Accepting request 958348 from home:ajoga:branches:openSUSE:Factory
- Version upgrade to 2.4.1 - Dropped patch upstream_pull_174 because it it is included in this release - Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd
) - Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579) - Re-enabled testsuite * Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239)
) - Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style - Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS) - Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes old: Printing/cups new: home:ajoga:branches:openSUSE:Factory/cups rev None Index: cups-2.1.0-default-webcontent-path.patch =================================================================== --- cups-2.1.0-default-webcontent-path.patch (revision 380) +++ cups-2.1.0-default-webcontent-path.patch (revision 2) @@ -1,17 +1,21 @@ ---- config-scripts/cups-directories.m4.orig 2014-03-21 17:42:53.000000000 +0100 -+++ config-scripts/cups-directories.m4 2015-09-01 11:08:43.000000000 +0200 -@@ -206,11 +206,11 @@ fi - AC_SUBST(MENUDIR) +--- config-scripts/cups-directories.m4 ++++ config-scripts/cups-directories.m4.orig +@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [ + AC_SUBST([MENUDIR]) # Documentation files --AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="") -+AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="") +-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [ ++AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [ + docdir="$withval" + ], [ + docdir="" + ]) - if test x$docdir = x; then -- CUPS_DOCROOT="$datadir/doc/cups" -- docdir="$datadir/doc/cups" -+ CUPS_DOCROOT="$datadir/cups/webcontent" -+ docdir="$datadir/cups/webcontent" - else - CUPS_DOCROOT="$docdir" - fi + AS_IF([test x$docdir = x], [ +- CUPS_DOCROOT="$datadir/doc/cups" +- docdir="$datadir/doc/cups" ++ CUPS_DOCROOT="$datadir/cups/webcontent" ++ docdir="$datadir/cups/webcontent" + ], [ + CUPS_DOCROOT="$docdir" + ]) Index: cups-config-libs.patch =================================================================== --- cups-config-libs.patch (revision 380) +++ cups-config-libs.patch (revision 2) @@ -4,7 +4,7 @@ # flags for compiler and linker... CFLAGS="" LDFLAGS="@EXPORT_LDFLAGS@" --LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@" +-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@" +LIBS="" # Check for local invocation... Index: cups.changes =================================================================== --- cups.changes (revision 380) +++ cups.changes (revision 2) @@ -1,4 +1,88 @@ ------------------------------------------------------------------- +Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com> + +- Version upgrade to 2.4.1: + * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277) + * Configuration script now checks linking for -Wl,-pie flags (Issue #303) + * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322) + * Fixed missing bracket in de/index.html (Issue #299) + * Fixed typos in configuration scripts (Issues #304, #316) + * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323) + * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300) + * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325) + * Added configure option --with-idle-exit-timeout (Issue #294) + * Added --with-systemd-timeoutstartsec configure option (Issue #298) + * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287) + * Fixed compilation on Solaris (Issue #293) + * Fixed and improved German translations (Issue #296, Issue #297) + * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286) + * Compilation now uses -fstack-protector-strong if available (Issue #285) + * Added support for CUPS running in a Snapcraft snap. + * Added basic OAuth 2.0 client support (Issue #100) + * Added support for AirPrint and Mopria clients (Issue #105) + * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144) + * Added several features and improvements to ipptool (Issue #153) + * Added a JSON output mode for ipptool. + * The ipptool command now correctly reports an error when a test file cannot be found. + * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274) + * Fixed Kerberos authentication for the web interface (Issue #19) + * The ZPL sample driver now supports more "standard" label sizes (Issue #70) + * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71) + * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72) + * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74) + * The testlang unit test program now loops over all of the available locales by default (Issue #85) + * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88) + * The PPD functions now treat boolean values as case-insensitive (Issue #106) + * Temporary queue names no longer end with an underscore (Issue #110) + * The USB backend now runs as root (Issue #121) + * Added pkg-config file for libcups (Issue #122) + * Fixed a PPD memory leak caused by emulator definitions (Issue #124) + * Fixed a DISPLAY bug in ipptool (Issue #139) + * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154) + * Added support for locales using the GB18030 character set (Issue #159) + * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907) + * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915) + * The IPP backend now retries Validate-Job requests (Issue #132) + * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148) + * Added dark mode support to the CUPS web interface (Issue #152) + * Added a workaround for Solaris in httpAddrConnect2 (Issue #156) + * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158) + * Now use a 60 second timeout for reading USB backchannel data (Issue #160) + * The USB backend now tries harder to find a serial number (Issue #170) + * Fixed @IF(name) handling in cupsd.conf (Apple #5918) + * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940) + * Fixed the lpc command prompt (Apple #5946) + * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185) + * Fixed a job history update issue in the scheduler (Issue #187) + * Fixed job-pages-per-set value for duplex print jobs. + * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195) + * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196) + * The scheduler now supports the "everywhere" model directly (Issue #201) + * Fixed some IPP Everywhere option mapping problems (Issue #238) + * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250) + * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262) + * Fixed support for the 'offline-report' state for all USB backends (Issue #264) + * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184) + * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164) + * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867) + * Web interface updates (Issue #142, Issue #218) + * The ippeveprinter tool now automatically uses an available port. + * Fixed several Windows TLS and hashing issues. + * Deprecated cups-config (Issue #97) + * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98) + * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf. + * Stubbed out deprecated httpMD5 functions. + * Add test for undefined page ranges during printing. +- Dropped patch upstream_pull_174 because it it is included in this release +- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd
) +- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579) +- Re-enabled testsuite + * Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239)
) +- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style +- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS) +- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes + +------------------------------------------------------------------- Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de - Enhanced harden_cups.service.patch by adding Index: cups.keyring =================================================================== Binary files cups.keyring (revision 380) and cups.keyring (revision 2) differ Index: cups.spec =================================================================== --- cups.spec (revision 380) +++ cups.spec (revision 2) @@ -18,9 +18,7 @@ # Cf. https://rpm.org/user_doc/conditional_builds.html # by default enable testsuite (i.e. in the 'check' section run make check and make test) -#bcond_without testsuite -# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed -%bcond_with testsuite +%bcond_without testsuite # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } @@ -29,34 +27,32 @@ # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.3.3op2 +Version: 2.4.1 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: https://openprinting.github.io/cups # To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz -Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig -Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig -# To get Source2 go to https://www.msweet.org/pgp.html -# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955 +# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig +# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 +# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579 +# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring -# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired' -# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz +# gpg --list-keys | grep -1 'Zdenek Dohnal' +# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz Source108: cups-client.conf Source109: baselibs.conf # Patch0...Patch9 is for patches from upstream: -# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 -# Use 60s timeout for read_thread, revert read limits -Patch1: upstream_pull_174.patch # Source10...Source99 is for sources from SUSE which are intended for upstream: # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: @@ -66,8 +62,6 @@ # because the files of the CUPS web content are no documentation, see CUPS STR #3578 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: Patch11: cups-2.1.0-default-webcontent-path.patch -# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: -Patch12: cups-2.1.0-cups-systemd-socket.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff @@ -83,9 +77,9 @@ Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch -# Patch106 Fixes web UI Kerberos authentication (bsc#1175960) -Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch Patch107: harden_cups.service.patch +# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing +Patch108: downgrade-autoconf-requirement.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -280,9 +274,6 @@ %prep %setup -q # Patch0...Patch9 is for patches from upstream: -# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 -# Use 60s timeout for read_thread, revert read limits -%patch1 -p1 # Patch10...Patch99 is for patches from SUSE which are intended for upstream: # Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: %patch10 -b choose-uri-template.orig @@ -291,8 +282,6 @@ # because the files of the CUPS web content are no documentation, see CUPS STR #3578 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: %patch11 -b default-webcontent-path.orig -# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: -#patch12 -b cups-systemd-socket.orig # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig @@ -308,9 +297,8 @@ %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -# Patch106 Fixes web UI Kerberos authentication (bsc#1175960) -%patch106 -p1 %patch107 -p1 +%patch108 -p1 %build # Remove ".SILENT" rule for verbose build output @@ -439,8 +427,6 @@ # There appears to be some kind of race condition when running make check and make test # cf. https://github.com/OpenPrinting/cups/issues/155 # We print all logs for debugging purposes if either testsuite fails -echo "DEBUG: running make check" -bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' echo "DEBUG: running make test" bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' %else @@ -681,6 +667,7 @@ %files devel %defattr(-,root,root) +/usr/lib/pkgconfig/cups.pc %{_includedir}/cups/ %{_libdir}/libcups.so %{_libdir}/libcupsimage.so Index: cups-2.4.1-source.tar.gz =================================================================== Binary file cups-2.4.1-source.tar.gz (revision 2) added Index: cups-2.4.1-source.tar.gz.sig =================================================================== Binary file cups-2.4.1-source.tar.gz.sig (revision 2) added Index: downgrade-autoconf-requirement.patch =================================================================== --- downgrade-autoconf-requirement.patch (added) +++ downgrade-autoconf-requirement.patch (revision 2) @@ -0,0 +1,15 @@ +diff --git a/configure.ac b/configure.ac +index a8c6c1040..6ace74a8d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more + dnl information. + dnl + +-dnl We need at least autoconf 2.71... +-AC_PREREQ([2.71]) ++dnl We need at least autoconf 2.69... ++AC_PREREQ([2.69]) + + dnl Package name and version... + AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) Index: cups-2.1.0-cups-systemd-socket.patch =================================================================== --- cups-2.1.0-cups-systemd-socket.patch (revision 380) +++ cups-2.1.0-cups-systemd-socket.patch (deleted) @@ -1,43 +0,0 @@ ---- scheduler/main.c.orig 2015-06-08 20:32:35.000000000 +0200 -+++ scheduler/main.c 2015-09-01 11:19:36.000000000 +0200 -@@ -656,7 +656,15 @@ main(int argc, /* I - Number of comm - - #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) - if (OnDemand) -+ { - cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); -+# ifdef HAVE_SYSTEMD -+ sd_notifyf(0, "READY=1\n" -+ "STATUS=Scheduler is running...\n" -+ "MAINPID=%lu", -+ (unsigned long) getpid()); -+# endif /* HAVE_SYSTEMD */ -+ } - else - #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ - if (fg) ---- scheduler/org.cups.cupsd.path.in.orig 2014-03-21 15:50:24.000000000 +0100 -+++ scheduler/org.cups.cupsd.path.in 2015-09-01 11:20:37.000000000 +0200 -@@ -3,6 +3,7 @@ Description=CUPS Scheduler - - [Path] - PathExists=@CUPS_CACHEDIR@/org.cups.cupsd -+PathExistsGlob=@CUPS_REQUESTS@/d* - - [Install] - WantedBy=multi-user.target ---- scheduler/org.cups.cupsd.service.in.orig 2014-10-21 13:54:05.000000000 +0200 -+++ scheduler/org.cups.cupsd.service.in 2015-09-01 11:22:09.000000000 +0200 -@@ -1,10 +1,11 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) -+After=network.target - - [Service] - ExecStart=@sbindir@/cupsd -l --Type=simple -+Type=notify - - [Install] - Also=org.cups.cupsd.socket org.cups.cupsd.path Index: cups-2.3.3op2-source.tar.gz =================================================================== Binary file cups-2.3.3op2-source.tar.gz (revision 380) deleted Index: cups-2.3.3op2-source.tar.gz.sig =================================================================== Binary file cups-2.3.3op2-source.tar.gz.sig (revision 380) deleted Index: fix-negotiate-authentication-between-CGIs-and-scheduler.patch =================================================================== --- fix-negotiate-authentication-between-CGIs-and-scheduler.patch (revision 380) +++ fix-negotiate-authentication-between-CGIs-and-scheduler.patch (deleted) @@ -1,223 +0,0 @@ -From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero <scabrero@suse.de> -Date: Mon, 26 Oct 2020 17:35:22 +0100 -Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used - -SetAuthorizationString with NULL argument sets an empty string. - -Related: #5596 - -Signed-off-by: Samuel Cabrero <scabrero@suse.de> ---- - cups/auth.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cups/auth.c b/cups/auth.c -index db45bbba6..f2409350a 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -295,7 +295,7 @@ cupsDoAuthentication( - } - } - -- if (http->authstring) -+ if (http->authstring && http->authstring[0]) - { - DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring)); - --- -2.30.2 - - -From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero <scabrero@suse.de> -Date: Tue, 27 Oct 2020 16:11:41 +0100 -Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is - to localhost - -Related: #5596 - -Signed-off-by: Samuel Cabrero <scabrero@suse.de> ---- - cups/auth.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/cups/auth.c b/cups/auth.c -index f2409350a..d2956438d 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status, - # define cups_gss_printf(major, minor, message) - # endif /* DEBUG */ - #endif /* HAVE_GSSAPI */ -+static int cups_is_local_connection(http_t *http); - static int cups_local_auth(http_t *http); - - -@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */ - # endif /* DEBUG */ - #endif /* HAVE_GSSAPI */ - -+static int /* O - 0 if not a local connection */ -+ /* 1 if local connection */ -+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */ -+{ -+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0) -+ return 0; -+ return 1; -+} - - /* - * 'cups_local_auth()' - Get the local authorization certificate if -@@ -958,7 +967,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ - * See if we are accessing localhost... - */ - -- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0) -+ if (!cups_is_local_connection(http)) - { - DEBUG_puts("8cups_local_auth: Not a local connection!"); - return (1); --- -2.30.2 - - -From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero <scabrero@suse.de> -Date: Tue, 27 Oct 2020 16:23:30 +0100 -Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote - servers - -If connecting to localhost then proceed to ask the client for the -authorization using cupsGetPassword2. The get password callback will -return 401 to the client with WWW-Authenticate: Negotiate. - -Fixes: #5596 - -Signed-off-by: Samuel Cabrero <scabrero@suse.de> ---- - cups/auth.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/cups/auth.c b/cups/auth.c -index d2956438d..9661657fc 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -175,10 +175,10 @@ cupsDoAuthentication( - DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme)); - - #ifdef HAVE_GSSAPI -- if (!_cups_strcasecmp(scheme, "Negotiate")) -+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http)) - { - /* -- * Kerberos authentication... -+ * Kerberos authentication to remote server... - */ - - int gss_status; /* Auth status */ -@@ -202,7 +202,9 @@ cupsDoAuthentication( - } - else - #endif /* HAVE_GSSAPI */ -- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest")) -+ if (_cups_strcasecmp(scheme, "Basic") && -+ _cups_strcasecmp(scheme, "Digest") && -+ _cups_strcasecmp(scheme, "Negotiate")) - { - /* - * Other schemes not yet supported... -@@ -216,7 +218,7 @@ cupsDoAuthentication( - * See if we should retry the current username:password... - */ - -- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest")))) -+ if (http->digest_tries > 1 || !http->userpass[0]) - { - /* - * Nope - get a new password from the user... --- -2.30.2 - - -From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001 -From: Samuel Cabrero <scabrero@suse.de> -Date: Tue, 27 Oct 2020 16:18:03 +0100 -Subject: [PATCH 4/4] Allow Local authentication for Negotiate - -PeerCred is also possible if address family is AF_LOCAL. This will allow -the CGI programs to generate the authorization from the local -certificates based on PID also when Negotiate is used for local -connections: - -Client CGI -Browser <- Remote conn -> admin.cgi <--- Localhost conn ---> Scheduler - | | | - + --- HTTP/POST /admin/ --> | | - | + --- CUPS-Get-Devices ------------> | - | | | - | | <-- 401 Unauthorized --------------+ - | | WWW-Authenticate: | - | | Negotiate, (PeerCred,) Local | - | | | - | <-- 401 Unauthorized -----+ | - | WWW-Authenticate: | | - | Negotiate | | - | | | - | --- HTTP/POST /admin/ --> | | - | Authorization: + --- IPP CUPS-GetDevices ---------> | - | Negotiate | Authorization: Local <cert> | - | | | - -Fixes: #5596 - -Signed-off-by: Samuel Cabrero <scabrero@suse.de> ---- - cups/auth.c | 5 ----- - scheduler/client.c | 9 ++------- - 2 files changed, 2 insertions(+), 12 deletions(-) - -diff --git a/cups/auth.c b/cups/auth.c -index 9661657fc..b6fec6b98 100644 ---- a/cups/auth.c -+++ b/cups/auth.c -@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ - } - # endif /* HAVE_AUTHORIZATION_H */ - --# ifdef HAVE_GSSAPI -- if (cups_auth_find(www_auth, "Negotiate")) -- return (1); --# endif /* HAVE_GSSAPI */ -- - # if defined(SO_PEERCRED) && defined(AF_LOCAL) - /* - * See if we can authenticate using the peer credentials provided over a -diff --git a/scheduler/client.c b/scheduler/client.c -index c2ee8f12a..56797d58d 100644 ---- a/scheduler/client.c -+++ b/scheduler/client.c -@@ -2109,18 +2109,13 @@ cupsdSendHeader( - } - else if (auth_type == CUPSD_AUTH_NEGOTIATE) - { --#if defined(SO_PEERCRED) && defined(AF_LOCAL) -- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) -- strlcpy(auth_str, "PeerCred", sizeof(auth_str)); -- else --#endif /* SO_PEERCRED && AF_LOCAL */ - strlcpy(auth_str, "Negotiate", sizeof(auth_str)); - } - -- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) -+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) - { - /* -- * Add a "trc" (try root certification) parameter for local non-Kerberos -+ * Add a "trc" (try root certification) parameter for local - * requests when the request requires system group membership - then the - * client knows the root certificate can/should be used. - * --- -2.30.2 - Index: upstream_pull_174.patch =================================================================== --- upstream_pull_174.patch (revision 380) +++ upstream_pull_174.patch (deleted) @@ -1,53 +0,0 @@ -From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal <zdohnal@redhat.com> -Date: Tue, 13 Apr 2021 15:44:14 +0200 -Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at - backchannel - -Some older models malfunction if timeout is too short. ---- - CHANGES.md | 1 + - backend/usb-libusb.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - ---- a/backend/usb-libusb.c -+++ b/backend/usb-libusb.c -@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference) - readstatus = libusb_bulk_transfer(g.printer->handle, - g.printer->read_endp, - readbuffer, rbytes, -- &rbytes, 250); -+ &rbytes, 60000); - if (readstatus == LIBUSB_SUCCESS && rbytes > 0) - { - fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes); - -From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001 -From: Zdenek Dohnal <zdohnal@redhat.com> -Date: Tue, 13 Apr 2021 15:47:37 +0200 -Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits - -This commit reverts the change introduced by 2.2.12 [1] - its -implementation caused a regression with Lexmark filters. - -[1] -35e927f835
---- - CHANGES.md | 1 + - backend/usb-libusb.c | 3 ++- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c -index fbb0d9d89..89b5182f7 100644 ---- a/backend/usb-libusb.c -+++ b/backend/usb-libusb.c -@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference) - * Make sure this loop executes no more than once every 250 miliseconds... - */ - -- if ((g.wait_eof || !g.read_thread_stop)) -+ if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) && -+ (g.wait_eof || !g.read_thread_stop)) - usleep(250000); - } - while (g.wait_eof || !g.read_thread_stop); OBS-URL: https://build.opensuse.org/request/show/958348 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=381
This commit is contained in:
parent
350f6e0407
commit
13a457f820
@ -1,43 +0,0 @@
|
||||
--- scheduler/main.c.orig 2015-06-08 20:32:35.000000000 +0200
|
||||
+++ scheduler/main.c 2015-09-01 11:19:36.000000000 +0200
|
||||
@@ -656,7 +656,15 @@ main(int argc, /* I - Number of comm
|
||||
|
||||
#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
|
||||
if (OnDemand)
|
||||
+ {
|
||||
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
|
||||
+# ifdef HAVE_SYSTEMD
|
||||
+ sd_notifyf(0, "READY=1\n"
|
||||
+ "STATUS=Scheduler is running...\n"
|
||||
+ "MAINPID=%lu",
|
||||
+ (unsigned long) getpid());
|
||||
+# endif /* HAVE_SYSTEMD */
|
||||
+ }
|
||||
else
|
||||
#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
|
||||
if (fg)
|
||||
--- scheduler/org.cups.cupsd.path.in.orig 2014-03-21 15:50:24.000000000 +0100
|
||||
+++ scheduler/org.cups.cupsd.path.in 2015-09-01 11:20:37.000000000 +0200
|
||||
@@ -3,6 +3,7 @@ Description=CUPS Scheduler
|
||||
|
||||
[Path]
|
||||
PathExists=@CUPS_CACHEDIR@/org.cups.cupsd
|
||||
+PathExistsGlob=@CUPS_REQUESTS@/d*
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
--- scheduler/org.cups.cupsd.service.in.orig 2014-10-21 13:54:05.000000000 +0200
|
||||
+++ scheduler/org.cups.cupsd.service.in 2015-09-01 11:22:09.000000000 +0200
|
||||
@@ -1,10 +1,11 @@
|
||||
[Unit]
|
||||
Description=CUPS Scheduler
|
||||
Documentation=man:cupsd(8)
|
||||
+After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=@sbindir@/cupsd -l
|
||||
-Type=simple
|
||||
+Type=notify
|
||||
|
||||
[Install]
|
||||
Also=org.cups.cupsd.socket org.cups.cupsd.path
|
@ -1,17 +1,21 @@
|
||||
--- config-scripts/cups-directories.m4.orig 2014-03-21 17:42:53.000000000 +0100
|
||||
+++ config-scripts/cups-directories.m4 2015-09-01 11:08:43.000000000 +0200
|
||||
@@ -206,11 +206,11 @@ fi
|
||||
AC_SUBST(MENUDIR)
|
||||
--- config-scripts/cups-directories.m4
|
||||
+++ config-scripts/cups-directories.m4.orig
|
||||
@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [
|
||||
AC_SUBST([MENUDIR])
|
||||
|
||||
# Documentation files
|
||||
-AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="")
|
||||
+AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="")
|
||||
-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [
|
||||
+AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [
|
||||
docdir="$withval"
|
||||
], [
|
||||
docdir=""
|
||||
])
|
||||
|
||||
if test x$docdir = x; then
|
||||
AS_IF([test x$docdir = x], [
|
||||
- CUPS_DOCROOT="$datadir/doc/cups"
|
||||
- docdir="$datadir/doc/cups"
|
||||
+ CUPS_DOCROOT="$datadir/cups/webcontent"
|
||||
+ docdir="$datadir/cups/webcontent"
|
||||
else
|
||||
], [
|
||||
CUPS_DOCROOT="$docdir"
|
||||
fi
|
||||
])
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df
|
||||
size 7993205
|
Binary file not shown.
3
cups-2.4.1-source.tar.gz
Normal file
3
cups-2.4.1-source.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c7339f75f8d4f2dec50c673341a45fc06b6885bb6d4366d6bf59a4e6c10ae178
|
||||
size 8113914
|
BIN
cups-2.4.1-source.tar.gz.sig
Normal file
BIN
cups-2.4.1-source.tar.gz.sig
Normal file
Binary file not shown.
@ -4,7 +4,7 @@
|
||||
# flags for compiler and linker...
|
||||
CFLAGS=""
|
||||
LDFLAGS="@EXPORT_LDFLAGS@"
|
||||
-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
|
||||
-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@"
|
||||
+LIBS=""
|
||||
|
||||
# Check for local invocation...
|
||||
|
84
cups.changes
84
cups.changes
@ -1,3 +1,87 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com>
|
||||
|
||||
- Version upgrade to 2.4.1:
|
||||
* The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277)
|
||||
* Configuration script now checks linking for -Wl,-pie flags (Issue #303)
|
||||
* Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
|
||||
* Fixed missing bracket in de/index.html (Issue #299)
|
||||
* Fixed typos in configuration scripts (Issues #304, #316)
|
||||
* Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
|
||||
* Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
|
||||
* Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)
|
||||
* Added configure option --with-idle-exit-timeout (Issue #294)
|
||||
* Added --with-systemd-timeoutstartsec configure option (Issue #298)
|
||||
* DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
|
||||
* Fixed compilation on Solaris (Issue #293)
|
||||
* Fixed and improved German translations (Issue #296, Issue #297)
|
||||
* Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
|
||||
* Compilation now uses -fstack-protector-strong if available (Issue #285)
|
||||
* Added support for CUPS running in a Snapcraft snap.
|
||||
* Added basic OAuth 2.0 client support (Issue #100)
|
||||
* Added support for AirPrint and Mopria clients (Issue #105)
|
||||
* Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
|
||||
* Added several features and improvements to ipptool (Issue #153)
|
||||
* Added a JSON output mode for ipptool.
|
||||
* The ipptool command now correctly reports an error when a test file cannot be found.
|
||||
* CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
|
||||
* Fixed Kerberos authentication for the web interface (Issue #19)
|
||||
* The ZPL sample driver now supports more "standard" label sizes (Issue #70)
|
||||
* Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
|
||||
* Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
|
||||
* The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
|
||||
* The testlang unit test program now loops over all of the available locales by default (Issue #85)
|
||||
* The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
|
||||
* The PPD functions now treat boolean values as case-insensitive (Issue #106)
|
||||
* Temporary queue names no longer end with an underscore (Issue #110)
|
||||
* The USB backend now runs as root (Issue #121)
|
||||
* Added pkg-config file for libcups (Issue #122)
|
||||
* Fixed a PPD memory leak caused by emulator definitions (Issue #124)
|
||||
* Fixed a DISPLAY bug in ipptool (Issue #139)
|
||||
* The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
|
||||
* Added support for locales using the GB18030 character set (Issue #159)
|
||||
* httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
|
||||
* httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
|
||||
* The IPP backend now retries Validate-Job requests (Issue #132)
|
||||
* Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
|
||||
* Added dark mode support to the CUPS web interface (Issue #152)
|
||||
* Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
|
||||
* Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
|
||||
* Now use a 60 second timeout for reading USB backchannel data (Issue #160)
|
||||
* The USB backend now tries harder to find a serial number (Issue #170)
|
||||
* Fixed @IF(name) handling in cupsd.conf (Apple #5918)
|
||||
* Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940)
|
||||
* Fixed the lpc command prompt (Apple #5946)
|
||||
* Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
|
||||
* Fixed a job history update issue in the scheduler (Issue #187)
|
||||
* Fixed job-pages-per-set value for duplex print jobs.
|
||||
* Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
|
||||
* Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
|
||||
* The scheduler now supports the "everywhere" model directly (Issue #201)
|
||||
* Fixed some IPP Everywhere option mapping problems (Issue #238)
|
||||
* Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
|
||||
* Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
|
||||
* Fixed support for the 'offline-report' state for all USB backends (Issue #264)
|
||||
* Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
|
||||
* Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
|
||||
* USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
|
||||
* Web interface updates (Issue #142, Issue #218)
|
||||
* The ippeveprinter tool now automatically uses an available port.
|
||||
* Fixed several Windows TLS and hashing issues.
|
||||
* Deprecated cups-config (Issue #97)
|
||||
* Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
|
||||
* Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
|
||||
* Stubbed out deprecated httpMD5 functions.
|
||||
* Add test for undefined page ranges during printing.
|
||||
- Dropped patch upstream_pull_174 because it it is included in this release
|
||||
- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c)
|
||||
- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
|
||||
- Re-enabled testsuite
|
||||
* Also removed make check because since upstream change the two target are identical (https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239)
|
||||
- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
|
||||
- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
|
||||
- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de
|
||||
|
||||
|
BIN
cups.keyring
BIN
cups.keyring
Binary file not shown.
43
cups.spec
43
cups.spec
@ -18,9 +18,7 @@
|
||||
|
||||
# Cf. https://rpm.org/user_doc/conditional_builds.html
|
||||
# by default enable testsuite (i.e. in the 'check' section run make check and make test)
|
||||
#bcond_without testsuite
|
||||
# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
|
||||
%bcond_with testsuite
|
||||
%bcond_without testsuite
|
||||
|
||||
# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
|
||||
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
|
||||
@ -29,34 +27,32 @@ Name: cups
|
||||
# "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
|
||||
# "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
|
||||
# version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
|
||||
Version: 2.3.3op2
|
||||
Version: 2.4.1
|
||||
Release: 0
|
||||
Summary: The Common UNIX Printing System
|
||||
License: Apache-2.0
|
||||
Group: Hardware/Printing
|
||||
URL: https://openprinting.github.io/cups
|
||||
# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
|
||||
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
|
||||
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
|
||||
# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
|
||||
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
|
||||
# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
|
||||
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
|
||||
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
|
||||
# To get Source2 go to https://www.msweet.org/pgp.html
|
||||
# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
|
||||
# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
|
||||
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
|
||||
# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
|
||||
# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
|
||||
# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
|
||||
Source2: cups.keyring
|
||||
# To manually verify Source0 with Source1 and Source2 do e.g.
|
||||
# gpg --import cups.keyring
|
||||
# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
|
||||
# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
|
||||
# gpg --list-keys | grep -1 'Zdenek Dohnal'
|
||||
# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz
|
||||
Source102: Postscript.ppd.gz
|
||||
Source105: Postscript-level1.ppd.gz
|
||||
Source106: Postscript-level2.ppd.gz
|
||||
Source108: cups-client.conf
|
||||
Source109: baselibs.conf
|
||||
# Patch0...Patch9 is for patches from upstream:
|
||||
# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
|
||||
# Use 60s timeout for read_thread, revert read limits
|
||||
Patch1: upstream_pull_174.patch
|
||||
# Source10...Source99 is for sources from SUSE which are intended for upstream:
|
||||
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
||||
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
|
||||
@ -66,8 +62,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch
|
||||
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
|
||||
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
|
||||
Patch11: cups-2.1.0-default-webcontent-path.patch
|
||||
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
|
||||
Patch12: cups-2.1.0-cups-systemd-socket.patch
|
||||
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
|
||||
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
|
||||
Patch100: cups-pam.diff
|
||||
@ -83,9 +77,9 @@ Patch101: cups-2.0.3-additional_policies.patch
|
||||
Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
|
||||
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
|
||||
Patch104: cups-config-libs.patch
|
||||
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
|
||||
Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
|
||||
Patch107: harden_cups.service.patch
|
||||
# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing
|
||||
Patch108: downgrade-autoconf-requirement.patch
|
||||
# Build Requirements:
|
||||
BuildRequires: dbus-1-devel
|
||||
BuildRequires: fdupes
|
||||
@ -280,9 +274,6 @@ printer drivers for CUPS.
|
||||
%prep
|
||||
%setup -q
|
||||
# Patch0...Patch9 is for patches from upstream:
|
||||
# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
|
||||
# Use 60s timeout for read_thread, revert read limits
|
||||
%patch1 -p1
|
||||
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
|
||||
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
|
||||
%patch10 -b choose-uri-template.orig
|
||||
@ -291,8 +282,6 @@ printer drivers for CUPS.
|
||||
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
|
||||
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
|
||||
%patch11 -b default-webcontent-path.orig
|
||||
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
|
||||
#patch12 -b cups-systemd-socket.orig
|
||||
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
|
||||
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
|
||||
%patch100 -b cups-pam.orig
|
||||
@ -308,9 +297,8 @@ printer drivers for CUPS.
|
||||
%patch103 -b do_not_strip_recommended_from_PPDs.orig
|
||||
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
|
||||
%patch104 -b cups-config-libs.orig
|
||||
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
|
||||
%patch106 -p1
|
||||
%patch107 -p1
|
||||
%patch108 -p1
|
||||
|
||||
%build
|
||||
# Remove ".SILENT" rule for verbose build output
|
||||
@ -439,8 +427,6 @@ EOF
|
||||
# There appears to be some kind of race condition when running make check and make test
|
||||
# cf. https://github.com/OpenPrinting/cups/issues/155
|
||||
# We print all logs for debugging purposes if either testsuite fails
|
||||
echo "DEBUG: running make check"
|
||||
bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
|
||||
echo "DEBUG: running make test"
|
||||
bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
|
||||
%else
|
||||
@ -681,6 +667,7 @@ exit 0
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
/usr/lib/pkgconfig/cups.pc
|
||||
%{_includedir}/cups/
|
||||
%{_libdir}/libcups.so
|
||||
%{_libdir}/libcupsimage.so
|
||||
|
15
downgrade-autoconf-requirement.patch
Normal file
15
downgrade-autoconf-requirement.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index a8c6c1040..6ace74a8d 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||||
dnl information.
|
||||
dnl
|
||||
|
||||
-dnl We need at least autoconf 2.71...
|
||||
-AC_PREREQ([2.71])
|
||||
+dnl We need at least autoconf 2.69...
|
||||
+AC_PREREQ([2.69])
|
||||
|
||||
dnl Package name and version...
|
||||
AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])
|
@ -1,223 +0,0 @@
|
||||
From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Cabrero <scabrero@suse.de>
|
||||
Date: Mon, 26 Oct 2020 17:35:22 +0100
|
||||
Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used
|
||||
|
||||
SetAuthorizationString with NULL argument sets an empty string.
|
||||
|
||||
Related: #5596
|
||||
|
||||
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||
---
|
||||
cups/auth.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cups/auth.c b/cups/auth.c
|
||||
index db45bbba6..f2409350a 100644
|
||||
--- a/cups/auth.c
|
||||
+++ b/cups/auth.c
|
||||
@@ -295,7 +295,7 @@ cupsDoAuthentication(
|
||||
}
|
||||
}
|
||||
|
||||
- if (http->authstring)
|
||||
+ if (http->authstring && http->authstring[0])
|
||||
{
|
||||
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
|
||||
|
||||
--
|
||||
2.30.2
|
||||
|
||||
|
||||
From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Cabrero <scabrero@suse.de>
|
||||
Date: Tue, 27 Oct 2020 16:11:41 +0100
|
||||
Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is
|
||||
to localhost
|
||||
|
||||
Related: #5596
|
||||
|
||||
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||
---
|
||||
cups/auth.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cups/auth.c b/cups/auth.c
|
||||
index f2409350a..d2956438d 100644
|
||||
--- a/cups/auth.c
|
||||
+++ b/cups/auth.c
|
||||
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
|
||||
# define cups_gss_printf(major, minor, message)
|
||||
# endif /* DEBUG */
|
||||
#endif /* HAVE_GSSAPI */
|
||||
+static int cups_is_local_connection(http_t *http);
|
||||
static int cups_local_auth(http_t *http);
|
||||
|
||||
|
||||
@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
|
||||
# endif /* DEBUG */
|
||||
#endif /* HAVE_GSSAPI */
|
||||
|
||||
+static int /* O - 0 if not a local connection */
|
||||
+ /* 1 if local connection */
|
||||
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
|
||||
+{
|
||||
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||
+ return 0;
|
||||
+ return 1;
|
||||
+}
|
||||
|
||||
/*
|
||||
* 'cups_local_auth()' - Get the local authorization certificate if
|
||||
@@ -958,7 +967,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||
* See if we are accessing localhost...
|
||||
*/
|
||||
|
||||
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
|
||||
+ if (!cups_is_local_connection(http))
|
||||
{
|
||||
DEBUG_puts("8cups_local_auth: Not a local connection!");
|
||||
return (1);
|
||||
--
|
||||
2.30.2
|
||||
|
||||
|
||||
From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Cabrero <scabrero@suse.de>
|
||||
Date: Tue, 27 Oct 2020 16:23:30 +0100
|
||||
Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote
|
||||
servers
|
||||
|
||||
If connecting to localhost then proceed to ask the client for the
|
||||
authorization using cupsGetPassword2. The get password callback will
|
||||
return 401 to the client with WWW-Authenticate: Negotiate.
|
||||
|
||||
Fixes: #5596
|
||||
|
||||
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||
---
|
||||
cups/auth.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/cups/auth.c b/cups/auth.c
|
||||
index d2956438d..9661657fc 100644
|
||||
--- a/cups/auth.c
|
||||
+++ b/cups/auth.c
|
||||
@@ -175,10 +175,10 @@ cupsDoAuthentication(
|
||||
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
|
||||
|
||||
#ifdef HAVE_GSSAPI
|
||||
- if (!_cups_strcasecmp(scheme, "Negotiate"))
|
||||
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
|
||||
{
|
||||
/*
|
||||
- * Kerberos authentication...
|
||||
+ * Kerberos authentication to remote server...
|
||||
*/
|
||||
|
||||
int gss_status; /* Auth status */
|
||||
@@ -202,7 +202,9 @@ cupsDoAuthentication(
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_GSSAPI */
|
||||
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
|
||||
+ if (_cups_strcasecmp(scheme, "Basic") &&
|
||||
+ _cups_strcasecmp(scheme, "Digest") &&
|
||||
+ _cups_strcasecmp(scheme, "Negotiate"))
|
||||
{
|
||||
/*
|
||||
* Other schemes not yet supported...
|
||||
@@ -216,7 +218,7 @@ cupsDoAuthentication(
|
||||
* See if we should retry the current username:password...
|
||||
*/
|
||||
|
||||
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
|
||||
+ if (http->digest_tries > 1 || !http->userpass[0])
|
||||
{
|
||||
/*
|
||||
* Nope - get a new password from the user...
|
||||
--
|
||||
2.30.2
|
||||
|
||||
|
||||
From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Cabrero <scabrero@suse.de>
|
||||
Date: Tue, 27 Oct 2020 16:18:03 +0100
|
||||
Subject: [PATCH 4/4] Allow Local authentication for Negotiate
|
||||
|
||||
PeerCred is also possible if address family is AF_LOCAL. This will allow
|
||||
the CGI programs to generate the authorization from the local
|
||||
certificates based on PID also when Negotiate is used for local
|
||||
connections:
|
||||
|
||||
Client CGI
|
||||
Browser <- Remote conn -> admin.cgi <--- Localhost conn ---> Scheduler
|
||||
| | |
|
||||
+ --- HTTP/POST /admin/ --> | |
|
||||
| + --- CUPS-Get-Devices ------------> |
|
||||
| | |
|
||||
| | <-- 401 Unauthorized --------------+
|
||||
| | WWW-Authenticate: |
|
||||
| | Negotiate, (PeerCred,) Local |
|
||||
| | |
|
||||
| <-- 401 Unauthorized -----+ |
|
||||
| WWW-Authenticate: | |
|
||||
| Negotiate | |
|
||||
| | |
|
||||
| --- HTTP/POST /admin/ --> | |
|
||||
| Authorization: + --- IPP CUPS-GetDevices ---------> |
|
||||
| Negotiate | Authorization: Local <cert> |
|
||||
| | |
|
||||
|
||||
Fixes: #5596
|
||||
|
||||
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||
---
|
||||
cups/auth.c | 5 -----
|
||||
scheduler/client.c | 9 ++-------
|
||||
2 files changed, 2 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/cups/auth.c b/cups/auth.c
|
||||
index 9661657fc..b6fec6b98 100644
|
||||
--- a/cups/auth.c
|
||||
+++ b/cups/auth.c
|
||||
@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
|
||||
}
|
||||
# endif /* HAVE_AUTHORIZATION_H */
|
||||
|
||||
-# ifdef HAVE_GSSAPI
|
||||
- if (cups_auth_find(www_auth, "Negotiate"))
|
||||
- return (1);
|
||||
-# endif /* HAVE_GSSAPI */
|
||||
-
|
||||
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||
/*
|
||||
* See if we can authenticate using the peer credentials provided over a
|
||||
diff --git a/scheduler/client.c b/scheduler/client.c
|
||||
index c2ee8f12a..56797d58d 100644
|
||||
--- a/scheduler/client.c
|
||||
+++ b/scheduler/client.c
|
||||
@@ -2109,18 +2109,13 @@ cupsdSendHeader(
|
||||
}
|
||||
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
|
||||
{
|
||||
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
|
||||
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
|
||||
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
|
||||
- else
|
||||
-#endif /* SO_PEERCRED && AF_LOCAL */
|
||||
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
|
||||
}
|
||||
|
||||
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
|
||||
{
|
||||
/*
|
||||
- * Add a "trc" (try root certification) parameter for local non-Kerberos
|
||||
+ * Add a "trc" (try root certification) parameter for local
|
||||
* requests when the request requires system group membership - then the
|
||||
* client knows the root certificate can/should be used.
|
||||
*
|
||||
--
|
||||
2.30.2
|
||||
|
@ -1,53 +0,0 @@
|
||||
From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Tue, 13 Apr 2021 15:44:14 +0200
|
||||
Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at
|
||||
backchannel
|
||||
|
||||
Some older models malfunction if timeout is too short.
|
||||
---
|
||||
CHANGES.md | 1 +
|
||||
backend/usb-libusb.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/backend/usb-libusb.c
|
||||
+++ b/backend/usb-libusb.c
|
||||
@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference)
|
||||
readstatus = libusb_bulk_transfer(g.printer->handle,
|
||||
g.printer->read_endp,
|
||||
readbuffer, rbytes,
|
||||
- &rbytes, 250);
|
||||
+ &rbytes, 60000);
|
||||
if (readstatus == LIBUSB_SUCCESS && rbytes > 0)
|
||||
{
|
||||
fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes);
|
||||
|
||||
From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001
|
||||
From: Zdenek Dohnal <zdohnal@redhat.com>
|
||||
Date: Tue, 13 Apr 2021 15:47:37 +0200
|
||||
Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits
|
||||
|
||||
This commit reverts the change introduced by 2.2.12 [1] - its
|
||||
implementation caused a regression with Lexmark filters.
|
||||
|
||||
[1]
|
||||
https://github.com/apple/cups/commit/35e927f83529cd9b4bc37bcd418c50e307fced35
|
||||
---
|
||||
CHANGES.md | 1 +
|
||||
backend/usb-libusb.c | 3 ++-
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
|
||||
index fbb0d9d89..89b5182f7 100644
|
||||
--- a/backend/usb-libusb.c
|
||||
+++ b/backend/usb-libusb.c
|
||||
@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference)
|
||||
* Make sure this loop executes no more than once every 250 miliseconds...
|
||||
*/
|
||||
|
||||
- if ((g.wait_eof || !g.read_thread_stop))
|
||||
+ if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) &&
|
||||
+ (g.wait_eof || !g.read_thread_stop))
|
||||
usleep(250000);
|
||||
}
|
||||
while (g.wait_eof || !g.read_thread_stop);
|
Loading…
Reference in New Issue
Block a user