From fce8f58b491a3a38616a6cc63fe6f2993332cba4 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Sat, 15 Nov 2014 15:42:30 +0100 Subject: [PATCH] 2.0.1 --- .gitignore | 1 + cups-lpd.socket | 9 - cups-lpd@.service | 8 - cups-lspp.patch | 114 ++++---- cups-str4476.patch | 599 -------------------------------------- cups-str4496.patch | 14 - cups-str4500.patch | 16 - cups-systemd-socket.patch | 33 ++- cups.spec | 29 +- sources | 2 +- 10 files changed, 84 insertions(+), 741 deletions(-) delete mode 100644 cups-lpd.socket delete mode 100644 cups-lpd@.service delete mode 100644 cups-str4476.patch delete mode 100644 cups-str4496.patch delete mode 100644 cups-str4500.patch diff --git a/.gitignore b/.gitignore index 0ceb184..0984f35 100644 --- a/.gitignore +++ b/.gitignore @@ -64,3 +64,4 @@ cups-1.4.4-source.tar.bz2 /cups-1.7.5-source.tar.bz2 /cups-2.0rc1-source.tar.bz2 /cups-2.0.0-source.tar.bz2 +/cups-2.0.1-source.tar.bz2 diff --git a/cups-lpd.socket b/cups-lpd.socket deleted file mode 100644 index b098052..0000000 --- a/cups-lpd.socket +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=CUPS-LPD Server Socket - -[Socket] -ListenStream=515 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/cups-lpd@.service b/cups-lpd@.service deleted file mode 100644 index 23b59c1..0000000 --- a/cups-lpd@.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Allow legacy LPD clients to communicate with CUPS -Documentation=man:cups-lpd(8) - -[Service] -ExecStart=-/usr/lib/cups/daemon/cups-lpd -StandardInput=socket -User=lp diff --git a/cups-lspp.patch b/cups-lspp.patch index feff07b..15d1bcb 100644 --- a/cups-lspp.patch +++ b/cups-lspp.patch @@ -1,6 +1,6 @@ -diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in ---- cups-2.0.0/config.h.in.lspp 2014-08-30 02:51:22.000000000 +0100 -+++ cups-2.0.0/config.h.in 2014-11-06 14:49:08.220421810 +0000 +diff -up cups-2.0.1/config.h.in.lspp cups-2.0.1/config.h.in +--- cups-2.0.1/config.h.in.lspp 2014-08-30 03:51:22.000000000 +0200 ++++ cups-2.0.1/config.h.in 2014-11-15 15:22:47.838306259 +0100 @@ -709,6 +709,13 @@ static __inline int _cups_abs(int i) { r # endif /* __GNUC__ || __STDC_VERSION__ */ #endif /* !HAVE_ABS && !abs */ @@ -15,9 +15,9 @@ diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in #endif /* !_CUPS_CONFIG_H_ */ /* -diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/cups-lspp.m4 ---- cups-2.0.0/config-scripts/cups-lspp.m4.lspp 2014-11-06 14:49:08.220421810 +0000 -+++ cups-2.0.0/config-scripts/cups-lspp.m4 2014-11-06 14:49:08.220421810 +0000 +diff -up cups-2.0.1/config-scripts/cups-lspp.m4.lspp cups-2.0.1/config-scripts/cups-lspp.m4 +--- cups-2.0.1/config-scripts/cups-lspp.m4.lspp 2014-11-15 15:22:47.838306259 +0100 ++++ cups-2.0.1/config-scripts/cups-lspp.m4 2014-11-15 15:22:47.838306259 +0100 @@ -0,0 +1,36 @@ +dnl +dnl LSPP code for the Common UNIX Printing System (CUPS). @@ -55,9 +55,9 @@ diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/c + ;; + esac +fi -diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac ---- cups-2.0.0/configure.ac.lspp 2014-04-21 13:22:03.000000000 +0100 -+++ cups-2.0.0/configure.ac 2014-11-06 14:49:08.220421810 +0000 +diff -up cups-2.0.1/configure.ac.lspp cups-2.0.1/configure.ac +--- cups-2.0.1/configure.ac.lspp 2014-10-21 13:55:01.000000000 +0200 ++++ cups-2.0.1/configure.ac 2014-11-15 15:22:47.838306259 +0100 @@ -36,6 +36,8 @@ sinclude(config-scripts/cups-startup.m4) sinclude(config-scripts/cups-defaults.m4) sinclude(config-scripts/cups-scripting.m4) @@ -67,9 +67,9 @@ diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac INSTALL_LANGUAGES="" UNINSTALL_LANGUAGES="" LANGFILES="" -diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c ---- cups-2.0.0/filter/common.c.lspp 2014-02-06 18:33:34.000000000 +0000 -+++ cups-2.0.0/filter/common.c 2014-11-06 14:49:08.220421810 +0000 +diff -up cups-2.0.1/filter/common.c.lspp cups-2.0.1/filter/common.c +--- cups-2.0.1/filter/common.c.lspp 2014-02-06 19:33:34.000000000 +0100 ++++ cups-2.0.1/filter/common.c 2014-11-15 15:22:47.838306259 +0100 @@ -19,6 +19,12 @@ * Include necessary headers... */ @@ -238,9 +238,9 @@ diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c /* -diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c ---- cups-2.0.0/filter/pstops.c.lspp 2014-02-06 18:33:34.000000000 +0000 -+++ cups-2.0.0/filter/pstops.c 2014-11-06 14:49:08.221421819 +0000 +diff -up cups-2.0.1/filter/pstops.c.lspp cups-2.0.1/filter/pstops.c +--- cups-2.0.1/filter/pstops.c.lspp 2014-02-06 19:33:34.000000000 +0100 ++++ cups-2.0.1/filter/pstops.c 2014-11-15 15:22:47.839306246 +0100 @@ -3173,6 +3173,18 @@ write_label_prolog(pstops_doc_t *doc, /* { const char *classification; /* CLASSIFICATION environment variable */ @@ -396,9 +396,9 @@ diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c /* -diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in ---- cups-2.0.0/Makedefs.in.lspp 2014-11-06 14:49:08.186421483 +0000 -+++ cups-2.0.0/Makedefs.in 2014-11-06 14:49:08.232421926 +0000 +diff -up cups-2.0.1/Makedefs.in.lspp cups-2.0.1/Makedefs.in +--- cups-2.0.1/Makedefs.in.lspp 2014-11-15 15:22:47.766307192 +0100 ++++ cups-2.0.1/Makedefs.in 2014-11-15 15:22:47.840306233 +0100 @@ -145,7 +145,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(LIBZ) @@ -408,9 +408,9 @@ diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in ONDEMANDFLAGS = @ONDEMANDFLAGS@ ONDEMANDLIBS = @ONDEMANDLIBS@ OPTIM = @OPTIM@ -diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c ---- cups-2.0.0/scheduler/client.c.lspp 2014-08-28 16:37:22.000000000 +0100 -+++ cups-2.0.0/scheduler/client.c 2014-11-06 14:54:15.305993839 +0000 +diff -up cups-2.0.1/scheduler/client.c.lspp cups-2.0.1/scheduler/client.c +--- cups-2.0.1/scheduler/client.c.lspp 2014-08-28 17:37:22.000000000 +0200 ++++ cups-2.0.1/scheduler/client.c 2014-11-15 15:22:47.842306207 +0100 @@ -24,12 +24,20 @@ #define _HTTP_NO_PRIVATE #include "cupsd.h" @@ -630,9 +630,9 @@ diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c /* * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h ---- cups-2.0.0/scheduler/client.h.lspp 2014-03-21 16:42:53.000000000 +0000 -+++ cups-2.0.0/scheduler/client.h 2014-11-06 14:49:08.222421829 +0000 +diff -up cups-2.0.1/scheduler/client.h.lspp cups-2.0.1/scheduler/client.h +--- cups-2.0.1/scheduler/client.h.lspp 2014-03-21 17:42:53.000000000 +0100 ++++ cups-2.0.1/scheduler/client.h 2014-11-15 15:22:47.842306207 +0100 @@ -18,6 +18,13 @@ #endif /* HAVE_AUTHORIZATION_H */ @@ -668,9 +668,9 @@ diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h #ifdef HAVE_SSL extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c ---- cups-2.0.0/scheduler/conf.c.lspp 2014-11-06 14:49:08.215421762 +0000 -+++ cups-2.0.0/scheduler/conf.c 2014-11-06 14:49:08.222421829 +0000 +diff -up cups-2.0.1/scheduler/conf.c.lspp cups-2.0.1/scheduler/conf.c +--- cups-2.0.1/scheduler/conf.c.lspp 2014-11-15 15:22:47.832306336 +0100 ++++ cups-2.0.1/scheduler/conf.c 2014-11-15 15:22:47.844306181 +0100 @@ -36,6 +36,9 @@ # define INADDR_NONE 0xffffffff #endif /* !INADDR_NONE */ @@ -702,7 +702,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c /* -@@ -829,6 +839,25 @@ cupsdReadConfiguration(void) +@@ -831,6 +841,25 @@ cupsdReadConfiguration(void) RunUser = getuid(); @@ -728,7 +728,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", RemotePort ? "enabled" : "disabled"); -@@ -1220,7 +1249,19 @@ cupsdReadConfiguration(void) +@@ -1225,7 +1254,19 @@ cupsdReadConfiguration(void) cupsdClearString(&Classification); if (Classification) @@ -748,7 +748,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c /* * Check the MaxClients setting, and then allocate memory for it... -@@ -3652,6 +3693,18 @@ read_location(cups_file_t *fp, /* I - C +@@ -3700,6 +3741,18 @@ read_location(cups_file_t *fp, /* I - C return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); } @@ -767,9 +767,9 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c /* * 'read_policy()' - Read a definition. -diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h ---- cups-2.0.0/scheduler/conf.h.lspp 2014-11-06 14:49:08.212421733 +0000 -+++ cups-2.0.0/scheduler/conf.h 2014-11-06 14:49:08.222421829 +0000 +diff -up cups-2.0.1/scheduler/conf.h.lspp cups-2.0.1/scheduler/conf.h +--- cups-2.0.1/scheduler/conf.h.lspp 2014-11-15 15:22:47.825306427 +0100 ++++ cups-2.0.1/scheduler/conf.h 2014-11-15 15:22:47.845306168 +0100 @@ -248,6 +248,13 @@ VAR char *ServerKeychain VALUE(NULL); /* Keychain holding cert + key */ #endif /* HAVE_SSL */ @@ -794,9 +794,9 @@ diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h /* * Prototypes... -diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h ---- cups-2.0.0/scheduler/cupsd.h.lspp 2014-11-06 14:49:08.205421665 +0000 -+++ cups-2.0.0/scheduler/cupsd.h 2014-11-06 14:49:08.222421829 +0000 +diff -up cups-2.0.1/scheduler/cupsd.h.lspp cups-2.0.1/scheduler/cupsd.h +--- cups-2.0.1/scheduler/cupsd.h.lspp 2014-11-15 15:22:47.805306686 +0100 ++++ cups-2.0.1/scheduler/cupsd.h 2014-11-15 15:22:47.846306155 +0100 @@ -13,6 +13,8 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -828,9 +828,9 @@ diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h /* * Some OS's don't have hstrerror(), most notably Solaris... */ -diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c ---- cups-2.0.0/scheduler/ipp.c.lspp 2014-11-06 14:49:08.175421377 +0000 -+++ cups-2.0.0/scheduler/ipp.c 2014-11-06 15:07:01.724894473 +0000 +diff -up cups-2.0.1/scheduler/ipp.c.lspp cups-2.0.1/scheduler/ipp.c +--- cups-2.0.1/scheduler/ipp.c.lspp 2014-11-15 15:22:47.739307542 +0100 ++++ cups-2.0.1/scheduler/ipp.c 2014-11-15 15:22:47.851306090 +0100 @@ -16,6 +16,9 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -1444,9 +1444,9 @@ diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c /* * Check the username against the owner... */ -diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c ---- cups-2.0.0/scheduler/job.c.lspp 2014-11-06 14:49:08.182421444 +0000 -+++ cups-2.0.0/scheduler/job.c 2014-11-06 15:07:38.589074429 +0000 +diff -up cups-2.0.1/scheduler/job.c.lspp cups-2.0.1/scheduler/job.c +--- cups-2.0.1/scheduler/job.c.lspp 2014-11-15 15:22:47.755307335 +0100 ++++ cups-2.0.1/scheduler/job.c 2014-11-15 15:22:47.855306038 +0100 @@ -13,6 +13,9 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -1825,9 +1825,9 @@ diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c /* * Now start the first file in the job... */ -diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h ---- cups-2.0.0/scheduler/job.h.lspp 2014-07-31 01:02:30.000000000 +0100 -+++ cups-2.0.0/scheduler/job.h 2014-11-06 14:49:08.225421858 +0000 +diff -up cups-2.0.1/scheduler/job.h.lspp cups-2.0.1/scheduler/job.h +--- cups-2.0.1/scheduler/job.h.lspp 2014-07-31 02:02:30.000000000 +0200 ++++ cups-2.0.1/scheduler/job.h 2014-11-15 15:22:47.856306025 +0100 @@ -13,6 +13,13 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -1853,9 +1853,9 @@ diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h }; typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c ---- cups-2.0.0/scheduler/main.c.lspp 2014-11-06 14:49:08.206421675 +0000 -+++ cups-2.0.0/scheduler/main.c 2014-11-06 14:49:08.225421858 +0000 +diff -up cups-2.0.1/scheduler/main.c.lspp cups-2.0.1/scheduler/main.c +--- cups-2.0.1/scheduler/main.c.lspp 2014-11-15 15:22:47.808306648 +0100 ++++ cups-2.0.1/scheduler/main.c 2014-11-15 15:27:00.487987203 +0100 @@ -56,6 +56,9 @@ extern int launch_activate_socket(const # include #endif /* HAVE_SYS_PARAM_H */ @@ -1866,18 +1866,18 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c /* * Local functions... -@@ -116,6 +119,9 @@ main(int argc, /* I - Number of comm +@@ -120,6 +123,9 @@ main(int argc, /* I - Number of comm #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) struct sigaction action; /* Actions for POSIX signals */ #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ +#if WITH_LSPP + auditfail_t failmode; /* Action for audit_open failure */ +#endif /* WITH_LSPP */ - int run_as_child = 0; - /* Needed for background fork/exec */ #ifdef __APPLE__ -@@ -490,6 +496,25 @@ main(int argc, /* I - Number of comm - #endif /* DEBUG */ + int use_sysman = 1; /* Use system management functions? */ + #else +@@ -498,6 +504,25 @@ main(int argc, /* I - Number of comm + exit(errno); } +#ifdef WITH_LSPP @@ -1902,7 +1902,7 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c /* * Set the timezone info... */ -@@ -1149,6 +1174,11 @@ main(int argc, /* I - Number of comm +@@ -1160,6 +1185,11 @@ main(int argc, /* I - Number of comm cupsdStopSelect(); @@ -1914,9 +1914,9 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c return (!stop_scheduler); } -diff -up cups-2.0.0/scheduler/printers.c.lspp cups-2.0.0/scheduler/printers.c ---- cups-2.0.0/scheduler/printers.c.lspp 2014-11-06 14:49:08.160421232 +0000 -+++ cups-2.0.0/scheduler/printers.c 2014-11-06 14:49:08.226421868 +0000 +diff -up cups-2.0.1/scheduler/printers.c.lspp cups-2.0.1/scheduler/printers.c +--- cups-2.0.1/scheduler/printers.c.lspp 2014-11-15 15:22:47.716307840 +0100 ++++ cups-2.0.1/scheduler/printers.c 2014-11-15 15:22:47.860305973 +0100 @@ -13,6 +13,8 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ diff --git a/cups-str4476.patch b/cups-str4476.patch deleted file mode 100644 index a7a28bf..0000000 --- a/cups-str4476.patch +++ /dev/null @@ -1,599 +0,0 @@ -diff -up cups-2.0.0/cups/http-private.h.str4476 cups-2.0.0/cups/http-private.h ---- cups-2.0.0/cups/http-private.h.str4476 2014-08-28 17:02:00.000000000 +0100 -+++ cups-2.0.0/cups/http-private.h 2014-11-07 08:56:53.793831198 +0000 -@@ -161,6 +161,9 @@ extern "C" { - #define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ - #define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ - -+#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ -+#define _HTTP_TLS_ALLOW_SSL3 1 /* Allow SSL 3.0 */ -+ - - /* - * Types and functions for SSL support... -@@ -420,6 +423,7 @@ extern void _httpTLSInitialize(void); - extern size_t _httpTLSPending(http_t *http); - extern int _httpTLSRead(http_t *http, char *buf, int len); - extern int _httpTLSSetCredentials(http_t *http); -+extern void _httpTLSSetOptions(int options); - extern int _httpTLSStart(http_t *http); - extern void _httpTLSStop(http_t *http); - extern int _httpTLSWrite(http_t *http, const char *buf, int len); -diff -up cups-2.0.0/cups/tls-darwin.c.str4476 cups-2.0.0/cups/tls-darwin.c ---- cups-2.0.0/cups/tls-darwin.c.str4476 2014-09-23 15:56:14.000000000 +0100 -+++ cups-2.0.0/cups/tls-darwin.c 2014-11-07 08:56:53.791831189 +0000 -@@ -27,6 +27,14 @@ extern char **environ; - - - /* -+ * Test define - set to 1 to use SSLSetEnabledCiphers. Currently disabled (0) -+ * because of . -+ */ -+ -+#define USE_SET_ENABLED_CIPHERS 0 -+ -+ -+/* - * Local globals... - */ - -@@ -41,6 +49,7 @@ static char *tls_keypath = NULL; - /* Server cert keychain path */ - static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; - /* Mutex for keychain/certs */ -+static int tls_options = 0;/* Options for TLS connections */ - #endif /* HAVE_SECKEYCHAINOPEN */ - - -@@ -973,6 +982,17 @@ _httpTLSRead(http_t *http, /* I - HTTP - - - /* -+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. -+ */ -+ -+void -+_httpTLSSetOptions(int options) /* I - Options */ -+{ -+ tls_options = options; -+} -+ -+ -+/* - * '_httpTLSStart()' - Set up SSL/TLS support on a connection. - */ - -@@ -1033,9 +1053,108 @@ _httpTLSStart(http_t *http) /* I - HTTP - { - error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth, - true); -- DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", -- (int)error)); -+ DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", (int)error)); -+ } -+ -+ if (!error) -+ { -+ error = SSLSetProtocolVersionMin(http->tls, (tls_options & _HTTP_TLS_ALLOW_SSL3) ? kSSLProtocol3 : kTLSProtocol1); -+ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin, error=%d", (int)error)); -+ } -+ -+# if USE_SET_ENABLED_CIPHERS -+ if (!error) -+ { -+ SSLCipherSuite supported[100]; /* Supported cipher suites */ -+ size_t num_supported; /* Number of supported cipher suites */ -+ SSLCipherSuite enabled[100]; /* Cipher suites to enable */ -+ size_t num_enabled; /* Number of cipher suites to enable */ -+ -+ num_supported = sizeof(supported) / sizeof(supported[0]); -+ error = SSLGetSupportedCiphers(http->tls, supported, &num_supported); -+ -+ if (!error) -+ { -+ DEBUG_printf(("4_httpTLSStart: %d cipher suites supported.", (int)num_supported)); -+ -+ for (i = 0, num_enabled = 0; i < (int)num_supported && num_enabled < (sizeof(enabled) / sizeof(enabled[0])); i ++) -+ { -+ switch (supported[i]) -+ { -+ /* Obviously insecure cipher suites that we never want to use */ -+ case SSL_NULL_WITH_NULL_NULL : -+ case SSL_RSA_WITH_NULL_MD5 : -+ case SSL_RSA_WITH_NULL_SHA : -+ case SSL_RSA_EXPORT_WITH_RC4_40_MD5 : -+ case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 : -+ case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_RSA_WITH_DES_CBC_SHA : -+ case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_DH_DSS_WITH_DES_CBC_SHA : -+ case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_DH_RSA_WITH_DES_CBC_SHA : -+ case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_DHE_DSS_WITH_DES_CBC_SHA : -+ case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_DHE_RSA_WITH_DES_CBC_SHA : -+ case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 : -+ case SSL_DH_anon_WITH_RC4_128_MD5 : -+ case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA : -+ case SSL_DH_anon_WITH_DES_CBC_SHA : -+ case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA : -+ case SSL_FORTEZZA_DMS_WITH_NULL_SHA : -+ case TLS_DH_anon_WITH_AES_128_CBC_SHA : -+ case TLS_DH_anon_WITH_AES_256_CBC_SHA : -+ case TLS_ECDH_ECDSA_WITH_NULL_SHA : -+ case TLS_ECDHE_RSA_WITH_NULL_SHA : -+ case TLS_ECDH_anon_WITH_NULL_SHA : -+ case TLS_ECDH_anon_WITH_RC4_128_SHA : -+ case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA : -+ case TLS_ECDH_anon_WITH_AES_128_CBC_SHA : -+ case TLS_ECDH_anon_WITH_AES_256_CBC_SHA : -+ case TLS_RSA_WITH_NULL_SHA256 : -+ case TLS_DH_anon_WITH_AES_128_CBC_SHA256 : -+ case TLS_DH_anon_WITH_AES_256_CBC_SHA256 : -+ case TLS_PSK_WITH_NULL_SHA : -+ case TLS_DHE_PSK_WITH_NULL_SHA : -+ case TLS_RSA_PSK_WITH_NULL_SHA : -+ case TLS_DH_anon_WITH_AES_128_GCM_SHA256 : -+ case TLS_DH_anon_WITH_AES_256_GCM_SHA384 : -+ case TLS_PSK_WITH_NULL_SHA256 : -+ case TLS_PSK_WITH_NULL_SHA384 : -+ case TLS_DHE_PSK_WITH_NULL_SHA256 : -+ case TLS_DHE_PSK_WITH_NULL_SHA384 : -+ case TLS_RSA_PSK_WITH_NULL_SHA256 : -+ case TLS_RSA_PSK_WITH_NULL_SHA384 : -+ case SSL_RSA_WITH_DES_CBC_MD5 : -+ break; -+ -+ /* RC4 cipher suites that should only be used as a last resort */ -+ case SSL_RSA_WITH_RC4_128_MD5 : -+ case SSL_RSA_WITH_RC4_128_SHA : -+ case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : -+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : -+ case TLS_ECDH_RSA_WITH_RC4_128_SHA : -+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA : -+ case TLS_PSK_WITH_RC4_128_SHA : -+ case TLS_DHE_PSK_WITH_RC4_128_SHA : -+ case TLS_RSA_PSK_WITH_RC4_128_SHA : -+ if (tls_options & _HTTP_TLS_ALLOW_RC4) -+ enabled[num_enabled ++] = supported[i]; -+ break; -+ -+ /* Anything else we'll assume is secure */ -+ default : -+ enabled[num_enabled ++] = supported[i]; -+ break; -+ } -+ } -+ -+ DEBUG_printf(("4_httpTLSStart: %d cipher suites enabled.", (int)num_enabled)); -+ error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled); -+ } - } -+#endif /* USE_SET_ENABLED_CIPHERS */ - - if (!error && http->mode == _HTTP_MODE_CLIENT) - { -diff -up cups-2.0.0/cups/tls-gnutls.c.str4476 cups-2.0.0/cups/tls-gnutls.c ---- cups-2.0.0/cups/tls-gnutls.c.str4476 2014-09-23 15:56:14.000000000 +0100 -+++ cups-2.0.0/cups/tls-gnutls.c 2014-11-07 08:56:53.792831194 +0000 -@@ -36,6 +36,7 @@ static char *tls_keypath = NULL; - /* Server cert keychain path */ - static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; - /* Mutex for keychain/certs */ -+static int tls_options = 0;/* Options for TLS connections */ - - - /* -@@ -1002,6 +1003,17 @@ _httpTLSSetCredentials(http_t *http) /* - - - /* -+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. -+ */ -+ -+void -+_httpTLSSetOptions(int options) /* I - Options */ -+{ -+ tls_options = options; -+} -+ -+ -+/* - * '_httpTLSStart()' - Set up SSL/TLS support on a connection. - */ - -@@ -1185,6 +1197,15 @@ _httpTLSStart(http_t *http) /* I - Conn - return (-1); - } - -+ if (!tls_options) -+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL); -+ else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4)) -+ gnutls_priority_set_direct(http->tls, "NORMAL", NULL); -+ else if (tls_options & _HTTP_TLS_ALLOW_SSL3) -+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL); -+ else -+ gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL); -+ - gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http); - gnutls_transport_set_pull_function(http->tls, http_gnutls_read); - #ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION -diff -up cups-2.0.0/cups/tls-sspi.c.str4476 cups-2.0.0/cups/tls-sspi.c ---- cups-2.0.0/cups/tls-sspi.c.str4476 2014-09-23 15:56:14.000000000 +0100 -+++ cups-2.0.0/cups/tls-sspi.c 2014-11-07 08:56:53.790831185 +0000 -@@ -1,7 +1,8 @@ - /* - * "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $" - * -- * TLS support for CUPS on Windows using SSPI. -+ * TLS support for CUPS on Windows using the Security Support Provider -+ * Interface (SSPI). - * - * Copyright 2010-2014 by Apple Inc. - * -@@ -48,6 +49,14 @@ - # define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID 0x00002000 /* Expired X509 Cert. */ - #endif /* !SECURITY_FLAG_IGNORE_CERT_DATE_INVALID */ - -+ -+/* -+ * Local globals... -+ */ -+ -+static int tls_options = 0;/* Options for TLS connections */ -+ -+ - /* - * Local functions... - */ -@@ -897,6 +906,17 @@ _httpTLSRead(http_t *http, /* I - HTTP - - - /* -+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. -+ */ -+ -+void -+_httpTLSSetOptions(int options) /* I - Options */ -+{ -+ tls_options = options; -+} -+ -+ -+/* - * '_httpTLSStart()' - Set up SSL/TLS support on a connection. - */ - -@@ -1727,11 +1747,43 @@ http_sspi_find_credentials( - SchannelCred.paCred = &storedContext; - - /* -- * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client. -+ * Set supported protocols (can also be overriden in the registry...) - */ - -+#ifdef SP_PROT_TLS1_2_SERVER - if (http->mode == _HTTP_MODE_SERVER) -- SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1; -+ { -+ if (tls_options & _HTTP_TLS_ALLOW_SSL3) -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER | SP_PROT_SSL3_SERVER; -+ else -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER; -+ } -+ else -+ { -+ if (tls_options & _HTTP_TLS_ALLOW_SSL3) -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_SSL3_CLIENT; -+ else -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT; -+ } -+ -+#else -+ if (http->mode == _HTTP_MODE_SERVER) -+ { -+ if (tls_options & _HTTP_TLS_ALLOW_SSL3) -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER; -+ else -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER; -+ } -+ else -+ { -+ if (tls_options & _HTTP_TLS_ALLOW_SSL3) -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT; -+ else -+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT; -+ } -+#endif /* SP_PROT_TLS1_2_SERVER */ -+ -+ /* TODO: Support _HTTP_TLS_ALLOW_RC4 option; right now we'll rely on Windows registry to enable/disable RC4... */ - - /* - * Create an SSPI credential. -diff -up cups-2.0.0/cups/usersys.c.str4476 cups-2.0.0/cups/usersys.c ---- cups-2.0.0/cups/usersys.c.str4476 2014-08-28 16:37:22.000000000 +0100 -+++ cups-2.0.0/cups/usersys.c 2014-11-07 08:56:53.791831189 +0000 -@@ -52,7 +52,8 @@ static void cups_read_client_conf(cups_f - #endif /* HAVE_GSSAPI */ - const char *cups_anyroot, - const char *cups_expiredcerts, -- const char *cups_validatecerts); -+ const char *cups_validatecerts, -+ int ssl_options); - - - /* -@@ -863,6 +864,30 @@ _cupsSetDefaults(void) - if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] || - !cg->user[0] || !cg->ipp_port) - { -+ /* -+ * Look for CUPS_SERVERROOT/client.conf... -+ */ -+ -+ snprintf(filename, sizeof(filename), "%s/client.conf", -+ cg->cups_serverroot); -+ fp = cupsFileOpen(filename, "r"); -+ -+ /* -+ * Read the configuration file and apply any environment variables; both -+ * functions handle NULL cups_file_t pointers... -+ */ -+ -+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, -+#ifdef HAVE_GSSAPI -+ cups_gssservicename, -+#endif /* HAVE_GSSAPI */ -+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 1); -+ cupsFileClose(fp); -+ -+ /* -+ * Then user defaults, if it is safe to do so... -+ */ -+ - # ifdef HAVE_GETEUID - if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL) - # elif !defined(WIN32) -@@ -877,32 +902,19 @@ _cupsSetDefaults(void) - - snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home); - fp = cupsFileOpen(filename, "r"); -- } -- else -- fp = NULL; - -- if (!fp) -- { - /* -- * Look for CUPS_SERVERROOT/client.conf... -+ * Read the configuration file and apply any environment variables; both -+ * functions handle NULL cups_file_t pointers... - */ - -- snprintf(filename, sizeof(filename), "%s/client.conf", -- cg->cups_serverroot); -- fp = cupsFileOpen(filename, "r"); -- } -- -- /* -- * Read the configuration file and apply any environment variables; both -- * functions handle NULL cups_file_t pointers... -- */ -- -- cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, -+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, - #ifdef HAVE_GSSAPI -- cups_gssservicename, -+ cups_gssservicename, - #endif /* HAVE_GSSAPI */ -- cups_anyroot, cups_expiredcerts, cups_validatecerts); -- cupsFileClose(fp); -+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 0); -+ cupsFileClose(fp); -+ } - } - } - -@@ -924,7 +936,8 @@ cups_read_client_conf( - #endif /* HAVE_GSSAPI */ - const char *cups_anyroot, /* I - CUPS_ANYROOT env var */ - const char *cups_expiredcerts, /* I - CUPS_EXPIREDCERTS env var */ -- const char *cups_validatecerts)/* I - CUPS_VALIDATECERTS env var */ -+ const char *cups_validatecerts,/* I - CUPS_VALIDATECERTS env var */ -+ int ssl_options) /* I - Allow setting of SSLOptions? */ - { - int linenum; /* Current line number */ - char line[1024], /* Line from file */ -@@ -996,6 +1009,43 @@ cups_read_client_conf( - cups_gssservicename = gss_service_name; - } - #endif /* HAVE_GSSAPI */ -+ else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value) -+ { -+ /* -+ * SSLOptions [AllowRC4] [AllowSSL3] [None] -+ */ -+ -+ int options = 0; /* SSL/TLS options */ -+ char *start, /* Start of option */ -+ *end; /* End of option */ -+ -+ for (start = value; *start; start = end) -+ { -+ /* -+ * Find end of keyword... -+ */ -+ -+ end = start; -+ while (*end && !_cups_isspace(*end)) -+ end ++; -+ -+ if (*end) -+ *end++ = '\0'; -+ -+ /* -+ * Compare... -+ */ -+ -+ if (!_cups_strcasecmp(start, "AllowRC4")) -+ options |= _HTTP_TLS_ALLOW_RC4; -+ else if (!_cups_strcasecmp(start, "AllowSSL3")) -+ options |= _HTTP_TLS_ALLOW_SSL3; -+ else if (!_cups_strcasecmp(start, "None")) -+ options = 0; -+ } -+ -+ _httpTLSSetOptions(options); -+ } - } - - /* -diff -up cups-2.0.0/doc/help/man-client.conf.html.str4476 cups-2.0.0/doc/help/man-client.conf.html ---- cups-2.0.0/doc/help/man-client.conf.html.str4476 2014-05-23 03:45:48.000000000 +0100 -+++ cups-2.0.0/doc/help/man-client.conf.html 2014-11-07 08:56:53.787831171 +0000 -@@ -38,6 +38,12 @@ CUPS adds the remote hostname ("name@ser - Note: This directive it not supported on OS X 10.7 or later. -
ServerName hostname-or-ip-address[:port]/version=1.1 -
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. -+
SSLOptions [AllowRC4] [AllowSSL3] -+
SSLOptions None -+
Sets encryption options (only in /etc/cups/client.conf). -+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -+The AllowRC4 option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. -+The AllowSSL3 option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. -
User name -
Specifies the default user name to use for requests. -
ValidateCerts Yes -diff -up cups-2.0.0/doc/help/man-cupsd.conf.html.str4476 cups-2.0.0/doc/help/man-cupsd.conf.html ---- cups-2.0.0/doc/help/man-cupsd.conf.html.str4476 2014-07-31 01:58:00.000000000 +0100 -+++ cups-2.0.0/doc/help/man-cupsd.conf.html 2014-11-07 08:56:53.788831175 +0000 -@@ -303,6 +303,12 @@ The default is "Minimal". -
SSLListen [ipv6-address]:port -
SSLListen *:port -
Listens on the specified address and port for encrypted connections. -+
SSLOptions [AllowRC4] [AllowSSL3] -+
SSLOptions None -+
Sets encryption options. -+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -+The AllowRC4 option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. -+The AllowSSL3 option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. -
SSLPort port -
Listens on the specified port for encrypted connections. -
StrictConformance Yes -diff -up cups-2.0.0/man/client.conf.man.in.str4476 cups-2.0.0/man/client.conf.man.in ---- cups-2.0.0/man/client.conf.man.in.str4476 2014-05-08 00:55:35.000000000 +0100 -+++ cups-2.0.0/man/client.conf.man.in 2014-11-07 08:56:53.794831203 +0000 -@@ -12,7 +12,7 @@ - .\" which should have been included with this file. If this file is - .\" file is missing or damaged, see the license at "http://www.cups.org/". - .\" --.TH client.conf 5 "CUPS" "7 May 2014" "Apple Inc." -+.TH client.conf 5 "CUPS" "20 October 2014" "Apple Inc." - .SH NAME - client.conf \- client configuration file for cups (deprecated) - .SH DESCRIPTION -@@ -56,6 +56,14 @@ Specifies the address and optionally the - \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR - Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. - .TP 5 -+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR] -+.TP 5 -+\fBSSLOptions None\fR -+Sets encryption options (only in /etc/cups/client.conf). -+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. -+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. -+.TP 5 - \fBUser \fIname\fR - Specifies the default user name to use for requests. - .TP 5 -diff -up cups-2.0.0/man/cupsd.conf.man.in.str4476 cups-2.0.0/man/cupsd.conf.man.in ---- cups-2.0.0/man/cupsd.conf.man.in.str4476 2014-07-28 15:04:32.000000000 +0100 -+++ cups-2.0.0/man/cupsd.conf.man.in 2014-11-07 08:56:53.794831203 +0000 -@@ -12,7 +12,7 @@ - .\" which should have been included with this file. If this file is - .\" file is missing or damaged, see the license at "http://www.cups.org/". - .\" --.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc." -+.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc." - .SH NAME - cupsd.conf \- server configuration file for cups - .SH DESCRIPTION -@@ -415,6 +415,14 @@ Set the specified environment variable t - \fBSSLListen *:\fIport\fR - Listens on the specified address and port for encrypted connections. - .TP 5 -+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR] -+.TP 5 -+\fBSSLOptions None\fR -+Sets encryption options. -+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. -+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. -+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. -+.TP 5 - \fBSSLPort \fIport\fR - Listens on the specified port for encrypted connections. - .TP 5 -diff -up cups-2.0.0/scheduler/conf.c.str4476 cups-2.0.0/scheduler/conf.c ---- cups-2.0.0/scheduler/conf.c.str4476 2014-09-30 19:56:48.000000000 +0100 -+++ cups-2.0.0/scheduler/conf.c 2014-11-07 08:56:53.796831212 +0000 -@@ -596,6 +596,8 @@ cupsdReadConfiguration(void) - # else - cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); - # endif /* HAVE_GNUTLS */ -+ -+ _httpTLSSetOptions(0); - #endif /* HAVE_SSL */ - - language = cupsLangDefault(); -@@ -2929,6 +2931,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - - "FaxRetryLimit is deprecated; use " - "JobRetryLimit on line %d.", linenum); - } -+ else if (!_cups_strcasecmp(line, "SSLOptions")) -+ { -+ /* -+ * SSLOptions [AllowRC4] [AllowSSL3] [None] -+ */ -+ -+ int options = 0; /* SSL/TLS options */ -+ -+ if (value) -+ { -+ char *start, /* Start of option */ -+ *end; /* End of option */ -+ -+ for (start = value; *start; start = end) -+ { -+ /* -+ * Find end of keyword... -+ */ -+ -+ end = start; -+ while (*end && !_cups_isspace(*end)) -+ end ++; -+ -+ if (*end) -+ *end++ = '\0'; -+ -+ /* -+ * Compare... -+ */ -+ -+ if (!_cups_strcasecmp(start, "AllowRC4")) -+ options |= _HTTP_TLS_ALLOW_RC4; -+ else if (!_cups_strcasecmp(start, "AllowSSL3")) -+ options |= _HTTP_TLS_ALLOW_SSL3; -+ else if (!_cups_strcasecmp(start, "None")) -+ options = 0; -+ else if (_cups_strcasecmp(start, "NoEmptyFragments")) -+ cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum); -+ } -+ } -+ -+ _httpTLSSetOptions(options); -+ } - else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") - #ifdef HAVE_SSL - || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen") diff --git a/cups-str4496.patch b/cups-str4496.patch deleted file mode 100644 index 5b8625d..0000000 --- a/cups-str4496.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up cups-1.7.5/scheduler/colorman.c.dbus-unref cups-1.7.5/scheduler/colorman.c ---- cups-1.7.5/scheduler/colorman.c.dbus-unref 2014-10-21 12:43:10.401299966 +0100 -+++ cups-1.7.5/scheduler/colorman.c 2014-10-21 12:43:12.870312593 +0100 -@@ -208,7 +208,9 @@ void - cupsdStopColor(void) - { - #if !defined(__APPLE__) && defined(HAVE_DBUS) -- dbus_connection_unref(colord_con); -+ if (colord_con) -+ dbus_connection_unref(colord_con); -+ - colord_con = NULL; - #endif /* !__APPLE__ && HAVE_DBUS */ - } diff --git a/cups-str4500.patch b/cups-str4500.patch deleted file mode 100644 index cabe572..0000000 --- a/cups-str4500.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up cups-2.0.0/cups/util.c.str4500 cups-2.0.0/cups/util.c ---- cups-2.0.0/cups/util.c.str4500 2014-10-15 12:59:27.105942488 +0100 -+++ cups-2.0.0/cups/util.c 2014-10-15 13:03:38.618187112 +0100 -@@ -846,10 +846,10 @@ cupsGetPPD3(http_t *http, /* I - H - - snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot, - name); -- if (!stat(ppdname, &ppdinfo)) -+ if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK)) - { - /* -- * OK, the file exists, use it! -+ * OK, the file exists and is readable, use it! - */ - - if (buffer[0]) diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch index 619f3af..7f1b0b2 100644 --- a/cups-systemd-socket.patch +++ b/cups-systemd-socket.patch @@ -1,7 +1,7 @@ -diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c ---- cups-2.0.0/cups/usersys.c.systemd-socket 2014-08-28 16:37:22.000000000 +0100 -+++ cups-2.0.0/cups/usersys.c 2014-10-16 14:39:05.839530224 +0100 -@@ -1028,7 +1028,7 @@ cups_read_client_conf( +diff -up cups-2.0.1/cups/usersys.c.systemd-socket cups-2.0.1/cups/usersys.c +--- cups-2.0.1/cups/usersys.c.systemd-socket 2014-10-20 20:24:56.000000000 +0200 ++++ cups-2.0.1/cups/usersys.c 2014-11-15 15:19:11.108125832 +0100 +@@ -1078,7 +1078,7 @@ cups_read_client_conf( struct stat sockinfo; /* Domain socket information */ if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && @@ -10,10 +10,10 @@ diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c cups_server = CUPS_DEFAULT_DOMAINSOCKET; else #endif /* CUPS_DEFAULT_DOMAINSOCKET */ -diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c ---- cups-2.0.0/scheduler/main.c.systemd-socket 2014-10-16 14:39:05.811530076 +0100 -+++ cups-2.0.0/scheduler/main.c 2014-10-16 14:39:05.839530224 +0100 -@@ -653,6 +653,12 @@ main(int argc, /* I - Number of comm +diff -up cups-2.0.1/scheduler/main.c.systemd-socket cups-2.0.1/scheduler/main.c +--- cups-2.0.1/scheduler/main.c.systemd-socket 2014-11-15 15:19:11.057126510 +0100 ++++ cups-2.0.1/scheduler/main.c 2014-11-15 15:19:11.108125832 +0100 +@@ -661,6 +661,12 @@ main(int argc, /* I - Number of comm cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand."); else #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ @@ -26,9 +26,9 @@ diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c if (fg) cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground."); else -diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.path.in ---- cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket 2014-03-21 14:50:24.000000000 +0000 -+++ cups-2.0.0/scheduler/org.cups.cupsd.path.in 2014-10-16 14:39:05.839530224 +0100 +diff -up cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.path.in +--- cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket 2014-03-21 15:50:24.000000000 +0100 ++++ cups-2.0.1/scheduler/org.cups.cupsd.path.in 2014-11-15 15:19:11.108125832 +0100 @@ -2,7 +2,7 @@ Description=CUPS Scheduler @@ -38,11 +38,13 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/s [Install] WantedBy=multi-user.target -diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.service.in ---- cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket 2014-03-21 14:50:24.000000000 +0000 -+++ cups-2.0.0/scheduler/org.cups.cupsd.service.in 2014-10-16 14:39:28.636650224 +0100 -@@ -2,9 +2,10 @@ +diff -up cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.service.in +--- cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket 2014-11-15 15:19:11.109125818 +0100 ++++ cups-2.0.1/scheduler/org.cups.cupsd.service.in 2014-11-15 15:19:56.480528155 +0100 +@@ -1,10 +1,11 @@ + [Unit] Description=CUPS Scheduler + Documentation=man:cupsd(8) +After=network.target [Service] @@ -53,4 +55,3 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0. [Install] Also=org.cups.cupsd.socket org.cups.cupsd.path - WantedBy=printer.target diff --git a/cups.spec b/cups.spec index 0d9b801..34c5aa5 100644 --- a/cups.spec +++ b/cups.spec @@ -10,17 +10,13 @@ Summary: CUPS printing system Name: cups Epoch: 1 -Version: 2.0.0 -Release: 12%{?dist} +Version: 2.0.1 +Release: 1%{?dist} License: GPLv2 Url: http://www.cups.org/ -Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 +Source0: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2 # Pixmap for desktop file Source2: cupsprinter.png -# socket unit for cups-lpd service -Source3: cups-lpd.socket -# cups-lpd service unit configuration -Source4: cups-lpd@.service # Logrotate configuration Source6: cups.logrotate # Backend for NCP protocol @@ -30,7 +26,6 @@ Source8: macros.cups Patch1: cups-no-gzip-man.patch Patch2: cups-system-auth.patch Patch3: cups-multilib.patch -Patch4: cups-str4476.patch Patch5: cups-banners.patch Patch6: cups-serverbin-compat.patch Patch7: cups-no-export-ssllibs.patch @@ -65,8 +60,6 @@ Patch35: cups-ipp-multifile.patch Patch36: cups-web-devices-timeout.patch Patch37: cups-journal.patch Patch38: cups-synconclose.patch -Patch39: cups-str4500.patch -Patch40: cups-str4496.patch Patch100: cups-lspp.patch @@ -196,9 +189,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch2 -p1 -b .system-auth # Prevent multilib conflict in cups-config script. %patch3 -p1 -b .multilib -# Re-introduce SSLOptions configuration directive, disable SSL3 by -# default (STR #4476). -%patch4 -p1 -b .str4476 # Ignore rpm save/new files in the banners directory. %patch5 -p1 -b .banners # Use compatibility fallback path for ServerBin. @@ -266,12 +256,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch37 -p1 -b .journal # Set the default for SyncOnClose to Yes. %patch38 -p1 -b .synconclose -# Fix cupsGetPPD3() so it doesn't give the caller an unreadable file -# (bug #1150917, STR #4500). -%patch39 -p1 -b .str4500 -# Upstream fix for cupsd crash on restart when colord not available -# (STR #4496). -%patch40 -p1 -b .str4496 %if %lspp # LSPP support. @@ -345,12 +329,12 @@ popd mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.path $RPM_BUILD_ROOT%{_unitdir}/cups.path mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.service $RPM_BUILD_ROOT%{_unitdir}/cups.service mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.socket $RPM_BUILD_ROOT%{_unitdir}/cups.socket +mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd.socket $RPM_BUILD_ROOT%{_unitdir}/cups-lpd.socket +mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd@.service $RPM_BUILD_ROOT%{_unitdir}/cups-lpd@.service /bin/sed -i -e "s,org.cups.cupsd,cups,g" $RPM_BUILD_ROOT%{_unitdir}/cups.service mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps $RPM_BUILD_ROOT%{_sysconfdir}/X11/sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/X11/applnk/System $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps -install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir} -install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir} install -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/cups install -p -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{cups_serverbin}/backend/ncp @@ -618,6 +602,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Sat Nov 15 2014 Jiri Popelka - 1:2.0.1-1 +- 2.0.1 + * Fri Nov 7 2014 Tim Waugh - 1:2.0.0-12 - Re-introduce SSLOptions configuration directive, disable SSL3 by default (STR #4476). diff --git a/sources b/sources index b335198..b605784 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2cdd81fea23e9e29555c24bdfd0d7c89 cups-2.0.0-source.tar.bz2 +7f7c33071035fb20d0879929a42da711 cups-2.0.1-source.tar.bz2