Merge branch 'i9c' into i9

SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch

@@ -0,0 +1,21 @@
+diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
+--- cups-2.3.3op2/backend/lpd.c.lpd-delay	2021-02-01 22:10:25.000000000 +0100
++++ cups-2.3.3op2/backend/lpd.c	2023-06-28 17:28:52.465476261 +0200
+@@ -63,7 +63,7 @@ static int	abort_job = 0;		/* Non-zero i
+ 
+ #define RESERVE_NONE		0	/* Don't reserve a priviledged port */
+ #define RESERVE_RFC1179		1	/* Reserve port 721-731 */
+-#define RESERVE_ANY		2	/* Reserve port 1-1023 */
++#define RESERVE_ANY		2	/* Reserve port 512-1023 */
+ 
+ 
+ /*
+@@ -778,7 +778,7 @@ lpd_queue(const char      *hostname,	/*
+ 
+       if (lport < 721 && reserve == RESERVE_RFC1179)
+ 	lport = 731;
+-      else if (lport < 1)
++      else if (lport < 512)
+ 	lport = 1023;
+ 
+ #ifdef HAVE_GETEUID

SOURCES/0001-Fix-domain-socket-handling.patch

@@ -0,0 +1,86 @@
+diff --git a/cups/http-addr.c b/cups/http-addr.c
+index 86749c848..5b035e02b 100644
+--- a/cups/http-addr.c
++++ b/cups/http-addr.c
+@@ -196,31 +196,29 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
+   {
+     mode_t	mask;			/* Umask setting */
+ 
+-   /*
+-    * Remove any existing domain socket file...
+-    */
+-
+-    unlink(addr->un.sun_path);
+-
+-   /*
+-    * Save the current umask and set it to 0 so that all users can access
+-    * the domain socket...
+-    */
+-
+-    mask = umask(0);
+-
+-   /*
+-    * Bind the domain socket...
+-    */
++    // Remove any existing domain socket file...
++    if ((status = unlink(addr->un.sun_path)) < 0)
++    {
++      DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
++      if (errno == ENOENT)
++       status = 0;
++    }
+ 
+-    status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
++    if (!status)
++    {
++      // Save the current umask and set it to 0 so that all users can access
++      // the domain socket...
++      mask = umask(0);
+ 
+-   /*
+-    * Restore the umask and fix permissions...
+-    */
++      // Bind the domain socket...
++      if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
++      {
++        DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
++      }
+ 
+-    umask(mask);
+-    chmod(addr->un.sun_path, 0140777);
++      // Restore the umask...
++      umask(mask);
++    }
+   }
+   else
+ #endif /* AF_LOCAL */
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index bb6049b2c..4c703c9b9 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -3062,6 +3062,25 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+ 
+       cupsd_listener_t	*lis;		/* New listeners array */
+ 
++     /*
++      * If we are launched on-demand, do not use domain sockets from the config
++      * file.  Also check that the domain socket path is not too long...
++      */
++
++#ifdef HAVE_ONDEMAND
++      if (*value == '/' && OnDemand)
++      {
++        if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
++          cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
++        continue;
++      }
++#endif // HAVE_ONDEMAND
++
++      if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
++      {
++        cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
++        continue;
++      }
+ 
+      /*
+       * Get the address list...

SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch

@@ -0,0 +1,64 @@
+From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
+From: Rose <83477269+AtariDreams@users.noreply.github.com>
+Date: Thu, 1 Jun 2023 11:33:39 -0400
+Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
+
+httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
+
+We have to log the hostname first.
+---
+ scheduler/client.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 91e441188..327473a4d 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+    /*
+     * Can't have an unresolved IP address with double-lookups enabled...
+     */
+-
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+-                    "Name lookup failed - connection from %s closed!",
++                    "Name lookup failed - closing connection from %s!",
+                     httpGetHostname(con->http, NULL, 0));
+ 
++    httpClose(con->http);
+     free(con);
+     return;
+   }
+@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+       * with double-lookups enabled...
+       */
+ 
+-      httpClose(con->http);
+-
+       cupsdLogClient(con, CUPSD_LOG_WARN,
+-                      "IP lookup failed - connection from %s closed!",
++                      "IP lookup failed - closing connection from %s!",
+                       httpGetHostname(con->http, NULL, 0));
++
++      httpClose(con->http);
+       free(con);
+       return;
+     }
+@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
+ 
+   if (!hosts_access(&wrap_req))
+   {
+-    httpClose(con->http);
+-
+     cupsdLogClient(con, CUPSD_LOG_WARN,
+                     "Connection from %s refused by /etc/hosts.allow and "
+ 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
++
++    httpClose(con->http);
+     free(con);
+     return;
+   }
+-- 
+2.41.0
+

SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch

@@ -0,0 +1,48 @@
+From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
+From: Bryan Mason <bmason@redhat.com>
+Date: Tue, 27 Jun 2023 04:18:46 -0700
+Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
+ single job (#742)
+
+The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
+operation; however, the correct attribute to use for Cancel-job is
+"purge-job" (singular), not "purge-jobs" (plural).  As a result, job
+files are not removed from /var/spool/cups when "cancel -x <job>" is
+executed.
+
+This patch resolves the issue by adding "purge-job" when the IPP
+operation is Cancel-Job and "purge-jobs" for other IPP operations
+(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
+---
+ systemv/cancel.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/systemv/cancel.c b/systemv/cancel.c
+index 572f413e1..f5b8e12b5 100644
+--- a/systemv/cancel.c
++++ b/systemv/cancel.c
+@@ -260,6 +260,7 @@ main(int  argc,				/* I - Number of command-line arguments */
+       *    attributes-natural-language
+       *    printer-uri + job-id *or* job-uri
+       *    [requesting-user-name]
++      *    [purge-job] or [purge-jobs]
+       */
+ 
+       request = ippNewRequest(op);
+@@ -294,7 +295,12 @@ main(int  argc,				/* I - Number of command-line arguments */
+                      "requesting-user-name", NULL, cupsUser());
+ 
+       if (purge)
+-	ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
++      {
++	if (op == IPP_CANCEL_JOB)
++	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
++	else
++	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
++      }
+ 
+      /*
+       * Do the request and get back a response...
+-- 
+2.41.0
+

SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch

@@ -0,0 +1,35 @@
+From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
+From: Vasilis Liaskovitis <vliaskovitis@suse.com>
+Date: Wed, 1 Mar 2023 13:46:28 +0100
+Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
+ #308)
+
+Use a listen queue size of INT_MAX, which should default to the maximum
+supported queue size on the system.
+
+This avoids the problem of the listening backlog queue getting full when
+there are too many requests at the same time. The problem was observed
+with the previous backlog size (128) by customers when submitting large
+batches of print jobs, resulting in some jobs getting lost.
+
+Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
+---
+ cups/http-addr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cups/http-addr.c b/cups/http-addr.c
+index a61ee0449..6aeeb8074 100644
+--- a/cups/http-addr.c
++++ b/cups/http-addr.c
+@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
+   * Listen...
+   */
+ 
+-  if (listen(fd, 128))
++  if (listen(fd, INT_MAX))
+   {
+     _cupsSetHTTPError(HTTP_STATUS_ERROR);
+ 
+-- 
+2.41.0
+

SOURCES/0001-cups-strlcpy-handle-zero-size.patch

@@ -0,0 +1,34 @@
+From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Wed, 17 May 2023 12:59:57 -0400
+Subject: [PATCH] Consensus fix.
+
+---
+ cups/string.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cups/string.c b/cups/string.c
+index 00454203c..b4fc12050 100644
+--- a/cups/string.c
++++ b/cups/string.c
+@@ -1,6 +1,7 @@
+ /*
+  * String functions for CUPS.
+  *
++ * Copyright © 2023 by OpenPrinting.
+  * Copyright © 2007-2019 by Apple Inc.
+  * Copyright © 1997-2007 by Easy Software Products.
+  *
+@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
+   size_t	srclen;			/* Length of source string */
+ 
+ 
++  if (size == 0)
++    return (0);
++
+  /*
+   * Figure out how much room is needed...
+   */
+-- 
+2.40.1
+

SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch

@@ -0,0 +1,43 @@
+diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
+--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup	2023-12-19 18:25:15.484637450 +0100
++++ cups-2.2.6/cups/http-addrlist.c	2023-12-19 18:28:57.129163387 +0100
+@@ -313,6 +313,39 @@ httpAddrConnect2(
+       {
+ #  ifdef HAVE_POLL
+ 	DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
++
++#    ifdef _WIN32
++	if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
++	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
++#    else
++	if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
++	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
++#    endif /* _WIN32 */
++	{
++	  // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
++	  // asynchronous connections. The solution seems to be to use getsockopt to
++	  // check the SO_ERROR value and ignore the POLLHUP if there is no error or
++	  // the error is EINPROGRESS.
++
++	  int	    sres,		 /* Return value from getsockopt() - 0, or -1 if error */
++		    serr;		 /* Option SO_ERROR value */
++	  socklen_t slen = sizeof(serr); /* Option value size */
++
++	  sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
++
++	  if (sres || serr)
++	  {
++	    pfds[i].revents |= POLLERR;
++#    ifdef DEBUG
++	    DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
++#    endif
++	  }
++	  else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
++	  {
++	    pfds[i].revents &= ~POLLHUP;
++	  }
++	}
++
+ 	if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
+ #  else
+ 	if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))

SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch

@@ -0,0 +1,36 @@
+From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Fri, 1 Sep 2023 17:11:54 +0200
+Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
+ cups-files.conf
+
+In case cupsd can't open the cups-files.conf, the error message is lost
+if journal and syslog don't exist or work on system (usually in
+containers).
+
+Log the error into stderr at this place to get the error message if
+needed.
+---
+ scheduler/conf.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index b18535162..4fa7eb1df 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
+     cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
+   else
+   {
+-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+-    sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+-#else
+-    syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
+-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
++    fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
+ 
+     return (0);
+   }
+-- 
+2.41.0
+

SOURCES/cups-check-for-listeners.patch

@@ -0,0 +1,94 @@
+diff --git a/scheduler/conf.c b/scheduler/conf.c
+index c113eb3..77ce179 100644
+--- a/scheduler/conf.c
++++ b/scheduler/conf.c
+@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
+ 
+   cupsdDeleteAllListeners();
+ 
++ /*
++  * Allocate Listeners array
++  */
++
++  Listeners = cupsArrayNew(NULL, NULL);
++
++  if (!Listeners)
++  {
++    fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
++    return (0);
++  }
++
+   old_remote_port = RemotePort;
+   RemotePort      = 0;
+ 
+@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
+     }
+   }
+ 
+- /*
+-  * Check that we have at least one listen/port line; if not, report this
+-  * as an error and exit!
+-  */
+-
+-  if (cupsArrayCount(Listeners) == 0)
+-  {
+-   /*
+-    * No listeners!
+-    */
+-
+-    cupsdLogMessage(CUPSD_LOG_EMERG,
+-                    "No valid Listen or Port lines were found in the "
+-		    "configuration file.");
+-
+-   /*
+-    * Commit suicide...
+-    */
+-
+-    cupsdEndProcess(getpid(), 0);
+-  }
+-
+  /*
+   * Set the default locale using the language and charset...
+   */
+@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
+         * Allocate another listener...
+ 	*/
+ 
+-        if (!Listeners)
+-	  Listeners = cupsArrayNew(NULL, NULL);
+-
+-	if (!Listeners)
+-	{
+-          cupsdLogMessage(CUPSD_LOG_ERROR,
+-	                  "Unable to allocate %s at line %d - %s.",
+-	                  line, linenum, strerror(errno));
+-          break;
+-	}
+-
+         if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
+ 	{
+           cupsdLogMessage(CUPSD_LOG_ERROR,
+diff --git a/scheduler/main.c b/scheduler/main.c
+index a6e2c3a..b935c52 100644
+--- a/scheduler/main.c
++++ b/scheduler/main.c
+@@ -2113,6 +2113,21 @@ service_checkin(void)
+     service_add_listener(fd, 0);
+   }
+ #endif /* HAVE_LAUNCHD */
++
++  if (cupsArrayCount(Listeners) == 0)
++  {
++   /*
++    * No listeners!
++    */
++
++    cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
++
++   /*
++    * Commit suicide...
++    */
++
++    cupsdEndProcess(getpid(), 0);
++  }
+ }

SOURCES/cups-deprecate-drivers.patch

@@ -167,11 +167,11 @@ index 4498a8c..8776874 100755
  count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
 -if test $count != 8; then
 -	echo "FAIL: $count warning messages, expected 8."
-+if test $count != 10; then
-+	echo "FAIL: $count warning messages, expected 10."
++if test $count != 9; then
++	echo "FAIL: $count warning messages, expected 9."
  	$GREP '^W ' $BASE/log/error_log
 -	echo "    <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
-+	echo "    <p>FAIL: $count warning messages, expected 10.</p>" >>$strfile
++	echo "    <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
  	echo "    <pre>" >>$strfile
  	$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&amp;/g' -e '1,$s/</&lt;/g' >>$strfile
  	echo "    </pre>" >>$strfile

SOURCES/cups-local-negotiate.patch

@@ -0,0 +1,115 @@
+diff --git a/cups/auth.c b/cups/auth.c
+index db45bbb..b6fec6b 100644
+--- a/cups/auth.c
++++ b/cups/auth.c
+@@ -90,6 +90,7 @@ static void	cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
+ #    define	cups_gss_printf(major, minor, message)
+ #  endif /* DEBUG */
+ #endif /* HAVE_GSSAPI */
++static int	cups_is_local_connection(http_t *http);
+ static int	cups_local_auth(http_t *http);
+ 
+ 
+@@ -174,10 +175,10 @@ cupsDoAuthentication(
+     DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
+ 
+ #ifdef HAVE_GSSAPI
+-    if (!_cups_strcasecmp(scheme, "Negotiate"))
++    if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
+     {
+      /*
+-      * Kerberos authentication...
++      * Kerberos authentication to remote server...
+       */
+ 
+       int gss_status;			/* Auth status */
+@@ -201,7 +202,9 @@ cupsDoAuthentication(
+     }
+     else
+ #endif /* HAVE_GSSAPI */
+-    if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
++    if (_cups_strcasecmp(scheme, "Basic") &&
++	_cups_strcasecmp(scheme, "Digest") &&
++	_cups_strcasecmp(scheme, "Negotiate"))
+     {
+      /*
+       * Other schemes not yet supported...
+@@ -215,7 +218,7 @@ cupsDoAuthentication(
+     * See if we should retry the current username:password...
+     */
+ 
+-    if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
++    if (http->digest_tries > 1 || !http->userpass[0])
+     {
+      /*
+       * Nope - get a new password from the user...
+@@ -295,7 +298,7 @@ cupsDoAuthentication(
+     }
+   }
+ 
+-  if (http->authstring)
++  if (http->authstring && http->authstring[0])
+   {
+     DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
+ 
+@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32  major_status,/* I - Major status code */
+ #  endif /* DEBUG */
+ #endif /* HAVE_GSSAPI */
+ 
++static int				/* O - 0 if not a local connection */
++					/*     1  if local connection */
++cups_is_local_connection(http_t *http)	/* I - HTTP connection to server */
++{
++  if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
++    return 0;
++  return 1;
++}
+ 
+ /*
+  * 'cups_local_auth()' - Get the local authorization certificate if
+@@ -958,7 +969,7 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
+   * See if we are accessing localhost...
+   */
+ 
+-  if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
++  if (!cups_is_local_connection(http))
+   {
+     DEBUG_puts("8cups_local_auth: Not a local connection!");
+     return (1);
+@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
+   }
+ #  endif /* HAVE_AUTHORIZATION_H */
+ 
+-#  ifdef HAVE_GSSAPI
+-  if (cups_auth_find(www_auth, "Negotiate"))
+-    return (1);
+-#  endif /* HAVE_GSSAPI */
+-
+ #  if defined(SO_PEERCRED) && defined(AF_LOCAL)
+  /*
+   * See if we can authenticate using the peer credentials provided over a
+diff --git a/scheduler/client.c b/scheduler/client.c
+index 89c76bf..40708d9 100644
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -2244,18 +2244,13 @@ cupsdSendHeader(
+     }
+     else if (auth_type == CUPSD_AUTH_NEGOTIATE)
+     {
+-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
+-      if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
+-	strlcpy(auth_str, "PeerCred", sizeof(auth_str));
+-      else
+-#endif /* SO_PEERCRED && AF_LOCAL */
+       strlcpy(auth_str, "Negotiate", sizeof(auth_str));
+     }
+ 
+-    if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
++    if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+     {
+      /*
+-      * Add a "trc" (try root certification) parameter for local non-Kerberos
++      * Add a "trc" (try root certification) parameter for local
+       * requests when the request requires system group membership - then the
+       * client knows the root certificate can/should be used.
+       *

SOURCES/cups-preservejobfiles-leak.patch

@@ -0,0 +1,31 @@
+diff --git a/scheduler/colorman.c b/scheduler/colorman.c
+index 8af4e5c..9bfdb0c 100644
+--- a/scheduler/colorman.c
++++ b/scheduler/colorman.c
+@@ -1083,7 +1083,7 @@ colord_create_profile(
+ 
+   dbus_message_iter_get_basic(&args, &profile_path);
+   cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
+-  cupsArrayAdd(profiles, strdup(profile_path));
++  cupsArrayAdd(profiles, profile_path);
+ 
+ out:
+ 
+diff --git a/scheduler/job.c b/scheduler/job.c
+index 0223bee..47d4c72 100644
+--- a/scheduler/job.c
++++ b/scheduler/job.c
+@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t       *job,	/* I - Job */
+     job->num_files = 0;
+   }
+ 
++  unload_job(job);
++
+   if (job->history)
+     free_job_history(job);
+ 
+-  unload_job(job);
+-
+   cupsArrayRemove(Jobs, job);
+   cupsArrayRemove(ActiveJobs, job);
+   cupsArrayRemove(PrintingJobs, job);

SOURCES/cups-socket-remove-on-stop.patch

@@ -0,0 +1,12 @@
+diff --git a/scheduler/cups.socket.in b/scheduler/cups.socket.in
+index 613b977a6..1deee826a 100644
+--- a/scheduler/cups.socket.in
++++ b/scheduler/cups.socket.in
+@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
+ 
+ [Socket]
+ ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
++RemoveOnStop=on
+ 
+ [Install]
+ WantedBy=sockets.target

SPECS/cups.spec

@@ -24,7 +24,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 16%{?dist}.1.inferit.1
+Release: 27%{?dist}.inferit
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@@ -112,8 +112,39 @@ Patch27: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
 Patch28: 0001-Update-man-pages-for-h-option-Issue-357.patch
 # CVE-2022-26691 cups: authorization bypass when using "local" authorization
 Patch29: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
+# 2189919 - CGI scripts don't work with local Negotiate authentication
+Patch30: cups-local-negotiate.patch
+# 2217177 - Delays printing to lpd when reserved ports are exhausted
+Patch31: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
+# 2217284 - The command "cancel -x <job>" does not remove job files
+Patch32: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
+# 2217954 - Enlarge backlog queue for listen() in cupsd
+Patch33: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
+# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+Patch35: 0001-cups-strlcpy-handle-zero-size.patch
 # CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
-Patch30: 0001-Require-authentication-for-CUPS-Get-Document.patch
+Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+Patch37: cups-preservejobfiles-leak.patch
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/a436956
+Patch40: 0001-Fix-domain-socket-handling.patch
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/3448c52
+Patch41: cups-socket-remove-on-stop.patch
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/7adb508
+# https://github.com/OpenPrinting/cups/commit/824f49f
+# https://github.com/OpenPrinting/cups/commit/56b9728
+# https://github.com/OpenPrinting/cups/commit/74f437b
+# https://github.com/OpenPrinting/cups/commit/fb0c914
+Patch42: cups-check-for-listeners.patch
 
 Patch101: 0001-Fixed-case-when-no-username-request-on-printing.patch
 
@@ -356,8 +387,39 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
 %patch28 -p1 -b .manpage-update
 # CVE-2022-26691 cups: authorization bypass when using "local" authorization
 %patch29 -p1 -b .cve26691
+# 2189919 - CGI scripts don't work with local Negotiate authentication
+%patch30 -p1 -b .local-negotiate
+# 2217177 - Delays printing to lpd when reserved ports are exhausted
+%patch31 -p1 -b .lpd-delay
+# 2217284 - The command "cancel -x <job>" does not remove job files
+%patch32 -p1 -b .purge-job
+# 2217954 - Enlarge backlog queue for listen() in cupsd
+%patch33 -p1 -b .listen-backlog
+# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+%patch34 -p1 -b .cve34241
+# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+%patch35 -p1 -b .cve32324
 # CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
-%patch30 -p1 -b .get-document-auth
+%patch36 -p1 -b .get-document-auth
+# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+%patch37 -p1 -b .preservejobfiles-leak
+# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+%patch38 -p1 -b .log-stderr
+# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+%patch39 -p1 -b .cupsgetjobs-pollhup
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/a436956
+%patch40 -p1 -b .cve2024-35235
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/3448c52
+%patch41 -p1 -b .cups-socket-remove-on-stop.patch
+# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+# https://github.com/OpenPrinting/cups/commit/7adb508
+# https://github.com/OpenPrinting/cups/commit/824f49f
+# https://github.com/OpenPrinting/cups/commit/56b9728
+# https://github.com/OpenPrinting/cups/commit/74f437b
+# https://github.com/OpenPrinting/cups/commit/fb0c914
+%patch42 -p1 -b .cups-check-for-listeners.patch
 
 %if %{lspp}
 # LSPP support.
@@ -794,13 +856,56 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz
 
 %changelog
-* Wed Sep 13 2023 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 1:2.3.3op2-16.1.inferit.1
-- Fixed case when no username request on printing
+* Wed Jun 19 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27
+- Revert the cups-libs license identifier to the "legacy" format
+
+* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-26
+- RHEL-40388 cups: Cupsd Listen arbitrary chmod 0140777
+- Delete the domain socket file after stopping the cups.socket service
+- Fix cupsd Listener checks
+
+* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-25
+- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
+
+* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24
+- revert RHEL-19205 - new packages are not needed
+
+* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-23
+- RHEL-19205 Recommend new cups-filters subpackages with weak dep for better upgrade exp
+- RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
+
+* Thu Nov 02 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-22
+- RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
+- RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
+
+* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21
+- bump the spec because the previous build was made with buildroot 9.2
 
-* Tue Aug 15 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16.1
+* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-20
 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
 
-* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.3.3op2-16
+* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
+- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
+- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
+
+* Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19
+- 2217177 - Delays printing to lpd when reserved ports are exhausted
+- 2217284 - The command "cancel -x <job>" does not remove job files
+- 2217954 - Enlarge backlog queue for listen() in cupsd
+
+* Wed Apr 26 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-18
+- 2189919 - CGI scripts don't work with local Negotiate authentication
+
+* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
+- RHEL-314 - Enable fmf tests in centos stream
+
+* Thu Mar 23 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17
+- RHEL-317 - upstream test suite fails due uncorrect number of expected warnings
+
+* Thu Mar 16 2023 Alexey Berezhok <alexey.berezhok@msvsphere-os.ru> - 1:2.3.3op2-16.1.inferit.1
+- Fixed case when no username request on printing
+
+* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1:2.3.3op2-16
 - Rebuilt for MSVSphere 9.1.
 
 * Thu Jun 16 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16