pool/cups
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 883251 from Printing

Browse Source 
Disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed. Additionally improved syntax of some recent changes entries. (forwarded request 883250 from jsmeix)

OBS-URL: https://build.opensuse.org/request/show/883251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=154
This commit is contained in:
Richard Brown 2021-04-10 13:26:26 +00:00 committed by Git OBS Bridge
commit d9002d8bbf
9 changed files with 295 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
CVE-2020-10001.patch
View File

@ -1,38 +0,0 @@
--- cups/ipp.c.orig 2021-01-11 10:53:43.080847679 +0100
+++ cups/ipp.c 2021-01-11 12:03:56.010423238 +0100
@@ -2965,7 +2965,8 @@ ippReadIO(void *src, /* I - Data
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3524,6 +3525,7 @@ ippReadIO(void *src, /* I - Data
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3537,7 +3539,7 @@ ippReadIO(void *src, /* I - Data
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3564,7 +3566,7 @@ ippReadIO(void *src, /* I - Data
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);

3
cups-2.3.3-source.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee
size 8140741

BIN
cups-2.3.3-source.tar.gz.sig
View File

Binary file not shown.

3
cups-2.3.3op2-source.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df
size 7993205

BIN
cups-2.3.3op2-source.tar.gz.sig Normal file
View File

Binary file not shown.

310
cups.changes
View File

@ -1,13 +1,123 @@
-------------------------------------------------------------------
Tue Apr 6 11:34:50 CEST 2021 - jsmeix@suse.de
- Disable testsuite for now via "bcond_with testsuite"
until https://github.com/OpenPrinting/cups/issues/155 is fixed
-------------------------------------------------------------------
Thu Mar 25 20:47:22 CET 2021 - Florian <sp1ritCS@protonmail.com>
- Add "testsuite" conditional that disables anything within %check
-------------------------------------------------------------------
Fri Mar 19 12:02:38 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
fixes web UI Kerberos authentication (bsc#1175960)
-------------------------------------------------------------------
Fri Mar 19 11:25:44 UTC 2021 - Florian <sp1ritCS@protonmail.com>
- Upstream changed to https://github.com/OpenPrinting/cups
- Added %check section to specfile that executes
the old 'make check' and the new (see 2.3.3op1) 'make test'
- Version upgrade to 2.3.3op2:
* Security: Fixed a buffer (read) overflow
in the ippReadIO function (CVE-2020-10001)
* Clarified the documentation for the "Listen" directive
* Fixed duplicate ColorModel entries for AirPrint printers
* Fixed directory/permission defaults for Debian
kfreebsd-based systems
* Fixed crash bug in ppdOpen
* Fixed regression in snprintf emulation function
* The scheduler's systemd service file now waits
for the nslcd service to start
* The libusb-based USB backend now uses a simpler read timer
implementation to avoid a regression in a previous change
* The PPD caching code now only tracks the APPrinterIconPath
value on macOS
* Fixed segfault in help.cgi when searching in man pages
* Root certificates were incorrectly stored in "~/.cups/ssl".
* Version upgrade to 2.3.3op1:
* The automated test suite can now be activated using make test
for consistency with other projects and CI environments - the
old make check continues to work as well, and the previous test
server behavior can be accessed by running make testserver.
* ippeveprinter now supports multiple icons and strings files.
* ippeveprinter now uses the system's FQDN with Avahi.
* ippeveprinter now supports Get-Printer-Attributes on "/".
* ippeveprinter now uses a deterministic "printer-uuid" value.
* ippeveprinter now uses system sounds on macOS
for Identify-Printer.
* Updated ippfind to look for files in "~/Desktop" on Windows.
* Updated ippfind to honor SKIP-XXX directives with PAUSE.
* Updated IPP Everywhere support to work around printers that only
advertise color raster support but really also support grayscale
* ipptool now supports DNS-SD URIs like
ipps://My%20Printer._ipps._tcp.local
* The scheduler now allows root backends to have world read
permissions but not world execute permissions
* Failures to bind IPv6 listener sockets no longer cause errors
if IPv6 is disabled on the host
* The SNMP backend now supports the HP and Ricoh vendor MIBs
* The scheduler no longer includes a timestamp in files it writes
* The systemd service names are now "cups.service"
and "cups-lpd.service"
* The scheduler no longer adds the local hostname to
the ServerAlias list
* Added LogFileGroup directive in "cups-files.conf" to control
the group owner of log files
* Added --with-max-log-size configure option
* Added --enable-sync-on-close configure option
* Added --with-error-policy configure option
* IPP Everywhere PPDs could have an "unknown" default InputSlot
* The httpAddrListen function now uses a listen backlog of 128.
* Added USB quirks
* Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
* Fixed DNS-SD name collision support in ippeveprinter.
* Fixed compiler and code analyzer warnings.
* Fixed TLS support on Windows.
* Fixed ippfind sub-type searches with Avahi.
* Fixed the default hostname used by ippeveprinter on macOS.
* Fixed resolution of local IPP-USB printers with Avahi.
* Fixed coverity issues
* Fixed httpAddrConnect issues
* Fixed web interface device URI issue
* Fixed lp/lpr "printer/class not found" error reporting
* Fixed xinetd support for LPD clients
* Fixed libtool build issue
* Fixed a memory leak in the scheduler
* Fixed a potential integer overflow in the PPD hashing code
* Fixed output-bin and print-quality handling issues
* Fixed PPD options getting mapped to odd IPP values
like "tray---4"
* Fixed remote access to the cupsd.conf and log files
* Fixed the automated test suite when running in certain
build/CI environments
* Fixed a logging regression caused by a previous change
for Apple issue #5604
* Fixed fax phone number handling with GNOME
* Fixed potential rounding error in rastertopwg filter
* Fixed the "uri-security-supported" value from the scheduler
* Fixed IPP backend crash bug with "printer-alert" values
* Removed old Solaris inetconv(1m) reference in cups-lpd man page
* Fixed default options that incorrectly use the "custom" prefix
* Fixed a memory leak when resolving DNS-SD URIs
* Fixed systemd status reporting by adopting the notify interface
* Fixed crash in rastertopwg
* Fixed cupsManualCopies values in IPP Everywhere PPDs
- Removed let-cupsd-start-after-network.patch
as it is no longer required
- Removed CVE-2020-10001.patch as a fix as been merged upstream
- Removed section of specfile responsible for
renaming "org.cups.cups*" systemd files to cups*, due to
upstream renaming these files
-------------------------------------------------------------------
Thu Mar 18 18:18:18 UTC 2021 - olaf@aepfle.de
- Remove code comments from expanded scriptlets to reduce size
cf. https://build.opensuse.org/request/show/879976
-------------------------------------------------------------------
Tue Feb 2 14:22:38 CET 2021 - jsmeix@suse.de
@ -19,161 +129,161 @@ Tue Feb 2 14:22:38 CET 2021 - jsmeix@suse.de
Wed Oct 14 09:11:00 UTC 2020 - Michael Gorse <mgorse@suse.com>
- Version upgrade to 2.3.3:
- CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
constraint. `ppdcSource::get_resolution` function did not
* CVE-2020-3898: The 'ppdOpen' function did not handle invalid UI
constraint. 'ppdcSource::get_resolution' function did not
handle invalid resolution strings.
- CVE-2019-8842: The `ippReadIO` function may under-read an
* CVE-2019-8842: The 'ippReadIO' function may under-read an
extension field.
- Fixed WARNING_OPTIONS support for GCC 9.x
* Fixed WARNING_OPTIONS support for GCC 9.x
Changes in CUPS 2.3.2:
Localization updates
Changes in CUPS 2.3.1:
- CVE-2019-2228: The `ippSetValuetag` function did not validate
* CVE-2019-2228: The 'ippSetValuetag' function did not validate
the default language value.
- Fixed a crash bug in the web interface.
- The PPD cache code now looks up page sizes using their
* Fixed a crash bug in the web interface.
* The PPD cache code now looks up page sizes using their
dimensions.
- PPD files containing "custom" option keywords did not work.
- Added a workaround for the scheduler's systemd support.
- Added a DigestOptions directive for the `client.conf` file to
* PPD files containing "custom" option keywords did not work.
* Added a workaround for the scheduler's systemd support.
* Added a DigestOptions directive for the 'client.conf' file to
control whether MD5-based Digest authentication is allowed.
- Fixed a bug in the handling of printer resource files.
- The libusb-based USB backend now reports an error when the
* Fixed a bug in the handling of printer resource files.
* The libusb-based USB backend now reports an error when the
distribution permissions are wrong.
- Added paint can labels to Dymo driver.
- The `ippeveprinter` program now supports authentication.
- The `ippeveprinter` program now advertises DNS-SD services on
* Added paint can labels to Dymo driver.
* The 'ippeveprinter' program now supports authentication.
* The 'ippeveprinter' program now advertises DNS-SD services on
the correct interfaces, and provides a way to turn them off.
- The `--with-dbusdir` option was ignored by the configure
* The '--with-dbusdir' option was ignored by the configure
script.
- Sandboxed applications were not able to get the default
* Sandboxed applications were not able to get the default
printer.
- Log file access controls were not preserved by `cupsctl`.
- Default printers set with `lpoptions` did not work in all
* Log file access controls were not preserved by 'cupsctl'.
* Default printers set with 'lpoptions' did not work in all
cases.
- Fixed an error in the jobs web interface template.
- Fixed an off-by-one error in `ippEnumString`.
- Fixed some new compiler warnings.
- Fixed a few issues with the Apple Raster support.
- The IPP backend did not detect all cases where a job should be
* Fixed an error in the jobs web interface template.
* Fixed an off-by-one error in 'ippEnumString'.
* Fixed some new compiler warnings.
* Fixed a few issues with the Apple Raster support.
* The IPP backend did not detect all cases where a job should be
retried using a raster format.
- Fixed spelling of "fold-accordion".
- Fixed the default common name for TLS certificates used by
`ippeveprinter`.
- Fixed the option names used for IPP Everywhere finishing
* Fixed spelling of "fold-accordion".
* Fixed the default common name for TLS certificates used by
'ippeveprinter'.
* Fixed the option names used for IPP Everywhere finishing
options.
- Added support for the second roll of the DYMO Twin/DUO label
* Added support for the second roll of the DYMO Twin/DUO label
printers.
Changes in CUPS v2.3.0:
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
- Added a GPL2/LGPL2 exception to the new CUPS license terms.
- Fixed a bug in the scheduler job cleanup code.
- Fixed builds when there is no TLS library.
- "make" failed with GZIP options.
- Fixed potential excess logging from the scheduler when removing
* CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
* Added a GPL2/LGPL2 exception to the new CUPS license terms.
* Fixed a bug in the scheduler job cleanup code.
* Fixed builds when there is no TLS library.
* "make" failed with GZIP options.
* Fixed potential excess logging from the scheduler when removing
job files.
- Fixed a NULL pointer dereference bug in `httpGetSubField2`.
- Added FIPS-140 workarounds for GNU TLS.
- The scheduler no longer provides a default value for the
* Fixed a NULL pointer dereference bug in 'httpGetSubField2'.
* Added FIPS-140 workarounds for GNU TLS.
* The scheduler no longer provides a default value for the
description.
- The scheduler now logs jobs held for authentication using the
* The scheduler now logs jobs held for authentication using the
error level so it is clear what happened.
- The `lpadmin` command did not always update the PPD file for
changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords.
- The scheduler now uses both the group's membership list as well
* The 'lpadmin' command did not always update the PPD file for
changes to the 'cupsIPPSupplies' and 'cupsSNMPSupplies' keywords.
* The scheduler now uses both the group's membership list as well
as the various OS-specific membership functions to determine
whether a user belongs to a named group.
- Added USB quirks rule for HP LaserJet 1015.
- Fixed some PPD parser issues.
- The IPP parser no longer allows invalid member attributes in
* Added USB quirks rule for HP LaserJet 1015.
* Fixed some PPD parser issues.
* The IPP parser no longer allows invalid member attributes in
collections.
- The configure script now treats the "wheel" group as a
* The configure script now treats the "wheel" group as a
potential system group.
- Fixed IPP buffer overflow.
- Fixed memory disclosure issue in the scheduler.
- Fixed DoS issues in the scheduler.
- Fixed an issue with unsupported "sides" values in the IPP
* Fixed IPP buffer overflow.
* Fixed memory disclosure issue in the scheduler.
* Fixed DoS issues in the scheduler.
* Fixed an issue with unsupported "sides" values in the IPP
backend.
- The scheduler would restart continuously when idle and printers
* The scheduler would restart continuously when idle and printers
were not shared.
- Fixed an issue with `EXPECT !name WITH-VALUE ...` tests.
- Fixed a command ordering issue in the Zebra ZPL driver.
- Fixed a memory leak in `ppdOpen`.
* Fixed an issue with 'EXPECT !name WITH-VALUE ...' tests.
* Fixed a command ordering issue in the Zebra ZPL driver.
* Fixed a memory leak in 'ppdOpen'.
Changes in CUPS v2.3rc1:
- The `cups-config` script no longer adds extra libraries when linking against
* The 'cups-config' script no longer adds extra libraries when linking against
shared libraries.
- The supplied example print documents have been optimized for
* The supplied example print documents have been optimized for
size.
- The `cupsctl` command now prevents setting "cups-files.conf"
* The 'cupsctl' command now prevents setting "cups-files.conf"
directives.
- The "forbidden" message in the web interface is now explained.
- The footer in the web interface covered some content on small
* The "forbidden" message in the web interface is now explained.
* The footer in the web interface covered some content on small
displays.
- The libusb-based USB backend now enforces read limits,
* The libusb-based USB backend now enforces read limits,
improving print speed in many cases.
- The `ippeveprinter` command now looks for print commands in
* The 'ippeveprinter' command now looks for print commands in
the "command" subdirectory.
- The `ipptool` command now supports `$date-current` and
`$date-start` variables to insert the current and starting date
* The 'ipptool' command now supports '$date-current' and
'$date-start' variables to insert the current and starting date
and time values, as well as ISO-8601 relative time values such
as "PT30S" for 30 seconds in the future.
Changes in CUPS v2.3b8
- Media size matching now uses a tolerance of 0.5mm.
- The lpadmin command would hang with a bad PPD file.
- Fixed a potential crash bug in cups-driverd.
- Fixed a performance regression with large PPDs.
- Fixed a memory reallocation bug in HTTP header value expansion.
- Timed out job submission now yields an error.
- Restored minimal support for the `Emulators` keyword in PPD
* Media size matching now uses a tolerance of 0.5mm.
* The lpadmin command would hang with a bad PPD file.
* Fixed a potential crash bug in cups-driverd.
* Fixed a performance regression with large PPDs.
* Fixed a memory reallocation bug in HTTP header value expansion.
* Timed out job submission now yields an error.
* Restored minimal support for the 'Emulators' keyword in PPD
files to allow old Samsung printer drivers to continue to work.
- The scheduler did not encode octetString values like
* The scheduler did not encode octetString values like
"job-password" correctly for the print filters.
- The `cupsCheckDestSupported` function did not check octetString
* The 'cupsCheckDestSupported' function did not check octetString
values correctly.
- Added support for `UserAgentTokens` directive in "client.conf".
- Updated the systemd service file for cupsd.
- The `ippValidateAttribute` function did not catch all instances
* Added support for 'UserAgentTokens' directive in "client.conf".
* Updated the systemd service file for cupsd.
* The 'ippValidateAttribute' function did not catch all instances
of invalid UTF-8 strings.
- Fixed an issue with the self-signed certificates generated by
* Fixed an issue with the self-signed certificates generated by
GNU TLS.
- Fixed a potential memory leak when reading at the end of a
* Fixed a potential memory leak when reading at the end of a
file.
- Fixed potential unaligned accesses in the string pool.
- Fixed a potential memory leak when loading a PPD file.
- Added a USB quirks rule for the Lexmark E120n.
- Updated the USB quirks rule for Zebra label printers.
- The lpadmin command, web interface, and scheduler all queried
* Fixed potential unaligned accesses in the string pool.
* Fixed a potential memory leak when loading a PPD file.
* Added a USB quirks rule for the Lexmark E120n.
* Updated the USB quirks rule for Zebra label printers.
* The lpadmin command, web interface, and scheduler all queried
an IPP Everywhere printer differently, resulting in different
PPDs for the same printer.
- The web interface no longer provides access to the log files.
- Non-Kerberized printing to Windows via IPP was broken.
- The scheduler no longer stops a printer if an error occurs when
* The web interface no longer provides access to the log files.
* Non-Kerberized printing to Windows via IPP was broken.
* The scheduler no longer stops a printer if an error occurs when
a job is canceled or aborted.
- Added a USB quirks rule for the DYMO 450 Turbo.
- Added a USB quirks rule for Xerox printers.
- The scheduler's self-signed certificate did not include all of
* Added a USB quirks rule for the DYMO 450 Turbo.
* Added a USB quirks rule for Xerox printers.
* The scheduler's self-signed certificate did not include all of
the alternate names for the server when using GNU TLS.
- Fixed some PPD caching and IPP Everywhere PPD
* Fixed some PPD caching and IPP Everywhere PPD
accounting/password bugs.
- Fixed `PreserveJobHistory` bug with time values.
- The scheduler no longer advertises the HTTP methods it
* Fixed 'PreserveJobHistory' bug with time values.
* The scheduler no longer advertises the HTTP methods it
supports.
- The scheduler did not always idle exit as quickly as it could.
- Added a new `ippeveprinter` command based on the old ippserver
* The scheduler did not always idle exit as quickly as it could.
* Added a new 'ippeveprinter' command based on the old ippserver
sample code.
Changes in CUPS v2.3b7
- Running ppdmerge with the same input and output filenames did
* Running ppdmerge with the same input and output filenames did
not work as advertised.
- Rebase let-cupsd-start-after-network.patch and
* Rebase let-cupsd-start-after-network.patch and
cups-config-libs.patch.
- Drop issue5509-fix-utf-8-validation-issue.patch and
* Drop issue5509-fix-utf-8-validation-issue.patch and
issue5453.patch: fixed upstream.
-------------------------------------------------------------------
Thu Jun 25 12:24:13 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- make cups-devel pull in cups-rpm-helper to fix printer driver provides
(boo#1172407)
- make cups-devel pull in cups-rpm-helper to fix printer driver
provides (boo#1172407)
-------------------------------------------------------------------
Fri Jun 5 10:25:47 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
@ -359,9 +469,9 @@ Wed Mar 28 13:58:32 CEST 2018 - jsmeix@suse.de
were made that required a restart (Issue #5263)
* Fixed an Avahi crash bug in the scheduler (Issue #5268)
* TLS connections now properly timeout (rdar://34938533)
* Removed support for the `-D_PPD_DEPRECATED=""` developer
* Removed support for the '-D_PPD_DEPRECATED=""' developer
cheat - the PPD API should no longer be used.
* Removed support for `-D_IPP_PRIVATE_STRUCTURES=1` developer
* Removed support for '-D_IPP_PRIVATE_STRUCTURES=1' developer
cheat - the IPP accessor functions should be used instead.
* The symlink rastertodymo -> rastertolabel
in /usr/lib/cups/filter is no longer provided.

99
cups.keyring
View File

@ -1,54 +1,53 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
mQINBFo5hCYBEAD7WeR8qWUuD4Z3spmcjwIIcFsjF5V7MpqCZrGRcFiTH+MRiomQ
Ylr652+9JlQjS9e/6Gtist6ydADvHqELmg42wQX7MrOCTDfKpM/mP2InMIDkel16
SZbtBORR44LOzsZ9Cm7739M4hZWp2PVn+ElWJr6t3l9NXVZDXaPWugHlxUYYGz7O
UxfYdkFQ3ND5ST60+Ir8P7YoSfCvxi2dus6/One7dhuTGdm/8+EtwrFPJWgbVxah
FQHD8TKht3poGm6+mqgDley6soo4vUlUnYRbrEe+oXRnTx4Yih3FsXNez7IHFtJv
MzHPSLE+2KsWp1gylp4hgLc5NGUD67nRO8GDqkhLK+PgJERx1NozLXqBa4XaoC6F
rq4i3C+JSsWqWUUs85tpZHwEnZmfYMV+cWcUkuHRwhls2PIVzm2b2BALXV8MY9yO
w8EBTrPo1ae1AplCZnLQX7gBdgBhX6ou+UKXqrAlaqiXlaxY2psajrmY+IqUXJL9
H9IPMmzHz+apfAvIc4WY2APUI9BDT11gh8ko3ZWVUNxlL1rUwbCBjtwKdmVLLNmr
mU1JbKY9L1PAXElEbpyJ6KrXk49KrFE8lnhTE4g2rUZ0wdmzjbAL0oaBL5qdNupd
MjW20Y+PyYgvIrXNPTk/mhx79rAMlUIhNRYQhyATywr9/ubimhkNgYbcfQARAQAB
tBxDVVBTLm9yZyA8c2VjdXJpdHlAY3Vwcy5vcmc+iQJUBBMBCgA+FiEERdCDlG4w
NSgrPMqa9DQQQjXal+sFAlo5hCYCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQAC
HgECF4AACgkQ9DQQQjXal+v1Fg//YlAD/woMIwumfTIBGdc7oye+JLRKTXOnIDxb
VATpcSZOS6LMHy0x7k6kQ+G81r7NkfbQFHZRhvmf62qkg46JhPVJqWBqwVgrbQbk
RRFbo38NkZ37WW2xhImt8iGC8XjfpbfraVYaZQuU7Jbn4vrAppOZbzgVI1T2FIh/
+GXWbv4WV7hNaNvjREZl1UrzzCTpxrSBgoyx+1P6SwDHYWrC/gp4CMLEj6zf2Hwz
KyIU+FmW54LIZafnswgNpoW1taZx7iSWfvqoyySomtL0PwhYWpKAyIZDf+6cffjx
Fwp5UufEkLjyui0b/6DbCjyWiNHh8BT7niLZ54VXcO8IWr/kQH61s41xp0xU9/Pr
N7Mn22Qd5SCFcDmbFvSI8m7Gn61G8mUfCL2zeAMUkNuzZgc+p2VhRCr+/9gk2eEg
BOqxrrsKDa0g5mWLA0y8a5oohlXKM6SoyRcujCfQxO3rCD1+qM48Zm+4l/6NBg8w
wRJNKoARnR2c9wGvHRbJY3kXllnd/3Fk/EzXwilFK4Fk0uIk8AtMSTh0Se1KNEum
/AbUxRG50dq9pyrfYxsjhNmzu92NIR5sR5PyRQRbGDJkIlNEEbh87TBCrYqnKaPU
lev+476zFE/raaum/DL0ANOUQCtX5ftWEK2Xo1s28DEo2DzyJWmYSmr/wnf8wrp7
lNWA/F25Ag0EWjmEJgEQAPZvzo1nX/F4+9BGE9o0OSPZt/BLkusiyz6fd46k5vj7
LGPFpjtMxUxbPNhMJi3QVBhtb8yiNugRmE0sWaA7b2COsXT8jaHZ2EBV0XnTr4Tv
hSxNbdXu9fiDRFQ9x3D/LhDvDRgq0lKQw5cRBLCZw4as9Ytxn1WnS8evwhHRMMYL
/lCyviyyj8zczXPmdWLVlMbhD02Yf5DpteSyhjMTvZFJWZiIUupnM1WXppDo4/Id
nr2Sc5awhuFxdrSYFpaB5+hOdsjhDENcm+GY10iUNCqklCP5BZOeDprap7XwMElW
/chdrwovPYn54Sugl9oHjUOfiJLi/e4J+ey86+2sWY0rZvmOViR1w4NldB+GbEQW
/HOyTwo1Og36+7Ci9m2yothSC0wJAb5Bvg2tc1u4AsG2ylaxMFmwX226d2jJlFNl
2crNFaIE/Uuo7YqH8pcm9kVZ+0apLHoxtZFnZF5QzLmcA83YFFWkqjEfmdLobWXX
pZ+jPkHZDEhj21D+6LYCtUjDwnICySLoIawoMpkV+tdRyHuzxdYX1Nkh74mC2A7d
koxMw86CgXP4UHJwCYunN+rUi7oC8oI1isqtMK8MZhcPdlvE721+fpdAdBIo8KVs
RxQJ3vzhTuugZl5w3E8Jt7lC/q6CC6VI7V74fCNJjXiytrcpYg+FYCyfvxJ/4GH/
ABEBAAGJAjwEGAEKACYWIQRF0IOUbjA1KCs8ypr0NBBCNdqX6wUCWjmEJgIbDAUJ
B4YfgAAKCRD0NBBCNdqX65zoEACdIsOlto5FQtv2Yx/ayYklEsPgrx1IDnudvVUZ
C+vsDoF9aOUBjUvpHjdBWOBnc/ThOw8ARvOcZLT06HNyzvkJNjj05N+hy1hiSY5B
kL+TGCVkE/wUIDf69lt+KEG89EjpRDSTLDw8t05bEiaZ1XKfDmcIXbao38zhI2CD
r+h1eQotY8bGA7hC7knwQv4VRnN8zBgZhQZdapjC8fBoaY00YZ4wBvd4Yz13/HGi
gXssFNd35n+K+mnUaqulLIwjVfN1/luOubTpqCGVtSEVvHiq7XVRR6cSc345vFMa
3AtRtHKQpZutEz08gZqrXXwALom+HWNbPqdHXEE/mZxvpEVMQr325KLKSPQGZSCq
s8AFeYLYf66gn7T50VX5ws9sGANVvq1CHbouSbfc+UJkibeKG4/jSlqUwWNktEEJ
hI+yGJP5xitfA4IGPaipfVHsxP1z37oht6BTj0zUlfEg9YoPmuHEAhxP7CGOatMM
QkRQ7l0W3F05XL1HzynDnKkEigAUlwhq8Z5oO3Vf9b0MJg/V6T2+jzGIcy0PmliX
rR6FQB5SMRaGCrJxSaPeadnSkJOpFM0dRqKDB049IAIbSxz5ZuqCpbB8tH17ezqu
J3b3cDsSI2TOkacnMo01+IUcrgySKwl/4eUHd92FSq/m085HOQnlae4fjjJ/7qDd
/yDo+w==
=padA
mQINBFplA9UBEACjPmClfkcn4YO05KHTyClVseJYVzGGHl+HLZGFPoadk2UKh3DD
UAoNruBMQS4xFd1MNFZfduCntLIoLEzwwHAWMhEB5O9FZZZrlwN2my4xlWdaX/Bg
FGhVsqGGp5C4n81996f1EmWJS+nTXHPQx0LJ5ahai6wuXJUhJwGHRVsJeVMYg9XZ
eJgz73scH4ISFAIRTfH2PqkBqKL51quUN6E/poSA1iggsPa0tg6klb+kUGvvMjGO
JUGg0L0lSwmJWbfbA6usD0ERSXA5h+TeSKTwuxTVYNTUpnVhSwfv5+wYHsoaeAiN
qbqbHw6TpJS5NvyClQLXE45Y1u/COlUvWA7/ThmRfP8LDgNXHQgdgOVv8eh/3Wos
zLfbw+wWFvaRCDZdzWBmUfJrS6K7dsABr6AQf5khqvazRv/Ma8ovNSd1WUUKTAm2
O1/eOydFLJpNaiyYc+ETbjdD//hKtiSCf6sxER5uE0cKiWhMQeFGgesgzRYjSKCg
Pk4Elux8q61uWqqPNjngFgRYRDuD/4jvTdD4mQqp+ASUYl1eXliKVH9tYJB4tcQ8
n7+szE+Czh7iSKvCCTV2VHfYASHYT79efDhtrmbB/Q2Vkoyuxl78PHKM0m/6hZze
+G1Cp4R3Ood/pOKlDrQdAWWlwOErZEu4pMSHoLJeuXfdFW7bAmEyKkoFZQARAQAB
tCtNaWNoYWVsIFIgU3dlZXQgPG1pY2hhZWwuci5zd2VldEBnbWFpbC5jb20+iQJU
BBMBCgA+FiEEhFRkZgtoaqs2VAtvmZVZoCeBWVUFAlplA9UCGwMFCQeGH4AFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQmZVZoCeBWVWyeQ//S3hfd0chikcg4m/r
EScY2cFL3WxIAexKcDmFOsKZG85fyJxQYQzaZ5zccXWye6t15Y06W4iglE1WFXGB
b3ZYgUev3iNZYjUHNaEB7GvSdtZ8e0RCbj/p/t2JEzU8c0KtGqbeyFXg3EMkGdad
TRh6y8BatGzAdq2aFbmIW5irfLf4BxUB3NnHs93cfkt7heHIN8S7VNViAK0gXdeL
yukHGG9wE0oRIp2Zln6WSnLFH9bdDFgl6lRa0KEQCgh75MsP+y5V0JMGwOtzV5hE
eH0Lz12xJx0MgHacFOwH1YUiVAPDH0Uk/uVuZRWRAdcU5rBQQN4jg8vJjc+25E2l
HpkoLKYPWWHcCG6yl2mVDjgnnM1hzqkbhftXiI0HrZuidM11sMPj0s1xSer/AOaY
SANNnv5CBxojD6M08KAMKk6HzcLILLdbqEjnWuGI8Yt8rT8YfwQBPZeGzfi/8ZMr
f7vM3wqrx+25kASo3luVw6M6YJmuPTwQrQ2HPI7EHDOuLB/o7B0RpUORVC8pHH/Y
aiRzOJghiLxUgi26d4XwwiXd7m1zatCcl6Or0AdVVhbKthQC33HbBTwW9hYXyeK+
sssKaFundLPa3me+BqWTy5bSyc3spCWjK8Bsr5BoUV9mTX60UUsTDzI94DOei8+i
05ksTD5du5kk+tq4PWJWgNfUlOa5Ag0EWmUD1QEQANL89kasctOoEuleT0FlqpMh
1JwF1piS3ek1NjFBUBFxIBKoWnftxfaisanSStN5HDqs1mGCRtQ8/HOsSjjDufcM
7JSXe+IX2dKE85FrlNA5QmpFDf7cAkQqM4y/IbEsOI1f79zIKeS7i0l1oXUZ9bRn
dVUcZb52p3tjw1oTfo1QwKWsUq+93ontCsS1aGm5GLmHFJozoBbrk4+XOBNgsmbi
gcRnVopeCE99kdJTJc1YIndLtED3tDhzJJ/kqpQS9iDs6RNDs9FlYF7vlyD1i6yx
94WdE+xHJUdG4mCu0GxqQyCSmbU5A3SHOKSJ4NrNDNn+5e9Oh8WeK3x/Hn0WBVYg
Eyn4EEilHGhhzuFh7US+QX8AM2R21SrfU7rcbUQ+ZFCIhe5p8aT5MsUF8cztBjcu
IDKO9TirI3+OcEFRS0k1vOubXdRdeoxY89Ap9ssVxvGeJJcipmSVrTsxI3oqS/A9
DNAgIXC0VeZGYfjq6bcFH0+klgJxaY3PuvCspe0XfFQyFMqNvfNFZD5ZAj5DMeOa
wfJMTjw1eHILZLWPYOBXgyIW7RvKrOks+my6+vyFeqNkWKLHxXW7Fu57I0JSlBR+
Zef+s8hZdAju756e79mk4sMiT/2Pfsty1RBwi5JTF+r8A7p6l+ZqLVa5tr07L+Js
QF8+F2fcwGRuRdZsmYOnABEBAAGJAjwEGAEKACYWIQSEVGRmC2hqqzZUC2+ZlVmg
J4FZVQUCWmUD1QIbDAUJB4YfgAAKCRCZlVmgJ4FZVQiRD/4gf2L4CU+zjviH12FC
DZudGDOw4f6f2Q82Z0J45mtOmVUcoqVo5jzl+H1tR2D0XlV+LG7YpegMS06GvOMl
HG3e+0M5IGwhG/Lv0aq7TA4Hd13ZJaHQvieLXbQzelAE0bbn8QeKSMYrJfGzl0v7
zZfBQt7L2t06HQKIkfJDAwFRiNs/EbvLHslOq7VDjoEqxFkRsL1Ie3efOb1ZejeS
b5smfaDJ94plO2Goaj1IHrngQhXu4v+PLqSYQgu4lRUmSOg7FAn/JpWHSsDRf1zf
EW/TyM4ctO05vS//mdMI4xR3D0RMvZieUOUUjjFk0xlWcvboroiZrlz7Xb64uvZw
XGA9iJ1j4IlsBmuE7L6Q61i/o7KR4DlLVMoOPYLpMwtVITWf7HDFiww37JaQutoA
eRvO/GLd7X7aDcB6XReGCYSeD1wczDap+fBkKQlNEctHizkIJG2PD0pNz9EUKeTa
xh0csb+548c/DccCSx62siNSi3WnQwvbbDUVNftGHfifa15d350072jb8LP57O20
GzhdE+0raeg8GqqSeT1MApdInL3BMP+LQxuSpEnEQx9Nsu4bpuSplcTPUot+fNJb
uwg7uetsyqagUI6HSYwbPbmU2ELor+P2LP81Yexwkf/DE215mrIITXnr+dqL5+NG
nNLcOZRqTFo/oxx+IaRhSJ6adg==
=YD80
-----END PGP PUBLIC KEY BLOCK-----

60
cups.spec
View File

@ -16,6 +16,12 @@
#
# Cf. https://rpm.org/user_doc/conditional_builds.html
# by default enable testsuite (i.e. in the 'check' section run make check and make test)
#bcond_without testsuite
# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
%bcond_with testsuite
# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
Name: cups
@ -23,24 +29,25 @@ Name: cups
# "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
# "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
# version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
Version: 2.3.3
Version: 2.3.3op2
Release: 0
Summary: The Common UNIX Printing System
License: Apache-2.0
Group: Hardware/Printing
URL: http://www.cups.org/
# To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
Source0: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
# To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
Source1: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
# To get Source2 go to https://www.cups.org/pgp.html
# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
# To get Source2 go to https://www.msweet.org/pgp.html
# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
Source2: cups.keyring
# To manually verify Source0 with Source1 and Source2 do e.g.
# gpg --import cups.keyring
# gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired'
# gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz
# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
Source102: Postscript.ppd.gz
Source105: Postscript-level1.ppd.gz
Source106: Postscript-level2.ppd.gz
@ -58,8 +65,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch
Patch11: cups-2.1.0-default-webcontent-path.patch
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
Patch12: cups-2.1.0-cups-systemd-socket.patch
# Patch42 Let cupsd start after possible network connection (boo#1111351)
Patch42: let-cupsd-start-after-network.patch
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
Patch100: cups-pam.diff
@ -75,9 +80,6 @@ Patch101: cups-2.0.3-additional_policies.patch
Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
Patch104: cups-config-libs.patch
# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
# access to uninitialized buffer in ipp.c
Patch105: CVE-2020-10001.patch
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
# Build Requirements:
@ -284,8 +286,6 @@ printer drivers for CUPS.
%patch11 -b default-webcontent-path.orig
# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
#patch12 -b cups-systemd-socket.orig
# Patch42 Let cupsd start after possible network connection (boo#1111351)
%patch42 -p0
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
%patch100 -b cups-pam.orig
@ -301,9 +301,6 @@ printer drivers for CUPS.
%patch103 -b do_not_strip_recommended_from_PPDs.orig
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
%patch104 -b cups-config-libs.orig
# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
# access to uninitialized buffer in ipp.c
%patch105 -b CVE-2020-10001.orig
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
%patch106 -p1
@ -401,13 +398,6 @@ rm -rf %{buildroot}%{_datadir}/icons
# because if upstream changed it 'sed' would silently no longer change the files:
grep -q '^# Configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
sed -i -e 's/^# Configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
# Install the systemd control files:
mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path
mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service
mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket
mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket
mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service
sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service
# rcbla aliases:
ln -s service %{buildroot}%{_sbindir}/rccups
ln -s service %{buildroot}%{_sbindir}/rccups-lpd
@ -436,6 +426,19 @@ EOF
# boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869
%fdupes -s %{buildroot}/%{_datadir}/cups/templates
%check
%if %{with testsuite}
# There appears to be some kind of race condition when running make check and make test
# cf. https://github.com/OpenPrinting/cups/issues/155
# We print all logs for debugging purposes if either testsuite fails
echo "DEBUG: running make check"
bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
echo "DEBUG: running make test"
bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
%else
echo "DEBUG: skipped running make check and make test, cf. https://github.com/OpenPrinting/cups/issues/155"
%endif
%pre -p /bin/bash
getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin
%service_add_pre cups.service cups-lpd.socket cups.socket
@ -453,6 +456,9 @@ getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin
%postun -p /bin/bash
%service_del_postun cups.service cups-lpd.socket cups.socket
# Removed code comments from expanded scriptlets to reduce scriptlet size in binary RPMs
# but then users could no longer see the comments via "rpm -q --scripts cups"
# cf. https://build.opensuse.org/request/show/879976
%posttrans -p /bin/bash
%if 0
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe

24
let-cupsd-start-after-network.patch
View File

@ -1,24 +0,0 @@
From: Werner Fink <werner@ssue.de>
Date: Thu, 18 Oct 2018 05:32:42 +0000
Subject: Let cupsd start after possible network connection
For remote printer and printer servers, let cupsd always
start after a possible network connection. This let cupsd
also stop before a used network connection goes down, hence
the cups does not lock due waiting on remote printers.
---
scheduler/org.cups.cupsd.service.in | 1 +
1 file changed, 1 insertion(+)
--- scheduler/org.cups.cupsd.service.in
+++ scheduler/org.cups.cupsd.service.in 2018-10-18 05:16:30.867333704 +0000
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=sssd.service
+After=sssd.service network.target
[Service]
ExecStart=@sbindir@/cupsd -l