rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

2.0.1

Browse Source
This commit is contained in:
Jiri Popelka 2014-11-15 15:42:30 +01:00
parent 663d26f200
commit fce8f58b49
10 changed files with 84 additions and 741 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -64,3 +64,4 @@ cups-1.4.4-source.tar.bz2
/cups-1.7.5-source.tar.bz2
/cups-2.0rc1-source.tar.bz2
/cups-2.0.0-source.tar.bz2
/cups-2.0.1-source.tar.bz2

9
cups-lpd.socket
View File

@ -1,9 +0,0 @@
[Unit]
Description=CUPS-LPD Server Socket
[Socket]
ListenStream=515
Accept=yes
[Install]
WantedBy=sockets.target

8
cups-lpd@.service
View File

@ -1,8 +0,0 @@
[Unit]
Description=Allow legacy LPD clients to communicate with CUPS
Documentation=man:cups-lpd(8)
[Service]
ExecStart=-/usr/lib/cups/daemon/cups-lpd
StandardInput=socket
User=lp

114
cups-lspp.patch
View File

@ -1,6 +1,6 @@
diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in
--- cups-2.0.0/config.h.in.lspp 2014-08-30 02:51:22.000000000 +0100
+++ cups-2.0.0/config.h.in 2014-11-06 14:49:08.220421810 +0000
diff -up cups-2.0.1/config.h.in.lspp cups-2.0.1/config.h.in
--- cups-2.0.1/config.h.in.lspp 2014-08-30 03:51:22.000000000 +0200
+++ cups-2.0.1/config.h.in 2014-11-15 15:22:47.838306259 +0100
@@ -709,6 +709,13 @@ static __inline int _cups_abs(int i) { r
# endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */
@ -15,9 +15,9 @@ diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in
#endif /* !_CUPS_CONFIG_H_ */
/*
diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/cups-lspp.m4
--- cups-2.0.0/config-scripts/cups-lspp.m4.lspp 2014-11-06 14:49:08.220421810 +0000
+++ cups-2.0.0/config-scripts/cups-lspp.m4 2014-11-06 14:49:08.220421810 +0000
diff -up cups-2.0.1/config-scripts/cups-lspp.m4.lspp cups-2.0.1/config-scripts/cups-lspp.m4
--- cups-2.0.1/config-scripts/cups-lspp.m4.lspp 2014-11-15 15:22:47.838306259 +0100
+++ cups-2.0.1/config-scripts/cups-lspp.m4 2014-11-15 15:22:47.838306259 +0100
@@ -0,0 +1,36 @@
+dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -55,9 +55,9 @@ diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/c
+ ;;
+ esac
+fi
diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac
--- cups-2.0.0/configure.ac.lspp 2014-04-21 13:22:03.000000000 +0100
+++ cups-2.0.0/configure.ac 2014-11-06 14:49:08.220421810 +0000
diff -up cups-2.0.1/configure.ac.lspp cups-2.0.1/configure.ac
--- cups-2.0.1/configure.ac.lspp 2014-10-21 13:55:01.000000000 +0200
+++ cups-2.0.1/configure.ac 2014-11-15 15:22:47.838306259 +0100
@@ -36,6 +36,8 @@ sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4)
sinclude(config-scripts/cups-scripting.m4)
@ -67,9 +67,9 @@ diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac
INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES=""
LANGFILES=""
diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c
--- cups-2.0.0/filter/common.c.lspp 2014-02-06 18:33:34.000000000 +0000
+++ cups-2.0.0/filter/common.c 2014-11-06 14:49:08.220421810 +0000
diff -up cups-2.0.1/filter/common.c.lspp cups-2.0.1/filter/common.c
--- cups-2.0.1/filter/common.c.lspp 2014-02-06 19:33:34.000000000 +0100
+++ cups-2.0.1/filter/common.c 2014-11-15 15:22:47.838306259 +0100
@@ -19,6 +19,12 @@
* Include necessary headers...
*/
@ -238,9 +238,9 @@ diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c
/*
diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c
--- cups-2.0.0/filter/pstops.c.lspp 2014-02-06 18:33:34.000000000 +0000
+++ cups-2.0.0/filter/pstops.c 2014-11-06 14:49:08.221421819 +0000
diff -up cups-2.0.1/filter/pstops.c.lspp cups-2.0.1/filter/pstops.c
--- cups-2.0.1/filter/pstops.c.lspp 2014-02-06 19:33:34.000000000 +0100
+++ cups-2.0.1/filter/pstops.c 2014-11-15 15:22:47.839306246 +0100
@@ -3173,6 +3173,18 @@ write_label_prolog(pstops_doc_t *doc, /*
{
const char *classification; /* CLASSIFICATION environment variable */
@ -396,9 +396,9 @@ diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c
/*
diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in
--- cups-2.0.0/Makedefs.in.lspp 2014-11-06 14:49:08.186421483 +0000
+++ cups-2.0.0/Makedefs.in 2014-11-06 14:49:08.232421926 +0000
diff -up cups-2.0.1/Makedefs.in.lspp cups-2.0.1/Makedefs.in
--- cups-2.0.1/Makedefs.in.lspp 2014-11-15 15:22:47.766307192 +0100
+++ cups-2.0.1/Makedefs.in 2014-11-15 15:22:47.840306233 +0100
@@ -145,7 +145,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f
@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(LIBZ)
@ -408,9 +408,9 @@ diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in
ONDEMANDFLAGS = @ONDEMANDFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@
OPTIM = @OPTIM@
diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c
--- cups-2.0.0/scheduler/client.c.lspp 2014-08-28 16:37:22.000000000 +0100
+++ cups-2.0.0/scheduler/client.c 2014-11-06 14:54:15.305993839 +0000
diff -up cups-2.0.1/scheduler/client.c.lspp cups-2.0.1/scheduler/client.c
--- cups-2.0.1/scheduler/client.c.lspp 2014-08-28 17:37:22.000000000 +0200
+++ cups-2.0.1/scheduler/client.c 2014-11-15 15:22:47.842306207 +0100
@@ -24,12 +24,20 @@
#define _HTTP_NO_PRIVATE
#include "cupsd.h"
@ -630,9 +630,9 @@ diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c
/*
* 'pipe_command()' - Pipe the output of a command to the remote client.
diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h
--- cups-2.0.0/scheduler/client.h.lspp 2014-03-21 16:42:53.000000000 +0000
+++ cups-2.0.0/scheduler/client.h 2014-11-06 14:49:08.222421829 +0000
diff -up cups-2.0.1/scheduler/client.h.lspp cups-2.0.1/scheduler/client.h
--- cups-2.0.1/scheduler/client.h.lspp 2014-03-21 17:42:53.000000000 +0100
+++ cups-2.0.1/scheduler/client.h 2014-11-15 15:22:47.842306207 +0100
@@ -18,6 +18,13 @@
#endif /* HAVE_AUTHORIZATION_H */
@ -668,9 +668,9 @@ diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h
#ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con);
diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
--- cups-2.0.0/scheduler/conf.c.lspp 2014-11-06 14:49:08.215421762 +0000
+++ cups-2.0.0/scheduler/conf.c 2014-11-06 14:49:08.222421829 +0000
diff -up cups-2.0.1/scheduler/conf.c.lspp cups-2.0.1/scheduler/conf.c
--- cups-2.0.1/scheduler/conf.c.lspp 2014-11-15 15:22:47.832306336 +0100
+++ cups-2.0.1/scheduler/conf.c 2014-11-15 15:22:47.844306181 +0100
@@ -36,6 +36,9 @@
# define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */
@ -702,7 +702,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
/*
@@ -829,6 +839,25 @@ cupsdReadConfiguration(void)
@@ -831,6 +841,25 @@ cupsdReadConfiguration(void)
RunUser = getuid();
@ -728,7 +728,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled");
@@ -1220,7 +1249,19 @@ cupsdReadConfiguration(void)
@@ -1225,7 +1254,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification);
if (Classification)
@ -748,7 +748,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
/*
* Check the MaxClients setting, and then allocate memory for it...
@@ -3652,6 +3693,18 @@ read_location(cups_file_t *fp, /* I - C
@@ -3700,6 +3741,18 @@ read_location(cups_file_t *fp, /* I - C
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
@ -767,9 +767,9 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
/*
* 'read_policy()' - Read a <Policy name> definition.
diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h
--- cups-2.0.0/scheduler/conf.h.lspp 2014-11-06 14:49:08.212421733 +0000
+++ cups-2.0.0/scheduler/conf.h 2014-11-06 14:49:08.222421829 +0000
diff -up cups-2.0.1/scheduler/conf.h.lspp cups-2.0.1/scheduler/conf.h
--- cups-2.0.1/scheduler/conf.h.lspp 2014-11-15 15:22:47.825306427 +0100
+++ cups-2.0.1/scheduler/conf.h 2014-11-15 15:22:47.845306168 +0100
@@ -248,6 +248,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
#endif /* HAVE_SSL */
@ -794,9 +794,9 @@ diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h
/*
* Prototypes...
diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h
--- cups-2.0.0/scheduler/cupsd.h.lspp 2014-11-06 14:49:08.205421665 +0000
+++ cups-2.0.0/scheduler/cupsd.h 2014-11-06 14:49:08.222421829 +0000
diff -up cups-2.0.1/scheduler/cupsd.h.lspp cups-2.0.1/scheduler/cupsd.h
--- cups-2.0.1/scheduler/cupsd.h.lspp 2014-11-15 15:22:47.805306686 +0100
+++ cups-2.0.1/scheduler/cupsd.h 2014-11-15 15:22:47.846306155 +0100
@@ -13,6 +13,8 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
@ -828,9 +828,9 @@ diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h
/*
* Some OS's don't have hstrerror(), most notably Solaris...
*/
diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c
--- cups-2.0.0/scheduler/ipp.c.lspp 2014-11-06 14:49:08.175421377 +0000
+++ cups-2.0.0/scheduler/ipp.c 2014-11-06 15:07:01.724894473 +0000
diff -up cups-2.0.1/scheduler/ipp.c.lspp cups-2.0.1/scheduler/ipp.c
--- cups-2.0.1/scheduler/ipp.c.lspp 2014-11-15 15:22:47.739307542 +0100
+++ cups-2.0.1/scheduler/ipp.c 2014-11-15 15:22:47.851306090 +0100
@@ -16,6 +16,9 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
@ -1444,9 +1444,9 @@ diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c
/*
* Check the username against the owner...
*/
diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c
--- cups-2.0.0/scheduler/job.c.lspp 2014-11-06 14:49:08.182421444 +0000
+++ cups-2.0.0/scheduler/job.c 2014-11-06 15:07:38.589074429 +0000
diff -up cups-2.0.1/scheduler/job.c.lspp cups-2.0.1/scheduler/job.c
--- cups-2.0.1/scheduler/job.c.lspp 2014-11-15 15:22:47.755307335 +0100
+++ cups-2.0.1/scheduler/job.c 2014-11-15 15:22:47.855306038 +0100
@@ -13,6 +13,9 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
@ -1825,9 +1825,9 @@ diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c
/*
* Now start the first file in the job...
*/
diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h
--- cups-2.0.0/scheduler/job.h.lspp 2014-07-31 01:02:30.000000000 +0100
+++ cups-2.0.0/scheduler/job.h 2014-11-06 14:49:08.225421858 +0000
diff -up cups-2.0.1/scheduler/job.h.lspp cups-2.0.1/scheduler/job.h
--- cups-2.0.1/scheduler/job.h.lspp 2014-07-31 02:02:30.000000000 +0200
+++ cups-2.0.1/scheduler/job.h 2014-11-15 15:22:47.856306025 +0100
@@ -13,6 +13,13 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
@ -1853,9 +1853,9 @@ diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h
};
typedef struct cupsd_joblog_s /**** Job log message ****/
diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
--- cups-2.0.0/scheduler/main.c.lspp 2014-11-06 14:49:08.206421675 +0000
+++ cups-2.0.0/scheduler/main.c 2014-11-06 14:49:08.225421858 +0000
diff -up cups-2.0.1/scheduler/main.c.lspp cups-2.0.1/scheduler/main.c
--- cups-2.0.1/scheduler/main.c.lspp 2014-11-15 15:22:47.808306648 +0100
+++ cups-2.0.1/scheduler/main.c 2014-11-15 15:27:00.487987203 +0100
@@ -56,6 +56,9 @@ extern int launch_activate_socket(const
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
@ -1866,18 +1866,18 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
/*
* Local functions...
@@ -116,6 +119,9 @@ main(int argc, /* I - Number of comm
@@ -120,6 +123,9 @@ main(int argc, /* I - Number of comm
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
+#if WITH_LSPP
+ auditfail_t failmode; /* Action for audit_open failure */
+#endif /* WITH_LSPP */
int run_as_child = 0;
/* Needed for background fork/exec */
#ifdef __APPLE__
@@ -490,6 +496,25 @@ main(int argc, /* I - Number of comm
#endif /* DEBUG */
int use_sysman = 1; /* Use system management functions? */
#else
@@ -498,6 +504,25 @@ main(int argc, /* I - Number of comm
exit(errno);
}
+#ifdef WITH_LSPP
@ -1902,7 +1902,7 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
/*
* Set the timezone info...
*/
@@ -1149,6 +1174,11 @@ main(int argc, /* I - Number of comm
@@ -1160,6 +1185,11 @@ main(int argc, /* I - Number of comm
cupsdStopSelect();
@ -1914,9 +1914,9 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
return (!stop_scheduler);
}
diff -up cups-2.0.0/scheduler/printers.c.lspp cups-2.0.0/scheduler/printers.c
--- cups-2.0.0/scheduler/printers.c.lspp 2014-11-06 14:49:08.160421232 +0000
+++ cups-2.0.0/scheduler/printers.c 2014-11-06 14:49:08.226421868 +0000
diff -up cups-2.0.1/scheduler/printers.c.lspp cups-2.0.1/scheduler/printers.c
--- cups-2.0.1/scheduler/printers.c.lspp 2014-11-15 15:22:47.716307840 +0100
+++ cups-2.0.1/scheduler/printers.c 2014-11-15 15:22:47.860305973 +0100
@@ -13,6 +13,8 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/

599
cups-str4476.patch
View File

@ -1,599 +0,0 @@
diff -up cups-2.0.0/cups/http-private.h.str4476 cups-2.0.0/cups/http-private.h
--- cups-2.0.0/cups/http-private.h.str4476 2014-08-28 17:02:00.000000000 +0100
+++ cups-2.0.0/cups/http-private.h 2014-11-07 08:56:53.793831198 +0000
@@ -161,6 +161,9 @@ extern "C" {
#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
+#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
+#define _HTTP_TLS_ALLOW_SSL3 1 /* Allow SSL 3.0 */
+
/*
* Types and functions for SSL support...
@@ -420,6 +423,7 @@ extern void _httpTLSInitialize(void);
extern size_t _httpTLSPending(http_t *http);
extern int _httpTLSRead(http_t *http, char *buf, int len);
extern int _httpTLSSetCredentials(http_t *http);
+extern void _httpTLSSetOptions(int options);
extern int _httpTLSStart(http_t *http);
extern void _httpTLSStop(http_t *http);
extern int _httpTLSWrite(http_t *http, const char *buf, int len);
diff -up cups-2.0.0/cups/tls-darwin.c.str4476 cups-2.0.0/cups/tls-darwin.c
--- cups-2.0.0/cups/tls-darwin.c.str4476 2014-09-23 15:56:14.000000000 +0100
+++ cups-2.0.0/cups/tls-darwin.c 2014-11-07 08:56:53.791831189 +0000
@@ -27,6 +27,14 @@ extern char **environ;
/*
+ * Test define - set to 1 to use SSLSetEnabledCiphers. Currently disabled (0)
+ * because of <rdar://problem/18707430>.
+ */
+
+#define USE_SET_ENABLED_CIPHERS 0
+
+
+/*
* Local globals...
*/
@@ -41,6 +49,7 @@ static char *tls_keypath = NULL;
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
+static int tls_options = 0;/* Options for TLS connections */
#endif /* HAVE_SECKEYCHAINOPEN */
@@ -973,6 +982,17 @@ _httpTLSRead(http_t *http, /* I - HTTP
/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
+/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
@@ -1033,9 +1053,108 @@ _httpTLSStart(http_t *http) /* I - HTTP
{
error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth,
true);
- DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d",
- (int)error));
+ DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", (int)error));
+ }
+
+ if (!error)
+ {
+ error = SSLSetProtocolVersionMin(http->tls, (tls_options & _HTTP_TLS_ALLOW_SSL3) ? kSSLProtocol3 : kTLSProtocol1);
+ DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin, error=%d", (int)error));
+ }
+
+# if USE_SET_ENABLED_CIPHERS
+ if (!error)
+ {
+ SSLCipherSuite supported[100]; /* Supported cipher suites */
+ size_t num_supported; /* Number of supported cipher suites */
+ SSLCipherSuite enabled[100]; /* Cipher suites to enable */
+ size_t num_enabled; /* Number of cipher suites to enable */
+
+ num_supported = sizeof(supported) / sizeof(supported[0]);
+ error = SSLGetSupportedCiphers(http->tls, supported, &num_supported);
+
+ if (!error)
+ {
+ DEBUG_printf(("4_httpTLSStart: %d cipher suites supported.", (int)num_supported));
+
+ for (i = 0, num_enabled = 0; i < (int)num_supported && num_enabled < (sizeof(enabled) / sizeof(enabled[0])); i ++)
+ {
+ switch (supported[i])
+ {
+ /* Obviously insecure cipher suites that we never want to use */
+ case SSL_NULL_WITH_NULL_NULL :
+ case SSL_RSA_WITH_NULL_MD5 :
+ case SSL_RSA_WITH_NULL_SHA :
+ case SSL_RSA_EXPORT_WITH_RC4_40_MD5 :
+ case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 :
+ case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_RSA_WITH_DES_CBC_SHA :
+ case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_DSS_WITH_DES_CBC_SHA :
+ case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_RSA_WITH_DES_CBC_SHA :
+ case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DHE_DSS_WITH_DES_CBC_SHA :
+ case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DHE_RSA_WITH_DES_CBC_SHA :
+ case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 :
+ case SSL_DH_anon_WITH_RC4_128_MD5 :
+ case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA :
+ case SSL_DH_anon_WITH_DES_CBC_SHA :
+ case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA :
+ case SSL_FORTEZZA_DMS_WITH_NULL_SHA :
+ case TLS_DH_anon_WITH_AES_128_CBC_SHA :
+ case TLS_DH_anon_WITH_AES_256_CBC_SHA :
+ case TLS_ECDH_ECDSA_WITH_NULL_SHA :
+ case TLS_ECDHE_RSA_WITH_NULL_SHA :
+ case TLS_ECDH_anon_WITH_NULL_SHA :
+ case TLS_ECDH_anon_WITH_RC4_128_SHA :
+ case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA :
+ case TLS_ECDH_anon_WITH_AES_128_CBC_SHA :
+ case TLS_ECDH_anon_WITH_AES_256_CBC_SHA :
+ case TLS_RSA_WITH_NULL_SHA256 :
+ case TLS_DH_anon_WITH_AES_128_CBC_SHA256 :
+ case TLS_DH_anon_WITH_AES_256_CBC_SHA256 :
+ case TLS_PSK_WITH_NULL_SHA :
+ case TLS_DHE_PSK_WITH_NULL_SHA :
+ case TLS_RSA_PSK_WITH_NULL_SHA :
+ case TLS_DH_anon_WITH_AES_128_GCM_SHA256 :
+ case TLS_DH_anon_WITH_AES_256_GCM_SHA384 :
+ case TLS_PSK_WITH_NULL_SHA256 :
+ case TLS_PSK_WITH_NULL_SHA384 :
+ case TLS_DHE_PSK_WITH_NULL_SHA256 :
+ case TLS_DHE_PSK_WITH_NULL_SHA384 :
+ case TLS_RSA_PSK_WITH_NULL_SHA256 :
+ case TLS_RSA_PSK_WITH_NULL_SHA384 :
+ case SSL_RSA_WITH_DES_CBC_MD5 :
+ break;
+
+ /* RC4 cipher suites that should only be used as a last resort */
+ case SSL_RSA_WITH_RC4_128_MD5 :
+ case SSL_RSA_WITH_RC4_128_SHA :
+ case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
+ case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
+ case TLS_ECDH_RSA_WITH_RC4_128_SHA :
+ case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
+ case TLS_PSK_WITH_RC4_128_SHA :
+ case TLS_DHE_PSK_WITH_RC4_128_SHA :
+ case TLS_RSA_PSK_WITH_RC4_128_SHA :
+ if (tls_options & _HTTP_TLS_ALLOW_RC4)
+ enabled[num_enabled ++] = supported[i];
+ break;
+
+ /* Anything else we'll assume is secure */
+ default :
+ enabled[num_enabled ++] = supported[i];
+ break;
+ }
+ }
+
+ DEBUG_printf(("4_httpTLSStart: %d cipher suites enabled.", (int)num_enabled));
+ error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled);
+ }
}
+#endif /* USE_SET_ENABLED_CIPHERS */
if (!error && http->mode == _HTTP_MODE_CLIENT)
{
diff -up cups-2.0.0/cups/tls-gnutls.c.str4476 cups-2.0.0/cups/tls-gnutls.c
--- cups-2.0.0/cups/tls-gnutls.c.str4476 2014-09-23 15:56:14.000000000 +0100
+++ cups-2.0.0/cups/tls-gnutls.c 2014-11-07 08:56:53.792831194 +0000
@@ -36,6 +36,7 @@ static char *tls_keypath = NULL;
/* Server cert keychain path */
static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER;
/* Mutex for keychain/certs */
+static int tls_options = 0;/* Options for TLS connections */
/*
@@ -1002,6 +1003,17 @@ _httpTLSSetCredentials(http_t *http) /*
/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
+/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
@@ -1185,6 +1197,15 @@ _httpTLSStart(http_t *http) /* I - Conn
return (-1);
}
+ if (!tls_options)
+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+ else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4))
+ gnutls_priority_set_direct(http->tls, "NORMAL", NULL);
+ else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL);
+ else
+ gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
+
gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http);
gnutls_transport_set_pull_function(http->tls, http_gnutls_read);
#ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION
diff -up cups-2.0.0/cups/tls-sspi.c.str4476 cups-2.0.0/cups/tls-sspi.c
--- cups-2.0.0/cups/tls-sspi.c.str4476 2014-09-23 15:56:14.000000000 +0100
+++ cups-2.0.0/cups/tls-sspi.c 2014-11-07 08:56:53.790831185 +0000
@@ -1,7 +1,8 @@
/*
* "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $"
*
- * TLS support for CUPS on Windows using SSPI.
+ * TLS support for CUPS on Windows using the Security Support Provider
+ * Interface (SSPI).
*
* Copyright 2010-2014 by Apple Inc.
*
@@ -48,6 +49,14 @@
# define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID 0x00002000 /* Expired X509 Cert. */
#endif /* !SECURITY_FLAG_IGNORE_CERT_DATE_INVALID */
+
+/*
+ * Local globals...
+ */
+
+static int tls_options = 0;/* Options for TLS connections */
+
+
/*
* Local functions...
*/
@@ -897,6 +906,17 @@ _httpTLSRead(http_t *http, /* I - HTTP
/*
+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
+ */
+
+void
+_httpTLSSetOptions(int options) /* I - Options */
+{
+ tls_options = options;
+}
+
+
+/*
* '_httpTLSStart()' - Set up SSL/TLS support on a connection.
*/
@@ -1727,11 +1747,43 @@ http_sspi_find_credentials(
SchannelCred.paCred = &storedContext;
/*
- * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client.
+ * Set supported protocols (can also be overriden in the registry...)
*/
+#ifdef SP_PROT_TLS1_2_SERVER
if (http->mode == _HTTP_MODE_SERVER)
- SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1;
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER | SP_PROT_SSL3_SERVER;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER;
+ }
+ else
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_SSL3_CLIENT;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT;
+ }
+
+#else
+ if (http->mode == _HTTP_MODE_SERVER)
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
+ }
+ else
+ {
+ if (tls_options & _HTTP_TLS_ALLOW_SSL3)
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
+ else
+ SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
+ }
+#endif /* SP_PROT_TLS1_2_SERVER */
+
+ /* TODO: Support _HTTP_TLS_ALLOW_RC4 option; right now we'll rely on Windows registry to enable/disable RC4... */
/*
* Create an SSPI credential.
diff -up cups-2.0.0/cups/usersys.c.str4476 cups-2.0.0/cups/usersys.c
--- cups-2.0.0/cups/usersys.c.str4476 2014-08-28 16:37:22.000000000 +0100
+++ cups-2.0.0/cups/usersys.c 2014-11-07 08:56:53.791831189 +0000
@@ -52,7 +52,8 @@ static void cups_read_client_conf(cups_f
#endif /* HAVE_GSSAPI */
const char *cups_anyroot,
const char *cups_expiredcerts,
- const char *cups_validatecerts);
+ const char *cups_validatecerts,
+ int ssl_options);
/*
@@ -863,6 +864,30 @@ _cupsSetDefaults(void)
if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
!cg->user[0] || !cg->ipp_port)
{
+ /*
+ * Look for CUPS_SERVERROOT/client.conf...
+ */
+
+ snprintf(filename, sizeof(filename), "%s/client.conf",
+ cg->cups_serverroot);
+ fp = cupsFileOpen(filename, "r");
+
+ /*
+ * Read the configuration file and apply any environment variables; both
+ * functions handle NULL cups_file_t pointers...
+ */
+
+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
+#ifdef HAVE_GSSAPI
+ cups_gssservicename,
+#endif /* HAVE_GSSAPI */
+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 1);
+ cupsFileClose(fp);
+
+ /*
+ * Then user defaults, if it is safe to do so...
+ */
+
# ifdef HAVE_GETEUID
if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
# elif !defined(WIN32)
@@ -877,32 +902,19 @@ _cupsSetDefaults(void)
snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
fp = cupsFileOpen(filename, "r");
- }
- else
- fp = NULL;
- if (!fp)
- {
/*
- * Look for CUPS_SERVERROOT/client.conf...
+ * Read the configuration file and apply any environment variables; both
+ * functions handle NULL cups_file_t pointers...
*/
- snprintf(filename, sizeof(filename), "%s/client.conf",
- cg->cups_serverroot);
- fp = cupsFileOpen(filename, "r");
- }
-
- /*
- * Read the configuration file and apply any environment variables; both
- * functions handle NULL cups_file_t pointers...
- */
-
- cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
+ cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
#ifdef HAVE_GSSAPI
- cups_gssservicename,
+ cups_gssservicename,
#endif /* HAVE_GSSAPI */
- cups_anyroot, cups_expiredcerts, cups_validatecerts);
- cupsFileClose(fp);
+ cups_anyroot, cups_expiredcerts, cups_validatecerts, 0);
+ cupsFileClose(fp);
+ }
}
}
@@ -924,7 +936,8 @@ cups_read_client_conf(
#endif /* HAVE_GSSAPI */
const char *cups_anyroot, /* I - CUPS_ANYROOT env var */
const char *cups_expiredcerts, /* I - CUPS_EXPIREDCERTS env var */
- const char *cups_validatecerts)/* I - CUPS_VALIDATECERTS env var */
+ const char *cups_validatecerts,/* I - CUPS_VALIDATECERTS env var */
+ int ssl_options) /* I - Allow setting of SSLOptions? */
{
int linenum; /* Current line number */
char line[1024], /* Line from file */
@@ -996,6 +1009,43 @@ cups_read_client_conf(
cups_gssservicename = gss_service_name;
}
#endif /* HAVE_GSSAPI */
+ else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value)
+ {
+ /*
+ * SSLOptions [AllowRC4] [AllowSSL3] [None]
+ */
+
+ int options = 0; /* SSL/TLS options */
+ char *start, /* Start of option */
+ *end; /* End of option */
+
+ for (start = value; *start; start = end)
+ {
+ /*
+ * Find end of keyword...
+ */
+
+ end = start;
+ while (*end && !_cups_isspace(*end))
+ end ++;
+
+ if (*end)
+ *end++ = '\0';
+
+ /*
+ * Compare...
+ */
+
+ if (!_cups_strcasecmp(start, "AllowRC4"))
+ options |= _HTTP_TLS_ALLOW_RC4;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ options |= _HTTP_TLS_ALLOW_SSL3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = 0;
+ }
+
+ _httpTLSSetOptions(options);
+ }
}
/*
diff -up cups-2.0.0/doc/help/man-client.conf.html.str4476 cups-2.0.0/doc/help/man-client.conf.html
--- cups-2.0.0/doc/help/man-client.conf.html.str4476 2014-05-23 03:45:48.000000000 +0100
+++ cups-2.0.0/doc/help/man-client.conf.html 2014-11-07 08:56:53.787831171 +0000
@@ -38,6 +38,12 @@ CUPS adds the remote hostname ("name@ser
<b>Note: This directive it not supported on OS X 10.7 or later.</b>
<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
+<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
<dt><b>User </b><i>name</i>
<dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
<dt><b>ValidateCerts Yes</b>
diff -up cups-2.0.0/doc/help/man-cupsd.conf.html.str4476 cups-2.0.0/doc/help/man-cupsd.conf.html
--- cups-2.0.0/doc/help/man-cupsd.conf.html.str4476 2014-07-31 01:58:00.000000000 +0100
+++ cups-2.0.0/doc/help/man-cupsd.conf.html 2014-11-07 08:56:53.788831175 +0000
@@ -303,6 +303,12 @@ The default is "Minimal".
<dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
<dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
+<dd style="margin-left: 5.0em">Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
<dt><b>SSLPort </b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
<dt><b>StrictConformance Yes</b>
diff -up cups-2.0.0/man/client.conf.man.in.str4476 cups-2.0.0/man/client.conf.man.in
--- cups-2.0.0/man/client.conf.man.in.str4476 2014-05-08 00:55:35.000000000 +0100
+++ cups-2.0.0/man/client.conf.man.in 2014-11-07 08:56:53.794831203 +0000
@@ -12,7 +12,7 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH client.conf 5 "CUPS" "7 May 2014" "Apple Inc."
+.TH client.conf 5 "CUPS" "20 October 2014" "Apple Inc."
.SH NAME
client.conf \- client configuration file for cups (deprecated)
.SH DESCRIPTION
@@ -56,6 +56,14 @@ Specifies the address and optionally the
\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
.TP 5
+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
+.TP 5
+\fBSSLOptions None\fR
+Sets encryption options (only in /etc/cups/client.conf).
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+.TP 5
\fBUser \fIname\fR
Specifies the default user name to use for requests.
.TP 5
diff -up cups-2.0.0/man/cupsd.conf.man.in.str4476 cups-2.0.0/man/cupsd.conf.man.in
--- cups-2.0.0/man/cupsd.conf.man.in.str4476 2014-07-28 15:04:32.000000000 +0100
+++ cups-2.0.0/man/cupsd.conf.man.in 2014-11-07 08:56:53.794831203 +0000
@@ -12,7 +12,7 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc."
.SH NAME
cupsd.conf \- server configuration file for cups
.SH DESCRIPTION
@@ -415,6 +415,14 @@ Set the specified environment variable t
\fBSSLListen *:\fIport\fR
Listens on the specified address and port for encrypted connections.
.TP 5
+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
+.TP 5
+\fBSSLOptions None\fR
+Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+.TP 5
\fBSSLPort \fIport\fR
Listens on the specified port for encrypted connections.
.TP 5
diff -up cups-2.0.0/scheduler/conf.c.str4476 cups-2.0.0/scheduler/conf.c
--- cups-2.0.0/scheduler/conf.c.str4476 2014-09-30 19:56:48.000000000 +0100
+++ cups-2.0.0/scheduler/conf.c 2014-11-07 08:56:53.796831212 +0000
@@ -596,6 +596,8 @@ cupsdReadConfiguration(void)
# else
cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
# endif /* HAVE_GNUTLS */
+
+ _httpTLSSetOptions(0);
#endif /* HAVE_SSL */
language = cupsLangDefault();
@@ -2929,6 +2931,49 @@ read_cupsd_conf(cups_file_t *fp) /* I -
"FaxRetryLimit is deprecated; use "
"JobRetryLimit on line %d.", linenum);
}
+ else if (!_cups_strcasecmp(line, "SSLOptions"))
+ {
+ /*
+ * SSLOptions [AllowRC4] [AllowSSL3] [None]
+ */
+
+ int options = 0; /* SSL/TLS options */
+
+ if (value)
+ {
+ char *start, /* Start of option */
+ *end; /* End of option */
+
+ for (start = value; *start; start = end)
+ {
+ /*
+ * Find end of keyword...
+ */
+
+ end = start;
+ while (*end && !_cups_isspace(*end))
+ end ++;
+
+ if (*end)
+ *end++ = '\0';
+
+ /*
+ * Compare...
+ */
+
+ if (!_cups_strcasecmp(start, "AllowRC4"))
+ options |= _HTTP_TLS_ALLOW_RC4;
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
+ options |= _HTTP_TLS_ALLOW_SSL3;
+ else if (!_cups_strcasecmp(start, "None"))
+ options = 0;
+ else if (_cups_strcasecmp(start, "NoEmptyFragments"))
+ cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
+ }
+ }
+
+ _httpTLSSetOptions(options);
+ }
else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
#ifdef HAVE_SSL
|| !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")

14
cups-str4496.patch
View File

@ -1,14 +0,0 @@
diff -up cups-1.7.5/scheduler/colorman.c.dbus-unref cups-1.7.5/scheduler/colorman.c
--- cups-1.7.5/scheduler/colorman.c.dbus-unref 2014-10-21 12:43:10.401299966 +0100
+++ cups-1.7.5/scheduler/colorman.c 2014-10-21 12:43:12.870312593 +0100
@@ -208,7 +208,9 @@ void
cupsdStopColor(void)
{
#if !defined(__APPLE__) && defined(HAVE_DBUS)
- dbus_connection_unref(colord_con);
+ if (colord_con)
+ dbus_connection_unref(colord_con);
+
colord_con = NULL;
#endif /* !__APPLE__ && HAVE_DBUS */
}

16
cups-str4500.patch
View File

@ -1,16 +0,0 @@
diff -up cups-2.0.0/cups/util.c.str4500 cups-2.0.0/cups/util.c
--- cups-2.0.0/cups/util.c.str4500 2014-10-15 12:59:27.105942488 +0100
+++ cups-2.0.0/cups/util.c 2014-10-15 13:03:38.618187112 +0100
@@ -846,10 +846,10 @@ cupsGetPPD3(http_t *http, /* I - H
snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot,
name);
- if (!stat(ppdname, &ppdinfo))
+ if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
{
/*
- * OK, the file exists, use it!
+ * OK, the file exists and is readable, use it!
*/
if (buffer[0])

33
cups-systemd-socket.patch
View File

@ -1,7 +1,7 @@
diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c
--- cups-2.0.0/cups/usersys.c.systemd-socket 2014-08-28 16:37:22.000000000 +0100
+++ cups-2.0.0/cups/usersys.c 2014-10-16 14:39:05.839530224 +0100
@@ -1028,7 +1028,7 @@ cups_read_client_conf(
diff -up cups-2.0.1/cups/usersys.c.systemd-socket cups-2.0.1/cups/usersys.c
--- cups-2.0.1/cups/usersys.c.systemd-socket 2014-10-20 20:24:56.000000000 +0200
+++ cups-2.0.1/cups/usersys.c 2014-11-15 15:19:11.108125832 +0100
@@ -1078,7 +1078,7 @@ cups_read_client_conf(
struct stat sockinfo; /* Domain socket information */
if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
@ -10,10 +10,10 @@ diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c
cups_server = CUPS_DEFAULT_DOMAINSOCKET;
else
#endif /* CUPS_DEFAULT_DOMAINSOCKET */
diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c
--- cups-2.0.0/scheduler/main.c.systemd-socket 2014-10-16 14:39:05.811530076 +0100
+++ cups-2.0.0/scheduler/main.c 2014-10-16 14:39:05.839530224 +0100
@@ -653,6 +653,12 @@ main(int argc, /* I - Number of comm
diff -up cups-2.0.1/scheduler/main.c.systemd-socket cups-2.0.1/scheduler/main.c
--- cups-2.0.1/scheduler/main.c.systemd-socket 2014-11-15 15:19:11.057126510 +0100
+++ cups-2.0.1/scheduler/main.c 2014-11-15 15:19:11.108125832 +0100
@@ -661,6 +661,12 @@ main(int argc, /* I - Number of comm
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
else
#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
@ -26,9 +26,9 @@ diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c
if (fg)
cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground.");
else
diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.path.in
--- cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket 2014-03-21 14:50:24.000000000 +0000
+++ cups-2.0.0/scheduler/org.cups.cupsd.path.in 2014-10-16 14:39:05.839530224 +0100
diff -up cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.path.in
--- cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket 2014-03-21 15:50:24.000000000 +0100
+++ cups-2.0.1/scheduler/org.cups.cupsd.path.in 2014-11-15 15:19:11.108125832 +0100
@@ -2,7 +2,7 @@
Description=CUPS Scheduler
@ -38,11 +38,13 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/s
[Install]
WantedBy=multi-user.target
diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.service.in
--- cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket 2014-03-21 14:50:24.000000000 +0000
+++ cups-2.0.0/scheduler/org.cups.cupsd.service.in 2014-10-16 14:39:28.636650224 +0100
@@ -2,9 +2,10 @@
diff -up cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.service.in
--- cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket 2014-11-15 15:19:11.109125818 +0100
+++ cups-2.0.1/scheduler/org.cups.cupsd.service.in 2014-11-15 15:19:56.480528155 +0100
@@ -1,10 +1,11 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
+After=network.target
[Service]
@ -53,4 +55,3 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.
[Install]
Also=org.cups.cupsd.socket org.cups.cupsd.path
WantedBy=printer.target

29
cups.spec
View File

@ -10,17 +10,13 @@
Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.0.0
Release: 12%{?dist}
Version: 2.0.1
Release: 1%{?dist}
License: GPLv2
Url: http://www.cups.org/
Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
Source0: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
# Pixmap for desktop file
Source2: cupsprinter.png
# socket unit for cups-lpd service
Source3: cups-lpd.socket
# cups-lpd service unit configuration
Source4: cups-lpd@.service
# Logrotate configuration
Source6: cups.logrotate
# Backend for NCP protocol
@ -30,7 +26,6 @@ Source8: macros.cups
Patch1: cups-no-gzip-man.patch
Patch2: cups-system-auth.patch
Patch3: cups-multilib.patch
Patch4: cups-str4476.patch
Patch5: cups-banners.patch
Patch6: cups-serverbin-compat.patch
Patch7: cups-no-export-ssllibs.patch
@ -65,8 +60,6 @@ Patch35: cups-ipp-multifile.patch
Patch36: cups-web-devices-timeout.patch
Patch37: cups-journal.patch
Patch38: cups-synconclose.patch
Patch39: cups-str4500.patch
Patch40: cups-str4496.patch
Patch100: cups-lspp.patch
@ -196,9 +189,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch2 -p1 -b .system-auth
# Prevent multilib conflict in cups-config script.
%patch3 -p1 -b .multilib
# Re-introduce SSLOptions configuration directive, disable SSL3 by
# default (STR #4476).
%patch4 -p1 -b .str4476
# Ignore rpm save/new files in the banners directory.
%patch5 -p1 -b .banners
# Use compatibility fallback path for ServerBin.
@ -266,12 +256,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch37 -p1 -b .journal
# Set the default for SyncOnClose to Yes.
%patch38 -p1 -b .synconclose
# Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
# (bug #1150917, STR #4500).
%patch39 -p1 -b .str4500
# Upstream fix for cupsd crash on restart when colord not available
# (STR #4496).
%patch40 -p1 -b .str4496
%if %lspp
# LSPP support.
@ -345,12 +329,12 @@ popd
mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.path $RPM_BUILD_ROOT%{_unitdir}/cups.path
mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.service $RPM_BUILD_ROOT%{_unitdir}/cups.service
mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.socket $RPM_BUILD_ROOT%{_unitdir}/cups.socket
mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd.socket $RPM_BUILD_ROOT%{_unitdir}/cups-lpd.socket
mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd@.service $RPM_BUILD_ROOT%{_unitdir}/cups-lpd@.service
/bin/sed -i -e "s,org.cups.cupsd,cups,g" $RPM_BUILD_ROOT%{_unitdir}/cups.service
mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps $RPM_BUILD_ROOT%{_sysconfdir}/X11/sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/X11/applnk/System $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}
install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}
install -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/cups
install -p -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{cups_serverbin}/backend/ncp
@ -618,6 +602,9 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
* Sat Nov 15 2014 Jiri Popelka <jpopelka@redhat.com> - 1:2.0.1-1
- 2.0.1
* Fri Nov 7 2014 Tim Waugh <twaugh@redhat.com> - 1:2.0.0-12
- Re-introduce SSLOptions configuration directive, disable SSL3 by
default (STR #4476).

2
sources
View File

@ -1 +1 @@
2cdd81fea23e9e29555c24bdfd0d7c89 cups-2.0.0-source.tar.bz2
7f7c33071035fb20d0879929a42da711 cups-2.0.1-source.tar.bz2