Compare commits

...

No commits in common. 'c9' and 'i9-beta' have entirely different histories.
c9 ... i9-beta

@ -1,86 +0,0 @@
diff --git a/cups/http-addr.c b/cups/http-addr.c
index 86749c848..5b035e02b 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -196,31 +196,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
{
mode_t mask; /* Umask setting */
- /*
- * Remove any existing domain socket file...
- */
-
- unlink(addr->un.sun_path);
-
- /*
- * Save the current umask and set it to 0 so that all users can access
- * the domain socket...
- */
-
- mask = umask(0);
-
- /*
- * Bind the domain socket...
- */
+ // Remove any existing domain socket file...
+ if ((status = unlink(addr->un.sun_path)) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ if (errno == ENOENT)
+ status = 0;
+ }
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
+ if (!status)
+ {
+ // Save the current umask and set it to 0 so that all users can access
+ // the domain socket...
+ mask = umask(0);
- /*
- * Restore the umask and fix permissions...
- */
+ // Bind the domain socket...
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ }
- umask(mask);
- chmod(addr->un.sun_path, 0140777);
+ // Restore the umask...
+ umask(mask);
+ }
}
else
#endif /* AF_LOCAL */
diff --git a/scheduler/conf.c b/scheduler/conf.c
index bb6049b2c..4c703c9b9 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -3062,6 +3062,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
cupsd_listener_t *lis; /* New listeners array */
+ /*
+ * If we are launched on-demand, do not use domain sockets from the config
+ * file. Also check that the domain socket path is not too long...
+ */
+
+#ifdef HAVE_ONDEMAND
+ if (*value == '/' && OnDemand)
+ {
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
+ continue;
+ }
+#endif // HAVE_ONDEMAND
+
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
+ continue;
+ }
/*
* Get the address list...

@ -0,0 +1,29 @@
From 4d2a45eb25136f57686887a0c27209ffed4e5ad4 Mon Sep 17 00:00:00 2001
From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
Date: Wed, 13 Sep 2023 19:14:41 +0300
Subject: [PATCH] Fixed case when no username request on printing
---
scheduler/job.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/scheduler/job.c b/scheduler/job.c
index 0223bee..65d51d6 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -3658,6 +3658,12 @@ finalize_job(cupsd_job_t *job, /* I - Job */
ippSetString(job->attrs, &job->reasons, 0,
"cups-held-for-authentication");
}
+ if (job->printer->num_auth_info_required == 1 && !strcmp(job->printer->auth_info_required[0], "none"))
+ {
+ // Default to "username,password" authentication if none is specified...
+ cupsdSetAuthInfoRequired(job->printer, "username,password", NULL);
+ }
+
break;
case CUPS_BACKEND_RETRY :
--
2.39.1

@ -1,32 +0,0 @@
From 8ae6eb11184dcbd9eaf3c6badd4fad59fcc3863a Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 15 Aug 2022 17:38:12 +0200
Subject: [PATCH] cups/dest.c: Write data into /etc/cups/lpoptions if we're
root
Fixes #454 , the patch is created by Yair Yarom
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008053).
---
cups/dest.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cups/dest.c b/cups/dest.c
index f563ce226..a9273ff93 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -2080,7 +2080,11 @@ cupsSetDests2(http_t *http, /* I - Connection to server or @code CUPS_HTTP_
snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
- if (cg->home)
+ if (cg->home
+#ifndef _WIN32
+ && getuid() != 0
+#endif /* !_WIN32 */
+ )
{
/*
* Create ~/.cups subdirectory...
--
2.44.0

@ -1,24 +0,0 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.fix-warn cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.fix-warn 2024-09-30 17:30:39.098043436 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:31:30.738393111 +0200
@@ -3051,8 +3051,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
int resolutions[1000];
/* Array of resolution indices */
char msgid[256]; /* Message identifier (attr.value) */
- const char *keyword, /* Keyword value */
- *msgstr; /* Localized string */
+ const char *keyword; /* Keyword value */
cups_lang_t *lang = cupsLangDefault();
/* Localization info */
cups_array_t *strings = NULL;/* Printer strings file */
@@ -4661,9 +4660,8 @@ _ppdCreateFromIPP(char *buffer, /* I -
{
ipp_t *preset = ippGetCollection(attr, i);
/* Preset collection */
- const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL),
+ const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL);
/* Preset name */
- *localized_name; /* Localized preset name */
ipp_attribute_t *member; /* Member attribute in preset */
const char *member_name; /* Member attribute name */
char member_value[256]; /* Member attribute value */

@ -1,43 +0,0 @@
diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup 2023-12-19 18:25:15.484637450 +0100
+++ cups-2.2.6/cups/http-addrlist.c 2023-12-19 18:28:57.129163387 +0100
@@ -313,6 +313,39 @@ httpAddrConnect2(
{
# ifdef HAVE_POLL
DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
+
+# ifdef _WIN32
+ if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# else
+ if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# endif /* _WIN32 */
+ {
+ // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
+ // asynchronous connections. The solution seems to be to use getsockopt to
+ // check the SO_ERROR value and ignore the POLLHUP if there is no error or
+ // the error is EINPROGRESS.
+
+ int sres, /* Return value from getsockopt() - 0, or -1 if error */
+ serr; /* Option SO_ERROR value */
+ socklen_t slen = sizeof(serr); /* Option value size */
+
+ sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
+
+ if (sres || serr)
+ {
+ pfds[i].revents |= POLLERR;
+# ifdef DEBUG
+ DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
+# endif
+ }
+ else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
+ {
+ pfds[i].revents &= ~POLLHUP;
+ }
+ }
+
if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
# else
if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))

@ -1,57 +0,0 @@
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index 977d0c6..c484d33 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -3134,10 +3134,10 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */
cupsFilePuts(fp, "*cupsSNMPSupplies: False\n");
cupsFilePrintf(fp, "*cupsLanguages: \"%s\"\n", lang->language);
- if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL)
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 728d164..5089172 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -5773,6 +5773,18 @@ create_local_bg_thread(
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
}
+ // Validate response from printer...
+ if (!ippValidateAttributes(response))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "%s: The printer contains invalid attributes.", printer->name);
+
+ if (response)
+ ippDelete(response);
+
+ httpClose(http);
+ return (NULL);
+ }
+
// TODO: Grab printer icon file...
httpClose(http);
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index daf24d5..eba7551 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1226,6 +1226,12 @@ get_printer_ppd(
ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
+ if (response && !ippValidateAttributes(response))
+ {
+ _cupsLangPrintf(stderr, _("%s: The printer \"%s\" contains invalid IPP attributes."), "lpadmin", uri);
+ return (NULL);
+ }
+
if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE)
{
_cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString());

@ -1,116 +0,0 @@
From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 9 Sep 2024 15:59:57 -0400
Subject: [PATCH] PPDize preset and template names.
---
cups/ppd-cache.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index 986c64f73..18c38d0ee 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -4975,12 +4975,14 @@ _ppdCreateFromIPP2(
cupsArrayAdd(templates, (void *)keyword);
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+
snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
msgstr = keyword;
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword);
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
{
if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION)
@@ -4993,7 +4995,7 @@ _ppdCreateFromIPP2(
}
}
cupsFilePuts(fp, "\"\n");
- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr);
+ cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
cupsFilePuts(fp, "*End\n");
}
@@ -5039,7 +5041,8 @@ _ppdCreateFromIPP2(
if (!preset || !preset_name)
continue;
- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset))
{
member_name = ippGetName(member);
@@ -5080,7 +5083,10 @@ _ppdCreateFromIPP2(
fin_col = ippGetCollection(member, i);
if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL)
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
+ {
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
+ }
}
}
else if (!strcmp(member_name, "media"))
@@ -5107,13 +5113,13 @@ _ppdCreateFromIPP2(
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
}
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*MediaType %s\n", keyword);
+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
}
}
else if (!strcmp(member_name, "print-quality"))
@@ -5159,7 +5165,10 @@ _ppdCreateFromIPP2(
cupsFilePuts(fp, "\"\n*End\n");
if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name);
+ {
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
+ }
}
}
@@ -5543,7 +5552,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
*end; /* End of name buffer */
- if (!ipp)
+ if (!ipp || !_cups_isalnum(*ipp))
{
*name = '\0';
return;
@@ -5558,8 +5567,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
ipp ++;
*ptr++ = (char)toupper(*ipp++ & 255);
}
- else
+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
+ {
*ptr++ = *ipp++;
+ }
+ else
+ {
+ ipp ++;
+ }
}
*ptr = '\0';
--
2.46.1

@ -1,220 +0,0 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings 2024-09-30 17:24:43.345405200 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:29:35.752595925 +0200
@@ -29,6 +29,7 @@
*/
static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize);
+static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value);
static void pwg_add_message(cups_array_t *a, const char *msg, const char *str);
static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b);
@@ -3211,7 +3212,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
{
http_t *http = NULL; /* Connection to printer */
char stringsfile[1024]; /* Temporary strings file */
@@ -3768,13 +3769,16 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname);
for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++)
+ {
if (!strcmp(sources[j], keyword))
{
snprintf(msgid, sizeof(msgid), "media-source.%s", keyword);
+
cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
- cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, _cupsLangString(lang, msgid));
+ ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid);
break;
}
+ }
}
cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
}
@@ -3800,12 +3804,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "media-type.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
- cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid);
}
cupsFilePuts(fp, "*CloseUI: *MediaType\n");
}
@@ -4035,12 +4036,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
- cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid);
if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL)
{
@@ -4159,9 +4157,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4176,7 +4171,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword);
}
@@ -4239,9 +4234,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4256,7 +4248,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword);
}
@@ -4327,9 +4319,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4344,7 +4333,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword);
}
@@ -4415,9 +4404,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value == IPP_FINISHINGS_TRIM)
ppd_keyword = "Auto";
@@ -4425,7 +4411,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES];
cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword);
}
@@ -4467,9 +4453,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
@@ -4484,7 +4467,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
}
}
cupsFilePuts(fp, "\"\n");
- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid);
cupsFilePuts(fp, "*End\n");
}
@@ -4811,11 +4794,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsFilePuts(fp, "\"\n*End\n");
- if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
- {
- pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
- }
+ snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid);
}
}
@@ -5054,6 +5035,43 @@ cups_get_url(http_t **http, /* IO -
}
+/*
+ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
+ */
+
+static void
+ppd_put_string(cups_file_t *fp, /* I - PPD file */
+ cups_lang_t *lang, /* I - Language */
+ cups_array_t *strings, /* I - Strings */
+ const char *ppd_option,/* I - PPD option */
+ const char *ppd_choice,/* I - PPD choice */
+ const char *pwg_msgid) /* I - PWG message ID */
+{
+ const char *text; /* Localized text */
+
+
+ if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text))
+ {
+ if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid)
+ return;
+ }
+
+ // Add the first line of localized text...
+ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
+ while (*text && *text != '\n')
+ {
+ // Escape ":" and "<"...
+ if (*text == ':' || *text == '<')
+ cupsFilePrintf(fp, "<%02X>", *text);
+ else
+ cupsFilePutChar(fp, *text);
+
+ text ++;
+ }
+ cupsFilePuts(fp, ": \"\"\n");
+}
+
+
/*
* 'pwg_add_finishing()' - Add a finishings value.
*/

@ -1,136 +0,0 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.make-model-refact cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.make-model-refact 2024-09-30 17:19:35.443100091 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:24:10.927162954 +0200
@@ -3027,9 +3027,10 @@ _ppdCreateFromIPP(char *buffer, /* I -
ipp_t *media_col, /* Media collection */
*media_size; /* Media size collection */
char make[256], /* Make and model */
- *model, /* Model name */
+ *mptr, /* Pointer into make and model */
ppdname[PPD_MAX_NAME];
/* PPD keyword */
+ const char *model; /* Model name */
int i, j, /* Looping vars */
count, /* Number of values */
bottom, /* Largest bottom margin */
@@ -3090,35 +3091,105 @@ _ppdCreateFromIPP(char *buffer, /* I -
}
/*
- * Standard stuff for PPD file...
+ * Get a sanitized make and model...
*/
- cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
- cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
- cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
- cupsFilePuts(fp, "*LanguageVersion: English\n");
- cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
- cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
- cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
- cupsFilePuts(fp, "*FileSystem: False\n");
- cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
+ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
+ {
+ /*
+ * Sanitize the model name to only contain PPD-safe characters.
+ */
- if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL)
strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+
+ for (mptr = make; *mptr; mptr ++)
+ {
+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
+ {
+ /*
+ * Truncate the make and model on the first bad character...
+ */
+
+ *mptr = '\0';
+ break;
+ }
+ }
+
+ while (mptr > make)
+ {
+ /*
+ * Strip trailing whitespace...
+ */
+
+ mptr --;
+ if (*mptr == ' ')
+ *mptr = '\0';
+ }
+
+ if (!make[0])
+ {
+ /*
+ * Use a default make and model if nothing remains...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+ }
else
- strlcpy(make, "Unknown Printer", sizeof(make));
+ {
+ /*
+ * Use a default make and model...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) ||
!_cups_strncasecmp(make, "Hewlett-Packard ", 16))
{
+ /*
+ * Normalize HP printer make and model...
+ */
+
model = make + 16;
strlcpy(make, "HP", sizeof(make));
+
+ if (!_cups_strncasecmp(model, "HP ", 3))
+ model += 3;
+ }
+ else if ((mptr = strchr(make, ' ')) != NULL)
+ {
+ /*
+ * Separate "MAKE MODEL"...
+ */
+
+ while (*mptr && *mptr == ' ')
+ *mptr++ = '\0';
+
+ model = mptr;
}
- else if ((model = strchr(make, ' ')) != NULL)
- *model++ = '\0';
else
- model = make;
+ {
+ /*
+ * No separate model name...
+ */
+
+ model = "Printer";
+ }
+
+ /*
+ * Standard stuff for PPD file...
+ */
+ cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
+ cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
+ cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
+ cupsFilePuts(fp, "*LanguageVersion: English\n");
+ cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
+ cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
+ cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
+ cupsFilePuts(fp, "*FileSystem: False\n");
+ cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);

@ -1,64 +0,0 @@
From d60341b3355fd8825bec00792f301ef99d715a93 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 3 Apr 2024 10:39:24 +0200
Subject: [PATCH] scheduler: Fix sending response headers to client
Sometimes headers are not correctly copied into response to the client
(some are missing). It happens because `sent_header` is set prematurely
before the actual send happens. The present code in affected `cupsdWriteClient`
scope looks like code remains from CUPS 1.6.3.
With the change, testing via curl gives reliable results all time.
---
scheduler/client.c | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 62ac21c69..e7e312b8e 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2400,23 +2400,12 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
httpSetField(con->http, field, value);
if (field == HTTP_FIELD_LOCATION)
- {
con->pipe_status = HTTP_STATUS_SEE_OTHER;
- con->sent_header = 2;
- }
- else
- con->sent_header = 1;
}
else if (!_cups_strcasecmp(con->header, "Status") && value)
- {
con->pipe_status = (http_status_t)atoi(value);
- con->sent_header = 2;
- }
else if (!_cups_strcasecmp(con->header, "Set-Cookie") && value)
- {
httpSetCookie(con->http, value);
- con->sent_header = 1;
- }
}
/*
@@ -2451,6 +2440,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
cupsdCloseClient(con);
return;
}
+
+ con->sent_header = 1;
}
else
{
@@ -2459,6 +2450,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
cupsdCloseClient(con);
return;
}
+
+ con->sent_header = 1;
}
}
else
--
2.44.0

@ -1,36 +0,0 @@
From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 1 Sep 2023 17:11:54 +0200
Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
cups-files.conf
In case cupsd can't open the cups-files.conf, the error message is lost
if journal and syslog don't exist or work on system (usually in
containers).
Log the error into stderr at this place to get the error message if
needed.
---
scheduler/conf.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/scheduler/conf.c b/scheduler/conf.c
index b18535162..4fa7eb1df 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
else
{
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#else
- syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+ fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
return (0);
}
--
2.41.0

@ -1,94 +0,0 @@
diff --git a/scheduler/conf.c b/scheduler/conf.c
index c113eb3..77ce179 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
cupsdDeleteAllListeners();
+ /*
+ * Allocate Listeners array
+ */
+
+ Listeners = cupsArrayNew(NULL, NULL);
+
+ if (!Listeners)
+ {
+ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+ return (0);
+ }
+
old_remote_port = RemotePort;
RemotePort = 0;
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
}
}
- /*
- * Check that we have at least one listen/port line; if not, report this
- * as an error and exit!
- */
-
- if (cupsArrayCount(Listeners) == 0)
- {
- /*
- * No listeners!
- */
-
- cupsdLogMessage(CUPSD_LOG_EMERG,
- "No valid Listen or Port lines were found in the "
- "configuration file.");
-
- /*
- * Commit suicide...
- */
-
- cupsdEndProcess(getpid(), 0);
- }
-
/*
* Set the default locale using the language and charset...
*/
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
* Allocate another listener...
*/
- if (!Listeners)
- Listeners = cupsArrayNew(NULL, NULL);
-
- if (!Listeners)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate %s at line %d - %s.",
- line, linenum, strerror(errno));
- break;
- }
-
if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
diff --git a/scheduler/main.c b/scheduler/main.c
index a6e2c3a..b935c52 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -2113,6 +2113,21 @@ service_checkin(void)
service_add_listener(fd, 0);
}
#endif /* HAVE_LAUNCHD */
+
+ if (cupsArrayCount(Listeners) == 0)
+ {
+ /*
+ * No listeners!
+ */
+
+ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+
+ /*
+ * Commit suicide...
+ */
+
+ cupsdEndProcess(getpid(), 0);
+ }
}

@ -1,21 +1,21 @@
diff --git a/Makedefs.in b/Makedefs.in
index d1b1ae9..4dba556 100644
--- a/Makedefs.in
+++ b/Makedefs.in
@@ -161,7 +161,7 @@ ARFLAGS = @ARFLAGS@
BACKLIBS = @BACKLIBS@
BUILDDIRS = @BUILDDIRS@
CFLAGS = @CPPFLAGS@ @CFLAGS@
-COMMONLIBS = @LIBS@
+COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
CXXLIBS = @CXXLIBS@
DBUS_NOTIFIER = @DBUS_NOTIFIER@
diff --git a/config-scripts/cups-lspp.m4 b/config-scripts/cups-lspp.m4
new file mode 100644
index 0000000..55bd1bb
--- /dev/null
+++ b/config-scripts/cups-lspp.m4
diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in
--- cups-2.3.0/config.h.in.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/config.h.in 2019-10-07 12:24:43.058597468 +0200
@@ -684,4 +684,11 @@ static __inline int _cups_abs(int i) { r
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
+/*
+ * Are we trying to meet LSPP requirements?
+ */
+
+#undef WITH_LSPP
+
+
#endif /* !_CUPS_CONFIG_H_ */
diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/cups-lspp.m4
--- cups-2.3.0/config-scripts/cups-lspp.m4.lspp 2019-10-07 12:24:43.058597468 +0200
+++ cups-2.3.0/config-scripts/cups-lspp.m4 2019-10-07 12:24:43.058597468 +0200
@@ -0,0 +1,36 @@
+dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -40,7 +40,7 @@ index 0000000..55bd1bb
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+
+if test x"$enable_lspp" != xno; then
+ case "$(uname)" in
+ case "$uname" in
+ Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h)
@ -53,28 +53,10 @@ index 0000000..55bd1bb
+ ;;
+ esac
+fi
diff --git a/config.h.in b/config.h.in
index 6343e6d..1be3ca1 100644
--- a/config.h.in
+++ b/config.h.in
@@ -693,4 +693,12 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); }
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
+
+/*
+ * Are we trying to meet LSPP requirements?
+ */
+
+#undef WITH_LSPP
+
+
#endif /* !_CUPS_CONFIG_H_ */
diff --git a/configure.ac b/configure.ac
index 93a4b97..47587c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,6 +35,8 @@ sinclude(config-scripts/cups-dnssd.m4)
diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac
--- cups-2.3.0/configure.ac.lspp 2019-10-07 12:24:43.058597468 +0200
+++ cups-2.3.0/configure.ac 2019-10-07 12:39:20.122546282 +0200
@@ -34,6 +34,8 @@ sinclude(config-scripts/cups-dnssd.m4)
sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4)
@ -83,10 +65,9 @@ index 93a4b97..47587c9 100644
INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES=""
LANGFILES=""
diff --git a/filter/common.c b/filter/common.c
index 672b7c8..f323abd 100644
--- a/filter/common.c
+++ b/filter/common.c
diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
--- cups-2.3.0/filter/common.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/filter/common.c 2019-10-07 12:24:43.059597461 +0200
@@ -11,6 +11,12 @@
* Include necessary headers...
*/
@ -100,7 +81,7 @@ index 672b7c8..f323abd 100644
#include "common.h"
#include <locale.h>
@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I - Page label */
@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
@ -119,7 +100,7 @@ index 672b7c8..f323abd 100644
/*
@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I - Page label */
@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I
return;
}
@ -240,11 +221,11 @@ index 672b7c8..f323abd 100644
+ else
+ {
+#endif /* !WITH_LSPP */
+
+
/*
* Set the classification + page label string...
*/
@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I - Page label */
@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I
printf(" %.0f moveto ESPpl show\n", top - 14.0);
puts("pop");
puts("}bind put");
@ -255,11 +236,10 @@ index 672b7c8..f323abd 100644
/*
diff --git a/filter/pstops.c b/filter/pstops.c
index d251abb..8afff4a 100644
--- a/filter/pstops.c
+++ b/filter/pstops.c
@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
--- cups-2.3.0/filter/pstops.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/filter/pstops.c 2019-10-07 12:24:43.059597461 +0200
@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /*
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
@ -278,7 +258,7 @@ index d251abb..8afff4a 100644
/*
@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /*
return;
}
@ -403,7 +383,7 @@ index d251abb..8afff4a 100644
/*
* Set the classification + page label string...
*/
@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /*
doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
doc_puts(doc, "pop\n");
doc_puts(doc, "}bind put\n");
@ -414,10 +394,21 @@ index d251abb..8afff4a 100644
/*
diff --git a/scheduler/client.c b/scheduler/client.c
index cef4115..e186e4c 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
diff -up cups-2.3.0/Makedefs.in.lspp cups-2.3.0/Makedefs.in
--- cups-2.3.0/Makedefs.in.lspp 2019-10-07 12:24:43.059597461 +0200
+++ cups-2.3.0/Makedefs.in 2019-10-07 12:37:19.200565805 +0200
@@ -174,7 +174,7 @@ IPPFIND_MAN = @IPPFIND_MAN@
LDFLAGS = @LDFLAGS@
LINKCUPS = @LINKCUPS@
LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS)
-LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS)
+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
--- cups-2.3.0/scheduler/client.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/client.c 2019-10-07 12:33:10.459693580 +0200
@@ -19,12 +19,20 @@
#define _HTTP_NO_PRIVATE
#include "cupsd.h"
@ -439,7 +430,7 @@ index cef4115..e186e4c 100644
/*
@@ -263,6 +271,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
@@ -265,6 +273,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)
}
#endif /* HAVE_TCPD_H */
@ -473,7 +464,7 @@ index cef4115..e186e4c 100644
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ /*
@ -484,7 +475,7 @@ index cef4115..e186e4c 100644
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed");
+ free(con);
+ return;
+ return;
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon);
@ -499,19 +490,7 @@ index cef4115..e186e4c 100644
#ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{
@@ -517,6 +578,11 @@ cupsdCloseClient(cupsd_client_t *con) /* I - Client to close */
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -556,6 +622,13 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
@@ -558,6 +619,13 @@ cupsdReadClient(cupsd_client_t *con) /*
struct stat filestats; /* File information */
mime_type_t *type; /* MIME type of file */
static unsigned request_id = 0; /* Request ID for temp files */
@ -525,10 +504,10 @@ index cef4115..e186e4c 100644
status = HTTP_STATUS_CONTINUE;
@@ -1675,7 +1748,73 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
@@ -1679,6 +1747,73 @@ cupsdReadClient(cupsd_client_t *con) /*
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
+#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
@ -589,17 +568,17 @@ index cef4115..e186e4c 100644
+ cupsdCloseClient(con);
+ return;
+ }
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ con->filename, context_str(tmpcon));
+ context_free(tmpcon);
+ context_free(clicon);
}
+ }
+#endif /* WITH_LSPP */
+ }
+
if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{
@@ -3173,6 +3312,49 @@ is_path_absolute(const char *path) /* I - Input path */
if (!httpWait(con->http, 0))
@@ -3174,6 +3309,49 @@ is_path_absolute(const char *path) /* I
return (1);
}
@ -649,10 +628,9 @@ index cef4115..e186e4c 100644
/*
* 'pipe_command()' - Pipe the output of a command to the remote client.
diff --git a/scheduler/client.h b/scheduler/client.h
index fc7af54..c665d0c 100644
--- a/scheduler/client.h
+++ b/scheduler/client.h
diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h
--- cups-2.3.0/scheduler/client.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/client.h 2019-10-07 12:24:43.113597079 +0200
@@ -13,6 +13,13 @@
#endif /* HAVE_AUTHORIZATION_H */
@ -678,21 +656,19 @@ index fc7af54..c665d0c 100644
};
#define HTTP(con) ((con)->http)
@@ -137,6 +148,10 @@ extern void cupsdStopListening(void);
@@ -136,6 +147,9 @@ extern void cupsdStartListening(void);
extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */
+
#ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con);
extern int cupsdStartTLS(cupsd_client_t *con);
diff --git a/scheduler/conf.c b/scheduler/conf.c
index 21386cd..a52e9a6 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
--- cups-2.3.0/scheduler/conf.c.lspp 2019-10-07 12:24:43.049597531 +0200
+++ cups-2.3.0/scheduler/conf.c 2019-10-07 12:24:43.113597079 +0200
@@ -37,6 +37,9 @@
# define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */
@ -724,7 +700,7 @@ index 21386cd..a52e9a6 100644
/*
@@ -877,6 +887,25 @@ cupsdReadConfiguration(void)
@@ -864,6 +874,25 @@ cupsdReadConfiguration(void)
RunUser = getuid();
@ -750,7 +726,7 @@ index 21386cd..a52e9a6 100644
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled");
@@ -1269,7 +1298,19 @@ cupsdReadConfiguration(void)
@@ -1275,7 +1304,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification);
if (Classification)
@ -770,7 +746,7 @@ index 21386cd..a52e9a6 100644
/*
* Check the MaxClients setting, and then allocate memory for it...
@@ -3857,6 +3898,18 @@ read_location(cups_file_t *fp, /* I - Configuration file */
@@ -3830,6 +3871,18 @@ read_location(cups_file_t *fp, /* I - C
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
@ -789,11 +765,10 @@ index 21386cd..a52e9a6 100644
/*
* 'read_policy()' - Read a <Policy name> definition.
diff --git a/scheduler/conf.h b/scheduler/conf.h
index 7d5eb40..3c27828 100644
--- a/scheduler/conf.h
+++ b/scheduler/conf.h
@@ -245,6 +245,13 @@ VAR char *ServerKeychain VALUE(NULL);
diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
--- cups-2.3.0/scheduler/conf.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/conf.h 2019-10-07 12:24:43.113597079 +0200
@@ -243,6 +243,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
#endif /* HAVE_SSL */
@ -807,7 +782,7 @@ index 7d5eb40..3c27828 100644
#ifdef HAVE_ONDEMAND
VAR int IdleExitTimeout VALUE(60);
/* Time after which an idle cupsd will exit */
@@ -263,6 +270,9 @@ VAR int HaveServerCreds VALUE(0);
@@ -261,6 +268,9 @@ VAR int HaveServerCreds VALUE(0);
VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */
#endif /* HAVE_GSSAPI */
@ -817,10 +792,9 @@ index 7d5eb40..3c27828 100644
/*
* Prototypes...
diff --git a/scheduler/cupsd.h b/scheduler/cupsd.h
index bc1350e..64d57d1 100644
--- a/scheduler/cupsd.h
+++ b/scheduler/cupsd.h
diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h
--- cups-2.3.0/scheduler/cupsd.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/cupsd.h 2019-10-07 12:31:38.458480578 +0200
@@ -8,6 +8,8 @@
* information.
*/
@ -845,11 +819,10 @@ index bc1350e..64d57d1 100644
#include "mime.h"
#if defined(HAVE_CDSASSL)
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 19d6608..728d164 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -12,6 +12,9 @@
diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
--- cups-2.3.0/scheduler/ipp.c.lspp 2019-10-07 12:24:43.016597764 +0200
+++ cups-2.3.0/scheduler/ipp.c 2019-10-07 12:31:01.243798920 +0200
@@ -11,6 +11,9 @@
* information.
*/
@ -859,7 +832,7 @@ index 19d6608..728d164 100644
/*
* Include necessary headers...
*/
@@ -28,6 +31,12 @@ extern int mbr_group_name_to_uuid(const char* name, uuid_t uu);
@@ -27,6 +30,14 @@ extern int mbr_group_name_to_uuid(const
extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember);
#endif /* __APPLE__ */
@ -868,11 +841,13 @@ index 19d6608..728d164 100644
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -52,6 +61,9 @@ static void cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri);
@@ -51,6 +62,9 @@ static void cancel_all_jobs(cupsd_client
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient);
@ -882,7 +857,7 @@ index 19d6608..728d164 100644
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1241,6 +1253,21 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1240,6 +1254,21 @@ add_job(cupsd_client_t *con, /* I - Cl
"time-at-creation",
"time-at-processing"
};
@ -904,7 +879,7 @@ index 19d6608..728d164 100644
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1569,6 +1596,106 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1568,6 +1597,106 @@ add_job(cupsd_client_t *con, /* I - Cl
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
@ -941,18 +916,18 @@ index 19d6608..728d164 100644
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else
+ {
@ -1011,7 +986,7 @@ index 19d6608..728d164 100644
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1577,6 +1704,32 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1576,6 +1705,32 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL);
}
@ -1044,7 +1019,7 @@ index 19d6608..728d164 100644
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request;
job->dirty = 1;
@@ -1764,6 +1917,29 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1763,6 +1918,29 @@ add_job(cupsd_client_t *con, /* I - Cl
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
@ -1074,7 +1049,7 @@ index 19d6608..728d164 100644
job->job_sheets = attr;
@@ -1794,6 +1970,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1793,6 +1971,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
@ -1084,7 +1059,7 @@ index 19d6608..728d164 100644
}
else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text,
@@ -1812,6 +1991,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1811,6 +1992,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1094,7 +1069,7 @@ index 19d6608..728d164 100644
}
else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") &&
@@ -1832,6 +2014,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1831,6 +2015,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
@ -1104,7 +1079,7 @@ index 19d6608..728d164 100644
}
}
else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1872,9 +2057,55 @@ add_job(cupsd_client_t *con, /* I - Client connection */
@@ -1871,8 +2058,52 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
@ -1146,21 +1121,18 @@ index 19d6608..728d164 100644
+ cupsdClearString(&audit_message);
+ }
}
+
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
}
+
+#ifdef WITH_LSPP
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
+
+
/*
* See if we need to add the starting sheet...
*/
@@ -3649,6 +3880,128 @@ check_rss_recipient(
@@ -3648,6 +3879,128 @@ check_rss_recipient(
}
@ -1215,8 +1187,8 @@ index 19d6608..728d164 100644
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init");
+ return -1;
+ }
+ }
+ }
+ }
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
@ -1232,8 +1204,8 @@ index 19d6608..728d164 100644
+ return -1;
+ }
+ avc_entry_ref_init(&avcref);
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "read");
+ tclass = SECCLASS_FILE;
+ avr = FILE__READ;
+
+ /*
+ * Perform the check with the client as the subject, first with the job as the object
@ -1289,7 +1261,7 @@ index 19d6608..728d164 100644
/*
* 'check_quotas()' - Check quotas for a printer and user.
*/
@@ -4104,6 +4457,15 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
@@ -4103,6 +4456,15 @@ copy_banner(cupsd_client_t *con, /* I -
char attrname[255], /* Name of attribute */
*s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */
@ -1305,7 +1277,7 @@ index 19d6608..728d164 100644
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4139,6 +4501,85 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
@@ -4138,6 +4500,85 @@ copy_banner(cupsd_client_t *con, /* I -
fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group);
@ -1391,7 +1363,7 @@ index 19d6608..728d164 100644
/*
* Try the localized banner file under the subdirectory...
@@ -4233,6 +4674,24 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
@@ -4232,6 +4673,24 @@ copy_banner(cupsd_client_t *con, /* I -
else
s = attrname;
@ -1416,7 +1388,7 @@ index 19d6608..728d164 100644
if (!strcmp(s, "printer-name"))
{
cupsFilePuts(out, job->dest);
@@ -6443,6 +6902,22 @@ get_job_attrs(cupsd_client_t *con, /* I - Client connection */
@@ -6439,6 +6898,22 @@ get_job_attrs(cupsd_client_t *con, /* I
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
@ -1439,7 +1411,7 @@ index 19d6608..728d164 100644
/*
* Copy attributes...
*/
@@ -6840,6 +7315,11 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */
@@ -6836,6 +7311,11 @@ get_jobs(cupsd_client_t *con, /* I - C
if (username[0] && _cups_strcasecmp(username, job->username))
continue;
@ -1451,7 +1423,7 @@ index 19d6608..728d164 100644
if (count > 0)
ippAddSeparator(con->response);
@@ -11441,6 +11921,11 @@ validate_user(cupsd_job_t *job, /* I - Job */
@@ -11445,6 +11925,11 @@ validate_user(cupsd_job_t *job, /* I
strlcpy(username, get_username(con), userlen);
@ -1463,10 +1435,9 @@ index 19d6608..728d164 100644
/*
* Check the username against the owner...
*/
diff --git a/scheduler/job.c b/scheduler/job.c
index 834e170..dbc64c3 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
--- cups-2.3.0/scheduler/job.c.lspp 2019-10-07 12:24:43.024597707 +0200
+++ cups-2.3.0/scheduler/job.c 2019-10-07 12:30:13.092210820 +0200
@@ -8,6 +8,9 @@
* information.
*/
@ -1477,7 +1448,7 @@ index 834e170..dbc64c3 100644
/*
* Include necessary headers...
*/
@@ -23,6 +26,12 @@
@@ -23,6 +26,14 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */
@ -1486,11 +1457,13 @@ index 834e170..dbc64c3 100644
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */
/*
* Design Notes for Job Management
@@ -545,6 +554,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
@@ -544,6 +555,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
/* PRINTER_STATE_REASONS env var */
rip_max_cache[255];
/* RIP_MAX_CACHE env variable */
@ -1505,7 +1478,7 @@ index 834e170..dbc64c3 100644
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1066,6 +1083,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
@@ -1080,6 +1099,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
if (final_content_type[0])
envp[envc ++] = final_content_type;
@ -1524,7 +1497,7 @@ index 834e170..dbc64c3 100644
+ cupsdClearString(&audit_message);
+ }
+ }
+ else
+ else
+ {
+ jobcon = context_new(job->scon);
+
@ -1573,19 +1546,7 @@ index 834e170..dbc64c3 100644
if (Classification && !banner_page)
{
if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1400,6 +1478,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1844,6 +1927,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
@@ -1858,6 +1938,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
ippSetString(job->attrs, &job->reasons, 0, "none");
}
@ -1608,7 +1569,7 @@ index 834e170..dbc64c3 100644
job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER);
job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER);
job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
@@ -2259,6 +2358,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
@@ -2273,6 +2369,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
{
char filename[1024]; /* Job control filename */
cups_file_t *fp; /* Job file */
@ -1623,7 +1584,7 @@ index 834e170..dbc64c3 100644
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
@@ -2281,6 +2388,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
@@ -2295,6 +2399,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
fchown(cupsFileNumber(fp), RunUser, Group);
@ -1702,7 +1663,7 @@ index 834e170..dbc64c3 100644
job->attrs->state = IPP_IDLE;
if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
@@ -3981,6 +4160,19 @@ get_options(cupsd_job_t *job, /* I - Job */
@@ -3995,6 +4171,19 @@ get_options(cupsd_job_t *job, /* I - Jo
banner_page)
continue;
@ -1722,7 +1683,7 @@ index 834e170..dbc64c3 100644
/*
* Otherwise add them to the list...
*/
@@ -4791,6 +4983,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */
@@ -4805,6 +4994,18 @@ start_job(cupsd_job_t *job, /* I -
cupsd_printer_t *printer) /* I - Printer to print job */
{
const char *filename; /* Support filename */
@ -1741,7 +1702,7 @@ index 834e170..dbc64c3 100644
ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs,
"job-cancel-after",
IPP_TAG_INTEGER);
@@ -4979,6 +5183,113 @@ start_job(cupsd_job_t *job, /* I - Job ID */
@@ -4993,6 +5194,113 @@ start_job(cupsd_job_t *job, /* I -
fcntl(job->side_pipes[1], F_SETFD,
fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
@ -1772,18 +1733,18 @@ index 834e170..dbc64c3 100644
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_CHR_FILE;
+ avr = CHR_FILE__WRITE;
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ tclass = SECCLASS_FILE;
+ avr = FILE__WRITE;
+ }
+ else
+ {
@ -1855,10 +1816,9 @@ index 834e170..dbc64c3 100644
/*
* Now start the first file in the job...
*/
diff --git a/scheduler/job.h b/scheduler/job.h
index 2400ea9..cc05450 100644
--- a/scheduler/job.h
+++ b/scheduler/job.h
diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
--- cups-2.3.0/scheduler/job.h.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/job.h 2019-10-07 12:29:54.364371023 +0200
@@ -7,6 +7,13 @@
* Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/
@ -1873,7 +1833,7 @@ index 2400ea9..cc05450 100644
/*
* Constants...
*/
@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request ****/
@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request *
int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */
@ -1884,10 +1844,9 @@ index 2400ea9..cc05450 100644
};
typedef struct cupsd_joblog_s /**** Job log message ****/
diff --git a/scheduler/main.c b/scheduler/main.c
index 47968e6..2802625 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
--- cups-2.3.0/scheduler/main.c.lspp 2019-10-07 12:24:43.037597616 +0200
+++ cups-2.3.0/scheduler/main.c 2019-10-07 12:24:43.119597037 +0200
@@ -57,6 +57,9 @@
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
@ -1898,7 +1857,7 @@ index 47968e6..2802625 100644
/*
* Local functions...
@@ -123,6 +126,9 @@ main(int argc, /* I - Number of command-line args */
@@ -123,6 +126,9 @@ main(int argc, /* I - Number of comm
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
@ -1908,7 +1867,7 @@ index 47968e6..2802625 100644
#ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */
#else
@@ -495,6 +501,25 @@ main(int argc, /* I - Number of command-line args */
@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm
exit(errno);
}
@ -1934,7 +1893,7 @@ index 47968e6..2802625 100644
/*
* Let the system know we are busy while we bring up cupsd...
*/
@@ -1204,6 +1229,11 @@ main(int argc, /* I - Number of command-line args */
@@ -1201,6 +1226,11 @@ main(int argc, /* I - Number of comm
cupsdStopSelect();
@ -1946,11 +1905,10 @@ index 47968e6..2802625 100644
return (!stop_scheduler);
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index 234d441..248bdba 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -9,6 +9,8 @@
diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
--- cups-2.3.0/scheduler/printers.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/printers.c 2019-10-07 12:29:17.956658129 +0200
@@ -8,6 +8,8 @@
* information.
*/
@ -1959,7 +1917,7 @@ index 234d441..248bdba 100644
/*
* Include necessary headers...
*/
@@ -33,6 +35,10 @@
@@ -32,6 +34,10 @@
# include <asl.h>
#endif /* __APPLE__ */
@ -1970,7 +1928,7 @@ index 234d441..248bdba 100644
/*
* Local functions...
@@ -2288,6 +2294,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
@@ -2252,6 +2258,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */
*filter; /* Current filter */
@ -1984,7 +1942,7 @@ index 234d441..248bdba 100644
/*
@@ -2412,6 +2425,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
@@ -2378,6 +2391,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]);
}

@ -1,31 +0,0 @@
diff --git a/scheduler/colorman.c b/scheduler/colorman.c
index 8af4e5c..9bfdb0c 100644
--- a/scheduler/colorman.c
+++ b/scheduler/colorman.c
@@ -1083,7 +1083,7 @@ colord_create_profile(
dbus_message_iter_get_basic(&args, &profile_path);
cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
- cupsArrayAdd(profiles, strdup(profile_path));
+ cupsArrayAdd(profiles, profile_path);
out:
diff --git a/scheduler/job.c b/scheduler/job.c
index 0223bee..47d4c72 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
job->num_files = 0;
}
+ unload_job(job);
+
if (job->history)
free_job_history(job);
- unload_job(job);
-
cupsArrayRemove(Jobs, job);
cupsArrayRemove(ActiveJobs, job);
cupsArrayRemove(PrintingJobs, job);

@ -1,12 +0,0 @@
diff --git a/scheduler/cups.socket.in b/scheduler/cups.socket.in
index 613b977a6..1deee826a 100644
--- a/scheduler/cups.socket.in
+++ b/scheduler/cups.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
+RemoveOnStop=on
[Install]
WantedBy=sockets.target

@ -24,7 +24,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.3.3%{OP_VER}
Release: 31%{?dist}
Release: 21%{?dist}.inferit
License: ASL 2.0
Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -126,37 +126,8 @@ Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
Patch35: 0001-cups-strlcpy-handle-zero-size.patch
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch
# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
Patch37: cups-preservejobfiles-leak.patch
# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
# https://github.com/OpenPrinting/cups/pull/927
Patch40: 0001-scheduler-Fix-sending-response-headers-to-client.patch
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
# https://github.com/OpenPrinting/cups/pull/456
Patch41: 0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
Patch42: 0001-Fix-domain-socket-handling.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
Patch43: cups-socket-remove-on-stop.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
Patch44: cups-check-for-listeners.patch
# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
Patch45: 0001-mirror-ipp-everywhere-printer-changes-from-master.patch
Patch46: 0001-refactor-make-and-model-code.patch
Patch47: 0001-ppdize-preset-and-template-names.patch
Patch48: 0001-quote-ppd-localized-strings.patch
Patch49: 0001-fix-warnings-for-unused-vars.patch
Patch1000: 0001-Fixed-case-when-no-username-request-on-printing.patch
##### Patches removed because IMHO they aren't no longer needed
##### but still I'll leave them in git in case their removal
@ -411,42 +382,13 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch35 -p1 -b .cve32324
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
%patch36 -p1 -b .get-document-auth
# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
%patch37 -p1 -b .preservejobfiles-leak
# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
%patch38 -p1 -b .log-stderr
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
%patch39 -p1 -b .cupsgetjobs-pollhup
# https://github.com/OpenPrinting/cups/pull/927
%patch40 -p1 -b .sent-headers
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
%patch41 -p1 -b .root-lpoptions
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
%patch42 -p1 -b .cve2024-35235
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
%patch43 -p1 -b .cups-socket-remove-on-stop.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
%patch44 -p1 -b .cups-check-for-listeners.patch
# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
%patch45 -p1 -b .ippeve-validate
%patch46 -p1 -b .make-model-refact
%patch47 -p1 -b .ppdize-presets
%patch48 -p1 -b .quote-ppd-strings
%patch49 -p1 -b .fix-warn
%if %{lspp}
# LSPP support.
%patch100 -p1 -b .lspp
%endif
%patch1000 -p1
# Log to the system journal by default (bug #1078781, bug #1519331).
sed -i -e 's,^ErrorLog .*$,ErrorLog syslog,' conf/cups-files.conf.in
@ -875,40 +817,12 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz
%changelog
* Tue Oct 01 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-31
- RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
* Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-30
- RHEL-6526 cups source rpm doesn't actually build lspp support
- fix memory leaks from LSPP
* Wed Jun 19 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-29
- Revert the cups-libs license identifier to the "legacy" format
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-28
- RHEL-39940 cups: Cupsd Listen arbitrary chmod 0140777
- Delete the domain socket file after stopping the cups.socket service
- Fix cupsd Listener checks
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
* Mon Apr 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-26
- RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
* Fri Apr 05 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-25
- RHEL-29764 cups doesn't send Content-Type header back to client when Set-Cookie is seen first
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24
- revert RHEL-19205 - new packages are not needed
* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-23
- RHEL-19205 Recommend new cups-filters subpackages with weak dep for better upgrade exp
- RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
* Wed Oct 11 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 1:2.3.3op2-21.inferit
- Fixed case when no username request on printing (patch by Alexey Berezhok <aberezhok@msvsphere-os.ru>)
- Rebuilt for MSVSphere 9.3
* Thu Nov 02 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-22
- RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
- RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost
* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:2.3.3op2-21
- Rebuilt for MSVSphere 9.3 beta
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21
- bump the spec because the previous build was made with buildroot 9.2
@ -4041,7 +3955,7 @@ rm -f %{cups_serverbin}/backend/smb
* Sat Jan 26 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.1.12-1
- Initial (conflicting, since alternatives isn't there yet) packaging for
Red Hat Linux
MSVSphere
* Sat Jan 19 2002 Bernhard Rosenkraenzer <bero@redhat.com>
- 1.1.12

Loading…
Cancel
Save