diff --git a/CVE-2020-10001.patch b/CVE-2020-10001.patch deleted file mode 100644 index b75ad18..0000000 --- a/CVE-2020-10001.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- cups/ipp.c.orig 2021-01-11 10:53:43.080847679 +0100 -+++ cups/ipp.c 2021-01-11 12:03:56.010423238 +0100 -@@ -2965,7 +2965,8 @@ ippReadIO(void *src, /* I - Data - unsigned char *buffer, /* Data buffer */ - string[IPP_MAX_TEXT], - /* Small string buffer */ -- *bufptr; /* Pointer into buffer */ -+ *bufptr, /* Pointer into buffer */ -+ *bufend; /* End of buffer */ - ipp_attribute_t *attr; /* Current attribute */ - ipp_tag_t tag; /* Current tag */ - ipp_tag_t value_tag; /* Current value tag */ -@@ -3524,6 +3525,7 @@ ippReadIO(void *src, /* I - Data - } - - bufptr = buffer; -+ bufend = buffer + n; - - /* - * text-with-language and name-with-language are composite -@@ -3537,7 +3539,7 @@ ippReadIO(void *src, /* I - Data - - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string)) -+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string)) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP language length overflows value."), 1); -@@ -3564,7 +3566,7 @@ ippReadIO(void *src, /* I - Data - bufptr += 2 + n; - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) -+ if ((bufptr + 2 + n) > bufend) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP string length overflows value."), 1); diff --git a/cups-2.3.3-source.tar.gz b/cups-2.3.3-source.tar.gz deleted file mode 100644 index f541e88..0000000 --- a/cups-2.3.3-source.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee -size 8140741 diff --git a/cups-2.3.3-source.tar.gz.sig b/cups-2.3.3-source.tar.gz.sig deleted file mode 100644 index b06f632..0000000 Binary files a/cups-2.3.3-source.tar.gz.sig and /dev/null differ diff --git a/cups-2.3.3op2-source.tar.gz b/cups-2.3.3op2-source.tar.gz new file mode 100644 index 0000000..8fbce0d --- /dev/null +++ b/cups-2.3.3op2-source.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df +size 7993205 diff --git a/cups-2.3.3op2-source.tar.gz.sig b/cups-2.3.3op2-source.tar.gz.sig new file mode 100644 index 0000000..f52be61 Binary files /dev/null and b/cups-2.3.3op2-source.tar.gz.sig differ diff --git a/cups.changes b/cups.changes index d7b24ab..46d5524 100644 --- a/cups.changes +++ b/cups.changes @@ -1,9 +1,89 @@ +------------------------------------------------------------------- +Thu Mar 25 20:47:22 CET 2021 - Florian + +- Add "testsuite" conditional that disables anything within %check + ------------------------------------------------------------------- Fri Mar 19 12:02:38 UTC 2021 - Samuel Cabrero - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960) +------------------------------------------------------------------- +Fri Mar 19 11:25:44 UTC 2021 - Florian + +- Upstream changed to https://github.com/OpenPrinting/cups +- Added %check section to specfile that executes the old `make check` and the new (see 2.3.3op1) `make test` +- Version upgrade to 2.3.3op2: + - Security: Fixed a buffer (read) overflow in the ippReadIO function (CVE-2020-10001) + - Clarified the documentation for the "Listen" directive + - Fixed duplicate ColorModel entries for AirPrint printers + - Fixed directory/permission defaults for Debian kfreebsd-based systems + - Fixed crash bug in ppdOpen + - Fixed regression in snprintf emulation function + - The scheduler's systemd service file now waits for the nslcd service to start + - The libusb-based USB backend now uses a simpler read timer implementation to avoid a regression in a previous change + - The PPD caching code now only tracks the APPrinterIconPath value on macOS + - Fixed segfault in help.cgi when searching in man pages + - Root certificates were incorrectly stored in "~/.cups/ssl". +- Version upgrade to 2.3.3op1: + - The automated test suite can now be activated using make test for consistency with other projects and CI environments - the old make check continues to work as well, and the previous test server behavior can be accessed by running make testserver. + - ippeveprinter now supports multiple icons and strings files. + - ippeveprinter now uses the system's FQDN with Avahi. + - ippeveprinter now supports Get-Printer-Attributes on "/". + - ippeveprinter now uses a deterministic "printer-uuid" value. + - ippeveprinter now uses system sounds on macOS for Identify-Printer. + - Updated ippfind to look for files in "~/Desktop" on Windows. + - Updated ippfind to honor SKIP-XXX directives with PAUSE. + - Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale + - ipptool now supports DNS-SD URIs like ipps://My%20Printer._ipps._tcp.local + - The scheduler now allows root backends to have world read permissions but not world execute permissions + - Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host + - The SNMP backend now supports the HP and Ricoh vendor MIBs + - The scheduler no longer includes a timestamp in files it writes + - The systemd service names are now "cups.service" and "cups-lpd.service" + - The scheduler no longer adds the local hostname to the ServerAlias list + - Added LogFileGroup directive in "cups-files.conf" to control the group owner of log files + - Added --with-max-log-size configure option + - Added --enable-sync-on-close configure option + - Added --with-error-policy configure option + - IPP Everywhere PPDs could have an "unknown" default InputSlot + - The httpAddrListen function now uses a listen backlog of 128. + - Added USB quirks + - Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. + - Fixed DNS-SD name collision support in ippeveprinter. + - Fixed compiler and code analyzer warnings. + - Fixed TLS support on Windows. + - Fixed ippfind sub-type searches with Avahi. + - Fixed the default hostname used by ippeveprinter on macOS. + - Fixed resolution of local IPP-USB printers with Avahi. + - Fixed coverity issues + - Fixed httpAddrConnect issues + - Fixed web interface device URI issue + - Fixed lp/lpr "printer/class not found" error reporting + - Fixed xinetd support for LPD clients + - Fixed libtool build issue + - Fixed a memory leak in the scheduler + - Fixed a potential integer overflow in the PPD hashing code + - Fixed output-bin and print-quality handling issues + - Fixed PPD options getting mapped to odd IPP values like "tray---4" + - Fixed remote access to the cupsd.conf and log files + - Fixed the automated test suite when running in certain build/CI environments + - Fixed a logging regression caused by a previous change for Apple issue #5604 + - Fixed fax phone number handling with GNOME + - Fixed potential rounding error in rastertopwg filter + - Fixed the "uri-security-supported" value from the scheduler + - Fixed IPP backend crash bug with "printer-alert" values + - Removed old Solaris inetconv(1m) reference in cups-lpd man page + - Fixed default options that incorrectly use the "custom" prefix + - Fixed a memory leak when resolving DNS-SD URIs + - Fixed systemd status reporting by adopting the notify interface + - Fixed crash in rastertopwg + - Fixed cupsManualCopies values in IPP Everywhere PPDs +- Removed let-cupsd-start-after-network.patch as it is no longer required +- Removed CVE-2020-10001.patch as a fix as been merged upstream +- Removed section of specfile responsible for renaming "org.cups.cups*" systemd files to cups*, due to upstream renaming these files + ------------------------------------------------------------------- Thu Mar 18 18:18:18 UTC 2021 - olaf@aepfle.de diff --git a/cups.keyring b/cups.keyring index 4492ea0..ba121ef 100644 --- a/cups.keyring +++ b/cups.keyring @@ -1,54 +1,53 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: GPGTools - https://gpgtools.org -mQINBFo5hCYBEAD7WeR8qWUuD4Z3spmcjwIIcFsjF5V7MpqCZrGRcFiTH+MRiomQ -Ylr652+9JlQjS9e/6Gtist6ydADvHqELmg42wQX7MrOCTDfKpM/mP2InMIDkel16 -SZbtBORR44LOzsZ9Cm7739M4hZWp2PVn+ElWJr6t3l9NXVZDXaPWugHlxUYYGz7O -UxfYdkFQ3ND5ST60+Ir8P7YoSfCvxi2dus6/One7dhuTGdm/8+EtwrFPJWgbVxah -FQHD8TKht3poGm6+mqgDley6soo4vUlUnYRbrEe+oXRnTx4Yih3FsXNez7IHFtJv -MzHPSLE+2KsWp1gylp4hgLc5NGUD67nRO8GDqkhLK+PgJERx1NozLXqBa4XaoC6F -rq4i3C+JSsWqWUUs85tpZHwEnZmfYMV+cWcUkuHRwhls2PIVzm2b2BALXV8MY9yO -w8EBTrPo1ae1AplCZnLQX7gBdgBhX6ou+UKXqrAlaqiXlaxY2psajrmY+IqUXJL9 -H9IPMmzHz+apfAvIc4WY2APUI9BDT11gh8ko3ZWVUNxlL1rUwbCBjtwKdmVLLNmr -mU1JbKY9L1PAXElEbpyJ6KrXk49KrFE8lnhTE4g2rUZ0wdmzjbAL0oaBL5qdNupd -MjW20Y+PyYgvIrXNPTk/mhx79rAMlUIhNRYQhyATywr9/ubimhkNgYbcfQARAQAB -tBxDVVBTLm9yZyA8c2VjdXJpdHlAY3Vwcy5vcmc+iQJUBBMBCgA+FiEERdCDlG4w -NSgrPMqa9DQQQjXal+sFAlo5hCYCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQAC -HgECF4AACgkQ9DQQQjXal+v1Fg//YlAD/woMIwumfTIBGdc7oye+JLRKTXOnIDxb -VATpcSZOS6LMHy0x7k6kQ+G81r7NkfbQFHZRhvmf62qkg46JhPVJqWBqwVgrbQbk -RRFbo38NkZ37WW2xhImt8iGC8XjfpbfraVYaZQuU7Jbn4vrAppOZbzgVI1T2FIh/ -+GXWbv4WV7hNaNvjREZl1UrzzCTpxrSBgoyx+1P6SwDHYWrC/gp4CMLEj6zf2Hwz -KyIU+FmW54LIZafnswgNpoW1taZx7iSWfvqoyySomtL0PwhYWpKAyIZDf+6cffjx -Fwp5UufEkLjyui0b/6DbCjyWiNHh8BT7niLZ54VXcO8IWr/kQH61s41xp0xU9/Pr -N7Mn22Qd5SCFcDmbFvSI8m7Gn61G8mUfCL2zeAMUkNuzZgc+p2VhRCr+/9gk2eEg -BOqxrrsKDa0g5mWLA0y8a5oohlXKM6SoyRcujCfQxO3rCD1+qM48Zm+4l/6NBg8w -wRJNKoARnR2c9wGvHRbJY3kXllnd/3Fk/EzXwilFK4Fk0uIk8AtMSTh0Se1KNEum -/AbUxRG50dq9pyrfYxsjhNmzu92NIR5sR5PyRQRbGDJkIlNEEbh87TBCrYqnKaPU -lev+476zFE/raaum/DL0ANOUQCtX5ftWEK2Xo1s28DEo2DzyJWmYSmr/wnf8wrp7 -lNWA/F25Ag0EWjmEJgEQAPZvzo1nX/F4+9BGE9o0OSPZt/BLkusiyz6fd46k5vj7 -LGPFpjtMxUxbPNhMJi3QVBhtb8yiNugRmE0sWaA7b2COsXT8jaHZ2EBV0XnTr4Tv -hSxNbdXu9fiDRFQ9x3D/LhDvDRgq0lKQw5cRBLCZw4as9Ytxn1WnS8evwhHRMMYL -/lCyviyyj8zczXPmdWLVlMbhD02Yf5DpteSyhjMTvZFJWZiIUupnM1WXppDo4/Id -nr2Sc5awhuFxdrSYFpaB5+hOdsjhDENcm+GY10iUNCqklCP5BZOeDprap7XwMElW -/chdrwovPYn54Sugl9oHjUOfiJLi/e4J+ey86+2sWY0rZvmOViR1w4NldB+GbEQW -/HOyTwo1Og36+7Ci9m2yothSC0wJAb5Bvg2tc1u4AsG2ylaxMFmwX226d2jJlFNl -2crNFaIE/Uuo7YqH8pcm9kVZ+0apLHoxtZFnZF5QzLmcA83YFFWkqjEfmdLobWXX -pZ+jPkHZDEhj21D+6LYCtUjDwnICySLoIawoMpkV+tdRyHuzxdYX1Nkh74mC2A7d -koxMw86CgXP4UHJwCYunN+rUi7oC8oI1isqtMK8MZhcPdlvE721+fpdAdBIo8KVs -RxQJ3vzhTuugZl5w3E8Jt7lC/q6CC6VI7V74fCNJjXiytrcpYg+FYCyfvxJ/4GH/ -ABEBAAGJAjwEGAEKACYWIQRF0IOUbjA1KCs8ypr0NBBCNdqX6wUCWjmEJgIbDAUJ -B4YfgAAKCRD0NBBCNdqX65zoEACdIsOlto5FQtv2Yx/ayYklEsPgrx1IDnudvVUZ -C+vsDoF9aOUBjUvpHjdBWOBnc/ThOw8ARvOcZLT06HNyzvkJNjj05N+hy1hiSY5B -kL+TGCVkE/wUIDf69lt+KEG89EjpRDSTLDw8t05bEiaZ1XKfDmcIXbao38zhI2CD -r+h1eQotY8bGA7hC7knwQv4VRnN8zBgZhQZdapjC8fBoaY00YZ4wBvd4Yz13/HGi -gXssFNd35n+K+mnUaqulLIwjVfN1/luOubTpqCGVtSEVvHiq7XVRR6cSc345vFMa -3AtRtHKQpZutEz08gZqrXXwALom+HWNbPqdHXEE/mZxvpEVMQr325KLKSPQGZSCq -s8AFeYLYf66gn7T50VX5ws9sGANVvq1CHbouSbfc+UJkibeKG4/jSlqUwWNktEEJ -hI+yGJP5xitfA4IGPaipfVHsxP1z37oht6BTj0zUlfEg9YoPmuHEAhxP7CGOatMM -QkRQ7l0W3F05XL1HzynDnKkEigAUlwhq8Z5oO3Vf9b0MJg/V6T2+jzGIcy0PmliX -rR6FQB5SMRaGCrJxSaPeadnSkJOpFM0dRqKDB049IAIbSxz5ZuqCpbB8tH17ezqu -J3b3cDsSI2TOkacnMo01+IUcrgySKwl/4eUHd92FSq/m085HOQnlae4fjjJ/7qDd -/yDo+w== -=padA +mQINBFplA9UBEACjPmClfkcn4YO05KHTyClVseJYVzGGHl+HLZGFPoadk2UKh3DD +UAoNruBMQS4xFd1MNFZfduCntLIoLEzwwHAWMhEB5O9FZZZrlwN2my4xlWdaX/Bg +FGhVsqGGp5C4n81996f1EmWJS+nTXHPQx0LJ5ahai6wuXJUhJwGHRVsJeVMYg9XZ +eJgz73scH4ISFAIRTfH2PqkBqKL51quUN6E/poSA1iggsPa0tg6klb+kUGvvMjGO +JUGg0L0lSwmJWbfbA6usD0ERSXA5h+TeSKTwuxTVYNTUpnVhSwfv5+wYHsoaeAiN +qbqbHw6TpJS5NvyClQLXE45Y1u/COlUvWA7/ThmRfP8LDgNXHQgdgOVv8eh/3Wos +zLfbw+wWFvaRCDZdzWBmUfJrS6K7dsABr6AQf5khqvazRv/Ma8ovNSd1WUUKTAm2 +O1/eOydFLJpNaiyYc+ETbjdD//hKtiSCf6sxER5uE0cKiWhMQeFGgesgzRYjSKCg +Pk4Elux8q61uWqqPNjngFgRYRDuD/4jvTdD4mQqp+ASUYl1eXliKVH9tYJB4tcQ8 +n7+szE+Czh7iSKvCCTV2VHfYASHYT79efDhtrmbB/Q2Vkoyuxl78PHKM0m/6hZze ++G1Cp4R3Ood/pOKlDrQdAWWlwOErZEu4pMSHoLJeuXfdFW7bAmEyKkoFZQARAQAB +tCtNaWNoYWVsIFIgU3dlZXQgPG1pY2hhZWwuci5zd2VldEBnbWFpbC5jb20+iQJU +BBMBCgA+FiEEhFRkZgtoaqs2VAtvmZVZoCeBWVUFAlplA9UCGwMFCQeGH4AFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQmZVZoCeBWVWyeQ//S3hfd0chikcg4m/r +EScY2cFL3WxIAexKcDmFOsKZG85fyJxQYQzaZ5zccXWye6t15Y06W4iglE1WFXGB +b3ZYgUev3iNZYjUHNaEB7GvSdtZ8e0RCbj/p/t2JEzU8c0KtGqbeyFXg3EMkGdad +TRh6y8BatGzAdq2aFbmIW5irfLf4BxUB3NnHs93cfkt7heHIN8S7VNViAK0gXdeL +yukHGG9wE0oRIp2Zln6WSnLFH9bdDFgl6lRa0KEQCgh75MsP+y5V0JMGwOtzV5hE +eH0Lz12xJx0MgHacFOwH1YUiVAPDH0Uk/uVuZRWRAdcU5rBQQN4jg8vJjc+25E2l +HpkoLKYPWWHcCG6yl2mVDjgnnM1hzqkbhftXiI0HrZuidM11sMPj0s1xSer/AOaY +SANNnv5CBxojD6M08KAMKk6HzcLILLdbqEjnWuGI8Yt8rT8YfwQBPZeGzfi/8ZMr +f7vM3wqrx+25kASo3luVw6M6YJmuPTwQrQ2HPI7EHDOuLB/o7B0RpUORVC8pHH/Y +aiRzOJghiLxUgi26d4XwwiXd7m1zatCcl6Or0AdVVhbKthQC33HbBTwW9hYXyeK+ +sssKaFundLPa3me+BqWTy5bSyc3spCWjK8Bsr5BoUV9mTX60UUsTDzI94DOei8+i +05ksTD5du5kk+tq4PWJWgNfUlOa5Ag0EWmUD1QEQANL89kasctOoEuleT0FlqpMh +1JwF1piS3ek1NjFBUBFxIBKoWnftxfaisanSStN5HDqs1mGCRtQ8/HOsSjjDufcM +7JSXe+IX2dKE85FrlNA5QmpFDf7cAkQqM4y/IbEsOI1f79zIKeS7i0l1oXUZ9bRn +dVUcZb52p3tjw1oTfo1QwKWsUq+93ontCsS1aGm5GLmHFJozoBbrk4+XOBNgsmbi +gcRnVopeCE99kdJTJc1YIndLtED3tDhzJJ/kqpQS9iDs6RNDs9FlYF7vlyD1i6yx +94WdE+xHJUdG4mCu0GxqQyCSmbU5A3SHOKSJ4NrNDNn+5e9Oh8WeK3x/Hn0WBVYg +Eyn4EEilHGhhzuFh7US+QX8AM2R21SrfU7rcbUQ+ZFCIhe5p8aT5MsUF8cztBjcu +IDKO9TirI3+OcEFRS0k1vOubXdRdeoxY89Ap9ssVxvGeJJcipmSVrTsxI3oqS/A9 +DNAgIXC0VeZGYfjq6bcFH0+klgJxaY3PuvCspe0XfFQyFMqNvfNFZD5ZAj5DMeOa +wfJMTjw1eHILZLWPYOBXgyIW7RvKrOks+my6+vyFeqNkWKLHxXW7Fu57I0JSlBR+ +Zef+s8hZdAju756e79mk4sMiT/2Pfsty1RBwi5JTF+r8A7p6l+ZqLVa5tr07L+Js +QF8+F2fcwGRuRdZsmYOnABEBAAGJAjwEGAEKACYWIQSEVGRmC2hqqzZUC2+ZlVmg +J4FZVQUCWmUD1QIbDAUJB4YfgAAKCRCZlVmgJ4FZVQiRD/4gf2L4CU+zjviH12FC +DZudGDOw4f6f2Q82Z0J45mtOmVUcoqVo5jzl+H1tR2D0XlV+LG7YpegMS06GvOMl +HG3e+0M5IGwhG/Lv0aq7TA4Hd13ZJaHQvieLXbQzelAE0bbn8QeKSMYrJfGzl0v7 +zZfBQt7L2t06HQKIkfJDAwFRiNs/EbvLHslOq7VDjoEqxFkRsL1Ie3efOb1ZejeS +b5smfaDJ94plO2Goaj1IHrngQhXu4v+PLqSYQgu4lRUmSOg7FAn/JpWHSsDRf1zf +EW/TyM4ctO05vS//mdMI4xR3D0RMvZieUOUUjjFk0xlWcvboroiZrlz7Xb64uvZw +XGA9iJ1j4IlsBmuE7L6Q61i/o7KR4DlLVMoOPYLpMwtVITWf7HDFiww37JaQutoA +eRvO/GLd7X7aDcB6XReGCYSeD1wczDap+fBkKQlNEctHizkIJG2PD0pNz9EUKeTa +xh0csb+548c/DccCSx62siNSi3WnQwvbbDUVNftGHfifa15d350072jb8LP57O20 +GzhdE+0raeg8GqqSeT1MApdInL3BMP+LQxuSpEnEQx9Nsu4bpuSplcTPUot+fNJb +uwg7uetsyqagUI6HSYwbPbmU2ELor+P2LP81Yexwkf/DE215mrIITXnr+dqL5+NG +nNLcOZRqTFo/oxx+IaRhSJ6adg== +=YD80 -----END PGP PUBLIC KEY BLOCK----- - diff --git a/cups.spec b/cups.spec index a6bc503..6b5db38 100644 --- a/cups.spec +++ b/cups.spec @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # +# Disabling tests for now, until gh#155 is fixed +%bcond_without testsuite # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } @@ -23,24 +25,25 @@ Name: cups # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.3.3 +Version: 2.3.3op2 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: http://www.cups.org/ -# To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz -Source0: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz -# To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig -Source1: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig -# To get Source2 go to https://www.cups.org/pgp.html +# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. +# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. +# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig +# To get Source2 go to https://www.msweet.org/pgp.html +# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955 Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring -# gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired' -# gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz +# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired' +# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz @@ -58,8 +61,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch Patch11: cups-2.1.0-default-webcontent-path.patch # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: Patch12: cups-2.1.0-cups-systemd-socket.patch -# Patch42 Let cupsd start after possible network connection (boo#1111351) -Patch42: let-cupsd-start-after-network.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff @@ -75,9 +76,6 @@ Patch101: cups-2.0.3-additional_policies.patch Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch -# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) -# access to uninitialized buffer in ipp.c -Patch105: CVE-2020-10001.patch # Patch106 Fixes web UI Kerberos authentication (bsc#1175960) Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch # Build Requirements: @@ -284,8 +282,6 @@ printer drivers for CUPS. %patch11 -b default-webcontent-path.orig # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: #patch12 -b cups-systemd-socket.orig -# Patch42 Let cupsd start after possible network connection (boo#1111351) -%patch42 -p0 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig @@ -301,9 +297,6 @@ printer drivers for CUPS. %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) -# access to uninitialized buffer in ipp.c -%patch105 -b CVE-2020-10001.orig # Patch106 Fixes web UI Kerberos authentication (bsc#1175960) %patch106 -p1 @@ -365,6 +358,16 @@ export CC=cc localedir=%{_datadir}/locale make %{?_smp_mflags} +%check +%if %{with testsuite} +# there appears to be some kind of race condition when running make check and make test, +# if it fails, we'll print all logs for debugging purposes if either testsuite fails. +echo "DEBUG: running make check" +bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -gt 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' +echo "DEBUG: running make test" +bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -gt 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' +%endif + %install make BUILDROOT=%{buildroot} install # Make directory for ssl files: @@ -401,13 +404,6 @@ rm -rf %{buildroot}%{_datadir}/icons # because if upstream changed it 'sed' would silently no longer change the files: grep -q '^# Configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default sed -i -e 's/^# Configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default -# Install the systemd control files: -mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path -mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service -mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket -mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket -mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service -sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service # rcbla aliases: ln -s service %{buildroot}%{_sbindir}/rccups ln -s service %{buildroot}%{_sbindir}/rccups-lpd diff --git a/let-cupsd-start-after-network.patch b/let-cupsd-start-after-network.patch deleted file mode 100644 index 3aae017..0000000 --- a/let-cupsd-start-after-network.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Werner Fink -Date: Thu, 18 Oct 2018 05:32:42 +0000 -Subject: Let cupsd start after possible network connection - -For remote printer and printer servers, let cupsd always -start after a possible network connection. This let cupsd -also stop before a used network connection goes down, hence -the cups does not lock due waiting on remote printers. - ---- - scheduler/org.cups.cupsd.service.in | 1 + - 1 file changed, 1 insertion(+) - ---- scheduler/org.cups.cupsd.service.in -+++ scheduler/org.cups.cupsd.service.in 2018-10-18 05:16:30.867333704 +0000 -@@ -1,7 +1,7 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) --After=sssd.service -+After=sssd.service network.target - - [Service] - ExecStart=@sbindir@/cupsd -l