diff --git a/PSLEVEL1.PPD.bz2 b/PSLEVEL1.PPD.bz2 deleted file mode 100644 index 3ac30c7..0000000 --- a/PSLEVEL1.PPD.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:39b8fdf82b711bff408ddc05ee8777a2064b2d6656c8713bf46d302c737a4ade -size 3026 diff --git a/PSLEVEL2.PPD.bz2 b/PSLEVEL2.PPD.bz2 deleted file mode 100644 index 20ba95d..0000000 --- a/PSLEVEL2.PPD.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cd01bc308c1c6132d47aa2f33c8011879cbdbea676a9cf95c1c7b229a4601be9 -size 3019 diff --git a/Postscript-level1.ppd.gz b/Postscript-level1.ppd.gz new file mode 100644 index 0000000..8599ad6 --- /dev/null +++ b/Postscript-level1.ppd.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0539b06d1145c921e1a9ced5daee1cd48f16a744dabd421a2d5c8537932f8f3b +size 2859 diff --git a/Postscript-level2.ppd.gz b/Postscript-level2.ppd.gz new file mode 100644 index 0000000..8612c97 --- /dev/null +++ b/Postscript-level2.ppd.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e7b31c41849aef0069da568cc4ad4fd142482c5e94556725feecc83817885f9 +size 2863 diff --git a/Postscript.ppd.gz b/Postscript.ppd.gz new file mode 100644 index 0000000..339be23 --- /dev/null +++ b/Postscript.ppd.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b6937a68c58b7d453737deee3d453e25b77a32c5ebf31682acf25b517066a333 +size 1762 diff --git a/cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch b/cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch deleted file mode 100644 index 974b9b7..0000000 --- a/cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch +++ /dev/null @@ -1,519 +0,0 @@ ---- config.h.in.orig -+++ config.h.in -@@ -496,6 +496,13 @@ - - - /* -+ * Do we have systemd support? -+ */ -+ -+#undef HAVE_SYSTEMD -+ -+ -+/* - * Various scripting languages... - */ - ---- /dev/null -+++ config-scripts/cups-systemd.m4 -@@ -0,0 +1,36 @@ -+dnl -+dnl "$Id$" -+dnl -+dnl systemd stuff for CUPS. -+ -+dnl Find whether systemd is available -+ -+SDLIBS="" -+AC_ARG_WITH([systemdsystemunitdir], -+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), -+ [], [with_systemdsystemunitdir=$($PKGCONFIG --variable=systemdsystemunitdir systemd)]) -+if test "x$with_systemdsystemunitdir" != xno; then -+ AC_MSG_CHECKING(for libsystemd-daemon) -+ if $PKGCONFIG --exists libsystemd-daemon; then -+ AC_MSG_RESULT(yes) -+ SDCFLAGS=`$PKGCONFIG --cflags libsystemd-daemon` -+ SDLIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) -+ AC_DEFINE(HAVE_SYSTEMD) -+ else -+ AC_MSG_RESULT(no) -+ fi -+fi -+ -+if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ; then -+ SYSTEMD_UNITS="cups.service cups.socket cups.path" -+else -+ SYSTEMD_UNITS="" -+fi -+ -+AC_SUBST(SYSTEMD_UNITS) -+AC_SUBST(SDLIBS) -+ -+dnl -+dnl "$Id$" -+dnl ---- configure.in.orig -+++ configure.in -@@ -37,6 +37,7 @@ sinclude(config-scripts/cups-pam.m4) - sinclude(config-scripts/cups-largefile.m4) - sinclude(config-scripts/cups-dnssd.m4) - sinclude(config-scripts/cups-launchd.m4) -+sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-pdf.m4) - sinclude(config-scripts/cups-scripting.m4) -@@ -71,6 +72,9 @@ AC_OUTPUT(Makedefs - conf/snmp.conf - cups-config - data/testprint -+ data/cups.service -+ data/cups.socket -+ data/cups.path - desktop/cups.desktop - doc/help/ref-cupsd-conf.html - doc/help/standard.html ---- cups/usersys.c.orig -+++ cups/usersys.c -@@ -750,7 +750,7 @@ cups_read_client_conf( - struct stat sockinfo; /* Domain socket information */ - - if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && -- (sockinfo.st_mode & S_IRWXO) == S_IRWXO) -+ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH)) - cups_server = CUPS_DEFAULT_DOMAINSOCKET; - else - #endif /* CUPS_DEFAULT_DOMAINSOCKET */ ---- /dev/null -+++ data/cups.path.in -@@ -0,0 +1,8 @@ -+[Unit] -+Description=CUPS Printer Service Spool -+ -+[Path] -+PathExistsGlob=@CUPS_REQUESTS@/d* -+ -+[Install] -+WantedBy=multi-user.target ---- /dev/null -+++ data/cups.service.in -@@ -0,0 +1,9 @@ -+[Unit] -+Description=CUPS Printing Service -+ -+[Service] -+ExecStart=@sbindir@/cupsd -f -+ -+[Install] -+Also=cups.socket cups.path -+WantedBy=printer.target ---- /dev/null -+++ data/cups.socket.in -@@ -0,0 +1,11 @@ -+[Unit] -+Description=CUPS Printing Service Sockets -+ -+[Socket] -+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -+ListenStream=631 -+ListenDatagram=0.0.0.0:631 -+BindIPv6Only=ipv6-only -+ -+[Install] -+WantedBy=sockets.target ---- data/Makefile.orig -+++ data/Makefile -@@ -112,6 +112,12 @@ install-data: - $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ - done - $(INSTALL_DIR) -m 755 $(DATADIR)/profiles -+ if test "x$(SYSTEMD_UNITS)" != "x" ; then \ -+ $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \ -+ for file in $(SYSTEMD_UNITS); do \ -+ $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \ -+ done; \ -+ fi - - - # -@@ -159,6 +165,9 @@ uninstall: - -$(RMDIR) $(DATADIR)/charsets - -$(RMDIR) $(DATADIR)/banners - -$(RMDIR) $(DATADIR) -+ for file in $(SYSTEMD_UNITS); do \ -+ $(RM) $(SYSTEMDUNITDIR)/$$file; \ -+ done - - - # ---- Makedefs.in.orig -+++ Makedefs.in -@@ -143,6 +143,7 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ - CXXLIBS = @CXXLIBS@ - DBUS_NOTIFIER = @DBUS_NOTIFIER@ - DBUS_NOTIFIERLIBS = @DBUS_NOTIFIERLIBS@ -+SYSTEMD_UNITS = @SYSTEMD_UNITS@ - DNSSD_BACKEND = @DNSSD_BACKEND@ - DSOFLAGS = -L../cups @DSOFLAGS@ - DSOLIBS = @DSOLIBS@ $(COMMONLIBS) -@@ -151,6 +152,7 @@ FONTS = @FONTS@ - IMGLIBS = @IMGLIBS@ - IMGFILTERS = @IMGFILTERS@ - LAUNCHDLIBS = @LAUNCHDLIBS@ -+SDLIBS = @SDLIBS@ - LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \ - -L../scheduler @LDARCHFLAGS@ \ - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) -@@ -267,6 +269,7 @@ PAMFILE = @PAMFILE@ - - DEFAULT_LAUNCHD_CONF = @DEFAULT_LAUNCHD_CONF@ - DBUSDIR = @DBUSDIR@ -+SYSTEMDUNITDIR = $(BUILDROOT)@systemdsystemunitdir@ - - - # ---- scheduler/client.h.orig -+++ scheduler/client.h -@@ -75,6 +75,9 @@ typedef struct - int fd; /* File descriptor for this server */ - http_addr_t address; /* Bind address of socket */ - http_encryption_t encryption; /* To encrypt or not to encrypt... */ -+#ifdef HAVE_SYSTEMD -+ int is_systemd; /* Is this a systemd socket? */ -+#endif /* HAVE_SYSTEMD */ - } cupsd_listener_t; - - ---- scheduler/dirsvc.c.orig -+++ scheduler/dirsvc.c -@@ -1457,7 +1457,7 @@ cupsdStartBrowsing(void) - } - } - -- if (BrowseSocket >= 0) -+ if (BrowseSocket >= 0 && !BrowseSocketIsSystemd) - { - /* - * Bind the socket to browse port... -@@ -1501,13 +1501,17 @@ cupsdStartBrowsing(void) - cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.", - strerror(errno)); - -+ if (!BrowseSocketIsSystemd) -+ { - #ifdef WIN32 -- closesocket(BrowseSocket); -+ closesocket(BrowseSocket); - #else -- close(BrowseSocket); -+ close(BrowseSocket); - #endif /* WIN32 */ - -- BrowseSocket = -1; -+ BrowseSocket = -1; -+ } -+ - BrowseLocalProtocols &= ~BROWSE_CUPS; - BrowseRemoteProtocols &= ~BROWSE_CUPS; - -@@ -1820,15 +1824,22 @@ cupsdStopBrowsing(void) - if (((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS) && - BrowseSocket >= 0) - { -- /* -- * Close the socket and remove it from the input selection set. -- */ -+ if (!BrowseSocketIsSystemd) -+ { -+ /* -+ * Close the socket. -+ */ - - #ifdef WIN32 -- closesocket(BrowseSocket); -+ closesocket(BrowseSocket); - #else -- close(BrowseSocket); -+ close(BrowseSocket); - #endif /* WIN32 */ -+ } -+ -+ /* -+ * Remove it from the input selection set. -+ */ - - cupsdRemoveSelect(BrowseSocket); - BrowseSocket = -1; -@@ -5146,11 +5157,14 @@ update_cups_browse(void) - strerror(errno)); - cupsdLogMessage(CUPSD_LOG_ERROR, "CUPS browsing turned off."); - -+ if (!BrowseSocketIsSystemd) -+ { - #ifdef WIN32 -- closesocket(BrowseSocket); -+ closesocket(BrowseSocket); - #else -- close(BrowseSocket); -+ close(BrowseSocket); - #endif /* WIN32 */ -+ } - - cupsdRemoveSelect(BrowseSocket); - BrowseSocket = -1; ---- scheduler/dirsvc.h.orig -+++ scheduler/dirsvc.h -@@ -96,6 +96,8 @@ VAR int Browsing VALUE(TRUE), - /* Short names for remote printers? */ - BrowseSocket VALUE(-1), - /* Socket for browsing */ -+ BrowseSocketIsSystemd VALUE(0), -+ /* BrowseSocket is systemd-provided? */ - BrowsePort VALUE(IPP_PORT), - /* Port number for broadcasts */ - BrowseInterval VALUE(DEFAULT_INTERVAL), ---- scheduler/listen.c.orig -+++ scheduler/listen.c -@@ -401,7 +401,11 @@ cupsdStopListening(void) - lis; - lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) - { -- if (lis->fd != -1) -+ if (lis->fd != -1 -+#ifdef HAVE_SYSTEMD -+ && !lis->is_systemd -+#endif /* HAVE_SYSTEMD */ -+ ) - { - #ifdef WIN32 - closesocket(lis->fd); ---- scheduler/main.c.orig -+++ scheduler/main.c -@@ -26,6 +26,8 @@ - * launchd_checkin() - Check-in with launchd and collect the listening - * fds. - * launchd_checkout() - Update the launchd KeepAlive file as needed. -+ * systemd_checkin() - Check-in with systemd and collect the -+ * listening fds. - * parent_handler() - Catch USR1/CHLD signals... - * process_children() - Process all dead children... - * select_timeout() - Calculate the select timeout value. -@@ -62,6 +64,10 @@ - # endif /* !LAUNCH_JOBKEY_SERVICEIPC */ - #endif /* HAVE_LAUNCH_H */ - -+#ifdef HAVE_SYSTEMD -+#include -+#endif /* HAVE_SYSTEMD */ -+ - #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) - # include - #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ -@@ -78,6 +84,9 @@ - static void launchd_checkin(void); - static void launchd_checkout(void); - #endif /* HAVE_LAUNCHD */ -+#ifdef HAVE_SYSTEMD -+static void systemd_checkin(void); -+#endif /* HAVE_SYSTEMD */ - static void parent_handler(int sig); - static void process_children(void); - static void sigchld_handler(int sig); -@@ -519,6 +528,13 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file descriptors... -+ */ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -730,6 +746,15 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file -+ * descriptors... -+ */ -+ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -1535,6 +1560,147 @@ launchd_checkout(void) - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+static void -+systemd_checkin(void) -+{ -+ int n, fd; -+ -+ n = sd_listen_fds(0); -+ if (n < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Failed to acquire sockets from systemd - %s", -+ strerror(-n)); -+ exit(EXIT_FAILURE); -+ return; -+ } -+ -+ if (n == 0) -+ return; -+ -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) -+ { -+ http_addr_t addr; -+ socklen_t addrlen = sizeof (addr); -+ int r; -+ cupsd_listener_t *lis; -+ char s[256]; -+ -+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); -+ if (r < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to verify socket type - %s", -+ strerror(-r)); -+ continue; -+ } -+ -+ if (!r) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Browsing=%d", Browsing); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "BrowseLocalProtocols=%x", BrowseLocalProtocols); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "BrowseRemoteProtocols=%x", BrowseRemoteProtocols); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "BROWSE_CUPS=%x", BROWSE_CUPS); -+ if (Browsing && -+ ((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS)) -+ { -+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, 0); -+ if (r < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to verify socket type - %s", -+ strerror(-r)); -+ continue; -+ } -+ -+ if (r) -+ { -+ /* -+ * This is the browse socket. -+ */ -+ -+ char addrstr[256]; -+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to get local address - %s", -+ strerror(errno)); -+ continue; -+ } -+ -+ httpAddrString (&addr, addrstr, sizeof (addrstr)); -+ BrowseSocket = fd; -+ BrowseSocketIsSystemd = 1; -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Matched browse (port %d) with fd %d:%s...", -+ BrowsePort, fd, addrstr); -+ continue; -+ } -+ -+ } -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Socket not of the right type"); -+ continue; -+ } -+ -+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to get local address - %s", -+ strerror(errno)); -+ continue; -+ } -+ -+ /* -+ * Try to match the systemd socket address to one of the listeners... -+ */ -+ -+ for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); -+ lis; -+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) -+ if (httpAddrEqual(&lis->address, &addr)) -+ break; -+ -+ if (lis) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Matched existing listener %s with fd %d...", -+ httpAddrString(&(lis->address), s, sizeof(s)), fd); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Adding new listener %s with fd %d...", -+ httpAddrString(&addr, s, sizeof(s)), fd); -+ -+ if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to allocate listener - " -+ "%s.", strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+ cupsArrayAdd(Listeners, lis); -+ -+ memcpy(&lis->address, &addr, sizeof(lis->address)); -+ } -+ -+ lis->fd = fd; -+ lis->is_systemd = 1; -+ -+# ifdef HAVE_SSL -+ if (_httpAddrPort(&(lis->address)) == 443) -+ lis->encryption = HTTP_ENCRYPT_ALWAYS; -+# endif /* HAVE_SSL */ -+ } -+} -+#endif /* HAVE_SYSTEMD */ - - /* - * 'parent_handler()' - Catch USR1/CHLD signals... ---- scheduler/Makefile.orig -+++ scheduler/Makefile -@@ -379,7 +379,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu - $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \ -- $(LIBGSSAPI) $(LIBWRAP) -+ $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS) - - cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) - echo Linking $@... -@@ -387,7 +387,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \ - $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ -- $(LIBWRAP) -+ $(LIBWRAP) $(SDLIBS) - - - # diff --git a/cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch b/cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch deleted file mode 100644 index 273016a..0000000 --- a/cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- data/cups.socket.in.orig 2014-01-08 15:31:12.000000000 +0100 -+++ data/cups.socket.in 2014-01-08 15:33:07.000000000 +0100 -@@ -3,8 +3,10 @@ Description=CUPS Printing Service Socket - - [Socket] - ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ --ListenStream=631 --ListenDatagram=0.0.0.0:631 -+ListenStream=127.0.0.1:631 -+ListenStream=[::1]:631 -+ListenDatagram=127.0.0.1:631 -+ListenDatagram=[::1]:631 - BindIPv6Only=ipv6-only - - [Install] diff --git a/cups-0003-systemd-secure-cups.service-unit-file.patch b/cups-0003-systemd-secure-cups.service-unit-file.patch deleted file mode 100644 index d860ef5..0000000 --- a/cups-0003-systemd-secure-cups.service-unit-file.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- data/cups.service.in.orig 2014-01-29 13:57:17.000000000 +0100 -+++ data/cups.service.in 2014-01-29 14:14:54.000000000 +0100 -@@ -1,10 +1,10 @@ - [Unit] - Description=CUPS Printing Service -+After=network.target - - [Service] - ExecStart=@sbindir@/cupsd -f - - [Install] --Alias=cupsd.service --Also=cups.socket cups.path --WantedBy=printer.target -+WantedBy=multi-user.target -+ diff --git a/cups-1.3.6-access_conf.patch b/cups-1.3.6-access_conf.patch deleted file mode 100644 index f63465f..0000000 --- a/cups-1.3.6-access_conf.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- cups-1.3.6/conf/cupsd.conf.in.orig 2008-02-28 20:08:52.000000000 +0100 -+++ cups-1.3.6/conf/cupsd.conf.in 2008-02-28 20:13:47.000000000 +0100 -@@ -29,6 +29,7 @@ - # Restrict access to the server... - - Order allow,deny -+ Allow 127.0.0.2 - - - # Restrict access to the admin pages... diff --git a/cups-1.3.9-desktop_file.patch b/cups-1.3.9-desktop_file.patch index fd6ac88..d34ac82 100644 --- a/cups-1.3.9-desktop_file.patch +++ b/cups-1.3.9-desktop_file.patch @@ -6,7 +6,7 @@ Index: desktop/cups.desktop.in [Desktop Entry] -Categories=System;Printing;HardwareSettings;X-Red-Hat-Base; -Exec=@CUPS_HTMLVIEW@ http://localhost:631/ -+Categories=Settings;Printing;HardwareSettings; ++Categories=System;Printing;Settings;HardwareSettings; +Exec=desktop-launch http://localhost:631/ +NotShowIn=GNOME; Icon=cups diff --git a/cups-1.5.4-CVE-2012-5519.patch b/cups-1.5.4-CVE-2012-5519.patch deleted file mode 100644 index 937480f..0000000 --- a/cups-1.5.4-CVE-2012-5519.patch +++ /dev/null @@ -1,408 +0,0 @@ ---- doc/help/ref-cupsd-conf.html.in.orig 2012-01-30 22:40:21.000000000 +0100 -+++ doc/help/ref-cupsd-conf.html.in 2014-02-05 14:13:23.000000000 +0100 -@@ -917,6 +917,28 @@ ConfigFilePerm 0640 - - - -+

ConfigurationChangeRestriction

-+ -+

Examples

-+ -+
-+ConfigurationChangeRestriction all
-+ConfigurationChangeRestriction root-only
-+ConfigurationChangeRestriction none
-+
-+ -+

Description

-+ -+

The ConfigurationChangeRestriction directive specifies -+the degree of restriction for changes to cupsd.conf. Keywords dealing -+with filenames, paths, and users are security-sensitive. Changes to -+them via HTTP are forbidden by default (all). The value -+none removes any restriction altogether (note that this -+is unsafe). The value root-only allows only users -+authorised as user "root" to adjust security-sensitive configuration -+settings, but note that users adjusting settings using polkit (via -+cups-pk-helper) are authenticated as user "root".

-+ - -

DataDir

- ---- man/cupsctl.man.orig 2011-01-11 04:04:04.000000000 +0100 -+++ man/cupsctl.man 2014-02-05 14:15:23.000000000 +0100 -@@ -90,7 +90,8 @@ Disable printer sharing: - cupsctl --no-shared-printers - .fi - .LP --Enable printing using the file: pseudo-device: -+Enable printing using the file: pseudo-device (note that this is -+forbidden by default): - .nf - cupsctl FileDevice=Yes - .fi ---- man/cupsd.conf.man.in.orig 2011-05-18 23:33:35.000000000 +0200 -+++ man/cupsd.conf.man.in 2014-02-05 14:16:58.000000000 +0100 -@@ -238,6 +238,21 @@ ConfigFilePerm mode - Specifies the permissions for all configuration files that the scheduler - writes. - .TP 5 -+ConfigurationChangeRestriction all -+.TP 5 -+ConfigurationChangeRestriction root-only -+.TP 5 -+ConfigurationChangeRestriction none -+.br -+Specifies the degree of restriction for changes to cupsd.conf. -+Keywords dealing with filenames, paths, and users are -+security-sensitive. Changes to them via HTTP are forbidden by default -+("all"). The value "none" removes any restriction altogether (note -+that this is unsafe). The value "root-only" allows only users -+authorised as user "root" to adjust security-sensitive configuration -+settings, but note that users adjusting settings using polkit (via -+cups-pk-helper) are authenticated as user "root". -+.TP 5 - DataDir path - .br - Specified the directory where data files can be found. ---- scheduler/client.c.orig 2012-03-07 07:05:39.000000000 +0100 -+++ scheduler/client.c 2014-02-05 14:32:49.000000000 +0100 -@@ -1685,13 +1685,10 @@ cupsdReadClient(cupsd_client_t *con) /* - * Validate the resource name... - */ - -- if (strncmp(con->uri, "/admin/conf/", 12) || -- strchr(con->uri + 12, '/') || -- strlen(con->uri) == 12) -+ if (strcmp(con->uri, "/admin/conf/cupsd.conf")) - { - /* -- * PUT can only be done to configuration files under -- * /admin/conf... -+ * PUT can only be done to the cupsd.conf file... - */ - - cupsdLogMessage(CUPSD_LOG_ERROR, -@@ -3827,6 +3824,8 @@ install_conf_file(cupsd_client_t *con) / - char buffer[16384]; /* Copy buffer */ - ssize_t bytes; /* Number of bytes */ - -+ if (!cupsdCheckConfigurationAllowed (con)) -+ return (HTTP_FORBIDDEN); - - /* - * Open the request file... ---- scheduler/conf.h.orig 2011-04-22 19:47:03.000000000 +0200 -+++ scheduler/conf.h 2014-02-05 14:44:49.000000000 +0100 -@@ -92,6 +92,18 @@ typedef struct - - - /* -+ * Configuration change restriction (CVE-2012-5519) -+ */ -+ -+typedef enum -+{ -+ CUPSD_CONFRESTRICT_NONE, /* No checking of PUT cupsd.conf */ -+ CUPSD_CONFRESTRICT_ROOT, /* Only allow root to change all opts */ -+ CUPSD_CONFRESTRICT_ALL, /* Restricted keywords not to be changed */ -+} cupsd_confrestrict_t; -+ -+ -+/* - * Globals... - */ - -@@ -165,6 +177,8 @@ VAR int ClassifyOverride VALUE(0), - /* Allow overrides? */ - ConfigFilePerm VALUE(0640), - /* Permissions for config files */ -+ ConfigurationChangeRestriction VALUE(CUPSD_CONFRESTRICT_ALL), -+ /* CVE-2012-5519 protection */ - LogDebugHistory VALUE(200), - /* Amount of automatic debug history */ - FatalErrors VALUE(CUPSD_FATAL_CONFIG), -@@ -291,6 +305,7 @@ __attribute__ ((__format__ (__printf__, - extern int cupsdLogPage(cupsd_job_t *job, const char *page); - extern int cupsdLogRequest(cupsd_client_t *con, http_status_t code); - extern int cupsdReadConfiguration(void); -+extern int cupsdCheckConfigurationAllowed(cupsd_client_t *con); - extern int cupsdWriteErrorLog(int level, const char *message); - - ---- scheduler/conf.c.orig 2011-11-16 16:28:11.000000000 +0100 -+++ scheduler/conf.c 2014-02-05 15:03:28.000000000 +0100 -@@ -3196,6 +3196,22 @@ read_configuration(cups_file_t *fp) /* I - cupsdLogMessage(CUPSD_LOG_INFO, "Polling %s:%d", pollp->hostname, - pollp->port); - } -+ else if (!strcasecmp(line, "ConfigurationChangeRestriction") && value) -+ { -+ if (!strcasecmp(value, "none")) -+ ConfigurationChangeRestriction = CUPSD_CONFRESTRICT_NONE; -+ else if (!strcasecmp(value, "root-only")) -+ ConfigurationChangeRestriction = CUPSD_CONFRESTRICT_ROOT; -+ else if (!strcasecmp(value, "all")) -+ ConfigurationChangeRestriction = CUPSD_CONFRESTRICT_ALL; -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_WARN, -+ "Unknown restriction type %s on line %d.", -+ value, linenum); -+ return (0); -+ } -+ } - else if (!_cups_strcasecmp(line, "DefaultAuthType") && value) - { - /* -@@ -3657,6 +3673,250 @@ read_configuration(cups_file_t *fp) /* I - } - - -+static cups_array_t * -+_cupsdGetBlacklistedConfLines(cups_file_t *fp) -+{ -+ cups_array_t *conf; -+ int linenum; -+ char keyword[HTTP_MAX_BUFFER], -+ *temp, -+ *value; -+ const char **kw; -+ size_t len; -+ const char *blacklist[] = { -+ "ConfigurationChangeRestriction", -+ "AccessLog", -+ "BrowseLDAPCACertFile", -+ "CacheDir", -+ "ConfigFilePerm", -+ "DataDir", -+ "DocumentRoot", -+ "ErrorLog", -+ "FatalErrors", -+ "FileDevice", -+ "FontPath", -+ "Group", -+ "JobPrivateAccess", -+ "JobPrivateValues", -+ "LogFilePerm", -+ "PageLog", -+ "Printcap", -+ "PrintcapFormat", -+ "PrintcapGUI", -+ "RemoteRoot", -+ "RequestRoot", -+ "ServerBin", -+ "ServerCertificate", -+ "ServerKey", -+ "ServerRoot", -+ "StateDir", -+ "SubscriptionPrivateAccess", -+ "SubscriptionPrivateValues", -+ "SystemGroup", -+ "SystemGroupAuthKey", -+ "TempDir", -+ "User", -+ "WebInterface", -+ NULL -+ }; -+ -+ conf = cupsArrayNew (NULL, NULL); -+ -+ /* -+ * Loop through each line in the file... -+ */ -+ -+ linenum = 0; -+ -+ while (cupsFileGetConf(fp, keyword, sizeof(keyword), &value, &linenum)) -+ { -+ for (kw = blacklist; *kw; kw++) -+ if (!strcasecmp (keyword, *kw)) -+ break; -+ -+ if (*kw == NULL) -+ continue; -+ -+ /* -+ * Remember lines we might need to compare against, but only the -+ * last occurrence of each keyword, except for -+ * SystemGroup. SystemGroup is special because it is cumulative: -+ * each SystemGroup line adds groups to the list. For that reason, -+ * we remember multiple SystemGroup lines and don't care about the -+ * order... -+ */ -+ -+ len = strlen (keyword); -+ if (strcasecmp(keyword, "SystemGroup") != 0) -+ { -+ for (temp = (char *) cupsArrayFirst(conf); -+ temp; -+ temp = (char *) cupsArrayNext(conf)) -+ { -+ if (!strncasecmp (temp, keyword, len) && temp[len] == ' ') -+ { -+ cupsArrayRemove(conf, temp); -+ -+ /* -+ * There can only be one such line because we do this for each -+ * line containing a blacklisted keyword -+ */ -+ -+ break; -+ } -+ } -+ } -+ -+ len += (value ? strlen (value) : 0) + 2; -+ temp = malloc (len); -+ if (!temp) -+ goto fail; -+ -+ snprintf (temp, len, "%s %s", keyword, value ? value : ""); -+ cupsArrayAdd(conf, temp); -+ } -+ -+ return conf; -+ -+fail: -+ for (temp = (char *) cupsArrayFirst(conf); -+ temp; -+ temp = (char *) cupsArrayNext(conf)) -+ free(temp); -+ cupsArrayDelete(conf); -+ return NULL; -+} -+ -+ -+/* -+ * 'cupsdCheckConfigurationAllowed()' - Check whether the new configuration -+ * file can be installed -+ */ -+ -+int /* O - 1 if allowed, 0 otherwise */ -+cupsdCheckConfigurationAllowed(cupsd_client_t *con) -+{ -+ int status = 0; -+ cups_file_t *fp; -+ cups_array_t *oldconf, -+ *newconf = NULL; -+ char *oldline, -+ *newline; -+ -+ if (ConfigurationChangeRestriction == CUPSD_CONFRESTRICT_NONE) -+ /* -+ * Option checking disabled... -+ */ -+ return (1); -+ -+ if (ConfigurationChangeRestriction == CUPSD_CONFRESTRICT_ROOT && -+ !strcmp (con->username, "root")) -+ /* -+ * This is requested by root and our configuration tells us to -+ * accept it. -+ */ -+ return (1); -+ -+ /* -+ * First read the current cupsd.conf... -+ */ -+ -+ if ((fp = cupsFileOpen (ConfigurationFile, "r")) == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_WARN, "Unable to open configuration file?!"); -+ return (0); -+ } -+ -+ oldconf = _cupsdGetBlacklistedConfLines(fp); -+ cupsFileClose(fp); -+ if (!oldconf) -+ return (0); -+ -+ /* -+ * Now take a look at the proposed new cupsd.conf... -+ */ -+ -+ if ((fp = cupsFileOpen(con->filename, "r")) == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_WARN, "Unable to examine new config file"); -+ goto fail; -+ } -+ -+ newconf = _cupsdGetBlacklistedConfLines(fp); -+ cupsFileClose(fp); -+ if (!newconf) -+ goto fail; -+ -+ /* -+ * Now compare the blacklisted directives in each. -+ */ -+ -+ status = 1; -+ for (oldline = (char *) cupsArrayFirst(oldconf); -+ oldline; -+ oldline = (char *) cupsArrayNext(oldconf)) -+ { -+ for (newline = (char *) cupsArrayFirst(newconf); -+ newline; -+ newline = (char *) cupsArrayNext(newconf)) -+ if (!strcmp (oldline, newline)) -+ break; -+ -+ if (newline == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Attempt to remove or change '%s' denied", oldline); -+ status = 0; -+ break; -+ } -+ -+ cupsArrayRemove(newconf, newline); -+ free(newline); -+ } -+ -+ if (status) -+ { -+ /* -+ * All the original directives are still present. Have any been added? -+ */ -+ -+ newline = (char *) cupsArrayFirst(newconf); -+ if (newline != NULL) -+ { -+ char *p; -+ -+ cupsArrayRemove(newconf, newline); -+ -+ p = strchr (newline, ' '); -+ if (p) -+ *p = '\0'; -+ -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Attempt to add '%s' directive denied", newline); -+ free(newline); -+ status = 0; -+ } -+ } -+ -+fail: -+ for (oldline = (char *) cupsArrayFirst(oldconf); -+ oldline; -+ oldline = (char *) cupsArrayNext(oldconf)) -+ free(oldline); -+ cupsArrayDelete(oldconf); -+ -+ if (newconf) -+ { -+ for (newline = (char *) cupsArrayFirst(newconf); -+ newline; -+ newline = (char *) cupsArrayNext(newconf)) -+ free(newline); -+ cupsArrayDelete(newconf); -+ } -+ -+ return (status); -+} -+ -+ - /* - * 'read_location()' - Read a definition. - */ diff --git a/cups-1.5.4-source.tar.bz2 b/cups-1.5.4-source.tar.bz2 deleted file mode 100644 index b67d3b8..0000000 --- a/cups-1.5.4-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8023034e8b58eab1ad7279364e872270a77459f6fb59a84d03229cb1d2a6d0e5 -size 9583002 diff --git a/cups-1.5.4-strftime.patch b/cups-1.5.4-strftime.patch deleted file mode 100644 index 2502240..0000000 --- a/cups-1.5.4-strftime.patch +++ /dev/null @@ -1,288 +0,0 @@ -diff -Nur cups-1.5.4.dist/cgi-bin/ipp-var.c cups-1.5.4/cgi-bin/ipp-var.c ---- cups-1.5.4.dist/cgi-bin/ipp-var.c 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5.4/cgi-bin/ipp-var.c 2014-03-09 13:21:20.065678625 +0100 -@@ -1192,7 +1192,7 @@ - t = (time_t)attr->values[i].integer; - date = localtime(&t); - -- strftime(valptr, sizeof(value) - (valptr - value), "%c", date); -+ _cupsstrftime(valptr, sizeof(value) - (valptr - value), "%c", date); - } - else - snprintf(valptr, sizeof(value) - (valptr - value), -diff -Nur cups-1.5.4.dist/cups/language-private.h cups-1.5.4/cups/language-private.h ---- cups-1.5.4.dist/cups/language-private.h 2010-11-20 02:03:46.000000000 +0100 -+++ cups-1.5.4/cups/language-private.h 2014-03-09 13:21:20.073680045 +0100 -@@ -79,6 +79,7 @@ - extern const char *_cupsMessageLookup(cups_array_t *a, const char *m); - extern void _cupsSetLocale(char *argv[]); - -+extern size_t _cupsstrftime(char *s, size_t max, const char *format, const struct tm *tm); - - # ifdef __cplusplus - } -diff -Nur cups-1.5.4.dist/cups/libcups2.def cups-1.5.4/cups/libcups2.def ---- cups-1.5.4.dist/cups/libcups2.def 2011-09-09 23:55:11.000000000 +0200 -+++ cups-1.5.4/cups/libcups2.def 2014-03-09 13:21:20.077680723 +0100 -@@ -9,6 +9,7 @@ - _cupsLangPrintf - _cupsLangPuts - _cupsLangString -+_cupsstrftime - _cupsMD5Append - _cupsMD5Finish - _cupsMD5Init -diff -Nur cups-1.5.4.dist/cups/libcups_s.exp cups-1.5.4/cups/libcups_s.exp ---- cups-1.5.4.dist/cups/libcups_s.exp 2011-04-16 01:38:13.000000000 +0200 -+++ cups-1.5.4/cups/libcups_s.exp 2014-03-09 13:21:20.085681923 +0100 -@@ -7,6 +7,7 @@ - _cupsLangPrintf - _cupsLangPuts - _cupsLangString -+_cupsstrftime - _cupsMD5Append - _cupsMD5Finish - _cupsMD5Init -diff -Nur cups-1.5.4.dist/cups/Makefile cups-1.5.4/cups/Makefile ---- cups-1.5.4.dist/cups/Makefile 2011-09-09 18:34:29.000000000 +0200 -+++ cups-1.5.4/cups/Makefile 2014-03-09 13:21:20.089682442 +0100 -@@ -63,6 +63,7 @@ - snmp.o \ - snprintf.o \ - string.o \ -+ strftime.o \ - tempfile.o \ - thread.o \ - transcode.o \ -diff -Nur cups-1.5.4.dist/cups/strftime.c cups-1.5.4/cups/strftime.c ---- cups-1.5.4.dist/cups/strftime.c 1970-01-01 01:00:00.000000000 +0100 -+++ cups-1.5.4/cups/strftime.c 2014-03-09 13:21:20.093682921 +0100 -@@ -0,0 +1,56 @@ -+/* -+ * "$Id$" -+ * -+ * Localized strftime function for CUPS. -+ * -+ * -+ * Contents: -+ * -+ * _cupsstrftime() - format date and time -+ */ -+ -+/* -+ * Include necessary headers... -+ */ -+ -+#include "cups-private.h" -+ -+ -+/* -+ * '_cupsstrftime()' - format date and time in current locale and convert to UTF8 -+ */ -+ -+size_t -+_cupsstrftime(char *s, size_t max, const char *format, const struct tm *tm) -+{ -+ size_t size=0; -+ char date[256]; /* Date buffer */ -+ cups_utf8_t utf8[256]; /* Date in utf8 */ -+ _cups_globals_t *cg; /* Global data */ -+ -+ cg = _cupsGlobals(); -+ -+ if (!cg->lang_default) -+ cg->lang_default = cupsLangDefault(); -+ -+ if ((size=strftime(date, max, format, tm))!=0) -+ { -+ -+ if (cg->lang_default->encoding != CUPS_UTF8) -+ { -+ cupsCharsetToUTF8(utf8, date, (int)sizeof(utf8), cg->lang_default->encoding); -+ strncpy(s, utf8, 256); -+ } -+ else { -+ strncpy(s, date, 256); -+ } -+ } -+ return ((size_t)size); -+} -+ -+ -+ -+ -+/* -+ * End of "$Id$". -+ */ -diff -Nur cups-1.5.4.dist/cups/testipp.c cups-1.5.4/cups/testipp.c ---- cups-1.5.4.dist/cups/testipp.c 2011-09-14 02:31:10.000000000 +0200 -+++ cups-1.5.4/cups/testipp.c 2014-03-09 13:21:20.101683760 +0100 -@@ -891,7 +891,7 @@ - { - vtime = ippDateToTime(val->date); - vdate = localtime(&vtime); -- strftime(vstring, sizeof(vstring), "%c", vdate); -+ _cupsstrftime(vstring, sizeof(vstring), "%c", vdate); - printf(" (%s)", vstring); - } - } -diff -Nur cups-1.5.4.dist/filter/bannertops.c cups-1.5.4/filter/bannertops.c ---- cups-1.5.4.dist/filter/bannertops.c 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5.4/filter/bannertops.c 2014-03-09 13:21:20.105684120 +0100 -@@ -843,7 +843,7 @@ - curtime = (time_t)atoi(option); - curdate = localtime(&curtime); - -- strftime(text, sizeof(text), "%c", curdate); -+ _cupsstrftime(text, sizeof(text), "%c", curdate); - } - else - strlcpy(text, "?", sizeof(text)); -@@ -865,7 +865,7 @@ - curtime = (time_t)atoi(option); - curdate = localtime(&curtime); - -- strftime(text, sizeof(text), "%c", curdate); -+ _cupsstrftime(text, sizeof(text), "%c", curdate); - } - else - strlcpy(text, "?", sizeof(text)); -@@ -1066,7 +1066,7 @@ - - curtime = time(NULL); - curtm = localtime(&curtime); -- strftime(curdate, sizeof(curdate), "%c", curtm); -+ _cupsstrftime(curdate, sizeof(curdate), "%c", curtm); - - puts("%!PS-Adobe-3.0"); - printf("%%%%BoundingBox: %.0f %.0f %.0f %.0f\n", PageLeft, PageBottom, -diff -Nur cups-1.5.4.dist/filter/imagetops.c cups-1.5.4/filter/imagetops.c ---- cups-1.5.4.dist/filter/imagetops.c 2011-08-17 23:01:53.000000000 +0200 -+++ cups-1.5.4/filter/imagetops.c 2014-03-09 13:21:20.113684721 +0100 -@@ -618,7 +618,7 @@ - puts("%%DocumentData: Clean7Bit"); - puts("%%DocumentNeededResources: font Helvetica-Bold"); - puts("%%Creator: imagetops/" CUPS_SVERSION); -- strftime(curdate, sizeof(curdate), "%c", curtm); -+ _cupsstrftime(curdate, sizeof(curdate), "%c", curtm); - printf("%%%%CreationDate: %s\n", curdate); - WriteTextComment("Title", argv[3]); - WriteTextComment("For", argv[2]); -diff -Nur cups-1.5.4.dist/filter/texttops.c cups-1.5.4/filter/texttops.c ---- cups-1.5.4.dist/filter/texttops.c 2010-12-03 07:29:20.000000000 +0100 -+++ cups-1.5.4/filter/texttops.c 2014-03-09 13:21:20.117684961 +0100 -@@ -223,7 +223,7 @@ - - curtime = time(NULL); - curtm = localtime(&curtime); -- strftime(curdate, sizeof(curdate), "%c", curtm); -+ _cupsstrftime(curdate, sizeof(curdate), "%c", curtm); - - puts("%!PS-Adobe-3.0"); - printf("%%%%BoundingBox: 0 0 %.0f %.0f\n", PageWidth, PageLength); -diff -Nur cups-1.5.4.dist/scheduler/testsub.c cups-1.5.4/scheduler/testsub.c ---- cups-1.5.4.dist/scheduler/testsub.c 2010-03-24 01:45:34.000000000 +0100 -+++ cups-1.5.4/scheduler/testsub.c 2014-03-09 13:21:20.125685362 +0100 -@@ -442,7 +442,7 @@ - { - vtime = ippDateToTime(val->date); - vdate = localtime(&vtime); -- strftime(vstring, sizeof(vstring), "%c", vdate); -+ _cupsstrftime(vstring, sizeof(vstring), "%c", vdate); - printf(" (%s)", vstring); - } - } -diff -Nur cups-1.5.4.dist/systemv/lpstat.c cups-1.5.4/systemv/lpstat.c ---- cups-1.5.4.dist/systemv/lpstat.c 2011-10-07 23:41:07.000000000 +0200 -+++ cups-1.5.4/systemv/lpstat.c 2014-03-09 13:21:20.133685662 +0100 -@@ -744,7 +744,7 @@ - if (match_list(printers, printer)) - { - pdate = localtime(&ptime); -- strftime(printer_state_time, sizeof(printer_state_time), "%c", pdate); -+ _cupsstrftime(printer_state_time, sizeof(printer_state_time), "%c", pdate); - - if (accepting) - _cupsLangPrintf(stdout, _("%s accepting requests since %s"), -@@ -1436,7 +1436,7 @@ - * Show the consolidated output format for the SGI tools... - */ - -- if (!strftime(date, sizeof(date), "%b %d %H:%M", jobdate)) -+ if (!_cupsstrftime(date, sizeof(date), "%b %d %H:%M", jobdate)) - strcpy(date, "Unknown"); - - _cupsLangPrintf(stdout, "%s;%s;%d;%s;%s", -@@ -1445,7 +1445,7 @@ - } - else - { -- if (!strftime(date, sizeof(date), "%c", jobdate)) -+ if (!_cupsstrftime(date, sizeof(date), "%c", jobdate)) - strcpy(date, "Unknown"); - - if (ranking) -@@ -1764,7 +1764,7 @@ - */ - - pdate = localtime(&ptime); -- strftime(printer_state_time, sizeof(printer_state_time), "%c", pdate); -+ _cupsstrftime(printer_state_time, sizeof(printer_state_time), "%c", pdate); - - switch (pstate) - { ---- cups-1.5.4.dist/test/run-stp-tests.sh 2014-03-12 08:35:30.805162912 +0100 -+++ cups-1.5.4/test/run-stp-tests.sh 2014-03-12 09:45:53.668548631 +0100 -@@ -411,6 +411,19 @@ - i=`expr $i + 1` - done - -+cat >>/tmp/cups-$user/printers.conf < -+Accepting Yes -+DeviceURI file:/dev/null -+Info Test raw printer $i -+JobSheets none none -+Location CUPS test suite -+State Idle -+StateTime 1394607600 -+StateMessage Printer $1 is idle. -+ -+EOF -+ - if test -f /tmp/cups-$user/printers.conf; then - cp /tmp/cups-$user/printers.conf /tmp/cups-$user/printers.conf.orig - else ---- cups-1.5.4.dist/test/5.4-lpstat.sh 2014-03-12 08:26:22.738824487 +0100 -+++ cups-1.5.4/test/5.4-lpstat.sh 2014-03-12 09:44:43.838713821 +0100 -@@ -38,6 +38,30 @@ - fi - echo "" - -+echo "LPSTAT Test" -+echo "" -+echo " lpstat -p" -+state="`../systemv/lpstat -p test5.4 | head -1 2>&1`" -+if test $? != 0 -o "x$state" != "xprinter test5.4 is idle. enabled since Wed Mar 12 08:00:00 2014"; then -+ echo " FAILED" -+ exit 1 -+else -+ echo " PASSED" -+fi -+echo "" -+ -+echo "LPSTAT Test2" -+echo "" -+echo " LC_ALL=de_DE@euro lpstat -p" -+state="`LC_ALL=de_DE@euro ../systemv/lpstat -p test5.4 | head -1 2>&1`" -+if test $? != 0 -o "x$state" != "xprinter test5.4 is idle. enabled since Mi 12 Mär 2014 08:00:00 CET"; then -+ echo " FAILED" -+ exit 1 -+else -+ echo " PASSED" -+fi -+echo "" -+ - # - # End of "$Id: 5.4-lpstat.sh 8498 2009-04-13 17:03:15Z mike $". - # diff --git a/cups-1.5-additional_policies.patch b/cups-1.7-additional_policies.patch similarity index 85% rename from cups-1.5-additional_policies.patch rename to cups-1.7-additional_policies.patch index a9365b2..8f0a1cc 100644 --- a/cups-1.5-additional_policies.patch +++ b/cups-1.7-additional_policies.patch @@ -1,9 +1,12 @@ ---- conf/cupsd.conf.in.orig 2014-01-29 14:31:32.000000000 +0100 -+++ conf/cupsd.conf.in 2014-01-29 15:20:30.000000000 +0100 -@@ -136,6 +136,39 @@ WebInterface @CUPS_WEBIF@ +Index: conf/cupsd.conf.in +=================================================================== +--- conf/cupsd.conf.in.orig ++++ conf/cupsd.conf.in +@@ -127,3 +127,36 @@ WebInterface @CUPS_WEBIF@ + Order deny,allow - ++ +# The policy below is added by SUSE during build of our cups package. +# The policy 'allowallforanybody' is totally open and insecure and therefore +# it can only be used within an internal network where only trused users exist @@ -14,7 +17,7 @@ +# print jobs from an internal network to any external destination, see +# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell +# For documentation regarding 'Managing Operation Policies' see -+# http://www.cups.org/documentation.php/doc-1.5/policies.html ++# http://www.cups.org/documentation.php/doc-1.7/policies.html + + # Allow anybody to access job's private values: + JobPrivateAccess all @@ -36,7 +39,3 @@ + +# Explicitly set the CUPS 'default' policy to be used by default: +DefaultPolicy default -+ - # - # End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". - # diff --git a/cups-2.0.2-source.tar.bz2 b/cups-2.0.2-source.tar.bz2 new file mode 100644 index 0000000..da34630 --- /dev/null +++ b/cups-2.0.2-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:858720f76b66fd0441ae2a16f7cabd9554c8c64607e28ffacf16c36c53a3b18b +size 8766982 diff --git a/cups-client.conf b/cups-client.conf index b5dca13..17f0b41 100644 --- a/cups-client.conf +++ b/cups-client.conf @@ -1,77 +1,28 @@ -# Sample client configuration file for the Common UNIX Printing System -# (CUPS). -# -# Copyright 1997-2005 by Easy Software Products, all rights reserved. -# Klaus Singvogel modified it for SUSE distribution. -# -# These coded instructions, statements, and computer programs are the -# property of Easy Software Products and are protected by Federal -# copyright law. Distribution and use rights are outlined in the file -# "LICENSE.txt" which should have been included with this file. If this -# file is missing or damaged please contact Easy Software Products -# at: -# -# Attn: CUPS Licensing Information -# Easy Software Products -# 44141 Airport View Drive, Suite 204 -# Hollywood, Maryland 20636 USA -# -# Voice: (301) 373-9600 -# EMail: cups-info@cups.org -# WWW: http://www.cups.org -# +# CUPS client configuration file (optional). -######################################################################## -# # -# This is the CUPS client configuration file. This file is used to # -# define client-specific parameters, such as the default server or # -# default encryption settings. # -# # -# Put this file on /etc/cups/client.conf (system use) or # -# ~/.cups/client.conf (personal use). # -# # -# more information in the manual page client.conf(5) -######################################################################## +# You may use /etc/cups/client.conf (system wide) +# or ~/.cups/client.conf (per user). +# For more information see "man 5 client.conf". -# -# Encryption: directive specifies the default encryption settings for -# the client. -# -# Possible values: -# -# IfRequested -# Never -# Required -# Always -# -# The default value is "IfRequested". -# This parameter can also be set # using the CUPS_ENCRYPTION environment -# variable. -# +# The ServerName directive specifies the remote server +# that is to be used for all client operations. That is, it +# redirects all client requests directly to that remote server +# so that a local running cupsd is not used in this case. +# The default is to use the local server ("localhost") or domain socket. +# Only one ServerName directive may appear. +# If multiple names are present, only the last one is used. +# The default port number is 631 but can be overridden by adding +# a colon followed by the desired port number. +# The default IPP version is 2.0 but can be overridden by adding +# a slash followed by version=V where V is 1.0 or 1.1 or 2.0 or 2.1 or 2.2. +# IPP version 2.0 does do not work with CUPS 1.3 or older servers. +# If an CUPS 1.3 or older server is used, its older IPP version +# must be specified as .../version=1.1 or .../version=1.0. -#Encryption IfRequested -#Encryption Never -#Encryption Required -#Encryption Always +# Examples: +# ServerName sever.example.com +# ServerName 192.0.2.10 +# ServerName sever.example.com:8631 +# ServerName older.server.example.com/version=1.1 +# ServerName older.server.example.com:8631/version=1.1 -# -# ServerName: directive specifies sets the remote server that is to be -# used for all client operations. That is, it redirects all client -# requests to the remote server. -# -# By default CUPS will use the domain socket /var/run/cups/cups.sock or -# local server ("localhost"), if so configured. The value can be -# overwritten by the CUPS_SERVER environment variable. -# -# The default port number is 631 but can be overridden by adding a colon -# followed by the desired port number to the value. -# -# ONLY ONE SERVER NAME MAY BE SPECIFIED AT A TIME. To use more than one -# server you must use a local scheduler with browsing and possibly -# polling. -# - -#ServerName /domain/socket -#ServerName foo.bar.com -#ServerName 11.22.33.444 -#ServerName foo.bar.com:8631 diff --git a/cups-config-libs.patch b/cups-config-libs.patch index 20e7af3..a220f52 100644 --- a/cups-config-libs.patch +++ b/cups-config-libs.patch @@ -1,13 +1,11 @@ ---- cups-config.in.orig -+++ cups-config.in -@@ -35,8 +35,8 @@ INSTALLSTATIC=@INSTALLSTATIC@ +--- cups-config.in.orig 2011-08-27 11:23:01.000000000 +0200 ++++ cups-config.in 2012-11-27 15:47:27.000000000 +0100 +@@ -35,7 +35,7 @@ INSTALLSTATIC=@INSTALLSTATIC@ # flags for C++ compiler: CFLAGS="" LDFLAGS="@EXPORT_LDFLAGS@" --LIBS="@LIBGSSAPI@ @EXPORT_SSLLIBS@ @EXPORT_LIBZ@ @LIBS@" --IMGLIBS="@EXPORT_LIBTIFF@ @EXPORT_LIBJPEG@ @EXPORT_LIBPNG@" +-LIBS="@LIBGSSAPI@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@" +LIBS="" -+IMGLIBS="" # Check for local invocation... selfdir=`dirname $0` diff --git a/cups-move-everything-to-run.patch b/cups-move-everything-to-run.patch deleted file mode 100644 index 2e43089..0000000 --- a/cups-move-everything-to-run.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- cups-1.5.4.orig/config.h.in -+++ cups-1.5.4/config.h.in -@@ -131,7 +131,7 @@ - #define CUPS_SBINDIR "/usr/sbin" - #define CUPS_SERVERBIN "/usr/lib/cups" - #define CUPS_SERVERROOT "/etc/cups" --#define CUPS_STATEDIR "/var/run/cups" -+#define CUPS_STATEDIR "/run/cups" - - - /* ---- cups-1.5.4.orig/configure -+++ cups-1.5.4/configure -@@ -6424,7 +6424,7 @@ case "$uname" in - ;; - *) - # All others -- CUPS_STATEDIR="$localstatedir/run/cups" -+ CUPS_STATEDIR="/run/cups" - ;; - esac - cat >>confdefs.h <<_ACEOF ---- cups-1.5.4.orig/config-scripts/cups-directories.m4 -+++ cups-1.5.4/config-scripts/cups-directories.m4 -@@ -429,7 +429,7 @@ case "$uname" in - ;; - *) - # All others -- CUPS_STATEDIR="$localstatedir/run/cups" -+ CUPS_STATEDIR="/run/cups" - ;; - esac - AC_DEFINE_UNQUOTED(CUPS_STATEDIR, "$CUPS_STATEDIR") diff --git a/cups-polld_avoid_busy_loop.patch b/cups-polld_avoid_busy_loop.patch deleted file mode 100644 index c3de99b..0000000 --- a/cups-polld_avoid_busy_loop.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- scheduler/cups-polld.c.orig 2012-03-02 19:26:30.000000000 +0100 -+++ scheduler/cups-polld.c 2013-07-05 14:33:08.000000000 +0200 -@@ -169,10 +169,15 @@ main(int argc, /* I - Number of comm - - /* - * Sleep for any remaining time... -+ * but in case of unusual issues (if remain <= 0 or if restart_polling) -+ * sleep interval seconds to avoid any possible busy-loop -+ * see for example https://bugzilla.novell.com/show_bug.cgi?id=828228 - */ - - if (remain > 0 && !restart_polling) - sleep(remain); -+ else -+ sleep(interval); - } - - return (1); diff --git a/cups-provides-cupsd-service.patch b/cups-provides-cupsd-service.patch deleted file mode 100644 index 4b18ff9..0000000 --- a/cups-provides-cupsd-service.patch +++ /dev/null @@ -1,11 +0,0 @@ -Index: cups-1.5.4/data/cups.service.in -=================================================================== ---- cups-1.5.4.orig/data/cups.service.in -+++ cups-1.5.4/data/cups.service.in -@@ -5,5 +5,6 @@ Description=CUPS Printing Service - ExecStart=@sbindir@/cupsd -f - - [Install] -+Alias=cupsd.service - Also=cups.socket cups.path - WantedBy=printer.target diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch new file mode 100644 index 0000000..a631f81 --- /dev/null +++ b/cups-systemd-socket.patch @@ -0,0 +1,60 @@ +diff -up cups-2.0.2/cups/usersys.c.ustTJg cups-2.0.2/cups/usersys.c +--- cups-2.0.2/cups/usersys.c.ustTJg 2015-02-10 13:40:24.294545077 +0100 ++++ cups-2.0.2/cups/usersys.c 2015-02-10 13:46:56.763989233 +0100 +@@ -1017,7 +1017,7 @@ cups_finalize_client_conf( + struct stat sockinfo; /* Domain socket information */ + + if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && +- (sockinfo.st_mode & S_IRWXO) == S_IRWXO) ++ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH)) + cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET); + else + #endif /* CUPS_DEFAULT_DOMAINSOCKET */ +diff -up cups-2.0.2/scheduler/main.c.ustTJg cups-2.0.2/scheduler/main.c +--- cups-2.0.2/scheduler/main.c.ustTJg 2015-02-10 13:40:24.121547526 +0100 ++++ cups-2.0.2/scheduler/main.c 2015-02-10 13:40:24.295545063 +0100 +@@ -658,8 +658,15 @@ main(int argc, /* I - Number of comm + + #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) + if (OnDemand) ++ { + cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); +- else ++# ifdef HAVE_SYSTEMD ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Scheduler is running...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++# endif /* HAVE_SYSTEMD */ ++ } else + #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ + if (fg) + cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground."); +diff -up cups-2.0.2/scheduler/org.cups.cupsd.path.in.ustTJg cups-2.0.2/scheduler/org.cups.cupsd.path.in +--- cups-2.0.2/scheduler/org.cups.cupsd.path.in.ustTJg 2014-03-21 15:50:24.000000000 +0100 ++++ cups-2.0.2/scheduler/org.cups.cupsd.path.in 2015-02-10 13:40:24.295545063 +0100 +@@ -2,7 +2,7 @@ + Description=CUPS Scheduler + + [Path] +-PathExists=@CUPS_CACHEDIR@/org.cups.cupsd ++PathExistsGlob=@CUPS_REQUESTS@/d* + + [Install] + WantedBy=multi-user.target +diff -up cups-2.0.2/scheduler/org.cups.cupsd.service.in.ustTJg cups-2.0.2/scheduler/org.cups.cupsd.service.in +--- cups-2.0.2/scheduler/org.cups.cupsd.service.in.ustTJg 2014-10-21 13:55:01.000000000 +0200 ++++ cups-2.0.2/scheduler/org.cups.cupsd.service.in 2015-02-10 13:40:24.296545049 +0100 +@@ -1,10 +1,11 @@ + [Unit] + Description=CUPS Scheduler + Documentation=man:cupsd(8) ++After=network.target + + [Service] + ExecStart=@sbindir@/cupsd -l +-Type=simple ++Type=notify + + [Install] + Also=org.cups.cupsd.socket org.cups.cupsd.path diff --git a/cups.changes b/cups.changes index 34df7e7..2d211bc 100644 --- a/cups.changes +++ b/cups.changes @@ -1,149 +1,255 @@ ------------------------------------------------------------------- -Tue Nov 25 16:13:50 CET 2014 - jsmeix@suse.de +Thu Feb 12 13:50:58 UTC 2015 - tchvatal@suse.com -- Refresh and/or clean up the systemd units that belong to CUPS - (cups.service cups.socket cups.path) via RPM posttrans scriplet - in a generic way via "systemctl --force reenable" (bnc#904215). - An enabled systemd unit may need a refresh via - "systemctl --force reenable" after updating a package when - the new package had installed a changed systemd unit file. - A disabled systemd unit also may need a refresh via - "systemctl --force reenable" but then it is again disabled. - A systemd unit may become obsolete by updating a package when - the new package does no longer provide a unit file. In this - case "systemctl --force reenable" removes the unit. - In any case currently running services are not stopped even - when the new package does no longer provide the unit file - because a RPM package update must not automatically disrupt - (stop or restart) running services. +- Add back the posttrans cleanup script as it is needed ------------------------------------------------------------------- -Tue Nov 4 13:26:04 CET 2014 - jsmeix@suse.de +Thu Feb 12 09:22:30 UTC 2015 - tchvatal@suse.com -- Also for SLE12 krb5-devel must be used for build - (cf. the entry below dated "Wed Jun 26 10:39:30 CEST 2013") - because in contrast to IBS where krb5-mini-devel is available - for build in SUSE:SLE-12:GA in OBS it cannot build for SLE_12 - with "unresolvable: nothing provides krb5-mini-devel". +- Add patch cups-systemd-socket.patch to fix socket activation + and to match socket approach Fedora has. ------------------------------------------------------------------- -Mon Oct 13 09:30:49 UTC 2014 - gber@opensuse.org +Thu Feb 12 09:12:05 UTC 2015 - tchvatal@suse.com -- use Settings;Printing;HardwareSettings desktop file category - instead of System category in the desktop file +- Version bump to 2.0.2: + * Security: cupsRasterReadPixels buffer overflow with invalid page header and + compressed raster data (STR #4551) + * Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was + already an IPP keyword () + * cupsGetPPD* sent bad requests (STR #4567) + * For detailed list see CHANGES.txt file ------------------------------------------------------------------- -Tue Sep 2 15:48:23 CEST 2014 - jsmeix@suse.de +Thu Feb 12 09:10:09 UTC 2015 - tchvatal@suse.com +- Enable PIE for build + +------------------------------------------------------------------- +Fri Jan 30 10:44:47 UTC 2015 - tchvatal@suse.com + +- Remove legacy paralel-port support as it is not really needed + as most do not want it + +------------------------------------------------------------------- +Fri Jan 30 10:39:41 UTC 2015 - tchvatal@suse.com + +- Update descriptions to just state what changed and let user + find it out. +- Add back comment about %fdupes +- Remove exit 0 on scriptlets as it is provided by the %service bla + ones already +- Fix the comment about openSUSE version on tmpfilesdir declaration + +------------------------------------------------------------------- +Fri Jan 16 16:00:20 UTC 2015 - tchvatal@suse.com + +- cups-2.0.1 update: + * lengthy list of changes see the upstream CHANGES.txt that is + distributed with the package + * Disabling of sslv3 to mitigate poodle +- Use gnutls to provide SSLOPtions configuration directive + * openssl is no longer supported upstream + * Remove the with-openssl-exception from license +- Remove cups.sysconfig as it is not used with systemd based distros +- Purposely lose support for SLE11 as it doubles size of some of the + sections and keep suppor for openSUSE+SLE12 + * even with the conditions we would have to go unencrypted only + as needs newer gnutls, so don't bother with keeping the compat +- Use upstream service and socket files to allow more working tools + +------------------------------------------------------------------- +Tue Sep 23 13:57:31 CEST 2014 - ro@suse.de + +- change BuildRequires for systemd to pkgconfig(systemd) + and pkgconfig(libsystemd-daemon) to avoid build-cycles + +------------------------------------------------------------------- +Mon Aug 25 13:19:19 CEST 2014 - jsmeix@suse.de + +- Version upgrade to 1.7.5: + CUPS 1.7.5 addresses some minor issues and expands upon the + symlink security protection. Changes include (excerpt): + * Security: Addressed some more situations where symlinked + files would be served by the web interface (CVE-2014-5029 + CVE-2014-5030 CVE-2014-5031 STR #4455 and bnc#887240). + * The LPD backend did not work with some versions + of glibc (STR #4452) + * CGI scripts did not work (STR #4454) +- str4455-1.7.patch (see the previous entry below) + is obsolete because it is fixed upstream since CUPS 1.7.5. - Let fdupes only create symlinks in /usr/share/cups/templates/ to avoid a symlink /usr/share/cups/webcontent/images/cups-icon.png - because the cupsd web server does no longer follow symlinks - to avoid the security issues mentioned in the previous entry - below (fixes bnc#892587 a regression of bnc#887240). + because since CUPS 1.7.4/1.7.5 the cupsd web server does + no longer follow symlinks to avoid the security issues + mentioned in the previous two entries below + (fixes bnc#892587 a regression of bnc#887240). ------------------------------------------------------------------- -Tue Sep 2 15:26:36 CEST 2014 - jsmeix@suse.de +Tue Jul 29 16:41:10 CEST 2014 - jsmeix@suse.de -- str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch - fixes that the web interface incorrectly served symlinked files - and files that were not world-readable, potentially leading to - a disclosure of information (CVE-2014-3537 STR #4450 plus the - subsequent CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR #4455 - all in bnc#887240). +- str4455-1.7.patch complements the incomplete fix for + CVE-2014-3537 STR#445 in the CUPS 1.7.4 sources + to fix the subsequent CVE-2014-5029 CVE-2014-5030 + CVE-2014-5031 STR#4455 (bnc#887240). ------------------------------------------------------------------- -Thu May 22 10:16:17 UTC 2014 - werner@suse.de +Tue Jul 15 11:13:14 CEST 2014 - jsmeix@suse.de -- Add build require pkgconfig(libsystemd-daemon) to allow to move - systemd.pc back to systemd package +- Version upgrade to 1.7.4: + CUPS 1.7.4 fixes several networking and build issues, + and addresses a symlink security issue CVE-2014-3537. + Changes since 1.7.3 include (excerpt): + * Security: The web interface incorrectly served symlinked files + and files that were not world-readable, potentially leading to + a disclosure of information (CVE-2014-3537, STR #4450, + and bnc#887240). + * The "snmp" option did not work with the network backends + (STR #4422). + * The User directive in client.conf did not override the USER + environment variable (STR #4426). + * The web interface now properly shows a "Go" button for + all text-based browsers (STR #4425). + * The MaxJobTime directive now properly supports time + values (STR #4434). + * Fixed an "IPP read error" race condition issue (STR #4440). ------------------------------------------------------------------- -Fri Apr 11 09:42:30 CEST 2014 - jsmeix@suse.de +Mon Jun 2 13:21:31 CEST 2014 - jsmeix@suse.de -- cups-1.5.4-strftime.patch fixes CUPS upstream STR #4388: - no or malformed output from lpstat in charset other than utf-8 - (bnc#873030). +- Version upgrade to 1.7.3: + CUPS 1.7.3 includes a number of general bug fixes. + Changes since 1.7.2 include (excerpt): + * Fixed mapping of OutputBin values such as "Tray1". + * Several ippGet* functions incorrectly returned -1 + instead of 0 on error. + * Fixed an authentication race condition in + cupsSendRequest (STR #4403). + * The scheduler did not add the "job-hold-until-specified" + reason when holding a job using the lp command (STR #4405). + * Auto-typing of PWG Raster files did not work (STR #4417). + * IPP queues using hardcoded credentials would ask + for credentials (STR #4371). ------------------------------------------------------------------- -Thu Feb 20 13:57:24 CET 2014 - jsmeix@suse.de +Wed Apr 23 14:24:12 CEST 2014 - jsmeix@suse.de + +- Version upgrade to 1.7.2: + CUPS 1.7.2 addresses a web interface redirection security issue, + some scheduler crashed on Linux, and other general bug fixes. + Changes since 1.7.1 include (excerpt): + * CVE-2014-2856: The scheduler now blocks URLs containing + embedded HTML (STR #4356 and bnc#873899). + * cupsDoIORequest could miss the server status, causing failed + lpadmin and other administrative commands (STR #4386). + * Fixed a D-BUS threading issue that caused the scheduler + to crash (STR #4347). + * The scheduler now automatically reconnects to Avahi + as needed (STR #4370, STR #4373). +- str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail + is obsolete because it is fixed upstream since CUPS 1.7.2. +- Removed the CUPS banner files in /usr/share/cups/banners/ and + the CUPS testpage /usr/share/cups/data/testprint (which is also + a CUPS banner file type) because they do no longer work + since CUPS >= 1.6 (see http://www.cups.org/str.php?L4120) + because there is no longer a filter for Linux that can convert + the CUPS banner files. Since CUPS >= 1.6 only the banner files + and testpage in the cups-filters package work via the + cups-filters PDF workflow and the cups-filters package also + provides the matching bannertopdf filter (bnc#873376). + +------------------------------------------------------------------- +Fri Apr 11 14:52:41 CEST 2014 - jsmeix@suse.de + +- In case of systemd use --with-rundir=/run/cups + instead of --with-rundir=/run (bnc#871640). + +------------------------------------------------------------------- +Thu Feb 27 12:49:42 CET 2014 - jsmeix@suse.de -- Cautious clean up of systemd units via RPM scriptlets - (see the entry below dated "Wed Feb 19 15:05:44 CET 2014") - does not work reliable because it would leave a messsed up - systemd setup for cupsd when YaST was used before - to start/stop/enable/disable the cupsd, see - https://bugzilla.novell.com/show_bug.cgi?id=857372#c115 - so that now cups.socket and cups.path are stopped and disabled - in any case to ensure starting/stopping/enabling/disabling - of the cupsd also works with YaST, see - https://bugzilla.novell.com/show_bug.cgi?id=857372#c120 - (bnc#857372). - str4351.patch from CUPS upstream fixes https://www.cups.org/str.php?L4351 "STR #4351 cups-lpd hugh jobs (>2G) fail" (bnc#864782). ------------------------------------------------------------------- -Wed Feb 19 15:05:44 CET 2014 - jsmeix@suse.de - -- Cautious clean up of systemd units via RPM scriptlets: - * When /usr/lib/systemd/system/cups.path and/or - /usr/lib/systemd/system/cups.socket are in use - stop and disable them because they are no longer provided - but keep manually set up cups.path and/or cups.socket units. - * Enforce systemd to use the cups.service file in this package - by "systemctl reenable cups.service" if it was enabled - (intentionally this does not restart a running cupsd). - For details see "rpm -q --scripts cups" and have a look at - http://lists.opensuse.org/opensuse-packaging/2014-02/msg00096.html - -------------------------------------------------------------------- -Wed Feb 12 11:53:45 CET 2014 - jsmeix@suse.de - -- Added Begin/End comments in scriptlets for RPM macros - so that it is easier to see in the "rpm -q --scripts cups" - output what each RPM macro actually does. - -------------------------------------------------------------------- -Wed Feb 12 10:30:42 CET 2014 - jsmeix@suse.de +Wed Feb 26 15:20:02 CET 2014 - jsmeix@suse.de +- Version upgrade to 1.7.1 (fate#314630): + CUPS >= 1.6 has major incompatible changes compared to CUPS + up to version 1.5.4 in particular when printing via network: + * The IPP protocol default version increased form 1.1 to 2.0. + Older IPP servers like CUPS 1.3.x (e.g. in SLE11) + reject IPP 2.0 requests with "Bad Request" (STR #4231). + By adding '/version=1.1' to ServerName in client.conf + (e.g. ServerName older.server.example.com/version=1.1) + or the CUPS_SERVER environment variable value or by + adding it to the server name value of the '-h' opion + (e.g. lpstat -h older.server.example.com/version=1.1 -p) + the older IPP protocol version for older servers + must be explicitly specified. + * CUPS Browsing is dropped in CUPS but the new package + cups-filters provides the cups-browsed that provides + basic CUPS Browsing and Polling functionality. + The native protocol in CUPS for automatic client discovery + of printers is now DNS-SD. + * Some printing filters and backends are dropped in CUPS + but the new package cups-filters provides them so that + cups-filters is usually needed (recommended by RPM) + but cups-filters is not strictly required. + * The cupsd configuration directives are split into two files + cupsd.conf (can also be modified via HTTP PUT e.g. via cupsctl) + and cups-files.conf (can only be modified manually by root) + to have better default protection against misuse of privileges + by normal users who have been specifically allowed + by root to do cupsd configuration changes + (STR #4223 CVE-2012-5519 bnc#789566). + See the entries below for more information. + For details see the openSUSE Bugzilla bnc#735404 issue. + CUPS 1.7.1 improves network and USB printing, fixes some + scheduler issues, and addresses a minor security issue + in the lppasswd program. + Changes since 1.7.0 include (excerpt): + * Security: the lppasswd program incorrectly used settings + from ~/.cups/client.conf (STR #4319) + * ATTR messages could cause string pool memory corruption + in the scheduler () + * Printing to a raw queue could result in corrupt output + due to opportunistic compression () + * Japanese PPDs using with the Shift-JIS encoding + did not work () + * The libusb-based USB backend incorrectly used write + timeouts () + * The IPP backend did not wait for a busy printer + to become available before attempting to print + () + * Using "@IF(name)" in an Allow or Deny rule + did not work (STR #4328) + * The D-BUS notifier did not remove its lockfile (STR #4314) + * CUPS incorrectly used the USER environment variable when + the name did not match the user ID (STR #4327) + For details see the CHANGES.txt file. +- cups-1.7-additional_policies.patch adds the 'allowallforanybody' + policy to cupsd.conf (fate#303515) and replaces + cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch +- Clean up of systemd unit files (bnc#857372): + Make it working again as simple and secure as it worked + all the time in the past by providing only one single + systemd unit file cups.service. In particular currently YaST + cannot manage services with additional other systemd unit files. + Furthermore systemd socket activation is currently insecure + in case of IPv6 (CVE-2012-6094 bnc#795624). - Clean up how cupsd is launched (via SysVinit or systemd) by maintaining strictly separated sections in cups.spec: Either for launching cupsd via systemd (if have_systemd is set) or for launching cupsd via SysVinit (if have_systemd is not set). - SysVinit support cannot be removed because CUPS 1.5.4 - is provided for SLE11 in the OBS devel project "Printing". - -------------------------------------------------------------------- -Wed Feb 5 14:04:42 CET 2014 - jsmeix@suse.de - -- cups-1.5.4-CVE-2012-5519.patch adds better default protection - against misuse of privileges by normal users who have been - specifically allowed by root to do cupsd configuration changes - (CUPS STR#4223 CVE-2012-5519 Novell/Suse Bugzilla bnc#789566). - The new ConfigurationChangeRestriction cupsd.conf directive - specifies the level of restriction for cupsd.conf changes - that happen via HTTP/IPP requests to the running cupsd - (e.g. via CUPS web interface or via the cupsctl command). - By default certain cupsd.conf directives that deal with - filenames, paths, and users can no longer be changed via - requests to the running cupsd but only by manual editing - the cupsd.conf file and its default file permissions - permit only root to write the cupsd.conf file. - Those directives are: ConfigurationChangeRestriction, - AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, - DataDir, DocumentRoot, ErrorLog, FatalErrors, FileDevice, - FontPath, Group, JobPrivateAccess, JobPrivateValues, - LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, - RemoteRoot, RequestRoot, ServerBin, ServerCertificate, - ServerKey, ServerRoot, StateDir, SubscriptionPrivateAccess, - SubscriptionPrivateValues, SystemGroup, SystemGroupAuthKey, - TempDir, User, WebInterface. + SysVinit support cannot be removed because CUPS 1.7.1 still + builds and can be used even for SLE11. - The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set - to 'root' only. -- In this context a general security advice: + to 'root' only (related to STR #4223 CVE-2012-5519 bnc#789566). + In this context a general security advice: When root allows normal users to do system administration tasks (in particular when root allows normal users to administer system processes - i.e. processes that run as root), then @@ -152,140 +258,202 @@ Wed Feb 5 14:04:42 CET 2014 - jsmeix@suse.de may get allowed to do specific system administration tasks. ------------------------------------------------------------------- -Wed Jan 29 14:27:52 CET 2014 - jsmeix@suse.de +Wed Oct 30 10:25:24 CET 2013 - jsmeix@suse.de -- cups-0003-systemd-secure-cups.service-unit-file.patch changes - the cups.service systemd unit file to be more secure and - to let the cupsd again work as it did all the time for printing - in a network (bnc#857372 in particular comment #61 therein). -- cups-1.5-additional_policies.patch was updated to avoid - cupsd warning messages of the form "No limit for ... defined - in policy allowallforanybody and no suitable template found" - (bnc#857372 in particular comment #48 therein). +- Version upgrade to 1.7.0 + CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5. + See the entries below for more information. + For details see the openSUSE Bugzilla bnc#735404 issue. + Changes since 1.7rc1 include (excerpt): + * The lpadmin command did not send the PPD name from + the "-m" option (). + * The scheduler did not respond using the hostname + specified by the client (). + * Fixed a couple memory leaks in ippfind that were + reported by Clang. + * Fixed a compile issue on 64-bit Linux with Clang - need + to use the -pie option instead of -Wl,-pie now + (). + * The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE + environment variable to the filters or backend + (). + For details see the CHANGES.txt file. ------------------------------------------------------------------- -Fri Jan 10 11:51:41 CET 2014 - jsmeix@suse.de +Tue Jul 16 16:40:56 CEST 2013 - jsmeix@suse.de -- Fix how to use CUPS' own fonts (bnc#856731). In ancient times - (see the below entry dated "Thu Aug 16 17:05:19 CEST 2001") - there was the idea to deviate from CUPS upstream and save - some disk space and do not install CUPS' own fonts. - CUPS' own fonts were removed and the CUPS font - directory was replaced by a symbolic link - /usr/share/cups/fonts -> ../ghostscript/fonts - because at that times the Ghostscript fonts had been the same - as CUPS' own fonts. In any case such a link is a fragile - non-future-proof interference because when either the Ghostscript - fonts or CUPS' own fonts change, linking them as same is wrong. - Since a long time the Ghostscript fonts do no longer work - for CUPS' particular needs but nobody noticed it until now. - But it is not possible with RPM to replace a directory by a - symbolic link or vice versa. This means /usr/share/cups/fonts - must stay forever as a symbolic link and the only way out is - to move CUPS' own fonts to an artificial surrogate directory - /usr/share/cups/CUPSfonts and have the symbolic link now - /usr/share/cups/fonts -> /usr/share/cups/CUPSfonts +- Version upgrade to 1.7rc1 only for testing purpose. + CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5. + After a version upgrade to CUPS >= 1.6 printing in the network + would no longer work as it did up to CUPS 1.5. + For details regarding incompatible changes in CUPS >= 1.6 see + https://bugzilla.novell.com/show_bug.cgi?id=735404 + and follow the links therein. + The 1.7 series is primarily a "polish" release with improved + support for paid, PIN, and release printing, expanded support + for IPP Everywhere, automatic support for data compression, + and improved CUPS APIs. + CUPS 1.7rc1 is the first release candidate for CUPS 1.7.0 + and includes the fixes from CUPS 1.6.3, adds a new + ippfind utility, fixes some issues in the ipptool utility, + and fixes some general printing bugs. + For details what is new in CUPS 1.7 see the CHANGES.txt file. + Excerpt: + * Printer xxx-default values were not reported by + Get-Printer-Attributes or lpoptions () + * Added a new ippfind tool for finding IPP printers and + other Bonjour services () +- Version upgrade to 1.6.3 + CUPS 1.6.3 fixes some compatibility issues with servers + running CUPS 1.3.12 or older, fixes some general printing bugs, + and fixes some minor security issues. + For details what is new in CUPS 1.6 see the CHANGES-1.6.txt file. + Excerpt: + * The lp, lpq, lpr, and lpstat now display an error message + advising the use of the /version=1.1 ServerName option + () + * Added documentation about the /version=1.1 option to ServerName + in client.conf () + * The lp, lpq, lpr, and lpstat commands incorrectly ignored + the default printer set in the lpoptions file + () + * Printing using "ipps" URIs was not encrypted. ------------------------------------------------------------------- -Wed Jan 8 16:07:44 CET 2014 - jsmeix@suse.de +Tue Mar 19 10:19:41 CET 2013 - jsmeix@suse.de -- cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch - fixes the systemd cups.socket file so that systemd listens only - on localhost (bnc#857372). -- Do no longer use the Ghostscript fonts for CUPS. Instead be - in compliance with upstream and use CUPS' own Monospace fonts - in /usr/share/cups/fonts because those fonts are hardcoded - used by the CUPS filters bannertops (for CUPS banner pages and - the CUPS test page that is a special kind of banner page) - and texttops (when printing plain text files). Without CUPS' - own Monospace fonts bannertops and texttops create PostScript - that uses those fonts but without those fonts embedded which - results that PostScript interpreters use a (different) fallback - font or fail to print for some PostScript printers (bnc#856731). +- Version upgrade to 1.6.2. + CUPS 1.6 has major incompatible changes compared to CUPS 1.5. + For details regarding incompatible changes in CUPS 1.6 see + https://bugzilla.novell.com/show_bug.cgi?id=735404 + and follow the links therein. + For details what is new in CUPS 1.6 see the CHANGES.txt file. + Excerpt: + * Security: All file, directory, user, and group settings + are now stored in a separate cups-files.conf configuration + file that cannot be set through the CUPS web interface + or APIs (STR #4223). + * The IPP backend could crash if the printer disconnects + early (STR #4284). + * cupsGetPPD did not work with statically-configured CUPS + shared queues (STR #4178). + * Bad IPP responses could crash ipptool (STR #4262). + * Updated USB quirk rules for various printers + (STR #4217, STR #4263, STR #4286). + * Added USB blacklisting for printers that require a custom + backend (STR #4218). + * The CUPS library did not always detect a timed out connection + to the server which could cause temporary loss of printing + from applications (STR #4187). + * The IPP backend now stops queues when the server configuration + prevents successful job submission (STR #4125). + * CUPS 1.6 clients using the ServerName directive in client.conf + did not work with CUPS 1.3.x or older servers + (STR #4231, STR #4291). + * The scheduler could crash when using Avahi + (STR #4183, STR #4192, STR #4200, STR #4213). + * The IPP backend could get stuck in an endless loop on certain + network errors (STR #4194). + * The scheduler no longer allows job-name values that are + not valid network Unicode strings (STR #4072). + * The network backends now support disabling of SNMP supply + level queries via the "snmp" URI option (STR #4106). + * The IPP backend did not specify the compression used + (STR #4181). + * The scheduler did not recognize dnssd: or ipps: URIs as + Bonjour shared queues (STR #4158). + * Applications could not get the PPD file for + statically-configured Bonjour-shared print queues (STR #4159). + * Fixed a USB backend compatibility issue on systems using + libusb (STR #4155, STR #4191). + * Some Bonjour features were not available on systems + with Avahi (STR #4156). +- cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch is + obsolete because it is fixed upstream (STR #4231, STR #4291). +- cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch + replaces cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch +- Adapted cups-client.conf template file for CUPS 1.6. ------------------------------------------------------------------- -Wed Oct 9 04:15:45 UTC 2013 - crrodriguez@opensuse.org +Wed Nov 28 15:04:58 CET 2012 - jsmeix@suse.de -- patch cups-move-everything-to-run.patch missed to move - CUPS_STATEDIR to run, so systemd sockets are still created - in /var/run -- Add required tmpfiles.d config snippet to ensure /run/cups - is always available. +- cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch + adapts the defaults in cupsd.conf for SUSE. + It replaces cups-1.3.6-access_conf.patch that + added 'Allow 127.0.0.2' to cupsd.conf to allow access + for the loopback IP address 127.0.0.2 which is set for + the hostname by SUSE in /etc/hosts at least up to + SLE10 products. + It also replaces cups-1.5-additional_policies.patch + that added the 'allowallforanybody' policy to cupsd.conf + see https://fate.novell.com/303515 + Furthermore it fixes some issues with the CUPS upstream + defaults i.e. removal of no longer supported keywords + BrowseOrder BrowseAllow DefaultAuthType (otherwise cupsd + prints error messages of the form "Unknown directive + BrowseOrder on line 22"). +- cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch + reverts the incompatible change in CUPS 1.6 + that makes IPP version 2.0 default + (see https://www.cups.org/str.php?L3929) + back to using IPP version 1.1 by default. + Otherwise CUPS 1.6 on clients cannot talk to older CUPS + servers in particular not to CUPS 1.3.9 on SLE11. + E.g. on a CUPS 1.6 client "lpstat -h sle11.cups.server -p" + would fail on the client with "lpstat: Bad Request" and + the CUPS 1.3.9 server logs in /var/log/cups/error_log the + lines "E ... cupsdReadClient: ... IPP Read Error!" + and "D ... cupsdSendError: ... code=400 (Bad Request)". ------------------------------------------------------------------- -Fri Jul 5 14:33:53 CEST 2013 - jsmeix@suse.de +Tue Nov 27 15:50:16 CET 2012 - jsmeix@suse.de -- cups-polld_avoid_busy_loop.patch avoids any possible busy loop - in cups-polld in case of unusual issues by sleeping interval - seconds (bnc#828228). - -------------------------------------------------------------------- -Fri Jun 28 20:16:52 UTC 2013 - stefan.bruens@rwth-aachen.de - -- Fix endless loop if IPP server does not accect job (bnc#827418) - see also https://www.cups.org/str.php?L4190 (STR#4190, - patch str4190.patch). - -------------------------------------------------------------------- -Wed Jun 26 15:30:45 CEST 2013 - jsmeix@suse.de - -- Changed Source0 URL from - http://ftp.easysw.com/pub/cups/1.5.4/cups-1.5.4-source.tar.bz2 - to its currently valid location - http://www.cups.org/software/1.5.4/cups-1.5.4-source.tar.bz2 - so that the factory-auto check script does no longer error out - with "Failed to download ... Source URLs are not valid." - -------------------------------------------------------------------- -Wed Jun 26 10:39:30 CEST 2013 - jsmeix@suse.de - -- Use BuildRequires krb5-mini-devel to avoid this build cycle: - cups -> krb5 -> python-Jinja2 -> vim -> gtk2 -> cups - (according to OBS request 180870). - Because krb5-mini-devel is not available for SLE11 - krb5-devel must still be used for SLE11 builds - (required addition to OBS request 180870). - -------------------------------------------------------------------- -Fri Mar 22 08:56:10 UTC 2013 - mmeister@suse.com - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Wed Jan 30 13:24:43 UTC 2013 - rmilasan@suse.com - -- Move everything (pid, lock, socket files) to /run only for 12.3. - Added: cups-move-everything-to-run.patch - See also - http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html - -------------------------------------------------------------------- -Thu Dec 20 12:38:47 CET 2012 - jsmeix@suse.de - -- Added "BuildRequires: poppler-tools" which installs - /usr/bin/pdftops for the build-time check in cups-pdf.m4 - regarding HAVE_PDFTOPS_WITH_ORIGPAGESIZE that makes sure - that the CUPS filter /usr/lib/cups/filter/pdftops calls - /usr/bin/pdftops with "-origpagesizes" otherwise it would - result wrong PostScript output for poppler > 0.18.0 (bnc#776080) - see also https://www.cups.org/str.php?L3689 (STR #3689). -- Changed 'configure --with-pdftops=/usr/bin/pdftops' back to - the upstream default 'configure --with-pdftops=pdftops' - (compare the entry dated 'Fri Jul 31 15:08:41 CEST 2009'). -- Removed leftover and since a longer time obsolete - "BuildRequires: avahi-compat-mDNSResponder-devel". - -------------------------------------------------------------------- -Tue Nov 13 13:54:02 UTC 2012 - fcrozat@suse.com - -- Add cups-provides-cupsd.service: ensure cupsd.service is provided - by cups.service. +- Version upgrade to 1.6.1. + CUPS 1.6 has major incompatible changes compared to CUPS 1.5. + After a version upgrade to CUPS 1.6 printing in the network + would no longer work as it did up to CUPS 1.5. + For an overview about what is new in CUPS 1.6 see + http://www.cups.org/documentation.php/doc-1.6/whatsnew.html + For details regarding incompatible changes in CUPS 1.6 see + https://bugzilla.novell.com/show_bug.cgi?id=735404 + and follow the links therein. + For details what is new in CUPS 1.6 see the CHANGES.txt file. + Excerpt: + * CUPS now supports color management using colord (STR #3808). + * CUPS now supports Bonjour using Avahi (STR #3066). + * The "brightness", "columns", "fitplot", "gamma", "hue", + "natural-scaling", "penwidth", "position", "ppi", + "saturation", and "scaling" options are not longer + supported (STR #4010). + * Added new destination connection and enumeration functions + via new dynamic destination APIs (STR #3924). + * Added new option, localization, and job submission functions + via new APIs that do not depend on PPD files (STR #3925). + * The scheduler now supports a DefaultAuthType of "auto" to + automatically choose between Basic (username/password) + and Negotiate (Kerberos) authentication. + * CUPS no longer supports automatic remote printers or + implicit classes via the CUPS, LDAP, or SLP protocols + (STR #3922, STR #3923). + * The PPD APIs are now deprecated and will be removed + in a future version of CUPS (STR #3927). + * The default IPP version for requests is now 2.0 (STR #3929). + * The IPP APIs no longer expose the ipp_t or ipp_attribute_t + structures and instead provide accessor functions (STR #3928). + * The scheduler will no longer run programs with group write + permission. + * The PHP module has been removed (STR #3932). + * The bannertops, commandtoescpx, commandtopclx, imagetops, + imagetoraster, pdftops, rastertoescpx, rastertopclx, + and texttops filters have been removed (STR #3930). + * The serial and parallel backends have been removed (STR #3935). +- Adapted cups-config-libs.patch for CUPS 1.6.1 + (IMGLIBS is no longer present in cups-config.in). ------------------------------------------------------------------- Thu Oct 18 12:07:09 UTC 2012 - coolo@suse.com -- buildrequire systemd through the pkgconfig provide to get +- buildrequire systemd through the pkgconfig provide to get systemd-mini in build environment (to break cycle) ------------------------------------------------------------------- @@ -294,13 +462,13 @@ Thu Sep 27 07:27:01 UTC 2012 - mmeister@suse.com - Version upgrade to 1.5.4 (mainly a bugfix release) that fixes some IPP printing issues. Excerpt: - * The IPP backend no longer tries to get the job status for - printers that do not implement the required operation + * The IPP backend no longer tries to get the job status for + printers that do not implement the required operation (STR #4083). - * Sending a document in an unsupported format to an IPP printer + * Sending a document in an unsupported format to an IPP printer now automatically cancels the job (STR #4093). * The IPP backend now treats the client-error-not-possible - status code as a job history issue, allowing IPP printing to + status code as a job history issue, allowing IPP printing to Windows to work(STR #4047). For a complete list see the CHANGES.txt file. - revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of @@ -400,12 +568,13 @@ Tue Jan 10 04:58:44 UTC 2012 - crrodriguez@opensuse.org - Use explicit buildrequires on the needed libraries. otherwise build will fail after libtiff-devel deps cleanup - Cleanup requires of -devel package, which only needs glibc-devel -- Fix up, cups-config script, which with option --libs adds: - LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto +- cups-config-libs.patch fixes cups-config script, + which with option --libs adds: + LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lz -lpthread -lm -lcrypt " IMGLIBS="-ltiff -ljpeg -lpng" - This only makes sense when using static linking but we don't ship - static libraries and will only help bloating dependant packages. + This only makes sense when using static linking but we do not + ship static libraries and it will only bloat dependant packages. ------------------------------------------------------------------- Sat Dec 17 18:19:14 UTC 2011 - crrodriguez@opensuse.org @@ -425,7 +594,8 @@ Sat Dec 3 20:09:32 UTC 2011 - crrodriguez@opensuse.org ------------------------------------------------------------------- Sat Dec 3 19:11:36 UTC 2011 - crrodriguez@opensuse.org -- Add complete systemd support, the hardware stuff is handled in +- cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch + adds complete systemd support, the hardware stuff is handled in builtin udev rules (see /lib/udev/rules.d/99-systemd.rules). See also http://0pointer.de/blog/projects/socket-activation2.html @@ -560,7 +730,7 @@ Thu Feb 10 11:51:56 CET 2011 - jsmeix@suse.de because foomatic-rip is only needed by CUPS in a few cases and printer driver packages which need foomatic-rip require foomatic-filters on their own. - + ------------------------------------------------------------------- Fri Jan 14 14:25:39 CET 2011 - jsmeix@suse.de @@ -1064,7 +1234,7 @@ Wed Jun 4 11:35:27 CEST 2008 - kssingvo@suse.de ------------------------------------------------------------------- Mon May 19 21:35:24 CEST 2008 - kssingvo@suse.de -- added pdftops_any for 11.0 to Requires: (bugzilla#378434) +- added pdftops_any for 11.0 to Requires: (bugzilla#378434) ------------------------------------------------------------------- Thu May 15 11:53:11 CEST 2008 - kssingvo@suse.de @@ -1099,7 +1269,7 @@ Wed Apr 16 12:06:57 CEST 2008 - kssingvo@suse.de Fri Apr 11 11:06:33 CEST 2008 - ro@suse.de - explicitly specify pdftops binary for configure to avoid - adding buildrequires just for a binary path + adding buildrequires just for a binary path ------------------------------------------------------------------- Thu Apr 10 20:38:26 CEST 2008 - coolo@suse.de @@ -1161,7 +1331,7 @@ Thu Mar 6 10:56:10 CET 2008 - kssingvo@suse.de ------------------------------------------------------------------- Fri Feb 29 13:37:18 CET 2008 - kssingvo@suse.de -- update to version 1.3.6: +- update to version 1.3.6: * Documentation updates * Fixed a problem with the web interface "Use Kerberos Authentication" check box @@ -1308,14 +1478,14 @@ Mon Jan 7 19:39:28 CET 2008 - kssingvo@suse.de ------------------------------------------------------------------- Wed Dec 19 18:42:19 CET 2007 - crivera@suse.de -- Add dbus-1-devel to the BuildRequires. +- Add dbus-1-devel to the BuildRequires. ------------------------------------------------------------------- Mon Dec 17 21:10:37 CET 2007 - crivera@suse.de - Add the --enable-dbus flag to the configure line to send DBUS signals out for queue change events. This helps - fix 345163. + fix 345163. ------------------------------------------------------------------- Wed Nov 7 12:05:41 CET 2007 - kssingvo@suse.de @@ -1766,7 +1936,7 @@ Tue Nov 7 14:44:54 CET 2006 - kssingvo@suse.de - Upgrade to 1.2.6 (bugfix version): * "lpc status" did not show the number of queued jobs for disabled queues * The lpstat program could hang - * The serial backend did not support the new USB serial filenames on Linux + * The serial backend did not support the new USB serial filenames on Linux * The parallel backend did not support bidirectional I/O properly * The network backends now log the numeric address that is being used * Fixed a compile error when using libpaper @@ -1937,72 +2107,72 @@ Thu Sep 14 14:07:57 CEST 2006 - kssingvo@suse.de Tue Jul 25 19:21:19 CEST 2006 - kssingvo@suse.de - upgrade to version 1.2.2, which fixes several build, platform, notification, and printing bugs. Changes include: - * Documentation updates - * CUPS didn't know about alternate character set names for Asian text + * Documentation updates + * CUPS didn't know about alternate character set names for Asian text * The lpoptions -o and -r options did not work unless you specified a printer. - * The lpoptions command incorrectly allowed users to set printer attributes like printer-type - * httpWait() did not flush the write buffer, causing "bad request" errors when communicating with CUPS 1.1.x servers + * The lpoptions command incorrectly allowed users to set printer attributes like printer-type + * httpWait() did not flush the write buffer, causing "bad request" errors when communicating with CUPS 1.1.x servers * Polling did not sanitize the printer description, location, or make and model strings like broadcasts did. * Polled printers did not show the server's default job-sheets option value. - * The Samba password prompt was not properly localized - * Added a German translation + * The Samba password prompt was not properly localized + * Added a German translation * The scheduler now creates self-signed SSL certficates automatically when using OpenSSL and CDSA for encryption, just as for GNU TLS. - * The SNMP backend sporatically reported some printers as "unknown" + * The SNMP backend sporatically reported some printers as "unknown" * The scheduler now forces BrowseTimeout to be at least twice the BrowseInterval value and non-zero to avoid common configuration errors. - * The scheduler incorrectly returned printer URIs of the form "ipp://server/printers/classname" for classes - * Updated Japanese localization - * The scheduler's SSL certificate/key directory was not created on installation - * Added a mailto.conf man page and help page - * The parallel and USB backends no longer wait for the printer to go on-line - this caused problems with certain printers that don't follow with the IEEE-1284 standard - * The scheduler could crash on a reload when implicit classes were present - * The IPP backend incorrectly used the CUPS_ENCRYPTION environment variable to determine the default encryption mode when printing - * USB printing did not work on Solaris - * The scheduler sorted job priorities in the wrong order - * The scheduler did not automatically restart notifiers that exited or crashed - * IPv6 support did not work on NetBSD - * The EPM packaging file did not work - * The scheduler used up the CPU if BrowseRemoteProtocols was empty - * Custom page sizes did not work - * The SNMP backend could crash on some systems when SNMP logging was enabled - * Browsing could produce some funny printer names when ServerName was set to an IP address - * Fixed the log message for BrowseRelay - * Fixes to allow CUPS to compile on MirBSD - * The scheduler incorrectly set the FINAL_CONTENT_TYPE environment variable - * The pdftops filter incorrectly embedded a "produced by" comment, causing PDF printing not to work on some operating systems - * Sending raw jobs from a client system could cause the client's scheduler to eventually crash + * The scheduler incorrectly returned printer URIs of the form "ipp://server/printers/classname" for classes + * Updated Japanese localization + * The scheduler's SSL certificate/key directory was not created on installation + * Added a mailto.conf man page and help page + * The parallel and USB backends no longer wait for the printer to go on-line - this caused problems with certain printers that don't follow with the IEEE-1284 standard + * The scheduler could crash on a reload when implicit classes were present + * The IPP backend incorrectly used the CUPS_ENCRYPTION environment variable to determine the default encryption mode when printing + * USB printing did not work on Solaris + * The scheduler sorted job priorities in the wrong order + * The scheduler did not automatically restart notifiers that exited or crashed + * IPv6 support did not work on NetBSD + * The EPM packaging file did not work + * The scheduler used up the CPU if BrowseRemoteProtocols was empty + * Custom page sizes did not work + * The SNMP backend could crash on some systems when SNMP logging was enabled + * Browsing could produce some funny printer names when ServerName was set to an IP address + * Fixed the log message for BrowseRelay + * Fixes to allow CUPS to compile on MirBSD + * The scheduler incorrectly set the FINAL_CONTENT_TYPE environment variable + * The pdftops filter incorrectly embedded a "produced by" comment, causing PDF printing not to work on some operating systems + * Sending raw jobs from a client system could cause the client's scheduler to eventually crash * The scheduler now checks that the notifier exists prior to accepting a new subscription request. * The scheduler now reports the supported notify-recipient schemes based on the contents of the ServerBin/notifier directory. - * Event notifications did not include the notify-sequence-number or other required attributes - * Allow/Deny addresses of the form "11.22.33.*" did not work on Linux - * cupsGetPPD() did not work if the scheduler was only listening on a domain socket - * The scheduler could crash advertising a class - * The scheduler could crash if the default printer was deleted + * Event notifications did not include the notify-sequence-number or other required attributes + * Allow/Deny addresses of the form "11.22.33.*" did not work on Linux + * cupsGetPPD() did not work if the scheduler was only listening on a domain socket + * The scheduler could crash advertising a class + * The scheduler could crash if the default printer was deleted * Added a new default CUPS raster format (v3) which does not compress the raster stream in order to provide the same cupsRasterReadPixels() and cupsRasterWritePixels() performance as CUPS 1.1.x. * The cupsaddsmb man page listed the wrong files for the CUPS driver. - * Some configure --with options did not work - * "Allow @IF(name)" didn't work if "name" wasn't the first network interface - * The lpstat command did not use the correct character set when reporting the date and time - * The cupsaddsmb command and web interface did not update the Windows PPD files properly, resulting in corrupt PPD files for the Windows client to use - * The cupsd.conf man page didn't describe the Listen domain socket syntax + * Some configure --with options did not work + * "Allow @IF(name)" didn't work if "name" wasn't the first network interface + * The lpstat command did not use the correct character set when reporting the date and time + * The cupsaddsmb command and web interface did not update the Windows PPD files properly, resulting in corrupt PPD files for the Windows client to use + * The cupsd.conf man page didn't describe the Listen domain socket syntax * The scheduler no longer tries to support more than FD_SETSIZE file descriptors. * CDSA (encryption) support fixes for MacOS X. - * The lppasswd program needs to be setuid to root to create and update the /etc/cups/passwd.md5 file - * 32/64-bit library installation was broken + * The lppasswd program needs to be setuid to root to create and update the /etc/cups/passwd.md5 file + * 32/64-bit library installation was broken * The USB backend now reports a "no such device" error when using the old filename-based USB URIs instead of the "success" error. - * Increased the HTTP and IPP read timeouts to 10 seconds, as 1 second was too short on congested networks - * The SNMP backend now uses the device description over the printer-make-and-model attribute when the attribute contains a generic name - * Fixed another file descriptor leak when printing raw files - * Raw queues were not shared via LDAP - * The pstops filter didn't always embed PageSetup commands from the PPD file + * Increased the HTTP and IPP read timeouts to 10 seconds, as 1 second was too short on congested networks + * The SNMP backend now uses the device description over the printer-make-and-model attribute when the attribute contains a generic name + * Fixed another file descriptor leak when printing raw files + * Raw queues were not shared via LDAP + * The pstops filter didn't always embed PageSetup commands from the PPD file * "make install" didn't work if you disabled all of the localizations. * The scheduler didn't always choose the least costly filter. - * Fixed parsing of IPv6 addresses in Allow, Deny, BrowseAllow, BrowseDeny, and BrowseRelay directives - * Printers that were shared via LDAP did not get added to the LDAP server properly - * LDAP browsing would crash the scheduler if a required value was missing - * Special cases for the "localhost" hostname did not work, causing printing to not work when the /etc/hosts file did not contain a localhost entry - * Updated the Spanish translation - * Reverse-order page output was broken when N-up or landscape orientations were used - * The parallel, serial, socket, and USB backends needed print data before they would report back-channel data, causing problems with several new drivers + * Fixed parsing of IPv6 addresses in Allow, Deny, BrowseAllow, BrowseDeny, and BrowseRelay directives + * Printers that were shared via LDAP did not get added to the LDAP server properly + * LDAP browsing would crash the scheduler if a required value was missing + * Special cases for the "localhost" hostname did not work, causing printing to not work when the /etc/hosts file did not contain a localhost entry + * Updated the Spanish translation + * Reverse-order page output was broken when N-up or landscape orientations were used + * The parallel, serial, socket, and USB backends needed print data before they would report back-channel data, causing problems with several new drivers - fixed randomly crash when testing many PPD files (bugzilla#193354) ------------------------------------------------------------------- @@ -2147,7 +2317,7 @@ Thu Jun 30 18:37:37 CEST 2005 - uli@suse.de ------------------------------------------------------------------- Mon Jun 20 17:20:31 CEST 2005 - ro@suse.de -- build as PIE +- build as PIE ------------------------------------------------------------------- Wed Jun 15 18:11:53 CEST 2005 - mfabian@suse.de @@ -2544,7 +2714,7 @@ Tue Apr 29 10:00:36 CEST 2003 - kssingvo@suse.de ------------------------------------------------------------------- Wed Apr 9 12:09:56 CEST 2003 - kssingvo@suse.de -- added patch for cgi-interface: hostname is now mapped to localhost +- added patch for cgi-interface: hostname is now mapped to localhost - updated PrintAnalyzer script ------------------------------------------------------------------- @@ -2592,7 +2762,7 @@ Wed Feb 26 17:20:33 CET 2003 - kssingvo@suse.de ------------------------------------------------------------------- Wed Feb 26 16:54:55 CET 2003 - ro@suse.de -- fix filelist (file listed twice) +- fix filelist (file listed twice) ------------------------------------------------------------------- Wed Feb 26 14:34:38 CET 2003 - kssingvo@suse.de @@ -2688,7 +2858,7 @@ Tue Sep 10 12:38:47 CEST 2002 - ro@suse.de ------------------------------------------------------------------- Thu Sep 5 22:25:25 CEST 2002 - ro@suse.de -- fix postinstall +- fix postinstall ------------------------------------------------------------------- Thu Sep 5 16:12:02 CEST 2002 - kssingvo@suse.de @@ -2775,7 +2945,7 @@ Tue Jul 9 21:11:53 CEST 2002 - kssingvo@suse.de Tue Jul 2 16:57:33 CEST 2002 - kssingvo@suse.de - added symbolic link /usr/bin/lpc (bugzilla #16652) -- changed umask in rccups (bugzilla #16567) +- changed umask in rccups (bugzilla #16567) ------------------------------------------------------------------- Thu Jun 13 20:00:27 MEST 2002 - draht@suse.de @@ -2816,7 +2986,7 @@ Thu Apr 18 17:30:40 CEST 2002 - kssingvo@suse.de ------------------------------------------------------------------- Wed Apr 10 11:18:40 CEST 2002 - ro@suse.de -- don't call autoreconf, we can't use autoheader and automake here +- don't call autoreconf, we can't use autoheader and automake here ------------------------------------------------------------------- Tue Feb 26 11:29:00 CET 2002 - kssingvo@suse.de @@ -2885,8 +3055,8 @@ Mon Jan 21 15:40:50 CET 2002 - schwab@suse.de ------------------------------------------------------------------- Tue Jan 8 14:02:01 CET 2002 - pblahos@suse.cz -- cups-client does not provide print_daemon anymore. print_daemon - is required by aps but cups-client does not satisfy aps +- cups-client does not provide print_daemon anymore. print_daemon + is required by aps but cups-client does not satisfy aps regarding this. - START_CUPS variable removed - up to 1.1.12 @@ -3033,12 +3203,12 @@ Fri Mar 23 16:42:05 CET 2001 - kendy@suse.cz ------------------------------------------------------------------- Mon Feb 26 14:31:15 CET 2001 - mhafner@suse.de -- update to 1.1.6-3 (fixing several security issues) +- update to 1.1.6-3 (fixing several security issues) ------------------------------------------------------------------- Tue Jan 30 09:27:36 CET 2001 - mhafner@suse.de -- update to 1.1.6 (fixes possible DoS attack) +- update to 1.1.6 (fixes possible DoS attack) ------------------------------------------------------------------- Mon Jan 8 13:54:58 MET 2001 - bjacke@suse.de @@ -3048,27 +3218,27 @@ Mon Jan 8 13:54:58 MET 2001 - bjacke@suse.de ------------------------------------------------------------------- Fri Dec 22 11:56:46 MET 2000 - mhafner@suse.de -- update to version 1.1.5 +- update to version 1.1.5 ------------------------------------------------------------------- Mon Dec 4 15:51:50 MET 2000 - mhafner@suse.de -- cups configuration changed - Browsing now Off by default - +- cups configuration changed - Browsing now Off by default + ------------------------------------------------------------------- Thu Nov 30 10:29:44 MET 2000 - mhafner@suse.de -- added DVI filter +- added DVI filter ------------------------------------------------------------------- Wed Nov 29 18:56:40 CET 2000 - ro@suse.de -- fixed spec +- fixed spec ------------------------------------------------------------------- Tue Nov 28 18:21:53 CET 2000 - ro@suse.de - -- fixed startscript + +- fixed startscript ------------------------------------------------------------------- Fri Nov 24 13:29:07 MET 2000 - mhafner@suse.de @@ -3118,7 +3288,7 @@ Thu Sep 14 11:06:33 CEST 2000 - mhafner@suse.de ------------------------------------------------------------------- Wed Sep 13 16:20:40 CEST 2000 - mhafner@suse.de -- fixed directory structure +- fixed directory structure - added links to lpd and rclpd ------------------------------------------------------------------- diff --git a/cups.init b/cups.init deleted file mode 100644 index 56b330d..0000000 --- a/cups.init +++ /dev/null @@ -1,169 +0,0 @@ -#! /bin/bash -# -# Copyright (C) 1995-2001 SuSE GmbH Nuernberg, Germany. -# Copyright (C) 2002 SuSE Linux AG, Nuernberg, Germany. -# Copyright (C) 2002--2008 Klaus Singvogel, SUSE / Novell Inc. -# Copyright (C) 2010 Johannes Meixner, SUSE LINUX Products GmbH -# -# Author: Kurt Garloff, 2000 -# Klaus Singvogel, 2002--2008 -# Johannes Meixner, 2010 -# -# /etc/init.d/cups -# and its symbolic link -# /usr/sbin/rccups -# -# System startup script for the CUPS printer daemon -# -### BEGIN INIT INFO -# Provides: cupsd -# Required-Start: $local_fs $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: dbus $named $portmap ptal slpd printbill -# Should-Stop: $portmap -# Default-Start: 2 3 5 -# Default-Stop: 0 1 6 -# Short-Description: CUPS printer daemon -# Description: Start CUPS to provide spooling and printing files -# functionality for local and remote printers. Also required if -# printers are broadcasted ("Browsing") by remote CUPS servers. -### END INIT INFO - -# Return values acc. to LSB for all commands but status: -# 0 - success -# 1 - generic or unspecified error -# 2 - invalid or excess argument(s) -# 3 - unimplemented feature (e.g. "reload") -# 4 - insufficient privilege -# 5 - program is not installed -# 6 - program is not configured -# 7 - program is not running -# -# Note that starting an already running service, stopping -# or restarting a not-running service as well as the restart -# with force-reload (in case signalling is not supported) are -# considered a success. - -# Source SuSE config, only if exists with size greater zero -test -s /etc/rc.config && . /etc/rc.config - -# Shell functions sourced from /etc/rc.status: -# rc_check check and set local and overall rc status -# rc_status check and set local and overall rc status -# rc_status -v ditto but be verbose in local rc status -# rc_status -v -r ditto and clear the local rc status -# rc_failed set local and overall rc status to failed -# rc_failed set local and overall rc status to -# rc_reset clear local rc status (overall remains) -# rc_exit exit appropriate to overall rc status -if test -s /etc/rc.status -then . /etc/rc.status -else exit 1 -fi -# Reset status of this service: -rc_reset - -CUPSD_BIN=/usr/sbin/cupsd -test -x $CUPSD_BIN || exit 5 -# Get CUPSD_OPTIONS -test -s /etc/sysconfig/cups && . /etc/sysconfig/cups - -# Enforce default umask to avoid problems with wrong file permissions -# for example of /etc/printcap (see Novell/Suse Bugzilla bnc#31567). -umask 022 - -case "$1" in - start) - echo -n "Starting cupsd" - ## Start daemon with startproc(8). - ## If this fails the echo return value is set appropriate. - # NOTE: startproc return 0, even if service is - # already running to match LSB spec. - startproc $CUPSD_BIN $CUPSD_OPTIONS - # Remember status and be verbose: - rc_status -v - ;; - stop) - echo -n "Shutting down cupsd" - ## Stop daemon with killproc(8). - ## If this fails the echo return value is set appropriate. - # NOTE: killproc with explicite signal specified - # like "killproc -TERM" sends only SIGTERM and exits - # to match LSB spec. (see Novell/Suse Bugzilla bnc#595796). - # Without explicite signal the default signal SIGTERM is sent - # and afterwards killproc waits by default only up to 5 seconds - # before killproc sends SIGKILL if cupsd has not yet terminated. - # Wait at most 10 seconds until the cupsd does actually no longer run - # so that the cupsd should have sufficient time for its clean up: - killproc -t 10 $CUPSD_BIN - # Remember status and be verbose: - rc_status -v - ;; - try-restart) - ## Stop the service and if this succeeds (i.e. the - ## service was running before), start it again. - ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) - $0 status >/dev/null && $0 restart - # Remember status and be quiet: - rc_status - ;; - restart) - ## Stop the service and regardless of whether it was - ## running or not, start it again. - $0 stop - # The above waits at most 10 seconds until the cupsd does actually no longer run - # otherwise "startproc $CUPSD_BIN" would not start a new cupsd - # (see Novell/Suse Bugzilla bnc#622058). - # Start a new cupsd: - $0 start - # Remember status and be quiet: - rc_status - ;; - force-reload) - ## Signal the daemon to reload its config. - ## Most daemons do this on signal 1 (SIGHUP). - ## If it does not support it, restart. - if ps -C cupsd -o user | grep -q '^root$' - then echo -n "Reload service cupsd" - killproc -HUP $CUPSD_BIN - rc_status -v - else $0 restart - fi - ;; - reload) - ## Like force-reload, but if daemon does not support - ## signalling, do nothing. - # If it supports signalling: - if ps -C cupsd -o user | grep -q '^root$' - then echo -n "Reload service cupsd" - killproc -HUP $CUPSD_BIN - rc_status -v - else echo -n '"reload" not possible (cupsd does not run as user root) use "restart" instead' - rc_status -s - fi - ;; - status) - echo -n "Checking for cupsd: " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - # Status has a slightly different for the status command: - # 0 - service running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running - # NOTE: checkproc returns LSB compliant status values. - checkproc $CUPSD_BIN - rc_status -v - ;; - probe) - ## Optional: Probe for the necessity of a reload, - ## give out the argument which is required for a reload. - rc_failed 3 - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; -esac -rc_exit - diff --git a/cups.spec b/cups.spec index 206d705..6fd726c 100644 --- a/cups.spec +++ b/cups.spec @@ -1,7 +1,7 @@ # # spec file for package cups # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,113 +16,85 @@ # +# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 +%{!?_tmpfilesdir: %global _tmpfilesdir %{_libexecdir}/tmpfiles.d } Name: cups +Version: 2.0.2 +Release: 0 +Summary: The Common UNIX Printing System +License: GPL-2.0 and LGPL-2.1 +Group: Hardware/Printing +Url: http://www.cups.org/ +Source0: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 +Source102: Postscript.ppd.gz +Source105: Postscript-level1.ppd.gz +Source106: Postscript-level2.ppd.gz +Source108: cups-client.conf +Source109: baselibs.conf +# Patch0...Patch9 is for patches from upstream: +# Source10...Source99 is for sources from SUSE which are intended for upstream: +# Patch10...Patch99 is for patches from SUSE which are intended for upstream: +# Patch10 cups-1.2rc1-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: +Patch10: cups-1.2rc1-template.patch +# Patch11 cups-1.4.3-default-webcontent-path.patch changes the default path whereto the +# web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent +# because the files of the CUPS web content are no documentation, see CUPS STR #3578 +# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: +Patch11: cups-1.4.3-default-webcontent-path.patch +# Patch12 cups-systemd-socket.patch Use systemd socket activation properly +Patch12: cups-systemd-socket.patch +# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: +# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: +Patch100: cups-pam.diff +# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy +# to cupsd.conf see https://fate.novell.com/303515 +Patch101: cups-1.7-additional_policies.patch +# Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: +Patch102: cups-1.3.9-desktop_file.patch +# Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch +# reverts the change which was added by Michael Sweet in Jan 2007 +# which strips the word "recommended" from NickName in PPDs because +# at least yast2-printer in SUSE needs it, compare the +# 'Why not "recommend" PPDs in the NickName?' and the subsequent +# 'RFC: New Driver Rating/Information Attributes' mail thread on cups@easysw.com: +Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch +# Patch104 cups-config-libs.patch fixes option --libs in cups-config script: +Patch104: cups-config-libs.patch BuildRequires: dbus-1-devel BuildRequires: fdupes BuildRequires: gcc-c++ -# Use krb5-mini-devel to avoid this cycle in the build system: -# cups -> krb5 -> python-Jinja2 -> vim -> gtk2 -> cups -# Because krb5-mini-devel is not available for SLE11 -# krb5-devel must be used for SLE11 builds. -# Also for SLE12 krb5-devel must be used because -# in contrast to IBS where krb5-mini-devel is available for build in SUSE:SLE-12:GA -# in OBS it cannot build for SLE_12 with "unresolvable: nothing provides krb5-mini-devel". -# See http://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto -# for the appropriate suse_version values: -%if 0%{?suse_version} == 1110 || 0%{?suse_version} == 1315 +BuildRequires: gnutls-devel BuildRequires: krb5-devel -%else -BuildRequires: krb5-mini-devel -%endif +BuildRequires: libavahi-devel +BuildRequires: libgcrypt-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel -# Have libtool as explicit buildrequirement to no longer depend -# on a "hidden" buildrequirement in the OBS project definition: BuildRequires: libtool -BuildRequires: openldap2-devel -BuildRequires: openslp-devel -BuildRequires: openssl-devel +BuildRequires: libusb-1_0-devel BuildRequires: pam-devel BuildRequires: pkgconfig -# The "BuildRequires: poppler-tools" installs /usr/bin/pdftops for the -# check in config-scripts/cups-pdf.m4 regarding HAVE_PDFTOPS_WITH_ORIGPAGESIZE -# see https://www.cups.org/str.php?L3689 -# If the installed /usr/bin/pdftops in the build system is new enough -# to support the "-origpagesizes" option it results that the CUPS filter -# /usr/lib/cups/filter/pdftops is built so that it uses "-origpagesizes" -# when calling /usr/bin/pdftops otherwise it falls back to not use "-origpagesizes" -# but those fallback would result wrong PostScript output since poppler > 0.18.0 -# see https://bugzilla.novell.com/show_bug.cgi?id=776080 -BuildRequires: poppler-tools -BuildRequires: tcpd-devel BuildRequires: update-desktop-files BuildRequires: zlib-devel -# See http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines -# that reads as of this writing (Thu Feb 13 12:20:32 CET 2014) -# where here the RPM macro percentage sign is replaced with '@' to be safe: -# Starting with openSUSE 12.1, several RPM macros -# must be used to package systemd services files -# Build Requirement -# You should add : -# @if 0@{?suse_version} >= 1210 -# BuildRequires: systemd -# @endif -# as Build Requires. -# Requires -# Add -# @{?systemd_requires} -# to ensure the needed dependencies are added to your package -%if 0%{?suse_version} >= 1210 -%define have_systemd 1 -%endif -%if 0%{?have_systemd} BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(systemd) -%{?systemd_requires} -# _tmpfilesdir is not defined in systemd macros up to openSUSE 12.3 and -# in openSUSE 13.1 "rpm --eval @{_tmpfilesdir}" results /usr/lib/tmpfiles.d -# (above the RPM macro percentage sign is replaced with '@' to be safe): -%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } -%else -PreReq: %insserv_prereq -PreReq: %fillup_prereq -%endif -# sysvinit(syslog) is first provided in openSUSE:Factory (i.e. openSUSE 11.4): -%if 0%{?suse_version} > 1130 -PreReq: sysvinit(syslog) -%endif -PreReq: /usr/sbin/groupadd -PreReq: fileutils -PreReq: sh-utils -PreReq: textutils -Url: http://www.cups.org/ -Summary: The Common UNIX Printing System -License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 -Group: Hardware/Printing -Version: 1.5.4 -Release: 0 -# Source0...Source9 is for sources from upstream: -# URL for Source0: http://www.cups.org/software/1.5.4/cups-1.5.4-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php de3006e5cf1ee78a9c6145ce62c4e982 -# The Source0 URL must be valid, otherwise the factory-auto check script errors out -# with "Failed to download ... Source URLs are not valid.": -Source0: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 -# Require the exact matching version-release of the cups-libs sub-package because -# non-matching CUPS libraries may let CUPS software crash (e.g. segfault) -# because all CUPS software is built from the one same CUPS source tar ball -# so that there are CUPS-internal dependencies via CUPS private API calls -# (which do not happen for third-party software which uses only the CUPS public API). -# The exact matching version-release of the cups-libs sub-package is available +# Require the exact matching version-release of the cups-client and cups-libs +# sub-package because because all CUPS software is built from the one same +# CUPS source tar ball do that there could be whatever subtle CUPS-internal +# dependencies. +# The exact matching version-release of the cups-client sub-package is available # on the same package repository where the cups package is because # all are built simulaneously from the same cups source package # and all required packages are provided on the same repository: +Requires: cups-client = %{version}-%{release} Requires: cups-libs = %{version}-%{release} -# Strictly speaking the cupsd in the package cups could run without the client tools -# but this would be a too crippled use case so that a strict RPM Requires is justified: -Requires: cups-client = %{version} -# Inherited RPM Requires from the past but I (jsmeix@suse.de) do not know the reason for it: -Requires: util-linux +Requires(pre): %{_sbindir}/groupadd +Requires(pre): coreutils +# Since CUPS 1.6 all non-Mac filters are dropped +Recommends: cups-filters +# Our Source105 PSLEVEL1.PPD.bz2 and Source106 PSLEVEL2.PPD.bz2 need foomatic-rip +# but this does not justify a RPM Requires so that a weak Recommends is sufficient: +Recommends: foomatic-filters # The Ghostscript device "cups" is needed by several CUPS filters # (in particular the "rasterto..." filters) which might justify a RPM Requires. # But a RPM requirement for ghostscript would cause a build dependency cycle because @@ -133,105 +105,14 @@ Requires: util-linux # (e.g. on client systems in the network where the filtering hapens on a CUPS server # or on a CUPS server with only "raw" queues) so that a weak Recommends fits better: Recommends: ghostscript -# The CUPS filter /usr/lib/cups/filter/pdftops is a wrapper which calls /usr/bin/pdftops -# (see the configure setting '--with-pdftops=pdftops') so that this -# might justify a RPM Requires but this CUPS filter is not used on all systems -# (e.g. on client systems in the network where the filtering hapens on a CUPS server -# or on a CUPS server with only "raw" queues) so that a weak Recommends is sufficient: -Recommends: /usr/bin/pdftops -# Our Source105 PSLEVEL1.PPD.bz2 and Source106 PSLEVEL2.PPD.bz2 need foomatic-rip -# but this does not justify a RPM Requires so that a weak Recommends is sufficient: -Recommends: foomatic-filters -# Conflicts with other print spoolers which provide same binaries like /usr/bin/lp and so on -# or which may listen on the same port (e.g. cups-lpd versus traditional lpd on port 515): +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%{?systemd_requires} +# Conflicts with other print spoolers which provide same binaries like +# /usr/bin/lp and so on or which may listen on the same port (e.g. cups-lpd +# versus traditional lpd on port 515): Conflicts: lprng Conflicts: lprold Conflicts: plp -# Patch0...Patch9 is for patches from upstream: -# Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: -# Patch10...Patch99 is for patches from Novell/openSUSE which are intended for upstream: -# Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: -Patch10: cups-1.2rc1-template.patch -# Patch11 changes the default path whereto the web content is installed -# from /usr/share/doc/cups to /usr/share/cups/webcontent because the -# files of the CUPS web content are no documentation, see CUPS STR #3578 -# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: -Patch11: cups-1.4.3-default-webcontent-path.patch -# Source100...Source999 is for private sources from Novell/openSUSE which are not intended for upstream: -Source101: cups.init -Source102: postscript.ppd.bz2 -Source103: cups.sysconfig -Source104: cups.xinetd -Source105: PSLEVEL1.PPD.bz2 -Source106: PSLEVEL2.PPD.bz2 -Source108: cups-client.conf -Source109: baselibs.conf -# Patch100...Patch999 is for private patches from Novell/openSUSE which are not intended for upstream: -# Patch100 adds conf/pam.suse regarding support for PAM for Novell/openSUSE: -Patch100: cups-pam.diff -# Patch101 adds 'Allow 127.0.0.2' to cupsd.conf -# to allow access for the loopback IP address 127.0.0.2 -# which is set for the hostname by Novell/openSUSE in /etc/hosts -Patch101: cups-1.3.6-access_conf.patch -# Patch102 changes desktop/cups.desktop according to what Novell/openSUSE needs: -Patch102: cups-1.3.9-desktop_file.patch -# Patch103 reverts the change which was added by Michael Sweet in Jan 2007 -# which strips the word "recommended" from NickName in PPDs because -# at least yast2-printer in Novell/openSUSE needs it, compare the -# 'Why not "recommend" PPDs in the NickName?' and the subsequent -# 'RFC: New Driver Rating/Information Attributes' mail thread on cups@easysw.com: -Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch -# Patch104 adds the 'allowallforanybody' policy to cupsd.conf -# see https://fate.novell.com/303515 -Patch104: cups-1.5-additional_policies.patch -# Patch105 adds complete systemd support (see http://www.cups.org/str.php?L3917): -Patch105: cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch -# Patch106 fixes option --libs in cups-config script: -Patch106: cups-config-libs.patch -# Patch107 provides cupsd.service in cups.service -Patch107: cups-provides-cupsd-service.patch -# Patch108 cups-move-everything-to-run.patch (move pid, socket and lock files to /run) -# Explanation that I got via mail from Robert Milasan (quotation): -# the changes are due to systemd. Systemd needs /run and in our case -# openSUSE we bind /run to /var/run which at boot time can created -# issues, meaning /var/run is used before being binded to /run. -# All apps should use /run and /run/lock instead of /var/run and /var/lock. -# In other distro's they links /run to /var/run and /run/lock -# to /var/lock, but we don't, so it's better to move everything -# and yes upstream should do the same. Please also check: -# http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html -Patch108: cups-move-everything-to-run.patch -# Patch109 fixes STR #4190: Send-Document failure ignored -# (also applies to client-error-not-authorized) -Patch109: str4190.patch -# Patch110 avoids any possible busy loop in cups-polld in case of unusual issues -# by sleeping interval seconds see https://bugzilla.novell.com/show_bug.cgi?id=828228 -Patch110: cups-polld_avoid_busy_loop.patch -# Patch111 fixes the cups.socket systemd unit file from Patch105 to be more secure -# so that systemd listens only on localhost (i.e. where the cupsd itself listens by default) -# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c24 -# Patch111 must be applied on top of Patch105. -Patch111: cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch -# Patch112 changes the cups.service systemd unit file from Patch105 to be more secure -# and to let the cupsd again work as it did all the time for printing in a network -# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61 -# Patch111 must be applied on top of Patch105. -Patch112: cups-0003-systemd-secure-cups.service-unit-file.patch -# Patch113 adds protection against privilege escalation by non-root users -# who have been allowed by root to do CUPS configuration changes -# (CUPS STR#4223 CVE-2012-5519 Novell/Suse Bugzilla bnc#789566): -Patch113: cups-1.5.4-CVE-2012-5519.patch -# Patch114 fixes STR #4351: cups-lpd hugh jobs (>2G) fail -Patch114: str4351.patch -# Patch115 fixes STR #4388: no or malformed output from lpstat in charset other than utf-8 -Patch115: cups-1.5.4-strftime.patch -# Patch116 fixes that the web interface incorrectly served symlinked files -# and files that were not world-readable, potentially leading to -# a disclosure of information (CVE-2014-3537 STR #4450 bnc#887240 -# plus the subsequent CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR #4455): -Patch116: str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch -# Install into this non-root directory (required when norootforbuild is used): -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The Common UNIX Printing System (CUPS) is the @@ -239,17 +120,20 @@ standards-based, open source printing system. See http://www.cups.org +Starting with cups 1.6 there were major changes as the filters +were split to cups-filters package developed independently and +default standard was changed. + +Cups 1.6 and newer also no longer supports automatic remote printers or +implicit classes via the CUPS, LDAP, or SLP protocols, i.e. "network +browsing". This is now handled by cups-browsed service. %package libs Summary: Libraries for CUPS -License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 +License: GPL-2.0 and LGPL-2.1 Group: Hardware/Printing # Prerequire /sbin/ldconfig which is used in the traditional bash scriptlets for post/postun: -PreReq: /sbin/ldconfig -# https://bugzilla.novell.com/show_bug.cgi?id=437293 -%ifarch ppc64 -Obsoletes: cups-libs-64bit -%endif +Requires(pre): /sbin/ldconfig %description libs The Common UNIX Printing System (CUPS) is the @@ -257,18 +141,18 @@ standards-based, open source printing system. See http://www.cups.org -This package contains libraries needed by CUPS -and other packages. +Starting with cups 1.6 there were major changes as the filters +were split to cups-filters package developed independently and +default standard was changed. +Cups 1.6 and newer also no longer supports automatic remote printers or +implicit classes via the CUPS, LDAP, or SLP protocols, i.e. "network +browsing". This is now handled by cups-browsed service. %package client Summary: CUPS Client Programs -License: SUSE-GPL-2.0-with-openssl-exception +License: GPL-2.0 Group: Hardware/Printing -# Conflicts with other print spoolers which provide same binaries like /usr/bin/lp and so on: -Conflicts: lprng -Conflicts: lprold -Conflicts: plp # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) # because all CUPS software is built from the one same CUPS source tar ball @@ -279,6 +163,10 @@ Conflicts: plp # all are built simulaneously from the same cups source package # and all required packages are provided on the same repository: Requires: cups-libs = %{version}-%{release} +# Conflicts with other print spoolers which provide same binaries like /usr/bin/lp and so on: +Conflicts: lprng +Conflicts: lprold +Conflicts: plp %description client The Common UNIX Printing System (CUPS) is the @@ -286,13 +174,17 @@ standards-based, open source printing system. See http://www.cups.org -This package contains all programs needed -for running a CUPS client, not a server. +Starting with cups 1.6 there were major changes as the filters +were split to cups-filters package developed independently and +default standard was changed. +Cups 1.6 and newer also no longer supports automatic remote printers or +implicit classes via the CUPS, LDAP, or SLP protocols, i.e. "network +browsing". This is now handled by cups-browsed service. %package devel Summary: Development Environment for CUPS -License: SUSE-GPL-2.0-with-openssl-exception +License: GPL-2.0 Group: Development/Libraries/C and C++ # Do not require the exact matching version-release of cups-libs # but only a cups-libs package with matching version because @@ -301,10 +193,6 @@ Group: Development/Libraries/C and C++ # (the latter would require the exact matching cups-libs version-release): Requires: cups-libs = %{version} Requires: glibc-devel -# https://bugzilla.novell.com/show_bug.cgi?id=437293 -%ifarch ppc64 -Obsoletes: cups-devel-64bit -%endif %description devel The Common UNIX Printing System (CUPS) is the @@ -312,12 +200,17 @@ standards-based, open source printing system. See http://www.cups.org -This is the development package. +Starting with cups 1.6 there were major changes as the filters +were split to cups-filters package developed independently and +default standard was changed. +Cups 1.6 and newer also no longer supports automatic remote printers or +implicit classes via the CUPS, LDAP, or SLP protocols, i.e. "network +browsing". This is now handled by cups-browsed service. %package ddk Summary: CUPS Driver Development Kit -License: SUSE-GPL-2.0-with-openssl-exception +License: GPL-2.0 Group: Hardware/Printing Requires: cups = %{version} Requires: cups-devel = %{version} @@ -338,77 +231,55 @@ a suite of standard drivers, a PPD file compiler, and other utilities that can be used to develop printer drivers for CUPS. +Starting with cups 1.6 there were major changes as the filters +were split to cups-filters package developed independently and +default standard was changed. + +Cups 1.6 and newer also no longer supports automatic remote printers or +implicit classes via the CUPS, LDAP, or SLP protocols, i.e. "network +browsing". This is now handled by cups-browsed service. %prep -# Be quiet when unpacking: -%setup -q -n cups-%{version} +%setup -q # Patch0...Patch9 is for patches from upstream: -# Patch10...Patch99 is for patches from Novell/openSUSE which are intended for upstream: -# Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: +# Patch10...Patch99 is for patches from SUSE which are intended for upstream: +# Patch10 cups-1.2rc1-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl: %patch10 -p1 -# Patch11 changes the default path whereto the web content is installed -# from /usr/share/doc/cups to /usr/share/cups/webcontent because the -# files of the CUPS web content are no documentation, see CUPS STR #3578 +# Patch11 cups-1.4.3-default-webcontent-path.patch changes the default path whereto the +# web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent +# because the files of the CUPS web content are no documentation, see CUPS STR #3578 # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments: %patch11 -# Patch100...Patch999 is for private patches from Novell/openSUSE which are not intended for upstream: -# Patch100 adds conf/pam.suse regarding support for PAM for Novell/openSUSE: +%patch12 -p1 +# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: +# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -# Patch101 adds 'Allow 127.0.0.2' to cupsd.conf: -%patch101 -p1 -# Patch102 changes desktop/cups.desktop according to what Novell/openSUSE needs: +# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy +# to cupsd.conf see https://fate.novell.com/303515 +%patch101 +# Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: %patch102 -# Patch103 reverts the change which strips the word "recommended" from NickName in PPDs: +# Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch +# reverts the change which was added by Michael Sweet in Jan 2007 +# which strips the word "recommended" from NickName in PPDs because +# at least yast2-printer in SUSE needs it, compare the +# 'Why not "recommend" PPDs in the NickName?' and the subsequent +# 'RFC: New Driver Rating/Information Attributes' mail thread on cups@easysw.com: %patch103 -# Patch104 adds the 'allowallforanybody' policy to cupsd.conf: +# Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -# Patch105 adds complete systemd support (see http://www.cups.org/str.php?L3917): -%patch105 -# Patch106 fixes option --libs in cups-config script: -%patch106 -# Patch107 provides cupsd.service in cups.service -%patch107 -p1 -%if %suse_version > 1220 -# Patch108 moves everything to /run -%patch108 -p1 -%endif -# Patch109: STR #4190 -%patch109 -# Patch110 avoids any possible busy loop in cups-polld -%patch110 -# Patch111 fixes the cups.socket systemd unit file from Patch105 to be more secure -# so that systemd listens only on localhost (i.e. where the cupsd itself listens by default) -# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c24 -# Patch111 must be applied on top of Patch105. -%patch111 -# Patch112 changes the cups.service systemd unit file from Patch105 to be more secure -# and to let the cupsd again work as it did all the time for printing in a network -# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61 -# Patch111 must be applied on top of Patch105. -%patch112 -# Patch113 adds protection against privilege escalation by non-root users -# who have been allowed by root to do CUPS configuration changes -# (CUPS STR#4223 CVE-2012-5519 Novell/Suse Bugzilla bnc#789566): -%patch113 -# Patch114 fixes STR #4351: cups-lpd hugh jobs (>2G) fail -%patch114 -# Patch115 fixes STR #4388: no or malformed output from lpstat in charset other than utf-8 -%patch115 -p1 -# Patch116 fixes that the web interface incorrectly served symlinked files -# and files that were not world-readable, potentially leading to -# a disclosure of information (CVE-2014-3537 STR #4450 bnc#887240 -# plus the subsequent CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR #4455): -%patch116 %build -# Disable SILENT run of make so that make runs verbose as usual: -sed -i -e 's/^\.SILENT:/# .SILENT:/' Makedefs.in -libtoolize --force -aclocal -autoconf -export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fstack-protector" -export CFLAGS="$RPM_OPT_FLAGS -fstack-protector -DLDAP_DEPRECATED" -export CXX=g++ +# Remove ".SILENT" rule for verbose build output +sed 's#^.SILENT:##g' -i Makedefs.in +aclocal -I config-scripts +autoconf -I config-scripts +# Export the build options we desire +export CXXFLAGS="$CXXFLAGS %{optflags} -O2 -fstack-protector -fPIE -fPIC" +export CFLAGS="$CFLAGS %{optflags} -fstack-protector -fPIE -fPIC" +export LDFLAGS="-pie" +export CXX=c++ +export CC=cc # As long as cups-1.4.3-default-webcontent-path.patch is applied # configure --with-docdir=... would be no longer needed # because cups-1.4.3-default-webcontent-path.patch changes the @@ -418,36 +289,58 @@ export CXX=g++ # and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments # so that the new default could be used as is but upstream may accept # cups-1.4.3-default-webcontent-path.patch in general but change its default -# so that with-docdir is explicitly set here to be future proof: -./configure \ - --mandir=%{_mandir} \ - --sysconfdir=%{_sysconfdir} \ - --libdir=%{_libdir} \ - --datadir=%{_datadir} \ - --with-docdir=%{_datadir}/cups/webcontent \ - --with-cups-user=lp \ - --with-cups-group=lp \ - --with-system-groups=root \ - --enable-debug \ - --enable-relro \ - --enable-gssapi \ - --disable-static \ - --without-rcdir \ - --enable-dbus \ - --enable-ldap \ - --with-java \ - --with-php \ - --with-python \ - --with-cachedir=/var/cache/cups \ - --with-pdftops=pdftops \ -%if 0%{?have_systemd} - --with-systemdsystemunitdir=%{_unitdir} \ -%endif - --prefix=/ -make %{?_smp_mflags} CXX=g++ +# so that with-docdir is explicitly set here to be future proof. +# Regarding --with-rundir and --with-domainsocket +# see https://www.cups.org/str.php?L4306 and +# http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html +# --without-perl/php - neither actually work correctly so rather disable +# --without-xinetd - socket activation from systemd works better +# --enable-debug - avoids stripping of binaries +# --enable-relro - force relro sections in binaries/libs +%configure \ + --enable-debug \ + --enable-relro \ + --enable-option-checking \ + --with-docdir=%{_datadir}/cups/webcontent \ + --with-cups-user=lp \ + --with-cups-group=lp \ + --with-system-groups=root \ + --enable-debug \ + --enable-debug-printfs \ + --enable-relro \ + --enable-gssapi \ + --enable-libusb \ + --disable-static \ + --without-rcdir \ + --enable-dbus \ + --with-cachedir=%{_localstatedir}/cache/cups \ + --with-rundir=/run/cups \ + --with-domainsocket=/run/cups/cups.sock \ + --enable-dbus \ + --enable-pam \ + --enable-threads \ + --enable-gnutls \ + --enable-systemd \ + --enable-avahi --disable-dnssd \ + --enable-libpaper \ + --without-perl \ + --without-php \ + --with-xinetd=no \ + --enable-webif \ + localedir=%{_datadir}/locale +make %{?_smp_mflags} %install make BUILDROOT=%{buildroot} install +# Remove the CUPS banner files in /usr/share/cups/banners/ and +# the CUPS testpage /usr/share/cups/data/testprint (which is also a CUPS banner file type) +# because they do no longer work since CUPS >= 1.6, see http://www.cups.org/str.php?L4120 +# because there is no longer a filter for Linux that can convert the CUPS banner files. +# Since CUPS >= 1.6 only the banner files and testpage in the cups-filters package work +# via the cups-filters PDF workflow and the cups-filters package also provides +# the matching bannertopdf filter (see https://bugzilla.novell.com/show_bug.cgi?id=873376): +rm -r %{buildroot}%{_datadir}/cups/banners +rm %{buildroot}%{_datadir}/cups/data/testprint # Use CUPS' own fonts (i.e. make CUPS work again in compliance with upstream). # In ancient times (see the RPM changelog entry dated "Thu Aug 16 17:05:19 CEST 2001") # there was the general opinion it would be a great idea to deviate from CUPS upstream @@ -467,206 +360,90 @@ make BUILDROOT=%{buildroot} install # and the only way out is to move CUPS' own fonts to an artificial # surrogate directory /usr/share/cups/CUPSfonts and have the # symbolic link /usr/share/cups/fonts -> /usr/share/cups/CUPSfonts: -pushd %{buildroot}/usr/share/cups/ +pushd %{buildroot}%{_datadir}/cups/ mv fonts CUPSfonts && ln -s CUPSfonts fonts popd -# Source103: cups.sysconfig -install -d -m755 %{buildroot}/var/adm/fillup-templates -install -m 644 %{SOURCE103} %{buildroot}/var/adm/fillup-templates/sysconfig.cups # Make directory for ssl files: mkdir -p %{buildroot}%{_sysconfdir}/cups/ssl # Add a client.conf as template (Source108: cups-client.conf): install -m644 %{SOURCE108} %{buildroot}%{_sysconfdir}/cups/client.conf -%if %suse_version > 1220 -sed -i -e 's|/var/run|/run|g' %{buildroot}%{_sysconfdir}/cups/client.conf -%endif -# Source104: cups.xinetd -mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d -install -m 644 -D %{SOURCE104} %{buildroot}%{_sysconfdir}/xinetd.d/cups-lpd # Make the libraries accessible also via generic named links: ln -sf libcupsimage.so.2 %{buildroot}%{_libdir}/libcupsimage.so ln -sf libcups.so.2 %{buildroot}%{_libdir}/libcups.so # Add missing usual directories: install -d -m755 %{buildroot}%{_datadir}/cups/drivers -install -d -m755 %{buildroot}/var/cache/cups +install -d -m755 %{buildroot}%{_localstatedir}/cache/cups # Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff): -install -m 644 -D conf/pam.suse %{buildroot}/etc/pam.d/cups +install -m 644 -D conf/pam.suse %{buildroot}%{_sysconfdir}/pam.d/cups # Add missing usual documentation: install -d -m755 %{buildroot}/%{_defaultdocdir}/cups for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt do install -m 644 "$f" %{buildroot}%{_defaultdocdir}/cups/ done -# Source102: postscript.ppd.bz2 -bzip2 -cd < %{SOURCE102} > %{buildroot}%{_datadir}/cups/model/Postscript.ppd -# Source105: PSLEVEL1.PPD.bz2 -bzip2 -cd < %{SOURCE105} > %{buildroot}%{_datadir}/cups/model/Postscript-level1.ppd -# Source106: PSLEVEL2.PPD.bz2 -bzip2 -cd < %{SOURCE106} > %{buildroot}%{_datadir}/cups/model/Postscript-level2.ppd -find %{buildroot}/usr/share/cups/model -name "*.ppd" | while read FILE -do # Change default paper size from Letter to A4 if possible - # https://bugzilla.novell.com/show_bug.cgi?id=suse30662 - # and delete trailing whitespace: - perl -pi -e 's:^(\*Default.*)Letter\s*$:$1A4\n:; \ - s:^(\*ImageableArea A4.*\:\s+)"0 0 595 842":$1"24 48 571 818":; \ - s:^(\*ImageableArea Letter.*\:\s+)"0 0 612 792":$1"24 48 588 768":; \ - s:\s\n:\n:' "$FILE" - gzip -9 "$FILE" -done +# Add generic PostScript printer PPDs: +# Source102: Postscript.ppd.gz +install -m 644 %{SOURCE102} %{buildroot}%{_datadir}/cups/model/Postscript.ppd.gz +# Source105: Postscript-level1.ppd,gz +install -m 644 %{SOURCE105} %{buildroot}%{_datadir}/cups/model/Postscript-level1.ppd.gz +# Source106: Postscript-level2.ppd.gz +install -m 644 %{SOURCE106} %{buildroot}%{_datadir}/cups/model/Postscript-level2.ppd.gz # Add files for desktop menu: -rm -f %{buildroot}/usr/share/applications/cups.desktop +rm -f %{buildroot}%{_datadir}/applications/cups.desktop %suse_update_desktop_file -i cups PrintingUtility 2>/dev/null -mkdir %{buildroot}/usr/share/pixmaps -install -m 644 %{buildroot}/usr/share/icons/hicolor/64x64/apps/cups.png %{buildroot}/usr/share/pixmaps -rm -rf %{buildroot}/usr/share/icons -# Norwegian is "nb", "zh" is probably "zh_CN": -mv %{buildroot}/usr/share/locale/{no,nb} -mv %{buildroot}/usr/share/locale/{zh,zh_CN} +mkdir %{buildroot}%{_datadir}/pixmaps +install -m 644 %{buildroot}%{_datadir}/icons/hicolor/64x64/apps/cups.png %{buildroot}%{_datadir}/pixmaps +rm -rf %{buildroot}%{_datadir}/icons # Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked # via the fdupes run below, see https://bugzilla.novell.com/show_bug.cgi?id=773971 # by making their content different and at the same time fix the misleading comment. # Intentionally let the build fail if 'grep' does not find what 'sed' should change -# because if upstream changed it 'sed' would silently no longer change the files -# so that fdupes would make /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default hardlinked: -grep -q '^# Sample configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf -sed -i -e 's/^# Sample configuration /# Configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf -grep -q '^# Sample configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default -sed -i -e 's/^# Sample configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default -# Begin how cupsd is launched (via SysVinit or systemd): -%if 0%{?have_systemd} -# Begin launch cupsd via systemd: -# See http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines -# Move the installed cups.socket and cups.path into a documentation directory -# so that experienced admins can make their own individual systemd unit files -# for socket activation and/or path activation as they need it for their particular cases -# see https://bugzilla.novell.com/show_bug.cgi?id=857372#c61 -mkdir %{buildroot}/%{_defaultdocdir}/cups/systemd -mv %{buildroot}/%{_unitdir}/cups.path %{buildroot}/%{_defaultdocdir}/cups/systemd/cups.path -mv %{buildroot}/%{_unitdir}/cups.socket %{buildroot}/%{_defaultdocdir}/cups/systemd/cups.socket +# because if upstream changed it 'sed' would silently no longer change the files: +grep -q '^# Configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default +sed -i -e 's/^# Configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default + +# install the systemd control files +mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path +mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service +mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket +mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket +mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service +sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service +# rcbla aliases +ln -s service %{buildroot}%{_sbindir}/rccups +ln -s service %{buildroot}%{_sbindir}/rccups-lpd # Install /usr/lib/tmpfiles.d/cups.conf mkdir -p %{buildroot}%{_tmpfilesdir} cat > %{buildroot}%{_tmpfilesdir}/cups.conf < /etc/init.d/FOO -# /usr/sbin/service exists only since openSUSE 12.3: -%if 0%{?suse_version} > 1220 -ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rccups -%else -ln -s /sbin/service %{buildroot}%{_sbindir}/rccups -%endif -# For information only: -# When cupsd is launched via systemd there must no longer be any /etc/init.d/cups script -# (e.g. as an attempt to provide backward compatibility e.g. via "exec /usr/sbin/rccups $@") -# because systemd would recognize /etc/init.d/cups as another way to launch cupsd -# in addition to the actual unit file /usr/lib/systemd/system/cups.service -# which means calling "/etc/init.d/cups [start|stop|status]" does no longer work, -# see http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities/ -# End launch cupsd via systemd -%else -# Begin launch cupsd via SysVinit: -# Source101: cups.init -install -d -m755 %{buildroot}/etc/init.d -install -m755 %{SOURCE101} %{buildroot}/etc/init.d/cups -ln -sf ../../etc/init.d/cups %{buildroot}/usr/sbin/rccups -%if %suse_version > 1220 -# Adapt init script according to Patch108 that moves everything to /run -sed -i -e 's|/var/run|/run|g' %{buildroot}/etc/init.d/cups -sed -i -e 's|/var/lock|/run/lock|g' %{buildroot}/etc/init.d/cups -%endif -# End launch cupsd via SysVinit -%endif -# End how cupsd is launched (via SysVinit or systemd) -# Run fdupes: -# The RPM macro fdupes runs /usr/bin/fdupes that links files with identical content. # Never run fdupes carelessly over the whole buildroot directory # because in older openSUSE and SLE11 versions fdupes # links files with different owner, group, or permissions # see https://bugzilla.novell.com/show_bug.cgi?id=784670 -# and even in current openSUSE versions fdupes links across sub-package boundaries, -# compare https://bugzilla.novell.com/show_bug.cgi?id=784869 -# so that fdupes can only run for specific directories where linking files is safe. -# Using fdupes -s, which will create symlinks that are easier to grasp for rpm and -# rpmlint will give a "dangling symlink" error if the file and link ended up in different packages. -# All symlinks created by fdupes are in /usr/share/cups/templates/ -# except /usr/share/cups/webcontent/images/cups-icon.png -> /usr/share/cups/webcontent/images/cups.png -# but that one must not be a symlink because since CUPS 1.7.4/1.7.5 the cupsd web server does no longer -# follow symlink to avoid security issues (see bnc#892587 and bnc#887240 and and the upstream -# issues http://www.cups.org/str.php?L4450 and https://www.cups.org/str.php?L4455) -# so that fdupes should only create symlinks in /usr/share/cups/templates/: +# and even in current openSUSE versions fdupes links across sub-package +# boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869 %fdupes -s %{buildroot}/%{_datadir}/cups/templates %pre -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -%if 0%{?have_systemd} -# Begin service_add_pre cups.service -%service_add_pre cups.service -# End service_add_pre cups.service -%endif -# See https://bugzilla.novell.com/show_bug.cgi?id=suse45719 -# and attr(0775,root,ntadmin) for /usr/share/cups/drivers/ in the files section below -# and the samba.spec file in openSUSE:13.1 for the used command there to be in sync with Samba -# (without "|| :" build fails on SLE_11 and SLE_11_SP1 with "build_patchrpmcheck_scr: line 7: groupadd: command not found"): -getent group ntadmin >/dev/null || groupadd -g 71 -o -r ntadmin || : -exit 0 +getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin 2>/dev/null +%service_add_pre cups.service cups-lpd@.service cups-lpd.socket cups.socket %post -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -%if 0%{?have_systemd} -# Begin service_add_post cups.service -%service_add_post cups.service -# End service_add_post cups.service -%else -# Begin fillup_and_insserv -ny cups cups -%{fillup_and_insserv -ny cups cups} -# End fillup_and_insserv -ny cups cups -%endif -exit 0 +%service_add_post cups.service cups-lpd@.service cups-lpd.socket cups.socket %preun -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -%if 0%{?have_systemd} -# Begin service_del_preun cups.service -%service_del_preun cups.service -# End service_del_preun cups.service -%else -# Begin stop_on_removal cups -%stop_on_removal cups -# End stop_on_removal cups -%endif -exit 0 +%service_del_preun cups.service cups-lpd@.service cups-lpd.socket cups.socket %postun -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -%if 0%{?have_systemd} -# Begin service_del_postun cups.service -%service_del_postun cups.service -# End service_del_postun cups.service -%else -# Begin restart_on_update cups -%restart_on_update cups -# End restart_on_update cups -# Begin insserv_cleanup -%{insserv_cleanup} -# End insserv_cleanup -%endif -exit 0 +%service_del_postun cups.service cups-lpd@.service cups-lpd.socket cups.socket %posttrans # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe # an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed # see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -%if 0%{?have_systemd} # Begin refresh systemd units and clean up possibly obsolete systemd units # The following is a generic way how to refresh and/or clean up systemd units. # A systemd unit may need a refresh after updating a package when the new package @@ -682,8 +459,8 @@ exit 0 # and http://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Scriptlet_Ordering # from the new package only "posttrans of new package" is run after "removal of old package" # so that the new package must do the clean up as RPM posttrans scriptlet. -for u in cups.service cups.socket cups.path -do if systemctl --quiet is-enabled $u 2>/dev/null +for u in cups.service cups.socket cups.path; do + if systemctl --quiet is-enabled $u 2>/dev/null then # Refresh still valid enabled systemd units and clean up possibly obsoleted systemd units: # Enforce systemd to use the current unit file which is usually the unit file of the new package # but also in case of custom units (that use other unit files) a "reenable" won't hurt because @@ -704,116 +481,91 @@ do if systemctl --quiet is-enabled $u 2>/dev/null systemctl --quiet disable $u 2>/dev/null || : fi done -# End refresh systemd units and clean up possibly obsolete systemd units -%endif exit 0 -%post libs -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -/sbin/ldconfig -exit 0 +%post libs -p /sbin/ldconfig -%postun libs -# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe -# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed -# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets -/sbin/ldconfig -exit 0 +%postun libs -p /sbin/ldconfig %files -# The files sections list all mandatory files explicitly one by one. +%defattr(-,root,root) # In particular all executables are listed explicitly. # This avoids that CUPS' configure magic might silently # not build and install an executable when whatever condition -# for configure's automated tests is not fulfilled in the build system, -# for example see https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 -# When all mandatory files are explicitly listed, -# the build fails intentionally if a mandatory file was not built -# which ensures that already existing correctly built binary RPMs -# are not overwritten by broken RPMs where mandatory files are missing. +# for configure's automated tests is not fulfilled in the build system. +# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 %defattr(-,root,root) +%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cups-files.conf %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf -%{_sysconfdir}/cups/cupsd.conf.default %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/snmp.conf -%config(noreplace) %attr(755,lp,lp) %{_sysconfdir}/cups/interfaces -%config(noreplace) %{_sysconfdir}/xinetd.d/cups-lpd %config %{_sysconfdir}/pam.d/cups %config %{_sysconfdir}/dbus-1/system.d/cups.conf -%dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl +%config %{_sysconfdir}/cups/cupsd.conf.default +%dir %attr(755,root,lp) %{_sysconfdir}/cups/interfaces %dir %attr(755,root,lp) %{_sysconfdir}/cups/ppd -/var/adm/fillup-templates/sysconfig.cups -%if 0%{?have_systemd} +%dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl %{_unitdir}/cups.service +%{_unitdir}/cups.socket +%{_unitdir}/cups.path +%{_unitdir}/cups-lpd.socket +%{_unitdir}/cups-lpd@.service %{_tmpfilesdir}/cups.conf -%else -%config %attr(0755,root,root) %{_sysconfdir}/init.d/cups -%endif %{_bindir}/cupstestppd %{_sbindir}/cupsaddsmb %{_sbindir}/cupsctl %{_sbindir}/cupsd %{_sbindir}/cupsfilter %{_sbindir}/rccups -%dir /usr/lib/cups -%dir /usr/lib/cups/backend -/usr/lib/cups/backend/http -/usr/lib/cups/backend/https -/usr/lib/cups/backend/ipp -/usr/lib/cups/backend/ipps -/usr/lib/cups/backend/lpd -/usr/lib/cups/backend/parallel -/usr/lib/cups/backend/serial -/usr/lib/cups/backend/snmp -/usr/lib/cups/backend/socket -/usr/lib/cups/backend/usb -%dir /usr/lib/cups/cgi-bin -/usr/lib/cups/cgi-bin/admin.cgi -/usr/lib/cups/cgi-bin/classes.cgi -/usr/lib/cups/cgi-bin/help.cgi -/usr/lib/cups/cgi-bin/jobs.cgi -/usr/lib/cups/cgi-bin/printers.cgi -%dir /usr/lib/cups/daemon -/usr/lib/cups/daemon/cups-deviced -/usr/lib/cups/daemon/cups-driverd -/usr/lib/cups/daemon/cups-exec -/usr/lib/cups/daemon/cups-lpd -/usr/lib/cups/daemon/cups-polld -%dir /usr/lib/cups/driver -%dir /usr/lib/cups/filter -/usr/lib/cups/filter/bannertops -/usr/lib/cups/filter/commandtoescpx -/usr/lib/cups/filter/commandtopclx -/usr/lib/cups/filter/commandtops -/usr/lib/cups/filter/gziptoany -/usr/lib/cups/filter/imagetops -/usr/lib/cups/filter/imagetoraster -/usr/lib/cups/filter/pdftops -/usr/lib/cups/filter/pstops -/usr/lib/cups/filter/rastertodymo -/usr/lib/cups/filter/rastertoepson -/usr/lib/cups/filter/rastertoescpx -/usr/lib/cups/filter/rastertohp -/usr/lib/cups/filter/rastertolabel -/usr/lib/cups/filter/rastertopclx -/usr/lib/cups/filter/rastertopwg -/usr/lib/cups/filter/texttops -%dir /usr/lib/cups/monitor -/usr/lib/cups/monitor/bcp -/usr/lib/cups/monitor/tbcp -%dir /usr/lib/cups/notifier -/usr/lib/cups/notifier/dbus -/usr/lib/cups/notifier/mailto -/usr/lib/cups/notifier/rss +%{_sbindir}/rccups-lpd +%dir %{_libexecdir}/cups +%dir %{_libexecdir}/cups/backend +%{_libexecdir}/cups/backend/dnssd +%{_libexecdir}/cups/backend/http +%{_libexecdir}/cups/backend/https +%{_libexecdir}/cups/backend/ipp +%{_libexecdir}/cups/backend/ipps +%{_libexecdir}/cups/backend/lpd +%{_libexecdir}/cups/backend/snmp +%{_libexecdir}/cups/backend/socket +%{_libexecdir}/cups/backend/usb +%dir %{_libexecdir}/cups/cgi-bin +%{_libexecdir}/cups/cgi-bin/admin.cgi +%{_libexecdir}/cups/cgi-bin/classes.cgi +%{_libexecdir}/cups/cgi-bin/help.cgi +%{_libexecdir}/cups/cgi-bin/jobs.cgi +%{_libexecdir}/cups/cgi-bin/printers.cgi +%dir %{_libexecdir}/cups/daemon +%{_libexecdir}/cups/daemon/cups-deviced +%{_libexecdir}/cups/daemon/cups-driverd +%{_libexecdir}/cups/daemon/cups-exec +%{_libexecdir}/cups/daemon/cups-lpd +%dir %{_libexecdir}/cups/driver +%dir %{_libexecdir}/cups/filter +%{_libexecdir}/cups/filter/commandtops +%{_libexecdir}/cups/filter/gziptoany +%{_libexecdir}/cups/filter/pstops +%{_libexecdir}/cups/filter/rastertodymo +%{_libexecdir}/cups/filter/rastertoepson +%{_libexecdir}/cups/filter/rastertohp +%{_libexecdir}/cups/filter/rastertolabel +%{_libexecdir}/cups/filter/rastertopwg +%dir %{_libexecdir}/cups/monitor +%{_libexecdir}/cups/monitor/bcp +%{_libexecdir}/cups/monitor/tbcp +%dir %{_libexecdir}/cups/notifier +%{_libexecdir}/cups/notifier/dbus +%{_libexecdir}/cups/notifier/mailto +%{_libexecdir}/cups/notifier/rss %dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers %{_datadir}/applications/cups.desktop %{_datadir}/pixmaps/cups.png %doc %{_defaultdocdir}/cups +%doc %{_mandir}/man1/cups.1.gz %doc %{_mandir}/man1/cupstestppd.1.gz %doc %{_mandir}/man5/classes.conf.5.gz %doc %{_mandir}/man5/client.conf.5.gz %doc %{_mandir}/man5/cups-snmp.conf.5.gz +%doc %{_mandir}/man5/cups-files.conf.5.gz %doc %{_mandir}/man5/cupsd.conf.5.gz %doc %{_mandir}/man5/mailto.conf.5.gz %doc %{_mandir}/man5/mime.convs.5.gz @@ -825,31 +577,26 @@ exit 0 %doc %{_mandir}/man7/notifier.7.gz %doc %{_mandir}/man8/cups-deviced.8.gz %doc %{_mandir}/man8/cups-driverd.8.gz +%doc %{_mandir}/man8/cups-exec.8.gz %doc %{_mandir}/man8/cups-lpd.8.gz -%doc %{_mandir}/man8/cups-polld.8.gz +%doc %{_mandir}/man8/cups-snmp.8.gz %doc %{_mandir}/man8/cupsaddsmb.8.gz %doc %{_mandir}/man8/cupsctl.8.gz %doc %{_mandir}/man8/cupsd.8.gz +%doc %{_mandir}/man8/cupsd-helper.8.gz +%doc %{_mandir}/man8/cupsd-logs.8.gz %doc %{_mandir}/man8/cupsfilter.8.gz %{_datadir}/cups/ %exclude %{_datadir}/cups/ppdc/ %files client -# Set explicite owner, group, and permissions for lppasswd -# to enforce to have the upstream owner, group, and permissions in the RPM -# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755 -# according to /etc/permissions.secure in the build system, -# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12 -# and subsequent comments up to comment #17 therein. -# Even if /etc/permissions.secure in the openSUSE:Factory build system might be -# already fixed, it must also work for build systems for released products. %defattr(-,root,root) %{_bindir}/cancel %{_bindir}/cupstestdsc +%{_bindir}/ippfind %{_bindir}/ipptool %{_bindir}/lp %{_bindir}/lpoptions -%attr(0555,root,root) %{_bindir}/lppasswd %{_bindir}/lpq %{_bindir}/lpr %{_bindir}/lprm @@ -866,10 +613,10 @@ exit 0 %{_sbindir}/reject %doc %{_mandir}/man1/cancel.1.gz %doc %{_mandir}/man1/cupstestdsc.1.gz +%doc %{_mandir}/man1/ippfind.1.gz %doc %{_mandir}/man1/ipptool.1.gz %doc %{_mandir}/man1/lp.1.gz %doc %{_mandir}/man1/lpoptions.1.gz -%doc %{_mandir}/man1/lppasswd.1.gz %doc %{_mandir}/man1/lpq.1.gz %doc %{_mandir}/man1/lpr.1.gz %doc %{_mandir}/man1/lprm.1.gz @@ -892,7 +639,6 @@ exit 0 %{_libdir}/libcups.so %{_libdir}/libcupsimage.so %{_libdir}/libcupscgi.so -%{_libdir}/libcupsdriver.so %{_libdir}/libcupsmime.so %{_libdir}/libcupsppdc.so %{_datadir}/cups/ppdc/ @@ -921,7 +667,6 @@ exit 0 %{_bindir}/cups-config %{_libdir}/libcups.so.* %{_libdir}/libcupscgi.so.* -%{_libdir}/libcupsdriver.so.* %{_libdir}/libcupsimage.so.* %{_libdir}/libcupsmime.so.* %{_libdir}/libcupsppdc.so.* diff --git a/cups.sysconfig b/cups.sysconfig deleted file mode 100644 index 063291f..0000000 --- a/cups.sysconfig +++ /dev/null @@ -1,17 +0,0 @@ -## Path: System/Printing/CUPS -## Description: Cups options -## Type: string -## Default: cups -## ServiceReload: cups -## ServiceRestart: cups -# -IDENT="cups" -## Type: string -## Default: "CUPS printer daemon" -DESCRIPTIVE="CUPS printer daemon" -## Type: string -## Default: "" -# -# change CUPSD_OPTIONS for arguments of start of cupsd -# e.g. CUPSD_OPTIONS="-c /etc/cups/cupsd.conf" -CUPSD_OPTIONS="" diff --git a/cups.xinetd b/cups.xinetd deleted file mode 100644 index 6b7caa2..0000000 --- a/cups.xinetd +++ /dev/null @@ -1,11 +0,0 @@ -service printer -{ - disable = yes - flags = NAMEINARGS - socket_type = stream - protocol = tcp - wait = no - user = lp - server = /usr/lib/cups/daemon/cups-lpd - server_args = cups-lpd -o document-format=application/octet-stream -} diff --git a/postscript.ppd.bz2 b/postscript.ppd.bz2 deleted file mode 100644 index 3d54643..0000000 --- a/postscript.ppd.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3be50ca7f9dc699b9dfd3cbe1d655b4934547ba2e3ce0c5cc1560844829237e -size 1913 diff --git a/str4190.patch b/str4190.patch deleted file mode 100644 index 46491b1..0000000 --- a/str4190.patch +++ /dev/null @@ -1,72 +0,0 @@ -Index: backend/ipp.c -=================================================================== ---- backend/ipp.c (revision 10611) -+++ backend/ipp.c (working copy) -@@ -1279,6 +1279,16 @@ - } - - /* -+ * If the printer only claims to support IPP/1.0, or if the user specifically -+ * included version=1.0 in the URI, then do not try to use Create-Job or -+ * Send-Document. This is another dreaded compatibility hack, but unfortunately -+ * there are enough broken printers out there that we need this for now... -+ */ -+ -+ if (version == 10) -+ create_job = send_document = 0; -+ -+ /* - * Start monitoring the printer in the background... - */ - -@@ -1494,10 +1504,9 @@ - goto cleanup; - } - } -- else if (ipp_status == IPP_ERROR_JOB_CANCELED) -+ else if (ipp_status == IPP_ERROR_JOB_CANCELED || -+ ipp_status == IPP_NOT_AUTHORIZED) - goto cleanup; -- else if (ipp_status == IPP_NOT_AUTHORIZED) -- continue; - else - { - /* -@@ -1678,14 +1687,35 @@ - ipp_status == IPP_NOT_POSSIBLE || - ipp_status == IPP_PRINTER_BUSY) - continue; -- else if (ipp_status == IPP_REQUEST_VALUE) -+ else if (ipp_status == IPP_REQUEST_VALUE || -+ ipp_status == IPP_ERROR_JOB_CANCELED || -+ ipp_status == IPP_NOT_AUTHORIZED) - { - /* -- * Print file is too large, abort this job... -+ * Print file is too large, job was canceled, or we need new -+ * authentication data... - */ - - goto cleanup; - } -+ else if (ipp_status == IPP_NOT_FOUND) -+ { -+ /* -+ * Printer does not actually implement support for Create-Job/ -+ * Send-Document, so log the conformance issue and stop the printer. -+ */ -+ -+ fputs("DEBUG: This printer claims to support Create-Job and " -+ "Send-Document, but those operations failed.\n", stderr); -+ fputs("DEBUG: Add '?version=1.0' to the device URI to use legacy " -+ "compatibility mode.\n", stderr); -+ update_reasons(NULL, "+cups-ipp-conformance-failure-report," -+ "cups-ipp-missing-send-document"); -+ -+ ipp_status = IPP_INTERNAL_ERROR; /* Force queue to stop */ -+ -+ goto cleanup; -+ } - else - copies_remaining --; - diff --git a/str4351.patch b/str4351.patch deleted file mode 100644 index 75d06d0..0000000 --- a/str4351.patch +++ /dev/null @@ -1,36 +0,0 @@ -Index: scheduler/cups-lpd.c -=================================================================== ---- scheduler/cups-lpd.c (revision 11557) -+++ scheduler/cups-lpd.c (revision 11558) -@@ -781,7 +770,8 @@ - int fd; /* Temporary file */ - FILE *fp; /* File pointer */ - char filename[1024]; /* Temporary filename */ -- int bytes; /* Bytes received */ -+ ssize_t bytes; /* Bytes received */ -+ size_t total; /* Total bytes */ - char line[256], /* Line from file/stdin */ - command, /* Command from line */ - *count, /* Number of bytes */ -@@ -965,15 +955,15 @@ - * Copy the data or control file from the client... - */ - -- for (i = atoi(count); i > 0; i -= bytes) -+ for (total = (size_t)strtoll(count, NULL, 10); total > 0; total -= (size_t)bytes) - { -- if (i > sizeof(line)) -- bytes = sizeof(line); -+ if (total > sizeof(line)) -+ bytes = (ssize_t)sizeof(line); - else -- bytes = i; -+ bytes = (ssize_t)total; - -- if ((bytes = fread(line, 1, bytes, stdin)) > 0) -- bytes = write(fd, line, bytes); -+ if ((bytes = (ssize_t)fread(line, 1, (size_t)bytes, stdin)) > 0) -+ bytes = write(fd, line, (size_t)bytes); - - if (bytes < 1) - { diff --git a/str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch b/str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch deleted file mode 100644 index 12e2cf6..0000000 --- a/str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch +++ /dev/null @@ -1,164 +0,0 @@ ---- scheduler/client.c.orig 2014-09-02 11:26:57.000000000 +0200 -+++ scheduler/client.c 2014-09-02 12:35:05.000000000 +0200 -@@ -3672,51 +3672,72 @@ get_file(cupsd_client_t *con, /* I - C - if ((ptr = strchr(filename, '?')) != NULL) - *ptr = '\0'; - - /* - * Grab the status for this language; if there isn't a language-specific file - * then fallback to the default one... - */ - -- if ((status = stat(filename, filestats)) != 0 && language[0] && -+ if ((status = lstat(filename, filestats)) != 0 && language[0] && - strncmp(con->uri, "/icons/", 7) && - strncmp(con->uri, "/ppd/", 5) && - strncmp(con->uri, "/rss/", 5) && - strncmp(con->uri, "/admin/conf/", 12) && - strncmp(con->uri, "/admin/log/", 11)) - { - /* - * Drop the country code... - */ - - language[3] = '\0'; - snprintf(filename, len, "%s%s%s", DocumentRoot, language, con->uri); - - if ((ptr = strchr(filename, '?')) != NULL) - *ptr = '\0'; - -- if ((status = stat(filename, filestats)) != 0) -+ if ((status = lstat(filename, filestats)) != 0) - { - /* - * Drop the language prefix and try the root directory... - */ - - language[0] = '\0'; - snprintf(filename, len, "%s%s", DocumentRoot, con->uri); - - if ((ptr = strchr(filename, '?')) != NULL) - *ptr = '\0'; - -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - } - } - - /* -- * If we're found a directory, get the index.html file instead... -+ * If we've found a symlink, 404 the sucker to avoid disclosing information. -+ */ -+ -+ if (!status && S_ISLNK(filestats->st_mode)) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); -+ return (NULL); -+ } -+ -+ /* -+ * Similarly, if the file/directory does not have world read permissions, do -+ * not allow access... -+ */ -+ -+ if (!status && !(filestats->st_mode & S_IROTH)) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); -+ return (NULL); -+ } -+ -+ /* -+ * If we've found a directory, get the index.html file instead... - */ - - if (!status && S_ISDIR(filestats->st_mode)) - { - /* - * Make sure the URI ends with a slash... - */ - -@@ -3749,58 +3770,79 @@ get_file(cupsd_client_t *con, /* I - C - - if ((ptr = strchr(filename, '?')) != NULL) - *ptr = '\0'; - - ptr = filename + strlen(filename); - plen = len - (ptr - filename); - - strlcpy(ptr, "index.html", plen); -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - - #ifdef HAVE_JAVA - if (status) - { - strlcpy(ptr, "index.class", plen); -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - } - #endif /* HAVE_JAVA */ - - #ifdef HAVE_PERL - if (status) - { - strlcpy(ptr, "index.pl", plen); -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - } - #endif /* HAVE_PERL */ - - #ifdef HAVE_PHP - if (status) - { - strlcpy(ptr, "index.php", plen); -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - } - #endif /* HAVE_PHP */ - - #ifdef HAVE_PYTHON - if (status) - { - strlcpy(ptr, "index.pyc", plen); -- status = stat(filename, filestats); -+ status = lstat(filename, filestats); - } - - if (status) - { - strlcpy(ptr, "index.py", plen); - status = stat(filename, filestats); - } - #endif /* HAVE_PYTHON */ - - } - while (status && language[0]); -+ -+ /* -+ * If we've found a symlink, 404 the sucker to avoid disclosing information. -+ */ -+ -+ if (!status && S_ISLNK(filestats->st_mode)) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Symlinks such as \"%s\" are not allowed.", con->http.fd, filename); -+ return (NULL); -+ } -+ -+ /* -+ * Similarly, if the file/directory does not have world read permissions, do -+ * not allow access... -+ */ -+ -+ if (!status && !(filestats->st_mode & S_IROTH)) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename); -+ return (NULL); -+ } - } - - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "get_file(con=%p(%d), filestats=%p, filename=%p, len=%d) = " - "%s", con, con->http.fd, filestats, filename, len, - status ? "(null)" : filename); - - if (status)