- Update to version 2.4.8:
+ Added warning if the device has to be asked for
'all,media-col-database' separately.
+ Added new value for 'lpstat' option '-W' - successfull - for
getting successfully printed jobs.
+ Added support for PAM modules password-auth and system-auth.
+ Updated IPP Everywhere printer creation error reporting.
+ Updated and documented the MIME typing buffering limit.
+ Now report an error for temporary printer defaults with
lpadmin.
+ Fixed mapping of PPD InputSlot, MediaType, and OutputBin
values.
+ Fixed "document-unprintable-error" handling.
+ Fixed the web interface not showing an error for a non-existent
printer.
+ Fixed printing of jobs with job name longer than 255 chars on
older printers.
+ Fixed cupsCopyDestInfo device connection detection.
+ Fixed "Upgrade" header handling when there is no TLS support.
+ Fixed memory leak when unloading a job.
+ Fixed memory leak when creating color profiles.
+ Fixed a punch finishing bug in the IPP Everywhere support.
+ Fixed crash in scan_ps() if incoming argument is NULL.
+ Fixed setting job state reasons for successful jobs.
+ Fixed infinite loop in IPP backend if hostname is IP address
with Kerberos.
+ Added additional check on socket if revents from poll() returns
POLLHUP together with POLLIN or POLLOUT in httpAddrConnect2().
+ Fixed crash in ppdEmitString() if size is NULL.
+ Fixed reporting media-source-supported when sharing printer
OBS-URL: https://build.opensuse.org/request/show/1177576
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=409
- Version upgrade to 2.4.1
- Dropped patch upstream_pull_174 because it it is included in this release
- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd)
- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
- Re-enabled testsuite
* Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239))
- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
old: Printing/cups
new: home:ajoga:branches:openSUSE:Factory/cups rev None
Index: cups-2.1.0-default-webcontent-path.patch
===================================================================
--- cups-2.1.0-default-webcontent-path.patch (revision 380)
+++ cups-2.1.0-default-webcontent-path.patch (revision 2)
@@ -1,17 +1,21 @@
---- config-scripts/cups-directories.m4.orig 2014-03-21 17:42:53.000000000 +0100
-+++ config-scripts/cups-directories.m4 2015-09-01 11:08:43.000000000 +0200
-@@ -206,11 +206,11 @@ fi
- AC_SUBST(MENUDIR)
+--- config-scripts/cups-directories.m4
++++ config-scripts/cups-directories.m4.orig
+@@ -166,15 +166,15 @@ AS_IF([test "x$menudir" = x], [
+ AC_SUBST([MENUDIR])
# Documentation files
--AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="")
-+AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="")
+-AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path for documentation]), [
++AC_ARG_WITH([docdir], AS_HELP_STRING([--with-docdir], [set path and DocumentRoot directive for web content, default=datadir/cups/webcontent]), [
+ docdir="$withval"
+ ], [
+ docdir=""
+ ])
- if test x$docdir = x; then
-- CUPS_DOCROOT="$datadir/doc/cups"
-- docdir="$datadir/doc/cups"
-+ CUPS_DOCROOT="$datadir/cups/webcontent"
-+ docdir="$datadir/cups/webcontent"
- else
- CUPS_DOCROOT="$docdir"
- fi
+ AS_IF([test x$docdir = x], [
+- CUPS_DOCROOT="$datadir/doc/cups"
+- docdir="$datadir/doc/cups"
++ CUPS_DOCROOT="$datadir/cups/webcontent"
++ docdir="$datadir/cups/webcontent"
+ ], [
+ CUPS_DOCROOT="$docdir"
+ ])
Index: cups-config-libs.patch
===================================================================
--- cups-config-libs.patch (revision 380)
+++ cups-config-libs.patch (revision 2)
@@ -4,7 +4,7 @@
# flags for compiler and linker...
CFLAGS=""
LDFLAGS="@EXPORT_LDFLAGS@"
--LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@"
+-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_TLSLIBS@ @LIBZ@ @LIBS@"
+LIBS=""
# Check for local invocation...
Index: cups.changes
===================================================================
--- cups.changes (revision 380)
+++ cups.changes (revision 2)
@@ -1,4 +1,88 @@
-------------------------------------------------------------------
+Tue Mar 1 18:16:11 UTC 2022 - Aurélien Joga <aurelienjoga@gmail.com>
+
+- Version upgrade to 2.4.1:
+ * The default color mode now is now configurable and defaults to the printer's reported default mode (Issue #277)
+ * Configuration script now checks linking for -Wl,-pie flags (Issue #303)
+ * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
+ * Fixed missing bracket in de/index.html (Issue #299)
+ * Fixed typos in configuration scripts (Issues #304, #316)
+ * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
+ * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
+ * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)
+ * Added configure option --with-idle-exit-timeout (Issue #294)
+ * Added --with-systemd-timeoutstartsec configure option (Issue #298)
+ * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
+ * Fixed compilation on Solaris (Issue #293)
+ * Fixed and improved German translations (Issue #296, Issue #297)
+ * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
+ * Compilation now uses -fstack-protector-strong if available (Issue #285)
+ * Added support for CUPS running in a Snapcraft snap.
+ * Added basic OAuth 2.0 client support (Issue #100)
+ * Added support for AirPrint and Mopria clients (Issue #105)
+ * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
+ * Added several features and improvements to ipptool (Issue #153)
+ * Added a JSON output mode for ipptool.
+ * The ipptool command now correctly reports an error when a test file cannot be found.
+ * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
+ * Fixed Kerberos authentication for the web interface (Issue #19)
+ * The ZPL sample driver now supports more "standard" label sizes (Issue #70)
+ * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
+ * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
+ * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
+ * The testlang unit test program now loops over all of the available locales by default (Issue #85)
+ * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
+ * The PPD functions now treat boolean values as case-insensitive (Issue #106)
+ * Temporary queue names no longer end with an underscore (Issue #110)
+ * The USB backend now runs as root (Issue #121)
+ * Added pkg-config file for libcups (Issue #122)
+ * Fixed a PPD memory leak caused by emulator definitions (Issue #124)
+ * Fixed a DISPLAY bug in ipptool (Issue #139)
+ * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
+ * Added support for locales using the GB18030 character set (Issue #159)
+ * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
+ * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
+ * The IPP backend now retries Validate-Job requests (Issue #132)
+ * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
+ * Added dark mode support to the CUPS web interface (Issue #152)
+ * Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
+ * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
+ * Now use a 60 second timeout for reading USB backchannel data (Issue #160)
+ * The USB backend now tries harder to find a serial number (Issue #170)
+ * Fixed @IF(name) handling in cupsd.conf (Apple #5918)
+ * Fixed documentation and added examples for CUPS' limited CGI support (Apple #5940)
+ * Fixed the lpc command prompt (Apple #5946)
+ * Now always pass "localhost" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
+ * Fixed a job history update issue in the scheduler (Issue #187)
+ * Fixed job-pages-per-set value for duplex print jobs.
+ * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
+ * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
+ * The scheduler now supports the "everywhere" model directly (Issue #201)
+ * Fixed some IPP Everywhere option mapping problems (Issue #238)
+ * Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
+ * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
+ * Fixed support for the 'offline-report' state for all USB backends (Issue #264)
+ * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
+ * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
+ * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
+ * Web interface updates (Issue #142, Issue #218)
+ * The ippeveprinter tool now automatically uses an available port.
+ * Fixed several Windows TLS and hashing issues.
+ * Deprecated cups-config (Issue #97)
+ * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
+ * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
+ * Stubbed out deprecated httpMD5 functions.
+ * Add test for undefined page ranges during printing.
+- Dropped patch upstream_pull_174 because it it is included in this release
+- Dropped patch cups-2.1.0-cups-systemd-socket.patch because it it is included in this release (e96e96b4bd)
+- Changed upstream source packages signing key (https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579)
+- Re-enabled testsuite
+ * Also removed make check because since upstream change the two target are identical (96ba46ebc8 (diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R239))
+- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style
+- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)
+- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
+
+-------------------------------------------------------------------
Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de
- Enhanced harden_cups.service.patch by adding
Index: cups.keyring
===================================================================
Binary files cups.keyring (revision 380) and cups.keyring (revision 2) differ
Index: cups.spec
===================================================================
--- cups.spec (revision 380)
+++ cups.spec (revision 2)
@@ -18,9 +18,7 @@
# Cf. https://rpm.org/user_doc/conditional_builds.html
# by default enable testsuite (i.e. in the 'check' section run make check and make test)
-#bcond_without testsuite
-# disable testsuite for now until https://github.com/OpenPrinting/cups/issues/155 is fixed
-%bcond_with testsuite
+%bcond_without testsuite
# _tmpfilesdir is not defined in systemd macros up to openSUSE 13.2
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
@@ -29,34 +27,32 @@
# "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
# "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
# version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
-Version: 2.3.3op2
+Version: 2.4.1
Release: 0
Summary: The Common UNIX Printing System
License: Apache-2.0
Group: Hardware/Printing
URL: https://openprinting.github.io/cups
# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
-Source0: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz
+# wget --no-check-certificate -O cups-2.4.1-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
+Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz
# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
-# wget --no-check-certificate -O cups-2.3.3op2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-Source1: https://github.com/OpenPrinting/cups/releases/download/v2.3.3op2/cups-2.3.3op2-source.tar.gz.sig
-# To get Source2 go to https://www.msweet.org/pgp.html
-# PGP Fingerprint: 845464660B686AAB36540B6F999559A027815955
+# wget --no-check-certificate -O cups-2.4.1-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
+Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.1/cups-2.4.1-source.tar.gz.sig
+# To get Source2 use gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
+# See https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
+# PGP Fingerprint: 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
Source2: cups.keyring
# To manually verify Source0 with Source1 and Source2 do e.g.
# gpg --import cups.keyring
-# gpg --list-keys | grep -1 'Michael R Sweet' | grep -v 'expired'
-# gpg --verify cups-2.3.3op2-source.tar.gz.sig cups-2.3.3op2-source.tar.gz
+# gpg --list-keys | grep -1 'Zdenek Dohnal'
+# gpg --verify cups-2.4.1-source.tar.gz.sig cups-2.4.1-source.tar.gz
Source102: Postscript.ppd.gz
Source105: Postscript-level1.ppd.gz
Source106: Postscript-level2.ppd.gz
Source108: cups-client.conf
Source109: baselibs.conf
# Patch0...Patch9 is for patches from upstream:
-# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
-# Use 60s timeout for read_thread, revert read limits
-Patch1: upstream_pull_174.patch
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
@@ -66,8 +62,6 @@
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
Patch11: cups-2.1.0-default-webcontent-path.patch
-# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
-Patch12: cups-2.1.0-cups-systemd-socket.patch
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
Patch100: cups-pam.diff
@@ -83,9 +77,9 @@
Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
Patch104: cups-config-libs.patch
-# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
-Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
Patch107: harden_cups.service.patch
+# Patch108 downgrades the autoconf requirement to the autoconf available in tumbleweed as of writing
+Patch108: downgrade-autoconf-requirement.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes
@@ -280,9 +274,6 @@
%prep
%setup -q
# Patch0...Patch9 is for patches from upstream:
-# Patch1 upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174
-# Use 60s timeout for read_thread, revert read limits
-%patch1 -p1
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-2.1.0-choose-uri-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
%patch10 -b choose-uri-template.orig
@@ -291,8 +282,6 @@
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
%patch11 -b default-webcontent-path.orig
-# Patch12 cups-2.1.0-cups-systemd-socket.patch Use systemd socket activation properly:
-#patch12 -b cups-systemd-socket.orig
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
%patch100 -b cups-pam.orig
@@ -308,9 +297,8 @@
%patch103 -b do_not_strip_recommended_from_PPDs.orig
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
%patch104 -b cups-config-libs.orig
-# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
-%patch106 -p1
%patch107 -p1
+%patch108 -p1
%build
# Remove ".SILENT" rule for verbose build output
@@ -439,8 +427,6 @@
# There appears to be some kind of race condition when running make check and make test
# cf. https://github.com/OpenPrinting/cups/issues/155
# We print all logs for debugging purposes if either testsuite fails
-echo "DEBUG: running make check"
-bash -c 'make %{?_smp_mflags} check; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
echo "DEBUG: running make test"
bash -c 'make %{?_smp_mflags} test; EXIT=$?; if [ $EXIT -ne 0 ]; then cat test/*_log*-$(whoami); fi; exit $EXIT'
%else
@@ -681,6 +667,7 @@
%files devel
%defattr(-,root,root)
+/usr/lib/pkgconfig/cups.pc
%{_includedir}/cups/
%{_libdir}/libcups.so
%{_libdir}/libcupsimage.so
Index: cups-2.4.1-source.tar.gz
===================================================================
Binary file cups-2.4.1-source.tar.gz (revision 2) added
Index: cups-2.4.1-source.tar.gz.sig
===================================================================
Binary file cups-2.4.1-source.tar.gz.sig (revision 2) added
Index: downgrade-autoconf-requirement.patch
===================================================================
--- downgrade-autoconf-requirement.patch (added)
+++ downgrade-autoconf-requirement.patch (revision 2)
@@ -0,0 +1,15 @@
+diff --git a/configure.ac b/configure.ac
+index a8c6c1040..6ace74a8d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. See the file "LICENSE" for more
+ dnl information.
+ dnl
+
+-dnl We need at least autoconf 2.71...
+-AC_PREREQ([2.71])
++dnl We need at least autoconf 2.69...
++AC_PREREQ([2.69])
+
+ dnl Package name and version...
+ AC_INIT([CUPS],[2.4.1],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])
Index: cups-2.1.0-cups-systemd-socket.patch
===================================================================
--- cups-2.1.0-cups-systemd-socket.patch (revision 380)
+++ cups-2.1.0-cups-systemd-socket.patch (deleted)
@@ -1,43 +0,0 @@
---- scheduler/main.c.orig 2015-06-08 20:32:35.000000000 +0200
-+++ scheduler/main.c 2015-09-01 11:19:36.000000000 +0200
-@@ -656,7 +656,15 @@ main(int argc, /* I - Number of comm
-
- #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
- if (OnDemand)
-+ {
- cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
-+# ifdef HAVE_SYSTEMD
-+ sd_notifyf(0, "READY=1\n"
-+ "STATUS=Scheduler is running...\n"
-+ "MAINPID=%lu",
-+ (unsigned long) getpid());
-+# endif /* HAVE_SYSTEMD */
-+ }
- else
- #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
- if (fg)
---- scheduler/org.cups.cupsd.path.in.orig 2014-03-21 15:50:24.000000000 +0100
-+++ scheduler/org.cups.cupsd.path.in 2015-09-01 11:20:37.000000000 +0200
-@@ -3,6 +3,7 @@ Description=CUPS Scheduler
-
- [Path]
- PathExists=@CUPS_CACHEDIR@/org.cups.cupsd
-+PathExistsGlob=@CUPS_REQUESTS@/d*
-
- [Install]
- WantedBy=multi-user.target
---- scheduler/org.cups.cupsd.service.in.orig 2014-10-21 13:54:05.000000000 +0200
-+++ scheduler/org.cups.cupsd.service.in 2015-09-01 11:22:09.000000000 +0200
-@@ -1,10 +1,11 @@
- [Unit]
- Description=CUPS Scheduler
- Documentation=man:cupsd(8)
-+After=network.target
-
- [Service]
- ExecStart=@sbindir@/cupsd -l
--Type=simple
-+Type=notify
-
- [Install]
- Also=org.cups.cupsd.socket org.cups.cupsd.path
Index: cups-2.3.3op2-source.tar.gz
===================================================================
Binary file cups-2.3.3op2-source.tar.gz (revision 380) deleted
Index: cups-2.3.3op2-source.tar.gz.sig
===================================================================
Binary file cups-2.3.3op2-source.tar.gz.sig (revision 380) deleted
Index: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
===================================================================
--- fix-negotiate-authentication-between-CGIs-and-scheduler.patch (revision 380)
+++ fix-negotiate-authentication-between-CGIs-and-scheduler.patch (deleted)
@@ -1,223 +0,0 @@
-From d4521ed0df7e625ccf2bc079bab6f48c46ef9bf9 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Mon, 26 Oct 2020 17:35:22 +0100
-Subject: [PATCH 1/4] Avoid infinite loop in admin.cgi when negotiate is used
-
-SetAuthorizationString with NULL argument sets an empty string.
-
-Related: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index db45bbba6..f2409350a 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -295,7 +295,7 @@ cupsDoAuthentication(
- }
- }
-
-- if (http->authstring)
-+ if (http->authstring && http->authstring[0])
- {
- DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
-
---
-2.30.2
-
-
-From 61ad7780bc7d0593e3225d088ac6dff31badf801 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:11:41 +0100
-Subject: [PATCH 2/4] Add cups_is_local_connection() to check if connection is
- to localhost
-
-Related: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index f2409350a..d2956438d 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
- # define cups_gss_printf(major, minor, message)
- # endif /* DEBUG */
- #endif /* HAVE_GSSAPI */
-+static int cups_is_local_connection(http_t *http);
- static int cups_local_auth(http_t *http);
-
-
-@@ -916,6 +917,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
- # endif /* DEBUG */
- #endif /* HAVE_GSSAPI */
-
-+static int /* O - 0 if not a local connection */
-+ /* 1 if local connection */
-+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
-+{
-+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
-+ return 0;
-+ return 1;
-+}
-
- /*
- * 'cups_local_auth()' - Get the local authorization certificate if
-@@ -958,7 +967,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
- * See if we are accessing localhost...
- */
-
-- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
-+ if (!cups_is_local_connection(http))
- {
- DEBUG_puts("8cups_local_auth: Not a local connection!");
- return (1);
---
-2.30.2
-
-
-From f629d079750a86b1b605c285f99c0dea3933ca50 Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:23:30 +0100
-Subject: [PATCH 3/4] Try local kerberos ccache credentials only for remote
- servers
-
-If connecting to localhost then proceed to ask the client for the
-authorization using cupsGetPassword2. The get password callback will
-return 401 to the client with WWW-Authenticate: Negotiate.
-
-Fixes: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index d2956438d..9661657fc 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -175,10 +175,10 @@ cupsDoAuthentication(
- DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
-
- #ifdef HAVE_GSSAPI
-- if (!_cups_strcasecmp(scheme, "Negotiate"))
-+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
- {
- /*
-- * Kerberos authentication...
-+ * Kerberos authentication to remote server...
- */
-
- int gss_status; /* Auth status */
-@@ -202,7 +202,9 @@ cupsDoAuthentication(
- }
- else
- #endif /* HAVE_GSSAPI */
-- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
-+ if (_cups_strcasecmp(scheme, "Basic") &&
-+ _cups_strcasecmp(scheme, "Digest") &&
-+ _cups_strcasecmp(scheme, "Negotiate"))
- {
- /*
- * Other schemes not yet supported...
-@@ -216,7 +218,7 @@ cupsDoAuthentication(
- * See if we should retry the current username:password...
- */
-
-- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
-+ if (http->digest_tries > 1 || !http->userpass[0])
- {
- /*
- * Nope - get a new password from the user...
---
-2.30.2
-
-
-From 0563a28b18b21d5574a5e0e38b74246146074bbf Mon Sep 17 00:00:00 2001
-From: Samuel Cabrero <scabrero@suse.de>
-Date: Tue, 27 Oct 2020 16:18:03 +0100
-Subject: [PATCH 4/4] Allow Local authentication for Negotiate
-
-PeerCred is also possible if address family is AF_LOCAL. This will allow
-the CGI programs to generate the authorization from the local
-certificates based on PID also when Negotiate is used for local
-connections:
-
-Client CGI
-Browser <- Remote conn -> admin.cgi <--- Localhost conn ---> Scheduler
- | | |
- + --- HTTP/POST /admin/ --> | |
- | + --- CUPS-Get-Devices ------------> |
- | | |
- | | <-- 401 Unauthorized --------------+
- | | WWW-Authenticate: |
- | | Negotiate, (PeerCred,) Local |
- | | |
- | <-- 401 Unauthorized -----+ |
- | WWW-Authenticate: | |
- | Negotiate | |
- | | |
- | --- HTTP/POST /admin/ --> | |
- | Authorization: + --- IPP CUPS-GetDevices ---------> |
- | Negotiate | Authorization: Local <cert> |
- | | |
-
-Fixes: #5596
-
-Signed-off-by: Samuel Cabrero <scabrero@suse.de>
----
- cups/auth.c | 5 -----
- scheduler/client.c | 9 ++-------
- 2 files changed, 2 insertions(+), 12 deletions(-)
-
-diff --git a/cups/auth.c b/cups/auth.c
-index 9661657fc..b6fec6b98 100644
---- a/cups/auth.c
-+++ b/cups/auth.c
-@@ -1043,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
- }
- # endif /* HAVE_AUTHORIZATION_H */
-
--# ifdef HAVE_GSSAPI
-- if (cups_auth_find(www_auth, "Negotiate"))
-- return (1);
--# endif /* HAVE_GSSAPI */
--
- # if defined(SO_PEERCRED) && defined(AF_LOCAL)
- /*
- * See if we can authenticate using the peer credentials provided over a
-diff --git a/scheduler/client.c b/scheduler/client.c
-index c2ee8f12a..56797d58d 100644
---- a/scheduler/client.c
-+++ b/scheduler/client.c
-@@ -2109,18 +2109,13 @@ cupsdSendHeader(
- }
- else if (auth_type == CUPSD_AUTH_NEGOTIATE)
- {
--#if defined(SO_PEERCRED) && defined(AF_LOCAL)
-- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
-- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
-- else
--#endif /* SO_PEERCRED && AF_LOCAL */
- strlcpy(auth_str, "Negotiate", sizeof(auth_str));
- }
-
-- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
-+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
- {
- /*
-- * Add a "trc" (try root certification) parameter for local non-Kerberos
-+ * Add a "trc" (try root certification) parameter for local
- * requests when the request requires system group membership - then the
- * client knows the root certificate can/should be used.
- *
---
-2.30.2
-
Index: upstream_pull_174.patch
===================================================================
--- upstream_pull_174.patch (revision 380)
+++ upstream_pull_174.patch (deleted)
@@ -1,53 +0,0 @@
-From c37d71b1a31d26a4790166e2508822b18934a5c0 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Tue, 13 Apr 2021 15:44:14 +0200
-Subject: [PATCH 1/2] backend/usb-libusb.c: Use 60s timeout for reading at
- backchannel
-
-Some older models malfunction if timeout is too short.
----
- CHANGES.md | 1 +
- backend/usb-libusb.c | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
---- a/backend/usb-libusb.c
-+++ b/backend/usb-libusb.c
-@@ -1704,7 +1704,7 @@ static void *read_thread(void *reference)
- readstatus = libusb_bulk_transfer(g.printer->handle,
- g.printer->read_endp,
- readbuffer, rbytes,
-- &rbytes, 250);
-+ &rbytes, 60000);
- if (readstatus == LIBUSB_SUCCESS && rbytes > 0)
- {
- fprintf(stderr, "DEBUG: Read %d bytes of back-channel data...\n", (int)rbytes);
-
-From 4cb6f6806cdbe040d478b266a1d351b19341dd79 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Tue, 13 Apr 2021 15:47:37 +0200
-Subject: [PATCH 2/2] backend/usb-libusb.c: Revert enforcing read limits
-
-This commit reverts the change introduced by 2.2.12 [1] - its
-implementation caused a regression with Lexmark filters.
-
-[1]
-35e927f835
----
- CHANGES.md | 1 +
- backend/usb-libusb.c | 3 ++-
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/backend/usb-libusb.c b/backend/usb-libusb.c
-index fbb0d9d89..89b5182f7 100644
---- a/backend/usb-libusb.c
-+++ b/backend/usb-libusb.c
-@@ -1721,7 +1721,8 @@ static void *read_thread(void *reference)
- * Make sure this loop executes no more than once every 250 miliseconds...
- */
-
-- if ((g.wait_eof || !g.read_thread_stop))
-+ if ((readstatus != LIBUSB_SUCCESS || rbytes == 0) &&
-+ (g.wait_eof || !g.read_thread_stop))
- usleep(250000);
- }
- while (g.wait_eof || !g.read_thread_stop);
OBS-URL: https://build.opensuse.org/request/show/958348
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=381
I messed up with the changes file - here is the fixed version.
For now I've disabled the testsuite with %bcond_without testsuite, that it can be enabled for testing.
- Wrap make check and make test in bash, to "prevent" race-condition
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
fixes web UI Kerberos authentication (bsc#1175960)
- Upstream changed to https://github.com/OpenPrinting/cups
- Added %check section to specfile that executes the old `make check` and the new (see 2.3.3op1) `make test` (disabled for now)
- Version upgrade to 2.3.3op2
OBS-URL: https://build.opensuse.org/request/show/881387
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=370
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
sub-libraries have been merged into libsystemd since version 209.
openSUSE 13.1 was the last product to ship systemd 208.
NOTE: for SLE, this should also not break: SLE11 is disabled in Printing (and was not systemd based at all, so the old package already could not have worked); SLE12 GA already shipped systemd 210 (as did openSUSE 13.2).
OBS-URL: https://build.opensuse.org/request/show/445542
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=321
- Add gpg verification for the tarball
- Version update to 2.0.4:
* Fixed a bug in cupsRasterWritePixels (STR #4650)
* Fixed redirection in the web interface (STR #4538)
* The IPP backend did not respond to side-channel requests (STR #4645)
* The scheduler did not start all pending jobs at once (STR #4646)
* The web search incorrectly searched time-at-xxx values (STR #4652)
* Fixed an RPM spec file issue (STR #4657)
* The scheduler incorrectly started jobs while canceling multiple jobs (STR
#4648)
* Fixed processing of server overrides without port numbers (STR #4675)
* Documentation changes (STR #4651, STR #4674)
OBS-URL: https://build.opensuse.org/request/show/324682
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=306
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.
- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid page header and
compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was
already an IPP keyword (<rdar://problem/19121005>)
* cupsGetPPD* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
as most do not want it
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by the %service bla
ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package
* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only
OBS-URL: https://build.opensuse.org/request/show/286370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=125
Final submission, there seem to be no activity on factory so it works
or nobody cares :)
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.
- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid page header and
compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was
already an IPP keyword (<rdar://problem/19121005>)
* cupsGetPPD* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
as most do not want it
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by the %service bla
ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package
* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only
OBS-URL: https://build.opensuse.org/request/show/286363
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=294
(cf. the entry below dated "Wed Jun 26 10:39:30 CEST 2013")
because in contrast to IBS where krb5-mini-devel is available
for build in SUSE:SLE-12:GA in OBS it cannot build for SLE_12
with "unresolvable: nothing provides krb5-mini-devel".
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=290
Solve bnc#857372 (and its various duplicates) by a major clean up and fix of the systemd unit files for CUPS that makes it again simple and secure to get cupsd working again as it did all the time in the past by a single simple and secure cups.service unit file. For experienced users cups.socket and cups.path are still provided as templates in /usr/share/doc/packages/cups/systemd/ so that experienced users can derive their own cups.socket and cups.path files according to their particular needs. When cupsd again "just works" as it did all the time in the past, then the next step is an optional systemd generator to create cups.socket that matches cupsd.conf see bnc#861084.
OBS-URL: https://build.opensuse.org/request/show/215537
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=274
(usually /usr/share/cups/fonts -> ../ghostscript/fonts
but it does not matter whereto such a link points)
then remove the link because CUPS' own Monospace fonts
are provided by this package in the /usr/share/cups/fonts/
directory but RPM cannot replace a symbolic link by a directory
(RPM would complain with "file /usr/share/cups/fonts
from install of cups-<new.version> conflicts
with file from package cups-<old.version>")
see https://bugzilla.novell.com/show_bug.cgi?id=856731#c6
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=271
- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes
some IPP printing issues.
Excerpt:
* The IPP backend no longer tries to get the job status for
printers that do not implement the required operation
(STR #4083).
* Sending a document in an unsupported format to an IPP printer
now automatically cancels the job (STR #4093).
* The IPP backend now treats the client-error-not-possible
status code as a job history issue, allowing IPP printing to
Windows to work(STR #4047).
For a complete list see the CHANGES.txt file.
- revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of
an upstream fix.
Apple grant an openssl linking exception (and an exception for
linking on Apple owned operating systems). (forwarded request 136162 from <bound method Request.get_creator of <osc.core.Request instance at 0x84b954c>>)
OBS-URL: https://build.opensuse.org/request/show/136163
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=102
- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes
some IPP printing issues.
Excerpt:
* The IPP backend no longer tries to get the job status for
printers that do not implement the required operation
(STR #4083).
* Sending a document in an unsupported format to an IPP printer
now automatically cancels the job (STR #4093).
* The IPP backend now treats the client-error-not-possible
status code as a job history issue, allowing IPP printing to
Windows to work(STR #4047).
For a complete list see the CHANGES.txt file.
- revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of
an upstream fix.
Apple grant an openssl linking exception (and an exception for
linking on Apple owned operating systems).
OBS-URL: https://build.opensuse.org/request/show/136162
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=246
from becoming hardlinked via the fdupes run in cups.spec
(see the 'Wed Aug 26 21:43:03 CEST 2009' entry below)
by making their content different and at the same time
fix the misleading comment (openSUSE Bugzilla bnc#773971).
- Minor clean-up in cups.spec (the "Remove unpackaged files"
via "rm -rf <some_man-pages>") is no longer needed because
those man pages are no longer installed.
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=243
because the Ghostscript device "cups" is needed by several CUPS
filters (in particular the "rasterto..." filters) but those
filters are not used on all systems (e.g. on a print server
with only "raw" queues) so that a weak Recommends fits better.
Furthermore this avoids a build dependency cycle between the
main-packages cups and ghostscript.
- No longer require /usr/bin/pdftops but only a "Recommends"
because the CUPS filter /usr/lib/cups/filter/pdftops
(which calls /usr/bin/pdftops) is not used on all systems
(e.g. on a print server with only "raw" queues) so that
a weak Recommends fits better.
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=239
- Use explicit buildrequires on the needed libraries.
otherwise build will fail after libtiff-devel deps cleanup
- Cleanup requires of -devel package, which only needs glibc-devel
- Fix up, cups-config script, which with option --libs adds:
LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto
-lz -lpthread -lm -lcrypt "
IMGLIBS="-ltiff -ljpeg -lpng"
This only makes sense when using static linking but we dont ship
static libraries and will only help bloating dependant packages.
OBS-URL: https://build.opensuse.org/request/show/99539
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=232
"Fri Sep 23 09:54:39 CEST 2011" so that baselibs.conf again
contains only one line "cups-libs" as before because the
submitrequest 85423 Printing/cups -> openSUSE:Factory/cups
was declined by coolo with the following reason:
"cups-devel-32bit requires cups-32bit (default requires),
which does not exist".
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=223
* network backends could crash if a printer returned a value
of 0 for the maximum capacity for a supply (STR #3875)
* For a complete list see the CHANGES.txt file.
- Upgraded to CUPS 1.4.7
* imageto* filters could crash with bad GIF files (STR #3867)
* CUPS did not work with some printers that incorrectly
implemented the HTTP/1.1 standard (STR #3778, STR #3791)
* Fixed crash in scheduler when the application/octet-stream
MIME type was not defined (STR #3690)
* The web interface no longer tries to use multi-part delivery
when adding printers (STR #3455) using Epiphany or IE
* "lp" and "lpr" failed with Kerberos enabled (STR #3768)
* Remote printer URIs with options did not work (STR #3717)
* The scheduler now only looks up interface hostnames
if HostNameLookups are enabled (STR #3737)
* The scheduler could crash if a browsed printer times out
while a job is printing (STR #3754)
* For a complete list see the CHANGES.txt file.
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=222
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
