Accepting request 959347 from home:jsmeix:branches:Printing

Improved comments and have cups.keyring in ASCII armored format

OBS-URL: https://build.opensuse.org/request/show/959347
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=382

cups.changes

@@ -1,86 +1,167 @@
 -------------------------------------------------------------------
-Tue Mar  1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com>
+Fri Mar  4 08:33:46 UTC 2022 - jsmeix@suse.de
 
-- Version upgrade to 2.4.1: 
+- Improved comments in spec file and in changes file
-  * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277)
+- Have cups.keyring in ASCII armored format
-  * Configuration script now checks linking for -Wl,-pie flags (Issue #303)
+
-  * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
+-------------------------------------------------------------------
+Tue Mar  1 18:16:11 UTC 2022 - Aurelien Joga <aurelienjoga@gmail.com>
+
+- Version upgrade to 2.4.1:
+  See https://github.com/openprinting/cups/releases
+  CUPS 2.4.1 is the first bug fix release from 2.4.x series.
+  Among the other bug fixes it fixes sharing default color mode
+  to clients and several memory leaks.
+  * The default color mode now is now configurable and defaults
+    to the printer's reported default mode (Issue #277)
+  * Configuration script now checks linking for -Wl,-pie flags
+    (Issue #303)
+  * Fixed memory leaks -
+    in testi18n (Issue #313),
+    in cups_enum_dests() (Issue #317),
+    in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
   * Fixed missing bracket in de/index.html (Issue #299)
   * Fixed typos in configuration scripts (Issues #304, #316)
-  * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
+  * Removed remaining legacy code for RIP_MAX_CACHE environment
-  * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
+    variable (Issue #323)
-  * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)
+  * Removed deprecated directives from cupsctl and
+    cups-files.conf (Issue #300)
+  * Removed purge-jobs legacy code from CGI scripts and
+    templates (Issue #325)
+- Version upgrade to 2.4.0:
+  CUPS 2.4.0 is the latest stable OpenPrinting CUPS release.
+  Among the changes from beta and release candidate
+  the stable release adds two new configuration options for
+  optimizing cupsd setup on servers and several other changes.
   * Added configure option --with-idle-exit-timeout (Issue #294)
-  * Added --with-systemd-timeoutstartsec configure option (Issue #298)
+  * Added --with-systemd-timeoutstartsec configure
-  * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
+    option (Issue #298)
+  * DigestOptions now are applied for MD5 Digest authentication
+    defined by RFC 2069 as well (Issue #287)
   * Fixed compilation on Solaris (Issue #293)
   * Fixed and improved German translations (Issue #296, Issue #297)
-  * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
+- Version upgrade to 2.4rc1:
-  * Compilation now uses -fstack-protector-strong if available (Issue #285)
+  CUPS 2.4rc1 is a release candidate for OpenPrinting CUPS 2.4.0,
+  which adds two enhancements before the stable release.
+  * Added warning and debug messages when loading printers
+    if the queue is raw or with driver (Issue #286)
+  * Compilation now uses -fstack-protector-strong
+    if available (Issue #285)
+- Version upgrade to 2.4b1:
+  CUPS 2.4b1 is the beta release for OpenPrinting CUPS 2.4
+  which contains several new features such as basic OAuth support,
+  support for AirPrint and Mopria clients and support for running
+  CUPS as a snap, several deprecations (Kerberos, cups-config),
+  removals of old deprecated directives, and many bug fixes.
   * Added support for CUPS running in a Snapcraft snap.
   * Added basic OAuth 2.0 client support (Issue #100)
   * Added support for AirPrint and Mopria clients (Issue #105)
-  * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
+  * Added configure support for specifying systemd dependencies
+    in the CUPS service file (Issue #144)
   * Added several features and improvements to ipptool (Issue #153)
   * Added a JSON output mode for ipptool.
-  * The ipptool command now correctly reports an error when a test file cannot be found.
+  * The ipptool command now correctly reports an error
-  * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
+    when a test file cannot be found.
+  * CUPS library now uses thread safe getpwnam_r and getpwuid_r
+    functions (Issue #274)
   * Fixed Kerberos authentication for the web interface (Issue #19)
-  * The ZPL sample driver now supports more "standard" label sizes (Issue #70)
+  * The ZPL sample driver now supports more "standard" label
-  * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
+    sizes (Issue #70)
-  * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
+  * Fixed reporting of printer instances when enumerating and when
-  * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
+    no options are set for the main instance (Issue #71)
-  * The testlang unit test program now loops over all of the available locales by default (Issue #85)
+  * Reverted USB read limit enforcement change
-  * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
+    from CUPS 2.2.12 (Issue #72)
-  * The PPD functions now treat boolean values as case-insensitive (Issue #106)
+  * The IPP backend did not return the correct status code
-  * Temporary queue names no longer end with an underscore (Issue #110)
+    when a job was canceled at the printer/server (Issue #74)
+  * The testlang unit test program now loops over all of the
+    available locales by default (Issue #85)
+  * The cupsfilter command now shows error messages when options
+    are used incorrectly (Issue #88)
+  * The PPD functions now treat boolean values as
+    case-insensitive (Issue #106)
+  * Temporary queue names no longer end with an
+    underscore (Issue #110)
   * The USB backend now runs as root (Issue #121)
   * Added pkg-config file for libcups (Issue #122)
-  * Fixed a PPD memory leak caused by emulator definitions (Issue #124)
+  * Fixed a PPD memory leak caused by emulator
+    definitions (Issue #124)
   * Fixed a DISPLAY bug in ipptool (Issue #139)
-  * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
+  * The scheduler now includes the [Job N] prefix for job log
-  * Added support for locales using the GB18030 character set (Issue #159)
+    messages, even when using syslog logging (Issue #154)
-  * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
+  * Added support for locales using the GB18030
-  * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
+    character set (Issue #159)
+  * httpReconnect2 did not reset the socket file descriptor
+    when the TLS negotiation failed (Apple #5907)
+  * httpUpdate did not reset the socket file descriptor
+    when the TLS negotiation failed (Apple #5915)
   * The IPP backend now retries Validate-Job requests (Issue #132)
-  * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
+  * Now show better error messages when a driver interface program
+    fails to provide a PPD file (Issue #148)
   * Added dark mode support to the CUPS web interface (Issue #152)
   * Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
-  * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
+  * Fixed an interaction between --remote-admin and --remote-any
-  * Now use a 60 second timeout for reading USB backchannel data (Issue #160)
+    for the cupsctl command (Issue #158)
-  * The USB backend now tries harder to find a serial number (Issue #170)
+  * Now use a 60 second timeout for reading USB backchannel
+    data (Issue #160)
+  * The USB backend now tries harder to find a serial
+    number (Issue #170)
   * Fixed @IF(name) handling in cupsd.conf (Apple #5918)
-  * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940)
+  * Fixed documentation and added examples for CUPS' limited
+    CGI support (Apple #5940)
   * Fixed the lpc command prompt (Apple #5946)
-  * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
+  * Now always pass "localhost" in the Host: header when talking
+    over a domain socket or the loopback interface (Issue #185)
   * Fixed a job history update issue in the scheduler (Issue #187)
   * Fixed job-pages-per-set value for duplex print jobs.
-  * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
+  * Fixed an edge case in ippReadIO to make sure that only complete
-  * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
+    attributes and values are retained on an error (Issue #195)
-  * The scheduler now supports the "everywhere" model directly (Issue #201)
+  * Hardened ippReadIO to prevent invalid IPP messages from being
+    propagated (Issue #195, Issue #196)
+  * The scheduler now supports the "everywhere" model
+    directly (Issue #201)
   * Fixed some IPP Everywhere option mapping problems (Issue #238)
-  * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
+  * Fixed support for "job-hold-until" with the Restart-Job
-  * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
+    operation (Issue #250)
-  * Fixed support for the 'offline-report' state for all USB backends (Issue #264)
+  * Fixed the default color/grayscale presets for
-  * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
+    IPP Everywhere PPDs (Issue #262)
-  * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
+  * Fixed support for the 'offline-report' state for all
-  * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
+    USB backends (Issue #264)
+  * Documentation fixes (Issue #92, Issue #163, Issue #177,
+    Issue #184)
+  * Localization updates (Issue #123, Issue #129, Issue #134,
+    Issue #146, Issue #164)
+  * USB quirk updates (Issue #192, Issue #270, Apple #5766,
+    Apple #5838, Apple #5843, Apple #5867)
   * Web interface updates (Issue #142, Issue #218)
-  * The ippeveprinter tool now automatically uses an available port.
+  * The ippeveprinter tool now automatically uses an
+    available port.
   * Fixed several Windows TLS and hashing issues.
   * Deprecated cups-config (Issue #97)
-  * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
+  * Deprecated Kerberos (AuthType Negotiate)
-  * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
+    authentication (Issue #98)
+  * Removed support for the (long deprecated and unused)
+    FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout,
+    RIPCache, and SMBConfigFile directives in cupsd.conf
+    and cups-files.conf.
   * Stubbed out deprecated httpMD5 functions.
   * Add test for undefined page ranges during printing.
-- Dropped patch upstream_pull_174 because it it is included in this release
+- Dropped patch upstream_pull_174 because it is included
-- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c)
+  in this release
-- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
+- Dropped patch cups-2.1.0-cups-systemd-socket.patch
+  because it is included in this release, see
+  https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c
+- Changed upstream source packages signing key, see
+  https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
 - Re-enabled testsuite
-  * Also removed make check because since upstream change the two target are identical (https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239)
+  * Also removed make check because since upstream change
-- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
+    the two target are identical, see
-- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
+    https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239
-- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
+- Changed cups-2.1.0-cups-systemd-socket.patch
+  to accomodate new coding style
+- Changed cups-config-libs.orig to accommodate
+  recent code changes (SSL->TLS)
+- Changed cups-2.1.0-default-webcontent-path.patch
+  to accommodate code changes
 
 -------------------------------------------------------------------
 Tue Feb  1 09:18:27 UTC 2022 - jsmeix@suse.de

cups.spec

@@ -39,7 +39,9 @@ Source0:        https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cu
 # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
 # wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
 Source1:        https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
-# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
+# To make Source2 use e.g.
+#   gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
+#   gpg --export --armor 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 >cups.keyring
 # See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
 # PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
 Source2:        cups.keyring
@@ -60,13 +62,13 @@ Patch10:        cups-2.1.0-choose-uri-template.patch
 # Patch11 cups-2.1.0-default-webcontent-path.patch changes the default path whereto the
 # web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent
 # because the files of the CUPS web content are no documentation, see CUPS STR #3578
-# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
+# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments:
 Patch11:        cups-2.1.0-default-webcontent-path.patch
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 Patch100:       cups-pam.diff
 # Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf
-# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
+# see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
 Patch101:       cups-2.0.3-additional_policies.patch
 # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # reverts the change which was added by Michael Sweet in Jan 2007
@@ -77,8 +79,15 @@ Patch101:       cups-2.0.3-additional_policies.patch
 Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 Patch104:       cups-config-libs.patch
+# Patch107 harden_cups.service.patch adds hardening to systemd service cups.service
+# see https://bugzilla.suse.com/show_bug.cgi?id=1181400
+# and https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+# where the default hardening settings are enhanced by adding
+# ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups
+# see https://bugzilla.suse.com/show_bug.cgi?id=1195288
 Patch107:       harden_cups.service.patch
-# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing
+# Patch108 downgrade-autoconf-requirement.patch
+# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing:
 Patch108:       downgrade-autoconf-requirement.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
@@ -280,13 +289,13 @@ printer drivers for CUPS.
 # Patch11 cups-2.1.0-default-webcontent-path.patch changes the default path whereto the
 # web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent
 # because the files of the CUPS web content are no documentation, see CUPS STR #3578
-# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
+# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments:
 %patch11 -b default-webcontent-path.orig
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 %patch100 -b cups-pam.orig
 # Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf
-# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
+# see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
 %patch101 -b additional_policies.orig
 # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # reverts the change which was added by Michael Sweet in Jan 2007
@@ -297,8 +306,16 @@ printer drivers for CUPS.
 %patch103 -b do_not_strip_recommended_from_PPDs.orig
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 %patch104 -b cups-config-libs.orig
-%patch107 -p1
+# Patch107 harden_cups.service.patch adds hardening to systemd service cups.service
-%patch108 -p1
+# see https://bugzilla.suse.com/show_bug.cgi?id=1181400
+# and https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+# where the default hardening settings are enhanced by adding
+# ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups
+# see https://bugzilla.suse.com/show_bug.cgi?id=1195288
+%patch107 -p1 -b harden_cups.service.orig
+# Patch108 downgrade-autoconf-requirement.patch
+# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing:
+%patch108 -p1 -b downgrade-autoconf-requirement.orig
 
 %build
 # Remove ".SILENT" rule for verbose build output
@@ -317,7 +334,7 @@ export CC=cc
 # default with-docdir path whereto the web content is installed
 # from /usr/share/doc/cups to /usr/share/cups/webcontent because the
 # files of the CUPS web content are no documentation, see CUPS STR #3578
-# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments
+# and https://bugzilla.suse.com/show_bug.cgi?id=546023#c6 and subsequent comments
 # so that the new default could be used as is but upstream may accept
 # cups-2.1.0-default-webcontent-path.patch in general but change its default
 # so that with-docdir is explicitly set here to be future proof.
@@ -388,7 +405,7 @@ install -m 644 %{SOURCE106} %{buildroot}%{_datadir}/cups/model/Postscript-level2
 rm -f %{buildroot}%{_datadir}/applications/cups.desktop
 rm -rf %{buildroot}%{_datadir}/icons
 # Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked
-# via the fdupes run below, see https://bugzilla.novell.com/show_bug.cgi?id=773971
+# via the fdupes run below, see https://bugzilla.suse.com/show_bug.cgi?id=773971
 # by making their content different and at the same time fix the misleading comment.
 # Intentionally let the build fail if 'grep' does not find what 'sed' should change
 # because if upstream changed it 'sed' would silently no longer change the files:
@@ -417,9 +434,9 @@ EOF
 # Never run fdupes carelessly over the whole buildroot directory
 # because in older openSUSE and SLE11 versions fdupes
 # links files with different owner, group, or permissions
-# see https://bugzilla.novell.com/show_bug.cgi?id=784670
+# see https://bugzilla.suse.com/show_bug.cgi?id=784670
 # and even in current openSUSE versions fdupes links across sub-package
-# boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869
+# boundaries, compare https://bugzilla.suse.com/show_bug.cgi?id=784869
 %fdupes -s %{buildroot}/%{_datadir}/cups/templates
 
 %check
@@ -515,7 +532,7 @@ exit 0
 # This avoids that CUPS' configure magic might silently
 # not build and install an executable when whatever condition
 # for configure's automated tests is not fulfilled in the build system.
-# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9
+# See https://bugzilla.suse.com/show_bug.cgi?id=526847#c9
 # Regarding specific owner group and permission settings for directories
 # see https://bugzilla.suse.com/show_bug.cgi?id=1184161
 # When cupsd creates directories with specific owner group and permissions