Accepting request 843399 from Printing

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/843399
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=151

cups-2.3.3-source.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee
+size 8140741

cups-2.3b6-source.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8e2f5acecb4fb71c46d5a4fecbd5d78ce7d9e7be9920d38d344ee414065061b7
-size 10240934

cups-config-libs.patch

@@ -1,10 +1,10 @@
 --- cups-config.in.orig	2011-08-27 11:23:01.000000000 +0200
 +++ cups-config.in	2012-11-27 15:47:27.000000000 +0100
 @@ -35,7 +35,7 @@ INSTALLSTATIC=@INSTALLSTATIC@
- # flags for C++ compiler:
+ # flags for compiler and linker...
  CFLAGS=""
  LDFLAGS="@EXPORT_LDFLAGS@"
--LIBS="@LIBGSSAPI@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
+-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
 +LIBS=""
  
  # Check for local invocation...

cups.changes

@@ -1,3 +1,157 @@
+-------------------------------------------------------------------
+Wed Oct 14 09:11:00 UTC 2020 - Michael Gorse <mgorse@suse.com>
+
+- Version upgrade to 2.3.3:
+  - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+    constraint.  `ppdcSource::get_resolution` function did not
+    handle invalid resolution strings.
+  - CVE-2019-8842: The `ippReadIO` function may under-read an
+    extension field.
+  - Fixed WARNING_OPTIONS support for GCC 9.x
+  Changes in CUPS 2.3.2:
+  Localization updates
+  Changes in CUPS 2.3.1:
+  - CVE-2019-2228: The `ippSetValuetag` function did not validate
+    the default language value.
+  - Fixed a crash bug in the web interface.
+  - The PPD cache code now looks up page sizes using their
+    dimensions.
+  - PPD files containing "custom" option keywords did not work.
+  - Added a workaround for the scheduler's systemd support.
+  - Added a DigestOptions directive for the `client.conf` file to
+    control whether MD5-based Digest authentication is allowed.
+  - Fixed a bug in the handling of printer resource files.
+  - The libusb-based USB backend now reports an error when the
+    distribution permissions are wrong.
+  - Added paint can labels to Dymo driver.
+  - The `ippeveprinter` program now supports authentication.
+  - The `ippeveprinter` program now advertises DNS-SD services on
+    the correct interfaces, and provides a way to turn them off.
+  - The `--with-dbusdir` option was ignored by the configure
+    script.
+  - Sandboxed applications were not able to get the default
+    printer.
+  - Log file access controls were not preserved by `cupsctl`.
+  - Default printers set with `lpoptions` did not work in all
+    cases.
+  - Fixed an error in the jobs web interface template.
+  - Fixed an off-by-one error in `ippEnumString`.
+  - Fixed some new compiler warnings.
+  - Fixed a few issues with the Apple Raster support.
+  - The IPP backend did not detect all cases where a job should be
+    retried using a raster format.
+  - Fixed spelling of "fold-accordion".
+  - Fixed the default common name for TLS certificates used by
+    `ippeveprinter`.
+  - Fixed the option names used for IPP Everywhere finishing
+    options.
+  - Added support for the second roll of the DYMO Twin/DUO label
+    printers.
+  Changes in CUPS v2.3.0:
+  - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
+  - Added a GPL2/LGPL2 exception to the new CUPS license terms.
+  - Fixed a bug in the scheduler job cleanup code.
+  - Fixed builds when there is no TLS library.
+  - "make" failed with GZIP options.
+  - Fixed potential excess logging from the scheduler when removing
+    job files.
+  - Fixed a NULL pointer dereference bug in `httpGetSubField2`.
+  - Added FIPS-140 workarounds for GNU TLS.
+  - The scheduler no longer provides a default value for the
+     description.
+  - The scheduler now logs jobs held for authentication using the
+    error level so it is clear what happened.
+  - The `lpadmin` command did not always update the PPD file for
+    changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords.
+  - The scheduler now uses both the group's membership list as well
+    as the various OS-specific membership functions to determine
+    whether a user belongs to a named group.
+  - Added USB quirks rule for HP LaserJet 1015.
+  - Fixed some PPD parser issues.
+  - The IPP parser no longer allows invalid member attributes in
+    collections.
+  - The configure script now treats the "wheel" group as a
+    potential system group.
+  - Fixed IPP buffer overflow.
+  - Fixed memory disclosure issue in the scheduler.
+  - Fixed DoS issues in the scheduler.
+  - Fixed an issue with unsupported "sides" values in the IPP
+    backend.
+  - The scheduler would restart continuously when idle and printers
+    were not shared.
+  - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests.
+  - Fixed a command ordering issue in the Zebra ZPL driver.
+  - Fixed a memory leak in `ppdOpen`.
+  Changes in CUPS v2.3rc1:
+  - The `cups-config` script no longer adds extra libraries when linking against
+    shared libraries.
+  - The supplied example print documents have been optimized for
+    size.
+  - The `cupsctl` command now prevents setting "cups-files.conf"
+    directives.
+  - The "forbidden" message in the web interface is now explained.
+  - The footer in the web interface covered some content on small
+    displays.
+  - The libusb-based USB backend now enforces read limits,
+    improving print speed in many cases.
+  - The `ippeveprinter` command now looks for print commands in
+    the "command" subdirectory.
+  - The `ipptool` command now supports `$date-current` and
+    `$date-start` variables to insert the current and starting date
+    and time values, as well as ISO-8601 relative time values such
+    as "PT30S" for 30 seconds in the future.
+  Changes in CUPS v2.3b8
+  - Media size matching now uses a tolerance of 0.5mm.
+  - The lpadmin command would hang with a bad PPD file.
+  - Fixed a potential crash bug in cups-driverd.
+  - Fixed a performance regression with large PPDs.
+  - Fixed a memory reallocation bug in HTTP header value expansion.
+  - Timed out job submission now yields an error.
+  - Restored minimal support for the `Emulators` keyword in PPD
+    files to allow old Samsung printer drivers to continue to work.
+  - The scheduler did not encode octetString values like
+    "job-password" correctly for the print filters.
+  - The `cupsCheckDestSupported` function did not check octetString
+    values correctly.
+  - Added support for `UserAgentTokens` directive in "client.conf".
+  - Updated the systemd service file for cupsd.
+  - The `ippValidateAttribute` function did not catch all instances
+    of invalid UTF-8 strings.
+  - Fixed an issue with the self-signed certificates generated by
+    GNU TLS.
+  - Fixed a potential memory leak when reading at the end of a
+    file.
+  - Fixed potential unaligned accesses in the string pool.
+  - Fixed a potential memory leak when loading a PPD file.
+  - Added a USB quirks rule for the Lexmark E120n.
+  - Updated the USB quirks rule for Zebra label printers.
+  - The lpadmin command, web interface, and scheduler all queried
+    an IPP Everywhere printer differently, resulting in different
+    PPDs for the same printer.
+  - The web interface no longer provides access to the log files.
+  - Non-Kerberized printing to Windows via IPP was broken.
+  - The scheduler no longer stops a printer if an error occurs when
+    a job is canceled or aborted.
+  - Added a USB quirks rule for the DYMO 450 Turbo.
+  - Added a USB quirks rule for Xerox printers.
+  - The scheduler's self-signed certificate did not include all of
+    the alternate names for the server when using GNU TLS.
+  - Fixed some PPD caching and IPP Everywhere PPD
+    accounting/password bugs.
+  - Fixed `PreserveJobHistory` bug with time values.
+  - The scheduler no longer advertises the HTTP methods it
+    supports.
+  - The scheduler did not always idle exit as quickly as it could.
+  - Added a new `ippeveprinter` command based on the old ippserver
+    sample code.
+  Changes in CUPS v2.3b7
+  - Running ppdmerge with the same input and output filenames did
+    not work as advertised.
+  - Rebase let-cupsd-start-after-network.patch and
+    cups-config-libs.patch.
+  - Drop issue5509-fix-utf-8-validation-issue.patch and
+    issue5453.patch: fixed upstream.
+
 -------------------------------------------------------------------
 Thu Jun 25 12:24:13 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
 

cups.spec

@@ -23,24 +23,24 @@ Name:           cups
 # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
 # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
 # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
-Version:        2.3b6
+Version:        2.3.3
 Release:        0
 Summary:        The Common UNIX Printing System
 License:        Apache-2.0
 Group:          Hardware/Printing
 URL:            http://www.cups.org/
 # To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3b6-source.tar.gz https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz
-Source0:        https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz
+# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
+Source0:        https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
 # To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3b6-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz.sig
-Source1:        https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz.sig
+# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
+Source1:        https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
 # To get Source2 go to https://www.cups.org/pgp.html
 Source2:        cups.keyring
 # To manually verify Source0 with Source1 and Source2 do e.g.
 #   gpg --import cups.keyring
 #   gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired'
-#   gpg --verify cups-2.3b6-source.tar.gz.sig cups-2.3b6-source.tar.gz
+#   gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz
 Source102:      Postscript.ppd.gz
 Source105:      Postscript-level1.ppd.gz
 Source106:      Postscript-level2.ppd.gz
@@ -60,8 +60,6 @@ Patch11:        cups-2.1.0-default-webcontent-path.patch
 Patch12:        cups-2.1.0-cups-systemd-socket.patch
 # Patch42 Let cupsd start after possible network connection (boo#1111351)
 Patch42:        let-cupsd-start-after-network.patch
-# Patch43 Fix UTF-8 validation issue (bsc#1118118, Issue #5509)
-Patch43:        issue5509-fix-utf-8-validation-issue.patch
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 Patch100:       cups-pam.diff
@@ -77,8 +75,6 @@ Patch101:       cups-2.0.3-additional_policies.patch
 Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 Patch104:       cups-config-libs.patch
-# Patch105 issue5453.patch fixes https://github.com/apple/cups/issues/5453
-Patch105:       issue5453.patch
 # Build Requirements:
 BuildRequires:  dbus-1-devel
 BuildRequires:  fdupes
@@ -285,7 +281,6 @@ printer drivers for CUPS.
 #patch12 -b cups-systemd-socket.orig
 # Patch42 Let cupsd start after possible network connection (boo#1111351)
 %patch42 -p0
-%patch43 -p1
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 %patch100 -b cups-pam.orig
@@ -301,8 +296,6 @@ printer drivers for CUPS.
 %patch103 -b do_not_strip_recommended_from_PPDs.orig
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 %patch104 -b cups-config-libs.orig
-# Patch105 issue5453.patch fixes https://github.com/apple/cups/issues/5453
-%patch105 -b issue5453.orig
 
 %build
 # Remove ".SILENT" rule for verbose build output
@@ -542,6 +535,9 @@ exit 0
 /usr/lib/cups/cgi-bin/help.cgi
 /usr/lib/cups/cgi-bin/jobs.cgi
 /usr/lib/cups/cgi-bin/printers.cgi
+%dir /usr/lib/cups/command
+/usr/lib/cups/command/ippevepcl
+/usr/lib/cups/command/ippeveps
 %dir /usr/lib/cups/daemon
 /usr/lib/cups/daemon/cups-deviced
 /usr/lib/cups/daemon/cups-driverd
@@ -567,6 +563,7 @@ exit 0
 %doc %{_defaultdocdir}/cups
 %doc %{_mandir}/man1/cups.1.gz
 %doc %{_mandir}/man1/cupstestppd.1.gz
+%doc %{_mandir}/man1/ippeveprinter.1.gz
 %doc %{_mandir}/man5/classes.conf.5.gz
 %doc %{_mandir}/man5/client.conf.5.gz
 %doc %{_mandir}/man5/cups-snmp.conf.5.gz
@@ -580,6 +577,8 @@ exit 0
 %doc %{_mandir}/man5/subscriptions.conf.5.gz
 %doc %{_mandir}/man7/backend.7.gz
 %doc %{_mandir}/man7/filter.7.gz
+%doc %{_mandir}/man7/ippevepcl.7.gz
+%doc %{_mandir}/man7/ippeveps.7.gz
 %doc %{_mandir}/man7/notifier.7.gz
 %doc %{_mandir}/man8/cups-deviced.8.gz
 %doc %{_mandir}/man8/cups-driverd.8.gz
@@ -596,6 +595,7 @@ exit 0
 %files client
 %defattr(-,root,root)
 %{_bindir}/cancel
+%{_bindir}/ippeveprinter
 %{_bindir}/ippfind
 %{_bindir}/ipptool
 %{_bindir}/lp
@@ -604,7 +604,6 @@ exit 0
 %{_bindir}/lpr
 %{_bindir}/lprm
 %{_bindir}/lpstat
-%{_sbindir}/accept
 %{_sbindir}/cupsaccept
 %{_sbindir}/cupsdisable
 %{_sbindir}/cupsenable
@@ -613,7 +612,6 @@ exit 0
 %{_sbindir}/lpc
 %{_sbindir}/lpinfo
 %{_sbindir}/lpmove
-%{_sbindir}/reject
 %doc %{_mandir}/man1/cancel.1.gz
 %doc %{_mandir}/man1/ippfind.1.gz
 %doc %{_mandir}/man1/ipptool.1.gz
@@ -624,7 +622,6 @@ exit 0
 %doc %{_mandir}/man1/lprm.1.gz
 %doc %{_mandir}/man1/lpstat.1.gz
 %doc %{_mandir}/man5/ipptoolfile.5.gz
-%doc %{_mandir}/man8/accept.8.gz
 %doc %{_mandir}/man8/cupsaccept.8.gz
 %doc %{_mandir}/man8/cupsdisable.8.gz
 %doc %{_mandir}/man8/cupsenable.8.gz
@@ -633,7 +630,6 @@ exit 0
 %doc %{_mandir}/man8/lpc.8.gz
 %doc %{_mandir}/man8/lpinfo.8.gz
 %doc %{_mandir}/man8/lpmove.8.gz
-%doc %{_mandir}/man8/reject.8.gz
 
 %files devel
 %defattr(-,root,root)

issue5453.patch

@@ -1,11 +0,0 @@
---- scheduler/main.c.orig	2018-12-07 20:40:21.000000000 +0100
-+++ scheduler/main.c	2018-12-10 11:07:27.000000000 +0100
-@@ -155,7 +155,7 @@ main(int  argc,				/* I - Number of comm
-   for (i = 1; i < argc; i ++)
-   {
-     if (!strcmp(argv[i], "--help"))
--      usage();
-+      usage(0);
-     else if (argv[i][0] == '-')
-     {
-       for (opt = argv[i] + 1; *opt != '\0'; opt ++)

issue5509-fix-utf-8-validation-issue.patch

@@ -1,84 +0,0 @@
-Index: cups-2.3b6/cups/ipp.c
-===================================================================
---- cups-2.3b6.orig/cups/ipp.c
-+++ cups-2.3b6/cups/ipp.c
-@@ -4909,30 +4909,24 @@ ippValidateAttribute(
- 	  {
- 	    if ((*ptr & 0xe0) == 0xc0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr ++;
- 	    }
- 	    else if ((*ptr & 0xf0) == 0xe0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80 || (ptr[2] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr += 2;
- 	    }
- 	    else if ((*ptr & 0xf8) == 0xf0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80 || (ptr[2] & 0xc0) != 0x80 || (ptr[3] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr += 3;
- 	    }
- 	    else if (*ptr & 0x80)
- 	      break;
-@@ -4970,30 +4964,24 @@ ippValidateAttribute(
- 	  {
- 	    if ((*ptr & 0xe0) == 0xc0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr ++;
- 	    }
- 	    else if ((*ptr & 0xf0) == 0xe0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80 || (ptr[2] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr += 2;
- 	    }
- 	    else if ((*ptr & 0xf8) == 0xf0)
- 	    {
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
--	        break;
--	      ptr ++;
--	      if ((*ptr & 0xc0) != 0x80)
-+	      if ((ptr[1] & 0xc0) != 0x80 || (ptr[2] & 0xc0) != 0x80 || (ptr[3] & 0xc0) != 0x80)
- 	        break;
-+
-+	      ptr += 3;
- 	    }
- 	    else if (*ptr & 0x80)
- 	      break;

let-cupsd-start-after-network.patch

@@ -13,11 +13,12 @@ the cups does not lock due waiting on remote printers.
 
 --- scheduler/org.cups.cupsd.service.in
 +++ scheduler/org.cups.cupsd.service.in	2018-10-18 05:16:30.867333704 +0000
-@@ -1,6 +1,7 @@
+@@ -1,7 +1,7 @@
  [Unit]
  Description=CUPS Scheduler
  Documentation=man:cupsd(8)
-+After=network.target
+-After=sssd.service
++After=sssd.service network.target
  
  [Service]
  ExecStart=@sbindir@/cupsd -l