Compare commits

...

No commits in common. 'c9' and 'c8' have entirely different histories.
c9 ... c8

@ -1,2 +1,2 @@
23108e0f6ca7d8caa1a6a6224f5322e21ba0a27d SOURCES/cups-2.3.3op2-source.tar.gz
b5e3389fb9450bfed377c95c0230c029c053acc4 SOURCES/cups-2.2.6-source.tar.gz
79ee155bed4c18088be472a6e364f37ad6e410a6 SOURCES/cupsprinter.png

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/cups-2.3.3op2-source.tar.gz
SOURCES/cups-2.2.6-source.tar.gz
SOURCES/cupsprinter.png

@ -0,0 +1,497 @@
diff -up cups-2.2.6/cups/http-private.h.remove-weak-ciphers cups-2.2.6/cups/http-private.h
--- cups-2.2.6/cups/http-private.h.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/cups/http-private.h 2018-08-07 11:53:54.985633959 +0200
@@ -180,13 +180,17 @@ extern "C" {
# define _HTTP_TLS_NONE 0 /* No TLS options */
# define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
-# define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */
-# define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */
-# define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */
-# define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */
-# define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */
+# define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
+# define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
# define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
+# define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
+# define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
+# define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
+# define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
+# define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
+# define _HTTP_TLS_MAX 5 /* Highest known TLS version */
+
/*
* Types and functions for SSL support...
@@ -442,7 +446,7 @@ extern void _httpTLSInitialize(void);
extern size_t _httpTLSPending(http_t *http);
extern int _httpTLSRead(http_t *http, char *buf, int len);
extern int _httpTLSSetCredentials(http_t *http);
-extern void _httpTLSSetOptions(int options);
+extern void _httpTLSSetOptions(int options, int min_version, int max_version);
extern int _httpTLSStart(http_t *http);
extern void _httpTLSStop(http_t *http);
extern int _httpTLSWrite(http_t *http, const char *buf, int len);
diff -up cups-2.2.6/cups/tlscheck.c.remove-weak-ciphers cups-2.2.6/cups/tlscheck.c
--- cups-2.2.6/cups/tlscheck.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/cups/tlscheck.c 2018-08-07 11:53:54.987633942 +0200
@@ -54,6 +54,8 @@ main(int argc, /* I - Number of comm
int af = AF_UNSPEC, /* Address family */
tls_options = _HTTP_TLS_NONE,
/* TLS options */
+ tls_min_version = _HTTP_TLS_1_0,
+ tls_max_version = _HTTP_TLS_MAX,
verbose = 0; /* Verbosity */
ipp_t *request, /* IPP Get-Printer-Attributes request */
*response; /* IPP Get-Printer-Attributes response */
@@ -88,11 +90,12 @@ main(int argc, /* I - Number of comm
}
else if (!strcmp(argv[i], "--no-tls10"))
{
- tls_options |= _HTTP_TLS_DENY_TLS10;
+ tls_min_version = _HTTP_TLS_1_1;
}
else if (!strcmp(argv[i], "--tls10"))
{
- tls_options |= _HTTP_TLS_ONLY_TLS10;
+ tls_min_version = _HTTP_TLS_1_0;
+ tls_max_version = _HTTP_TLS_1_0;
}
else if (!strcmp(argv[i], "--rc4"))
{
@@ -148,7 +151,7 @@ main(int argc, /* I - Number of comm
if (!port)
port = 631;
- _httpTLSSetOptions(tls_options);
+ _httpTLSSetOptions(tls_options, tls_min_version, tls_max_version);
http = httpConnect2(server, port, NULL, af, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
if (!http)
diff -up cups-2.2.6/cups/tls-darwin.c.remove-weak-ciphers cups-2.2.6/cups/tls-darwin.c
--- cups-2.2.6/cups/tls-darwin.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/cups/tls-darwin.c 2018-08-07 11:53:54.986633951 +0200
@@ -53,7 +53,9 @@ static char *tls_keypath = NULL;
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
-static int tls_options = -1;/* Options for TLS connections */
+static int tls_options = -1,/* Options for TLS connections */
+ tls_min_version = _HTTP_TLS_1_0,
+ tls_max_version = _HTTP_TLS_MAX;
/*
@@ -1139,10 +1141,16 @@ _httpTLSRead(http_t *http, /* I - HTTP
*/
void
-_httpTLSSetOptions(int options) /* I - Options */
+_httpTLSSetOptions(int options, /* I - Options */
+ int min_version, /* I - Minimum TLS version */
+ int max_version) /* I - Maximum TLS version */
{
if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
- tls_options = options;
+ {
+ tls_options = options;
+ tls_min_version = min_version;
+ tls_max_version = max_version;
+ }
}
@@ -1174,7 +1182,7 @@ _httpTLSStart(http_t *http) /* I - HTTP
{
DEBUG_puts("4_httpTLSStart: Setting defaults.");
_cupsSetDefaults();
- DEBUG_printf(("4_httpTLSStart: tls_options=%x", tls_options));
+ DEBUG_printf(("4_httpTLSStart: tls_options=%x, tls_min_version=%d, tls_max_version=%d", tls_options, tls_min_version, tls_max_version));
}
#ifdef HAVE_SECKEYCHAINOPEN
@@ -1217,22 +1225,23 @@ _httpTLSStart(http_t *http) /* I - HTTP
if (!error)
{
- SSLProtocol minProtocol;
-
- if (tls_options & _HTTP_TLS_DENY_TLS10)
- minProtocol = kTLSProtocol11;
- else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
- minProtocol = kSSLProtocol3;
- else
- minProtocol = kTLSProtocol1;
+ static const SSLProtocol protocols[] = /* Min/max protocol versions */
+ {
+ kSSLProtocol3,
+ kTLSProtocol1,
+ kTLSProtocol11,
+ kTLSProtocol12,
+ kTLSProtocol13,
+ kTLSProtocolMaxSupported
+ };
- error = SSLSetProtocolVersionMin(http->tls, minProtocol);
- DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", minProtocol, (int)error));
+ error = SSLSetProtocolVersionMin(http->tls, protocols[tls_min_version]);
+ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin(%d), error=%d", protocols[tls_min_version], (int)error));
- if (!error && (tls_options & _HTTP_TLS_ONLY_TLS10))
+ if (!error)
{
- error = SSLSetProtocolVersionMax(http->tls, kTLSProtocol1);
- DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(kTLSProtocol1), error=%d", (int)error));
+ error = SSLSetProtocolVersionMax(http->tls, protocols[tls_max_version]);
+ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMax(%d), error=%d", protocols[tls_max_version], (int)error));
}
}
diff -up cups-2.2.6/cups/tls-gnutls.c.remove-weak-ciphers cups-2.2.6/cups/tls-gnutls.c
--- cups-2.2.6/cups/tls-gnutls.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/cups/tls-gnutls.c 2018-08-07 11:58:45.164114342 +0200
@@ -35,7 +35,9 @@ static char *tls_keypath = NULL;
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
-static int tls_options = -1;/* Options for TLS connections */
+static int tls_options = -1,/* Options for TLS connections */
+ tls_min_version = _HTTP_TLS_1_0,
+ tls_max_version = _HTTP_TLS_MAX;
/*
@@ -1224,10 +1226,16 @@ _httpTLSSetCredentials(http_t *http) /*
*/
void
-_httpTLSSetOptions(int options) /* I - Options */
+_httpTLSSetOptions(int options, /* I - Options */
+ int min_version, /* I - Minimum TLS version */
+ int max_version) /* I - Maximum TLS version */
{
if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
- tls_options = options;
+ {
+ tls_options = options;
+ tls_min_version = min_version;
+ tls_max_version = max_version;
+ }
}
@@ -1245,6 +1253,16 @@ _httpTLSStart(http_t *http) /* I - Conn
/* TLS credentials */
char priority_string[2048];
/* Priority string */
+ int version; /* Current version */
+ static const char * const versions[] =/* SSL/TLS versions */
+ {
+ "VERS-SSL3.0",
+ "VERS-TLS1.0",
+ "VERS-TLS1.1",
+ "VERS-TLS1.2",
+ "VERS-TLS1.3",
+ "VERS-TLS-ALL"
+ };
DEBUG_printf(("3_httpTLSStart(http=%p)", http));
@@ -1506,14 +1524,40 @@ _httpTLSStart(http_t *http) /* I - Conn
strlcpy(priority_string, "NORMAL", sizeof(priority_string));
- if (tls_options & _HTTP_TLS_DENY_TLS10)
- strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0", sizeof(priority_string));
- else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ if (tls_max_version < _HTTP_TLS_MAX)
+ {
+ /*
+ * Require specific TLS versions...
+ */
+
+ strlcat(priority_string, ":-VERS-TLS-ALL", sizeof(priority_string));
+ for (version = tls_min_version; version <= tls_max_version; version ++)
+ {
+ strlcat(priority_string, ":+", sizeof(priority_string));
+ strlcat(priority_string, versions[version], sizeof(priority_string));
+ }
+ }
+ else if (tls_min_version == _HTTP_TLS_SSL3)
+ {
+ /*
+ * Allow all versions of TLS and SSL/3.0...
+ */
+
strlcat(priority_string, ":+VERS-TLS-ALL:+VERS-SSL3.0", sizeof(priority_string));
- else if (tls_options & _HTTP_TLS_ONLY_TLS10)
- strlcat(priority_string, ":-VERS-TLS-ALL:-VERS-SSL3.0:+VERS-TLS1.0", sizeof(priority_string));
+ }
else
- strlcat(priority_string, ":+VERS-TLS-ALL:-VERS-SSL3.0", sizeof(priority_string));
+ {
+ /*
+ * Require a minimum version...
+ */
+
+ strlcat(priority_string, ":+VERS-TLS-ALL", sizeof(priority_string));
+ for (version = 0; version < tls_min_version; version ++)
+ {
+ strlcat(priority_string, ":-", sizeof(priority_string));
+ strlcat(priority_string, versions[version], sizeof(priority_string));
+ }
+ }
if (tls_options & _HTTP_TLS_ALLOW_RC4)
strlcat(priority_string, ":+ARCFOUR-128", sizeof(priority_string));
diff -up cups-2.2.6/cups/tls-sspi.c.remove-weak-ciphers cups-2.2.6/cups/tls-sspi.c
--- cups-2.2.6/cups/tls-sspi.c.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/cups/tls-sspi.c 2018-08-07 11:53:54.986633951 +0200
@@ -52,7 +52,9 @@
* Local globals...
*/
-static int tls_options = -1;/* Options for TLS connections */
+static int tls_options = -1,/* Options for TLS connections */
+ tls_min_version = _HTTP_TLS_1_0,
+ tls_max_version = _HTTP_TLS_MAX;
/*
@@ -914,7 +916,11 @@ void
_httpTLSSetOptions(int options) /* I - Options */
{
if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
- tls_options = options;
+ {
+ tls_options = options;
+ tls_min_version = min_version;
+ tls_max_version = max_version;
+ }
}
@@ -1782,14 +1788,14 @@ http_sspi_find_credentials(
#else
if (http->mode == _HTTP_MODE_SERVER)
{
- if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ if (tls_min_version == _HTTP_TLS_SSL3)
SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
else
SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
}
else
{
- if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ if (tls_min_version == _HTTP_TLS_SSL3)
SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
else
SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
diff -up cups-2.2.6/cups/usersys.c.remove-weak-ciphers cups-2.2.6/cups/usersys.c
--- cups-2.2.6/cups/usersys.c.remove-weak-ciphers 2018-08-07 11:53:54.945634283 +0200
+++ cups-2.2.6/cups/usersys.c 2018-08-07 11:53:54.987633942 +0200
@@ -54,7 +54,9 @@
typedef struct _cups_client_conf_s /**** client.conf config data ****/
{
#ifdef HAVE_SSL
- int ssl_options; /* SSLOptions values */
+ int ssl_options, /* SSLOptions values */
+ ssl_min_version,/* Minimum SSL/TLS version */
+ ssl_max_version;/* Maximum SSL/TLS version */
#endif /* HAVE_SSL */
int trust_first, /* Trust on first use? */
any_root, /* Allow any (e.g., self-signed) root */
@@ -957,7 +959,7 @@ _cupsSetDefaults(void)
cg->validate_certs = cc.validate_certs;
#ifdef HAVE_SSL
- _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT);
+ _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
#endif /* HAVE_SSL */
}
@@ -1336,7 +1338,9 @@ cups_set_ssl_options(
* SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
*/
- int options = _HTTP_TLS_NONE; /* SSL/TLS options */
+ int options = _HTTP_TLS_NONE, /* SSL/TLS options */
+ min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */
+ max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */
char temp[256], /* Copy of value */
*start, /* Start of option */
*end; /* End of option */
@@ -1364,20 +1368,38 @@ cups_set_ssl_options(
if (!_cups_strcasecmp(start, "AllowRC4"))
options |= _HTTP_TLS_ALLOW_RC4;
else if (!_cups_strcasecmp(start, "AllowSSL3"))
- options |= _HTTP_TLS_ALLOW_SSL3;
+ min_version = _HTTP_TLS_SSL3;
else if (!_cups_strcasecmp(start, "AllowDH"))
options |= _HTTP_TLS_ALLOW_DH;
else if (!_cups_strcasecmp(start, "DenyCBC"))
options |= _HTTP_TLS_DENY_CBC;
else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
- options |= _HTTP_TLS_DENY_TLS10;
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
+ max_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
+ max_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
+ max_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
+ max_version = _HTTP_TLS_1_3;
+ else if (!_cups_strcasecmp(start, "MinTLS1.0"))
+ min_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MinTLS1.1"))
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MinTLS1.2"))
+ min_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MinTLS1.3"))
+ min_version = _HTTP_TLS_1_3;
else if (!_cups_strcasecmp(start, "None"))
options = _HTTP_TLS_NONE;
}
- cc->ssl_options = options;
+ cc->ssl_options = options;
+ cc->ssl_max_version = max_version;
+ cc->ssl_min_version = min_version;
- DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x", (void *)cc, value, options));
+ DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
}
#endif /* HAVE_SSL */
diff -up cups-2.2.6/man/client.conf.man.in.remove-weak-ciphers cups-2.2.6/man/client.conf.man.in
--- cups-2.2.6/man/client.conf.man.in.remove-weak-ciphers 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/man/client.conf.man.in 2018-08-07 11:53:54.987633942 +0200
@@ -10,7 +10,7 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc."
+.TH client.conf 5 "CUPS" "3 November 2017" "Apple Inc."
.SH NAME
client.conf \- client configuration file for cups
.SH DESCRIPTION
@@ -56,7 +56,7 @@ Specifies the address and optionally the
\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
.TP 5
-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR]
+\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
.TP 5
\fBSSLOptions None\fR
Sets encryption options (only in /etc/cups/client.conf).
@@ -68,6 +68,9 @@ The \fIAllowRC4\fR option enables the 12
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The \fMinTLS\fR options set the minimum TLS version to support.
+The \fMaxTLS\fR options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
.TP 5
\fBTrustOnFirstUse Yes\fR
.TP 5
diff -up cups-2.2.6/man/cupsd.conf.man.in.remove-weak-ciphers cups-2.2.6/man/cupsd.conf.man.in
--- cups-2.2.6/man/cupsd.conf.man.in.remove-weak-ciphers 2018-08-07 11:53:54.981633991 +0200
+++ cups-2.2.6/man/cupsd.conf.man.in 2018-08-07 11:53:54.987633942 +0200
@@ -432,10 +432,11 @@ The default is "Minimal".
Listens on the specified address and port for encrypted connections.
.\"#SSLOptions
.TP 5
-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR]
+.TP 5
+\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
.TP 5
\fBSSLOptions None\fR
-Sets encryption options.
+Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
Security is reduced when \fIAllow\fR options are used.
Security is enhanced when \fIDeny\fR options are used.
@@ -444,6 +445,9 @@ The \fIAllowRC4\fR option enables the 12
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The \fMinTLS\fR options set the minimum TLS version to support.
+The \fMaxTLS\fR options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
.\"#SSLPort
.TP 5
\fBSSLPort \fIport\fR
diff -up cups-2.2.6/scheduler/conf.c.remove-weak-ciphers cups-2.2.6/scheduler/conf.c
--- cups-2.2.6/scheduler/conf.c.remove-weak-ciphers 2018-08-07 11:53:54.981633991 +0200
+++ cups-2.2.6/scheduler/conf.c 2018-08-07 11:53:54.988633934 +0200
@@ -630,7 +630,7 @@ cupsdReadConfiguration(void)
cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
# endif /* HAVE_GNUTLS */
- _httpTLSSetOptions(0);
+ _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX);
#endif /* HAVE_SSL */
language = cupsLangDefault();
@@ -3024,7 +3024,9 @@ read_cupsd_conf(cups_file_t *fp) /* I -
* SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyCBC] [DenyTLS1.0] [None]
*/
- int options = 0; /* SSL/TLS options */
+ int options = _HTTP_TLS_NONE,/* SSL/TLS options */
+ min_version = _HTTP_TLS_1_0,
+ max_version = _HTTP_TLS_MAX;
if (value)
{
@@ -3048,24 +3050,40 @@ read_cupsd_conf(cups_file_t *fp) /* I -
* Compare...
*/
- if (!_cups_strcasecmp(start, "AllowRC4"))
+ if (!_cups_strcasecmp(start, "AllowRC4"))
options |= _HTTP_TLS_ALLOW_RC4;
- else if (!_cups_strcasecmp(start, "AllowSSL3"))
- options |= _HTTP_TLS_ALLOW_SSL3;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ min_version = _HTTP_TLS_SSL3;
else if (!_cups_strcasecmp(start, "AllowDH"))
options |= _HTTP_TLS_ALLOW_DH;
else if (!_cups_strcasecmp(start, "DenyCBC"))
options |= _HTTP_TLS_DENY_CBC;
else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
- options |= _HTTP_TLS_DENY_TLS10;
- else if (!_cups_strcasecmp(start, "None"))
- options = 0;
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
+ max_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
+ max_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
+ max_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
+ max_version = _HTTP_TLS_1_3;
+ else if (!_cups_strcasecmp(start, "MinTLS1.0"))
+ min_version = _HTTP_TLS_1_0;
+ else if (!_cups_strcasecmp(start, "MinTLS1.1"))
+ min_version = _HTTP_TLS_1_1;
+ else if (!_cups_strcasecmp(start, "MinTLS1.2"))
+ min_version = _HTTP_TLS_1_2;
+ else if (!_cups_strcasecmp(start, "MinTLS1.3"))
+ min_version = _HTTP_TLS_1_3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = _HTTP_TLS_NONE;
else if (_cups_strcasecmp(start, "NoEmptyFragments"))
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
}
}
- _httpTLSSetOptions(options);
+ _httpTLSSetOptions(options, min_version, max_version);
}
#endif /* HAVE_SSL */
else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")

@ -1,7 +1,7 @@
diff -up cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout cups-2.3.3op2/conf/cupsd.conf.in
--- cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/conf/cupsd.conf.in 2021-11-29 11:37:02.426407322 +0100
@@ -28,6 +28,9 @@ DefaultAuthType Basic
diff -up cups-2.2.6/conf/cupsd.conf.in.idleexittimeout cups-2.2.6/conf/cupsd.conf.in
--- cups-2.2.6/conf/cupsd.conf.in.idleexittimeout 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/conf/cupsd.conf.in 2021-11-29 11:45:37.416058954 +0100
@@ -22,6 +22,9 @@ DefaultAuthType Basic
# Web interface setting...
WebInterface @CUPS_WEBIF@
@ -11,10 +11,10 @@ diff -up cups-2.3.3op2/conf/cupsd.conf.in.idleexittimeout cups-2.3.3op2/conf/cup
# Restrict access to the server...
<Location />
Order allow,deny
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout cups-2.3.3op2/config-scripts/cups-defaults.m4
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:37:02.426407322 +0100
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 11:39:16.629262421 +0100
@@ -461,3 +461,16 @@ esac
diff -up cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout cups-2.2.6/config-scripts/cups-defaults.m4
--- cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:45:37.416058954 +0100
+++ cups-2.2.6/config-scripts/cups-defaults.m4 2021-11-29 11:46:31.680612421 +0100
@@ -425,3 +425,16 @@ esac
AC_SUBST(CUPS_WEBIF)
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_WEBIF, $CUPS_DEFAULT_WEBIF)

@ -20,9 +20,9 @@ diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec cups
+ TIMEOUTSTARTSEC=""
+])
+AC_SUBST([TIMEOUTSTARTSEC])
diff -up cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/cups.service.in
--- cups-2.3.3op2/scheduler/cups.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100
+++ cups-2.3.3op2/scheduler/cups.service.in 2021-11-29 13:50:14.568976028 +0100
diff -up cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/org.cups.cupsd.service.in
--- cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100
+++ cups-2.3.3op2/scheduler/org.cups.cupsd.service.in 2021-11-29 13:50:14.568976028 +0100
@@ -8,6 +8,7 @@ Requires=cups.socket
ExecStart=@sbindir@/cupsd -l
Type=notify

@ -0,0 +1,22 @@
diff --git a/cgi-bin/var.c b/cgi-bin/var.c
index 316b67f05..12f3c8344 100644
--- a/cgi-bin/var.c
+++ b/cgi-bin/var.c
@@ -1186,6 +1186,7 @@ cgi_set_sid(void)
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
+ struct timeval curtime; /* Current time */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
@@ -1195,7 +1196,8 @@ cgi_set_sid(void)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";
- CUPS_SRAND(time(NULL));
+ gettimeofday(&curtime, NULL);
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,

@ -0,0 +1,24 @@
diff -up cups-2.2.6/cups/usersys.c.defaulttls cups-2.2.6/cups/usersys.c
--- cups-2.2.6/cups/usersys.c.defaulttls 2018-09-03 12:10:36.111230611 +0200
+++ cups-2.2.6/cups/usersys.c 2018-09-03 12:12:41.307074414 +0200
@@ -1166,11 +1166,15 @@ cups_init_client_conf(
memset(cc, 0, sizeof(_cups_client_conf_t));
- cc->encryption = (http_encryption_t)-1;
- cc->trust_first = -1;
- cc->any_root = -1;
- cc->expired_certs = -1;
- cc->validate_certs = -1;
+#ifdef HAVE_SSL
+ cc->ssl_min_version = _HTTP_TLS_1_0;
+ cc->ssl_max_version = _HTTP_TLS_MAX;
+#endif /* HAVE_SSL */
+ cc->encryption = (http_encryption_t)-1;
+ cc->trust_first = -1;
+ cc->any_root = -1;
+ cc->expired_certs = -1;
+ cc->validate_certs = -1;
/*
* Load settings from the org.cups.PrintingPrefs plist (which trump

@ -1,8 +1,8 @@
diff --git a/cups/http-addr.c b/cups/http-addr.c
index 86749c848..5b035e02b 100644
index 61c86384b..e86dcb622 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -196,31 +196,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
@@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
{
mode_t mask; /* Umask setting */
@ -55,10 +55,10 @@ index 86749c848..5b035e02b 100644
else
#endif /* AF_LOCAL */
diff --git a/scheduler/conf.c b/scheduler/conf.c
index bb6049b2c..4c703c9b9 100644
index bc52d2add..93de8cf77 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -3062,6 +3062,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
@@ -3055,6 +3055,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
cupsd_listener_t *lis; /* New listeners array */

@ -0,0 +1,43 @@
From 3e4dd41459dabc5d18edbe06eb5b81291885204b Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 5 Dec 2018 12:18:19 -0500
Subject: [PATCH] Fix handling of MaxJobTime 0 (Issue #5438)
---
CHANGES.md | 5 +++--
scheduler/job.c | 4 +++-
scheduler/printers.c | 2 +-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/scheduler/job.c b/scheduler/job.c
index 3cbe56aa8..638f256db 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -5148,8 +5148,10 @@ update_job(cupsd_job_t *job) /* I - Job to check */
if (cancel_after)
job->cancel_time = time(NULL) + ippGetInteger(cancel_after, 0);
- else
+ else if (MaxJobTime > 0)
job->cancel_time = time(NULL) + MaxJobTime;
+ else
+ job->cancel_time = 0;
}
}
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index bb99907ad..68239d85d 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -3370,7 +3370,7 @@ add_printer_defaults(cupsd_printer_t *p)/* I - Printer */
"document-format-default", NULL, "application/octet-stream");
if (!cupsGetOption("job-cancel-after", p->num_options, p->options))
- ippAddInteger(p->attrs, IPP_TAG_PRINTER, IPP_TAG_INTEGER,
+ ippAddInteger(p->attrs, IPP_TAG_PRINTER, MaxJobTime > 0 ? IPP_TAG_INTEGER : IPP_TAG_NOVALUE,
"job-cancel-after-default", MaxJobTime);
if (!cupsGetOption("job-hold-until", p->num_options, p->options))
--
2.31.1

@ -0,0 +1,481 @@
From d47f6aec436e0e9df6554436e391471097686ecc Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 8 May 2018 15:24:21 -0700
Subject: [PATCH] Fix local privilege escalation to root and sandbox bypasses
in scheduler (rdar://37836779, rdar://37836995, rdar://37837252,
rdar://37837581)
---
man/cups-files.conf.man.in | 10 ++
man/cupsd.conf.man.in | 8 --
scheduler/conf.c | 201 +++++++++++++++++++++++--------------
scheduler/job.c | 12 +++
scheduler/process.c | 16 +--
scheduler/server.c | 20 +++-
test/run-stp-tests.sh | 11 +-
7 files changed, 179 insertions(+), 99 deletions(-)
diff --git a/man/cups-files.conf.man.in b/man/cups-files.conf.man.in
index 7b96d687d..baf3cb6af 100644
--- a/man/cups-files.conf.man.in
+++ b/man/cups-files.conf.man.in
@@ -153,6 +153,11 @@ The server name may be included in filenames using the string "%s", for example:
.fi
The default is "/var/log/cups/page_log".
+.\"#PassEnv
+.TP 5
+\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
+Passes the specified environment variable(s) to child processes.
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
.\"#RemoteRoot
.TP 5
\fBRemoteRoot \fIusername\fR
@@ -187,6 +192,11 @@ macOS uses its keychain database to store certificates and keys while other plat
\fBServerRoot \fIdirectory\fR
Specifies the directory containing the server configuration files.
The default is "/etc/cups".
+.\"#SetEnv
+.TP 5
+\fBSetEnv \fIvariable value\fR
+Set the specified environment variable to be passed to child processes.
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
.\"#StateDir
.TP 5
\fBStateDir \fIdirectory\fR
diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
index 3ffc80e42..36c849398 100644
--- a/man/cupsd.conf.man.in
+++ b/man/cupsd.conf.man.in
@@ -349,10 +349,6 @@ The default is "1048576" (1MB).
\fBMultipleOperationTimeout \fIseconds\fR
Specifies the maximum amount of time to allow between files in a multiple file print job.
The default is "300" (5 minutes).
-.\"#PassEnv
-.TP 5
-\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
-Passes the specified environment variable(s) to child processes.
.\"#Policy
.TP 5
\fB<Policy \fIname\fB> \fR... \fB</Policy>\fR
@@ -433,10 +429,6 @@ Specifies what information is included in the Server header of HTTP responses.
command.
"Full" reports "CUPS 2.0.0 (UNAME) IPP/2.0".
The default is "Minimal".
-.\"#SetEnv
-.TP 5
-\fBSetEnv \fIvariable value\fR
-Set the specified environment variable to be passed to child processes.
.\"#SSLListen
.TP 5
\fBSSLListen \fIipv4-address\fB:\fIport\fR
diff --git a/scheduler/conf.c b/scheduler/conf.c
index 67a91e7a6..b51c6060c 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -2929,13 +2929,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
/* Line from file */
temp[HTTP_MAX_BUFFER],
/* Temporary buffer for value */
- *value, /* Pointer to value */
- *valueptr; /* Pointer into value */
+ *value; /* Pointer to value */
int valuelen; /* Length of value */
http_addrlist_t *addrlist, /* Address list */
*addr; /* Current address */
- cups_file_t *incfile; /* Include file */
- char incname[1024]; /* Include filename */
/*
@@ -2950,28 +2947,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
* Decode the directive...
*/
- if (!_cups_strcasecmp(line, "Include") && value)
- {
- /*
- * Include filename
- */
-
- if (value[0] == '/')
- strlcpy(incname, value, sizeof(incname));
- else
- snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
-
- if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to include config file \"%s\" - %s",
- incname, strerror(errno));
- else
- {
- read_cupsd_conf(incfile);
- cupsFileClose(incfile);
- }
- }
- else if (!_cups_strcasecmp(line, "<Location") && value)
+ if (!_cups_strcasecmp(line, "<Location") && value)
{
/*
* <Location path>
@@ -3367,31 +3343,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
value, linenum, ConfigurationFile);
}
- else if (!_cups_strcasecmp(line, "PassEnv") && value)
- {
- /*
- * PassEnv variable [... variable]
- */
-
- for (; *value;)
- {
- for (valuelen = 0; value[valuelen]; valuelen ++)
- if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
- break;
-
- if (value[valuelen])
- {
- value[valuelen] = '\0';
- valuelen ++;
- }
-
- cupsdSetEnv(value, NULL);
-
- for (value += valuelen; *value; value ++)
- if (!_cups_isspace(*value) || *value != ',')
- break;
- }
- }
else if (!_cups_strcasecmp(line, "ServerAlias") && value)
{
/*
@@ -3420,30 +3371,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
break;
}
}
- else if (!_cups_strcasecmp(line, "SetEnv") && value)
- {
- /*
- * SetEnv variable value
- */
-
- for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
-
- if (*valueptr)
- {
- /*
- * Found a value...
- */
-
- while (isspace(*valueptr & 255))
- *valueptr++ = '\0';
-
- cupsdSetEnv(value, valueptr);
- }
- else
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Missing value for SetEnv directive on line %d of %s.",
- linenum, ConfigurationFile);
- }
else if (!_cups_strcasecmp(line, "AccessLog") ||
!_cups_strcasecmp(line, "CacheDir") ||
!_cups_strcasecmp(line, "ConfigFilePerm") ||
@@ -3457,6 +3384,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
!_cups_strcasecmp(line, "LogFilePerm") ||
!_cups_strcasecmp(line, "LPDConfigFile") ||
!_cups_strcasecmp(line, "PageLog") ||
+ !_cups_strcasecmp(line, "PassEnv") ||
!_cups_strcasecmp(line, "Printcap") ||
!_cups_strcasecmp(line, "PrintcapFormat") ||
!_cups_strcasecmp(line, "RemoteRoot") ||
@@ -3466,6 +3394,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
!_cups_strcasecmp(line, "ServerKey") ||
!_cups_strcasecmp(line, "ServerKeychain") ||
!_cups_strcasecmp(line, "ServerRoot") ||
+ !_cups_strcasecmp(line, "SetEnv") ||
!_cups_strcasecmp(line, "SMBConfigFile") ||
!_cups_strcasecmp(line, "StateDir") ||
!_cups_strcasecmp(line, "SystemGroup") ||
@@ -3495,10 +3424,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
static int /* O - 1 on success, 0 on failure */
read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
{
- int linenum; /* Current line number */
+ int i, /* Looping var */
+ linenum; /* Current line number */
char line[HTTP_MAX_BUFFER], /* Line from file */
*value; /* Value from line */
struct group *group; /* Group */
+ static const char * const prohibited_env[] =
+ { /* Prohibited environment variables */
+ "APPLE_LANGUAGE",
+ "AUTH_DOMAIN",
+ "AUTH_INFO_REQUIRED",
+ "AUTH_NEGOTIATE",
+ "AUTH_PASSWORD",
+ "AUTH_UID",
+ "AUTH_USERNAME",
+ "CHARSET",
+ "CLASS",
+ "CLASSIFICATION",
+ "CONTENT_TYPE",
+ "CUPS_CACHEDIR",
+ "CUPS_DATADIR",
+ "CUPS_DOCROOT",
+ "CUPS_FILETYPE",
+ "CUPS_FONTPATH",
+ "CUPS_MAX_MESSAGE",
+ "CUPS_REQUESTROOT",
+ "CUPS_SERVERBIN",
+ "CUPS_SERVERROOT",
+ "CUPS_STATEDIR",
+ "DEVICE_URI",
+ "FINAL_CONTENT_TYPE",
+ "HOME",
+ "LANG",
+ "PPD",
+ "PRINTER",
+ "PRINTER_INFO",
+ "PRINTER_LOCATION",
+ "PRINTER_STATE_REASONS",
+ "RIP_CACHE",
+ "SERVER_ADMIN",
+ "SOFTWARE",
+ "TMPDIR",
+ "USER"
+ };
/*
@@ -3536,6 +3504,47 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
}
}
}
+ else if (!_cups_strcasecmp(line, "PassEnv") && value)
+ {
+ /*
+ * PassEnv variable [... variable]
+ */
+
+ int valuelen; /* Length of variable name */
+
+ for (; *value;)
+ {
+ for (valuelen = 0; value[valuelen]; valuelen ++)
+ if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
+ break;
+
+ if (value[valuelen])
+ {
+ value[valuelen] = '\0';
+ valuelen ++;
+ }
+
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
+ {
+ if (!strcmp(value, prohibited_env[i]))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile);
+
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
+ else
+ break;
+ }
+ }
+
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
+ cupsdSetEnv(value, NULL);
+
+ for (value += valuelen; *value; value ++)
+ if (!_cups_isspace(*value) || *value != ',')
+ break;
+ }
+ }
else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
{
/*
@@ -3581,6 +3590,46 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
return (0);
}
}
+ else if (!_cups_strcasecmp(line, "SetEnv") && value)
+ {
+ /*
+ * SetEnv variable value
+ */
+
+ char *valueptr; /* Pointer to environment variable value */
+
+ for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
+
+ if (*valueptr)
+ {
+ /*
+ * Found a value...
+ */
+
+ while (isspace(*valueptr & 255))
+ *valueptr++ = '\0';
+
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
+ {
+ if (!strcmp(value, prohibited_env[i]))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set on line %d of %s.", value, linenum, CupsFilesFile);
+
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
+ return (0);
+ else
+ break;
+ }
+ }
+
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
+ cupsdSetEnv(value, valueptr);
+ }
+ else
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Missing value for SetEnv directive on line %d of %s.",
+ linenum, ConfigurationFile);
+ }
else if (!_cups_strcasecmp(line, "SystemGroup") && value)
{
/*
diff --git a/scheduler/job.c b/scheduler/job.c
index 61cda44e2..5ced0b9d1 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -4779,6 +4779,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */
job->profile = cupsdCreateProfile(job->id, 0);
job->bprofile = cupsdCreateProfile(job->id, 1);
+#ifdef HAVE_SANDBOX_H
+ if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
+ {
+ /*
+ * Failure to create the sandbox profile means something really bad has
+ * happened and we need to shutdown immediately.
+ */
+
+ return;
+ }
+#endif /* HAVE_SANDBOX_H */
+
/*
* Create the status pipes and buffer...
*/
diff --git a/scheduler/process.c b/scheduler/process.c
index b8d49d8f0..3c1c6ba4f 100644
--- a/scheduler/process.c
+++ b/scheduler/process.c
@@ -98,9 +98,13 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
{
+ /*
+ * This should never happen, and is fatal when sandboxing is enabled.
+ */
+
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
- strerror(errno));
+ cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno));
+ kill(getpid(), SIGTERM);
return (NULL);
}
@@ -197,10 +201,8 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
" #\"^%s/\"" /* TempDir/... */
" #\"^%s$\"" /* CacheDir */
" #\"^%s/\"" /* CacheDir/... */
- " #\"^%s$\"" /* StateDir */
- " #\"^%s/\"" /* StateDir/... */
"))\n",
- temp, temp, cache, cache, state, state);
+ temp, temp, cache, cache);
/* Read common folders */
cupsFilePrintf(fp,
"(allow file-read-data file-read-metadata\n"
@@ -242,8 +244,10 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
" #\"^%s/\"" /* ServerBin/... */
" #\"^%s$\"" /* ServerRoot */
" #\"^%s/\"" /* ServerRoot/... */
+ " #\"^%s$\"" /* StateDir */
+ " #\"^%s/\"" /* StateDir/... */
"))\n",
- request, request, bin, bin, root, root);
+ request, request, bin, bin, root, root, state, state);
if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
{
/* Limited write access to /Library/Printers/... */
diff --git a/scheduler/server.c b/scheduler/server.c
index cecbabe67..a4033791b 100644
--- a/scheduler/server.c
+++ b/scheduler/server.c
@@ -34,16 +34,28 @@ void
cupsdStartServer(void)
{
/*
- * Start color management (as needed)...
+ * Create the default security profile...
*/
- cupsdStartColor();
+ DefaultProfile = cupsdCreateProfile(0, 1);
+
+#ifdef HAVE_SANDBOX_H
+ if (!DefaultProfile && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
+ {
+ /*
+ * Failure to create the sandbox profile means something really bad has
+ * happened and we need to shutdown immediately.
+ */
+
+ return;
+ }
+#endif /* HAVE_SANDBOX_H */
/*
- * Create the default security profile...
+ * Start color management (as needed)...
*/
- DefaultProfile = cupsdCreateProfile(0, 1);
+ cupsdStartColor();
/*
* Startup all the networking stuff...
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
index 7eb269a67..f83bd5d91 100755
--- a/test/run-stp-tests.sh
+++ b/test/run-stp-tests.sh
@@ -489,11 +489,6 @@ StrictConformance Yes
Browsing Off
Listen localhost:$port
Listen $BASE/sock
-PassEnv DYLD_LIBRARY_PATH
-PassEnv LD_LIBRARY_PATH
-PassEnv LD_PRELOAD
-PassEnv LOCALEDIR
-PassEnv SHLIB_PATH
MaxSubscriptions 3
MaxLogSize 0
AccessLogLevel actions
@@ -529,6 +524,12 @@ TempDir $BASE/spool/temp
AccessLog $BASE/log/access_log
ErrorLog $BASE/log/error_log
PageLog $BASE/log/page_log
+
+PassEnv DYLD_LIBRARY_PATH
+PassEnv LD_LIBRARY_PATH
+PassEnv LD_PRELOAD
+PassEnv LOCALEDIR
+PassEnv SHLIB_PATH
EOF
if test $ssltype != 0 -a `uname` = Darwin; then
--
2.17.1

@ -0,0 +1,62 @@
From 9539c53065170e97836503074e770d7b5fbf9f83 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 16 Jul 2019 09:27:13 -0400
Subject: [PATCH] Fix lpadmin with cupsIPPSupplies and cupsSNMPSupplies (Issue
#5610)
---
CHANGES.md | 2 ++
systemv/lpadmin.c | 9 +++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index f428368d4..ca6d386b2 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1467,6 +1467,7 @@ set_printer_options(
(boolval = cupsGetOption("cupsIPPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
wrote_ipp_supplies = 1;
cupsFilePrintf(out, "*cupsIPPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
@@ -1477,6 +1478,7 @@ set_printer_options(
(boolval = cupsGetOption("cupsSNMPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
wrote_snmp_supplies = 1;
cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
@@ -1537,6 +1539,8 @@ set_printer_options(
(boolval = cupsGetOption("cupsIPPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
+
cupsFilePrintf(out, "*cupsIPPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
!_cups_strcasecmp(boolval, "yes") ||
@@ -1547,6 +1551,8 @@ set_printer_options(
(boolval = cupsGetOption("cupsSNMPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
+
cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
!_cups_strcasecmp(boolval, "yes") ||
@@ -1561,8 +1567,7 @@ set_printer_options(
* Do the request...
*/
- ippDelete(cupsDoFileRequest(http, request, "/admin/",
- ppdchanged ? tempfile : file));
+ ippDelete(cupsDoFileRequest(http, request, "/admin/", ppdchanged ? tempfile : file));
/*
* Clean up temp files... (TODO: catch signals in case we CTRL-C during
--
2.31.1

@ -0,0 +1,206 @@
diff --git a/backend/ipp.c b/backend/ipp.c
index 32eb3aaa4..2a880bd75 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -3612,6 +3612,8 @@ update_reasons(ipp_attribute_t *attr, /* I - printer-state-reasons or NULL */
}
}
+ cupsArrayDelete(new_reasons);
+
_cupsMutexUnlock(&report_mutex);
/*
diff --git a/cgi-bin/search.c b/cgi-bin/search.c
index 3956afc33..ad1f5ed0e 100644
--- a/cgi-bin/search.c
+++ b/cgi-bin/search.c
@@ -361,4 +362,5 @@ void
cgiFreeSearch(void *search) /* I - Search context */
{
regfree((regex_t *)search);
+ free(search);
}
diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c
index 5d510140b..688901a7d 100644
--- a/cups/http-addrlist.c
+++ b/cups/http-addrlist.c
@@ -612,6 +613,7 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p
if (!temp)
{
httpAddrFreeList(first);
+ freeaddrinfo(results);
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
return (NULL);
}
diff --git a/cups/http.c b/cups/http.c
index a9235b087..d9332cc83 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -3915,7 +3915,7 @@ http_create(
if ((http = calloc(sizeof(http_t), 1)) == NULL)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
- httpAddrFreeList(addrlist);
+ httpAddrFreeList(myaddrlist);
return (NULL);
}
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index be24cebae..4e8cba7bb 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -2665,6 +2666,7 @@ ppdcSource::scan_file(ppdcFile *fp, // I - File to read
// Add it to the current option...
if (!o)
{
+ c->release();
_cupsLangPrintf(stderr,
_("ppdc: Choice found on line %d of %s with no "
"Option."), fp->line, fp->filename);
diff --git a/scheduler/cups-driverd.cxx b/scheduler/cups-driverd.cxx
index 657eee0a0..b518a9325 100644
--- a/scheduler/cups-driverd.cxx
+++ b/scheduler/cups-driverd.cxx
@@ -153,7 +153,7 @@ static ppd_info_t *add_ppd(const char *filename, const char *name,
size_t size, int model_number, int type,
const char *scheme);
static int cat_drv(const char *name, int request_id);
-static int cat_ppd(const char *name, int request_id);
+static void cat_ppd(const char *name, int request_id);
static int cat_static(const char *name, int request_id);
static int cat_tar(const char *name, int request_id);
static int compare_inodes(struct stat *a, struct stat *b);
@@ -163,12 +163,12 @@ static int compare_names(const ppd_info_t *p0,
const ppd_info_t *p1);
static int compare_ppds(const ppd_info_t *p0,
const ppd_info_t *p1);
-static int dump_ppds_dat(const char *filename);
+static void dump_ppds_dat(const char *filename);
static void free_array(cups_array_t *a);
static cups_file_t *get_file(const char *name, int request_id,
const char *subdir, char *buffer,
size_t bufsize, char **subfile);
-static int list_ppds(int request_id, int limit, const char *opt);
+static void list_ppds(int request_id, int limit, const char *opt);
static int load_drivers(cups_array_t *include,
cups_array_t *exclude);
static int load_drv(const char *filename, const char *name,
@@ -204,13 +204,13 @@ main(int argc, /* I - Number of command-line args */
*/
if (argc == 3 && !strcmp(argv[1], "cat"))
- return (cat_ppd(argv[2], 0));
+ cat_ppd(argv[2], 0);
else if ((argc == 2 || argc == 3) && !strcmp(argv[1], "dump"))
- return (dump_ppds_dat(argv[2]));
+ dump_ppds_dat(argv[2]);
else if (argc == 4 && !strcmp(argv[1], "get"))
- return (cat_ppd(argv[3], atoi(argv[2])));
+ cat_ppd(argv[3], atoi(argv[2]));
else if (argc == 5 && !strcmp(argv[1], "list"))
- return (list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]));
+ list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]);
else
{
fputs("Usage: cups-driverd cat ppd-name\n", stderr);
@@ -428,7 +428,7 @@ cat_drv(const char *name, /* I - PPD name */
* 'cat_ppd()' - Copy a PPD file to stdout.
*/
-static int /* O - Exit code */
+static void
cat_ppd(const char *name, /* I - PPD name */
int request_id) /* I - Request ID for response? */
{
@@ -445,7 +445,7 @@ cat_ppd(const char *name, /* I - PPD name */
if (strstr(name, "../"))
{
fputs("ERROR: Invalid PPD name.\n", stderr);
- return (1);
+ exit(1);
}
strlcpy(scheme, name, sizeof(scheme));
@@ -475,11 +475,11 @@ cat_ppd(const char *name, /* I - PPD name */
puts("Content-Type: application/ipp\n");
if (!scheme[0])
- return (cat_static(name, request_id));
+ exit(cat_static(name, request_id));
else if (!strcmp(scheme, "drv"))
- return (cat_drv(name, request_id));
+ exit(cat_drv(name, request_id));
else if (!strcmp(scheme, "file"))
- return (cat_tar(name, request_id));
+ exit(cat_tar(name, request_id));
else
{
/*
@@ -517,7 +517,7 @@ cat_ppd(const char *name, /* I - PPD name */
cupsdSendIPPTrailer();
}
- return (1);
+ exit(1);
}
/*
@@ -547,15 +547,15 @@ cat_ppd(const char *name, /* I - PPD name */
fprintf(stderr, "ERROR: [cups-driverd] Unable to execute \"%s\" - %s\n",
line, strerror(errno));
- return (1);
+ exit(1);
}
}
/*
- * Return with no errors...
+ * Exit with no errors...
*/
- return (0);
+ exit(0);
}
@@ -778,7 +778,7 @@ compare_ppds(const ppd_info_t *p0, /* I - First PPD file */
* 'dump_ppds_dat()' - Dump the contents of the ppds.dat file.
*/
-static int /* O - Exit status */
+static void
dump_ppds_dat(const char *filename) /* I - Filename */
{
char temp[1024]; /* ppds.dat filename */
@@ -810,7 +810,7 @@ dump_ppds_dat(const char *filename) /* I - Filename */
ppd->record.make_and_model, ppd->record.device_id,
ppd->record.scheme);
- return (0);
+ exit(0);
}
@@ -1004,7 +1004,7 @@ get_file(const char *name, /* I - Name */
* 'list_ppds()' - List PPD files.
*/
-static int /* O - Exit code */
+static void
list_ppds(int request_id, /* I - Request ID */
int limit, /* I - Limit */
const char *opt) /* I - Option argument */
@@ -1566,7 +1566,7 @@ list_ppds(int request_id, /* I - Request ID */
if (request_id)
cupsdSendIPPTrailer();
- return (0);
+ exit(0);
}
--
2.17.1

@ -0,0 +1,56 @@
diff --git a/backend/socket.c b/backend/socket.c
index 675061dd9..68379e95b 100644
--- a/backend/socket.c
+++ b/backend/socket.c
@@ -397,8 +397,10 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */
lseek(print_fd, 0, SEEK_SET);
}
- tbytes = backendRunLoop(print_fd, device_fd, snmp_fd, &(addrlist->addr), 1,
- 0, backendNetworkSideCB);
+ if ((bytes = backendRunLoop(print_fd, device_fd, snmp_fd, &(addrlist->addr), 1, 0, backendNetworkSideCB)) < 0)
+ tbytes = -1;
+ else
+ tbytes = bytes;
if (print_fd != 0 && tbytes >= 0)
_cupsLangPrintFilter(stderr, "INFO", _("Print file sent."));
@@ -406,7 +408,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */
fputs("STATE: +cups-waiting-for-job-completed\n", stderr);
- if (waiteof)
+ if (waiteof && tbytes >= 0)
{
/*
* Shutdown the socket and wait for the other end to finish...
@@ -443,7 +445,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */
if (print_fd != 0)
close(print_fd);
- return (CUPS_BACKEND_OK);
+ return (tbytes >= 0 ? CUPS_BACKEND_OK : CUPS_BACKEND_FAILED);
}
diff --git a/scheduler/main.c b/scheduler/main.c
index 4b3914ade..472b9946d 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -1472,9 +1472,16 @@ process_children(void)
(!job->filters[i] && WIFEXITED(old_status)))
{ /* Backend and filter didn't crash */
if (job->filters[i])
+ {
job->status = status; /* Filter failed */
+ }
else
+ {
job->status = -status; /* Backend failed */
+
+ if (job->current_file < job->num_files)
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_FORCE, "Canceling multi-file job due to backend failure.");
+ }
}
if (job->state_value == IPP_JOB_PROCESSING &&

@ -0,0 +1,183 @@
From 2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 15 Aug 2019 14:06:47 -0400
Subject: [PATCH] Multiple security/disclosure issues:
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
- Fixed IPP buffer overflow (rdar://50035411)
- Fixed memory disclosure issue in the scheduler (rdar://51373853)
- Fixed DoS issues in the scheduler (rdar://51373929)
diff --git a/cups/http.c b/cups/http.c
index 266a15791..fbb1bf13c 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -1860,7 +1860,7 @@ httpPrintf(http_t *http, /* I - HTTP connection */
...) /* I - Additional args as needed */
{
ssize_t bytes; /* Number of bytes to write */
- char buf[16384]; /* Buffer for formatted string */
+ char buf[65536]; /* Buffer for formatted string */
va_list ap; /* Variable argument pointer */
@@ -1872,7 +1872,12 @@ httpPrintf(http_t *http, /* I - HTTP connection */
DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf));
- if (http->data_encoding == HTTP_ENCODING_FIELDS)
+ if (bytes > (ssize_t)(sizeof(buf) - 1))
+ {
+ http->error = ENOMEM;
+ return (-1);
+ }
+ else if (http->data_encoding == HTTP_ENCODING_FIELDS)
return ((int)httpWrite2(http, buf, (size_t)bytes));
else
{
diff --git a/cups/ipp.c b/cups/ipp.c
index 6fae52a00..1bd59cef1 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -4550,9 +4550,7 @@ ippSetValueTag(
break;
case IPP_TAG_NAME :
- if (temp_tag != IPP_TAG_KEYWORD && temp_tag != IPP_TAG_URI &&
- temp_tag != IPP_TAG_URISCHEME && temp_tag != IPP_TAG_LANGUAGE &&
- temp_tag != IPP_TAG_MIMETYPE)
+ if (temp_tag != IPP_TAG_KEYWORD)
return (0);
(*attr)->value_tag = (ipp_tag_t)(IPP_TAG_NAME | ((*attr)->value_tag & IPP_TAG_CUPS_CONST));
@@ -4560,10 +4558,7 @@ ippSetValueTag(
case IPP_TAG_NAMELANG :
case IPP_TAG_TEXTLANG :
- if (value_tag == IPP_TAG_NAMELANG &&
- (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD &&
- temp_tag != IPP_TAG_URI && temp_tag != IPP_TAG_URISCHEME &&
- temp_tag != IPP_TAG_LANGUAGE && temp_tag != IPP_TAG_MIMETYPE))
+ if (value_tag == IPP_TAG_NAMELANG && (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD))
return (0);
if (value_tag == IPP_TAG_TEXTLANG && temp_tag != IPP_TAG_TEXT)
diff --git a/cups/snmp.c b/cups/snmp.c
index 5cefee454..1d9da01f2 100644
--- a/cups/snmp.c
+++ b/cups/snmp.c
@@ -1233,6 +1233,9 @@ asn1_get_integer(
int value; /* Integer value */
+ if (*buffer >= bufend)
+ return (0);
+
if (length > sizeof(int))
{
(*buffer) += length;
@@ -1259,6 +1262,9 @@ asn1_get_length(unsigned char **buffer, /* IO - Pointer in buffer */
unsigned length; /* Length */
+ if (*buffer >= bufend)
+ return (0);
+
length = **buffer;
(*buffer) ++;
@@ -1301,6 +1307,9 @@ asn1_get_oid(
int number; /* OID number */
+ if (*buffer >= bufend)
+ return (0);
+
valend = *buffer + length;
oidptr = oid;
oidend = oid + oidsize - 1;
@@ -1349,9 +1358,12 @@ asn1_get_packed(
int value; /* Value */
+ if (*buffer >= bufend)
+ return (0);
+
value = 0;
- while ((**buffer & 128) && *buffer < bufend)
+ while (*buffer < bufend && (**buffer & 128))
{
value = (value << 7) | (**buffer & 127);
(*buffer) ++;
@@ -1379,6 +1391,9 @@ asn1_get_string(
char *string, /* I - String buffer */
size_t strsize) /* I - String buffer size */
{
+ if (*buffer >= bufend)
+ return (NULL);
+
if (length > (unsigned)(bufend - *buffer))
length = (unsigned)(bufend - *buffer);
@@ -1421,6 +1436,9 @@ asn1_get_type(unsigned char **buffer, /* IO - Pointer in buffer */
int type; /* Type */
+ if (*buffer >= bufend)
+ return (0);
+
type = **buffer;
(*buffer) ++;
diff --git a/scheduler/client.c b/scheduler/client.c
index 923a6e67a..f693e7c49 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -564,6 +564,17 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdReadClient: error=%d, used=%d, state=%s, data_encoding=HTTP_ENCODING_%s, data_remaining=" CUPS_LLFMT ", request=%p(%s), file=%d", httpError(con->http), (int)httpGetReady(con->http), httpStateString(httpGetState(con->http)), httpIsChunked(con->http) ? "CHUNKED" : "LENGTH", CUPS_LLCAST httpGetRemaining(con->http), con->request, con->request ? ippStateString(ippGetState(con->request)) : "", con->file);
+ if (httpError(con->http) == EPIPE && !httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1)
+ {
+ /*
+ * Connection closed...
+ */
+
+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF.");
+ cupsdCloseClient(con);
+ return;
+ }
+
if (httpGetState(con->http) == HTTP_STATE_GET_SEND ||
httpGetState(con->http) == HTTP_STATE_POST_SEND ||
httpGetState(con->http) == HTTP_STATE_STATUS)
@@ -573,17 +584,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
* connection and we need to shut it down...
*/
- if (!httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1)
- {
- /*
- * Connection closed...
- */
-
- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF.");
- cupsdCloseClient(con);
- return;
- }
-
cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on unexpected HTTP read state %s.", httpStateString(httpGetState(con->http)));
cupsdCloseClient(con);
return;
@@ -1950,6 +1950,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */
strlcpy(location, httpGetField(con->http, HTTP_FIELD_LOCATION), sizeof(location));
httpClearFields(con->http);
+ httpClearCookie(con->http);
httpSetField(con->http, HTTP_FIELD_LOCATION, location);
--
2.21.0

@ -0,0 +1,562 @@
diff --git a/cups/cups-private.h b/cups/cups-private.h
index 6fd66a9..1f66fd7 100644
--- a/cups/cups-private.h
+++ b/cups/cups-private.h
@@ -237,13 +237,9 @@ extern void _cupsBufferRelease(char *b);
extern http_t *_cupsConnect(void);
extern char *_cupsCreateDest(const char *name, const char *info, const char *device_id, const char *device_uri, char *uri, size_t urisize);
-extern int _cupsGet1284Values(const char *device_id,
- cups_option_t **values);
-extern const char *_cupsGetDestResource(cups_dest_t *dest, char *resource,
- size_t resourcesize);
-extern int _cupsGetDests(http_t *http, ipp_op_t op,
- const char *name, cups_dest_t **dests,
- cups_ptype_t type, cups_ptype_t mask);
+extern int _cupsGet1284Values(const char *device_id, cups_option_t **values);
+extern const char *_cupsGetDestResource(cups_dest_t *dest, unsigned flags, char *resource, size_t resourcesize);
+extern int _cupsGetDests(http_t *http, ipp_op_t op, const char *name, cups_dest_t **dests, cups_ptype_t type, cups_ptype_t mask);
extern const char *_cupsGetPassword(const char *prompt);
extern void _cupsGlobalLock(void);
extern _cups_globals_t *_cupsGlobals(void);
@@ -253,13 +249,10 @@ extern const char *_cupsGSSServiceName(void);
# endif /* HAVE_GSSAPI */
extern int _cupsNextDelay(int current, int *previous);
extern void _cupsSetDefaults(void);
-extern void _cupsSetError(ipp_status_t status, const char *message,
- int localize);
+extern void _cupsSetError(ipp_status_t status, const char *message, int localize);
extern void _cupsSetHTTPError(http_status_t status);
# ifdef HAVE_GSSAPI
-extern int _cupsSetNegotiateAuthString(http_t *http,
- const char *method,
- const char *resource);
+extern int _cupsSetNegotiateAuthString(http_t *http, const char *method, const char *resource);
# endif /* HAVE_GSSAPI */
extern char *_cupsUserDefault(char *name, size_t namesize);
diff --git a/cups/dest-options.c b/cups/dest-options.c
index 51705a5..cfa28ce 100644
--- a/cups/dest-options.c
+++ b/cups/dest-options.c
@@ -572,6 +572,7 @@ cupsCopyDestInfo(
cups_dest_t *dest) /* I - Destination */
{
cups_dinfo_t *dinfo; /* Destination information */
+ unsigned dflags; /* Destination flags */
ipp_t *request, /* Get-Printer-Attributes request */
*response; /* Supported attributes */
int tries, /* Number of tries so far */
@@ -581,6 +582,7 @@ cupsCopyDestInfo(
char resource[1024]; /* Resource path */
int version; /* IPP version */
ipp_status_t status; /* Status of request */
+ _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
static const char * const requested_attrs[] =
{ /* Requested attributes */
"job-template",
@@ -589,14 +591,25 @@ cupsCopyDestInfo(
};
- DEBUG_printf(("cupsCopyDestSupported(http=%p, dest=%p(%s))", (void *)http, (void *)dest, dest ? dest->name : ""));
+ DEBUG_printf(("cupsCopyDestInfo(http=%p, dest=%p(%s))", (void *)http, (void *)dest, dest ? dest->name : ""));
/*
* Get the default connection as needed...
*/
if (!http)
- http = _cupsConnect();
+ {
+ http = _cupsConnect();
+ dflags = CUPS_DEST_FLAGS_NONE;
+ }
+#ifdef AF_LOCAL
+ else if (strcmp(http->hostname, cg->server) || (httpAddrFamily(http->hostaddr) != AF_LOCAL && cg->ipp_port != httpAddrPort(http->hostaddr)))
+#else
+ else if (strcmp(http->hostname, cg->server) || cg->ipp_port != httpAddrPort(http->hostaddr))
+#endif /* AF_LOCAL */
+ dflags = CUPS_DEST_FLAGS_DEVICE;
+ else
+ dflags = CUPS_DEST_FLAGS_NONE;
/*
* Range check input...
@@ -609,8 +622,11 @@ cupsCopyDestInfo(
* Get the printer URI and resource path...
*/
- if ((uri = _cupsGetDestResource(dest, resource, sizeof(resource))) == NULL)
+ if ((uri = _cupsGetDestResource(dest, dflags, resource, sizeof(resource))) == NULL)
+ {
+ DEBUG_puts("1cupsCopyDestInfo: Unable to get resource.");
return (NULL);
+ }
/*
* Get the supported attributes...
@@ -628,28 +644,25 @@ cupsCopyDestInfo(
*/
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL,
- uri);
- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
- "requesting-user-name", NULL, cupsUser());
- ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD,
- "requested-attributes",
- (int)(sizeof(requested_attrs) / sizeof(requested_attrs[0])),
- NULL, requested_attrs);
+
+ ippSetVersion(request, version / 10, version % 10);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser());
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(requested_attrs) / sizeof(requested_attrs[0])), NULL, requested_attrs);
response = cupsDoRequest(http, request, resource);
status = cupsLastError();
if (status > IPP_STATUS_OK_IGNORED_OR_SUBSTITUTED)
{
- DEBUG_printf(("cupsCopyDestSupported: Get-Printer-Attributes for '%s' "
- "returned %s (%s)", dest->name, ippErrorString(status),
- cupsLastErrorString()));
+ DEBUG_printf(("1cupsCopyDestInfo: Get-Printer-Attributes for '%s' returned %s (%s)", dest->name, ippErrorString(status), cupsLastErrorString()));
ippDelete(response);
response = NULL;
- if (status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED && version > 11)
+ if ((status == IPP_STATUS_ERROR_BAD_REQUEST || status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED) && version > 11)
+ {
version = 11;
+ }
else if (status == IPP_STATUS_ERROR_BUSY)
{
sleep((unsigned)delay);
@@ -665,7 +678,10 @@ cupsCopyDestInfo(
while (!response && tries < 10);
if (!response)
+ {
+ DEBUG_puts("1cupsCopyDestInfo: Unable to get printer attributes.");
return (NULL);
+ }
/*
* Allocate a cups_dinfo_t structure and return it...
@@ -678,6 +694,8 @@ cupsCopyDestInfo(
return (NULL);
}
+ DEBUG_printf(("1cupsCopyDestInfo: version=%d, uri=\"%s\", resource=\"%s\".", version, uri, resource));
+
dinfo->version = version;
dinfo->uri = uri;
dinfo->resource = _cupsStrAlloc(resource);
diff --git a/cups/dest.c b/cups/dest.c
index 57a8dc9..3537572 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -1103,13 +1103,16 @@ cupsGetDest(const char *name, /* I - Destination name or @code NULL@ for the d
* '_cupsGetDestResource()' - Get the resource path and URI for a destination.
*/
-const char * /* O - Printer URI */
+const char * /* O - URI */
_cupsGetDestResource(
cups_dest_t *dest, /* I - Destination */
+ unsigned flags, /* I - Destination flags */
char *resource, /* I - Resource buffer */
size_t resourcesize) /* I - Size of resource buffer */
{
- const char *uri; /* Printer URI */
+ const char *uri, /* URI */
+ *device_uri, /* Device URI */
+ *printer_uri; /* Printer URI */
char scheme[32], /* URI scheme */
userpass[256], /* Username and password (unused) */
hostname[256]; /* Hostname */
@@ -1132,25 +1135,46 @@ _cupsGetDestResource(
}
/*
- * Grab the printer URI...
+ * Grab the printer and device URIs...
*/
- if ((uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options)) == NULL)
+ device_uri = cupsGetOption("device-uri", dest->num_options, dest->options);
+ printer_uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options);
+
+ DEBUG_printf(("1_cupsGetDestResource: device-uri=\"%s\", printer-uri-supported=\"%s\".", device_uri, printer_uri));
+
+#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
+ if (((flags & CUPS_DEST_FLAGS_DEVICE) || !printer_uri) && strstr(device_uri, "._tcp"))
{
- if ((uri = cupsGetOption("device-uri", dest->num_options, dest->options)) != NULL)
+ if ((device_uri = cups_dnssd_resolve(dest, device_uri, 5000, NULL, NULL, NULL)) != NULL)
{
-#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
- if (strstr(uri, "._tcp"))
- uri = cups_dnssd_resolve(dest, uri, 5000, NULL, NULL, NULL);
-#endif /* HAVE_DNSSD || HAVE_AVAHI */
+ DEBUG_printf(("1_cupsGetDestResource: Resolved device-uri=\"%s\".", device_uri));
}
-
- if (uri)
+ else
{
- DEBUG_printf(("1_cupsGetDestResource: Resolved printer-uri-supported=\"%s\"", uri));
+ DEBUG_puts("1_cupsGetDestResource: Unable to resolve device.");
- uri = _cupsCreateDest(dest->name, cupsGetOption("printer-info", dest->num_options, dest->options), NULL, uri, resource, resourcesize);
+ if (resource)
+ *resource = '\0';
+
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0);
+
+ return (NULL);
}
+ }
+#endif /* HAVE_DNSSD || HAVE_AVAHI */
+
+ if (flags & CUPS_DEST_FLAGS_DEVICE)
+ {
+ uri = device_uri;
+ }
+ else if (printer_uri)
+ {
+ uri = printer_uri;
+ }
+ else
+ {
+ uri = _cupsCreateDest(dest->name, cupsGetOption("printer-info", dest->num_options, dest->options), NULL, device_uri, resource, resourcesize);
if (uri)
{
@@ -1160,30 +1184,24 @@ _cupsGetDestResource(
uri = cupsGetOption("printer-uri-supported", dest->num_options, dest->options);
}
- else
- {
- DEBUG_puts("1_cupsGetDestResource: No printer-uri-supported found.");
+ }
- if (resource)
- *resource = '\0';
+ if (!uri)
+ {
+ DEBUG_puts("1_cupsGetDestResource: No printer-uri-supported or device-uri found.");
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0);
+ if (resource)
+ *resource = '\0';
- return (NULL);
- }
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0);
+
+ return (NULL);
}
- else
+ else if (httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme), userpass, sizeof(userpass), hostname, sizeof(hostname), &port, resource, (int)resourcesize) < HTTP_URI_STATUS_OK)
{
- DEBUG_printf(("1_cupsGetDestResource: printer-uri-supported=\"%s\"", uri));
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad URI."), 1);
- if (httpSeparateURI(HTTP_URI_CODING_ALL, uri, scheme, sizeof(scheme),
- userpass, sizeof(userpass), hostname, sizeof(hostname),
- &port, resource, (int)resourcesize) < HTTP_URI_STATUS_OK)
- {
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad printer-uri."), 1);
-
- return (NULL);
- }
+ return (NULL);
}
DEBUG_printf(("1_cupsGetDestResource: resource=\"%s\"", resource));
diff --git a/cups/testdest.c b/cups/testdest.c
index c5c2052..27060f6 100644
--- a/cups/testdest.c
+++ b/cups/testdest.c
@@ -43,9 +43,12 @@ int /* O - Exit status */
main(int argc, /* I - Number of command-line arguments */
char *argv[]) /* I - Command-line arguments */
{
+ int i; /* Looping var */
http_t *http; /* Connection to destination */
cups_dest_t *dest = NULL; /* Destination */
cups_dinfo_t *dinfo; /* Destination info */
+ unsigned dflags = CUPS_DEST_FLAGS_NONE;
+ /* Destination flags */
if (argc < 2)
@@ -103,9 +106,17 @@ main(int argc, /* I - Number of command-line arguments */
return (0);
}
- else if (!strncmp(argv[1], "ipp://", 6) || !strncmp(argv[1], "ipps://", 7))
- dest = cupsGetDestWithURI(NULL, argv[1]);
- else if (!strcmp(argv[1], "default"))
+
+ i = 1;
+ if (!strcmp(argv[i], "--device"))
+ {
+ dflags = CUPS_DEST_FLAGS_DEVICE;
+ i ++;
+ }
+
+ if (!strncmp(argv[i], "ipp://", 6) || !strncmp(argv[i], "ipps://", 7))
+ dest = cupsGetDestWithURI(NULL, argv[i]);
+ else if (!strcmp(argv[i], "default"))
{
dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, NULL, NULL);
if (dest && dest->instance)
@@ -114,67 +125,70 @@ main(int argc, /* I - Number of command-line arguments */
printf("default is \"%s\".\n", dest->name);
}
else
- dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, argv[1], NULL);
+ dest = cupsGetNamedDest(CUPS_HTTP_DEFAULT, argv[i], NULL);
if (!dest)
{
- printf("testdest: Unable to get destination \"%s\": %s\n", argv[1], cupsLastErrorString());
+ printf("testdest: Unable to get destination \"%s\": %s\n", argv[i], cupsLastErrorString());
return (1);
}
- if ((http = cupsConnectDest(dest, CUPS_DEST_FLAGS_NONE, 30000, NULL, NULL, 0, NULL, NULL)) == NULL)
+ i ++;
+
+ if ((http = cupsConnectDest(dest, dflags, 30000, NULL, NULL, 0, NULL, NULL)) == NULL)
{
- printf("testdest: Unable to connect to destination \"%s\": %s\n", argv[1], cupsLastErrorString());
+ printf("testdest: Unable to connect to destination \"%s\": %s\n", dest->name, cupsLastErrorString());
return (1);
}
if ((dinfo = cupsCopyDestInfo(http, dest)) == NULL)
{
- printf("testdest: Unable to get information for destination \"%s\": %s\n", argv[1], cupsLastErrorString());
+ printf("testdest: Unable to get information for destination \"%s\": %s\n", dest->name, cupsLastErrorString());
return (1);
}
- if (argc == 2 || (!strcmp(argv[2], "supported") && argc < 6))
+ if (i == argc || !strcmp(argv[i], "supported"))
{
- if (argc > 3)
- show_supported(http, dest, dinfo, argv[3], argv[4]);
+ i ++;
+
+ if ((i + 1) < argc)
+ show_supported(http, dest, dinfo, argv[i], argv[i + 1]);
else if (argc > 2)
- show_supported(http, dest, dinfo, argv[3], NULL);
+ show_supported(http, dest, dinfo, argv[i], NULL);
else
show_supported(http, dest, dinfo, NULL, NULL);
}
- else if (!strcmp(argv[2], "conflicts") && argc > 3)
+ else if (!strcmp(argv[i], "conflicts") && (i + 1) < argc)
{
- int i, /* Looping var */
- num_options = 0;/* Number of options */
+ int num_options = 0;/* Number of options */
cups_option_t *options = NULL;/* Options */
- for (i = 3; i < argc; i ++)
+ for (i ++; i < argc; i ++)
num_options = cupsParseOptions(argv[i], num_options, &options);
show_conflicts(http, dest, dinfo, num_options, options);
}
- else if (!strcmp(argv[2], "default") && argc == 4)
+ else if (!strcmp(argv[i], "default") && (i + 1) < argc)
{
- show_default(http, dest, dinfo, argv[3]);
+ show_default(http, dest, dinfo, argv[i + 1]);
}
- else if (!strcmp(argv[2], "localize") && argc < 6)
+ else if (!strcmp(argv[i], "localize"))
{
- if (argc > 3)
- localize(http, dest, dinfo, argv[3], argv[4]);
+ i ++;
+ if ((i + 1) < argc)
+ localize(http, dest, dinfo, argv[i], argv[i + 1]);
else if (argc > 2)
- localize(http, dest, dinfo, argv[3], NULL);
+ localize(http, dest, dinfo, argv[i], NULL);
else
localize(http, dest, dinfo, NULL, NULL);
}
- else if (!strcmp(argv[2], "media"))
+ else if (!strcmp(argv[i], "media"))
{
- int i; /* Looping var */
const char *name = NULL; /* Media name, if any */
unsigned flags = CUPS_MEDIA_FLAGS_DEFAULT;
/* Media selection flags */
- for (i = 3; i < argc; i ++)
+ for (i ++; i < argc; i ++)
{
if (!strcmp(argv[i], "borderless"))
flags = CUPS_MEDIA_FLAGS_BORDERLESS;
@@ -192,19 +206,19 @@ main(int argc, /* I - Number of command-line arguments */
show_media(http, dest, dinfo, flags, name);
}
- else if (!strcmp(argv[2], "print") && argc > 3)
+ else if (!strcmp(argv[i], "print") && (i + 1) < argc)
{
- int i, /* Looping var */
- num_options = 0;/* Number of options */
+ int num_options = 0;/* Number of options */
cups_option_t *options = NULL;/* Options */
+ const char *filename = argv[i + 1];
- for (i = 4; i < argc; i ++)
+ for (i += 2; i < argc; i ++)
num_options = cupsParseOptions(argv[i], num_options, &options);
- print_file(http, dest, dinfo, argv[3], num_options, options);
+ print_file(http, dest, dinfo, filename, num_options, options);
}
else
- usage(argv[2]);
+ usage(argv[i]);
return (0);
}
@@ -740,9 +754,9 @@ usage(const char *arg) /* I - Argument for usage message */
printf("testdest: Unknown option \"%s\".\n", arg);
puts("Usage:");
- puts(" ./testdest name [operation ...]");
- puts(" ./testdest ipp://... [operation ...]");
- puts(" ./testdest ipps://... [operation ...]");
+ puts(" ./testdest [--device] name [operation ...]");
+ puts(" ./testdest [--device] ipp://... [operation ...]");
+ puts(" ./testdest [--device] ipps://... [operation ...]");
puts(" ./testdest --enum [grayscale] [color] [duplex] [staple] [small]\n"
" [medium] [large]");
puts("");
diff --git a/test/ippserver.c b/test/ippserver.c
index 38b304f..c593d3a 100644
--- a/test/ippserver.c
+++ b/test/ippserver.c
@@ -461,6 +461,7 @@ static AvahiClient *DNSSDClient = NULL;
#endif /* HAVE_DNSSD */
static int KeepFiles = 0,
+ MaxVersion = 20,
Verbosity = 0;
@@ -533,6 +534,23 @@ main(int argc, /* I - Number of command-line args */
pin = 1;
break;
+ case 'V' : /* -V max-version */
+ i ++;
+ if (i >= argc)
+ usage(1);
+
+ if (!strcmp(argv[i], "2.2"))
+ MaxVersion = 22;
+ else if (!strcmp(argv[i], "2.1"))
+ MaxVersion = 21;
+ else if (!strcmp(argv[i], "2.0"))
+ MaxVersion = 20;
+ else if (!strcmp(argv[i], "1.1"))
+ MaxVersion = 11;
+ else
+ usage(1);
+ break;
+
case 'a' : /* -a attributes-file */
i ++;
if (i >= argc)
@@ -1324,9 +1342,10 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default)
};
static const char * const versions[] =/* ipp-versions-supported values */
{
- "1.0",
"1.1",
- "2.0"
+ "2.0",
+ "2.1",
+ "2.2"
};
static const char * const features[] =/* ipp-features-supported values */
{
@@ -1738,7 +1757,12 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default)
/* ipp-versions-supported */
if (!ippFindAttribute(printer->attrs, "ipp-versions-supported", IPP_TAG_ZERO))
- ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "ipp-versions-supported", sizeof(versions) / sizeof(versions[0]), NULL, versions);
+ {
+ int num_versions = MaxVersion == 11 ? 1 : MaxVersion == 20 ? 2 : MaxVersion == 21 ? 3 : 4;
+ /* Number of supported versions */
+
+ ippAddStrings(printer->attrs, IPP_TAG_PRINTER, IPP_CONST_TAG(IPP_TAG_KEYWORD), "ipp-versions-supported", num_versions, NULL, versions);
+ }
/* job-account-id-default */
if (!ippFindAttribute(printer->attrs, "job-account-id-default", IPP_TAG_ZERO))
@@ -5800,15 +5824,24 @@ process_ipp(_ipp_client_t *client) /* I - Client */
* Return an error, since we only support IPP 1.x and 2.x.
*/
- respond_ipp(client, IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED,
- "Bad request version number %d.%d.", major, minor);
+ respond_ipp(client, IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED, "Bad request version number %d.%d.", major, minor);
+ }
+ else if ((major * 10 + minor) > MaxVersion)
+ {
+ if (httpGetState(client->http) != HTTP_STATE_POST_SEND)
+ httpFlush(client->http); /* Flush trailing (junk) data */
+
+ respond_http(client, HTTP_STATUS_BAD_REQUEST, NULL, NULL, 0);
+ return (0);
}
else if (ippGetRequestId(client->request) <= 0)
- respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "Bad request-id %d.",
- ippGetRequestId(client->request));
+ {
+ respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "Bad request-id %d.", ippGetRequestId(client->request));
+ }
else if (!ippFirstAttribute(client->request))
- respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST,
- "No attributes in request.");
+ {
+ respond_ipp(client, IPP_STATUS_ERROR_BAD_REQUEST, "No attributes in request.");
+ }
else
{
/*
@@ -6877,8 +6910,7 @@ usage(int status) /* O - Exit status */
{
if (!status)
{
- puts(CUPS_SVERSION " - Copyright 2010-2015 by Apple Inc. All rights "
- "reserved.");
+ puts(CUPS_SVERSION " - Copyright (c) 2010-2018 by Apple Inc. All rights reserved.");
puts("");
}
@@ -6888,6 +6920,7 @@ usage(int status) /* O - Exit status */
puts("-2 Supports 2-sided printing (default=1-sided)");
puts("-M manufacturer Manufacturer name (default=Test)");
puts("-P PIN printing mode");
+ puts("-V max-version Set maximum supported IPP version");
puts("-a attributes-file Load printer attributes from file");
puts("-c command Run command for every print job");
printf("-d spool-directory Spool directory "

@ -0,0 +1,98 @@
diff --git a/templates/admin.tmpl b/templates/admin.tmpl
index 101f960..5ebd813 100644
--- a/templates/admin.tmpl
+++ b/templates/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Edit Configuration File"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Access Log"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Error Log"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Page Log"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/de/admin.tmpl b/templates/de/admin.tmpl
index fb2851a..f8ddeff 100644
--- a/templates/de/admin.tmpl
+++ b/templates/de/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Konfigurationsdatei bearbeiten"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Zugriffsprotokoll anzeigen"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Fehlerprotokoll anzeigen"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Seitenprotokoll anzeigen"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/es/admin.tmpl b/templates/es/admin.tmpl
index 097c65c..b83b1a0 100644
--- a/templates/es/admin.tmpl
+++ b/templates/es/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Editar archivo de configuraci&oacute;n"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de accesos"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de errores"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de p&aacute;ginas"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/fr/admin.tmpl b/templates/fr/admin.tmpl
index 2fcd9c5..e365ff3 100644
--- a/templates/fr/admin.tmpl
+++ b/templates/fr/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Éditer le fichier de configuration"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Access Log"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Error Log"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Page Log"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/ja/admin.tmpl b/templates/ja/admin.tmpl
index 13d6f13..f5fa750 100644
--- a/templates/ja/admin.tmpl
+++ b/templates/ja/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="設定ファイルの編集"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="アクセスログの表示"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="エラーログの表示"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="ページログの表示"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/pt_BR/admin.tmpl b/templates/pt_BR/admin.tmpl
index b847bef..e11d889 100644
--- a/templates/pt_BR/admin.tmpl
+++ b/templates/pt_BR/admin.tmpl
@@ -27,9 +27,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Editar arquivo de configura&ccedil;&atilde;o"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver log de acessos"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver log de erros"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver log de p&aacute;ginas"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>
diff --git a/templates/ru/admin.tmpl b/templates/ru/admin.tmpl
index 49a168c..44b1493 100644
--- a/templates/ru/admin.tmpl
+++ b/templates/ru/admin.tmpl
@@ -26,9 +26,6 @@
<P>
<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Редактировать конфигурационный файл"></FORM>
- <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал заданий"></FORM>
- <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал ошибок"></FORM>
- <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал страниц"></FORM>
</P>
{SETTINGS_ERROR?<P>{SETTINGS_MESSAGE}</P>

@ -0,0 +1,22 @@
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 649995bb5..2396c9b58 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -4873,6 +4873,8 @@ copy_printer_attrs(
* and document-format attributes that may be provided by the client.
*/
+ _cupsRWLockRead(&printer->lock);
+
curtime = time(NULL);
if (!ra || cupsArrayFind(ra, "marker-change-time"))
@@ -5034,6 +5036,8 @@ copy_printer_attrs(
if (printer->ppd_attrs)
copy_attrs(con->response, printer->ppd_attrs, ra, IPP_TAG_ZERO, 0, NULL);
copy_attrs(con->response, CommonData, ra, IPP_TAG_ZERO, IPP_TAG_COPY, NULL);
+
+ _cupsRWUnlock(&printer->lock);
}

@ -4,6 +4,7 @@ Date: Mon, 2 May 2022 15:35:20 -0400
Subject: [PATCH] Update man pages for -h option (Issue #357)
---
CHANGES.md | 1 +
doc/help/man-cancel.html | 7 ++++---
doc/help/man-cupsctl.html | 7 ++++---
doc/help/man-ipptool.html | 6 ++++++
@ -241,27 +242,39 @@ diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html
index 6dda87f64..6af78290b 100644
--- a/doc/help/man-lpoptions.html
+++ b/doc/help/man-lpoptions.html
@@ -12,9 +12,9 @@ lpoptions - display or set printer options and defaults
@@ -12,12 +12,12 @@
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
]
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
[
@@ -23,20 +23,20 @@ lpoptions - display or set printer options and defaults
@@ -26,26 +26,26 @@
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
@ -270,27 +283,39 @@ index 6dda87f64..6af78290b 100644
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-r</b>
@@ -44,9 +44,9 @@ lpoptions - display or set printer options and defaults
@@ -53,12 +53,12 @@
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
]
<b>-x </b><i>destination</i>[<b>/</b><i>instance</i>]
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
@@ -72,6 +72,7 @@ If <i>instance</i> is supplied then that particular instance is used.
@@ -84,6 +84,7 @@
This option overrides the system default printer for the current user.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Uses an alternate server.
@ -298,6 +323,15 @@ index 6dda87f64..6af78290b 100644
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Lists the printer specific options and their current settings.
<dt><b>-o </b><i>option</i>[<b>=</b><i>value</i>]
@@ -119,7 +120,7 @@
<a href="man-lprm.html?TOPIC=Man+Pages"><b>lprm</b>(1),</a>
CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright &copy; 2007-2017 by Apple Inc.
+Copyright &copy; 2021-2022 by OpenPrinting.
</body>
</html>
diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html
index 1c9e704ff..19e536d3c 100644
--- a/doc/help/man-lpq.html
@ -410,15 +444,15 @@ index f23089bbe..2c5dedc7c 100644
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a long listing of printers, classes, or jobs.
<dt><b>-o </b>[<i>destination(s)</i>]
diff --git a/man/cancel.1 b/man/cancel.1
diff --git a/man/cancel.man b/man/cancel.man
index 34a5d9fc0..caea0ed69 100644
--- a/man/cancel.1
+++ b/man/cancel.1
@@ -8,12 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/cancel.man
+++ b/man/cancel.man
@@ -10,12 +10,15 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cancel 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH cancel 1 "CUPS" "15 April 2014" "Apple Inc."
+.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cancel \- cancel jobs
@ -431,7 +465,7 @@ index 34a5d9fc0..caea0ed69 100644
.B \-E
] [
.B \-U
@@ -21,9 +24,6 @@ cancel \- cancel jobs
@@ -23,9 +26,6 @@
] [
.B \-a
] [
@ -441,7 +475,7 @@ index 34a5d9fc0..caea0ed69 100644
.B \-u
.I username
] [
@@ -50,6 +50,7 @@ Forces encryption when connecting to the server.
@@ -52,6 +52,7 @@
.TP 5
\fB\-h \fIhostname\fR[\fI:port\fR]
Specifies an alternate server.
@ -449,15 +483,15 @@ index 34a5d9fc0..caea0ed69 100644
.TP 5
\fB\-U \fIusername\fR
Specifies the username to use when connecting to the server.
diff --git a/man/cupsctl.8 b/man/cupsctl.8
diff --git a/man/cupsctl.man b/man/cupsctl.man
index 1b1ff4183..7e50d07ac 100644
--- a/man/cupsctl.8
+++ b/man/cupsctl.8
@@ -8,20 +8,20 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/cupsctl.man
+++ b/man/cupsctl.man
@@ -10,20 +10,20 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsctl 8 "CUPS" "26 April 2019" "Apple Inc."
-.TH cupsctl 8 "CUPS" "30 May 2016" "Apple Inc."
+.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cupsctl \- configure cupsd.conf options
@ -478,7 +512,7 @@ index 1b1ff4183..7e50d07ac 100644
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
] [
\fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR
@@ -49,6 +49,7 @@ Specifies an alternate username to use when authenticating with the scheduler.
@@ -51,6 +51,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies the server address.
@ -486,15 +520,15 @@ index 1b1ff4183..7e50d07ac 100644
.TP 5
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
Enables (disables) debug logging to the \fIerror_log\fR file.
diff --git a/man/lp.1 b/man/lp.1
diff --git a/man/lp.man b/man/lp.man
index a54f904a5..4bdd2de7b 100644
--- a/man/lp.1
+++ b/man/lp.1
@@ -8,12 +8,14 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lp.man
+++ b/man/lp.man
@@ -10,12 +10,14 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lp 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lp 1 "CUPS" "2 May 2016" "Apple Inc."
+.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lp \- print files
@ -506,7 +540,7 @@ index a54f904a5..4bdd2de7b 100644
.B \-E
] [
.B \-U
@@ -23,8 +25,6 @@ lp \- print files
@@ -25,8 +27,6 @@
] [
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
] [
@ -515,7 +549,7 @@ index a54f904a5..4bdd2de7b 100644
.B \-m
] [
.B \-n
@@ -53,6 +53,8 @@ lp \- print files
@@ -55,6 +55,8 @@
.br
.B lp
[
@ -524,7 +558,7 @@ index a54f904a5..4bdd2de7b 100644
.B \-E
] [
.B \-U
@@ -60,8 +62,6 @@ lp \- print files
@@ -62,8 +64,6 @@
] [
.B \-c
] [
@ -533,7 +567,7 @@ index a54f904a5..4bdd2de7b 100644
.B \-i
.I job-id
] [
@@ -113,6 +113,7 @@ Prints files to the named printer.
@@ -115,6 +115,7 @@
.TP 5
\fB\-h \fIhostname\fR[\fB:\fIport\fR]
Chooses an alternate server.
@ -541,18 +575,18 @@ index a54f904a5..4bdd2de7b 100644
.TP 5
\fB\-i \fIjob-id\fR
Specifies an existing job to modify.
diff --git a/man/lpinfo.8 b/man/lpinfo.8
diff --git a/man/lpinfo.man b/man/lpinfo.man
index d238f9a60..d44b568d2 100644
--- a/man/lpinfo.8
+++ b/man/lpinfo.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lpinfo.man
+++ b/man/lpinfo.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpinfo 8 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpinfo 8 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpinfo \- show available devices or drivers (deprecated)
lpinfo \- show available devices or drivers
.SH SYNOPSIS
.B lpinfo
[
@ -565,7 +599,7 @@ index d238f9a60..d44b568d2 100644
.B \-l
] [
.B \-\-device\-id
@@ -42,10 +42,10 @@ lpinfo \- show available devices or drivers (deprecated)
@@ -44,10 +44,10 @@
.br
.B lpinfo
[
@ -578,7 +612,7 @@ index d238f9a60..d44b568d2 100644
.B \-l
] [
.B \-\-exclude\-schemes
@@ -69,6 +69,7 @@ Forces encryption when connecting to the server.
@@ -71,6 +71,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Selects an alternate server.
@ -586,15 +620,15 @@ index d238f9a60..d44b568d2 100644
.TP 5
.B \-l
Shows a "long" listing of devices or drivers.
diff --git a/man/lpmove.8 b/man/lpmove.8
diff --git a/man/lpmove.man b/man/lpmove.man
index af3c6b63c..62adba654 100644
--- a/man/lpmove.8
+++ b/man/lpmove.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lpmove.man
+++ b/man/lpmove.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpmove 8 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpmove 8 "CUPS" "26 May 2016" "Apple Inc."
+.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpmove \- move a job or all jobs to a new destination
@ -610,7 +644,7 @@ index af3c6b63c..62adba654 100644
.B \-U
.I username
]
@@ -26,10 +26,10 @@ lpmove \- move a job or all jobs to a new destination
@@ -28,10 +28,10 @@
.br
.B lpmove
[
@ -623,7 +657,7 @@ index af3c6b63c..62adba654 100644
.B \-U
.I username
]
@@ -48,6 +48,7 @@ Specifies an alternate username.
@@ -50,6 +50,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
@ -631,67 +665,80 @@ index af3c6b63c..62adba654 100644
.SH EXAMPLES
Move job 123 from "oldprinter" to "newprinter":
.nf
diff --git a/man/lpoptions.1 b/man/lpoptions.1
diff --git a/man/lpoptions.man.in b/man/lpoptions.man.in
index 372f46a37..2eb5b6010 100644
--- a/man/lpoptions.1
+++ b/man/lpoptions.1
@@ -8,15 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lpoptions.man.in
+++ b/man/lpoptions.man.in
@@ -10,18 +10,18 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpoptions 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpoptions 1 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpoptions \- display or set printer options and defaults
.SH SYNOPSIS
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
.B \-E
] [
.B \-U
.I username
-] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
]
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
[
@@ -25,20 +25,20 @@ lpoptions \- display or set printer options and defaults
@@ -30,13 +30,13 @@
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
\fB\-o \fIoption\fR[\fB=\fIvalue\fR] ...
@@ -43,13 +43,13 @@
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
.B \-r
@@ -46,9 +46,9 @@ lpoptions \- display or set printer options and defaults
@@ -57,12 +57,12 @@
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
.B \-E
] [
.B \-U
.I username
-] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
]
\fB\-x \fIdestination\fR[\fB/\fIinstance\fR]
.SH DESCRIPTION
@@ -79,6 +79,7 @@ This option overrides the system default printer for the current user.
@@ -96,6 +96,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Uses an alternate server.
@ -699,15 +746,15 @@ index 372f46a37..2eb5b6010 100644
.TP 5
.B \-l
Lists the printer specific options and their current settings.
diff --git a/man/lpq.1 b/man/lpq.1
diff --git a/man/lpq.man b/man/lpq.man
index ce23a6c81..a81633ecb 100644
--- a/man/lpq.1
+++ b/man/lpq.1
@@ -8,19 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lpq.man
+++ b/man/lpq.man
@@ -10,19 +10,19 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpq 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpq 1 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpq \- show printer queue status
@ -726,7 +773,7 @@ index ce23a6c81..a81633ecb 100644
\fB\-P \fIdestination\fR[\fB/\fIinstance\fR]
] [
.B \-a
@@ -51,6 +51,7 @@ Reports jobs on all printers.
@@ -53,6 +53,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
@ -734,15 +781,15 @@ index ce23a6c81..a81633ecb 100644
.TP 5
.B \-l
Requests a more verbose (long) reporting format.
diff --git a/man/lpr.1 b/man/lpr.1
diff --git a/man/lpr.man b/man/lpr.man
index e5f9f9018..77a62b305 100644
--- a/man/lpr.1
+++ b/man/lpr.1
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lpr.man
+++ b/man/lpr.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpr 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpr 1 "CUPS" "2 May 2016" "Apple Inc."
+.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpr \- print files
@ -758,7 +805,7 @@ index e5f9f9018..77a62b305 100644
.B \-U
.I username
] [
@@ -70,6 +70,7 @@ Forces encryption when connecting to the server.
@@ -72,6 +72,7 @@
.TP 5
\fB\-H \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
@ -766,15 +813,15 @@ index e5f9f9018..77a62b305 100644
.TP 5
\fB\-C "\fIname\fB"\fR
.TP 5
diff --git a/man/lprm.1 b/man/lprm.1
diff --git a/man/lprm.man b/man/lprm.man
index 094166539..0cf88ac51 100644
--- a/man/lprm.1
+++ b/man/lprm.1
@@ -8,20 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
--- a/man/lprm.man
+++ b/man/lprm.man
@@ -10,20 +10,19 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lprm 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lprm 1 "CUPS" "22 May 2014" "Apple Inc."
+.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lprm \- cancel print jobs
@ -794,7 +841,7 @@ index 094166539..0cf88ac51 100644
.B \-P
.IR destination [ /instance ]
] [
@@ -50,6 +49,7 @@ Specifies an alternate username.
@@ -52,6 +51,7 @@
.TP 5
\fB\-h \fIserver\fR[\fI:port\fR]
Specifies an alternate server.
@ -802,23 +849,26 @@ index 094166539..0cf88ac51 100644
.SH CONFORMING TO
The CUPS version of
.B lprm
diff --git a/man/lpstat.1 b/man/lpstat.1
diff --git a/man/lpstat.man b/man/lpstat.man
index 0a10cd9bc..88acff7b3 100644
--- a/man/lpstat.1
+++ b/man/lpstat.1
@@ -1,17 +1,20 @@
--- a/man/lpstat.man
+++ b/man/lpstat.man
@@ -1,8 +1,8 @@
.\"
.\" lpstat man page for CUPS.
.\"
-.\" Copyright 2007-2019 by Apple Inc.
-.\" Copyright 2007-2017 by Apple Inc.
-.\" Copyright 1997-2006 by Easy Software Products.
+.\" Copyright © 2021-2022 by OpenPrinting.
+.\" Copyright © 2007-2019 by Apple Inc.
+.\" Copyright © 1997-2006 by Easy Software Products.
.\"
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more information.
.\" These coded instructions, statements, and computer programs are the
.\" property of Apple Inc. and are protected by Federal copyright
@@ -10,12 +10,14 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpstat 1 "CUPS" "26 April 2019" "Apple Inc."
-.TH lpstat 1 "CUPS" "26 May 2017" "Apple Inc."
+.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpstat \- print cups status information
@ -830,7 +880,7 @@ index 0a10cd9bc..88acff7b3 100644
.B \-E
] [
.B \-H
@@ -19,8 +22,6 @@
@@ -23,8 +25,6 @@
.B \-U
.I username
] [
@ -839,7 +889,7 @@ index 0a10cd9bc..88acff7b3 100644
.B \-l
] [
.B \-W
@@ -100,6 +101,7 @@
@@ -104,6 +104,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
@ -847,9 +897,3 @@ index 0a10cd9bc..88acff7b3 100644
.TP 5
.B \-l
Shows a long listing of printers, classes, or jobs.
@@ -145,4 +147,4 @@
.BR lprm (1),
CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright \[co] 2007-2019 by Apple Inc.
+Copyright \[co] 2021-2022 by OpenPrinting.

@ -0,0 +1,109 @@
From 7271db11d27fe436f0c743bed3be8a5c6f93f2c2 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 9 Apr 2018 09:50:19 -0400
Subject: [PATCH] Use cupsGetNamedDest for legacy printing APIs (Issue #5288)
---
cups/util.c | 59 +++++-----------------------
xcode/CUPS.xcodeproj/project.pbxproj | 6 ++-
2 files changed, 15 insertions(+), 50 deletions(-)
diff --git a/cups/util.c b/cups/util.c
index ebc54d3cf..b15963e9e 100644
--- a/cups/util.c
+++ b/cups/util.c
@@ -21,19 +22,6 @@
#endif /* WIN32 || __EMX__ */
-/*
- * Enumeration data and callback...
- */
-
-typedef struct _cups_createdata_s
-{
- const char *name; /* Destination name */
- cups_dest_t *dest; /* Matching destination */
-} _cups_createdata_t;
-
-static int cups_create_cb(_cups_createdata_t *data, unsigned flags, cups_dest_t *dest);
-
-
/*
* 'cupsCancelJob()' - Cancel a print job on the default server.
*
@@ -168,7 +156,7 @@ cupsCreateJob(
{
int job_id = 0; /* job-id value */
ipp_status_t status; /* Create-Job status */
- _cups_createdata_t data; /* Enumeration data */
+ cups_dest_t *dest; /* Destination */
cups_dinfo_t *info; /* Destination information */
@@ -188,12 +176,7 @@ cupsCreateJob(
* Lookup the destination...
*/
- data.name = name;
- data.dest = NULL;
-
- cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_create_cb, &data);
-
- if (!data.dest)
+ if ((dest = cupsGetNamedDest(http, name, NULL)) == NULL)
{
DEBUG_puts("1cupsCreateJob: Destination not found.");
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0);
@@ -205,18 +188,18 @@ cupsCreateJob(
*/
DEBUG_puts("1cupsCreateJob: Querying destination info.");
- if ((info = cupsCopyDestInfo(http, data.dest)) == NULL)
+ if ((info = cupsCopyDestInfo(http, dest)) == NULL)
{
DEBUG_puts("1cupsCreateJob: Query failed.");
- cupsFreeDests(1, data.dest);
+ cupsFreeDests(1, dest);
return (0);
}
- status = cupsCreateDestJob(http, data.dest, info, &job_id, title, num_options, options);
+ status = cupsCreateDestJob(http, dest, info, &job_id, title, num_options, options);
DEBUG_printf(("1cupsCreateJob: cupsCreateDestJob returned %04x (%s)", status, ippErrorString(status)));
cupsFreeDestInfo(info);
- cupsFreeDests(1, data.dest);
+ cupsFreeDests(1, dest);
/*
* Return the job...
@@ -968,25 +951,3 @@ cupsStartDocument(
return (status);
}
-
-/*
- * 'cups_create_cb()' - Find the destination for printing.
- */
-
-static int /* O - 0 on match */
-cups_create_cb(
- _cups_createdata_t *data, /* I - Data from cupsCreateJob call */
- unsigned flags, /* I - Enumeration flags */
- cups_dest_t *dest) /* I - Destination */
-{
- DEBUG_printf(("2cups_create_cb(data=%p(%s), flags=%08x, dest=%p(%s))", (void *)data, data->name, flags, (void *)dest, dest->name));
-
- (void)flags;
-
- if (dest->instance || strcasecmp(data->name, dest->name))
- return (1);
-
- cupsCopyDest(dest, 0, &data->dest);
-
- return (0);
-}
--
2.35.1

@ -0,0 +1,65 @@
From 4ddeb8544e2e5c63a405d9e093ac24704f3deb03 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Tue, 21 Jul 2020 12:54:22 +0200
Subject: [PATCH] cups/dests.c: cupsGetNamedDest() - set
IPP_STATUS_ERROR_NOT_FOUND error if queue was not found lp.c/lpr.c: check for
IPP_STATUS_ERROR_NOT_FOUND and generate a proper message if hit
---
berkeley/lpr.c | 6 ++++++
cups/dest.c | 3 +++
systemv/lp.c | 6 ++++++
3 files changed, 15 insertions(+)
diff --git a/berkeley/lpr.c b/berkeley/lpr.c
index 627fa6a4e..a8f78b881 100644
--- a/berkeley/lpr.c
+++ b/berkeley/lpr.c
@@ -234,6 +234,12 @@ main(int argc, /* I - Number of command-line arguments */
_cupsLangPrintf(stderr, _("%s: Error - add '/version=1.1' to server name."), argv[0]);
return (1);
}
+ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND)
+ {
+ _cupsLangPrintf(stderr,
+ _("%s: Error - The printer or class does not exist."), argv[0]);
+ return (1);
+ }
break;
case '#' : /* Number of copies */
diff --git a/cups/dest.c b/cups/dest.c
index cde987a09..2017792a7 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -1839,7 +1839,10 @@ cupsGetNamedDest(http_t *http, /* I - Connection to server or @code CUPS_HTT
cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_name_cb, &data);
if (!data.dest)
+ {
+ _cupsSetError(IPP_STATUS_ERROR_NOT_FOUND, _("The printer or class does not exist."), 1);
return (NULL);
+ }
dest = data.dest;
}
diff --git a/systemv/lp.c b/systemv/lp.c
index 298c15825..d918b4b14 100644
--- a/systemv/lp.c
+++ b/systemv/lp.c
@@ -161,6 +161,12 @@ main(int argc, /* I - Number of command-line arguments */
"name."), argv[0]);
return (1);
}
+ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND)
+ {
+ _cupsLangPrintf(stderr,
+ _("%s: Error - The printer or class does not exist."), argv[0]);
+ return (1);
+ }
break;
case 'f' : /* Form */
--
2.31.1

@ -25,7 +25,7 @@ index a61ee0449..6aeeb8074 100644
* Listen...
*/
- if (listen(fd, 128))
- if (listen(fd, 5))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);

@ -1,53 +0,0 @@
From d9924186325c89aefa56e36258f56f246dd2c4ad Mon Sep 17 00:00:00 2001
From: Richard Lescak <rlescak@redhat.com>
Date: Tue, 11 Jan 2022 10:53:34 +0100
Subject: [PATCH] cups/http.c,encode.c: Fix memory leaks
---
CHANGES.md | 3 ++-
cups/encode.c | 1 +
cups/http.c | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/cups/encode.c b/cups/encode.c
index 5bcbf6fe5..15b1c6b40 100644
--- a/cups/encode.c
+++ b/cups/encode.c
@@ -655,6 +655,7 @@ _cupsEncodeOption(
ippSetCollection(ipp, &attr, i, collection);
cupsEncodeOptions2(collection, num_cols, cols, IPP_TAG_JOB);
cupsFreeOptions(num_cols, cols);
+ ippDelete(collection);
break;
default :
diff --git a/cups/http.c b/cups/http.c
index bd41e6f8e..4b6a24bd3 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -4624,6 +4624,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */
* Restore the HTTP request data...
*/
+ httpClearFields(http);
memcpy(http->_fields, myhttp._fields, sizeof(http->_fields));
memcpy(http->fields, myhttp.fields, sizeof(http->fields));
diff --git a/cups/ppd.c b/cups/ppd.c
index 525df3592..54368ac4c 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -3430,12 +3430,12 @@ ppd_update_filters(ppd_file_t *ppd, /* I - PPD file */
srctype[256],
dstsuper[16], /* Destination MIME media type */
dsttype[256],
- program[1024], /* Command to run */
*ptr, /* Pointer into command to run */
buffer[1024], /* Re-written cupsFilter value */
**filter; /* Current filter */
int cost; /* Cost of filter */
+ char program[1024] = { 0 }; /* Command to run */
DEBUG_printf(("4ppd_update_filters(ppd=%p, cg=%p)", ppd, pg));

@ -11,14 +11,6 @@ diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,6 +1,7 @@
/*
* String functions for CUPS.
*
+ * Copyright © 2023 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */

@ -0,0 +1,10 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index 307d69b..add238b 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -10,4 +10,4 @@ Restart=on-failure
[Install]
Also=cups.socket cups.path
-WantedBy=printer.target
+WantedBy=printer.target multi-user.target

@ -0,0 +1,95 @@
diff -up cups-2.2b2/cups/http-support.c.avahi-address cups-2.2b2/cups/http-support.c
--- cups-2.2b2/cups/http-support.c.avahi-address 2016-06-24 17:43:35.000000000 +0200
+++ cups-2.2b2/cups/http-support.c 2016-06-27 15:31:34.201361844 +0200
@@ -2340,7 +2340,7 @@ http_resolve_cb(
const char *type, /* I - Registration type */
const char *domain, /* I - Domain (unused) */
const char *hostTarget, /* I - Hostname */
- const AvahiAddress *address, /* I - Address (unused) */
+ const AvahiAddress *address, /* I - Address */
uint16_t port, /* I - Port number */
AvahiStringList *txt, /* I - TXT record */
AvahiLookupResultFlags flags, /* I - Lookup flags (unused) */
@@ -2493,39 +2493,62 @@ http_resolve_cb(
* getting the IP address of the .local name and then do reverse-lookups...
*/
- http_addrlist_t *addrlist, /* List of addresses */
- *addr; /* Current address */
+ http_addr_t addr;
+ size_t addrlen;
+ int error;
DEBUG_printf(("5http_resolve_cb: Looking up \"%s\".", hostTarget));
- snprintf(fqdn, sizeof(fqdn), "%d", ntohs(port));
- if ((addrlist = httpAddrGetList(hostTarget, AF_UNSPEC, fqdn)) != NULL)
+ switch (address->proto)
{
- for (addr = addrlist; addr; addr = addr->next)
+ case AVAHI_PROTO_INET:
+ addr.ipv4.sin_family = AF_INET;
+ addrlen = sizeof (addr.ipv4.sin_addr);
+ memcpy (&addr.ipv4.sin_addr, &address->data, addrlen);
+ break;
+ case AVAHI_PROTO_INET6:
+ addr.ipv6.sin6_family = AF_INET6;
+ addrlen = sizeof (addr.ipv6.sin6_addr);
+ memcpy (&addr.ipv6.sin6_addr, &address->data, addrlen);
+ break;
+ default:
+ DEBUG_printf(("8http_resolve_cb: unknown address family %d",
+ address->proto));
+ addrlen = 0;
+ }
+
+ if (addrlen > 0) {
+ error = getnameinfo(&addr.addr, httpAddrLength (&addr),
+ fqdn, sizeof(fqdn), NULL, 0, NI_NAMEREQD);
+
+ if (!error)
{
- int error = getnameinfo(&(addr->addr.addr), (socklen_t)httpAddrLength(&(addr->addr)), fqdn, sizeof(fqdn), NULL, 0, NI_NAMEREQD);
+ DEBUG_printf(("8http_resolve_cb: Found \"%s\".", fqdn));
- if (!error)
- {
- DEBUG_printf(("5http_resolve_cb: Found \"%s\".", fqdn));
+ if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
+ _cups_strcasecmp(hostptr, ".local"))
- if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
- _cups_strcasecmp(hostptr, ".local"))
- {
- hostTarget = fqdn;
- break;
- }
+ {
+ hostTarget = fqdn;
}
+ } else {
+ avahi_address_snprint (fqdn, sizeof (fqdn), address);
+ hostTarget = fqdn;
+
#ifdef DEBUG
- else
- DEBUG_printf(("5http_resolve_cb: \"%s\" did not resolve: %d",
- httpAddrString(&(addr->addr), fqdn, sizeof(fqdn)),
- error));
+ DEBUG_printf(("8http_resolve_cb: \"%s\" did not resolve: %d",
+ fqdn, error));
#endif /* DEBUG */
}
- httpAddrFreeList(addrlist);
}
+ } else {
+ /*
+ * Use the IP address that responded...
+ */
+
+ avahi_address_snprint (fqdn, sizeof (fqdn), address);
+ hostTarget = fqdn;
}
/*

File diff suppressed because it is too large Load Diff

@ -1,16 +0,0 @@
diff --git a/scheduler/main.c b/scheduler/main.c
index e1fa357..53ca94a 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -1760,6 +1760,11 @@ select_timeout(int fds) /* I - Number of descriptors returned */
/*
* Check for any job activity...
*/
+ if (JobHistoryUpdate && timeout > JobHistoryUpdate)
+ {
+ timeout = JobHistoryUpdate;
+ why = "update job history";
+ }
for (job = (cupsd_job_t *)cupsArrayFirst(ActiveJobs);
job;

@ -0,0 +1,12 @@
diff -Napur cups-2.2.6-old/scheduler/job.c cups-2.2.6-new/scheduler/job.c
--- cups-2.2.6-old/scheduler/job.c 2022-04-12 17:32:00.635282080 -0700
+++ cups-2.2.6-new/scheduler/job.c 2022-04-12 17:33:34.349452614 -0700
@@ -474,7 +474,7 @@ cupsdCleanJobs(void)
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history.");
cupsdDeleteJob(job, CUPSD_JOB_PURGE);
}
- else if (job->file_time && job->file_time <= curtime)
+ else if (job->file_time && job->file_time <= curtime && job->num_files > 0)
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files.");
remove_job_files(job);

@ -0,0 +1,61 @@
Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it
reads tagged string values (nameWithLanguage and textWithLanguage). The
previous code verified that the length of the sub-strings (language identifier
and name/text value) did not exceed the size of the allocated buffer (1 byte
larger than the maximum IPP value size of 32767 bytes), but did not validate
against the length of the actual IPP value.
The issues introduced by this vulnerability include:
- Potential information disclosure by copying uninitialized areas of memory into
an IPP string value.
- Potential Denial of Service by supplying/using invalid string values when
strict validation has been disabled by the system administrator.
This change ensures that:
1. The language identifier does not extend beyond the end of the IPP value.
2. The length of the name/text string is within the IPP value.
3. The name/text string is within the IPP value.
diff --git a/cups/ipp.c b/cups/ipp.c
index 3d529346c..adbb26fba 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);

@ -1,177 +0,0 @@
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index 02b9d9d..669cb65 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -619,6 +619,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
*oldinfo; /* Old printer information */
const cgi_file_t *file; /* Uploaded file, if any */
const char *var; /* CGI variable */
+ char *ppd_name = NULL; /* Pointer to PPD name */
char uri[HTTP_MAX_URI], /* Device or printer URI */
*uriptr, /* Pointer into URI */
evefile[1024] = ""; /* IPP Everywhere PPD file */
@@ -1124,12 +1125,12 @@ do_am_printer(http_t *http, /* I - HTTP connection */
if (!file)
{
- var = cgiGetVariable("PPD_NAME");
- if (!strcmp(var, "everywhere"))
+ ppd_name = cgiGetVariable("PPD_NAME");
+ if (!strcmp(ppd_name, "everywhere"))
get_printer_ppd(cgiGetVariable("DEVICE_URI"), evefile, sizeof(evefile));
- else if (strcmp(var, "__no_change__"))
+ else if (strcmp(ppd_name, "__no_change__"))
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "ppd-name",
- NULL, var);
+ NULL, ppd_name);
}
ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location",
@@ -1219,7 +1220,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiCopyTemplateLang("printer-modified.tmpl");
}
- else
+ else if (ppd_name && (strcmp(ppd_name, "everywhere") == 0 || strstr(ppd_name, "driverless")))
{
/*
* Set the printer options...
@@ -1229,6 +1230,16 @@ do_am_printer(http_t *http, /* I - HTTP connection */
do_set_options(http, 0);
return;
}
+ else
+ {
+ /*
+ * If we don't have an everywhere model, show printer-added
+ * template with warning about drivers going away...
+ */
+
+ cgiStartHTML(title);
+ cgiCopyTemplateLang("printer-added.tmpl");
+ }
cgiEndHTML();
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index 3bfe4a8..248bdba 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -950,6 +950,8 @@ cupsdLoadAllPrinters(void)
*value, /* Pointer to value */
*valueptr; /* Pointer into value */
cupsd_printer_t *p; /* Current printer */
+ int found_raw = 0; /* Flag whether raw queue is installed */
+ int found_driver = 0; /* Flag whether queue with classic driver is installed */
/*
@@ -1025,6 +1027,30 @@ cupsdLoadAllPrinters(void)
cupsdSetPrinterAttrs(p);
+ if ((p->device_uri && strncmp(p->device_uri, "ipp:", 4) && strncmp(p->device_uri, "ipps:", 5) && strncmp(p->device_uri, "implicitclass:", 14)) ||
+ !p->make_model ||
+ (p->make_model && strstr(p->make_model, "IPP Everywhere") == NULL && strstr(p->make_model, "driverless") == NULL))
+ {
+ /*
+ * Warn users about printer drivers and raw queues will be deprecated.
+ * It will warn users in the following scenarios:
+ * - the queue doesn't use ipp, ipps or implicitclass backend, which means
+ * it doesn't communicate via IPP and is raw or uses a driver for sure
+ * - the queue doesn't have make_model - it is raw
+ * - the queue uses a correct backend, but the model is not IPP Everywhere/driverless
+ */
+ if (!p->make_model)
+ {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s is a raw queue, which is deprecated.", p->name);
+ found_raw = 1;
+ }
+ else
+ {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Queue %s uses a printer driver, which is deprecated.", p->name);
+ found_driver = 1;
+ }
+ }
+
if (strncmp(p->device_uri, "file:", 5) && p->state != IPP_PRINTER_STOPPED)
{
/*
@@ -1415,6 +1441,12 @@ cupsdLoadAllPrinters(void)
}
}
+ if (found_raw)
+ cupsdLogMessage(CUPSD_LOG_WARN, "Raw queues are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
+
+ if (found_driver)
+ cupsdLogMessage(CUPSD_LOG_WARN, "Printer drivers are deprecated and will stop working in a future version of CUPS. See https://github.com/OpenPrinting/cups/issues/103");
+
cupsFileClose(fp);
}
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index ca6d386..daf24d5 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -632,7 +632,7 @@ main(int argc, /* I - Number of command-line arguments */
num_options = cupsRemoveOption("ppd-name", num_options, &options);
}
- else if (ppd_name || file)
+ else if ((ppd_name && strncmp(ppd_name, "driverless:", 11)) || file)
{
_cupsLangPuts(stderr, _("lpadmin: Printer drivers are deprecated and will stop working in a future version of CUPS."));
}
diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl
index e916cf8..9c9b71f 100644
--- a/templates/choose-model.tmpl
+++ b/templates/choose-model.tmpl
@@ -39,7 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Current Driver - {current_make_and_model}</OPTION>:}
-{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model} - IPP Everywhere &trade;</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/printer-added.tmpl b/templates/printer-added.tmpl
index 0ccf6d3..9ebc835 100644
--- a/templates/printer-added.tmpl
+++ b/templates/printer-added.tmpl
@@ -1,4 +1,15 @@
-<H2 CLASS="title">Add Printer</H2>
+<H2 CLASS="title">Add Printer {printer_name}</H2>
<P>Printer <A HREF="/printers/{printer_name}">{printer_name}</A> has been added
successfully.
+
+<blockquote>
+<b>Note:<b>Printer drivers and raw queues are deprecated and will stop working in a future version of CUPS.
+</blockquote>
+
+<FORM ACTION="admin/" METHOD="POST">
+<INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}">
+<INPUT TYPE="HIDDEN" NAME="OP" VALUE="set-printer-options">
+<INPUT TYPE="HIDDEN" NAME="printer_name" VALUE="{printer_name}">
+<INPUT TYPE="SUBMIT" VALUE="Set Printer Options">
+</FORM>
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
index 4498a8c..8776874 100755
--- a/test/run-stp-tests.sh
+++ b/test/run-stp-tests.sh
@@ -1049,10 +1049,10 @@ fi
# Warning log messages
count=`$GREP '^W ' $BASE/log/error_log | $GREP -v CreateProfile | $GREP -v 'libusb error' | $GREP -v ColorManager | $GREP -v 'Avahi client failed' | wc -l | awk '{print $1}'`
-if test $count != 8; then
- echo "FAIL: $count warning messages, expected 8."
+if test $count != 9; then
+ echo "FAIL: $count warning messages, expected 9."
$GREP '^W ' $BASE/log/error_log
- echo " <p>FAIL: $count warning messages, expected 8.</p>" >>$strfile
+ echo " <p>FAIL: $count warning messages, expected 9.</p>" >>$strfile
echo " <pre>" >>$strfile
$GREP '^W ' $BASE/log/error_log | sed -e '1,$s/&/&amp;/g' -e '1,$s/</&lt;/g' >>$strfile
echo " </pre>" >>$strfile

@ -0,0 +1,13 @@
diff --git a/scheduler/main.c b/scheduler/main.c
index 592531a..a6e2c3a 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -947,7 +947,7 @@ main(int argc, /* I - Number of command-line args */
* Write dirty config/state files...
*/
- if (DirtyCleanTime && current_time >= DirtyCleanTime && cupsArrayCount(Clients) == 0)
+ if (DirtyCleanTime && current_time >= DirtyCleanTime)
cupsdCleanDirty();
#ifdef __APPLE__

@ -0,0 +1,38 @@
diff -up cups-2.1.4/backend/dnssd.c.dnssd-deviceid cups-2.1.4/backend/dnssd.c
--- cups-2.1.4/backend/dnssd.c.dnssd-deviceid 2016-06-15 14:36:19.922353606 +0200
+++ cups-2.1.4/backend/dnssd.c 2016-06-15 14:45:45.794966648 +0200
@@ -1188,15 +1188,22 @@ query_callback(
if (device->device_id)
free(device->device_id);
+if (device_id[0])
+{
+ /* Mark this as the real device ID. */
+ ptr = device_id + strlen(device_id);
+ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;");
+}
+
if (!device_id[0] && strcmp(model, "Unknown"))
{
if (make_and_model[0])
- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;",
+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;",
make_and_model, model);
else if (!_cups_strncasecmp(model, "designjet ", 10))
- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;", model + 10);
+ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model + 10);
else if (!_cups_strncasecmp(model, "stylus ", 7))
- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;", model + 7);
+ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", model + 7);
else if ((ptr = strchr(model, ' ')) != NULL)
{
/*
@@ -1206,7 +1213,7 @@ query_callback(
memcpy(make_and_model, model, (size_t)(ptr - model));
make_and_model[ptr - model] = '\0';
- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;",
+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;",
make_and_model, ptr + 1);
}
}

@ -0,0 +1,13 @@
diff --git a/scheduler/client.c b/scheduler/client.c
index bf284e6..0382b01 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1011,8 +1011,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
}
httpClearFields(con->http);
- httpSetField(con->http, HTTP_FIELD_ALLOW,
- "GET, HEAD, OPTIONS, POST, PUT");
httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))

@ -1,11 +1,11 @@
diff -up cups-2.3.1/ppdc/sample.drv.dymo-deviceid cups-2.3.1/ppdc/sample.drv
--- cups-2.3.1/ppdc/sample.drv.dymo-deviceid 2019-12-16 09:22:34.476492212 +0100
+++ cups-2.3.1/ppdc/sample.drv 2019-12-16 09:23:44.665003895 +0100
@@ -129,6 +129,7 @@ Version "2.3"
diff -up cups-1.6.2/ppdc/sample.drv.dymo-deviceid cups-1.6.2/ppdc/sample.drv
--- cups-1.6.2/ppdc/sample.drv.dymo-deviceid 2013-06-18 16:57:02.110662953 +0100
+++ cups-1.6.2/ppdc/sample.drv 2013-06-18 16:58:56.513989117 +0100
@@ -125,6 +125,7 @@ Version "1.5"
{
Manufacturer "DYMO"
Manufacturer "Dymo"
ModelName "Label Printer"
+ Attribute "1284DeviceID" "" "MFG:DYMO;MDL:LabelWriter 400;"
Attribute NickName "" "DYMO Label Printer"
Attribute NickName "" "Dymo Label Printer"
PCFileName "dymo.ppd"
DriverType label

@ -0,0 +1,130 @@
diff -up cups-2.2.5/backend/ipp.c.eggcups cups-2.2.5/backend/ipp.c
--- cups-2.2.5/backend/ipp.c.eggcups 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/backend/ipp.c 2017-10-17 18:56:42.409024451 +0200
@@ -149,6 +149,70 @@ static char tmpfilename[1024] = "";
static char mandatory_attrs[1024] = "";
/* cupsMandatory value */
+#if HAVE_DBUS
+#include <dbus/dbus.h>
+
+static DBusConnection *dbus_connection = NULL;
+
+static int
+init_dbus (void)
+{
+ DBusConnection *connection;
+ DBusError error;
+
+ if (dbus_connection &&
+ !dbus_connection_get_is_connected (dbus_connection)) {
+ dbus_connection_unref (dbus_connection);
+ dbus_connection = NULL;
+ }
+
+ dbus_error_init (&error);
+ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error);
+ if (connection == NULL) {
+ dbus_error_free (&error);
+ return -1;
+ }
+
+ dbus_connection = connection;
+ return 0;
+}
+
+int
+dbus_broadcast_queued_remote (const char *printer_uri,
+ ipp_status_t status,
+ unsigned int local_job_id,
+ unsigned int remote_job_id,
+ const char *username,
+ const char *printer_name)
+{
+ DBusMessage *message;
+ DBusMessageIter iter;
+ const char *errstr;
+
+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) {
+ if (init_dbus () || !dbus_connection)
+ return -1;
+ }
+
+ errstr = ippErrorString (status);
+ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler",
+ "com.redhat.PrinterSpooler",
+ "JobQueuedRemote");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name);
+
+ dbus_connection_send (dbus_connection, message, NULL);
+ dbus_connection_flush (dbus_connection);
+ dbus_message_unref (message);
+
+ return 0;
+}
+#endif /* HAVE_DBUS */
/*
* Local functions...
@@ -1743,6 +1807,15 @@ main(int argc, /* I - Number of comm
fprintf(stderr, "DEBUG: Print job accepted - job ID %d.\n", job_id);
}
+#if HAVE_DBUS
+ dbus_broadcast_queued_remote (argv[0],
+ ipp_status,
+ atoi (argv[1]),
+ job_id,
+ argv[2],
+ getenv ("PRINTER"));
+#endif /* HAVE_DBUS */
+
ippDelete(response);
if (job_canceled)
diff -up cups-2.2.5/backend/Makefile.eggcups cups-2.2.5/backend/Makefile
--- cups-2.2.5/backend/Makefile.eggcups 2017-10-17 18:56:42.409024451 +0200
+++ cups-2.2.5/backend/Makefile 2017-10-17 18:59:11.696781116 +0200
@@ -262,7 +262,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac
ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a
echo Linking $@...
- $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS)
+ $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS)
$(RM) http
$(LN) ipp http
diff -up cups-2.2.5/scheduler/subscriptions.c.eggcups cups-2.2.5/scheduler/subscriptions.c
--- cups-2.2.5/scheduler/subscriptions.c.eggcups 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/subscriptions.c 2017-10-17 18:56:42.409024451 +0200
@@ -1291,13 +1291,13 @@ cupsd_send_dbus(cupsd_eventmask_t event,
what = "PrinterAdded";
else if (event & CUPSD_EVENT_PRINTER_DELETED)
what = "PrinterRemoved";
- else if (event & CUPSD_EVENT_PRINTER_CHANGED)
- what = "QueueChanged";
else if (event & CUPSD_EVENT_JOB_CREATED)
what = "JobQueuedLocal";
else if ((event & CUPSD_EVENT_JOB_STATE) && job &&
job->state_value == IPP_JOB_PROCESSING)
what = "JobStartedLocal";
+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED))
+ what = "QueueChanged";
else
return;
@@ -1333,7 +1333,7 @@ cupsd_send_dbus(cupsd_eventmask_t event,
dbus_message_append_iter_init(message, &iter);
if (dest)
dbus_message_iter_append_string(&iter, dest->name);
- if (job)
+ if (job && strcmp (what, "QueueChanged") != 0)
{
dbus_message_iter_append_uint32(&iter, job->id);
dbus_message_iter_append_string(&iter, job->username);

@ -0,0 +1,25 @@
diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c
index e4ffc3d..a989055 100644
--- a/cups/http-addrlist.c
+++ b/cups/http-addrlist.c
@@ -240,7 +240,10 @@ httpAddrConnect2(
}
if (!addrlist && nfds == 0)
+ {
+ errno = EHOSTDOWN;
break;
+ }
/*
* See if we can connect to any of the addresses so far...
@@ -371,6 +374,9 @@ httpAddrConnect2(
remaining -= 250;
}
+ if (remaining <= 0)
+ errno = ETIMEDOUT;
+
while (nfds > 0)
{
nfds --;

@ -1,6 +1,42 @@
diff -up cups-2.3.3/backend/failover.c.failover cups-2.3.3/backend/failover.c
--- cups-2.3.3/backend/failover.c.failover 2020-06-11 08:49:20.515264358 +0200
+++ cups-2.3.3/backend/failover.c 2020-06-11 08:49:20.515264358 +0200
diff --git a/backend/Makefile b/backend/Makefile
index 3038682..6642016 100644
--- a/backend/Makefile
+++ b/backend/Makefile
@@ -28,6 +28,7 @@ include ../Makedefs
RBACKENDS = \
ipp \
lpd \
+ failover \
$(DNSSD_BACKEND)
UBACKENDS = \
snmp \
@@ -51,6 +52,7 @@ LIBOBJS = \
OBJS = \
ipp.o \
lpd.o \
+ failover.o \
dnssd.o \
snmp.o \
socket.o \
@@ -275,6 +277,13 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend.a
echo Linking $@...
$(LD_CC) $(LDFLAGS) -o lpd lpd.o libbackend.a $(LIBS)
+#
+# failover
+#
+
+failover: failover.o ../cups/$(LIBCUPS) libbackend.a
+ echo Linking $@...
+ $(LD_CC) $(LDFLAGS) -o failover failover.o libbackend.a $(LIBS)
#
# snmp
diff --git a/backend/failover.c b/backend/failover.c
new file mode 100644
index 0000000..9affd8f
--- /dev/null
+++ b/backend/failover.c
@@ -0,0 +1,837 @@
+/*
+ * Failover Backend for the Common UNIX Printing System (CUPS).
@ -839,38 +875,3 @@ diff -up cups-2.3.3/backend/failover.c.failover cups-2.3.3/backend/failover.c
+ else
+ return (NULL);
+}
diff -up cups-2.3.3/backend/Makefile.failover cups-2.3.3/backend/Makefile
--- cups-2.3.3/backend/Makefile.failover 2020-04-27 20:04:29.000000000 +0200
+++ cups-2.3.3/backend/Makefile 2020-06-11 08:52:31.212642019 +0200
@@ -22,6 +22,7 @@ include ../Makedefs
RBACKENDS = \
ipp \
lpd \
+ failover \
$(DNSSD_BACKEND)
UBACKENDS = \
snmp \
@@ -45,6 +46,7 @@ LIBOBJS = \
OBJS = \
ipp.o \
lpd.o \
+ failover.o \
dnssd.o \
snmp.o \
socket.o \
@@ -276,6 +278,15 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend
#
+# failover
+#
+
+failover: failover.o ../cups/$(LIBCUPS) libbackend.a
+ echo Linking $@...
+ $(LD_CC) $(ALL_LDFLAGS) -o failover failover.o libbackend.a $(LINKCUPS)
+
+
+#
# snmp
#

@ -0,0 +1,32 @@
diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c
--- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200
+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200
@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I
if (!filters)
{
+ mime_filter_t *current;
+
cupsdLogJob(job, CUPSD_LOG_ERROR,
"Unable to convert file %d to printable format.",
job->current_file);
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Required: %s/%s -> %s/%s",
+ job->filetypes[job->current_file]->super,
+ job->filetypes[job->current_file]->type,
+ job->printer->filetype->super,
+ job->printer->filetype->type);
+
+ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs);
+ current;
+ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs))
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Available: %s/%s -> %s/%s (%s)",
+ current->src->super, current->src->type,
+ current->dst->super, current->dst->type,
+ current->filter);
+
abort_message = "Aborting job because it cannot be printed.";
abort_state = IPP_JOB_ABORTED;

@ -0,0 +1,371 @@
diff --git a/cups/cups.h b/cups/cups.h
index 8f5c818..9d8c3a3 100644
--- a/cups/cups.h
+++ b/cups/cups.h
@@ -606,6 +606,9 @@ extern ssize_t cupsHashData(const char *algorithm, const void *data, size_t dat
extern int cupsAddIntegerOption(const char *name, int value, int num_options, cups_option_t **options) _CUPS_API_2_2_4;
extern int cupsGetIntegerOption(const char *name, int num_options, cups_option_t *options) _CUPS_API_2_2_4;
+/* New in CUPS 2.3 */
+extern const char *cupsHashString(const unsigned char *hash, size_t hashsize, char *buffer, size_t bufsize);
+
# ifdef __cplusplus
}
# endif /* __cplusplus */
diff --git a/cups/hash.c b/cups/hash.c
index ede5461..8ebe20b 100644
--- a/cups/hash.c
+++ b/cups/hash.c
@@ -21,6 +21,8 @@
# include <CommonCrypto/CommonDigest.h>
#elif defined(HAVE_GNUTLS)
# include <gnutls/crypto.h>
+#else
+# include "md5-private.h"
#endif /* __APPLE__ */
@@ -171,7 +173,9 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
unsigned char temp[64]; /* Temporary hash buffer */
size_t tempsize = 0; /* Truncate to this size? */
- if (!strcmp(algorithm, "sha"))
+ if (!strcmp(algorithm, "md5"))
+ alg = GNUTLS_DIG_MD5;
+ else if (!strcmp(algorithm, "sha"))
alg = GNUTLS_DIG_SHA1;
else if (!strcmp(algorithm, "sha2-224"))
alg = GNUTLS_DIG_SHA224;
@@ -219,10 +223,20 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
#else
/*
- * No hash support without CommonCrypto or GNU TLS...
+ * No hash support beyond MD5 without CommonCrypto or GNU TLS...
*/
- if (hashsize < 64)
+ if (!strcmp(algorithm, "md5"))
+ {
+ _cups_md5_state_t state; /* MD5 state info */
+
+ _cupsMD5Init(&state);
+ _cupsMD5Append(&state, data, datalen);
+ _cupsMD5Finish(&state, hash);
+
+ return (16);
+ }
+ else if (hashsize < 64)
goto too_small;
#endif /* __APPLE__ */
@@ -243,3 +257,51 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1);
return (-1);
}
+
+
+/*
+ * 'cupsHashString()' - Format a hash value as a hexadecimal string.
+ *
+ * The passed buffer must be at least 2 * hashsize + 1 characters in length.
+ */
+
+const char * /* O - Formatted string */
+cupsHashString(
+ const unsigned char *hash, /* I - Hash */
+ size_t hashsize, /* I - Size of hash */
+ char *buffer, /* I - String buffer */
+ size_t bufsize) /* I - Size of string buffer */
+{
+ char *bufptr = buffer; /* Pointer into buffer */
+ static const char *hex = "0123456789abcdef";
+ /* Hex characters (lowercase!) */
+
+
+ /*
+ * Range check input...
+ */
+
+ if (!hash || hashsize < 1 || !buffer || bufsize < (2 * hashsize + 1))
+ {
+ if (buffer)
+ *buffer = '\0';
+ return (NULL);
+ }
+
+ /*
+ * Loop until we've converted the whole hash...
+ */
+
+ while (hashsize > 0)
+ {
+ *bufptr++ = hex[*hash >> 4];
+ *bufptr++ = hex[*hash & 15];
+
+ hash ++;
+ hashsize --;
+ }
+
+ *bufptr = '\0';
+
+ return (buffer);
+}
diff --git a/cups/md5passwd.c b/cups/md5passwd.c
index a9817aa..c9ffe04 100644
--- a/cups/md5passwd.c
+++ b/cups/md5passwd.c
@@ -17,6 +17,7 @@
* Include necessary headers...
*/
+#include <cups/cups.h>
#include "http-private.h"
#include "string-private.h"
@@ -31,7 +32,6 @@ httpMD5(const char *username, /* I - User name */
const char *passwd, /* I - Password string */
char md5[33]) /* O - MD5 string */
{
- _cups_md5_state_t state; /* MD5 state info */
unsigned char sum[16]; /* Sum data */
char line[256]; /* Line to sum */
@@ -41,15 +41,13 @@ httpMD5(const char *username, /* I - User name */
*/
snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd);
- _cupsMD5Init(&state);
- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
- _cupsMD5Finish(&state, sum);
+ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
/*
* Return the sum...
*/
- return (httpMD5String(sum, md5));
+ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
}
@@ -65,7 +63,6 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
const char *resource, /* I - Resource path */
char md5[33]) /* IO - MD5 sum */
{
- _cups_md5_state_t state; /* MD5 state info */
unsigned char sum[16]; /* Sum data */
char line[1024]; /* Line of data */
char a2[33]; /* Hash of method and resource */
@@ -76,9 +73,7 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
*/
snprintf(line, sizeof(line), "%s:%s", method, resource);
- _cupsMD5Init(&state);
- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
- _cupsMD5Finish(&state, sum);
+ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
httpMD5String(sum, a2);
/*
@@ -88,12 +83,9 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
*/
snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2);
+ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
- _cupsMD5Init(&state);
- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
- _cupsMD5Finish(&state, sum);
-
- return (httpMD5String(sum, md5));
+ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
}
@@ -106,23 +98,5 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */
char md5[33])
/* O - MD5 sum in hex */
{
- int i; /* Looping var */
- char *md5ptr; /* Pointer into MD5 string */
- static const char hex[] = "0123456789abcdef";
- /* Hex digits */
-
-
- /*
- * Convert the MD5 sum to hexadecimal...
- */
-
- for (i = 16, md5ptr = md5; i > 0; i --, sum ++)
- {
- *md5ptr++ = hex[*sum >> 4];
- *md5ptr++ = hex[*sum & 15];
- }
-
- *md5ptr = '\0';
-
- return (md5);
+ return ((char *)cupsHashString(sum, 16, md5, 33));
}
diff --git a/scheduler/auth.c b/scheduler/auth.c
index 71df9dc..e7d0006 100644
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -72,9 +72,6 @@ static int check_authref(cupsd_client_t *con, const char *right);
static int compare_locations(cupsd_location_t *a,
cupsd_location_t *b);
static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data);
-#if !HAVE_LIBPAM
-static char *cups_crypt(const char *pw, const char *salt);
-#endif /* !HAVE_LIBPAM */
static void free_authmask(cupsd_authmask_t *am, void *data);
#if HAVE_LIBPAM
static int pam_func(int, const struct pam_message **,
@@ -695,14 +692,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
* client...
*/
- pass = cups_crypt(password, pw->pw_passwd);
+ pass = crypt(password, pw->pw_passwd);
if (!pass || strcmp(pw->pw_passwd, pass))
{
# ifdef HAVE_SHADOW_H
if (spw)
{
- pass = cups_crypt(password, spw->sp_pwdp);
+ pass = crypt(password, spw->sp_pwdp);
if (pass == NULL || strcmp(spw->sp_pwdp, pass))
{
@@ -1988,129 +1985,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */
}
-#if !HAVE_LIBPAM
-/*
- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
- * as needed.
- */
-
-static char * /* O - Encrypted password */
-cups_crypt(const char *pw, /* I - Password string */
- const char *salt) /* I - Salt (key) string */
-{
- if (!strncmp(salt, "$1$", 3))
- {
- /*
- * Use MD5 passwords without the benefit of PAM; this is for
- * Slackware Linux, and the algorithm was taken from the
- * old shadow-19990827/lib/md5crypt.c source code... :(
- */
-
- int i; /* Looping var */
- unsigned long n; /* Output number */
- int pwlen; /* Length of password string */
- const char *salt_end; /* End of "salt" data for MD5 */
- char *ptr; /* Pointer into result string */
- _cups_md5_state_t state; /* Primary MD5 state info */
- _cups_md5_state_t state2; /* Secondary MD5 state info */
- unsigned char digest[16]; /* MD5 digest result */
- static char result[120]; /* Final password string */
-
-
- /*
- * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
- * Get a maximum of 8 characters of salt data after $1$...
- */
-
- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
- if (*salt_end == '$')
- break;
-
- /*
- * Compute the MD5 sum we need...
- */
-
- pwlen = strlen(pw);
-
- _cupsMD5Init(&state);
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
-
- _cupsMD5Init(&state2);
- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
- _cupsMD5Finish(&state2, digest);
-
- for (i = pwlen; i > 0; i -= 16)
- _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
-
- for (i = pwlen; i > 0; i >>= 1)
- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
-
- _cupsMD5Finish(&state, digest);
-
- for (i = 0; i < 1000; i ++)
- {
- _cupsMD5Init(&state);
-
- if (i & 1)
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
- else
- _cupsMD5Append(&state, digest, 16);
-
- if (i % 3)
- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
-
- if (i % 7)
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
- if (i & 1)
- _cupsMD5Append(&state, digest, 16);
- else
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
- _cupsMD5Finish(&state, digest);
- }
-
- /*
- * Copy the final sum to the result string and return...
- */
-
- memcpy(result, salt, (size_t)(salt_end - salt));
- ptr = result + (salt_end - salt);
- *ptr++ = '$';
-
- for (i = 0; i < 5; i ++, ptr += 4)
- {
- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
-
- if (i < 4)
- n |= (unsigned)digest[i + 12];
- else
- n |= (unsigned)digest[5];
-
- to64(ptr, n, 4);
- }
-
- to64(ptr, (unsigned)digest[11], 2);
- ptr += 2;
- *ptr = '\0';
-
- return (result);
- }
- else
- {
- /*
- * Use the standard crypt() function...
- */
-
- return (crypt(pw, salt));
- }
-}
-#endif /* !HAVE_LIBPAM */
-
-
/*
* 'free_authmask()' - Free function for auth masks.
*/

@ -1,124 +0,0 @@
diff --git a/cups/http-support.c b/cups/http-support.c
index a4bc079..9ee2309 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1430,6 +1430,12 @@ _httpSetDigestAuthString(
* Use old RFC 2069 Digest method...
*/
+ if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
+ {
+ DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
+ return (0);
+ }
+
/* H(A1) = H(username:realm:password) */
snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
diff --git a/cups/md5passwd.c b/cups/md5passwd.c
index 9af5de2..5c9a64e 100644
--- a/cups/md5passwd.c
+++ b/cups/md5passwd.c
@@ -19,6 +19,9 @@
/*
* 'httpMD5()' - Compute the MD5 sum of the username:group:password.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -28,22 +31,13 @@ httpMD5(const char *username, /* I - User name */
const char *passwd, /* I - Password string */
char md5[33]) /* O - MD5 string */
{
- unsigned char sum[16]; /* Sum data */
- char line[256]; /* Line to sum */
-
-
- /*
- * Compute the MD5 sum of the user name, group name, and password.
- */
+ (void)username;
+ (void)realm;
+ (void)passwd;
- snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
+ md5[0] = '\0';
- /*
- * Return the sum...
- */
-
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ return (NULL);
}
@@ -52,6 +46,9 @@ httpMD5(const char *username, /* I - User name */
* with the server-supplied nonce value, method, and
* request-uri.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -61,35 +58,22 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
const char *resource, /* I - Resource path */
char md5[33]) /* IO - MD5 sum */
{
- unsigned char sum[16]; /* Sum data */
- char line[1024]; /* Line of data */
- char a2[33]; /* Hash of method and resource */
-
+ (void)nonce;
+ (void)method;
+ (void)resource;
- /*
- * First compute the MD5 sum of the method and resource...
- */
+ md5[0] = '\0';
- snprintf(line, sizeof(line), "%s:%s", method, resource);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
- cupsHashString(sum, sizeof(sum), a2, sizeof(a2));
-
- /*
- * Then combine A1 (MD5 of username, realm, and password) with the nonce
- * and A2 (method + resource) values to get the final MD5 sum for the
- * request...
- */
-
- snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2);
- cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
-
- return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ return (NULL);
}
/*
* 'httpMD5String()' - Convert an MD5 sum to a character string.
*
+ * The function was used for HTTP Digest authentication. Since CUPS 2.4.0
+ * it produces an empty string. Please use @link cupsDoAuthentication@ instead.
+ *
* @deprecated@
*/
@@ -98,5 +82,9 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */
char md5[33])
/* O - MD5 sum in hex */
{
- return ((char *)cupsHashString(sum, 16, md5, 33));
+ (void)sum;
+
+ md5[0] = '\0';
+
+ return (NULL);
}

@ -0,0 +1,110 @@
diff --git a/scheduler/job.c b/scheduler/job.c
index 82ef2eb..5d5e3aa 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -448,10 +448,20 @@ cupsdCleanJobs(void)
curtime = time(NULL);
JobHistoryUpdate = 0;
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: curtime=%d", (int)curtime);
+
for (job = (cupsd_job_t *)cupsArrayFirst(Jobs);
job;
job = (cupsd_job_t *)cupsArrayNext(Jobs))
{
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: Job %d, state=%d, printer=%p, history_time=%d, file_time=%d", job->id, (int)job->state_value, (void *)job->printer, (int)job->history_time, (int)job->file_time);
+
+ if ((job->history_time && job->history_time < JobHistoryUpdate) || !JobHistoryUpdate)
+ JobHistoryUpdate = job->history_time;
+
+ if ((job->file_time && job->file_time < JobHistoryUpdate) || !JobHistoryUpdate)
+ JobHistoryUpdate = job->file_time;
+
if (job->state_value >= IPP_JOB_CANCELED && !job->printer)
{
/*
@@ -462,26 +472,14 @@ cupsdCleanJobs(void)
(job->history_time && job->history_time <= curtime))
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history.");
- cupsdDeleteJob(job, CUPSD_JOB_PURGE);
+ cupsdDeleteJob(job, CUPSD_JOB_PURGE);
}
else if (job->file_time && job->file_time <= curtime)
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files.");
- cupsdLogJob(job, CUPSD_LOG_DEBUG2, "curtime=%ld, job->file_time=%ld", (long)curtime, (long)job->file_time);
remove_job_files(job);
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
-
- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->history_time;
- }
- else
- {
- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->history_time;
-
- if (job->file_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->file_time;
}
}
}
@@ -1873,7 +1871,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
job->completed_time = attr->values[0].integer;
if (JobHistory < INT_MAX)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -1884,7 +1882,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX)
- job->file_time = attr->values[0].integer + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;
@@ -3100,8 +3098,10 @@ cupsdUpdateJobs(void)
* Update history/file expiration times...
*/
+ job->completed_time = attr->values[0].integer;
+
if (JobHistory < INT_MAX)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -3115,7 +3115,7 @@ cupsdUpdateJobs(void)
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX)
- job->file_time = attr->values[0].integer + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;
@@ -4909,7 +4909,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */
job->completed_time = curtime;
if (JobHistory < INT_MAX && attr)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -4917,7 +4917,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX && attr)
- job->file_time = curtime + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;

@ -1,49 +0,0 @@
diff --git a/config-scripts/cups-compiler.m4 b/config-scripts/cups-compiler.m4
index 733b06c..bb770f0 100644
--- a/config-scripts/cups-compiler.m4
+++ b/config-scripts/cups-compiler.m4
@@ -123,21 +123,35 @@ if test -n "$GCC"; then
OPTIM="-fPIC $OPTIM"
fi
- # The -fstack-protector option is available with some versions of
- # GCC and adds "stack canaries" which detect when the return address
- # has been overwritten, preventing many types of exploit attacks.
- AC_MSG_CHECKING(whether compiler supports -fstack-protector)
+ # The -fstack-protector-strong and -fstack-protector options are available
+ # with some versions of# GCC and adds "stack canaries" which detect
+ # when the return address has been overwritten, preventing many types of exploit attacks.
+ # First check for -fstack-protector-strong, then for -fstack-protector...
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector-strong])
OLDCFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fstack-protector"
- AC_TRY_LINK(,,
+ CFLAGS="$CFLAGS -fstack-protector-strong"
+ AC_TRY_LINK(,,[
if test "x$LSB_BUILD" = xy; then
# Can't use stack-protector with LSB binaries...
OPTIM="$OPTIM -fno-stack-protector"
else
- OPTIM="$OPTIM -fstack-protector"
+ OPTIM="$OPTIM -fstack-protector-strong"
fi
- AC_MSG_RESULT(yes),
- AC_MSG_RESULT(no))
+ AC_MSG_RESULT(yes)
+ ], [
+ AC_MSG_CHECKING([whether compiler supports -fstack-protector])
+ CFLAGS="$OLDCFLAGS -fstack-protector"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM()], [
+ AS_IF([test "x$LSB_BUILD" = xy], [
+ # Can't use stack-protector with LSB binaries...
+ OPTIM="$OPTIM -fno-stack-protector"
+ ], [
+ OPTIM="$OPTIM -fstack-protector"
+ ])
+ ], [
+ AC_MSG_RESULT([no])
+ ])
+ ])
CFLAGS="$OLDCFLAGS"
if test "x$LSB_BUILD" != xy; then

@ -0,0 +1,21 @@
diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c
--- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200
@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p
static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 };
static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 };
static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 };
+static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 };
static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 };
static cups_array_t *DeviceURIs = NULL;
static int HostNameLookups = 0;
@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP
_cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
packet.community, CUPS_ASN1_GET_REQUEST,
DEVICE_PRODUCT, XeroxProductOID);
+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
+ packet.community, CUPS_ASN1_GET_REQUEST,
+ DEVICE_ID, HPDeviceIdOID);
break;
case DEVICE_DESCRIPTION :

@ -0,0 +1,315 @@
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index a604a8a..e678f24 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -974,6 +974,13 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiSetVariable("TEMPLATE_NAME", template);
}
+
+ /*
+ * Set DEVICE_URI to the actual device uri, without make and model from
+ * html form.
+ */
+
+ cgiSetVariable("DEVICE_URI", var);
}
}
@@ -1137,6 +1144,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */
else if (!file &&
(!cgiGetVariable("PPD_NAME") || cgiGetVariable("SELECT_MAKE")))
{
+ int ipp_everywhere = !strncmp(var, "ipp://", 6) || !strncmp(var, "ipps://", 7) || (!strncmp(var, "dnssd://", 8) && (strstr(var, "_ipp._tcp") || strstr(var, "_ipps._tcp")));
+
if (modify && !cgiGetVariable("SELECT_MAKE"))
{
/*
@@ -1282,9 +1291,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiStartHTML(title);
if (!cgiGetVariable("PPD_MAKE"))
cgiSetVariable("PPD_MAKE", cgiGetVariable("CURRENT_MAKE"));
- if (!modify)
- cgiSetVariable("CURRENT_MAKE_AND_MODEL",
- cgiGetArray("PPD_MAKE_AND_MODEL", 0));
+ if (ipp_everywhere)
+ cgiSetVariable("SHOW_IPP_EVERYWHERE", "1");
cgiCopyTemplateLang("choose-model.tmpl");
cgiEndHTML();
}
@@ -4219,6 +4227,11 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
host[256], /* Hostname */
resource[256]; /* Resource path */
int port; /* Port number */
+ static const char * const pattrs[] = /* Printer attributes we need */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -4259,6 +4272,7 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
if (!_ppdCreateFromIPP(buffer, bufsize, response))
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index e5f89ee..b8139c8 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -3089,8 +3089,8 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);
- cupsFilePrintf(fp, "*NickName: \"%s\"\n", model);
- cupsFilePrintf(fp, "*ShortNickName: \"%s\"\n", model);
+ cupsFilePrintf(fp, "*NickName: \"%s - IPP Everywhere\"\n", model);
+ cupsFilePrintf(fp, "*ShortNickName: \"%s - IPP Everywhere\"\n", model);
if ((attr = ippFindAttribute(response, "color-supported", IPP_TAG_BOOLEAN)) != NULL && ippGetBoolean(attr, 0))
cupsFilePuts(fp, "*ColorDevice: True\n");
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 5e9a985..4ed3c39 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -5829,6 +5829,12 @@ create_local_bg_thread(
ipp_t *request, /* Request to printer */
*response; /* Response from printer */
ipp_attribute_t *attr; /* Attribute in response */
+ ipp_status_t status; /* Status code */
+ static const char * const pattrs[] = /* Printer attributes we need */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -5861,12 +5867,35 @@ create_local_bg_thread(
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Connected to %s:%d, sending Get-Printer-Attributes request...", printer->name, host, port);
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
+ ippSetVersion(request, 2, 0);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri);
- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all");
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
+ status = cupsLastError();
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
+
+ if (status == IPP_STATUS_ERROR_BAD_REQUEST || status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED)
+ {
+ /*
+ * Try request using IPP/1.1, in case we are talking to an old CUPS server or
+ * printer...
+ */
- cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s", printer->name, ippErrorString(cupsLastError()));
+ ippDelete(response);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Re-sending Get-Printer-Attributes request using IPP/1.1...", printer->name);
+
+ request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
+ ippSetVersion(request, 1, 1);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all");
+
+ response = cupsDoRequest(http, request, resource);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
+ }
// TODO: Grab printer icon file...
httpClose(http);
@@ -5877,6 +5906,8 @@ create_local_bg_thread(
if (_ppdCreateFromIPP(fromppd, sizeof(fromppd), response))
{
+ _cupsRWLockWrite(&printer->lock);
+
if ((!printer->info || !*(printer->info)) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL)
cupsdSetString(&printer->info, ippGetString(attr, 0, NULL));
@@ -5886,6 +5917,8 @@ create_local_bg_thread(
if ((!printer->geo_location || !*(printer->geo_location)) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL)
cupsdSetString(&printer->geo_location, ippGetString(attr, 0, NULL));
+ _cupsRWUnlock(&printer->lock);
+
if ((from = cupsFileOpen(fromppd, "r")) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Unable to read generated PPD: %s", printer->name, strerror(errno));
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index bb53565..f3510ca 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -33,7 +33,7 @@ static int delete_printer_from_class(http_t *http, char *printer,
static int delete_printer_option(http_t *http, char *printer,
char *option);
static int enable_printer(http_t *http, char *printer);
-static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize);
+static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize, int *num_options, cups_option_t **options);
static cups_ptype_t get_printer_type(http_t *http, char *printer, char *uri,
size_t urisize);
static int set_printer_options(http_t *http, char *printer,
@@ -593,7 +593,7 @@ main(int argc, /* I - Number of command-line arguments */
if ((ppd_name = cupsGetOption("ppd-name", num_options, options)) != NULL && !strcmp(ppd_name, "everywhere") && (device_uri = cupsGetOption("device-uri", num_options, options)) != NULL)
{
- if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile))) == NULL)
+ if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile), &num_options, &options)) == NULL)
return (1);
num_options = cupsRemoveOption("ppd-name", num_options, &options);
@@ -1144,20 +1144,29 @@ enable_printer(http_t *http, /* I - Server connection */
* 'get_printer_ppd()' - Get an IPP Everywhere PPD file for the given URI.
*/
-static char * /* O - Filename or NULL */
-get_printer_ppd(const char *uri, /* I - Printer URI */
- char *buffer, /* I - Filename buffer */
- size_t bufsize) /* I - Size of filename buffer */
+static char * /* O - Filename or NULL */
+get_printer_ppd(
+ const char *uri, /* I - Printer URI */
+ char *buffer, /* I - Filename buffer */
+ size_t bufsize, /* I - Size of filename buffer */
+ int *num_options, /* IO - Number of options */
+ cups_option_t **options) /* IO - Options */
{
http_t *http; /* Connection to printer */
ipp_t *request, /* Get-Printer-Attributes request */
*response; /* Get-Printer-Attributes response */
+ ipp_attribute_t *attr; /* Attribute from response */
char resolved[1024], /* Resolved URI */
scheme[32], /* URI scheme */
userpass[256], /* Username:password */
host[256], /* Hostname */
resource[256]; /* Resource path */
int port; /* Port number */
+ static const char * const pattrs[] = /* Attributes to use */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -1198,9 +1207,26 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
- if (!_ppdCreateFromIPP(buffer, bufsize, response))
+ if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE)
+ {
+ _cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString());
+ buffer[0] = '\0';
+ }
+ else if (_ppdCreateFromIPP(buffer, bufsize, response))
+ {
+ if (!cupsGetOption("printer-geo-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL)
+ *num_options = cupsAddOption("printer-geo-location", ippGetString(attr, 0, NULL), *num_options, options);
+
+ if (!cupsGetOption("printer-info", *num_options, *options) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL)
+ *num_options = cupsAddOption("printer-info", ippGetString(attr, 0, NULL), *num_options, options);
+
+ if (!cupsGetOption("printer-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-location", IPP_TAG_TEXT)) != NULL)
+ *num_options = cupsAddOption("printer-location", ippGetString(attr, 0, NULL), *num_options, options);
+ }
+ else
_cupsLangPrintf(stderr, _("%s: Unable to create PPD file: %s"), "lpadmin", strerror(errno));
ippDelete(response);
diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl
index ee9338c..9c9b71f 100644
--- a/templates/choose-model.tmpl
+++ b/templates/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Current Driver - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/de/choose-model.tmpl b/templates/de/choose-model.tmpl
index cb9b6f3..c73ccb2 100644
--- a/templates/de/choose-model.tmpl
+++ b/templates/de/choose-model.tmpl
@@ -39,6 +39,7 @@ Drucker {?printer_is_shared=?nicht:{?printer_is_shared=0?nicht:}} im Netzwerk fr
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Aktueller Treiber - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/es/choose-model.tmpl b/templates/es/choose-model.tmpl
index 8a5a4ba..b5624f2 100644
--- a/templates/es/choose-model.tmpl
+++ b/templates/es/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Controlador actual - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/fr/choose-model.tmpl b/templates/fr/choose-model.tmpl
index a4e771c..07cf93c 100644
--- a/templates/fr/choose-model.tmpl
+++ b/templates/fr/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Pilote courant - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/ja/choose-model.tmpl b/templates/ja/choose-model.tmpl
index daf1375..6a6e4e4 100644
--- a/templates/ja/choose-model.tmpl
+++ b/templates/ja/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>現在のドライバー - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/pt_BR/choose-model.tmpl b/templates/pt_BR/choose-model.tmpl
index 55d8bd8..0ed6a3c 100644
--- a/templates/pt_BR/choose-model.tmpl
+++ b/templates/pt_BR/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Driver atual - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/ru/choose-model.tmpl b/templates/ru/choose-model.tmpl
index 2f0d6d9..dedbd49 100644
--- a/templates/ru/choose-model.tmpl
+++ b/templates/ru/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Текущий драйвер - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>

@ -0,0 +1,23 @@
diff --git a/backend/ipp.c b/backend/ipp.c
index f8bf7e1..8440d2f 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -422,8 +422,7 @@ main(int argc, /* I - Number of command-line args */
* that way.
*/
- if (!getuid() && (value = getenv("AUTH_UID")) != NULL &&
- !getenv("AUTH_PASSWORD"))
+ if (!getuid() && (value = getenv("AUTH_UID")) != NULL)
{
uid_t uid = (uid_t)atoi(value);
/* User ID */
@@ -457,7 +456,7 @@ main(int argc, /* I - Number of command-line args */
# else /* No XPC, just try to run as the user ID */
if (uid > 0)
- seteuid(uid);
+ setuid(uid);
# endif /* HAVE_XPC */
}
#endif /* HAVE_GSSAPI */

@ -1,115 +0,0 @@
diff --git a/cups/auth.c b/cups/auth.c
index db45bbb..b6fec6b 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
# define cups_gss_printf(major, minor, message)
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int cups_is_local_connection(http_t *http);
static int cups_local_auth(http_t *http);
@@ -174,10 +175,10 @@ cupsDoAuthentication(
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
#ifdef HAVE_GSSAPI
- if (!_cups_strcasecmp(scheme, "Negotiate"))
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
{
/*
- * Kerberos authentication...
+ * Kerberos authentication to remote server...
*/
int gss_status; /* Auth status */
@@ -201,7 +202,9 @@ cupsDoAuthentication(
}
else
#endif /* HAVE_GSSAPI */
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
+ if (_cups_strcasecmp(scheme, "Basic") &&
+ _cups_strcasecmp(scheme, "Digest") &&
+ _cups_strcasecmp(scheme, "Negotiate"))
{
/*
* Other schemes not yet supported...
@@ -215,7 +218,7 @@ cupsDoAuthentication(
* See if we should retry the current username:password...
*/
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
+ if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
@@ -295,7 +298,7 @@ cupsDoAuthentication(
}
}
- if (http->authstring)
+ if (http->authstring && http->authstring[0])
{
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int /* O - 0 if not a local connection */
+ /* 1 if local connection */
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+{
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ return 0;
+ return 1;
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
* See if we are accessing localhost...
*/
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ if (!cups_is_local_connection(http))
{
DEBUG_puts("8cups_local_auth: Not a local connection!");
return (1);
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
}
# endif /* HAVE_AUTHORIZATION_H */
-# ifdef HAVE_GSSAPI
- if (cups_auth_find(www_auth, "Negotiate"))
- return (1);
-# endif /* HAVE_GSSAPI */
-
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
/*
* See if we can authenticate using the peer credentials provided over a
diff --git a/scheduler/client.c b/scheduler/client.c
index 89c76bf..40708d9 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
}
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
{
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
- else
-#endif /* SO_PEERCRED && AF_LOCAL */
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
}
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
{
/*
- * Add a "trc" (try root certification) parameter for local non-Kerberos
+ * Add a "trc" (try root certification) parameter for local
* requests when the request requires system group membership - then the
* client knows the root certificate can/should be used.
*

@ -0,0 +1,63 @@
diff -up cups-2.1b1/scheduler/log.c.logrotate cups-2.1b1/scheduler/log.c
--- cups-2.1b1/scheduler/log.c.logrotate 2015-06-04 20:00:31.000000000 +0200
+++ cups-2.1b1/scheduler/log.c 2015-06-29 13:25:09.623350218 +0200
@@ -26,6 +26,9 @@
# include <systemd/sd-journal.h>
#endif /* HAVE_ASL_H */
#include <syslog.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
/*
@@ -135,12 +138,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I
}
/*
- * Format the filename as needed...
+ * Format the filename...
*/
- if (!*lf ||
- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize &&
- MaxLogSize > 0))
+ if (strncmp(logname, "/dev/", 5))
{
/*
* Handle format strings...
@@ -254,6 +255,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I
/*
* Change ownership and permissions of non-device logs...
*/
+
+ fchown(cupsFileNumber(*lf), RunUser, Group);
+ fchmod(cupsFileNumber(*lf), LogFilePerm);
+ }
+ }
+
+ /*
+ * Has someone else (i.e. logrotate) already rotated the log for us?
+ */
+ else if (strncmp(filename, "/dev/", 5))
+ {
+ struct stat st;
+ if (stat(filename, &st) || st.st_size == 0)
+ {
+ /* File is either missing or has zero size. */
+
+ cupsFileClose(*lf);
+ if ((*lf = cupsFileOpen(filename, "a")) == NULL)
+ {
+ syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename,
+ strerror(errno));
+
+ return (0);
+ }
+
+ /*
+ * Change ownership and permissions of non-device logs...
+ */
fchown(cupsFileNumber(*lf), RunUser, Group);
fchmod(cupsFileNumber(*lf), LogFilePerm);

@ -1,16 +1,100 @@
diff --git a/scheduler/log.c b/scheduler/log.c
index 17331ff02..41ddb4cb9 100644
index 33cdac6..d66bbf9 100644
--- a/scheduler/log.c
+++ b/scheduler/log.c
@@ -569,11 +569,7 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
* Format and write the log message...
*/
@@ -597,51 +597,6 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
if (level > LogLevel && LogDebugHistory <= 0)
return (1);
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- if (job && strcmp(ErrorLog, "syslog"))
-#else
if (job)
- if (!strcmp(ErrorLog, "syslog"))
- {
- cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL;
- static const char * const job_states[] =
- { /* job-state strings */
- "Pending",
- "PendingHeld",
- "Processing",
- "ProcessingStopped",
- "Canceled",
- "Aborted",
- "Completed"
- };
-
- va_start(ap, message);
-
- do
- {
- va_copy(ap2, ap);
- status = format_log_line(message, ap2);
- va_end(ap2);
- }
- while (status == 0);
-
- va_end(ap);
-
- if (job)
- sd_journal_send("MESSAGE=%s", log_line,
- "PRIORITY=%i", log_levels[level],
- PWG_Event"=JobStateChanged",
- PWG_ServiceURI"=%s", printer ? printer->uri : "",
- PWG_JobID"=%d", job->id,
- PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING],
- PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0),
- NULL);
- else
- sd_journal_send("MESSAGE=%s", log_line,
- "PRIORITY=%i", log_levels[level],
- NULL);
-
- return (1);
- }
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
snprintf(jobmsg, sizeof(jobmsg), "[Job %d] %s", job->id, message);
else
strlcpy(jobmsg, message, sizeof(jobmsg));
-
/*
* Format and write the log message...
*/
@@ -705,7 +660,43 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
return (1);
}
else if (level <= LogLevel)
+ {
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ if (!strcmp(ErrorLog, "syslog"))
+ {
+ cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL;
+ static const char * const job_states[] =
+ { /* job-state strings */
+ "Pending",
+ "PendingHeld",
+ "Processing",
+ "ProcessingStopped",
+ "Canceled",
+ "Aborted",
+ "Completed"
+ };
+
+ if (job)
+ sd_journal_send("MESSAGE=%s", log_line,
+ "PRIORITY=%i", log_levels[level],
+ PWG_Event"=JobStateChanged",
+ PWG_ServiceURI"=%s", printer ? printer->uri : "",
+ PWG_JobID"=%d", job->id,
+ PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING],
+ PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0),
+ NULL);
+ else
+ sd_journal_send("MESSAGE=%s", log_line,
+ "PRIORITY=%i", log_levels[level],
+ NULL);
+
+ return (1);
+ }
+ else
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+
return (cupsdWriteErrorLog(level, log_line));
+ }
else
return (1);
}

@ -0,0 +1,48 @@
diff -up cups-2.2b2/berkeley/lpr.c.lpr-help cups-2.2b2/berkeley/lpr.c
--- cups-2.2b2/berkeley/lpr.c.lpr-help 2016-06-24 17:43:35.000000000 +0200
+++ cups-2.2b2/berkeley/lpr.c 2016-06-27 15:11:30.646348752 +0200
@@ -18,6 +18,31 @@
#include <cups/cups-private.h>
+static void
+usage (const char *name)
+{
+ _cupsLangPrintf(stdout,
+"Usage: %s [OPTION] [ file(s) ]\n"
+"Print files.\n\n"
+" -E force encryption\n"
+" -H server[:port] specify alternate server\n"
+" -C title, -J title, -T title\n"
+" set the job name\n\n"
+" -P destination/instance print to named printer\n"
+" -U username specify alternate username\n"
+" -# num-copies set number of copies\n"
+" -h disable banner printing\n"
+" -l print without filtering\n"
+" -m send email on completion\n"
+" -o option[=value] set a job option\n"
+" -p format text file with header\n"
+" -q hold job for printing\n"
+" -r delete files after printing\n"
+"\nWith no file given, read standard input.\n"
+, name);
+}
+
+
/*
* 'main()' - Parse options and send files for printing.
*/
@@ -281,6 +306,12 @@ main(int argc, /* I - Number of comm
break;
default :
+ if (!strcmp (argv[i], "--help"))
+ {
+ usage (argv[0]);
+ return (0);
+ }
+
_cupsLangPrintf(stderr, _("%s: Error - unknown option \"%c\"."), argv[0], *opt);
return (1);
}

@ -1,10 +1,11 @@
diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in
--- cups-2.3.0/config.h.in.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/config.h.in 2019-10-07 12:24:43.058597468 +0200
@@ -684,4 +684,11 @@ static __inline int _cups_abs(int i) { r
diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in
--- cups-2.2.6/config.h.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/config.h.in 2024-08-15 14:55:07.310818870 +0200
@@ -730,4 +730,12 @@ static __inline int _cups_abs(int i) { r
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
+
+/*
+ * Are we trying to meet LSPP requirements?
+ */
@ -13,9 +14,9 @@ diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in
+
+
#endif /* !_CUPS_CONFIG_H_ */
diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/cups-lspp.m4
--- cups-2.3.0/config-scripts/cups-lspp.m4.lspp 2019-10-07 12:24:43.058597468 +0200
+++ cups-2.3.0/config-scripts/cups-lspp.m4 2019-10-07 12:24:43.058597468 +0200
diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/cups-lspp.m4
--- cups-2.2.6/config-scripts/cups-lspp.m4.lspp 2024-08-15 14:55:07.310818870 +0200
+++ cups-2.2.6/config-scripts/cups-lspp.m4 2024-08-15 14:55:07.310818870 +0200
@@ -0,0 +1,36 @@
+dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -40,7 +41,7 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+
+if test x"$enable_lspp" != xno; then
+ case "$uname" in
+ case "$(uname)" in
+ Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h)
@ -53,22 +54,22 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c
+ ;;
+ esac
+fi
diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac
--- cups-2.3.0/configure.ac.lspp 2019-10-07 12:24:43.058597468 +0200
+++ cups-2.3.0/configure.ac 2019-10-07 12:39:20.122546282 +0200
@@ -34,6 +34,8 @@ sinclude(config-scripts/cups-dnssd.m4)
sinclude(config-scripts/cups-startup.m4)
diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac
--- cups-2.2.6/configure.ac.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/configure.ac 2024-08-15 14:55:07.310818870 +0200
@@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4)
sinclude(config-scripts/cups-scripting.m4)
+sinclude(config-scripts/cups-lspp.m4)
+
INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES=""
LANGFILES=""
diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
--- cups-2.3.0/filter/common.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/filter/common.c 2019-10-07 12:24:43.059597461 +0200
@@ -11,6 +11,12 @@
diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
--- cups-2.2.6/filter/common.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/filter/common.c 2024-08-15 14:55:07.310818870 +0200
@@ -17,6 +17,12 @@
* Include necessary headers...
*/
@ -81,7 +82,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
#include "common.h"
#include <locale.h>
@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I
@@ -299,6 +305,18 @@ WriteLabelProlog(const char *label, /* I
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
@ -100,7 +101,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
/*
@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I
@@ -321,6 +339,124 @@ WriteLabelProlog(const char *label, /* I
return;
}
@ -221,11 +222,11 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
+ else
+ {
+#endif /* !WITH_LSPP */
+
+
/*
* Set the classification + page label string...
*/
@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I
@@ -401,7 +537,10 @@ WriteLabelProlog(const char *label, /* I
printf(" %.0f moveto ESPpl show\n", top - 14.0);
puts("pop");
puts("}bind put");
@ -236,10 +237,10 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
/*
diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
--- cups-2.3.0/filter/pstops.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/filter/pstops.c 2019-10-07 12:24:43.059597461 +0200
@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /*
diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c
--- cups-2.2.6/filter/pstops.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/filter/pstops.c 2024-08-15 14:55:07.311818856 +0200
@@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /*
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
@ -258,7 +259,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/*
@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /*
@@ -3198,6 +3210,124 @@ write_label_prolog(pstops_doc_t *doc, /*
return;
}
@ -383,7 +384,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/*
* Set the classification + page label string...
*/
@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /*
@@ -3276,7 +3406,10 @@ write_label_prolog(pstops_doc_t *doc, /*
doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
doc_puts(doc, "pop\n");
doc_puts(doc, "}bind put\n");
@ -394,22 +395,22 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/*
diff -up cups-2.3.0/Makedefs.in.lspp cups-2.3.0/Makedefs.in
--- cups-2.3.0/Makedefs.in.lspp 2019-10-07 12:24:43.059597461 +0200
+++ cups-2.3.0/Makedefs.in 2019-10-07 12:37:19.200565805 +0200
@@ -174,7 +174,7 @@ IPPFIND_MAN = @IPPFIND_MAN@
LDFLAGS = @LDFLAGS@
LINKCUPS = @LINKCUPS@
LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS)
-LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS)
+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
--- cups-2.3.0/scheduler/client.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/client.c 2019-10-07 12:33:10.459693580 +0200
@@ -19,12 +19,20 @@
diff -up cups-2.2.6/Makedefs.in.lspp cups-2.2.6/Makedefs.in
--- cups-2.2.6/Makedefs.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/Makedefs.in 2024-08-15 14:55:07.310818870 +0200
@@ -145,7 +145,7 @@ ARFLAGS = @ARFLAGS@
BACKLIBS = @BACKLIBS@
BUILDDIRS = @BUILDDIRS@
CFLAGS = @CPPFLAGS@ @CFLAGS@
-COMMONLIBS = @LIBS@
+COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
CXXLIBS = @CXXLIBS@
DBUS_NOTIFIER = @DBUS_NOTIFIER@
diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
--- cups-2.2.6/scheduler/client.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/client.c 2024-08-15 14:55:07.311818856 +0200
@@ -22,12 +22,20 @@
#define _HTTP_NO_PRIVATE
#include "cupsd.h"
@ -430,7 +431,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
/*
@@ -265,6 +273,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)
@@ -268,6 +276,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)
}
#endif /* HAVE_TCPD_H */
@ -464,7 +465,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ /*
@ -475,7 +476,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon);
@ -490,9 +491,21 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
#ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{
@@ -558,6 +619,13 @@ cupsdReadClient(cupsd_client_t *con) /*
struct stat filestats; /* File information */
@@ -522,6 +583,11 @@ cupsdCloseClient(cupsd_client_t *con) /*
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -562,6 +628,13 @@ cupsdReadClient(cupsd_client_t *con) /*
mime_type_t *type; /* MIME type of file */
cupsd_printer_t *p; /* Printer */
static unsigned request_id = 0; /* Request ID for temp files */
+#ifdef WITH_LSPP
+ security_context_t spoolcon; /* context of the job file */
@ -504,10 +517,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
status = HTTP_STATUS_CONTINUE;
@@ -1679,6 +1747,73 @@ cupsdReadClient(cupsd_client_t *con) /*
@@ -1924,7 +1997,73 @@ cupsdReadClient(cupsd_client_t *con) /*
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
+#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
@ -568,17 +581,17 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
+ cupsdCloseClient(con);
+ return;
+ }
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ con->filename, context_str(tmpcon));
+ context_free(tmpcon);
+ context_free(clicon);
+ }
}
+#endif /* WITH_LSPP */
+
+ }
if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{
if (!httpWait(con->http, 0))
@@ -3174,6 +3309,49 @@ is_path_absolute(const char *path) /* I
@@ -3456,6 +3595,49 @@ is_path_absolute(const char *path) /* I
return (1);
}
@ -628,10 +641,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
/*
* 'pipe_command()' - Pipe the output of a command to the remote client.
diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h
--- cups-2.3.0/scheduler/client.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/client.h 2019-10-07 12:24:43.113597079 +0200
@@ -13,6 +13,13 @@
diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h
--- cups-2.2.6/scheduler/client.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/client.h 2024-08-15 14:55:07.312818843 +0200
@@ -16,6 +16,13 @@
#endif /* HAVE_AUTHORIZATION_H */
@ -645,7 +658,7 @@ diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h
/*
* HTTP client structure...
*/
@@ -63,6 +70,10 @@ struct cupsd_client_s
@@ -65,6 +72,10 @@ struct cupsd_client_s
#ifdef HAVE_AUTHORIZATION_H
AuthorizationRef authref; /* Authorization ref */
#endif /* HAVE_AUTHORIZATION_H */
@ -656,20 +669,21 @@ diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h
};
#define HTTP(con) ((con)->http)
@@ -136,6 +147,9 @@ extern void cupsdStartListening(void);
extern void cupsdStopListening(void);
@@ -139,6 +150,10 @@ extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */
+
#ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con);
diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
--- cups-2.3.0/scheduler/conf.c.lspp 2019-10-07 12:24:43.049597531 +0200
+++ cups-2.3.0/scheduler/conf.c 2019-10-07 12:24:43.113597079 +0200
@@ -37,6 +37,9 @@
extern int cupsdStartTLS(cupsd_client_t *con);
diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
--- cups-2.2.6/scheduler/conf.c.lspp 2024-08-15 14:55:07.306818923 +0200
+++ cups-2.2.6/scheduler/conf.c 2024-08-15 14:55:07.312818843 +0200
@@ -40,6 +40,9 @@
# define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */
@ -700,7 +714,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/*
@@ -864,6 +874,25 @@ cupsdReadConfiguration(void)
@@ -866,6 +876,25 @@ cupsdReadConfiguration(void)
RunUser = getuid();
@ -726,7 +740,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled");
@@ -1275,7 +1304,19 @@ cupsdReadConfiguration(void)
@@ -1277,7 +1306,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification);
if (Classification)
@ -746,7 +760,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/*
* Check the MaxClients setting, and then allocate memory for it...
@@ -3830,6 +3871,18 @@ read_location(cups_file_t *fp, /* I - C
@@ -3761,6 +3802,18 @@ read_location(cups_file_t *fp, /* I - C
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
@ -765,10 +779,10 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/*
* 'read_policy()' - Read a <Policy name> definition.
diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
--- cups-2.3.0/scheduler/conf.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/conf.h 2019-10-07 12:24:43.113597079 +0200
@@ -243,6 +243,13 @@ VAR char *ServerKeychain VALUE(NULL);
diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h
--- cups-2.2.6/scheduler/conf.h.lspp 2024-08-15 14:55:07.250819672 +0200
+++ cups-2.2.6/scheduler/conf.h 2024-08-15 14:55:07.312818843 +0200
@@ -250,6 +250,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
#endif /* HAVE_SSL */
@ -782,7 +796,7 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
#ifdef HAVE_ONDEMAND
VAR int IdleExitTimeout VALUE(60);
/* Time after which an idle cupsd will exit */
@@ -261,6 +268,9 @@ VAR int HaveServerCreds VALUE(0);
@@ -268,6 +275,9 @@ VAR int HaveServerCreds VALUE(0);
VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */
#endif /* HAVE_GSSAPI */
@ -792,21 +806,12 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
/*
* Prototypes...
diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h
--- cups-2.3.0/scheduler/cupsd.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/cupsd.h 2019-10-07 12:31:38.458480578 +0200
@@ -8,6 +8,8 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
/*
* Include necessary headers.
@@ -33,6 +35,14 @@
diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h
--- cups-2.2.6/scheduler/cupsd.h.lspp 2024-08-15 14:55:07.298819030 +0200
+++ cups-2.2.6/scheduler/cupsd.h 2024-08-15 14:55:07.312818843 +0200
@@ -36,6 +36,14 @@
# include <unistd.h>
#endif /* _WIN32 */
#endif /* WIN32 */
+#include "config.h"
+#ifdef WITH_LSPP
@ -819,21 +824,18 @@ diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h
#include "mime.h"
#if defined(HAVE_CDSASSL)
diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
--- cups-2.3.0/scheduler/ipp.c.lspp 2019-10-07 12:24:43.016597764 +0200
+++ cups-2.3.0/scheduler/ipp.c 2019-10-07 12:31:01.243798920 +0200
@@ -11,6 +11,9 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -27,6 +30,14 @@ extern int mbr_group_name_to_uuid(const
extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember);
@@ -248,4 +256,4 @@ extern void cupsdRunTimeout (cupsd_t
extern void cupsdUpdateTimeout (cupsd_timeout_t *timeout,
const struct timeval *tv);
extern void cupsdRemoveTimeout (cupsd_timeout_t *timeout);
-#endif /* HAVE_AVAHI */
\ No newline at end of file
+#endif /* HAVE_AVAHI */
diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
--- cups-2.2.6/scheduler/ipp.c.lspp 2024-08-15 14:55:07.268819431 +0200
+++ cups-2.2.6/scheduler/ipp.c 2024-08-15 14:56:15.961900807 +0200
@@ -37,6 +37,12 @@ extern int mbr_check_membership_by_id(uu
# endif /* HAVE_MEMBERSHIPPRIV_H */
#endif /* __APPLE__ */
+#ifdef WITH_LSPP
@ -841,13 +843,11 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -51,6 +62,9 @@ static void cancel_all_jobs(cupsd_client
@@ -61,6 +67,9 @@ static void cancel_all_jobs(cupsd_client
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient);
@ -857,7 +857,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1240,6 +1254,21 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1286,6 +1295,21 @@ add_job(cupsd_client_t *con, /* I - Cl
"time-at-creation",
"time-at-processing"
};
@ -879,9 +879,9 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1568,6 +1597,106 @@ add_job(cupsd_client_t *con, /* I - Cl
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
@@ -1607,6 +1631,106 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL);
}
+#ifdef WITH_LSPP
+ if (is_lspp_config())
@ -916,18 +916,18 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else
+ {
@ -986,7 +986,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1576,6 +1705,32 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1615,6 +1739,32 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL);
}
@ -1019,7 +1019,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request;
job->dirty = 1;
@@ -1763,6 +1918,29 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1802,6 +1952,29 @@ add_job(cupsd_client_t *con, /* I - Cl
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
@ -1049,7 +1049,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
job->job_sheets = attr;
@@ -1793,6 +1971,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1832,6 +2005,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
@ -1059,7 +1059,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
}
else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text,
@@ -1811,6 +1992,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1850,6 +2026,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1069,7 +1069,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
}
else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") &&
@@ -1831,6 +2015,9 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1870,6 +2049,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1079,7 +1079,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
}
}
else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1871,8 +2058,52 @@ add_job(cupsd_client_t *con, /* I - Cl
@@ -1910,9 +2092,55 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
@ -1121,18 +1121,21 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ cupsdClearString(&audit_message);
+ }
}
+
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
}
+
+#ifdef WITH_LSPP
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
+
+
/*
* See if we need to add the starting sheet...
@@ -3648,6 +3879,128 @@ check_rss_recipient(
*/
@@ -3694,6 +3922,128 @@ check_rss_recipient(
}
@ -1187,8 +1190,8 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init");
+ return -1;
+ }
+ }
+ }
+ }
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
@ -1204,8 +1207,8 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ return -1;
+ }
+ avc_entry_ref_init(&avcref);
+ tclass = SECCLASS_FILE;
+ avr = FILE__READ;
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "read");
+
+ /*
+ * Perform the check with the client as the subject, first with the job as the object
@ -1261,7 +1264,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/*
* 'check_quotas()' - Check quotas for a printer and user.
*/
@@ -4103,6 +4456,15 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4150,6 +4500,15 @@ copy_banner(cupsd_client_t *con, /* I -
char attrname[255], /* Name of attribute */
*s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */
@ -1277,7 +1280,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4138,6 +4500,85 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4185,6 +4544,85 @@ copy_banner(cupsd_client_t *con, /* I -
fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group);
@ -1363,7 +1366,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/*
* Try the localized banner file under the subdirectory...
@@ -4232,6 +4673,24 @@ copy_banner(cupsd_client_t *con, /* I -
@@ -4279,6 +4717,24 @@ copy_banner(cupsd_client_t *con, /* I -
else
s = attrname;
@ -1388,7 +1391,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if (!strcmp(s, "printer-name"))
{
cupsFilePuts(out, job->dest);
@@ -6439,6 +6898,22 @@ get_job_attrs(cupsd_client_t *con, /* I
@@ -6467,6 +6923,22 @@ get_job_attrs(cupsd_client_t *con, /* I
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
@ -1411,7 +1414,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/*
* Copy attributes...
*/
@@ -6836,6 +7311,11 @@ get_jobs(cupsd_client_t *con, /* I - C
@@ -6864,6 +7336,11 @@ get_jobs(cupsd_client_t *con, /* I - C
if (username[0] && _cups_strcasecmp(username, job->username))
continue;
@ -1423,7 +1426,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if (count > 0)
ippAddSeparator(con->response);
@@ -11445,6 +11925,11 @@ validate_user(cupsd_job_t *job, /* I
@@ -11495,6 +11972,11 @@ validate_user(cupsd_job_t *job, /* I
strlcpy(username, get_username(con), userlen);
@ -1435,20 +1438,10 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/*
* Check the username against the owner...
*/
diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
--- cups-2.3.0/scheduler/job.c.lspp 2019-10-07 12:24:43.024597707 +0200
+++ cups-2.3.0/scheduler/job.c 2019-10-07 12:30:13.092210820 +0200
@@ -8,6 +8,9 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -23,6 +26,14 @@
diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
--- cups-2.2.6/scheduler/job.c.lspp 2024-08-15 14:55:07.278819298 +0200
+++ cups-2.2.6/scheduler/job.c 2024-08-15 14:55:07.316818790 +0200
@@ -26,6 +26,12 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */
@ -1457,13 +1450,11 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Design Notes for Job Management
@@ -544,6 +555,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
@@ -547,6 +553,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
/* PRINTER_STATE_REASONS env var */
rip_max_cache[255];
/* RIP_MAX_CACHE env variable */
@ -1478,7 +1469,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1080,6 +1099,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
@@ -1083,6 +1097,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
if (final_content_type[0])
envp[envc ++] = final_content_type;
@ -1497,7 +1488,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
+ cupsdClearString(&audit_message);
+ }
+ }
+ else
+ else
+ {
+ jobcon = context_new(job->scon);
+
@ -1546,7 +1537,19 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
if (Classification && !banner_page)
{
if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1858,6 +1938,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
@@ -1464,6 +1539,11 @@ cupsdDeleteJob(cupsd_job_t *job, /
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
ippSetString(job->attrs, &job->reasons, 0, "none");
}
@ -1569,7 +1572,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER);
job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER);
job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
@@ -2273,6 +2369,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
@@ -2321,6 +2417,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
{
char filename[1024]; /* Job control filename */
cups_file_t *fp; /* Job file */
@ -1584,7 +1587,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
@@ -2295,6 +2399,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
@@ -2343,6 +2447,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
fchown(cupsFileNumber(fp), RunUser, Group);
@ -1663,7 +1666,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
job->attrs->state = IPP_IDLE;
if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
@@ -3995,6 +4171,19 @@ get_options(cupsd_job_t *job, /* I - Jo
@@ -3989,6 +4165,19 @@ get_options(cupsd_job_t *job, /* I - Jo
banner_page)
continue;
@ -1683,7 +1686,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
/*
* Otherwise add them to the list...
*/
@@ -4805,6 +4994,18 @@ start_job(cupsd_job_t *job, /* I -
@@ -4750,6 +4939,18 @@ start_job(cupsd_job_t *job, /* I -
cupsd_printer_t *printer) /* I - Printer to print job */
{
const char *filename; /* Support filename */
@ -1702,7 +1705,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs,
"job-cancel-after",
IPP_TAG_INTEGER);
@@ -4993,6 +5194,113 @@ start_job(cupsd_job_t *job, /* I -
@@ -4926,6 +5127,113 @@ start_job(cupsd_job_t *job, /* I -
fcntl(job->side_pipes[1], F_SETFD,
fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
@ -1733,18 +1736,18 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else
+ {
@ -1816,16 +1819,13 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
/*
* Now start the first file in the job...
*/
diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
--- cups-2.3.0/scheduler/job.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/job.h 2019-10-07 12:29:54.364371023 +0200
@@ -7,6 +7,13 @@
* Licensed under Apache License v2.0. See the file "LICENSE" for more information.
diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
--- cups-2.2.6/scheduler/job.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/job.h 2024-08-15 14:55:07.316818790 +0200
@@ -11,6 +11,10 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
+#ifdef WITH_LSPP
+#include <selinux/selinux.h>
+#endif /* WITH_LSPP */
@ -1833,7 +1833,7 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
/*
* Constants...
*/
@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request *
@@ -88,6 +92,10 @@ struct cupsd_job_s /**** Job request *
int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */
@ -1844,10 +1844,10 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
};
typedef struct cupsd_joblog_s /**** Job log message ****/
diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
--- cups-2.3.0/scheduler/main.c.lspp 2019-10-07 12:24:43.037597616 +0200
+++ cups-2.3.0/scheduler/main.c 2019-10-07 12:24:43.119597037 +0200
@@ -57,6 +57,9 @@
diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
--- cups-2.2.6/scheduler/main.c.lspp 2024-08-15 14:55:07.299819017 +0200
+++ cups-2.2.6/scheduler/main.c 2024-08-15 14:55:07.316818790 +0200
@@ -56,6 +56,9 @@
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
@ -1857,7 +1857,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
/*
* Local functions...
@@ -123,6 +126,9 @@ main(int argc, /* I - Number of comm
@@ -122,6 +125,9 @@ main(int argc, /* I - Number of comm
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
@ -1867,7 +1867,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
#ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */
#else
@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm
@@ -508,6 +514,25 @@ main(int argc, /* I - Number of comm
exit(errno);
}
@ -1893,7 +1893,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
/*
* Let the system know we are busy while we bring up cupsd...
*/
@@ -1201,6 +1226,11 @@ main(int argc, /* I - Number of comm
@@ -1219,6 +1244,11 @@ main(int argc, /* I - Number of comm
cupsdStopSelect();
@ -1905,19 +1905,10 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
return (!stop_scheduler);
}
diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
--- cups-2.3.0/scheduler/printers.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/printers.c 2019-10-07 12:29:17.956658129 +0200
@@ -8,6 +8,8 @@
* information.
*/
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -32,6 +34,10 @@
diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
--- cups-2.2.6/scheduler/printers.c.lspp 2024-08-15 14:55:07.253819632 +0200
+++ cups-2.2.6/scheduler/printers.c 2024-08-15 14:55:07.317818776 +0200
@@ -35,6 +35,10 @@
# include <asl.h>
#endif /* __APPLE__ */
@ -1928,7 +1919,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
/*
* Local functions...
@@ -2252,6 +2258,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
@@ -2212,6 +2216,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */
*filter; /* Current filter */
@ -1941,8 +1932,8 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
+#endif /* WITH_LSPP */
/*
@@ -2378,6 +2391,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
@@ -2339,6 +2350,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]);
}

File diff suppressed because it is too large Load Diff

@ -1,14 +1,16 @@
diff -up cups-2.3.0/cups-config.in.multilib cups-2.3.0/cups-config.in
--- cups-2.3.0/cups-config.in.multilib 2019-10-07 12:10:09.508859587 +0200
+++ cups-2.3.0/cups-config.in 2019-10-07 12:11:56.614025934 +0200
@@ -17,7 +17,9 @@ prefix=@prefix@
diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in
--- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200
+++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200
@@ -22,8 +22,10 @@ prefix=@prefix@
exec_prefix=@exec_prefix@
bindir=@bindir@
includedir=@includedir@
-libdir=@libdir@
-imagelibdir=@libdir@
+# Fetch libdir from gnutls's pkg-config script. This is a bit
+# of a cheat, but the cups-devel package requires gnutls-devel anyway.
+libdir=`pkg-config --variable=libdir gnutls`
+imagelibdir=`pkg-config --variable=libdir gnutls`
datarootdir=@datadir@
datadir=@datadir@
sysconfdir=@sysconfdir@

@ -0,0 +1,18 @@
diff -up cups-2.2.4/config-scripts/cups-manpages.m4.no-gzip-man cups-2.2.4/config-scripts/cups-manpages.m4
--- cups-2.2.4/config-scripts/cups-manpages.m4.no-gzip-man 2017-06-30 20:37:09.470034273 +0200
+++ cups-2.2.4/config-scripts/cups-manpages.m4 2017-06-30 20:39:15.982884832 +0200
@@ -53,10 +53,10 @@ case "$host_os_name" in
;;
linux* | gnu* | darwin*)
# Linux, GNU Hurd, and macOS
- MAN1EXT=1.gz
- MAN5EXT=5.gz
- MAN7EXT=7.gz
- MAN8EXT=8.gz
+ MAN1EXT=1
+ MAN5EXT=5
+ MAN7EXT=7
+ MAN8EXT=8
MAN8DIR=8
;;
*)

@ -1,13 +0,0 @@
diff --git a/scheduler/cups.service.in b/scheduler/cups.service.in
index a3fa0e8..baff51b 100644
--- a/scheduler/cups.service.in
+++ b/scheduler/cups.service.in
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=network.target sssd.service ypbind.service nslcd.service
+After=network.target nss-user-lookup.target nslcd.service
Requires=cups.socket
[Service]

@ -0,0 +1,11 @@
diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c
--- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200
+++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200
@@ -52,6 +52,7 @@
* Include necessary headers...
*/
+#define _GNU_SOURCE
#include "cupsd.h"
#include <grp.h>
#ifdef HAVE_SHADOW_H

@ -0,0 +1,37 @@
diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c
--- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200
+++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200
@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm
* Setup signal handlers for the parent...
*/
+ pid_t pid;
+
#ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */
sigset(SIGUSR1, parent_handler);
sigset(SIGCHLD, parent_handler);
@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm
signal(SIGHUP, SIG_IGN);
#endif /* HAVE_SIGSET */
- if (fork() > 0)
+ if ((pid = fork()) > 0)
{
/*
* OK, wait for the child to startup and send us SIGUSR1 or to crash
@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm
sleep(1);
if (parent_signal == SIGUSR1)
+ {
+ FILE *f = fopen ("/var/run/cupsd.pid", "w");
+ if (f)
+ {
+ fprintf (f, "%d\n", pid);
+ fclose (f);
+ }
return (0);
+ }
if (wait(&i) < 0)
{

@ -0,0 +1,42 @@
diff --git a/cups/ppd.c b/cups/ppd.c
index ff52df2e..199cf034 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1719,8 +1719,7 @@ _ppdOpen(
constraint->choice1, constraint->option2,
constraint->choice2))
{
- case 0 : /* Error */
- case 1 : /* Error */
+ default : /* Error */
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
goto error;
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index c25d4966..236c00db 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
{
- case 0 :
- _cupsLangPrintf(stderr,
- _("ppdc: Bad resolution name \"%s\" on line %d of "
- "%s."), name, fp->line, fp->filename);
- break;
case 1 :
ydpi = xdpi;
break;
- }
+ case 2 :
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
+ "%s."), name, fp->line, fp->filename);
+ break;
+}
// Create the necessary PS commands...
snprintf(command, sizeof(command),

@ -0,0 +1,13 @@
diff --git a/filter/rastertoepson.c b/filter/rastertoepson.c
index 4efe669..e8fe0c6 100644
--- a/filter/rastertoepson.c
+++ b/filter/rastertoepson.c
@@ -307,7 +307,7 @@ StartPage(
if (DotBytes)
{
- if ((LineBuffers[0] = calloc((size_t)DotBytes, header->cupsWidth * (size_t)(Shingling + 1))) == NULL)
+ if ((LineBuffers[0] = calloc((size_t)DotBytes, (header->cupsWidth + 7) * (size_t)(Shingling + 1))) == NULL)
{
fputs("ERROR: Unable to allocate memory\n", stderr);
exit(1);

@ -0,0 +1,12 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index c02412fb0..18b5e0386 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -2,6 +2,7 @@
Description=CUPS Scheduler
Documentation=man:cupsd(8)
After=network.target nss-user-lookup.target
+Requires=cups.socket
[Service]
ExecStart=@sbindir@/cupsd -l

@ -0,0 +1,26 @@
diff -up cups-1.7b1/cups/http-addr.c.res_init cups-1.7b1/cups/http-addr.c
--- cups-1.7b1/cups/http-addr.c.res_init 2013-03-20 19:14:10.000000000 +0100
+++ cups-1.7b1/cups/http-addr.c 2013-04-19 12:01:36.927512159 +0200
@@ -319,7 +319,8 @@ httpAddrLookup(
if (error)
{
- if (error == EAI_FAIL)
+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA ||
+ error == EAI_NONAME)
cg->need_res_init = 1;
return (httpAddrString(addr, name, namelen));
diff -up cups-1.7b1/cups/http-addrlist.c.res_init cups-1.7b1/cups/http-addrlist.c
--- cups-1.7b1/cups/http-addrlist.c.res_init 2013-04-19 12:01:36.930512119 +0200
+++ cups-1.7b1/cups/http-addrlist.c 2013-04-19 12:03:13.769229554 +0200
@@ -581,7 +581,8 @@ httpAddrGetList(const char *hostname, /*
}
else
{
- if (error == EAI_FAIL)
+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA ||
+ error == EAI_NONAME)
cg->need_res_init = 1;
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gai_strerror(error), 0);

@ -0,0 +1,52 @@
diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 9082348..8ab1ce8 100644
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -90,7 +90,7 @@ The default value is "30".
<dd style="margin-left: 5.0em">Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
<dt><b>ErrorPolicy retry-job</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
-<dt><b>ErrorPolicy retry-this-job</b>
+<dt><b>ErrorPolicy retry-current-job</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
<dt><b>ErrorPolicy stop-printer</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
index 53a028d..ba12b07 100644
--- a/man/cupsd.conf.man.in
+++ b/man/cupsd.conf.man.in
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR
diff --git a/man/cupsd.conf.man.in.privilege-escalation b/man/cupsd.conf.man.in.privilege-escalation
index ab89e15..130ea8a 100644
--- a/man/cupsd.conf.man.in.privilege-escalation
+++ b/man/cupsd.conf.man.in.privilege-escalation
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR
diff --git a/man/cupsd.conf.man.in.remove-weak-ciphers b/man/cupsd.conf.man.in.remove-weak-ciphers
index 5516780..35065ca 100644
--- a/man/cupsd.conf.man.in.remove-weak-ciphers
+++ b/man/cupsd.conf.man.in.remove-weak-ciphers
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR

@ -0,0 +1,21 @@
diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c
--- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200
+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200
@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = {
static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 };
static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 };
static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 };
+static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 };
static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 };
static cups_array_t *DeviceURIs = NULL;
static int HostNameLookups = 0;
@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP
packet.community, CUPS_ASN1_GET_REQUEST,
DEVICE_ID, LexmarkDeviceIdOID);
_cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
+ packet.community, CUPS_ASN1_GET_REQUEST,
+ DEVICE_ID, RicohDeviceIdOID);
+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
packet.community, CUPS_ASN1_GET_REQUEST,
DEVICE_PRODUCT, XeroxProductOID);
_cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,

@ -0,0 +1,193 @@
diff -up cups-2.2rc1/scheduler/conf.c.serverbin-compat cups-2.2rc1/scheduler/conf.c
--- cups-2.2rc1/scheduler/conf.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200
+++ cups-2.2rc1/scheduler/conf.c 2016-08-09 09:58:21.324033645 +0200
@@ -609,6 +609,9 @@ cupsdReadConfiguration(void)
cupsdClearString(&ServerName);
cupsdClearString(&ServerAdmin);
cupsdSetString(&ServerBin, CUPS_SERVERBIN);
+#ifdef __x86_64__
+ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups");
+#endif /* __x86_64__ */
cupsdSetString(&RequestRoot, CUPS_REQUESTS);
cupsdSetString(&CacheDir, CUPS_CACHEDIR);
cupsdSetString(&DataDir, CUPS_DATADIR);
@@ -1604,7 +1607,12 @@ cupsdReadConfiguration(void)
* Read the MIME type and conversion database...
*/
+#ifdef __x86_64__
+ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin,
+ ServerBin_compat);
+#else
snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
+#endif
snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
MimeDatabase = mimeNew();
diff -up cups-2.2rc1/scheduler/conf.h.serverbin-compat cups-2.2rc1/scheduler/conf.h
--- cups-2.2rc1/scheduler/conf.h.serverbin-compat 2016-08-08 20:06:00.000000000 +0200
+++ cups-2.2rc1/scheduler/conf.h 2016-08-09 09:58:21.325033636 +0200
@@ -106,6 +106,10 @@ VAR char *ConfigurationFile VALUE(NULL)
/* Root directory for scheduler */
*ServerBin VALUE(NULL),
/* Root directory for binaries */
+#ifdef __x86_64__
+ *ServerBin_compat VALUE(NULL),
+ /* Compat directory for binaries */
+#endif /* __x86_64__ */
*StateDir VALUE(NULL),
/* Root directory for state data */
*RequestRoot VALUE(NULL),
diff -up cups-2.2rc1/scheduler/env.c.serverbin-compat cups-2.2rc1/scheduler/env.c
--- cups-2.2rc1/scheduler/env.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200
+++ cups-2.2rc1/scheduler/env.c 2016-08-09 09:58:21.325033636 +0200
@@ -212,8 +212,13 @@ cupsdUpdateEnv(void)
set_if_undefined("LD_PRELOAD", NULL);
set_if_undefined("NLSPATH", NULL);
if (find_env("PATH") < 0)
+#ifdef __x86_64__
+ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR
+ ":/bin:/usr/bin", ServerBin, ServerBin_compat);
+#else /* ! defined(__x86_64__) */
cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR
":/bin:/usr/bin", ServerBin);
+#endif
set_if_undefined("SERVER_ADMIN", ServerAdmin);
set_if_undefined("SHLIB_PATH", NULL);
set_if_undefined("SOFTWARE", CUPS_MINIMAL);
diff -up cups-2.2rc1/scheduler/ipp.c.serverbin-compat cups-2.2rc1/scheduler/ipp.c
--- cups-2.2rc1/scheduler/ipp.c.serverbin-compat 2016-08-09 09:58:21.326033626 +0200
+++ cups-2.2rc1/scheduler/ipp.c 2016-08-09 10:10:16.266127629 +0200
@@ -2419,12 +2419,21 @@ add_printer(cupsd_client_t *con, /* I -
* Could not find device in list!
*/
+#ifdef __x86_64__
+ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat,
+ scheme);
+ if (access(srcfile, X_OK))
+ {
+#endif /* __x86_64__ */
send_ipp_status(con, IPP_NOT_POSSIBLE,
_("Bad device-uri scheme \"%s\"."), scheme);
if (!modify)
cupsdDeletePrinter(printer, 0);
return;
+#ifdef __x86_64__
+ }
+#endif /* __x86_64__ */
}
}
diff -up cups-2.2rc1/scheduler/job.c.serverbin-compat cups-2.2rc1/scheduler/job.c
--- cups-2.2rc1/scheduler/job.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200
+++ cups-2.2rc1/scheduler/job.c 2016-08-09 09:58:21.327033616 +0200
@@ -1126,8 +1126,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I
i ++, filter = (mime_filter_t *)cupsArrayNext(filters))
{
if (filter->filter[0] != '/')
- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
- filter->filter);
+ {
+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
+ filter->filter);
+#ifdef __x86_64__
+ if (access(command, F_OK))
+ {
+ snprintf(command, sizeof(command), "%s/filter/%s",
+ ServerBin_compat, filter->filter);
+ if (!access(command, F_OK))
+ {
+ /* Not in the correct directory, but found it in the compat
+ * directory. Issue a warning. */
+ cupsdLogMessage(CUPSD_LOG_INFO,
+ "Filter '%s' not in %s/filter!",
+ filter->filter, ServerBin);
+ }
+ else
+ {
+ /* Not in the compat directory either; make any error
+ * messages use the correct directory name then. */
+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
+ filter->filter);
+ }
+ }
+#endif /* __x86_64__ */
+ }
else
strlcpy(command, filter->filter, sizeof(command));
@@ -1283,6 +1307,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I
{
cupsdClosePipe(job->back_pipes);
cupsdClosePipe(job->side_pipes);
+#ifdef __x86_64__
+ if (access(command, F_OK))
+ {
+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat,
+ scheme);
+ if (!access(command, F_OK))
+ {
+ /* Not in the correct directory, but we found it in the compat
+ * directory. Issue a warning. */
+ cupsdLogMessage(CUPSD_LOG_INFO,
+ "Backend '%s' not in %s/backend!", scheme,
+ ServerBin);
+ }
+ else
+ {
+ /* Not in the compat directory either; make any error
+ messages use the correct directory name then. */
+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin,
+ scheme);
+ }
+ }
+#endif /* __x86_64__ */
close(job->status_pipes[1]);
job->status_pipes[1] = -1;
diff -up cups-2.2rc1/scheduler/printers.c.serverbin-compat cups-2.2rc1/scheduler/printers.c
--- cups-2.2rc1/scheduler/printers.c.serverbin-compat 2016-08-08 20:06:00.000000000 +0200
+++ cups-2.2rc1/scheduler/printers.c 2016-08-09 09:58:21.327033616 +0200
@@ -967,9 +967,19 @@ cupsdLoadAllPrinters(void)
* Backend does not exist, stop printer...
*/
+#ifdef __x86_64__
+ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat,
+ p->device_uri);
+ if (access(line, 0))
+ {
+#endif /* __x86_64__ */
+
p->state = IPP_PRINTER_STOPPED;
snprintf(p->state_message, sizeof(p->state_message),
"Backend %s does not exist!", line);
+#ifdef __x86_64__
+ }
+#endif /* __x86_64__ */
}
}
@@ -3481,8 +3491,20 @@ add_printer_filter(
else
snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, program);
+#ifdef __x86_64__
+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) {
+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat,
+ program);
+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING)
+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin,
+ program);
+ }
+#else /* ! defined(__x86_64__) */
_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
cupsdLogFCMessage, p);
+#endif
}
/*

@ -1,7 +1,7 @@
diff --git a/scheduler/cups.socket.in b/scheduler/cups.socket.in
diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
index 613b977a6..1deee826a 100644
--- a/scheduler/cups.socket.in
+++ b/scheduler/cups.socket.in
--- a/scheduler/org.cups.cupsd.socket.in
+++ b/scheduler/org.cups.cupsd.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
[Socket]

@ -0,0 +1,13 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index 11e0662..6fb7a32 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=network.target ypbind.service
+After=network.target nss-user-lookup.target
[Service]
ExecStart=@sbindir@/cupsd -l

@ -0,0 +1,62 @@
diff -up cups-2.0rc1/cups/tempfile.c.str3382 cups-2.0rc1/cups/tempfile.c
--- cups-2.0rc1/cups/tempfile.c.str3382 2014-07-31 02:58:00.000000000 +0200
+++ cups-2.0rc1/cups/tempfile.c 2014-09-12 14:06:42.560887827 +0200
@@ -27,6 +27,7 @@
# include <io.h>
#else
# include <unistd.h>
+# include <sys/types.h>
#endif /* WIN32 || __EMX__ */
@@ -48,7 +49,7 @@ cupsTempFd(char *filename, /* I - Point
char tmppath[1024]; /* Windows temporary directory */
DWORD curtime; /* Current time */
#else
- struct timeval curtime; /* Current time */
+ mode_t old_umask; /* Old umask before using mkstemp() */
#endif /* WIN32 */
@@ -98,32 +99,24 @@ cupsTempFd(char *filename, /* I - Point
*/
snprintf(filename, (size_t)len - 1, "%s/%05lx%08lx", tmpdir, GetCurrentProcessId(), curtime);
-#else
- /*
- * Get the current time of day...
- */
-
- gettimeofday(&curtime, NULL);
-
- /*
- * Format a string using the hex time values...
- */
-
- snprintf(filename, (size_t)len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), (unsigned)(curtime.tv_sec + curtime.tv_usec + tries));
-#endif /* WIN32 */
/*
* Open the file in "exclusive" mode, making sure that we don't
* stomp on an existing file or someone's symlink crack...
*/
-#ifdef WIN32
fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
_S_IREAD | _S_IWRITE);
-#elif defined(O_NOFOLLOW)
- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
#else
- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
+ /*
+ * Use the standard mkstemp() call to make a temporary filename
+ * securely. -- andrew.wood@jdplc.com
+ */
+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);
+
+ old_umask = umask(0077);
+ fd = mkstemp(filename);
+ umask(old_umask);
#endif /* WIN32 */
if (fd < 0 && errno != EEXIST)

@ -0,0 +1,30 @@
diff -up cups-2.0rc1/cups/ppd.c.strict-ppd-line-length cups-2.0rc1/cups/ppd.c
--- cups-2.0rc1/cups/ppd.c.strict-ppd-line-length 2014-02-06 19:33:34.000000000 +0100
+++ cups-2.0rc1/cups/ppd.c 2014-09-12 18:07:44.227773710 +0200
@@ -2872,7 +2872,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
*lineptr++ = (char)ch;
col ++;
- if (col > (PPD_MAX_LINE - 1))
+ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT)
{
/*
* Line is too long...
@@ -2933,7 +2933,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
{
col ++;
- if (col > (PPD_MAX_LINE - 1))
+ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT)
{
/*
* Line is too long...
@@ -2992,7 +2992,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
{
col ++;
- if (col > (PPD_MAX_LINE - 1))
+ if (col > (PPD_MAX_LINE - 1) && pg->ppd_conform == PPD_CONFORM_STRICT)
{
/*
* Line is too long...

@ -0,0 +1,141 @@
diff -up cups-2.2.7/scheduler/ipp.c.substitute-bad-attrs cups-2.2.7/scheduler/ipp.c
--- cups-2.2.7/scheduler/ipp.c.substitute-bad-attrs 2018-04-03 15:55:45.974344993 +0200
+++ cups-2.2.7/scheduler/ipp.c 2018-04-03 16:15:06.723859881 +0200
@@ -164,6 +164,7 @@ cupsdProcessIPPRequest(
ipp_attribute_t *uri = NULL; /* Printer or job URI attribute */
ipp_attribute_t *username; /* requesting-user-name attr */
int sub_id; /* Subscription ID */
+ int valid = 1; /* Valid request? */
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdProcessIPPRequest(%p[%d]): operation_id=%04x(%s)", con, con->number, con->request->request.op.operation_id, ippOpString(con->request->request.op.operation_id));
@@ -423,20 +424,55 @@ cupsdProcessIPPRequest(
else
{
/*
- * OK, all the checks pass so far; make sure requesting-user-name is
- * not "root" from a remote host...
+ * OK, all the checks pass so far; validate "requesting-user-name"
+ * attribute value...
*/
- if ((username = ippFindAttribute(con->request, "requesting-user-name",
- IPP_TAG_NAME)) != NULL)
- {
- /*
- * Check for root user...
- */
-
- if (!strcmp(username->values[0].string.text, "root") &&
- _cups_strcasecmp(con->http->hostname, "localhost") &&
- strcmp(con->username, "root"))
+ if ((username = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_ZERO)) != NULL)
+ {
+ /*
+ * Validate "requesting-user-name"...
+ */
+
+ if (username->group_tag != IPP_TAG_OPERATION && StrictConformance)
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute in wrong group.", IPP_STATUS_ERROR_BAD_REQUEST, con->http->hostname);
+ send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("\"requesting-user-name\" attribute in wrong group."));
+ valid = 0;
+ }
+ else if (username->value_tag != IPP_TAG_NAME && username->value_tag != IPP_TAG_NAMELANG)
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with wrong syntax.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+ valid = 0;
+ }
+ else if (!ippValidateAttribute(username))
+ {
+ cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with bad value.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
+
+ if (StrictConformance)
+ {
+ /*
+ * Throw an error...
+ */
+
+ send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
+ if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
+ attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+ valid = 0;
+ }
+ else
+ {
+ /*
+ * Map bad "requesting-user-name" to 'anonymous'...
+ */
+
+ ippSetString(con->request, &username, 0, "anonymous");
+ }
+ }
+ else if (!strcmp(username->values[0].string.text, "root") && _cups_strcasecmp(con->http->hostname, "localhost") && strcmp(con->username, "root"))
{
/*
* Remote unauthenticated user masquerading as local root...
@@ -452,6 +488,8 @@ cupsdProcessIPPRequest(
else
sub_id = 0;
+ if (valid)
+ {
/*
* Then try processing the operation...
*/
@@ -655,6 +693,7 @@ cupsdProcessIPPRequest(
ippOpString(
con->request->request.op.operation_id));
break;
+ }
}
}
}
@@ -1615,27 +1654,34 @@ add_job(cupsd_client_t *con, /* I - Cl
_("Bad job-name value: Wrong type or count."));
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
- return (NULL);
+
+ if (StrictConformance)
+ return (NULL);
+
+ /* Don't use invalid attribute */
+ ippDeleteAttribute(con->request, attr);
+
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
}
else if (!ippValidateAttribute(attr))
{
send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"),
cupsLastErrorString());
+
if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
- return (NULL);
- }
- attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+ if (StrictConformance)
+ return (NULL);
- if (attr && !ippValidateAttribute(attr))
- {
- send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
- if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
- attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
- return (NULL);
+ /* Don't use invalid attribute */
+ ippDeleteAttribute(con->request, attr);
+
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
}
+ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+
#ifdef WITH_LSPP
if (is_lspp_config())
{

@ -0,0 +1,48 @@
diff -up cups-2.0.2/conf/cups-files.conf.in.LGOyhq cups-2.0.2/conf/cups-files.conf.in
--- cups-2.0.2/conf/cups-files.conf.in.LGOyhq 2015-02-10 13:51:24.912193296 +0100
+++ cups-2.0.2/conf/cups-files.conf.in 2015-02-10 13:52:49.400997262 +0100
@@ -7,7 +7,7 @@
#FatalErrors @CUPS_FATAL_ERRORS@
# Do we call fsync() after writing configuration or status files?
-#SyncOnClose No
+#SyncOnClose Yes
# Default user and group for filters/backends/helper programs; this cannot be
# any user or group that resolves to ID 0 for security reasons...
diff -up cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq cups-2.0.2/doc/help/man-cups-files.conf.html
--- cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq 2015-02-10 13:52:49.400997262 +0100
+++ cups-2.0.2/doc/help/man-cups-files.conf.html 2015-02-10 13:53:07.057747311 +0100
@@ -136,7 +136,7 @@ The default is "/etc/cups".
<dd style="margin-left: 5.0em">Specifies whether the scheduler calls
<b>fsync</b>(2)
after writing configuration or state files.
-The default is "No".
+The default is "Yes".
<dt><a name="SystemGroup"></a><b>SystemGroup </b><i>group-name </i>[ ... <i>group-name</i> ]
<dd style="margin-left: 5.0em">Specifies the group(s) to use for <i>@SYSTEM</i> group authentication.
The default contains "admin", "lpadmin", "root", "sys", and/or "system".
diff -up cups-2.0.2/man/cups-files.conf.man.in.LGOyhq cups-2.0.2/man/cups-files.conf.man.in
--- cups-2.0.2/man/cups-files.conf.man.in.LGOyhq 2015-02-10 13:52:49.400997262 +0100
+++ cups-2.0.2/man/cups-files.conf.man.in 2015-02-10 13:53:23.753510964 +0100
@@ -201,7 +201,7 @@ The default is "/etc/cups".
Specifies whether the scheduler calls
.BR fsync (2)
after writing configuration or state files.
-The default is "No".
+The default is "Yes".
.\"#SystemGroup
.TP 5
\fBSystemGroup \fIgroup-name \fR[ ... \fIgroup-name\fR ]
diff -up cups-2.0.2/scheduler/conf.c.LGOyhq cups-2.0.2/scheduler/conf.c
--- cups-2.0.2/scheduler/conf.c.LGOyhq 2015-02-10 13:51:24.991192177 +0100
+++ cups-2.0.2/scheduler/conf.c 2015-02-10 13:52:49.401997248 +0100
@@ -717,7 +717,7 @@ cupsdReadConfiguration(void)
RootCertDuration = 300;
Sandboxing = CUPSD_SANDBOXING_STRICT;
StrictConformance = FALSE;
- SyncOnClose = FALSE;
+ SyncOnClose = TRUE;
Timeout = DEFAULT_TIMEOUT;
WebInterface = CUPS_DEFAULT_WEBIF;

@ -0,0 +1,73 @@
diff -up cups-2.2.5/scheduler/main.c.systemd-socket cups-2.2.5/scheduler/main.c
--- cups-2.2.5/scheduler/main.c.systemd-socket 2017-10-17 18:59:53.732431498 +0200
+++ cups-2.2.5/scheduler/main.c 2017-10-17 19:02:13.132275861 +0200
@@ -691,8 +691,16 @@ main(int argc, /* I - Number of comm
#ifdef HAVE_ONDEMAND
if (OnDemand)
+ {
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
- else
+# ifdef HAVE_SYSTEMD
+ sd_notifyf(0, "READY=1\n"
+ "STATUS=Scheduler is running...\n"
+ "MAINPID=%lu",
+ (unsigned long) getpid());
+# endif /* HAVE_SYSTEMD */
+ } else
+
#endif /* HAVE_ONDEMAND */
if (fg)
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground.");
diff -up cups-2.2.5/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.5/scheduler/org.cups.cupsd.path.in
--- cups-2.2.5/scheduler/org.cups.cupsd.path.in.systemd-socket 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/org.cups.cupsd.path.in 2017-10-17 18:59:53.732431498 +0200
@@ -1,6 +1,6 @@
[Unit]
Description=CUPS Scheduler
-PartOf=org.cups.cupsd.service
+PartOf=cups.service
[Path]
PathExists=@CUPS_CACHEDIR@/org.cups.cupsd
diff -up cups-2.2.5/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.5/scheduler/org.cups.cupsd.service.in
--- cups-2.2.5/scheduler/org.cups.cupsd.service.in.systemd-socket 2017-10-13 20:22:26.000000000 +0200
+++ cups-2.2.5/scheduler/org.cups.cupsd.service.in 2017-10-17 18:59:53.732431498 +0200
@@ -1,11 +1,13 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
+After=network.target
[Service]
ExecStart=@sbindir@/cupsd -l
-Type=simple
+Type=notify
+Restart=on-failure
[Install]
-Also=org.cups.cupsd.socket org.cups.cupsd.path
+Also=cups.socket cups.path
WantedBy=printer.target
diff -up cups-2.2.6/scheduler/org.cups.cupsd.socket.in.systemd-socket cups-2.2.6/scheduler/org.cups.cupsd.socket.in
--- cups-2.2.6/scheduler/org.cups.cupsd.socket.in.systemd-socket 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/org.cups.cupsd.socket.in 2018-09-19 12:38:00.630843246 +0200
@@ -1,6 +1,6 @@
[Unit]
Description=CUPS Scheduler
-PartOf=org.cups.cupsd.service
+PartOf=cups.service
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
diff -up cups-2.2.6/scheduler/org.cups.cups-lpd.socket.systemd-socket cups-2.2.6/scheduler/org.cups.cups-lpd.socket
--- cups-2.2.6/scheduler/org.cups.cups-lpd.socket.systemd-socket 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/scheduler/org.cups.cups-lpd.socket 2018-09-19 12:38:00.630843246 +0200
@@ -1,6 +1,6 @@
[Unit]
Description=CUPS LPD Server Socket
-PartOf=org.cups.cups-lpd.service
+PartOf=cups-lpd.service
[Socket]
ListenStream=515

@ -0,0 +1,12 @@
diff -up cups-1.6.3/cups/usersys.c.use-ipp1.1 cups-1.6.3/cups/usersys.c
--- cups-1.6.3/cups/usersys.c.use-ipp1.1 2013-07-12 11:41:45.368837618 +0200
+++ cups-1.6.3/cups/usersys.c 2013-07-12 11:41:45.391837299 +0200
@@ -366,7 +366,7 @@ cupsSetServer(const char *server) /* I -
cg->server_version = 22;
}
else
- cg->server_version = 20;
+ cg->server_version = 11;
if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
!strchr(port, ']') && isdigit(port[1] & 255))

@ -1,7 +1,8 @@
diff -up cups-2.3.3op2/backend/ipp.c.validate-retry cups-2.3.3op2/backend/ipp.c
--- cups-2.3.3op2/backend/ipp.c.validate-retry 2021-03-11 12:55:46.461135739 +0100
+++ cups-2.3.3op2/backend/ipp.c 2021-03-11 13:29:09.312859343 +0100
@@ -256,6 +256,7 @@ main(int argc, /* I - Number of comm
diff --git a/backend/ipp.c b/backend/ipp.c
index 0a70a87..f8bf7e1 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -327,6 +327,7 @@ main(int argc, /* I - Number of command-line args */
get_job_attrs = 0, /* Does printer support Get-Job-Attributes? */
send_document = 0, /* Does printer support Send-Document? */
validate_job = 0, /* Does printer support Validate-Job? */
@ -9,16 +10,16 @@ diff -up cups-2.3.3op2/backend/ipp.c.validate-retry cups-2.3.3op2/backend/ipp.c
copies, /* Number of copies for job */
copies_remaining; /* Number of copies remaining */
const char *content_type, /* CONTENT_TYPE environment variable */
@@ -1559,7 +1560,15 @@ main(int argc, /* I - Number of comm
ipp_status == IPP_STATUS_ERROR_BAD_REQUEST)
@@ -1597,7 +1598,15 @@ main(int argc, /* I - Number of command-line args */
ipp_status == IPP_BAD_REQUEST)
break;
else if (job_auth == NULL && ipp_status > IPP_STATUS_ERROR_BAD_REQUEST)
else if (job_auth == NULL && ipp_status > IPP_BAD_REQUEST)
+ {
+ if (!validation_retried)
+ {
+ validation_retried = 1;
+ sleep(10);
+ continue;
+ validation_retried = 1;
+ sleep(10);
+ continue;
+ }
goto cleanup;
+ }

@ -0,0 +1,12 @@
diff -up cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind cups-2.2.0/scheduler/org.cups.cupsd.service.in
--- cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind 2017-09-22 16:51:39.053585694 +0200
+++ cups-2.2.0/scheduler/org.cups.cupsd.service.in 2017-09-22 16:52:02.588403584 +0200
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=network.target
+After=network.target ypbind.service
[Service]
ExecStart=@sbindir@/cupsd -l

@ -0,0 +1,5 @@
/var/log/cups/*_log {
missingok
notifempty
sharedscripts
}

@ -0,0 +1,51 @@
#!/bin/sh
# This is a modified version of 'ncpprint'. It can now be used as a CUPS
# backend.
# Modifications:
# Copyright (C) 2002 Red Hat, inc
# Copyright (C) 2002 Tim Waugh
# Before modification: shipped as /usr/share/printconf/util/ncpprint
if [ -z "$*" ]
then
# This is where we would enumerate all the URIs we support.
# Patches welcome.
exit 0
fi
FILE=$6
if [ -z "$FILE" ]
then
FILE=-
fi
# $DEVICE_URI is 'ncp://[user:password@]server/queue'
URI=${DEVICE_URI#*://}
queue=${URI#*/}
URI=${URI%/$queue}
server=${URI#*@}
URI=${URI%$server}
URI=${URI%@}
if [ -n "$URI" ]
then
user=${URI%:*}
URI=${URI#$user}
password=${URI#:}
fi
#echo user: ${user-(none)}
#echo password: ${password-(none)}
#echo server: $server
#echo queue: $queue
if [ -n "$user" ]
then
if [ -n "$password" ]
then
/usr/bin/nprint -S "$server" -q "$queue" -U "$user" -P "$password" -N "$FILE" 2>/dev/null
else
/usr/bin/nprint -S "$server" -q "$queue" -U "$user" -n -N "$FILE" 2>/dev/null
fi
else
/usr/bin/nprint -S "$server" -q "$queue" -N "$FILE" 2>/dev/null
fi

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save