diff --git a/CVE-2020-10001.patch b/CVE-2020-10001.patch deleted file mode 100644 index b75ad18..0000000 --- a/CVE-2020-10001.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- cups/ipp.c.orig 2021-01-11 10:53:43.080847679 +0100 -+++ cups/ipp.c 2021-01-11 12:03:56.010423238 +0100 -@@ -2965,7 +2965,8 @@ ippReadIO(void *src, /* I - Data - unsigned char *buffer, /* Data buffer */ - string[IPP_MAX_TEXT], - /* Small string buffer */ -- *bufptr; /* Pointer into buffer */ -+ *bufptr, /* Pointer into buffer */ -+ *bufend; /* End of buffer */ - ipp_attribute_t *attr; /* Current attribute */ - ipp_tag_t tag; /* Current tag */ - ipp_tag_t value_tag; /* Current value tag */ -@@ -3524,6 +3525,7 @@ ippReadIO(void *src, /* I - Data - } - - bufptr = buffer; -+ bufend = buffer + n; - - /* - * text-with-language and name-with-language are composite -@@ -3537,7 +3539,7 @@ ippReadIO(void *src, /* I - Data - - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string)) -+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string)) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP language length overflows value."), 1); -@@ -3564,7 +3566,7 @@ ippReadIO(void *src, /* I - Data - bufptr += 2 + n; - n = (bufptr[0] << 8) | bufptr[1]; - -- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE)) -+ if ((bufptr + 2 + n) > bufend) - { - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, - _("IPP string length overflows value."), 1); diff --git a/cups-2.3.3-source.tar.gz b/cups-2.3.3-source.tar.gz deleted file mode 100644 index f541e88..0000000 --- a/cups-2.3.3-source.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee -size 8140741 diff --git a/cups-2.3.3-source.tar.gz.sig b/cups-2.3.3-source.tar.gz.sig deleted file mode 100644 index b06f632..0000000 Binary files a/cups-2.3.3-source.tar.gz.sig and /dev/null differ diff --git a/cups-2.3.3op2-source.tar.gz b/cups-2.3.3op2-source.tar.gz new file mode 100644 index 0000000..8fbce0d --- /dev/null +++ b/cups-2.3.3op2-source.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df +size 7993205 diff --git a/cups-2.3.3op2-source.tar.gz.sig b/cups-2.3.3op2-source.tar.gz.sig new file mode 100644 index 0000000..f52be61 Binary files /dev/null and b/cups-2.3.3op2-source.tar.gz.sig differ diff --git a/cups.changes b/cups.changes index d7b24ab..9e90d8a 100644 --- a/cups.changes +++ b/cups.changes @@ -1,13 +1,123 @@ +------------------------------------------------------------------- +Tue Apr 6 11:34:50 CEST 2021 - jsmeix@suse.de + +- Disable testsuite for now via "bcond_with testsuite" + until https://github.com/OpenPrinting/cups/issues/155 is fixed + +------------------------------------------------------------------- +Thu Mar 25 20:47:22 CET 2021 - Florian + +- Add "testsuite" conditional that disables anything within %check + ------------------------------------------------------------------- Fri Mar 19 12:02:38 UTC 2021 - Samuel Cabrero - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960) +------------------------------------------------------------------- +Fri Mar 19 11:25:44 UTC 2021 - Florian + +- Upstream changed to https://github.com/OpenPrinting/cups +- Added %check section to specfile that executes + the old 'make check' and the new (see 2.3.3op1) 'make test' +- Version upgrade to 2.3.3op2: + * Security: Fixed a buffer (read) overflow + in the ippReadIO function (CVE-2020-10001) + * Clarified the documentation for the "Listen" directive + * Fixed duplicate ColorModel entries for AirPrint printers + * Fixed directory/permission defaults for Debian + kfreebsd-based systems + * Fixed crash bug in ppdOpen + * Fixed regression in snprintf emulation function + * The scheduler's systemd service file now waits + for the nslcd service to start + * The libusb-based USB backend now uses a simpler read timer + implementation to avoid a regression in a previous change + * The PPD caching code now only tracks the APPrinterIconPath + value on macOS + * Fixed segfault in help.cgi when searching in man pages + * Root certificates were incorrectly stored in "~/.cups/ssl". + * Version upgrade to 2.3.3op1: + * The automated test suite can now be activated using make test + for consistency with other projects and CI environments - the + old make check continues to work as well, and the previous test + server behavior can be accessed by running make testserver. + * ippeveprinter now supports multiple icons and strings files. + * ippeveprinter now uses the system's FQDN with Avahi. + * ippeveprinter now supports Get-Printer-Attributes on "/". + * ippeveprinter now uses a deterministic "printer-uuid" value. + * ippeveprinter now uses system sounds on macOS + for Identify-Printer. + * Updated ippfind to look for files in "~/Desktop" on Windows. + * Updated ippfind to honor SKIP-XXX directives with PAUSE. + * Updated IPP Everywhere support to work around printers that only + advertise color raster support but really also support grayscale + * ipptool now supports DNS-SD URIs like + ipps://My%20Printer._ipps._tcp.local + * The scheduler now allows root backends to have world read + permissions but not world execute permissions + * Failures to bind IPv6 listener sockets no longer cause errors + if IPv6 is disabled on the host + * The SNMP backend now supports the HP and Ricoh vendor MIBs + * The scheduler no longer includes a timestamp in files it writes + * The systemd service names are now "cups.service" + and "cups-lpd.service" + * The scheduler no longer adds the local hostname to + the ServerAlias list + * Added LogFileGroup directive in "cups-files.conf" to control + the group owner of log files + * Added --with-max-log-size configure option + * Added --enable-sync-on-close configure option + * Added --with-error-policy configure option + * IPP Everywhere PPDs could have an "unknown" default InputSlot + * The httpAddrListen function now uses a listen backlog of 128. + * Added USB quirks + * Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. + * Fixed DNS-SD name collision support in ippeveprinter. + * Fixed compiler and code analyzer warnings. + * Fixed TLS support on Windows. + * Fixed ippfind sub-type searches with Avahi. + * Fixed the default hostname used by ippeveprinter on macOS. + * Fixed resolution of local IPP-USB printers with Avahi. + * Fixed coverity issues + * Fixed httpAddrConnect issues + * Fixed web interface device URI issue + * Fixed lp/lpr "printer/class not found" error reporting + * Fixed xinetd support for LPD clients + * Fixed libtool build issue + * Fixed a memory leak in the scheduler + * Fixed a potential integer overflow in the PPD hashing code + * Fixed output-bin and print-quality handling issues + * Fixed PPD options getting mapped to odd IPP values + like "tray---4" + * Fixed remote access to the cupsd.conf and log files + * Fixed the automated test suite when running in certain + build/CI environments + * Fixed a logging regression caused by a previous change + for Apple issue #5604 + * Fixed fax phone number handling with GNOME + * Fixed potential rounding error in rastertopwg filter + * Fixed the "uri-security-supported" value from the scheduler + * Fixed IPP backend crash bug with "printer-alert" values + * Removed old Solaris inetconv(1m) reference in cups-lpd man page + * Fixed default options that incorrectly use the "custom" prefix + * Fixed a memory leak when resolving DNS-SD URIs + * Fixed systemd status reporting by adopting the notify interface + * Fixed crash in rastertopwg + * Fixed cupsManualCopies values in IPP Everywhere PPDs +- Removed let-cupsd-start-after-network.patch + as it is no longer required +- Removed CVE-2020-10001.patch as a fix as been merged upstream +- Removed section of specfile responsible for + renaming "org.cups.cups*" systemd files to cups*, due to + upstream renaming these files + ------------------------------------------------------------------- Thu Mar 18 18:18:18 UTC 2021 - olaf@aepfle.de - Remove code comments from expanded scriptlets to reduce size + cf. https://build.opensuse.org/request/show/879976 ------------------------------------------------------------------- Tue Feb 2 14:22:38 CET 2021 - jsmeix@suse.de @@ -19,161 +129,161 @@ Tue Feb 2 14:22:38 CET 2021 - jsmeix@suse.de Wed Oct 14 09:11:00 UTC 2020 - Michael Gorse - Version upgrade to 2.3.3: - - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI - constraint. `ppdcSource::get_resolution` function did not + * CVE-2020-3898: The 'ppdOpen' function did not handle invalid UI + constraint. 'ppdcSource::get_resolution' function did not handle invalid resolution strings. - - CVE-2019-8842: The `ippReadIO` function may under-read an + * CVE-2019-8842: The 'ippReadIO' function may under-read an extension field. - - Fixed WARNING_OPTIONS support for GCC 9.x + * Fixed WARNING_OPTIONS support for GCC 9.x Changes in CUPS 2.3.2: Localization updates Changes in CUPS 2.3.1: - - CVE-2019-2228: The `ippSetValuetag` function did not validate + * CVE-2019-2228: The 'ippSetValuetag' function did not validate the default language value. - - Fixed a crash bug in the web interface. - - The PPD cache code now looks up page sizes using their + * Fixed a crash bug in the web interface. + * The PPD cache code now looks up page sizes using their dimensions. - - PPD files containing "custom" option keywords did not work. - - Added a workaround for the scheduler's systemd support. - - Added a DigestOptions directive for the `client.conf` file to + * PPD files containing "custom" option keywords did not work. + * Added a workaround for the scheduler's systemd support. + * Added a DigestOptions directive for the 'client.conf' file to control whether MD5-based Digest authentication is allowed. - - Fixed a bug in the handling of printer resource files. - - The libusb-based USB backend now reports an error when the + * Fixed a bug in the handling of printer resource files. + * The libusb-based USB backend now reports an error when the distribution permissions are wrong. - - Added paint can labels to Dymo driver. - - The `ippeveprinter` program now supports authentication. - - The `ippeveprinter` program now advertises DNS-SD services on + * Added paint can labels to Dymo driver. + * The 'ippeveprinter' program now supports authentication. + * The 'ippeveprinter' program now advertises DNS-SD services on the correct interfaces, and provides a way to turn them off. - - The `--with-dbusdir` option was ignored by the configure + * The '--with-dbusdir' option was ignored by the configure script. - - Sandboxed applications were not able to get the default + * Sandboxed applications were not able to get the default printer. - - Log file access controls were not preserved by `cupsctl`. - - Default printers set with `lpoptions` did not work in all + * Log file access controls were not preserved by 'cupsctl'. + * Default printers set with 'lpoptions' did not work in all cases. - - Fixed an error in the jobs web interface template. - - Fixed an off-by-one error in `ippEnumString`. - - Fixed some new compiler warnings. - - Fixed a few issues with the Apple Raster support. - - The IPP backend did not detect all cases where a job should be + * Fixed an error in the jobs web interface template. + * Fixed an off-by-one error in 'ippEnumString'. + * Fixed some new compiler warnings. + * Fixed a few issues with the Apple Raster support. + * The IPP backend did not detect all cases where a job should be retried using a raster format. - - Fixed spelling of "fold-accordion". - - Fixed the default common name for TLS certificates used by - `ippeveprinter`. - - Fixed the option names used for IPP Everywhere finishing + * Fixed spelling of "fold-accordion". + * Fixed the default common name for TLS certificates used by + 'ippeveprinter'. + * Fixed the option names used for IPP Everywhere finishing options. - - Added support for the second roll of the DYMO Twin/DUO label + * Added support for the second roll of the DYMO Twin/DUO label printers. Changes in CUPS v2.3.0: - - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows. - - Added a GPL2/LGPL2 exception to the new CUPS license terms. - - Fixed a bug in the scheduler job cleanup code. - - Fixed builds when there is no TLS library. - - "make" failed with GZIP options. - - Fixed potential excess logging from the scheduler when removing + * CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows. + * Added a GPL2/LGPL2 exception to the new CUPS license terms. + * Fixed a bug in the scheduler job cleanup code. + * Fixed builds when there is no TLS library. + * "make" failed with GZIP options. + * Fixed potential excess logging from the scheduler when removing job files. - - Fixed a NULL pointer dereference bug in `httpGetSubField2`. - - Added FIPS-140 workarounds for GNU TLS. - - The scheduler no longer provides a default value for the + * Fixed a NULL pointer dereference bug in 'httpGetSubField2'. + * Added FIPS-140 workarounds for GNU TLS. + * The scheduler no longer provides a default value for the description. - - The scheduler now logs jobs held for authentication using the + * The scheduler now logs jobs held for authentication using the error level so it is clear what happened. - - The `lpadmin` command did not always update the PPD file for - changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords. - - The scheduler now uses both the group's membership list as well + * The 'lpadmin' command did not always update the PPD file for + changes to the 'cupsIPPSupplies' and 'cupsSNMPSupplies' keywords. + * The scheduler now uses both the group's membership list as well as the various OS-specific membership functions to determine whether a user belongs to a named group. - - Added USB quirks rule for HP LaserJet 1015. - - Fixed some PPD parser issues. - - The IPP parser no longer allows invalid member attributes in + * Added USB quirks rule for HP LaserJet 1015. + * Fixed some PPD parser issues. + * The IPP parser no longer allows invalid member attributes in collections. - - The configure script now treats the "wheel" group as a + * The configure script now treats the "wheel" group as a potential system group. - - Fixed IPP buffer overflow. - - Fixed memory disclosure issue in the scheduler. - - Fixed DoS issues in the scheduler. - - Fixed an issue with unsupported "sides" values in the IPP + * Fixed IPP buffer overflow. + * Fixed memory disclosure issue in the scheduler. + * Fixed DoS issues in the scheduler. + * Fixed an issue with unsupported "sides" values in the IPP backend. - - The scheduler would restart continuously when idle and printers + * The scheduler would restart continuously when idle and printers were not shared. - - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests. - - Fixed a command ordering issue in the Zebra ZPL driver. - - Fixed a memory leak in `ppdOpen`. + * Fixed an issue with 'EXPECT !name WITH-VALUE ...' tests. + * Fixed a command ordering issue in the Zebra ZPL driver. + * Fixed a memory leak in 'ppdOpen'. Changes in CUPS v2.3rc1: - - The `cups-config` script no longer adds extra libraries when linking against + * The 'cups-config' script no longer adds extra libraries when linking against shared libraries. - - The supplied example print documents have been optimized for + * The supplied example print documents have been optimized for size. - - The `cupsctl` command now prevents setting "cups-files.conf" + * The 'cupsctl' command now prevents setting "cups-files.conf" directives. - - The "forbidden" message in the web interface is now explained. - - The footer in the web interface covered some content on small + * The "forbidden" message in the web interface is now explained. + * The footer in the web interface covered some content on small displays. - - The libusb-based USB backend now enforces read limits, + * The libusb-based USB backend now enforces read limits, improving print speed in many cases. - - The `ippeveprinter` command now looks for print commands in + * The 'ippeveprinter' command now looks for print commands in the "command" subdirectory. - - The `ipptool` command now supports `$date-current` and - `$date-start` variables to insert the current and starting date + * The 'ipptool' command now supports '$date-current' and + '$date-start' variables to insert the current and starting date and time values, as well as ISO-8601 relative time values such as "PT30S" for 30 seconds in the future. Changes in CUPS v2.3b8 - - Media size matching now uses a tolerance of 0.5mm. - - The lpadmin command would hang with a bad PPD file. - - Fixed a potential crash bug in cups-driverd. - - Fixed a performance regression with large PPDs. - - Fixed a memory reallocation bug in HTTP header value expansion. - - Timed out job submission now yields an error. - - Restored minimal support for the `Emulators` keyword in PPD + * Media size matching now uses a tolerance of 0.5mm. + * The lpadmin command would hang with a bad PPD file. + * Fixed a potential crash bug in cups-driverd. + * Fixed a performance regression with large PPDs. + * Fixed a memory reallocation bug in HTTP header value expansion. + * Timed out job submission now yields an error. + * Restored minimal support for the 'Emulators' keyword in PPD files to allow old Samsung printer drivers to continue to work. - - The scheduler did not encode octetString values like + * The scheduler did not encode octetString values like "job-password" correctly for the print filters. - - The `cupsCheckDestSupported` function did not check octetString + * The 'cupsCheckDestSupported' function did not check octetString values correctly. - - Added support for `UserAgentTokens` directive in "client.conf". - - Updated the systemd service file for cupsd. - - The `ippValidateAttribute` function did not catch all instances + * Added support for 'UserAgentTokens' directive in "client.conf". + * Updated the systemd service file for cupsd. + * The 'ippValidateAttribute' function did not catch all instances of invalid UTF-8 strings. - - Fixed an issue with the self-signed certificates generated by + * Fixed an issue with the self-signed certificates generated by GNU TLS. - - Fixed a potential memory leak when reading at the end of a + * Fixed a potential memory leak when reading at the end of a file. - - Fixed potential unaligned accesses in the string pool. - - Fixed a potential memory leak when loading a PPD file. - - Added a USB quirks rule for the Lexmark E120n. - - Updated the USB quirks rule for Zebra label printers. - - The lpadmin command, web interface, and scheduler all queried + * Fixed potential unaligned accesses in the string pool. + * Fixed a potential memory leak when loading a PPD file. + * Added a USB quirks rule for the Lexmark E120n. + * Updated the USB quirks rule for Zebra label printers. + * The lpadmin command, web interface, and scheduler all queried an IPP Everywhere printer differently, resulting in different PPDs for the same printer. - - The web interface no longer provides access to the log files. - - Non-Kerberized printing to Windows via IPP was broken. - - The scheduler no longer stops a printer if an error occurs when + * The web interface no longer provides access to the log files. + * Non-Kerberized printing to Windows via IPP was broken. + * The scheduler no longer stops a printer if an error occurs when a job is canceled or aborted. - - Added a USB quirks rule for the DYMO 450 Turbo. - - Added a USB quirks rule for Xerox printers. - - The scheduler's self-signed certificate did not include all of + * Added a USB quirks rule for the DYMO 450 Turbo. + * Added a USB quirks rule for Xerox printers. + * The scheduler's self-signed certificate did not include all of the alternate names for the server when using GNU TLS. - - Fixed some PPD caching and IPP Everywhere PPD + * Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs. - - Fixed `PreserveJobHistory` bug with time values. - - The scheduler no longer advertises the HTTP methods it + * Fixed 'PreserveJobHistory' bug with time values. + * The scheduler no longer advertises the HTTP methods it supports. - - The scheduler did not always idle exit as quickly as it could. - - Added a new `ippeveprinter` command based on the old ippserver + * The scheduler did not always idle exit as quickly as it could. + * Added a new 'ippeveprinter' command based on the old ippserver sample code. Changes in CUPS v2.3b7 - - Running ppdmerge with the same input and output filenames did + * Running ppdmerge with the same input and output filenames did not work as advertised. - - Rebase let-cupsd-start-after-network.patch and + * Rebase let-cupsd-start-after-network.patch and cups-config-libs.patch. - - Drop issue5509-fix-utf-8-validation-issue.patch and + * Drop issue5509-fix-utf-8-validation-issue.patch and issue5453.patch: fixed upstream. ------------------------------------------------------------------- Thu Jun 25 12:24:13 UTC 2020 - Ludwig Nussel -- make cups-devel pull in cups-rpm-helper to fix printer driver provides - (boo#1172407) +- make cups-devel pull in cups-rpm-helper to fix printer driver + provides (boo#1172407) ------------------------------------------------------------------- Fri Jun 5 10:25:47 UTC 2020 - Callum Farmer @@ -359,9 +469,9 @@ Wed Mar 28 13:58:32 CEST 2018 - jsmeix@suse.de were made that required a restart (Issue #5263) * Fixed an Avahi crash bug in the scheduler (Issue #5268) * TLS connections now properly timeout (rdar://34938533) - * Removed support for the `-D_PPD_DEPRECATED=""` developer + * Removed support for the '-D_PPD_DEPRECATED=""' developer cheat - the PPD API should no longer be used. - * Removed support for `-D_IPP_PRIVATE_STRUCTURES=1` developer + * Removed support for '-D_IPP_PRIVATE_STRUCTURES=1' developer cheat - the IPP accessor functions should be used instead. * The symlink rastertodymo -> rastertolabel in /usr/lib/cups/filter is no longer provided. diff --git a/cups.keyring b/cups.keyring index 4492ea0..ba121ef 100644 --- a/cups.keyring +++ b/cups.keyring @@ -1,54 +1,53 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: GPGTools - https://gpgtools.org -mQINBFo5hCYBEAD7WeR8qWUuD4Z3spmcjwIIcFsjF5V7MpqCZrGRcFiTH+MRiomQ -Ylr652+9JlQjS9e/6Gtist6ydADvHqELmg42wQX7MrOCTDfKpM/mP2InMIDkel16 -SZbtBORR44LOzsZ9Cm7739M4hZWp2PVn+ElWJr6t3l9NXVZDXaPWugHlxUYYGz7O -UxfYdkFQ3ND5ST60+Ir8P7YoSfCvxi2dus6/One7dhuTGdm/8+EtwrFPJWgbVxah -FQHD8TKht3poGm6+mqgDley6soo4vUlUnYRbrEe+oXRnTx4Yih3FsXNez7IHFtJv -MzHPSLE+2KsWp1gylp4hgLc5NGUD67nRO8GDqkhLK+PgJERx1NozLXqBa4XaoC6F -rq4i3C+JSsWqWUUs85tpZHwEnZmfYMV+cWcUkuHRwhls2PIVzm2b2BALXV8MY9yO -w8EBTrPo1ae1AplCZnLQX7gBdgBhX6ou+UKXqrAlaqiXlaxY2psajrmY+IqUXJL9 -H9IPMmzHz+apfAvIc4WY2APUI9BDT11gh8ko3ZWVUNxlL1rUwbCBjtwKdmVLLNmr -mU1JbKY9L1PAXElEbpyJ6KrXk49KrFE8lnhTE4g2rUZ0wdmzjbAL0oaBL5qdNupd -MjW20Y+PyYgvIrXNPTk/mhx79rAMlUIhNRYQhyATywr9/ubimhkNgYbcfQARAQAB -tBxDVVBTLm9yZyA8c2VjdXJpdHlAY3Vwcy5vcmc+iQJUBBMBCgA+FiEERdCDlG4w -NSgrPMqa9DQQQjXal+sFAlo5hCYCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQAC -HgECF4AACgkQ9DQQQjXal+v1Fg//YlAD/woMIwumfTIBGdc7oye+JLRKTXOnIDxb -VATpcSZOS6LMHy0x7k6kQ+G81r7NkfbQFHZRhvmf62qkg46JhPVJqWBqwVgrbQbk -RRFbo38NkZ37WW2xhImt8iGC8XjfpbfraVYaZQuU7Jbn4vrAppOZbzgVI1T2FIh/ -+GXWbv4WV7hNaNvjREZl1UrzzCTpxrSBgoyx+1P6SwDHYWrC/gp4CMLEj6zf2Hwz -KyIU+FmW54LIZafnswgNpoW1taZx7iSWfvqoyySomtL0PwhYWpKAyIZDf+6cffjx -Fwp5UufEkLjyui0b/6DbCjyWiNHh8BT7niLZ54VXcO8IWr/kQH61s41xp0xU9/Pr -N7Mn22Qd5SCFcDmbFvSI8m7Gn61G8mUfCL2zeAMUkNuzZgc+p2VhRCr+/9gk2eEg -BOqxrrsKDa0g5mWLA0y8a5oohlXKM6SoyRcujCfQxO3rCD1+qM48Zm+4l/6NBg8w -wRJNKoARnR2c9wGvHRbJY3kXllnd/3Fk/EzXwilFK4Fk0uIk8AtMSTh0Se1KNEum -/AbUxRG50dq9pyrfYxsjhNmzu92NIR5sR5PyRQRbGDJkIlNEEbh87TBCrYqnKaPU -lev+476zFE/raaum/DL0ANOUQCtX5ftWEK2Xo1s28DEo2DzyJWmYSmr/wnf8wrp7 -lNWA/F25Ag0EWjmEJgEQAPZvzo1nX/F4+9BGE9o0OSPZt/BLkusiyz6fd46k5vj7 -LGPFpjtMxUxbPNhMJi3QVBhtb8yiNugRmE0sWaA7b2COsXT8jaHZ2EBV0XnTr4Tv -hSxNbdXu9fiDRFQ9x3D/LhDvDRgq0lKQw5cRBLCZw4as9Ytxn1WnS8evwhHRMMYL -/lCyviyyj8zczXPmdWLVlMbhD02Yf5DpteSyhjMTvZFJWZiIUupnM1WXppDo4/Id -nr2Sc5awhuFxdrSYFpaB5+hOdsjhDENcm+GY10iUNCqklCP5BZOeDprap7XwMElW -/chdrwovPYn54Sugl9oHjUOfiJLi/e4J+ey86+2sWY0rZvmOViR1w4NldB+GbEQW -/HOyTwo1Og36+7Ci9m2yothSC0wJAb5Bvg2tc1u4AsG2ylaxMFmwX226d2jJlFNl -2crNFaIE/Uuo7YqH8pcm9kVZ+0apLHoxtZFnZF5QzLmcA83YFFWkqjEfmdLobWXX -pZ+jPkHZDEhj21D+6LYCtUjDwnICySLoIawoMpkV+tdRyHuzxdYX1Nkh74mC2A7d -koxMw86CgXP4UHJwCYunN+rUi7oC8oI1isqtMK8MZhcPdlvE721+fpdAdBIo8KVs -RxQJ3vzhTuugZl5w3E8Jt7lC/q6CC6VI7V74fCNJjXiytrcpYg+FYCyfvxJ/4GH/ -ABEBAAGJAjwEGAEKACYWIQRF0IOUbjA1KCs8ypr0NBBCNdqX6wUCWjmEJgIbDAUJ -B4YfgAAKCRD0NBBCNdqX65zoEACdIsOlto5FQtv2Yx/ayYklEsPgrx1IDnudvVUZ -C+vsDoF9aOUBjUvpHjdBWOBnc/ThOw8ARvOcZLT06HNyzvkJNjj05N+hy1hiSY5B -kL+TGCVkE/wUIDf69lt+KEG89EjpRDSTLDw8t05bEiaZ1XKfDmcIXbao38zhI2CD -r+h1eQotY8bGA7hC7knwQv4VRnN8zBgZhQZdapjC8fBoaY00YZ4wBvd4Yz13/HGi -gXssFNd35n+K+mnUaqulLIwjVfN1/luOubTpqCGVtSEVvHiq7XVRR6cSc345vFMa -3AtRtHKQpZutEz08gZqrXXwALom+HWNbPqdHXEE/mZxvpEVMQr325KLKSPQGZSCq -s8AFeYLYf66gn7T50VX5ws9sGANVvq1CHbouSbfc+UJkibeKG4/jSlqUwWNktEEJ -hI+yGJP5xitfA4IGPaipfVHsxP1z37oht6BTj0zUlfEg9YoPmuHEAhxP7CGOatMM -QkRQ7l0W3F05XL1HzynDnKkEigAUlwhq8Z5oO3Vf9b0MJg/V6T2+jzGIcy0PmliX -rR6FQB5SMRaGCrJxSaPeadnSkJOpFM0dRqKDB049IAIbSxz5ZuqCpbB8tH17ezqu -J3b3cDsSI2TOkacnMo01+IUcrgySKwl/4eUHd92FSq/m085HOQnlae4fjjJ/7qDd -/yDo+w== -=padA +mQINBFplA9UBEACjPmClfkcn4YO05KHTyClVseJYVzGGHl+HLZGFPoadk2UKh3DD +UAoNruBMQS4xFd1MNFZfduCntLIoLEzwwHAWMhEB5O9FZZZrlwN2my4xlWdaX/Bg +FGhVsqGGp5C4n81996f1EmWJS+nTXHPQx0LJ5ahai6wuXJUhJwGHRVsJeVMYg9XZ +eJgz73scH4ISFAIRTfH2PqkBqKL51quUN6E/poSA1iggsPa0tg6klb+kUGvvMjGO +JUGg0L0lSwmJWbfbA6usD0ERSXA5h+TeSKTwuxTVYNTUpnVhSwfv5+wYHsoaeAiN +qbqbHw6TpJS5NvyClQLXE45Y1u/COlUvWA7/ThmRfP8LDgNXHQgdgOVv8eh/3Wos +zLfbw+wWFvaRCDZdzWBmUfJrS6K7dsABr6AQf5khqvazRv/Ma8ovNSd1WUUKTAm2 +O1/eOydFLJpNaiyYc+ETbjdD//hKtiSCf6sxER5uE0cKiWhMQeFGgesgzRYjSKCg +Pk4Elux8q61uWqqPNjngFgRYRDuD/4jvTdD4mQqp+ASUYl1eXliKVH9tYJB4tcQ8 +n7+szE+Czh7iSKvCCTV2VHfYASHYT79efDhtrmbB/Q2Vkoyuxl78PHKM0m/6hZze ++G1Cp4R3Ood/pOKlDrQdAWWlwOErZEu4pMSHoLJeuXfdFW7bAmEyKkoFZQARAQAB +tCtNaWNoYWVsIFIgU3dlZXQgPG1pY2hhZWwuci5zd2VldEBnbWFpbC5jb20+iQJU +BBMBCgA+FiEEhFRkZgtoaqs2VAtvmZVZoCeBWVUFAlplA9UCGwMFCQeGH4AFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQmZVZoCeBWVWyeQ//S3hfd0chikcg4m/r +EScY2cFL3WxIAexKcDmFOsKZG85fyJxQYQzaZ5zccXWye6t15Y06W4iglE1WFXGB +b3ZYgUev3iNZYjUHNaEB7GvSdtZ8e0RCbj/p/t2JEzU8c0KtGqbeyFXg3EMkGdad +TRh6y8BatGzAdq2aFbmIW5irfLf4BxUB3NnHs93cfkt7heHIN8S7VNViAK0gXdeL +yukHGG9wE0oRIp2Zln6WSnLFH9bdDFgl6lRa0KEQCgh75MsP+y5V0JMGwOtzV5hE +eH0Lz12xJx0MgHacFOwH1YUiVAPDH0Uk/uVuZRWRAdcU5rBQQN4jg8vJjc+25E2l +HpkoLKYPWWHcCG6yl2mVDjgnnM1hzqkbhftXiI0HrZuidM11sMPj0s1xSer/AOaY +SANNnv5CBxojD6M08KAMKk6HzcLILLdbqEjnWuGI8Yt8rT8YfwQBPZeGzfi/8ZMr +f7vM3wqrx+25kASo3luVw6M6YJmuPTwQrQ2HPI7EHDOuLB/o7B0RpUORVC8pHH/Y +aiRzOJghiLxUgi26d4XwwiXd7m1zatCcl6Or0AdVVhbKthQC33HbBTwW9hYXyeK+ +sssKaFundLPa3me+BqWTy5bSyc3spCWjK8Bsr5BoUV9mTX60UUsTDzI94DOei8+i +05ksTD5du5kk+tq4PWJWgNfUlOa5Ag0EWmUD1QEQANL89kasctOoEuleT0FlqpMh +1JwF1piS3ek1NjFBUBFxIBKoWnftxfaisanSStN5HDqs1mGCRtQ8/HOsSjjDufcM +7JSXe+IX2dKE85FrlNA5QmpFDf7cAkQqM4y/IbEsOI1f79zIKeS7i0l1oXUZ9bRn +dVUcZb52p3tjw1oTfo1QwKWsUq+93ontCsS1aGm5GLmHFJozoBbrk4+XOBNgsmbi +gcRnVopeCE99kdJTJc1YIndLtED3tDhzJJ/kqpQS9iDs6RNDs9FlYF7vlyD1i6yx +94WdE+xHJUdG4mCu0GxqQyCSmbU5A3SHOKSJ4NrNDNn+5e9Oh8WeK3x/Hn0WBVYg +Eyn4EEilHGhhzuFh7US+QX8AM2R21SrfU7rcbUQ+ZFCIhe5p8aT5MsUF8cztBjcu +IDKO9TirI3+OcEFRS0k1vOubXdRdeoxY89Ap9ssVxvGeJJcipmSVrTsxI3oqS/A9 +DNAgIXC0VeZGYfjq6bcFH0+klgJxaY3PuvCspe0XfFQyFMqNvfNFZD5ZAj5DMeOa +wfJMTjw1eHILZLWPYOBXgyIW7RvKrOks+my6+vyFeqNkWKLHxXW7Fu57I0JSlBR+ +Zef+s8hZdAju756e79mk4sMiT/2Pfsty1RBwi5JTF+r8A7p6l+ZqLVa5tr07L+Js +QF8+F2fcwGRuRdZsmYOnABEBAAGJAjwEGAEKACYWIQSEVGRmC2hqqzZUC2+ZlVmg +J4FZVQUCWmUD1QIbDAUJB4YfgAAKCRCZlVmgJ4FZVQiRD/4gf2L4CU+zjviH12FC +DZudGDOw4f6f2Q82Z0J45mtOmVUcoqVo5jzl+H1tR2D0XlV+LG7YpegMS06GvOMl +HG3e+0M5IGwhG/Lv0aq7TA4Hd13ZJaHQvieLXbQzelAE0bbn8QeKSMYrJfGzl0v7 +zZfBQt7L2t06HQKIkfJDAwFRiNs/EbvLHslOq7VDjoEqxFkRsL1Ie3efOb1ZejeS +b5smfaDJ94plO2Goaj1IHrngQhXu4v+PLqSYQgu4lRUmSOg7FAn/JpWHSsDRf1zf +EW/TyM4ctO05vS//mdMI4xR3D0RMvZieUOUUjjFk0xlWcvboroiZrlz7Xb64uvZw +XGA9iJ1j4IlsBmuE7L6Q61i/o7KR4DlLVMoOPYLpMwtVITWf7HDFiww37JaQutoA +eRvO/GLd7X7aDcB6XReGCYSeD1wczDap+fBkKQlNEctHizkIJG2PD0pNz9EUKeTa +xh0csb+548c/DccCSx62siNSi3WnQwvbbDUVNftGHfifa15d350072jb8LP57O20 +GzhdE+0raeg8GqqSeT1MApdInL3BMP+LQxuSpEnEQx9Nsu4bpuSplcTPUot+fNJb +uwg7uetsyqagUI6HSYwbPbmU2ELor+P2LP81Yexwkf/DE215mrIITXnr+dqL5+NG +nNLcOZRqTFo/oxx+IaRhSJ6adg== +=YD80 -----END PGP PUBLIC KEY BLOCK----- - diff --git a/cups.spec b/cups.spec index a6bc503..f496619 100644 --- a/cups.spec +++ b/cups.spec @@ -16,6 +16,12 @@ # +# Cf. https://rpm.org/user_doc/conditional_builds.html +# by default enable testsuite (i.e. in the 'check' section run make check and make test) +#bcond_without testsuite +# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed +%bcond_with testsuite + # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } Name: cups @@ -23,24 +29,25 @@ Name: cups # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.3.3 +Version: 2.3.3op2 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: http://www.cups.org/ -# To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz -Source0: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz -# To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig -Source1: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig -# To get Source2 go to https://www.cups.org/pgp.html +# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. +# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz +# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. +# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig +# To get Source2 go to https://www.msweet.org/pgp.html +# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955 Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring -# gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired' -# gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz +# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired' +# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz @@ -58,8 +65,6 @@ Patch10: cups-2.1.0-choose-uri-template.patch Patch11: cups-2.1.0-default-webcontent-path.patch # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: Patch12: cups-2.1.0-cups-systemd-socket.patch -# Patch42 Let cupsd start after possible network connection (boo#1111351) -Patch42: let-cupsd-start-after-network.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff @@ -75,9 +80,6 @@ Patch101: cups-2.0.3-additional_policies.patch Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch -# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) -# access to uninitialized buffer in ipp.c -Patch105: CVE-2020-10001.patch # Patch106 Fixes web UI Kerberos authentication (bsc#1175960) Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch # Build Requirements: @@ -284,8 +286,6 @@ printer drivers for CUPS. %patch11 -b default-webcontent-path.orig # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly: #patch12 -b cups-systemd-socket.orig -# Patch42 Let cupsd start after possible network connection (boo#1111351) -%patch42 -p0 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig @@ -301,9 +301,6 @@ printer drivers for CUPS. %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -# Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) -# access to uninitialized buffer in ipp.c -%patch105 -b CVE-2020-10001.orig # Patch106 Fixes web UI Kerberos authentication (bsc#1175960) %patch106 -p1 @@ -401,13 +398,6 @@ rm -rf %{buildroot}%{_datadir}/icons # because if upstream changed it 'sed' would silently no longer change the files: grep -q '^# Configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default sed -i -e 's/^# Configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default -# Install the systemd control files: -mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path -mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service -mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket -mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket -mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service -sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service # rcbla aliases: ln -s service %{buildroot}%{_sbindir}/rccups ln -s service %{buildroot}%{_sbindir}/rccups-lpd @@ -436,6 +426,19 @@ EOF # boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869 %fdupes -s %{buildroot}/%{_datadir}/cups/templates +%check +%if %{with testsuite} +# There appears to be some kind of race condition when running make check and make test +# cf. https://github.com/OpenPrinting/cups/issues/155 +# We print all logs for debugging purposes if either testsuite fails +echo "DEBUG: running make check" +bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' +echo "DEBUG: running make test" +bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT' +%else +echo "DEBUG: skipped running make check and make test, cf. https://github.com/OpenPrinting/cups/issues/155" +%endif + %pre -p /bin/bash getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin %service_add_pre cups.service cups-lpd.socket cups.socket @@ -453,6 +456,9 @@ getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin %postun -p /bin/bash %service_del_postun cups.service cups-lpd.socket cups.socket +# Removed code comments from expanded scriptlets to reduce scriptlet size in binary RPMs +# but then users could no longer see the comments via "rpm -q --scripts cups" +# cf. https://build.opensuse.org/request/show/879976 %posttrans -p /bin/bash %if 0 # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe diff --git a/let-cupsd-start-after-network.patch b/let-cupsd-start-after-network.patch deleted file mode 100644 index 3aae017..0000000 --- a/let-cupsd-start-after-network.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Werner Fink -Date: Thu, 18 Oct 2018 05:32:42 +0000 -Subject: Let cupsd start after possible network connection - -For remote printer and printer servers, let cupsd always -start after a possible network connection. This let cupsd -also stop before a used network connection goes down, hence -the cups does not lock due waiting on remote printers. - ---- - scheduler/org.cups.cupsd.service.in | 1 + - 1 file changed, 1 insertion(+) - ---- scheduler/org.cups.cupsd.service.in -+++ scheduler/org.cups.cupsd.service.in 2018-10-18 05:16:30.867333704 +0000 -@@ -1,7 +1,7 @@ - [Unit] - Description=CUPS Scheduler - Documentation=man:cupsd(8) --After=sssd.service -+After=sssd.service network.target - - [Service] - ExecStart=@sbindir@/cupsd -l