From 332762f658b7e5dc560132f5782decc447b35a3b4375859ea99b0dcec738ed1b Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Fri, 4 Mar 2022 08:58:18 +0000 Subject: [PATCH] Accepting request 959347 from home:jsmeix:branches:Printing Improved comments and have cups.keyring in ASCII armored format OBS-URL: https://build.opensuse.org/request/show/959347 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=382 --- cups.changes | 187 ++++++++++++++++++++++++++++++++++++--------------- cups.keyring | Bin 450 -> 689 bytes cups.spec | 43 ++++++++---- 3 files changed, 164 insertions(+), 66 deletions(-) diff --git a/cups.changes b/cups.changes index dd5a2f0..6b1d3b4 100644 --- a/cups.changes +++ b/cups.changes @@ -1,86 +1,167 @@ ------------------------------------------------------------------- -Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga +Fri Mar 4 08:33:46 UTC 2022 - jsmeix@suse.de -- Version upgrade to 2.4.1: - * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277) - * Configuration script now checks linking for -Wl,-pie flags (Issue #303) - * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322) +- Improved comments in spec file and in changes file +- Have cups.keyring in ASCII armored format + +------------------------------------------------------------------- +Tue Mar 1 18:16:11 UTC 2022 - Aurelien Joga + +- Version upgrade to 2.4.1: + See https://github.com/openprinting/cups/releases + CUPS 2.4.1 is the first bug fix release from 2.4.x series. + Among the other bug fixes it fixes sharing default color mode + to clients and several memory leaks. + * The default color mode now is now configurable and defaults + to the printer's reported default mode (Issue #277) + * Configuration script now checks linking for -Wl,-pie flags + (Issue #303) + * Fixed memory leaks - + in testi18n (Issue #313), + in cups_enum_dests() (Issue #317), + in _cupsEncodeOption() and http_tls_upgrade() (Issue #322) * Fixed missing bracket in de/index.html (Issue #299) * Fixed typos in configuration scripts (Issues #304, #316) - * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323) - * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300) - * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325) + * Removed remaining legacy code for RIP_MAX_CACHE environment + variable (Issue #323) + * Removed deprecated directives from cupsctl and + cups-files.conf (Issue #300) + * Removed purge-jobs legacy code from CGI scripts and + templates (Issue #325) +- Version upgrade to 2.4.0: + CUPS 2.4.0 is the latest stable OpenPrinting CUPS release. + Among the changes from beta and release candidate + the stable release adds two new configuration options for + optimizing cupsd setup on servers and several other changes. * Added configure option --with-idle-exit-timeout (Issue #294) - * Added --with-systemd-timeoutstartsec configure option (Issue #298) - * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287) + * Added --with-systemd-timeoutstartsec configure + option (Issue #298) + * DigestOptions now are applied for MD5 Digest authentication + defined by RFC 2069 as well (Issue #287) * Fixed compilation on Solaris (Issue #293) * Fixed and improved German translations (Issue #296, Issue #297) - * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286) - * Compilation now uses -fstack-protector-strong if available (Issue #285) +- Version upgrade to 2.4rc1: + CUPS 2.4rc1 is a release candidate for OpenPrinting CUPS 2.4.0, + which adds two enhancements before the stable release. + * Added warning and debug messages when loading printers + if the queue is raw or with driver (Issue #286) + * Compilation now uses -fstack-protector-strong + if available (Issue #285) +- Version upgrade to 2.4b1: + CUPS 2.4b1 is the beta release for OpenPrinting CUPS 2.4 + which contains several new features such as basic OAuth support, + support for AirPrint and Mopria clients and support for running + CUPS as a snap, several deprecations (Kerberos, cups-config), + removals of old deprecated directives, and many bug fixes. * Added support for CUPS running in a Snapcraft snap. * Added basic OAuth 2.0 client support (Issue #100) * Added support for AirPrint and Mopria clients (Issue #105) - * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144) + * Added configure support for specifying systemd dependencies + in the CUPS service file (Issue #144) * Added several features and improvements to ipptool (Issue #153) * Added a JSON output mode for ipptool. - * The ipptool command now correctly reports an error when a test file cannot be found. - * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274) + * The ipptool command now correctly reports an error + when a test file cannot be found. + * CUPS library now uses thread safe getpwnam_r and getpwuid_r + functions (Issue #274) * Fixed Kerberos authentication for the web interface (Issue #19) - * The ZPL sample driver now supports more "standard" label sizes (Issue #70) - * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71) - * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72) - * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74) - * The testlang unit test program now loops over all of the available locales by default (Issue #85) - * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88) - * The PPD functions now treat boolean values as case-insensitive (Issue #106) - * Temporary queue names no longer end with an underscore (Issue #110) + * The ZPL sample driver now supports more "standard" label + sizes (Issue #70) + * Fixed reporting of printer instances when enumerating and when + no options are set for the main instance (Issue #71) + * Reverted USB read limit enforcement change + from CUPS 2.2.12 (Issue #72) + * The IPP backend did not return the correct status code + when a job was canceled at the printer/server (Issue #74) + * The testlang unit test program now loops over all of the + available locales by default (Issue #85) + * The cupsfilter command now shows error messages when options + are used incorrectly (Issue #88) + * The PPD functions now treat boolean values as + case-insensitive (Issue #106) + * Temporary queue names no longer end with an + underscore (Issue #110) * The USB backend now runs as root (Issue #121) * Added pkg-config file for libcups (Issue #122) - * Fixed a PPD memory leak caused by emulator definitions (Issue #124) + * Fixed a PPD memory leak caused by emulator + definitions (Issue #124) * Fixed a DISPLAY bug in ipptool (Issue #139) - * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154) - * Added support for locales using the GB18030 character set (Issue #159) - * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907) - * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915) + * The scheduler now includes the [Job N] prefix for job log + messages, even when using syslog logging (Issue #154) + * Added support for locales using the GB18030 + character set (Issue #159) + * httpReconnect2 did not reset the socket file descriptor + when the TLS negotiation failed (Apple #5907) + * httpUpdate did not reset the socket file descriptor + when the TLS negotiation failed (Apple #5915) * The IPP backend now retries Validate-Job requests (Issue #132) - * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148) + * Now show better error messages when a driver interface program + fails to provide a PPD file (Issue #148) * Added dark mode support to the CUPS web interface (Issue #152) * Added a workaround for Solaris in httpAddrConnect2 (Issue #156) - * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158) - * Now use a 60 second timeout for reading USB backchannel data (Issue #160) - * The USB backend now tries harder to find a serial number (Issue #170) + * Fixed an interaction between --remote-admin and --remote-any + for the cupsctl command (Issue #158) + * Now use a 60 second timeout for reading USB backchannel + data (Issue #160) + * The USB backend now tries harder to find a serial + number (Issue #170) * Fixed @IF(name) handling in cupsd.conf (Apple #5918) - * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940) + * Fixed documentation and added examples for CUPS' limited + CGI support (Apple #5940) * Fixed the lpc command prompt (Apple #5946) - * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185) + * Now always pass "localhost" in the Host: header when talking + over a domain socket or the loopback interface (Issue #185) * Fixed a job history update issue in the scheduler (Issue #187) * Fixed job-pages-per-set value for duplex print jobs. - * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195) - * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196) - * The scheduler now supports the "everywhere" model directly (Issue #201) + * Fixed an edge case in ippReadIO to make sure that only complete + attributes and values are retained on an error (Issue #195) + * Hardened ippReadIO to prevent invalid IPP messages from being + propagated (Issue #195, Issue #196) + * The scheduler now supports the "everywhere" model + directly (Issue #201) * Fixed some IPP Everywhere option mapping problems (Issue #238) - * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250) - * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262) - * Fixed support for the 'offline-report' state for all USB backends (Issue #264) - * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184) - * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164) - * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867) + * Fixed support for "job-hold-until" with the Restart-Job + operation (Issue #250) + * Fixed the default color/grayscale presets for + IPP Everywhere PPDs (Issue #262) + * Fixed support for the 'offline-report' state for all + USB backends (Issue #264) + * Documentation fixes (Issue #92, Issue #163, Issue #177, + Issue #184) + * Localization updates (Issue #123, Issue #129, Issue #134, + Issue #146, Issue #164) + * USB quirk updates (Issue #192, Issue #270, Apple #5766, + Apple #5838, Apple #5843, Apple #5867) * Web interface updates (Issue #142, Issue #218) - * The ippeveprinter tool now automatically uses an available port. + * The ippeveprinter tool now automatically uses an + available port. * Fixed several Windows TLS and hashing issues. * Deprecated cups-config (Issue #97) - * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98) - * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf. + * Deprecated Kerberos (AuthType Negotiate) + authentication (Issue #98) + * Removed support for the (long deprecated and unused) + FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, + RIPCache, and SMBConfigFile directives in cupsd.conf + and cups-files.conf. * Stubbed out deprecated httpMD5 functions. * Add test for undefined page ranges during printing. -- Dropped patch upstream_pull_174 because it it is included in this release -- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c) -- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579) +- Dropped patch upstream_pull_174 because it is included + in this release +- Dropped patch cups-2.1.0-cups-systemd-socket.patch + because it is included in this release, see + https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c +- Changed upstream source packages signing key, see + https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579 - Re-enabled testsuite - * Also removed make check because since upstream change the two target are identical (https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239) -- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style -- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS) -- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes + * Also removed make check because since upstream change + the two target are identical, see + https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239 +- Changed cups-2.1.0-cups-systemd-socket.patch + to accomodate new coding style +- Changed cups-config-libs.orig to accommodate + recent code changes (SSL->TLS) +- Changed cups-2.1.0-default-webcontent-path.patch + to accommodate code changes ------------------------------------------------------------------- Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de diff --git a/cups.keyring b/cups.keyring index ef57cd6cb316d6b47b8d356865827a60a222ea7eb4d2f3a9cb1f02a86a8a61cb..b4996d743fee6cb9831215f2e72f44f1f70f945e31a90fab159745892ecf9f98 100644 GIT binary patch literal 689 zcmaKqJ(Hq907P?sg}Jo_tHNqnFBH+f+EVu{rcP8yQbJMg zKw?pU5?H|`h~S!{iA&N6TyK#3Mc)*q!5&FVmz=}Yab*f2un(bJLcj{(2+^*5upX1{ zF7BokIID07_=ik+U%%YYW%*herc3+AJB`J+I!pA+VT6RwPR}%v!ZpKdwuJ+?nD7bH zyfdALI2VUmtW(>$6wT_cWC^=b{4z3Yb>)rOvrmv&r&EFSGoNYG%3*}OQWs#EP!>wj zp$n>vZ3dPLvB9+xRdcTy!(k;O^sT}u2QpeCCTt+Q3J7AE?CK!UBM4IjBtf>wk+}c> ziJB?8NguzRzUFGlBSt`Dgda=ivpL<|p2ku9hrgtp8A7q$Je23$UMjG(t2X?Z*1!R9oyQ+jF<{w#Ac?!#95D6 z7ZpP{w744uGvY>HwV`G6AjUg+Y>S7d=U)mGE=~&wMS=tnidhkoQ&-&B^;tJ8*ibBf zv~m+P_IRQivZVZW{$a-%l2}!?V_2zFrx$&n>hYee)g$a%e;6KzjkbH&;)OauuflxV zL*UNSCcGHQ_EClv8N59kl+DT8O?z^F8PAgK>t}G>+rwSB%CBKd8s+M3BO|+m8i)Fq3*0BORyS>QvzZ^b=iBdtZEq$EP1I!P z-v6F`>8>q~Q7Nf;so4rH`5AeMISLvf8L0~SIVlPzE+$4s<}T(6*{PKZMX6=^*{La- z3N}?KV08{fsVNzWC3?yExpo~>ScJv67;MB8SqhpKEalRhl)`V(@Zd?1?wQ#t`QKTY zK(1nvW@hE)17n-?X@&WD(M zs4CAjo(^;m2YW{aiv-X=3IzPagY4#Q+zkJ{Rg(Vnc}$;r<7wy-{qK#Niu3nf>$_-M x65juwpDe4=R=vxU3|2n9AeD!?CNcups.keyring # See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579 # PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 Source2: cups.keyring @@ -60,13 +62,13 @@ Patch10: cups-2.1.0-choose-uri-template.patch # Patch11 cups-2.1.0-default-webcontent-path.patch changes the default path whereto the # web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent # because the files of the CUPS web content are no documentation, see CUPS STR #3578 -# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: +# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments: Patch11: cups-2.1.0-default-webcontent-path.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff # Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf -# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 +# see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 Patch101: cups-2.0.3-additional_policies.patch # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch # reverts the change which was added by Michael Sweet in Jan 2007 @@ -77,8 +79,15 @@ Patch101: cups-2.0.3-additional_policies.patch Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch +# Patch107 harden_cups.service.patch adds hardening to systemd service cups.service +# see https://bugzilla.suse.com/show_bug.cgi?id=1181400 +# and https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +# where the default hardening settings are enhanced by adding +# ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups +# see https://bugzilla.suse.com/show_bug.cgi?id=1195288 Patch107: harden_cups.service.patch -# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing +# Patch108 downgrade-autoconf-requirement.patch +# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: Patch108: downgrade-autoconf-requirement.patch # Build Requirements: BuildRequires: dbus-1-devel @@ -280,13 +289,13 @@ printer drivers for CUPS. # Patch11 cups-2.1.0-default-webcontent-path.patch changes the default path whereto the # web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent # because the files of the CUPS web content are no documentation, see CUPS STR #3578 -# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: +# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments: %patch11 -b default-webcontent-path.orig # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig # Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf -# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 +# see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 %patch101 -b additional_policies.orig # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch # reverts the change which was added by Michael Sweet in Jan 2007 @@ -297,8 +306,16 @@ printer drivers for CUPS. %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -%patch107 -p1 -%patch108 -p1 +# Patch107 harden_cups.service.patch adds hardening to systemd service cups.service +# see https://bugzilla.suse.com/show_bug.cgi?id=1181400 +# and https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +# where the default hardening settings are enhanced by adding +# ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups +# see https://bugzilla.suse.com/show_bug.cgi?id=1195288 +%patch107 -p1 -b harden_cups.service.orig +# Patch108 downgrade-autoconf-requirement.patch +# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: +%patch108 -p1 -b downgrade-autoconf-requirement.orig %build # Remove ".SILENT" rule for verbose build output @@ -317,7 +334,7 @@ export CC=cc # default with-docdir path whereto the web content is installed # from /usr/share/doc/cups to /usr/share/cups/webcontent because the # files of the CUPS web content are no documentation, see CUPS STR #3578 -# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments +# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments # so that the new default could be used as is but upstream may accept # cups-2.1.0-default-webcontent-path.patch in general but change its default # so that with-docdir is explicitly set here to be future proof. @@ -388,7 +405,7 @@ install -m 644 %{SOURCE106} %{buildroot}%{_datadir}/cups/model/Postscript-level2 rm -f %{buildroot}%{_datadir}/applications/cups.desktop rm -rf %{buildroot}%{_datadir}/icons # Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked -# via the fdupes run below, see https://bugzilla.novell.com/show_bug.cgi?id=773971 +# via the fdupes run below, see https://bugzilla.suse.com/show_bug.cgi?id=773971 # by making their content different and at the same time fix the misleading comment. # Intentionally let the build fail if 'grep' does not find what 'sed' should change # because if upstream changed it 'sed' would silently no longer change the files: @@ -417,9 +434,9 @@ EOF # Never run fdupes carelessly over the whole buildroot directory # because in older openSUSE and SLE11 versions fdupes # links files with different owner, group, or permissions -# see https://bugzilla.novell.com/show_bug.cgi?id=784670 +# see https://bugzilla.suse.com/show_bug.cgi?id=784670 # and even in current openSUSE versions fdupes links across sub-package -# boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869 +# boundaries, compare https://bugzilla.suse.com/show_bug.cgi?id=784869 %fdupes -s %{buildroot}/%{_datadir}/cups/templates %check @@ -515,7 +532,7 @@ exit 0 # This avoids that CUPS' configure magic might silently # not build and install an executable when whatever condition # for configure's automated tests is not fulfilled in the build system. -# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 +# See https://bugzilla.suse.com/show_bug.cgi?id=526847#c9 # Regarding specific owner group and permission settings for directories # see https://bugzilla.suse.com/show_bug.cgi?id=1184161 # When cupsd creates directories with specific owner group and permissions