Compare commits
	
		
			No commits in common. "c8" and "c8-beta" have entirely different histories.
		
	
	
		
	
		
| @ -1,86 +0,0 @@ | ||||
| diff --git a/cups/http-addr.c b/cups/http-addr.c
 | ||||
| index 61c86384b..e86dcb622 100644
 | ||||
| --- a/cups/http-addr.c
 | ||||
| +++ b/cups/http-addr.c
 | ||||
| @@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr,	/* I - Address to bind to */
 | ||||
|    { | ||||
|      mode_t	mask;			/* Umask setting */ | ||||
|   | ||||
| -   /*
 | ||||
| -    * Remove any existing domain socket file...
 | ||||
| -    */
 | ||||
| -
 | ||||
| -    unlink(addr->un.sun_path);
 | ||||
| -
 | ||||
| -   /*
 | ||||
| -    * Save the current umask and set it to 0 so that all users can access
 | ||||
| -    * the domain socket...
 | ||||
| -    */
 | ||||
| -
 | ||||
| -    mask = umask(0);
 | ||||
| -
 | ||||
| -   /*
 | ||||
| -    * Bind the domain socket...
 | ||||
| -    */
 | ||||
| +    // Remove any existing domain socket file...
 | ||||
| +    if ((status = unlink(addr->un.sun_path)) < 0)
 | ||||
| +    {
 | ||||
| +      DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
 | ||||
| +      if (errno == ENOENT)
 | ||||
| +       status = 0;
 | ||||
| +    }
 | ||||
|   | ||||
| -    status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
 | ||||
| +    if (!status)
 | ||||
| +    {
 | ||||
| +      // Save the current umask and set it to 0 so that all users can access
 | ||||
| +      // the domain socket...
 | ||||
| +      mask = umask(0);
 | ||||
|   | ||||
| -   /*
 | ||||
| -    * Restore the umask and fix permissions...
 | ||||
| -    */
 | ||||
| +      // Bind the domain socket...
 | ||||
| +      if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
 | ||||
| +      {
 | ||||
| +        DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
 | ||||
| +      }
 | ||||
|   | ||||
| -    umask(mask);
 | ||||
| -    chmod(addr->un.sun_path, 0140777);
 | ||||
| +      // Restore the umask...
 | ||||
| +      umask(mask);
 | ||||
| +    }
 | ||||
|    } | ||||
|    else | ||||
|  #endif /* AF_LOCAL */ | ||||
| diff --git a/scheduler/conf.c b/scheduler/conf.c
 | ||||
| index bc52d2add..93de8cf77 100644
 | ||||
| --- a/scheduler/conf.c
 | ||||
| +++ b/scheduler/conf.c
 | ||||
| @@ -3055,6 +3055,25 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
 | ||||
|   | ||||
|        cupsd_listener_t	*lis;		/* New listeners array */ | ||||
|   | ||||
| +     /*
 | ||||
| +      * If we are launched on-demand, do not use domain sockets from the config
 | ||||
| +      * file.  Also check that the domain socket path is not too long...
 | ||||
| +      */
 | ||||
| +
 | ||||
| +#ifdef HAVE_ONDEMAND
 | ||||
| +      if (*value == '/' && OnDemand)
 | ||||
| +      {
 | ||||
| +        if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
 | ||||
| +          cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
 | ||||
| +        continue;
 | ||||
| +      }
 | ||||
| +#endif // HAVE_ONDEMAND
 | ||||
| +
 | ||||
| +      if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
 | ||||
| +      {
 | ||||
| +        cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
 | ||||
| +        continue;
 | ||||
| +      }
 | ||||
|   | ||||
|       /* | ||||
|        * Get the address list... | ||||
| @ -1,26 +0,0 @@ | ||||
| From 5cc470c8d95df40f32e8a401b2946886c91b03d1 Mon Sep 17 00:00:00 2001 | ||||
| From: Michael R Sweet <msweet@msweet.org> | ||||
| Date: Fri, 15 Nov 2024 11:55:07 -0500 | ||||
| Subject: [PATCH] Fix make-and-model whitespace trimming (Issue #1096) | ||||
| 
 | ||||
| ---
 | ||||
|  CHANGES.md       | 1 + | ||||
|  cups/ppd-cache.c | 2 ++ | ||||
|  2 files changed, 3 insertions(+) | ||||
| 
 | ||||
| diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
 | ||||
| index a6163a0e1..a3198a795 100644
 | ||||
| --- a/cups/ppd-cache.c
 | ||||
| +++ b/cups/ppd-cache.c
 | ||||
| @@ -3293,6 +3293,8 @@ _ppdCreateFromIPP2(
 | ||||
|        mptr --; | ||||
|        if (*mptr == ' ') | ||||
|  	*mptr = '\0'; | ||||
| +      else
 | ||||
| +        break;
 | ||||
|      } | ||||
|   | ||||
|      if (!make[0]) | ||||
| -- 
 | ||||
| 2.47.0 | ||||
| 
 | ||||
| @ -1,40 +0,0 @@ | ||||
| diff --git a/scheduler/ipp.c b/scheduler/ipp.c
 | ||||
| index 728d164..5089172 100644
 | ||||
| --- a/scheduler/ipp.c
 | ||||
| +++ b/scheduler/ipp.c
 | ||||
| @@ -5773,6 +5773,18 @@ create_local_bg_thread(
 | ||||
|      cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString()); | ||||
|    } | ||||
|   | ||||
| +  // Validate response from printer...
 | ||||
| +  if (!ippValidateAttributes(response))
 | ||||
| +  {
 | ||||
| +    cupsdLogMessage(CUPSD_LOG_ERROR, "%s: The printer contains invalid attributes.", printer->name);
 | ||||
| +
 | ||||
| +    if (response)
 | ||||
| +      ippDelete(response);
 | ||||
| +
 | ||||
| +    httpClose(http);
 | ||||
| +    return (NULL);
 | ||||
| +  }
 | ||||
| +
 | ||||
|    // TODO: Grab printer icon file... | ||||
|    httpClose(http); | ||||
|   | ||||
| diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
 | ||||
| index daf24d5..eba7551 100644
 | ||||
| --- a/systemv/lpadmin.c
 | ||||
| +++ b/systemv/lpadmin.c
 | ||||
| @@ -1226,6 +1226,12 @@ get_printer_ppd(
 | ||||
|    ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs); | ||||
|    response = cupsDoRequest(http, request, resource); | ||||
|   | ||||
| +  if (response && !ippValidateAttributes(response))
 | ||||
| +  {
 | ||||
| +    _cupsLangPrintf(stderr, _("%s: The printer \"%s\" contains invalid IPP attributes."), "lpadmin", uri);
 | ||||
| +    return (NULL);
 | ||||
| +  }
 | ||||
| +
 | ||||
|    if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE) | ||||
|    { | ||||
|      _cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString()); | ||||
| @ -1,41 +0,0 @@ | ||||
| From e0630cd18f76340d302000f2bf6516e99602b844 Mon Sep 17 00:00:00 2001 | ||||
| From: Michael R Sweet <msweet@msweet.org> | ||||
| Date: Mon, 9 Sep 2024 15:59:57 -0400 | ||||
| Subject: [PATCH] PPDize preset and template names. | ||||
| 
 | ||||
| ---
 | ||||
|  cups/ppd-cache.c | 33 ++++++++++++++++++++++++--------- | ||||
|  1 file changed, 24 insertions(+), 9 deletions(-) | ||||
| 
 | ||||
| diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
 | ||||
| index 986c64f73..18c38d0ee 100644
 | ||||
| --- a/cups/ppd-cache.c
 | ||||
| +++ b/cups/ppd-cache.c
 | ||||
| @@ -5543,7 +5552,7 @@ pwg_ppdize_name(const char *ipp,	/* I - IPP keyword */
 | ||||
|  	*end;				/* End of name buffer */ | ||||
|   | ||||
|   | ||||
| -  if (!ipp)
 | ||||
| +  if (!ipp || !_cups_isalnum(*ipp))
 | ||||
|    { | ||||
|      *name = '\0'; | ||||
|      return; | ||||
| @@ -5558,8 +5567,14 @@ pwg_ppdize_name(const char *ipp,	/* I - IPP keyword */
 | ||||
|        ipp ++; | ||||
|        *ptr++ = (char)toupper(*ipp++ & 255); | ||||
|      } | ||||
| -    else
 | ||||
| +    else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || _cups_isalnum(*ipp))
 | ||||
| +    {
 | ||||
|        *ptr++ = *ipp++; | ||||
| +    }
 | ||||
| +    else
 | ||||
| +    {
 | ||||
| +      ipp ++;
 | ||||
| +    }
 | ||||
|    } | ||||
|   | ||||
|    *ptr = '\0'; | ||||
| -- 
 | ||||
| 2.46.1 | ||||
| 
 | ||||
| @ -1,136 +0,0 @@ | ||||
| diff -up cups-2.2.6/cups/ppd-cache.c.make-model-refact cups-2.2.6/cups/ppd-cache.c
 | ||||
| --- cups-2.2.6/cups/ppd-cache.c.make-model-refact	2024-10-25 09:50:04.894056025 +0200
 | ||||
| +++ cups-2.2.6/cups/ppd-cache.c	2024-10-25 09:51:15.832552712 +0200
 | ||||
| @@ -2937,9 +2937,10 @@ _ppdCreateFromIPP(char   *buffer,	/* I -
 | ||||
|  			*x_dim, *y_dim;	/* Media dimensions */ | ||||
|    ipp_t			*media_size;	/* Media size collection */ | ||||
|    char			make[256],	/* Make and model */ | ||||
| -			*model,		/* Model name */
 | ||||
| +			*mptr,		/* Pointer into make and model */
 | ||||
|  			ppdname[PPD_MAX_NAME]; | ||||
|  		    			/* PPD keyword */ | ||||
| +  const char		*model;		/* Model name */
 | ||||
|    int			i, j,		/* Looping vars */ | ||||
|  			count,		/* Number of values */ | ||||
|  			bottom,		/* Largest bottom margin */ | ||||
| @@ -3057,35 +3058,105 @@ _ppdCreateFromIPP(char   *buffer,	/* I -
 | ||||
|    } | ||||
|   | ||||
|   /* | ||||
| -  * Standard stuff for PPD file...
 | ||||
| +  * Get a sanitized make and model...
 | ||||
|    */ | ||||
|   | ||||
| -  cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
 | ||||
| -  cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
 | ||||
| -  cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
 | ||||
| -  cupsFilePuts(fp, "*LanguageVersion: English\n");
 | ||||
| -  cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
 | ||||
| -  cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
 | ||||
| -  cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
 | ||||
| -  cupsFilePuts(fp, "*FileSystem: False\n");
 | ||||
| -  cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
 | ||||
| +  if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
 | ||||
| +  {
 | ||||
| +   /*
 | ||||
| +    * Sanitize the model name to only contain PPD-safe characters.
 | ||||
| +    */
 | ||||
|   | ||||
| -  if ((attr = ippFindAttribute(response, "printer-make-and-model", IPP_TAG_TEXT)) != NULL)
 | ||||
|      strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make)); | ||||
| +
 | ||||
| +    for (mptr = make; *mptr; mptr ++)
 | ||||
| +    {
 | ||||
| +      if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
 | ||||
| +      {
 | ||||
| +       /*
 | ||||
| +	* Truncate the make and model on the first bad character...
 | ||||
| +	*/
 | ||||
| +
 | ||||
| +	*mptr = '\0';
 | ||||
| +	break;
 | ||||
| +      }
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    while (mptr > make)
 | ||||
| +    {
 | ||||
| +     /*
 | ||||
| +      * Strip trailing whitespace...
 | ||||
| +      */
 | ||||
| +
 | ||||
| +      mptr --;
 | ||||
| +      if (*mptr == ' ')
 | ||||
| +	*mptr = '\0';
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    if (!make[0])
 | ||||
| +    {
 | ||||
| +     /*
 | ||||
| +      * Use a default make and model if nothing remains...
 | ||||
| +      */
 | ||||
| +
 | ||||
| +      strlcpy(make, "Unknown", sizeof(make));
 | ||||
| +    }
 | ||||
| +  }
 | ||||
|    else | ||||
| -    strlcpy(make, "Unknown Printer", sizeof(make));
 | ||||
| +  {
 | ||||
| +   /*
 | ||||
| +    * Use a default make and model...
 | ||||
| +    */
 | ||||
| +
 | ||||
| +    strlcpy(make, "Unknown", sizeof(make));
 | ||||
| +  }
 | ||||
|   | ||||
|    if (!_cups_strncasecmp(make, "Hewlett Packard ", 16) || | ||||
|        !_cups_strncasecmp(make, "Hewlett-Packard ", 16)) | ||||
|    { | ||||
| +   /*
 | ||||
| +    * Normalize HP printer make and model...
 | ||||
| +    */
 | ||||
| +
 | ||||
|      model = make + 16; | ||||
|      strlcpy(make, "HP", sizeof(make)); | ||||
| +
 | ||||
| +    if (!_cups_strncasecmp(model, "HP ", 3))
 | ||||
| +      model += 3;
 | ||||
| +  }
 | ||||
| +  else if ((mptr = strchr(make, ' ')) != NULL)
 | ||||
| +  {
 | ||||
| +   /*
 | ||||
| +    * Separate "MAKE MODEL"...
 | ||||
| +    */
 | ||||
| +
 | ||||
| +    while (*mptr && *mptr == ' ')
 | ||||
| +      *mptr++ = '\0';
 | ||||
| +
 | ||||
| +    model = mptr;
 | ||||
|    } | ||||
| -  else if ((model = strchr(make, ' ')) != NULL)
 | ||||
| -    *model++ = '\0';
 | ||||
|    else | ||||
| -    model = make;
 | ||||
| +  {
 | ||||
| +   /*
 | ||||
| +    * No separate model name...
 | ||||
| +    */
 | ||||
| + 
 | ||||
| +    model = "Printer";
 | ||||
| +  }
 | ||||
| +
 | ||||
| + /*
 | ||||
| +  * Standard stuff for PPD file...
 | ||||
| +  */
 | ||||
|   | ||||
| +  cupsFilePuts(fp, "*PPD-Adobe: \"4.3\"\n");
 | ||||
| +  cupsFilePuts(fp, "*FormatVersion: \"4.3\"\n");
 | ||||
| +  cupsFilePrintf(fp, "*FileVersion: \"%d.%d\"\n", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
 | ||||
| +  cupsFilePuts(fp, "*LanguageVersion: English\n");
 | ||||
| +  cupsFilePuts(fp, "*LanguageEncoding: ISOLatin1\n");
 | ||||
| +  cupsFilePuts(fp, "*PSVersion: \"(3010.000) 0\"\n");
 | ||||
| +  cupsFilePuts(fp, "*LanguageLevel: \"3\"\n");
 | ||||
| +  cupsFilePuts(fp, "*FileSystem: False\n");
 | ||||
| +  cupsFilePuts(fp, "*PCFileName: \"ippeve.ppd\"\n");
 | ||||
|    cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make); | ||||
|    cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model); | ||||
|    cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model); | ||||
| @ -1,35 +0,0 @@ | ||||
| diff --git a/scheduler/auth.c b/scheduler/auth.c
 | ||||
| index e7d0006..d70e21e 100644
 | ||||
| --- a/scheduler/auth.c
 | ||||
| +++ b/scheduler/auth.c
 | ||||
| @@ -564,8 +564,12 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
 | ||||
|      switch (type) | ||||
|      { | ||||
|        default : | ||||
| +	  {
 | ||||
| +	    cupsdLogClient(con, CUPSD_LOG_ERROR, "Basic authentication is not enabled.");
 | ||||
| +	    return;
 | ||||
| +	  }
 | ||||
|        case CUPSD_AUTH_BASIC : | ||||
| -          {
 | ||||
| +	  {
 | ||||
|  #if HAVE_LIBPAM | ||||
|  	   /* | ||||
|  	    * Only use PAM to do authentication.  This supports MD5 | ||||
| @@ -737,6 +741,16 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
 | ||||
|      gss_name_t		client_name;	/* Client name */ | ||||
|   | ||||
|   | ||||
| +   /*
 | ||||
| +    * Only allow Kerberos if enabled...
 | ||||
| +    */
 | ||||
| +
 | ||||
| +    if (type != CUPSD_AUTH_NEGOTIATE)
 | ||||
| +    {
 | ||||
| +      cupsdLogClient(con, CUPSD_LOG_ERROR, "Kerberos authentication is not enabled.");
 | ||||
| +      return;
 | ||||
| +    }
 | ||||
| +
 | ||||
|  #  ifdef __APPLE__ | ||||
|     /* | ||||
|      * If the weak-linked GSSAPI/Kerberos library is not present, don't try | ||||
| @ -1,94 +0,0 @@ | ||||
| diff --git a/scheduler/conf.c b/scheduler/conf.c
 | ||||
| index c113eb3..77ce179 100644
 | ||||
| --- a/scheduler/conf.c
 | ||||
| +++ b/scheduler/conf.c
 | ||||
| @@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
 | ||||
|   | ||||
|    cupsdDeleteAllListeners(); | ||||
|   | ||||
| + /*
 | ||||
| +  * Allocate Listeners array
 | ||||
| +  */
 | ||||
| +
 | ||||
| +  Listeners = cupsArrayNew(NULL, NULL);
 | ||||
| +
 | ||||
| +  if (!Listeners)
 | ||||
| +  {
 | ||||
| +    fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
 | ||||
| +    return (0);
 | ||||
| +  }
 | ||||
| +
 | ||||
|    old_remote_port = RemotePort; | ||||
|    RemotePort      = 0; | ||||
|   | ||||
| @@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
 | ||||
|      } | ||||
|    } | ||||
|   | ||||
| - /*
 | ||||
| -  * Check that we have at least one listen/port line; if not, report this
 | ||||
| -  * as an error and exit!
 | ||||
| -  */
 | ||||
| -
 | ||||
| -  if (cupsArrayCount(Listeners) == 0)
 | ||||
| -  {
 | ||||
| -   /*
 | ||||
| -    * No listeners!
 | ||||
| -    */
 | ||||
| -
 | ||||
| -    cupsdLogMessage(CUPSD_LOG_EMERG,
 | ||||
| -                    "No valid Listen or Port lines were found in the "
 | ||||
| -		    "configuration file.");
 | ||||
| -
 | ||||
| -   /*
 | ||||
| -    * Commit suicide...
 | ||||
| -    */
 | ||||
| -
 | ||||
| -    cupsdEndProcess(getpid(), 0);
 | ||||
| -  }
 | ||||
| -
 | ||||
|   /* | ||||
|    * Set the default locale using the language and charset... | ||||
|    */ | ||||
| @@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
 | ||||
|          * Allocate another listener... | ||||
|  	*/ | ||||
|   | ||||
| -        if (!Listeners)
 | ||||
| -	  Listeners = cupsArrayNew(NULL, NULL);
 | ||||
| -
 | ||||
| -	if (!Listeners)
 | ||||
| -	{
 | ||||
| -          cupsdLogMessage(CUPSD_LOG_ERROR,
 | ||||
| -	                  "Unable to allocate %s at line %d - %s.",
 | ||||
| -	                  line, linenum, strerror(errno));
 | ||||
| -          break;
 | ||||
| -	}
 | ||||
| -
 | ||||
|          if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) | ||||
|  	{ | ||||
|            cupsdLogMessage(CUPSD_LOG_ERROR, | ||||
| diff --git a/scheduler/main.c b/scheduler/main.c
 | ||||
| index a6e2c3a..b935c52 100644
 | ||||
| --- a/scheduler/main.c
 | ||||
| +++ b/scheduler/main.c
 | ||||
| @@ -2113,6 +2113,21 @@ service_checkin(void)
 | ||||
|      service_add_listener(fd, 0); | ||||
|    } | ||||
|  #endif /* HAVE_LAUNCHD */ | ||||
| +
 | ||||
| +  if (cupsArrayCount(Listeners) == 0)
 | ||||
| +  {
 | ||||
| +   /*
 | ||||
| +    * No listeners!
 | ||||
| +    */
 | ||||
| +
 | ||||
| +    cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
 | ||||
| +
 | ||||
| +   /*
 | ||||
| +    * Commit suicide...
 | ||||
| +    */
 | ||||
| +
 | ||||
| +    cupsdEndProcess(getpid(), 0);
 | ||||
| +  }
 | ||||
|  } | ||||
| @ -1,11 +1,10 @@ | ||||
| diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in
 | ||||
| --- cups-2.2.6/config.h.in.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/config.h.in	2024-08-15 14:55:07.310818870 +0200
 | ||||
| @@ -730,4 +730,12 @@ static __inline int _cups_abs(int i) { r
 | ||||
| diff -up cups-2.2.5/config.h.in.lspp cups-2.2.5/config.h.in
 | ||||
| --- cups-2.2.5/config.h.in.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/config.h.in	2017-10-17 19:06:19.640228964 +0200
 | ||||
| @@ -730,4 +730,11 @@ static __inline int _cups_abs(int i) { r
 | ||||
|  #  endif /* __GNUC__ || __STDC_VERSION__ */ | ||||
|  #endif /* !HAVE_ABS && !abs */ | ||||
|   | ||||
| +
 | ||||
| +/*
 | ||||
| + * Are we trying to meet LSPP requirements?
 | ||||
| + */
 | ||||
| @ -14,9 +13,9 @@ diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in | ||||
| +
 | ||||
| +
 | ||||
|  #endif /* !_CUPS_CONFIG_H_ */ | ||||
| diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/cups-lspp.m4
 | ||||
| --- cups-2.2.6/config-scripts/cups-lspp.m4.lspp	2024-08-15 14:55:07.310818870 +0200
 | ||||
| +++ cups-2.2.6/config-scripts/cups-lspp.m4	2024-08-15 14:55:07.310818870 +0200
 | ||||
| diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/cups-lspp.m4
 | ||||
| --- cups-2.2.5/config-scripts/cups-lspp.m4.lspp	2017-10-17 19:06:19.640228964 +0200
 | ||||
| +++ cups-2.2.5/config-scripts/cups-lspp.m4	2017-10-17 19:06:19.640228964 +0200
 | ||||
| @@ -0,0 +1,36 @@
 | ||||
| +dnl
 | ||||
| +dnl   LSPP code for the Common UNIX Printing System (CUPS).
 | ||||
| @ -41,7 +40,7 @@ diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/c | ||||
| +AC_ARG_ENABLE(lspp, [  --enable-lspp           turn on auditing and label support, default=no])
 | ||||
| +
 | ||||
| +if test x"$enable_lspp" != xno; then
 | ||||
| +    case "$(uname)" in
 | ||||
| +    case "$uname" in
 | ||||
| +        Linux)
 | ||||
| +            AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
 | ||||
| +            AC_CHECK_HEADER(libaudit.h)
 | ||||
| @ -54,9 +53,9 @@ diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/c | ||||
| +            ;;
 | ||||
| +    esac
 | ||||
| +fi
 | ||||
| diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac
 | ||||
| --- cups-2.2.6/configure.ac.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/configure.ac	2024-08-15 14:55:07.310818870 +0200
 | ||||
| diff -up cups-2.2.5/configure.ac.lspp cups-2.2.5/configure.ac
 | ||||
| --- cups-2.2.5/configure.ac.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/configure.ac	2017-10-17 19:06:19.640228964 +0200
 | ||||
| @@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4)
 | ||||
|  sinclude(config-scripts/cups-defaults.m4) | ||||
|  sinclude(config-scripts/cups-scripting.m4) | ||||
| @ -66,9 +65,9 @@ diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac | ||||
|  INSTALL_LANGUAGES="" | ||||
|  UNINSTALL_LANGUAGES="" | ||||
|  LANGFILES="" | ||||
| diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
 | ||||
| --- cups-2.2.6/filter/common.c.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/filter/common.c	2024-08-15 14:55:07.310818870 +0200
 | ||||
| diff -up cups-2.2.5/filter/common.c.lspp cups-2.2.5/filter/common.c
 | ||||
| --- cups-2.2.5/filter/common.c.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/filter/common.c	2017-10-17 19:06:19.640228964 +0200
 | ||||
| @@ -17,6 +17,12 @@
 | ||||
|   * Include necessary headers... | ||||
|   */ | ||||
| @ -237,9 +236,9 @@ diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c | ||||
|   | ||||
|   | ||||
|  /* | ||||
| diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c
 | ||||
| --- cups-2.2.6/filter/pstops.c.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/filter/pstops.c	2024-08-15 14:55:07.311818856 +0200
 | ||||
| diff -up cups-2.2.5/filter/pstops.c.lspp cups-2.2.5/filter/pstops.c
 | ||||
| --- cups-2.2.5/filter/pstops.c.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/filter/pstops.c	2017-10-17 19:06:19.641228955 +0200
 | ||||
| @@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc,	/*
 | ||||
|  { | ||||
|    const char	*classification;	/* CLASSIFICATION environment variable */ | ||||
| @ -395,21 +394,21 @@ diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c | ||||
|   | ||||
|   | ||||
|  /* | ||||
| diff -up cups-2.2.6/Makedefs.in.lspp cups-2.2.6/Makedefs.in
 | ||||
| --- cups-2.2.6/Makedefs.in.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/Makedefs.in	2024-08-15 14:55:07.310818870 +0200
 | ||||
| @@ -145,7 +145,7 @@ ARFLAGS		=	@ARFLAGS@
 | ||||
|  BACKLIBS	=	@BACKLIBS@ | ||||
|  BUILDDIRS	=	@BUILDDIRS@ | ||||
|  CFLAGS		=	@CPPFLAGS@ @CFLAGS@ | ||||
| -COMMONLIBS	=	@LIBS@
 | ||||
| +COMMONLIBS	=	@LIBS@ @LIBAUDIT@ @LIBSELINUX@
 | ||||
|  CXXFLAGS	=	@CPPFLAGS@ @CXXFLAGS@ | ||||
|  CXXLIBS		=	@CXXLIBS@ | ||||
|  DBUS_NOTIFIER	=	@DBUS_NOTIFIER@ | ||||
| diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
 | ||||
| --- cups-2.2.6/scheduler/client.c.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/scheduler/client.c	2024-08-15 14:55:07.311818856 +0200
 | ||||
| diff -up cups-2.2.5/Makedefs.in.lspp cups-2.2.5/Makedefs.in
 | ||||
| --- cups-2.2.5/Makedefs.in.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/Makedefs.in	2017-10-17 19:06:19.641228955 +0200
 | ||||
| @@ -161,7 +161,7 @@ LDFLAGS		=	-L../cgi-bin -L../cups -L../f
 | ||||
|  			@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) | ||||
|  LINKCUPS	=	@LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) | ||||
|  LINKCUPSIMAGE	=	@LINKCUPSIMAGE@ | ||||
| -LIBS		=	$(LINKCUPS) $(COMMONLIBS)
 | ||||
| +LIBS		=	$(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
 | ||||
|  ONDEMANDFLAGS	=	@ONDEMANDFLAGS@ | ||||
|  ONDEMANDLIBS	=	@ONDEMANDLIBS@ | ||||
|  OPTIM		=	@OPTIM@ | ||||
| diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
 | ||||
| --- cups-2.2.5/scheduler/client.c.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/scheduler/client.c	2017-10-17 19:06:19.689228556 +0200
 | ||||
| @@ -22,12 +22,20 @@
 | ||||
|  #define _HTTP_NO_PRIVATE | ||||
|  #include "cupsd.h" | ||||
| @ -491,19 +490,7 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c | ||||
|  #ifdef AF_LOCAL | ||||
|    if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) | ||||
|    { | ||||
| @@ -522,6 +583,11 @@ cupsdCloseClient(cupsd_client_t *con)	/*
 | ||||
|      } | ||||
|  #endif /* HAVE_AUTHORIZATION_H */ | ||||
|   | ||||
| +#ifdef WITH_LSPP
 | ||||
| +    if (con->scon)
 | ||||
| +      cupsdClearString(&con->scon);
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| +
 | ||||
|     /* | ||||
|      * Re-enable new client connections if we are going back under the | ||||
|      * limit... | ||||
| @@ -562,6 +628,13 @@ cupsdReadClient(cupsd_client_t *con)	/*
 | ||||
| @@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con)	/*
 | ||||
|    mime_type_t		*type;		/* MIME type of file */ | ||||
|    cupsd_printer_t	*p;		/* Printer */ | ||||
|    static unsigned	request_id = 0;	/* Request ID for temp files */ | ||||
| @ -517,10 +504,10 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c | ||||
|   | ||||
|   | ||||
|    status = HTTP_STATUS_CONTINUE; | ||||
| @@ -1924,7 +1997,73 @@ cupsdReadClient(cupsd_client_t *con)	/*
 | ||||
|  	    fchmod(con->file, 0640); | ||||
|  	    fchown(con->file, RunUser, Group); | ||||
| @@ -1926,6 +1994,73 @@ cupsdReadClient(cupsd_client_t *con)	/*
 | ||||
|              fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); | ||||
|  	  } | ||||
|   | ||||
| +#ifdef WITH_LSPP
 | ||||
| +	  if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
 | ||||
| +	  {
 | ||||
| @ -585,13 +572,13 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c | ||||
| +			   con->filename, context_str(tmpcon));
 | ||||
| +	    context_free(tmpcon);
 | ||||
| +	    context_free(clicon);
 | ||||
|  	  } | ||||
| +	  }
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| +	}
 | ||||
|   | ||||
| +
 | ||||
|  	  if (httpGetState(con->http) != HTTP_STATE_POST_SEND) | ||||
|  	  { | ||||
| @@ -3456,6 +3595,49 @@ is_path_absolute(const char *path)	/* I
 | ||||
|  	    if (!httpWait(con->http, 0)) | ||||
| @@ -3456,6 +3591,49 @@ is_path_absolute(const char *path)	/* I
 | ||||
|    return (1); | ||||
|  } | ||||
|   | ||||
| @ -641,9 +628,9 @@ diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c | ||||
|   | ||||
|  /* | ||||
|   * 'pipe_command()' - Pipe the output of a command to the remote client. | ||||
| diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h
 | ||||
| --- cups-2.2.6/scheduler/client.h.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/scheduler/client.h	2024-08-15 14:55:07.312818843 +0200
 | ||||
| diff -up cups-2.2.5/scheduler/client.h.lspp cups-2.2.5/scheduler/client.h
 | ||||
| --- cups-2.2.5/scheduler/client.h.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/scheduler/client.h	2017-10-17 19:06:19.690228548 +0200
 | ||||
| @@ -16,6 +16,13 @@
 | ||||
|  #endif /* HAVE_AUTHORIZATION_H */ | ||||
|   | ||||
| @ -669,20 +656,19 @@ diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h | ||||
|  }; | ||||
|   | ||||
|  #define HTTP(con) ((con)->http) | ||||
| @@ -139,6 +150,10 @@ extern void	cupsdStopListening(void);
 | ||||
| @@ -138,6 +149,9 @@ extern void	cupsdStartListening(void);
 | ||||
|  extern void	cupsdStopListening(void); | ||||
|  extern void	cupsdUpdateCGI(void); | ||||
|  extern void	cupsdWriteClient(cupsd_client_t *con); | ||||
|   | ||||
| +#ifdef WITH_LSPP
 | ||||
| +extern uid_t	client_pid_to_auid(pid_t clipid);
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| +
 | ||||
|   | ||||
|  #ifdef HAVE_SSL | ||||
|  extern int	cupsdEndTLS(cupsd_client_t *con); | ||||
|  extern int	cupsdStartTLS(cupsd_client_t *con); | ||||
| diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
 | ||||
| --- cups-2.2.6/scheduler/conf.c.lspp	2024-08-15 14:55:07.306818923 +0200
 | ||||
| +++ cups-2.2.6/scheduler/conf.c	2024-08-15 14:55:07.312818843 +0200
 | ||||
| diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c
 | ||||
| --- cups-2.2.5/scheduler/conf.c.lspp	2017-10-17 19:06:19.637228989 +0200
 | ||||
| +++ cups-2.2.5/scheduler/conf.c	2017-10-17 19:06:19.691228540 +0200
 | ||||
| @@ -40,6 +40,9 @@
 | ||||
|  #  define INADDR_NONE	0xffffffff | ||||
|  #endif /* !INADDR_NONE */ | ||||
| @ -740,7 +726,7 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c | ||||
|    cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", | ||||
|                    RemotePort ? "enabled" : "disabled"); | ||||
|   | ||||
| @@ -1277,7 +1306,19 @@ cupsdReadConfiguration(void)
 | ||||
| @@ -1286,7 +1315,19 @@ cupsdReadConfiguration(void)
 | ||||
|      cupsdClearString(&Classification); | ||||
|   | ||||
|    if (Classification) | ||||
| @ -760,7 +746,7 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c | ||||
|   | ||||
|   /* | ||||
|    * Check the MaxClients setting, and then allocate memory for it... | ||||
| @@ -3761,6 +3802,18 @@ read_location(cups_file_t *fp,		/* I - C
 | ||||
| @@ -3770,6 +3811,18 @@ read_location(cups_file_t *fp,		/* I - C
 | ||||
|    return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); | ||||
|  } | ||||
|   | ||||
| @ -779,9 +765,9 @@ diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c | ||||
|   | ||||
|  /* | ||||
|   * 'read_policy()' - Read a <Policy name> definition. | ||||
| diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h
 | ||||
| --- cups-2.2.6/scheduler/conf.h.lspp	2024-08-15 14:55:07.250819672 +0200
 | ||||
| +++ cups-2.2.6/scheduler/conf.h	2024-08-15 14:55:07.312818843 +0200
 | ||||
| diff -up cups-2.2.5/scheduler/conf.h.lspp cups-2.2.5/scheduler/conf.h
 | ||||
| --- cups-2.2.5/scheduler/conf.h.lspp	2017-10-17 19:06:19.585229421 +0200
 | ||||
| +++ cups-2.2.5/scheduler/conf.h	2017-10-17 19:06:19.691228540 +0200
 | ||||
| @@ -250,6 +250,13 @@ VAR char		*ServerKeychain		VALUE(NULL);
 | ||||
|  					/* Keychain holding cert + key */ | ||||
|  #endif /* HAVE_SSL */ | ||||
| @ -806,10 +792,19 @@ diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h | ||||
|   | ||||
|  /* | ||||
|   * Prototypes... | ||||
| diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h
 | ||||
| --- cups-2.2.6/scheduler/cupsd.h.lspp	2024-08-15 14:55:07.298819030 +0200
 | ||||
| +++ cups-2.2.6/scheduler/cupsd.h	2024-08-15 14:55:07.312818843 +0200
 | ||||
| @@ -36,6 +36,14 @@
 | ||||
| diff -up cups-2.2.5/scheduler/cupsd.h.lspp cups-2.2.5/scheduler/cupsd.h
 | ||||
| --- cups-2.2.5/scheduler/cupsd.h.lspp	2017-10-17 19:06:19.626229080 +0200
 | ||||
| +++ cups-2.2.5/scheduler/cupsd.h	2017-10-17 19:06:19.691228540 +0200
 | ||||
| @@ -11,6 +11,8 @@
 | ||||
|   * file is missing or damaged, see the license at "http://www.cups.org/". | ||||
|   */ | ||||
|   | ||||
| +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
 | ||||
| +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
 | ||||
|   | ||||
|  /* | ||||
|   * Include necessary headers. | ||||
| @@ -36,13 +38,20 @@
 | ||||
|  #  include <unistd.h> | ||||
|  #endif /* WIN32 */ | ||||
|   | ||||
| @ -824,17 +819,27 @@ diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h | ||||
|  #include "mime.h" | ||||
|   | ||||
|  #if defined(HAVE_CDSASSL) | ||||
| @@ -248,4 +256,4 @@ extern void     cupsdRunTimeout (cupsd_t
 | ||||
|  extern void     cupsdUpdateTimeout (cupsd_timeout_t *timeout, | ||||
|  				    const struct timeval *tv); | ||||
|  extern void     cupsdRemoveTimeout (cupsd_timeout_t *timeout); | ||||
| -#endif /* HAVE_AVAHI */
 | ||||
| \ No newline at end of file | ||||
| +#endif /* HAVE_AVAHI */
 | ||||
| diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
 | ||||
| --- cups-2.2.6/scheduler/ipp.c.lspp	2024-08-15 14:55:07.268819431 +0200
 | ||||
| +++ cups-2.2.6/scheduler/ipp.c	2024-08-15 14:56:15.961900807 +0200
 | ||||
| @@ -37,6 +37,12 @@ extern int mbr_check_membership_by_id(uu
 | ||||
|  #  include <CoreFoundation/CoreFoundation.h> | ||||
|  #endif /* HAVE_CDSASSL */ | ||||
|   | ||||
| -
 | ||||
|  /* | ||||
|   * Some OS's don't have hstrerror(), most notably Solaris... | ||||
|   */ | ||||
| diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
 | ||||
| --- cups-2.2.5/scheduler/ipp.c.lspp	2017-10-17 19:06:19.599229305 +0200
 | ||||
| +++ cups-2.2.5/scheduler/ipp.c	2017-10-17 19:06:19.695228506 +0200
 | ||||
| @@ -14,6 +14,9 @@
 | ||||
|   * missing or damaged, see the license at "http://www.cups.org/". | ||||
|   */ | ||||
|   | ||||
| +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
 | ||||
| +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
 | ||||
| +
 | ||||
|  /* | ||||
|   * Include necessary headers... | ||||
|   */ | ||||
| @@ -37,6 +40,14 @@ extern int mbr_check_membership_by_id(uu
 | ||||
|  #  endif /* HAVE_MEMBERSHIPPRIV_H */ | ||||
|  #endif /* __APPLE__ */ | ||||
|   | ||||
| @ -843,11 +848,13 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
| +#include <selinux/selinux.h>
 | ||||
| +#include <selinux/context.h>
 | ||||
| +#include <selinux/avc.h>
 | ||||
| +#include <selinux/flask.h>
 | ||||
| +#include <selinux/av_permissions.h>
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
|   | ||||
|  /* | ||||
|   * Local functions... | ||||
| @@ -61,6 +67,9 @@ static void	cancel_all_jobs(cupsd_client
 | ||||
| @@ -61,6 +72,9 @@ static void	cancel_all_jobs(cupsd_client
 | ||||
|  static void	cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); | ||||
|  static void	cancel_subscription(cupsd_client_t *con, int id); | ||||
|  static int	check_rss_recipient(const char *recipient); | ||||
| @ -857,7 +864,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|  static int	check_quotas(cupsd_client_t *con, cupsd_printer_t *p); | ||||
|  static void	close_job(cupsd_client_t *con, ipp_attribute_t *uri); | ||||
|  static void	copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, | ||||
| @@ -1286,6 +1295,21 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1286,6 +1300,21 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|      "time-at-creation", | ||||
|      "time-at-processing" | ||||
|    }; | ||||
| @ -879,7 +886,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   | ||||
|   | ||||
|    cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", | ||||
| @@ -1607,6 +1631,106 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1597,6 +1626,106 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|      return (NULL); | ||||
|    } | ||||
|   | ||||
| @ -916,18 +923,18 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
| +	/*
 | ||||
| +	 * The printer does not exist, so for now assume it's a FileDevice
 | ||||
| +	 */
 | ||||
| +        tclass = string_to_security_class("file");
 | ||||
| +        avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_FILE;
 | ||||
| +	avr = FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else if (S_ISCHR(printerstat.st_mode))
 | ||||
| +      {
 | ||||
| +        tclass = string_to_security_class("chr_file");
 | ||||
| +        avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_CHR_FILE;
 | ||||
| +	avr = CHR_FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else if (S_ISREG(printerstat.st_mode))
 | ||||
| +      {
 | ||||
| +        tclass = string_to_security_class("file");
 | ||||
| +        avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_FILE;
 | ||||
| +	avr = FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else
 | ||||
| +      {
 | ||||
| @ -986,7 +993,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|    if ((job = cupsdAddJob(priority, printer->name)) == NULL) | ||||
|    { | ||||
|      send_ipp_status(con, IPP_INTERNAL_ERROR, | ||||
| @@ -1615,6 +1739,32 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1605,6 +1734,32 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|      return (NULL); | ||||
|    } | ||||
|   | ||||
| @ -1019,7 +1026,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|    job->dtype   = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); | ||||
|    job->attrs   = con->request; | ||||
|    job->dirty   = 1; | ||||
| @@ -1802,6 +1952,29 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1794,6 +1949,29 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|        ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); | ||||
|        ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); | ||||
|      } | ||||
| @ -1049,7 +1056,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   | ||||
|      job->job_sheets = attr; | ||||
|   | ||||
| @@ -1832,6 +2005,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1824,6 +2002,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|  	                		     "job-sheets=\"%s,none\", " | ||||
|  					     "job-originating-user-name=\"%s\"", | ||||
|  	              Classification, job->username); | ||||
| @ -1059,7 +1066,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|  	} | ||||
|  	else if (attr->num_values == 2 && | ||||
|  	         strcmp(attr->values[0].string.text, | ||||
| @@ -1850,6 +2026,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1842,6 +2023,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|  					     "job-originating-user-name=\"%s\"", | ||||
|  		      attr->values[0].string.text, | ||||
|  		      attr->values[1].string.text, job->username); | ||||
| @ -1069,7 +1076,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|  	} | ||||
|  	else if (strcmp(attr->values[0].string.text, Classification) && | ||||
|  	         strcmp(attr->values[0].string.text, "none") && | ||||
| @@ -1870,6 +2049,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1862,6 +2046,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|  			"job-originating-user-name=\"%s\"", | ||||
|  			attr->values[0].string.text, | ||||
|  			attr->values[1].string.text, job->username); | ||||
| @ -1079,14 +1086,14 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|          } | ||||
|        } | ||||
|        else if (strcmp(attr->values[0].string.text, Classification) && | ||||
| @@ -1910,9 +2092,55 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
| @@ -1902,8 +2089,52 @@ add_job(cupsd_client_t  *con,		/* I - Cl
 | ||||
|  		      "job-sheets=\"%s\", " | ||||
|  		      "job-originating-user-name=\"%s\"", | ||||
|  		      Classification, job->username); | ||||
| +#ifdef WITH_LSPP
 | ||||
| +	override = 1;
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| +      }
 | ||||
|        } | ||||
| +#ifdef WITH_LSPP
 | ||||
| +      if (is_lspp_config() && AuditLog != -1)
 | ||||
| +      {
 | ||||
| @ -1120,22 +1127,19 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
| +	  }
 | ||||
| +          cupsdClearString(&audit_message);
 | ||||
| +	}
 | ||||
|        } | ||||
| +      }
 | ||||
| +
 | ||||
| +      if (userheader)
 | ||||
| +        free(userheader);
 | ||||
| +      if (userfooter)
 | ||||
| +        free(userfooter);
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
|      } | ||||
| +    
 | ||||
|   | ||||
| +#ifdef WITH_LSPP
 | ||||
| +    if (userheader)
 | ||||
| +      free(userheader);
 | ||||
| +    if (userfooter)
 | ||||
| +      free(userfooter);
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| +
 | ||||
| +
 | ||||
|     /* | ||||
|      * See if we need to add the starting sheet... | ||||
|      */ | ||||
| @@ -3694,6 +3922,128 @@ check_rss_recipient(
 | ||||
| @@ -3686,6 +3917,128 @@ check_rss_recipient(
 | ||||
|  } | ||||
|   | ||||
|   | ||||
| @ -1207,8 +1211,8 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
| +    return -1;
 | ||||
| +  }
 | ||||
| +  avc_entry_ref_init(&avcref);
 | ||||
| +  tclass = string_to_security_class("file");
 | ||||
| +  avr = string_to_av_perm(tclass, "read");
 | ||||
| +  tclass = SECCLASS_FILE;
 | ||||
| +  avr = FILE__READ;
 | ||||
| +
 | ||||
| + /*
 | ||||
| +  * Perform the check with the client as the subject, first with the job as the object
 | ||||
| @ -1264,7 +1268,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|  /* | ||||
|   * 'check_quotas()' - Check quotas for a printer and user. | ||||
|   */ | ||||
| @@ -4150,6 +4500,15 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
| @@ -4142,6 +4495,15 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
|    char		attrname[255],		/* Name of attribute */ | ||||
|  		*s;			/* Pointer into name */ | ||||
|    ipp_attribute_t *attr;		/* Attribute */ | ||||
| @ -1280,7 +1284,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   | ||||
|   | ||||
|    cupsdLogMessage(CUPSD_LOG_DEBUG2, | ||||
| @@ -4185,6 +4544,85 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
| @@ -4177,6 +4539,85 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
|   | ||||
|    fchmod(cupsFileNumber(out), 0640); | ||||
|    fchown(cupsFileNumber(out), RunUser, Group); | ||||
| @ -1366,7 +1370,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   | ||||
|   /* | ||||
|    * Try the localized banner file under the subdirectory... | ||||
| @@ -4279,6 +4717,24 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
| @@ -4271,6 +4712,24 @@ copy_banner(cupsd_client_t *con,	/* I -
 | ||||
|        else | ||||
|          s = attrname; | ||||
|   | ||||
| @ -1391,7 +1395,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|        if (!strcmp(s, "printer-name")) | ||||
|        { | ||||
|          cupsFilePuts(out, job->dest); | ||||
| @@ -6467,6 +6923,22 @@ get_job_attrs(cupsd_client_t  *con,	/* I
 | ||||
| @@ -6459,6 +6918,22 @@ get_job_attrs(cupsd_client_t  *con,	/* I
 | ||||
|   | ||||
|    exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); | ||||
|   | ||||
| @ -1414,7 +1418,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   /* | ||||
|    * Copy attributes... | ||||
|    */ | ||||
| @@ -6864,6 +7336,11 @@ get_jobs(cupsd_client_t  *con,		/* I - C
 | ||||
| @@ -6856,6 +7331,11 @@ get_jobs(cupsd_client_t  *con,		/* I - C
 | ||||
|        if (username[0] && _cups_strcasecmp(username, job->username)) | ||||
|  	continue; | ||||
|   | ||||
| @ -1426,7 +1430,7 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|        if (count > 0) | ||||
|  	ippAddSeparator(con->response); | ||||
|   | ||||
| @@ -11495,6 +11972,11 @@ validate_user(cupsd_job_t    *job,	/* I
 | ||||
| @@ -11487,6 +11967,11 @@ validate_user(cupsd_job_t    *job,	/* I
 | ||||
|   | ||||
|    strlcpy(username, get_username(con), userlen); | ||||
|   | ||||
| @ -1438,10 +1442,20 @@ diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c | ||||
|   /* | ||||
|    * Check the username against the owner... | ||||
|    */ | ||||
| diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
 | ||||
| --- cups-2.2.6/scheduler/job.c.lspp	2024-08-15 14:55:07.278819298 +0200
 | ||||
| +++ cups-2.2.6/scheduler/job.c	2024-08-15 14:55:07.316818790 +0200
 | ||||
| @@ -26,6 +26,12 @@
 | ||||
| diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
 | ||||
| --- cups-2.2.5/scheduler/job.c.lspp	2017-10-17 19:06:19.607229238 +0200
 | ||||
| +++ cups-2.2.5/scheduler/job.c	2017-10-17 19:06:19.696228498 +0200
 | ||||
| @@ -11,6 +11,9 @@
 | ||||
|   * missing or damaged, see the license at "http://www.cups.org/". | ||||
|   */ | ||||
|   | ||||
| +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
 | ||||
| +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
 | ||||
| +
 | ||||
|  /* | ||||
|   * Include necessary headers... | ||||
|   */ | ||||
| @@ -26,6 +29,14 @@
 | ||||
|  #  endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ | ||||
|  #endif /* __APPLE__ */ | ||||
|   | ||||
| @ -1450,11 +1464,13 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c | ||||
| +#include <selinux/selinux.h>
 | ||||
| +#include <selinux/context.h>
 | ||||
| +#include <selinux/avc.h>
 | ||||
| +#include <selinux/flask.h>
 | ||||
| +#include <selinux/av_permissions.h>
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
|   | ||||
|  /* | ||||
|   * Design Notes for Job Management | ||||
| @@ -547,6 +553,14 @@ cupsdContinueJob(cupsd_job_t *job)	/* I
 | ||||
| @@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job)	/* I
 | ||||
|  					/* PRINTER_STATE_REASONS env var */ | ||||
|  			rip_max_cache[255]; | ||||
|  					/* RIP_MAX_CACHE env variable */ | ||||
| @ -1469,7 +1485,7 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c | ||||
|   | ||||
|   | ||||
|    cupsdLogMessage(CUPSD_LOG_DEBUG2, | ||||
| @@ -1083,6 +1097,67 @@ cupsdContinueJob(cupsd_job_t *job)	/* I
 | ||||
| @@ -1083,6 +1102,67 @@ cupsdContinueJob(cupsd_job_t *job)	/* I
 | ||||
|    if (final_content_type[0]) | ||||
|      envp[envc ++] = final_content_type; | ||||
|   | ||||
| @ -1537,18 +1553,6 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c | ||||
|    if (Classification && !banner_page) | ||||
|    { | ||||
|      if ((attr = ippFindAttribute(job->attrs, "job-sheets", | ||||
| @@ -1464,6 +1539,11 @@ cupsdDeleteJob(cupsd_job_t       *job,	/
 | ||||
|   | ||||
|    cupsdClearString(&job->username); | ||||
|    cupsdClearString(&job->dest); | ||||
| +
 | ||||
| +#ifdef WITH_LSPP
 | ||||
| +  cupsdClearString(&job->scon);
 | ||||
| +#endif
 | ||||
| +
 | ||||
|    for (i = 0; | ||||
|         i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); | ||||
|         i ++) | ||||
| @@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job)		/* I - J
 | ||||
|        ippSetString(job->attrs, &job->reasons, 0, "none"); | ||||
|    } | ||||
| @ -1736,18 +1740,18 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c | ||||
| +	/*
 | ||||
| +	 * The printer does not exist, so for now assume it's a FileDevice
 | ||||
| +	 */
 | ||||
| +	tclass = string_to_security_class("file");
 | ||||
| +	avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_FILE;
 | ||||
| +	avr = FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else if (S_ISCHR(printerstat.st_mode))
 | ||||
| +      {
 | ||||
| +	tclass = string_to_security_class("chr_file");
 | ||||
| +	avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_CHR_FILE;
 | ||||
| +	avr = CHR_FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else if (S_ISREG(printerstat.st_mode))
 | ||||
| +      {
 | ||||
| +	tclass = string_to_security_class("file");
 | ||||
| +	avr = string_to_av_perm(tclass, "write");
 | ||||
| +	tclass = SECCLASS_FILE;
 | ||||
| +	avr = FILE__WRITE;
 | ||||
| +      }
 | ||||
| +      else
 | ||||
| +      {
 | ||||
| @ -1819,13 +1823,16 @@ diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c | ||||
|   /* | ||||
|    * Now start the first file in the job... | ||||
|    */ | ||||
| diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
 | ||||
| --- cups-2.2.6/scheduler/job.h.lspp	2017-11-01 15:57:53.000000000 +0100
 | ||||
| +++ cups-2.2.6/scheduler/job.h	2024-08-15 14:55:07.316818790 +0200
 | ||||
| @@ -11,6 +11,10 @@
 | ||||
| diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h
 | ||||
| --- cups-2.2.5/scheduler/job.h.lspp	2017-10-13 20:22:26.000000000 +0200
 | ||||
| +++ cups-2.2.5/scheduler/job.h	2017-10-17 19:06:19.696228498 +0200
 | ||||
| @@ -11,6 +11,13 @@
 | ||||
|   * missing or damaged, see the license at "http://www.cups.org/". | ||||
|   */ | ||||
|   | ||||
| +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
 | ||||
| +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
 | ||||
| +
 | ||||
| +#ifdef WITH_LSPP
 | ||||
| +#include <selinux/selinux.h>
 | ||||
| +#endif /* WITH_LSPP */
 | ||||
| @ -1833,7 +1840,7 @@ diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h | ||||
|  /* | ||||
|   * Constants... | ||||
|   */ | ||||
| @@ -88,6 +92,10 @@ struct cupsd_job_s			/**** Job request *
 | ||||
| @@ -88,6 +95,10 @@ struct cupsd_job_s			/**** Job request *
 | ||||
|    int			progress;	/* Printing progress */ | ||||
|    int			num_keywords;	/* Number of PPD keywords */ | ||||
|    cups_option_t		*keywords;	/* PPD keywords */ | ||||
| @ -1844,9 +1851,9 @@ diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h | ||||
|  }; | ||||
|   | ||||
|  typedef struct cupsd_joblog_s		/**** Job log message ****/ | ||||
| diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
 | ||||
| --- cups-2.2.6/scheduler/main.c.lspp	2024-08-15 14:55:07.299819017 +0200
 | ||||
| +++ cups-2.2.6/scheduler/main.c	2024-08-15 14:55:07.316818790 +0200
 | ||||
| diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c
 | ||||
| --- cups-2.2.5/scheduler/main.c.lspp	2017-10-17 19:06:19.637228989 +0200
 | ||||
| +++ cups-2.2.5/scheduler/main.c	2017-10-17 19:08:26.642173026 +0200
 | ||||
| @@ -56,6 +56,9 @@
 | ||||
|  #  include <sys/param.h> | ||||
|  #endif /* HAVE_SYS_PARAM_H */ | ||||
| @ -1867,7 +1874,7 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c | ||||
|  #ifdef __APPLE__ | ||||
|    int			use_sysman = 1;	/* Use system management functions? */ | ||||
|  #else | ||||
| @@ -508,6 +514,25 @@ main(int  argc,				/* I - Number of comm
 | ||||
| @@ -516,6 +522,25 @@ main(int  argc,				/* I - Number of comm
 | ||||
|      exit(errno); | ||||
|    } | ||||
|   | ||||
| @ -1893,7 +1900,7 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c | ||||
|   /* | ||||
|    * Let the system know we are busy while we bring up cupsd... | ||||
|    */ | ||||
| @@ -1219,6 +1244,11 @@ main(int  argc,				/* I - Number of comm
 | ||||
| @@ -1227,6 +1252,11 @@ main(int  argc,				/* I - Number of comm
 | ||||
|   | ||||
|    cupsdStopSelect(); | ||||
|   | ||||
| @ -1905,10 +1912,19 @@ diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c | ||||
|    return (!stop_scheduler); | ||||
|  } | ||||
|   | ||||
| diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
 | ||||
| --- cups-2.2.6/scheduler/printers.c.lspp	2024-08-15 14:55:07.253819632 +0200
 | ||||
| +++ cups-2.2.6/scheduler/printers.c	2024-08-15 14:55:07.317818776 +0200
 | ||||
| @@ -35,6 +35,10 @@
 | ||||
| diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c
 | ||||
| --- cups-2.2.5/scheduler/printers.c.lspp	2017-10-17 19:06:19.587229404 +0200
 | ||||
| +++ cups-2.2.5/scheduler/printers.c	2017-10-17 19:06:19.697228490 +0200
 | ||||
| @@ -11,6 +11,8 @@
 | ||||
|   * missing or damaged, see the license at "http://www.cups.org/". | ||||
|   */ | ||||
|   | ||||
| +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
 | ||||
| +
 | ||||
|  /* | ||||
|   * Include necessary headers... | ||||
|   */ | ||||
| @@ -35,6 +37,10 @@
 | ||||
|  #  include <asl.h> | ||||
|  #endif /* __APPLE__ */ | ||||
|   | ||||
| @ -1919,7 +1935,7 @@ diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c | ||||
|   | ||||
|  /* | ||||
|   * Local functions... | ||||
| @@ -2212,6 +2216,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
 | ||||
| @@ -2212,6 +2218,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
 | ||||
|    ipp_attribute_t *attr;		/* Attribute data */ | ||||
|    char		*name,			/* Current user/group name */ | ||||
|  		*filter;		/* Current filter */ | ||||
| @ -1933,7 +1949,7 @@ diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c | ||||
|   | ||||
|   | ||||
|    DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, | ||||
| @@ -2339,6 +2350,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
 | ||||
| @@ -2339,6 +2352,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
 | ||||
|        attr->values[1].string.text = _cupsStrAlloc(Classification ? | ||||
|  	                                   Classification : p->job_sheets[1]); | ||||
|      } | ||||
|  | ||||
| @ -1,12 +0,0 @@ | ||||
| diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
 | ||||
| index c02412fb0..18b5e0386 100644
 | ||||
| --- a/scheduler/org.cups.cupsd.service.in
 | ||||
| +++ b/scheduler/org.cups.cupsd.service.in
 | ||||
| @@ -2,6 +2,7 @@
 | ||||
|  Description=CUPS Scheduler | ||||
|  Documentation=man:cupsd(8) | ||||
|  After=network.target nss-user-lookup.target | ||||
| +Requires=cups.socket
 | ||||
|   | ||||
|  [Service] | ||||
|  ExecStart=@sbindir@/cupsd -l | ||||
| @ -1,12 +0,0 @@ | ||||
| diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
 | ||||
| index 613b977a6..1deee826a 100644
 | ||||
| --- a/scheduler/org.cups.cupsd.socket.in
 | ||||
| +++ b/scheduler/org.cups.cupsd.socket.in
 | ||||
| @@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
 | ||||
|   | ||||
|  [Socket] | ||||
|  ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ | ||||
| +RemoveOnStop=on
 | ||||
|   | ||||
|  [Install] | ||||
|  WantedBy=sockets.target | ||||
| @ -22,7 +22,7 @@ Summary: CUPS printing system | ||||
| Name: cups | ||||
| Epoch: 1 | ||||
| Version: 2.2.6 | ||||
| Release: 63%{?dist} | ||||
| Release: 57%{?dist} | ||||
| License: GPLv2+ and LGPLv2 with exceptions and AML | ||||
| Url: http://www.cups.org/ | ||||
| Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz | ||||
| @ -170,29 +170,6 @@ Patch86: cups-preservejob-leak.patch | ||||
| Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch | ||||
| # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents | ||||
| Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/a436956 | ||||
| Patch89: 0001-Fix-domain-socket-handling.patch | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/pull/31 | ||||
| Patch90: cups-require-cups-socket.patch | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/3448c52 | ||||
| Patch91: cups-socket-remove-on-stop.patch | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/7adb508 | ||||
| # https://github.com/OpenPrinting/cups/commit/824f49f | ||||
| # https://github.com/OpenPrinting/cups/commit/56b9728 | ||||
| # https://github.com/OpenPrinting/cups/commit/74f437b | ||||
| # https://github.com/OpenPrinting/cups/commit/fb0c914 | ||||
| Patch92: cups-check-for-listeners.patch | ||||
| # RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file | ||||
| Patch93: 0001-mirror-ipp-everywhere-printer-changes-from-master.patch | ||||
| Patch94: 0001-refactor-make-and-model-code.patch | ||||
| Patch95: 0001-ppdize-preset-and-template-names.patch | ||||
| Patch96: 0001-Fix-make-and-model-whitespace-trimming-Issue-1096.patch | ||||
| # RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling | ||||
| Patch97: CVE-2025-58060.patch | ||||
| 
 | ||||
| Patch1000: cups-lspp.patch | ||||
| 
 | ||||
| @ -500,30 +477,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results. | ||||
| %patch87 -p1 -b .message-stderr | ||||
| # RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents | ||||
| %patch88 -p1 -b .cupsgetjobs-pollhup | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/a436956 | ||||
| %patch89 -p1 -b .cve2024-35235 | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/pull/31 | ||||
| %patch90 -p1 -b .cups-require-cups-socket | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/3448c52 | ||||
| %patch91 -p1 -b .cups-remove-on-stop | ||||
| # RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| # https://github.com/OpenPrinting/cups/commit/7adb508 | ||||
| # https://github.com/OpenPrinting/cups/commit/824f49f | ||||
| # https://github.com/OpenPrinting/cups/commit/56b9728 | ||||
| # https://github.com/OpenPrinting/cups/commit/74f437b | ||||
| # https://github.com/OpenPrinting/cups/commit/fb0c914 | ||||
| %patch92 -p1 -b .cups-check-for-listeners | ||||
| # RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file | ||||
| %patch93 -p1 -b .ippeve-validate | ||||
| %patch94 -p1 -b .make-model-refact | ||||
| %patch95 -p1 -b .ppdize-presets | ||||
| %patch96 -p1 -b .make-model-trim | ||||
| # RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling | ||||
| %patch97 -p1 -b .cve-2025-58060 | ||||
| 
 | ||||
| 
 | ||||
| sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in | ||||
| 
 | ||||
| @ -950,28 +903,6 @@ rm -f %{cups_serverbin}/backend/smb | ||||
| %{_mandir}/man5/ipptoolfile.5.gz | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Sep 04 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-63 | ||||
| - RHEL-112424 CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling | ||||
| 
 | ||||
| * Fri Oct 25 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-62 | ||||
| - RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file | ||||
| 
 | ||||
| * Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-61 | ||||
| - RHEL-54038 cups source rpm doesn't actually build lspp support | ||||
| - fix memory leaks caused by lspp | ||||
| 
 | ||||
| * Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com>  - 1:2.2.6-60 | ||||
| - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| - Delete the domain socket file after stopping the cups.socket service | ||||
| - Fix cupsd Listener checks | ||||
| 
 | ||||
| * Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59 | ||||
| - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| - Require cups.socket in cupsd service file | ||||
| 
 | ||||
| * Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-58 | ||||
| - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 | ||||
| 
 | ||||
| * Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57 | ||||
| - revert RHEL-19200 - no new subpackages are needed | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user