attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); ++ if (StrictConformance) ++ return (NULL); + +- if (attr && !ippValidateAttribute(attr)) +- { +- send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString()); +- if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL) +- attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP; +- return (NULL); ++ /* Don't use invalid attribute */ ++ ippDeleteAttribute(con->request, attr); ++ ++ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled"); + } + ++ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); ++ + #ifdef WITH_LSPP + if (is_lspp_config()) + { diff --git a/SOURCES/cups-synconclose.patch b/SOURCES/cups-synconclose.patch new file mode 100644 index 0000000..8aee02b --- /dev/null +++ b/SOURCES/cups-synconclose.patch @@ -0,0 +1,48 @@ +diff -up cups-2.0.2/conf/cups-files.conf.in.LGOyhq cups-2.0.2/conf/cups-files.conf.in +--- cups-2.0.2/conf/cups-files.conf.in.LGOyhq 2015-02-10 13:51:24.912193296 +0100 ++++ cups-2.0.2/conf/cups-files.conf.in 2015-02-10 13:52:49.400997262 +0100 +@@ -7,7 +7,7 @@ + #FatalErrors @CUPS_FATAL_ERRORS@ + + # Do we call fsync() after writing configuration or status files? +-#SyncOnClose No ++#SyncOnClose Yes + + # Default user and group for filters/backends/helper programs; this cannot be + # any user or group that resolves to ID 0 for security reasons... +diff -up cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq cups-2.0.2/doc/help/man-cups-files.conf.html +--- cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq 2015-02-10 13:52:49.400997262 +0100 ++++ cups-2.0.2/doc/help/man-cups-files.conf.html 2015-02-10 13:53:07.057747311 +0100 +@@ -136,7 +136,7 @@ The default is "/etc/cups". +
Specifies whether the scheduler calls + fsync(2) + after writing configuration or state files. +-The default is "No". ++The default is "Yes". +
SystemGroup group-name [ ... group-name ] +
Specifies the group(s) to use for @SYSTEM group authentication. + The default contains "admin", "lpadmin", "root", "sys", and/or "system". +diff -up cups-2.0.2/man/cups-files.conf.man.in.LGOyhq cups-2.0.2/man/cups-files.conf.man.in +--- cups-2.0.2/man/cups-files.conf.man.in.LGOyhq 2015-02-10 13:52:49.400997262 +0100 ++++ cups-2.0.2/man/cups-files.conf.man.in 2015-02-10 13:53:23.753510964 +0100 +@@ -201,7 +201,7 @@ The default is "/etc/cups". + Specifies whether the scheduler calls + .BR fsync (2) + after writing configuration or state files. +-The default is "No". ++The default is "Yes". + .\"#SystemGroup + .TP 5 + \fBSystemGroup \fIgroup-name \fR[ ... \fIgroup-name\fR ] +diff -up cups-2.0.2/scheduler/conf.c.LGOyhq cups-2.0.2/scheduler/conf.c +--- cups-2.0.2/scheduler/conf.c.LGOyhq 2015-02-10 13:51:24.991192177 +0100 ++++ cups-2.0.2/scheduler/conf.c 2015-02-10 13:52:49.401997248 +0100 +@@ -717,7 +717,7 @@ cupsdReadConfiguration(void) + RootCertDuration = 300; + Sandboxing = CUPSD_SANDBOXING_STRICT; + StrictConformance = FALSE; +- SyncOnClose = FALSE; ++ SyncOnClose = TRUE; + Timeout = DEFAULT_TIMEOUT; + WebInterface = CUPS_DEFAULT_WEBIF; + diff --git a/SOURCES/cups-system-auth.patch b/SOURCES/cups-system-auth.patch new file mode 100644 index 0000000..60117a9 --- /dev/null +++ b/SOURCES/cups-system-auth.patch @@ -0,0 +1,38 @@ +diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth +--- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 ++++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200 +@@ -0,0 +1,4 @@ ++#%PAM-1.0 ++# Use password-auth common PAM configuration for the daemon ++auth include password-auth ++account include password-auth +diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth +--- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 ++++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200 +@@ -0,0 +1,3 @@ ++#%PAM-1.0 ++auth include system-auth ++account include system-auth +diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile +--- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200 ++++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200 +@@ -90,10 +90,16 @@ install-data: + done + -if test x$(PAMDIR) != x; then \ + $(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \ +- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ +- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ ++ if test -f /etc/pam.d/password-auth; then \ ++ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \ ++ elif test -f /etc/pam.d/system-auth; then \ ++ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \ + else \ +- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ ++ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ ++ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ ++ else \ ++ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ ++ fi ; \ + fi ; \ + fi + diff --git a/SOURCES/cups-systemd-socket.patch b/SOURCES/cups-systemd-socket.patch new file mode 100644 index 0000000..37ccec9 --- /dev/null +++ b/SOURCES/cups-systemd-socket.patch @@ -0,0 +1,73 @@ +diff -up cups-2.2.5/scheduler/main.c.systemd-socket cups-2.2.5/scheduler/main.c +--- cups-2.2.5/scheduler/main.c.systemd-socket 2017-10-17 18:59:53.732431498 +0200 ++++ cups-2.2.5/scheduler/main.c 2017-10-17 19:02:13.132275861 +0200 +@@ -691,8 +691,16 @@ main(int argc, /* I - Number of comm + + #ifdef HAVE_ONDEMAND + if (OnDemand) ++ { + cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); +- else ++# ifdef HAVE_SYSTEMD ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Scheduler is running...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++# endif /* HAVE_SYSTEMD */ ++ } else ++ + #endif /* HAVE_ONDEMAND */ + if (fg) + cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground."); +diff -up cups-2.2.5/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.5/scheduler/org.cups.cupsd.path.in +--- cups-2.2.5/scheduler/org.cups.cupsd.path.in.systemd-socket 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/org.cups.cupsd.path.in 2017-10-17 18:59:53.732431498 +0200 +@@ -1,6 +1,6 @@ + [Unit] + Description=CUPS Scheduler +-PartOf=org.cups.cupsd.service ++PartOf=cups.service + + [Path] + PathExists=@CUPS_CACHEDIR@/org.cups.cupsd +diff -up cups-2.2.5/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.5/scheduler/org.cups.cupsd.service.in +--- cups-2.2.5/scheduler/org.cups.cupsd.service.in.systemd-socket 2017-10-13 20:22:26.000000000 +0200 ++++ cups-2.2.5/scheduler/org.cups.cupsd.service.in 2017-10-17 18:59:53.732431498 +0200 +@@ -1,11 +1,13 @@ + [Unit] + Description=CUPS Scheduler + Documentation=man:cupsd(8) ++After=network.target + + [Service] + ExecStart=@sbindir@/cupsd -l +-Type=simple ++Type=notify ++Restart=on-failure + + [Install] +-Also=org.cups.cupsd.socket org.cups.cupsd.path ++Also=cups.socket cups.path + WantedBy=printer.target +diff -up cups-2.2.6/scheduler/org.cups.cupsd.socket.in.systemd-socket cups-2.2.6/scheduler/org.cups.cupsd.socket.in +--- cups-2.2.6/scheduler/org.cups.cupsd.socket.in.systemd-socket 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/scheduler/org.cups.cupsd.socket.in 2018-09-19 12:38:00.630843246 +0200 +@@ -1,6 +1,6 @@ + [Unit] + Description=CUPS Scheduler +-PartOf=org.cups.cupsd.service ++PartOf=cups.service + + [Socket] + ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ +diff -up cups-2.2.6/scheduler/org.cups.cups-lpd.socket.systemd-socket cups-2.2.6/scheduler/org.cups.cups-lpd.socket +--- cups-2.2.6/scheduler/org.cups.cups-lpd.socket.systemd-socket 2017-11-01 15:57:53.000000000 +0100 ++++ cups-2.2.6/scheduler/org.cups.cups-lpd.socket 2018-09-19 12:38:00.630843246 +0200 +@@ -1,6 +1,6 @@ + [Unit] + Description=CUPS LPD Server Socket +-PartOf=org.cups.cups-lpd.service ++PartOf=cups-lpd.service + + [Socket] + ListenStream=515 diff --git a/SOURCES/cups-uri-compat.patch b/SOURCES/cups-uri-compat.patch new file mode 100644 index 0000000..2520a5b --- /dev/null +++ b/SOURCES/cups-uri-compat.patch @@ -0,0 +1,51 @@ +diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c +--- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200 ++++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200 +@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De + int device_fd; /* USB device */ + ssize_t tbytes; /* Total number of bytes written */ + struct termios opts; /* Parallel port options */ ++ char *fixed_uri = strdup (uri); ++ char *p; + + + (void)argc; + (void)argv; + ++ p = strchr (fixed_uri, ':'); ++ if (p++ != NULL) ++ { ++ char *e; ++ p += strspn (p, "/"); ++ e = strchr (p, '/'); ++ if (e > p) ++ { ++ size_t mfrlen = e - p; ++ e++; ++ if (!strncasecmp (e, p, mfrlen)) ++ { ++ char *x = e + mfrlen; ++ if (!strncmp (x, "%20", 3)) ++ /* Take mfr name out of mdl name for compatibility with ++ * Fedora 11 before bug #507244 was fixed. */ ++ strcpy (e, x + 3); puts(fixed_uri); ++ } ++ } ++ } ++ + /* + * Open the USB port device... + */ +@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De + _cups_strncasecmp(hostname, "Minolta", 7); + #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ + +- if (use_bc && !strncmp(uri, "usb:/dev/", 9)) ++ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9)) + use_bc = 0; + +- if ((device_fd = open_device(uri, &use_bc)) == -1) ++ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1) + { + if (getenv("CLASS") != NULL) + { diff --git a/SOURCES/cups-usb-paperout.patch b/SOURCES/cups-usb-paperout.patch new file mode 100644 index 0000000..f1f73f0 --- /dev/null +++ b/SOURCES/cups-usb-paperout.patch @@ -0,0 +1,52 @@ +diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c +--- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200 ++++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200 +@@ -30,6 +30,11 @@ + + #include + ++#ifdef __linux ++#include ++#include ++#endif /* __linux */ ++ + + /* + * Local functions... +@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev + if (!strncmp(uri, "usb:/dev/", 9)) + #ifdef __linux + { +- return (open(uri + 4, O_RDWR | O_EXCL)); ++ fd = open(uri + 4, O_RDWR | O_EXCL); ++ ++ if (fd != -1) ++ { ++ /* ++ * Tell the driver to return from write() with errno==ENOSPACE ++ * on paper-out. ++ */ ++ unsigned int t = 1; ++ ioctl (fd, LPABORT, &t); ++ } ++ ++ return fd; + } + else if (!strncmp(uri, "usb://", 6)) + { +@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev + if (!strcmp(uri, device_uri)) + { + /* +- * Yes, return this file descriptor... ++ * Yes, tell the driver to return from write() with ++ * errno==ENOSPACE on paper-out. ++ */ ++ unsigned int t = 1; ++ ioctl (fd, LPABORT, &t); ++ ++ /* ++ * Return this file descriptor... + */ + + fprintf(stderr, "DEBUG: Printer using device file \"%s\"...\n", diff --git a/SOURCES/cups-use-ipp1.1.patch b/SOURCES/cups-use-ipp1.1.patch new file mode 100644 index 0000000..41855fc --- /dev/null +++ b/SOURCES/cups-use-ipp1.1.patch @@ -0,0 +1,12 @@ +diff -up cups-1.6.3/cups/usersys.c.use-ipp1.1 cups-1.6.3/cups/usersys.c +--- cups-1.6.3/cups/usersys.c.use-ipp1.1 2013-07-12 11:41:45.368837618 +0200 ++++ cups-1.6.3/cups/usersys.c 2013-07-12 11:41:45.391837299 +0200 +@@ -366,7 +366,7 @@ cupsSetServer(const char *server) /* I - + cg->server_version = 22; + } + else +- cg->server_version = 20; ++ cg->server_version = 11; + + if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL && + !strchr(port, ']') && isdigit(port[1] & 255)) diff --git a/SOURCES/cups-validate-1st.patch b/SOURCES/cups-validate-1st.patch new file mode 100644 index 0000000..e7b9070 --- /dev/null +++ b/SOURCES/cups-validate-1st.patch @@ -0,0 +1,28 @@ +diff --git a/backend/ipp.c b/backend/ipp.c +index 0a70a87..f8bf7e1 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -327,6 +327,7 @@ main(int argc, /* I - Number of command-line args */ + get_job_attrs = 0, /* Does printer support Get-Job-Attributes? */ + send_document = 0, /* Does printer support Send-Document? */ + validate_job = 0, /* Does printer support Validate-Job? */ ++ validation_retried = 0, /* Indicate whether Validate-Job was retried */ + copies, /* Number of copies for job */ + copies_remaining; /* Number of copies remaining */ + const char *content_type, /* CONTENT_TYPE environment variable */ +@@ -1597,7 +1598,15 @@ main(int argc, /* I - Number of command-line args */ + ipp_status == IPP_BAD_REQUEST) + break; + else if (job_auth == NULL && ipp_status > IPP_BAD_REQUEST) ++ { ++ if (!validation_retried) ++ { ++ validation_retried = 1; ++ sleep(10); ++ continue; ++ } + goto cleanup; ++ } + } + + /* diff --git a/SOURCES/cups-web-devices-timeout.patch b/SOURCES/cups-web-devices-timeout.patch new file mode 100644 index 0000000..fa3a320 --- /dev/null +++ b/SOURCES/cups-web-devices-timeout.patch @@ -0,0 +1,19 @@ +diff -up cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout cups-1.7rc1/cgi-bin/admin.c +--- cups-1.7rc1/cgi-bin/admin.c.web-devices-timeout 2013-05-29 12:51:34.000000000 +0100 ++++ cups-1.7rc1/cgi-bin/admin.c 2013-08-16 16:01:17.308264287 +0100 +@@ -1019,13 +1019,13 @@ do_am_printer(http_t *http, /* I - HTTP + } + + /* +- * Scan for devices for up to 30 seconds... ++ * Scan for devices for up to 10 seconds... + */ + + fputs("DEBUG: Getting list of devices...\n", stderr); + + current_device = 0; +- if (cupsGetDevices(http, 5, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE, ++ if (cupsGetDevices(http, 10, CUPS_INCLUDE_ALL, CUPS_EXCLUDE_NONE, + (cups_device_cb_t)choose_device_cb, + (void *)title) == IPP_OK) + { diff --git a/SOURCES/cups-ypbind.patch b/SOURCES/cups-ypbind.patch new file mode 100644 index 0000000..f942708 --- /dev/null +++ b/SOURCES/cups-ypbind.patch @@ -0,0 +1,12 @@ +diff -up cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind cups-2.2.0/scheduler/org.cups.cupsd.service.in +--- cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind 2017-09-22 16:51:39.053585694 +0200 ++++ cups-2.2.0/scheduler/org.cups.cupsd.service.in 2017-09-22 16:52:02.588403584 +0200 +@@ -1,7 +1,7 @@ + [Unit] + Description=CUPS Scheduler + Documentation=man:cupsd(8) +-After=network.target ++After=network.target ypbind.service + + [Service] + ExecStart=@sbindir@/cupsd -l diff --git a/SOURCES/cups.logrotate b/SOURCES/cups.logrotate new file mode 100644 index 0000000..773c70f --- /dev/null +++ b/SOURCES/cups.logrotate @@ -0,0 +1,5 @@ +/var/log/cups/*_log { + missingok + notifempty + sharedscripts +} diff --git a/SOURCES/macros.cups b/SOURCES/macros.cups new file mode 100644 index 0000000..5b560d9 --- /dev/null +++ b/SOURCES/macros.cups @@ -0,0 +1 @@ +%_cups_serverbin %(/usr/bin/cups-config --serverbin) diff --git a/SOURCES/ncp.backend b/SOURCES/ncp.backend new file mode 100755 index 0000000..d57ada1 --- /dev/null +++ b/SOURCES/ncp.backend @@ -0,0 +1,51 @@ +#!/bin/sh +# This is a modified version of 'ncpprint'. It can now be used as a CUPS +# backend. +# Modifications: +# Copyright (C) 2002 Red Hat, inc +# Copyright (C) 2002 Tim Waugh +# Before modification: shipped as /usr/share/printconf/util/ncpprint + +if [ -z "$*" ] +then + # This is where we would enumerate all the URIs we support. + # Patches welcome. + exit 0 +fi + +FILE=$6 +if [ -z "$FILE" ] +then + FILE=- +fi + +# $DEVICE_URI is 'ncp://[user:password@]server/queue' +URI=${DEVICE_URI#*://} +queue=${URI#*/} +URI=${URI%/$queue} +server=${URI#*@} +URI=${URI%$server} +URI=${URI%@} +if [ -n "$URI" ] +then + user=${URI%:*} + URI=${URI#$user} + password=${URI#:} +fi + +#echo user: ${user-(none)} +#echo password: ${password-(none)} +#echo server: $server +#echo queue: $queue + +if [ -n "$user" ] +then + if [ -n "$password" ] + then + /usr/bin/nprint -S "$server" -q "$queue" -U "$user" -P "$password" -N "$FILE" 2>/dev/null + else + /usr/bin/nprint -S "$server" -q "$queue" -U "$user" -n -N "$FILE" 2>/dev/null + fi +else + /usr/bin/nprint -S "$server" -q "$queue" -N "$FILE" 2>/dev/null +fi diff --git a/SOURCES/upgrade_get_document.py.in b/SOURCES/upgrade_get_document.py.in new file mode 100755 index 0000000..91d393f --- /dev/null +++ b/SOURCES/upgrade_get_document.py.in @@ -0,0 +1,171 @@ +@PYTHON_SHEBANG@ + +""" +Upgrade script to enable authentication for CUPS-Get-Document in +default policy +""" + +import os +import sys +from shutil import copy + + +def get_cupsd_conf(): + """ + Get all lines from cupsd.conf + """ + if not os.path.exists('/etc/cups/cupsd.conf'): + return None + + lines = [] + with open('/etc/cups/cupsd.conf', 'r') as conf: + lines = conf.readlines() + + return lines + + +def get_default_policy(lines): + """ + Get the default policy lines + + :param list lines: lines from cupsd.conf + """ + default_policy = [] + in_policy = False + + for line in lines: + if not in_policy and not line.lstrip().startswith(''): + continue + + default_policy.append(line) + + if line.lstrip().startswith(''): + return default_policy + + in_policy = True + + return default_policy + + +def get_limit_with_document(lines): + """ + Get scope which defines CUPS-Get-Document operation + + :param list lines: Lines containing the default policy + """ + limit = [] + in_limit = False + + for line in lines: + if not in_limit and not line.lstrip().startswith(''): + return limit + + in_limit = True + + return limit + + +def check_for_authtype(lines): + """ + Check if defining CUPS-Get-Document defines + any authentication + + :param list lines: Lines of scope which defines CUPS-Get-Document + """ + for line in lines: + if line.lstrip().startswith('AuthType'): + return True + return False + + +def migrate_cupsd_conf(lines): + """ + Make changes to cupsd.conf contents to use authentication + for CUPS-Get-Document + + :param list lines: Lines from cupsd.conf + """ + new_lines = [] + in_policy = False + create_document_limit = False + + for line in lines: + if (in_policy and line.lstrip().startswith('') and + 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]): + line = line.replace(' CUPS-Get-Document', '') + create_document_limit = True + + if in_policy and line.lstrip().startswith('') and create_document_limit: + new_lines.append('\n') + new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' + + '# added during upgrade\n') + new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' + + '\n') + new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' + + 'AuthType Default\n') + new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' + + 'Require user @OWNER @SYSTEM\n') + new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' + + 'Order deny,allow\n') + new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' + + '\n') + create_document_limit = False + + new_lines.append(line) + + if not in_policy: + if line.lstrip().startswith(''): + in_policy = True + continue + + if line.lstrip().startswith(''): + new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' + + '# added during upgrade\n') + new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' + + 'AuthType Default\n') + continue + + if line.lstrip().startswith(''): + in_policy = False + continue + + return new_lines + + +def apply_changes(lines): + """ + Backup the original file if there is no .rpmsave already and + apply changes to the actual cupsd.conf + + :param list lines: New lines for cupsd.conf + """ + if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'): + copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave') + + with open('/etc/cups/cupsd.conf', 'w') as conf: + conf.writelines(lines) + + + +content = get_cupsd_conf() +if content is None: + sys.exit(1) + +if check_for_authtype(get_limit_with_document(get_default_policy(content))): + sys.exit(0) + +new_content = migrate_cupsd_conf(content) + +apply_changes(new_content) + +sys.exit(0) diff --git a/SPECS/cups.spec b/SPECS/cups.spec new file mode 100644 index 0000000..dff485d --- /dev/null +++ b/SPECS/cups.spec @@ -0,0 +1,4004 @@ +%global use_alternatives 1 +%global lspp 1 + +# {_exec_prefix}/lib/cups is correct, even on x86_64. +# It is not used for shared objects but for executables. +# It's more of a libexec-style ({_libexecdir}) usage, +# but we use lib for compatibility with 3rd party drivers (at upstream request). +%global cups_serverbin %{_exec_prefix}/lib/cups + +# we still need something for python2... +%if 0%{?rhel} >= 8 || 0%{?fedora} +%global __python %{__python3} +%else +%global __python /usr/bin/python2 +%endif + +#%%global prever rc1 +#%%global VERSION %%{version}%%{prever} +%global VERSION %{version} + +Summary: CUPS printing system +Name: cups +Epoch: 1 +Version: 2.2.6 +Release: 57%{?dist} +License: GPLv2+ and LGPLv2 with exceptions and AML +Url: http://www.cups.org/ +Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz +# Pixmap for desktop file +Source2: cupsprinter.png +# Logrotate configuration +Source6: cups.logrotate +# Backend for NCP protocol +Source7: ncp.backend +Source8: macros.cups +# CVE-2023-32360 migration script +Source9: upgrade_get_document.py.in + +Patch1: cups-no-gzip-man.patch +Patch2: cups-system-auth.patch +Patch3: cups-multilib.patch +Patch5: cups-banners.patch +Patch6: cups-serverbin-compat.patch +Patch7: cups-no-export-ssllibs.patch +Patch8: cups-direct-usb.patch +Patch9: cups-lpr-help.patch +Patch10: cups-peercred.patch +Patch11: cups-pid.patch +Patch12: cups-eggcups.patch +Patch13: cups-driverd-timeout.patch +Patch14: cups-strict-ppd-line-length.patch +Patch15: cups-logrotate.patch +Patch16: cups-usb-paperout.patch +Patch17: cups-res_init.patch +Patch18: cups-filter-debug.patch +Patch19: cups-uri-compat.patch +Patch20: cups-str3382.patch +#Patch21: cups-0755.patch +Patch22: cups-hp-deviceid-oid.patch +Patch23: cups-dnssd-deviceid.patch +Patch24: cups-ricoh-deviceid-oid.patch +Patch25: cups-systemd-socket.patch +Patch27: cups-avahi-address.patch +Patch29: cups-dymo-deviceid.patch +Patch30: cups-freebind.patch +#Patch31: cups-no-gcry.patch +Patch33: cups-use-ipp1.1.patch +Patch34: cups-avahi-no-threaded.patch +Patch35: cups-ipp-multifile.patch +Patch36: cups-web-devices-timeout.patch +Patch37: cups-synconclose.patch +Patch38: cups-ypbind.patch +Patch39: cups-substitute-bad-attrs.patch +# 1607295 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [rhel-8.0] +Patch40: 0001-Fix-local-privilege-escalation-to-root-and-sandbox-b.patch +# 1613173 - Remove weak SSL/TLS ciphers from CUPS +Patch41: 0001-Add-support-for-MinTLS-and-MaxTLS-options-Issue-5119.patch +# 1602469 - fixed covscan issues, backported from upstream +Patch42: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch +# 1625899 - cups 2.2.6 lpr command fails against old cups 1.3.9 server +Patch43: 0001-Printing-to-old-CUPS-servers-has-been-fixed-Issue-52.patch +# 1625913 - ssl options aren't initialized when no SSLOptions directive is set in /etc/cups/client.conf +Patch44: 0001-Fix-default-TLS-versions.patch +# 1622431 - Jobs with multiple files don't complete when backend fails +Patch45: 0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch +# CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [rhel-8] +Patch46: 0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch +# 1659486 - cupsd crash on startup in ippCopyAttribute +Patch47: 0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch +# 1677577 - Remove 'View X log' buttons from web ui +Patch48: 0001-Remove-web-log-buttons.patch +# 1650233 - cups uses md5 for hashing credentials sent through tls connection +Patch49: cups-fips-compliance.patch +# 1700663 - Stop advertising the HTTP methods that are supported +Patch50: cups-do-not-advertise-http-methods.patch +# 1774462, 1774463 - CVE-2019-8696, CVE-2019-8675 - buffer overflow in SNMP and IPP, +# memory disclosure and DoS in scheduler +Patch51: 0001-Multiple-security-disclosure-issues.patch +# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created +Patch52: cups-memory-consumption.patch +# 1784884 - cups.service doesn't execute automatically on request +Patch53: cups-autostart-when-enabled.patch +# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c +Patch54: cups-ppdopen-heap-overflow.patch +# 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied) +Patch55: cups-etimedout.patch +# 1689207 - Add failover backend +Patch56: cups-failover-backend.patch +# 1833516 - DirtyCleanInterval ignored if there are open client connections +Patch57: cups-dirtyclean.patch +# 1775590 - rastertoepson filter crashes with paper size A6 +Patch58: cups-rastertoepson-crash.patch +# 1941437 - cupsd doesn't log job ids when logging into journal +Patch59: cups-logs.patch +# 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP +Patch60: cups-validate-1st.patch +# 1938384 - CUPS doesn't start if sssd starts after cupsd +Patch61: cups-sssd.patch +# 1955964 - PreserveJobHistory doesn't work with seconds +Patch62: cups-fix-preservejob-times.patch +# 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8] +Patch63: cups-cve202010001.patch +# 2006987 - Unauthenticated users can't move print jobs in Web UI +Patch64: 0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch +# 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited +Patch65: 0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch +# 1726383 - "lpadmin -p -o cupsSNMPSupplies:false" doesn't work +Patch66: 0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch +# 1982891 - Printing of banner before PCL file only prints banner +Patch67: 0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch +# 2006591 - Trying to restart and hold a job doesn't work +Patch68: cups-restart-job-hold-until.patch +# 1811716 - lpr to non-existent printer reports incorrect error +Patch69: 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch +# 2015182 - RFE: Implement IdleExitTimeout configuration during build +Patch70: 0001-Add-with-idle-exit-timeout-configure-option.patch +# 2013865 - RFE: Implement TimeoutStartSec configuration during build +Patch71: 0001-Add-with-systemd-timeoutstartsec-configure-option.patch +# 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere +Patch72: cups-ippeve-web-support.patch +# 2071417 - 30-second delays printing to Windows 2016 server via HTTPS +Patch73: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch +# 2074684 - lp to a remote server takes a long time +Patch74: 0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch +# 2074736 - CUPS is too chatty about "Removing document files." in debug mode +Patch75: cups-cupsd-too-chatty.patch +# CVE-2022-26691 cups: authorization bypass when using "local" authorization +Patch76: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch +# 2084257 - ErrorPolicy documentation is incorrect +Patch77: cups-retry-current-job-man.patch +# 1910415 - manpage update to acknowledge order dependency of -h option +Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch +# 2130391 - Kerberized IPP Printing Fails +Patch79: cups-kerberos.patch +# 2217178 - Delays printing to lpd when reserved ports are exhausted +Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch +# 2217283 - The command "cancel -x " does not remove job files +Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch +# 2217955 - Enlarge backlog queue for listen() in cupsd +Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch +# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c +Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch +# CVE-2023-32324 cups: heap buffer overflow may lead to DoS +Patch84: 0001-cups-strlcpy-handle-zero-size.patch +# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation +Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch +# RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" +Patch86: cups-preservejob-leak.patch +# RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost +Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch +# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents +Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch + +Patch1000: cups-lspp.patch + +Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-client%{?_isa} = %{epoch}:%{version}-%{release} + +Provides: cupsddk cupsddk-drivers + +BuildRequires: pam-devel pkgconf-pkg-config +BuildRequires: pkgconfig(gnutls) +BuildRequires: libacl-devel +BuildRequires: openldap-devel +BuildRequires: pkgconfig(libusb-1.0) +BuildRequires: krb5-devel +BuildRequires: pkgconfig(avahi-client) +BuildRequires: systemd +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: automake +# for decompressing functions when reading from a gzipped file +BuildRequires: zlib-devel + +# gcc and gcc-c++ is no longer in buildroot by default +# gcc for most of files +BuildRequires: gcc +# gcc-c++ for ppdc and cups-driverd +Buildrequires: gcc-c++ + +# Make sure we get postscriptdriver tags. +BuildRequires: python3-cups + +%if %{lspp} +BuildRequires: libselinux-devel +BuildRequires: audit-libs-devel +%endif + +Requires: dbus + +# Requires working PrivateTmp (bug #807672) +Requires(pre): systemd +Requires(post): systemd +Requires(post): grep, sed +Requires(preun): systemd +Requires(postun): systemd + +# for upgrade-get-document script +Requires(post): %{__python} + +# We ship udev rules which use setfacl. +Requires: systemd +Requires: acl + +# Make sure we have some filters for converting to raster format. +Requires: cups-filters + +%package client +Summary: CUPS printing system - client programs +License: GPLv2 +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +%if %{use_alternatives} +Provides: /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat +Requires: /usr/sbin/alternatives +%endif +Provides: lpr + +%package devel +Summary: CUPS printing system - development environment +License: LGPLv2 +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: gnutls-devel +Requires: krb5-devel +Requires: zlib-devel +Provides: cupsddk-devel + +%package libs +Summary: CUPS printing system - libraries +License: LGPLv2 and zlib + +%package filesystem +Summary: CUPS printing system - directory layout +BuildArch: noarch + +%package lpd +Summary: CUPS printing system - lpd emulation +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Provides: lpd + +%package ipptool +Summary: CUPS printing system - tool for performing IPP requests +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} + +%description +CUPS printing system provides a portable printing layer for +UNIX® operating systems. It has been developed by Apple Inc. +to promote a standard printing solution for all UNIX vendors and users. +CUPS provides the System V and Berkeley command-line interfaces. + +%description client +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This package contains command-line client +programs. + +%description devel +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This is the development package for creating +additional printer drivers, and other CUPS services. + +%description libs +CUPS printing system provides a portable printing layer for +UNIX® operating systems. It has been developed by Apple Inc. +to promote a standard printing solution for all UNIX vendors and users. +CUPS provides the System V and Berkeley command-line interfaces. +The cups-libs package provides libraries used by applications to use CUPS +natively, without needing the lp/lpr commands. + +%description filesystem +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This package provides some directories which are +required by other packages that add CUPS drivers (i.e. filters, backends etc.). + +%description lpd +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This is the package that provides standard +lpd emulation. + +%description ipptool +Sends IPP requests to the specified URI and tests and/or displays the results. + +%prep +%setup -q -n cups-%{VERSION} +# Don't gzip man pages in the Makefile, let rpmbuild do it. +%patch1 -p1 -b .no-gzip-man +# Use the system pam configuration. +%patch2 -p1 -b .system-auth +# Prevent multilib conflict in cups-config script. +%patch3 -p1 -b .multilib +# Ignore rpm save/new files in the banners directory. +%patch5 -p1 -b .banners +# Use compatibility fallback path for ServerBin. +%patch6 -p1 -b .serverbin-compat +# Don't export SSLLIBS to cups-config. +%patch7 -p1 -b .no-export-ssllibs +# Allow file-based usb device URIs. +%patch8 -p1 -b .direct-usb +# Add --help option to lpr. +%patch9 -p1 -b .lpr-help +# Fix compilation of peer credentials support. +%patch10 -p1 -b .peercred +# Maintain a cupsd.pid file. +%patch11 -p1 -b .pid +# Fix implementation of com.redhat.PrinterSpooler D-Bus object. +%patch12 -p1 -b .eggcups +# Increase driverd timeout to 70s to accommodate foomatic (bug #744715). +%patch13 -p1 -b .driverd-timeout +# Only enforce maximum PPD line length when in strict mode. +%patch14 -p1 -b .strict-ppd-line-length +# Re-open the log if it has been logrotated under us. +%patch15 -p1 -b .logrotate +# Support for errno==ENOSPACE-based USB paper-out reporting. +%patch16 -p1 -b .usb-paperout +# Re-initialise the resolver on failure in httpAddrGetList() (bug #567353). +%patch17 -p1 -b .res_init +# Log extra debugging information if no filters are available. +%patch18 -p1 -b .filter-debug +# Allow the usb backend to understand old-style URI formats. +%patch19 -p1 -b .uri-compat +# Fix temporary filename creation. +%patch20 -p1 -b .str3382 +# Use mode 0755 for binaries and libraries where appropriate. +#%%patch21 -p1 -b .0755 +# Add an SNMP query for HP's device ID OID (STR #3552). +%patch22 -p1 -b .hp-deviceid-oid +# Mark DNS-SD Device IDs that have been guessed at with "FZY:1;". +%patch23 -p1 -b .dnssd-deviceid +# Add an SNMP query for Ricoh's device ID OID (STR #3552). +%patch24 -p1 -b .ricoh-deviceid-oid +# Make cups.service Type=notify (bug #1088918). +%patch25 -p1 -b .systemd-socket +# Use IP address when resolving DNSSD URIs (bug #948288). +%patch27 -p1 -b .avahi-address +# Added IEEE 1284 Device ID for a Dymo device (bug #747866). +%patch29 -p1 -b .dymo-deviceid +# Use IP_FREEBIND socket option when binding listening sockets (bug #970809). +%patch30 -p1 -b .freebind +# Don't link against libgcrypt needlessly. +#%%patch31 -p1 -b .no-gcry +# Default to IPP/1.1 for now (bug #977813). +%patch33 -p1 -b .use-ipp1.1 +# Don't use D-Bus from two threads (bug #979748). +%patch34 -p1 -b .avahi-no-threaded +# Fixes for jobs with multiple files and multiple formats. +%patch35 -p1 -b .ipp-multifile +# Increase web interface get-devices timeout to 10s (bug #996664). +%patch36 -p1 -b .web-devices-timeout +# Set the default for SyncOnClose to Yes. +%patch37 -p1 -b .synconclose +# CUPS may fail to start if NIS groups are used (bug #1494558) +%patch38 -p1 -b .ypbind + +%if %{lspp} +# LSPP support. +%patch1000 -p1 -b .lspp +%endif + +# substitute default values for invalid job attributes (upstream #5186 and #5229) +%patch39 -p1 -b .substitute-bad-attrs +# 1607295 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [rhel-8.0] +%patch40 -p1 -b .privilege-escalation +# 1613173 - Remove weak SSL/TLS ciphers from CUPS +%patch41 -p1 -b .remove-weak-ciphers +# 1602469 - fixed covscan issues, backported from upstream +%patch42 -p1 -b .covscan +# 1625899 - cups 2.2.6 lpr command fails against old cups 1.3.9 server +%patch43 -p1 -b .oldcupsservers +# 1625913 - ssl options aren't initialized when no SSLOptions directive is set in /etc/cups/client.conf +%patch44 -p1 -b .defaulttls +# 1622431 - Jobs with multiple files don't complete when backend fails +%patch45 -p1 -b .multifile-stuck +# CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [rhel-8] +%patch46 -p1 -b .predictable-cookie +# 1659486 - cupsd crash on startup in ippCopyAttribute +%patch47 -p1 -b .ippeve-crash +# 1677577 - Remove 'View X log' buttons from web ui +%patch48 -p1 -b .rm-webui-buttons +# 1650233 - cups uses md5 for hashing credentials sent through tls connection +%patch49 -p1 -b .fips-compliance +# 1700663 - Stop advertising the HTTP methods that are supported +%patch50 -p1 -b .do-not-advertise-http-methods +# 1774462, 1774463 - CVE-2019-8696, CVE-2019-8675 - buffer overflow in SNMP and IPP, +# memory disclosure and DoS in scheduler +%patch51 -p1 -b .cve-in-scheduler +# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created +%patch52 -p1 -b .memory-consumption +# 1784884 - cups.service doesn't execute automatically on request +%patch53 -p1 -b .autostart-when-enabled +# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c +%patch54 -p1 -b .ppdopen-heap-overflow +# 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied) +%patch55 -p1 -b .etimedout +# 1689207 - Add failover backend +%patch56 -p1 -b .failover +# 1833516 - DirtyCleanInterval ignored if there are open client connections +%patch57 -p1 -b .dirtyclean +# 1775590 - rastertoepson filter crashes with paper size A6 +%patch58 -p1 -b .rastertoepson-crash +# 1941437 - cupsd doesn't log job ids when logging into journal +%patch59 -p1 -b .logs +# 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP +%patch60 -p1 -b .validate-1st +# 1938384 - CUPS doesn't start if sssd starts after cupsd +%patch61 -p1 -b .sssd +# 1955964 - PreserveJobHistory doesn't work with seconds +%patch62 -p1 -b .cups-fix-preservejob-times +# 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8] +%patch63 -p1 -b .cve202010001 +# 2006987 - Unauthenticated users can't move print jobs in Web UI +%patch64 -p1 -b .move-job +# 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited +%patch65 -p1 -b .maxjobtime +# 1726383 - "lpadmin -p -o cupsSNMPSupplies:false" doesn't work +%patch66 -p1 -b .supplies +# 1982891 - Printing of banner before PCL file only prints banner +%patch67 -p1 -b .banner-rawfiles +# 2006591 - Trying to restart and hold a job doesn't work +%patch68 -p1 -b .restart-hold-job +# 1811716 - lpr to non-existent printer reports incorrect error +%patch69 -p1 -b .lplpr-better-error +# 2015182 - RFE: Implement IdleExitTimeout configuration during build +%patch70 -p1 -b .idleexittimeout +# 2013865 - RFE: Implement TimeoutStartSec configuration during build +%patch71 -p1 -b .timeoutstartsec +# 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere +%patch72 -p1 -b .ippeve-web-support +# 2071417 - 30-second delays printing to Windows 2016 server via HTTPS +%patch73 -p1 -b .gnutlsbye +# 2074684 - lp to a remote server takes a long time +%patch74 -p1 -b .lp-long-time +# 2074736 - CUPS is too chatty about "Removing document files." in debug mode +%patch75 -p1 -b .cupsd-too-chatty +# CVE-2022-26691 cups: authorization bypass when using "local" authorization +%patch76 -p1 -b .cve26691 +# 2084257 - ErrorPolicy documentation is incorrect +%patch77 -p1 -b .retry-current-job-man +# 1910415 - manpage update to acknowledge order dependency of -h option +%patch78 -p1 -b .manpage-update +# 2130391 - Kerberized IPP Printing Fails +%patch79 -p1 -b .kerberos +# 2217178 - Delays printing to lpd when reserved ports are exhausted +%patch80 -p1 -b .lpd-delay +# 2217283 - The command "cancel -x " does not remove job files +%patch81 -p1 -b .purge-job +# 2217955 - Enlarge backlog queue for listen() in cupsd +%patch82 -p1 -b .listen-backlog +# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c +%patch83 -p1 -b .cve34241 +# CVE-2023-32324 cups: heap buffer overflow may lead to DoS +%patch84 -p1 -b .cve32324 +# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation +%patch85 -p1 -b .get-document-auth +# RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" +%patch86 -p1 -b .preservejob-leak +# RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost +%patch87 -p1 -b .message-stderr +# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents +%patch88 -p1 -b .cupsgetjobs-pollhup + +sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in + +# Log to the system journal by default (bug #1078781, bug #1519331). +sed -i -e 's,^ErrorLog .*$,ErrorLog syslog,' conf/cups-files.conf.in +sed -i -e 's,^AccessLog .*$,AccessLog syslog,' conf/cups-files.conf.in +sed -i -e 's,^PageLog .*$,PageLog syslog,' conf/cups-files.conf.in + +# Add comment text mentioning syslog is systemd journal (bug #1358589) +sed -i -e 's,\"syslog\",\"syslog\" \(syslog means systemd journal by default\),' conf/cups-files.conf.in + +# Add group wheel to SystemGroups (bug #1405669) +sed -i -e 's,^SystemGroup .*$, SystemGroup sys root wheel,' conf/cups-files.conf.in + +# Let's look at the compilation command lines. +perl -pi -e "s,^.SILENT:,," Makedefs.in + +f=CREDITS.md +mv "$f" "$f"~ +iconv -f MACINTOSH -t UTF-8 "$f"~ > "$f" +rm -f "$f"~ + +aclocal -I config-scripts +autoconf -I config-scripts + +%build +# add Fedora specific flags to DSOFLAGS +export DSOFLAGS="$DSOFLAGS -L../cgi-bin -L../filter -L../ppdc -L../scheduler -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,relro,-z,now -fPIE -pie" +export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1" +export CC=gcc +export CXX=g++ +# --enable-debug to avoid stripping binaries +%configure --with-docdir=%{_datadir}/%{name}/www --enable-debug \ +%if %{lspp} + --enable-lspp \ +%endif + --with-exe-file-perm=0755 \ + --with-cupsd-file-perm=0755 \ + --with-log-file-perm=0600 \ + --enable-relro \ + --with-dbusdir=%{_sysconfdir}/dbus-1 \ + --with-php=/usr/bin/php-cgi \ + --enable-avahi \ + --enable-threads \ + --enable-gnutls \ + --enable-webif \ + --with-xinetd=no \ + --with-access-log-level=actions \ + --enable-page-logging \ +%if 0%{?rhel} + --without-idle-exit-timeout \ + --without-systemd-timeoutstartsec \ +%endif + localedir=%{_datadir}/locale + +# If we got this far, all prerequisite libraries must be here. +make %{?_smp_mflags} + +%install +make BUILDROOT=%{buildroot} install + +rm -rf %{buildroot}%{_initddir} \ + %{buildroot}%{_sysconfdir}/init.d \ + %{buildroot}%{_sysconfdir}/rc?.d +mkdir -p %{buildroot}%{_unitdir} + +find %{buildroot}%{_datadir}/cups/model -name "*.ppd" |xargs gzip -n9f + +%if %{use_alternatives} +pushd %{buildroot}%{_bindir} +for i in cancel lp lpq lpr lprm lpstat; do + mv $i $i.cups +done +cd %{buildroot}%{_sbindir} +mv lpc lpc.cups +cd %{buildroot}%{_mandir}/man1 +for i in cancel lp lpq lpr lprm lpstat; do + mv $i.1 $i-cups.1 +done +cd %{buildroot}%{_mandir}/man8 +mv lpc.8 lpc-cups.8 +popd +%endif + +mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path +mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service +mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket +mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket +mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service +/bin/sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service + +mkdir -p %{buildroot}%{_datadir}/pixmaps %{buildroot}%{_sysconfdir}/X11/sysconfig %{buildroot}%{_sysconfdir}/X11/applnk/System %{buildroot}%{_sysconfdir}/logrotate.d +install -p -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps +install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/logrotate.d/cups +install -p -m 755 %{SOURCE7} %{buildroot}%{cups_serverbin}/backend/ncp + +# Ship an rpm macro for where to put driver executables. +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d +install -m 0644 %{SOURCE8} %{buildroot}%{_rpmconfigdir}/macros.d + +# Ship a printers.conf file, and a client.conf file. That way, they get +# their SELinux file contexts set correctly. +touch %{buildroot}%{_sysconfdir}/cups/printers.conf +touch %{buildroot}%{_sysconfdir}/cups/classes.conf +touch %{buildroot}%{_sysconfdir}/cups/client.conf +touch %{buildroot}%{_sysconfdir}/cups/subscriptions.conf +touch %{buildroot}%{_sysconfdir}/cups/lpoptions + +# LSB 3.2 printer driver directory +mkdir -p %{buildroot}%{_datadir}/ppd + +# Remove unshipped files. +rm -rf %{buildroot}%{_mandir}/cat? %{buildroot}%{_mandir}/*/cat? +rm -f %{buildroot}%{_datadir}/applications/cups.desktop +rm -rf %{buildroot}%{_datadir}/icons +# there are pdf-banners shipped with cups-filters (#919489) +rm -rf %{buildroot}%{_datadir}/cups/banners +rm -f %{buildroot}%{_datadir}/cups/data/testprint + +# install /usr/lib/tmpfiles.d/cups.conf (bug #656566, bug #893834) +mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir} +cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/cups.conf < ${RPM_BUILD_ROOT}%{_tmpfilesdir}/cups-lp.conf < %{name}.lang + +# install get-document upgrade script +install -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/upgrade_get_document + +sed -i 's,@PYTHON_SHEBANG@,#!%{__python},' %{buildroot}%{_sbindir}/upgrade_get_document + +%post +%systemd_post %{name}.path %{name}.socket %{name}.service + +# Remove old-style certs directory; new-style is /var/run +# (see bug #194581 for why this is necessary). +rm -rf %{_sysconfdir}/cups/certs +rm -f %{_localstatedir}/cache/cups/*.ipp %{_localstatedir}/cache/cups/*.cache + +# Previous migration script unnecessarily put PageLogFormat into cups-files.conf +# (see bug #1148995) +FILE=%{_sysconfdir}/cups/cups-files.conf +for keyword in PageLogFormat; do + /bin/sed -i -e "s,^$keyword,#$keyword,i" "$FILE" || : +done + +# Because of moving logs to journal, we need to create placeholder files +# at /var/log/cups for users, whose are going to install CUPS on new OS +# machine with info message +%if 0%{?rhel} > 7 || 0%{?fedora} > 27 +confignames=( "ErrorLog" "AccessLog" "PageLog" ) +lognames=( "error_log" "access_log" "page_log" ) +message="This CUPS log has been moved into journal by default unless changes have been made in /etc/cups/cups-files.conf. Log messages can be got by \"$ journalctl -u cups -e\"" +for ((i=0;i<${#confignames[@]};i++)); +do + found=`%{_bindir}/grep -i "${confignames[i]} syslog" /etc/cups/cups-files.conf` + if [ ! -z "$found" ] + then + if [ ! -f %{_localstatedir}/log/cups/${lognames[i]} ] + then + %{_bindir}/touch %{_localstatedir}/log/cups/${lognames[i]} || : + fi + perms=`%{_bindir}/ls -lah %{_localstatedir}/log/cups/${lognames[i]} | %{_bindir}/grep -v -e "\-rw-------" -e "root lp"` + if [ ! -z "$perms" ] + then + # we need to set correct permissions and ownership because of possible + # security issues + # we need to have here, because previous CUPS releases had the bug. + # Checking permissions and ownership here fixes it. + %{_bindir}/chown root:lp %{_localstatedir}/log/cups/${lognames[i]} || : + %{_bindir}/chmod 600 %{_localstatedir}/log/cups/${lognames[i]} || : + fi + lastmessage=`%{_bindir}/tail -n 1 %{_localstatedir}/log/cups/${lognames[i]} | %{_bindir}/grep "$message"` + if [ -z "$lastmessage" ] + then + %{_bindir}/echo $message >> %{_localstatedir}/log/cups/${lognames[i]} || : + fi + fi +done +%endif + +%{_bindir}/rm /var/cache/cups/*.data > /dev/null 2>&1 + +if [ -e /etc/systemd/system/printer.target.wants/cups.service ] +then + %{_bindir}/systemctl enable cups.service > /dev/null 2>&1 +fi + +# 2013865 - if the directive is not in cupsd.conf, add it (needed during upgrades if +# user had changed the config file) +grep '^\s*IdleExitTimeout' %{_sysconfdir}/cups/cupsd.conf &> /dev/null || echo -e '\nIdleExitTimeout 0' \ +>> %{_sysconfdir}/cups/cupsd.conf + +%{_sbindir}/upgrade_get_document + +exit 0 + +%post client +%if %{use_alternatives} +/usr/sbin/alternatives --install %{_bindir}/lpr print %{_bindir}/lpr.cups 40 \ + --slave %{_bindir}/lp print-lp %{_bindir}/lp.cups \ + --slave %{_bindir}/lpq print-lpq %{_bindir}/lpq.cups \ + --slave %{_bindir}/lprm print-lprm %{_bindir}/lprm.cups \ + --slave %{_bindir}/lpstat print-lpstat %{_bindir}/lpstat.cups \ + --slave %{_bindir}/cancel print-cancel %{_bindir}/cancel.cups \ + --slave %{_sbindir}/lpc print-lpc %{_sbindir}/lpc.cups \ + --slave %{_mandir}/man1/cancel.1.gz print-cancelman %{_mandir}/man1/cancel-cups.1.gz \ + --slave %{_mandir}/man1/lp.1.gz print-lpman %{_mandir}/man1/lp-cups.1.gz \ + --slave %{_mandir}/man8/lpc.8.gz print-lpcman %{_mandir}/man8/lpc-cups.8.gz \ + --slave %{_mandir}/man1/lpq.1.gz print-lpqman %{_mandir}/man1/lpq-cups.1.gz \ + --slave %{_mandir}/man1/lpr.1.gz print-lprman %{_mandir}/man1/lpr-cups.1.gz \ + --slave %{_mandir}/man1/lprm.1.gz print-lprmman %{_mandir}/man1/lprm-cups.1.gz \ + --slave %{_mandir}/man1/lpstat.1.gz print-lpstatman %{_mandir}/man1/lpstat-cups.1.gz +%endif +exit 0 + +%post lpd +%systemd_post cups-lpd.socket +exit 0 + +%ldconfig_scriptlets libs + +%preun +%systemd_preun %{name}.path %{name}.socket %{name}.service +exit 0 + +%preun client +%if %{use_alternatives} +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove print %{_bindir}/lpr.cups +fi +%endif +exit 0 + +%preun lpd +%systemd_preun cups-lpd.socket +exit 0 + +%postun +%systemd_postun_with_restart %{name}.path %{name}.socket %{name}.service +exit 0 + +%postun lpd +%systemd_postun_with_restart cups-lpd.socket +exit 0 + +%triggerin -- samba-client +ln -sf %{_libexecdir}/samba/cups_backend_smb %{cups_serverbin}/backend/smb || : +exit 0 + +%triggerun -- samba-client +[ $2 = 0 ] || exit 0 +rm -f %{cups_serverbin}/backend/smb + +%files -f %{name}.lang +%doc README.md CREDITS.md CHANGES.md +%dir %attr(0755,root,lp) %{_sysconfdir}/cups +%dir %attr(0755,root,lp) %{_localstatedir}/run/cups +%dir %attr(0511,lp,sys) %{_localstatedir}/run/cups/certs +%{_tmpfilesdir}/cups.conf +%{_tmpfilesdir}/cups-lp.conf +%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf +%attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf.default +%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cups-files.conf +%attr(0640,root,lp) %{_sysconfdir}/cups/cups-files.conf.default +%verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/client.conf +%verify(not md5 size mtime) %config(noreplace) %attr(0600,root,lp) %{_sysconfdir}/cups/classes.conf +%verify(not md5 size mtime) %config(noreplace) %attr(0600,root,lp) %{_sysconfdir}/cups/printers.conf +%verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/snmp.conf +%attr(0640,root,lp) %{_sysconfdir}/cups/snmp.conf.default +%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/subscriptions.conf +#%%{_sysconfdir}/cups/interfaces +%verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/lpoptions +%dir %attr(0755,root,lp) %{_sysconfdir}/cups/ppd +%dir %attr(0700,root,lp) %{_sysconfdir}/cups/ssl +%config(noreplace) %{_sysconfdir}/pam.d/cups +%config(noreplace) %{_sysconfdir}/logrotate.d/cups +%dir %{_datadir}/%{name}/www +%dir %{_datadir}/%{name}/www/de +%dir %{_datadir}/%{name}/www/es +%dir %{_datadir}/%{name}/www/ja +%dir %{_datadir}/%{name}/www/ru +%{_datadir}/%{name}/www/images +%{_datadir}/%{name}/www/*.css +%doc %{_datadir}/%{name}/www/index.html +%doc %{_datadir}/%{name}/www/help +%doc %{_datadir}/%{name}/www/robots.txt +%doc %{_datadir}/%{name}/www/de/index.html +%doc %{_datadir}/%{name}/www/es/index.html +%doc %{_datadir}/%{name}/www/ja/index.html +%doc %{_datadir}/%{name}/www/ru/index.html +%doc %{_datadir}/%{name}/www/pt_BR/index.html +%doc %{_datadir}/%{name}/www/apple-touch-icon.png +%dir %{_datadir}/%{name}/usb +%{_datadir}/%{name}/usb/org.cups.usb-quirks +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.socket +%{_unitdir}/%{name}.path +%{_bindir}/cupstestppd +%{_bindir}/cupstestdsc +%{_bindir}/ppd* +%{cups_serverbin}/backend/* +%{cups_serverbin}/cgi-bin +%dir %{cups_serverbin}/daemon +%{cups_serverbin}/daemon/cups-deviced +%{cups_serverbin}/daemon/cups-driverd +%{cups_serverbin}/daemon/cups-exec +%{cups_serverbin}/notifier +%{cups_serverbin}/filter/* +%{cups_serverbin}/monitor +%{_mandir}/man[1578]/* +# client subpackage +%exclude %{_mandir}/man1/lp*.1.gz +%exclude %{_mandir}/man1/cancel-cups.1.gz +%exclude %{_mandir}/man8/lpc-cups.8.gz +# devel subpackage +%exclude %{_mandir}/man1/cups-config.1.gz +# ipptool subpackage +%exclude %{_mandir}/man1/ipptool.1.gz +%exclude %{_mandir}/man5/ipptoolfile.5.gz +# lpd subpackage +%exclude %{_mandir}/man8/cups-lpd.8.gz +%{_sbindir}/* +# client subpackage +%exclude %{_sbindir}/lpc.cups +%dir %{_datadir}/cups/templates +%dir %{_datadir}/cups/templates/de +%dir %{_datadir}/cups/templates/es +%dir %{_datadir}/cups/templates/ja +%dir %{_datadir}/cups/templates/ru +%dir %{_datadir}/cups/templates/pt_BR +%{_datadir}/cups/templates/*.tmpl +%{_datadir}/cups/templates/de/*.tmpl +%{_datadir}/cups/templates/fr/*.tmpl +%{_datadir}/cups/templates/es/*.tmpl +%{_datadir}/cups/templates/ja/*.tmpl +%{_datadir}/cups/templates/ru/*.tmpl +%{_datadir}/cups/templates/pt_BR/*.tmpl +%dir %attr(1770,root,lp) %{_localstatedir}/spool/cups/tmp +%dir %attr(0710,root,lp) %{_localstatedir}/spool/cups +%dir %attr(0755,lp,sys) %{_localstatedir}/log/cups +%{_datadir}/pixmaps/cupsprinter.png +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/cups.conf +%{_datadir}/cups/drv/sample.drv +%{_datadir}/cups/examples +%{_datadir}/cups/mime/mime.types +%{_datadir}/cups/mime/mime.convs +%{_datadir}/cups/ppdc/*.defs +%{_datadir}/cups/ppdc/*.h + +%files client +%{_sbindir}/lpc.cups +%{_bindir}/cancel* +%{_bindir}/lp* +%{_mandir}/man1/lp*.1.gz +%{_mandir}/man1/cancel-cups.1.gz +%{_mandir}/man8/lpc-cups.8.gz + +%files libs +%{license} LICENSE.txt +%{_libdir}/libcups.so.2 +%{_libdir}/libcupscgi.so.1 +%{_libdir}/libcupsimage.so.2 +%{_libdir}/libcupsmime.so.1 +%{_libdir}/libcupsppdc.so.1 + +%files filesystem +%dir %{cups_serverbin} +%dir %{cups_serverbin}/backend +%dir %{cups_serverbin}/driver +%dir %{cups_serverbin}/filter +%dir %{_datadir}/cups +#%%dir %%{_datadir}/cups/banners +#%%dir %%{_datadir}/cups/charsets +%dir %{_datadir}/cups/data +%dir %{_datadir}/cups/drv +%dir %{_datadir}/cups/mime +%dir %{_datadir}/cups/model +%dir %{_datadir}/cups/ppdc +%dir %{_datadir}/ppd + +%files devel +%{_bindir}/cups-config +%{_libdir}/*.so +%{_includedir}/cups +%{_mandir}/man1/cups-config.1.gz +%{_rpmconfigdir}/macros.d/macros.cups + +%files lpd +%{_unitdir}/cups-lpd.socket +%{_unitdir}/cups-lpd@.service +%{cups_serverbin}/daemon/cups-lpd +%{_mandir}/man8/cups-lpd.8.gz + +%files ipptool +%{_bindir}/ipptool +%{_bindir}/ippfind +%dir %{_datadir}/cups/ipptool +%{_datadir}/cups/ipptool/* +%{_mandir}/man1/ipptool.1.gz +%{_mandir}/man5/ipptoolfile.5.gz + +%changelog +* Fri Mar 29 2024 MSVSphere Packaging Team - 1:2.2.6-57 +- Rebuilt for MSVSphere 8.10 beta + +* Mon Feb 26 2024 Zdenek Dohnal - 1:2.2.6-57 +- revert RHEL-19200 - no new subpackages are needed + +* Wed Dec 20 2023 Zdenek Dohnal - 1:2.2.6-56 +- RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents +- RHEL-19200 Recommend new cups-filters subpackages with weak dep for better upgrade exp + +* Fri Nov 03 2023 Zdenek Dohnal - 1:2.2.6-55 +- RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" +- RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost + +* Tue Sep 12 2023 Zdenek Dohnal - 1:2.2.6-54 +- RHEL-2612 - cups pulls an unneeded dependency on python3 + +* Tue Aug 29 2023 Zdenek Dohnal - 1:2.2.6-53 +- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation + +* Thu Jun 29 2023 Zdenek Dohnal - 1:2.2.6-52 +- 2217178 - Delays printing to lpd when reserved ports are exhausted +- 2217283 - The command "cancel -x " does not remove job files +- 2217955 - Enlarge backlog queue for listen() in cupsd +- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c +- CVE-2023-32324 cups: heap buffer overflow may lead to DoS + +* Mon Apr 03 2023 Zdenek Dohnal - 1:2.2.6-51 +- RHEL-316 - Enable fmf tests in centos stream + +* Wed Dec 14 2022 Zdenek Dohnal - 1:2.2.6-51 +- 2130391 - Kerberized IPP Printing Fails + +* Fri Jul 01 2022 Richard Lescak - 1:2.2.6-50 +- 1910415 - corrected manpage patch, one lpoptions usage wasn't changed + +* Thu Jun 16 2022 Richard Lescak - 1:2.2.6-49 +- 1910415 - manpage update to acknowledge order dependency of -h option + +* Tue May 31 2022 Zdenek Dohnal - 1:2.2.6-48 +- 2084257 - ErrorPolicy documentation is incorrect + +* Thu May 26 2022 Zdenek Dohnal - 1:2.2.6-47 +- CVE-2022-26691 cups: authorization bypass when using "local" authorization + +* Fri May 13 2022 Zdenek Dohnal - 1:2.2.6-46 +- 2074684 - lp to a remote server takes a long time +- 2074736 - CUPS is too chatty about "Removing document files." in debug mode + +* Fri Apr 08 2022 Zdenek Dohnal - 1:2.2.6-45 +- 2071417 - 30-second delays printing to Windows 2016 server via HTTPS + +* Wed Jan 19 2022 Zdenek Dohnal - 1:2.2.6-44 +- 2015182 - RFE: Implement IdleExitTimeout configuration during build + +* Thu Jan 06 2022 Zdenek Dohnal - 1:2.2.6-43 +- 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere + +* Thu Dec 16 2021 Zdenek Dohnal - 1:2.2.6-42 +- 2013865 - RFE: Implement TimeoutStartSec configuration during build + +* Mon Nov 29 2021 Zdenek Dohnal - 1:2.2.6-42 +- 2015182 - RFE: Implement IdleExitTimeout configuration during build + +* Wed Nov 03 2021 Zdenek Dohnal - 1:2.2.6-41 +- 2006987 - Unauthenticated users can't move print jobs in Web UI +- 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited +- 1726383 - "lpadmin -p -o cupsSNMPSupplies:false" doesn't work +- 1982891 - Printing of banner before PCL file only prints banner +- 2006591 - Trying to restart and hold a job doesn't work +- 1811716 - lpr to non-existent printer reports incorrect error + +* Fri May 14 2021 Zdenek Dohnal - 1:2.2.6-40 +- 1955964 - PreserveJobHistory doesn't work with seconds +- 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8] + +* Wed May 05 2021 Zdenek Dohnal - 1:2.2.6-39 +- 1941437 - cupsd doesn't log job ids when logging into journal +- 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP +- 1938384 - CUPS doesn't start if sssd starts after cupsd + +* Tue May 26 2020 Zdenek Dohnal - 1:2.2.6-38 +- 1775590 - rastertoepson filter crashes with paper size A6 + +* Mon May 25 2020 Zdenek Dohnal - 1:2.2.6-37 +- forgot to enable optimization - 1833516 + +* Fri May 22 2020 Zdenek Dohnal - 1:2.2.6-36 +- 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied) +- 1689207 - Add failover backend +- 1833516 - DirtyCleanInterval ignored if there are open client connections + +* Tue Apr 21 2020 Zdenek Dohnal - 1:2.2.6-35 +- 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c + +* Mon Apr 20 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data' + +* Thu Apr 09 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1784884 - cups.service doesn't execute automatically on request + +* Wed Apr 08 2020 Zdenek Dohnal - 1:2.2.6-34 +- 1822135 - _ppdOpen() leaks 'string' variable + +* Fri Feb 14 2020 Zdenek Dohnal - 1:2.2.6-33 +- fix more memory leaks found by coverity in 1775668 + +* Fri Feb 14 2020 Zdenek Dohnal - 1:2.2.6-32 +- fix covscan issues raised by 1775668 + +* Thu Feb 06 2020 Zdenek Dohnal - 1:2.2.6-31 +- 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created + +* Tue Nov 26 2019 Zdenek Dohnal - 1:2.2.6-30 +- 1774462 - CVE-2019-8675 - buffer overflow in SNMP and IPP, memory disclosure and DoS in scheduler +- 1774463 - CVE-2019-8696 + +* Mon Oct 07 2019 Zdenek Dohnal - 1:2.2.6-29 +- 1700663 - Stop advertising the HTTP methods that are supported + +* Tue Aug 13 2019 Zdenek Dohnal - 1:2.2.6-28 +- 1650233 - cups uses md5 for hashing credentials sent through tls connection + +* Mon Jun 10 2019 Tomas Korbar - 1:2.2.6-27 +- 1677577 - Remove 'View X log' buttons from web ui + +* Fri Jun 07 2019 Tomas Korbar - 1:2.2.6-26 +- 1659998 - cups fails to build if clang is installed + +* Fri Dec 14 2018 Zdenek Dohnal - 1:2.2.6-25 +- 1659486 - cupsd crash on startup in ippCopyAttribute + +* Fri Dec 14 2018 Zdenek Dohnal - 1:2.2.6-24 +- related to 1659111 - fix for previous releases + +* Thu Dec 13 2018 Zdenek Dohnal - 1:2.2.6-23 +- 1659111 - Logs needs to have '-rw------' [regression] + +* Wed Dec 12 2018 Zdenek Dohnal - 1:2.2.6-22 +- 1622431 - Jobs with multiple files don't complete when backend fails +- CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection [rhel-8] + +* Fri Sep 21 2018 Zdenek Dohnal - 1:2.2.6-21 +- 1602469 - fixed covscan issues +- 1625899 - cups 2.2.6 lpr command fails against old cups 1.3.9 server +- 1625913 - ssl options aren't initialized when no SSLOptions directive is set in /etc/cups/client.conf +- 1618009 - Enabling cups.path causes high load when jobs are submitted to CUPS +- 1630805 - Make cups systemd unit files more upstream-like + +* Tue Aug 07 2018 Zdenek Dohnal - 1:2.2.6-20 +- 1613173 - Remove weak SSL/TLS ciphers from CUPS + +* Mon Aug 06 2018 Zdenek Dohnal - 1:2.2.6-19 +- 1612933 - cups doesn't restart after cupsctl command + +* Tue Jul 24 2018 Zdenek Dohnal - 1:2.2.6-18 +- correct license + +* Mon Jul 23 2018 Zdenek Dohnal - 1:2.2.6-17 +- 1607295 - CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cups: various flaws [rhel-8.0] + +* Wed Jun 13 2018 Zdenek Dohnal - 1:2.2.6-16 +- 1590122 - cups-driverd doesn't recognize static gzipped ppds + +* Tue May 29 2018 Zdenek Dohnal - 1:2.2.6-15 +- missing $ in sed + +* Tue Apr 03 2018 Zdenek Dohnal - 1:2.2.6-14 +- substitute default values for invalid job attributes (upstream #5186 and #5229) + +* Thu Mar 29 2018 Pavel Zhukov - 1:2.2.6-13 +- Use dbus fix instead of general attr delete (upstream) + +* Wed Mar 28 2018 Pavel Zhukov - 1:2.2.6-12 +- Fix for CVE-2017-18248 + +* Wed Feb 28 2018 Zdenek Dohnal - 1:2.2.6-11 +- remake of 1499261 + +* Wed Feb 28 2018 Zdenek Dohnal - 1:2.2.6-10 +- mention library names explicitly to warn about soname change + +* Tue Feb 27 2018 Zdenek Dohnal - 1:2.2.6-9 +- 1548120 - cups: Partial injection of Fedora build flags + +* Mon Feb 26 2018 Zdenek Dohnal - 1:2.2.6-8 +- pkgconfig is now shipped in pkgconf-pkg-config package + +* Tue Feb 20 2018 Zdenek Dohnal - 1:2.2.6-7 +- 1499261 - Move log files into journal + +* Mon Feb 19 2018 Zdenek Dohnal - 1:2.2.6-6 +- gcc and gcc-c++ is not in buildroot by default now + +* Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Igor Gnatenko - 1:2.2.6-4 +- Switch to %%ldconfig_scriptlets + +* Sat Jan 20 2018 Björn Esser - 1:2.2.6-3 +- Rebuilt for switch to libxcrypt + +* Fri Jan 12 2018 Zdenek Dohnal - 1:2.2.6-2 +- 1437345 - Remove cups-resolv_reload.patch + +* Fri Nov 03 2017 Zdenek Dohnal - 1:2.2.6-1 +- rebase to 2.2.6 + +* Tue Oct 17 2017 Zdenek Dohnal - 1:2.2.5-1 +- rebase to 2.2.5 + +* Mon Oct 09 2017 Zdenek Dohnal - 1:2.2.4-7 +- removing ghostscript-cups dependency - cups-filters ships it + +* Wed Oct 04 2017 Zdenek Dohnal - 1:2.2.4-6 +- 1498091 - Cannot browse CUPS servers in GNOME Control Panel Printers + +* Mon Oct 02 2017 Zdenek Dohnal - 1:2.2.4-5 +- 1484916 - Can not get destinations from CUPS server + +* Fri Sep 22 2017 Zdenek Dohnal - 1:2.2.4-4 +- 1494558 - CUPS may fail to start if NIS groups are used + +* Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:2.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 30 2017 Zdenek Dohnal - 1:2.2.4-1 +- rebase to 2.2.4 + +* Thu Jun 29 2017 Zdenek Dohnal - 1:2.2.3-6 +- update python dependencies accordingly Fedora Guideline for Python (python-cups -> python3-cups) + +* Thu Apr 27 2017 Zdenek Dohnal - 1:2.2.3-5 +- copying cups-resolv_reload.patch from RHEL + +* Wed Apr 05 2017 Zdenek Dohnal - 1:2.2.3-4 +- fixing issue with #1437065 - makes res_init() call to local resolver and keeps error message, but no hard exit for cupsd + +* Tue Apr 04 2017 Zdenek Dohnal - 1:2.2.3-3 +- disable patch for #1437065 for now until issue with stat is solved + +* Thu Mar 30 2017 Zdenek Dohnal - 1:2.2.3-2 +- 1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart + +* Wed Mar 29 2017 Zdenek Dohnal - 1:2.2.3-1 +- rebase to 2.2.3 + +* Fri Feb 10 2017 Fedora Release Engineering - 1:2.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 19 2017 Zdenek Dohnal - 1:2.2.2-1 +- rebase to 2.2.2 + +* Wed Jan 11 2017 Zdenek Dohnal - 1:2.2.1-4 +- bug 1405669 - adding group wheel to SystemGroup + +* Fri Nov 11 2016 Zdenek Dohnal - 1:2.2.1-3 +- Unable to print from Windows (7) on a Cups-Server(2.2.1-1) with german umlauts in the filename (bug #1386751) + +* Mon Nov 07 2016 Zdenek Dohnal - 1:2.2.1-2 +- #873123 - (cups-usb-quirks) usb printer doesn't print (usblp0: USB Bidirectional printer dev) + +* Tue Oct 04 2016 Zdenek Dohnal - 1:2.2.1-1 +- rebase to 2.2.1 + +* Thu Sep 22 2016 Zdenek Dohnal - 1:2.2.0-2 +- fixing looping in partial failing service (bug #1366775) + +* Thu Sep 15 2016 Jiri Popelka - 1:2.2.0-1 +- 2.2.0 + +* Fri Aug 12 2016 Zdenek Dohnal - 1:2.2-0.4rc1 +- fixing release number + +* Tue Aug 09 2016 Zdenek Dohnal - 1:2.2-0.2rc1 +- rebase to cups-2.2rc1 + +* Wed Aug 03 2016 Zdenek Dohnal - 1:2.2-0.2b2 +- bug 1358589 - added information about syslog means systemd journal by default + +* Mon Jun 27 2016 Zdenek Dohnal - 1:2.2-0.1b2 +- Rebase to 2.2b2, editing patches and spec (no need for /etc/cups/interfaces) + +* Mon Jun 27 2016 Zdenek Dohnal - 1:2.1.4-1 +- substitution BuildRequires: pkgconfig(libsystemd-*) for BuildRequires: pkgconfig(libsystemd) + +* Wed Jun 15 2016 Zdenek Dohnal - 1:2.1.4-1 +- 2.1.4, 1346668 - Change symlink for smb backend to /usr/libexec/samba/cups_backend_smb + +* Mon Feb 08 2016 Jiri Popelka - 1:2.1.3-1 +- 2.1.3 + +* Wed Feb 03 2016 Fedora Release Engineering - 1:2.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 02 2015 Jiri Popelka - 1:2.1.2-1 +- 2.1.2 - interface scripts support is back (until 2.2) + +* Tue Dec 01 2015 Jiri Popelka - 1:2.1.1-1 +- 2.1.1 - interface scripts no longer supported. + +* Mon Nov 02 2015 Jiri Popelka - 1:2.1.0-2 +- Change mode of subscriptions.conf from 644 to 640 (bug #1259770). + +* Tue Sep 01 2015 Jiri Popelka - 1:2.1.0-1 +- 2.1.0 + +* Thu Aug 13 2015 Jiri Popelka - 1:2.1-0.3rc1 +- fix crash in scheduler (#1253135) + +* Mon Aug 10 2015 Jiri Popelka - 1:2.1-0.2rc1 +- better fix for STR#4687 + +* Mon Aug 10 2015 Jiri Popelka - 1:2.1-0.1rc1 +- 2.1rc1 + +* Mon Aug 10 2015 Jiri Popelka - 1:2.0.4-1 +- 2.0.4 + +* Tue Jul 28 2015 Jiri Popelka - 1:2.0.3-5 +- BuildRequires: gnutls-devel -> pkgconfig(gnutls) + +* Tue Jul 07 2015 Jiri Popelka - 1:2.0.3-4 +- RPM_BUILD_ROOT -> %%{buildroot}, put braces around lspp and use_alternatives + +* Thu Jun 25 2015 Tim Waugh - 1:2.0.3-3 +- Fix slow resume of jobs after restart (STR #4646). +- Fix redirection from CGI scripts (bug #1232030, STR #4538). + +* Wed Jun 17 2015 Fedora Release Engineering - 1:2.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 09 2015 Jiri Popelka - 1:2.0.3-1 +- 2.0.3 + +* Sat May 02 2015 Kalev Lember - 1:2.0.2-6 +- Rebuilt for GCC 5 C++11 ABI change + +* Mon Mar 16 2015 Tim Waugh - 1:2.0.2-5 +- Avoid busy loop in cupsd when connection is closed after request + sent (bug #1179596). + +* Mon Feb 16 2015 Jiri Popelka - 1:2.0.2-2 +- Fixed multilib.patch to check for gnutls instead of openssl. + +* Tue Feb 10 2015 Jiri Popelka - 1:2.0.2-1 +- 2.0.2 + +* Tue Jan 27 2015 Tim Waugh - 1:2.0.1-2 +- Fixed systemd notify support (bug #1184453). + +* Sat Nov 15 2014 Jiri Popelka - 1:2.0.1-1 +- 2.0.1 + +* Fri Nov 7 2014 Tim Waugh - 1:2.0.0-12 +- Re-introduce SSLOptions configuration directive, disable SSL3 by + default (STR #4476). +- Enable SSL again via GnuTLS (bug #1161235). + +* Thu Nov 6 2014 Tim Waugh - 1:2.0.0-11 +- Removed openssl requirements from spec file as it is no longer + supported upstream (see bug #1161235). + +* Thu Nov 6 2014 Tim Waugh - 1:2.0.0-10 +- cups-lspp.patch: use cupsdLogJob() when appropriate. +- Fixed some warnings in cups-lspp.patch. +- New systemd journal fields CUPS_DEST and CUPS_PRINTER, as well as + accurate code location fields. + +* Wed Oct 22 2014 Tim Waugh - 1:2.0.0-9 +- Upstream fix for cupsd crash on restart when colord not available +- (STR #4496). + +* Sat Oct 18 2014 Tim Waugh - 1:2.0.0-7 +- Fix for last fix (bug #1153660, bug #1154284). + +* Thu Oct 16 2014 Tim Waugh - 1:2.0.0-6 +- Start cupsd systemd service after network.target (bug #1153660). + +* Wed Oct 15 2014 Tim Waugh - 1:2.0.0-5 +- Fix cupsGetPPD3() so it doesn't give the caller an unreadable file + (bug #1150917, STR #4500). + +* Wed Oct 15 2014 Tim Waugh - 1:2.0.0-4 +- Can no longer reproduce bug #1010580 so removing final-content-type + patch as it causes issues for some backends (bug #1149244). + +* Fri Oct 03 2014 Jiri Popelka - 1:2.0.0-3 +- comment out unnecessary PageLogFormat from cups-files.conf (#1148995) + +* Fri Oct 03 2014 Jiri Popelka - 1:2.0.0-2 +- s/org.cups.cupsd/cups/ cups.service + +* Wed Oct 01 2014 Jiri Popelka - 1:2.0.0-1 +- 2.0.0 + +* Fri Sep 12 2014 Jiri Popelka - 1:2.0-0.1.rc1 +- 2.0rc1 + +* Mon Sep 1 2014 Tim Waugh - 1:1.7.5-7 +- Fix icon display in web interface during server restart (STR #4475). + +* Mon Sep 1 2014 Tim Waugh - 1:1.7.5-6 +- More STR #4461 fixes from upstream. + +* Tue Aug 26 2014 Tim Waugh - 1:1.7.5-5 +- Use upstream patch for STR #4461. + +* Wed Aug 20 2014 Tim Waugh - 1:1.7.5-4 +- Removed old one-off trigger now it's no longer needed. +- Run systemd postun script for path and socket unit files as well as + the main service unit file. +- Upstream patch for STR #4396, pre-requisite for STR #2913 patch. +- Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs + (bug #421671). + +* Sat Aug 16 2014 Fedora Release Engineering - 1:1.7.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 11 2014 Tim Waugh - 1:1.7.5-2 +- Fix conf/log file reading for authenticated users (STR #4461). + +* Fri Aug 01 2014 Jiri Popelka - 1:1.7.5-1 +- 1.7.5 + +* Wed Jul 23 2014 Jiri Popelka - 1:1.7.4-3 +- CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601) + +* Wed Jul 23 2014 Tim Waugh - 1:1.7.4-2 +- Fix CGI handling (STR #4454). + +* Mon Jul 14 2014 Jiri Popelka - 1:1.7.4-1 +- 1.7.4: CVE-2014-3537 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:1.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Jiri Popelka - 1:1.7.3-1 +- 1.7.3 +- str4386.patch merged upstream in STR #4403 + +* Fri May 9 2014 Tim Waugh - 1:1.7.2-3 +- Another attempt at avoiding race condition when sending IPP requests + (STR #4386, bug #1072952). + +* Thu Apr 17 2014 Jiri Popelka - 1:1.7.2-2 +- Make cups.service Type=notify (bug #1088918). + +* Mon Apr 14 2014 Jiri Popelka - 1:1.7.2-1 +- 1.7.2 + +* Fri Apr 4 2014 Tim Waugh - 1:1.7.1-11 +- Log to the system journal by default (bug #1078781). + +* Thu Apr 3 2014 Tim Waugh - 1:1.7.1-10 +- libcups: avoid race condition when sending IPP requests (STR #4386, + bug #1072952). + +* Wed Apr 02 2014 Jiri Popelka - 1:1.7.1-9 +- New client subpackage containing command line client tools (bug #1002342). +- Removed unneeded Group tags. +- Removed 'Requires: /sbin/chkconfig'. +- Moved 'Provides: lpd' to lpd subpackage. + +* Tue Mar 18 2014 Tim Waugh - 1:1.7.1-8 +- Removed patch for STR #4386 as it does not work and causes problems + instead (bug #1077239). + +* Mon Mar 10 2014 Jiri Popelka - 1:1.7.1-7 +- BuildRequires: pkgconfig(foo) instead of foo-devel + +* Thu Mar 6 2014 Tim Waugh - 1:1.7.1-6 +- Track local default in cupsEnumDests() (STR #4332). +- libcups: avoid race condition when sending IPP requests (STR #4386). +- Prevent feedback loop when fetching error_log over HTTP (STR #4366). + +* Wed Mar 5 2014 Tim Waugh - 1:1.7.1-5 +- Fix for cupsEnumDest() 'removed' callbacks (bug #1054312, STR #4380). + +* Mon Feb 17 2014 Tim Waugh - 1:1.7.1-4 +- Document 'journal' logging target. + +* Tue Feb 11 2014 Tim Waugh - 1:1.7.1-3 +- Prevent dnssd backend exiting too early (bug #1026940, STR #4365). + +* Mon Feb 03 2014 Jiri Popelka - 1:1.7.1-2 +- move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d + +* Wed Jan 08 2014 Jiri Popelka - 1:1.7.1-1 +- 1.7.1 + +* Wed Jan 8 2014 Tim Waugh - 1:1.7.0-11 +- Apply upstream patch to improve cupsUser() (STR #4327). + +* Tue Jan 7 2014 Tim Waugh - 1:1.7.0-10 +- Removed cups-dbus-utf8.patch as no longer needed (see STR #4314). +- Return jobs in rank order when handling IPP-Get-Jobs (STR #4326). + +* Thu Jan 2 2014 Tim Waugh - 1:1.7.0-9 +- dbus notifier: call _exit when handling SIGTERM (STR #4314). +- Use '-f' when using rm in %%setup section. +- Fixed avahi-no-threaded patch so it removes a call to + avahi_threaded_poll_stop() (bug #1044602). + +* Fri Dec 13 2013 Tim Waugh - 1:1.7.0-8 +- Use string literal for format string in sd_journal_print call. + +* Thu Nov 28 2013 Tim Waugh - 1:1.7.0-7 +- Prevent USB timeouts causing incorrect print output (bug #1026914). + +* Thu Nov 14 2013 Tim Waugh - 1:1.7.0-6 +- Avoid stale lockfile in dbus notifier (bug #1026949). + +* Thu Nov 7 2013 Tim Waugh - 1:1.7.0-5 +- Use upstream patch for stringpool corruption issue (bug #974048). + +* Mon Nov 4 2013 Tim Waugh - 1:1.7.0-4 +- Adjusted commented out default for SyncOnClose in cups-files.conf. + +* Thu Oct 31 2013 Tim Waugh - 1:1.7.0-3 +- Set the default for SyncOnClose to Yes. + +* Mon Oct 28 2013 Tim Waugh - 1:1.7.0-2 +- Use upstream patch to fix job history. + +* Thu Oct 24 2013 Tim Waugh - 1:1.7.0-1 +- 1.7.0. + +* Thu Oct 24 2013 Tim Waugh +- Fix job history logging. + +* Mon Oct 21 2013 Tim Waugh - 1:1.7-0.27.rc1 +- Allow "journal" log type for log output to system journal. + +* Fri Sep 27 2013 Tim Waugh - 1:1.7-0.26.rc1 +- Reverted upstream change to FINAL_CONTENT_TYPE in order to fix + printing to remote CUPS servers (bug #1010580). + +* Wed Aug 21 2013 Jaromír Končický +- Add SyncOnClose option (bug #984883). + +* Fri Aug 16 2013 Tim Waugh - 1:1.7-0.25.rc1 +- Increase web interface get-devices timeout to 10s (bug #996664). + +* Thu Aug 15 2013 Tim Waugh - 1:1.7-0.24.rc1 +- Build with full read-only relocations (bug #996740). + +* Tue Aug 6 2013 Tim Waugh - 1:1.7-0.23.rc1 +- Fixes for jobs with multiple files and multiple formats. + +* Sat Aug 03 2013 Fedora Release Engineering - 1:1.7-0.22.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Tim Waugh - 1:1.7-0.21.rc1 +- Fixed cups-config, broken by last change (bug #987660). + +* Mon Jul 22 2013 Tim Waugh - 1:1.7-0.20.rc1 +- Removed stale comment in spec file. +- Link against OpenSSL instead of GnuTLS. + +* Mon Jul 22 2013 Tim Waugh - 1:1.7-0.19.rc1 +- Fixed avahi-no-threaded patch (was missing part of cupsd.h). Thanks + to Joseph Wang for spotting it. + +* Thu Jul 18 2013 Tim Waugh - 1:1.7-0.18.rc1 +- Fixed downoad URL to point to the actual source, not a download + page. + +* Fri Jul 12 2013 Jiri Popelka - 1:1.7-0.17.rc1 +- 1.7rc1 + +* Thu Jul 11 2013 Tim Waugh 1:1.7-0.16.b1 +- Avoid sign-extending CRCs for gz decompression (bug #983486). + +* Wed Jul 10 2013 Tim Waugh 1:1.7-0.15.b1 +- Fixed download URL. + +* Wed Jul 10 2013 Jiri Popelka - 1:1.7-0.14.b1 +- Remove pstops cost factor tweak from conf/mime.convs.in + +* Mon Jul 1 2013 Tim Waugh 1:1.7-0.13.b1 +- Don't use D-Bus from two threads (bug #979748). + +* Fri Jun 28 2013 Tim Waugh 1:1.7-0.12.b1 +- Fix for DNSSD name resolution. + +* Wed Jun 26 2013 Tim Waugh 1:1.7-0.11.b1 +- Default to IPP/1.1 for now (bug #977813). + +* Tue Jun 25 2013 Tim Waugh 1:1.7-0.10.b1 +- Added libusb quirk for Canon PIXMA MP540 (bug #967873). + +* Mon Jun 24 2013 Tim Waugh 1:1.7-0.9.b1 +- Don't link against libgcrypt needlessly. + +* Thu Jun 20 2013 Jiri Popelka - 1:1.7-0.8.b1 +- Remove scriptlet for migrating to a systemd unit from a SysV initscript + +* Thu Jun 20 2013 Tim Waugh 1:1.7-0.7.b1 +- Use IP_FREEBIND socket option when binding listening sockets (bug #970809). + +* Tue Jun 18 2013 Tim Waugh 1:1.7-0.6.b1 +- Added IEEE 1284 Device ID for a Dymo device (bug #747866). + +* Thu Jun 13 2013 Tim Waugh 1:1.7-0.5.b1 +- Prevent stringpool damage leading to memory leaks (bug #974048). + +* Tue Jun 4 2013 Tim Waugh - 1:1.7-0.4.b1 +- Return from cupsEnumDests() once all records have been returned. + +* Thu May 23 2013 Jiri Popelka +- don't ship Russian web templates because they're broken (#960571, STR #4310) + +* Wed May 15 2013 Jiri Popelka - 1:1.7-0.3.b1 +- move cups/ppdc/ to filesystem subpackage + +* Mon Apr 29 2013 Jiri Popelka - 1:1.7-0.2.b1 +- Do not apply unary exclamation mark to va_list (bug #957737). + +* Fri Apr 19 2013 Jiri Popelka - 1:1.7-0.1.b1 +- 1.7b1 +- use _tmpfilesdir macro + +* Wed Apr 10 2013 Tim Waugh +- cups-dbus-utf.patch: now that the scheduler only accepts valid UTF-8 + strings for job-name, there's no need to validate it as UTF-8 in the + dbus notifier. + +* Thu Apr 4 2013 Tim Waugh 1:1.6.2-4 +- Use IP address when resolving DNSSD URIs (bug #948288). + +* Thu Mar 28 2013 Tim Waugh 1:1.6.2-3 +- Check for cupsd.conf existence prior to grepping it (bug #928816). + +* Tue Mar 19 2013 Jiri Popelka - 1:1.6.2-2 +- revert previous bug #919489 fix (i.e we don't ship banners now) + +* Mon Mar 18 2013 Jiri Popelka - 1:1.6.2-1 +- 1.6.2 + +* Wed Mar 13 2013 Jiri Popelka - 1:1.6.1-26 +- ship banners again (#919489) + +* Tue Mar 5 2013 Tim Waugh 1:1.6.1-25 +- Talk about systemd in cups-lpd manpage (part of bug #884641). + +* Tue Mar 5 2013 Tim Waugh 1:1.6.1-24 +- Documentation fixes from STR #4223 (bug #915981). + +* Wed Feb 27 2013 Jiri Popelka - 1:1.6.1-23 +- Removed obsolete browsing directives from cupsd.conf (bug #880826, STR #4157). +- Updated summary and descriptions (#882982). +- Fixed bogus dates in changelog. + +* Fri Feb 15 2013 Tim Waugh 1:1.6.1-22 +- Applied colorman fix from STR #4232 and STR #4276. + +* Wed Feb 13 2013 Fedora Release Engineering - 1:1.6.1-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 18 2013 Jiri Popelka 1:1.6.1-20 +- Add quirk rule for Canon MP210 (#847923). + +* Mon Jan 14 2013 Jiri Popelka 1:1.6.1-19 +- Fix unowned directories (#894531). + +* Thu Jan 10 2013 Jiri Popelka 1:1.6.1-18 +- Clean /var/spool/cups/tmp with tmpfiles.d instead of tmpwatch&cron (#893834). + +* Wed Dec 19 2012 Jiri Popelka 1:1.6.1-17 +- Migrate cups-lpd from xinetd to systemd socket activatable service (#884641). +- Clean up old Requires/Conflicts/Obsoletes/Provides. + +* Thu Dec 6 2012 Tim Waugh 1:1.6.1-16 +- Additional fix relating to CVE-2012-5519 to avoid misleading error + message about actions to take to enable file device URIs. + +* Tue Dec 4 2012 Tim Waugh 1:1.6.1-15 +- Small error handling improvements in the configuration migration + script. + +* Mon Dec 3 2012 Jiri Popelka 1:1.6.1-14 +- move ipptoolfile(5) to ipptool subpackage + +* Mon Dec 3 2012 Tim Waugh 1:1.6.1-13 +- Applied additional upstream patch for CVE-2012-5519 so that the + RemoteRoot keyword is recognised in the correct configuration file. + +* Wed Nov 28 2012 Tim Waugh 1:1.6.1-12 +- Fixed paths in config migration %%post script. +- Set default cups-files.conf filename. + +* Mon Nov 26 2012 Tim Waugh 1:1.6.1-11 +- Apply upstream fix for CVE-2012-5519 (STR #4223, bug #875898). + Migrate configuration keywords as needed. + +* Mon Nov 19 2012 Tim Waugh 1:1.6.1-10 +- Re-enable the web interface as it is required for adjusting server + settings (bug #878090). + +* Tue Nov 6 2012 Tim Waugh 1:1.6.1-9 +- Disable the web interface by default (bug #864522). + +* Tue Oct 30 2012 Tim Waugh 1:1.6.1-8 +- Ensure attributes are valid UTF-8 in dbus notifier (bug #863387). + +* Mon Oct 29 2012 Tim Waugh 1:1.6.1-7 +- Removed broken cups-get-classes patch (bug #870612). + +* Mon Oct 22 2012 Jiri Popelka 1:1.6.1-6 +- Add quirk rule for Xerox Phaser 3124 (#867392) +- backport more quirk rules (STR #4191) + +* Thu Sep 20 2012 Tim Waugh 1:1.6.1-5 +- The cups-libs subpackage contains code distributed under the zlib + license (md5.c). + +* Thu Aug 23 2012 Jiri Popelka 1:1.6.1-4 +- quirk handler for port reset done by new USB backend (bug #847923, STR #4155) + +* Mon Aug 13 2012 Jiri Popelka 1:1.6.1-3 +- fixed usage of parametrized systemd macros (#847405) + +* Wed Aug 08 2012 Jiri Popelka 1:1.6.1-2 +- Requires: cups-filters + +* Wed Aug 08 2012 Jiri Popelka 1:1.6.1-1 +- 1.6.1 + - simplified systemd.patch due to removed CUPS Browsing protocol (STR #3922) + - removed: + textonly filter - moved to cups-filters + pstopdf filter - cups-filters also has pstopdf (different) + PHP module - moved to cups-filters (STR #3932) + serial.patch - moved to cups-filters + getpass.patch - r10140 removed the getpass() use + snmp-quirks.patch - fixed upstream (r10493) + avahi patches - merged upstream (STR #3066) + icc.patch - merged upstream (STR #3808) + - TODO: + - do we need cups-build.patch ? +- added filesystem sub-package (#624695) +- use macroized systemd scriptlets + +* Thu Jul 26 2012 Jiri Popelka 1:1.5.4-1 +- 1.5.4 + +* Tue Jul 24 2012 Tim Waugh 1:1.5.3-5 +- Don't enable IP-based systemd socket activation by default (bug #842365). + +* Wed Jul 18 2012 Fedora Release Engineering - 1:1.5.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jun 05 2012 Jiri Popelka 1:1.5.3-3 +- Require systemd instead of udev. + +* Mon May 28 2012 Jiri Popelka 1:1.5.3-2 +- Buildrequire libusb1 (STR #3477) + +* Tue May 15 2012 Jiri Popelka 1:1.5.3-1 +- 1.5.3 + +* Wed May 09 2012 Jiri Popelka 1:1.5.2-13 +- Add triggers for samba4-client. (#817110) +- No need to define BuildRoot and clean it in clean and install section anymore. +- %%defattr no longer needed in %%files sections. + +* Tue Apr 17 2012 Jiri Popelka 1:1.5.2-12 +- Install /usr/lib/tmpfiles.d/cups-lp.conf to support /dev/lp* devices (#812641) +- Move /etc/tmpfiles.d/cups.conf to /usr/lib/tmpfiles.d/ (#812641) + +* Tue Apr 17 2012 Jiri Popelka 1:1.5.2-11 +- The IPP backend did not always setup username/password authentication + for printers (bug #810007, STR #3985) +- Detect authentication errors for all requests. + (bug #810007, upstream commit revision10277) + +* Thu Mar 29 2012 Tim Waugh 1:1.5.2-10 +- Removed private-shared-object-provides filter lines as they are not + necessary (see bug #807767 comment #3). + +* Thu Mar 29 2012 Mamoru Tasaka - 1:1.5.2-9 +- Rebuild against fixed rpm (bug #807767) + +* Wed Mar 28 2012 Tim Waugh 1:1.5.2-8 +- Avoid systemd PrivateTmp bug by explicitly requiring the fixed + version of systemd (bug #807672). + +* Fri Mar 16 2012 Tim Waugh 1:1.5.2-7 +- Removed debugging messages from systemd-socket patch. + +* Wed Mar 14 2012 Tim Waugh 1:1.5.2-6 +- Pulled in bugfixes from Avahi patches on fedorapeople.org. + +* Tue Feb 28 2012 Jiri Popelka 1:1.5.2-5 +- If the translated message is empty return the original message + (bug #797570, STR #4033). + +* Thu Feb 23 2012 Tim Waugh 1:1.5.2-4 +- cups-polld: restart polling on error (bug #769292, STR #4031). + +* Thu Feb 16 2012 Tim Waugh 1:1.5.2-3 +- Removed hard requirement on colord as it is optional. + +* Wed Feb 15 2012 Tim Waugh 1:1.5.2-2 +- Synthesize notify-printer-uri for job-completed events where the job + never started processing (bug #784786, STR #4014). +- Removed banners from LSPP patch on Dan Walsh's advice. + +* Mon Feb 06 2012 Jiri Popelka 1:1.5.2-1 +- 1.5.2 +- Updated FSF address in pstopdf and textonly filters + +* Wed Jan 18 2012 Remi Collet 1:1.5.0-28 +- build against php 5.4.0, patch for STR #3999 +- add filter to fix private-shared-object-provides +- add %%check for php extension + +* Tue Jan 17 2012 Tim Waugh 1:1.5.0-27 +- Use PrivateTmp=true in the service file (bug #782495). + +* Tue Jan 17 2012 Tim Waugh 1:1.5.0-26 +- Replace newline characters with spaces in reported Device IDs + (bug #782129, STR #4005). +- Don't accept Device URIs of '\0' from SNMP devices + (bug #770646, STR #4004). + +* Fri Jan 13 2012 Fedora Release Engineering - 1:1.5.0-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 21 2011 Tim Waugh 1:1.5.0-24 +- Fixed textonly filter to work with single copies (bug #738412). + +* Fri Dec 9 2011 Tim Waugh 1:1.5.0-23 +- Detangle cups-serverbin-compat.patch from cups-lspp.patch. +- Bind to datagram socket as well in systemd cups.socket unit file, to + prevent that port being stolen by another service (bug #760070). + +* Fri Nov 11 2011 Tim Waugh 1:1.5.0-22 +- Fixed trigger (bug #748841). + +* Wed Nov 9 2011 Tim Waugh 1:1.5.0-21 +- Set correct systemd service default on upgrade, once updates are + applied (bug #748841). + +* Fri Nov 4 2011 Tim Waugh 1:1.5.0-20 +- Set the correct PostScript command filter for e.g. foomatic queues + (STR #3973). + +* Mon Oct 31 2011 Tim Waugh 1:1.5.0-19 +- Set correct systemd service default on upgrade (bug #748841). + +* Wed Oct 19 2011 Tim Waugh 1:1.5.0-18 +- Make sure to guard against retrying the Avahi connection whilst + already doing so (Ubuntu #877967). + +* Tue Oct 18 2011 Tim Waugh 1:1.5.0-17 +- Use libsystemd-daemon instead of bundling sd-daemon.c. + +* Tue Oct 11 2011 Tim Waugh 1:1.5.0-16 +- Use upstream fix for driverd issue (bug #742989). +- Array handling fixes for DNSSDPrinters. +- Array handling fixes for Avahi poll implementation. +- Increase client blocking timeout from 30s to 70s (bug #744715). +- Set BindIPv6Only=ipv6-only in systemd socket unit file as better fix + for bug #737230. + +* Fri Oct 7 2011 Tim Waugh 1:1.5.0-15 +- Fixed Timeouts array comparison function (Ubuntu #860691). + +* Wed Oct 5 2011 Tim Waugh 1:1.5.0-14 +- Handle "localhost" resolving to 127.0.0.1 on IPv6-addressed systems + (bug #737230). + +* Tue Oct 4 2011 Tim Waugh 1:1.5.0-13 +- Work around PPDs cache handling issue (bug #742989). + +* Tue Oct 4 2011 Tim Waugh 1:1.5.0-12 +- More fixes for systemd socket activation: + - relax permissions check for domain socket in libcups. + - initialise addrlen before calling getsockname(). + +* Mon Oct 03 2011 Richard Hughes 1:1.5.0-11 +- Updated colord patch with fixes to DeleteDevice. +- Resolves https://bugzilla.redhat.com/show_bug.cgi?id=741697 + +* Wed Sep 28 2011 Tim Waugh 1:1.5.0-10 +- Fixed string manipulation in the dbus notifier (STR #3947, bug #741833). + +* Thu Sep 22 2011 Tim Waugh 1:1.5.0-9 +- Fixed systemd socket activation support (bug #738709, bug #738710). + +* Wed Sep 14 2011 Tim Waugh 1:1.5.0-8 +- Prevent libcups crash in cups-get-classes patch (bug #736698). + +* Thu Sep 1 2011 Tim Waugh 1:1.5.0-7 +- Use PathExistsGlob instead of DirectoryNotEmpty in cups.path + (bug #734435). + +* Fri Aug 19 2011 Tim Waugh 1:1.5.0-6 +- Tighten explicit libs sub-package requirement so that it includes + the correct architecture as well (bug #731421 comment #8). + +* Fri Aug 19 2011 Tim Waugh 1:1.5.0-5 +- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800). + +* Wed Aug 17 2011 Tim Waugh 1:1.5.0-4 +- Enable systemd units by default (bug #731421). + +* Mon Aug 8 2011 Tim Waugh 1:1.5.0-3 +- Updated avahi support to register sub-types. + +* Fri Aug 5 2011 Tim Waugh 1:1.5.0-2 +- Ported avahi support from 1.4. + +* Tue Jul 26 2011 Jiri Popelka 1:1.5.0-1 +- 1.5.0 + +* Wed Jul 20 2011 Tim Waugh 1:1.5-0.16.rc1 +- Don't delete job data files when restarted (STR #3880). + +* Fri Jul 15 2011 Tim Waugh 1:1.5-0.15.rc1 +- Ship an rpm macro for where to put driver executables. + +* Thu Jul 7 2011 Tim Waugh 1:1.5-0.14.rc1 +- Undo last change which had no effect. We already remove the .SILENT + target from the Makefile as part of the build. + +* Thu Jul 7 2011 Tim Waugh 1:1.5-0.13.rc1 +- Make build log verbose enough to include compiler flags used. + +* Tue Jul 5 2011 Tim Waugh 1:1.5-0.12.rc1 +- Removed udev rules file as it is no longer necessary. + +* Tue Jul 5 2011 Tim Waugh 1:1.5-0.11.rc1 +- Add support for systemd socket activation (patch from Lennart + Poettering). + +* Wed Jun 29 2011 Tim Waugh 1:1.5-0.10.rc1 +- Don't use portreserve any more. Better approach is to use systemd + socket activation (not yet done). + +* Wed Jun 29 2011 Tim Waugh 1:1.5-0.9.rc1 +- Ship systemd service unit instead of SysV initscript (bug #690766). + +* Wed Jun 29 2011 Tim Waugh 1:1.5-0.8.rc1 +- Tag localization files correctly (bug #716421). + +* Wed Jun 15 2011 Jiri Popelka 1:1.5-0.7.rc1 +- 1.5rc1 + +* Sat Jun 04 2011 Richard Hughes 1:1.5-0.6.b2 +- Updated colord patch with fixes from Tim Waugh. + +* Tue May 31 2011 Jiri Popelka 1:1.5-0.5.b2 +- enable LSPP support again + +* Tue May 31 2011 Richard Hughes 1:1.5-0.4.b2 +- Updated colord patch against 1.5 upstream and fixes from Tim Waugh. + +* Tue May 31 2011 Jiri Popelka 1:1.5-0.3.b2 +- fix lspp.patch to not include "config.h" in cups/cups.h (#709384) + +* Thu May 26 2011 Jiri Popelka 1:1.5-0.2.b2 +- 1.5b2 + +* Tue May 24 2011 Jiri Popelka 1:1.5-0.1.b1 +- 1.5b1 + - removed cups-texttops-rotate-page.patch (#572338 is CANTFIX) + - removed cups-page-label.patch (#520141 seems to be CANTFIX) + +* Wed May 18 2011 Tim Waugh 1:1.4.6-17 +- Package parallel port printer device nodes (bug #678804). + +* Tue May 17 2011 Richard Hughes 1:1.4.6-16 +- Updated colord patch from upstream review. + +* Fri Mar 25 2011 Jiri Popelka 1:1.4.6-15 +- Polished patches according to results from static analysis of code (bug #690130). + +* Thu Mar 10 2011 Tim Waugh 1:1.4.6-14 +- Fixed some typos in colord patch. +- LSPP: only warn when unable to get printer context. + +* Mon Mar 07 2011 Richard Hughes 1:1.4.6-13 +- Updated colord patch. + +* Fri Feb 25 2011 Tim Waugh 1:1.4.6-12 +- Fixed build failure due to php_zend_api macro type. + +* Fri Feb 25 2011 Tim Waugh 1:1.4.6-11 +- Fixed dbus notifier support for job-state-changed. + +* Thu Feb 10 2011 Jiri Popelka 1:1.4.6-10 +- Remove testing cups-usb-buffer-size.patch (bug #661814). + +* Tue Feb 08 2011 Fedora Release Engineering - 1:1.4.6-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Jiri Popelka 1:1.4.6-8 +- Use Till's patch to fix USB-Parallel adapter cable problem (bug #624564). + +* Tue Jan 25 2011 Tim Waugh 1:1.4.6-7 +- Some fixes for the AvahiClient callback (bug #672143). + +* Tue Jan 18 2011 Tim Waugh 1:1.4.6-6 +- Don't use --enable-pie configure option as it has been removed and + is now assumed. See STR #3691. + +* Fri Jan 14 2011 Tim Waugh 1:1.4.6-5 +- ICC colord support. + +* Wed Jan 12 2011 Tim Waugh 1:1.4.6-4 +- Properly separated serverbin-compat and lspp patches. +- Updated ICC patch (still not yet applied). + +* Tue Jan 11 2011 Tim Waugh 1:1.4.6-3 +- Build requires automake for avahi support. + +* Mon Jan 10 2011 Tim Waugh 1:1.4.6-2 +- Use a smaller buffer when writing to USB devices (bug #661814). +- Handle EAI_NONAME when resolving hostnames (bug #617208). + +* Fri Jan 07 2011 Jiri Popelka 1:1.4.6-1 +- 1.4.6. + +* Fri Dec 31 2010 Tim Waugh 1:1.4.5-10 +- Some Avahi support fixes from Till Kamppeter. + +* Fri Dec 24 2010 Tim Waugh 1:1.4.5-9 +- Native Avahi support for announcing printers on the network. + +* Wed Dec 22 2010 Tim Waugh 1:1.4.5-8 +- Don't crash when job queued for browsed printer that times out + (bug #660604). + +* Mon Dec 13 2010 Jiri Popelka 1:1.4.5-7 +- Call avc_init() only once to not leak file descriptors (bug #654075). + +* Thu Dec 9 2010 Tim Waugh 1:1.4.5-6 +- The cups-config man page has been moved to the devel sub-package. +- The php sub-package now explicitly requires the libs package with + the same version and release (bug #646814). + +* Tue Dec 7 2010 Tim Waugh 1:1.4.5-5 +- Fixed character encoding in CREDITS.txt. +- Mark D-Bus configuration file as config file. +- Don't mark MIME types and convs files as config files. Overrides + can be placed as new *.types/*.convs files in /etc/cups. +- Don't mark banners as config files. Better is to provide new + banners. +- Don't mark templates and www files as config files. A better way to + provide local overrides is to use a different ServerRoot setting. + Note that a recent security fix required changed to template files. +- Provide versioned LPRng symbol for rpmlint. + +* Mon Dec 6 2010 Tim Waugh +- /usr/sbin/cupsd should be mode 0755 (bug #546004). + +* Fri Dec 03 2010 Jiri Popelka 1:1.4.5-4 +- Changed subsystem lock file name in initscript + so the service is correctly stopped on reboot or halt (bug #659391). + +* Fri Nov 26 2010 Jiri Popelka 1:1.4.5-3 +- BuildRequires python-cups instead of pycups. + +* Fri Nov 26 2010 Jiri Popelka 1:1.4.5-2 +- Added /etc/tmpfiles.d/cups.conf to enable /var/run/cups directory on tmpfs (#656566). + +* Fri Nov 12 2010 Jiri Popelka 1:1.4.5-1 +- 1.4.5. +- No longer need CVE-2010-2941, str3608 + +* Thu Nov 11 2010 Tim Waugh 1:1.4.4-12 +- Applied patch to fix cupsd memory corruption vulnerability + (CVE-2010-2941, bug #652161). +- Don't crash when MIME database could not be loaded (bug #610088). + +* Wed Sep 29 2010 jkeating - 1:1.4.4-11 +- Rebuilt for gcc bug 634757 + +* Fri Sep 17 2010 Tim Waugh 1:1.4.4-10 +- Perform locking for gnutls and avoid libgcrypt's broken + locking (bug #607159). +- Build with --enable-threads again (bug #607159). +- Force the use of gnutls despite thread-safety concerns (bug #607159). + +* Wed Sep 15 2010 Tim Waugh +- Fixed serverbin-compat patch to avoid misleading "filter not + available" messages (bug #633779). + +* Mon Aug 23 2010 Tim Waugh +- Fixed SNMP quirks parsing. + +* Fri Aug 20 2010 Tim Waugh 1:1.4.4-9 +- Use better upstream fix for STR #3608 (bug #606909). + +* Fri Aug 13 2010 Tim Waugh 1:1.4.4-8 +- Specify udevadm trigger action in initscript (bug #623959). + +* Tue Aug 3 2010 Tim Waugh +- Merged F-12 change: + - Use numeric addresses for interfaces unless HostNameLookups are + turned on (bug #583054). + +* Tue Jul 13 2010 Jiri Popelka 1:1.4.4-7 +- Added restartlog to initscript usage output (bug #612996). + +* Mon Jul 12 2010 Jiri Popelka 1:1.4.4-6 +- Moved LICENSE.txt to libs sub-package. + +* Mon Jun 28 2010 Tim Waugh 1:1.4.4-5 +- Avoid empty notify-subscribed-event attributes (bug #606909, + STR #3608). + +* Thu Jun 24 2010 Tim Waugh 1:1.4.4-4 +- Use gnutls again but disable threading (bug #607159). + +* Tue Jun 22 2010 Tim Waugh 1:1.4.4-3 +- Rebuilt to keep correct package n-v-r ordering between releases. + +* Fri Jun 18 2010 Tim Waugh 1:1.4.4-2 +- Re-enabled SSL support by using OpenSSL instead of gnutls. + +* Fri Jun 18 2010 Tim Waugh 1:1.4.4-1 +- 1.4.4. Fixes several security vulnerabilities (bug #605399): + CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503, + str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches. + +* Thu Jun 10 2010 Tim Waugh +- Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in + descriptions for lpd and php sub-packages. + +* Wed Jun 9 2010 Tim Waugh 1:1.4.3-11 +- Use upstream method of handling SNMP quirks in PPDs (STR #3551, + bug #581825). + +* Tue Jun 01 2010 Jiri Popelka 1:1.4.3-10 +- Added back still useful str3425.patch. + Second part of STR #3425 is still not fixed in 1.4.3 + +* Tue May 18 2010 Tim Waugh 1:1.4.3-9 +- Adjust texttops output to be in natural orientation (STR #3563). + This fixes page-label orientation when texttops is used in the + filter chain (bug #572338). + +* Thu May 13 2010 Tim Waugh 1:1.4.3-8 +- Fixed Ricoh Device ID OID (STR #3552). + +* Tue May 11 2010 Tim Waugh 1:1.4.3-7 +- Add an SNMP query for Ricoh's device ID OID (STR #3552). + +* Fri Apr 16 2010 Tim Waugh 1:1.4.3-6 +- Mark DNS-SD Device IDs that have been guessed at with "FZY:1;". + +* Fri Apr 16 2010 Jiri Popelka 1:1.4.3-5 +- Fixed str3541.patch + +* Tue Apr 13 2010 Tim Waugh 1:1.4.3-4 +- Add an SNMP query for HP's device ID OID (STR #3552). + +* Tue Apr 13 2010 Tim Waugh 1:1.4.3-3 +- Handle SNMP supply level quirks (bug #581825). + +* Wed Mar 31 2010 Tim Waugh 1:1.4.3-2 +- Another BrowsePoll fix: handle EAI_NODATA as well (bug #567353). + +* Wed Mar 31 2010 Jiri Popelka 1:1.4.3-1 +- 1.4.3. +- No longer need CVE-2009-3553, str3381, str3390, str3391, + str3403, str3407, str3413, str3418, str3422, str3425, + str3428, str3431, str3435, str3436, str3439, str3440, + str3442, str3448, str3458, str3460, cups-sidechannel-intrs, + negative-snmp-string-length, cups-media-empty-warning patches. + +* Tue Mar 30 2010 Jiri Popelka 1:1.4.2-36 +- Fixed lpstat to adhere to -o option (bug #577901, STR #3541). + +* Wed Mar 10 2010 Jiri Popelka 1:1.4.2-35 +- Fixed (for the third time) patch for STR #3425 to correctly + remove job info files in /var/spool/cups (bug #571830). + +* Fri Mar 5 2010 Tim Waugh - 1:1.4.2-34 +- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, + bug #557775). +- Added comments for all sources and patches. + +* Tue Mar 2 2010 Tim Waugh - 1:1.4.2-33 +- Don't own filesystem locale directories (bug #569403). +- Don't apply gcrypt threading patch (bug #553834). +- Don't treat SIGPIPE as an error (bug #569770). + +* Wed Feb 24 2010 Jiri Popelka 1:1.4.2-32 +- Fixed cupsGetNamedDest() so it falls back to the real default + printer when a default from configuration file does not exist (bug #565569, STR #3503). + +* Tue Feb 23 2010 Tim Waugh - 1:1.4.2-31 +- Update classes.conf when a class member printer is deleted + (bug #565878, STR #3505). + +* Tue Feb 23 2010 Tim Waugh - 1:1.4.2-30 +- Re-initialize the resolver if getnameinfo() returns EAI_AGAIN + (bug #567353). + +* Mon Feb 15 2010 Jiri Popelka 1:1.4.2-29 +- Improve cups-gnutls-gcrypt-threads.patch (#564841, STR #3461). + +* Thu Feb 4 2010 Tim Waugh - 1:1.4.2-28 +- Rebuild for postscriptdriver tags. + +* Fri Jan 22 2010 Tim Waugh - 1:1.4.2-27 +- Make sure we have some filters for converting to raster format. + +* Fri Jan 15 2010 Tim Waugh - 1:1.4.2-26 +- Reset status after successful ipp job (bug #548219, STR #3460). + +* Thu Jan 14 2010 Tim Waugh - 1:1.4.2-24 +- Install udev rules in correct place (bug #530378). +- Don't mark initscript as config file. + +* Wed Jan 13 2010 Tim Waugh - 1:1.4.2-23 +- Use %%{_initddir}, %%{_sysconfdir} and SMP make flags. +- Use mode 0755 for binaries and libraries where appropriate. +- Fix lpd obsoletes tag. + +* Thu Dec 24 2009 Tim Waugh - 1:1.4.2-22 +- Removed use of prereq and buildprereq. +- Fixed use of '%%' in changelog. +- Versioned explicit obsoletes/provides. +- Use tabs throughout. + +* Wed Dec 23 2009 Tim Waugh - 1:1.4.2-21 +- Fixed patch for STR #3425 again by adding in back-ported change from + svn revision 8929 (bug #549899). No longer need + delete-active-printer patch. + +* Tue Dec 22 2009 Tim Waugh - 1:1.4.2-20 +- Fixed ipp authentication for servers requiring authentication for + IPP-Get-Printer-Attributes (bug #548873, STR #3458). + +* Mon Dec 21 2009 Tim Waugh - 1:1.4.2-19 +- Ensure proper thread-safety in gnutls's use of libgcrypt + (bug #544619). + +* Sat Dec 19 2009 Tim Waugh - 1:1.4.2-18 +- Fixed patch for STR #3425 by adding in back-ported change from svn + revision 8936 (bug #548904). + +* Thu Dec 10 2009 Tim Waugh - 1:1.4.2-17 +- Fixed invalid read in cupsAddDest (bug #537460). + +* Wed Dec 9 2009 Tim Waugh - 1:1.4.2-15 +- Use upstream patch to fix scheduler crash when an active printer was + deleted (rev 8914). + +* Tue Dec 8 2009 Tim Waugh - 1:1.4.2-14 +- The scheduler did not use the Get-Job-Attributes policy for a + printer (STR #3431). +- The scheduler added two job-name attributes to each job object + (STR #3428). +- The scheduler did not clean out completed jobs when + PreserveJobHistory was turned off (STR #3425). +- The web interface did not show completed jobs (STR #3436). +- Authenticated printing did not always work when printing directly to + a remote server (STR #3435). +- Use upstream patch to stop the network backends incorrectly clearing + the media-empty-warning state (rev 8896). +- Use upstream patch to fix interrupt handling in the side-channel + APIs (rev 8896). +- Use upstream patch to handle negative SNMP string lengths (rev 8896). +- Use upstream fix for SNMP detection (bug #542857, STR #3413). +- Use the text filter for text/css files (bug #545026, STR #3442). +- Show conflicting option values in web UI (bug #544326, STR #3440). +- Use upstream fix for adjustment of conflicting options + (bug #533426, STR #3439). +- No longer requires paps. The texttopaps filter MIME conversion file + is now provided by the paps package (bug #545036). +- Moved %%{_datadir}/cups/ppdc/*.h to the main package (bug #545348). + +* Fri Dec 4 2009 Tim Waugh - 1:1.4.2-13 +- The web interface prevented conflicting options from being adjusted + (bug #533426, STR #3439). + +* Thu Dec 3 2009 Tim Waugh - 1:1.4.2-12 +- Fixes for SNMP scanning with Lexmark printers (bug #542857, STR #3413). + +* Mon Nov 23 2009 Tim Waugh 1:1.4.2-10 +- Undo last change as it was incorrect. + +* Mon Nov 23 2009 Tim Waugh 1:1.4.2-9 +- Fixed small typos introduced in fix for bug #536741. + +* Fri Nov 20 2009 Jiri Popelka 1:1.4.2-8 +- Do not translate russian links showing completed jobs + (bug #539354, STR #3422). + +* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7 +- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). + +* Tue Nov 17 2009 Tim Waugh 1:1.4.2-6 +- Fixed display of current driver (bug #537182, STR #3418). +- Fixed out-of-memory handling when loading jobs (bug #538054, + STR #3407). + +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-5 +- Fixed typo in admin web template (bug #537884, STR #3403). +- Reset SIGPIPE handler for child processes (bug #537886, STR #3399). + +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-4 +- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381). + +* Wed Nov 11 2009 Jiri Popelka 1:1.4.2-3 +- Fixed lspp-patch to avoid memory leak (bug #536741). + +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-2 +- Added explicit version dependency on cups-libs to cups-lpd + (bug #502205). + +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-1 +- 1.4.2. No longer need str3380, str3332, str3356, str3396 patches. +- Removed postscript.ppd.gz (bug #533371). +- Renumbered patches and sources. + +* Tue Nov 3 2009 Tim Waugh 1:1.4.1-14 +- Removed stale patch from STR #2831 which was causing problems with + number-up (bug #532516). + +* Tue Oct 27 2009 Jiri Popelka 1:1.4.1-13 +- Fix incorrectly applied patch from #STR3285 (bug #531108). +- Set the PRINTER_IS_SHARED variable for admin.cgi (bug #529634, #STR3390). +- Pass through serial parameters correctly in web interface (bug #529635, #STR3391). +- Fixed German translation (bug #531144, #STR3396). + +* Tue Oct 20 2009 Jiri Popelka 1:1.4.1-12 +- Fix cups-lpd to create unique temporary data files (bug #529838). + +* Mon Oct 19 2009 Tim Waugh 1:1.4.1-11 +- Fixed German translation (bug #529575, STR #3380). + +* Thu Oct 15 2009 Tim Waugh 1:1.4.1-10 +- Don't ship pstoraster -- it is now provided by the ghostscript-cups + package. + +* Thu Oct 8 2009 Tim Waugh 1:1.4.1-9 +- Fixed naming of 'Generic PostScript Printer' entry. + +* Wed Oct 7 2009 Tim Waugh 1:1.4.1-8 +- Use upstream patch for STR #3356 (bug #526405). + +* Fri Oct 2 2009 Tim Waugh 1:1.4.1-7 +- Fixed orientation of page labels when printing text in landscape + mode (bug #520141, STR #3334). + +* Wed Sep 30 2009 Tim Waugh 1:1.4.1-6 +- Don't use cached PPD for raw queue (bug #526405, STR #3356). + +* Wed Sep 23 2009 Jiri Popelka 1:1.4.1-5 +- Fixed cups.init to be LSB compliant (bug #521641) + +* Mon Sep 21 2009 Jiri Popelka 1:1.4.1-4 +- Changed cups.init to be LSB compliant (bug #521641), i.e. + return code "2" (instead of "3") if invalid arguments + return code "4" if restarting service under nonprivileged user + return code "5" if cupsd not exist or is not executable + return code "6" if cupsd.conf not exist + +* Wed Sep 16 2009 Tomas Mraz 1:1.4.1-3 +- Use password-auth common PAM configuration instead of system-auth + when available. + +* Tue Sep 15 2009 Tim Waugh 1:1.4.1-2 +- Fixed 'service cups status' to check for correct subsys name + (bug #521641). + +* Mon Sep 14 2009 Tim Waugh 1:1.4.1-1 +- 1.4.1. + +* Fri Sep 4 2009 Tim Waugh 1:1.4.0-2 +- Fixed the dnssd backend so that it only reports devices once avahi + resolution has completed. This makes it report Device IDs + (bug #520858). +- Fix locale code for Norwegian (bug #520379). + +* Fri Aug 28 2009 Tim Waugh 1:1.4.0-1 +- 1.4.0. + +* Thu Aug 27 2009 Warren Togami 1:1.4-0.rc1.21 +- rebuild + +* Wed Aug 26 2009 Tim Waugh 1:1.4-0.rc1.20 +- Fixed admin.cgi crash when modifying a class (bug #519724, + STR #3312, patch from Jiri Popelka). + +* Wed Aug 26 2009 Tim Waugh 1:1.4-0.rc1.19 +- Prevent infinite loop in cupsDoIORequest when processing HTTP + errors (bug #518065, bug #519663, STR #3311). +- Fixed document-format-supported attribute when + application/octet-stream is enabled (bug #516507, STR #3308, patch + from Jiri Popelka). +- Fixed buggy JobKillDelay handling fix (STR #3292). +- Prevent infinite loop in ppdc (STR #3293). + +* Fri Aug 21 2009 Tomas Mraz - 1:1.4-0.rc1.17.1 +- rebuilt with new audit + +* Fri Aug 21 2009 Tim Waugh 1:1.4-0.rc1.17 +- Removed 3-distribution symlink (bug #514244). + +* Tue Aug 18 2009 Tim Waugh 1:1.4-0.rc1.16 +- Fixed JobKillDelay handling for cancelled jobs (bug #518026, STR + #3292). +- Use 'exec' to invoke ghostscript in the pstoraster filter. This + allows the SIGTERM signal to reach the correct process, as well as + conserving memory (part of bug #518026). + +* Tue Aug 11 2009 Tim Waugh 1:1.4-0.rc1.15 +- Avoid empty BrowseLocalProtocols setting (bug #516460, STR #3287). + +* Mon Aug 10 2009 Tim Waugh 1:1.4-0.rc1.14 +- Fixed ppds.dat handling of drv files (bug #515027, STR #3279). +- Fixed udev rules file to avoid DEVTYPE warning messages. +- Fixed cupsGetNamedDest() so it does not fall back to the default + printer when a destination has been named (bug #516439, STR #3285). +- Fixed MIME type rules for image/jpeg and image/x-bitmap + (bug #516438, STR #3284). +- Clear out cache files on upgrade. +- Require acl. + +* Thu Aug 6 2009 Tim Waugh 1:1.4-0.rc1.13 +- Ship udev rules to allow libusb to access printer devices. +- Fixed duplex test pages (bug #514898, STR #3277). + +* Wed Jul 29 2009 Tim Waugh 1:1.4-0.rc1.12 +- Fixed Avahi support in the dnssd backend (bug #513888). +- Fixed incorrect arguments to sigaction() in dnssd backend (STR #3272). +- Cheaply restore compatibility with 1.1.x by having cups_get_sdests() + perform a CUPS_GET_CLASSES request if it is not sure it is talking + to CUPS 1.2 or later (bug #512866). +- Prevent ipp backend looping with bad IPP devices (bug #476424, + STR #3262). +- Fixed Device ID reporting in the usb backend (STR #3266). + +* Fri Jul 24 2009 Fedora Release Engineering - 1:1.4-0.rc1.11.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 24 2009 Tim Waugh 1:1.4-0.rc1.11 +- Tell udevd to replay printer add events in the initscript. + +* Wed Jul 15 2009 Tim Waugh 1:1.4-0.rc1.10 +- Applied patch to prevent bad job control files crashing cupsd on + start-up (STR #3253, bug #509741). +- Correctly handle CUPS-Get-PPDs requests for models with '+' in their + names (STR #3254, bug #509586). +- Accept incorrect device URIs in the (non-libusb) usb backend for + compatibility with Fedora 11 before bug #507244 was fixed. +- Applied patch to fix incorrect device URIs (STR #3259, bug #507244). +- Applied patch to fix job-hold-until for remote queues (STR #3258, + bug #497376). + +* Mon Jul 13 2009 Remi Collet 1:1.4-0.rc1.9 +- add PHP ABI check +- use php_extdir +- add php configuration file (/etc/php.d/cups.ini) + +* Fri Jul 10 2009 Tim Waugh 1:1.4-0.rc1.8 +- Build does not require aspell-devel (bug #510405). + +* Wed Jul 1 2009 Tim Waugh 1:1.4-0.rc1.7 +- Fixed template problem preventing current printer option defaults + from being shown in the web interface (bug #506794, STR #3244). + +* Wed Jul 1 2009 Tim Waugh 1:1.4-0.rc1.6 +- Fixed lpadmin for remote 1.3.x servers (bug #506977, STR #3231). + +* Tue Jun 23 2009 Tim Waugh 1:1.4-0.rc1.5 +- Added more debugging output when constructing filter chain. + +* Thu Jun 18 2009 Tim Waugh 1:1.4-0.rc1.4 +- More complete fix for STR #3229 (bug #506461). + +* Wed Jun 17 2009 Tim Waugh 1:1.4-0.rc1.3 +- Don't use RPM_SOURCE_DIR macro. +- Fixed add/modify-printer templates which had extra double-quote + characters, preventing the Continue button from appearing in certain + browsers (bug #506461, STR #3229). + +* Wed Jun 17 2009 Tim Waugh 1:1.4-0.rc1.1 +- 1.4rc1. No longer need str3124, CVE-2009-0163, CVE-2009-0164, + str3197, missing-devices patches. +- Disabled avahi patch for the time being. More work is needed to + port this to rc1. +- Removed wbuffer patch as it is not needed (see STR #1968). + +* Fri May 15 2009 Tim Waugh 1:1.4-0.b2.18 +- More complete fix for STR #3197 (bug #500859). + +* Thu May 14 2009 Tim Waugh 1:1.4-0.b2.17 +- Prevent cupsd crash when handling IPP_TAG_DELETEATTR requests + (STR #3197, bug #500859). + +* Thu May 7 2009 Ville Skyttä - 1:1.4-0.b2.16 +- Avoid stripping binaries before rpmbuild creates the -debuginfo subpackage. + +* Sun Apr 26 2009 Tim Waugh 1:1.4-0.b2.15 +- Accept "Host: ::1" (bug #497393). +- Accept Host: fields set to the ServerName value (bug #497301). +- Specify that we want poppler's pdftops (not ghostscript) for the + pdftops wrapper when calling configure. + +* Fri Apr 17 2009 Tim Waugh 1:1.4-0.b2.14 +- Applied patch to fix CVE-2009-0163 (bug #490596). +- Applied patch to fix CVE-2009-0164 (bug #490597). + +* Thu Apr 2 2009 Tim Waugh 1:1.4-0.b2.13 +- Don't verify MD5 sum, file size, or mtime for several config files: + cupsd.conf, client.conf, classes.conf, printers.conf, snmp.conf, + subscriptions.conf, lpoptions (bug #486287). + +* Mon Mar 23 2009 Tim Waugh 1:1.4-0.b2.12 +- If cups-polld gets EAI_AGAIN when looking up a hostname, + re-initialise the resolver (bug #490943). + +* Wed Mar 11 2009 Tim Waugh 1:1.4-0.b2.11 +- Bumped cupsddk n-v-r for obsoletes/provides, as cupsddk was rebuilt. + +* Tue Mar 10 2009 Tim Waugh 1:1.4-0.b2.10 +- Applied patch to fix ppd-natural-language attribute in PPD list + (STR #3124). + +* Mon Mar 9 2009 Tim Waugh 1:1.4-0.b2.9 +- Handle https:// device URIs (bug #478677, STR #3122). + +* Thu Mar 5 2009 Tim Waugh 1:1.4-0.b2.8 +- Updated to svn8404. + +* Wed Feb 25 2009 Tim Waugh +- Added 'Should-Start: portreserve' to the initscript (part of bug #487250). + +* Tue Feb 24 2009 Fedora Release Engineering - 1:1.4-0.b2.7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Feb 19 2009 Tim Waugh 1:1.4-0.b2.7 +- Prevent cups-deviced missing devices (STR #3108). +- Actually drop the perl implementation of the dnssd backend and use + the avahi-aware one. + +* Thu Feb 12 2009 Tim Waugh 1:1.4-0.b2.6 +- Beginnings of avahi support. The dnssd backend should now work, but + the scheduler will not yet advertise DNS-SD services. +- No longer require avahi-tools as the dnssd backend does not use the + command line tools any longer. +- Load MIME type rules correctly (bug #426089, STR #3059). + +* Wed Jan 28 2009 Tim Waugh 1:1.4-0.b2.4 +- Fixed quotas (STR #3077, STR #3078). + +* Tue Jan 27 2009 Tim Waugh 1:1.4-0.b2.3 +- Fixed default BrowseLocalProtocols (bug #481505). + +* Tue Dec 16 2008 Tim Waugh 1:1.4-0.b2.2 +- 1.4b2. +- No longer need CVE-2008-5183 patch. + +* Sat Dec 13 2008 Tim Waugh 1:1.4-0.b1.6 +- Start cupsd at priority 25: after avahi-daemon but before haldaemon + (bug #468709). + +* Tue Dec 9 2008 Tim Waugh 1:1.4-0.b1.5 +- Applied patch to fix RSS subscription limiting (bug #473901, + CVE-2008-5183). +- Attempt to unbreak the fix for STR #2831 (bug #474742). + +* Sun Nov 30 2008 Tim Waugh 1:1.4-0.b1.4 +- Own more directories (bug #473581). + +* Tue Nov 11 2008 Tim Waugh 1:1.4-0.b1.3 +- 1.4b1. +- No longer need ext, includeifexists, foomatic-recommended, + getnameddest, str2101, str2536 patches. +- Require poppler-utils at runtime and for build. No longer need + pdftops.conf. +- Obsolete cupsddk. + +* Thu Oct 30 2008 Tim Waugh 1:1.3.9-3 +- Fixed LSPP labels (bug #468442). + +* Tue Oct 21 2008 Tim Waugh 1:1.3.9-2 +- Fixed textonly filter to send FF correctly. + +* Fri Oct 10 2008 Tim Waugh 1:1.3.9-1 +- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710), + CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, + bug #464716). +- No longer need str2892 or res_init patches. + +* Wed Sep 10 2008 Tim Waugh 1:1.3.8-6 +- Backported patch for FatalErrors configuration directive + (bug #314941, STR #2536). + +* Thu Sep 4 2008 Tim Waugh +- Use php-cgi for executing PHP scripts (bug #460898). + +* Wed Sep 3 2008 Tim Waugh 1:1.3.8-5 +- The dnssd backend uses avahi-browse so require it (bug #458565). +- New php sub-package (bug #428235). +- cups-polld: reinit the resolver if we haven't yet resolved the + hostname (bug #354071). + +* Mon Aug 11 2008 Tim Waugh 1:1.3.8-4 +- Better password prompting behaviour (bug #215133, STR #2101). + +* Tue Aug 5 2008 Tim Waugh 1:1.3.8-3 +- Mark template files config(noreplace) for site-local modifications + (bug #441719). + +* Sun Aug 3 2008 Tim Waugh 1:1.3.8-2 +- Applied patch to fix STR #2892 (bug #453610). + +* Mon Jul 28 2008 Tim Waugh 1:1.3.8-1 +- 1.3.8. + +* Fri Jul 18 2008 Tim Waugh +- Removed autoconf requirement by applying autoconf-generated changes + to patches that caused them. Affected patches: cups-lspp. + +* Tue Jul 15 2008 Tim Waugh 1:1.3.7-13 +- CVE-2008-1373 patch is no longer needed (applied upstream). +- Mark HTML files and templates config(noreplace) for site-local + modifications (bug #441719). +- The cups-devel package requires zlib-devel (bug #455192). + +* Tue Jul 1 2008 Tim Waugh 1:1.3.7-12 +- Fixed bug #447200 again. + +* Tue Jul 1 2008 Tim Waugh 1:1.3.7-11 +- Use portreserve. + +* Tue Jun 24 2008 Tim Waugh 1:1.3.7-10 +- Rebuilt for new gnutls. + +* Tue Jun 17 2008 Tim Waugh 1:1.3.7-9 +- Don't overwrite the upstream snmp.conf file. + +* Tue Jun 17 2008 Tim Waugh 1:1.3.7-8 +- Fixed bug #447200 again. + +* Tue Jun 17 2008 Tim Waugh 1:1.3.7-7 +- Backported cupsGetNamedDest from 1.4 (bug #428086). + +* Tue Jun 3 2008 Tim Waugh 1:1.3.7-6 +- Applied patch to fix STR #2750 (IPP authentication). + +* Fri May 30 2008 Tim Waugh 1:1.3.7-5 +- Better fix for cupsdTimeoutJob LSPP configuration suggested by + Matt Anderson (bug #447200). + +* Thu May 29 2008 Tim Waugh 1:1.3.7-4 +- Fix last fix (bug #447200). + +* Wed May 28 2008 Tim Waugh 1:1.3.7-3 +- If cupsdTimeoutJob is called when the originating connection is still + known, pass that to the function so that copy_banner can get at it if + necessary (bug #447200). + +* Fri May 9 2008 Tim Waugh 1:1.3.7-2 +- Applied patch to fix CVE-2008-1722 (integer overflow in image filter, + bug #441692, STR #2790). + +* Thu Apr 3 2008 Tim Waugh +- Main package requires exactly-matching libs package. + +* Wed Apr 2 2008 Tim Waugh 1:1.3.7-1 +- 1.3.7. No longer need str2715, str2727, or CVE-2008-0047 patches. + +* Tue Apr 1 2008 Tim Waugh 1:1.3.6-9 +- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). +- Applied patch to prevent heap-based buffer overflow in CUPS helper + program (bug #436153, CVE-2008-0047, STR #2729). + +* Tue Apr 1 2008 Tim Waugh 1:1.3.6-8 +- Ship a few doc files (bug #438598). + +* Thu Mar 27 2008 Tim Waugh 1:1.3.6-7 +- Don't ship broken symlink %%{_datadir}/cups/doc (bug #438598). + +* Mon Mar 17 2008 Tim Waugh 1:1.3.6-6 +- Own %%{_datadir}/cups/www (bug #437742). + +* Thu Feb 28 2008 Tim Waugh 1:1.3.6-5 +- Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727). + +* Tue Feb 26 2008 Tim Waugh 1:1.3.6-4 +- LSB header for initscript (bug #246897). +- Move HTML-related files to main application directory so that the CUPS + web interface still works even with --excludedocs (bug #375631). + +* Tue Feb 26 2008 Tim Waugh 1:1.3.6-3 +- Set MaxLogSize to 0 to prevent log rotation. Upstream default is 1Mb, but + we want logrotate to be in charge. + +* Sat Feb 23 2008 Tim Waugh 1:1.3.6-2 +- Fix encoding of job-sheets option (bug #433753, STR #2715). + +* Wed Feb 20 2008 Tim Waugh 1:1.3.6-1 +- 1.3.6. + +* Thu Feb 14 2008 Tim Waugh 1:1.3.5-6 +- Include fixes from svn up to revision 7304. No longer need str2703 patch. + Build with --with-dbusdir. +- Try out logrotate again (bug #432730). + +* Tue Feb 12 2008 Tim Waugh 1:1.3.5-5 +- Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703). + +* Tue Feb 5 2008 Tim Waugh 1:1.3.5-4 +- Fix compilation of SO_PEERCRED support. +- Include fixes from svn up to revision 7287. No longer need str2650 or + str2664 patches. + +* Fri Feb 1 2008 Tim Waugh +- Updated initscript for LSB exit codes and actions (bug #246897). + +* Thu Jan 24 2008 Tim Waugh 1:1.3.5-3 +- Build requires autoconf. + +* Mon Jan 21 2008 Tim Waugh 1:1.3.5-2 +- Main package requires libs sub-package of the same release. + +* Thu Jan 10 2008 Tim Waugh +- Apply patch to fix busy looping in the backends (bug #426653, STR #2664). + +* Wed Jan 9 2008 Tim Waugh +- Apply patch to prevent overlong PPD lines from causing failures except + in strict mode (bug #405061). Needed for compatibility with older + versions of foomatic (e.g. Red Hat Enterprise Linux 3/4). +- Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650). + +* Thu Jan 3 2008 Tim Waugh +- Efficiency fix for pstoraster (bug #416871). + +* Tue Dec 18 2007 Tim Waugh 1:1.3.5-1 +- 1.3.5. + +* Mon Dec 10 2007 Tim Waugh 1:1.3.4-5 +- Rebuilt with higher release number. + +* Tue Dec 4 2007 Warren Togami 1:1.3.4-3 +- rebuild + +* Fri Nov 30 2007 Tim Waugh +- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are + not moved in array operations, only pointers to them. + +* Tue Nov 27 2007 Tim Waugh +- Updated to improved dnssd backend from Till Kamppeter. + +* Tue Nov 13 2007 Tim Waugh +- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they + are linked with gnutls. +- LSPP cupsdSetString/ClearString fixes (bug #378451). + +* Wed Nov 7 2007 Tim Waugh 1:1.3.4-2 +- Applied patch to fix CVE-2007-4045 (bug #250161). +- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and + CVE-2007-5393 (bug #345101). + +* Thu Nov 1 2007 Tim Waugh 1:1.3.4-1 +- 1.3.4 (bug #361681). + +* Wed Oct 10 2007 Tim Waugh 1:1.3.3-3 +- Use ppdev instead of libieee1284 for parallel port Device ID + retrieval (bug #311671). This avoids SELinux audit messages. + +* Tue Oct 9 2007 Tim Waugh 1:1.3.3-2 +- Use libieee1284 for parallel port Device ID retrieval (bug #311671). + +* Fri Sep 28 2007 Tim Waugh 1:1.3.3-1 +- 1.3.3. + +* Tue Sep 25 2007 Tim Waugh 1:1.3.2-3 +- Don't strip foomatic recommended strings from make/model names. + +* Fri Sep 21 2007 Tim Waugh 1:1.3.2-2 +- Write printcap when remote printers have timed out (bug #290831). + +* Wed Sep 19 2007 Tim Waugh 1:1.3.2-1 +- Include Till Kamppeter's dnssd backend. +- 1.3.2. +- No longer need str2512 patches. + +* Tue Sep 18 2007 Tim Waugh 1:1.3.1-3 +- Write printcap when a remote queue is deleted (bug #290831). + +* Tue Sep 18 2007 Tim Waugh 1:1.3.1-2 +- Avoid writing printcap unnecessarily (bug #290831). + +* Mon Sep 17 2007 Tim Waugh 1:1.3.1-1 +- 1.3.1. + +* Wed Aug 29 2007 Tim Waugh 1:1.3.0-2 +- More specific license tag. + +* Mon Aug 13 2007 Tim Waugh 1:1.3.0-1 +- 1.3.0. + +* Tue Jul 31 2007 Tim Waugh 1:1.3-0.rc2.2 +- Make cancel man page work properly with alternatives system (bug #249768). +- Don't call aclocal even when we modify m4 files -- CUPS does not use + automake (bug #250251). + +* Tue Jul 31 2007 Tim Waugh 1:1.3-0.rc2.1 +- Better buildroot tag. +- Moved LSPP access check in add_job() to before allocation of the job + structure (bug #231522). +- 1.3rc2. No longer need avahi patch. + +* Mon Jul 23 2007 Tim Waugh 1:1.3-0.b1.5 +- Use kernel support for USB paper-out detection, when available + (bug #249213). + +* Fri Jul 20 2007 Tim Waugh 1:1.3-0.b1.4 +- Better error checking in the LSPP patch (bug #231522). + +* Fri Jul 20 2007 Tim Waugh 1:1.3-0.b1.3 +- Change initscript start level to 98, to start after avahi but before + haldaemon. +- The devel sub-package requires krb5-devel. + +* Thu Jul 19 2007 Tim Waugh 1:1.3-0.b1.2 +- Build requires avahi-compat-libdns_sd-devel. Applied patch to fix + build against avahi (bug #245824). +- Build requires krb5-devel. + +* Wed Jul 18 2007 Tim Waugh 1:1.3-0.b1.1 +- 1.3b1. No longer need relro, directed-broadcast, af_unix-auth, or + str2109 patches. + +* Fri Jul 13 2007 Tim Waugh 1:1.2.12-1 +- 1.2.12. No longer need adminutil or str2408 patches. + +* Mon Jul 9 2007 Tim Waugh +- Another small improvement for the textonly filter (bug #244979). + +* Thu Jul 5 2007 Tim Waugh 1:1.2.11-5 +- Support for page-ranges and accounting in the textonly filter (bug #244979). + +* Wed Jul 4 2007 Tim Waugh 1:1.2.11-4 +- Better paper-out detection patch still (bug #246222). + +* Fri Jun 29 2007 Tim Waugh 1:1.2.11-3 +- Applied patch to fix group handling in PPDs (bug #186231, STR #2408). + +* Wed Jun 27 2007 Tim Waugh 1:1.2.11-2 +- Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). + +* Mon Jun 25 2007 Tim Waugh +- Fixed permissions on classes.conf in the file manifest (bug #245748). + +* Wed Jun 13 2007 Tim Waugh 1:1.2.11-1 +- 1.2.11. + +* Tue Jun 12 2007 Tim Waugh +- Make the initscript use start priority 56 (bug #213828). +- Better paper-out detection patch (bug #241589). + +* Wed May 9 2007 Tim Waugh 1:1.2.10-10 +* Revert paper-out detection for the moment. + +* Wed May 9 2007 Tim Waugh 1:1.2.10-9 +- Applied fix for rotated PDFs (bug #236753, STR #2348). + +* Thu Apr 26 2007 Tim Waugh 1:1.2.10-8 +- Initscript fixes (bug #237955). + +* Wed Apr 25 2007 Tim Waugh 1:1.2.10-7 +- Until bug #236736 is fixed, work around the kernel usblp driver's + quirks so that we can detect paper-out conditions. + +* Tue Apr 10 2007 Tim Waugh 1:1.2.10-6 +- Fixed 'cancel' man page (bug #234088). +- Added empty subscriptions.conf file to make sure it gets the right + SELinux file context. + +* Wed Apr 4 2007 Tim Waugh 1:1.2.10-5 +- Send D-BUS QueueChanged signal on printer state changes. + +* Tue Apr 3 2007 Tim Waugh 1:1.2.10-4 +- Relay printer-state-message values in the IPP backend (STR #2109). + +* Mon Apr 2 2007 Tim Waugh 1:1.2.10-3 +- Don't clear printer-state-reasons after job completion (STR #2323). + +* Thu Mar 29 2007 Tim Waugh +- Small improvement for AF_UNIX auth patch. + +* Thu Mar 29 2007 Tim Waugh 1:1.2.10-2 +- LSPP: Updated patch for line-wrapped labels (bug #228107). + +* Tue Mar 20 2007 Tim Waugh 1:1.2.10-1 +- 1.2.10. + +* Tue Mar 20 2007 Tim Waugh 1:1.2.9-2 +- Added %%{_datadir}/ppd for LSB (bug #232893). + +* Fri Mar 16 2007 Tim Waugh 1:1.2.9-1 +- 1.2.9. + +* Fri Mar 9 2007 Tim Waugh 1:1.2.8-5 +- Better UNIX domain sockets authentication patch after feedback from + Uli (bug #230613). + +* Thu Mar 8 2007 Tim Waugh 1:1.2.8-4 +- Implemented SCM_CREDENTIALS authentication for UNIX domain sockets + (bug #230613). + +* Fri Mar 2 2007 Tim Waugh 1:1.2.8-3 +- Updated LSPP patch (bug #229673). + +* Mon Feb 26 2007 Tim Waugh 1:1.2.8-2 +- Applied fix for STR #2264 (bug #230116). + +* Wed Feb 14 2007 Tim Waugh 1:1.2.8-1 +- 1.2.8. + +* Tue Feb 13 2007 Tim Waugh 1:1.2.7-8 +- Removed logrotate config file and maxlogsize patch (bug #227369). Now + CUPS is in charge of rotating its own logs, and defaults to doing so once + they get to 1Mb in size. + +* Fri Jan 12 2007 Tim Waugh 1:1.2.7-7 +- Don't even reload CUPS when rotating logs (bug #215024). + +* Fri Dec 8 2006 Tim Waugh +- Requires tmpwatch for the cron.daily script (bug #218901). + +* Thu Dec 7 2006 Tim Waugh 1:1.2.7-6 +- Fixed If-Modified-Since: handling in libcups (bug #217556, STR #2133). +- Fixed extra EOF in pstops output (bug #216154, STR #2111). +- Use upstream patch for STR #2121. + +* Mon Nov 27 2006 Tim Waugh 1:1.2.7-5 +- Better LSPP fix for bug #216855. + +* Thu Nov 23 2006 Tim Waugh +- Use translated string for password prompt (STR #2121). + +* Wed Nov 22 2006 Tim Waugh 1:1.2.7-4 +- Another LSPP fix (bug #216669). +- Fixed LSPP SELinux check (bug #216855). +- Increased PPD timeout in copy_model() (bug #216065). + +* Tue Nov 21 2006 Tim Waugh 1:1.2.7-3 +- Run the serial backend as root (bug #212577). + +* Thu Nov 16 2006 Tim Waugh 1:1.2.7-2 +- 1.2.7. + +* Tue Nov 14 2006 Tim Waugh +- Fixed LogFilePerm. + +* Mon Nov 13 2006 Tim Waugh +- Don't use getpass() (bug #215133). + +* Fri Nov 10 2006 Tim Waugh 1:1.2.6-5 +- Reload, don't restart, when logrotating (bug #215023). + +* Wed Nov 8 2006 Tim Waugh 1:1.2.6-4 +- Fixed pdftops.conf (bug #214611). + +* Mon Nov 6 2006 Tim Waugh 1:1.2.6-3 +- 1.2.6. + +* Mon Nov 6 2006 Tim Waugh 1:1.2.5-7 +- One more D-Bus signal fix (bug #212763). + +* Fri Nov 3 2006 Tim Waugh 1:1.2.5-6 +- Restore missed JobQueuedRemote D-Bus signal in ipp backend (part of + bug #212763). + +* Thu Nov 2 2006 Tim Waugh +- LSPP patch fix (bug #213498). + +* Wed Nov 1 2006 Tim Waugh 1:1.2.5-5 +- Send QueueChanged D-Bus signal on all job state changes. + +* Tue Oct 31 2006 Tim Waugh +- Added filter and PPD for text-only printer (bug #213030). + +* Mon Oct 30 2006 Tim Waugh 1:1.2.5-4 +- Fixed support for /dev/ttyUSB devices (bug #212577, STR #2061). +- Fixed parallel backend (bug #213021, STR #2056). + +* Thu Oct 26 2006 Tim Waugh +- Ship a real lpoptions file to make sure it is world-readable (bug #203510). + +* Mon Oct 23 2006 Tim Waugh 1:1.2.5-3 +- 1.2.5. + +* Tue Oct 17 2006 Tim Waugh +- Feature-complete LSPP patch from Matt Anderson (bug #210542). + +* Thu Oct 5 2006 Tim Waugh 1:1.2.4-9 +- adminutil.c: when writing 'BrowseAllow @LOCAL', add a comment about what + to change it to when using directed broadcasts from another subnet + (bug #204373). + +* Wed Oct 4 2006 Tim Waugh 1:1.2.4-8 +- LSPP patch didn't get updated properly in 1:1.2.4-6. Use the right + patch this time (bug #208676). LSPP re-enabled. + +* Wed Oct 4 2006 Tim Waugh 1:1.2.4-7 +- LSPP patch disabled, since it still causes cupsd to crash. + +* Wed Oct 4 2006 Tim Waugh 1:1.2.4-6 +- Updated LSPP patch from Matt Anderson (bug #208676). + +* Tue Oct 3 2006 Tim Waugh 1:1.2.4-5 +- Updated LSPP patch from Matt Anderson (bug #208676). + +* Sun Oct 01 2006 Jesse Keating - 1:1.2.4-4 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Wed Sep 27 2006 Tim Waugh 1:1.2.4-3 +- Add '--help' option to lpr command (bug #206380, STR #1989). + +* Fri Sep 22 2006 Tim Waugh 1:1.2.4-2 +- 1.2.4 (bug #206763). No longer need str1968 patch. + +* Wed Sep 13 2006 Tim Waugh 1:1.2.3-5 +- Fixed STR #1968 properly (bug #205619). + +* Tue Sep 12 2006 Tim Waugh +- No longer need language patch. + +* Mon Sep 11 2006 Tim Waugh 1:1.2.3-4 +- Applied upstream patch to fix STR #1968 (bug #205619). + +* Thu Sep 7 2006 Tim Waugh +- %%ghost %%config(noreplace) /etc/cups/lpoptions (bug #59022). + +* Wed Aug 30 2006 Tim Waugh 1:1.2.3-3 +- Don't overwrite snmp.c. +- No longer need str1893 patch. + +* Wed Aug 30 2006 Tim Waugh 1:1.2.3-2 +- 1.2.3. No longer need str1880 or str1881 patches. + +* Tue Aug 29 2006 Tim Waugh +- Removed dest-cache patch. + +* Thu Aug 24 2006 Tim Waugh 1:1.2.2-17 +- Fixed another LSPP patch problem (bug #203784). +- Updated fix for STR #1881 from upstream. + +* Thu Aug 24 2006 Tim Waugh 1:1.2.2-16 +- Fixed another LSPP patch problem noted by Erwin Rol. + +* Thu Aug 24 2006 Tim Waugh 1:1.2.2-15 +- Fixed LSPP patch passing NULL to strcmp (bug #203784). + +* Mon Aug 21 2006 Tim Waugh 1:1.2.2-14 +- Updated LSPP patch (bug #203376). + +* Fri Aug 18 2006 Jesse Keating - 1:1.2.2-13 +- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* + (#203001) + +* Fri Aug 18 2006 Tim Waugh +- Own notifier directory (bug #203085). + +* Thu Aug 17 2006 Tim Waugh 1:1.2.2-12 +- Apply patch to fix STR #1880 (bug #200205). + +* Wed Aug 16 2006 Tim Waugh 1:1.2.2-11 +- Use upstream patch to fix STR #1881. + +* Fri Aug 11 2006 Tim Waugh 1:1.2.2-10 +- Remove 'Provides: LPRng = 3.8.15-3' (bug #148757). +- Applied patch to fix STR #1893 (bug #201800). + +* Thu Aug 10 2006 Tim Waugh 1:1.2.2-9 +- Try different fix for STR #1795/STR #1881 (bug #201167). + +* Sun Aug 6 2006 Tim Waugh 1:1.2.2-8 +- Apply patch from STR #1881 for remote IPP printing (bug #201167). + +* Wed Aug 2 2006 Tim Waugh 1:1.2.2-7 +- Updated LSPP patch from Matt Anderson. +- Ship pstopdf filter for LSPP. + +* Fri Jul 28 2006 Tim Waugh 1:1.2.2-6 +- Use replacement snmp.c from STR #1737 (bug #193093). +- Re-enable LSPP; doesn't harm browsing after all. + +* Fri Jul 28 2006 Tim Waugh 1:1.2.2-5 +- Disable LSPP for now, since it seems to break browsing somehow. + +* Mon Jul 24 2006 Tim Waugh 1:1.2.2-4 +- Fixed package requirements (bug #199903). + +* Fri Jul 21 2006 Tim Waugh 1:1.2.2-3 +- Apply Matt Anderson's LSPP patch. +- Renumbered patches. + +* Thu Jul 20 2006 Tim Waugh 1:1.2.2-2 +- 1.2.2. + +* Wed Jul 19 2006 Tim Waugh 1:1.2.1-21 +- Sync with svn5754. Fixes bug #198987, bug #195532, bug #130118. + +* Tue Jul 18 2006 John (J5) Palmieri - 1:1.2.1-20 +- Require a new version of D-Bus and rebuild + +* Fri Jul 14 2006 Tim Waugh 1:1.2.1-19 +- Sync with svn5737. Fixes bug #192015. + +* Wed Jul 12 2006 Jesse Keating - 1:1.2.1-18.1 +- rebuild + +* Fri Jul 7 2006 Tim Waugh 1:1.2.1-18 +- Ship with an empty classes.conf file. + +* Tue Jul 4 2006 Tim Waugh 1:1.2.1-17 +- Sync with svn5706. +- No longer need localhost, str1740, str1758, str1736, str1776 patches. + +* Thu Jun 29 2006 Tim Waugh 1:1.2.1-16 +- Bumped paps requirement. +- Don't use texttopaps for application/* MIME types (bug #197214). + +* Thu Jun 29 2006 Tim Waugh 1:1.2.1-15 +- Require paps and use it for printing text (bug #197214). + +* Thu Jun 15 2006 Tim Waugh 1:1.2.1-14 +- Don't export in SSLLIBS to cups-config. + +* Thu Jun 15 2006 Tim Waugh 1:1.2.1-13 +- Fixed cupsd network default printer crash (STR #1776). + +* Wed Jun 14 2006 Tomas Mraz - 1:1.2.1-12 +- rebuilt with new gnutls + +* Tue Jun 13 2006 Tim Waugh 1:1.2.1-11 +- Remove certs directory in %%post, not %%postun. + +* Tue Jun 13 2006 Tim Waugh 1:1.2.1-10 +- Remove old-style certs directory after upgrade (bug #194581). + +* Wed Jun 7 2006 Tim Waugh 1:1.2.1-9 +- Prevent 'too many open files' error (STR #1736, bug #194368). + +* Wed Jun 7 2006 Tim Waugh 1:1.2.1-8 +- Fix 'Allow from @IF(...)' (STR #1758, bug #187703). + +* Wed Jun 7 2006 Tim Waugh 1:1.2.1-7 +- ServerBin compatibility patch (bug #194005). + +* Fri Jun 2 2006 Tim Waugh 1:1.2.1-6 +- Applied upstream patch to fix STR #1740 (bug #192809). + +* Thu Jun 1 2006 Tim Waugh 1:1.2.1-5 +- Fixed group ownerships again (bug #192880). + +* Thu Jun 1 2006 Tim Waugh 1:1.2.1-4 +- Fixed 'service cups reload' not to give an error message. + +* Thu May 25 2006 Tim Waugh 1:1.2.1-3 +- Fix 'localhost' fallback in httpAddrGetList() (bug #192628, STR #1723). + +* Mon May 22 2006 Tim Waugh 1:1.2.1-2 +- 1.2.1. +- Another STR #1705 fix (bug #192034). +- Fixed devel package multilib conflict (bug #192664). + +* Mon May 22 2006 Tim Waugh 1:1.2.0-7 +- Sync to svn5568. No longer need rpath patch. +- Added a 'conflicts:' for kdelibs to prevent bug #192548. + +* Sat May 20 2006 Tim Waugh 1:1.2.0-6 +- Sync to svn5555. No longer need str1670 or str1705 patches. + +* Fri May 19 2006 Tim Waugh 1:1.2.0-5 +- Sync to svn5545. +- Ship a driver directory. + +* Thu May 18 2006 Tim Waugh 1:1.2.0-4 +- Disable back-channel data in the usb backend (STR #1705, bug #192034). +- Fix for 'browsing stops on reload', STR #1670 (bug #191217). + +* Wed May 17 2006 Tim Waugh +- Sync to svn5538. +- Added 'restartlog' to initscript, for clearing out error_log. Useful + for problem diagnosis. +- Initscript no longer needs to check for printconf-backend. + +* Tue May 16 2006 Tim Waugh 1:1.2.0-3 +- Added image library build requirements. +- The devel package requires gnutls-devel (bug #191908). + +* Mon May 8 2006 Tim Waugh 1:1.2.0-2 +- 1.2.0. + +* Fri May 5 2006 Tim Waugh 1:1.2-0.5.rc3.4 +- Sync to svn5493. + +* Fri May 5 2006 Tim Waugh 1:1.2-0.5.rc3.3 +- Sync to svn5491. + +* Fri Apr 28 2006 Tim Waugh +- Sync to svn5470. +- No longer need link, CAN-2005-0064, or no-propagate-ipp-port patches. +- Switch to upstream PIE implementation (every single binary is PIE). +- Extend relro to all binaries. +- Better rpath patch. + +* Wed Apr 26 2006 Tim Waugh +- No longer need backend, rcp, or ppdsdat patches. +- Use configure switch for LogFilePerm default instead of patch. + +* Tue Apr 25 2006 Tim Waugh +- Own /var/run/cups (bug #189561). +- Sync from svn5460 to svn5462. + +* Tue Apr 25 2006 Tim Waugh 1:1.2-0.5.rc3.2 +- Patch pdftops to understand 'includeifexists', and use that in the + pdftops.conf file (bug #189809). + +* Mon Apr 24 2006 Tim Waugh 1:1.2-0.5.rc3.1 +- 1.2rc3. +- Ship an snmp.conf. + +* Fri Apr 21 2006 Tim Waugh 1:1.2-0.4.rc2.2 +- Updated to svn 5446. + +* Wed Apr 19 2006 Tim Waugh +- Ignore .rpmnew and .rpmsave banner files. + +* Tue Apr 11 2006 Tim Waugh +- Ship a /etc/cups/pdftops.conf file (bug #188583). + +* Fri Apr 7 2006 Tim Waugh +- Build requires libacl-devel. + +* Fri Apr 7 2006 Tim Waugh 1:1.2-0.4.rc2.1 +- 1.2rc2. + +* Fri Apr 7 2006 Tim Waugh 1:1.2-0.2.rc1.9 +- Sync scheduler/* with svn 5383. + +* Fri Apr 7 2006 Tim Waugh 1:1.2-0.2.rc1.8 +- No longer need openssl-devel. +- Build with LDAP_DEPRECATED=1, to pick up declarations of ldap_init() etc. +- Only warn about ACLs once (STR #1532). +- Fix imagetops filter (STR #1533). +- Sync pstops.c with svn 5382. + +* Thu Apr 6 2006 Tim Waugh 1:1.2-0.2.rc1.7 +- Build requires openldap-devel. +- Sync pstops.c with svn 5372. + +* Tue Apr 4 2006 Tim Waugh 1:1.2-0.2.rc1.6 +- Tweak to allow 'usb:/dev/usb/lp0'-style URIs again. + +* Sun Apr 2 2006 Tim Waugh 1:1.2-0.2.rc1.5 +- Backported svn 5365:5366 change for mutex-protected stringpool (STR #1530). + +* Sat Apr 1 2006 Tim Waugh +- Fixed _cupsStrFree() (STR #1529). + +* Fri Mar 31 2006 Tim Waugh 1:1.2-0.2.rc1.4 +- Fixed interaction with CUPS 1.1 servers (STR #1528). + +* Wed Mar 29 2006 Tim Waugh 1:1.2-0.2.rc1.3 +- Fix group list of non-root backends (STR #1521, bug #186954). + +* Tue Mar 28 2006 Tim Waugh 1:1.2-0.2.rc1.2 +- Fix lpq -h (STR#1515, bug #186686). + +* Mon Mar 27 2006 Tim Waugh 1:1.2-0.2.rc1.1 +- Ship a printers.conf file, and a client.conf file. That way, they get + their SELinux file contexts set correctly. + +* Mon Mar 27 2006 Tim Waugh 1:1.2-0.2.rc1.0 +- 1.2rc1. + +* Fri Mar 24 2006 Tim Waugh 1:1.2-0.1.b2.6 +- Add KDE compatibility symbols _ipp_add_attr/_ipp_free_attr to ipp.h, with + a comment saying why they shouldn't be used. + +* Fri Mar 24 2006 Tim Waugh 1:1.2-0.1.b2.5 +- Fix KDE compatibility symbols _ipp_add_attr/_ipp_free_attr. + +* Fri Mar 24 2006 Tim Waugh 1:1.2-0.1.b2.4 +- Update to svn snapshot. + +* Thu Mar 23 2006 Tim Waugh 1:1.2-0.1.b2.3 +- Update to svn snapshot. No longer need users or policy patches. + +* Fri Mar 17 2006 Tim Waugh 1:1.2-0.1.b2.2 +- Rebuilt. + +* Tue Mar 14 2006 Tim Waugh 1:1.2-0.1.b2.1 +- Build requires gnutls-devel. +- Fixed default policy name. +- Fixed 'set-allowed-users' in web UI. + +* Mon Mar 13 2006 Tim Waugh 1:1.2-0.1.b2.0 +- 1.2b2. +- Use new CUPS_SERVERBIN location (/usr/lib/cups even on 64-bit hosts). + +* Fri Mar 10 2006 Tim Waugh +- Fixed some permissions. + +* Fri Mar 10 2006 Tim Waugh 1:1.2-0.1.b1.1 +- Ship /etc/cups/ssl directory. + +* Thu Mar 9 2006 Tim Waugh 1:1.2-0.1.b1.0 +- 1.2b1. No longer need devid patch. + +* Wed Mar 8 2006 Tim Waugh 1:1.2-0.0.svn5238.2 +- Fixed 'device-id' attribute in GET_DEVICES requests (STR #1467). + +* Tue Mar 7 2006 Tim Waugh 1:1.2-0.0.svn5238.1 +- New svn snapshot. +- No longer need browse or raw patches. + +* Wed Mar 1 2006 Tim Waugh 1:1.2-0.0.svn5137.1 +- Fixed raw printing. +- Removed (unapplied) session printing patch. +- Fixed browse info. + +* Thu Feb 23 2006 Tim Waugh 1:1.2-0.0.svn5137.0 +- New svn snapshot. + +* Fri Feb 17 2006 Tim Waugh 1:1.2-0.0.svn5102.0 +- New svn snapshot. +- No longer need enabledisable patch. +- Fixed double-free in scheduler/policy.c (STR #1428). + +* Fri Feb 10 2006 Tim Waugh 1:1.2-0.0.svn5083.0 +- New svn snapshot. + +* Wed Jan 25 2006 Tim Waugh 1:1.2-0.0.svn4964.0 +- Use -fPIE not -fpie in PIE patch. +- Fix link patch. +- Patch in PIE instead of using --enable-pie, since that doesn't work. + +* Fri Jan 20 2006 Tim Waugh +- 1.2 svn snapshot. +- No longer need doclink, str1023, pdftops, sanity, lpstat, str1068, + sigchld, gcc34, gcc4, slow, CAN-2004-0888, CAN-2005-2097, finddest, + str1249, str1284, str1290, str1301, CVE-2005-3625,6,7 patches. +- Removed autodetect-tag patch. + +* Tue Jan 17 2006 Tim Waugh 1:1.1.23-30 +- Include 'Autodetected' tag for better integration with autodetection tools. + +* Tue Jan 10 2006 Tim Waugh 1:1.1.23-29 +- Apply dest-cache-v2 patch (bug #175847). + +* Wed Jan 4 2006 Tim Waugh 1:1.1.23-28 +- Apply patch to fix CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 + (bug #176868). + +* Mon Dec 19 2005 Tim Waugh 1:1.1.23-27 +- Link pdftops with -z relro. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Dec 01 2005 John (J5) Palmieri - 1:1.1.23-26 +- rebuild for new dbus + +* Tue Nov 8 2005 Tomas Mraz 1:1.1.23-25 +- rebuilt with new openssl + +* Thu Oct 20 2005 Tim Waugh 1:1.1.23-24 +- Build with -fstack-protector-all. + +* Sat Oct 15 2005 Florian La Roche 1:1.1.23-23 +- link libcupsimage.so against libcups + +* Tue Oct 11 2005 Tim Waugh 1:1.1.23-22 +- Apply patch to fix STR #1301 (bug #169979). + +* Thu Oct 6 2005 Tim Waugh 1:1.1.23-21 +- Apply patch to fix STR #1290. + +* Wed Oct 5 2005 Tim Waugh 1:1.1.23-20 +- Apply upstream patch for STR #1249. + +* Fri Sep 30 2005 Tim Waugh 1:1.1.23-19 +- Use upstream patch for STR #1284. + +* Fri Sep 30 2005 Tomas Mraz +- use include instead of pam_stack in pam config + +* Thu Sep 29 2005 Tim Waugh 1:1.1.23-18 +- Raise IPP_MAX_VALUES to 100 (bug #164232). STR #1284. +- Made FindDest better behaved in some instances (bug #164232). STR #1283. + +* Fri Sep 2 2005 Tim Waugh 1:1.1.23-17 +- Fixed CAN-2005-2097 (bug #164510). + +* Thu Jun 16 2005 Tim Waugh 1:1.1.23-16 +- Make DeletePrinterFromClass faster (bug #160620). + +* Thu Mar 31 2005 Tim Waugh 1:1.1.23-15 +- Don't require exact dbus version, just minimum. + +* Thu Mar 10 2005 Tim Waugh 1:1.1.23-14 +- Fixed up dbus patch so that it compiles. + +* Wed Mar 9 2005 John (J5) Palmieri +- Fix up dbus patch + +* Mon Mar 7 2005 John (J5) Palmieri 1:1.1.23-13 +- Fixed up dbus patch to work with dbus 0.31 + +* Tue Mar 1 2005 Tomas Mraz 1:1.1.23-12 +- rebuild for openssl-0.9.7e + +* Tue Feb 22 2005 Tim Waugh 1:1.1.23-11 +- UTF-8-ify spec file (bug #149293). + +* Fri Feb 18 2005 Tim Waugh 1:1.1.23-10 +- Fixed build with GCC 4. + +* Thu Feb 10 2005 Tim Waugh 1:1.1.23-9 +- Back to old DBUS API since new DBUS isn't built yet. + +* Mon Feb 7 2005 Tim Waugh +- Use upstream patch for STR #1068. +- Apply patch to fix remainder of CAN-2004-0888 (bug #135378). + +* Wed Feb 2 2005 Tim Waugh +- Applied patch to prevent occasional cupsd crash on reload (bug #146850). + +* Tue Feb 1 2005 Tim Waugh 1:1.1.23-8 +- New DBUS API. + +* Tue Feb 1 2005 Tim Waugh 1:1.1.23-7 +- Applied patch to prevent file descriptor confusion (STR #1068). + +* Fri Jan 28 2005 Tim Waugh +- Build does not require XFree86-devel (bug #146397). + +* Thu Jan 27 2005 Tim Waugh +- Corrected directory modes so that they reflect what cupsd sets them to. + +* Mon Jan 24 2005 Tim Waugh 1:1.1.23-6 +- Build against new dbus. + +* Fri Jan 21 2005 Tim Waugh 1:1.1.23-5 +- Use tmpwatch to remove unused files in the spool temporary directory + (bug #110026). + +* Thu Jan 20 2005 Tim Waugh +- Use gzip's -n flag for the PPDs. + +* Thu Jan 20 2005 Tim Waugh 1:1.1.23-4 +- Mark the initscript noreplace (bug #145629). + +* Wed Jan 19 2005 Tim Waugh 1:1.1.23-3 +- Applied patch to fix CAN-2005-0064. + +* Thu Jan 6 2005 Tim Waugh 1:1.1.23-2 +- Fixed patch from STR #1023. + +* Tue Jan 4 2005 Tim Waugh 1:1.1.23-1 +- 1.1.23. + +* Mon Dec 20 2004 Tim Waugh 1:1.1.23-0.rc1.1 +- 1.1.23rc1. +- No longer need ioctl, ref-before-use, str1023 or str1024 patches. + +* Fri Dec 17 2004 Tim Waugh 1:1.1.22-6 +- Use upstream patches for bug #143086. + +* Thu Dec 16 2004 Tim Waugh 1:1.1.22-5 +- Fixed STR #1023 (part of bug #143086). +- Fixed STR #1024 (rest of bug #143086). + +* Thu Dec 9 2004 Tim Waugh +- Not all files in the doc directory are pure documentation (bug #67337). + +* Thu Dec 9 2004 Tim Waugh +- Fixed ioctl parameter size in usb backend. Spotted by David A. Marlin. + +* Fri Dec 3 2004 Tim Waugh 1:1.1.22-4 +- Convert de and fr .tmpl files into UTF-8 (bug #136177). + +* Thu Dec 2 2004 Tim Waugh 1:1.1.22-3 +- Fix ref-before-use bug in debug output (bug #141585). + +* Mon Nov 29 2004 Tim Waugh +- Copied "ext" patch over from xpdf RPM package. + +* Mon Nov 22 2004 Tim Waugh 1:1.1.22-2 +- Fixed cups-lpd file mode (bug #137325). +- Convert all man pages to UTF-8 (bug #107118). Patch from Miloslav Trmac. + +* Mon Nov 8 2004 Tim Waugh +- New lpd subpackage, from patch by Matthew Galgoci (bug #137325). + +* Tue Nov 2 2004 Tim Waugh 1:1.1.22-1 +- 1.1.22. +- No longer need ippfail, overread or str970 patches. + +* Tue Oct 26 2004 Tim Waugh 1:1.1.22-0.rc2.1 +- Make cancel-cups(1) man page point to lp-cups(1) not lp(1) (bug #136973). +- Use upstream patch for STR #953. +- 1.1.22rc2. + +* Wed Oct 20 2004 Tim Waugh 1:1.1.22-0.rc1.7 +- Prevent filters generating incorrect PS in locales where "," is the + decimal separator (bug #136102). Patch from STR #970. + +* Thu Oct 14 2004 Tim Waugh 1:1.1.22-0.rc1.5 +- Fixed another typo in last patch! + +* Thu Oct 14 2004 Tim Waugh 1:1.1.22-0.rc1.4 +- Fixed typo in last patch. + +* Thu Oct 14 2004 Tim Waugh 1:1.1.22-0.rc1.3 +- Another attempt at fixing bug #135502. + +* Wed Oct 13 2004 Tim Waugh 1:1.1.22-0.rc1.2 +- Fail better when receiving corrupt IPP responses (bug #135502). + +* Mon Oct 11 2004 Tim Waugh 1:1.1.22-0.rc1.1 +- 1.1.22rc1. + +* Tue Oct 5 2004 Tim Waugh 1:1.1.21-7 +- Set LogFilePerm 0600 in default config file. + +* Tue Oct 5 2004 Tim Waugh 1:1.1.21-6 +- Apply patch to fix CAN-2004-0923 (bug #134601). + +* Mon Oct 4 2004 Tim Waugh 1:1.1.21-5 +- Fixed reload logic (bug #134080). + +* Wed Sep 29 2004 Warren Togami 1:1.1.21-4 +- Remove .pdf from docs, fix links + +* Fri Sep 24 2004 Tim Waugh 1:1.1.21-3 +- Write a pid file (bug #132987). + +* Thu Sep 23 2004 Tim Waugh 1:1.1.21-2 +- 1.1.21. + +* Thu Sep 9 2004 Tim Waugh 1:1.1.21-1.rc2.2 +- Updated DBUS patch (from Colin Walters). + +* Tue Aug 24 2004 Tim Waugh 1:1.1.21-1.rc2.1 +- 1.1.21rc2. +- No longer need state, reload-timeout or str743 patches. +- httpnBase64 patch no longer applies; alternate method implemented + upstream. +- Fix single byte overread in usersys.c (spotted by Colin Walters). + +* Wed Aug 18 2004 Tim Waugh +- Applied httpnEncode64 patch from Colin Walters. + +* Sun Aug 15 2004 Tim Waugh +- Session printing patch (Colin Walters). Disabled for now. + +* Sun Aug 15 2004 Tim Waugh 1:1.1.21-1.rc1.9 +- Shorter reload timeout (Colin Walters). +- Updated DBUS patch from Colin Walters. + +* Fri Aug 13 2004 Tim Waugh +- Updated IPP backend IPP_PORT patch from Colin Walters. + +* Fri Aug 13 2004 Tim Waugh 1:1.1.21-1.rc1.8 +- Preserve DBUS_SESSION_BUS_ADDRESS in environment (Colin Walters). +- Fixed enabledisable patch. + +* Fri Aug 13 2004 Tim Waugh 1:1.1.21-1.rc1.7 +- Bumped DBUS version to 0.22. + +* Fri Aug 6 2004 Tim Waugh 1:1.1.21-1.rc1.6 +- Patch from Colin Walters to prevent IPP backend using non-standard + IPP port. + +* Sun Aug 1 2004 Tim Waugh 1:1.1.21-1.rc1.5 +- Really bumped DBUS version. + +* Fri Jul 30 2004 Tim Waugh 1:1.1.21-1.rc1.4 +- Bumped DBUS version. + +* Fri Jul 16 2004 Tim Waugh +- Added version to LPRng obsoletes: tag (bug #128024). + +* Thu Jul 8 2004 Tim Waugh 1:1.1.21-1.rc1.3 +- Updated DBUS patch. + +* Tue Jun 29 2004 Tim Waugh 1:1.1.21-1.rc1.2 +- Apply patch from STR #743 (bug #114999). + +* Fri Jun 25 2004 Tim Waugh 1:1.1.21-1.rc1.1 +- Fix permissions on logrotate script (bug #126426). + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Jun 4 2004 Tim Waugh 1:1.1.21-0.rc1.2 +- Build for dbus-0.21. +- Fix SetPrinterState(). + +* Thu Jun 3 2004 Tim Waugh +- Use configure's --with-optim parameter instead of setting OPTIM at + make time (bug #125228). + +* Thu Jun 3 2004 Tim Waugh 1:1.1.21-0.rc1.1 +- 1.1.21rc1. +- No longer need str716, str718, authtype or encryption patches. + +* Wed Jun 2 2004 Tim Waugh 1:1.1.20-15 +- Build on ppc and ppc64 again. + +* Wed Jun 2 2004 Tim Waugh 1:1.1.20-14 +- ExcludeArch ppc, ppc64. +- More D-BUS changes. + +* Tue Jun 1 2004 Tim Waugh 1:1.1.20-13 +- Enable optimizations on ia64 again. + +* Thu May 27 2004 Tim Waugh 1:1.1.20-12 +- D-BUS changes. + +* Wed May 26 2004 Tim Waugh 1:1.1.20-11 +- Build requires make >= 3.80 (bug #124472). + +* Wed May 26 2004 Tim Waugh 1:1.1.20-10 +- Finish fix for cupsenable/cupsdisable (bug #102490). +- Fix MaxLogSize setting (bug #123003). + +* Tue May 25 2004 Tim Waugh 1:1.1.20-9 +- Apply patches from CVS (authtype) to fix STR #434, STR #611, and as a + result STR #719. This fixes several problems including those noted in + bug #114999. + +* Mon May 24 2004 Tim Waugh +- Use upstream patch for exit code fix for bug #110135 [STR 718]. + +* Wed May 19 2004 Tim Waugh 1:1.1.20-8 +- If cupsd fails to start, make it exit with an appropriate code so that + initlog notifies the user (bug #110135). + +* Thu May 13 2004 Tim Waugh +- Fix cups/util.c:get_num_sdests() to use encryption when it is necessary + or requested (bug #118982). +- Use upstream patch for the HTTP/1.1 Continue bug (from STR716). + +* Tue May 11 2004 Tim Waugh 1:1.1.20-7 +- Fix non-conformance with HTTP/1.1, which caused failures when printing + to a Xerox Phaser 8200 via IPP (bug #122352). +- Make lppasswd(1) PIE. +- Rotate logs within cupsd (instead of relying on logrotate) if we start + to approach the filesystem file size limit (bug #123003). + +* Tue Apr 6 2004 Tim Waugh 1:1.1.20-6 +- Fix pie patch (bug #120078). + +* Fri Apr 2 2004 Tim Waugh +- Fix rcp patch for new system-config-printer name. + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Feb 6 2004 Tim Waugh 1:1.1.20-4 +- Tracked D-BUS API changes. +- Updated D-BUS configuration file. +- Symlinks to avoid conflicting with bash builtins (bug #102490). + +* Thu Feb 5 2004 Tim Waugh 1:1.1.20-3 +- Improved PIE patch. +- Fixed compilation with GCC 3.4. + +* Thu Jan 29 2004 Tim Waugh +- Don't ship cupsconfig now that nothing uses it. + +* Wed Jan 7 2004 Tim Waugh 1:1.1.20-2 +- Try harder to find a translated page for the web interface (bug #107619). +- Added build_as_pie conditional to spec file to facilitate debugging. + +* Mon Dec 1 2003 Tim Waugh 1:1.1.20-1 +- 1.1.20. +- No longer need idefense, str226 patches. +- Updated sanity patch. +- The devel sub-package requires openssl-devel (bug #110772). + +* Wed Nov 26 2003 Thomas Woerner 1:1.1.19-16 +- removed -Wl,-rpath from cups-sharedlibs.m4 (replaced old no_rpath patch) + +* Tue Nov 25 2003 Thomas Woerner 1:1.1.19-15 +- no rpath in cups-config anymore + +* Thu Nov 20 2003 Tim Waugh 1:1.1.19-14 +- Enable PIE for cupsd. + +* Fri Nov 14 2003 Tim Waugh +- Don't ignore the file descriptor when ShutdownClient is called: it + might get closed before we next try to read it (bug #107787). + +* Tue Oct 14 2003 Tim Waugh +- Removed busy-loop patch; 1.1.19 has its own fix for this. + +* Thu Oct 2 2003 Tim Waugh 1:1.1.19-13 +- Apply patch from STR 226 to make CUPS reload better behaved (bug #101507). + +* Wed Sep 10 2003 Tim Waugh 1:1.1.19-12 +- Prevent a libcups busy loop (bug #97958). + +* Thu Aug 14 2003 Tim Waugh 1:1.1.19-11 +- Another attempt to fix bug #100984. + +* Wed Aug 13 2003 Tim Waugh 1:1.1.19-10 +- Pass correct attributes-natural-language through even in the absence + of translations for that language (bug #100984). +- Show compilation command lines. + +* Wed Jul 30 2003 Tim Waugh 1:1.1.19-9 +- Prevent lpstat displaying garbage. + +* Mon Jul 21 2003 Tim Waugh +- Mark mime.convs and mime.types as config files (bug #99461). + +* Mon Jun 23 2003 Tim Waugh 1:1.1.19-8 +- Start cupsd before nfs server processes (bug #97767). + +* Tue Jun 17 2003 Tim Waugh 1:1.1.19-7 +- Add some %%if %%use_dbus / %%endif's to make it compile without dbus + (bug #97397). Patch from Jos Vos. + +* Mon Jun 16 2003 Tim Waugh 1:1.1.19-6 +- Don't busy loop in the client if the IPP port is in use by another + app (bug #97468). + +* Tue Jun 10 2003 Tim Waugh 1:1.1.19-5 +- Mark pam.d/cups as config file not to be replaced (bug #92236). + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Tue Jun 3 2003 Tim Waugh 1:1.1.19-3 +- Provide a version for LPRng (bug #92145). + +* Thu May 29 2003 Tim Waugh 1:1.1.19-2 +- Obsolete LPRng now. + +* Tue May 27 2003 Tim Waugh 1:1.1.19-1 +- 1.1.19. No longer need optparse patch. + +* Sat May 17 2003 Tim Waugh 1:1.1.19-0.rc5.4 +- Ship configuration file for D-BUS. + +* Fri May 16 2003 Tim Waugh 1:1.1.19-0.rc5.3 +- Rebuild for dbus-0.11 API changes. +- Fix ownership in file manifest (bug #90840). + +* Wed May 14 2003 Tim Waugh 1:1.1.19-0.rc5.2 +- Fix option parsing in lpq (bug #90823). + +* Tue May 13 2003 Tim Waugh 1:1.1.19-0.rc5.1 +- 1.1.19rc5. + +* Thu May 8 2003 Tim Waugh 1:1.1.19-0.rc4.1 +- 1.1.19rc4. Ported initscript, idefense, ppdsdat, dbus patches. +- No longer need error, sigchld patches. +- Ship cupstestppd. + +* Thu Apr 24 2003 Tim Waugh +- Mark banners as config files (bug #89069). + +* Sat Apr 12 2003 Havoc Pennington 1:1.1.18-4 +- adjust dbus patch - dbus_bus_get() sends the hello for you, + and there were a couple of memleaks +- buildprereq dbus 0.9 +- rebuild for new dbus +- hope it works, I'm ssh'd in with no way to test. ;-) + +* Thu Apr 10 2003 Tim Waugh 1.1.18-3 +- Get on D-BUS. + +* Fri Mar 28 2003 Tim Waugh 1.1.18-2 +- Fix translation in the init script (bug #87551). + +* Wed Mar 26 2003 Tim Waugh 1.1.18-1.1 +- Turn off optimization on ia64 until bug #87383 is fixed. + +* Wed Mar 26 2003 Tim Waugh 1.1.18-1 +- 1.1.18. +- No longer need uninit patch. +- Some parts of the iDefense and pdftops patches seem to have been + picked up, but not others. + +* Wed Feb 12 2003 Tim Waugh 1.1.17-13 +- Don't set SIGCHLD to SIG_IGN when using wait4 (via pclose) (bug #84101). + +* Tue Feb 4 2003 Tim Waugh 1.1.17-12 +- Fix cups-lpd (bug #83452). + +* Fri Jan 31 2003 Tim Waugh 1.1.17-11 +- Build ppds.dat on first install. + +* Fri Jan 24 2003 Tim Waugh 1.1.17-10 +- Add support for rebuilding ppds.dat without running the scheduler + proper (for bug #82500). + +* Wed Jan 22 2003 Tim Powers 1.1.17-9 +- rebuilt + +* Wed Jan 22 2003 Tim Waugh 1.1.17-8 +- Warn against editing queues managed by redhat-config-printer + (bug #82267). + +* Wed Jan 22 2003 Tim Waugh 1.1.17-7 +- Fix up error reporting in lpd backend. + +* Thu Jan 9 2003 Tim Waugh 1.1.17-6 +- Add epoch to internal requirements. +- Make 'condrestart' return success exit code when daemon isn't running. + +* Tue Jan 7 2003 Nalin Dahyabhai 1.1.17-5 +- Use pkg-config information to find SSL libraries. + +* Thu Dec 19 2002 Tim Waugh 1.1.17-4 +- Security fixes. +- Make 'service cups reload' update the configuration first (bug #79953). + +* Tue Dec 10 2002 Tim Waugh 1.1.17-3 +- Fix cupsd startup hang (bug #79346). + +* Mon Dec 9 2002 Tim Waugh 1.1.17-2 +- Fix parallel backend behaviour when cancelling jobs. + +* Mon Dec 9 2002 Tim Waugh 1.1.17-1 +- 1.1.17. +- No longer need libdir patch. +- Fix logrotate script (bug #76791). + +* Wed Nov 20 2002 Tim Waugh +- Build requires XFree86-devel (bug #78362). + +* Wed Nov 20 2002 Tim Waugh +- 1.1.16. +- Updated system-auth patch. +- Add ncp backend script. + +* Wed Nov 13 2002 Tim Waugh 1.1.15-15 +- Set alternatives priority to 40. + +* Mon Nov 11 2002 Nalin Dahyabhai 1.1.15-14 +- Buildrequire pam-devel. +- Patch default PAM config file to remove directory names from module paths, + allowing the configuration files to work equally well on multilib systems. +- Patch default PAM config file to use system-auth, require the file at build- + time because that's what data/Makefile checks for. + +* Fri Nov 8 2002 Tim Waugh 1.1.15-13 +- Use logrotate for log rotation (bug #76791). +- No longer need cups.desktop, since redhat-config-printer handles it. + +* Thu Oct 17 2002 Tim Waugh 1.1.15-12 +- Revert to libdir for CUPS_SERVERBIN. + +* Thu Oct 17 2002 Tim Waugh 1.1.15-11 +- Use %%configure for multilib correctness. +- Use libexec instead of lib for CUPS_SERVERBIN. +- Ship translated man pages. +- Remove unshipped files. +- Fix file list permissions (bug #59021, bug #74738). +- Fix messy initscript output (bug #65857). +- Add 'reload' to initscript (bug #76114). + +* Fri Aug 30 2002 Bernhard Rosenkraenzer 1.1.15-10 +- Add generic postscript PPD file (#73061) + +* Mon Aug 19 2002 Tim Waugh 1.1.15-9 +- Fix prefix in pstoraster (bug #69573). + +* Mon Aug 19 2002 Tim Waugh 1.1.15-8 +- Disable cups-lpd by default (bug #71712). +- No need for fread patch now that glibc is fixed. + +* Thu Aug 15 2002 Tim Waugh 1.1.15-7 +- Really add cups-lpd xinetd file (bug #63919). +- Ship pstoraster (bug #69573). +- Prevent fread from trying to read from beyond EOF (fixes a segfault + with new glibc). + +* Sat Aug 10 2002 Elliot Lee 1.1.15-6 +- rebuilt with gcc-3.2 (we hope) + +* Mon Aug 5 2002 Bernhard Rosenkraenzer 1.1.15-5 +- Add cups-lpd xinetd file (#63919) + +* Tue Jul 23 2002 Florian La Roche 1.1.15-4 +- add a "exit 0" to postun script + +* Tue Jul 2 2002 Bernhard Rosenkraenzer 1.1.15-3 +- Add a symlink /usr/share/cups/doc -> /usr/share/doc/cups-devel-1.1.15 + because some applications expect to find the cups docs in + /usr/share/cups/doc + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Fri Jun 21 2002 Bernhard Rosenkraenzer 1.1.15-1 +- 1.1.15-1 +- Fix up smb printing trigger (samba-client, not samba-clients) +- Start cupsd earlier, apparently it needs to be running before samba + starts up for smb printing to work. + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Tue May 7 2002 Bernhard Rosenkraenzer 1.1.14-17 +- Rebuild in current environment +- [-16 never existed because of build system breakage] + +* Wed Apr 17 2002 Bernhard Rosenkraenzer 1.1.14-15 +- Fix bug #63387 + +* Mon Apr 15 2002 Bernhard Rosenkraenzer 1.1.14-14 +- Fix dangling symlink created by samba-clients trigger + +* Wed Apr 10 2002 Bernhard Rosenkraenzer 1.1.14-13 +- Add desktop file and icon for CUPS configuration + +* Wed Apr 3 2002 Bernhard Rosenkraenzer 1.1.14-12 +- Support SMB printing (#62407) +- Add HTML redirections to doc files to work around users mistaking + /usr/share/doc/cups-1.1.14 for the web frontend (#62405) + +* Tue Apr 2 2002 Bill Nottingham 1.1.14-11 +- fix subsys in initscript (#59206) +- don't strip binaries + +* Mon Mar 11 2002 Bernhard Rosenkraenzer 1.1.14-10 +- Make initscript use killproc instead of killall + +* Fri Mar 8 2002 Bill Nottingham 1.1.14-9 +- use alternatives --initscript support + +* Mon Mar 4 2002 Bill Nottingham 1.1.14-8 +- use the right path for the lpc man page, duh + +* Thu Feb 28 2002 Bill Nottingham 1.1.14-7 +- lpc man page is alternative too +- run ldconfig in -libs %%post/%%postun, not main +- remove alternatives in %%preun + +* Wed Feb 27 2002 Bill Nottingham 1.1.14-6 +- don't source /etc/sysconfig/network in cups.init, we don't use any + values from it + +* Tue Feb 26 2002 Bernhard Rosenkraenzer 1.1.14-4 +- Fix bugs #60220 and #60352 + +* Thu Feb 21 2002 Tim Powers +- rebuild against correct version of openssl (0.9.6b) + +* Wed Feb 20 2002 Bernhard Rosenkraenzer 1.1.14-2 +- Add all man pages to alternatives (#59943) +- Update to real 1.1.14 + +* Tue Feb 12 2002 Bernhard Rosenkraenzer 1.1.14-1 +- Update to almost-1.1.14 + +* Mon Feb 11 2002 Bernhard Rosenkraenzer 1.1.13-5 +- Move cups-config to cups-devel subpackage +- Make alternatives usage a %%define to simplify builds for earlier + releases +- Explicitly provide things we're supplying through alternatives + to shut up kdeutils dependencies + +* Tue Feb 5 2002 Tim Powers +- shut the alternatives stuff up for good + +* Fri Feb 1 2002 Bernhard Rosenkraenzer 1.1.13-3 +- Fix alternatives stuff +- Don't display error messages in %%post + +* Wed Jan 30 2002 Bernhard Rosenkraenzer 1.1.13-2 +- alternatives stuff + +* Tue Jan 29 2002 Bernhard Rosenkraenzer 1.1.13-1 +- 1.1.13 +- Add patch for koi8-{r,u} and iso8859-8 encodings (#59018) +- Rename init scripts so we can safely "killall cupsd" from there + +* Sat Jan 26 2002 Bernhard Rosenkraenzer 1.1.12-1 +- Initial (conflicting, since alternatives isn't there yet) packaging for + Red Hat Linux + +* Sat Jan 19 2002 Bernhard Rosenkraenzer +- 1.1.12 + +* Mon Nov 5 2001 Bernhard Rosenkraenzer 1.1.10-3 +- Compress PPD files +- Fix build with gcc 3.1 +- Fix init script + +* Tue Sep 4 2001 Bernhard Rosenkraenzer 1.1.10-2 +- Fix URL +- Generate printcap +- s/Copyright/License/g + +* Tue Sep 4 2001 Than Ngo 1.1.10-1 +- update to 1.1.10-1 for ExtraBinge 7.2 + +* Tue May 29 2001 Michael Stefaniuc +- update to 1.1.8 +- changed cupsd.conf to generate /etc/printcap + +* Tue May 15 2001 Than Ngo +- update to 1.1.7, bugfixes + +* Thu Dec 14 2000 Than Ngo +- fixed package dependency with lpr and LPRng + +* Wed Oct 25 2000 Than Ngo +- remove man/cat + +* Tue Oct 24 2000 Than Ngo +- don't start cupsd service in level 0, fixed + +* Thu Oct 19 2000 Than Ngo +- update to 1.1.4 +- fix CUPS_DOCROOT (Bug #18717) + +* Fri Aug 11 2000 Than Ngo +- update to 1.1.2 (Bugfix release) + +* Fri Aug 4 2000 Than Ngo +- fix, cupsd read config file under /etc/cups (Bug #15432) +- add missing cups filters + +* Wed Aug 2 2000 Tim Powers +- rebuilt against libpng-1.0.8 + +* Tue Aug 01 2000 Than Ngo +- fix permission, add missing ldconfig in %%post and %%postun (Bug #14963) + +* Sat Jul 29 2000 Bernhard Rosenkraenzer +- 1.1.1 (this has some major bugfixes) +- Fix a typo in initscript (it's $?, not ?$) +- Fix /usr/etc vs. /etc trouble, don't insist on /usr/var (YUCK!) +- Create the spool dir + +* Fri Jul 28 2000 Than Ngo +- fix unclean code for building against gcc-2.96 +- add missing restart function in startup script + +* Fri Jul 28 2000 Tim Powers +- fixed initscript so that conrestart doesn't return 1 if the test fails + +* Mon Jul 24 2000 Prospector +- rebuilt + +* Wed Jul 19 2000 Than Ngo +- using service to fire them up +- fix Prereq section + +* Mon Jul 17 2000 Tim Powers +- added defattr to the devel package + +* Sun Jul 16 2000 Than Ngo +- add cups config files + +* Sat Jul 15 2000 Than Ngo +- update to 1.1 release +- move back to /etc/rc.d/init.d +- fix cupsd.init to work with /etc/init.d and /etc/rc.d/init.d +- split cups + +* Wed Jul 12 2000 Than Ngo +- rebuilt + +* Thu Jul 06 2000 Tim Powers +- fixed broken PreReq to now require /etc/init.d + +* Tue Jun 27 2000 Tim Powers +- PreReq initscripts >= 5.20 + +* Mon Jun 26 2000 Tim Powers +- started changelog +- fixed init.d script location +- changed script in init.d quite a bit and made more like the rest of our + startup scripts