From 781f45c63532ac86658d16fba681162ad75cd68f Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Nov 2024 11:08:01 +0000 Subject: [PATCH] import UBI cups-2.3.3op2-31.el9_5 --- ...e-data-into-etc-cups-lpoptions-if-we.patch | 32 ++ .../0001-fix-warnings-for-unused-vars.patch | 24 ++ ...erywhere-printer-changes-from-master.patch | 57 +++ ...001-ppdize-preset-and-template-names.patch | 116 ++++++ .../0001-quote-ppd-localized-strings.patch | 220 +++++++++++ .../0001-refactor-make-and-model-code.patch | 136 +++++++ ...x-sending-response-headers-to-client.patch | 64 ++++ SOURCES/cups-lspp.patch | 362 ++++++++++-------- SPECS/cups.spec | 69 +++- 9 files changed, 903 insertions(+), 177 deletions(-) create mode 100644 SOURCES/0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch create mode 100644 SOURCES/0001-fix-warnings-for-unused-vars.patch create mode 100644 SOURCES/0001-mirror-ipp-everywhere-printer-changes-from-master.patch create mode 100644 SOURCES/0001-ppdize-preset-and-template-names.patch create mode 100644 SOURCES/0001-quote-ppd-localized-strings.patch create mode 100644 SOURCES/0001-refactor-make-and-model-code.patch create mode 100644 SOURCES/0001-scheduler-Fix-sending-response-headers-to-client.patch diff --git a/SOURCES/0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch b/SOURCES/0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch new file mode 100644 index 0000000..9d62558 --- /dev/null +++ b/SOURCES/0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch @@ -0,0 +1,32 @@ +From 8ae6eb11184dcbd9eaf3c6badd4fad59fcc3863a Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Mon, 15 Aug 2022 17:38:12 +0200 +Subject: [PATCH] cups/dest.c: Write data into /etc/cups/lpoptions if we're + root + +Fixes #454 , the patch is created by Yair Yarom +(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008053). +--- + cups/dest.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/cups/dest.c b/cups/dest.c +index f563ce226..a9273ff93 100644 +--- a/cups/dest.c ++++ b/cups/dest.c +@@ -2080,7 +2080,11 @@ cupsSetDests2(http_t *http, /* I - Connection to server or @code CUPS_HTTP_ + + snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot); + +- if (cg->home) ++ if (cg->home ++#ifndef _WIN32 ++ && getuid() != 0 ++#endif /* !_WIN32 */ ++ ) + { + /* + * Create ~/.cups subdirectory... +-- +2.44.0 + diff --git a/SOURCES/0001-fix-warnings-for-unused-vars.patch b/SOURCES/0001-fix-warnings-for-unused-vars.patch new file mode 100644 index 0000000..e5950be --- /dev/null +++ b/SOURCES/0001-fix-warnings-for-unused-vars.patch @@ -0,0 +1,24 @@ +diff -up cups-2.3.3op2/cups/ppd-cache.c.fix-warn cups-2.3.3op2/cups/ppd-cache.c +--- cups-2.3.3op2/cups/ppd-cache.c.fix-warn 2024-09-30 17:30:39.098043436 +0200 ++++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:31:30.738393111 +0200 +@@ -3051,8 +3051,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + int resolutions[1000]; + /* Array of resolution indices */ + char msgid[256]; /* Message identifier (attr.value) */ +- const char *keyword, /* Keyword value */ +- *msgstr; /* Localized string */ ++ const char *keyword; /* Keyword value */ + cups_lang_t *lang = cupsLangDefault(); + /* Localization info */ + cups_array_t *strings = NULL;/* Printer strings file */ +@@ -4661,9 +4660,8 @@ _ppdCreateFromIPP(char *buffer, /* I - + { + ipp_t *preset = ippGetCollection(attr, i); + /* Preset collection */ +- const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL), ++ const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL); + /* Preset name */ +- *localized_name; /* Localized preset name */ + ipp_attribute_t *member; /* Member attribute in preset */ + const char *member_name; /* Member attribute name */ + char member_value[256]; /* Member attribute value */ diff --git a/SOURCES/0001-mirror-ipp-everywhere-printer-changes-from-master.patch b/SOURCES/0001-mirror-ipp-everywhere-printer-changes-from-master.patch new file mode 100644 index 0000000..31f1f7a --- /dev/null +++ b/SOURCES/0001-mirror-ipp-everywhere-printer-changes-from-master.patch @@ -0,0 +1,57 @@ +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index 977d0c6..c484d33 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -3134,10 +3134,10 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */ + cupsFilePuts(fp, "*cupsSNMPSupplies: False\n"); + cupsFilePrintf(fp, "*cupsLanguages: \"%s\"\n", lang->language); + +- if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL) ++ if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) + cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL)); + +- if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL) ++ if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) + cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); + + if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL) +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 728d164..5089172 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -5773,6 +5773,18 @@ create_local_bg_thread( + cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString()); + } + ++ // Validate response from printer... ++ if (!ippValidateAttributes(response)) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "%s: The printer contains invalid attributes.", printer->name); ++ ++ if (response) ++ ippDelete(response); ++ ++ httpClose(http); ++ return (NULL); ++ } ++ + // TODO: Grab printer icon file... + httpClose(http); + +diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c +index daf24d5..eba7551 100644 +--- a/systemv/lpadmin.c ++++ b/systemv/lpadmin.c +@@ -1226,6 +1226,12 @@ get_printer_ppd( + ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs); + response = cupsDoRequest(http, request, resource); + ++ if (response && !ippValidateAttributes(response)) ++ { ++ _cupsLangPrintf(stderr, _("%s: The printer \"%s\" contains invalid IPP attributes."), "lpadmin", uri); ++ return (NULL); ++ } ++ + if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE) + { + _cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString()); diff --git a/SOURCES/0001-ppdize-preset-and-template-names.patch b/SOURCES/0001-ppdize-preset-and-template-names.patch new file mode 100644 index 0000000..ec88f36 --- /dev/null +++ b/SOURCES/0001-ppdize-preset-and-template-names.patch @@ -0,0 +1,116 @@ +From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Mon, 9 Sep 2024 15:59:57 -0400 +Subject: [PATCH] PPDize preset and template names. + +--- + cups/ppd-cache.c | 33 ++++++++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 9 deletions(-) + +diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c +index 986c64f73..18c38d0ee 100644 +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -4975,12 +4975,14 @@ _ppdCreateFromIPP2( + + cupsArrayAdd(templates, (void *)keyword); + ++ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); ++ + snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); + if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) + if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) + msgstr = keyword; + +- cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword); ++ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); + for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) + { + if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) +@@ -4993,7 +4995,7 @@ _ppdCreateFromIPP2( + } + } + cupsFilePuts(fp, "\"\n"); +- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr); ++ cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); + cupsFilePuts(fp, "*End\n"); + } + +@@ -5039,7 +5041,8 @@ _ppdCreateFromIPP2( + if (!preset || !preset_name) + continue; + +- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name); ++ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); ++ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname); + for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset)) + { + member_name = ippGetName(member); +@@ -5080,7 +5083,10 @@ _ppdCreateFromIPP2( + fin_col = ippGetCollection(member, i); + + if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL) +- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword); ++ { ++ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); ++ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname); ++ } + } + } + else if (!strcmp(member_name, "media")) +@@ -5107,13 +5113,13 @@ _ppdCreateFromIPP2( + if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL) + { + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); +- cupsFilePrintf(fp, "*InputSlot %s\n", keyword); ++ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname); + } + + if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL) + { + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); +- cupsFilePrintf(fp, "*MediaType %s\n", keyword); ++ cupsFilePrintf(fp, "*MediaType %s\n", ppdname); + } + } + else if (!strcmp(member_name, "print-quality")) +@@ -5159,7 +5165,10 @@ _ppdCreateFromIPP2( + cupsFilePuts(fp, "\"\n*End\n"); + + if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) +- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name); ++ { ++ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); ++ cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); ++ } + } + } + +@@ -5543,7 +5552,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ + *end; /* End of name buffer */ + + +- if (!ipp) ++ if (!ipp || !_cups_isalnum(*ipp)) + { + *name = '\0'; + return; +@@ -5558,8 +5567,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */ + ipp ++; + *ptr++ = (char)toupper(*ipp++ & 255); + } +- else ++ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp)) ++ { + *ptr++ = *ipp++; ++ } ++ else ++ { ++ ipp ++; ++ } + } + + *ptr = '\0'; +-- +2.46.1 + diff --git a/SOURCES/0001-quote-ppd-localized-strings.patch b/SOURCES/0001-quote-ppd-localized-strings.patch new file mode 100644 index 0000000..5d26c47 --- /dev/null +++ b/SOURCES/0001-quote-ppd-localized-strings.patch @@ -0,0 +1,220 @@ +diff -up cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings cups-2.3.3op2/cups/ppd-cache.c +--- cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings 2024-09-30 17:24:43.345405200 +0200 ++++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:29:35.752595925 +0200 +@@ -29,6 +29,7 @@ + */ + + static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize); ++static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid); + static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value); + static void pwg_add_message(cups_array_t *a, const char *msg, const char *str); + static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b); +@@ -3211,7 +3212,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) + cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL)); + +- if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL) ++ if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr)) + { + http_t *http = NULL; /* Connection to printer */ + char stringsfile[1024]; /* Temporary strings file */ +@@ -3768,13 +3769,16 @@ _ppdCreateFromIPP(char *buffer, /* I - + cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname); + + for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++) ++ { + if (!strcmp(sources[j], keyword)) + { + snprintf(msgid, sizeof(msgid), "media-source.%s", keyword); ++ + cupsFilePrintf(fp, "*InputSlot %s: \"<>setpagedevice\"\n", ppdname, j); +- cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, _cupsLangString(lang, msgid)); ++ ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid); + break; + } ++ } + } + cupsFilePuts(fp, "*CloseUI: *InputSlot\n"); + } +@@ -3800,12 +3804,9 @@ _ppdCreateFromIPP(char *buffer, /* I - + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); + + snprintf(msgid, sizeof(msgid), "media-type.%s", keyword); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + cupsFilePrintf(fp, "*MediaType %s: \"<>setpagedevice\"\n", ppdname, ppdname); +- cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr); ++ ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid); + } + cupsFilePuts(fp, "*CloseUI: *MediaType\n"); + } +@@ -4035,12 +4036,9 @@ _ppdCreateFromIPP(char *buffer, /* I - + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); + + snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname); +- cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr); ++ ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid); + + if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL) + { +@@ -4159,9 +4157,6 @@ _ppdCreateFromIPP(char *buffer, /* I - + cupsArrayAdd(names, (char *)keyword); + + snprintf(msgid, sizeof(msgid), "finishings.%d", value); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) + ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; +@@ -4176,7 +4171,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + continue; + + cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword); +- cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); ++ ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword); + } + +@@ -4239,9 +4234,6 @@ _ppdCreateFromIPP(char *buffer, /* I - + cupsArrayAdd(names, (char *)keyword); + + snprintf(msgid, sizeof(msgid), "finishings.%d", value); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) + ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; +@@ -4256,7 +4248,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + continue; + + cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword); +- cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); ++ ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword); + } + +@@ -4327,9 +4319,6 @@ _ppdCreateFromIPP(char *buffer, /* I - + cupsArrayAdd(names, (char *)keyword); + + snprintf(msgid, sizeof(msgid), "finishings.%d", value); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE) + ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE]; +@@ -4344,7 +4333,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + continue; + + cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword); +- cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); ++ ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword); + } + +@@ -4415,9 +4404,6 @@ _ppdCreateFromIPP(char *buffer, /* I - + cupsArrayAdd(names, (char *)keyword); + + snprintf(msgid, sizeof(msgid), "finishings.%d", value); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + if (value == IPP_FINISHINGS_TRIM) + ppd_keyword = "Auto"; +@@ -4425,7 +4411,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES]; + + cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword); +- cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr); ++ ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid); + cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword); + } + +@@ -4467,9 +4453,6 @@ _ppdCreateFromIPP(char *buffer, /* I - + pwg_ppdize_name(keyword, ppdname, sizeof(ppdname)); + + snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword); +- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr)) +- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid) +- msgstr = keyword; + + cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname); + for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col)) +@@ -4484,7 +4467,7 @@ _ppdCreateFromIPP(char *buffer, /* I - + } + } + cupsFilePuts(fp, "\"\n"); +- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr); ++ ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid); + cupsFilePuts(fp, "*End\n"); + } + +@@ -4811,11 +4794,9 @@ _ppdCreateFromIPP(char *buffer, /* I - + + cupsFilePuts(fp, "\"\n*End\n"); + +- if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name) +- { +- pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); +- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name); +- } ++ snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name); ++ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname)); ++ ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid); + } + } + +@@ -5054,6 +5035,43 @@ cups_get_url(http_t **http, /* IO - + } + + ++/* ++ * 'ppd_put_strings()' - Write localization attributes to a PPD file. ++ */ ++ ++static void ++ppd_put_string(cups_file_t *fp, /* I - PPD file */ ++ cups_lang_t *lang, /* I - Language */ ++ cups_array_t *strings, /* I - Strings */ ++ const char *ppd_option,/* I - PPD option */ ++ const char *ppd_choice,/* I - PPD choice */ ++ const char *pwg_msgid) /* I - PWG message ID */ ++{ ++ const char *text; /* Localized text */ ++ ++ ++ if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text)) ++ { ++ if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid) ++ return; ++ } ++ ++ // Add the first line of localized text... ++ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice); ++ while (*text && *text != '\n') ++ { ++ // Escape ":" and "<"... ++ if (*text == ':' || *text == '<') ++ cupsFilePrintf(fp, "<%02X>", *text); ++ else ++ cupsFilePutChar(fp, *text); ++ ++ text ++; ++ } ++ cupsFilePuts(fp, ": \"\"\n"); ++} ++ ++ + /* + * 'pwg_add_finishing()' - Add a finishings value. + */ diff --git a/SOURCES/0001-refactor-make-and-model-code.patch b/SOURCES/0001-refactor-make-and-model-code.patch new file mode 100644 index 0000000..c556e5c --- /dev/null +++ b/SOURCES/0001-refactor-make-and-model-code.patch @@ -0,0 +1,136 @@ +diff -up cups-2.3.3op2/cups/ppd-cache.c.make-model-refact cups-2.3.3op2/cups/ppd-cache.c +--- cups-2.3.3op2/cups/ppd-cache.c.make-model-refact 2024-09-30 17:19:35.443100091 +0200 ++++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:24:10.927162954 +0200 +@@ -3027,9 +3027,10 @@ _ppdCreateFromIPP(char *buffer, /* I - + ipp_t *media_col, /* Media collection */ + *media_size; /* Media size collection */ + char make[256], /* Make and model */ +- *model, /* Model name */ ++ *mptr, /* Pointer into make and model */ + ppdname[PPD_MAX_NAME]; + /* PPD keyword */ ++ const char *model; /* Model name */ + int i, j, /* Looping vars */ + count, /* Number of values */ + bottom, /* Largest bottom margin */ +@@ -3090,35 +3091,105 @@ _ppdCreateFromIPP(char *buffer, /* I - + } + + /* +- * Standard stuff for PPD file... ++ * Get a sanitized make and model... + */ + +- cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); +- cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); +- cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); +- cupsFilePuts(fp, "*LanguageVersion: English\n"); +- cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); +- cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); +- cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); +- cupsFilePuts(fp, "*FileSystem: False\n"); +- cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); ++ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr)) ++ { ++ /* ++ * Sanitize the model name to only contain PPD-safe characters. ++ */ + +- if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL) + strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); ++ ++ for (mptr = make; *mptr; mptr ++) ++ { ++ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"') ++ { ++ /* ++ * Truncate the make and model on the first bad character... ++ */ ++ ++ *mptr = '\0'; ++ break; ++ } ++ } ++ ++ while (mptr > make) ++ { ++ /* ++ * Strip trailing whitespace... ++ */ ++ ++ mptr --; ++ if (*mptr == ' ') ++ *mptr = '\0'; ++ } ++ ++ if (!make[0]) ++ { ++ /* ++ * Use a default make and model if nothing remains... ++ */ ++ ++ strlcpy(make, "Unknown", sizeof(make)); ++ } ++ } + else +- strlcpy(make, "Unknown Printer", sizeof(make)); ++ { ++ /* ++ * Use a default make and model... ++ */ ++ ++ strlcpy(make, "Unknown", sizeof(make)); ++ } + + if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || + !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) + { ++ /* ++ * Normalize HP printer make and model... ++ */ ++ + model = make + 16; + strlcpy(make, "HP", sizeof(make)); ++ ++ if (!_cups_strncasecmp(model, "HP ", 3)) ++ model += 3; ++ } ++ else if ((mptr = strchr(make, ' ')) != NULL) ++ { ++ /* ++ * Separate "MAKE MODEL"... ++ */ ++ ++ while (*mptr && *mptr == ' ') ++ *mptr++ = '\0'; ++ ++ model = mptr; + } +- else if ((model = strchr(make, ' ')) != NULL) +- *model++ = '\0'; + else +- model = make; ++ { ++ /* ++ * No separate model name... ++ */ ++ ++ model = "Printer"; ++ } ++ ++ /* ++ * Standard stuff for PPD file... ++ */ + ++ cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n"); ++ cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n"); ++ cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR); ++ cupsFilePuts(fp, "*LanguageVersion: English\n"); ++ cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n"); ++ cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n"); ++ cupsFilePuts(fp, "*LanguageLevel: \"3\"\n"); ++ cupsFilePuts(fp, "*FileSystem: False\n"); ++ cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n"); + cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); + cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); + cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); diff --git a/SOURCES/0001-scheduler-Fix-sending-response-headers-to-client.patch b/SOURCES/0001-scheduler-Fix-sending-response-headers-to-client.patch new file mode 100644 index 0000000..025e129 --- /dev/null +++ b/SOURCES/0001-scheduler-Fix-sending-response-headers-to-client.patch @@ -0,0 +1,64 @@ +From d60341b3355fd8825bec00792f301ef99d715a93 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Wed, 3 Apr 2024 10:39:24 +0200 +Subject: [PATCH] scheduler: Fix sending response headers to client + +Sometimes headers are not correctly copied into response to the client +(some are missing). It happens because `sent_header` is set prematurely +before the actual send happens. The present code in affected `cupsdWriteClient` +scope looks like code remains from CUPS 1.6.3. + +With the change, testing via curl gives reliable results all time. +--- + scheduler/client.c | 15 ++++----------- + 1 file changed, 4 insertions(+), 11 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index 62ac21c69..e7e312b8e 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -2400,23 +2400,12 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ + httpSetField(con->http, field, value); + + if (field == HTTP_FIELD_LOCATION) +- { + con->pipe_status = HTTP_STATUS_SEE_OTHER; +- con->sent_header = 2; +- } +- else +- con->sent_header = 1; + } + else if (!_cups_strcasecmp(con->header, "Status") && value) +- { + con->pipe_status = (http_status_t)atoi(value); +- con->sent_header = 2; +- } + else if (!_cups_strcasecmp(con->header, "Set-Cookie") && value) +- { + httpSetCookie(con->http, value); +- con->sent_header = 1; +- } + } + + /* +@@ -2451,6 +2440,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ + cupsdCloseClient(con); + return; + } ++ ++ con->sent_header = 1; + } + else + { +@@ -2459,6 +2450,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */ + cupsdCloseClient(con); + return; + } ++ ++ con->sent_header = 1; + } + } + else +-- +2.44.0 + diff --git a/SOURCES/cups-lspp.patch b/SOURCES/cups-lspp.patch index 7c094d2..1d0a709 100644 --- a/SOURCES/cups-lspp.patch +++ b/SOURCES/cups-lspp.patch @@ -1,21 +1,21 @@ -diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in ---- cups-2.3.0/config.h.in.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/config.h.in 2019-10-07 12:24:43.058597468 +0200 -@@ -684,4 +684,11 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ - -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ -diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/cups-lspp.m4 ---- cups-2.3.0/config-scripts/cups-lspp.m4.lspp 2019-10-07 12:24:43.058597468 +0200 -+++ cups-2.3.0/config-scripts/cups-lspp.m4 2019-10-07 12:24:43.058597468 +0200 +diff --git a/Makedefs.in b/Makedefs.in +index d1b1ae9..4dba556 100644 +--- a/Makedefs.in ++++ b/Makedefs.in +@@ -161,7 +161,7 @@ ARFLAGS = @ARFLAGS@ + BACKLIBS = @BACKLIBS@ + BUILDDIRS = @BUILDDIRS@ + CFLAGS = @CPPFLAGS@ @CFLAGS@ +-COMMONLIBS = @LIBS@ ++COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@ + CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ + CXXLIBS = @CXXLIBS@ + DBUS_NOTIFIER = @DBUS_NOTIFIER@ +diff --git a/config-scripts/cups-lspp.m4 b/config-scripts/cups-lspp.m4 +new file mode 100644 +index 0000000..55bd1bb +--- /dev/null ++++ b/config-scripts/cups-lspp.m4 @@ -0,0 +1,36 @@ +dnl +dnl LSPP code for the Common UNIX Printing System (CUPS). @@ -40,7 +40,7 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c +AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) + +if test x"$enable_lspp" != xno; then -+ case "$uname" in ++ case "$(uname)" in + Linux) + AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) + AC_CHECK_HEADER(libaudit.h) @@ -53,10 +53,28 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c + ;; + esac +fi -diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac ---- cups-2.3.0/configure.ac.lspp 2019-10-07 12:24:43.058597468 +0200 -+++ cups-2.3.0/configure.ac 2019-10-07 12:39:20.122546282 +0200 -@@ -34,6 +34,8 @@ sinclude(config-scripts/cups-dnssd.m4) +diff --git a/config.h.in b/config.h.in +index 6343e6d..1be3ca1 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -693,4 +693,12 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); } + # endif /* __GNUC__ || __STDC_VERSION__ */ + #endif /* !HAVE_ABS && !abs */ + ++ ++/* ++ * Are we trying to meet LSPP requirements? ++ */ ++ ++#undef WITH_LSPP ++ ++ + #endif /* !_CUPS_CONFIG_H_ */ +diff --git a/configure.ac b/configure.ac +index 93a4b97..47587c9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -35,6 +35,8 @@ sinclude(config-scripts/cups-dnssd.m4) sinclude(config-scripts/cups-startup.m4) sinclude(config-scripts/cups-defaults.m4) @@ -65,9 +83,10 @@ diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac INSTALL_LANGUAGES="" UNINSTALL_LANGUAGES="" LANGFILES="" -diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c ---- cups-2.3.0/filter/common.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/filter/common.c 2019-10-07 12:24:43.059597461 +0200 +diff --git a/filter/common.c b/filter/common.c +index 672b7c8..f323abd 100644 +--- a/filter/common.c ++++ b/filter/common.c @@ -11,6 +11,12 @@ * Include necessary headers... */ @@ -81,7 +100,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c #include "common.h" #include -@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I +@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I - Page label */ { const char *classification; /* CLASSIFICATION environment variable */ const char *ptr; /* Temporary string pointer */ @@ -100,7 +119,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c /* -@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I +@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I - Page label */ return; } @@ -221,11 +240,11 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c + else + { +#endif /* !WITH_LSPP */ -+ ++ /* * Set the classification + page label string... */ -@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I +@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I - Page label */ printf(" %.0f moveto ESPpl show\n", top - 14.0); puts("pop"); puts("}bind put"); @@ -236,10 +255,11 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c /* -diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c ---- cups-2.3.0/filter/pstops.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/filter/pstops.c 2019-10-07 12:24:43.059597461 +0200 -@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* +diff --git a/filter/pstops.c b/filter/pstops.c +index d251abb..8afff4a 100644 +--- a/filter/pstops.c ++++ b/filter/pstops.c +@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ { const char *classification; /* CLASSIFICATION environment variable */ const char *ptr; /* Temporary string pointer */ @@ -258,7 +278,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c /* -@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* +@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ return; } @@ -383,7 +403,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c /* * Set the classification + page label string... */ -@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* +@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */ doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); doc_puts(doc, "pop\n"); doc_puts(doc, "}bind put\n"); @@ -394,21 +414,10 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c /* -diff -up cups-2.3.0/Makedefs.in.lspp cups-2.3.0/Makedefs.in ---- cups-2.3.0/Makedefs.in.lspp 2019-10-07 12:24:43.059597461 +0200 -+++ cups-2.3.0/Makedefs.in 2019-10-07 12:37:19.200565805 +0200 -@@ -174,7 +174,7 @@ IPPFIND_MAN = @IPPFIND_MAN@ - LDFLAGS = @LDFLAGS@ - LINKCUPS = @LINKCUPS@ - LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS) --LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) -+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - ONDEMANDFLAGS = @ONDEMANDFLAGS@ - ONDEMANDLIBS = @ONDEMANDLIBS@ - OPTIM = @OPTIM@ -diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c ---- cups-2.3.0/scheduler/client.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/client.c 2019-10-07 12:33:10.459693580 +0200 +diff --git a/scheduler/client.c b/scheduler/client.c +index cef4115..e186e4c 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c @@ -19,12 +19,20 @@ #define _HTTP_NO_PRIVATE #include "cupsd.h" @@ -430,7 +439,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c /* -@@ -265,6 +273,59 @@ cupsdAcceptClient(cupsd_listener_t *lis) +@@ -263,6 +271,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ } #endif /* HAVE_TCPD_H */ @@ -464,7 +473,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c + httpClose(con->http); + cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed"); + free(con); -+ return; ++ return; + } + + /* @@ -475,7 +484,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c + httpClose(con->http); + cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed"); + free(con); -+ return; ++ return; + } + + cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon); @@ -490,7 +499,19 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c #ifdef AF_LOCAL if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) { -@@ -558,6 +619,13 @@ cupsdReadClient(cupsd_client_t *con) /* +@@ -517,6 +578,11 @@ cupsdCloseClient(cupsd_client_t *con) /* I - Client to close */ + } + #endif /* HAVE_AUTHORIZATION_H */ + ++#ifdef WITH_LSPP ++ if (con->scon) ++ cupsdClearString(&con->scon); ++#endif /* WITH_LSPP */ ++ + /* + * Re-enable new client connections if we are going back under the + * limit... +@@ -556,6 +622,13 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ struct stat filestats; /* File information */ mime_type_t *type; /* MIME type of file */ static unsigned request_id = 0; /* Request ID for temp files */ @@ -504,10 +525,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c status = HTTP_STATUS_CONTINUE; -@@ -1679,6 +1747,73 @@ cupsdReadClient(cupsd_client_t *con) /* +@@ -1675,7 +1748,73 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + fchmod(con->file, 0640); + fchown(con->file, RunUser, Group); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); - } - +#ifdef WITH_LSPP + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) + { @@ -568,17 +589,17 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c + cupsdCloseClient(con); + return; + } -+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s", ++ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s", + con->filename, context_str(tmpcon)); + context_free(tmpcon); + context_free(clicon); -+ } + } +#endif /* WITH_LSPP */ -+ ++ } + if (httpGetState(con->http) != HTTP_STATE_POST_SEND) { - if (!httpWait(con->http, 0)) -@@ -3174,6 +3309,49 @@ is_path_absolute(const char *path) /* I +@@ -3173,6 +3312,49 @@ is_path_absolute(const char *path) /* I - Input path */ return (1); } @@ -628,9 +649,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c /* * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h ---- cups-2.3.0/scheduler/client.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/client.h 2019-10-07 12:24:43.113597079 +0200 +diff --git a/scheduler/client.h b/scheduler/client.h +index fc7af54..c665d0c 100644 +--- a/scheduler/client.h ++++ b/scheduler/client.h @@ -13,6 +13,13 @@ #endif /* HAVE_AUTHORIZATION_H */ @@ -656,19 +678,21 @@ diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h }; #define HTTP(con) ((con)->http) -@@ -136,6 +147,9 @@ extern void cupsdStartListening(void); - extern void cupsdStopListening(void); +@@ -137,6 +148,10 @@ extern void cupsdStopListening(void); extern void cupsdUpdateCGI(void); extern void cupsdWriteClient(cupsd_client_t *con); + +#ifdef WITH_LSPP +extern uid_t client_pid_to_auid(pid_t clipid); +#endif /* WITH_LSPP */ - ++ #ifdef HAVE_SSL extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c ---- cups-2.3.0/scheduler/conf.c.lspp 2019-10-07 12:24:43.049597531 +0200 -+++ cups-2.3.0/scheduler/conf.c 2019-10-07 12:24:43.113597079 +0200 + extern int cupsdStartTLS(cupsd_client_t *con); +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 21386cd..a52e9a6 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c @@ -37,6 +37,9 @@ # define INADDR_NONE 0xffffffff #endif /* !INADDR_NONE */ @@ -700,7 +724,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c /* -@@ -864,6 +874,25 @@ cupsdReadConfiguration(void) +@@ -877,6 +887,25 @@ cupsdReadConfiguration(void) RunUser = getuid(); @@ -726,7 +750,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", RemotePort ? "enabled" : "disabled"); -@@ -1275,7 +1304,19 @@ cupsdReadConfiguration(void) +@@ -1269,7 +1298,19 @@ cupsdReadConfiguration(void) cupsdClearString(&Classification); if (Classification) @@ -746,7 +770,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c /* * Check the MaxClients setting, and then allocate memory for it... -@@ -3830,6 +3871,18 @@ read_location(cups_file_t *fp, /* I - C +@@ -3857,6 +3898,18 @@ read_location(cups_file_t *fp, /* I - Configuration file */ return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); } @@ -765,10 +789,11 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c /* * 'read_policy()' - Read a definition. -diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h ---- cups-2.3.0/scheduler/conf.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/conf.h 2019-10-07 12:24:43.113597079 +0200 -@@ -243,6 +243,13 @@ VAR char *ServerKeychain VALUE(NULL); +diff --git a/scheduler/conf.h b/scheduler/conf.h +index 7d5eb40..3c27828 100644 +--- a/scheduler/conf.h ++++ b/scheduler/conf.h +@@ -245,6 +245,13 @@ VAR char *ServerKeychain VALUE(NULL); /* Keychain holding cert + key */ #endif /* HAVE_SSL */ @@ -782,7 +807,7 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h #ifdef HAVE_ONDEMAND VAR int IdleExitTimeout VALUE(60); /* Time after which an idle cupsd will exit */ -@@ -261,6 +268,9 @@ VAR int HaveServerCreds VALUE(0); +@@ -263,6 +270,9 @@ VAR int HaveServerCreds VALUE(0); VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */ #endif /* HAVE_GSSAPI */ @@ -792,9 +817,10 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h /* * Prototypes... -diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h ---- cups-2.3.0/scheduler/cupsd.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/cupsd.h 2019-10-07 12:31:38.458480578 +0200 +diff --git a/scheduler/cupsd.h b/scheduler/cupsd.h +index bc1350e..64d57d1 100644 +--- a/scheduler/cupsd.h ++++ b/scheduler/cupsd.h @@ -8,6 +8,8 @@ * information. */ @@ -819,10 +845,11 @@ diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h #include "mime.h" #if defined(HAVE_CDSASSL) -diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c ---- cups-2.3.0/scheduler/ipp.c.lspp 2019-10-07 12:24:43.016597764 +0200 -+++ cups-2.3.0/scheduler/ipp.c 2019-10-07 12:31:01.243798920 +0200 -@@ -11,6 +11,9 @@ +diff --git a/scheduler/ipp.c b/scheduler/ipp.c +index 19d6608..728d164 100644 +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -12,6 +12,9 @@ * information. */ @@ -832,7 +859,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c /* * Include necessary headers... */ -@@ -27,6 +30,14 @@ extern int mbr_group_name_to_uuid(const +@@ -28,6 +31,12 @@ extern int mbr_group_name_to_uuid(const char* name, uuid_t uu); extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember); #endif /* __APPLE__ */ @@ -841,13 +868,11 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c +#include +#include +#include -+#include -+#include +#endif /* WITH_LSPP */ /* * Local functions... -@@ -51,6 +62,9 @@ static void cancel_all_jobs(cupsd_client +@@ -52,6 +61,9 @@ static void cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_subscription(cupsd_client_t *con, int id); static int check_rss_recipient(const char *recipient); @@ -857,7 +882,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1240,6 +1254,21 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1241,6 +1253,21 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "time-at-creation", "time-at-processing" }; @@ -879,7 +904,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1568,6 +1597,106 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1569,6 +1596,106 @@ add_job(cupsd_client_t *con, /* I - Client connection */ attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); @@ -916,18 +941,18 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c + /* + * The printer does not exist, so for now assume it's a FileDevice + */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; ++ tclass = string_to_security_class("file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else if (S_ISCHR(printerstat.st_mode)) + { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; ++ tclass = string_to_security_class("chr_file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else if (S_ISREG(printerstat.st_mode)) + { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; ++ tclass = string_to_security_class("file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else + { @@ -986,7 +1011,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c if ((job = cupsdAddJob(priority, printer->name)) == NULL) { send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1576,6 +1705,32 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1577,6 +1704,32 @@ add_job(cupsd_client_t *con, /* I - Client connection */ return (NULL); } @@ -1019,7 +1044,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); job->attrs = con->request; job->dirty = 1; -@@ -1763,6 +1918,29 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1764,6 +1917,29 @@ add_job(cupsd_client_t *con, /* I - Client connection */ ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); } @@ -1049,7 +1074,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c job->job_sheets = attr; -@@ -1793,6 +1971,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1794,6 +1970,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-sheets=\"%s,none\", " "job-originating-user-name=\"%s\"", Classification, job->username); @@ -1059,7 +1084,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c } else if (attr->num_values == 2 && strcmp(attr->values[0].string.text, -@@ -1811,6 +1992,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1812,6 +1991,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-originating-user-name=\"%s\"", attr->values[0].string.text, attr->values[1].string.text, job->username); @@ -1069,7 +1094,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c } else if (strcmp(attr->values[0].string.text, Classification) && strcmp(attr->values[0].string.text, "none") && -@@ -1831,6 +2015,9 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1832,6 +2014,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-originating-user-name=\"%s\"", attr->values[0].string.text, attr->values[1].string.text, job->username); @@ -1079,7 +1104,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c } } else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1871,8 +2058,52 @@ add_job(cupsd_client_t *con, /* I - Cl +@@ -1872,9 +2057,55 @@ add_job(cupsd_client_t *con, /* I - Client connection */ "job-sheets=\"%s\", " "job-originating-user-name=\"%s\"", Classification, job->username); @@ -1121,18 +1146,21 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c + cupsdClearString(&audit_message); + } } -+ -+ if (userheader) -+ free(userheader); -+ if (userfooter) -+ free(userfooter); +#endif /* WITH_LSPP */ } -+ ++#ifdef WITH_LSPP ++ if (userheader) ++ free(userheader); ++ if (userfooter) ++ free(userfooter); ++#endif /* WITH_LSPP */ ++ ++ /* * See if we need to add the starting sheet... -@@ -3648,6 +3879,128 @@ check_rss_recipient( + */ +@@ -3649,6 +3880,128 @@ check_rss_recipient( } @@ -1187,8 +1215,8 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c + { + cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init"); + return -1; -+ } -+ } ++ } ++ } + if (avc_context_to_sid(con->scon, &clisid) != 0) + { + cupsdLogJob(job, CUPSD_LOG_ERROR, @@ -1204,8 +1232,8 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c + return -1; + } + avc_entry_ref_init(&avcref); -+ tclass = SECCLASS_FILE; -+ avr = FILE__READ; ++ tclass = string_to_security_class("file"); ++ avr = string_to_av_perm(tclass, "read"); + + /* + * Perform the check with the client as the subject, first with the job as the object @@ -1261,7 +1289,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c /* * 'check_quotas()' - Check quotas for a printer and user. */ -@@ -4103,6 +4456,15 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4104,6 +4457,15 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ char attrname[255], /* Name of attribute */ *s; /* Pointer into name */ ipp_attribute_t *attr; /* Attribute */ @@ -1277,7 +1305,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4138,6 +4500,85 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4139,6 +4501,85 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ fchmod(cupsFileNumber(out), 0640); fchown(cupsFileNumber(out), RunUser, Group); @@ -1363,7 +1391,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c /* * Try the localized banner file under the subdirectory... -@@ -4232,6 +4673,24 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -4233,6 +4674,24 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */ else s = attrname; @@ -1388,7 +1416,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c if (!strcmp(s, "printer-name")) { cupsFilePuts(out, job->dest); -@@ -6439,6 +6898,22 @@ get_job_attrs(cupsd_client_t *con, /* I +@@ -6443,6 +6902,22 @@ get_job_attrs(cupsd_client_t *con, /* I - Client connection */ exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); @@ -1411,7 +1439,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c /* * Copy attributes... */ -@@ -6836,6 +7311,11 @@ get_jobs(cupsd_client_t *con, /* I - C +@@ -6840,6 +7315,11 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */ if (username[0] && _cups_strcasecmp(username, job->username)) continue; @@ -1423,7 +1451,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c if (count > 0) ippAddSeparator(con->response); -@@ -11445,6 +11925,11 @@ validate_user(cupsd_job_t *job, /* I +@@ -11441,6 +11921,11 @@ validate_user(cupsd_job_t *job, /* I - Job */ strlcpy(username, get_username(con), userlen); @@ -1435,9 +1463,10 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c /* * Check the username against the owner... */ -diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c ---- cups-2.3.0/scheduler/job.c.lspp 2019-10-07 12:24:43.024597707 +0200 -+++ cups-2.3.0/scheduler/job.c 2019-10-07 12:30:13.092210820 +0200 +diff --git a/scheduler/job.c b/scheduler/job.c +index 834e170..dbc64c3 100644 +--- a/scheduler/job.c ++++ b/scheduler/job.c @@ -8,6 +8,9 @@ * information. */ @@ -1448,7 +1477,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c /* * Include necessary headers... */ -@@ -23,6 +26,14 @@ +@@ -23,6 +26,12 @@ # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ #endif /* __APPLE__ */ @@ -1457,13 +1486,11 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c +#include +#include +#include -+#include -+#include +#endif /* WITH_LSPP */ /* * Design Notes for Job Management -@@ -544,6 +555,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I +@@ -545,6 +554,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ /* PRINTER_STATE_REASONS env var */ rip_max_cache[255]; /* RIP_MAX_CACHE env variable */ @@ -1478,7 +1505,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1080,6 +1099,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I +@@ -1066,6 +1083,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ if (final_content_type[0]) envp[envc ++] = final_content_type; @@ -1497,7 +1524,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c + cupsdClearString(&audit_message); + } + } -+ else ++ else + { + jobcon = context_new(job->scon); + @@ -1546,7 +1573,19 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c if (Classification && !banner_page) { if ((attr = ippFindAttribute(job->attrs, "job-sheets", -@@ -1858,6 +1938,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J +@@ -1400,6 +1478,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */ + + cupsdClearString(&job->username); + cupsdClearString(&job->dest); ++ ++#ifdef WITH_LSPP ++ cupsdClearString(&job->scon); ++#endif ++ + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) +@@ -1844,6 +1927,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ ippSetString(job->attrs, &job->reasons, 0, "none"); } @@ -1569,7 +1608,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER); job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2273,6 +2369,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2259,6 +2358,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */ { char filename[1024]; /* Job control filename */ cups_file_t *fp; /* Job file */ @@ -1584,7 +1623,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2295,6 +2399,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2281,6 +2388,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */ fchown(cupsFileNumber(fp), RunUser, Group); @@ -1663,7 +1702,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c job->attrs->state = IPP_IDLE; if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3995,6 +4171,19 @@ get_options(cupsd_job_t *job, /* I - Jo +@@ -3981,6 +4160,19 @@ get_options(cupsd_job_t *job, /* I - Job */ banner_page) continue; @@ -1683,7 +1722,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c /* * Otherwise add them to the list... */ -@@ -4805,6 +4994,18 @@ start_job(cupsd_job_t *job, /* I - +@@ -4791,6 +4983,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */ cupsd_printer_t *printer) /* I - Printer to print job */ { const char *filename; /* Support filename */ @@ -1702,7 +1741,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs, "job-cancel-after", IPP_TAG_INTEGER); -@@ -4993,6 +5194,113 @@ start_job(cupsd_job_t *job, /* I - +@@ -4979,6 +5183,113 @@ start_job(cupsd_job_t *job, /* I - Job ID */ fcntl(job->side_pipes[1], F_SETFD, fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); @@ -1733,18 +1772,18 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c + /* + * The printer does not exist, so for now assume it's a FileDevice + */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; ++ tclass = string_to_security_class("file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else if (S_ISCHR(printerstat.st_mode)) + { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; ++ tclass = string_to_security_class("chr_file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else if (S_ISREG(printerstat.st_mode)) + { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; ++ tclass = string_to_security_class("file"); ++ avr = string_to_av_perm(tclass, "write"); + } + else + { @@ -1816,9 +1855,10 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c /* * Now start the first file in the job... */ -diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h ---- cups-2.3.0/scheduler/job.h.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/job.h 2019-10-07 12:29:54.364371023 +0200 +diff --git a/scheduler/job.h b/scheduler/job.h +index 2400ea9..cc05450 100644 +--- a/scheduler/job.h ++++ b/scheduler/job.h @@ -7,6 +7,13 @@ * Licensed under Apache License v2.0. See the file "LICENSE" for more information. */ @@ -1833,7 +1873,7 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h /* * Constants... */ -@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request * +@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request ****/ int progress; /* Printing progress */ int num_keywords; /* Number of PPD keywords */ cups_option_t *keywords; /* PPD keywords */ @@ -1844,9 +1884,10 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h }; typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c ---- cups-2.3.0/scheduler/main.c.lspp 2019-10-07 12:24:43.037597616 +0200 -+++ cups-2.3.0/scheduler/main.c 2019-10-07 12:24:43.119597037 +0200 +diff --git a/scheduler/main.c b/scheduler/main.c +index 47968e6..2802625 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c @@ -57,6 +57,9 @@ # include #endif /* HAVE_SYS_PARAM_H */ @@ -1857,7 +1898,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c /* * Local functions... -@@ -123,6 +126,9 @@ main(int argc, /* I - Number of comm +@@ -123,6 +126,9 @@ main(int argc, /* I - Number of command-line args */ #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) struct sigaction action; /* Actions for POSIX signals */ #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ @@ -1867,7 +1908,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c #ifdef __APPLE__ int use_sysman = 1; /* Use system management functions? */ #else -@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm +@@ -495,6 +501,25 @@ main(int argc, /* I - Number of command-line args */ exit(errno); } @@ -1893,7 +1934,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c /* * Let the system know we are busy while we bring up cupsd... */ -@@ -1201,6 +1226,11 @@ main(int argc, /* I - Number of comm +@@ -1204,6 +1229,11 @@ main(int argc, /* I - Number of command-line args */ cupsdStopSelect(); @@ -1905,10 +1946,11 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c return (!stop_scheduler); } -diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c ---- cups-2.3.0/scheduler/printers.c.lspp 2019-08-23 17:19:38.000000000 +0200 -+++ cups-2.3.0/scheduler/printers.c 2019-10-07 12:29:17.956658129 +0200 -@@ -8,6 +8,8 @@ +diff --git a/scheduler/printers.c b/scheduler/printers.c +index 234d441..248bdba 100644 +--- a/scheduler/printers.c ++++ b/scheduler/printers.c +@@ -9,6 +9,8 @@ * information. */ @@ -1917,7 +1959,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c /* * Include necessary headers... */ -@@ -32,6 +34,10 @@ +@@ -33,6 +35,10 @@ # include #endif /* __APPLE__ */ @@ -1928,7 +1970,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c /* * Local functions... -@@ -2252,6 +2258,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2288,6 +2294,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */ ipp_attribute_t *attr; /* Attribute data */ char *name, /* Current user/group name */ *filter; /* Current filter */ @@ -1942,7 +1984,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c /* -@@ -2378,6 +2391,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2412,6 +2425,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */ attr->values[1].string.text = _cupsStrAlloc(Classification ? Classification : p->job_sheets[1]); } diff --git a/SPECS/cups.spec b/SPECS/cups.spec index 4e1545c..236dda2 100644 --- a/SPECS/cups.spec +++ b/SPECS/cups.spec @@ -24,7 +24,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 2.3.3%{OP_VER} -Release: 27%{?dist} +Release: 31%{?dist} License: ASL 2.0 Url: http://www.cups.org/ # Apple stopped uploading the new versions into github, use OpenPrinting fork @@ -132,19 +132,30 @@ Patch37: cups-preservejobfiles-leak.patch Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch # RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +# https://github.com/OpenPrinting/cups/pull/927 +Patch40: 0001-scheduler-Fix-sending-response-headers-to-client.patch +# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions +# https://github.com/OpenPrinting/cups/pull/456 +Patch41: 0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/a436956 -Patch40: 0001-Fix-domain-socket-handling.patch -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +Patch42: 0001-Fix-domain-socket-handling.patch +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/3448c52 -Patch41: cups-socket-remove-on-stop.patch -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +Patch43: cups-socket-remove-on-stop.patch +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/7adb508 # https://github.com/OpenPrinting/cups/commit/824f49f # https://github.com/OpenPrinting/cups/commit/56b9728 # https://github.com/OpenPrinting/cups/commit/74f437b # https://github.com/OpenPrinting/cups/commit/fb0c914 -Patch42: cups-check-for-listeners.patch +Patch44: cups-check-for-listeners.patch +# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file +Patch45: 0001-mirror-ipp-everywhere-printer-changes-from-master.patch +Patch46: 0001-refactor-make-and-model-code.patch +Patch47: 0001-ppdize-preset-and-template-names.patch +Patch48: 0001-quote-ppd-localized-strings.patch +Patch49: 0001-fix-warnings-for-unused-vars.patch ##### Patches removed because IMHO they aren't no longer needed @@ -406,19 +417,30 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in %patch38 -p1 -b .log-stderr # RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents %patch39 -p1 -b .cupsgetjobs-pollhup -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +# https://github.com/OpenPrinting/cups/pull/927 +%patch40 -p1 -b .sent-headers +# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions +%patch41 -p1 -b .root-lpoptions +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/a436956 -%patch40 -p1 -b .cve2024-35235 -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +%patch42 -p1 -b .cve2024-35235 +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/3448c52 -%patch41 -p1 -b .cups-socket-remove-on-stop.patch -# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +%patch43 -p1 -b .cups-socket-remove-on-stop.patch +# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/commit/7adb508 # https://github.com/OpenPrinting/cups/commit/824f49f # https://github.com/OpenPrinting/cups/commit/56b9728 # https://github.com/OpenPrinting/cups/commit/74f437b # https://github.com/OpenPrinting/cups/commit/fb0c914 -%patch42 -p1 -b .cups-check-for-listeners.patch +%patch44 -p1 -b .cups-check-for-listeners.patch +# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file +%patch45 -p1 -b .ippeve-validate +%patch46 -p1 -b .make-model-refact +%patch47 -p1 -b .ppdize-presets +%patch48 -p1 -b .quote-ppd-strings +%patch49 -p1 -b .fix-warn + %if %{lspp} # LSPP support. @@ -853,17 +875,30 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man7/ippeveps.7.gz %changelog -* Wed Jun 19 2024 Pavol Zacik - 1:2.3.3op2-27 +* Tue Oct 01 2024 Zdenek Dohnal - 1:2.3.3op2-31 +- RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file + +* Thu Aug 15 2024 Zdenek Dohnal - 1:2.3.3op2-30 +- RHEL-6526 cups source rpm doesn't actually build lspp support +- fix memory leaks from LSPP + +* Wed Jun 19 2024 Pavol Zacik - 1:2.3.3op2-29 - Revert the cups-libs license identifier to the "legacy" format -* Tue Jun 18 2024 Pavol Zacik - 1:2.3.3op2-26 -- RHEL-40388 cups: Cupsd Listen arbitrary chmod 0140777 +* Tue Jun 18 2024 Pavol Zacik - 1:2.3.3op2-28 +- RHEL-39940 cups: Cupsd Listen arbitrary chmod 0140777 - Delete the domain socket file after stopping the cups.socket service - Fix cupsd Listener checks -* Mon Jun 10 2024 Pavol Zacik - 1:2.3.3op2-25 +* Mon Jun 10 2024 Pavol Zacik - 1:2.3.3op2-27 - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 +* Mon Apr 15 2024 Zdenek Dohnal - 1:2.3.3op2-26 +- RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions + +* Fri Apr 05 2024 Zdenek Dohnal - 1:2.3.3op2-25 +- RHEL-29764 cups doesn't send Content-Type header back to client when Set-Cookie is seen first + * Mon Feb 26 2024 Zdenek Dohnal - 1:2.3.3op2-24 - revert RHEL-19205 - new packages are not needed