11 changed files with 1 additions and 589 deletions
--- a/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
+++ b/SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
@ -1,21 +0,0 @@
 diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
 --- cups-2.3.3op2/backend/lpd.c.lpd-delay	2021-02-01 22:10:25.000000000 +0100
 +++ cups-2.3.3op2/backend/lpd.c	2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int	abort_job = 0;		/* Non-zero i
 #define RESERVE_NONE		0	/* Don't reserve a priviledged port */
 #define RESERVE_RFC1179		1	/* Reserve port 721-731 */
 -#define RESERVE_ANY		2	/* Reserve port 1-1023 */
 +#define RESERVE_ANY		2	/* Reserve port 512-1023 */
 /*
@@ -778,7 +778,7 @@ lpd_queue(const char      *hostname,	/*
       if (lport < 721 && reserve == RESERVE_RFC1179)
 	lport = 731;
 -      else if (lport < 1)
 +      else if (lport < 512)
 	lport = 1023;
 #ifdef HAVE_GETEUID
--- a/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
+++ b/SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
@ -1,64 +0,0 @@
 From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
 From: Rose <83477269+AtariDreams@users.noreply.github.com>
 Date: Thu, 1 Jun 2023 11:33:39 -0400
 Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
 httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
 We have to log the hostname first.
 ---
 scheduler/client.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)
 diff --git a/scheduler/client.c b/scheduler/client.c
 index 91e441188..327473a4d 100644
 --- a/scheduler/client.c
 +++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
    /*
     * Can't have an unresolved IP address with double-lookups enabled...
     */
 -
 -    httpClose(con->http);
 -
     cupsdLogClient(con, CUPSD_LOG_WARN,
 -                    "Name lookup failed - connection from %s closed!",
 +                    "Name lookup failed - closing connection from %s!",
                     httpGetHostname(con->http, NULL, 0));
 +    httpClose(con->http);
     free(con);
     return;
   }
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
       * with double-lookups enabled...
       */
 -      httpClose(con->http);
 -
       cupsdLogClient(con, CUPSD_LOG_WARN,
 -                      "IP lookup failed - connection from %s closed!",
 +                      "IP lookup failed - closing connection from %s!",
                       httpGetHostname(con->http, NULL, 0));
 +
 +      httpClose(con->http);
       free(con);
       return;
     }
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
   if (!hosts_access(&wrap_req))
   {
 -    httpClose(con->http);
 -
     cupsdLogClient(con, CUPSD_LOG_WARN,
                     "Connection from %s refused by /etc/hosts.allow and "
 		    "/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
 +
 +    httpClose(con->http);
     free(con);
     return;
   }
 -- 
 2.41.0
--- a/SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch
+++ b/SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch
@ -1,31 +0,0 @@
 From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
 From: Michael R Sweet <michael.r.sweet@gmail.com>
 Date: Tue, 6 Dec 2022 09:04:01 -0500
 Subject: [PATCH] Require authentication for CUPS-Get-Document.
 ---
 conf/cupsd.conf.in | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
 index b25884907..a07536f3e 100644
 --- a/conf/cupsd.conf.in
 +++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
     Order deny,allow
   </Limit>
 -  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
 +  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
 +    Require user @OWNER @SYSTEM
 +    Order deny,allow
 +  </Limit>
 +
 +  <Limit CUPS-Get-Document>
 +    AuthType Default
     Require user @OWNER @SYSTEM
     Order deny,allow
   </Limit>
 -- 
 2.41.0
--- a/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
+++ b/SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
@ -1,48 +0,0 @@
 From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
 From: Bryan Mason <bmason@redhat.com>
 Date: Tue, 27 Jun 2023 04:18:46 -0700
 Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
 single job (#742)
 The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
 operation; however, the correct attribute to use for Cancel-job is
 "purge-job" (singular), not "purge-jobs" (plural).  As a result, job
 files are not removed from /var/spool/cups when "cancel -x <job>" is
 executed.
 This patch resolves the issue by adding "purge-job" when the IPP
 operation is Cancel-Job and "purge-jobs" for other IPP operations
 (Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
 ---
 systemv/cancel.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/systemv/cancel.c b/systemv/cancel.c
 index 572f413e1..f5b8e12b5 100644
 --- a/systemv/cancel.c
 +++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int  argc,				/* I - Number of command-line arguments */
       *    attributes-natural-language
       *    printer-uri + job-id *or* job-uri
       *    [requesting-user-name]
 +      *    [purge-job] or [purge-jobs]
       */
       request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int  argc,				/* I - Number of command-line arguments */
                      "requesting-user-name", NULL, cupsUser());
       if (purge)
 -	ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
 +      {
 +	if (op == IPP_CANCEL_JOB)
 +	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
 +	else
 +	  ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
 +      }
      /*
       * Do the request and get back a response...
 -- 
 2.41.0
--- a/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
+++ b/SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
@ -1,35 +0,0 @@
 From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
 From: Vasilis Liaskovitis <vliaskovitis@suse.com>
 Date: Wed, 1 Mar 2023 13:46:28 +0100
 Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
 #308)
 Use a listen queue size of INT_MAX, which should default to the maximum
 supported queue size on the system.
 This avoids the problem of the listening backlog queue getting full when
 there are too many requests at the same time. The problem was observed
 with the previous backlog size (128) by customers when submitting large
 batches of print jobs, resulting in some jobs getting lost.
 Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
 ---
 cups/http-addr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/cups/http-addr.c b/cups/http-addr.c
 index a61ee0449..6aeeb8074 100644
 --- a/cups/http-addr.c
 +++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
   * Listen...
   */
 -  if (listen(fd, 5))
 +  if (listen(fd, INT_MAX))
   {
     _cupsSetHTTPError(HTTP_STATUS_ERROR);
 -- 
 2.41.0
--- a/SOURCES/0001-cups-strlcpy-handle-zero-size.patch
+++ b/SOURCES/0001-cups-strlcpy-handle-zero-size.patch
@ -1,26 +0,0 @@
 From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
 From: Michael R Sweet <michael.r.sweet@gmail.com>
 Date: Wed, 17 May 2023 12:59:57 -0400
 Subject: [PATCH] Consensus fix.
 ---
 cups/string.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/cups/string.c b/cups/string.c
 index 00454203c..b4fc12050 100644
 --- a/cups/string.c
 +++ b/cups/string.c
@@ -730,6 +731,9 @@ _cups_strlcpy(char       *dst,		/* O - Destination string */
   size_t	srclen;			/* Length of source string */
 +  if (size == 0)
 +    return (0);
 +
  /*
   * Figure out how much room is needed...
   */
 -- 
 2.40.1
--- a/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
+++ b/SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
@ -1,43 +0,0 @@
 diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
 --- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup	2023-12-19 18:25:15.484637450 +0100
 +++ cups-2.2.6/cups/http-addrlist.c	2023-12-19 18:28:57.129163387 +0100
@@ -313,6 +313,39 @@ httpAddrConnect2(
       {
 #  ifdef HAVE_POLL
 	DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
 +
 +#    ifdef _WIN32
 +	if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
 +	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
 +#    else
 +	if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
 +	    ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
 +#    endif /* _WIN32 */
 +	{
 +	  // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
 +	  // asynchronous connections. The solution seems to be to use getsockopt to
 +	  // check the SO_ERROR value and ignore the POLLHUP if there is no error or
 +	  // the error is EINPROGRESS.
 +
 +	  int	    sres,		 /* Return value from getsockopt() - 0, or -1 if error */
 +		    serr;		 /* Option SO_ERROR value */
 +	  socklen_t slen = sizeof(serr); /* Option value size */
 +
 +	  sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
 +
 +	  if (sres || serr)
 +	  {
 +	    pfds[i].revents |= POLLERR;
 +#    ifdef DEBUG
 +	    DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
 +#    endif
 +	  }
 +	  else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
 +	  {
 +	    pfds[i].revents &= ~POLLHUP;
 +	  }
 +	}
 +
 	if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
 #  else
 	if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))
--- a/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
+++ b/SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
@ -1,36 +0,0 @@
 From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
 From: Zdenek Dohnal <zdohnal@redhat.com>
 Date: Fri, 1 Sep 2023 17:11:54 +0200
 Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
 cups-files.conf
 In case cupsd can't open the cups-files.conf, the error message is lost
 if journal and syslog don't exist or work on system (usually in
 containers).
 Log the error into stderr at this place to get the error message if
 needed.
 ---
 scheduler/conf.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)
 diff --git a/scheduler/conf.c b/scheduler/conf.c
 index b18535162..4fa7eb1df 100644
 --- a/scheduler/conf.c
 +++ b/scheduler/conf.c
@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
     cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
   else
   {
 -#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
 -    sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
 -#else
 -    syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
 -#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
 +    fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
     return (0);
   }
 -- 
 2.41.0
--- a/SOURCES/cups-preservejob-leak.patch
+++ b/SOURCES/cups-preservejob-leak.patch
@ -1,31 +0,0 @@
 diff --git a/scheduler/colorman.c b/scheduler/colorman.c
 index 8af4e5c..9bfdb0c 100644
 --- a/scheduler/colorman.c
 +++ b/scheduler/colorman.c
@@ -1083,7 +1083,7 @@ colord_create_profile(
   dbus_message_iter_get_basic(&args, &profile_path);
   cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
 -  cupsArrayAdd(profiles, strdup(profile_path));
 +  cupsArrayAdd(profiles, profile_path);
 out:
 diff --git a/scheduler/job.c b/scheduler/job.c
 index 0223bee..47d4c72 100644
 --- a/scheduler/job.c
 +++ b/scheduler/job.c
@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t       *job,	/* I - Job */
     job->num_files = 0;
   }
 +  unload_job(job);
 +
   if (job->history)
     free_job_history(job);
 -  unload_job(job);
 -
   cupsArrayRemove(Jobs, job);
   cupsArrayRemove(ActiveJobs, job);
   cupsArrayRemove(PrintingJobs, job);
--- a/SOURCES/upgrade_get_document.py.in
+++ b/SOURCES/upgrade_get_document.py.in
@ -1,171 +0,0 @@
@PYTHON_SHEBANG@
 """
 Upgrade script to enable authentication for CUPS-Get-Document in
 default policy
 """
 import os
 import sys
 from shutil import copy
 def get_cupsd_conf():
    """
    Get all lines from cupsd.conf
    """
    if not os.path.exists('/etc/cups/cupsd.conf'):
        return None
    lines = []
    with open('/etc/cups/cupsd.conf', 'r') as conf:
        lines = conf.readlines()
    return lines
 def get_default_policy(lines):
    """
    Get the default policy lines
    :param list lines: lines from cupsd.conf
    """
    default_policy = []
    in_policy = False
    for line in lines:
        if not in_policy and not line.lstrip().startswith('<Policy default>'):
            continue
        default_policy.append(line)
        if line.lstrip().startswith('</Policy>'):
            return default_policy
        in_policy = True
    return default_policy
 def get_limit_with_document(lines):
    """
    Get <Limit> scope which defines CUPS-Get-Document operation
    :param list lines: Lines containing the default policy
    """
    limit = []
    in_limit = False
    for line in lines:
        if not in_limit and not line.lstrip().startswith('<Limit'):
            continue
        if (not in_limit and line.lstrip().startswith('<Limit') and
            not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
            continue
        limit.append(line)
        if line.lstrip().startswith('</Limit>'):
            return limit
        in_limit = True
    return limit
 def check_for_authtype(lines):
    """
    Check if <Limit> defining CUPS-Get-Document defines
    any authentication
    :param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
    """
    for line in lines:
        if line.lstrip().startswith('AuthType'):
            return True
    return False
 def migrate_cupsd_conf(lines):
    """
    Make changes to cupsd.conf contents to use authentication
    for CUPS-Get-Document
    :param list lines: Lines from cupsd.conf
    """
    new_lines = []
    in_policy = False
    create_document_limit = False
    for line in lines:
        if (in_policy and line.lstrip().startswith('<Limit') and
            not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
            'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
            line = line.replace(' CUPS-Get-Document', '')
            create_document_limit = True
        if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
            new_lines.append('\n')
            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
                             '# added during upgrade\n')
            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
                             '<Limit CUPS-Get-Document>\n')
            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
                             'AuthType Default\n')
            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
                             'Require user @OWNER @SYSTEM\n')
            new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
                             'Order deny,allow\n')
            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
                             '</Limit>\n')
            create_document_limit = False
        new_lines.append(line)
        if not in_policy:
            if line.lstrip().startswith('<Policy default>'):
                in_policy = True
            continue
        if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
                             '# added during upgrade\n')
            new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
                             'AuthType Default\n')
            continue
        if line.lstrip().startswith('</Policy>'):
            in_policy = False
            continue
    return new_lines
 def apply_changes(lines):
    """
    Backup the original file if there is no .rpmsave already and
    apply changes to the actual cupsd.conf
    :param list lines: New lines for cupsd.conf
    """
    if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
        copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
    with open('/etc/cups/cupsd.conf', 'w') as conf:
        conf.writelines(lines)
 content = get_cupsd_conf()
 if content is None:
    sys.exit(1)
 if check_for_authtype(get_limit_with_document(get_default_policy(content))):
    sys.exit(0)
 new_content = migrate_cupsd_conf(content)
 apply_changes(new_content)
 sys.exit(0)
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@ -7,13 +7,6 @@
 # but we use lib for compatibility with 3rd party drivers (at upstream request).
 %global cups_serverbin %{_exec_prefix}/lib/cups
 # we still need something for python2...
 %if 0%{?rhel} >= 8 || 0%{?fedora}
 %global __python %{__python3}
 %else
 %global __python /usr/bin/python2
 %endif
 #%%global prever rc1
 #%%global VERSION %%{version}%%{prever}
 %global VERSION %{version}
@ -22,7 +15,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.6
-Release: 57%{?dist}
+Release: 51%{?dist}
 License: GPLv2+ and LGPLv2 with exceptions and AML
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -33,8 +26,6 @@ Source6: cups.logrotate
 # Backend for NCP protocol
 Source7: ncp.backend
 Source8: macros.cups
 # CVE-2023-32360 migration script
 Source9: upgrade_get_document.py.in
 Patch1: cups-no-gzip-man.patch
 Patch2: cups-system-auth.patch
@ -152,24 +143,6 @@ Patch77: cups-retry-current-job-man.patch
 Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
 # 2130391 - Kerberized IPP Printing Fails
 Patch79: cups-kerberos.patch
 # 2217178 - Delays printing to lpd when reserved ports are exhausted
 Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
 # 2217283 - The command "cancel -x <job>" does not remove job files
 Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
 # 2217955 - Enlarge backlog queue for listen() in cupsd
 Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
 # CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 Patch84: 0001-cups-strlcpy-handle-zero-size.patch
 # CVE-2023-32360 cups:  Information leak through Cups-Get-Document operation
 Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
 # RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
 Patch86: cups-preservejob-leak.patch
 # RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
 Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
 # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
 Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
 Patch1000: cups-lspp.patch
@ -216,9 +189,6 @@ Requires(post): grep, sed
 Requires(preun): systemd
 Requires(postun): systemd
 # for upgrade-get-document script
 Requires(post): %{__python}
 # We ship udev rules which use setfacl.
 Requires: systemd
 Requires: acl
@ -459,24 +429,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch78 -p1 -b .manpage-update
 # 2130391 - Kerberized IPP Printing Fails
 %patch79 -p1 -b .kerberos
 # 2217178 - Delays printing to lpd when reserved ports are exhausted
 %patch80 -p1 -b .lpd-delay
 # 2217283 - The command "cancel -x <job>" does not remove job files
 %patch81 -p1 -b .purge-job
 # 2217955 - Enlarge backlog queue for listen() in cupsd
 %patch82 -p1 -b .listen-backlog
 # CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 %patch83 -p1 -b .cve34241
 # CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 %patch84 -p1 -b .cve32324
 # CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
 %patch85 -p1 -b .get-document-auth
 # RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
 %patch86 -p1 -b .preservejob-leak
 # RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
 %patch87 -p1 -b .message-stderr
 # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
 %patch88 -p1 -b .cupsgetjobs-pollhup
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -626,11 +578,6 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
 /^\([^%].*\)/d
 ' > %{name}.lang
 # install get-document upgrade script
 install -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/upgrade_get_document
 sed -i 's,@PYTHON_SHEBANG@,#!%{__python},' %{buildroot}%{_sbindir}/upgrade_get_document
 %post
 %systemd_post %{name}.path %{name}.socket %{name}.service
@ -693,8 +640,6 @@ fi
 grep '^\s*IdleExitTimeout' %{_sysconfdir}/cups/cupsd.conf &> /dev/null || echo -e '\nIdleExitTimeout 0' \
 >> %{_sysconfdir}/cups/cupsd.conf
 %{_sbindir}/upgrade_get_document
 exit 0
 %post client
@ -903,33 +848,6 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 %changelog
 * Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57
 - revert RHEL-19200 - no new subpackages are needed
 * Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-56
 - RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
 - RHEL-19200 Recommend new cups-filters subpackages with weak dep for better upgrade exp
 * Fri Nov 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-55
 - RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
 - RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
 * Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
 - RHEL-2612 - cups pulls an unneeded dependency on python3
 * Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
 - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
 * Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
 - 2217178 - Delays printing to lpd when reserved ports are exhausted
 - 2217283 - The command "cancel -x <job>" does not remove job files
 - 2217955 - Enlarge backlog queue for listen() in cupsd
 - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
 - CVE-2023-32324 cups: heap buffer overflow may lead to DoS
 * Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
 - RHEL-316 - Enable fmf tests in centos stream
 * Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
 - 2130391 - Kerberized IPP Printing Fails