diff --git a/backport-Also-fix-cupsfilter.patch b/backport-Also-fix-cupsfilter.patch new file mode 100644 index 0000000000000000000000000000000000000000..df8c7dcff1c8d6bd39027eaa20a58c11b5cfda0a --- /dev/null +++ b/backport-Also-fix-cupsfilter.patch @@ -0,0 +1,31 @@ +From 3a1a81d7b882c06451a39a19a87aca7ec44742e6 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 12 Jan 2022 08:33:58 -0500 +Subject: [PATCH] Also fix cupsfilter (Issue #323) + +Reference:https://github.com/OpenPrinting/cups/commit/3a1a81d7b882c06451a39a19a87aca7ec44742e6 + +--- + scheduler/cupsfilter.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/scheduler/cupsfilter.c b/scheduler/cupsfilter.c +index c6dbb8debb..a03e77de76 100644 +--- a/scheduler/cupsfilter.c ++++ b/scheduler/cupsfilter.c +@@ -981,7 +981,6 @@ exec_filters(mime_type_t *srctype, /* I - Source type */ + printer_info[255], /* PRINTER_INFO env variable */ + printer_location[255], /* PRINTER_LOCATION env variable */ + printer_name[255], /* PRINTER env variable */ +- rip_max_cache[1024], /* RIP_MAX_CACHE */ + userenv[1024], /* USER */ + #if CUPS_SNAP + fontconfig_file[1024], /* FONTCONFIG_FILE */ +@@ -1133,7 +1132,6 @@ exec_filters(mime_type_t *srctype, /* I - Source type */ + envp[i ++] = printer_info; + envp[i ++] = printer_location; + envp[i ++] = printer_name; +- envp[i ++] = rip_max_cache; + envp[i ++] = userenv; + envp[i ++] = "CHARSET=utf-8"; + if (final_content_type[0]) diff --git a/backport-CVE-2022-26691.patch b/backport-CVE-2022-26691.patch new file mode 100644 index 0000000000000000000000000000000000000000..1152b2d262315646418ac7c11d1f4f18cb44d967 --- /dev/null +++ b/backport-CVE-2022-26691.patch @@ -0,0 +1,34 @@ +From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 26 May 2022 06:27:04 +0200 +Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes + CVE-2022-26691) + +The previous algorithm didn't expect the strings can have a different +length, so one string can be a substring of the other and such substring +was reported as equal to the longer string. + +Reference:https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 + +--- + scheduler/cert.c | 9 ++++++++- + 1 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/scheduler/cert.c b/scheduler/cert.c +index b268bf1b2..9b65b96c9 100644 +--- a/scheduler/cert.c ++++ b/scheduler/cert.c +@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */ + b ++; + } + +- return (result); ++ /* ++ * The while loop finishes when *a == '\0' or *b == '\0' ++ * so after the while loop either both *a and *b == '\0', ++ * or one points inside a string, so when we apply logical OR on *a, ++ * *b and result, we get a non-zero return value if the compared strings don't match. ++ */ ++ ++ return (result | *a | *b); + } diff --git a/backport-CVE-2023-32324.patch b/backport-CVE-2023-32324.patch new file mode 100644 index 0000000000000000000000000000000000000000..c5c2672964ced0dd90174bf15cd040201ba2de8f --- /dev/null +++ b/backport-CVE-2023-32324.patch @@ -0,0 +1,37 @@ +From fd8bc2d32589d1fd91fe1c0521be2a7c0462109e Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 1 Jun 2023 12:04:00 +0200 +Subject: [PATCH] cups/string.c: Return if `size` is 0 (fixes CVE-2023-32324) + +Reference:https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e +Conflict:NA + +--- + cups/string.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/cups/string.c b/cups/string.c +index 93cdad1..5def888 100644 +--- a/cups/string.c ++++ b/cups/string.c +@@ -1,6 +1,7 @@ + /* + * String functions for CUPS. + * ++ * Copyright © 2023 by OpenPrinting. + * Copyright © 2007-2019 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. + * +@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */ + size_t srclen; /* Length of source string */ + + ++ if (size == 0) ++ return (0); ++ + /* + * Figure out how much room is needed... + */ +-- +2.27.0 + diff --git a/backport-CVE-2023-34241.patch b/backport-CVE-2023-34241.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f1d863f45c34b6b9108044a5873d4a216062816 --- /dev/null +++ b/backport-CVE-2023-34241.patch @@ -0,0 +1,65 @@ +From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001 +From: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Thu, 1 Jun 2023 11:33:39 -0400 +Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection + +httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to. + +We have to log the hostname first. + +Reference:https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 +Conflict:NA +--- + scheduler/client.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index 91e441188c..327473a4d1 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + /* + * Can't have an unresolved IP address with double-lookups enabled... + */ +- +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "Name lookup failed - connection from %s closed!", ++ "Name lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); + ++ httpClose(con->http); + free(con); + return; + } +@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + * with double-lookups enabled... + */ + +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, +- "IP lookup failed - connection from %s closed!", ++ "IP lookup failed - closing connection from %s!", + httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } +@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + + if (!hosts_access(&wrap_req)) + { +- httpClose(con->http); +- + cupsdLogClient(con, CUPSD_LOG_WARN, + "Connection from %s refused by /etc/hosts.allow and " + "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0)); ++ ++ httpClose(con->http); + free(con); + return; + } + diff --git a/backport-CVE-2023-4504.patch b/backport-CVE-2023-4504.patch new file mode 100644 index 0000000000000000000000000000000000000000..e254746c5658e21862e3406725bd6181b5891a94 --- /dev/null +++ b/backport-CVE-2023-4504.patch @@ -0,0 +1,44 @@ +From 2431caddb7e6a87f04ac90b5c6366ad268b6ff31 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 20 Sep 2023 14:45:17 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. + +Reference:https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 +Conflict:Patch context adaptation + +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 files changed, 14 insertions(+) + +diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c +index 6fcf731b5..b8655c8c6 100644 +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1116,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; + + diff --git a/backport-Fix-CVE-2024-35235.patch b/backport-Fix-CVE-2024-35235.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad17b862397e4ddc2c93bfd84df81135e8a45658 --- /dev/null +++ b/backport-Fix-CVE-2024-35235.patch @@ -0,0 +1,99 @@ +From a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Mon, 3 Jun 2024 18:53:58 +020 +Subject: [PATCH] Fix domain socket handling +Reference: https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2 + +--- + cups/http-addr.c | 40 +++++++++++++++++++--------------------- + scheduler/conf.c | 19 +++++++++++++++++++ + 2 files changed, 38 insertions(+), 21 deletions(-) + +diff --git a/cups/http-addr.c b/cups/http-addr.c +index 1926188..b806fbc 100644 +--- a/cups/http-addr.c ++++ b/cups/http-addr.c +@@ -206,31 +206,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */ + { + mode_t mask; /* Umask setting */ + +- /* +- * Remove any existing domain socket file... +- */ +- +- unlink(addr->un.sun_path); +- +- /* +- * Save the current umask and set it to 0 so that all users can access +- * the domain socket... +- */ +- +- mask = umask(0); ++ if ((status = unlink(addr->un.sun_path)) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno))); + +- /* +- * Bind the domain socket... +- */ ++ if (errno == ENOENT) ++ status = 0; ++ } + +- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr)); ++ if (!status) ++ { ++ // Save the current umask and set it to 0 so that all users can access ++ // the domain socket... ++ mask = umask(0); + +- /* +- * Restore the umask and fix permissions... +- */ ++ // Bind the domain socket... ++ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0) ++ { ++ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno))); ++ } + +- umask(mask); +- chmod(addr->un.sun_path, 0140777); ++ // Restore the umask... ++ umask(mask); ++ } + } + else + #endif /* AF_LOCAL */ +diff --git a/scheduler/conf.c b/scheduler/conf.c +index e44736b..a5ba6cb 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -3073,6 +3073,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + + cupsd_listener_t *lis; /* New listeners array */ + ++ /* ++ * If we are launched on-demand, do not use domain sockets from the config ++ * file. Also check that the domain socket path is not too long... ++ */ ++ ++#ifdef HAVE_ONDEMAND ++ if (*value == '/' && OnDemand) ++ { ++ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET)) ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum); ++ continue; ++ } ++#endif // HAVE_ONDEMAND ++ ++ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1)) ++ { ++ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum); ++ continue; ++ } + + /* + * Get the address list... +-- +2.27.0 + diff --git a/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch b/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch new file mode 100644 index 0000000000000000000000000000000000000000..6179fe9e104016562f0264c141d162d61a10d4a4 --- /dev/null +++ b/backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch @@ -0,0 +1,46 @@ +From ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Wed, 12 Jan 2022 08:12:24 -0500 +Subject: [PATCH] Remove legacy code for RIP_MAX_CACHE environment variable + (Issue #323) + +Reference:https://github.com/OpenPrinting/cups/commit/ee02b74ad03b52a5226f80dd2f551c1b565cdbb2 + +--- + CHANGES.md | 12 +++++++++--- + scheduler/job.c | 7 ++----- + 2 files changed, 11 insertions(+), 8 deletions(-) + +diff --git a/scheduler/job.c b/scheduler/job.c +index fd69f71c9c..fbacc4cd12 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c +@@ -541,10 +541,8 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ + /* PRINTER_LOCATION env variable */ + printer_name[255], + /* PRINTER env variable */ +- *printer_state_reasons = NULL, ++ *printer_state_reasons = NULL; + /* PRINTER_STATE_REASONS env var */ +- rip_max_cache[255]; +- /* RIP_MAX_CACHE env variable */ + + + cupsdLogMessage(CUPSD_LOG_DEBUG2, +@@ -749,7 +747,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ + + raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") && + !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw"); +- ++ + if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) || + (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1)) + { +@@ -1051,7 +1049,6 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ + envp[envc ++] = apple_language; + #endif /* __APPLE__ */ + envp[envc ++] = ppd; +- envp[envc ++] = rip_max_cache; + envp[envc ++] = content_type; + envp[envc ++] = device_uri; + envp[envc ++] = printer_info; diff --git a/v2.3.3.tar.gz b/cups-2.4.0-source.tar.gz similarity index 53% rename from v2.3.3.tar.gz rename to cups-2.4.0-source.tar.gz index b6687b8e4c82343769e0503e014d6798ef22f83b..aa8d49f82e0c9877bfb0cbd486201d3cf1fdff05 100644 Binary files a/v2.3.3.tar.gz and b/cups-2.4.0-source.tar.gz differ diff --git a/cups-autostart-when-enabled.patch b/cups-autostart-when-enabled.patch deleted file mode 100644 index ea6a2c3d370888d42d68ede4625bba210fd5feb4..0000000000000000000000000000000000000000 --- a/cups-autostart-when-enabled.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in -index bf308a5..add238b 100644 ---- a/scheduler/org.cups.cupsd.service.in -+++ b/scheduler/org.cups.cupsd.service.in -@@ -10,4 +10,4 @@ Restart=on-failure - - [Install] - Also=cups.socket cups.path --WantedBy=printer.target -+WantedBy=printer.target multi-user.target diff --git a/cups-dymo-deviceid.patch b/cups-dymo-deviceid.patch deleted file mode 100644 index 3ff1ffdb7718663557d58a43e0cafc947ea79c9b..0000000000000000000000000000000000000000 --- a/cups-dymo-deviceid.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up cups-2.3.1/ppdc/sample.drv.dymo-deviceid cups-2.3.1/ppdc/sample.drv ---- cups-2.3.1/ppdc/sample.drv.dymo-deviceid 2019-12-16 09:22:34.476492212 +0100 -+++ cups-2.3.1/ppdc/sample.drv 2019-12-16 09:23:44.665003895 +0100 -@@ -129,6 +129,7 @@ Version "2.3" - { - Manufacturer "DYMO" - ModelName "Label Printer" -+ Attribute "1284DeviceID" "" "MFG:DYMO;MDL:LabelWriter 400;" - Attribute NickName "" "DYMO Label Printer" - PCFileName "dymo.ppd" - DriverType label diff --git a/cups-eggcups.patch b/cups-eggcups.patch deleted file mode 100644 index b49638eb3a3ead00a90be48e63b756b0a0f84a36..0000000000000000000000000000000000000000 --- a/cups-eggcups.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up cups-2.3.0/backend/ipp.c.eggcups cups-2.3.0/backend/ipp.c ---- cups-2.3.0/backend/ipp.c.eggcups 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/backend/ipp.c 2019-10-07 12:14:25.385111933 +0200 -@@ -143,6 +143,70 @@ static char tmpfilename[1024] = ""; - static char mandatory_attrs[1024] = ""; - /* cupsMandatory value */ - -+#if HAVE_DBUS -+#include -+ -+static DBusConnection *dbus_connection = NULL; -+ -+static int -+init_dbus (void) -+{ -+ DBusConnection *connection; -+ DBusError error; -+ -+ if (dbus_connection && -+ !dbus_connection_get_is_connected (dbus_connection)) { -+ dbus_connection_unref (dbus_connection); -+ dbus_connection = NULL; -+ } -+ -+ dbus_error_init (&error); -+ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error); -+ if (connection == NULL) { -+ dbus_error_free (&error); -+ return -1; -+ } -+ -+ dbus_connection = connection; -+ return 0; -+} -+ -+int -+dbus_broadcast_queued_remote (const char *printer_uri, -+ ipp_status_t status, -+ unsigned int local_job_id, -+ unsigned int remote_job_id, -+ const char *username, -+ const char *printer_name) -+{ -+ DBusMessage *message; -+ DBusMessageIter iter; -+ const char *errstr; -+ -+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) { -+ if (init_dbus () || !dbus_connection) -+ return -1; -+ } -+ -+ errstr = ippErrorString (status); -+ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler", -+ "com.redhat.PrinterSpooler", -+ "JobQueuedRemote"); -+ dbus_message_iter_init_append (message, &iter); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name); -+ -+ dbus_connection_send (dbus_connection, message, NULL); -+ dbus_connection_flush (dbus_connection); -+ dbus_message_unref (message); -+ -+ return 0; -+} -+#endif /* HAVE_DBUS */ - - /* - * Local functions... -@@ -1768,6 +1832,15 @@ main(int argc, /* I - Number of comm - fprintf(stderr, "DEBUG: Print job accepted - job ID %d.\n", job_id); - } - -+#if HAVE_DBUS -+ dbus_broadcast_queued_remote (argv[0], -+ ipp_status, -+ atoi (argv[1]), -+ job_id, -+ argv[2], -+ getenv ("PRINTER")); -+#endif /* HAVE_DBUS */ -+ - ippDelete(response); - - if (job_canceled) -diff -up cups-2.3.0/backend/Makefile.eggcups cups-2.3.0/backend/Makefile ---- cups-2.3.0/backend/Makefile.eggcups 2019-10-07 12:14:25.385111933 +0200 -+++ cups-2.3.0/backend/Makefile 2019-10-07 12:16:00.457569406 +0200 -@@ -257,7 +257,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac - - ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a - echo Linking $@... -- $(LD_CC) $(ALL_LDFLAGS) -o ipp ipp.o libbackend.a $(LINKCUPS) -+ $(LD_CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LINKCUPS) $(SERVERLIBS) - $(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@ - $(RM) http https ipps - for file in $(IPPALIASES); do \ -diff -up cups-2.3.0/scheduler/subscriptions.c.eggcups cups-2.3.0/scheduler/subscriptions.c ---- cups-2.3.0/scheduler/subscriptions.c.eggcups 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/subscriptions.c 2019-10-07 12:18:21.736478684 +0200 -@@ -1257,13 +1257,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, - what = "PrinterAdded"; - else if (event & CUPSD_EVENT_PRINTER_DELETED) - what = "PrinterRemoved"; -- else if (event & CUPSD_EVENT_PRINTER_CHANGED) -- what = "QueueChanged"; - else if (event & CUPSD_EVENT_JOB_CREATED) - what = "JobQueuedLocal"; - else if ((event & CUPSD_EVENT_JOB_STATE) && job && - job->state_value == IPP_JOB_PROCESSING) - what = "JobStartedLocal"; -+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED)) -+ what = "QueueChanged"; - else - return; - -@@ -1299,7 +1299,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, - dbus_message_append_iter_init(message, &iter); - if (dest) - dbus_message_iter_append_string(&iter, dest->name); -- if (job) -+ if (job && strcmp (what, "QueueChanged") != 0) - { - dbus_message_iter_append_uint32(&iter, job->id); - dbus_message_iter_append_string(&iter, job->username); diff --git a/cups-etimedout.patch b/cups-etimedout.patch deleted file mode 100644 index 31defda0eb4d0f1803cc92446f398a570bde2113..0000000000000000000000000000000000000000 --- a/cups-etimedout.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c -index e4ffc3d..a989055 100644 ---- a/cups/http-addrlist.c -+++ b/cups/http-addrlist.c -@@ -240,7 +240,10 @@ httpAddrConnect2( - } - - if (!addrlist && nfds == 0) -+ { -+ errno = EHOSTDOWN; - break; -+ } - - /* - * See if we can connect to any of the addresses so far... -@@ -371,6 +374,9 @@ httpAddrConnect2( - remaining -= 250; - } - -+ if (remaining <= 0) -+ errno = ETIMEDOUT; -+ - while (nfds > 0) - { - nfds --; diff --git a/cups-failover-backend.patch b/cups-failover-backend.patch deleted file mode 100644 index 1bcf6276ba8b56e29b16561db15c8137cfbb1d5e..0000000000000000000000000000000000000000 --- a/cups-failover-backend.patch +++ /dev/null @@ -1,876 +0,0 @@ -diff -up cups-2.3.3/backend/failover.c.failover cups-2.3.3/backend/failover.c ---- cups-2.3.3/backend/failover.c.failover 2020-06-11 08:49:20.515264358 +0200 -+++ cups-2.3.3/backend/failover.c 2020-06-11 08:49:20.515264358 +0200 -@@ -0,0 +1,837 @@ -+/* -+ * Failover Backend for the Common UNIX Printing System (CUPS). -+ * -+ * Copyright (c) 2014, Red Hat, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * * Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * * Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * * Neither the name of Red Hat, Inc. nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT, -+ * INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH -+ * DAMAGE. -+ * -+ * Original version by Clark Hale, Red Hat, Inc. -+ * -+ * This backend presents a fake printer that will choose the first -+ * available printer from a list of IPP URIs. -+ * -+ * Option failover contains a comma separated list of IPP URIs. The -+ * URIs are attempted in-order. -+ * -+ * Option failover-retries contains an integer that indicates how many -+ * times to iterate through the failover list before completely -+ * failing. -+ * -+ * Contents: -+ * main() - Checks each printer in a failover list, and -+ * sends job data to the first available printer -+ * move_job() - Sends and IPP Move-Job request -+ * check_printer() - Checks a printer's attributes to see -+ * if it's enabled and accepting jobs -+ * read_config() - Read the backends configuration from -+ * options -+ * get_printer_attributes() - Sends an IPP Get-Attributes request to -+ * a URI -+ * sigterm_handler() - Handle SIGTERM that cancels the job -+ * password_cb() - Password call back used to disable password -+ * prompt -+ */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include "backend-private.h" -+ -+/* -+ * Return Values -+ */ -+typedef enum fo_state_e -+{ -+ FO_PRINTER_GOOD = 0, -+ FO_PRINTER_BAD, -+ FO_PRINTER_BUSY, -+ FO_AUTH_REQUIRED -+} fo_state_t; -+ -+/* -+ * Constants -+ */ -+#define FAILOVER_DEFAULT_RETRIES (3) -+#define FAILOVER_PASSWORD_RETRIES_MAX (3) -+ -+/* -+ * Local Functions -+ */ -+static int check_printer(const char *device_uri); -+static int read_config(cups_array_t *printer_array, int *retries, -+ const char *options); -+static int get_printer_attributes(const char *device_uri, -+ ipp_t **attributes); -+static int move_job(int jobid, const char *dest); -+static void sigterm_handler(int sig); -+static const char *password_cb(const char *); -+ -+/* -+ * Global Variables -+ */ -+static int job_canceled = 0; /* Job canceled */ -+static char *password = NULL; /* password for device */ -+static int password_retries = 0; -+static const char *auth_info_required = "none"; -+ -+/* -+ * 'main()' - Checks each printer in a failover list, and -+ * sends job data to the first available printer -+ * Usage: -+ * printer-uri job-id user title copies options [file] -+ * -+ * The printer-uri option is not used, but it still required to fit -+ * to the backend(7) standards. -+ */ -+int -+main(int argc, char *argv[]) -+{ -+ const char *selected_uri = NULL; /* URI of selected printer */ -+ const char *tmp_device_uri; /* Device URI to check */ -+ cups_array_t *printer_array; /* Array of available printers */ -+ int printer_count = 0; /* current printer array index */ -+ int retry_max = 1; /* maximum retries before exit */ -+ int retry_count = 0; /* current retry number */ -+ int auth_failed_count = 0; /* auth failures per loop */ -+ int rc = CUPS_BACKEND_OK; -+#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) -+ struct sigaction action; /* Actions for POSIX signals */ -+#endif /* HAVE_SIGACTION && !HAVE_SIGSET */ -+ -+ /* -+ * Check args -+ */ -+ if (argc == 1) -+ { -+ /* -+ * print out discovery data -+ */ -+ char *backendName; -+ -+ if ((backendName = strrchr(argv[0], '/')) != NULL) -+ backendName++; -+ else -+ backendName = argv[0]; -+ -+ _cupsLangPrintf(stderr,"network %s \"Unknown\" \"%s (%s)\"\n", -+ backendName, -+ _cupsLangString(cupsLangDefault(), _("Failover Printer")), -+ backendName); -+ -+ return (CUPS_BACKEND_OK); -+ } -+ else if (argc < 6) -+ { -+ _cupsLangPrintf(stderr, -+ _("Usage: %s job-id user title copies options [file]"), -+ argv[0]); -+ return (CUPS_BACKEND_STOP); -+ } -+ -+ fprintf(stderr, "DEBUG: Failover backend starting up.\n"); -+ -+ /* -+ * Don't buffer status messages -+ */ -+ setbuf(stderr, NULL); -+ -+ /* -+ * Ignore SIGPIPE and catch SIGTERM signals... -+ */ -+#ifdef HAVE_SIGSET -+ sigset(SIGPIPE, SIG_IGN); -+ sigset(SIGTERM, sigterm_handler); -+#elif defined(HAVE_SIGACTION) -+ memset(&action, 0, sizeof(action)); -+ action.sa_handler = SIG_IGN; -+ sigaction(SIGPIPE, &action, NULL); -+ -+ sigemptyset(&action.sa_mask); -+ sigaddset(&action.sa_mask, SIGTERM); -+ action.sa_handler = sigterm_handler; -+ sigaction(SIGTERM, &action, NULL); -+#else -+ signal(SIGPIPE, SIG_IGN); -+ signal(SIGTERM, sigterm_handler); -+#endif /* HAVE_SIGSET */ -+ -+ printer_array = cupsArrayNew(NULL, NULL); -+ -+ /* -+ * Read Configuration -+ */ -+ if ((rc = read_config(printer_array, &retry_max, -+ argv[5])) != CUPS_BACKEND_OK) -+ { -+ fprintf(stderr, "ERROR: Failed to read configuration options!\n"); -+ goto cleanup; -+ } -+ -+ /* -+ * Main Retry Loop -+ */ -+ for (retry_count = 0; retry_count < retry_max; retry_count++) -+ { -+ fprintf(stderr, "DEBUG: Retry loop #%d\n", retry_count + 1); -+ -+ /* -+ * Reset Counters -+ */ -+ printer_count = 0; -+ auth_failed_count = 0; -+ -+ tmp_device_uri = (char *)cupsArrayFirst(printer_array); -+ -+ do -+ { -+ if (job_canceled) -+ { -+ fprintf(stderr, "DEBUG: Job Canceled\n"); -+ goto cleanup; -+ } -+ -+ fprintf(stderr,"DEBUG: Checking printer #%d: %s\n", -+ printer_count+1, tmp_device_uri); -+ -+ rc = check_printer(tmp_device_uri); -+ -+ // Printer is available and not busy. -+ if ( rc == FO_PRINTER_GOOD ) -+ { -+ selected_uri = tmp_device_uri; -+ break; -+ } -+ // Printer is busy -+ else if (rc == FO_PRINTER_BUSY) -+ { -+ fprintf(stderr, "DEBUG: Waiting for job to complete.\n"); -+ sleep(2); -+ continue; -+ } -+ // Authorization is required to access the printer. -+ else if (rc == FO_AUTH_REQUIRED) -+ { -+ auth_failed_count++; -+ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count); -+ } -+ // Printer is stopped or not accepting jobs -+ else -+ { -+ if (!printer_count) -+ fprintf(stderr, "INFO: Primary Printer, %s, not available. " -+ "Attempting Failovers...\n", -+ tmp_device_uri); -+ else -+ fprintf(stderr, "INFO: Failover Printer, %s, not available. " -+ "Attempting Failovers..\n", -+ tmp_device_uri); -+ printer_count++; -+ tmp_device_uri = (char *)cupsArrayNext(printer_array); -+ } -+ } while (tmp_device_uri != NULL); -+ -+ if (selected_uri && !printer_count) -+ fprintf(stderr, "STATE: -primary-printer-failed\n"); -+ else -+ fprintf(stderr, "STATE: +primary-printer-failed\n"); -+ -+ if (job_canceled) -+ { -+ fprintf(stderr, "DEBUG: Job Canceled\n"); -+ goto cleanup; -+ } -+ -+ if (!selected_uri && auth_failed_count == printer_count) -+ { -+ fprintf(stderr, "ERROR: All failover printers failed with " -+ "authorization issues.\n"); -+ rc = CUPS_BACKEND_AUTH_REQUIRED; -+ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required); -+ goto cleanup; -+ } -+ else if (!selected_uri && retry_count + 1 < retry_max) -+ { -+ fprintf(stderr, "INFO: No suitable printer found...retrying...\n"); -+ sleep(2); -+ continue; -+ } -+ else if (selected_uri) -+ { -+ fprintf(stderr, "DEBUG: Using printer, %s.\n", selected_uri); -+ break; -+ } -+ } -+ -+ if (!selected_uri) -+ { -+ fprintf(stderr, "ERROR: No suitable printer found. Aborting print\n"); -+ rc = CUPS_BACKEND_FAILED; -+ goto cleanup; -+ } -+ -+ rc = move_job(atoi(argv[1]), selected_uri); -+ -+ if (job_canceled) -+ rc = CUPS_BACKEND_OK; -+ -+cleanup : -+ if (job_canceled) -+ rc = CUPS_BACKEND_OK; -+ -+ tmp_device_uri = (char *)cupsArrayFirst(printer_array); -+ do -+ { -+ free((void *)tmp_device_uri); -+ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL); -+ -+ cupsArrayDelete(printer_array); -+ sleep(2); -+ return (rc); -+} -+ -+/* -+ * 'check_printer()' - Checks the status of a remote printer and returns -+ * back a good/bad/busy status. -+ */ -+int -+check_printer(const char *device_uri) -+{ -+ ipp_t *attributes = NULL; /* attributes for device_uri */ -+ ipp_attribute_t *tmp_attribute; /* for examining attribs */ -+ int rc = FO_PRINTER_GOOD; /* return code */ -+ char *reason; /* printer state reason */ -+ int i; -+ -+ fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri); -+ -+ rc = get_printer_attributes(device_uri, &attributes); -+ if ( rc != CUPS_BACKEND_OK ) -+ { -+ fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n", -+ device_uri); -+ if ( rc == CUPS_BACKEND_AUTH_REQUIRED ) -+ return (FO_AUTH_REQUIRED); -+ else -+ return (FO_PRINTER_BAD); -+ } -+ -+ /* -+ * Check if printer is accepting jobs -+ */ -+ if ((tmp_attribute = ippFindAttribute(attributes, -+ "printer-is-accepting-jobs", -+ IPP_TAG_BOOLEAN)) != NULL && -+ !tmp_attribute->values[0].boolean) -+ { -+ fprintf(stderr, -+ "DEBUG: Printer, %s, is not accepting jobs.\n", -+ device_uri); -+ -+ rc = FO_PRINTER_BAD; -+ } -+ -+ /* -+ * Check if printer is stopped or busy processing -+ */ -+ if ((tmp_attribute = ippFindAttribute(attributes, -+ "printer-state", -+ IPP_TAG_ENUM)) != NULL) -+ { -+ // Printer Stopped -+ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED ) -+ { -+ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri); -+ rc = FO_PRINTER_BAD; -+ } -+ // Printer Busy -+ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING ) -+ { -+ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri); -+ rc = FO_PRINTER_BUSY; -+ } -+ } -+ -+ /* -+ * Parse through the printer-state-reasons -+ */ -+ if ((tmp_attribute = ippFindAttribute(attributes, "printer-state-reasons", -+ IPP_TAG_KEYWORD)) != NULL) -+ { -+ for (i = 0; i < tmp_attribute->num_values; i++) -+ { -+ reason = tmp_attribute->values[i].string.text; -+ int len = strlen(reason); -+ -+ if (len > 8 && !strcmp(reason + len - 8, "-warning")) -+ { -+ fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason); -+ rc = FO_PRINTER_BAD; -+ } -+ else if (len > 6 && !strcmp(reason + len - 6, "-error")) -+ { -+ fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason); -+ rc = FO_PRINTER_BAD; -+ } -+ } -+ } -+ -+ return (rc); -+} -+ -+/* -+ * 'read_config()' - Parses the failover and failover-retries options -+ * -+ */ -+static int -+read_config(cups_array_t *printer_array, int *retries, const char *options) -+{ -+ -+ const char *tmp; /* temporary ptr */ -+ char *tok_tmp; /* temporary ptr for option parsing */ -+ int jobopts_count = 0; /* number of options */ -+ cups_option_t *jobopts = NULL; /* job options */ -+ -+ -+ fprintf(stderr, "DEBUG: Reading Configuration.\n"); -+ jobopts_count = cupsParseOptions(options, 0, &jobopts); -+ -+ if (!jobopts_count) -+ { -+ fprintf(stderr, -+ "ERROR: No job options! Cannot find failover options!\n"); -+ return (CUPS_BACKEND_STOP); -+ } -+ -+ /* -+ * Get attributes from the primary printer -+ */ -+ fprintf(stderr, "DEBUG: Searching for failover option.\n"); -+ -+ if ((tmp = cupsGetOption("failover", jobopts_count, jobopts)) != NULL) -+ { -+ fprintf(stderr, "DEBUG: Failover option contents: %s.\n", tmp); -+ -+ tok_tmp = strdup(tmp); -+ -+ tmp = strtok(tok_tmp, ","); -+ do -+ { -+ cupsArrayAdd(printer_array, strdup(tmp)); -+ } while ((tmp = strtok(NULL,",")) != NULL); -+ -+ free(tok_tmp); -+ } -+ else -+ { -+ /* -+ * The queue is misconfigured, so return back CUPS_BACKEND_STOP -+ */ -+ fprintf(stderr, "ERROR: failover option not specified!\n"); -+ return (CUPS_BACKEND_STOP); -+ } -+ -+ /* -+ * Get the failover-retries value, if it exists. -+ */ -+ fprintf(stderr, "DEBUG: Searching for failover-retries option.\n"); -+ -+ if ((tmp = cupsGetOption("failover-retries", -+ jobopts_count, jobopts)) != NULL) -+ { -+ fprintf(stderr, "DEBUG: failover-retries option contents: %s.\n", tmp); -+ *retries = atoi(tmp); -+ } -+ else -+ { -+ *retries = FAILOVER_DEFAULT_RETRIES; -+ fprintf(stderr, "DEBUG: Failed to get failover-retries option\n"); -+ fprintf(stderr, "DEBUG: Defaulted to %d retries\n", *retries); -+ } -+ -+ return (CUPS_BACKEND_OK); -+} -+ -+/* -+ * 'get_printer_attributes()' - Sends an IPP Get-Attributes request to -+ * a URI -+ */ -+int -+get_printer_attributes(const char *device_uri, ipp_t **attributes) -+{ -+ char uri[HTTP_MAX_URI]; /* Updated URI without login */ -+ int version; /* IPP version */ -+ char scheme[256]; /* Scheme in URI */ -+ ipp_status_t ipp_status; /* Status of IPP request */ -+ char hostname[1024]; /* Hostname */ -+ char resource[1024]; /* Resource infoo */ -+ char addrname[256]; /* Address name */ -+ int port; /* IPP Port number */ -+ char portname[255]; /* Port as string */ -+ http_t *http; /* HTTP connection */ -+ ipp_t *request; /* IPP request */ -+ int rc = CUPS_BACKEND_OK; /* Return Code */ -+ char username[256]; /* Username for device URI */ -+ char *option_ptr; /* for parsing resource opts */ -+ const char * const pattrs[] = /* Printer attributes wanted */ -+ { -+ "printer-is-accepting-jobs", -+ "printer-state", -+ "printer-state-reasons" -+ }; -+ -+ if (job_canceled) -+ return (CUPS_BACKEND_OK); -+ -+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n"); -+ fprintf(stderr, "DEBUG: Device URL %s.\n", device_uri); -+ -+ /* -+ * Parse device_uri -+ */ -+ if (httpSeparateURI(HTTP_URI_CODING_ALL, device_uri, scheme, sizeof(scheme), -+ username, sizeof(username), hostname, sizeof(hostname), -+ &port, resource, sizeof(resource)) != HTTP_URI_OK) -+ { -+ fprintf(stderr, "ERROR: Problem parsing device_uri, %s\n", device_uri); -+ return (CUPS_BACKEND_STOP); -+ } -+ -+ if (!port) -+ port = IPP_PORT; -+ -+ sprintf(portname, "%d", port); -+ -+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n"); -+ -+ /* -+ * Configure password -+ */ -+ cupsSetPasswordCB(password_cb); -+ -+ /* -+ * reset, in case a previous attempt for -+ * another printer left residue -+ */ -+ cupsSetUser(NULL); -+ password = NULL; -+ password_retries = 0; -+ -+ if (*username) -+ { -+ if ((password = strchr(username, ':')) != NULL) -+ { -+ *password = '\0'; -+ password++; -+ } -+ -+ cupsSetUser(username); -+ } -+ else if (!getuid()) -+ { -+ const char *username_env; -+ -+ if ((username_env = getenv("AUTH_USERNAME")) != NULL) -+ { -+ cupsSetUser(username_env); -+ password = getenv("AUTH_PASSWORD"); -+ } -+ } -+ -+ /* -+ * Try connecting to the remote server... -+ */ -+ fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port); -+ _cupsLangPuts(stderr, _("INFO: Connecting to printer...\n")); -+ -+ http = httpConnectEncrypt(hostname, port, cupsEncryption()); -+ -+ /* -+ * Deal the socket not being open. -+ */ -+ if (!http) -+ { -+ int error = errno; /* Connection error */ -+ -+ switch (error) -+ { -+ case EHOSTDOWN : -+ _cupsLangPuts(stderr, _("WARNING: " -+ "The printer may not exist or " -+ "is unavailable at this time.\n")); -+ break; -+ case EHOSTUNREACH : -+ _cupsLangPuts(stderr, _("WARNING: " -+ "The printer is unreachable at this " -+ "time.\n")); -+ break; -+ case ECONNREFUSED : -+ _cupsLangPuts(stderr, _("WARNING: " -+ "Connection Refused.\n")); -+ break; -+ default : -+ fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno)); -+ break; -+ } -+ -+ rc = CUPS_BACKEND_FAILED; -+ sleep(5); -+ goto prt_available_cleanup; -+ } -+ -+ -+#ifdef AF_INET6 -+ if (http->hostaddr->addr.sa_family == AF_INET6) -+ fprintf(stderr, "DEBUG: Connected to [%s]:%d (IPv6)...\n", -+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)), -+ ntohs(http->hostaddr->ipv6.sin6_port)); -+ else -+#endif /* AF_INET6 */ -+ if (http->hostaddr->addr.sa_family == AF_INET) -+ fprintf(stderr, "DEBUG: Connected to %s:%d (IPv4)...\n", -+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)), -+ ntohs(http->hostaddr->ipv4.sin_port)); -+ -+ /* -+ * Search the resource string for options. -+ * We only care about version, for the moment. -+ */ -+ version = 11; -+ -+ if ((option_ptr = strchr(resource, '?')) != NULL) -+ { -+ *option_ptr++ = '\0'; -+ -+ if ((option_ptr = strstr(option_ptr, "version="))!=NULL) -+ { -+ int minor; /* minor version from URI */ -+ int major; /* major version from URI */ -+ char *version_str; /* ipp version */ -+ -+ option_ptr += 8; -+ version_str = option_ptr; -+ -+ while (*option_ptr && *option_ptr != '&' && *option_ptr != '+') -+ option_ptr++; -+ -+ if (*option_ptr) -+ *option_ptr = '\0'; -+ -+ sscanf(version_str, "%d.%d", &major, &minor); -+ -+ version = (major * 10) + minor; -+ -+ switch(version) -+ { -+ case 10 : -+ case 11 : -+ case 20 : -+ case 21 : -+ fprintf(stderr, -+ "DEBUG: Set version to %d from URI\n", -+ version); -+ break; -+ default : -+ _cupsLangPrintf(stderr, -+ _("DEBUG: Invalid version, %d, from URI. " -+ "Using default of 1.1 \n"), -+ version); -+ version = 11; -+ } -+ } -+ } -+ -+ -+ /* -+ * Build a URI for the printer. We can't use the URI in argv[0] -+ * because it might contain username:password information... -+ */ -+ if (httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), scheme, NULL, -+ hostname, port, resource) != HTTP_URI_OK) -+ { -+ fprintf(stderr, "ERROR: Problem assembling printer URI from host %s, " -+ "port %d, resource %s\n", hostname, port, resource); -+ return (CUPS_BACKEND_STOP); -+ } -+ -+ /* -+ * Build the IPP request... -+ */ -+ request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES); -+ request->request.op.version[0] = version / 10; -+ request->request.op.version[1] = version % 10; -+ -+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", -+ NULL, uri); -+ -+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, -+ "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), -+ NULL, pattrs); -+ -+ /* -+ * Do the request... -+ */ -+ fputs("DEBUG: Getting supported attributes...\n", stderr); -+ -+ fprintf(stderr, "DEBUG: IPP Request Structure Built.\n"); -+ -+ *attributes = cupsDoRequest(http, request, resource); -+ ipp_status = cupsLastError(); -+ -+ fprintf(stderr, "DEBUG: Get-Printer-Attributes: %s (%s)\n", -+ ippErrorString(ipp_status), cupsLastErrorString()); -+ -+ if (ipp_status > IPP_OK_CONFLICT) -+ { -+ fprintf(stderr, "DEBUG: Get-Printer-Attributes returned %s.\n", -+ ippErrorString(ipp_status)); -+ switch(ipp_status) -+ { -+ case IPP_FORBIDDEN : -+ case IPP_NOT_AUTHORIZED : -+ _cupsLangPuts(stderr, _("ERROR: Not Authorized.\n")); -+ rc = CUPS_BACKEND_AUTH_REQUIRED; -+ break; -+ case IPP_PRINTER_BUSY : -+ case IPP_SERVICE_UNAVAILABLE : -+ _cupsLangPuts(stderr, _("ERROR: " -+ "The printer is not responding.\n")); -+ rc = CUPS_BACKEND_FAILED; -+ break; -+ case IPP_BAD_REQUEST : -+ case IPP_VERSION_NOT_SUPPORTED : -+ fprintf(stderr, "ERROR: Destination does not support IPP version %d\n", -+ version); -+ case IPP_NOT_FOUND : -+ _cupsLangPuts(stderr, _("ERROR: " -+ "The printer configuration is incorrect or the " -+ "printer no longer exists.\n")); -+ rc = CUPS_BACKEND_STOP; -+ break; -+ default : -+ rc = CUPS_BACKEND_FAILED; -+ } -+ goto prt_available_cleanup; -+ } -+ -+prt_available_cleanup : -+ httpClose(http); -+ return (rc); -+} -+ -+static int -+move_job(int jobid, /* Job ID */ -+ const char *dest) /* Destination ipp address */ -+{ -+ ipp_t *request; /* IPP Request */ -+ char job_uri[HTTP_MAX_URI]; /* job-uri */ -+ -+ http_t* http = httpConnectEncrypt(cupsServer(), ippPort(), cupsEncryption()); -+ -+ if (!http) -+ { -+ _cupsLangPrintf(stderr, -+ _("failover: Unable to connect to server: %s\n"), -+ strerror(errno)); -+ return (CUPS_BACKEND_FAILED); -+ } -+ -+ /* -+ * Build a CUPS_MOVE_JOB request, which requires the following -+ * attributes: -+ * -+ * job-uri/printer-uri -+ * job-printer-uri -+ * requesting-user-name -+ */ -+ -+ request = ippNewRequest(CUPS_MOVE_JOB); -+ -+ snprintf(job_uri, sizeof(job_uri), "ipp://localhost/jobs/%d", jobid); -+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, -+ job_uri); -+ -+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, -+ "requesting-user-name", -+ NULL, cupsUser()); -+ -+ ippAddString(request, IPP_TAG_JOB, IPP_TAG_URI, "job-printer-uri", -+ NULL, dest); -+ -+ /* -+ * Do the request and get back a response... -+ */ -+ -+ ippDelete(cupsDoRequest(http, request, "/jobs")); -+ -+ httpClose(http); -+ -+ if (cupsLastError() > IPP_OK_CONFLICT) -+ { -+ _cupsLangPrintf(stderr, "failover: %s\n", cupsLastErrorString()); -+ return (CUPS_BACKEND_FAILED); -+ } -+ else -+ return (CUPS_BACKEND_OK); -+} -+ -+/* -+ * 'sigterm_handler()' - handles a sigterm, i.e. job canceled -+ */ -+static void -+sigterm_handler(int sig) -+{ -+ if (!job_canceled) -+ { -+ write(2, "DEBUG: Got SIGTERM.\n", 20); -+ job_canceled = 1; -+ } -+ else -+ { -+ /* -+ * Job has already been canceled, so just exit -+ */ -+ exit(1); -+ } -+} -+ -+/* -+ * 'password_cb()' - Disable the password prompt for cupsDoFileRequest(). -+ */ -+static const char * /* O - Password */ -+password_cb(const char *prompt) /* I - Prompt (not used) */ -+{ -+ auth_info_required = "username,password"; -+ password_retries++; -+ -+ if(password_retries < FAILOVER_PASSWORD_RETRIES_MAX) -+ return (password); -+ else -+ return (NULL); -+} -diff -up cups-2.3.3/backend/Makefile.failover cups-2.3.3/backend/Makefile ---- cups-2.3.3/backend/Makefile.failover 2020-04-27 20:04:29.000000000 +0200 -+++ cups-2.3.3/backend/Makefile 2020-06-11 08:52:31.212642019 +0200 -@@ -22,6 +22,7 @@ include ../Makedefs - RBACKENDS = \ - ipp \ - lpd \ -+ failover \ - $(DNSSD_BACKEND) - UBACKENDS = \ - snmp \ -@@ -45,6 +46,7 @@ LIBOBJS = \ - OBJS = \ - ipp.o \ - lpd.o \ -+ failover.o \ - dnssd.o \ - snmp.o \ - socket.o \ -@@ -276,6 +278,15 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend - - - # -+# failover -+# -+ -+failover: failover.o ../cups/$(LIBCUPS) libbackend.a -+ echo Linking $@... -+ $(LD_CC) $(ALL_LDFLAGS) -o failover failover.o libbackend.a $(LINKCUPS) -+ -+ -+# - # snmp - # - diff --git a/cups-filter-debug.patch b/cups-filter-debug.patch deleted file mode 100644 index 96c82dab9333fe1eae827eaf7ecd5df8a5f0aee2..0000000000000000000000000000000000000000 --- a/cups-filter-debug.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200 -@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I - - if (!filters) - { -+ mime_filter_t *current; -+ - cupsdLogJob(job, CUPSD_LOG_ERROR, - "Unable to convert file %d to printable format.", - job->current_file); - -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Required: %s/%s -> %s/%s", -+ job->filetypes[job->current_file]->super, -+ job->filetypes[job->current_file]->type, -+ job->printer->filetype->super, -+ job->printer->filetype->type); -+ -+ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs); -+ current; -+ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs)) -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Available: %s/%s -> %s/%s (%s)", -+ current->src->super, current->src->type, -+ current->dst->super, current->dst->type, -+ current->filter); -+ - abort_message = "Aborting job because it cannot be printed."; - abort_state = IPP_JOB_ABORTED; - diff --git a/cups-hp-deviceid-oid.patch b/cups-hp-deviceid-oid.patch deleted file mode 100644 index da5136a812950352c950e04228d71dd96ce0b72e..0000000000000000000000000000000000000000 --- a/cups-hp-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200 -@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p - static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 }; - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; -+static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, HPDeviceIdOID); - break; - - case DEVICE_DESCRIPTION : diff --git a/cups-ipptool-mdns-uri.patch b/cups-ipptool-mdns-uri.patch deleted file mode 100644 index 6919e96e4411c1a8d3dd8a869931a3397673cdbc..0000000000000000000000000000000000000000 --- a/cups-ipptool-mdns-uri.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/cups/ipp-vars.c b/cups/ipp-vars.c -index 395b0eb..60aa991 100644 ---- a/cups/ipp-vars.c -+++ b/cups/ipp-vars.c -@@ -13,6 +13,7 @@ - */ - - #include -+#include - #include "ipp-private.h" - #include "string-private.h" - #include "debug-internal.h" -@@ -221,9 +222,29 @@ _ippVarsSet(_ipp_vars_t *v, /* I - IPP variables */ - if (!strcmp(name, "uri")) - { - char uri[1024]; /* New printer URI */ -+ char resolved[1024]; /* Resolved mDNS URI */ -+ char value_uri[1024]; /* URI from value */ - http_uri_status_t uri_status; /* URI status */ - -- if ((uri_status = httpSeparateURI(HTTP_URI_CODING_ALL, value, v->scheme, sizeof(v->scheme), v->username, sizeof(v->username), v->host, sizeof(v->host), &(v->port), v->resource, sizeof(v->resource))) < HTTP_URI_STATUS_OK) -+ snprintf(value_uri, sizeof(value_uri), "%s", value); -+ value_uri[1023] = '\0'; -+ -+ if (strstr(value_uri, "._tcp")) -+ { -+ /* -+ * Resolve URI... -+ */ -+ -+ if (!_httpResolveURI(value_uri, resolved, sizeof(resolved), _HTTP_RESOLVE_DEFAULT, NULL, NULL)) -+ { -+ return (0); -+ } -+ -+ snprintf(value_uri, sizeof(value_uri), "%s", resolved); -+ value_uri[1023] = '\0'; -+ } -+ -+ if ((uri_status = httpSeparateURI(HTTP_URI_CODING_ALL, value_uri, v->scheme, sizeof(v->scheme), v->username, sizeof(v->username), v->host, sizeof(v->host), &(v->port), v->resource, sizeof(v->resource))) < HTTP_URI_STATUS_OK) - return (0); - - if (v->username[0]) diff --git a/cups-logrotate.patch b/cups-logrotate.patch deleted file mode 100644 index 6b8eb8ce5495b6777080e87ec919c7580e12358d..0000000000000000000000000000000000000000 --- a/cups-logrotate.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up cups-2.1b1/scheduler/log.c.logrotate cups-2.1b1/scheduler/log.c ---- cups-2.1b1/scheduler/log.c.logrotate 2015-06-04 20:00:31.000000000 +0200 -+++ cups-2.1b1/scheduler/log.c 2015-06-29 13:25:09.623350218 +0200 -@@ -26,6 +26,9 @@ - # include - #endif /* HAVE_ASL_H */ - #include -+#include -+#include -+#include - - - /* -@@ -135,12 +138,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - } - - /* -- * Format the filename as needed... -+ * Format the filename... - */ - -- if (!*lf || -- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize && -- MaxLogSize > 0)) -+ if (strncmp(logname, "/dev/", 5)) - { - /* - * Handle format strings... -@@ -254,6 +255,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - /* - * Change ownership and permissions of non-device logs... - */ -+ -+ fchown(cupsFileNumber(*lf), RunUser, Group); -+ fchmod(cupsFileNumber(*lf), LogFilePerm); -+ } -+ } -+ -+ /* -+ * Has someone else (i.e. logrotate) already rotated the log for us? -+ */ -+ else if (strncmp(filename, "/dev/", 5)) -+ { -+ struct stat st; -+ if (stat(filename, &st) || st.st_size == 0) -+ { -+ /* File is either missing or has zero size. */ -+ -+ cupsFileClose(*lf); -+ if ((*lf = cupsFileOpen(filename, "a")) == NULL) -+ { -+ syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename, -+ strerror(errno)); -+ -+ return (0); -+ } -+ -+ /* -+ * Change ownership and permissions of non-device logs... -+ */ - - fchown(cupsFileNumber(*lf), RunUser, Group); - fchmod(cupsFileNumber(*lf), LogFilePerm); diff --git a/cups-lspp.patch b/cups-lspp.patch deleted file mode 100644 index 7c094d210e453316157b3ce8c2d0ddf9709c856f..0000000000000000000000000000000000000000 --- a/cups-lspp.patch +++ /dev/null @@ -1,1990 +0,0 @@ -diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in ---- cups-2.3.0/config.h.in.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/config.h.in 2019-10-07 12:24:43.058597468 +0200 -@@ -684,4 +684,11 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ - -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ -diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/cups-lspp.m4 ---- cups-2.3.0/config-scripts/cups-lspp.m4.lspp 2019-10-07 12:24:43.058597468 +0200 -+++ cups-2.3.0/config-scripts/cups-lspp.m4 2019-10-07 12:24:43.058597468 +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl LSPP code for the Common UNIX Printing System (CUPS). -+dnl -+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P. -+dnl -+dnl This program is free software; you can redistribute it and/or modify -+dnl it under the terms of the GNU General Public License as published by -+dnl the Free Software Foundation; version 2. -+dnl -+dnl This program is distributed in the hope that it will be useful, but -+dnl WITHOUT ANY WARRANTY; without even the implied warranty of -+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+dnl General Public License for more details. -+dnl -+dnl You should have received a copy of the GNU General Public License -+dnl along with this program; if not, write to the Free Software Foundation, -+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA -+dnl -+ -+dnl Are we trying to meet LSPP requirements -+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) -+ -+if test x"$enable_lspp" != xno; then -+ case "$uname" in -+ Linux) -+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) -+ AC_CHECK_HEADER(libaudit.h) -+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)]) -+ AC_CHECK_HEADER(selinux/selinux.h) -+ AC_DEFINE(WITH_LSPP) -+ ;; -+ *) -+ # All others -+ ;; -+ esac -+fi -diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac ---- cups-2.3.0/configure.ac.lspp 2019-10-07 12:24:43.058597468 +0200 -+++ cups-2.3.0/configure.ac 2019-10-07 12:39:20.122546282 +0200 -@@ -34,6 +34,8 @@ sinclude(config-scripts/cups-dnssd.m4) - sinclude(config-scripts/cups-startup.m4) - sinclude(config-scripts/cups-defaults.m4) - -+sinclude(config-scripts/cups-lspp.m4) -+ - INSTALL_LANGUAGES="" - UNINSTALL_LANGUAGES="" - LANGFILES="" -diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c ---- cups-2.3.0/filter/common.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/filter/common.c 2019-10-07 12:24:43.059597461 +0200 -@@ -11,6 +11,12 @@ - * Include necessary headers... - */ - -+#include "config.h" -+#ifdef WITH_LSPP -+#define _GNU_SOURCE -+#include -+#endif /* WITH_LSPP */ -+ - #include "common.h" - #include - -@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\') -+ putchar('\\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I - printf(" %.0f moveto ESPpl show\n", top - 14.0); - puts("pop"); - puts("}bind put"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c ---- cups-2.3.0/filter/pstops.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/filter/pstops.c 2019-10-07 12:24:43.059597461 +0200 -@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\') -+ putchar('\\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* - doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); - doc_puts(doc, "pop\n"); - doc_puts(doc, "}bind put\n"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-2.3.0/Makedefs.in.lspp cups-2.3.0/Makedefs.in ---- cups-2.3.0/Makedefs.in.lspp 2019-10-07 12:24:43.059597461 +0200 -+++ cups-2.3.0/Makedefs.in 2019-10-07 12:37:19.200565805 +0200 -@@ -174,7 +174,7 @@ IPPFIND_MAN = @IPPFIND_MAN@ - LDFLAGS = @LDFLAGS@ - LINKCUPS = @LINKCUPS@ - LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS) --LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) -+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - ONDEMANDFLAGS = @ONDEMANDFLAGS@ - ONDEMANDLIBS = @ONDEMANDLIBS@ - OPTIM = @OPTIM@ -diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c ---- cups-2.3.0/scheduler/client.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/client.c 2019-10-07 12:33:10.459693580 +0200 -@@ -19,12 +19,20 @@ - #define _HTTP_NO_PRIVATE - #include "cupsd.h" - -+#ifndef _GNU_SOURCE -+#define _GNU_SOURCE -+#endif /* !defined(_GNU_SOURCE) */ - #ifdef __APPLE__ - # include - #endif /* __APPLE__ */ - #ifdef HAVE_TCPD_H - # include - #endif /* HAVE_TCPD_H */ -+#ifdef WITH_LSPP -+# include -+# include -+# include -+#endif /* WITH_LSPP */ - - - /* -@@ -265,6 +273,59 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - #endif /* HAVE_TCPD_H */ - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ struct ucred cr; -+ unsigned int cl=sizeof(cr); -+ -+ if (getsockopt(httpGetFd(con->http), SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) -+ { -+ /* -+ * client_pid_to_auid() can be racey -+ * In this case the pid is based on a socket connected to the client -+ */ -+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1) -+ { -+ httpClose(con->http); -+ cupsdLogClient(con, CUPSD_LOG_ERROR, -+ "Unable to determine client auid for client pid=%d", -+ cr.pid); -+ free(con); -+ return; -+ } -+ cupsdLogClient(con, CUPSD_LOG_INFO, -+ "peer's pid=%d, uid=%d, gid=%d, auid=%d", -+ cr.pid, cr.uid, cr.gid, con->auid); -+ } -+ else -+ { -+ httpClose(con->http); -+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed"); -+ free(con); -+ return; -+ } -+ -+ /* -+ * get the context of the peer connection -+ */ -+ if (getpeercon(httpGetFd(con->http), &con->scon)) -+ { -+ httpClose(con->http); -+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed"); -+ free(con); -+ return; -+ } -+ -+ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon); -+ } -+ else -+ { -+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "skipping getpeercon()"); -+ cupsdSetString(&con->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - #ifdef AF_LOCAL - if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) - { -@@ -558,6 +619,13 @@ cupsdReadClient(cupsd_client_t *con) /* - struct stat filestats; /* File information */ - mime_type_t *type; /* MIME type of file */ - static unsigned request_id = 0; /* Request ID for temp files */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job file */ -+ context_t clicon; /* contex_t container for con->scon */ -+ context_t tmpcon; /* temp context to swap the level */ -+ char *clirange; /* SELinux sensitivity range */ -+ char *cliclearance; /* SELinux low end clearance */ -+#endif /* WITH_LSPP */ - - - status = HTTP_STATUS_CONTINUE; -@@ -1679,6 +1747,73 @@ cupsdReadClient(cupsd_client_t *con) /* - fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); - } - -+#ifdef WITH_LSPP -+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(con->filename, &spoolcon) == -1) -+ { -+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); -+ cupsdCloseClient(con); -+ return; -+ } -+ clicon = context_new(con->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!clicon || !tmpcon) -+ { -+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); -+ if (clicon) -+ context_free(clicon); -+ if (tmpcon) -+ context_free(tmpcon); -+ cupsdCloseClient(con); -+ return; -+ } -+ clirange = (char *) context_range_get(clicon); -+ if (clirange) -+ { -+ clirange = strdup(clirange); -+ if ((cliclearance = strtok(clirange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, cliclearance) == -1) -+ { -+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ cupsdCloseClient(con); -+ return; -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) -+ { -+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ cupsdCloseClient(con); -+ return; -+ } -+ } -+ free(clirange); -+ } -+ if (setfilecon(con->filename, context_str(tmpcon)) == -1) -+ { -+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE); -+ context_free(tmpcon); -+ context_free(clicon); -+ cupsdCloseClient(con); -+ return; -+ } -+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s", -+ con->filename, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(clicon); -+ } -+#endif /* WITH_LSPP */ -+ - if (httpGetState(con->http) != HTTP_STATE_POST_SEND) - { - if (!httpWait(con->http, 0)) -@@ -3174,6 +3309,49 @@ is_path_absolute(const char *path) /* I - return (1); - } - -+#ifdef WITH_LSPP -+/* -+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid. -+ */ -+ -+uid_t client_pid_to_auid(pid_t clipid) -+{ -+ uid_t uid; -+ int len, in; -+ char buf[16] = {0}; -+ char fname[32] = {0}; -+ -+ -+ /* -+ * Hopefully this pid is still the one we are interested in. -+ */ -+ snprintf(fname, 32, "/proc/%d/loginuid", clipid); -+ in = open(fname, O_NOFOLLOW|O_RDONLY); -+ -+ if (in < 0) -+ return (uid_t) -1; -+ -+ errno = 0; -+ -+ do { -+ len = read(in, buf, sizeof(buf)); -+ } while (len < 0 && errno == EINTR); -+ -+ close(in); -+ -+ if (len < 0 || len >= sizeof(buf)) -+ return (uid_t) -1; -+ -+ errno = 0; -+ buf[len] = 0; -+ uid = strtol(buf, 0, 10); -+ -+ if (errno != 0) -+ return (uid_t) -1; -+ else -+ return uid; -+} -+#endif /* WITH_LSPP */ - - /* - * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h ---- cups-2.3.0/scheduler/client.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/client.h 2019-10-07 12:24:43.113597079 +0200 -@@ -13,6 +13,13 @@ - #endif /* HAVE_AUTHORIZATION_H */ - - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include -+#endif /* WITH_LSPP */ -+ - /* - * HTTP client structure... - */ -@@ -63,6 +70,10 @@ struct cupsd_client_s - #ifdef HAVE_AUTHORIZATION_H - AuthorizationRef authref; /* Authorization ref */ - #endif /* HAVE_AUTHORIZATION_H */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of connection */ -+ uid_t auid; /* Audit loginuid of the client */ -+#endif /* WITH_LSPP */ - }; - - #define HTTP(con) ((con)->http) -@@ -136,6 +147,9 @@ extern void cupsdStartListening(void); - extern void cupsdStopListening(void); - extern void cupsdUpdateCGI(void); - extern void cupsdWriteClient(cupsd_client_t *con); -+#ifdef WITH_LSPP -+extern uid_t client_pid_to_auid(pid_t clipid); -+#endif /* WITH_LSPP */ - - #ifdef HAVE_SSL - extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c ---- cups-2.3.0/scheduler/conf.c.lspp 2019-10-07 12:24:43.049597531 +0200 -+++ cups-2.3.0/scheduler/conf.c 2019-10-07 12:24:43.113597079 +0200 -@@ -37,6 +37,9 @@ - # define INADDR_NONE 0xffffffff - #endif /* !INADDR_NONE */ - -+#ifdef WITH_LSPP -+# include -+#endif /* WITH_LSPP */ - - /* - * Configuration variable structure... -@@ -131,6 +134,10 @@ static const cupsd_var_t cupsd_vars[] = - { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, - { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN }, - { "Timeout", &Timeout, CUPSD_VARTYPE_TIME }, -+#ifdef WITH_LSPP -+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, -+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, -+#endif /* WITH_LSPP */ - { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } - }; - static const cupsd_var_t cupsfiles_vars[] = -@@ -544,6 +551,9 @@ cupsdReadConfiguration(void) - const char *tmpdir; /* TMPDIR environment variable */ - struct stat tmpinfo; /* Temporary directory info */ - cupsd_policy_t *p; /* Policy */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+#endif /* WITH_LSPP */ - - - /* -@@ -864,6 +874,25 @@ cupsdReadConfiguration(void) - - RunUser = getuid(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ /* -+ * ClassifyOverride is set during read_configuration, if its ON, report it now -+ */ -+ if (ClassifyOverride) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] ClassifyOverride=enabled Users can override print banners", -+ ServerName, NULL, NULL, 1); -+ /* -+ * PerPageLabel is set during read_configuration, if its OFF, report it now -+ */ -+ if (!PerPageLabels) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1); -+ } -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", - RemotePort ? "enabled" : "disabled"); - -@@ -1275,7 +1304,19 @@ cupsdReadConfiguration(void) - cupsdClearString(&Classification); - - if (Classification) -+ { - cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification); -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ -+ } - - /* - * Check the MaxClients setting, and then allocate memory for it... -@@ -3830,6 +3871,18 @@ read_location(cups_file_t *fp, /* I - C - return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); - } - -+#ifdef WITH_LSPP -+int is_lspp_config() -+{ -+ if (Classification != NULL) -+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0)); -+ else -+ return 0; -+} -+#endif /* WITH_LSPP */ -+ - - /* - * 'read_policy()' - Read a definition. -diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h ---- cups-2.3.0/scheduler/conf.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/conf.h 2019-10-07 12:24:43.113597079 +0200 -@@ -243,6 +243,13 @@ VAR char *ServerKeychain VALUE(NULL); - /* Keychain holding cert + key */ - #endif /* HAVE_SSL */ - -+#ifdef WITH_LSPP -+VAR int AuditLog VALUE(-1), -+ /* File descriptor for audit */ -+ PerPageLabels VALUE(TRUE); -+ /* Put the label on each page */ -+#endif /* WITH_LSPP */ -+ - #ifdef HAVE_ONDEMAND - VAR int IdleExitTimeout VALUE(60); - /* Time after which an idle cupsd will exit */ -@@ -261,6 +268,9 @@ VAR int HaveServerCreds VALUE(0); - VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */ - #endif /* HAVE_GSSAPI */ - -+#ifdef WITH_LSPP -+extern int is_lspp_config(void); -+#endif /* WITH_LSPP */ - - /* - * Prototypes... -diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h ---- cups-2.3.0/scheduler/cupsd.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/cupsd.h 2019-10-07 12:31:38.458480578 +0200 -@@ -8,6 +8,8 @@ - * information. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ - - /* - * Include necessary headers. -@@ -33,6 +35,14 @@ - # include - #endif /* _WIN32 */ - -+#include "config.h" -+#ifdef WITH_LSPP -+# define MLS_CONFIG "mls" -+# define TE_CONFIG "te" -+# define SELINUX_CONFIG "SELinux" -+# define UNKNOWN_SL "UNKNOWN SL" -+#endif /* WITH_LSPP */ -+ - #include "mime.h" - - #if defined(HAVE_CDSASSL) -diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c ---- cups-2.3.0/scheduler/ipp.c.lspp 2019-10-07 12:24:43.016597764 +0200 -+++ cups-2.3.0/scheduler/ipp.c 2019-10-07 12:31:01.243798920 +0200 -@@ -11,6 +11,9 @@ - * information. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -27,6 +30,14 @@ extern int mbr_group_name_to_uuid(const - extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember); - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include -+#include -+#include -+#include -+#include -+#include -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -51,6 +62,9 @@ static void cancel_all_jobs(cupsd_client - static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void cancel_subscription(cupsd_client_t *con, int id); - static int check_rss_recipient(const char *recipient); -+#ifdef WITH_LSPP -+static int check_context(cupsd_client_t *con, cupsd_job_t *job); -+#endif /* WITH_LSPP */ - static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); - static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1240,6 +1254,21 @@ add_job(cupsd_client_t *con, /* I - Cl - "time-at-creation", - "time-at-processing" - }; -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* device file pointed to by the printer */ -+ char *userheader = NULL; /* User supplied job-sheets[0] */ -+ char *userfooter = NULL; /* User supplied job-sheets[1] */ -+ int override = 0; /* Was a banner overrode on a job */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1568,6 +1597,106 @@ add_job(cupsd_client_t *con, /* I - Cl - - attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name); -+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes.")); -+ return (NULL); -+ } -+ -+ /* -+ * Perform an access check so that if the user gets feedback at enqueue time -+ */ -+ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s", -+ printerfile); -+ -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")); -+ return (NULL); -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file")); -+ return (NULL); -+ } -+ static int avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client")); -+ return (NULL); -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer")); -+ return (NULL); -+ } -+ printercon = context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s", -+ context_str(printercon), con->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer")); -+ freecon(devcon); -+ return (NULL); -+ } -+ freecon(devcon); -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused" -+ " unable to access printer=%s", con->auid, -+ con->username, con->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer")); -+ return (NULL); -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - if ((job = cupsdAddJob(priority, printer->name)) == NULL) - { - send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1576,6 +1705,32 @@ add_job(cupsd_client_t *con, /* I - Cl - return (NULL); - } - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * duplicate the security context and auid of the connection into the job structure -+ */ -+ job->scon = strdup(con->scon); -+ job->auid = con->auid; -+ -+ /* -+ * add the security context to the request so that on a restart the security -+ * attributes will be able to be restored -+ */ -+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", -+ NULL, job->scon); -+ } -+ else -+ { -+ /* -+ * Fill in the security context of the job as unlabeled -+ */ -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL); -+ cupsdSetString(&job->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); - job->attrs = con->request; - job->dirty = 1; -@@ -1763,6 +1918,29 @@ add_job(cupsd_client_t *con, /* I - Cl - ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); - ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ else -+ { -+ /* -+ * The option was present, so capture the user supplied strings -+ */ -+ userheader = strdup(attr->values[0].string.text); -+ -+ if (attr->num_values > 1) -+ userfooter = strdup(attr->values[1].string.text); -+ -+ if (Classification != NULL && (strcmp(userheader, Classification) == 0) -+ && userfooter &&(strcmp(userfooter, Classification) == 0)) -+ { -+ /* -+ * Since both values are Classification, the user is not trying to Override -+ */ -+ free(userheader); -+ if (userfooter) free(userfooter); -+ userheader = userfooter = NULL; -+ } -+ } -+#endif /* WITH_LSPP */ - - job->job_sheets = attr; - -@@ -1793,6 +1971,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets=\"%s,none\", " - "job-originating-user-name=\"%s\"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (attr->num_values == 2 && - strcmp(attr->values[0].string.text, -@@ -1811,6 +1992,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name=\"%s\"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (strcmp(attr->values[0].string.text, Classification) && - strcmp(attr->values[0].string.text, "none") && -@@ -1831,6 +2015,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name=\"%s\"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - } - else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1871,8 +2058,52 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets=\"%s\", " - "job-originating-user-name=\"%s\"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ -+ } -+#ifdef WITH_LSPP -+ if (is_lspp_config() && AuditLog != -1) -+ { -+ audit_message = NULL; -+ -+ if (userheader || userfooter) -+ { -+ if (!override) -+ { -+ /* -+ * The user overrode the banner, so audit it -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " using banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 1); -+ } -+ else -+ { -+ /* -+ * The user tried to override the banner, audit the failure -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " ignored banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 0); -+ } -+ cupsdClearString(&audit_message); -+ } - } -+ -+ if (userheader) -+ free(userheader); -+ if (userfooter) -+ free(userfooter); -+#endif /* WITH_LSPP */ - } -+ - - /* - * See if we need to add the starting sheet... -@@ -3648,6 +3879,128 @@ check_rss_recipient( - } - - -+#ifdef WITH_LSPP -+/* -+ * 'check_context()' - Check SELinux security context of a user and job -+ */ -+ -+static int /* O - 1 if OK, 0 if not, -1 on error */ -+check_context(cupsd_client_t *con, /* I - Client connection */ -+ cupsd_job_t *job) /* I - Job */ -+{ -+ int enforcing; /* is SELinux in enforcing mode */ -+ char filename[1024]; /* Filename of the spool file */ -+ security_id_t clisid; /* SELinux SID of the client */ -+ security_id_t jobsid; /* SELinux SID of the job */ -+ security_id_t filesid; /* SELinux SID of the spool file */ -+ struct avc_entry_ref avcref; /* AVC entry cache pointer */ -+ security_class_t tclass; /* SELinux security class */ -+ access_vector_t avr; /* SELinux access being queried */ -+ security_context_t spoolfilecon; /* SELinux context of the spool file */ -+ -+ -+ /* -+ * Validate the input to be sure there are contexts to work with... -+ */ -+ -+ if (con->scon == NULL || job->scon == NULL -+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0 -+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ return -1; -+ -+ if ((enforcing = security_getenforce()) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Error while determining SELinux enforcement"); -+ return -1; -+ } -+ cupsdLogJob(job, CUPSD_LOG_DEBUG, -+ "check_context: client context %s job context %s", -+ con->scon, job->scon); -+ -+ -+ /* -+ * Initialize the avc engine... -+ */ -+ -+ static int avc_initialized = 0; -+ if (! avc_initialized++) -+ { -+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init"); -+ return -1; -+ } -+ } -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "check_context: unable to convert %s to SELinux sid", -+ con->scon); -+ return -1; -+ } -+ if (avc_context_to_sid(job->scon, &jobsid) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "check_context: unable to convert %s to SELinux sid", -+ job->scon); -+ return -1; -+ } -+ avc_entry_ref_init(&avcref); -+ tclass = SECCLASS_FILE; -+ avr = FILE__READ; -+ -+ /* -+ * Perform the check with the client as the subject, first with the job as the object -+ * if that fails then with the spool file as the object... -+ */ -+ -+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: SELinux denied access " -+ "based on the client context"); -+ -+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); -+ if (getfilecon(filename, &spoolfilecon) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "check_context: Unable to get spoolfile context"); -+ return -1; -+ } -+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "check_context: Unable to determine the " -+ "SELinux sid for the spool file"); -+ freecon(spoolfilecon); -+ return -1; -+ } -+ freecon(spoolfilecon); -+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: SELinux denied access to the spool file"); -+ return 0; -+ } -+ cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: SELinux allowed access to the spool file"); -+ return 1; -+ } -+ else -+ if (enforcing == 0) -+ cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: allowing operation due to permissive mode"); -+ else -+ cupsdLogJob(job, CUPSD_LOG_INFO, -+ "check_context: SELinux allowed access based on the " -+ "client context"); -+ -+ return 1; -+} -+#endif /* WITH_LSPP */ -+ -+ - /* - * 'check_quotas()' - Check quotas for a printer and user. - */ -@@ -4103,6 +4456,15 @@ copy_banner(cupsd_client_t *con, /* I - - char attrname[255], /* Name of attribute */ - *s; /* Pointer into name */ - ipp_attribute_t *attr; /* Attribute */ -+#ifdef WITH_LSPP -+ const char *mls_label; /* SL of print job */ -+ char *jobrange; /* SELinux sensitivity range */ -+ char *jobclearance; /* SELinux low end clearance */ -+ context_t jobcon; /* SELinux context of the job */ -+ context_t tmpcon; /* Temp context to set the level */ -+ security_context_t spoolcon; /* Context of the file in the spool */ -+#endif /* WITH_LSPP */ -+ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4138,6 +4500,85 @@ copy_banner(cupsd_client_t *con, /* I - - - fchmod(cupsFileNumber(out), 0640); - fchown(cupsFileNumber(out), RunUser, Group); -+#ifdef WITH_LSPP -+ if (job->scon != NULL && -+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to get the context of the banner file %s - %s", -+ filename, strerror(errno)); -+ job->num_files --; -+ return (0); -+ } -+ tmpcon = context_new(spoolcon); -+ jobcon = context_new(job->scon); -+ freecon(spoolcon); -+ if (!tmpcon || !jobcon) -+ { -+ if (tmpcon) -+ context_free(tmpcon); -+ if (jobcon) -+ context_free(jobcon); -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the SELinux contexts"); -+ job->num_files --; -+ return (0); -+ } -+ jobrange = (char *) context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the " -+ "level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the " -+ "level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ free(jobrange); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the " -+ "context of the banner file %s - %s", -+ filename, strerror(errno)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", -+ filename, context_str(tmpcon)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ } -+#endif /* WITH_LSPP */ - - /* - * Try the localized banner file under the subdirectory... -@@ -4232,6 +4673,24 @@ copy_banner(cupsd_client_t *con, /* I - - else - s = attrname; - -+#ifdef WITH_LSPP -+ if (strcmp(s, "mls-label") == 0) -+ { -+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ jobcon = context_new(job->scon); -+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else // default to using the whole context string -+ mls_label = context_str(jobcon); -+ cupsFilePuts(out, mls_label); -+ context_free(jobcon); -+ } -+ continue; -+ } -+#endif /* WITH_LSPP */ - if (!strcmp(s, "printer-name")) - { - cupsFilePuts(out, job->dest); -@@ -6439,6 +6898,22 @@ get_job_attrs(cupsd_client_t *con, /* I - - exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); - -+ -+#ifdef WITH_LSPP -+ /* -+ * Check SELinux... -+ */ -+ if (is_lspp_config() && check_context(con, job) != 1) -+ { -+ /* -+ * Unfortunately we have to lie to the user... -+ */ -+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid); -+ return; -+ } -+#endif /* WITH_LSPP */ -+ -+ - /* - * Copy attributes... - */ -@@ -6836,6 +7311,11 @@ get_jobs(cupsd_client_t *con, /* I - C - if (username[0] && _cups_strcasecmp(username, job->username)) - continue; - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ continue; -+#endif /* WITH_LSPP */ -+ - if (count > 0) - ippAddSeparator(con->response); - -@@ -11445,6 +11925,11 @@ validate_user(cupsd_job_t *job, /* I - - strlcpy(username, get_username(con), userlen); - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ return 0; -+#endif /* WITH_LSPP */ -+ - /* - * Check the username against the owner... - */ -diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c ---- cups-2.3.0/scheduler/job.c.lspp 2019-10-07 12:24:43.024597707 +0200 -+++ cups-2.3.0/scheduler/job.c 2019-10-07 12:30:13.092210820 +0200 -@@ -8,6 +8,9 @@ - * information. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -23,6 +26,14 @@ - # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include -+#include -+#include -+#include -+#include -+#include -+#endif /* WITH_LSPP */ - - /* - * Design Notes for Job Management -@@ -544,6 +555,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - /* PRINTER_STATE_REASONS env var */ - rip_max_cache[255]; - /* RIP_MAX_CACHE env variable */ -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ context_t jobcon; /* SELinux context of the job */ -+ char *label_template = NULL; /* SL to put in classification -+ env var */ -+ const char *mls_label = NULL; /* SL to put in classification -+ env var */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1080,6 +1099,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - if (final_content_type[0]) - envp[envc ++] = final_content_type; - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s", -+ job->id, job->auid, job->username, job->printer->name, title); -+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ } -+ else -+ { -+ jobcon = context_new(job->scon); -+ -+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL) -+ label_template = strdup(Classification); -+ else if (attr->num_values > 1 && -+ strcmp(attr->values[1].string.text, "none") != 0) -+ label_template = strdup(attr->values[1].string.text); -+ else -+ label_template = strdup(attr->values[0].string.text); -+ -+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0) -+ mls_label = context_str(jobcon); -+ else -+ mls_label = label_template; -+ -+ if (mls_label && (PerPageLabels || banner_page)) -+ { -+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label); -+ envp[envc ++] = classification; -+ } -+ -+ if ((AuditLog != -1) && !banner_page) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s" -+ " obj=%s label=%s", job->id, job->auid, job->username, -+ job->printer->name, title, job->scon, mls_label?mls_label:"none"); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ context_free(jobcon); -+ free(label_template); -+ } -+ } -+ else -+ /* -+ * Fall through to the non-LSPP behavior -+ */ -+#endif /* WITH_LSPP */ - if (Classification && !banner_page) - { - if ((attr = ippFindAttribute(job->attrs, "job-sheets", -@@ -1858,6 +1938,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J - ippSetString(job->attrs, &job->reasons, 0, "none"); - } - -+#ifdef WITH_LSPP -+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL) -+ cupsdSetString(&job->scon, attr->values[0].string.text); -+ else if (is_lspp_config()) -+ { -+ /* -+ * There was no security context so delete the job -+ */ -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Missing or bad security-context attribute " -+ "in control file \"%s\"!", -+ jobfile); -+ goto error; -+ } -+#endif /* WITH_LSPP */ -+ - job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER); - job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); - job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2273,6 +2369,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - { - char filename[1024]; /* Job control filename */ - cups_file_t *fp; /* Job file */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job control file */ -+ context_t jobcon; /* contex_t container for job->scon */ -+ context_t tmpcon; /* Temp context to swap the level */ -+ char *jobclearance; /* SELinux low end clearance */ -+ const char *jobrange; /* SELinux sensitivity range */ -+ char *jobrange_copy; /* SELinux sensitivity range */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2295,6 +2399,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - - fchown(cupsFileNumber(fp), RunUser, Group); - -+#ifdef WITH_LSPP -+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to get context of job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ return; -+ } -+ jobcon = context_new(job->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!jobcon || !tmpcon) -+ { -+ if (jobcon) -+ context_free(jobcon); -+ if (tmpcon) -+ context_free(tmpcon); -+ cupsdLogJob(job, CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); -+ return; -+ } -+ jobrange = context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange_copy = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to set the range for " -+ "job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to set the range for " -+ "job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ free(jobrange_copy); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to set context of job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "New spool file context=%s", -+ context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ } -+#endif /* WITH_LSPP */ -+ - job->attrs->state = IPP_IDLE; - - if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3995,6 +4171,19 @@ get_options(cupsd_job_t *job, /* I - Jo - banner_page) - continue; - -+#ifdef WITH_LSPP -+ /* -+ * In LSPP mode refuse to honor the page-label -+ */ -+ if (is_lspp_config() && -+ !strcmp(attr->name, "page-label")) -+ { -+ cupsdLogJob(job, CUPSD_LOG_DEBUG, -+ "Ignoring page-label option due to LSPP mode"); -+ continue; -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Otherwise add them to the list... - */ -@@ -4805,6 +4994,18 @@ start_job(cupsd_job_t *job, /* I - - cupsd_printer_t *printer) /* I - Printer to print job */ - { - const char *filename; /* Support filename */ -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ char *printerfile = NULL; /* Device file pointed to by the printer */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ - ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs, - "job-cancel-after", - IPP_TAG_INTEGER); -@@ -4993,6 +5194,113 @@ start_job(cupsd_job_t *job, /* I - - fcntl(job->side_pipes[1], F_SETFD, - fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * Perform an access check before printing, but only if the printer starts with /dev/ -+ */ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogJob(job, CUPSD_LOG_DEBUG, -+ "Attempting to check access on printer device %s", -+ printerfile); -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to stat the printer"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "StartJob: Printer is not a character device or " -+ "regular file"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ static int avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(job->scon, &clisid) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to determine the SELinux sid for the job"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to get the SELinux context of %s", -+ printerfile); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ printercon = context_new(devcon); -+ cupsdLogJob(job, CUPSD_LOG_DEBUG, -+ "Printer context %s client context %s", -+ context_str(printercon), job->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Unable to determine the SELinux sid for the printer"); -+ freecon(devcon); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ freecon(devcon); -+ -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled" -+ " unable to access printer=%s", job->id, -+ job->auid, (job->username)?job->username:"?", job->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ -+ return ; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Now start the first file in the job... - */ -diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h ---- cups-2.3.0/scheduler/job.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/job.h 2019-10-07 12:29:54.364371023 +0200 -@@ -7,6 +7,13 @@ - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include -+#endif /* WITH_LSPP */ -+ - /* - * Constants... - */ -@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request * - int progress; /* Printing progress */ - int num_keywords; /* Number of PPD keywords */ - cups_option_t *keywords; /* PPD keywords */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of job */ -+ uid_t auid; /* Audit loginuid for this job */ -+#endif /* WITH_LSPP */ - }; - - typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c ---- cups-2.3.0/scheduler/main.c.lspp 2019-10-07 12:24:43.037597616 +0200 -+++ cups-2.3.0/scheduler/main.c 2019-10-07 12:24:43.119597037 +0200 -@@ -57,6 +57,9 @@ - # include - #endif /* HAVE_SYS_PARAM_H */ - -+#ifdef WITH_LSPP -+# include -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -123,6 +126,9 @@ main(int argc, /* I - Number of comm - #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) - struct sigaction action; /* Actions for POSIX signals */ - #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ -+#if WITH_LSPP -+ auditfail_t failmode; /* Action for audit_open failure */ -+#endif /* WITH_LSPP */ - #ifdef __APPLE__ - int use_sysman = 1; /* Use system management functions? */ - #else -@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm - exit(errno); - } - -+#ifdef WITH_LSPP -+ if ((AuditLog = audit_open()) < 0 ) -+ { -+ if (get_auditfail_action(&failmode) == 0) -+ { -+ if (failmode == FAIL_LOG) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem."); -+ AuditLog = -1; -+ } -+ else if (failmode == FAIL_TERMINATE) -+ { -+ fprintf(stderr, "cupsd: unable to start auditing, terminating"); -+ return -1; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Let the system know we are busy while we bring up cupsd... - */ -@@ -1201,6 +1226,11 @@ main(int argc, /* I - Number of comm - - cupsdStopSelect(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ audit_close(AuditLog); -+#endif /* WITH_LSPP */ -+ - return (!stop_scheduler); - } - -diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c ---- cups-2.3.0/scheduler/printers.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/printers.c 2019-10-07 12:29:17.956658129 +0200 -@@ -8,6 +8,8 @@ - * information. - */ - -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -32,6 +34,10 @@ - # include - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+# include -+# include -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -2252,6 +2258,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - ipp_attribute_t *attr; /* Attribute data */ - char *name, /* Current user/group name */ - *filter; /* Current filter */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* Path to a local printer dev */ -+ char *rangestr; /* Printer's range if its available */ -+ security_context_t devcon; /* Printer SELinux context */ -+ context_t printercon; /* context_t for the printer */ -+#endif /* WITH_LSPP */ - - - /* -@@ -2378,6 +2391,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - attr->values[1].string.text = _cupsStrAlloc(Classification ? - Classification : p->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ rangestr = NULL; -+ printercon = 0; -+ printerfile = strstr(p->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0)) -+ printerfile = p->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ if(is_selinux_enabled()) -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context"); -+ } -+ else -+ { -+ printercon = context_new(devcon); -+ freecon(devcon); -+ } -+ } -+ -+ if (printercon && context_range_get(printercon)) -+ rangestr = strdup(context_range_get(printercon)); -+ else -+ rangestr = strdup("unknown"); -+ -+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s", -+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ if (printercon) -+ context_free(printercon); -+ free(rangestr); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ - } - - p->raw = 0; diff --git a/cups-manual-copies.patch b/cups-manual-copies.patch deleted file mode 100644 index 5d9c1af9c3ebbb00ba1de75c0129cad90689c7c8..0000000000000000000000000000000000000000 --- a/cups-manual-copies.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index 94a125a..79aab32 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -3228,7 +3228,7 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ - cupsFilePuts(fp, "*cupsFilter2: \"application/vnd.cups-pdf application/pdf 10 -\"\n"); - } - else -- cupsFilePuts(fp, "*cupsManualCopies: true\n"); -+ cupsFilePuts(fp, "*cupsManualCopies: True\n"); - if (is_apple) - cupsFilePuts(fp, "*cupsFilter2: \"image/urf image/urf 100 -\"\n"); - if (is_pwg) diff --git a/cups-no-export-ssllibs.patch b/cups-no-export-ssllibs.patch deleted file mode 100644 index 14b442651048bd31bad6a0c6db68113965d14c1c..0000000000000000000000000000000000000000 --- a/cups-no-export-ssllibs.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff -up cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs cups-2.2b2/config-scripts/cups-ssl.m4 ---- cups-2.2b2/config-scripts/cups-ssl.m4.no-export-ssllibs 2016-06-27 15:06:22.299980753 +0200 -+++ cups-2.2b2/config-scripts/cups-ssl.m4 2016-06-27 15:08:00.953154042 +0200 -@@ -102,5 +102,5 @@ AC_SUBST(IPPALIASES) - AC_SUBST(SSLFLAGS) - AC_SUBST(SSLLIBS) - --EXPORT_SSLLIBS="$SSLLIBS" -+EXPORT_SSLLIBS="" - AC_SUBST(EXPORT_SSLLIBS) diff --git a/cups-ppdleak.patch b/cups-ppdleak.patch deleted file mode 100644 index 3354f76a2aa13129b7d090e3490366bed6e1d941..0000000000000000000000000000000000000000 --- a/cups-ppdleak.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/ppdc/ppdc-import.cxx b/ppdc/ppdc-import.cxx -index 04b587d..60d8834 100644 ---- a/ppdc/ppdc-import.cxx -+++ b/ppdc/ppdc-import.cxx -@@ -27,7 +27,7 @@ ppdcSource::import_ppd(const char *f) // I - Filename - char line[256], // Comment line - *ptr; // Pointer into line - int cost; // Cost for filter -- ppd_file_t *ppd; // PPD file data -+ ppd_file_t *ppd = NULL; // PPD file data - ppd_group_t *group; // PPD group - ppd_option_t *option; // PPD option - ppd_choice_t *choice; // PPD choice -@@ -323,5 +323,8 @@ ppdcSource::import_ppd(const char *f) // I - Filename - } - } - -+ if (ppd) -+ ppdClose(ppd); -+ - return (1); - } diff --git a/cups-prioritize-print-color-mode.patch b/cups-prioritize-print-color-mode.patch deleted file mode 100644 index feb71197df46102e74b9bbdd4721e4dbd1b6803a..0000000000000000000000000000000000000000 --- a/cups-prioritize-print-color-mode.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c -index 5965e38..94a125a 100644 ---- a/cups/ppd-cache.c -+++ b/cups/ppd-cache.c -@@ -3735,8 +3735,8 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ - */ - - if ((attr = ippFindAttribute(response, "urf-supported", IPP_TAG_KEYWORD)) == NULL) -- if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL) -- if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL) -+ if ((attr = ippFindAttribute(response, "print-color-mode-supported", IPP_TAG_KEYWORD)) == NULL) -+ if ((attr = ippFindAttribute(response, "pwg-raster-document-type-supported", IPP_TAG_KEYWORD)) == NULL) - attr = ippFindAttribute(response, "output-mode-supported", IPP_TAG_KEYWORD); - - if (attr) diff --git a/cups-rastertopwg-crash.patch b/cups-rastertopwg-crash.patch deleted file mode 100644 index 4c378b91e485bdeb7051895b2570052f67b277c2..0000000000000000000000000000000000000000 --- a/cups-rastertopwg-crash.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/filter/rastertopwg.c b/filter/rastertopwg.c -index 1e63e4e..b3a2e87 100644 ---- a/filter/rastertopwg.c -+++ b/filter/rastertopwg.c -@@ -260,7 +260,8 @@ main(int argc, /* I - Number of command-line args */ - } - - if (inheader.cupsPageSizeName[0] && -- (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL) -+ (pwg_size = _ppdCacheGetSize(cache, inheader.cupsPageSizeName)) != NULL && -+ pwg_size->map.pwg) - { - strlcpy(outheader.cupsPageSizeName, pwg_size->map.pwg, - sizeof(outheader.cupsPageSizeName)); diff --git a/cups-ricoh-deviceid-oid.patch b/cups-ricoh-deviceid-oid.patch deleted file mode 100644 index c148f9539b4c2db143afabd4aff6540b5d5a4c43..0000000000000000000000000000000000000000 --- a/cups-ricoh-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200 -@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = { - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; - static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; -+static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_ID, LexmarkDeviceIdOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, RicohDeviceIdOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, diff --git a/cups-synconclose.patch b/cups-synconclose.patch deleted file mode 100644 index 380be9421f49dabc4e432822242a530153d49d57..0000000000000000000000000000000000000000 --- a/cups-synconclose.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up cups-2.2.12/conf/cups-files.conf.in.synconclose cups-2.2.12/conf/cups-files.conf.in ---- cups-2.2.12/conf/cups-files.conf.in.synconclose 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/conf/cups-files.conf.in 2019-08-19 09:58:14.646567949 +0200 -@@ -7,7 +7,7 @@ - #FatalErrors @CUPS_FATAL_ERRORS@ - - # Do we call fsync() after writing configuration or status files? --#SyncOnClose No -+#SyncOnClose Yes - - # Default user and group for filters/backends/helper programs; this cannot be - # any user or group that resolves to ID 0 for security reasons... -diff -up cups-2.2.12/doc/help/man-cups-files.conf.html.synconclose cups-2.2.12/doc/help/man-cups-files.conf.html ---- cups-2.2.12/doc/help/man-cups-files.conf.html.synconclose 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/doc/help/man-cups-files.conf.html 2019-08-19 09:58:14.646567949 +0200 -@@ -150,7 +150,7 @@ The default is "/var/run/cups" or "/etc/ -
Specifies whether the scheduler calls - fsync(2) - after writing configuration or state files. --The default is "No". -+The default is "Yes". -
SystemGroup group-name [ ... group-name ] -
Specifies the group(s) to use for @SYSTEM group authentication. - The default contains "admin", "lpadmin", "root", "sys", and/or "system". -diff -up cups-2.2.12/man/cups-files.conf.man.in.synconclose cups-2.2.12/man/cups-files.conf.man.in ---- cups-2.2.12/man/cups-files.conf.5.synconclose 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/man/cups-files.conf.5 2019-08-19 09:58:14.646567949 +0200 -@@ -214,7 +214,7 @@ The default is "/var/run/cups" or "/etc/ - Specifies whether the scheduler calls - .BR fsync (2) - after writing configuration or state files. --The default is "No". -+The default is "Yes". - .\"#SystemGroup - .TP 5 - \fBSystemGroup \fIgroup-name \fR[ ... \fIgroup-name\fR ] -diff -up cups-2.2.12/scheduler/conf.c.synconclose cups-2.2.12/scheduler/conf.c ---- cups-2.2.12/scheduler/conf.c.synconclose 2019-08-19 09:58:14.647567941 +0200 -+++ cups-2.2.12/scheduler/conf.c 2019-08-19 09:59:36.066927455 +0200 -@@ -735,7 +735,7 @@ cupsdReadConfiguration(void) - RootCertDuration = 300; - Sandboxing = CUPSD_SANDBOXING_STRICT; - StrictConformance = FALSE; -- SyncOnClose = FALSE; -+ SyncOnClose = TRUE; - Timeout = 900; - WebInterface = CUPS_DEFAULT_WEBIF; - diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch deleted file mode 100644 index 260ac29d7d5568e8c3608adf7d826f064494cca4..0000000000000000000000000000000000000000 --- a/cups-systemd-socket.patch +++ /dev/null @@ -1,74 +0,0 @@ -diff -up cups-2.2.12/scheduler/main.c.systemd-socket cups-2.2.12/scheduler/main.c ---- cups-2.2.12/scheduler/main.c.systemd-socket 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/scheduler/main.c 2019-08-19 09:31:09.703370325 +0200 -@@ -674,8 +674,16 @@ main(int argc, /* I - Number of comm - - #ifdef HAVE_ONDEMAND - if (OnDemand) -+ { - cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); -- else -+# ifdef HAVE_SYSTEMD -+ sd_notifyf(0, "READY=1\n" -+ "STATUS=Scheduler is running...\n" -+ "MAINPID=%lu", -+ (unsigned long) getpid()); -+# endif /* HAVE_SYSTEMD */ -+ } else -+ - #endif /* HAVE_ONDEMAND */ - if (fg) - cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground."); -diff -up cups-2.2.12/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.2.12/scheduler/org.cups.cupsd.path.in ---- cups-2.2.12/scheduler/org.cups.cupsd.path.in.systemd-socket 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/scheduler/org.cups.cupsd.path.in 2019-08-19 09:31:09.703370325 +0200 -@@ -1,6 +1,6 @@ - [Unit] - Description=CUPS Scheduler --PartOf=org.cups.cupsd.service -+PartOf=cups.service - - [Path] - PathExists=@CUPS_CACHEDIR@/org.cups.cupsd -diff -up cups-2.2.12/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.2.12/scheduler/org.cups.cupsd.service.in ---- cups-2.2.12/scheduler/org.cups.cupsd.service.in.systemd-socket 2019-08-19 09:31:09.703370325 +0200 -+++ cups-2.2.12/scheduler/org.cups.cupsd.service.in 2019-08-19 09:54:58.890036404 +0200 -@@ -1,13 +1,13 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) --After=sssd.service -+After=sssd.service network.target - - [Service] - ExecStart=@sbindir@/cupsd -l --Type=simple -+Type=notify - Restart=on-failure - - [Install] --Also=org.cups.cupsd.socket org.cups.cupsd.path -+Also=cups.socket cups.path - WantedBy=printer.target -diff -up cups-2.2.12/scheduler/org.cups.cupsd.socket.in.systemd-socket cups-2.2.12/scheduler/org.cups.cupsd.socket.in ---- cups-2.2.12/scheduler/org.cups.cupsd.socket.in.systemd-socket 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/scheduler/org.cups.cupsd.socket.in 2019-08-19 09:31:09.703370325 +0200 -@@ -1,6 +1,6 @@ - [Unit] - Description=CUPS Scheduler --PartOf=org.cups.cupsd.service -+PartOf=cups.service - - [Socket] - ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -diff -up cups-2.2.12/scheduler/org.cups.cups-lpd.socket.systemd-socket cups-2.2.12/scheduler/org.cups.cups-lpd.socket ---- cups-2.2.12/scheduler/org.cups.cups-lpd.socket.systemd-socket 2019-08-16 00:35:30.000000000 +0200 -+++ cups-2.2.12/scheduler/org.cups.cups-lpd.socket 2019-08-19 09:31:09.703370325 +0200 -@@ -1,6 +1,6 @@ - [Unit] - Description=CUPS LPD Server Socket --PartOf=org.cups.cups-lpd.service -+PartOf=cups-lpd.service - - [Socket] - ListenStream=515 diff --git a/cups-webui-uri.patch b/cups-webui-uri.patch deleted file mode 100644 index 7021205c072e208ee9b07e5f0d41577e09a5ed40..0000000000000000000000000000000000000000 --- a/cups-webui-uri.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c -index a87e6be..4600d33 100644 ---- a/cgi-bin/admin.c -+++ b/cgi-bin/admin.c -@@ -974,6 +974,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */ - - cgiSetVariable("TEMPLATE_NAME", template); - } -+ -+ cgiSetVariable("DEVICE_URI", var); - } - } - diff --git a/cups-ypbind.patch b/cups-ypbind.patch deleted file mode 100644 index 17e90a57d6436aea432297d2f54c72137674a4df..0000000000000000000000000000000000000000 --- a/cups-ypbind.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-2.2.12/scheduler/org.cups.cupsd.service.in.ypbind cups-2.2.12/scheduler/org.cups.cupsd.service.in ---- cups-2.2.12/scheduler/org.cups.cupsd.service.in.ypbind 2019-08-19 10:00:47.586326493 +0200 -+++ cups-2.2.12/scheduler/org.cups.cupsd.service.in 2019-08-19 10:01:39.295890076 +0200 -@@ -1,7 +1,7 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) --After=sssd.service network.target -+After=sssd.service network.target ypbind.service - - [Service] - ExecStart=@sbindir@/cupsd -l diff --git a/cups.logrotate b/cups.logrotate deleted file mode 100644 index 773c70fd2aa92610b47438422f8d94e7651a2c90..0000000000000000000000000000000000000000 --- a/cups.logrotate +++ /dev/null @@ -1,5 +0,0 @@ -/var/log/cups/*_log { - missingok - notifempty - sharedscripts -} diff --git a/cups.spec b/cups.spec index 6712924c6dcb96b30692751e90cc9a1a1957367c..6030e1078bb3683c40375c6bcd5b8becb0d6e8d9 100644 --- a/cups.spec +++ b/cups.spec @@ -1,71 +1,76 @@ %global cups_serverbin %{_exec_prefix}/lib/cups + Name: cups Epoch: 1 -Version: 2.3.3 -Release: 6 +Version: 2.4.0 +Release: 11 Summary: CUPS is the standards-based, open source printing system for linux operating systems. -License: GPLv2+ and LGPLv2+ with exceptions and AML -Url: http://www.cups.org/ -Source0: https://github.com/apple/cups/archive/v%{version}.tar.gz +License: Apache-2.0 WITH LLVM-exception +Url: https://openprinting.github.io/cups/ +# Apple stopped uploading the new versions into github, use OpenPrinting fork +Source0: https://github.com/OpenPrinting/cups/releases/download/v%{version}/cups-%{version}-source.tar.gz -Source2: cupsprinter.png -Source3: cups.logrotate -Source5: macros.cups +Source1: cupsprinter.png +Source2: macros.cups Patch1: cups-system-auth.patch Patch2: cups-multilib.patch Patch3: cups-banners.patch -Patch4: cups-no-export-ssllibs.patch -Patch5: cups-direct-usb.patch -Patch6: cups-eggcups.patch -Patch7: cups-driverd-timeout.patch -Patch8: cups-logrotate.patch -Patch9: cups-usb-paperout.patch -Patch10: cups-uri-compat.patch -Patch11: cups-hp-deviceid-oid.patch -Patch12: cups-ricoh-deviceid-oid.patch -Patch13: cups-systemd-socket.patch -Patch14: cups-freebind.patch -Patch15: cups-ipp-multifile.patch -Patch16: cups-web-devices-timeout.patch -Patch17: cups-synconclose.patch -Patch18: cups-ypbind.patch -Patch19: cups-lspp.patch -Patch20: cups-failover-backend.patch -Patch21: cups-filter-debug.patch -Patch22: cups-dymo-deviceid.patch -Patch23: cups-autostart-when-enabled.patch -Patch24: cups-prioritize-print-color-mode.patch -Patch25: cups-ppdleak.patch -Patch26: cups-rastertopwg-crash.patch -Patch27: cups-etimedout.patch -Patch28: cups-webui-uri.patch -Patch29: cups-ipptool-mdns-uri.patch -Patch30: cups-manual-copies.patch - -Provides: cupsddk cupsddk-drivers cups-filesystem cups-client cups-ipptool cups-lpd -Provides: lpd lpr /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat -Obsoletes: cups-client cups-filesystem cups-lpd cups-ipptool - -Provides: cups-printerapp = %{version}-%{release} -Obsoletes: cups-printerapp < %{version}-%{release} +Patch4: cups-direct-usb.patch +Patch5: cups-driverd-timeout.patch +Patch6: cups-usb-paperout.patch +Patch7: cups-uri-compat.patch +Patch8: cups-freebind.patch +Patch9: cups-ipp-multifile.patch +Patch10: cups-web-devices-timeout.patch + +Patch6000: backport-CVE-2022-26691.patch +Patch6001: backport-Remove-legacy-code-for-RIP_MAX_CACHE-environment-variable.patch +Patch6002: backport-Also-fix-cupsfilter.patch +Patch6003: backport-CVE-2023-32324.patch +Patch6004: fix-httpAddrGetList-test-case-fail.patch +Patch6005: backport-CVE-2023-34241.patch +Patch6006: backport-CVE-2023-4504.patch +Patch6007: backport-Fix-CVE-2024-35235.patch BuildRequires: pam-devel pkgconf-pkg-config pkgconfig(gnutls) libacl-devel openldap-devel pkgconfig(libusb-1.0) BuildRequires: krb5-devel pkgconfig(avahi-client) systemd pkgconfig(libsystemd) pkgconfig(dbus-1) python3-cups -BuildRequires: automake zlib-devel gcc gcc-c++ libselinux-devel audit-libs-devel -Requires: dbus systemd acl cups-filters /usr/sbin/alternatives %{name}-libs = %{epoch}:%{version}-%{release} +BuildRequires: automake zlib-devel gcc gcc-c++ libselinux-devel audit-libs-devel make +Requires: dbus systemd acl cups-filters /usr/sbin/alternatives +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-client%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} + +# Requires working PrivateTmp (bug #807672) +Requires(pre): systemd +Requires(post): systemd +Requires(post): grep, sed +Requires(preun): systemd +Requires(postun): systemd %description CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing -Protocol (IPP) to support printing to local and network printers.. +Protocol (IPP) to support printing to local and network printers. + +%package client +Summary: CUPS printing system - client programs +License: GPLv2 +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Provides: /usr/bin/lpq /usr/bin/lpr /usr/bin/lp /usr/bin/cancel /usr/bin/lprm /usr/bin/lpstat +Requires: /usr/sbin/alternatives +Provides: lpr + +%description client +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This package contains command-line client +programs. %package devel Summary: CUPS printing system - development environment License: LGPLv2 -Requires: %{name}%-libs = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: gnutls-devel krb5-devel zlib-devel -Provides: cupsddk-devel %description devel CUPS is the standards-based, open source printing system developed by Apple Inc. @@ -76,8 +81,53 @@ package to develop other printer drivers. Summary: CUPS libs License: LGPLv2 and zlib -%description libs -The package provides cups libraries +%description libs +CUPS printing system provides a portable printing layer for +UNIX® operating systems. It has been developed by Apple Inc. +to promote a standard printing solution for all UNIX vendors and users. +CUPS provides the System V and Berkeley command-line interfaces. +The cups-libs package provides libraries used by applications to use CUPS +natively, without needing the lp/lpr commands. + +%package filesystem +Summary: CUPS printing system - directory layout +BuildArch: noarch + +%description filesystem +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This package provides some directories which are +required by other packages that add CUPS drivers (i.e. filters, backends etc.). + +%package lpd +Summary: CUPS printing system - lpd emulation +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Provides: lpd + +%description lpd +CUPS printing system provides a portable printing layer for +UNIX® operating systems. This is the package that provides standard +lpd emulation. + +%package ipptool +Summary: CUPS printing system - tool for performing IPP requests +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: avahi + +%description ipptool +Sends IPP requests to the specified URI and tests and/or displays the results. + +%package printerapp +Summary: CUPS printing system - tools for printer application +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: avahi + +%description printerapp +Provides IPP everywhere printer application ippeveprinter and tools for printing +PostScript and HP PCL document formats - ippevepcl and ippeveps. The printer +application enables older printers for IPP everywhere standard - so if older printer +is installed with a printer application, its print queue acts as IPP everywhere printer +to CUPS daemon. This solution will substitute printer drivers and raw queues in the future. %package help Summary: Documents for cups @@ -91,9 +141,10 @@ Man pages and other related documents. sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in sed -i -e 's,^ErrorLog .*$,ErrorLog syslog,' -i -e 's,^AccessLog .*$,AccessLog syslog,' -i -e 's,^PageLog .*,PageLog syslog,' conf/cups-files.conf.in +perl -pi -e "s,^.SILENT:,," Makedefs.in aclocal -I config-scripts -autoconf -I config-scripts +autoconf -f -I config-scripts %build export DSOFLAGS="$DSOFLAGS -L../cgi-bin -L../filter -L../ppdc -L../scheduler -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld -Wl,-z,relro,-z,now -fPIE -pie" @@ -106,7 +157,6 @@ export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1" --with-log-file-perm=0600 \ --enable-relro \ --with-dbusdir=%{_sysconfdir}/dbus-1 \ - --with-php=/usr/bin/php-cgi \ --enable-avahi \ --enable-threads \ --enable-gnutls \ @@ -114,10 +164,15 @@ export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1" --with-xinetd=no \ --with-access-log-level=actions \ --enable-page-logging \ + --with-rundir=%{_rundir}/cups \ + --enable-sync-on-close \ localedir=%{_datadir}/locale %make_build +%check +make check + %install make BUILDROOT=${RPM_BUILD_ROOT} install @@ -140,26 +195,25 @@ done mv ${RPM_BUILD_ROOT}%{_mandir}/man8/lpc.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/lpc-cups.8 popd -mv ${RPM_BUILD_ROOT}%{_unitdir}/org.cups.cupsd.path ${RPM_BUILD_ROOT}%{_unitdir}/cups.path -mv ${RPM_BUILD_ROOT}%{_unitdir}/org.cups.cupsd.service ${RPM_BUILD_ROOT}%{_unitdir}/cups.service -mv ${RPM_BUILD_ROOT}%{_unitdir}/org.cups.cupsd.socket ${RPM_BUILD_ROOT}%{_unitdir}/cups.socket -mv ${RPM_BUILD_ROOT}%{_unitdir}/org.cups.cups-lpd.socket ${RPM_BUILD_ROOT}%{_unitdir}/cups-lpd.socket -mv ${RPM_BUILD_ROOT}%{_unitdir}/org.cups.cups-lpd@.service ${RPM_BUILD_ROOT}%{_unitdir}/cups-lpd@.service - -/bin/sed -i -e "s,org.cups.cupsd,cups,g" ${RPM_BUILD_ROOT}%{_unitdir}/cups.service - install -d ${RPM_BUILD_ROOT}%{_datadir}/pixmaps ${RPM_BUILD_ROOT}%{_sysconfdir}/X11/sysconfig \ - ${RPM_BUILD_ROOT}%{_sysconfdir}/X11/applnk/System ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d \ + ${RPM_BUILD_ROOT}%{_sysconfdir}/X11/applnk/System \ ${RPM_BUILD_ROOT}%{_rpmconfigdir}/macros.d -install -p -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_datadir}/pixmaps -install -p -m 644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/cups -install -m 0644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_rpmconfigdir}/macros.d +install -p -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_datadir}/pixmaps +install -m 0644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_rpmconfigdir}/macros.d touch ${RPM_BUILD_ROOT}%{_sysconfdir}/cups/{printers,classes,client,subscriptions}.conf touch ${RPM_BUILD_ROOT}%{_sysconfdir}/cups/lpoptions install -d ${RPM_BUILD_ROOT}%{_datadir}/ppd +# Remove unshipped files. +rm -rf %{buildroot}%{_mandir}/cat? %{buildroot}%{_mandir}/*/cat? +rm -f %{buildroot}%{_datadir}/applications/cups.desktop +rm -rf %{buildroot}%{_datadir}/icons +# there are pdf-banners shipped with cups-filters (#919489) +rm -rf %{buildroot}%{_datadir}/cups/banners +rm -f %{buildroot}%{_datadir}/cups/data/testprint + install -d ${RPM_BUILD_ROOT}%{_tmpfilesdir} cat > ${RPM_BUILD_ROOT}%{_tmpfilesdir}/cups.conf < %{name}.lang -%pre - -%preun -%systemd_preun %{name}.path %{name}.socket %{name}.service -%systemd_preun cups-lpd.socket - %post - %systemd_post %{name}.path %{name}.socket %{name}.service install -d ${RPM_BUILD_ROOT}%{_localstatedir}/run/cups/certs /bin/sed -i -e "s,^PageLogFormat,#PageLogFormat,i" %{_sysconfdir}/cups/cups-files.conf +%post client +/usr/sbin/alternatives --install %{_bindir}/lpr print %{_bindir}/lpr.cups 40 \ + --slave %{_bindir}/lp print-lp %{_bindir}/lp.cups \ + --slave %{_bindir}/lpq print-lpq %{_bindir}/lpq.cups \ + --slave %{_bindir}/lprm print-lprm %{_bindir}/lprm.cups \ + --slave %{_bindir}/lpstat print-lpstat %{_bindir}/lpstat.cups \ + --slave %{_bindir}/cancel print-cancel %{_bindir}/cancel.cups \ + --slave %{_sbindir}/lpc print-lpc %{_sbindir}/lpc.cups \ + --slave %{_mandir}/man1/cancel.1.gz print-cancelman %{_mandir}/man1/cancel-cups.1.gz \ + --slave %{_mandir}/man1/lp.1.gz print-lpman %{_mandir}/man1/lp-cups.1.gz \ + --slave %{_mandir}/man8/lpc.8.gz print-lpcman %{_mandir}/man8/lpc-cups.8.gz \ + --slave %{_mandir}/man1/lpq.1.gz print-lpqman %{_mandir}/man1/lpq-cups.1.gz \ + --slave %{_mandir}/man1/lpr.1.gz print-lprman %{_mandir}/man1/lpr-cups.1.gz \ + --slave %{_mandir}/man1/lprm.1.gz print-lprmman %{_mandir}/man1/lprm-cups.1.gz \ + --slave %{_mandir}/man1/lpstat.1.gz print-lpstatman %{_mandir}/man1/lpstat-cups.1.gz || : + +%post lpd %systemd_post cups-lpd.socket -exit 0 - -%post libs -p /sbin/ldconfig + +%ldconfig_scriptlets libs + +%preun +%systemd_preun %{name}.path %{name}.socket %{name}.service + +%preun client +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove print %{_bindir}/lpr.cups || : +fi + +%preun lpd +%systemd_preun cups-lpd.socket %postun - %systemd_postun_with_restart %{name}.path %{name}.socket %{name}.service + +%postun lpd %systemd_postun_with_restart cups-lpd.socket -exit 0 - -%postun libs -p /sbin/ldconfig %triggerin -- samba-client ln -sf %{_libexecdir}/samba/cups_backend_smb %{_exec_prefix}/lib/cups/backend/smb || : @@ -216,13 +288,78 @@ exit 0 rm -f %{_exec_prefix}/lib/cups/backend/smb %files -f %{name}.lang +%{_bindir}/cupstestppd +%{_bindir}/ppd* +%{_sbindir}/* +# client subpackage +%exclude %{_sbindir}/lpc.cups +%dir %{cups_serverbin}/daemon +%{cups_serverbin}/daemon/cups-deviced +%{cups_serverbin}/daemon/cups-driverd +%{cups_serverbin}/daemon/cups-exec +%{cups_serverbin}/backend/* +%{cups_serverbin}/cgi-bin +%{cups_serverbin}/filter/* +%{cups_serverbin}/monitor +%{cups_serverbin}/notifier +%{_datadir}/cups/drv/sample.drv +%{_datadir}/cups/examples +%{_datadir}/cups/mime/mime.types +%{_datadir}/cups/mime/mime.convs +%{_datadir}/cups/ppdc/*.defs +%{_datadir}/cups/ppdc/*.h +%dir %{_datadir}/cups/templates +%{_datadir}/cups/templates/*.tmpl +%dir %{_datadir}/cups/templates/de +%{_datadir}/cups/templates/de/*.tmpl +%dir %{_datadir}/cups/templates/da +%{_datadir}/cups/templates/da/*.tmpl +%dir %{_datadir}/cups/templates/es +%{_datadir}/cups/templates/es/*.tmpl +%dir %{_datadir}/cups/templates/fr +%{_datadir}/cups/templates/fr/*.tmpl +%dir %{_datadir}/cups/templates/ja +%{_datadir}/cups/templates/ja/*.tmpl +%dir %{_datadir}/cups/templates/pt_BR +%{_datadir}/cups/templates/pt_BR/*.tmpl +%dir %{_datadir}/cups/templates/ru +%{_datadir}/cups/templates/ru/*.tmpl +%dir %{_datadir}/%{name}/usb +%{_datadir}/%{name}/usb/org.cups.usb-quirks +%dir %{_datadir}/%{name}/www +%{_datadir}/%{name}/www/images +%{_datadir}/%{name}/www/*.css +%dir %{_datadir}/%{name}/www/de +%dir %{_datadir}/%{name}/www/da +%dir %{_datadir}/%{name}/www/es +%dir %{_datadir}/%{name}/www/fr +%dir %{_datadir}/%{name}/www/ja +%dir %{_datadir}/%{name}/www/pt_BR +%dir %{_datadir}/%{name}/www/ru +%{_datadir}/pixmaps/cupsprinter.png +%dir %attr(1770,root,lp) %{_localstatedir}/spool/cups/tmp +%dir %attr(0710,root,lp) %{_localstatedir}/spool/cups +%dir %attr(0755,root,lp) %{_localstatedir}/log/cups +# client subpackage +%exclude %{_mandir}/man1/lp*.1.gz +%exclude %{_mandir}/man1/cancel-cups.1.gz +%exclude %{_mandir}/man8/lpc-cups.8.gz +# devel subpackage +%exclude %{_mandir}/man1/cups-config.1.gz +# ipptool subpackage +%exclude %{_mandir}/man1/ipptool.1.gz +%exclude %{_mandir}/man5/ipptoolfile.5.gz +# lpd subpackage +%exclude %{_mandir}/man8/cups-lpd.8.gz +# printerapp +%exclude %{_mandir}/man1/ippeveprinter.1.gz +%exclude %{_mandir}/man7/ippevepcl.7.gz +%exclude %{_mandir}/man7/ippeveps.7.gz +%dir %attr(0755,root,lp) %{_rundir}/cups +%dir %attr(0511,lp,sys) %{_rundir}/cups/certs %dir %attr(0755,root,lp) %{_sysconfdir}/cups -%dir %attr(0755,root,lp) %{_localstatedir}/run/cups -%dir %attr(0511,lp,sys) %{_localstatedir}/run/cups/certs -%{_tmpfilesdir}/cups.conf -%{_tmpfilesdir}/cups-lp.conf -%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf.default +%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf %verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cups-files.conf %attr(0640,root,lp) %{_sysconfdir}/cups/cups-files.conf.default %verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/client.conf @@ -234,104 +371,133 @@ rm -f %{_exec_prefix}/lib/cups/backend/smb %verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/lpoptions %dir %attr(0755,root,lp) %{_sysconfdir}/cups/ppd %dir %attr(0700,root,lp) %{_sysconfdir}/cups/ssl -%config(noreplace) %{_sysconfdir}/pam.d/cups -%config(noreplace) %{_sysconfdir}/logrotate.d/cups %config(noreplace) %{_sysconfdir}/dbus-1/system.d/cups.conf - +%config(noreplace) %{_sysconfdir}/pam.d/cups +%{_tmpfilesdir}/cups.conf +%{_tmpfilesdir}/cups-lp.conf +%attr(0644, root, root)%{_unitdir}/%{name}.service +%attr(0644, root, root)%{_unitdir}/%{name}.socket +%attr(0644, root, root)%{_unitdir}/%{name}.path + +%files client +%{_bindir}/cancel* +%{_bindir}/lp* +%{_sbindir}/lpc.cups +%{_mandir}/man1/cancel-cups.1.gz +%{_mandir}/man1/lp*.1.gz +%{_mandir}/man8/lpc-cups.8.gz + +%files libs +%{license} LICENSE +%{license} NOTICE +%{_libdir}/libcups.so.2 +%{_libdir}/libcupsimage.so.2 + +%files filesystem +%dir %{cups_serverbin} +%dir %{cups_serverbin}/backend +%dir %{cups_serverbin}/driver +%dir %{cups_serverbin}/filter +%dir %{_datadir}/cups %dir %{_datadir}/cups/data %dir %{_datadir}/cups/drv %dir %{_datadir}/cups/mime %dir %{_datadir}/cups/model %dir %{_datadir}/cups/ppdc %dir %{_datadir}/ppd -%exclude %{_mandir}/cat? -%exclude %{_mandir}/*/cat? -%exclude %{_datadir}/applications/cups.desktop -%exclude %{_datadir}/icons -%exclude %{_datadir}/cups/banners -%exclude %{_datadir}/cups/data/testprint - -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}.socket -%{_unitdir}/%{name}.path -%{_unitdir}/cups-lpd.socket -%{_unitdir}/cups-lpd@.service -%{_bindir}/cupstestppd -#%%{_bindir}/cupstestdsc -%{_bindir}/ppd* -%{_bindir}/cancel* -%{_bindir}/lp* -%{_bindir}/ipptool + +%files devel +%{_bindir}/cups-config +%{_includedir}/cups +%{_libdir}/*.so +%{_rpmconfigdir}/macros.d/macros.cups +%{_prefix}/lib/pkgconfig/cups.pc + +%files lpd +%{cups_serverbin}/daemon/cups-lpd +%{_mandir}/man8/cups-lpd.8.gz +%attr(0644, root, root)%{_unitdir}/cups-lpd.socket +%attr(0644, root, root)%{_unitdir}/cups-lpd@.service + +%files ipptool %{_bindir}/ippfind +%{_bindir}/ipptool +%dir %{_datadir}/cups/ipptool +%{_datadir}/cups/ipptool/* +%{_mandir}/man1/ipptool.1.gz +%{_mandir}/man5/ipptoolfile.5.gz + +%files printerapp %{_bindir}/ippeveprinter -%{_sbindir}/* %dir %{cups_serverbin}/command %{cups_serverbin}/command/ippevepcl %{cups_serverbin}/command/ippeveps - -%{_exec_prefix}/lib/cups/backend/* -%{_exec_prefix}/lib/cups/cgi-bin -%dir %{_exec_prefix}/lib/cups/driver -%dir %{_exec_prefix}/lib/cups/daemon -%{_exec_prefix}/lib/cups/daemon/cups-deviced -%{_exec_prefix}/lib/cups/daemon/cups-driverd -%{_exec_prefix}/lib/cups/daemon/cups-exec -%{_exec_prefix}/lib/cups/notifier -%{_exec_prefix}/lib/cups/filter/* -%{_exec_prefix}/lib/cups/monitor -%{_exec_prefix}/lib/cups/daemon/cups-lpd - -%{_datadir}/cups/templates/*.tmpl -%{_datadir}/cups/templates/de/*.tmpl -%{_datadir}/cups/templates/fr/*.tmpl -%{_datadir}/cups/templates/es/*.tmpl -%{_datadir}/cups/templates/ja/*.tmpl -%{_datadir}/cups/templates/ru/*.tmpl -%{_datadir}/cups/templates/pt_BR/*.tmpl -%dir %attr(1770,root,lp) %{_localstatedir}/spool/cups/tmp -%dir %attr(0710,root,lp) %{_localstatedir}/spool/cups -%dir %attr(0755,root,lp) %{_localstatedir}/log/cups -%{_datadir}/pixmaps/cupsprinter.png - -%{_datadir}/cups/drv/sample.drv -%{_datadir}/cups/examples -%{_datadir}/cups/mime/mime.types -%{_datadir}/cups/mime/mime.convs -%{_datadir}/cups/ppdc/*.defs -%{_datadir}/cups/ppdc/*.h - -%{_datadir}/%{name}/www/images -%{_datadir}/%{name}/www/*.css -%dir %{_datadir}/%{name}/usb -%{_datadir}/%{name}/usb/org.cups.usb-quirks -%dir %{_datadir}/cups/ipptool -%{_datadir}/cups/ipptool/* - -%files libs -%{license} LICENSE NOTICE -%{_libdir}/lib*.so.* - -%files devel -%{_bindir}/cups-config -%{_libdir}/*.so -%{_includedir}/cups -%{_rpmconfigdir}/macros.d/macros.cups +%{_mandir}/man1/ippeveprinter.1.gz +%{_mandir}/man7/ippevepcl.7.gz +%{_mandir}/man7/ippeveps.7.gz %files help %{_mandir}/man[1578]/* - +%{_mandir}/man1/cups-config.1.gz %doc README.md CREDITS.md CHANGES.md %doc %{_datadir}/%{name}/www/index.html %doc %{_datadir}/%{name}/www/help %doc %{_datadir}/%{name}/www/robots.txt %doc %{_datadir}/%{name}/www/de/index.html +%doc %{_datadir}/%{name}/www/da/index.html %doc %{_datadir}/%{name}/www/es/index.html +%doc %{_datadir}/%{name}/www/fr/index.html %doc %{_datadir}/%{name}/www/ja/index.html %doc %{_datadir}/%{name}/www/ru/index.html %doc %{_datadir}/%{name}/www/pt_BR/index.html %doc %{_datadir}/%{name}/www/apple-touch-icon.png %changelog +* Wed Jun 12 2024 baiguo - 1:2.4.0-11 +- fix CVE-2024-35235 + +* Fri Sep 22 2023 zhouwenpei - 1:2.4.0-10 +- fix CVE-2023-4504 + +* Wed Jul 19 2023 haomimi - 1:2.4.0-9 +- DESC:The license is changed to apache 2.0 + +* Mon Jun 26 2023 zhouwenpei - 1:2.4.0-8 +- fix CVE-2023-34241 + +* Fri Jun 9 2023 zhangpan - 1:2.4.0-7 +- fix build error + +* Sat Jun 3 2023 zhouwenpei - 1:2.4.0-6 +- fix CVE-2023-32324 + +* Tue Feb 21 2023 zhouwenpei - 2.4.0-5 +- fix update conflict of devel and help + +* Wed Jun 15 2022 hanhui - 2.4.0-4 +- Remove legacy code for RIP_MAX_CACHE environment variable + +* Thu Jun 9 2022 hanhui - 2.4.0-3 +- fix CVE-2022-26691 + +* Thu May 12 2022 zhanzhimin - 2.4.0-2 +- fix official website address + +* Thu Dec 9 2021 hanhui - 2.4.0-1 +- DESC:update to cups-2.4.0 + +* Thu Nov 04 2021 wangkerong - 2.3.3-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix cups-devel requires error + +* Fri Sep 24 2021 liuyumeng - 2.3.3-7 +- Type:CVE +- ID:CVE-2020-10001 +- SUG:NA +- DESC:Fix CVE-2020-10001 + * Tue Jun 08 2021 wangkerong - 2.3.3-6 - Type:CVE - ID:CVE-2021-25317 diff --git a/fix-httpAddrGetList-test-case-fail.patch b/fix-httpAddrGetList-test-case-fail.patch new file mode 100644 index 0000000000000000000000000000000000000000..320fc3b6407a459c3a9f028a023975368e3d861a --- /dev/null +++ b/fix-httpAddrGetList-test-case-fail.patch @@ -0,0 +1,44 @@ +From 079c00aac0db4d95383cf73be73e641ff26ebfc6 Mon Sep 17 00:00:00 2001 +From: zhangpan +Date: Fri, 9 Jun 2023 11:04:18 +0800 +Subject: [PATCH] fix httpAddrGetList test case fail + +--- + cups/testhttp.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/cups/testhttp.c b/cups/testhttp.c +index 313e4bb..f446d65 100644 +--- a/cups/testhttp.c ++++ b/cups/testhttp.c +@@ -14,7 +14,7 @@ + */ + + #include "cups-private.h" +- ++#include + + /* + * Types and structures... +@@ -231,7 +231,8 @@ main(int argc, /* I - Number of command-line arguments */ + char scheme[HTTP_MAX_URI], /* Scheme from URI */ + hostname[HTTP_MAX_URI], /* Hostname from URI */ + username[HTTP_MAX_URI], /* Username:password from URI */ +- resource[HTTP_MAX_URI]; /* Resource from URI */ ++ resource[HTTP_MAX_URI], /* Resource from URI */ ++ localhostname[HTTP_MAX_URI]; /* gethostname */ + int port; /* Port number from URI */ + http_uri_status_t uri_status; /* Status of URI separation */ + http_addrlist_t *addrlist, /* Address list */ +@@ -391,7 +392,7 @@ main(int argc, /* I - Number of command-line arguments */ + + printf("httpAddrGetList(%s): ", hostname); + +- addrlist = httpAddrGetList(hostname, AF_UNSPEC, NULL); ++ addrlist = httpAddrGetList(gethostname(localhostname, sizeof(localhostname)), AF_UNSPEC, NULL); + if (addrlist) + { + for (i = 0, addr = addrlist; addr; i ++, addr = addr->next) +-- +2.33.0 + diff --git a/ncp.backend b/ncp.backend deleted file mode 100644 index d57ada1bcf99a05ecc87f3265213a8cbaff73da9..0000000000000000000000000000000000000000 --- a/ncp.backend +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# This is a modified version of 'ncpprint'. It can now be used as a CUPS -# backend. -# Modifications: -# Copyright (C) 2002 Red Hat, inc -# Copyright (C) 2002 Tim Waugh -# Before modification: shipped as /usr/share/printconf/util/ncpprint - -if [ -z "$*" ] -then - # This is where we would enumerate all the URIs we support. - # Patches welcome. - exit 0 -fi - -FILE=$6 -if [ -z "$FILE" ] -then - FILE=- -fi - -# $DEVICE_URI is 'ncp://[user:password@]server/queue' -URI=${DEVICE_URI#*://} -queue=${URI#*/} -URI=${URI%/$queue} -server=${URI#*@} -URI=${URI%$server} -URI=${URI%@} -if [ -n "$URI" ] -then - user=${URI%:*} - URI=${URI#$user} - password=${URI#:} -fi - -#echo user: ${user-(none)} -#echo password: ${password-(none)} -#echo server: $server -#echo queue: $queue - -if [ -n "$user" ] -then - if [ -n "$password" ] - then - /usr/bin/nprint -S "$server" -q "$queue" -U "$user" -P "$password" -N "$FILE" 2>/dev/null - else - /usr/bin/nprint -S "$server" -q "$queue" -U "$user" -n -N "$FILE" 2>/dev/null - fi -else - /usr/bin/nprint -S "$server" -q "$queue" -N "$FILE" 2>/dev/null -fi