diff --git a/cups-2.1.0-cups-systemd-socket.patch b/cups-2.1.0-cups-systemd-socket.patch deleted file mode 100644 index 6131192..0000000 --- a/cups-2.1.0-cups-systemd-socket.patch +++ /dev/null @@ -1,43 +0,0 @@ ---- scheduler/main.c.orig 2015-06-08 20:32:35.000000000 +0200 -+++ scheduler/main.c 2015-09-01 11:19:36.000000000 +0200 -@@ -656,7 +656,15 @@ main(int argc, /* I - Number of comm - - #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) - if (OnDemand) -+ { - cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); -+# ifdef HAVE_SYSTEMD -+ sd_notifyf(0, "READY=1\n" -+ "STATUS=Scheduler is running...\n" -+ "MAINPID=%lu", -+ (unsigned long) getpid()); -+# endif /* HAVE_SYSTEMD */ -+ } - else - #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ - if (fg) ---- scheduler/org.cups.cupsd.path.in.orig 2014-03-21 15:50:24.000000000 +0100 -+++ scheduler/org.cups.cupsd.path.in 2015-09-01 11:20:37.000000000 +0200 -@@ -3,6 +3,7 @@ Description=CUPS Scheduler - - [Path] - PathExists=@CUPS_CACHEDIR@/org.cups.cupsd -+PathExistsGlob=@CUPS_REQUESTS@/d* - - [Install] - WantedBy=multi-user.target ---- scheduler/org.cups.cupsd.service.in.orig 2014-10-21 13:54:05.000000000 +0200 -+++ scheduler/org.cups.cupsd.service.in 2015-09-01 11:22:09.000000000 +0200 -@@ -1,10 +1,11 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) -+After=network.target - - [Service] - ExecStart=@sbindir@/cupsd -l --Type=simple -+Type=notify - - [Install] - Also=org.cups.cupsd.socket org.cups.cupsd.path diff --git a/cups-2.1.0-default-webcontent-path.patch b/cups-2.1.0-default-webcontent-path.patch index 7e51adc..ec24f7f 100644 --- a/cups-2.1.0-default-webcontent-path.patch +++ b/cups-2.1.0-default-webcontent-path.patch @@ -1,17 +1,21 @@ ---- config-scripts/cups-directories.m4.orig 2014-03-21 17:42:53.000000000 +0100 -+++ config-scripts/cups-directories.m4 2015-09-01 11:08:43.000000000 +0200 -@@ -206,11 +206,11 @@ fi - AC_SUBST(MENUDIR) +--- config-scripts/cups-directories.m4 ++++ config-scripts/cups-directories.m4.orig +@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [ + AC_SUBST([MENUDIR]) # Documentation files --AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="") -+AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="") +-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [ ++AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [ + docdir="$withval" + ], [ + docdir="" + ]) - if test x$docdir = x; then -- CUPS_DOCROOT="$datadir/doc/cups" -- docdir="$datadir/doc/cups" -+ CUPS_DOCROOT="$datadir/cups/webcontent" -+ docdir="$datadir/cups/webcontent" - else - CUPS_DOCROOT="$docdir" - fi + AS_IF([test x$docdir = x], [ +- CUPS_DOCROOT="$datadir/doc/cups" +- docdir="$datadir/doc/cups" ++ CUPS_DOCROOT="$datadir/cups/webcontent" ++ docdir="$datadir/cups/webcontent" + ], [ + CUPS_DOCROOT="$docdir" + ]) diff --git a/cups-2.3.3op2-source.tar.gz b/cups-2.3.3op2-source.tar.gz deleted file mode 100644 index 8fbce0d..0000000 --- a/cups-2.3.3op2-source.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df -size 7993205 diff --git a/cups-2.3.3op2-source.tar.gz.sig b/cups-2.3.3op2-source.tar.gz.sig deleted file mode 100644 index f52be61..0000000 Binary files a/cups-2.3.3op2-source.tar.gz.sig and /dev/null differ diff --git a/cups-2.4.1-source.tar.gz b/cups-2.4.1-source.tar.gz new file mode 100644 index 0000000..30c5a01 --- /dev/null +++ b/cups-2.4.1-source.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c7339f75f8d4f2dec50c673341a45fc06b6885bb6d4366d6bf59a4e6c10ae178 +size 8113914 diff --git a/cups-2.4.1-source.tar.gz.sig b/cups-2.4.1-source.tar.gz.sig new file mode 100644 index 0000000..a27b148 Binary files /dev/null and b/cups-2.4.1-source.tar.gz.sig differ diff --git a/cups-config-libs.patch b/cups-config-libs.patch index c307d05..d953b8e 100644 --- a/cups-config-libs.patch +++ b/cups-config-libs.patch @@ -4,7 +4,7 @@ # flags for compiler and linker... CFLAGS="" LDFLAGS="@EXPORT_LDFLAGS@" --LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@" +-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@" +LIBS="" # Check for local invocation... diff --git a/cups.changes b/cups.changes index 8cb3438..dd5a2f0 100644 --- a/cups.changes +++ b/cups.changes @@ -1,3 +1,87 @@ +------------------------------------------------------------------- +Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga + +- Version upgrade to 2.4.1: + * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277) + * Configuration script now checks linking for -Wl,-pie flags (Issue #303) + * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322) + * Fixed missing bracket in de/index.html (Issue #299) + * Fixed typos in configuration scripts (Issues #304, #316) + * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323) + * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300) + * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325) + * Added configure option --with-idle-exit-timeout (Issue #294) + * Added --with-systemd-timeoutstartsec configure option (Issue #298) + * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287) + * Fixed compilation on Solaris (Issue #293) + * Fixed and improved German translations (Issue #296, Issue #297) + * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286) + * Compilation now uses -fstack-protector-strong if available (Issue #285) + * Added support for CUPS running in a Snapcraft snap. + * Added basic OAuth 2.0 client support (Issue #100) + * Added support for AirPrint and Mopria clients (Issue #105) + * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144) + * Added several features and improvements to ipptool (Issue #153) + * Added a JSON output mode for ipptool. + * The ipptool command now correctly reports an error when a test file cannot be found. + * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274) + * Fixed Kerberos authentication for the web interface (Issue #19) + * The ZPL sample driver now supports more "standard" label sizes (Issue #70) + * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71) + * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72) + * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74) + * The testlang unit test program now loops over all of the available locales by default (Issue #85) + * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88) + * The PPD functions now treat boolean values as case-insensitive (Issue #106) + * Temporary queue names no longer end with an underscore (Issue #110) + * The USB backend now runs as root (Issue #121) + * Added pkg-config file for libcups (Issue #122) + * Fixed a PPD memory leak caused by emulator definitions (Issue #124) + * Fixed a DISPLAY bug in ipptool (Issue #139) + * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154) + * Added support for locales using the GB18030 character set (Issue #159) + * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907) + * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915) + * The IPP backend now retries Validate-Job requests (Issue #132) + * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148) + * Added dark mode support to the CUPS web interface (Issue #152) + * Added a workaround for Solaris in httpAddrConnect2 (Issue #156) + * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158) + * Now use a 60 second timeout for reading USB backchannel data (Issue #160) + * The USB backend now tries harder to find a serial number (Issue #170) + * Fixed @IF(name) handling in cupsd.conf (Apple #5918) + * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940) + * Fixed the lpc command prompt (Apple #5946) + * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185) + * Fixed a job history update issue in the scheduler (Issue #187) + * Fixed job-pages-per-set value for duplex print jobs. + * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195) + * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196) + * The scheduler now supports the "everywhere" model directly (Issue #201) + * Fixed some IPP Everywhere option mapping problems (Issue #238) + * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250) + * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262) + * Fixed support for the 'offline-report' state for all USB backends (Issue #264) + * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184) + * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164) + * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867) + * Web interface updates (Issue #142, Issue #218) + * The ippeveprinter tool now automatically uses an available port. + * Fixed several Windows TLS and hashing issues. + * Deprecated cups-config (Issue #97) + * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98) + * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf. + * Stubbed out deprecated httpMD5 functions. + * Add test for undefined page ranges during printing. +- Dropped patch upstream_pull_174 because it it is included in this release +- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c) +- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579) +- Re-enabled testsuite + * Also removed make check because since upstream change the two target are identical (https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239) +- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style +- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS) +- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes + ------------------------------------------------------------------- Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de diff --git a/cups.keyring b/cups.keyring index ba121ef..ef57cd6 100644 Binary files a/cups.keyring and b/cups.keyring differ diff --git a/cups.spec b/cups.spec index a291556..71e4a08 100644 --- a/cups.spec +++ b/cups.spec @@ -18,9 +18,7 @@ # Cf. https://rpm.org/user_doc/conditional_builds.html # by default enable testsuite (i.e. in the 'check' section run make check and make test) -#bcond_without testsuite -# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed -%bcond_with testsuite +%bcond_without testsuite # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } @@ -29,34 +27,32 @@ Name: cups # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.3.3op2 +Version: 2.4.1 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: https://openprinting.github.io/cups # To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz -Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig -Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig -# To get Source2 go to https://www.msweet.org/pgp.html -# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955 +# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig +# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 +# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579 +# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring -# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired' -# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz +# gpg --list-keys | grep -1 'Zdenek Dohnal' +# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz Source108: cups-client.conf Source109: baselibs.conf # Patch0...Patch9 is for patches from upstream: -# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 -# Use 60s timeout for read_thread, revert read limits -Patch1: upstream_pull_174.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: @@ -66,8 +62,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch # because the files of the CUPS web content are no documentation, see CUPS STR #3578 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: Patch11: cups-2.1.0-default-webcontent-path.patch -# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: -Patch12: cups-2.1.0-cups-systemd-socket.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff @@ -83,9 +77,9 @@ Patch101: cups-2.0.3-additional_policies.patch Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch -# Patch106 Fixes web UI Kerberos authentication (bsc#1175960) -Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch Patch107: harden_cups.service.patch +# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing +Patch108: downgrade-autoconf-requirement.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -280,9 +274,6 @@ printer drivers for CUPS. %prep %setup -q # Patch0...Patch9 is for patches from upstream: -# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 -# Use 60s timeout for read_thread, revert read limits -%patch1 -p1 # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: %patch10 -b choose-uri-template.orig @@ -291,8 +282,6 @@ printer drivers for CUPS. # because the files of the CUPS web content are no documentation, see CUPS STR #3578 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: %patch11 -b default-webcontent-path.orig -# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: -#patch12 -b cups-systemd-socket.orig # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig @@ -308,9 +297,8 @@ printer drivers for CUPS. %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -# Patch106 Fixes web UI Kerberos authentication (bsc#1175960) -%patch106 -p1 %patch107 -p1 +%patch108 -p1 %build # Remove ".SILENT" rule for verbose build output @@ -439,8 +427,6 @@ EOF # There appears to be some kind of race condition when running make check and make test # cf. https://github.com/OpenPrinting/cups/issues/155 # We print all logs for debugging purposes if either testsuite fails -echo "DEBUG: running make check" -bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' echo "DEBUG: running make test" bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' %else @@ -681,6 +667,7 @@ exit 0 %files devel %defattr(-,root,root) +/usr/lib/pkgconfig/cups.pc %{_includedir}/cups/ %{_libdir}/libcups.so %{_libdir}/libcupsimage.so diff --git a/downgrade-autoconf-requirement.patch b/downgrade-autoconf-requirement.patch new file mode 100644 index 0000000..f7cb617 --- /dev/null +++ b/downgrade-autoconf-requirement.patch @@ -0,0 +1,15 @@ +diff --git a/configure.ac b/configure.ac +index a8c6c1040..6ace74a8d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more + dnl information. + dnl + +-dnl We need at least autoconf 2.71... +-AC_PREREQ([2.71]) ++dnl We need at least autoconf 2.69... ++AC_PREREQ([2.69]) + + dnl Package name and version... + AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) diff --git a/fix-negotiate-authentication-between-CGIs-and-scheduler.patch b/fix-negotiate-authentication-between-CGIs-and-scheduler.patch deleted file mode 100644 index ad16bd5..0000000 --- a/fix-negotiate-authentication-between-CGIs-and-scheduler.patch +++ /dev/null @@ -1,223 +0,0 @@ -From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero -Date: Mon, 26 Oct 2020 17:35:22 +0100 -Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used - -SetAuthorizationString with NULL argument sets an empty string. - -Related: #5596 - -Signed-off-by: Samuel Cabrero ---- - cups/auth.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cups/auth.c b/cups/auth.c -index db45bbba6..f2409350a 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -295,7 +295,7 @@ cupsDoAuthentication( - } - } - -- if (http->authstring) -+ if (http->authstring && http->authstring[0]) - { - DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring)); - --- -2.30.2 - - -From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero -Date: Tue, 27 Oct 2020 16:11:41 +0100 -Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is - to localhost - -Related: #5596 - -Signed-off-by: Samuel Cabrero ---- - cups/auth.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/cups/auth.c b/cups/auth.c -index f2409350a..d2956438d 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status, - # define cups_gss_printf(major, minor, message) - # endif /* DEBUG */ - #endif /* HAVE_GSSAPI */ -+static int cups_is_local_connection(http_t *http); - static int cups_local_auth(http_t *http); - - -@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */ - # endif /* DEBUG */ - #endif /* HAVE_GSSAPI */ - -+static int /* O - 0 if not a local connection */ -+ /* 1 if local connection */ -+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */ -+{ -+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0) -+ return 0; -+ return 1; -+} - - /* - * 'cups_local_auth()' - Get the local authorization certificate if -@@ -958,7 +967,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ - * See if we are accessing localhost... - */ - -- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0) -+ if (!cups_is_local_connection(http)) - { - DEBUG_puts("8cups_local_auth: Not a local connection!"); - return (1); --- -2.30.2 - - -From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero -Date: Tue, 27 Oct 2020 16:23:30 +0100 -Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote - servers - -If connecting to localhost then proceed to ask the client for the -authorization using cupsGetPassword2. The get password callback will -return 401 to the client with WWW-Authenticate: Negotiate. - -Fixes: #5596 - -Signed-off-by: Samuel Cabrero ---- - cups/auth.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/cups/auth.c b/cups/auth.c -index d2956438d..9661657fc 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -175,10 +175,10 @@ cupsDoAuthentication( - DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme)); - - #ifdef HAVE_GSSAPI -- if (!_cups_strcasecmp(scheme, "Negotiate")) -+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http)) - { - /* -- * Kerberos authentication... -+ * Kerberos authentication to remote server... - */ - - int gss_status; /* Auth status */ -@@ -202,7 +202,9 @@ cupsDoAuthentication( - } - else - #endif /* HAVE_GSSAPI */ -- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest")) -+ if (_cups_strcasecmp(scheme, "Basic") && -+ _cups_strcasecmp(scheme, "Digest") && -+ _cups_strcasecmp(scheme, "Negotiate")) - { - /* - * Other schemes not yet supported... -@@ -216,7 +218,7 @@ cupsDoAuthentication( - * See if we should retry the current username:password... - */ - -- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest")))) -+ if (http->digest_tries > 1 || !http->userpass[0]) - { - /* - * Nope - get a new password from the user... --- -2.30.2 - - -From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero -Date: Tue, 27 Oct 2020 16:18:03 +0100 -Subject: [PATCH 4/4] Allow Local authentication for Negotiate - -PeerCred is also possible if address family is AF_LOCAL. This will allow -the CGI programs to generate the authorization from the local -certificates based on PID also when Negotiate is used for local -connections: - -Client CGI -Browser <- Remote conn -> admin.cgi <--- Localhost conn ---> Scheduler - | | | - + --- HTTP/POST /admin/ --> | | - | + --- CUPS-Get-Devices ------------> | - | | | - | | <-- 401 Unauthorized --------------+ - | | WWW-Authenticate: | - | | Negotiate, (PeerCred,) Local | - | | | - | <-- 401 Unauthorized -----+ | - | WWW-Authenticate: | | - | Negotiate | | - | | | - | --- HTTP/POST /admin/ --> | | - | Authorization: + --- IPP CUPS-GetDevices ---------> | - | Negotiate | Authorization: Local | - | | | - -Fixes: #5596 - -Signed-off-by: Samuel Cabrero ---- - cups/auth.c | 5 ----- - scheduler/client.c | 9 ++------- - 2 files changed, 2 insertions(+), 12 deletions(-) - -diff --git a/cups/auth.c b/cups/auth.c -index 9661657fc..b6fec6b98 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ - } - # endif /* HAVE_AUTHORIZATION_H */ - --# ifdef HAVE_GSSAPI -- if (cups_auth_find(www_auth, "Negotiate")) -- return (1); --# endif /* HAVE_GSSAPI */ -- - # if defined(SO_PEERCRED) && defined(AF_LOCAL) - /* - * See if we can authenticate using the peer credentials provided over a -diff --git a/scheduler/client.c b/scheduler/client.c -index c2ee8f12a..56797d58d 100644 ---- a/scheduler/client.c -+++ b/scheduler/client.c -@@ -2109,18 +2109,13 @@ cupsdSendHeader( - } - else if (auth_type == CUPSD_AUTH_NEGOTIATE) - { --#if defined(SO_PEERCRED) && defined(AF_LOCAL) -- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) -- strlcpy(auth_str, "PeerCred", sizeof(auth_str)); -- else --#endif /* SO_PEERCRED && AF_LOCAL */ - strlcpy(auth_str, "Negotiate", sizeof(auth_str)); - } - -- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) -+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) - { - /* -- * Add a "trc" (try root certification) parameter for local non-Kerberos -+ * Add a "trc" (try root certification) parameter for local - * requests when the request requires system group membership - then the - * client knows the root certificate can/should be used. - * --- -2.30.2 - diff --git a/upstream_pull_174.patch b/upstream_pull_174.patch deleted file mode 100644 index ee4180f..0000000 --- a/upstream_pull_174.patch +++ /dev/null @@ -1,53 +0,0 @@ -From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Tue, 13 Apr 2021 15:44:14 +0200 -Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at - backchannel - -Some older models malfunction if timeout is too short. ---- - CHANGES.md | 1 + - backend/usb-libusb.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - ---- a/backend/usb-libusb.c -+++ b/backend/usb-libusb.c -@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference) - readstatus = libusb_bulk_transfer(g.printer->handle, - g.printer->read_endp, - readbuffer, rbytes, -- &rbytes, 250); -+ &rbytes, 60000); - if (readstatus == LIBUSB_SUCCESS && rbytes > 0) - { - fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes); - -From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal -Date: Tue, 13 Apr 2021 15:47:37 +0200 -Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits - -This commit reverts the change introduced by 2.2.12 [1] - its -implementation caused a regression with Lexmark filters. - -[1] -https://github.com/apple/cups/commit/35e927f83529cd9b4bc37bcd418c50e307fced35 ---- - CHANGES.md | 1 + - backend/usb-libusb.c | 3 ++- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c -index fbb0d9d89..89b5182f7 100644 ---- a/backend/usb-libusb.c -+++ b/backend/usb-libusb.c -@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference) - * Make sure this loop executes no more than once every 250 miliseconds... - */ - -- if ((g.wait_eof || !g.read_thread_stop)) -+ if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) && -+ (g.wait_eof || !g.read_thread_stop)) - usleep(250000); - } - while (g.wait_eof || !g.read_thread_stop);