Accepting request 883251 from Printing

Disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed. Additionally improved syntax of some recent changes entries. (forwarded request 883250 from jsmeix) OBS-URL: https://build.opensuse.org/request/show/883251 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=154
2021-04-10 13:26:26 +00:00 · 2021-04-10 13:26:26 +00:00 · d9002d8bbf
commit d9002d8bbf
parent f45e783ca4 43801330ab
9 changed files with 295 additions and 242 deletions
--- a/CVE-2020-10001.patch
+++ b/CVE-2020-10001.patch
@ -1,38 +0,0 @@
 --- cups/ipp.c.orig	2021-01-11 10:53:43.080847679 +0100
 +++ cups/ipp.c	2021-01-11 12:03:56.010423238 +0100
@@ -2965,7 +2965,8 @@ ippReadIO(void       *src,		/* I - Data
   unsigned char		*buffer,	/* Data buffer */
 			string[IPP_MAX_TEXT],
 					/* Small string buffer */
 -			*bufptr;	/* Pointer into buffer */
 +			*bufptr,	/* Pointer into buffer */
 +			*bufend;	/* End of buffer */
   ipp_attribute_t	*attr;		/* Current attribute */
   ipp_tag_t		tag;		/* Current tag */
   ipp_tag_t		value_tag;	/* Current value tag */
@@ -3524,6 +3525,7 @@ ippReadIO(void       *src,		/* I - Data
 		}
                 bufptr = buffer;
 +                bufend = buffer + n;
 	       /*
 	        * text-with-language and name-with-language are composite
@@ -3537,7 +3539,7 @@ ippReadIO(void       *src,		/* I - Data
 		n = (bufptr[0] << 8) | bufptr[1];
 -		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
 +		if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
 		{
 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
 		                _("IPP language length overflows value."), 1);
@@ -3564,7 +3566,7 @@ ippReadIO(void       *src,		/* I - Data
                 bufptr += 2 + n;
 		n = (bufptr[0] << 8) | bufptr[1];
 -		if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
 +		if ((bufptr + 2 + n) > bufend)
 		{
 		  _cupsSetError(IPP_STATUS_ERROR_INTERNAL,
 		                _("IPP string length overflows value."), 1);
--- a/cups-2.3.3-source.tar.gz
+++ b/cups-2.3.3-source.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee
 size 8140741
--- a/cups-2.3.3-source.tar.gz.sig
+++ b/cups-2.3.3-source.tar.gz.sig
--- a/cups-2.3.3op2-source.tar.gz
+++ b/cups-2.3.3op2-source.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:deb3575bbe79c0ae963402787f265bfcf8d804a71fc2c94318a74efec86f96df
 size 7993205
--- a/cups-2.3.3op2-source.tar.gz.sig
+++ b/cups-2.3.3op2-source.tar.gz.sig
--- a/cups.changes
+++ b/cups.changes
@ -1,13 +1,123 @@
 -------------------------------------------------------------------
 Tue Apr  6 11:34:50 CEST 2021 - jsmeix@suse.de
 - Disable testsuite for now via "bcond_with testsuite"
  until https://github.com/OpenPrinting/cups/issues/155 is fixed
 -------------------------------------------------------------------
 Thu Mar 25 20:47:22 CET 2021 - Florian <sp1ritCS@protonmail.com>
 - Add "testsuite" conditional that disables anything within %check
 -------------------------------------------------------------------
 Fri Mar 19 12:02:38 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
 - fix-negotiate-authentication-between-CGIs-and-scheduler.patch
  fixes web UI Kerberos authentication (bsc#1175960)
 -------------------------------------------------------------------
 Fri Mar 19 11:25:44 UTC 2021 - Florian <sp1ritCS@protonmail.com>
 - Upstream changed to https://github.com/OpenPrinting/cups
 - Added %check section to specfile that executes
  the old 'make check' and the new (see 2.3.3op1) 'make test'
 - Version upgrade to 2.3.3op2:
  * Security: Fixed a buffer (read) overflow
    in the ippReadIO function (CVE-2020-10001)
  * Clarified the documentation for the "Listen" directive
  * Fixed duplicate ColorModel entries for AirPrint printers
  * Fixed directory/permission defaults for Debian
    kfreebsd-based systems
  * Fixed crash bug in ppdOpen
  * Fixed regression in snprintf emulation function
  * The scheduler's systemd service file now waits
    for the nslcd service to start
  * The libusb-based USB backend now uses a simpler read timer
    implementation to avoid a regression in a previous change
  * The PPD caching code now only tracks the APPrinterIconPath
    value on macOS
  * Fixed segfault in help.cgi when searching in man pages
  * Root certificates were incorrectly stored in "~/.cups/ssl".
  * Version upgrade to 2.3.3op1:
  * The automated test suite can now be activated using make test
    for consistency with other projects and CI environments - the
    old make check continues to work as well, and the previous test
    server behavior can be accessed by running make testserver.
  * ippeveprinter now supports multiple icons and strings files.
  * ippeveprinter now uses the system's FQDN with Avahi.
  * ippeveprinter now supports Get-Printer-Attributes on "/".
  * ippeveprinter now uses a deterministic "printer-uuid" value.
  * ippeveprinter now uses system sounds on macOS
    for Identify-Printer.
  * Updated ippfind to look for files in "~/Desktop" on Windows.
  * Updated ippfind to honor SKIP-XXX directives with PAUSE.
  * Updated IPP Everywhere support to work around printers that only
    advertise color raster support but really also support grayscale
  * ipptool now supports DNS-SD URIs like
    ipps://My%20Printer._ipps._tcp.local
  * The scheduler now allows root backends to have world read
    permissions but not world execute permissions
  * Failures to bind IPv6 listener sockets no longer cause errors
    if IPv6 is disabled on the host
  * The SNMP backend now supports the HP and Ricoh vendor MIBs
  * The scheduler no longer includes a timestamp in files it writes
  * The systemd service names are now "cups.service"
    and "cups-lpd.service"
  * The scheduler no longer adds the local hostname to
    the ServerAlias list
  * Added LogFileGroup directive in "cups-files.conf" to control
    the group owner of log files
  * Added --with-max-log-size configure option
  * Added --enable-sync-on-close configure option
  * Added --with-error-policy configure option
  * IPP Everywhere PPDs could have an "unknown" default InputSlot
  * The httpAddrListen function now uses a listen backlog of 128.
  * Added USB quirks
  * Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
  * Fixed DNS-SD name collision support in ippeveprinter.
  * Fixed compiler and code analyzer warnings.
  * Fixed TLS support on Windows.
  * Fixed ippfind sub-type searches with Avahi.
  * Fixed the default hostname used by ippeveprinter on macOS.
  * Fixed resolution of local IPP-USB printers with Avahi.
  * Fixed coverity issues
  * Fixed httpAddrConnect issues
  * Fixed web interface device URI issue
  * Fixed lp/lpr "printer/class not found" error reporting
  * Fixed xinetd support for LPD clients
  * Fixed libtool build issue
  * Fixed a memory leak in the scheduler
  * Fixed a potential integer overflow in the PPD hashing code
  * Fixed output-bin and print-quality handling issues
  * Fixed PPD options getting mapped to odd IPP values
    like "tray---4"
  * Fixed remote access to the cupsd.conf and log files
  * Fixed the automated test suite when running in certain
    build/CI environments
  * Fixed a logging regression caused by a previous change
    for Apple issue #5604
  * Fixed fax phone number handling with GNOME
  * Fixed potential rounding error in rastertopwg filter
  * Fixed the "uri-security-supported" value from the scheduler
  * Fixed IPP backend crash bug with "printer-alert" values
  * Removed old Solaris inetconv(1m) reference in cups-lpd man page
  * Fixed default options that incorrectly use the "custom" prefix
  * Fixed a memory leak when resolving DNS-SD URIs
  * Fixed systemd status reporting by adopting the notify interface
  * Fixed crash in rastertopwg
  * Fixed cupsManualCopies values in IPP Everywhere PPDs
 - Removed let-cupsd-start-after-network.patch
  as it is no longer required
 - Removed CVE-2020-10001.patch as a fix as been merged upstream
 - Removed section of specfile responsible for
  renaming "org.cups.cups*" systemd files to cups*, due to
  upstream renaming these files
 -------------------------------------------------------------------
 Thu Mar 18 18:18:18 UTC 2021 - olaf@aepfle.de
 - Remove code comments from expanded scriptlets to reduce size
  cf. https://build.opensuse.org/request/show/879976
 -------------------------------------------------------------------
 Tue Feb  2 14:22:38 CET 2021 - jsmeix@suse.de
@ -19,161 +129,161 @@ Tue Feb  2 14:22:38 CET 2021 - jsmeix@suse.de
 Wed Oct 14 09:11:00 UTC 2020 - Michael Gorse <mgorse@suse.com>
 - Version upgrade to 2.3.3:
-  - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+  * CVE-2020-3898: The 'ppdOpen' function did not handle invalid UI
-    constraint.  `ppdcSource::get_resolution` function did not
+    constraint.  'ppdcSource::get_resolution' function did not
    handle invalid resolution strings.
-  - CVE-2019-8842: The `ippReadIO` function may under-read an
+  * CVE-2019-8842: The 'ippReadIO' function may under-read an
    extension field.
-  - Fixed WARNING_OPTIONS support for GCC 9.x
+  * Fixed WARNING_OPTIONS support for GCC 9.x
  Changes in CUPS 2.3.2:
  Localization updates
  Changes in CUPS 2.3.1:
-  - CVE-2019-2228: The `ippSetValuetag` function did not validate
+  * CVE-2019-2228: The 'ippSetValuetag' function did not validate
    the default language value.
-  - Fixed a crash bug in the web interface.
+  * Fixed a crash bug in the web interface.
-  - The PPD cache code now looks up page sizes using their
+  * The PPD cache code now looks up page sizes using their
    dimensions.
-  - PPD files containing "custom" option keywords did not work.
+  * PPD files containing "custom" option keywords did not work.
-  - Added a workaround for the scheduler's systemd support.
+  * Added a workaround for the scheduler's systemd support.
-  - Added a DigestOptions directive for the `client.conf` file to
+  * Added a DigestOptions directive for the 'client.conf' file to
    control whether MD5-based Digest authentication is allowed.
-  - Fixed a bug in the handling of printer resource files.
+  * Fixed a bug in the handling of printer resource files.
-  - The libusb-based USB backend now reports an error when the
+  * The libusb-based USB backend now reports an error when the
    distribution permissions are wrong.
-  - Added paint can labels to Dymo driver.
+  * Added paint can labels to Dymo driver.
-  - The `ippeveprinter` program now supports authentication.
+  * The 'ippeveprinter' program now supports authentication.
-  - The `ippeveprinter` program now advertises DNS-SD services on
+  * The 'ippeveprinter' program now advertises DNS-SD services on
    the correct interfaces, and provides a way to turn them off.
-  - The `--with-dbusdir` option was ignored by the configure
+  * The '--with-dbusdir' option was ignored by the configure
    script.
-  - Sandboxed applications were not able to get the default
+  * Sandboxed applications were not able to get the default
    printer.
-  - Log file access controls were not preserved by `cupsctl`.
+  * Log file access controls were not preserved by 'cupsctl'.
-  - Default printers set with `lpoptions` did not work in all
+  * Default printers set with 'lpoptions' did not work in all
    cases.
-  - Fixed an error in the jobs web interface template.
+  * Fixed an error in the jobs web interface template.
-  - Fixed an off-by-one error in `ippEnumString`.
+  * Fixed an off-by-one error in 'ippEnumString'.
-  - Fixed some new compiler warnings.
+  * Fixed some new compiler warnings.
-  - Fixed a few issues with the Apple Raster support.
+  * Fixed a few issues with the Apple Raster support.
-  - The IPP backend did not detect all cases where a job should be
+  * The IPP backend did not detect all cases where a job should be
    retried using a raster format.
-  - Fixed spelling of "fold-accordion".
+  * Fixed spelling of "fold-accordion".
-  - Fixed the default common name for TLS certificates used by
+  * Fixed the default common name for TLS certificates used by
-    `ippeveprinter`.
+    'ippeveprinter'.
-  - Fixed the option names used for IPP Everywhere finishing
+  * Fixed the option names used for IPP Everywhere finishing
    options.
-  - Added support for the second roll of the DYMO Twin/DUO label
+  * Added support for the second roll of the DYMO Twin/DUO label
    printers.
  Changes in CUPS v2.3.0:
-  - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
+  * CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
-  - Added a GPL2/LGPL2 exception to the new CUPS license terms.
+  * Added a GPL2/LGPL2 exception to the new CUPS license terms.
-  - Fixed a bug in the scheduler job cleanup code.
+  * Fixed a bug in the scheduler job cleanup code.
-  - Fixed builds when there is no TLS library.
+  * Fixed builds when there is no TLS library.
-  - "make" failed with GZIP options.
+  * "make" failed with GZIP options.
-  - Fixed potential excess logging from the scheduler when removing
+  * Fixed potential excess logging from the scheduler when removing
    job files.
-  - Fixed a NULL pointer dereference bug in `httpGetSubField2`.
+  * Fixed a NULL pointer dereference bug in 'httpGetSubField2'.
-  - Added FIPS-140 workarounds for GNU TLS.
+  * Added FIPS-140 workarounds for GNU TLS.
-  - The scheduler no longer provides a default value for the
+  * The scheduler no longer provides a default value for the
     description.
-  - The scheduler now logs jobs held for authentication using the
+  * The scheduler now logs jobs held for authentication using the
    error level so it is clear what happened.
-  - The `lpadmin` command did not always update the PPD file for
+  * The 'lpadmin' command did not always update the PPD file for
-    changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords.
+    changes to the 'cupsIPPSupplies' and 'cupsSNMPSupplies' keywords.
-  - The scheduler now uses both the group's membership list as well
+  * The scheduler now uses both the group's membership list as well
    as the various OS-specific membership functions to determine
    whether a user belongs to a named group.
-  - Added USB quirks rule for HP LaserJet 1015.
+  * Added USB quirks rule for HP LaserJet 1015.
-  - Fixed some PPD parser issues.
+  * Fixed some PPD parser issues.
-  - The IPP parser no longer allows invalid member attributes in
+  * The IPP parser no longer allows invalid member attributes in
    collections.
-  - The configure script now treats the "wheel" group as a
+  * The configure script now treats the "wheel" group as a
    potential system group.
-  - Fixed IPP buffer overflow.
+  * Fixed IPP buffer overflow.
-  - Fixed memory disclosure issue in the scheduler.
+  * Fixed memory disclosure issue in the scheduler.
-  - Fixed DoS issues in the scheduler.
+  * Fixed DoS issues in the scheduler.
-  - Fixed an issue with unsupported "sides" values in the IPP
+  * Fixed an issue with unsupported "sides" values in the IPP
    backend.
-  - The scheduler would restart continuously when idle and printers
+  * The scheduler would restart continuously when idle and printers
    were not shared.
-  - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests.
+  * Fixed an issue with 'EXPECT !name WITH-VALUE ...' tests.
-  - Fixed a command ordering issue in the Zebra ZPL driver.
+  * Fixed a command ordering issue in the Zebra ZPL driver.
-  - Fixed a memory leak in `ppdOpen`.
+  * Fixed a memory leak in 'ppdOpen'.
  Changes in CUPS v2.3rc1:
-  - The `cups-config` script no longer adds extra libraries when linking against
+  * The 'cups-config' script no longer adds extra libraries when linking against
    shared libraries.
-  - The supplied example print documents have been optimized for
+  * The supplied example print documents have been optimized for
    size.
-  - The `cupsctl` command now prevents setting "cups-files.conf"
+  * The 'cupsctl' command now prevents setting "cups-files.conf"
    directives.
-  - The "forbidden" message in the web interface is now explained.
+  * The "forbidden" message in the web interface is now explained.
-  - The footer in the web interface covered some content on small
+  * The footer in the web interface covered some content on small
    displays.
-  - The libusb-based USB backend now enforces read limits,
+  * The libusb-based USB backend now enforces read limits,
    improving print speed in many cases.
-  - The `ippeveprinter` command now looks for print commands in
+  * The 'ippeveprinter' command now looks for print commands in
    the "command" subdirectory.
-  - The `ipptool` command now supports `$date-current` and
+  * The 'ipptool' command now supports '$date-current' and
-    `$date-start` variables to insert the current and starting date
+    '$date-start' variables to insert the current and starting date
    and time values, as well as ISO-8601 relative time values such
    as "PT30S" for 30 seconds in the future.
  Changes in CUPS v2.3b8
-  - Media size matching now uses a tolerance of 0.5mm.
+  * Media size matching now uses a tolerance of 0.5mm.
-  - The lpadmin command would hang with a bad PPD file.
+  * The lpadmin command would hang with a bad PPD file.
-  - Fixed a potential crash bug in cups-driverd.
+  * Fixed a potential crash bug in cups-driverd.
-  - Fixed a performance regression with large PPDs.
+  * Fixed a performance regression with large PPDs.
-  - Fixed a memory reallocation bug in HTTP header value expansion.
+  * Fixed a memory reallocation bug in HTTP header value expansion.
-  - Timed out job submission now yields an error.
+  * Timed out job submission now yields an error.
-  - Restored minimal support for the `Emulators` keyword in PPD
+  * Restored minimal support for the 'Emulators' keyword in PPD
    files to allow old Samsung printer drivers to continue to work.
-  - The scheduler did not encode octetString values like
+  * The scheduler did not encode octetString values like
    "job-password" correctly for the print filters.
-  - The `cupsCheckDestSupported` function did not check octetString
+  * The 'cupsCheckDestSupported' function did not check octetString
    values correctly.
-  - Added support for `UserAgentTokens` directive in "client.conf".
+  * Added support for 'UserAgentTokens' directive in "client.conf".
-  - Updated the systemd service file for cupsd.
+  * Updated the systemd service file for cupsd.
-  - The `ippValidateAttribute` function did not catch all instances
+  * The 'ippValidateAttribute' function did not catch all instances
    of invalid UTF-8 strings.
-  - Fixed an issue with the self-signed certificates generated by
+  * Fixed an issue with the self-signed certificates generated by
    GNU TLS.
-  - Fixed a potential memory leak when reading at the end of a
+  * Fixed a potential memory leak when reading at the end of a
    file.
-  - Fixed potential unaligned accesses in the string pool.
+  * Fixed potential unaligned accesses in the string pool.
-  - Fixed a potential memory leak when loading a PPD file.
+  * Fixed a potential memory leak when loading a PPD file.
-  - Added a USB quirks rule for the Lexmark E120n.
+  * Added a USB quirks rule for the Lexmark E120n.
-  - Updated the USB quirks rule for Zebra label printers.
+  * Updated the USB quirks rule for Zebra label printers.
-  - The lpadmin command, web interface, and scheduler all queried
+  * The lpadmin command, web interface, and scheduler all queried
    an IPP Everywhere printer differently, resulting in different
    PPDs for the same printer.
-  - The web interface no longer provides access to the log files.
+  * The web interface no longer provides access to the log files.
-  - Non-Kerberized printing to Windows via IPP was broken.
+  * Non-Kerberized printing to Windows via IPP was broken.
-  - The scheduler no longer stops a printer if an error occurs when
+  * The scheduler no longer stops a printer if an error occurs when
    a job is canceled or aborted.
-  - Added a USB quirks rule for the DYMO 450 Turbo.
+  * Added a USB quirks rule for the DYMO 450 Turbo.
-  - Added a USB quirks rule for Xerox printers.
+  * Added a USB quirks rule for Xerox printers.
-  - The scheduler's self-signed certificate did not include all of
+  * The scheduler's self-signed certificate did not include all of
    the alternate names for the server when using GNU TLS.
-  - Fixed some PPD caching and IPP Everywhere PPD
+  * Fixed some PPD caching and IPP Everywhere PPD
    accounting/password bugs.
-  - Fixed `PreserveJobHistory` bug with time values.
+  * Fixed 'PreserveJobHistory' bug with time values.
-  - The scheduler no longer advertises the HTTP methods it
+  * The scheduler no longer advertises the HTTP methods it
    supports.
-  - The scheduler did not always idle exit as quickly as it could.
+  * The scheduler did not always idle exit as quickly as it could.
-  - Added a new `ippeveprinter` command based on the old ippserver
+  * Added a new 'ippeveprinter' command based on the old ippserver
    sample code.
  Changes in CUPS v2.3b7
-  - Running ppdmerge with the same input and output filenames did
+  * Running ppdmerge with the same input and output filenames did
    not work as advertised.
-  - Rebase let-cupsd-start-after-network.patch and
+  * Rebase let-cupsd-start-after-network.patch and
    cups-config-libs.patch.
-  - Drop issue5509-fix-utf-8-validation-issue.patch and
+  * Drop issue5509-fix-utf-8-validation-issue.patch and
    issue5453.patch: fixed upstream.
 -------------------------------------------------------------------
 Thu Jun 25 12:24:13 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
- make cups-devel pull in cups-rpm-helper to fix printer driver provides
+- make cups-devel pull in cups-rpm-helper to fix printer driver
-  (boo#1172407)
+  provides (boo#1172407)
 -------------------------------------------------------------------
 Fri Jun  5 10:25:47 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
@ -359,9 +469,9 @@ Wed Mar 28 13:58:32 CEST 2018 - jsmeix@suse.de
    were made that required a restart (Issue #5263)
  * Fixed an Avahi crash bug in the scheduler (Issue #5268)
  * TLS connections now properly timeout (rdar://34938533)
-  * Removed support for the `-D_PPD_DEPRECATED=""` developer
+  * Removed support for the '-D_PPD_DEPRECATED=""' developer
    cheat - the PPD API should no longer be used.
-  * Removed support for `-D_IPP_PRIVATE_STRUCTURES=1` developer
+  * Removed support for '-D_IPP_PRIVATE_STRUCTURES=1' developer
    cheat - the IPP accessor functions should be used instead.
  * The symlink rastertodymo -> rastertolabel
    in /usr/lib/cups/filter is no longer provided.
--- a/cups.keyring
+++ b/cups.keyring
@ -1,54 +1,53 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Comment: GPGTools - https://gpgtools.org
-mQINBFo5hCYBEAD7WeR8qWUuD4Z3spmcjwIIcFsjF5V7MpqCZrGRcFiTH+MRiomQ
+mQINBFplA9UBEACjPmClfkcn4YO05KHTyClVseJYVzGGHl+HLZGFPoadk2UKh3DD
-Ylr652+9JlQjS9e/6Gtist6ydADvHqELmg42wQX7MrOCTDfKpM/mP2InMIDkel16
+UAoNruBMQS4xFd1MNFZfduCntLIoLEzwwHAWMhEB5O9FZZZrlwN2my4xlWdaX/Bg
-SZbtBORR44LOzsZ9Cm7739M4hZWp2PVn+ElWJr6t3l9NXVZDXaPWugHlxUYYGz7O
+FGhVsqGGp5C4n81996f1EmWJS+nTXHPQx0LJ5ahai6wuXJUhJwGHRVsJeVMYg9XZ
-UxfYdkFQ3ND5ST60+Ir8P7YoSfCvxi2dus6/One7dhuTGdm/8+EtwrFPJWgbVxah
+eJgz73scH4ISFAIRTfH2PqkBqKL51quUN6E/poSA1iggsPa0tg6klb+kUGvvMjGO
-FQHD8TKht3poGm6+mqgDley6soo4vUlUnYRbrEe+oXRnTx4Yih3FsXNez7IHFtJv
+JUGg0L0lSwmJWbfbA6usD0ERSXA5h+TeSKTwuxTVYNTUpnVhSwfv5+wYHsoaeAiN
-MzHPSLE+2KsWp1gylp4hgLc5NGUD67nRO8GDqkhLK+PgJERx1NozLXqBa4XaoC6F
+qbqbHw6TpJS5NvyClQLXE45Y1u/COlUvWA7/ThmRfP8LDgNXHQgdgOVv8eh/3Wos
-rq4i3C+JSsWqWUUs85tpZHwEnZmfYMV+cWcUkuHRwhls2PIVzm2b2BALXV8MY9yO
+zLfbw+wWFvaRCDZdzWBmUfJrS6K7dsABr6AQf5khqvazRv/Ma8ovNSd1WUUKTAm2
-w8EBTrPo1ae1AplCZnLQX7gBdgBhX6ou+UKXqrAlaqiXlaxY2psajrmY+IqUXJL9
+O1/eOydFLJpNaiyYc+ETbjdD//hKtiSCf6sxER5uE0cKiWhMQeFGgesgzRYjSKCg
-H9IPMmzHz+apfAvIc4WY2APUI9BDT11gh8ko3ZWVUNxlL1rUwbCBjtwKdmVLLNmr
+Pk4Elux8q61uWqqPNjngFgRYRDuD/4jvTdD4mQqp+ASUYl1eXliKVH9tYJB4tcQ8
-mU1JbKY9L1PAXElEbpyJ6KrXk49KrFE8lnhTE4g2rUZ0wdmzjbAL0oaBL5qdNupd
+n7+szE+Czh7iSKvCCTV2VHfYASHYT79efDhtrmbB/Q2Vkoyuxl78PHKM0m/6hZze
-MjW20Y+PyYgvIrXNPTk/mhx79rAMlUIhNRYQhyATywr9/ubimhkNgYbcfQARAQAB
+G1Cp4R3Ood/pOKlDrQdAWWlwOErZEu4pMSHoLJeuXfdFW7bAmEyKkoFZQARAQAB
-tBxDVVBTLm9yZyA8c2VjdXJpdHlAY3Vwcy5vcmc+iQJUBBMBCgA+FiEERdCDlG4w
+tCtNaWNoYWVsIFIgU3dlZXQgPG1pY2hhZWwuci5zd2VldEBnbWFpbC5jb20+iQJU
-NSgrPMqa9DQQQjXal+sFAlo5hCYCGwMFCQeGH4AFCwkIBwMFFQoJCAsFFgIDAQAC
+BBMBCgA+FiEEhFRkZgtoaqs2VAtvmZVZoCeBWVUFAlplA9UCGwMFCQeGH4AFCwkI
-HgECF4AACgkQ9DQQQjXal+v1Fg//YlAD/woMIwumfTIBGdc7oye+JLRKTXOnIDxb
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQmZVZoCeBWVWyeQ//S3hfd0chikcg4m/r
-VATpcSZOS6LMHy0x7k6kQ+G81r7NkfbQFHZRhvmf62qkg46JhPVJqWBqwVgrbQbk
+EScY2cFL3WxIAexKcDmFOsKZG85fyJxQYQzaZ5zccXWye6t15Y06W4iglE1WFXGB
-RRFbo38NkZ37WW2xhImt8iGC8XjfpbfraVYaZQuU7Jbn4vrAppOZbzgVI1T2FIh/
+b3ZYgUev3iNZYjUHNaEB7GvSdtZ8e0RCbj/p/t2JEzU8c0KtGqbeyFXg3EMkGdad
-+GXWbv4WV7hNaNvjREZl1UrzzCTpxrSBgoyx+1P6SwDHYWrC/gp4CMLEj6zf2Hwz
+TRh6y8BatGzAdq2aFbmIW5irfLf4BxUB3NnHs93cfkt7heHIN8S7VNViAK0gXdeL
-KyIU+FmW54LIZafnswgNpoW1taZx7iSWfvqoyySomtL0PwhYWpKAyIZDf+6cffjx
+yukHGG9wE0oRIp2Zln6WSnLFH9bdDFgl6lRa0KEQCgh75MsP+y5V0JMGwOtzV5hE
-Fwp5UufEkLjyui0b/6DbCjyWiNHh8BT7niLZ54VXcO8IWr/kQH61s41xp0xU9/Pr
+eH0Lz12xJx0MgHacFOwH1YUiVAPDH0Uk/uVuZRWRAdcU5rBQQN4jg8vJjc+25E2l
-N7Mn22Qd5SCFcDmbFvSI8m7Gn61G8mUfCL2zeAMUkNuzZgc+p2VhRCr+/9gk2eEg
+HpkoLKYPWWHcCG6yl2mVDjgnnM1hzqkbhftXiI0HrZuidM11sMPj0s1xSer/AOaY
-BOqxrrsKDa0g5mWLA0y8a5oohlXKM6SoyRcujCfQxO3rCD1+qM48Zm+4l/6NBg8w
+SANNnv5CBxojD6M08KAMKk6HzcLILLdbqEjnWuGI8Yt8rT8YfwQBPZeGzfi/8ZMr
-wRJNKoARnR2c9wGvHRbJY3kXllnd/3Fk/EzXwilFK4Fk0uIk8AtMSTh0Se1KNEum
+f7vM3wqrx+25kASo3luVw6M6YJmuPTwQrQ2HPI7EHDOuLB/o7B0RpUORVC8pHH/Y
-/AbUxRG50dq9pyrfYxsjhNmzu92NIR5sR5PyRQRbGDJkIlNEEbh87TBCrYqnKaPU
+aiRzOJghiLxUgi26d4XwwiXd7m1zatCcl6Or0AdVVhbKthQC33HbBTwW9hYXyeK+
-lev+476zFE/raaum/DL0ANOUQCtX5ftWEK2Xo1s28DEo2DzyJWmYSmr/wnf8wrp7
+sssKaFundLPa3me+BqWTy5bSyc3spCWjK8Bsr5BoUV9mTX60UUsTDzI94DOei8+i
-lNWA/F25Ag0EWjmEJgEQAPZvzo1nX/F4+9BGE9o0OSPZt/BLkusiyz6fd46k5vj7
+05ksTD5du5kk+tq4PWJWgNfUlOa5Ag0EWmUD1QEQANL89kasctOoEuleT0FlqpMh
-LGPFpjtMxUxbPNhMJi3QVBhtb8yiNugRmE0sWaA7b2COsXT8jaHZ2EBV0XnTr4Tv
+1JwF1piS3ek1NjFBUBFxIBKoWnftxfaisanSStN5HDqs1mGCRtQ8/HOsSjjDufcM
-hSxNbdXu9fiDRFQ9x3D/LhDvDRgq0lKQw5cRBLCZw4as9Ytxn1WnS8evwhHRMMYL
+7JSXe+IX2dKE85FrlNA5QmpFDf7cAkQqM4y/IbEsOI1f79zIKeS7i0l1oXUZ9bRn
-/lCyviyyj8zczXPmdWLVlMbhD02Yf5DpteSyhjMTvZFJWZiIUupnM1WXppDo4/Id
+dVUcZb52p3tjw1oTfo1QwKWsUq+93ontCsS1aGm5GLmHFJozoBbrk4+XOBNgsmbi
-nr2Sc5awhuFxdrSYFpaB5+hOdsjhDENcm+GY10iUNCqklCP5BZOeDprap7XwMElW
+gcRnVopeCE99kdJTJc1YIndLtED3tDhzJJ/kqpQS9iDs6RNDs9FlYF7vlyD1i6yx
-/chdrwovPYn54Sugl9oHjUOfiJLi/e4J+ey86+2sWY0rZvmOViR1w4NldB+GbEQW
+94WdE+xHJUdG4mCu0GxqQyCSmbU5A3SHOKSJ4NrNDNn+5e9Oh8WeK3x/Hn0WBVYg
-/HOyTwo1Og36+7Ci9m2yothSC0wJAb5Bvg2tc1u4AsG2ylaxMFmwX226d2jJlFNl
+Eyn4EEilHGhhzuFh7US+QX8AM2R21SrfU7rcbUQ+ZFCIhe5p8aT5MsUF8cztBjcu
-2crNFaIE/Uuo7YqH8pcm9kVZ+0apLHoxtZFnZF5QzLmcA83YFFWkqjEfmdLobWXX
+IDKO9TirI3+OcEFRS0k1vOubXdRdeoxY89Ap9ssVxvGeJJcipmSVrTsxI3oqS/A9
-pZ+jPkHZDEhj21D+6LYCtUjDwnICySLoIawoMpkV+tdRyHuzxdYX1Nkh74mC2A7d
+DNAgIXC0VeZGYfjq6bcFH0+klgJxaY3PuvCspe0XfFQyFMqNvfNFZD5ZAj5DMeOa
-koxMw86CgXP4UHJwCYunN+rUi7oC8oI1isqtMK8MZhcPdlvE721+fpdAdBIo8KVs
+wfJMTjw1eHILZLWPYOBXgyIW7RvKrOks+my6+vyFeqNkWKLHxXW7Fu57I0JSlBR+
-RxQJ3vzhTuugZl5w3E8Jt7lC/q6CC6VI7V74fCNJjXiytrcpYg+FYCyfvxJ/4GH/
+Zef+s8hZdAju756e79mk4sMiT/2Pfsty1RBwi5JTF+r8A7p6l+ZqLVa5tr07L+Js
-ABEBAAGJAjwEGAEKACYWIQRF0IOUbjA1KCs8ypr0NBBCNdqX6wUCWjmEJgIbDAUJ
+QF8+F2fcwGRuRdZsmYOnABEBAAGJAjwEGAEKACYWIQSEVGRmC2hqqzZUC2+ZlVmg
-B4YfgAAKCRD0NBBCNdqX65zoEACdIsOlto5FQtv2Yx/ayYklEsPgrx1IDnudvVUZ
+J4FZVQUCWmUD1QIbDAUJB4YfgAAKCRCZlVmgJ4FZVQiRD/4gf2L4CU+zjviH12FC
-C+vsDoF9aOUBjUvpHjdBWOBnc/ThOw8ARvOcZLT06HNyzvkJNjj05N+hy1hiSY5B
+DZudGDOw4f6f2Q82Z0J45mtOmVUcoqVo5jzl+H1tR2D0XlV+LG7YpegMS06GvOMl
-kL+TGCVkE/wUIDf69lt+KEG89EjpRDSTLDw8t05bEiaZ1XKfDmcIXbao38zhI2CD
+HG3e+0M5IGwhG/Lv0aq7TA4Hd13ZJaHQvieLXbQzelAE0bbn8QeKSMYrJfGzl0v7
-r+h1eQotY8bGA7hC7knwQv4VRnN8zBgZhQZdapjC8fBoaY00YZ4wBvd4Yz13/HGi
+zZfBQt7L2t06HQKIkfJDAwFRiNs/EbvLHslOq7VDjoEqxFkRsL1Ie3efOb1ZejeS
-gXssFNd35n+K+mnUaqulLIwjVfN1/luOubTpqCGVtSEVvHiq7XVRR6cSc345vFMa
+b5smfaDJ94plO2Goaj1IHrngQhXu4v+PLqSYQgu4lRUmSOg7FAn/JpWHSsDRf1zf
-3AtRtHKQpZutEz08gZqrXXwALom+HWNbPqdHXEE/mZxvpEVMQr325KLKSPQGZSCq
+EW/TyM4ctO05vS//mdMI4xR3D0RMvZieUOUUjjFk0xlWcvboroiZrlz7Xb64uvZw
-s8AFeYLYf66gn7T50VX5ws9sGANVvq1CHbouSbfc+UJkibeKG4/jSlqUwWNktEEJ
+XGA9iJ1j4IlsBmuE7L6Q61i/o7KR4DlLVMoOPYLpMwtVITWf7HDFiww37JaQutoA
-hI+yGJP5xitfA4IGPaipfVHsxP1z37oht6BTj0zUlfEg9YoPmuHEAhxP7CGOatMM
+eRvO/GLd7X7aDcB6XReGCYSeD1wczDap+fBkKQlNEctHizkIJG2PD0pNz9EUKeTa
-QkRQ7l0W3F05XL1HzynDnKkEigAUlwhq8Z5oO3Vf9b0MJg/V6T2+jzGIcy0PmliX
+xh0csb+548c/DccCSx62siNSi3WnQwvbbDUVNftGHfifa15d350072jb8LP57O20
-rR6FQB5SMRaGCrJxSaPeadnSkJOpFM0dRqKDB049IAIbSxz5ZuqCpbB8tH17ezqu
+GzhdE+0raeg8GqqSeT1MApdInL3BMP+LQxuSpEnEQx9Nsu4bpuSplcTPUot+fNJb
-J3b3cDsSI2TOkacnMo01+IUcrgySKwl/4eUHd92FSq/m085HOQnlae4fjjJ/7qDd
+uwg7uetsyqagUI6HSYwbPbmU2ELor+P2LP81Yexwkf/DE215mrIITXnr+dqL5+NG
-/yDo+w==
+nNLcOZRqTFo/oxx+IaRhSJ6adg==
-=padA
+=YD80
 -----END PGP PUBLIC KEY BLOCK-----
--- a/cups.spec
+++ b/cups.spec
@ -16,6 +16,12 @@
 #
 # Cf. https://rpm.org/user_doc/conditional_builds.html
 # by default enable testsuite (i.e. in the 'check' section run make check and make test)
 #bcond_without testsuite
 # disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
 %bcond_with testsuite
 # _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
 %{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
 Name:           cups
@ -23,24 +29,25 @@ Name:           cups
 # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
 # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
 # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
-Version:        2.3.3
+Version:        2.3.3op2
 Release:        0
 Summary:        The Common UNIX Printing System
 License:        Apache-2.0
 Group:          Hardware/Printing
 URL:            http://www.cups.org/
-# To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
+# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
+# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
-Source0:        https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz
+Source0:        https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
-# To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g.
+# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
+# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-Source1:        https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig
+Source1:        https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-# To get Source2 go to https://www.cups.org/pgp.html
+# To get Source2 go to https://www.msweet.org/pgp.html
 # PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
 Source2:        cups.keyring
 # To manually verify Source0 with Source1 and Source2 do e.g.
 #   gpg --import cups.keyring
-#   gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired'
+#   gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
-#   gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz
+#   gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
 Source102:      Postscript.ppd.gz
 Source105:      Postscript-level1.ppd.gz
 Source106:      Postscript-level2.ppd.gz
@ -58,8 +65,6 @@ Patch10:        cups-2.1.0-choose-uri-template.patch
 Patch11:        cups-2.1.0-default-webcontent-path.patch
 # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
 Patch12:        cups-2.1.0-cups-systemd-socket.patch
 # Patch42 Let cupsd start after possible network connection (boo#1111351)
 Patch42:        let-cupsd-start-after-network.patch
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 Patch100:       cups-pam.diff
@ -75,9 +80,6 @@ Patch101:       cups-2.0.3-additional_policies.patch
 Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 Patch104:       cups-config-libs.patch
 # Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
 # access to uninitialized buffer in ipp.c
 Patch105:       CVE-2020-10001.patch
 # Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
 Patch106:       fix-negotiate-authentication-between-CGIs-and-scheduler.patch
 # Build Requirements:
@ -284,8 +286,6 @@ printer drivers for CUPS.
 %patch11 -b default-webcontent-path.orig
 # Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
 #patch12 -b cups-systemd-socket.orig
 # Patch42 Let cupsd start after possible network connection (boo#1111351)
 %patch42 -p0
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 %patch100 -b cups-pam.orig
@ -301,9 +301,6 @@ printer drivers for CUPS.
 %patch103 -b do_not_strip_recommended_from_PPDs.orig
 # Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
 %patch104 -b cups-config-libs.orig
 # Patch105 CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
 # access to uninitialized buffer in ipp.c
 %patch105 -b CVE-2020-10001.orig
 # Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
 %patch106 -p1
@ -401,13 +398,6 @@ rm -rf %{buildroot}%{_datadir}/icons
 # because if upstream changed it 'sed' would silently no longer change the files:
 grep -q '^# Configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
 sed -i -e 's/^# Configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
 # Install the systemd control files:
 mv %{buildroot}%{_unitdir}/org.cups.cupsd.path %{buildroot}%{_unitdir}/cups.path
 mv %{buildroot}%{_unitdir}/org.cups.cupsd.service %{buildroot}%{_unitdir}/cups.service
 mv %{buildroot}%{_unitdir}/org.cups.cupsd.socket %{buildroot}%{_unitdir}/cups.socket
 mv %{buildroot}%{_unitdir}/org.cups.cups-lpd.socket %{buildroot}%{_unitdir}/cups-lpd.socket
 mv %{buildroot}%{_unitdir}/org.cups.cups-lpd@.service %{buildroot}%{_unitdir}/cups-lpd@.service
 sed -i -e "s,org.cups.cupsd,cups,g" %{buildroot}%{_unitdir}/cups.service
 # rcbla aliases:
 ln -s service %{buildroot}%{_sbindir}/rccups
 ln -s service %{buildroot}%{_sbindir}/rccups-lpd
@ -436,6 +426,19 @@ EOF
 # boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869
 %fdupes -s %{buildroot}/%{_datadir}/cups/templates
 %check
 %if %{with testsuite}
 # There appears to be some kind of race condition when running make check and make test
 # cf. https://github.com/OpenPrinting/cups/issues/155
 # We print all logs for debugging purposes if either testsuite fails
 echo "DEBUG: running make check"
 bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
 echo "DEBUG: running make test"
 bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
 %else
 echo "DEBUG: skipped running make check and make test, cf. https://github.com/OpenPrinting/cups/issues/155"
 %endif
 %pre -p /bin/bash
 getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin
 %service_add_pre cups.service cups-lpd.socket cups.socket
@ -453,6 +456,9 @@ getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin
 %postun -p /bin/bash
 %service_del_postun cups.service cups-lpd.socket cups.socket
 # Removed code comments from expanded scriptlets to reduce scriptlet size in binary RPMs
 # but then users could no longer see the comments via "rpm -q --scripts cups"
 # cf. https://build.opensuse.org/request/show/879976
 %posttrans -p /bin/bash
 %if 0
 # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
--- a/let-cupsd-start-after-network.patch
+++ b/let-cupsd-start-after-network.patch
@ -1,24 +0,0 @@
 From: Werner Fink <werner@ssue.de>
 Date: Thu, 18 Oct 2018 05:32:42 +0000
 Subject: Let cupsd start after possible network connection
 For remote printer and printer servers, let cupsd always
 start after a possible network connection.  This let cupsd
 also stop before a used network connection goes down, hence
 the cups does not lock due waiting on remote printers.
 ---
 scheduler/org.cups.cupsd.service.in |    1 +
 1 file changed, 1 insertion(+)
 --- scheduler/org.cups.cupsd.service.in
 +++ scheduler/org.cups.cupsd.service.in	2018-10-18 05:16:30.867333704 +0000
@@ -1,7 +1,7 @@
 [Unit]
 Description=CUPS Scheduler
 Documentation=man:cupsd(8)
 -After=sssd.service
 +After=sssd.service network.target
 [Service]
 ExecStart=@sbindir@/cupsd -l