diff --git a/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch b/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch deleted file mode 100644 index ec224c3ffdfea5c093cbdc6b7a9fe2acfb3996e9..0000000000000000000000000000000000000000 --- a/0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch +++ /dev/null @@ -1,206 +0,0 @@ -diff --git a/backend/ipp.c b/backend/ipp.c -index 32eb3aaa4..2a880bd75 100644 ---- a/backend/ipp.c -+++ b/backend/ipp.c -@@ -3612,6 +3612,8 @@ update_reasons(ipp_attribute_t *attr, /* I - printer-state-reasons or NULL */ - } - } - -+ cupsArrayDelete(new_reasons); -+ - _cupsMutexUnlock(&report_mutex); - - /* -diff --git a/cgi-bin/search.c b/cgi-bin/search.c -index 3956afc33..ad1f5ed0e 100644 ---- a/cgi-bin/search.c -+++ b/cgi-bin/search.c -@@ -361,4 +362,5 @@ void - cgiFreeSearch(void *search) /* I - Search context */ - { - regfree((regex_t *)search); -+ free(search); - } -diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c -index 5d510140b..688901a7d 100644 ---- a/cups/http-addrlist.c -+++ b/cups/http-addrlist.c -@@ -612,6 +613,7 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p - if (!temp) - { - httpAddrFreeList(first); -+ freeaddrinfo(results); - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); - return (NULL); - } -diff --git a/cups/http.c b/cups/http.c -index a9235b087..d9332cc83 100644 ---- a/cups/http.c -+++ b/cups/http.c -@@ -3915,7 +3915,7 @@ http_create( - if ((http = calloc(sizeof(http_t), 1)) == NULL) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); -- httpAddrFreeList(addrlist); -+ httpAddrFreeList(myaddrlist); - return (NULL); - } - -diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx -index be24cebae..4e8cba7bb 100644 ---- a/ppdc/ppdc-source.cxx -+++ b/ppdc/ppdc-source.cxx -@@ -2665,6 +2666,7 @@ ppdcSource::scan_file(ppdcFile *fp, // I - File to read - // Add it to the current option... - if (!o) - { -+ c->release(); - _cupsLangPrintf(stderr, - _("ppdc: Choice found on line %d of %s with no " - "Option."), fp->line, fp->filename); -diff --git a/scheduler/cups-driverd.cxx b/scheduler/cups-driverd.cxx -index 657eee0a0..b518a9325 100644 ---- a/scheduler/cups-driverd.cxx -+++ b/scheduler/cups-driverd.cxx -@@ -153,7 +153,7 @@ static ppd_info_t *add_ppd(const char *filename, const char *name, - size_t size, int model_number, int type, - const char *scheme); - static int cat_drv(const char *name, int request_id); --static int cat_ppd(const char *name, int request_id); -+static void cat_ppd(const char *name, int request_id); - static int cat_static(const char *name, int request_id); - static int cat_tar(const char *name, int request_id); - static int compare_inodes(struct stat *a, struct stat *b); -@@ -163,12 +163,12 @@ static int compare_names(const ppd_info_t *p0, - const ppd_info_t *p1); - static int compare_ppds(const ppd_info_t *p0, - const ppd_info_t *p1); --static int dump_ppds_dat(const char *filename); -+static void dump_ppds_dat(const char *filename); - static void free_array(cups_array_t *a); - static cups_file_t *get_file(const char *name, int request_id, - const char *subdir, char *buffer, - size_t bufsize, char **subfile); --static int list_ppds(int request_id, int limit, const char *opt); -+static void list_ppds(int request_id, int limit, const char *opt); - static int load_drivers(cups_array_t *include, - cups_array_t *exclude); - static int load_drv(const char *filename, const char *name, -@@ -204,13 +204,13 @@ main(int argc, /* I - Number of command-line args */ - */ - - if (argc == 3 && !strcmp(argv[1], "cat")) -- return (cat_ppd(argv[2], 0)); -+ cat_ppd(argv[2], 0); - else if ((argc == 2 || argc == 3) && !strcmp(argv[1], "dump")) -- return (dump_ppds_dat(argv[2])); -+ dump_ppds_dat(argv[2]); - else if (argc == 4 && !strcmp(argv[1], "get")) -- return (cat_ppd(argv[3], atoi(argv[2]))); -+ cat_ppd(argv[3], atoi(argv[2])); - else if (argc == 5 && !strcmp(argv[1], "list")) -- return (list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4])); -+ list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]); - else - { - fputs("Usage: cups-driverd cat ppd-name\n", stderr); -@@ -428,7 +428,7 @@ cat_drv(const char *name, /* I - PPD name */ - * 'cat_ppd()' - Copy a PPD file to stdout. - */ - --static int /* O - Exit code */ -+static void - cat_ppd(const char *name, /* I - PPD name */ - int request_id) /* I - Request ID for response? */ - { -@@ -445,7 +445,7 @@ cat_ppd(const char *name, /* I - PPD name */ - if (strstr(name, "../")) - { - fputs("ERROR: Invalid PPD name.\n", stderr); -- return (1); -+ exit(1); - } - - strlcpy(scheme, name, sizeof(scheme)); -@@ -475,11 +475,11 @@ cat_ppd(const char *name, /* I - PPD name */ - puts("Content-Type: application/ipp\n"); - - if (!scheme[0]) -- return (cat_static(name, request_id)); -+ exit(cat_static(name, request_id)); - else if (!strcmp(scheme, "drv")) -- return (cat_drv(name, request_id)); -+ exit(cat_drv(name, request_id)); - else if (!strcmp(scheme, "file")) -- return (cat_tar(name, request_id)); -+ exit(cat_tar(name, request_id)); - else - { - /* -@@ -517,7 +517,7 @@ cat_ppd(const char *name, /* I - PPD name */ - cupsdSendIPPTrailer(); - } - -- return (1); -+ exit(1); - } - - /* -@@ -547,15 +547,15 @@ cat_ppd(const char *name, /* I - PPD name */ - - fprintf(stderr, "ERROR: [cups-driverd] Unable to execute \"%s\" - %s\n", - line, strerror(errno)); -- return (1); -+ exit(1); - } - } - - /* -- * Return with no errors... -+ * Exit with no errors... - */ - -- return (0); -+ exit(0); - } - - -@@ -778,7 +778,7 @@ compare_ppds(const ppd_info_t *p0, /* I - First PPD file */ - * 'dump_ppds_dat()' - Dump the contents of the ppds.dat file. - */ - --static int /* O - Exit status */ -+static void - dump_ppds_dat(const char *filename) /* I - Filename */ - { - char temp[1024]; /* ppds.dat filename */ -@@ -810,7 +810,7 @@ dump_ppds_dat(const char *filename) /* I - Filename */ - ppd->record.make_and_model, ppd->record.device_id, - ppd->record.scheme); - -- return (0); -+ exit(0); - } - - -@@ -1004,7 +1004,7 @@ get_file(const char *name, /* I - Name */ - * 'list_ppds()' - List PPD files. - */ - --static int /* O - Exit code */ -+static void - list_ppds(int request_id, /* I - Request ID */ - int limit, /* I - Limit */ - const char *opt) /* I - Option argument */ -@@ -1566,7 +1566,7 @@ list_ppds(int request_id, /* I - Request ID */ - if (request_id) - cupsdSendIPPTrailer(); - -- return (0); -+ exit(0); - } - - --- -2.17.1 - diff --git a/CVE-2018-4300.patch b/CVE-2018-4300.patch deleted file mode 100644 index 20ff3229aa76f496ae1f01bf3a976d8516cd02d4..0000000000000000000000000000000000000000 --- a/CVE-2018-4300.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/cgi-bin/var.c 2013-06-07 09:12:52.000000000 +0800 -+++ b/cgi-bin/var.c 2019-04-20 18:23:17.835000000 +0800 -@@ -1222,6 +1222,7 @@ cgi_set_sid(void) - *server_name, /* SERVER_NAME */ - *server_port; /* SERVER_PORT */ - -+ struct timeval curtime; /* Current time */ - - if ((remote_addr = getenv("REMOTE_ADDR")) == NULL) - remote_addr = "REMOTE_ADDR"; -@@ -1230,7 +1231,8 @@ cgi_set_sid(void) - if ((server_port = getenv("SERVER_PORT")) == NULL) - server_port = "SERVER_PORT"; - -- CUPS_SRAND(time(NULL)); -+ gettimeofday(&curtime, NULL); -+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec); - snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X", - remote_addr, server_name, server_port, - (unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255, diff --git a/CVE-2019-2228.patch b/CVE-2019-2228.patch deleted file mode 100644 index 6daa793b6f976159a645c8c1cff6afc5dd12fbd7..0000000000000000000000000000000000000000 --- a/CVE-2019-2228.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a7f63f254bcb43f52dc45ab5d883ae6517678544 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Fri, 13 Dec 2019 09:30:46 -0500 -Subject: [PATCH] CVE-2019-2228: Fix ippSetValueTag validation of default - language. - ---- - CHANGES.md | 2 ++ - cups/ipp.c | 2 +- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/CHANGES.md b/CHANGES.md -index 7220dc9..06f96bc 100644 ---- a/CHANGES.md -+++ b/CHANGES.md -@@ -5,6 +5,8 @@ CHANGES - 2.2.8 - 2018-06-05 - Changes in CUPS v2.2.8 - ---------------------- - -+- CVE-2019-2228: The `ippSetValuetag` function did not validate the default -+ language value. - - Additional changes for the scheduler to substitute default values for invalid - job attributes when running in "relaxed conformance" mode (Issue #5229) - - The `ipptool` program no longer checks for duplicate attributes when running -diff --git a/cups/ipp.c b/cups/ipp.c -index 5807de8..1143550 100644 ---- a/cups/ipp.c -+++ b/cups/ipp.c -@@ -4654,7 +4654,7 @@ ippSetValueTag( - return (0); - - if (ipp->attrs && ipp->attrs->next && ipp->attrs->next->name && -- !strcmp(ipp->attrs->next->name, "attributes-natural-language")) -+ !strcmp(ipp->attrs->next->name, "attributes-natural-language") && (ipp->attrs->next->value_tag & IPP_TAG_CUPS_MASK) == IPP_TAG_LANGUAGE) - { - /* - * Use the language code from the IPP message... --- -1.8.3.1 - diff --git a/CVE-2019-8675-CVE-2019-8696.patch b/CVE-2019-8675-CVE-2019-8696.patch deleted file mode 100644 index 08d1ebce693ec35806c85bc9c03518dbb41e4c5d..0000000000000000000000000000000000000000 --- a/CVE-2019-8675-CVE-2019-8696.patch +++ /dev/null @@ -1,187 +0,0 @@ -From f24e6cf6a39300ad0c3726a41a4aab51ad54c109 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet -Date: Thu, 15 Aug 2019 14:08:31 -0400 -Subject: [PATCH] Fix multiple security/disclosure issues: - -- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251) -- Fixed IPP buffer overflow (rdar://50035411) -- Fixed memory disclosure issue in the scheduler (rdar://51373853) -- Fixed DoS issues in the scheduler (rdar://51373929) ---- - CHANGES.md | 6 +++++- - cups/http.c | 9 +++++++-- - cups/ipp.c | 9 ++------- - cups/snmp.c | 20 +++++++++++++++++++- - scheduler/client.c | 23 ++++++++++++----------- - 5 files changed, 45 insertions(+), 22 deletions(-) - -diff --git a/cups/http.c b/cups/http.c -index 5c14ef68e..3fadb5acb 100644 ---- a/cups/http.c -+++ b/cups/http.c -@@ -1905,7 +1905,7 @@ httpPrintf(http_t *http, /* I - HTTP connection */ - ...) /* I - Additional args as needed */ - { - ssize_t bytes; /* Number of bytes to write */ -- char buf[16384]; /* Buffer for formatted string */ -+ char buf[65536]; /* Buffer for formatted string */ - va_list ap; /* Variable argument pointer */ - - -@@ -1917,7 +1917,12 @@ httpPrintf(http_t *http, /* I - HTTP connection */ - - DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf)); - -- if (http->data_encoding == HTTP_ENCODING_FIELDS) -+ if (bytes > (ssize_t)(sizeof(buf) - 1)) -+ { -+ http->error = ENOMEM; -+ return (-1); -+ } -+ else if (http->data_encoding == HTTP_ENCODING_FIELDS) - return ((int)httpWrite2(http, buf, (size_t)bytes)); - else - { -diff --git a/cups/ipp.c b/cups/ipp.c -index eaa8c78ca..b0762fdcb 100644 ---- a/cups/ipp.c -+++ b/cups/ipp.c -@@ -4553,9 +4553,7 @@ ippSetValueTag( - break; - - case IPP_TAG_NAME : -- if (temp_tag != IPP_TAG_KEYWORD && temp_tag != IPP_TAG_URI && -- temp_tag != IPP_TAG_URISCHEME && temp_tag != IPP_TAG_LANGUAGE && -- temp_tag != IPP_TAG_MIMETYPE) -+ if (temp_tag != IPP_TAG_KEYWORD) - return (0); - - (*attr)->value_tag = (ipp_tag_t)(IPP_TAG_NAME | ((*attr)->value_tag & IPP_TAG_CUPS_CONST)); -@@ -4563,10 +4561,7 @@ ippSetValueTag( - - case IPP_TAG_NAMELANG : - case IPP_TAG_TEXTLANG : -- if (value_tag == IPP_TAG_NAMELANG && -- (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD && -- temp_tag != IPP_TAG_URI && temp_tag != IPP_TAG_URISCHEME && -- temp_tag != IPP_TAG_LANGUAGE && temp_tag != IPP_TAG_MIMETYPE)) -+ if (value_tag == IPP_TAG_NAMELANG && (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD)) - return (0); - - if (value_tag == IPP_TAG_TEXTLANG && temp_tag != IPP_TAG_TEXT) -diff --git a/cups/snmp.c b/cups/snmp.c -index 8437528dd..fc9396177 100644 ---- a/cups/snmp.c -+++ b/cups/snmp.c -@@ -1233,6 +1233,9 @@ asn1_get_integer( - int value; /* Integer value */ - - -+ if (*buffer >= bufend) -+ return (0); -+ - if (length > sizeof(int)) - { - (*buffer) += length; -@@ -1259,6 +1262,9 @@ asn1_get_length(unsigned char **buffer, /* IO - Pointer in buffer */ - unsigned length; /* Length */ - - -+ if (*buffer >= bufend) -+ return (0); -+ - length = **buffer; - (*buffer) ++; - -@@ -1301,6 +1307,9 @@ asn1_get_oid( - int number; /* OID number */ - - -+ if (*buffer >= bufend) -+ return (0); -+ - valend = *buffer + length; - oidptr = oid; - oidend = oid + oidsize - 1; -@@ -1349,9 +1358,12 @@ asn1_get_packed( - int value; /* Value */ - - -+ if (*buffer >= bufend) -+ return (0); -+ - value = 0; - -- while ((**buffer & 128) && *buffer < bufend) -+ while (*buffer < bufend && (**buffer & 128)) - { - value = (value << 7) | (**buffer & 127); - (*buffer) ++; -@@ -1379,6 +1391,9 @@ asn1_get_string( - char *string, /* I - String buffer */ - size_t strsize) /* I - String buffer size */ - { -+ if (*buffer >= bufend) -+ return (NULL); -+ - if (length > (unsigned)(bufend - *buffer)) - length = (unsigned)(bufend - *buffer); - -@@ -1421,6 +1436,9 @@ asn1_get_type(unsigned char **buffer, /* IO - Pointer in buffer */ - int type; /* Type */ - - -+ if (*buffer >= bufend) -+ return (0); -+ - type = **buffer; - (*buffer) ++; - -diff --git a/scheduler/client.c b/scheduler/client.c -index a21b909a8..680508047 100644 ---- a/scheduler/client.c -+++ b/scheduler/client.c -@@ -568,6 +568,17 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ - - cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdReadClient: error=%d, used=%d, state=%s, data_encoding=HTTP_ENCODING_%s, data_remaining=" CUPS_LLFMT ", request=%p(%s), file=%d", httpError(con->http), (int)httpGetReady(con->http), httpStateString(httpGetState(con->http)), httpIsChunked(con->http) ? "CHUNKED" : "LENGTH", CUPS_LLCAST httpGetRemaining(con->http), con->request, con->request ? ippStateString(ippGetState(con->request)) : "", con->file); - -+ if (httpError(con->http) == EPIPE && !httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) -+ { -+ /* -+ * Connection closed... -+ */ -+ -+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); -+ cupsdCloseClient(con); -+ return; -+ } -+ - if (httpGetState(con->http) == HTTP_STATE_GET_SEND || - httpGetState(con->http) == HTTP_STATE_POST_SEND || - httpGetState(con->http) == HTTP_STATE_STATUS) -@@ -577,17 +588,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ - * connection and we need to shut it down... - */ - -- if (!httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1) -- { -- /* -- * Connection closed... -- */ -- -- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF."); -- cupsdCloseClient(con); -- return; -- } -- - cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on unexpected HTTP read state %s.", httpStateString(httpGetState(con->http))); - cupsdCloseClient(con); - return; -@@ -2209,6 +2209,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */ - strlcpy(location, httpGetField(con->http, HTTP_FIELD_LOCATION), sizeof(location)); - - httpClearFields(con->http); -+ httpClearCookie(con->http); - - httpSetField(con->http, HTTP_FIELD_LOCATION, location); - diff --git a/cups-2.2.8-source.tar.gz b/cups-2.2.13-source.tar.gz similarity index 58% rename from cups-2.2.8-source.tar.gz rename to cups-2.2.13-source.tar.gz index cb0b749e89bc83d96fd7fd74d5fa9f72685402af..d0ef99cb43974a1ebc2ab5073d53346384de4030 100644 Binary files a/cups-2.2.8-source.tar.gz and b/cups-2.2.13-source.tar.gz differ diff --git a/cups-accesslog-null.patch b/cups-accesslog-null.patch deleted file mode 100644 index fdb7d6132580c29bfa3b6b311b278f2d9d337c36..0000000000000000000000000000000000000000 --- a/cups-accesslog-null.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/scheduler/log.c b/scheduler/log.c -index 74790dc35..b6226201f 100644 ---- a/scheduler/log.c -+++ b/scheduler/log.c -@@ -1046,7 +1047,7 @@ cupsdLogRequest(cupsd_client_t *con, /* I - Request to log */ - * Filter requests as needed... - */ - -- if (AccessLogLevel == CUPSD_ACCESSLOG_NONE) -+ if (AccessLogLevel == CUPSD_ACCESSLOG_NONE || !AccessLog) - return (1); - else if (AccessLogLevel < CUPSD_ACCESSLOG_ALL) - { diff --git a/cups-eggcups.patch b/cups-eggcups.patch index b1eb218463fda423c83f18b9ee3a06de923464ce..d2945d8860c821f12caced8f5ae944590e549b46 100644 --- a/cups-eggcups.patch +++ b/cups-eggcups.patch @@ -1,7 +1,21 @@ -diff -up cups-2.2.5/backend/ipp.c.eggcups cups-2.2.5/backend/ipp.c ---- cups-2.2.5/backend/ipp.c.eggcups 2017-10-13 20:22:26.000000000 +0200 -+++ cups-2.2.5/backend/ipp.c 2017-10-17 18:56:42.409024451 +0200 -@@ -149,6 +149,70 @@ static char tmpfilename[1024] = ""; +diff --git a/backend/Makefile b/backend/Makefile +index 48a1c66..342604f 100644 +--- a/backend/Makefile ++++ b/backend/Makefile +@@ -263,7 +263,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbackend.a + + ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a + echo Linking $@... +- $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) ++ $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) + $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@ + $(RM) http + $(LN) ipp http +diff --git a/backend/ipp.c b/backend/ipp.c +index 482d6f7..f37caee 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -152,6 +152,70 @@ static char tmpfilename[1024] = ""; static char mandatory_attrs[1024] = ""; /* cupsMandatory value */ @@ -72,7 +86,7 @@ diff -up cups-2.2.5/backend/ipp.c.eggcups cups-2.2.5/backend/ipp.c /* * Local functions... -@@ -1743,6 +1807,15 @@ main(int argc, /* I - Number of comm +@@ -1755,6 +1819,15 @@ main(int argc, /* I - Number of command-line args */ fprintf(stderr, "DEBUG: Print job accepted - job ID %d.\n", job_id); } @@ -88,22 +102,11 @@ diff -up cups-2.2.5/backend/ipp.c.eggcups cups-2.2.5/backend/ipp.c ippDelete(response); if (job_canceled) -diff -up cups-2.2.5/backend/Makefile.eggcups cups-2.2.5/backend/Makefile ---- cups-2.2.5/backend/Makefile.eggcups 2017-10-17 18:56:42.409024451 +0200 -+++ cups-2.2.5/backend/Makefile 2017-10-17 18:59:11.696781116 +0200 -@@ -262,7 +262,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac - - ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a - echo Linking $@... -- $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) -+ $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) - $(RM) http - $(LN) ipp http - -diff -up cups-2.2.5/scheduler/subscriptions.c.eggcups cups-2.2.5/scheduler/subscriptions.c ---- cups-2.2.5/scheduler/subscriptions.c.eggcups 2017-10-13 20:22:26.000000000 +0200 -+++ cups-2.2.5/scheduler/subscriptions.c 2017-10-17 18:56:42.409024451 +0200 -@@ -1291,13 +1291,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, +diff --git a/scheduler/subscriptions.c b/scheduler/subscriptions.c +index d2c6361..d42f855 100644 +--- a/scheduler/subscriptions.c ++++ b/scheduler/subscriptions.c +@@ -1294,13 +1294,13 @@ cupsd_send_dbus(cupsd_eventmask_t event,/* I - Event to send */ what = "PrinterAdded"; else if (event & CUPSD_EVENT_PRINTER_DELETED) what = "PrinterRemoved"; @@ -119,7 +122,7 @@ diff -up cups-2.2.5/scheduler/subscriptions.c.eggcups cups-2.2.5/scheduler/subsc else return; -@@ -1333,7 +1333,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, +@@ -1336,7 +1336,7 @@ cupsd_send_dbus(cupsd_eventmask_t event,/* I - Event to send */ dbus_message_append_iter_init(message, &iter); if (dest) dbus_message_iter_append_string(&iter, dest->name); @@ -128,3 +131,6 @@ diff -up cups-2.2.5/scheduler/subscriptions.c.eggcups cups-2.2.5/scheduler/subsc { dbus_message_iter_append_uint32(&iter, job->id); dbus_message_iter_append_string(&iter, job->username); +-- +2.23.0 + diff --git a/cups-epson-A6-crash.patch b/cups-epson-A6-crash.patch deleted file mode 100644 index e8813b1c2957d2f674f187c2d7c20a390986140a..0000000000000000000000000000000000000000 --- a/cups-epson-A6-crash.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/filter/rastertoepson.c b/filter/rastertoepson.c -index 73e8d0600..4522e6b48 100644 ---- a/filter/rastertoepson.c -+++ b/filter/rastertoepson.c -@@ -301,7 +302,7 @@ StartPage( - - if (DotBytes) - { -- if ((LineBuffers[0] = calloc((size_t)DotBytes, header->cupsWidth * (size_t)(Shingling + 1))) == NULL) -+ if ((LineBuffers[0] = calloc((size_t)DotBytes, (header->cupsWidth + 7) * (size_t)(Shingling + 1))) == NULL) - { - fputs("ERROR: Unable to allocate memory\n", stderr); - exit(1); diff --git a/cups-ippeve-webui.patch b/cups-ippeve-webui.patch deleted file mode 100644 index 049d6b9792afe74c6c1859dadcd7fba9f2f66d90..0000000000000000000000000000000000000000 --- a/cups-ippeve-webui.patch +++ /dev/null @@ -1,124 +0,0 @@ -diff --git a/backend/dnssd.c b/backend/dnssd.c -index 34781d5ce..7074f4294 100644 ---- a/backend/dnssd.c -+++ b/backend/dnssd.c -@@ -1252,6 +1252,13 @@ query_callback( - strlcat(make_and_model, " ", sizeof(make_and_model)); - strlcat(make_and_model, model, sizeof(make_and_model)); - -+ if (!_cups_strncasecmp(make_and_model, "EPSON EPSON ", 12)) -+ _cups_strcpy(make_and_model, make_and_model + 6); -+ else if (!_cups_strncasecmp(make_and_model, "HP HP ", 6)) -+ _cups_strcpy(make_and_model, make_and_model + 3); -+ else if (!_cups_strncasecmp(make_and_model, "Lexmark International Lexmark ", 30)) -+ _cups_strcpy(make_and_model, make_and_model + 22); -+ - device->make_and_model = strdup(make_and_model); - } - else -diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c -index f788083fb..a3b5057b0 100644 ---- a/cgi-bin/admin.c -+++ b/cgi-bin/admin.c -@@ -928,6 +929,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */ - else if (!file && - (!cgiGetVariable("PPD_NAME") || cgiGetVariable("SELECT_MAKE"))) - { -+ int ipp_everywhere = !strncmp(var, "ipp://", 6) || !strncmp(var, "ipps://", 7) || (!strncmp(var, "dnssd://", 8) && (strstr(var, "_ipp._tcp") || strstr(var, "_ipps._tcp"))); -+ - if (modify && !cgiGetVariable("SELECT_MAKE")) - { - /* -@@ -1076,6 +1079,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */ - if (!modify) - cgiSetVariable("CURRENT_MAKE_AND_MODEL", - cgiGetArray("PPD_MAKE_AND_MODEL", 0)); -+ if (ipp_everywhere) -+ cgiSetVariable("SHOW_IPP_EVERYWHERE", "1"); - cgiCopyTemplateLang("choose-model.tmpl"); - cgiEndHTML(); - } -diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl -index ee9338cc5..d72534236 100644 ---- a/templates/choose-model.tmpl -+++ b/templates/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - -diff --git a/templates/de/choose-model.tmpl b/templates/de/choose-model.tmpl -index cb9b6f3bc..a08a8e3e0 100644 ---- a/templates/de/choose-model.tmpl -+++ b/templates/de/choose-model.tmpl -@@ -39,6 +39,7 @@ Drucker {?printer_is_shared=?nicht:{?printer_is_shared=0?nicht:}} im Netzwerk fr - - - -diff --git a/templates/es/choose-model.tmpl b/templates/es/choose-model.tmpl -index 8a5a4ba90..74f0a9bb9 100644 ---- a/templates/es/choose-model.tmpl -+++ b/templates/es/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - -diff --git a/templates/fr/choose-model.tmpl b/templates/fr/choose-model.tmpl -index 1e154f18a..3038b3fe3 100644 ---- a/templates/fr/choose-model.tmpl -+++ b/templates/fr/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - -diff --git a/templates/ja/choose-model.tmpl b/templates/ja/choose-model.tmpl -index daf1375fd..b3c286b11 100644 ---- a/templates/ja/choose-model.tmpl -+++ b/templates/ja/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - -diff --git a/templates/pt_BR/choose-model.tmpl b/templates/pt_BR/choose-model.tmpl -index 55d8bd8d5..a5939ee9c 100644 ---- a/templates/pt_BR/choose-model.tmpl -+++ b/templates/pt_BR/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - -diff --git a/templates/ru/choose-model.tmpl b/templates/ru/choose-model.tmpl -index 2f0d6d9ba..86507814d 100644 ---- a/templates/ru/choose-model.tmpl -+++ b/templates/ru/choose-model.tmpl -@@ -39,6 +39,7 @@ - - - diff --git a/cups-ippvalidateattr-regression.patch b/cups-ippvalidateattr-regression.patch deleted file mode 100644 index 8185bf88731c0f4979b313ba254fd5ba0ae5bc37..0000000000000000000000000000000000000000 --- a/cups-ippvalidateattr-regression.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff --git a/cups/ipp.c b/cups/ipp.c -index 95d53cc44..325de02b9 100644 ---- a/cups/ipp.c -+++ b/cups/ipp.c -@@ -5033,16 +5033,19 @@ ippValidateAttribute( - break; - } - -- if (*ptr < ' ' || *ptr == 0x7f) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text); -- return (0); -- } -- else if (*ptr) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text); -- return (0); -- } -+ if (*ptr) -+ { -+ if (*ptr < ' ' || *ptr == 0x7f) -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ else -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ } - - if ((ptr - attr->values[i].string.text) > (IPP_MAX_TEXT - 1)) - { -@@ -5091,16 +5094,19 @@ ippValidateAttribute( - break; - } - -- if (*ptr < ' ' || *ptr == 0x7f) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text); -- return (0); -- } -- else if (*ptr) -+ if (*ptr) - { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text); -- return (0); -- } -+ if (*ptr < ' ' || *ptr == 0x7f) -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ else -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ } - - if ((ptr - attr->values[i].string.text) > (IPP_MAX_NAME - 1)) - { diff --git a/cups-lspp.patch b/cups-lspp.patch index 667cda196d3a6b6cc26e1cb10eecb30a75aefa5a..4a969895fd6f7a2b13402bf55909b624e1c40962 100644 --- a/cups-lspp.patch +++ b/cups-lspp.patch @@ -1,21 +1,21 @@ -diff -up cups-2.2.8/config.h.in.lspp cups-2.2.8/config.h.in ---- cups-2.2.8/config.h.in.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/config.h.in 2018-06-08 17:34:38.682653959 +0200 -@@ -730,4 +730,11 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ - -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ -diff -up cups-2.2.8/config-scripts/cups-lspp.m4.lspp cups-2.2.8/config-scripts/cups-lspp.m4 ---- cups-2.2.8/config-scripts/cups-lspp.m4.lspp 2018-06-08 17:34:38.682653959 +0200 -+++ cups-2.2.8/config-scripts/cups-lspp.m4 2018-06-08 17:34:38.682653959 +0200 +diff --git a/Makedefs.in b/Makedefs.in +index 8541b49..a467ed5 100644 +--- a/Makedefs.in ++++ b/Makedefs.in +@@ -165,7 +165,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \ + @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) + LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) + LINKCUPSIMAGE = @LINKCUPSIMAGE@ +-LIBS = $(LINKCUPS) $(COMMONLIBS) ++LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ + ONDEMANDFLAGS = @ONDEMANDFLAGS@ + ONDEMANDLIBS = @ONDEMANDLIBS@ + OPTIM = @OPTIM@ +diff --git a/config-scripts/cups-lspp.m4 b/config-scripts/cups-lspp.m4 +new file mode 100644 +index 0000000..9c59fab +--- /dev/null ++++ b/config-scripts/cups-lspp.m4 @@ -0,0 +1,36 @@ +dnl +dnl LSPP code for the Common UNIX Printing System (CUPS). @@ -53,9 +53,26 @@ diff -up cups-2.2.8/config-scripts/cups-lspp.m4.lspp cups-2.2.8/config-scripts/c + ;; + esac +fi -diff -up cups-2.2.8/configure.ac.lspp cups-2.2.8/configure.ac ---- cups-2.2.8/configure.ac.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/configure.ac 2018-06-08 17:34:38.682653959 +0200 +diff --git a/config.h.in b/config.h.in +index d81c59e..79da02c 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -737,4 +737,11 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); } + # endif /* __GNUC__ || __STDC_VERSION__ */ + #endif /* !HAVE_ABS && !abs */ + ++/* ++ * Are we trying to meet LSPP requirements? ++ */ ++ ++#undef WITH_LSPP ++ ++ + #endif /* !_CUPS_CONFIG_H_ */ +diff --git a/configure.ac b/configure.ac +index 38db5f5..725130f 100644 +--- a/configure.ac ++++ b/configure.ac @@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4) sinclude(config-scripts/cups-defaults.m4) sinclude(config-scripts/cups-scripting.m4) @@ -65,9 +82,10 @@ diff -up cups-2.2.8/configure.ac.lspp cups-2.2.8/configure.ac INSTALL_LANGUAGES="" UNINSTALL_LANGUAGES="" LANGFILES="" -diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c ---- cups-2.2.8/filter/common.c.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/filter/common.c 2018-06-08 17:34:38.682653959 +0200 +diff --git a/filter/common.c b/filter/common.c +index 86b5f8e..fd88bdc 100644 +--- a/filter/common.c ++++ b/filter/common.c @@ -17,6 +17,12 @@ * Include necessary headers... */ @@ -81,11 +99,11 @@ diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c #include "common.h" #include -@@ -299,6 +305,18 @@ WriteLabelProlog(const char *label, /* I +@@ -299,6 +305,18 @@ WriteLabelProlog(const char *label, /* I - Page label */ { const char *classification; /* CLASSIFICATION environment variable */ const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP ++ #ifdef WITH_LSPP + int i, /* counter */ + n, /* counter */ + lines, /* number of lines needed */ @@ -100,7 +118,7 @@ diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c /* -@@ -321,6 +339,124 @@ WriteLabelProlog(const char *label, /* I +@@ -321,6 +339,124 @@ WriteLabelProlog(const char *label, /* I - Page label */ return; } @@ -149,7 +167,7 @@ diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c + } + wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); + } -+ else ++ else + { + lines = 1; + wrapped_label = malloc(sizeof(*wrapped_label)); @@ -221,11 +239,11 @@ diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c + else + { +#endif /* !WITH_LSPP */ -+ ++ /* * Set the classification + page label string... */ -@@ -401,7 +537,10 @@ WriteLabelProlog(const char *label, /* I +@@ -401,7 +537,10 @@ WriteLabelProlog(const char *label, /* I - Page label */ printf(" %.0f moveto ESPpl show\n", top - 14.0); puts("pop"); puts("}bind put"); @@ -236,13 +254,14 @@ diff -up cups-2.2.8/filter/common.c.lspp cups-2.2.8/filter/common.c /* -diff -up cups-2.2.8/filter/pstops.c.lspp cups-2.2.8/filter/pstops.c ---- cups-2.2.8/filter/pstops.c.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/filter/pstops.c 2018-06-08 17:34:38.683653951 +0200 -@@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /* - { +diff --git a/filter/pstops.c b/filter/pstops.c +index fab60d9..0722163 100644 +--- a/filter/pstops.c ++++ b/filter/pstops.c +@@ -3176,6 +3176,19 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ const char *classification; /* CLASSIFICATION environment variable */ const char *ptr; /* Temporary string pointer */ + +#ifdef WITH_LSPP + int i, /* counter */ + n, /* counter */ @@ -255,10 +274,11 @@ diff -up cups-2.2.8/filter/pstops.c.lspp cups-2.2.8/filter/pstops.c + max_width; /* maximum width in characters */ + char **wrapped_label; /* label with line breaks */ +#endif /* WITH_LSPP */ - ++ /* -@@ -3198,6 +3210,124 @@ write_label_prolog(pstops_doc_t *doc, /* + * First get the current classification... +@@ -3197,6 +3210,124 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ return; } @@ -383,7 +403,7 @@ diff -up cups-2.2.8/filter/pstops.c.lspp cups-2.2.8/filter/pstops.c /* * Set the classification + page label string... */ -@@ -3276,7 +3406,10 @@ write_label_prolog(pstops_doc_t *doc, /* +@@ -3275,7 +3406,10 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); doc_puts(doc, "pop\n"); doc_puts(doc, "}bind put\n"); @@ -394,21 +414,10 @@ diff -up cups-2.2.8/filter/pstops.c.lspp cups-2.2.8/filter/pstops.c /* -diff -up cups-2.2.8/Makedefs.in.lspp cups-2.2.8/Makedefs.in ---- cups-2.2.8/Makedefs.in.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/Makedefs.in 2018-06-08 17:34:38.683653951 +0200 -@@ -161,7 +161,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) - LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) - LINKCUPSIMAGE = @LINKCUPSIMAGE@ --LIBS = $(LINKCUPS) $(COMMONLIBS) -+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - ONDEMANDFLAGS = @ONDEMANDFLAGS@ - ONDEMANDLIBS = @ONDEMANDLIBS@ - OPTIM = @OPTIM@ -diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c ---- cups-2.2.8/scheduler/client.c.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/client.c 2018-06-08 17:34:38.729653586 +0200 +diff --git a/scheduler/client.c b/scheduler/client.c +index 6805080..236355a 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c @@ -22,12 +22,20 @@ #define _HTTP_NO_PRIVATE #include "cupsd.h" @@ -430,7 +439,7 @@ diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c /* -@@ -268,6 +276,59 @@ cupsdAcceptClient(cupsd_listener_t *lis) +@@ -268,6 +276,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ } #endif /* HAVE_TCPD_H */ @@ -490,7 +499,7 @@ diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c #ifdef AF_LOCAL if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) { -@@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con) /* +@@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ mime_type_t *type; /* MIME type of file */ cupsd_printer_t *p; /* Printer */ static unsigned request_id = 0; /* Request ID for temp files */ @@ -504,10 +513,10 @@ diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c status = HTTP_STATUS_CONTINUE; -@@ -1938,6 +2006,73 @@ cupsdReadClient(cupsd_client_t *con) /* +@@ -1937,6 +2005,72 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + fchown(con->file, RunUser, Group); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); } - +#ifdef WITH_LSPP + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) + { @@ -574,11 +583,10 @@ diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c + context_free(clicon); + } +#endif /* WITH_LSPP */ -+ + if (httpGetState(con->http) != HTTP_STATE_POST_SEND) { - if (!httpWait(con->http, 0)) -@@ -3485,6 +3620,49 @@ is_path_absolute(const char *path) /* I +@@ -3485,6 +3619,49 @@ is_path_absolute(const char *path) /* I - Input path */ return (1); } @@ -628,9 +636,10 @@ diff -up cups-2.2.8/scheduler/client.c.lspp cups-2.2.8/scheduler/client.c /* * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-2.2.8/scheduler/client.h.lspp cups-2.2.8/scheduler/client.h ---- cups-2.2.8/scheduler/client.h.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/client.h 2018-06-08 17:34:38.729653586 +0200 +diff --git a/scheduler/client.h b/scheduler/client.h +index beddab0..7f4e8d4 100644 +--- a/scheduler/client.h ++++ b/scheduler/client.h @@ -16,6 +16,13 @@ #endif /* HAVE_AUTHORIZATION_H */ @@ -666,20 +675,22 @@ diff -up cups-2.2.8/scheduler/client.h.lspp cups-2.2.8/scheduler/client.h #ifdef HAVE_SSL extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c ---- cups-2.2.8/scheduler/conf.c.lspp 2018-06-08 17:34:38.676654007 +0200 -+++ cups-2.2.8/scheduler/conf.c 2018-06-08 17:34:38.730653578 +0200 -@@ -40,6 +40,9 @@ +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 96993c7..4200b57 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -40,6 +40,10 @@ # define INADDR_NONE 0xffffffff #endif /* !INADDR_NONE */ +#ifdef WITH_LSPP +# include +#endif /* WITH_LSPP */ ++ /* * Configuration variable structure... -@@ -131,6 +134,10 @@ static const cupsd_var_t cupsd_vars[] = +@@ -131,6 +135,10 @@ static const cupsd_var_t cupsd_vars[] = { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN }, { "Timeout", &Timeout, CUPSD_VARTYPE_TIME }, @@ -690,7 +701,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } }; static const cupsd_var_t cupsfiles_vars[] = -@@ -544,6 +551,9 @@ cupsdReadConfiguration(void) +@@ -544,6 +552,9 @@ cupsdReadConfiguration(void) const char *tmpdir; /* TMPDIR environment variable */ struct stat tmpinfo; /* Temporary directory info */ cupsd_policy_t *p; /* Policy */ @@ -700,7 +711,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c /* -@@ -863,6 +873,25 @@ cupsdReadConfiguration(void) +@@ -863,6 +874,25 @@ cupsdReadConfiguration(void) RunUser = getuid(); @@ -726,7 +737,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", RemotePort ? "enabled" : "disabled"); -@@ -1274,7 +1303,19 @@ cupsdReadConfiguration(void) +@@ -1274,7 +1304,19 @@ cupsdReadConfiguration(void) cupsdClearString(&Classification); if (Classification) @@ -738,7 +749,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c + audit_message = NULL; + cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification); + audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); ++ ServerName, NULL, NULL, 1); + cupsdClearString(&audit_message); + } +#endif /* WITH_LSPP */ @@ -746,7 +757,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c /* * Check the MaxClients setting, and then allocate memory for it... -@@ -3832,6 +3873,18 @@ read_location(cups_file_t *fp, /* I - C +@@ -3832,6 +3874,18 @@ read_location(cups_file_t *fp, /* I - Configuration file */ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); } @@ -754,7 +765,7 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c +int is_lspp_config() +{ + if (Classification != NULL) -+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) ++ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) + || (_cups_strcasecmp(Classification, TE_CONFIG) == 0) + || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0)); + else @@ -765,9 +776,10 @@ diff -up cups-2.2.8/scheduler/conf.c.lspp cups-2.2.8/scheduler/conf.c /* * 'read_policy()' - Read a definition. -diff -up cups-2.2.8/scheduler/conf.h.lspp cups-2.2.8/scheduler/conf.h ---- cups-2.2.8/scheduler/conf.h.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/conf.h 2018-06-08 17:34:38.730653578 +0200 +diff --git a/scheduler/conf.h b/scheduler/conf.h +index b608367..cc07a8a 100644 +--- a/scheduler/conf.h ++++ b/scheduler/conf.h @@ -246,6 +246,13 @@ VAR char *ServerKeychain VALUE(NULL); /* Keychain holding cert + key */ #endif /* HAVE_SSL */ @@ -792,9 +804,10 @@ diff -up cups-2.2.8/scheduler/conf.h.lspp cups-2.2.8/scheduler/conf.h /* * Prototypes... -diff -up cups-2.2.8/scheduler/cupsd.h.lspp cups-2.2.8/scheduler/cupsd.h ---- cups-2.2.8/scheduler/cupsd.h.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/cupsd.h 2018-06-08 17:34:38.730653578 +0200 +diff --git a/scheduler/cupsd.h b/scheduler/cupsd.h +index 54d2a4f..8129586 100644 +--- a/scheduler/cupsd.h ++++ b/scheduler/cupsd.h @@ -11,6 +11,8 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -804,9 +817,9 @@ diff -up cups-2.2.8/scheduler/cupsd.h.lspp cups-2.2.8/scheduler/cupsd.h /* * Include necessary headers. -@@ -36,13 +38,20 @@ +@@ -36,6 +38,14 @@ # include - #endif /* WIN32 */ + #endif /* _WIN32 */ +#include "config.h" +#ifdef WITH_LSPP @@ -819,16 +832,10 @@ diff -up cups-2.2.8/scheduler/cupsd.h.lspp cups-2.2.8/scheduler/cupsd.h #include "mime.h" #if defined(HAVE_CDSASSL) - # include - #endif /* HAVE_CDSASSL */ - -- - /* - * Some OS's don't have hstrerror(), most notably Solaris... - */ -diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c ---- cups-2.2.8/scheduler/ipp.c.lspp 2018-06-08 17:34:38.652654197 +0200 -+++ cups-2.2.8/scheduler/ipp.c 2018-06-08 17:37:19.166378937 +0200 +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 07765a1..2ce61b4 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c @@ -14,6 +14,9 @@ * missing or damaged, see the license at "http://www.cups.org/". */ @@ -839,7 +846,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c /* * Include necessary headers... */ -@@ -37,6 +40,14 @@ extern int mbr_check_membership_by_id(uu +@@ -37,6 +40,15 @@ extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember); # endif /* HAVE_MEMBERSHIPPRIV_H */ #endif /* __APPLE__ */ @@ -851,10 +858,11 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c +#include +#include +#endif /* WITH_LSPP */ ++ /* * Local functions... -@@ -61,6 +72,9 @@ static void cancel_all_jobs(cupsd_client +@@ -61,6 +73,9 @@ static void cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_subscription(cupsd_client_t *con, int id); static int check_rss_recipient(const char *recipient); @@ -864,10 +872,11 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1250,6 +1264,21 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1248,7 +1263,21 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "time-at-creation", "time-at-processing" }; +- +#ifdef WITH_LSPP + char *audit_message; /* Audit message string */ + char *printerfile; /* device file pointed to by the printer */ @@ -884,9 +893,9 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + access_vector_t avr; /* Access method being requested */ +#endif /* WITH_LSPP */ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1578,6 +1607,106 @@ add_job(cupsd_client_t *con, /* I - Cl + con, con->number, printer, printer->name, +@@ -1576,6 +1605,106 @@ add_job(cupsd_client_t *con, /* I - Client connection */ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); @@ -993,7 +1002,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c if ((job = cupsdAddJob(priority, printer->name)) == NULL) { send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1586,6 +1715,32 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1584,6 +1713,32 @@ add_job(cupsd_client_t *con, /* I - Client connection */ return (NULL); } @@ -1026,7 +1035,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); job->attrs = con->request; job->dirty = 1; -@@ -1773,6 +1928,29 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1771,6 +1926,29 @@ add_job(cupsd_client_t *con, /* I - Client connection */ ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); } @@ -1056,7 +1065,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c job->job_sheets = attr; -@@ -1803,6 +1981,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1801,6 +1979,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-sheets=\"%s,none\", " "job-originating-user-name=\"%s\"", Classification, job->username); @@ -1066,7 +1075,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c } else if (attr->num_values == 2 && strcmp(attr->values[0].string.text, -@@ -1821,6 +2002,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1819,6 +2000,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-originating-user-name=\"%s\"", attr->values[0].string.text, attr->values[1].string.text, job->username); @@ -1076,7 +1085,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c } else if (strcmp(attr->values[0].string.text, Classification) && strcmp(attr->values[0].string.text, "none") && -@@ -1841,6 +2025,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1839,6 +2023,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-originating-user-name=\"%s\"", attr->values[0].string.text, attr->values[1].string.text, job->username); @@ -1086,7 +1095,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c } } else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1881,8 +2068,52 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1879,7 +2066,49 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-sheets=\"%s\", " "job-originating-user-name=\"%s\"", Classification, job->username); @@ -1128,18 +1137,15 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + cupsdClearString(&audit_message); + } } -+ + if (userheader) + free(userheader); + if (userfooter) + free(userfooter); +#endif /* WITH_LSPP */ } -+ /* - * See if we need to add the starting sheet... -@@ -3656,6 +3887,128 @@ check_rss_recipient( +@@ -3653,6 +3882,128 @@ check_rss_recipient( } @@ -1194,8 +1200,8 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + { + cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init"); + return -1; -+ } -+ } ++ } ++ } + if (avc_context_to_sid(con->scon, &clisid) != 0) + { + cupsdLogJob(job, CUPSD_LOG_ERROR, @@ -1244,7 +1250,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) + { + cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: SELinux denied access to the spool file"); ++ "check_context: SELinux denied access to the spool file"); + return 0; + } + cupsdLogJob(job, CUPSD_LOG_INFO, @@ -1268,7 +1274,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c /* * 'check_quotas()' - Check quotas for a printer and user. */ -@@ -4112,6 +4465,15 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4109,6 +4460,14 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ char attrname[255], /* Name of attribute */ *s; /* Pointer into name */ ipp_attribute_t *attr; /* Attribute */ @@ -1280,11 +1286,10 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + context_t tmpcon; /* Temp context to set the level */ + security_context_t spoolcon; /* Context of the file in the spool */ +#endif /* WITH_LSPP */ -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4147,6 +4509,85 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4144,6 +4503,85 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ fchmod(cupsFileNumber(out), 0640); fchown(cupsFileNumber(out), RunUser, Group); @@ -1370,7 +1375,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c /* * Try the localized banner file under the subdirectory... -@@ -4241,6 +4682,24 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4238,6 +4676,24 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ else s = attrname; @@ -1395,11 +1400,10 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c if (!strcmp(s, "printer-name")) { cupsFilePuts(out, job->dest); -@@ -6480,6 +6939,22 @@ get_job_attrs(cupsd_client_t *con, /* I +@@ -6475,6 +6931,20 @@ get_job_attrs(cupsd_client_t *con, /* I - Client connection */ exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); -+ +#ifdef WITH_LSPP + /* + * Check SELinux... @@ -1413,12 +1417,11 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c + return; + } +#endif /* WITH_LSPP */ -+ + /* * Copy attributes... */ -@@ -6877,6 +7352,11 @@ get_jobs(cupsd_client_t *con, /* I - C +@@ -6872,6 +7342,11 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */ if (username[0] && _cups_strcasecmp(username, job->username)) continue; @@ -1430,7 +1433,7 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c if (count > 0) ippAddSeparator(con->response); -@@ -11475,6 +11955,11 @@ validate_user(cupsd_job_t *job, /* I +@@ -11470,6 +11945,11 @@ validate_user(cupsd_job_t *job, /* I - Job */ strlcpy(username, get_username(con), userlen); @@ -1442,9 +1445,10 @@ diff -up cups-2.2.8/scheduler/ipp.c.lspp cups-2.2.8/scheduler/ipp.c /* * Check the username against the owner... */ -diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c ---- cups-2.2.8/scheduler/job.c.lspp 2018-06-08 17:34:38.657654158 +0200 -+++ cups-2.2.8/scheduler/job.c 2018-06-08 17:34:38.733653554 +0200 +diff --git a/scheduler/job.c b/scheduler/job.c +index a8373f5..4c94860 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c @@ -11,6 +11,9 @@ * missing or damaged, see the license at "http://www.cups.org/". */ @@ -1470,7 +1474,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c /* * Design Notes for Job Management -@@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I +@@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ /* PRINTER_STATE_REASONS env var */ rip_max_cache[255]; /* RIP_MAX_CACHE env variable */ @@ -1485,7 +1489,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1083,6 +1102,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I +@@ -1065,6 +1084,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ if (final_content_type[0]) envp[envc ++] = final_content_type; @@ -1553,7 +1557,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c if (Classification && !banner_page) { if ((attr = ippFindAttribute(job->attrs, "job-sheets", -@@ -1862,6 +1942,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J +@@ -1844,6 +1924,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ ippSetString(job->attrs, &job->reasons, 0, "none"); } @@ -1576,7 +1580,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER); job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2275,6 +2371,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2259,6 +2355,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */ { char filename[1024]; /* Job control filename */ cups_file_t *fp; /* Job file */ @@ -1591,7 +1595,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2297,6 +2401,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2281,6 +2385,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */ fchown(cupsFileNumber(fp), RunUser, Group); @@ -1670,7 +1674,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c job->attrs->state = IPP_IDLE; if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3943,6 +4119,19 @@ get_options(cupsd_job_t *job, /* I - Jo +@@ -3969,6 +4145,19 @@ get_options(cupsd_job_t *job, /* I - Job */ banner_page) continue; @@ -1690,7 +1694,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c /* * Otherwise add them to the list... */ -@@ -4704,6 +4893,18 @@ start_job(cupsd_job_t *job, /* I - +@@ -4779,6 +4968,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */ cupsd_printer_t *printer) /* I - Printer to print job */ { const char *filename; /* Support filename */ @@ -1709,7 +1713,7 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs, "job-cancel-after", IPP_TAG_INTEGER); -@@ -4892,6 +5093,113 @@ start_job(cupsd_job_t *job, /* I - +@@ -4967,6 +5168,113 @@ start_job(cupsd_job_t *job, /* I - Job ID */ fcntl(job->side_pipes[1], F_SETFD, fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); @@ -1823,9 +1827,10 @@ diff -up cups-2.2.8/scheduler/job.c.lspp cups-2.2.8/scheduler/job.c /* * Now start the first file in the job... */ -diff -up cups-2.2.8/scheduler/job.h.lspp cups-2.2.8/scheduler/job.h ---- cups-2.2.8/scheduler/job.h.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/job.h 2018-06-08 17:34:38.733653554 +0200 +diff --git a/scheduler/job.h b/scheduler/job.h +index eb59029..9e8b967 100644 +--- a/scheduler/job.h ++++ b/scheduler/job.h @@ -11,6 +11,13 @@ * missing or damaged, see the license at "http://www.cups.org/". */ @@ -1840,7 +1845,7 @@ diff -up cups-2.2.8/scheduler/job.h.lspp cups-2.2.8/scheduler/job.h /* * Constants... */ -@@ -88,6 +95,10 @@ struct cupsd_job_s /**** Job request * +@@ -88,6 +95,10 @@ struct cupsd_job_s /**** Job request ****/ int progress; /* Printing progress */ int num_keywords; /* Number of PPD keywords */ cups_option_t *keywords; /* PPD keywords */ @@ -1851,20 +1856,22 @@ diff -up cups-2.2.8/scheduler/job.h.lspp cups-2.2.8/scheduler/job.h }; typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-2.2.8/scheduler/main.c.lspp cups-2.2.8/scheduler/main.c ---- cups-2.2.8/scheduler/main.c.lspp 2018-06-08 17:34:38.663654110 +0200 -+++ cups-2.2.8/scheduler/main.c 2018-06-08 17:34:38.734653546 +0200 -@@ -56,6 +56,9 @@ +diff --git a/scheduler/main.c b/scheduler/main.c +index 2764e6a..8984e37 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -59,6 +59,10 @@ # include #endif /* HAVE_SYS_PARAM_H */ +#ifdef WITH_LSPP +# include +#endif /* WITH_LSPP */ ++ /* * Local functions... -@@ -122,6 +125,9 @@ main(int argc, /* I - Number of comm +@@ -125,6 +129,9 @@ main(int argc, /* I - Number of command-line args */ #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) struct sigaction action; /* Actions for POSIX signals */ #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ @@ -1874,7 +1881,7 @@ diff -up cups-2.2.8/scheduler/main.c.lspp cups-2.2.8/scheduler/main.c #ifdef __APPLE__ int use_sysman = 1; /* Use system management functions? */ #else -@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm +@@ -488,6 +495,25 @@ main(int argc, /* I - Number of command-line args */ exit(errno); } @@ -1900,7 +1907,7 @@ diff -up cups-2.2.8/scheduler/main.c.lspp cups-2.2.8/scheduler/main.c /* * Let the system know we are busy while we bring up cupsd... */ -@@ -1188,6 +1213,11 @@ main(int argc, /* I - Number of comm +@@ -1196,6 +1222,11 @@ main(int argc, /* I - Number of command-line args */ cupsdStopSelect(); @@ -1912,9 +1919,10 @@ diff -up cups-2.2.8/scheduler/main.c.lspp cups-2.2.8/scheduler/main.c return (!stop_scheduler); } -diff -up cups-2.2.8/scheduler/printers.c.lspp cups-2.2.8/scheduler/printers.c ---- cups-2.2.8/scheduler/printers.c.lspp 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/printers.c 2018-06-08 17:34:38.734653546 +0200 +diff --git a/scheduler/printers.c b/scheduler/printers.c +index 22f5ad2..1f16db3 100644 +--- a/scheduler/printers.c ++++ b/scheduler/printers.c @@ -11,6 +11,8 @@ * missing or damaged, see the license at "http://www.cups.org/". */ @@ -1935,7 +1943,7 @@ diff -up cups-2.2.8/scheduler/printers.c.lspp cups-2.2.8/scheduler/printers.c /* * Local functions... -@@ -2202,6 +2208,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2196,6 +2202,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */ ipp_attribute_t *attr; /* Attribute data */ char *name, /* Current user/group name */ *filter; /* Current filter */ @@ -1949,7 +1957,7 @@ diff -up cups-2.2.8/scheduler/printers.c.lspp cups-2.2.8/scheduler/printers.c DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, -@@ -2329,6 +2342,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2323,6 +2336,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */ attr->values[1].string.text = _cupsStrAlloc(Classification ? Classification : p->job_sheets[1]); } @@ -1995,3 +2003,6 @@ diff -up cups-2.2.8/scheduler/printers.c.lspp cups-2.2.8/scheduler/printers.c } p->raw = 0; +-- +2.23.0 + diff --git a/cups-synconclose.patch b/cups-synconclose.patch index 8aee02b4cb549457fd017a3b8218f1ed6f652ef8..cbc4701533952b2189905f6572955783818775bd 100644 --- a/cups-synconclose.patch +++ b/cups-synconclose.patch @@ -1,6 +1,7 @@ -diff -up cups-2.0.2/conf/cups-files.conf.in.LGOyhq cups-2.0.2/conf/cups-files.conf.in ---- cups-2.0.2/conf/cups-files.conf.in.LGOyhq 2015-02-10 13:51:24.912193296 +0100 -+++ cups-2.0.2/conf/cups-files.conf.in 2015-02-10 13:52:49.400997262 +0100 +diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in +index f4230c9..6609831 100644 +--- a/conf/cups-files.conf.in ++++ b/conf/cups-files.conf.in @@ -7,7 +7,7 @@ #FatalErrors @CUPS_FATAL_ERRORS@ @@ -10,10 +11,11 @@ diff -up cups-2.0.2/conf/cups-files.conf.in.LGOyhq cups-2.0.2/conf/cups-files.co # Default user and group for filters/backends/helper programs; this cannot be # any user or group that resolves to ID 0 for security reasons... -diff -up cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq cups-2.0.2/doc/help/man-cups-files.conf.html ---- cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq 2015-02-10 13:52:49.400997262 +0100 -+++ cups-2.0.2/doc/help/man-cups-files.conf.html 2015-02-10 13:53:07.057747311 +0100 -@@ -136,7 +136,7 @@ The default is "/etc/cups". +diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html +index 6144a16..b82117c 100644 +--- a/doc/help/man-cups-files.conf.html ++++ b/doc/help/man-cups-files.conf.html +@@ -150,7 +150,7 @@ The default is "/var/run/cups" or "/etc/cups" depending on the platform.
Specifies whether the scheduler calls fsync(2) after writing configuration or state files. @@ -22,10 +24,11 @@ diff -up cups-2.0.2/doc/help/man-cups-files.conf.html.LGOyhq cups-2.0.2/doc/help
SystemGroup group-name [ ... group-name ]
Specifies the group(s) to use for @SYSTEM group authentication. The default contains "admin", "lpadmin", "root", "sys", and/or "system". -diff -up cups-2.0.2/man/cups-files.conf.man.in.LGOyhq cups-2.0.2/man/cups-files.conf.man.in ---- cups-2.0.2/man/cups-files.conf.man.in.LGOyhq 2015-02-10 13:52:49.400997262 +0100 -+++ cups-2.0.2/man/cups-files.conf.man.in 2015-02-10 13:53:23.753510964 +0100 -@@ -201,7 +201,7 @@ The default is "/etc/cups". +diff --git a/man/cups-files.conf.man.in b/man/cups-files.conf.man.in +index f5e6a9f..c3d8eeb 100644 +--- a/man/cups-files.conf.man.in ++++ b/man/cups-files.conf.man.in +@@ -214,7 +214,7 @@ The default is "/var/run/cups" or "/etc/cups" depending on the platform. Specifies whether the scheduler calls .BR fsync (2) after writing configuration or state files. @@ -34,15 +37,19 @@ diff -up cups-2.0.2/man/cups-files.conf.man.in.LGOyhq cups-2.0.2/man/cups-files. .\"#SystemGroup .TP 5 \fBSystemGroup \fIgroup-name \fR[ ... \fIgroup-name\fR ] -diff -up cups-2.0.2/scheduler/conf.c.LGOyhq cups-2.0.2/scheduler/conf.c ---- cups-2.0.2/scheduler/conf.c.LGOyhq 2015-02-10 13:51:24.991192177 +0100 -+++ cups-2.0.2/scheduler/conf.c 2015-02-10 13:52:49.401997248 +0100 -@@ -717,7 +717,7 @@ cupsdReadConfiguration(void) +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 11c94d2..96993c7 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -735,7 +735,7 @@ cupsdReadConfiguration(void) RootCertDuration = 300; Sandboxing = CUPSD_SANDBOXING_STRICT; StrictConformance = FALSE; - SyncOnClose = FALSE; + SyncOnClose = TRUE; - Timeout = DEFAULT_TIMEOUT; + Timeout = 900; WebInterface = CUPS_DEFAULT_WEBIF; +-- +2.23.0 + diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch index cacd19f7b596d852afb601f3fec6dd77baf5c515..0649351dbfee1a7a8a0d544701a1c4e58a163f9d 100644 --- a/cups-systemd-socket.patch +++ b/cups-systemd-socket.patch @@ -1,7 +1,8 @@ -diff -up cups-2.2.8/scheduler/main.c.systemd-socket cups-2.2.8/scheduler/main.c ---- cups-2.2.8/scheduler/main.c.systemd-socket 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/main.c 2018-09-19 10:38:09.285892238 +0200 -@@ -681,8 +681,16 @@ main(int argc, /* I - Number of comm +diff --git a/scheduler/main.c b/scheduler/main.c +index e65060e..2764e6a 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -674,8 +674,16 @@ main(int argc, /* I - Number of command-line args */ #ifdef HAVE_ONDEMAND if (OnDemand) @@ -19,9 +20,22 @@ diff -up cups-2.2.8/scheduler/main.c.systemd-socket cups-2.2.8/scheduler/main.c #endif /* HAVE_ONDEMAND */ if (fg) cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground."); -diff -up cups-2.2.8/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.8/scheduler/org.cups.cupsd.path.in ---- cups-2.2.8/scheduler/org.cups.cupsd.path.in.systemd-socket 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/org.cups.cupsd.path.in 2018-09-19 10:46:11.246666713 +0200 +diff --git a/scheduler/org.cups.cups-lpd.socket b/scheduler/org.cups.cups-lpd.socket +index ed23f9d..eb84459 100644 +--- a/scheduler/org.cups.cups-lpd.socket ++++ b/scheduler/org.cups.cups-lpd.socket +@@ -1,6 +1,6 @@ + [Unit] + Description=CUPS LPD Server Socket +-PartOf=org.cups.cups-lpd.service ++PartOf=cups-lpd.service + + [Socket] + ListenStream=515 +diff --git a/scheduler/org.cups.cupsd.path.in b/scheduler/org.cups.cupsd.path.in +index 0f1cc46..7c8509f 100644 +--- a/scheduler/org.cups.cupsd.path.in ++++ b/scheduler/org.cups.cupsd.path.in @@ -1,6 +1,6 @@ [Unit] Description=CUPS Scheduler @@ -30,14 +44,16 @@ diff -up cups-2.2.8/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.8/s [Path] PathExists=@CUPS_CACHEDIR@/org.cups.cupsd -diff -up cups-2.2.8/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.8/scheduler/org.cups.cupsd.service.in ---- cups-2.2.8/scheduler/org.cups.cupsd.service.in.systemd-socket 2018-06-05 18:06:54.000000000 +0200 -+++ cups-2.2.8/scheduler/org.cups.cupsd.service.in 2018-09-19 10:41:11.378295760 +0200 -@@ -1,12 +1,13 @@ +diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in +index 5273762..c4b2c4f 100644 +--- a/scheduler/org.cups.cupsd.service.in ++++ b/scheduler/org.cups.cupsd.service.in +@@ -1,13 +1,14 @@ [Unit] Description=CUPS Scheduler Documentation=man:cupsd(8) +After=network.target + After=sssd.service [Service] ExecStart=@sbindir@/cupsd -l @@ -49,9 +65,10 @@ diff -up cups-2.2.8/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2. -Also=org.cups.cupsd.socket org.cups.cupsd.path +Also=cups.socket cups.path WantedBy=printer.target -diff -up cups-2.2.8/scheduler/org.cups.cupsd.socket.in.systemd-socket cups-2.2.8/scheduler/org.cups.cupsd.socket.in ---- cups-2.2.8/scheduler/org.cups.cupsd.socket.in.systemd-socket 2018-09-19 10:42:21.411681757 +0200 -+++ cups-2.2.8/scheduler/org.cups.cupsd.socket.in 2018-09-19 10:42:44.819476530 +0200 +diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in +index 613b977..3c37d72 100644 +--- a/scheduler/org.cups.cupsd.socket.in ++++ b/scheduler/org.cups.cupsd.socket.in @@ -1,6 +1,6 @@ [Unit] Description=CUPS Scheduler @@ -60,14 +77,6 @@ diff -up cups-2.2.8/scheduler/org.cups.cupsd.socket.in.systemd-socket cups-2.2.8 [Socket] ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -diff -up cups-2.2.8/scheduler/org.cups.cups-lpd.socket.systemd-socket cups-2.2.8/scheduler/org.cups.cups-lpd.socket ---- cups-2.2.8/scheduler/org.cups.cups-lpd.socket.systemd-socket 2018-09-19 10:53:59.222563802 +0200 -+++ cups-2.2.8/scheduler/org.cups.cups-lpd.socket 2018-09-19 10:54:16.483412464 +0200 -@@ -1,6 +1,6 @@ - [Unit] - Description=CUPS LPD Server Socket --PartOf=org.cups.cups-lpd.service -+PartOf=cups-lpd.service - - [Socket] - ListenStream=515 +-- +2.23.0 + diff --git a/cups-ypbind.patch b/cups-ypbind.patch index f942708a60fa42f8f75d1017c34eda78947b3ce1..06fb933654ee4f330195a88b8ceb275881d3532f 100644 --- a/cups-ypbind.patch +++ b/cups-ypbind.patch @@ -1,12 +1,16 @@ -diff -up cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind cups-2.2.0/scheduler/org.cups.cupsd.service.in ---- cups-2.2.0/scheduler/org.cups.cupsd.service.in.ypbind 2017-09-22 16:51:39.053585694 +0200 -+++ cups-2.2.0/scheduler/org.cups.cupsd.service.in 2017-09-22 16:52:02.588403584 +0200 +diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in +index c4b2c4f..baa82b7 100644 +--- a/scheduler/org.cups.cupsd.service.in ++++ b/scheduler/org.cups.cupsd.service.in @@ -1,7 +1,7 @@ [Unit] Description=CUPS Scheduler Documentation=man:cupsd(8) -After=network.target +After=network.target ypbind.service + After=sssd.service [Service] - ExecStart=@sbindir@/cupsd -l +-- +2.23.0 + diff --git a/cups.spec b/cups.spec index 489e3e2ed2412157287fbf840b7d326b538ad47c..269af18c32c32c192e0899784c82714287111bcd 100644 --- a/cups.spec +++ b/cups.spec @@ -1,7 +1,7 @@ Name: cups Epoch: 1 -Version: 2.2.8 -Release: 9 +Version: 2.2.13 +Release: 1 Summary: CUPS is the standards-based, open source printing system for linux operating systems. License: GPLv2+ and LGPLv2+ with exceptions and AML Url: http://www.cups.org/ @@ -12,34 +12,27 @@ Source3: cups.logrotate Source4: ncp.backend Source5: macros.cups -Patch1: cups-no-gzip-man.patch -Patch2: cups-system-auth.patch -Patch3: cups-multilib.patch -Patch5: cups-banners.patch -Patch7: cups-no-export-ssllibs.patch -Patch8: cups-direct-usb.patch -Patch12: cups-eggcups.patch -Patch16: cups-usb-paperout.patch -Patch19: cups-uri-compat.patch -Patch22: cups-hp-deviceid-oid.patch -Patch24: cups-ricoh-deviceid-oid.patch -Patch25: cups-systemd-socket.patch -Patch30: cups-freebind.patch -Patch35: cups-ipp-multifile.patch -Patch37: cups-synconclose.patch -Patch38: cups-ypbind.patch -Patch100: cups-lspp.patch -Patch9: cups-lpr-help.patch -Patch18: cups-filter-debug.patch -Patch29: cups-dymo-deviceid.patch -Patch41: cups-accesslog-null.patch -Patch42: cups-epson-A6-crash.patch -Patch43: cups-ippvalidateattr-regression.patch -Patch44: cups-ippeve-webui.patch -Patch45: 0001-Fix-memory-leaks-found-by-Coverity-Issue-5375.patch -Patch6000: CVE-2018-4300.patch -Patch6001: CVE-2019-8675-CVE-2019-8696.patch -Patch6002: CVE-2019-2228.patch +Patch1: cups-no-gzip-man.patch +Patch2: cups-system-auth.patch +Patch3: cups-multilib.patch +Patch4: cups-banners.patch +Patch5: cups-no-export-ssllibs.patch +Patch6: cups-direct-usb.patch +Patch7: cups-eggcups.patch +Patch8: cups-usb-paperout.patch +Patch9: cups-uri-compat.patch +Patch10: cups-hp-deviceid-oid.patch +Patch11: cups-ricoh-deviceid-oid.patch +Patch12: cups-systemd-socket.patch +Patch13: cups-freebind.patch +Patch14: cups-ipp-multifile.patch +Patch15: cups-synconclose.patch +Patch16: cups-ypbind.patch +Patch17: cups-lspp.patch +Patch18: cups-lpr-help.patch +Patch19: cups-filter-debug.patch +Patch20: cups-dymo-deviceid.patch +Patch21: custom-option-keywords-did-not.patch Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat @@ -332,11 +325,17 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog -* Thu Mar 26 chenzhen - 2.2.8-9 +* Fri Jun 12 2020 hanhui - 2.2.13-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:upgrade to 2.2.13 + +* Thu Mar 26 2020 gaihuiying - 2.2.8-9 - Type:cves - ID:CVE-2019-2228 - SUG:restart -- DESC: fix CVE-2019-2228 +- DESC:fix CVE-2019-2228 * Sat Jan 11 2020 openEuler Buildteam - 2.2.8-8 - Type:enhancement diff --git a/custom-option-keywords-did-not.patch b/custom-option-keywords-did-not.patch new file mode 100644 index 0000000000000000000000000000000000000000..d8d2a7e3295505490092e4f019c27b39ca3e374c --- /dev/null +++ b/custom-option-keywords-did-not.patch @@ -0,0 +1,44 @@ +diff --git a/cups/ppd.c b/cups/ppd.c +index fae19c42e..ff52df2e1 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -1874,9 +1874,9 @@ _ppdOpen( + { + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { +- pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; +- +- goto error; ++ char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */ ++ snprintf(cname, sizeof(cname), "_%s", name); ++ strlcpy(name, cname, sizeof(name)); + } + + if ((size = ppdPageSize(ppd, name)) == NULL) +@@ -1903,9 +1903,9 @@ _ppdOpen( + { + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { +- pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; +- +- goto error; ++ char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */ ++ snprintf(cname, sizeof(cname), "_%s", name); ++ strlcpy(name, cname, sizeof(name)); + } + + if ((size = ppdPageSize(ppd, name)) == NULL) +@@ -1939,9 +1939,9 @@ _ppdOpen( + + if (!_cups_strcasecmp(name, "custom") || !_cups_strncasecmp(name, "custom.", 7)) + { +- pg->ppd_status = PPD_ILLEGAL_OPTION_KEYWORD; +- +- goto error; ++ char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */ ++ snprintf(cname, sizeof(cname), "_%s", name); ++ strlcpy(name, cname, sizeof(name)); + } + + if (!strcmp(keyword, "PageSize")) +