import UBI cups-2.3.3op2-31.el9_5

This commit is contained in:
eabdullin 2024-11-12 11:08:01 +00:00
parent 2423543e46
commit 781f45c635
9 changed files with 903 additions and 177 deletions

View File

@ -0,0 +1,32 @@
From 8ae6eb11184dcbd9eaf3c6badd4fad59fcc3863a Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Mon, 15 Aug 2022 17:38:12 +0200
Subject: [PATCH] cups/dest.c: Write data into /etc/cups/lpoptions if we're
root
Fixes #454 , the patch is created by Yair Yarom
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008053).
---
cups/dest.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cups/dest.c b/cups/dest.c
index f563ce226..a9273ff93 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -2080,7 +2080,11 @@ cupsSetDests2(http_t *http, /* I - Connection to server or @code CUPS_HTTP_
snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
- if (cg->home)
+ if (cg->home
+#ifndef _WIN32
+ && getuid() != 0
+#endif /* !_WIN32 */
+ )
{
/*
* Create ~/.cups subdirectory...
--
2.44.0

View File

@ -0,0 +1,24 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.fix-warn cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.fix-warn 2024-09-30 17:30:39.098043436 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:31:30.738393111 +0200
@@ -3051,8 +3051,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
int resolutions[1000];
/* Array of resolution indices */
char msgid[256]; /* Message identifier (attr.value) */
- const char *keyword, /* Keyword value */
- *msgstr; /* Localized string */
+ const char *keyword; /* Keyword value */
cups_lang_t *lang = cupsLangDefault();
/* Localization info */
cups_array_t *strings = NULL;/* Printer strings file */
@@ -4661,9 +4660,8 @@ _ppdCreateFromIPP(char *buffer, /* I -
{
ipp_t *preset = ippGetCollection(attr, i);
/* Preset collection */
- const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL),
+ const char *preset_name = ippGetString(ippFindAttribute(preset, "preset-name", IPP_TAG_ZERO), 0, NULL);
/* Preset name */
- *localized_name; /* Localized preset name */
ipp_attribute_t *member; /* Member attribute in preset */
const char *member_name; /* Member attribute name */
char member_value[256]; /* Member attribute value */

View File

@ -0,0 +1,57 @@
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index 977d0c6..c484d33 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -3134,10 +3134,10 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */
cupsFilePuts(fp, "*cupsSNMPSupplies: False\n");
cupsFilePrintf(fp, "*cupsLanguages: \"%s\"\n", lang->language);
- if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL)
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 728d164..5089172 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -5773,6 +5773,18 @@ create_local_bg_thread(
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
}
+ // Validate response from printer...
+ if (!ippValidateAttributes(response))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "%s: The printer contains invalid attributes.", printer->name);
+
+ if (response)
+ ippDelete(response);
+
+ httpClose(http);
+ return (NULL);
+ }
+
// TODO: Grab printer icon file...
httpClose(http);
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index daf24d5..eba7551 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1226,6 +1226,12 @@ get_printer_ppd(
ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
+ if (response && !ippValidateAttributes(response))
+ {
+ _cupsLangPrintf(stderr, _("%s: The printer \"%s\" contains invalid IPP attributes."), "lpadmin", uri);
+ return (NULL);
+ }
+
if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE)
{
_cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString());

View File

@ -0,0 +1,116 @@
From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Mon, 9 Sep 2024 15:59:57 -0400
Subject: [PATCH] PPDize preset and template names.
---
cups/ppd-cache.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index 986c64f73..18c38d0ee 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -4975,12 +4975,14 @@ _ppdCreateFromIPP2(
cupsArrayAdd(templates, (void *)keyword);
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+
snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
msgstr = keyword;
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", keyword);
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
{
if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION)
@@ -4993,7 +4995,7 @@ _ppdCreateFromIPP2(
}
}
cupsFilePuts(fp, "\"\n");
- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, keyword, msgstr);
+ cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
cupsFilePuts(fp, "*End\n");
}
@@ -5039,7 +5041,8 @@ _ppdCreateFromIPP2(
if (!preset || !preset_name)
continue;
- cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
for (member = ippFirstAttribute(preset); member; member = ippNextAttribute(preset))
{
member_name = ippGetName(member);
@@ -5080,7 +5083,10 @@ _ppdCreateFromIPP2(
fin_col = ippGetCollection(member, i);
if ((keyword = ippGetString(ippFindAttribute(fin_col, "finishing-template", IPP_TAG_ZERO), 0, NULL)) != NULL)
- cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
+ {
+ pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
+ }
}
}
else if (!strcmp(member_name, "media"))
@@ -5107,13 +5113,13 @@ _ppdCreateFromIPP2(
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-source", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
+ cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
}
if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type", IPP_TAG_ZERO), 0, NULL)) != NULL)
{
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*MediaType %s\n", keyword);
+ cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
}
}
else if (!strcmp(member_name, "print-quality"))
@@ -5159,7 +5165,10 @@ _ppdCreateFromIPP2(
cupsFilePuts(fp, "\"\n*End\n");
if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, preset_name, localized_name);
+ {
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
+ }
}
}
@@ -5543,7 +5552,7 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
*end; /* End of name buffer */
- if (!ipp)
+ if (!ipp || !_cups_isalnum(*ipp))
{
*name = '\0';
return;
@@ -5558,8 +5567,14 @@ pwg_ppdize_name(const char *ipp, /* I - IPP keyword */
ipp ++;
*ptr++ = (char)toupper(*ipp++ & 255);
}
- else
+ else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
+ {
*ptr++ = *ipp++;
+ }
+ else
+ {
+ ipp ++;
+ }
}
*ptr = '\0';
--
2.46.1

View File

@ -0,0 +1,220 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.quote-ppd-strings 2024-09-30 17:24:43.345405200 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:29:35.752595925 +0200
@@ -29,6 +29,7 @@
*/
static int cups_get_url(http_t **http, const char *url, char *name, size_t namesize);
+static void ppd_put_string(cups_file_t *fp, cups_lang_t *lang, cups_array_t *strings, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
static void pwg_add_finishing(cups_array_t *finishings, ipp_finishings_t template, const char *name, const char *value);
static void pwg_add_message(cups_array_t *a, const char *msg, const char *str);
static int pwg_compare_finishings(_pwg_finishings_t *a, _pwg_finishings_t *b);
@@ -3211,7 +3212,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
if ((attr = ippFindAttribute(response, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
- if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL)
+ if ((attr = ippFindAttribute(response, "printer-strings-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
{
http_t *http = NULL; /* Connection to printer */
char stringsfile[1024]; /* Temporary strings file */
@@ -3768,13 +3769,16 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsFilePrintf(fp, "*DefaultInputSlot: %s\n", ppdname);
for (j = 0; j < (int)(sizeof(sources) / sizeof(sources[0])); j ++)
+ {
if (!strcmp(sources[j], keyword))
{
snprintf(msgid, sizeof(msgid), "media-source.%s", keyword);
+
cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
- cupsFilePrintf(fp, "*%s.InputSlot %s/%s: \"\"\n", lang->language, ppdname, _cupsLangString(lang, msgid));
+ ppd_put_string(fp, lang, strings, "InputSlot", ppdname, msgid);
break;
}
+ }
}
cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
}
@@ -3800,12 +3804,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "media-type.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
- cupsFilePrintf(fp, "*%s.MediaType %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "MediaType", ppdname, msgid);
}
cupsFilePuts(fp, "*CloseUI: *MediaType\n");
}
@@ -4035,12 +4036,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "output-bin.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
- cupsFilePrintf(fp, "*%s.OutputBin %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "OutputBin", ppdname, msgid);
if ((tray_ptr = ippGetOctetString(trays, i, &tray_len)) != NULL)
{
@@ -4159,9 +4157,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4176,7 +4171,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.StapleLocation %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "StapleLocation", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n", value, keyword, ppd_keyword);
}
@@ -4239,9 +4234,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4256,7 +4248,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.FoldType %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "FoldType", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n", value, keyword, ppd_keyword);
}
@@ -4327,9 +4319,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value >= IPP_FINISHINGS_NONE && value <= IPP_FINISHINGS_LAMINATE)
ppd_keyword = base_keywords[value - IPP_FINISHINGS_NONE];
@@ -4344,7 +4333,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
continue;
cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.PunchMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "PunchMedia", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n", value, keyword, ppd_keyword);
}
@@ -4415,9 +4404,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsArrayAdd(names, (char *)keyword);
snprintf(msgid, sizeof(msgid), "finishings.%d", value);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
if (value == IPP_FINISHINGS_TRIM)
ppd_keyword = "Auto";
@@ -4425,7 +4411,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
ppd_keyword = trim_keywords[value - IPP_FINISHINGS_TRIM_AFTER_PAGES];
cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword);
- cupsFilePrintf(fp, "*%s.CutMedia %s/%s: \"\"\n", lang->language, ppd_keyword, msgstr);
+ ppd_put_string(fp, lang, strings, "CutMedia", ppd_keyword, msgid);
cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n", value, keyword, ppd_keyword);
}
@@ -4467,9 +4453,6 @@ _ppdCreateFromIPP(char *buffer, /* I -
pwg_ppdize_name(keyword, ppdname, sizeof(ppdname));
snprintf(msgid, sizeof(msgid), "finishing-template.%s", keyword);
- if ((msgstr = _cupsLangString(lang, msgid)) == msgid || !strcmp(msgid, msgstr))
- if ((msgstr = _cupsMessageLookup(strings, msgid)) == msgid)
- msgstr = keyword;
cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr; finishing_attr = ippNextAttribute(finishing_col))
@@ -4484,7 +4467,7 @@ _ppdCreateFromIPP(char *buffer, /* I -
}
}
cupsFilePuts(fp, "\"\n");
- cupsFilePrintf(fp, "*%s.cupsFinishingTemplate %s/%s: \"\"\n", lang->language, ppdname, msgstr);
+ ppd_put_string(fp, lang, strings, "cupsFinishingTemplate", ppdname, msgid);
cupsFilePuts(fp, "*End\n");
}
@@ -4811,11 +4794,9 @@ _ppdCreateFromIPP(char *buffer, /* I -
cupsFilePuts(fp, "\"\n*End\n");
- if ((localized_name = _cupsMessageLookup(strings, preset_name)) != preset_name)
- {
- pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
- cupsFilePrintf(fp, "*%s.APPrinterPreset %s/%s: \"\"\n", lang->language, ppdname, localized_name);
- }
+ snprintf(msgid, sizeof(msgid), "preset-name.%s", preset_name);
+ pwg_ppdize_name(preset_name, ppdname, sizeof(ppdname));
+ ppd_put_string(fp, lang, strings, "APPrinterPreset", ppdname, msgid);
}
}
@@ -5054,6 +5035,43 @@ cups_get_url(http_t **http, /* IO -
}
+/*
+ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
+ */
+
+static void
+ppd_put_string(cups_file_t *fp, /* I - PPD file */
+ cups_lang_t *lang, /* I - Language */
+ cups_array_t *strings, /* I - Strings */
+ const char *ppd_option,/* I - PPD option */
+ const char *ppd_choice,/* I - PPD choice */
+ const char *pwg_msgid) /* I - PWG message ID */
+{
+ const char *text; /* Localized text */
+
+
+ if ((text = _cupsLangString(lang, pwg_msgid)) == pwg_msgid || !strcmp(pwg_msgid, text))
+ {
+ if ((text = _cupsMessageLookup(strings, pwg_msgid)) == pwg_msgid)
+ return;
+ }
+
+ // Add the first line of localized text...
+ cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
+ while (*text && *text != '\n')
+ {
+ // Escape ":" and "<"...
+ if (*text == ':' || *text == '<')
+ cupsFilePrintf(fp, "<%02X>", *text);
+ else
+ cupsFilePutChar(fp, *text);
+
+ text ++;
+ }
+ cupsFilePuts(fp, ": \"\"\n");
+}
+
+
/*
* 'pwg_add_finishing()' - Add a finishings value.
*/

View File

@ -0,0 +1,136 @@
diff -up cups-2.3.3op2/cups/ppd-cache.c.make-model-refact cups-2.3.3op2/cups/ppd-cache.c
--- cups-2.3.3op2/cups/ppd-cache.c.make-model-refact 2024-09-30 17:19:35.443100091 +0200
+++ cups-2.3.3op2/cups/ppd-cache.c 2024-09-30 17:24:10.927162954 +0200
@@ -3027,9 +3027,10 @@ _ppdCreateFromIPP(char *buffer, /* I -
ipp_t *media_col, /* Media collection */
*media_size; /* Media size collection */
char make[256], /* Make and model */
- *model, /* Model name */
+ *mptr, /* Pointer into make and model */
ppdname[PPD_MAX_NAME];
/* PPD keyword */
+ const char *model; /* Model name */
int i, j, /* Looping vars */
count, /* Number of values */
bottom, /* Largest bottom margin */
@@ -3090,35 +3091,105 @@ _ppdCreateFromIPP(char *buffer, /* I -
}
/*
- * Standard stuff for PPD file...
+ * Get a sanitized make and model...
*/
- cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
- cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
- cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
- cupsFilePuts(fp, "*LanguageVersion: English\n");
- cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
- cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
- cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
- cupsFilePuts(fp, "*FileSystem: False\n");
- cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
+ if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
+ {
+ /*
+ * Sanitize the model name to only contain PPD-safe characters.
+ */
- if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL)
strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+
+ for (mptr = make; *mptr; mptr ++)
+ {
+ if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
+ {
+ /*
+ * Truncate the make and model on the first bad character...
+ */
+
+ *mptr = '\0';
+ break;
+ }
+ }
+
+ while (mptr > make)
+ {
+ /*
+ * Strip trailing whitespace...
+ */
+
+ mptr --;
+ if (*mptr == ' ')
+ *mptr = '\0';
+ }
+
+ if (!make[0])
+ {
+ /*
+ * Use a default make and model if nothing remains...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
+ }
else
- strlcpy(make, "Unknown Printer", sizeof(make));
+ {
+ /*
+ * Use a default make and model...
+ */
+
+ strlcpy(make, "Unknown", sizeof(make));
+ }
if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) ||
!_cups_strncasecmp(make, "Hewlett-Packard ", 16))
{
+ /*
+ * Normalize HP printer make and model...
+ */
+
model = make + 16;
strlcpy(make, "HP", sizeof(make));
+
+ if (!_cups_strncasecmp(model, "HP ", 3))
+ model += 3;
+ }
+ else if ((mptr = strchr(make, ' ')) != NULL)
+ {
+ /*
+ * Separate "MAKE MODEL"...
+ */
+
+ while (*mptr && *mptr == ' ')
+ *mptr++ = '\0';
+
+ model = mptr;
}
- else if ((model = strchr(make, ' ')) != NULL)
- *model++ = '\0';
else
- model = make;
+ {
+ /*
+ * No separate model name...
+ */
+
+ model = "Printer";
+ }
+
+ /*
+ * Standard stuff for PPD file...
+ */
+ cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
+ cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
+ cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
+ cupsFilePuts(fp, "*LanguageVersion: English\n");
+ cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
+ cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
+ cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
+ cupsFilePuts(fp, "*FileSystem: False\n");
+ cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);

View File

@ -0,0 +1,64 @@
From d60341b3355fd8825bec00792f301ef99d715a93 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 3 Apr 2024 10:39:24 +0200
Subject: [PATCH] scheduler: Fix sending response headers to client
Sometimes headers are not correctly copied into response to the client
(some are missing). It happens because `sent_header` is set prematurely
before the actual send happens. The present code in affected `cupsdWriteClient`
scope looks like code remains from CUPS 1.6.3.
With the change, testing via curl gives reliable results all time.
---
scheduler/client.c | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 62ac21c69..e7e312b8e 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2400,23 +2400,12 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
httpSetField(con->http, field, value);
if (field == HTTP_FIELD_LOCATION)
- {
con->pipe_status = HTTP_STATUS_SEE_OTHER;
- con->sent_header = 2;
- }
- else
- con->sent_header = 1;
}
else if (!_cups_strcasecmp(con->header, "Status") && value)
- {
con->pipe_status = (http_status_t)atoi(value);
- con->sent_header = 2;
- }
else if (!_cups_strcasecmp(con->header, "Set-Cookie") && value)
- {
httpSetCookie(con->http, value);
- con->sent_header = 1;
- }
}
/*
@@ -2451,6 +2440,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
cupsdCloseClient(con);
return;
}
+
+ con->sent_header = 1;
}
else
{
@@ -2459,6 +2450,8 @@ cupsdWriteClient(cupsd_client_t *con) /* I - Client connection */
cupsdCloseClient(con);
return;
}
+
+ con->sent_header = 1;
}
}
else
--
2.44.0

View File

@ -1,21 +1,21 @@
diff -up cups-2.3.0/config.h.in.lspp cups-2.3.0/config.h.in diff --git a/Makedefs.in b/Makedefs.in
--- cups-2.3.0/config.h.in.lspp 2019-08-23 17:19:38.000000000 +0200 index d1b1ae9..4dba556 100644
+++ cups-2.3.0/config.h.in 2019-10-07 12:24:43.058597468 +0200 --- a/Makedefs.in
@@ -684,4 +684,11 @@ static __inline int _cups_abs(int i) { r +++ b/Makedefs.in
# endif /* __GNUC__ || __STDC_VERSION__ */ @@ -161,7 +161,7 @@ ARFLAGS = @ARFLAGS@
#endif /* !HAVE_ABS && !abs */ BACKLIBS = @BACKLIBS@
BUILDDIRS = @BUILDDIRS@
+/* CFLAGS = @CPPFLAGS@ @CFLAGS@
+ * Are we trying to meet LSPP requirements? -COMMONLIBS = @LIBS@
+ */ +COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
+ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
+#undef WITH_LSPP CXXLIBS = @CXXLIBS@
+ DBUS_NOTIFIER = @DBUS_NOTIFIER@
+ diff --git a/config-scripts/cups-lspp.m4 b/config-scripts/cups-lspp.m4
#endif /* !_CUPS_CONFIG_H_ */ new file mode 100644
diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/cups-lspp.m4 index 0000000..55bd1bb
--- cups-2.3.0/config-scripts/cups-lspp.m4.lspp 2019-10-07 12:24:43.058597468 +0200 --- /dev/null
+++ cups-2.3.0/config-scripts/cups-lspp.m4 2019-10-07 12:24:43.058597468 +0200 +++ b/config-scripts/cups-lspp.m4
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+dnl +dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS). +dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -40,7 +40,7 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) +AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+ +
+if test x"$enable_lspp" != xno; then +if test x"$enable_lspp" != xno; then
+ case "$uname" in + case "$(uname)" in
+ Linux) + Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) + AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h) + AC_CHECK_HEADER(libaudit.h)
@ -53,10 +53,28 @@ diff -up cups-2.3.0/config-scripts/cups-lspp.m4.lspp cups-2.3.0/config-scripts/c
+ ;; + ;;
+ esac + esac
+fi +fi
diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac diff --git a/config.h.in b/config.h.in
--- cups-2.3.0/configure.ac.lspp 2019-10-07 12:24:43.058597468 +0200 index 6343e6d..1be3ca1 100644
+++ cups-2.3.0/configure.ac 2019-10-07 12:39:20.122546282 +0200 --- a/config.h.in
@@ -34,6 +34,8 @@ sinclude(config-scripts/cups-dnssd.m4) +++ b/config.h.in
@@ -693,4 +693,12 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); }
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
+
+/*
+ * Are we trying to meet LSPP requirements?
+ */
+
+#undef WITH_LSPP
+
+
#endif /* !_CUPS_CONFIG_H_ */
diff --git a/configure.ac b/configure.ac
index 93a4b97..47587c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,6 +35,8 @@ sinclude(config-scripts/cups-dnssd.m4)
sinclude(config-scripts/cups-startup.m4) sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4) sinclude(config-scripts/cups-defaults.m4)
@ -65,9 +83,10 @@ diff -up cups-2.3.0/configure.ac.lspp cups-2.3.0/configure.ac
INSTALL_LANGUAGES="" INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES="" UNINSTALL_LANGUAGES=""
LANGFILES="" LANGFILES=""
diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c diff --git a/filter/common.c b/filter/common.c
--- cups-2.3.0/filter/common.c.lspp 2019-08-23 17:19:38.000000000 +0200 index 672b7c8..f323abd 100644
+++ cups-2.3.0/filter/common.c 2019-10-07 12:24:43.059597461 +0200 --- a/filter/common.c
+++ b/filter/common.c
@@ -11,6 +11,12 @@ @@ -11,6 +11,12 @@
* Include necessary headers... * Include necessary headers...
*/ */
@ -81,7 +100,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
#include "common.h" #include "common.h"
#include <locale.h> #include <locale.h>
@@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I @@ -293,6 +299,18 @@ WriteLabelProlog(const char *label, /* I - Page label */
{ {
const char *classification; /* CLASSIFICATION environment variable */ const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */ const char *ptr; /* Temporary string pointer */
@ -100,7 +119,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
/* /*
@@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I @@ -315,6 +333,124 @@ WriteLabelProlog(const char *label, /* I - Page label */
return; return;
} }
@ -225,7 +244,7 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
/* /*
* Set the classification + page label string... * Set the classification + page label string...
*/ */
@@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I @@ -395,7 +531,10 @@ WriteLabelProlog(const char *label, /* I - Page label */
printf(" %.0f moveto ESPpl show\n", top - 14.0); printf(" %.0f moveto ESPpl show\n", top - 14.0);
puts("pop"); puts("pop");
puts("}bind put"); puts("}bind put");
@ -236,10 +255,11 @@ diff -up cups-2.3.0/filter/common.c.lspp cups-2.3.0/filter/common.c
/* /*
diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c diff --git a/filter/pstops.c b/filter/pstops.c
--- cups-2.3.0/filter/pstops.c.lspp 2019-08-23 17:19:38.000000000 +0200 index d251abb..8afff4a 100644
+++ cups-2.3.0/filter/pstops.c 2019-10-07 12:24:43.059597461 +0200 --- a/filter/pstops.c
@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* +++ b/filter/pstops.c
@@ -3170,6 +3170,18 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
{ {
const char *classification; /* CLASSIFICATION environment variable */ const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */ const char *ptr; /* Temporary string pointer */
@ -258,7 +278,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/* /*
@@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* @@ -3192,6 +3204,124 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
return; return;
} }
@ -383,7 +403,7 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/* /*
* Set the classification + page label string... * Set the classification + page label string...
*/ */
@@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* @@ -3270,7 +3400,10 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
doc_puts(doc, "pop\n"); doc_puts(doc, "pop\n");
doc_puts(doc, "}bind put\n"); doc_puts(doc, "}bind put\n");
@ -394,21 +414,10 @@ diff -up cups-2.3.0/filter/pstops.c.lspp cups-2.3.0/filter/pstops.c
/* /*
diff -up cups-2.3.0/Makedefs.in.lspp cups-2.3.0/Makedefs.in diff --git a/scheduler/client.c b/scheduler/client.c
--- cups-2.3.0/Makedefs.in.lspp 2019-10-07 12:24:43.059597461 +0200 index cef4115..e186e4c 100644
+++ cups-2.3.0/Makedefs.in 2019-10-07 12:37:19.200565805 +0200 --- a/scheduler/client.c
@@ -174,7 +174,7 @@ IPPFIND_MAN = @IPPFIND_MAN@ +++ b/scheduler/client.c
LDFLAGS = @LDFLAGS@
LINKCUPS = @LINKCUPS@
LINKCUPSSTATIC = ../cups/$(LIBCUPSSTATIC) $(LIBS)
-LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS)
+LIBS = $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
--- cups-2.3.0/scheduler/client.c.lspp 2019-08-23 17:19:38.000000000 +0200
+++ cups-2.3.0/scheduler/client.c 2019-10-07 12:33:10.459693580 +0200
@@ -19,12 +19,20 @@ @@ -19,12 +19,20 @@
#define _HTTP_NO_PRIVATE #define _HTTP_NO_PRIVATE
#include "cupsd.h" #include "cupsd.h"
@ -430,7 +439,7 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
/* /*
@@ -265,6 +273,59 @@ cupsdAcceptClient(cupsd_listener_t *lis) @@ -263,6 +271,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
} }
#endif /* HAVE_TCPD_H */ #endif /* HAVE_TCPD_H */
@ -490,7 +499,19 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
#ifdef AF_LOCAL #ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{ {
@@ -558,6 +619,13 @@ cupsdReadClient(cupsd_client_t *con) /* @@ -517,6 +578,11 @@ cupsdCloseClient(cupsd_client_t *con) /* I - Client to close */
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -556,6 +622,13 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
struct stat filestats; /* File information */ struct stat filestats; /* File information */
mime_type_t *type; /* MIME type of file */ mime_type_t *type; /* MIME type of file */
static unsigned request_id = 0; /* Request ID for temp files */ static unsigned request_id = 0; /* Request ID for temp files */
@ -504,10 +525,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
status = HTTP_STATUS_CONTINUE; status = HTTP_STATUS_CONTINUE;
@@ -1679,6 +1747,73 @@ cupsdReadClient(cupsd_client_t *con) /* @@ -1675,7 +1748,73 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ { + {
@ -572,13 +593,13 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
+ con->filename, context_str(tmpcon)); + con->filename, context_str(tmpcon));
+ context_free(tmpcon); + context_free(tmpcon);
+ context_free(clicon); + context_free(clicon);
+ } }
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
+ + }
if (httpGetState(con->http) != HTTP_STATE_POST_SEND) if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{ {
if (!httpWait(con->http, 0)) @@ -3173,6 +3312,49 @@ is_path_absolute(const char *path) /* I - Input path */
@@ -3174,6 +3309,49 @@ is_path_absolute(const char *path) /* I
return (1); return (1);
} }
@ -628,9 +649,10 @@ diff -up cups-2.3.0/scheduler/client.c.lspp cups-2.3.0/scheduler/client.c
/* /*
* 'pipe_command()' - Pipe the output of a command to the remote client. * 'pipe_command()' - Pipe the output of a command to the remote client.
diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h diff --git a/scheduler/client.h b/scheduler/client.h
--- cups-2.3.0/scheduler/client.h.lspp 2019-08-23 17:19:38.000000000 +0200 index fc7af54..c665d0c 100644
+++ cups-2.3.0/scheduler/client.h 2019-10-07 12:24:43.113597079 +0200 --- a/scheduler/client.h
+++ b/scheduler/client.h
@@ -13,6 +13,13 @@ @@ -13,6 +13,13 @@
#endif /* HAVE_AUTHORIZATION_H */ #endif /* HAVE_AUTHORIZATION_H */
@ -656,19 +678,21 @@ diff -up cups-2.3.0/scheduler/client.h.lspp cups-2.3.0/scheduler/client.h
}; };
#define HTTP(con) ((con)->http) #define HTTP(con) ((con)->http)
@@ -136,6 +147,9 @@ extern void cupsdStartListening(void); @@ -137,6 +148,10 @@ extern void cupsdStopListening(void);
extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void); extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con); extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid); +extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
+
#ifdef HAVE_SSL #ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con); extern int cupsdEndTLS(cupsd_client_t *con);
diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c extern int cupsdStartTLS(cupsd_client_t *con);
--- cups-2.3.0/scheduler/conf.c.lspp 2019-10-07 12:24:43.049597531 +0200 diff --git a/scheduler/conf.c b/scheduler/conf.c
+++ cups-2.3.0/scheduler/conf.c 2019-10-07 12:24:43.113597079 +0200 index 21386cd..a52e9a6 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -37,6 +37,9 @@ @@ -37,6 +37,9 @@
# define INADDR_NONE 0xffffffff # define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */ #endif /* !INADDR_NONE */
@ -700,7 +724,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/* /*
@@ -864,6 +874,25 @@ cupsdReadConfiguration(void) @@ -877,6 +887,25 @@ cupsdReadConfiguration(void)
RunUser = getuid(); RunUser = getuid();
@ -726,7 +750,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled"); RemotePort ? "enabled" : "disabled");
@@ -1275,7 +1304,19 @@ cupsdReadConfiguration(void) @@ -1269,7 +1298,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification); cupsdClearString(&Classification);
if (Classification) if (Classification)
@ -746,7 +770,7 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/* /*
* Check the MaxClients setting, and then allocate memory for it... * Check the MaxClients setting, and then allocate memory for it...
@@ -3830,6 +3871,18 @@ read_location(cups_file_t *fp, /* I - C @@ -3857,6 +3898,18 @@ read_location(cups_file_t *fp, /* I - Configuration file */
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
} }
@ -765,10 +789,11 @@ diff -up cups-2.3.0/scheduler/conf.c.lspp cups-2.3.0/scheduler/conf.c
/* /*
* 'read_policy()' - Read a <Policy name> definition. * 'read_policy()' - Read a <Policy name> definition.
diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h diff --git a/scheduler/conf.h b/scheduler/conf.h
--- cups-2.3.0/scheduler/conf.h.lspp 2019-08-23 17:19:38.000000000 +0200 index 7d5eb40..3c27828 100644
+++ cups-2.3.0/scheduler/conf.h 2019-10-07 12:24:43.113597079 +0200 --- a/scheduler/conf.h
@@ -243,6 +243,13 @@ VAR char *ServerKeychain VALUE(NULL); +++ b/scheduler/conf.h
@@ -245,6 +245,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */ /* Keychain holding cert + key */
#endif /* HAVE_SSL */ #endif /* HAVE_SSL */
@ -782,7 +807,7 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
#ifdef HAVE_ONDEMAND #ifdef HAVE_ONDEMAND
VAR int IdleExitTimeout VALUE(60); VAR int IdleExitTimeout VALUE(60);
/* Time after which an idle cupsd will exit */ /* Time after which an idle cupsd will exit */
@@ -261,6 +268,9 @@ VAR int HaveServerCreds VALUE(0); @@ -263,6 +270,9 @@ VAR int HaveServerCreds VALUE(0);
VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */ VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */
#endif /* HAVE_GSSAPI */ #endif /* HAVE_GSSAPI */
@ -792,9 +817,10 @@ diff -up cups-2.3.0/scheduler/conf.h.lspp cups-2.3.0/scheduler/conf.h
/* /*
* Prototypes... * Prototypes...
diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h diff --git a/scheduler/cupsd.h b/scheduler/cupsd.h
--- cups-2.3.0/scheduler/cupsd.h.lspp 2019-08-23 17:19:38.000000000 +0200 index bc1350e..64d57d1 100644
+++ cups-2.3.0/scheduler/cupsd.h 2019-10-07 12:31:38.458480578 +0200 --- a/scheduler/cupsd.h
+++ b/scheduler/cupsd.h
@@ -8,6 +8,8 @@ @@ -8,6 +8,8 @@
* information. * information.
*/ */
@ -819,10 +845,11 @@ diff -up cups-2.3.0/scheduler/cupsd.h.lspp cups-2.3.0/scheduler/cupsd.h
#include "mime.h" #include "mime.h"
#if defined(HAVE_CDSASSL) #if defined(HAVE_CDSASSL)
diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c diff --git a/scheduler/ipp.c b/scheduler/ipp.c
--- cups-2.3.0/scheduler/ipp.c.lspp 2019-10-07 12:24:43.016597764 +0200 index 19d6608..728d164 100644
+++ cups-2.3.0/scheduler/ipp.c 2019-10-07 12:31:01.243798920 +0200 --- a/scheduler/ipp.c
@@ -11,6 +11,9 @@ +++ b/scheduler/ipp.c
@@ -12,6 +12,9 @@
* information. * information.
*/ */
@ -832,7 +859,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/* /*
* Include necessary headers... * Include necessary headers...
*/ */
@@ -27,6 +30,14 @@ extern int mbr_group_name_to_uuid(const @@ -28,6 +31,12 @@ extern int mbr_group_name_to_uuid(const char* name, uuid_t uu);
extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember); extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember);
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -841,13 +868,11 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/context.h> +#include <selinux/context.h>
+#include <selinux/avc.h> +#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
/* /*
* Local functions... * Local functions...
@@ -51,6 +62,9 @@ static void cancel_all_jobs(cupsd_client @@ -52,6 +61,9 @@ static void cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id); static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient); static int check_rss_recipient(const char *recipient);
@ -857,7 +882,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1240,6 +1254,21 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1241,6 +1253,21 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"time-at-creation", "time-at-creation",
"time-at-processing" "time-at-processing"
}; };
@ -879,7 +904,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1568,6 +1597,106 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1569,6 +1596,106 @@ add_job(cupsd_client_t *con, /* I - Client connection */
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME); attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
@ -916,18 +941,18 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ /* + /*
+ * The printer does not exist, so for now assume it's a FileDevice + * The printer does not exist, so for now assume it's a FileDevice
+ */ + */
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISCHR(printerstat.st_mode)) + else if (S_ISCHR(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_CHR_FILE; + tclass = string_to_security_class("chr_file");
+ avr = CHR_FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISREG(printerstat.st_mode)) + else if (S_ISREG(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else + else
+ { + {
@ -986,7 +1011,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if ((job = cupsdAddJob(priority, printer->name)) == NULL) if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{ {
send_ipp_status(con, IPP_INTERNAL_ERROR, send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1576,6 +1705,32 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1577,6 +1704,32 @@ add_job(cupsd_client_t *con, /* I - Client connection */
return (NULL); return (NULL);
} }
@ -1019,7 +1044,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request; job->attrs = con->request;
job->dirty = 1; job->dirty = 1;
@@ -1763,6 +1918,29 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1764,6 +1917,29 @@ add_job(cupsd_client_t *con, /* I - Client connection */
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
} }
@ -1049,7 +1074,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
job->job_sheets = attr; job->job_sheets = attr;
@@ -1793,6 +1971,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1794,6 +1970,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-sheets=\"%s,none\", " "job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
Classification, job->username); Classification, job->username);
@ -1059,7 +1084,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
} }
else if (attr->num_values == 2 && else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text, strcmp(attr->values[0].string.text,
@@ -1811,6 +1992,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1812,6 +1991,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
attr->values[0].string.text, attr->values[0].string.text,
attr->values[1].string.text, job->username); attr->values[1].string.text, job->username);
@ -1069,7 +1094,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
} }
else if (strcmp(attr->values[0].string.text, Classification) && else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") && strcmp(attr->values[0].string.text, "none") &&
@@ -1831,6 +2015,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1832,6 +2014,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
attr->values[0].string.text, attr->values[0].string.text,
attr->values[1].string.text, job->username); attr->values[1].string.text, job->username);
@ -1079,7 +1104,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
} }
} }
else if (strcmp(attr->values[0].string.text, Classification) && else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1871,8 +2058,52 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1872,9 +2057,55 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-sheets=\"%s\", " "job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
Classification, job->username); Classification, job->username);
@ -1121,18 +1146,21 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ cupsdClearString(&audit_message); + cupsdClearString(&audit_message);
+ } + }
} }
+
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
} }
+
+#ifdef WITH_LSPP
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
+
+
/* /*
* See if we need to add the starting sheet... * See if we need to add the starting sheet...
@@ -3648,6 +3879,128 @@ check_rss_recipient( */
@@ -3649,6 +3880,128 @@ check_rss_recipient(
} }
@ -1204,8 +1232,8 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
+ return -1; + return -1;
+ } + }
+ avc_entry_ref_init(&avcref); + avc_entry_ref_init(&avcref);
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__READ; + avr = string_to_av_perm(tclass, "read");
+ +
+ /* + /*
+ * Perform the check with the client as the subject, first with the job as the object + * Perform the check with the client as the subject, first with the job as the object
@ -1261,7 +1289,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/* /*
* 'check_quotas()' - Check quotas for a printer and user. * 'check_quotas()' - Check quotas for a printer and user.
*/ */
@@ -4103,6 +4456,15 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4104,6 +4457,15 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
char attrname[255], /* Name of attribute */ char attrname[255], /* Name of attribute */
*s; /* Pointer into name */ *s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */ ipp_attribute_t *attr; /* Attribute */
@ -1277,7 +1305,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4138,6 +4500,85 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4139,6 +4501,85 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
fchmod(cupsFileNumber(out), 0640); fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group); fchown(cupsFileNumber(out), RunUser, Group);
@ -1363,7 +1391,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/* /*
* Try the localized banner file under the subdirectory... * Try the localized banner file under the subdirectory...
@@ -4232,6 +4673,24 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4233,6 +4674,24 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
else else
s = attrname; s = attrname;
@ -1388,7 +1416,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if (!strcmp(s, "printer-name")) if (!strcmp(s, "printer-name"))
{ {
cupsFilePuts(out, job->dest); cupsFilePuts(out, job->dest);
@@ -6439,6 +6898,22 @@ get_job_attrs(cupsd_client_t *con, /* I @@ -6443,6 +6902,22 @@ get_job_attrs(cupsd_client_t *con, /* I - Client connection */
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
@ -1411,7 +1439,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/* /*
* Copy attributes... * Copy attributes...
*/ */
@@ -6836,6 +7311,11 @@ get_jobs(cupsd_client_t *con, /* I - C @@ -6840,6 +7315,11 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */
if (username[0] && _cups_strcasecmp(username, job->username)) if (username[0] && _cups_strcasecmp(username, job->username))
continue; continue;
@ -1423,7 +1451,7 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
if (count > 0) if (count > 0)
ippAddSeparator(con->response); ippAddSeparator(con->response);
@@ -11445,6 +11925,11 @@ validate_user(cupsd_job_t *job, /* I @@ -11441,6 +11921,11 @@ validate_user(cupsd_job_t *job, /* I - Job */
strlcpy(username, get_username(con), userlen); strlcpy(username, get_username(con), userlen);
@ -1435,9 +1463,10 @@ diff -up cups-2.3.0/scheduler/ipp.c.lspp cups-2.3.0/scheduler/ipp.c
/* /*
* Check the username against the owner... * Check the username against the owner...
*/ */
diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c diff --git a/scheduler/job.c b/scheduler/job.c
--- cups-2.3.0/scheduler/job.c.lspp 2019-10-07 12:24:43.024597707 +0200 index 834e170..dbc64c3 100644
+++ cups-2.3.0/scheduler/job.c 2019-10-07 12:30:13.092210820 +0200 --- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -8,6 +8,9 @@ @@ -8,6 +8,9 @@
* information. * information.
*/ */
@ -1448,7 +1477,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
/* /*
* Include necessary headers... * Include necessary headers...
*/ */
@@ -23,6 +26,14 @@ @@ -23,6 +26,12 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -1457,13 +1486,11 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/context.h> +#include <selinux/context.h>
+#include <selinux/avc.h> +#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
/* /*
* Design Notes for Job Management * Design Notes for Job Management
@@ -544,6 +555,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I @@ -545,6 +554,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
/* PRINTER_STATE_REASONS env var */ /* PRINTER_STATE_REASONS env var */
rip_max_cache[255]; rip_max_cache[255];
/* RIP_MAX_CACHE env variable */ /* RIP_MAX_CACHE env variable */
@ -1478,7 +1505,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1080,6 +1099,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I @@ -1066,6 +1083,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
if (final_content_type[0]) if (final_content_type[0])
envp[envc ++] = final_content_type; envp[envc ++] = final_content_type;
@ -1546,7 +1573,19 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
if (Classification && !banner_page) if (Classification && !banner_page)
{ {
if ((attr = ippFindAttribute(job->attrs, "job-sheets", if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1858,6 +1938,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J @@ -1400,6 +1478,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1844,6 +1927,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
ippSetString(job->attrs, &job->reasons, 0, "none"); ippSetString(job->attrs, &job->reasons, 0, "none");
} }
@ -1569,7 +1608,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER); job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER);
job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER);
job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
@@ -2273,6 +2369,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J @@ -2259,6 +2358,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
{ {
char filename[1024]; /* Job control filename */ char filename[1024]; /* Job control filename */
cups_file_t *fp; /* Job file */ cups_file_t *fp; /* Job file */
@ -1584,7 +1623,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
@@ -2295,6 +2399,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J @@ -2281,6 +2388,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
fchown(cupsFileNumber(fp), RunUser, Group); fchown(cupsFileNumber(fp), RunUser, Group);
@ -1663,7 +1702,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
job->attrs->state = IPP_IDLE; job->attrs->state = IPP_IDLE;
if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
@@ -3995,6 +4171,19 @@ get_options(cupsd_job_t *job, /* I - Jo @@ -3981,6 +4160,19 @@ get_options(cupsd_job_t *job, /* I - Job */
banner_page) banner_page)
continue; continue;
@ -1683,7 +1722,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
/* /*
* Otherwise add them to the list... * Otherwise add them to the list...
*/ */
@@ -4805,6 +4994,18 @@ start_job(cupsd_job_t *job, /* I - @@ -4791,6 +4983,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */
cupsd_printer_t *printer) /* I - Printer to print job */ cupsd_printer_t *printer) /* I - Printer to print job */
{ {
const char *filename; /* Support filename */ const char *filename; /* Support filename */
@ -1702,7 +1741,7 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs, ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs,
"job-cancel-after", "job-cancel-after",
IPP_TAG_INTEGER); IPP_TAG_INTEGER);
@@ -4993,6 +5194,113 @@ start_job(cupsd_job_t *job, /* I - @@ -4979,6 +5183,113 @@ start_job(cupsd_job_t *job, /* I - Job ID */
fcntl(job->side_pipes[1], F_SETFD, fcntl(job->side_pipes[1], F_SETFD,
fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
@ -1733,18 +1772,18 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
+ /* + /*
+ * The printer does not exist, so for now assume it's a FileDevice + * The printer does not exist, so for now assume it's a FileDevice
+ */ + */
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISCHR(printerstat.st_mode)) + else if (S_ISCHR(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_CHR_FILE; + tclass = string_to_security_class("chr_file");
+ avr = CHR_FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISREG(printerstat.st_mode)) + else if (S_ISREG(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else + else
+ { + {
@ -1816,9 +1855,10 @@ diff -up cups-2.3.0/scheduler/job.c.lspp cups-2.3.0/scheduler/job.c
/* /*
* Now start the first file in the job... * Now start the first file in the job...
*/ */
diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h diff --git a/scheduler/job.h b/scheduler/job.h
--- cups-2.3.0/scheduler/job.h.lspp 2019-08-23 17:19:38.000000000 +0200 index 2400ea9..cc05450 100644
+++ cups-2.3.0/scheduler/job.h 2019-10-07 12:29:54.364371023 +0200 --- a/scheduler/job.h
+++ b/scheduler/job.h
@@ -7,6 +7,13 @@ @@ -7,6 +7,13 @@
* Licensed under Apache License v2.0. See the file "LICENSE" for more information. * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/ */
@ -1833,7 +1873,7 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
/* /*
* Constants... * Constants...
*/ */
@@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request * @@ -84,6 +91,10 @@ struct cupsd_job_s /**** Job request ****/
int progress; /* Printing progress */ int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */ int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */ cups_option_t *keywords; /* PPD keywords */
@ -1844,9 +1884,10 @@ diff -up cups-2.3.0/scheduler/job.h.lspp cups-2.3.0/scheduler/job.h
}; };
typedef struct cupsd_joblog_s /**** Job log message ****/ typedef struct cupsd_joblog_s /**** Job log message ****/
diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c diff --git a/scheduler/main.c b/scheduler/main.c
--- cups-2.3.0/scheduler/main.c.lspp 2019-10-07 12:24:43.037597616 +0200 index 47968e6..2802625 100644
+++ cups-2.3.0/scheduler/main.c 2019-10-07 12:24:43.119597037 +0200 --- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -57,6 +57,9 @@ @@ -57,6 +57,9 @@
# include <sys/param.h> # include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */ #endif /* HAVE_SYS_PARAM_H */
@ -1857,7 +1898,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
/* /*
* Local functions... * Local functions...
@@ -123,6 +126,9 @@ main(int argc, /* I - Number of comm @@ -123,6 +126,9 @@ main(int argc, /* I - Number of command-line args */
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */ struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */ #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
@ -1867,7 +1908,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
#ifdef __APPLE__ #ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */ int use_sysman = 1; /* Use system management functions? */
#else #else
@@ -495,6 +501,25 @@ main(int argc, /* I - Number of comm @@ -495,6 +501,25 @@ main(int argc, /* I - Number of command-line args */
exit(errno); exit(errno);
} }
@ -1893,7 +1934,7 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
/* /*
* Let the system know we are busy while we bring up cupsd... * Let the system know we are busy while we bring up cupsd...
*/ */
@@ -1201,6 +1226,11 @@ main(int argc, /* I - Number of comm @@ -1204,6 +1229,11 @@ main(int argc, /* I - Number of command-line args */
cupsdStopSelect(); cupsdStopSelect();
@ -1905,10 +1946,11 @@ diff -up cups-2.3.0/scheduler/main.c.lspp cups-2.3.0/scheduler/main.c
return (!stop_scheduler); return (!stop_scheduler);
} }
diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c diff --git a/scheduler/printers.c b/scheduler/printers.c
--- cups-2.3.0/scheduler/printers.c.lspp 2019-08-23 17:19:38.000000000 +0200 index 234d441..248bdba 100644
+++ cups-2.3.0/scheduler/printers.c 2019-10-07 12:29:17.956658129 +0200 --- a/scheduler/printers.c
@@ -8,6 +8,8 @@ +++ b/scheduler/printers.c
@@ -9,6 +9,8 @@
* information. * information.
*/ */
@ -1917,7 +1959,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
/* /*
* Include necessary headers... * Include necessary headers...
*/ */
@@ -32,6 +34,10 @@ @@ -33,6 +35,10 @@
# include <asl.h> # include <asl.h>
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -1928,7 +1970,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
/* /*
* Local functions... * Local functions...
@@ -2252,6 +2258,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) @@ -2288,6 +2294,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
ipp_attribute_t *attr; /* Attribute data */ ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */ char *name, /* Current user/group name */
*filter; /* Current filter */ *filter; /* Current filter */
@ -1942,7 +1984,7 @@ diff -up cups-2.3.0/scheduler/printers.c.lspp cups-2.3.0/scheduler/printers.c
/* /*
@@ -2378,6 +2391,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) @@ -2412,6 +2425,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
attr->values[1].string.text = _cupsStrAlloc(Classification ? attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]); Classification : p->job_sheets[1]);
} }

View File

@ -24,7 +24,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.3.3%{OP_VER} Version: 2.3.3%{OP_VER}
Release: 27%{?dist} Release: 31%{?dist}
License: ASL 2.0 License: ASL 2.0
Url: http://www.cups.org/ Url: http://www.cups.org/
# Apple stopped uploading the new versions into github, use OpenPrinting fork # Apple stopped uploading the new versions into github, use OpenPrinting fork
@ -132,19 +132,30 @@ Patch37: cups-preservejobfiles-leak.patch
Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents # RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/pull/927
Patch40: 0001-scheduler-Fix-sending-response-headers-to-client.patch
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
# https://github.com/OpenPrinting/cups/pull/456
Patch41: 0001-cups-dest.c-Write-data-into-etc-cups-lpoptions-if-we.patch
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956 # https://github.com/OpenPrinting/cups/commit/a436956
Patch40: 0001-Fix-domain-socket-handling.patch Patch42: 0001-Fix-domain-socket-handling.patch
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52 # https://github.com/OpenPrinting/cups/commit/3448c52
Patch41: cups-socket-remove-on-stop.patch Patch43: cups-socket-remove-on-stop.patch
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508 # https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f # https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728 # https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b # https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914 # https://github.com/OpenPrinting/cups/commit/fb0c914
Patch42: cups-check-for-listeners.patch Patch44: cups-check-for-listeners.patch
# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
Patch45: 0001-mirror-ipp-everywhere-printer-changes-from-master.patch
Patch46: 0001-refactor-make-and-model-code.patch
Patch47: 0001-ppdize-preset-and-template-names.patch
Patch48: 0001-quote-ppd-localized-strings.patch
Patch49: 0001-fix-warnings-for-unused-vars.patch
##### Patches removed because IMHO they aren't no longer needed ##### Patches removed because IMHO they aren't no longer needed
@ -406,19 +417,30 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in
%patch38 -p1 -b .log-stderr %patch38 -p1 -b .log-stderr
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents # RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
%patch39 -p1 -b .cupsgetjobs-pollhup %patch39 -p1 -b .cupsgetjobs-pollhup
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # https://github.com/OpenPrinting/cups/pull/927
%patch40 -p1 -b .sent-headers
# RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
%patch41 -p1 -b .root-lpoptions
# RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956 # https://github.com/OpenPrinting/cups/commit/a436956
%patch40 -p1 -b .cve2024-35235 %patch42 -p1 -b .cve2024-35235
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52 # https://github.com/OpenPrinting/cups/commit/3448c52
%patch41 -p1 -b .cups-socket-remove-on-stop.patch %patch43 -p1 -b .cups-socket-remove-on-stop.patch
# RHEL-40388 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 # RHEL-39940 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508 # https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f # https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728 # https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b # https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914 # https://github.com/OpenPrinting/cups/commit/fb0c914
%patch42 -p1 -b .cups-check-for-listeners.patch %patch44 -p1 -b .cups-check-for-listeners.patch
# RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
%patch45 -p1 -b .ippeve-validate
%patch46 -p1 -b .make-model-refact
%patch47 -p1 -b .ppdize-presets
%patch48 -p1 -b .quote-ppd-strings
%patch49 -p1 -b .fix-warn
%if %{lspp} %if %{lspp}
# LSPP support. # LSPP support.
@ -853,17 +875,30 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man7/ippeveps.7.gz %{_mandir}/man7/ippeveps.7.gz
%changelog %changelog
* Wed Jun 19 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27 * Tue Oct 01 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-31
- RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file
* Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-30
- RHEL-6526 cups source rpm doesn't actually build lspp support
- fix memory leaks from LSPP
* Wed Jun 19 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-29
- Revert the cups-libs license identifier to the "legacy" format - Revert the cups-libs license identifier to the "legacy" format
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-26 * Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-28
- RHEL-40388 cups: Cupsd Listen arbitrary chmod 0140777 - RHEL-39940 cups: Cupsd Listen arbitrary chmod 0140777
- Delete the domain socket file after stopping the cups.socket service - Delete the domain socket file after stopping the cups.socket service
- Fix cupsd Listener checks - Fix cupsd Listener checks
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-25 * Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.3.3op2-27
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
* Mon Apr 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-26
- RHEL-32727 lpoptions with root writes to ~/.cups/lpoptions
* Fri Apr 05 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-25
- RHEL-29764 cups doesn't send Content-Type header back to client when Set-Cookie is seen first
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24 * Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24
- revert RHEL-19205 - new packages are not needed - revert RHEL-19205 - new packages are not needed