pool/cups
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 958348 from home:ajoga:branches:openSUSE:Factory

Browse Source 
- Version upgrade to 2.4.1
- Dropped patch upstream_pull_174 because it it is included in this release
- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd)
- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
- Re-enabled testsuite
  * Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239))
- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes

old: Printing/cups
new: home:ajoga:branches:openSUSE:Factory/cups rev None
Index: cups-2.1.0-default-webcontent-path.patch
===================================================================
--- cups-2.1.0-default-webcontent-path.patch (revision 380)
+++ cups-2.1.0-default-webcontent-path.patch (revision 2)
@@ -1,17 +1,21 @@
---- config-scripts/cups-directories.m4.orig	2014-03-21 17:42:53.000000000 +0100
-+++ config-scripts/cups-directories.m4	2015-09-01 11:08:43.000000000 +0200
-@@ -206,11 +206,11 @@ fi
- AC_SUBST(MENUDIR)
+--- config-scripts/cups-directories.m4
++++ config-scripts/cups-directories.m4.orig
+@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [
+ AC_SUBST([MENUDIR])
  
  # Documentation files
--AC_ARG_WITH(docdir, [  --with-docdir           set path for documentation],docdir="$withval",docdir="")
-+AC_ARG_WITH(docdir, [  --with-docdir           set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="")
+-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [
++AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [
+     docdir="$withval"
+ ], [
+     docdir=""
+ ])
  
- if test x$docdir = x; then
--	CUPS_DOCROOT="$datadir/doc/cups"
--	docdir="$datadir/doc/cups"
-+	CUPS_DOCROOT="$datadir/cups/webcontent"
-+	docdir="$datadir/cups/webcontent"
- else
- 	CUPS_DOCROOT="$docdir"
- fi
+ AS_IF([test x$docdir = x], [
+-    CUPS_DOCROOT="$datadir/doc/cups"
+-    docdir="$datadir/doc/cups"
++    CUPS_DOCROOT="$datadir/cups/webcontent"
++    docdir="$datadir/cups/webcontent"
+ ], [
+     CUPS_DOCROOT="$docdir"
+ ])
Index: cups-config-libs.patch
===================================================================
--- cups-config-libs.patch (revision 380)
+++ cups-config-libs.patch (revision 2)
@@ -4,7 +4,7 @@
  # flags for compiler and linker...
  CFLAGS=""
  LDFLAGS="@EXPORT_LDFLAGS@"
--LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
+-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@"
 +LIBS=""
  
  # Check for local invocation...
Index: cups.changes
===================================================================
--- cups.changes (revision 380)
+++ cups.changes (revision 2)
@@ -1,4 +1,88 @@
 -------------------------------------------------------------------
+Tue Mar  1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com>
+
+- Version upgrade to 2.4.1: 
+  * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277)
+  * Configuration script now checks linking for -Wl,-pie flags (Issue #303)
+  * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
+  * Fixed missing bracket in de/index.html (Issue #299)
+  * Fixed typos in configuration scripts (Issues #304, #316)
+  * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
+  * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
+  * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)
+  * Added configure option --with-idle-exit-timeout (Issue #294)
+  * Added --with-systemd-timeoutstartsec configure option (Issue #298)
+  * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
+  * Fixed compilation on Solaris (Issue #293)
+  * Fixed and improved German translations (Issue #296, Issue #297)
+  * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
+  * Compilation now uses -fstack-protector-strong if available (Issue #285)
+  * Added support for CUPS running in a Snapcraft snap.
+  * Added basic OAuth 2.0 client support (Issue #100)
+  * Added support for AirPrint and Mopria clients (Issue #105)
+  * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
+  * Added several features and improvements to ipptool (Issue #153)
+  * Added a JSON output mode for ipptool.
+  * The ipptool command now correctly reports an error when a test file cannot be found.
+  * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
+  * Fixed Kerberos authentication for the web interface (Issue #19)
+  * The ZPL sample driver now supports more "standard" label sizes (Issue #70)
+  * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
+  * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
+  * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
+  * The testlang unit test program now loops over all of the available locales by default (Issue #85)
+  * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
+  * The PPD functions now treat boolean values as case-insensitive (Issue #106)
+  * Temporary queue names no longer end with an underscore (Issue #110)
+  * The USB backend now runs as root (Issue #121)
+  * Added pkg-config file for libcups (Issue #122)
+  * Fixed a PPD memory leak caused by emulator definitions (Issue #124)
+  * Fixed a DISPLAY bug in ipptool (Issue #139)
+  * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
+  * Added support for locales using the GB18030 character set (Issue #159)
+  * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
+  * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
+  * The IPP backend now retries Validate-Job requests (Issue #132)
+  * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
+  * Added dark mode support to the CUPS web interface (Issue #152)
+  * Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
+  * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
+  * Now use a 60 second timeout for reading USB backchannel data (Issue #160)
+  * The USB backend now tries harder to find a serial number (Issue #170)
+  * Fixed @IF(name) handling in cupsd.conf (Apple #5918)
+  * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940)
+  * Fixed the lpc command prompt (Apple #5946)
+  * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
+  * Fixed a job history update issue in the scheduler (Issue #187)
+  * Fixed job-pages-per-set value for duplex print jobs.
+  * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
+  * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
+  * The scheduler now supports the "everywhere" model directly (Issue #201)
+  * Fixed some IPP Everywhere option mapping problems (Issue #238)
+  * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
+  * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
+  * Fixed support for the 'offline-report' state for all USB backends (Issue #264)
+  * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
+  * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
+  * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
+  * Web interface updates (Issue #142, Issue #218)
+  * The ippeveprinter tool now automatically uses an available port.
+  * Fixed several Windows TLS and hashing issues.
+  * Deprecated cups-config (Issue #97)
+  * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
+  * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
+  * Stubbed out deprecated httpMD5 functions.
+  * Add test for undefined page ranges during printing.
+- Dropped patch upstream_pull_174 because it it is included in this release
+- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd)
+- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
+- Re-enabled testsuite
+  * Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239))
+- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
+- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
+- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
+
+-------------------------------------------------------------------
 Tue Feb  1 09:18:27 UTC 2022 - jsmeix@suse.de
 
 - Enhanced harden_cups.service.patch by adding
Index: cups.keyring
===================================================================
Binary files cups.keyring (revision 380) and cups.keyring (revision 2) differ
Index: cups.spec
===================================================================
--- cups.spec (revision 380)
+++ cups.spec (revision 2)
@@ -18,9 +18,7 @@
 
 # Cf. https://rpm.org/user_doc/conditional_builds.html
 # by default enable testsuite (i.e. in the 'check' section run make check and make test)
-#bcond_without testsuite
-# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
-%bcond_with testsuite
+%bcond_without testsuite
 
 # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
@@ -29,34 +27,32 @@
 # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
 # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
 # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
-Version:        2.3.3op2
+Version:        2.4.1
 Release:        0
 Summary:        The Common UNIX Printing System
 License:        Apache-2.0
 Group:          Hardware/Printing
 URL:            https://openprinting.github.io/cups
 # To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
-Source0:        https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
+# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
+Source0:        https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
 # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-Source1:        https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-# To get Source2 go to https://www.msweet.org/pgp.html
-# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
+# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
+Source1:        https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
+# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
+# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
+# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
 Source2:        cups.keyring
 # To manually verify Source0 with Source1 and Source2 do e.g.
 #   gpg --import cups.keyring
-#   gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
-#   gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
+#   gpg --list-keys | grep -1 'Zdenek Dohnal'
+#   gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz
 Source102:      Postscript.ppd.gz
 Source105:      Postscript-level1.ppd.gz
 Source106:      Postscript-level2.ppd.gz
 Source108:      cups-client.conf
 Source109:      baselibs.conf
 # Patch0...Patch9 is for patches from upstream:
-# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
-# Use 60s timeout for read_thread, revert read limits
-Patch1:         upstream_pull_174.patch
 # Source10...Source99 is for sources from SUSE which are intended for upstream:
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
@@ -66,8 +62,6 @@
 # because the files of the CUPS web content are no documentation, see CUPS STR #3578
 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
 Patch11:        cups-2.1.0-default-webcontent-path.patch
-# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
-Patch12:        cups-2.1.0-cups-systemd-socket.patch
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 Patch100:       cups-pam.diff
@@ -83,9 +77,9 @@
 Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 Patch104:       cups-config-libs.patch
-# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
-Patch106:       fix-negotiate-authentication-between-CGIs-and-scheduler.patch
 Patch107:       harden_cups.service.patch
+# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing
+Patch108:       downgrade-autoconf-requirement.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
@@ -280,9 +274,6 @@
 %prep
 %setup -q
 # Patch0...Patch9 is for patches from upstream:
-# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
-# Use 60s timeout for read_thread, revert read limits
-%patch1 -p1
 # Patch10...Patch99 is for patches from SUSE which are intended for upstream:
 # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
 %patch10 -b choose-uri-template.orig
@@ -291,8 +282,6 @@
 # because the files of the CUPS web content are no documentation, see CUPS STR #3578
 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
 %patch11 -b default-webcontent-path.orig
-# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
-#patch12 -b cups-systemd-socket.orig
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 %patch100 -b cups-pam.orig
@@ -308,9 +297,8 @@
 %patch103 -b do_not_strip_recommended_from_PPDs.orig
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 %patch104 -b cups-config-libs.orig
-# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
-%patch106 -p1
 %patch107 -p1
+%patch108 -p1
 
 %build
 # Remove ".SILENT" rule for verbose build output
@@ -439,8 +427,6 @@
 # There appears to be some kind of race condition when running make check and make test
 # cf. https://github.com/OpenPrinting/cups/issues/155
 # We print all logs for debugging purposes if either testsuite fails
-echo "DEBUG: running make check"
-bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
 echo "DEBUG: running make test"
 bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
 %else
@@ -681,6 +667,7 @@
 
 %files devel
 %defattr(-,root,root)
+/usr/lib/pkgconfig/cups.pc
 %{_includedir}/cups/
 %{_libdir}/libcups.so
 %{_libdir}/libcupsimage.so
Index: cups-2.4.1-source.tar.gz
===================================================================
Binary file cups-2.4.1-source.tar.gz (revision 2) added
Index: cups-2.4.1-source.tar.gz.sig
===================================================================
Binary file cups-2.4.1-source.tar.gz.sig (revision 2) added
Index: downgrade-autoconf-requirement.patch
===================================================================
--- downgrade-autoconf-requirement.patch (added)
+++ downgrade-autoconf-requirement.patch (revision 2)
@@ -0,0 +1,15 @@
+diff --git a/configure.ac b/configure.ac
+index a8c6c1040..6ace74a8d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ dnl information.
+ dnl
+ 
+-dnl We need at least autoconf 2.71...
+-AC_PREREQ([2.71])
++dnl We need at least autoconf 2.69...
++AC_PREREQ([2.69])
+ 
+ dnl Package name and version...
+ AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])
Index: cups-2.1.0-cups-systemd-socket.patch
===================================================================
--- cups-2.1.0-cups-systemd-socket.patch (revision 380)
+++ cups-2.1.0-cups-systemd-socket.patch (deleted)
@@ -1,43 +0,0 @@
---- scheduler/main.c.orig	2015-06-08 20:32:35.000000000 +0200
-+++ scheduler/main.c	2015-09-01 11:19:36.000000000 +0200
-@@ -656,7 +656,15 @@ main(int  argc,				/* I - Number of comm
- 
- #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
-   if (OnDemand)
-+  {
-     cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
-+# ifdef HAVE_SYSTEMD
-+    sd_notifyf(0, "READY=1\n"
-+               "STATUS=Scheduler is running...\n"
-+               "MAINPID=%lu",
-+               (unsigned long) getpid());
-+# endif /* HAVE_SYSTEMD */
-+  }
-   else
- #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
-   if (fg)
---- scheduler/org.cups.cupsd.path.in.orig	2014-03-21 15:50:24.000000000 +0100
-+++ scheduler/org.cups.cupsd.path.in	2015-09-01 11:20:37.000000000 +0200
-@@ -3,6 +3,7 @@ Description=CUPS Scheduler
- 
- [Path]
- PathExists=@CUPS_CACHEDIR@/org.cups.cupsd
-+PathExistsGlob=@CUPS_REQUESTS@/d*
- 
- [Install]
- WantedBy=multi-user.target
---- scheduler/org.cups.cupsd.service.in.orig	2014-10-21 13:54:05.000000000 +0200
-+++ scheduler/org.cups.cupsd.service.in	2015-09-01 11:22:09.000000000 +0200
-@@ -1,10 +1,11 @@
- [Unit]
- Description=CUPS Scheduler
- Documentation=man:cupsd(8)
-+After=network.target
- 
- [Service]
- ExecStart=@sbindir@/cupsd -l
--Type=simple
-+Type=notify
- 
- [Install]
- Also=org.cups.cupsd.socket org.cups.cupsd.path
Index: cups-2.3.3op2-source.tar.gz
===================================================================
Binary file cups-2.3.3op2-source.tar.gz (revision 380) deleted
Index: cups-2.3.3op2-source.tar.gz.sig
===================================================================
Binary file cups-2.3.3op2-source.tar.gz.sig (revision 380) deleted
Index: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
===================================================================
--- fix-negotiate-authentication-between-CGIs-and-scheduler.patch (revision 380)
+++ fix-negotiate-authentication-between-CGIs-and-scheduler.patch (deleted)
@@ -1,223 +0,0 @@
-From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Mon, 26 Oct 2020 17:35:22 +0100
-Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used
-
-SetAuthorizationString with NULL argument sets an empty string.
-
-Related: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index db45bbba6..f2409350a 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -295,7 +295,7 @@ cupsDoAuthentication(
-     }
-   }
- 
--  if (http->authstring)
-+  if (http->authstring && http->authstring[0])
-   {
-     DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
- 
--- 
-2.30.2
-
-
-From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:11:41 +0100
-Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is
- to localhost
-
-Related: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index f2409350a..d2956438d 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -90,6 +90,7 @@ static void	cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
- #    define	cups_gss_printf(major, minor, message)
- #  endif /* DEBUG */
- #endif /* HAVE_GSSAPI */
-+static int	cups_is_local_connection(http_t *http);
- static int	cups_local_auth(http_t *http);
- 
- 
-@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32  major_status,/* I - Major status code */
- #  endif /* DEBUG */
- #endif /* HAVE_GSSAPI */
- 
-+static int				/* O - 0 if not a local connection */
-+					/*     1  if local connection */
-+cups_is_local_connection(http_t *http)	/* I - HTTP connection to server */
-+{
-+  if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
-+    return 0;
-+  return 1;
-+}
- 
- /*
-  * 'cups_local_auth()' - Get the local authorization certificate if
-@@ -958,7 +967,7 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
-   * See if we are accessing localhost...
-   */
- 
--  if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
-+  if (!cups_is_local_connection(http))
-   {
-     DEBUG_puts("8cups_local_auth: Not a local connection!");
-     return (1);
--- 
-2.30.2
-
-
-From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:23:30 +0100
-Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote
- servers
-
-If connecting to localhost then proceed to ask the client for the
-authorization using cupsGetPassword2. The get password callback will
-return 401 to the client with WWW-Authenticate: Negotiate.
-
-Fixes: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index d2956438d..9661657fc 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -175,10 +175,10 @@ cupsDoAuthentication(
-     DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
- 
- #ifdef HAVE_GSSAPI
--    if (!_cups_strcasecmp(scheme, "Negotiate"))
-+    if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
-     {
-      /*
--      * Kerberos authentication...
-+      * Kerberos authentication to remote server...
-       */
- 
-       int gss_status;			/* Auth status */
-@@ -202,7 +202,9 @@ cupsDoAuthentication(
-     }
-     else
- #endif /* HAVE_GSSAPI */
--    if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
-+    if (_cups_strcasecmp(scheme, "Basic") &&
-+	_cups_strcasecmp(scheme, "Digest") &&
-+	_cups_strcasecmp(scheme, "Negotiate"))
-     {
-      /*
-       * Other schemes not yet supported...
-@@ -216,7 +218,7 @@ cupsDoAuthentication(
-     * See if we should retry the current username:password...
-     */
- 
--    if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
-+    if (http->digest_tries > 1 || !http->userpass[0])
-     {
-      /*
-       * Nope - get a new password from the user...
--- 
-2.30.2
-
-
-From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:18:03 +0100
-Subject: [PATCH 4/4] Allow Local authentication for Negotiate
-
-PeerCred is also possible if address family is AF_LOCAL. This will allow
-the CGI programs to generate the authorization from the local
-certificates based on PID also when Negotiate is used for local
-connections:
-
-Client                       CGI
-Browser <- Remote conn -> admin.cgi <--- Localhost conn --->  Scheduler
-  |                           |                                    |
-  + --- HTTP/POST /admin/ --> |                                    |
-  |                           + --- CUPS-Get-Devices ------------> |
-  |                           |                                    |
-  |                           | <-- 401 Unauthorized --------------+
-  |                           |     WWW-Authenticate:              |
-  |                           |       Negotiate, (PeerCred,) Local |
-  |                           |                                    |
-  | <-- 401 Unauthorized -----+                                    |
-  |     WWW-Authenticate:     |                                    |
-  |       Negotiate           |                                    |
-  |                           |                                    |
-  | --- HTTP/POST /admin/ --> |                                    |
-  |     Authorization:        + --- IPP CUPS-GetDevices ---------> |
-  |       Negotiate           |     Authorization: Local <cert>    |
-  |                           |                                    |
-
-Fixes: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c        | 5 -----
- scheduler/client.c | 9 ++-------
- 2 files changed, 2 insertions(+), 12 deletions(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index 9661657fc..b6fec6b98 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
-   }
- #  endif /* HAVE_AUTHORIZATION_H */
- 
--#  ifdef HAVE_GSSAPI
--  if (cups_auth_find(www_auth, "Negotiate"))
--    return (1);
--#  endif /* HAVE_GSSAPI */
--
- #  if defined(SO_PEERCRED) && defined(AF_LOCAL)
-  /*
-   * See if we can authenticate using the peer credentials provided over a
-diff --git a/scheduler/client.c b/scheduler/client.c
-index c2ee8f12a..56797d58d 100644
---- a/scheduler/client.c
-+++ b/scheduler/client.c
-@@ -2109,18 +2109,13 @@ cupsdSendHeader(
-     }
-     else if (auth_type == CUPSD_AUTH_NEGOTIATE)
-     {
--#if defined(SO_PEERCRED) && defined(AF_LOCAL)
--      if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
--	strlcpy(auth_str, "PeerCred", sizeof(auth_str));
--      else
--#endif /* SO_PEERCRED && AF_LOCAL */
-       strlcpy(auth_str, "Negotiate", sizeof(auth_str));
-     }
- 
--    if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
-+    if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
-     {
-      /*
--      * Add a "trc" (try root certification) parameter for local non-Kerberos
-+      * Add a "trc" (try root certification) parameter for local
-       * requests when the request requires system group membership - then the
-       * client knows the root certificate can/should be used.
-       *
--- 
-2.30.2
-
Index: upstream_pull_174.patch
===================================================================
--- upstream_pull_174.patch (revision 380)
+++ upstream_pull_174.patch (deleted)
@@ -1,53 +0,0 @@
-From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Tue, 13 Apr 2021 15:44:14 +0200
-Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at
- backchannel
-
-Some older models malfunction if timeout is too short.
----
- CHANGES.md           | 1 +
- backend/usb-libusb.c | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
---- a/backend/usb-libusb.c
-+++ b/backend/usb-libusb.c
-@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference)
-     readstatus = libusb_bulk_transfer(g.printer->handle,
- 				      g.printer->read_endp,
- 				      readbuffer, rbytes,
--				      &rbytes, 250);
-+				      &rbytes, 60000);
-     if (readstatus == LIBUSB_SUCCESS && rbytes > 0)
-     {
-       fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes);
-
-From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Tue, 13 Apr 2021 15:47:37 +0200
-Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits
-
-This commit reverts the change introduced by 2.2.12 [1] - its
-implementation caused a regression with Lexmark filters.
-
-[1]
-35e927f835
----
- CHANGES.md           | 1 +
- backend/usb-libusb.c | 3 ++-
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
-index fbb0d9d89..89b5182f7 100644
---- a/backend/usb-libusb.c
-+++ b/backend/usb-libusb.c
-@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference)
-     * Make sure this loop executes no more than once every 250 miliseconds...
-     */
- 
--    if ((g.wait_eof || !g.read_thread_stop))
-+    if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) &&
-+	 (g.wait_eof || !g.read_thread_stop))
-       usleep(250000);
-   }
-   while (g.wait_eof || !g.read_thread_stop);

OBS-URL: https://build.opensuse.org/request/show/958348
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=381
This commit is contained in:
Johannes Meixner 2022-03-03 12:19:05 +00:00 committed by Git OBS Bridge
parent 350f6e0407
commit 13a457f820
13 changed files with 136 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
cups-2.1.0-cups-systemd-socket.patch
View File

@ -1,43 +0,0 @@
--- scheduler/main.c.orig 2015-06-08 20:32:35.000000000 +0200
+++ scheduler/main.c 2015-09-01 11:19:36.000000000 +0200
@@ -656,7 +656,15 @@ main(int argc, /* I - Number of comm
#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
if (OnDemand)
+ {
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
+# ifdef HAVE_SYSTEMD
+ sd_notifyf(0, "READY=1\n"
+ "STATUS=Scheduler is running...\n"
+ "MAINPID=%lu",
+ (unsigned long) getpid());
+# endif /* HAVE_SYSTEMD */
+ }
else
#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
if (fg)
--- scheduler/org.cups.cupsd.path.in.orig 2014-03-21 15:50:24.000000000 +0100
+++ scheduler/org.cups.cupsd.path.in 2015-09-01 11:20:37.000000000 +0200
@@ -3,6 +3,7 @@ Description=CUPS Scheduler
[Path]
PathExists=@CUPS_CACHEDIR@/org.cups.cupsd
+PathExistsGlob=@CUPS_REQUESTS@/d*
[Install]
WantedBy=multi-user.target
--- scheduler/org.cups.cupsd.service.in.orig 2014-10-21 13:54:05.000000000 +0200
+++ scheduler/org.cups.cupsd.service.in 2015-09-01 11:22:09.000000000 +0200
@@ -1,10 +1,11 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
+After=network.target
[Service]
ExecStart=@sbindir@/cupsd -l
-Type=simple
+Type=notify
[Install]
Also=org.cups.cupsd.socket org.cups.cupsd.path

32
cups-2.1.0-default-webcontent-path.patch
View File

@ -1,17 +1,21 @@
--- config-scripts/cups-directories.m4.orig 2014-03-21 17:42:53.000000000 +0100
+++ config-scripts/cups-directories.m4 2015-09-01 11:08:43.000000000 +0200
@@ -206,11 +206,11 @@ fi
AC_SUBST(MENUDIR)
--- config-scripts/cups-directories.m4
+++ config-scripts/cups-directories.m4.orig
@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [
AC_SUBST([MENUDIR])
# Documentation files
-AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="")
+AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="")
-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [
+AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [
docdir="$withval"
], [
docdir=""
])
if test x$docdir = x; then
- CUPS_DOCROOT="$datadir/doc/cups"
- docdir="$datadir/doc/cups"
+ CUPS_DOCROOT="$datadir/cups/webcontent"
+ docdir="$datadir/cups/webcontent"
else
CUPS_DOCROOT="$docdir"
fi
AS_IF([test x$docdir = x], [
- CUPS_DOCROOT="$datadir/doc/cups"
- docdir="$datadir/doc/cups"
+ CUPS_DOCROOT="$datadir/cups/webcontent"
+ docdir="$datadir/cups/webcontent"
], [
CUPS_DOCROOT="$docdir"
])

3
cups-2.3.3op2-source.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df
size 7993205

BIN
cups-2.3.3op2-source.tar.gz.sig
View File

Binary file not shown.

3
cups-2.4.1-source.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c7339f75f8d4f2dec50c673341a45fc06b6885bb6d4366d6bf59a4e6c10ae178
size 8113914

BIN
cups-2.4.1-source.tar.gz.sig Normal file
View File

Binary file not shown.

2
cups-config-libs.patch
View File

@ -4,7 +4,7 @@
# flags for compiler and linker...
CFLAGS=""
LDFLAGS="@EXPORT_LDFLAGS@"
-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@"
+LIBS=""
# Check for local invocation...

84
cups.changes
View File

@ -1,3 +1,87 @@
-------------------------------------------------------------------
Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com>
- Version upgrade to 2.4.1:
* The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277)
* Configuration script now checks linking for -Wl,-pie flags (Issue #303)
* Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
* Fixed missing bracket in de/index.html (Issue #299)
* Fixed typos in configuration scripts (Issues #304, #316)
* Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
* Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
* Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)
* Added configure option --with-idle-exit-timeout (Issue #294)
* Added --with-systemd-timeoutstartsec configure option (Issue #298)
* DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
* Fixed compilation on Solaris (Issue #293)
* Fixed and improved German translations (Issue #296, Issue #297)
* Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
* Compilation now uses -fstack-protector-strong if available (Issue #285)
* Added support for CUPS running in a Snapcraft snap.
* Added basic OAuth 2.0 client support (Issue #100)
* Added support for AirPrint and Mopria clients (Issue #105)
* Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
* Added several features and improvements to ipptool (Issue #153)
* Added a JSON output mode for ipptool.
* The ipptool command now correctly reports an error when a test file cannot be found.
* CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
* Fixed Kerberos authentication for the web interface (Issue #19)
* The ZPL sample driver now supports more "standard" label sizes (Issue #70)
* Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
* Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
* The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
* The testlang unit test program now loops over all of the available locales by default (Issue #85)
* The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
* The PPD functions now treat boolean values as case-insensitive (Issue #106)
* Temporary queue names no longer end with an underscore (Issue #110)
* The USB backend now runs as root (Issue #121)
* Added pkg-config file for libcups (Issue #122)
* Fixed a PPD memory leak caused by emulator definitions (Issue #124)
* Fixed a DISPLAY bug in ipptool (Issue #139)
* The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
* Added support for locales using the GB18030 character set (Issue #159)
* httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
* httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
* The IPP backend now retries Validate-Job requests (Issue #132)
* Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
* Added dark mode support to the CUPS web interface (Issue #152)
* Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
* Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
* Now use a 60 second timeout for reading USB backchannel data (Issue #160)
* The USB backend now tries harder to find a serial number (Issue #170)
* Fixed @IF(name) handling in cupsd.conf (Apple #5918)
* Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940)
* Fixed the lpc command prompt (Apple #5946)
* Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
* Fixed a job history update issue in the scheduler (Issue #187)
* Fixed job-pages-per-set value for duplex print jobs.
* Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
* Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
* The scheduler now supports the "everywhere" model directly (Issue #201)
* Fixed some IPP Everywhere option mapping problems (Issue #238)
* Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
* Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
* Fixed support for the 'offline-report' state for all USB backends (Issue #264)
* Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
* Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
* USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
* Web interface updates (Issue #142, Issue #218)
* The ippeveprinter tool now automatically uses an available port.
* Fixed several Windows TLS and hashing issues.
* Deprecated cups-config (Issue #97)
* Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
* Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
* Stubbed out deprecated httpMD5 functions.
* Add test for undefined page ranges during printing.
- Dropped patch upstream_pull_174 because it it is included in this release
- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c)
- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
- Re-enabled testsuite
* Also removed make check because since upstream change the two target are identical (https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239)
- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
-------------------------------------------------------------------
Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de

BIN
cups.keyring
View File

Binary file not shown.

43
cups.spec
View File

@ -18,9 +18,7 @@
# Cf. https://rpm.org/user_doc/conditional_builds.html
# by default enable testsuite (i.e. in the 'check' section run make check and make test)
#bcond_without testsuite
# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
%bcond_with testsuite
%bcond_without testsuite
# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
@ -29,34 +27,32 @@ Name: cups
# "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
# "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
# version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
Version: 2.3.3op2
Version: 2.4.1
Release: 0
Summary: The Common UNIX Printing System
License: Apache-2.0
Group: Hardware/Printing
URL: https://openprinting.github.io/cups
# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
# To get Source2 go to https://www.msweet.org/pgp.html
# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
Source2: cups.keyring
# To manually verify Source0 with Source1 and Source2 do e.g.
# gpg --import cups.keyring
# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
# gpg --list-keys | grep -1 'Zdenek Dohnal'
# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz
Source102: Postscript.ppd.gz
Source105: Postscript-level1.ppd.gz
Source106: Postscript-level2.ppd.gz
Source108: cups-client.conf
Source109: baselibs.conf
# Patch0...Patch9 is for patches from upstream:
# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
# Use 60s timeout for read_thread, revert read limits
Patch1: upstream_pull_174.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
@ -66,8 +62,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
Patch11: cups-2.1.0-default-webcontent-path.patch
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
Patch12: cups-2.1.0-cups-systemd-socket.patch
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
Patch100: cups-pam.diff
@ -83,9 +77,9 @@ Patch101: cups-2.0.3-additional_policies.patch
Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
Patch104: cups-config-libs.patch
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
Patch107: harden_cups.service.patch
# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing
Patch108: downgrade-autoconf-requirement.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes
@ -280,9 +274,6 @@ printer drivers for CUPS.
%prep
%setup -q
# Patch0...Patch9 is for patches from upstream:
# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
# Use 60s timeout for read_thread, revert read limits
%patch1 -p1
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
%patch10 -b choose-uri-template.orig
@ -291,8 +282,6 @@ printer drivers for CUPS.
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
%patch11 -b default-webcontent-path.orig
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
#patch12 -b cups-systemd-socket.orig
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
%patch100 -b cups-pam.orig
@ -308,9 +297,8 @@ printer drivers for CUPS.
%patch103 -b do_not_strip_recommended_from_PPDs.orig
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
%patch104 -b cups-config-libs.orig
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
%patch106 -p1
%patch107 -p1
%patch108 -p1
%build
# Remove ".SILENT" rule for verbose build output
@ -439,8 +427,6 @@ EOF
# There appears to be some kind of race condition when running make check and make test
# cf. https://github.com/OpenPrinting/cups/issues/155
# We print all logs for debugging purposes if either testsuite fails
echo "DEBUG: running make check"
bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
echo "DEBUG: running make test"
bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
%else
@ -681,6 +667,7 @@ exit 0
%files devel
%defattr(-,root,root)
/usr/lib/pkgconfig/cups.pc
%{_includedir}/cups/
%{_libdir}/libcups.so
%{_libdir}/libcupsimage.so

15
downgrade-autoconf-requirement.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/configure.ac b/configure.ac
index a8c6c1040..6ace74a8d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more
dnl information.
dnl
-dnl We need at least autoconf 2.71...
-AC_PREREQ([2.71])
+dnl We need at least autoconf 2.69...
+AC_PREREQ([2.69])
dnl Package name and version...
AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])

223
fix-negotiate-authentication-between-CGIs-and-scheduler.patch
View File

@ -1,223 +0,0 @@
From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Mon, 26 Oct 2020 17:35:22 +0100
Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used
SetAuthorizationString with NULL argument sets an empty string.
Related: #5596
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
cups/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/auth.c b/cups/auth.c
index db45bbba6..f2409350a 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -295,7 +295,7 @@ cupsDoAuthentication(
}
}
- if (http->authstring)
+ if (http->authstring && http->authstring[0])
{
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
--
2.30.2
From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 27 Oct 2020 16:11:41 +0100
Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is
to localhost
Related: #5596
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
cups/auth.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/cups/auth.c b/cups/auth.c
index f2409350a..d2956438d 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
# define cups_gss_printf(major, minor, message)
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int cups_is_local_connection(http_t *http);
static int cups_local_auth(http_t *http);
@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int /* O - 0 if not a local connection */
+ /* 1 if local connection */
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+{
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ return 0;
+ return 1;
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -958,7 +967,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
* See if we are accessing localhost...
*/
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ if (!cups_is_local_connection(http))
{
DEBUG_puts("8cups_local_auth: Not a local connection!");
return (1);
--
2.30.2
From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 27 Oct 2020 16:23:30 +0100
Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote
servers
If connecting to localhost then proceed to ask the client for the
authorization using cupsGetPassword2. The get password callback will
return 401 to the client with WWW-Authenticate: Negotiate.
Fixes: #5596
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
cups/auth.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/cups/auth.c b/cups/auth.c
index d2956438d..9661657fc 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -175,10 +175,10 @@ cupsDoAuthentication(
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
#ifdef HAVE_GSSAPI
- if (!_cups_strcasecmp(scheme, "Negotiate"))
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
{
/*
- * Kerberos authentication...
+ * Kerberos authentication to remote server...
*/
int gss_status; /* Auth status */
@@ -202,7 +202,9 @@ cupsDoAuthentication(
}
else
#endif /* HAVE_GSSAPI */
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
+ if (_cups_strcasecmp(scheme, "Basic") &&
+ _cups_strcasecmp(scheme, "Digest") &&
+ _cups_strcasecmp(scheme, "Negotiate"))
{
/*
* Other schemes not yet supported...
@@ -216,7 +218,7 @@ cupsDoAuthentication(
* See if we should retry the current username:password...
*/
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
+ if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
--
2.30.2
From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 27 Oct 2020 16:18:03 +0100
Subject: [PATCH 4/4] Allow Local authentication for Negotiate
PeerCred is also possible if address family is AF_LOCAL. This will allow
the CGI programs to generate the authorization from the local
certificates based on PID also when Negotiate is used for local
connections:
Client CGI
Browser <- Remote conn -> admin.cgi <--- Localhost conn ---> Scheduler
| | |
+ --- HTTP/POST /admin/ --> | |
| + --- CUPS-Get-Devices ------------> |
| | |
| | <-- 401 Unauthorized --------------+
| | WWW-Authenticate: |
| | Negotiate, (PeerCred,) Local |
| | |
| <-- 401 Unauthorized -----+ |
| WWW-Authenticate: | |
| Negotiate | |
| | |
| --- HTTP/POST /admin/ --> | |
| Authorization: + --- IPP CUPS-GetDevices ---------> |
| Negotiate | Authorization: Local <cert> |
| | |
Fixes: #5596
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
cups/auth.c | 5 -----
scheduler/client.c | 9 ++-------
2 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/cups/auth.c b/cups/auth.c
index 9661657fc..b6fec6b98 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
}
# endif /* HAVE_AUTHORIZATION_H */
-# ifdef HAVE_GSSAPI
- if (cups_auth_find(www_auth, "Negotiate"))
- return (1);
-# endif /* HAVE_GSSAPI */
-
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
/*
* See if we can authenticate using the peer credentials provided over a
diff --git a/scheduler/client.c b/scheduler/client.c
index c2ee8f12a..56797d58d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2109,18 +2109,13 @@ cupsdSendHeader(
}
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
{
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
- else
-#endif /* SO_PEERCRED && AF_LOCAL */
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
}
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
{
/*
- * Add a "trc" (try root certification) parameter for local non-Kerberos
+ * Add a "trc" (try root certification) parameter for local
* requests when the request requires system group membership - then the
* client knows the root certificate can/should be used.
*
--
2.30.2

53
upstream_pull_174.patch
View File

@ -1,53 +0,0 @@
From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Tue, 13 Apr 2021 15:44:14 +0200
Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at
backchannel
Some older models malfunction if timeout is too short.
---
CHANGES.md | 1 +
backend/usb-libusb.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--- a/backend/usb-libusb.c
+++ b/backend/usb-libusb.c
@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference)
readstatus = libusb_bulk_transfer(g.printer->handle,
g.printer->read_endp,
readbuffer, rbytes,
- &rbytes, 250);
+ &rbytes, 60000);
if (readstatus == LIBUSB_SUCCESS && rbytes > 0)
{
fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes);
From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Tue, 13 Apr 2021 15:47:37 +0200
Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits
This commit reverts the change introduced by 2.2.12 [1] - its
implementation caused a regression with Lexmark filters.
[1]
https://github.com/apple/cups/commit/35e927f83529cd9b4bc37bcd418c50e307fced35
---
CHANGES.md | 1 +
backend/usb-libusb.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
index fbb0d9d89..89b5182f7 100644
--- a/backend/usb-libusb.c
+++ b/backend/usb-libusb.c
@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference)
* Make sure this loop executes no more than once every 250 miliseconds...
*/
- if ((g.wait_eof || !g.read_thread_stop))
+ if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) &&
+ (g.wait_eof || !g.read_thread_stop))
usleep(250000);
}
while (g.wait_eof || !g.read_thread_stop);