Compare commits

...

13 Commits

Author SHA1 Message Date
23e0ddf978 import UBI cups-2.2.6-61.el8_10 2024-11-05 01:48:58 +00:00
2ceea50d47 import UBI cups-2.2.6-60.el8_10 2024-07-02 19:43:24 +00:00
7e2b8b480c import UBI cups-2.2.6-57.el8 2024-05-22 14:48:42 +00:00
eabdullin
b1f8ca4f28 import UBI cups-2.2.6-54.el8_9 2023-11-14 19:51:11 +00:00
eabdullin
4991be94be import UBI cups-2.2.6-51.el8_8.2 2023-09-21 08:43:28 +00:00
eabdullin
f47bbf6a0a import UBI cups-2.2.6-51.el8_8.1 2023-08-30 01:53:35 +00:00
CentOS Sources
96a3eee944 import cups-2.2.6-51.el8 2023-05-16 08:03:30 +00:00
CentOS Sources
2ebcd8030e import cups-2.2.6-50.el8 2022-11-08 12:10:54 +00:00
CentOS Sources
92b1684eec import cups-2.2.6-45.el8_6.2 2022-06-15 12:23:14 +00:00
CentOS Sources
0c9d2a4f96 import cups-2.2.6-44.el8 2022-05-10 07:19:41 +00:00
CentOS Sources
c3aae9212f import cups-2.2.6-40.el8 2021-11-11 04:17:51 +00:00
CentOS Sources
2c88de634e import cups-2.2.6-38.el8 2021-09-09 15:50:03 +00:00
CentOS Sources
2e6d18d828 import cups-2.2.6-33.el8 2021-09-09 15:50:00 +00:00
46 changed files with 5754 additions and 184 deletions

View File

@ -0,0 +1,33 @@
diff -up cups-2.2.6/conf/cupsd.conf.in.idleexittimeout cups-2.2.6/conf/cupsd.conf.in
--- cups-2.2.6/conf/cupsd.conf.in.idleexittimeout 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.6/conf/cupsd.conf.in 2021-11-29 11:45:37.416058954 +0100
@@ -22,6 +22,9 @@ DefaultAuthType Basic
# Web interface setting...
WebInterface @CUPS_WEBIF@
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
+IdleExitTimeout @EXIT_TIMEOUT@
+
# Restrict access to the server...
<Location />
Order allow,deny
diff -up cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout cups-2.2.6/config-scripts/cups-defaults.m4
--- cups-2.2.6/config-scripts/cups-defaults.m4.idleexittimeout 2021-11-29 11:45:37.416058954 +0100
+++ cups-2.2.6/config-scripts/cups-defaults.m4 2021-11-29 11:46:31.680612421 +0100
@@ -425,3 +425,16 @@ esac
AC_SUBST(CUPS_WEBIF)
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_WEBIF, $CUPS_DEFAULT_WEBIF)
+
+dnl Set default value of IdleExitTimeout
+AC_ARG_WITH([idle_exit_timeout], AS_HELP_STRING([--with-idle-exit-timeout], [set the default value for IdleExitTimeout, default=60]), [
+ AS_IF([test "x$withval" = "xno"], [
+ EXIT_TIMEOUT=0
+ ], [
+ EXIT_TIMEOUT=$withval
+ ])
+], [
+ EXIT_TIMEOUT=60
+])
+
+AC_SUBST([EXIT_TIMEOUT])

View File

@ -0,0 +1,33 @@
diff -up cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec cups-2.3.3op2/config-scripts/cups-defaults.m4
--- cups-2.3.3op2/config-scripts/cups-defaults.m4.conf-timeoutstartsec 2021-11-29 13:50:14.568976028 +0100
+++ cups-2.3.3op2/config-scripts/cups-defaults.m4 2021-11-29 13:51:02.785567762 +0100
@@ -482,3 +482,18 @@ AC_ARG_WITH([idle_exit_timeout], AS_HELP
])
AC_SUBST([EXIT_TIMEOUT])
+
+dnl set TimeoutStartSec for cups.service
+dnl - if used as --without-*, it sets TimeoutStartSec to infinity
+AC_ARG_WITH([systemd-timeoutstartsec],
+ AS_HELP_STRING([--with-systemd-timeoutstartsec],
+ [set TimeoutStartSec value in cups.service, default=default value in systemd]), [
+ AS_IF([ test "x$withval" = "xno" ], [
+ TIMEOUTSTARTSEC="TimeoutStartSec=infinity"
+ ], [
+ TIMEOUTSTARTSEC="TimeoutStartSec=$withval"
+ ])
+], [
+ TIMEOUTSTARTSEC=""
+])
+AC_SUBST([TIMEOUTSTARTSEC])
diff -up cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec cups-2.3.3op2/scheduler/org.cups.cupsd.service.in
--- cups-2.3.3op2/scheduler/org.cups.cupsd.service.in.conf-timeoutstartsec 2021-11-29 13:50:14.551976172 +0100
+++ cups-2.3.3op2/scheduler/org.cups.cupsd.service.in 2021-11-29 13:50:14.568976028 +0100
@@ -8,6 +8,7 @@ Requires=cups.socket
ExecStart=@sbindir@/cupsd -l
Type=notify
Restart=on-failure
+@TIMEOUTSTARTSEC@
[Install]
Also=cups.socket cups.path

View File

@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

View File

@ -0,0 +1,86 @@
diff --git a/cups/http-addr.c b/cups/http-addr.c
index 61c86384b..e86dcb622 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -198,31 +198,29 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
{
mode_t mask; /* Umask setting */
- /*
- * Remove any existing domain socket file...
- */
-
- unlink(addr->un.sun_path);
-
- /*
- * Save the current umask and set it to 0 so that all users can access
- * the domain socket...
- */
-
- mask = umask(0);
-
- /*
- * Bind the domain socket...
- */
+ // Remove any existing domain socket file...
+ if ((status = unlink(addr->un.sun_path)) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to unlink \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ if (errno == ENOENT)
+ status = 0;
+ }
- status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr));
+ if (!status)
+ {
+ // Save the current umask and set it to 0 so that all users can access
+ // the domain socket...
+ mask = umask(0);
- /*
- * Restore the umask and fix permissions...
- */
+ // Bind the domain socket...
+ if ((status = bind(fd, (struct sockaddr *)addr, (socklen_t)httpAddrLength(addr))) < 0)
+ {
+ DEBUG_printf(("1httpAddrListen: Unable to bind domain socket \"%s\": %s", addr->un.sun_path, strerror(errno)));
+ }
- umask(mask);
- chmod(addr->un.sun_path, 0140777);
+ // Restore the umask...
+ umask(mask);
+ }
}
else
#endif /* AF_LOCAL */
diff --git a/scheduler/conf.c b/scheduler/conf.c
index bc52d2add..93de8cf77 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -3055,6 +3055,25 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
cupsd_listener_t *lis; /* New listeners array */
+ /*
+ * If we are launched on-demand, do not use domain sockets from the config
+ * file. Also check that the domain socket path is not too long...
+ */
+
+#ifdef HAVE_ONDEMAND
+ if (*value == '/' && OnDemand)
+ {
+ if (strcmp(value, CUPS_DEFAULT_DOMAINSOCKET))
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - only using domain socket from launchd/systemd.", line, value, linenum);
+ continue;
+ }
+#endif // HAVE_ONDEMAND
+
+ if (*value == '/' && strlen(value) > (sizeof(addr->addr.un.sun_path) - 1))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "Ignoring %s address %s at line %d - too long.", line, value, linenum);
+ continue;
+ }
/*
* Get the address list...

View File

@ -0,0 +1,43 @@
From 3e4dd41459dabc5d18edbe06eb5b81291885204b Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 5 Dec 2018 12:18:19 -0500
Subject: [PATCH] Fix handling of MaxJobTime 0 (Issue #5438)
---
CHANGES.md | 5 +++--
scheduler/job.c | 4 +++-
scheduler/printers.c | 2 +-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/scheduler/job.c b/scheduler/job.c
index 3cbe56aa8..638f256db 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -5148,8 +5148,10 @@ update_job(cupsd_job_t *job) /* I - Job to check */
if (cancel_after)
job->cancel_time = time(NULL) + ippGetInteger(cancel_after, 0);
- else
+ else if (MaxJobTime > 0)
job->cancel_time = time(NULL) + MaxJobTime;
+ else
+ job->cancel_time = 0;
}
}
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index bb99907ad..68239d85d 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -3370,7 +3370,7 @@ add_printer_defaults(cupsd_printer_t *p)/* I - Printer */
"document-format-default", NULL, "application/octet-stream");
if (!cupsGetOption("job-cancel-after", p->num_options, p->options))
- ippAddInteger(p->attrs, IPP_TAG_PRINTER, IPP_TAG_INTEGER,
+ ippAddInteger(p->attrs, IPP_TAG_PRINTER, MaxJobTime > 0 ? IPP_TAG_INTEGER : IPP_TAG_NOVALUE,
"job-cancel-after-default", MaxJobTime);
if (!cupsGetOption("job-hold-until", p->num_options, p->options))
--
2.31.1

View File

@ -0,0 +1,62 @@
From 9539c53065170e97836503074e770d7b5fbf9f83 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 16 Jul 2019 09:27:13 -0400
Subject: [PATCH] Fix lpadmin with cupsIPPSupplies and cupsSNMPSupplies (Issue
#5610)
---
CHANGES.md | 2 ++
systemv/lpadmin.c | 9 +++++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index f428368d4..ca6d386b2 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1467,6 +1467,7 @@ set_printer_options(
(boolval = cupsGetOption("cupsIPPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
wrote_ipp_supplies = 1;
cupsFilePrintf(out, "*cupsIPPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
@@ -1477,6 +1478,7 @@ set_printer_options(
(boolval = cupsGetOption("cupsSNMPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
wrote_snmp_supplies = 1;
cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
@@ -1537,6 +1539,8 @@ set_printer_options(
(boolval = cupsGetOption("cupsIPPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
+
cupsFilePrintf(out, "*cupsIPPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
!_cups_strcasecmp(boolval, "yes") ||
@@ -1547,6 +1551,8 @@ set_printer_options(
(boolval = cupsGetOption("cupsSNMPSupplies", num_options,
options)) != NULL)
{
+ ppdchanged = 1;
+
cupsFilePrintf(out, "*cupsSNMPSupplies: %s\n",
(!_cups_strcasecmp(boolval, "true") ||
!_cups_strcasecmp(boolval, "yes") ||
@@ -1561,8 +1567,7 @@ set_printer_options(
* Do the request...
*/
- ippDelete(cupsDoFileRequest(http, request, "/admin/",
- ppdchanged ? tempfile : file));
+ ippDelete(cupsDoFileRequest(http, request, "/admin/", ppdchanged ? tempfile : file));
/*
* Clean up temp files... (TODO: catch signals in case we CTRL-C during
--
2.31.1

View File

@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection
httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.
We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

View File

@ -0,0 +1,183 @@
From 2c030c7a06e0c2b8227c7e85f5c58dfb339731d0 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 15 Aug 2019 14:06:47 -0400
Subject: [PATCH] Multiple security/disclosure issues:
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
- Fixed IPP buffer overflow (rdar://50035411)
- Fixed memory disclosure issue in the scheduler (rdar://51373853)
- Fixed DoS issues in the scheduler (rdar://51373929)
diff --git a/cups/http.c b/cups/http.c
index 266a15791..fbb1bf13c 100644
--- a/cups/http.c
+++ b/cups/http.c
@@ -1860,7 +1860,7 @@ httpPrintf(http_t *http, /* I - HTTP connection */
...) /* I - Additional args as needed */
{
ssize_t bytes; /* Number of bytes to write */
- char buf[16384]; /* Buffer for formatted string */
+ char buf[65536]; /* Buffer for formatted string */
va_list ap; /* Variable argument pointer */
@@ -1872,7 +1872,12 @@ httpPrintf(http_t *http, /* I - HTTP connection */
DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf));
- if (http->data_encoding == HTTP_ENCODING_FIELDS)
+ if (bytes > (ssize_t)(sizeof(buf) - 1))
+ {
+ http->error = ENOMEM;
+ return (-1);
+ }
+ else if (http->data_encoding == HTTP_ENCODING_FIELDS)
return ((int)httpWrite2(http, buf, (size_t)bytes));
else
{
diff --git a/cups/ipp.c b/cups/ipp.c
index 6fae52a00..1bd59cef1 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -4550,9 +4550,7 @@ ippSetValueTag(
break;
case IPP_TAG_NAME :
- if (temp_tag != IPP_TAG_KEYWORD && temp_tag != IPP_TAG_URI &&
- temp_tag != IPP_TAG_URISCHEME && temp_tag != IPP_TAG_LANGUAGE &&
- temp_tag != IPP_TAG_MIMETYPE)
+ if (temp_tag != IPP_TAG_KEYWORD)
return (0);
(*attr)->value_tag = (ipp_tag_t)(IPP_TAG_NAME | ((*attr)->value_tag & IPP_TAG_CUPS_CONST));
@@ -4560,10 +4558,7 @@ ippSetValueTag(
case IPP_TAG_NAMELANG :
case IPP_TAG_TEXTLANG :
- if (value_tag == IPP_TAG_NAMELANG &&
- (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD &&
- temp_tag != IPP_TAG_URI && temp_tag != IPP_TAG_URISCHEME &&
- temp_tag != IPP_TAG_LANGUAGE && temp_tag != IPP_TAG_MIMETYPE))
+ if (value_tag == IPP_TAG_NAMELANG && (temp_tag != IPP_TAG_NAME && temp_tag != IPP_TAG_KEYWORD))
return (0);
if (value_tag == IPP_TAG_TEXTLANG && temp_tag != IPP_TAG_TEXT)
diff --git a/cups/snmp.c b/cups/snmp.c
index 5cefee454..1d9da01f2 100644
--- a/cups/snmp.c
+++ b/cups/snmp.c
@@ -1233,6 +1233,9 @@ asn1_get_integer(
int value; /* Integer value */
+ if (*buffer >= bufend)
+ return (0);
+
if (length > sizeof(int))
{
(*buffer) += length;
@@ -1259,6 +1262,9 @@ asn1_get_length(unsigned char **buffer, /* IO - Pointer in buffer */
unsigned length; /* Length */
+ if (*buffer >= bufend)
+ return (0);
+
length = **buffer;
(*buffer) ++;
@@ -1301,6 +1307,9 @@ asn1_get_oid(
int number; /* OID number */
+ if (*buffer >= bufend)
+ return (0);
+
valend = *buffer + length;
oidptr = oid;
oidend = oid + oidsize - 1;
@@ -1349,9 +1358,12 @@ asn1_get_packed(
int value; /* Value */
+ if (*buffer >= bufend)
+ return (0);
+
value = 0;
- while ((**buffer & 128) && *buffer < bufend)
+ while (*buffer < bufend && (**buffer & 128))
{
value = (value << 7) | (**buffer & 127);
(*buffer) ++;
@@ -1379,6 +1391,9 @@ asn1_get_string(
char *string, /* I - String buffer */
size_t strsize) /* I - String buffer size */
{
+ if (*buffer >= bufend)
+ return (NULL);
+
if (length > (unsigned)(bufend - *buffer))
length = (unsigned)(bufend - *buffer);
@@ -1421,6 +1436,9 @@ asn1_get_type(unsigned char **buffer, /* IO - Pointer in buffer */
int type; /* Type */
+ if (*buffer >= bufend)
+ return (0);
+
type = **buffer;
(*buffer) ++;
diff --git a/scheduler/client.c b/scheduler/client.c
index 923a6e67a..f693e7c49 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -564,6 +564,17 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdReadClient: error=%d, used=%d, state=%s, data_encoding=HTTP_ENCODING_%s, data_remaining=" CUPS_LLFMT ", request=%p(%s), file=%d", httpError(con->http), (int)httpGetReady(con->http), httpStateString(httpGetState(con->http)), httpIsChunked(con->http) ? "CHUNKED" : "LENGTH", CUPS_LLCAST httpGetRemaining(con->http), con->request, con->request ? ippStateString(ippGetState(con->request)) : "", con->file);
+ if (httpError(con->http) == EPIPE && !httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1)
+ {
+ /*
+ * Connection closed...
+ */
+
+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF.");
+ cupsdCloseClient(con);
+ return;
+ }
+
if (httpGetState(con->http) == HTTP_STATE_GET_SEND ||
httpGetState(con->http) == HTTP_STATE_POST_SEND ||
httpGetState(con->http) == HTTP_STATE_STATUS)
@@ -573,17 +584,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
* connection and we need to shut it down...
*/
- if (!httpGetReady(con->http) && recv(httpGetFd(con->http), buf, 1, MSG_PEEK) < 1)
- {
- /*
- * Connection closed...
- */
-
- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on EOF.");
- cupsdCloseClient(con);
- return;
- }
-
cupsdLogClient(con, CUPSD_LOG_DEBUG, "Closing on unexpected HTTP read state %s.", httpStateString(httpGetState(con->http)));
cupsdCloseClient(con);
return;
@@ -1950,6 +1950,7 @@ cupsdSendError(cupsd_client_t *con, /* I - Connection */
strlcpy(location, httpGetField(con->http, HTTP_FIELD_LOCATION), sizeof(location));
httpClearFields(con->http);
+ httpClearCookie(con->http);
httpSetField(con->http, HTTP_FIELD_LOCATION, location);
--
2.21.0

View File

@ -0,0 +1,31 @@
From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 6 Dec 2022 09:04:01 -0500
Subject: [PATCH] Require authentication for CUPS-Get-Document.
---
conf/cupsd.conf.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index b25884907..a07536f3e 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
--
2.41.0

View File

@ -0,0 +1,899 @@
From 4d6787bd98c2fac8dcc58f34125d299d82e622aa Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 2 May 2022 15:35:20 -0400
Subject: [PATCH] Update man pages for -h option (Issue #357)
---
CHANGES.md | 1 +
doc/help/man-cancel.html | 7 ++++---
doc/help/man-cupsctl.html | 7 ++++---
doc/help/man-ipptool.html | 6 ++++++
doc/help/man-lp.html | 9 +++++----
doc/help/man-lpinfo.html | 9 +++++----
doc/help/man-lpmove.html | 9 +++++----
doc/help/man-lpoptions.html | 17 +++++++++--------
doc/help/man-lpq.html | 5 +++--
doc/help/man-lpr.html | 5 +++--
doc/help/man-lprm.html | 6 +++---
doc/help/man-lpstat.html | 5 +++--
man/cancel.1 | 9 +++++----
man/cupsctl.8 | 9 +++++----
man/lp.1 | 11 ++++++-----
man/lpinfo.8 | 11 ++++++-----
man/lpmove.8 | 11 ++++++-----
man/lpoptions.1 | 19 ++++++++++---------
man/lpq.1 | 7 ++++---
man/lpr.1 | 7 ++++---
man/lprm.1 | 8 ++++----
man/lpstat.1 | 11 ++++++-----
22 files changed, 107 insertions(+), 82 deletions(-)
diff --git a/doc/help/man-cancel.html b/doc/help/man-cancel.html
index d51bb2b91..a0b52369c 100644
--- a/doc/help/man-cancel.html
+++ b/doc/help/man-cancel.html
@@ -12,6 +12,9 @@ cancel - cancel jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cancel</b>
[
+<b>-h</b>
+<i>hostname[:port]</i>
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -19,9 +22,6 @@ cancel - cancel jobs
] [
<b>-a</b>
] [
-<b>-h</b>
-<i>hostname[:port]</i>
-] [
<b>-u</b>
<i>username</i>
] [
@@ -46,6 +46,7 @@ destinations if none is provided.
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>hostname</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-U </b><i>username</i>
<dd style="margin-left: 5.0em">Specifies the username to use when connecting to the server.
<dt><b>-u </b><i>username</i>
diff --git a/doc/help/man-cupsctl.html b/doc/help/man-cupsctl.html
index b3f892ef9..e5c98dccb 100644
--- a/doc/help/man-cupsctl.html
+++ b/doc/help/man-cupsctl.html
@@ -12,14 +12,14 @@ cupsctl - configure cupsd.conf options
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cupsctl</b>
[
+<b>-h</b>
+<i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<b>:</b><i>port</i>]
-] [
<b>--</b>[<b>no-</b>]<b>debug-logging</b>
] [
<b>--</b>[<b>no-</b>]<b>remote-admin</b>
@@ -45,6 +45,7 @@ The following options are recognized:
<dd style="margin-left: 5.0em">Specifies an alternate username to use when authenticating with the scheduler.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies the server address.
+Note: This option must occur before all others.
<dt><b>--</b>[<b>no-</b>]<b>debug-logging</b>
<dd style="margin-left: 5.0em">Enables (disables) debug logging to the <i>error_log</i> file.
<dt><b>--</b>[<b>no-</b>]<b>remote-admin</b>
diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html
index 81f67d77f..688454c69 100644
--- a/doc/help/man-ipptool.html
+++ b/doc/help/man-ipptool.html
@@ -59,6 +59,8 @@ ipptool - perform internet printing protocol requests
<b>-i</b>
<i>seconds</i>
] [
+<b>-j</b>
+] [
<b>-n</b>
<i>repeat-count</i>
] [
@@ -150,6 +152,10 @@ This option is incompatible with the <b>-i</b> (interval) and <b>-n</b> (repeat-
<i>testfile</i>
should be repeated at the specified interval.
This option is incompatible with the <b>-X</b> (XML plist output) option.
+<dt><b>-j</b>
+<dd style="margin-left: 5.0em">Specifies that
+<b>ipptool</b>
+will produce JSON output.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Specifies that plain text output is desired.
<dt><b>-n</b><i> repeat-count</i>
diff --git a/doc/help/man-lp.html b/doc/help/man-lp.html
index f70c088d3..6442e900d 100644
--- a/doc/help/man-lp.html
+++ b/doc/help/man-lp.html
@@ -12,6 +12,8 @@ lp - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -21,8 +23,6 @@ lp - print files
] [
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-m</b>
] [
<b>-n</b>
@@ -51,6 +51,8 @@ lp - print files
<br>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -58,8 +60,6 @@ lp - print files
] [
<b>-c</b>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-i</b>
<i>job-id</i>
] [
@@ -106,6 +106,7 @@ In CUPS, print files are always sent to the scheduler via IPP which has the same
<dd style="margin-left: 5.0em">Prints files to the named printer.
<dt><b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Chooses an alternate server.
+Note: This option must occur before all others.
<dt><b>-i </b><i>job-id</i>
<dd style="margin-left: 5.0em">Specifies an existing job to modify.
<dt><b>-m</b>
diff --git a/doc/help/man-lpinfo.html b/doc/help/man-lpinfo.html
index a1aed9421..30df7691c 100644
--- a/doc/help/man-lpinfo.html
+++ b/doc/help/man-lpinfo.html
@@ -12,10 +12,10 @@ lpinfo - show available devices or drivers (deprecated)
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--device-id</b>
@@ -40,10 +40,10 @@ lpinfo - show available devices or drivers (deprecated)
<br>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--exclude-schemes</b>
@@ -66,6 +66,7 @@ The first form (<i>-m</i>) lists the available drivers, while the second form (<
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Selects an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a "long" listing of devices or drivers.
<dt><b>--device-id </b><i>device-id-string</i>
diff --git a/doc/help/man-lpmove.html b/doc/help/man-lpmove.html
index d8019ee25..b0db753f9 100644
--- a/doc/help/man-lpmove.html
+++ b/doc/help/man-lpmove.html
@@ -12,10 +12,10 @@ lpmove - move a job or all jobs to a new destination
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -24,10 +24,10 @@ lpmove - move a job or all jobs to a new destination
<br>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -44,6 +44,7 @@ The <b>lpmove</b> command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="EXAMPLES">Examples</a></h2>
Move job 123 from "oldprinter" to "newprinter":
diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html
index 6dda87f64..6af78290b 100644
--- a/doc/help/man-lpoptions.html
+++ b/doc/help/man-lpoptions.html
@@ -12,12 +12,12 @@
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
]
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
[
@@ -26,26 +26,26 @@
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-o </b><i>option</i>[<b>=</b><i>value</i>] ...
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-r</b>
@@ -53,12 +53,12 @@
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
-<b>-U</b>
-<i>username</i>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
+] [
+<b>-U</b>
+<i>username</i>
]
<b>-x </b><i>destination</i>[<b>/</b><i>instance</i>]
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
@@ -84,6 +84,7 @@
This option overrides the system default printer for the current user.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Uses an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Lists the printer specific options and their current settings.
<dt><b>-o </b><i>option</i>[<b>=</b><i>value</i>]
@@ -119,7 +120,7 @@
<a href="man-lprm.html?TOPIC=Man+Pages"><b>lprm</b>(1),</a>
CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright &copy; 2007-2017 by Apple Inc.
+Copyright &copy; 2021-2022 by OpenPrinting.
</body>
</html>
diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html
index 1c9e704ff..19e536d3c 100644
--- a/doc/help/man-lpq.html
+++ b/doc/help/man-lpq.html
@@ -12,13 +12,13 @@ lpq - show printer queue status
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpq</b>
[
+<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
-] [
<b>-P </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
<b>-a</b>
@@ -44,6 +44,7 @@ Jobs queued on the default destination will be shown if no printer or class is s
<dd style="margin-left: 5.0em">Reports jobs on all printers.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Requests a more verbose (long) reporting format.
</dl>
diff --git a/doc/help/man-lpr.html b/doc/help/man-lpr.html
index d044ab1a8..f9b19e1fe 100644
--- a/doc/help/man-lpr.html
+++ b/doc/help/man-lpr.html
@@ -12,10 +12,10 @@ lpr - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpr</b>
[
-<b>-E</b>
-] [
<b>-H </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
] [
@@ -67,6 +67,7 @@ The following options are recognized by <i>lpr</i>:
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-H </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-C "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-J "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-T "</b><i>name</i><b>"</b>
diff --git a/doc/help/man-lprm.html b/doc/help/man-lprm.html
index 7410320a3..dbe7f20de 100644
--- a/doc/help/man-lprm.html
+++ b/doc/help/man-lprm.html
@@ -12,14 +12,13 @@ lprm - cancel print jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lprm</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<i>:port</i>]
-] [
<b>-P</b>
<i>destination</i>[<i>/instance</i>]
] [
@@ -45,6 +44,7 @@ command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="CONFORMING_TO">Conforming To</a></h2>
The CUPS version of
diff --git a/doc/help/man-lpstat.html b/doc/help/man-lpstat.html
index f23089bbe..2c5dedc7c 100644
--- a/doc/help/man-lpstat.html
+++ b/doc/help/man-lpstat.html
@@ -12,6 +12,8 @@ lpstat - print cups status information
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpstat</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-H</b>
@@ -19,8 +21,6 @@ lpstat - print cups status information
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-l</b>
] [
<b>-W</b>
@@ -91,6 +91,7 @@ If no classes are specified then all classes are listed.
<dd style="margin-left: 5.0em">Shows all available destinations on the local network.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a long listing of printers, classes, or jobs.
<dt><b>-o </b>[<i>destination(s)</i>]
diff --git a/man/cancel.man b/man/cancel.man
index 34a5d9fc0..caea0ed69 100644
--- a/man/cancel.man
+++ b/man/cancel.man
@@ -10,12 +10,15 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cancel 1 "CUPS" "15 April 2014" "Apple Inc."
+.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cancel \- cancel jobs
.SH SYNOPSIS
.B cancel
[
+.B \-h
+.I hostname[:port]
+] [
.B \-E
] [
.B \-U
@@ -23,9 +26,6 @@
] [
.B \-a
] [
-.B \-h
-.I hostname[:port]
-] [
.B \-u
.I username
] [
@@ -52,6 +52,7 @@
.TP 5
\fB\-h \fIhostname\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-U \fIusername\fR
Specifies the username to use when connecting to the server.
diff --git a/man/cupsctl.man b/man/cupsctl.man
index 1b1ff4183..7e50d07ac 100644
--- a/man/cupsctl.man
+++ b/man/cupsctl.man
@@ -10,20 +10,20 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsctl 8 "CUPS" "30 May 2016" "Apple Inc."
+.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cupsctl \- configure cupsd.conf options
.SH SYNOPSIS
.B cupsctl
[
+.B \-h
+\fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-\fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
] [
\fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR
@@ -51,6 +51,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies the server address.
+Note: This option must occur before all others.
.TP 5
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
Enables (disables) debug logging to the \fIerror_log\fR file.
diff --git a/man/lp.man b/man/lp.man
index a54f904a5..4bdd2de7b 100644
--- a/man/lp.man
+++ b/man/lp.man
@@ -10,12 +10,14 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lp 1 "CUPS" "2 May 2016" "Apple Inc."
+.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lp \- print files
.SH SYNOPSIS
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -25,8 +27,6 @@
] [
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-m
] [
.B \-n
@@ -55,6 +55,8 @@
.br
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -62,8 +64,6 @@
] [
.B \-c
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-i
.I job-id
] [
@@ -115,6 +115,7 @@
.TP 5
\fB\-h \fIhostname\fR[\fB:\fIport\fR]
Chooses an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-i \fIjob-id\fR
Specifies an existing job to modify.
diff --git a/man/lpinfo.man b/man/lpinfo.man
index d238f9a60..d44b568d2 100644
--- a/man/lpinfo.man
+++ b/man/lpinfo.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpinfo 8 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpinfo \- show available devices or drivers
.SH SYNOPSIS
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-device\-id
@@ -44,10 +44,10 @@
.br
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-exclude\-schemes
@@ -71,6 +71,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Selects an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a "long" listing of devices or drivers.
diff --git a/man/lpmove.man b/man/lpmove.man
index af3c6b63c..62adba654 100644
--- a/man/lpmove.man
+++ b/man/lpmove.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpmove 8 "CUPS" "26 May 2016" "Apple Inc."
+.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpmove \- move a job or all jobs to a new destination
.SH SYNOPSIS
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -28,10 +28,10 @@
.br
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -50,6 +50,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH EXAMPLES
Move job 123 from "oldprinter" to "newprinter":
.nf
diff --git a/man/lpoptions.man.in b/man/lpoptions.man.in
index 372f46a37..2eb5b6010 100644
--- a/man/lpoptions.man.in
+++ b/man/lpoptions.man.in
@@ -10,18 +10,18 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpoptions 1 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpoptions \- display or set printer options and defaults
.SH SYNOPSIS
.B lpoptions
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
-] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
]
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
[
@@ -30,13 +30,13 @@
.br
.B lpoptions
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
\fB\-o \fIoption\fR[\fB=\fIvalue\fR] ...
@@ -43,13 +43,13 @@
.br
.B lpoptions
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
.B \-r
@@ -57,12 +57,12 @@
.br
.B lpoptions
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
-] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
]
\fB\-x \fIdestination\fR[\fB/\fIinstance\fR]
.SH DESCRIPTION
@@ -96,6 +96,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Uses an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Lists the printer specific options and their current settings.
diff --git a/man/lpq.man b/man/lpq.man
index ce23a6c81..a81633ecb 100644
--- a/man/lpq.man
+++ b/man/lpq.man
@@ -10,19 +10,19 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpq 1 "CUPS" "12 June 2014" "Apple Inc."
+.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpq \- show printer queue status
.SH SYNOPSIS
.B lpq
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-P \fIdestination\fR[\fB/\fIinstance\fR]
] [
.B \-a
@@ -53,6 +53,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Requests a more verbose (long) reporting format.
diff --git a/man/lpr.man b/man/lpr.man
index e5f9f9018..77a62b305 100644
--- a/man/lpr.man
+++ b/man/lpr.man
@@ -10,16 +10,16 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpr 1 "CUPS" "2 May 2016" "Apple Inc."
+.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpr \- print files
.SH SYNOPSIS
.B lpr
[
-.B \-E
-] [
\fB\-H \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
] [
@@ -72,6 +72,7 @@
.TP 5
\fB\-H \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-C "\fIname\fB"\fR
.TP 5
diff --git a/man/lprm.man b/man/lprm.man
index 094166539..0cf88ac51 100644
--- a/man/lprm.man
+++ b/man/lprm.man
@@ -10,20 +10,19 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lprm 1 "CUPS" "22 May 2014" "Apple Inc."
+.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lprm \- cancel print jobs
.SH SYNOPSIS
.B lprm
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-.IR server [ :port ]
-] [
.B \-P
.IR destination [ /instance ]
] [
@@ -52,6 +51,7 @@
.TP 5
\fB\-h \fIserver\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH CONFORMING TO
The CUPS version of
.B lprm
diff --git a/man/lpstat.man b/man/lpstat.man
index 0a10cd9bc..88acff7b3 100644
--- a/man/lpstat.man
+++ b/man/lpstat.man
@@ -1,8 +1,8 @@
.\"
.\" lpstat man page for CUPS.
.\"
-.\" Copyright 2007-2017 by Apple Inc.
-.\" Copyright 1997-2006 by Easy Software Products.
+.\" Copyright © 2007-2019 by Apple Inc.
+.\" Copyright © 1997-2006 by Easy Software Products.
.\"
.\" These coded instructions, statements, and computer programs are the
.\" property of Apple Inc. and are protected by Federal copyright
@@ -10,12 +10,14 @@
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH lpstat 1 "CUPS" "26 May 2017" "Apple Inc."
+.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpstat \- print cups status information
.SH SYNOPSIS
.B lpstat
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-H
@@ -23,8 +25,6 @@
.B \-U
.I username
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-l
] [
.B \-W
@@ -104,6 +104,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a long listing of printers, classes, or jobs.

View File

@ -0,0 +1,109 @@
From 7271db11d27fe436f0c743bed3be8a5c6f93f2c2 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 9 Apr 2018 09:50:19 -0400
Subject: [PATCH] Use cupsGetNamedDest for legacy printing APIs (Issue #5288)
---
cups/util.c | 59 +++++-----------------------
xcode/CUPS.xcodeproj/project.pbxproj | 6 ++-
2 files changed, 15 insertions(+), 50 deletions(-)
diff --git a/cups/util.c b/cups/util.c
index ebc54d3cf..b15963e9e 100644
--- a/cups/util.c
+++ b/cups/util.c
@@ -21,19 +22,6 @@
#endif /* WIN32 || __EMX__ */
-/*
- * Enumeration data and callback...
- */
-
-typedef struct _cups_createdata_s
-{
- const char *name; /* Destination name */
- cups_dest_t *dest; /* Matching destination */
-} _cups_createdata_t;
-
-static int cups_create_cb(_cups_createdata_t *data, unsigned flags, cups_dest_t *dest);
-
-
/*
* 'cupsCancelJob()' - Cancel a print job on the default server.
*
@@ -168,7 +156,7 @@ cupsCreateJob(
{
int job_id = 0; /* job-id value */
ipp_status_t status; /* Create-Job status */
- _cups_createdata_t data; /* Enumeration data */
+ cups_dest_t *dest; /* Destination */
cups_dinfo_t *info; /* Destination information */
@@ -188,12 +176,7 @@ cupsCreateJob(
* Lookup the destination...
*/
- data.name = name;
- data.dest = NULL;
-
- cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_create_cb, &data);
-
- if (!data.dest)
+ if ((dest = cupsGetNamedDest(http, name, NULL)) == NULL)
{
DEBUG_puts("1cupsCreateJob: Destination not found.");
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(ENOENT), 0);
@@ -205,18 +188,18 @@ cupsCreateJob(
*/
DEBUG_puts("1cupsCreateJob: Querying destination info.");
- if ((info = cupsCopyDestInfo(http, data.dest)) == NULL)
+ if ((info = cupsCopyDestInfo(http, dest)) == NULL)
{
DEBUG_puts("1cupsCreateJob: Query failed.");
- cupsFreeDests(1, data.dest);
+ cupsFreeDests(1, dest);
return (0);
}
- status = cupsCreateDestJob(http, data.dest, info, &job_id, title, num_options, options);
+ status = cupsCreateDestJob(http, dest, info, &job_id, title, num_options, options);
DEBUG_printf(("1cupsCreateJob: cupsCreateDestJob returned %04x (%s)", status, ippErrorString(status)));
cupsFreeDestInfo(info);
- cupsFreeDests(1, data.dest);
+ cupsFreeDests(1, dest);
/*
* Return the job...
@@ -968,25 +951,3 @@ cupsStartDocument(
return (status);
}
-
-/*
- * 'cups_create_cb()' - Find the destination for printing.
- */
-
-static int /* O - 0 on match */
-cups_create_cb(
- _cups_createdata_t *data, /* I - Data from cupsCreateJob call */
- unsigned flags, /* I - Enumeration flags */
- cups_dest_t *dest) /* I - Destination */
-{
- DEBUG_printf(("2cups_create_cb(data=%p(%s), flags=%08x, dest=%p(%s))", (void *)data, data->name, flags, (void *)dest, dest->name));
-
- (void)flags;
-
- if (dest->instance || strcasecmp(data->name, dest->name))
- return (1);
-
- cupsCopyDest(dest, 0, &data->dest);
-
- return (0);
-}
--
2.35.1

View File

@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)
The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.
This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

View File

@ -0,0 +1,16 @@
diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c
index 92f1501..7edc058 100644
--- a/cgi-bin/ipp-var.c
+++ b/cgi-bin/ipp-var.c
@@ -275,10 +275,7 @@ cgiMoveJobs(http_t *http, /* I - Connection to server */
*/
if ((user = getenv("REMOTE_USER")) == NULL)
- {
- puts("Status: 401\n");
- exit(0);
- }
+ user = "guest";
/*
* See if the user has already selected a new destination...

View File

@ -0,0 +1,65 @@
From 4ddeb8544e2e5c63a405d9e093ac24704f3deb03 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Tue, 21 Jul 2020 12:54:22 +0200
Subject: [PATCH] cups/dests.c: cupsGetNamedDest() - set
IPP_STATUS_ERROR_NOT_FOUND error if queue was not found lp.c/lpr.c: check for
IPP_STATUS_ERROR_NOT_FOUND and generate a proper message if hit
---
berkeley/lpr.c | 6 ++++++
cups/dest.c | 3 +++
systemv/lp.c | 6 ++++++
3 files changed, 15 insertions(+)
diff --git a/berkeley/lpr.c b/berkeley/lpr.c
index 627fa6a4e..a8f78b881 100644
--- a/berkeley/lpr.c
+++ b/berkeley/lpr.c
@@ -234,6 +234,12 @@ main(int argc, /* I - Number of command-line arguments */
_cupsLangPrintf(stderr, _("%s: Error - add '/version=1.1' to server name."), argv[0]);
return (1);
}
+ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND)
+ {
+ _cupsLangPrintf(stderr,
+ _("%s: Error - The printer or class does not exist."), argv[0]);
+ return (1);
+ }
break;
case '#' : /* Number of copies */
diff --git a/cups/dest.c b/cups/dest.c
index cde987a09..2017792a7 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -1839,7 +1839,10 @@ cupsGetNamedDest(http_t *http, /* I - Connection to server or @code CUPS_HTT
cupsEnumDests(0, 1000, NULL, 0, 0, (cups_dest_cb_t)cups_name_cb, &data);
if (!data.dest)
+ {
+ _cupsSetError(IPP_STATUS_ERROR_NOT_FOUND, _("The printer or class does not exist."), 1);
return (NULL);
+ }
dest = data.dest;
}
diff --git a/systemv/lp.c b/systemv/lp.c
index 298c15825..d918b4b14 100644
--- a/systemv/lp.c
+++ b/systemv/lp.c
@@ -161,6 +161,12 @@ main(int argc, /* I - Number of command-line arguments */
"name."), argv[0]);
return (1);
}
+ else if (cupsLastError() == IPP_STATUS_ERROR_NOT_FOUND)
+ {
+ _cupsLangPrintf(stderr,
+ _("%s: Error - The printer or class does not exist."), argv[0]);
+ return (1);
+ }
break;
case 'f' : /* Form */
--
2.31.1

View File

@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)
Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.
This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 5))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

View File

@ -0,0 +1,26 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.
---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

View File

@ -0,0 +1,55 @@
From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 6 Apr 2022 15:04:45 +0200
Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR
The current mode for `gnutls_bye()` in client use cases strictly
follows TLS v1.2 standard, which in this particular part says:
```
Unless some other fatal alert has been transmitted, each party is
required to send a close_notify alert before closing the write
side of the connection. The other party MUST respond with a
close_notify alert of its own and close down the connection immediately,
discarding any pending writes. It is not required for the initiator
of the close to wait for the responding close_notify alert before
closing the read side of the connection.
```
and waits for the other side of TLS connection to confirm the close.
Unfortunately it can undesired for reasons:
- we support switching of TLS versions in CUPS, and this mode strictly
follows TLS v1.2 - so for older version this behavior is not expected
and can cause delays
- even some TLS v1.2 implementations (like Windows Server 2016) don't
comply TLS v1.2 behavior even if it says it does - in that case,
encrypted printing takes 30s till HTTP timeout is reached, because the
other side didn't send confirmation
- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference,
so we could end up with two TLS implementations in CUPS which will
behave differently
Since the standard defines that waiting for confirmation is not required
and due the problems above, I would propose using GNUTLS_SHUT_WR mode
regardless of HTTP mode.
---
cups/tls-gnutls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index c55995b2b..f87b4f4df 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */
int error; /* Error code */
- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR);
if (error != GNUTLS_E_SUCCESS)
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
--
2.35.1

View File

@ -0,0 +1,43 @@
diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup 2023-12-19 18:25:15.484637450 +0100
+++ cups-2.2.6/cups/http-addrlist.c 2023-12-19 18:28:57.129163387 +0100
@@ -313,6 +313,39 @@ httpAddrConnect2(
{
# ifdef HAVE_POLL
DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
+
+# ifdef _WIN32
+ if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# else
+ if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# endif /* _WIN32 */
+ {
+ // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
+ // asynchronous connections. The solution seems to be to use getsockopt to
+ // check the SO_ERROR value and ignore the POLLHUP if there is no error or
+ // the error is EINPROGRESS.
+
+ int sres, /* Return value from getsockopt() - 0, or -1 if error */
+ serr; /* Option SO_ERROR value */
+ socklen_t slen = sizeof(serr); /* Option value size */
+
+ sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
+
+ if (sres || serr)
+ {
+ pfds[i].revents |= POLLERR;
+# ifdef DEBUG
+ DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
+# endif
+ }
+ else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
+ {
+ pfds[i].revents &= ~POLLHUP;
+ }
+ }
+
if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
# else
if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))

View File

@ -0,0 +1,35 @@
From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 26 May 2022 06:27:04 +0200
Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
CVE-2022-26691)
The previous algorithm didn't expect the strings can have a different
length, so one string can be a substring of the other and such substring
was reported as equal to the longer string.
---
CHANGES.md | 1 +
scheduler/cert.c | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/scheduler/cert.c b/scheduler/cert.c
index b268bf1b2..9b65b96c9 100644
--- a/scheduler/cert.c
+++ b/scheduler/cert.c
@@ -444,5 +444,12 @@ ctcompare(const char *a, /* I - First string */
b ++;
}
- return (result);
+ /*
+ * The while loop finishes when *a == '\0' or *b == '\0'
+ * so after the while loop either both *a and *b == '\0',
+ * or one points inside a string, so when we apply bitwise OR on *a,
+ * *b and result, we get a non-zero return value if the compared strings don't match.
+ */
+
+ return (result | *a | *b);
}
--
2.36.1

View File

@ -0,0 +1,36 @@
From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 1 Sep 2023 17:11:54 +0200
Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
cups-files.conf
In case cupsd can't open the cups-files.conf, the error message is lost
if journal and syslog don't exist or work on system (usually in
containers).
Log the error into stderr at this place to get the error message if
needed.
---
scheduler/conf.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/scheduler/conf.c b/scheduler/conf.c
index b18535162..4fa7eb1df 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
else
{
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#else
- syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+ fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
return (0);
}
--
2.41.0

View File

@ -0,0 +1,38 @@
From 08e9b6e1f8497a8159d6bd7cd6dc96ae79a2e704 Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Thu, 15 Jul 2021 16:26:27 -0700
Subject: [PATCH] scheduler/job.c: use gziptoany for raw files (not just raw
printers)
---
scheduler/job.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scheduler/job.c b/scheduler/job.c
index d8c2efcc6..b448acda5 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -501,6 +501,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
int backroot; /* Run backend as root? */
int pid; /* Process ID of new filter process */
int banner_page; /* 1 if banner page, 0 otherwise */
+ int raw_file; /* 1 if file type is vnd.cups-raw */
int filterfds[2][2] = { { -1, -1 }, { -1, -1 } };
/* Pipes used between filters */
int envc; /* Number of environment variables */
@@ -746,8 +747,11 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
* Add decompression/raw filter as needed...
*/
+ raw_file = !strcmp(job->filetypes[job->current_file]->super, "application") &&
+ !strcmp(job->filetypes[job->current_file]->type, "vnd.cups-raw");
+
if ((job->compressions[job->current_file] && (!job->printer->remote || job->num_files == 1)) ||
- (!job->printer->remote && job->printer->raw && job->num_files > 1))
+ (!job->printer->remote && (job->printer->raw || raw_file) && job->num_files > 1))
{
/*
* Add gziptoany filter to the front of the list...
--
2.31.1

View File

@ -0,0 +1,10 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index 307d69b..add238b 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -10,4 +10,4 @@ Restart=on-failure
[Install]
Also=cups.socket cups.path
-WantedBy=printer.target
+WantedBy=printer.target multi-user.target

View File

@ -0,0 +1,94 @@
diff --git a/scheduler/conf.c b/scheduler/conf.c
index c113eb3..77ce179 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -573,6 +573,18 @@ cupsdReadConfiguration(void)
cupsdDeleteAllListeners();
+ /*
+ * Allocate Listeners array
+ */
+
+ Listeners = cupsArrayNew(NULL, NULL);
+
+ if (!Listeners)
+ {
+ fprintf(stderr, "Unable to allocate memory for array Listeners.\n");
+ return (0);
+ }
+
old_remote_port = RemotePort;
RemotePort = 0;
@@ -1080,28 +1092,6 @@ cupsdReadConfiguration(void)
}
}
- /*
- * Check that we have at least one listen/port line; if not, report this
- * as an error and exit!
- */
-
- if (cupsArrayCount(Listeners) == 0)
- {
- /*
- * No listeners!
- */
-
- cupsdLogMessage(CUPSD_LOG_EMERG,
- "No valid Listen or Port lines were found in the "
- "configuration file.");
-
- /*
- * Commit suicide...
- */
-
- cupsdEndProcess(getpid(), 0);
- }
-
/*
* Set the default locale using the language and charset...
*/
@@ -3162,17 +3152,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
* Allocate another listener...
*/
- if (!Listeners)
- Listeners = cupsArrayNew(NULL, NULL);
-
- if (!Listeners)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate %s at line %d - %s.",
- line, linenum, strerror(errno));
- break;
- }
-
if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
diff --git a/scheduler/main.c b/scheduler/main.c
index a6e2c3a..b935c52 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -2113,6 +2113,21 @@ service_checkin(void)
service_add_listener(fd, 0);
}
#endif /* HAVE_LAUNCHD */
+
+ if (cupsArrayCount(Listeners) == 0)
+ {
+ /*
+ * No listeners!
+ */
+
+ cupsdLogMessage(CUPSD_LOG_EMERG, "No listener sockets present.");
+
+ /*
+ * Commit suicide...
+ */
+
+ cupsdEndProcess(getpid(), 0);
+ }
}

View File

@ -0,0 +1,12 @@
diff -Napur cups-2.2.6-old/scheduler/job.c cups-2.2.6-new/scheduler/job.c
--- cups-2.2.6-old/scheduler/job.c 2022-04-12 17:32:00.635282080 -0700
+++ cups-2.2.6-new/scheduler/job.c 2022-04-12 17:33:34.349452614 -0700
@@ -474,7 +474,7 @@ cupsdCleanJobs(void)
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history.");
cupsdDeleteJob(job, CUPSD_JOB_PURGE);
}
- else if (job->file_time && job->file_time <= curtime)
+ else if (job->file_time && job->file_time <= curtime && job->num_files > 0)
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files.");
remove_job_files(job);

View File

@ -0,0 +1,61 @@
Fix for CVE-2020-10001, which is a bug in the CUPS ippReadIO function when it
reads tagged string values (nameWithLanguage and textWithLanguage). The
previous code verified that the length of the sub-strings (language identifier
and name/text value) did not exceed the size of the allocated buffer (1 byte
larger than the maximum IPP value size of 32767 bytes), but did not validate
against the length of the actual IPP value.
The issues introduced by this vulnerability include:
- Potential information disclosure by copying uninitialized areas of memory into
an IPP string value.
- Potential Denial of Service by supplying/using invalid string values when
strict validation has been disabled by the system administrator.
This change ensures that:
1. The language identifier does not extend beyond the end of the IPP value.
2. The length of the name/text string is within the IPP value.
3. The name/text string is within the IPP value.
diff --git a/cups/ipp.c b/cups/ipp.c
index 3d529346c..adbb26fba 100644
--- a/cups/ipp.c
+++ b/cups/ipp.c
@@ -2866,7 +2866,8 @@ ippReadIO(void *src, /* I - Data source */
unsigned char *buffer, /* Data buffer */
string[IPP_MAX_TEXT],
/* Small string buffer */
- *bufptr; /* Pointer into buffer */
+ *bufptr, /* Pointer into buffer */
+ *bufend; /* End of buffer */
ipp_attribute_t *attr; /* Current attribute */
ipp_tag_t tag; /* Current tag */
ipp_tag_t value_tag; /* Current value tag */
@@ -3441,6 +3442,7 @@ ippReadIO(void *src, /* I - Data source */
}
bufptr = buffer;
+ bufend = buffer + n;
/*
* text-with-language and name-with-language are composite
@@ -3454,7 +3456,7 @@ ippReadIO(void *src, /* I - Data source */
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE) || n >= (int)sizeof(string))
+ if ((bufptr + 2 + n + 2) > bufend || n >= (int)sizeof(string))
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP language length overflows value."), 1);
@@ -3481,7 +3483,7 @@ ippReadIO(void *src, /* I - Data source */
bufptr += 2 + n;
n = (bufptr[0] << 8) | bufptr[1];
- if ((bufptr + 2 + n) >= (buffer + IPP_BUF_SIZE))
+ if ((bufptr + 2 + n) > bufend)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL,
_("IPP string length overflows value."), 1);

View File

@ -0,0 +1,13 @@
diff --git a/scheduler/main.c b/scheduler/main.c
index 592531a..a6e2c3a 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -947,7 +947,7 @@ main(int argc, /* I - Number of command-line args */
* Write dirty config/state files...
*/
- if (DirtyCleanTime && current_time >= DirtyCleanTime && cupsArrayCount(Clients) == 0)
+ if (DirtyCleanTime && current_time >= DirtyCleanTime)
cupsdCleanDirty();
#ifdef __APPLE__

View File

@ -0,0 +1,13 @@
diff --git a/scheduler/client.c b/scheduler/client.c
index bf284e6..0382b01 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1011,8 +1011,6 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
}
httpClearFields(con->http);
- httpSetField(con->http, HTTP_FIELD_ALLOW,
- "GET, HEAD, OPTIONS, POST, PUT");
httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0");
if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE))

View File

@ -0,0 +1,25 @@
diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c
index e4ffc3d..a989055 100644
--- a/cups/http-addrlist.c
+++ b/cups/http-addrlist.c
@@ -240,7 +240,10 @@ httpAddrConnect2(
}
if (!addrlist && nfds == 0)
+ {
+ errno = EHOSTDOWN;
break;
+ }
/*
* See if we can connect to any of the addresses so far...
@@ -371,6 +374,9 @@ httpAddrConnect2(
remaining -= 250;
}
+ if (remaining <= 0)
+ errno = ETIMEDOUT;
+
while (nfds > 0)
{
nfds --;

View File

@ -0,0 +1,877 @@
diff --git a/backend/Makefile b/backend/Makefile
index 3038682..6642016 100644
--- a/backend/Makefile
+++ b/backend/Makefile
@@ -28,6 +28,7 @@ include ../Makedefs
RBACKENDS = \
ipp \
lpd \
+ failover \
$(DNSSD_BACKEND)
UBACKENDS = \
snmp \
@@ -51,6 +52,7 @@ LIBOBJS = \
OBJS = \
ipp.o \
lpd.o \
+ failover.o \
dnssd.o \
snmp.o \
socket.o \
@@ -275,6 +277,13 @@ lpd: lpd.o ../cups/$(LIBCUPS) libbackend.a
echo Linking $@...
$(LD_CC) $(LDFLAGS) -o lpd lpd.o libbackend.a $(LIBS)
+#
+# failover
+#
+
+failover: failover.o ../cups/$(LIBCUPS) libbackend.a
+ echo Linking $@...
+ $(LD_CC) $(LDFLAGS) -o failover failover.o libbackend.a $(LIBS)
#
# snmp
diff --git a/backend/failover.c b/backend/failover.c
new file mode 100644
index 0000000..9affd8f
--- /dev/null
+++ b/backend/failover.c
@@ -0,0 +1,837 @@
+/*
+ * Failover Backend for the Common UNIX Printing System (CUPS).
+ *
+ * Copyright (c) 2014, Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of Red Hat, Inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT,
+ * INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Original version by Clark Hale, Red Hat, Inc.
+ *
+ * This backend presents a fake printer that will choose the first
+ * available printer from a list of IPP URIs.
+ *
+ * Option failover contains a comma separated list of IPP URIs. The
+ * URIs are attempted in-order.
+ *
+ * Option failover-retries contains an integer that indicates how many
+ * times to iterate through the failover list before completely
+ * failing.
+ *
+ * Contents:
+ * main() - Checks each printer in a failover list, and
+ * sends job data to the first available printer
+ * move_job() - Sends and IPP Move-Job request
+ * check_printer() - Checks a printer's attributes to see
+ * if it's enabled and accepting jobs
+ * read_config() - Read the backends configuration from
+ * options
+ * get_printer_attributes() - Sends an IPP Get-Attributes request to
+ * a URI
+ * sigterm_handler() - Handle SIGTERM that cancels the job
+ * password_cb() - Password call back used to disable password
+ * prompt
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <cups/http-private.h>
+#include <cups/http.h>
+#include "backend-private.h"
+
+/*
+ * Return Values
+ */
+typedef enum fo_state_e
+{
+ FO_PRINTER_GOOD = 0,
+ FO_PRINTER_BAD,
+ FO_PRINTER_BUSY,
+ FO_AUTH_REQUIRED
+} fo_state_t;
+
+/*
+ * Constants
+ */
+#define FAILOVER_DEFAULT_RETRIES (3)
+#define FAILOVER_PASSWORD_RETRIES_MAX (3)
+
+/*
+ * Local Functions
+ */
+static int check_printer(const char *device_uri);
+static int read_config(cups_array_t *printer_array, int *retries,
+ const char *options);
+static int get_printer_attributes(const char *device_uri,
+ ipp_t **attributes);
+static int move_job(int jobid, const char *dest);
+static void sigterm_handler(int sig);
+static const char *password_cb(const char *);
+
+/*
+ * Global Variables
+ */
+static int job_canceled = 0; /* Job canceled */
+static char *password = NULL; /* password for device */
+static int password_retries = 0;
+static const char *auth_info_required = "none";
+
+/*
+ * 'main()' - Checks each printer in a failover list, and
+ * sends job data to the first available printer
+ * Usage:
+ * printer-uri job-id user title copies options [file]
+ *
+ * The printer-uri option is not used, but it still required to fit
+ * to the backend(7) standards.
+ */
+int
+main(int argc, char *argv[])
+{
+ const char *selected_uri = NULL; /* URI of selected printer */
+ const char *tmp_device_uri; /* Device URI to check */
+ cups_array_t *printer_array; /* Array of available printers */
+ int printer_count = 0; /* current printer array index */
+ int retry_max = 1; /* maximum retries before exit */
+ int retry_count = 0; /* current retry number */
+ int auth_failed_count = 0; /* auth failures per loop */
+ int rc = CUPS_BACKEND_OK;
+#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
+ struct sigaction action; /* Actions for POSIX signals */
+#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
+
+ /*
+ * Check args
+ */
+ if (argc == 1)
+ {
+ /*
+ * print out discovery data
+ */
+ char *backendName;
+
+ if ((backendName = strrchr(argv[0], '/')) != NULL)
+ backendName++;
+ else
+ backendName = argv[0];
+
+ _cupsLangPrintf(stderr,"network %s \"Unknown\" \"%s (%s)\"\n",
+ backendName,
+ _cupsLangString(cupsLangDefault(), _("Failover Printer")),
+ backendName);
+
+ return (CUPS_BACKEND_OK);
+ }
+ else if (argc < 6)
+ {
+ _cupsLangPrintf(stderr,
+ _("Usage: %s job-id user title copies options [file]"),
+ argv[0]);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ fprintf(stderr, "DEBUG: Failover backend starting up.\n");
+
+ /*
+ * Don't buffer status messages
+ */
+ setbuf(stderr, NULL);
+
+ /*
+ * Ignore SIGPIPE and catch SIGTERM signals...
+ */
+#ifdef HAVE_SIGSET
+ sigset(SIGPIPE, SIG_IGN);
+ sigset(SIGTERM, sigterm_handler);
+#elif defined(HAVE_SIGACTION)
+ memset(&action, 0, sizeof(action));
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+
+ sigemptyset(&action.sa_mask);
+ sigaddset(&action.sa_mask, SIGTERM);
+ action.sa_handler = sigterm_handler;
+ sigaction(SIGTERM, &action, NULL);
+#else
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGTERM, sigterm_handler);
+#endif /* HAVE_SIGSET */
+
+ printer_array = cupsArrayNew(NULL, NULL);
+
+ /*
+ * Read Configuration
+ */
+ if ((rc = read_config(printer_array, &retry_max,
+ argv[5])) != CUPS_BACKEND_OK)
+ {
+ fprintf(stderr, "ERROR: Failed to read configuration options!\n");
+ goto cleanup;
+ }
+
+ /*
+ * Main Retry Loop
+ */
+ for (retry_count = 0; retry_count < retry_max; retry_count++)
+ {
+ fprintf(stderr, "DEBUG: Retry loop #%d\n", retry_count + 1);
+
+ /*
+ * Reset Counters
+ */
+ printer_count = 0;
+ auth_failed_count = 0;
+
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
+
+ do
+ {
+ if (job_canceled)
+ {
+ fprintf(stderr, "DEBUG: Job Canceled\n");
+ goto cleanup;
+ }
+
+ fprintf(stderr,"DEBUG: Checking printer #%d: %s\n",
+ printer_count+1, tmp_device_uri);
+
+ rc = check_printer(tmp_device_uri);
+
+ // Printer is available and not busy.
+ if ( rc == FO_PRINTER_GOOD )
+ {
+ selected_uri = tmp_device_uri;
+ break;
+ }
+ // Printer is busy
+ else if (rc == FO_PRINTER_BUSY)
+ {
+ fprintf(stderr, "DEBUG: Waiting for job to complete.\n");
+ sleep(2);
+ continue;
+ }
+ // Authorization is required to access the printer.
+ else if (rc == FO_AUTH_REQUIRED)
+ {
+ auth_failed_count++;
+ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count);
+ }
+ // Printer is stopped or not accepting jobs
+ else
+ {
+ if (!printer_count)
+ fprintf(stderr, "INFO: Primary Printer, %s, not available. "
+ "Attempting Failovers...\n",
+ tmp_device_uri);
+ else
+ fprintf(stderr, "INFO: Failover Printer, %s, not available. "
+ "Attempting Failovers..\n",
+ tmp_device_uri);
+ printer_count++;
+ tmp_device_uri = (char *)cupsArrayNext(printer_array);
+ }
+ } while (tmp_device_uri != NULL);
+
+ if (selected_uri && !printer_count)
+ fprintf(stderr, "STATE: -primary-printer-failed\n");
+ else
+ fprintf(stderr, "STATE: +primary-printer-failed\n");
+
+ if (job_canceled)
+ {
+ fprintf(stderr, "DEBUG: Job Canceled\n");
+ goto cleanup;
+ }
+
+ if (!selected_uri && auth_failed_count == printer_count)
+ {
+ fprintf(stderr, "ERROR: All failover printers failed with "
+ "authorization issues.\n");
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
+ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
+ goto cleanup;
+ }
+ else if (!selected_uri && retry_count + 1 < retry_max)
+ {
+ fprintf(stderr, "INFO: No suitable printer found...retrying...\n");
+ sleep(2);
+ continue;
+ }
+ else if (selected_uri)
+ {
+ fprintf(stderr, "DEBUG: Using printer, %s.\n", selected_uri);
+ break;
+ }
+ }
+
+ if (!selected_uri)
+ {
+ fprintf(stderr, "ERROR: No suitable printer found. Aborting print\n");
+ rc = CUPS_BACKEND_FAILED;
+ goto cleanup;
+ }
+
+ rc = move_job(atoi(argv[1]), selected_uri);
+
+ if (job_canceled)
+ rc = CUPS_BACKEND_OK;
+
+cleanup :
+ if (job_canceled)
+ rc = CUPS_BACKEND_OK;
+
+ tmp_device_uri = (char *)cupsArrayFirst(printer_array);
+ do
+ {
+ free((void *)tmp_device_uri);
+ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL);
+
+ cupsArrayDelete(printer_array);
+ sleep(2);
+ return (rc);
+}
+
+/*
+ * 'check_printer()' - Checks the status of a remote printer and returns
+ * back a good/bad/busy status.
+ */
+int
+check_printer(const char *device_uri)
+{
+ ipp_t *attributes = NULL; /* attributes for device_uri */
+ ipp_attribute_t *tmp_attribute; /* for examining attribs */
+ int rc = FO_PRINTER_GOOD; /* return code */
+ char *reason; /* printer state reason */
+ int i;
+
+ fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri);
+
+ rc = get_printer_attributes(device_uri, &attributes);
+ if ( rc != CUPS_BACKEND_OK )
+ {
+ fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n",
+ device_uri);
+ if ( rc == CUPS_BACKEND_AUTH_REQUIRED )
+ return (FO_AUTH_REQUIRED);
+ else
+ return (FO_PRINTER_BAD);
+ }
+
+ /*
+ * Check if printer is accepting jobs
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes,
+ "printer-is-accepting-jobs",
+ IPP_TAG_BOOLEAN)) != NULL &&
+ !tmp_attribute->values[0].boolean)
+ {
+ fprintf(stderr,
+ "DEBUG: Printer, %s, is not accepting jobs.\n",
+ device_uri);
+
+ rc = FO_PRINTER_BAD;
+ }
+
+ /*
+ * Check if printer is stopped or busy processing
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes,
+ "printer-state",
+ IPP_TAG_ENUM)) != NULL)
+ {
+ // Printer Stopped
+ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED )
+ {
+ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri);
+ rc = FO_PRINTER_BAD;
+ }
+ // Printer Busy
+ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING )
+ {
+ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri);
+ rc = FO_PRINTER_BUSY;
+ }
+ }
+
+ /*
+ * Parse through the printer-state-reasons
+ */
+ if ((tmp_attribute = ippFindAttribute(attributes, "printer-state-reasons",
+ IPP_TAG_KEYWORD)) != NULL)
+ {
+ for (i = 0; i < tmp_attribute->num_values; i++)
+ {
+ reason = tmp_attribute->values[i].string.text;
+ int len = strlen(reason);
+
+ if (len > 8 && !strcmp(reason + len - 8, "-warning"))
+ {
+ fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason);
+ rc = FO_PRINTER_BAD;
+ }
+ else if (len > 6 && !strcmp(reason + len - 6, "-error"))
+ {
+ fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason);
+ rc = FO_PRINTER_BAD;
+ }
+ }
+ }
+
+ return (rc);
+}
+
+/*
+ * 'read_config()' - Parses the failover and failover-retries options
+ *
+ */
+static int
+read_config(cups_array_t *printer_array, int *retries, const char *options)
+{
+
+ const char *tmp; /* temporary ptr */
+ char *tok_tmp; /* temporary ptr for option parsing */
+ int jobopts_count = 0; /* number of options */
+ cups_option_t *jobopts = NULL; /* job options */
+
+
+ fprintf(stderr, "DEBUG: Reading Configuration.\n");
+ jobopts_count = cupsParseOptions(options, 0, &jobopts);
+
+ if (!jobopts_count)
+ {
+ fprintf(stderr,
+ "ERROR: No job options! Cannot find failover options!\n");
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Get attributes from the primary printer
+ */
+ fprintf(stderr, "DEBUG: Searching for failover option.\n");
+
+ if ((tmp = cupsGetOption("failover", jobopts_count, jobopts)) != NULL)
+ {
+ fprintf(stderr, "DEBUG: Failover option contents: %s.\n", tmp);
+
+ tok_tmp = strdup(tmp);
+
+ tmp = strtok(tok_tmp, ",");
+ do
+ {
+ cupsArrayAdd(printer_array, strdup(tmp));
+ } while ((tmp = strtok(NULL,",")) != NULL);
+
+ free(tok_tmp);
+ }
+ else
+ {
+ /*
+ * The queue is misconfigured, so return back CUPS_BACKEND_STOP
+ */
+ fprintf(stderr, "ERROR: failover option not specified!\n");
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Get the failover-retries value, if it exists.
+ */
+ fprintf(stderr, "DEBUG: Searching for failover-retries option.\n");
+
+ if ((tmp = cupsGetOption("failover-retries",
+ jobopts_count, jobopts)) != NULL)
+ {
+ fprintf(stderr, "DEBUG: failover-retries option contents: %s.\n", tmp);
+ *retries = atoi(tmp);
+ }
+ else
+ {
+ *retries = FAILOVER_DEFAULT_RETRIES;
+ fprintf(stderr, "DEBUG: Failed to get failover-retries option\n");
+ fprintf(stderr, "DEBUG: Defaulted to %d retries\n", *retries);
+ }
+
+ return (CUPS_BACKEND_OK);
+}
+
+/*
+ * 'get_printer_attributes()' - Sends an IPP Get-Attributes request to
+ * a URI
+ */
+int
+get_printer_attributes(const char *device_uri, ipp_t **attributes)
+{
+ char uri[HTTP_MAX_URI]; /* Updated URI without login */
+ int version; /* IPP version */
+ char scheme[256]; /* Scheme in URI */
+ ipp_status_t ipp_status; /* Status of IPP request */
+ char hostname[1024]; /* Hostname */
+ char resource[1024]; /* Resource infoo */
+ char addrname[256]; /* Address name */
+ int port; /* IPP Port number */
+ char portname[255]; /* Port as string */
+ http_t *http; /* HTTP connection */
+ ipp_t *request; /* IPP request */
+ int rc = CUPS_BACKEND_OK; /* Return Code */
+ char username[256]; /* Username for device URI */
+ char *option_ptr; /* for parsing resource opts */
+ const char * const pattrs[] = /* Printer attributes wanted */
+ {
+ "printer-is-accepting-jobs",
+ "printer-state",
+ "printer-state-reasons"
+ };
+
+ if (job_canceled)
+ return (CUPS_BACKEND_OK);
+
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
+ fprintf(stderr, "DEBUG: Device URL %s.\n", device_uri);
+
+ /*
+ * Parse device_uri
+ */
+ if (httpSeparateURI(HTTP_URI_CODING_ALL, device_uri, scheme, sizeof(scheme),
+ username, sizeof(username), hostname, sizeof(hostname),
+ &port, resource, sizeof(resource)) != HTTP_URI_OK)
+ {
+ fprintf(stderr, "ERROR: Problem parsing device_uri, %s\n", device_uri);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ if (!port)
+ port = IPP_PORT;
+
+ sprintf(portname, "%d", port);
+
+ fprintf(stderr, "DEBUG: Getting Printer Attributes.\n");
+
+ /*
+ * Configure password
+ */
+ cupsSetPasswordCB(password_cb);
+
+ /*
+ * reset, in case a previous attempt for
+ * another printer left residue
+ */
+ cupsSetUser(NULL);
+ password = NULL;
+ password_retries = 0;
+
+ if (*username)
+ {
+ if ((password = strchr(username, ':')) != NULL)
+ {
+ *password = '\0';
+ password++;
+ }
+
+ cupsSetUser(username);
+ }
+ else if (!getuid())
+ {
+ const char *username_env;
+
+ if ((username_env = getenv("AUTH_USERNAME")) != NULL)
+ {
+ cupsSetUser(username_env);
+ password = getenv("AUTH_PASSWORD");
+ }
+ }
+
+ /*
+ * Try connecting to the remote server...
+ */
+ fprintf(stderr, "DEBUG: Connecting to %s:%d\n", hostname, port);
+ _cupsLangPuts(stderr, _("INFO: Connecting to printer...\n"));
+
+ http = httpConnectEncrypt(hostname, port, cupsEncryption());
+
+ /*
+ * Deal the socket not being open.
+ */
+ if (!http)
+ {
+ int error = errno; /* Connection error */
+
+ switch (error)
+ {
+ case EHOSTDOWN :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "The printer may not exist or "
+ "is unavailable at this time.\n"));
+ break;
+ case EHOSTUNREACH :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "The printer is unreachable at this "
+ "time.\n"));
+ break;
+ case ECONNREFUSED :
+ _cupsLangPuts(stderr, _("WARNING: "
+ "Connection Refused.\n"));
+ break;
+ default :
+ fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno));
+ break;
+ }
+
+ rc = CUPS_BACKEND_FAILED;
+ sleep(5);
+ goto prt_available_cleanup;
+ }
+
+
+#ifdef AF_INET6
+ if (http->hostaddr->addr.sa_family == AF_INET6)
+ fprintf(stderr, "DEBUG: Connected to [%s]:%d (IPv6)...\n",
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
+ ntohs(http->hostaddr->ipv6.sin6_port));
+ else
+#endif /* AF_INET6 */
+ if (http->hostaddr->addr.sa_family == AF_INET)
+ fprintf(stderr, "DEBUG: Connected to %s:%d (IPv4)...\n",
+ httpAddrString(http->hostaddr, addrname, sizeof(addrname)),
+ ntohs(http->hostaddr->ipv4.sin_port));
+
+ /*
+ * Search the resource string for options.
+ * We only care about version, for the moment.
+ */
+ version = 11;
+
+ if ((option_ptr = strchr(resource, '?')) != NULL)
+ {
+ *option_ptr++ = '\0';
+
+ if ((option_ptr = strstr(option_ptr, "version="))!=NULL)
+ {
+ int minor; /* minor version from URI */
+ int major; /* major version from URI */
+ char *version_str; /* ipp version */
+
+ option_ptr += 8;
+ version_str = option_ptr;
+
+ while (*option_ptr && *option_ptr != '&' && *option_ptr != '+')
+ option_ptr++;
+
+ if (*option_ptr)
+ *option_ptr = '\0';
+
+ sscanf(version_str, "%d.%d", &major, &minor);
+
+ version = (major * 10) + minor;
+
+ switch(version)
+ {
+ case 10 :
+ case 11 :
+ case 20 :
+ case 21 :
+ fprintf(stderr,
+ "DEBUG: Set version to %d from URI\n",
+ version);
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("DEBUG: Invalid version, %d, from URI. "
+ "Using default of 1.1 \n"),
+ version);
+ version = 11;
+ }
+ }
+ }
+
+
+ /*
+ * Build a URI for the printer. We can't use the URI in argv[0]
+ * because it might contain username:password information...
+ */
+ if (httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), scheme, NULL,
+ hostname, port, resource) != HTTP_URI_OK)
+ {
+ fprintf(stderr, "ERROR: Problem assembling printer URI from host %s, "
+ "port %d, resource %s\n", hostname, port, resource);
+ return (CUPS_BACKEND_STOP);
+ }
+
+ /*
+ * Build the IPP request...
+ */
+ request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
+ request->request.op.version[0] = version / 10;
+ request->request.op.version[1] = version % 10;
+
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri",
+ NULL, uri);
+
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD,
+ "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]),
+ NULL, pattrs);
+
+ /*
+ * Do the request...
+ */
+ fputs("DEBUG: Getting supported attributes...\n", stderr);
+
+ fprintf(stderr, "DEBUG: IPP Request Structure Built.\n");
+
+ *attributes = cupsDoRequest(http, request, resource);
+ ipp_status = cupsLastError();
+
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes: %s (%s)\n",
+ ippErrorString(ipp_status), cupsLastErrorString());
+
+ if (ipp_status > IPP_OK_CONFLICT)
+ {
+ fprintf(stderr, "DEBUG: Get-Printer-Attributes returned %s.\n",
+ ippErrorString(ipp_status));
+ switch(ipp_status)
+ {
+ case IPP_FORBIDDEN :
+ case IPP_NOT_AUTHORIZED :
+ _cupsLangPuts(stderr, _("ERROR: Not Authorized.\n"));
+ rc = CUPS_BACKEND_AUTH_REQUIRED;
+ break;
+ case IPP_PRINTER_BUSY :
+ case IPP_SERVICE_UNAVAILABLE :
+ _cupsLangPuts(stderr, _("ERROR: "
+ "The printer is not responding.\n"));
+ rc = CUPS_BACKEND_FAILED;
+ break;
+ case IPP_BAD_REQUEST :
+ case IPP_VERSION_NOT_SUPPORTED :
+ fprintf(stderr, "ERROR: Destination does not support IPP version %d\n",
+ version);
+ case IPP_NOT_FOUND :
+ _cupsLangPuts(stderr, _("ERROR: "
+ "The printer configuration is incorrect or the "
+ "printer no longer exists.\n"));
+ rc = CUPS_BACKEND_STOP;
+ break;
+ default :
+ rc = CUPS_BACKEND_FAILED;
+ }
+ goto prt_available_cleanup;
+ }
+
+prt_available_cleanup :
+ httpClose(http);
+ return (rc);
+}
+
+static int
+move_job(int jobid, /* Job ID */
+ const char *dest) /* Destination ipp address */
+{
+ ipp_t *request; /* IPP Request */
+ char job_uri[HTTP_MAX_URI]; /* job-uri */
+
+ http_t* http = httpConnectEncrypt(cupsServer(), ippPort(), cupsEncryption());
+
+ if (!http)
+ {
+ _cupsLangPrintf(stderr,
+ _("failover: Unable to connect to server: %s\n"),
+ strerror(errno));
+ return (CUPS_BACKEND_FAILED);
+ }
+
+ /*
+ * Build a CUPS_MOVE_JOB request, which requires the following
+ * attributes:
+ *
+ * job-uri/printer-uri
+ * job-printer-uri
+ * requesting-user-name
+ */
+
+ request = ippNewRequest(CUPS_MOVE_JOB);
+
+ snprintf(job_uri, sizeof(job_uri), "ipp://localhost/jobs/%d", jobid);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL,
+ job_uri);
+
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
+ "requesting-user-name",
+ NULL, cupsUser());
+
+ ippAddString(request, IPP_TAG_JOB, IPP_TAG_URI, "job-printer-uri",
+ NULL, dest);
+
+ /*
+ * Do the request and get back a response...
+ */
+
+ ippDelete(cupsDoRequest(http, request, "/jobs"));
+
+ httpClose(http);
+
+ if (cupsLastError() > IPP_OK_CONFLICT)
+ {
+ _cupsLangPrintf(stderr, "failover: %s\n", cupsLastErrorString());
+ return (CUPS_BACKEND_FAILED);
+ }
+ else
+ return (CUPS_BACKEND_OK);
+}
+
+/*
+ * 'sigterm_handler()' - handles a sigterm, i.e. job canceled
+ */
+static void
+sigterm_handler(int sig)
+{
+ if (!job_canceled)
+ {
+ write(2, "DEBUG: Got SIGTERM.\n", 20);
+ job_canceled = 1;
+ }
+ else
+ {
+ /*
+ * Job has already been canceled, so just exit
+ */
+ exit(1);
+ }
+}
+
+/*
+ * 'password_cb()' - Disable the password prompt for cupsDoFileRequest().
+ */
+static const char * /* O - Password */
+password_cb(const char *prompt) /* I - Prompt (not used) */
+{
+ auth_info_required = "username,password";
+ password_retries++;
+
+ if(password_retries < FAILOVER_PASSWORD_RETRIES_MAX)
+ return (password);
+ else
+ return (NULL);
+}

View File

@ -0,0 +1,110 @@
diff --git a/scheduler/job.c b/scheduler/job.c
index 82ef2eb..5d5e3aa 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -448,10 +448,20 @@ cupsdCleanJobs(void)
curtime = time(NULL);
JobHistoryUpdate = 0;
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: curtime=%d", (int)curtime);
+
for (job = (cupsd_job_t *)cupsArrayFirst(Jobs);
job;
job = (cupsd_job_t *)cupsArrayNext(Jobs))
{
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: Job %d, state=%d, printer=%p, history_time=%d, file_time=%d", job->id, (int)job->state_value, (void *)job->printer, (int)job->history_time, (int)job->file_time);
+
+ if ((job->history_time && job->history_time < JobHistoryUpdate) || !JobHistoryUpdate)
+ JobHistoryUpdate = job->history_time;
+
+ if ((job->file_time && job->file_time < JobHistoryUpdate) || !JobHistoryUpdate)
+ JobHistoryUpdate = job->file_time;
+
if (job->state_value >= IPP_JOB_CANCELED && !job->printer)
{
/*
@@ -462,26 +472,14 @@ cupsdCleanJobs(void)
(job->history_time && job->history_time <= curtime))
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing from history.");
- cupsdDeleteJob(job, CUPSD_JOB_PURGE);
+ cupsdDeleteJob(job, CUPSD_JOB_PURGE);
}
else if (job->file_time && job->file_time <= curtime)
{
cupsdLogJob(job, CUPSD_LOG_DEBUG, "Removing document files.");
- cupsdLogJob(job, CUPSD_LOG_DEBUG2, "curtime=%ld, job->file_time=%ld", (long)curtime, (long)job->file_time);
remove_job_files(job);
cupsdMarkDirty(CUPSD_DIRTY_JOBS);
-
- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->history_time;
- }
- else
- {
- if (job->history_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->history_time;
-
- if (job->file_time < JobHistoryUpdate || !JobHistoryUpdate)
- JobHistoryUpdate = job->file_time;
}
}
}
@@ -1873,7 +1871,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
job->completed_time = attr->values[0].integer;
if (JobHistory < INT_MAX)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -1884,7 +1882,7 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX)
- job->file_time = attr->values[0].integer + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;
@@ -3100,8 +3098,10 @@ cupsdUpdateJobs(void)
* Update history/file expiration times...
*/
+ job->completed_time = attr->values[0].integer;
+
if (JobHistory < INT_MAX)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -3115,7 +3115,7 @@ cupsdUpdateJobs(void)
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX)
- job->file_time = attr->values[0].integer + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;
@@ -4909,7 +4909,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */
job->completed_time = curtime;
if (JobHistory < INT_MAX && attr)
- job->history_time = attr->values[0].integer + JobHistory;
+ job->history_time = job->completed_time + JobHistory;
else
job->history_time = INT_MAX;
@@ -4917,7 +4917,7 @@ set_time(cupsd_job_t *job, /* I - Job to update */
JobHistoryUpdate = job->history_time;
if (JobFiles < INT_MAX && attr)
- job->file_time = curtime + JobFiles;
+ job->file_time = job->completed_time + JobFiles;
else
job->file_time = INT_MAX;

View File

@ -0,0 +1,315 @@
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index a604a8a..e678f24 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -974,6 +974,13 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiSetVariable("TEMPLATE_NAME", template);
}
+
+ /*
+ * Set DEVICE_URI to the actual device uri, without make and model from
+ * html form.
+ */
+
+ cgiSetVariable("DEVICE_URI", var);
}
}
@@ -1137,6 +1144,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */
else if (!file &&
(!cgiGetVariable("PPD_NAME") || cgiGetVariable("SELECT_MAKE")))
{
+ int ipp_everywhere = !strncmp(var, "ipp://", 6) || !strncmp(var, "ipps://", 7) || (!strncmp(var, "dnssd://", 8) && (strstr(var, "_ipp._tcp") || strstr(var, "_ipps._tcp")));
+
if (modify && !cgiGetVariable("SELECT_MAKE"))
{
/*
@@ -1282,9 +1291,8 @@ do_am_printer(http_t *http, /* I - HTTP connection */
cgiStartHTML(title);
if (!cgiGetVariable("PPD_MAKE"))
cgiSetVariable("PPD_MAKE", cgiGetVariable("CURRENT_MAKE"));
- if (!modify)
- cgiSetVariable("CURRENT_MAKE_AND_MODEL",
- cgiGetArray("PPD_MAKE_AND_MODEL", 0));
+ if (ipp_everywhere)
+ cgiSetVariable("SHOW_IPP_EVERYWHERE", "1");
cgiCopyTemplateLang("choose-model.tmpl");
cgiEndHTML();
}
@@ -4219,6 +4227,11 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
host[256], /* Hostname */
resource[256]; /* Resource path */
int port; /* Port number */
+ static const char * const pattrs[] = /* Printer attributes we need */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -4259,6 +4272,7 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
if (!_ppdCreateFromIPP(buffer, bufsize, response))
diff --git a/cups/ppd-cache.c b/cups/ppd-cache.c
index e5f89ee..b8139c8 100644
--- a/cups/ppd-cache.c
+++ b/cups/ppd-cache.c
@@ -3089,8 +3089,8 @@ _ppdCreateFromIPP(char *buffer, /* I - Filename buffer */
cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
cupsFilePrintf(fp, "*ModelName: \"%s\"\n", model);
cupsFilePrintf(fp, "*Product: \"(%s)\"\n", model);
- cupsFilePrintf(fp, "*NickName: \"%s\"\n", model);
- cupsFilePrintf(fp, "*ShortNickName: \"%s\"\n", model);
+ cupsFilePrintf(fp, "*NickName: \"%s - IPP Everywhere\"\n", model);
+ cupsFilePrintf(fp, "*ShortNickName: \"%s - IPP Everywhere\"\n", model);
if ((attr = ippFindAttribute(response, "color-supported", IPP_TAG_BOOLEAN)) != NULL && ippGetBoolean(attr, 0))
cupsFilePuts(fp, "*ColorDevice: True\n");
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 5e9a985..4ed3c39 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -5829,6 +5829,12 @@ create_local_bg_thread(
ipp_t *request, /* Request to printer */
*response; /* Response from printer */
ipp_attribute_t *attr; /* Attribute in response */
+ ipp_status_t status; /* Status code */
+ static const char * const pattrs[] = /* Printer attributes we need */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -5861,12 +5867,35 @@ create_local_bg_thread(
cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Connected to %s:%d, sending Get-Printer-Attributes request...", printer->name, host, port);
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
+ ippSetVersion(request, 2, 0);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri);
- ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all");
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
+ status = cupsLastError();
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
+
+ if (status == IPP_STATUS_ERROR_BAD_REQUEST || status == IPP_STATUS_ERROR_VERSION_NOT_SUPPORTED)
+ {
+ /*
+ * Try request using IPP/1.1, in case we are talking to an old CUPS server or
+ * printer...
+ */
- cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Get-Printer-Attributes returned %s", printer->name, ippErrorString(cupsLastError()));
+ ippDelete(response);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: Re-sending Get-Printer-Attributes request using IPP/1.1...", printer->name);
+
+ request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
+ ippSetVersion(request, 1, 1);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, printer->device_uri);
+ ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", NULL, "all");
+
+ response = cupsDoRequest(http, request, resource);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "%s: IPP/1.1 Get-Printer-Attributes returned %s (%s)", printer->name, ippErrorString(cupsLastError()), cupsLastErrorString());
+ }
// TODO: Grab printer icon file...
httpClose(http);
@@ -5877,6 +5906,8 @@ create_local_bg_thread(
if (_ppdCreateFromIPP(fromppd, sizeof(fromppd), response))
{
+ _cupsRWLockWrite(&printer->lock);
+
if ((!printer->info || !*(printer->info)) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL)
cupsdSetString(&printer->info, ippGetString(attr, 0, NULL));
@@ -5886,6 +5917,8 @@ create_local_bg_thread(
if ((!printer->geo_location || !*(printer->geo_location)) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL)
cupsdSetString(&printer->geo_location, ippGetString(attr, 0, NULL));
+ _cupsRWUnlock(&printer->lock);
+
if ((from = cupsFileOpen(fromppd, "r")) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "%s: Unable to read generated PPD: %s", printer->name, strerror(errno));
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index bb53565..f3510ca 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -33,7 +33,7 @@ static int delete_printer_from_class(http_t *http, char *printer,
static int delete_printer_option(http_t *http, char *printer,
char *option);
static int enable_printer(http_t *http, char *printer);
-static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize);
+static char *get_printer_ppd(const char *uri, char *buffer, size_t bufsize, int *num_options, cups_option_t **options);
static cups_ptype_t get_printer_type(http_t *http, char *printer, char *uri,
size_t urisize);
static int set_printer_options(http_t *http, char *printer,
@@ -593,7 +593,7 @@ main(int argc, /* I - Number of command-line arguments */
if ((ppd_name = cupsGetOption("ppd-name", num_options, options)) != NULL && !strcmp(ppd_name, "everywhere") && (device_uri = cupsGetOption("device-uri", num_options, options)) != NULL)
{
- if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile))) == NULL)
+ if ((file = get_printer_ppd(device_uri, evefile, sizeof(evefile), &num_options, &options)) == NULL)
return (1);
num_options = cupsRemoveOption("ppd-name", num_options, &options);
@@ -1144,20 +1144,29 @@ enable_printer(http_t *http, /* I - Server connection */
* 'get_printer_ppd()' - Get an IPP Everywhere PPD file for the given URI.
*/
-static char * /* O - Filename or NULL */
-get_printer_ppd(const char *uri, /* I - Printer URI */
- char *buffer, /* I - Filename buffer */
- size_t bufsize) /* I - Size of filename buffer */
+static char * /* O - Filename or NULL */
+get_printer_ppd(
+ const char *uri, /* I - Printer URI */
+ char *buffer, /* I - Filename buffer */
+ size_t bufsize, /* I - Size of filename buffer */
+ int *num_options, /* IO - Number of options */
+ cups_option_t **options) /* IO - Options */
{
http_t *http; /* Connection to printer */
ipp_t *request, /* Get-Printer-Attributes request */
*response; /* Get-Printer-Attributes response */
+ ipp_attribute_t *attr; /* Attribute from response */
char resolved[1024], /* Resolved URI */
scheme[32], /* URI scheme */
userpass[256], /* Username:password */
host[256], /* Hostname */
resource[256]; /* Resource path */
int port; /* Port number */
+ static const char * const pattrs[] = /* Attributes to use */
+ {
+ "all",
+ "media-col-database"
+ };
/*
@@ -1198,9 +1207,26 @@ get_printer_ppd(const char *uri, /* I - Printer URI */
request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
+ ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(pattrs) / sizeof(pattrs[0]), NULL, pattrs);
response = cupsDoRequest(http, request, resource);
- if (!_ppdCreateFromIPP(buffer, bufsize, response))
+ if (cupsLastError() >= IPP_STATUS_REDIRECTION_OTHER_SITE)
+ {
+ _cupsLangPrintf(stderr, _("%s: Unable to query printer: %s"), "lpadmin", cupsLastErrorString());
+ buffer[0] = '\0';
+ }
+ else if (_ppdCreateFromIPP(buffer, bufsize, response))
+ {
+ if (!cupsGetOption("printer-geo-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-geo-location", IPP_TAG_URI)) != NULL)
+ *num_options = cupsAddOption("printer-geo-location", ippGetString(attr, 0, NULL), *num_options, options);
+
+ if (!cupsGetOption("printer-info", *num_options, *options) && (attr = ippFindAttribute(response, "printer-info", IPP_TAG_TEXT)) != NULL)
+ *num_options = cupsAddOption("printer-info", ippGetString(attr, 0, NULL), *num_options, options);
+
+ if (!cupsGetOption("printer-location", *num_options, *options) && (attr = ippFindAttribute(response, "printer-location", IPP_TAG_TEXT)) != NULL)
+ *num_options = cupsAddOption("printer-location", ippGetString(attr, 0, NULL), *num_options, options);
+ }
+ else
_cupsLangPrintf(stderr, _("%s: Unable to create PPD file: %s"), "lpadmin", strerror(errno));
ippDelete(response);
diff --git a/templates/choose-model.tmpl b/templates/choose-model.tmpl
index ee9338c..9c9b71f 100644
--- a/templates/choose-model.tmpl
+++ b/templates/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Current Driver - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/de/choose-model.tmpl b/templates/de/choose-model.tmpl
index cb9b6f3..c73ccb2 100644
--- a/templates/de/choose-model.tmpl
+++ b/templates/de/choose-model.tmpl
@@ -39,6 +39,7 @@ Drucker {?printer_is_shared=?nicht:{?printer_is_shared=0?nicht:}} im Netzwerk fr
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Aktueller Treiber - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/es/choose-model.tmpl b/templates/es/choose-model.tmpl
index 8a5a4ba..b5624f2 100644
--- a/templates/es/choose-model.tmpl
+++ b/templates/es/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Controlador actual - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/fr/choose-model.tmpl b/templates/fr/choose-model.tmpl
index a4e771c..07cf93c 100644
--- a/templates/fr/choose-model.tmpl
+++ b/templates/fr/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Pilote courant - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/ja/choose-model.tmpl b/templates/ja/choose-model.tmpl
index daf1375..6a6e4e4 100644
--- a/templates/ja/choose-model.tmpl
+++ b/templates/ja/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>現在のドライバー - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/pt_BR/choose-model.tmpl b/templates/pt_BR/choose-model.tmpl
index 55d8bd8..0ed6a3c 100644
--- a/templates/pt_BR/choose-model.tmpl
+++ b/templates/pt_BR/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Driver atual - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>
diff --git a/templates/ru/choose-model.tmpl b/templates/ru/choose-model.tmpl
index 2f0d6d9..dedbd49 100644
--- a/templates/ru/choose-model.tmpl
+++ b/templates/ru/choose-model.tmpl
@@ -39,6 +39,7 @@
<TD>
<SELECT NAME="PPD_NAME" SIZE="10">
{op=add-printer?:<OPTION VALUE="__no_change__" SELECTED>Текущий драйвер - {current_make_and_model}</OPTION>:}
+{show_ipp_everywhere?<OPTION VALUE="everywhere" SELECTED>{current_make_and_model?{current_make_and_model} -:} IPP Everywhere &trade;</OPTION>:}
{[ppd_name]<OPTION VALUE="{ppd_name}" {op=modify-printer?:{?current_make_and_model={ppd_make_and_model}?SELECTED:}}>{ppd_make_and_model} ({ppd_natural_language})
}</SELECT>
</TD>

View File

@ -0,0 +1,23 @@
diff --git a/backend/ipp.c b/backend/ipp.c
index f8bf7e1..8440d2f 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -422,8 +422,7 @@ main(int argc, /* I - Number of command-line args */
* that way.
*/
- if (!getuid() && (value = getenv("AUTH_UID")) != NULL &&
- !getenv("AUTH_PASSWORD"))
+ if (!getuid() && (value = getenv("AUTH_UID")) != NULL)
{
uid_t uid = (uid_t)atoi(value);
/* User ID */
@@ -457,7 +456,7 @@ main(int argc, /* I - Number of command-line args */
# else /* No XPC, just try to run as the user ID */
if (uid > 0)
- seteuid(uid);
+ setuid(uid);
# endif /* HAVE_XPC */
}
#endif /* HAVE_GSSAPI */

100
SOURCES/cups-logs.patch Normal file
View File

@ -0,0 +1,100 @@
diff --git a/scheduler/log.c b/scheduler/log.c
index 33cdac6..d66bbf9 100644
--- a/scheduler/log.c
+++ b/scheduler/log.c
@@ -597,51 +597,6 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
if (level > LogLevel && LogDebugHistory <= 0)
return (1);
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- if (!strcmp(ErrorLog, "syslog"))
- {
- cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL;
- static const char * const job_states[] =
- { /* job-state strings */
- "Pending",
- "PendingHeld",
- "Processing",
- "ProcessingStopped",
- "Canceled",
- "Aborted",
- "Completed"
- };
-
- va_start(ap, message);
-
- do
- {
- va_copy(ap2, ap);
- status = format_log_line(message, ap2);
- va_end(ap2);
- }
- while (status == 0);
-
- va_end(ap);
-
- if (job)
- sd_journal_send("MESSAGE=%s", log_line,
- "PRIORITY=%i", log_levels[level],
- PWG_Event"=JobStateChanged",
- PWG_ServiceURI"=%s", printer ? printer->uri : "",
- PWG_JobID"=%d", job->id,
- PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING],
- PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0),
- NULL);
- else
- sd_journal_send("MESSAGE=%s", log_line,
- "PRIORITY=%i", log_levels[level],
- NULL);
-
- return (1);
- }
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
-
/*
* Format and write the log message...
*/
@@ -705,7 +660,43 @@ cupsdLogJob(cupsd_job_t *job, /* I - Job */
return (1);
}
else if (level <= LogLevel)
+ {
+#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
+ if (!strcmp(ErrorLog, "syslog"))
+ {
+ cupsd_printer_t *printer = job ? (job->printer ? job->printer : (job->dest ? cupsdFindDest(job->dest) : NULL)) : NULL;
+ static const char * const job_states[] =
+ { /* job-state strings */
+ "Pending",
+ "PendingHeld",
+ "Processing",
+ "ProcessingStopped",
+ "Canceled",
+ "Aborted",
+ "Completed"
+ };
+
+ if (job)
+ sd_journal_send("MESSAGE=%s", log_line,
+ "PRIORITY=%i", log_levels[level],
+ PWG_Event"=JobStateChanged",
+ PWG_ServiceURI"=%s", printer ? printer->uri : "",
+ PWG_JobID"=%d", job->id,
+ PWG_JobState"=%s", job->state_value < IPP_JSTATE_PENDING ? "" : job_states[job->state_value - IPP_JSTATE_PENDING],
+ PWG_JobImpressionsCompleted"=%d", ippGetInteger(job->impressions, 0),
+ NULL);
+ else
+ sd_journal_send("MESSAGE=%s", log_line,
+ "PRIORITY=%i", log_levels[level],
+ NULL);
+
+ return (1);
+ }
+ else
+#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+
return (cupsdWriteErrorLog(level, log_line));
+ }
else
return (1);
}

View File

@ -1,10 +1,11 @@
diff -up cups-2.2.5/config.h.in.lspp cups-2.2.5/config.h.in diff -up cups-2.2.6/config.h.in.lspp cups-2.2.6/config.h.in
--- cups-2.2.5/config.h.in.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/config.h.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/config.h.in 2017-10-17 19:06:19.640228964 +0200 +++ cups-2.2.6/config.h.in 2024-08-15 14:55:07.310818870 +0200
@@ -730,4 +730,11 @@ static __inline int _cups_abs(int i) { r @@ -730,4 +730,12 @@ static __inline int _cups_abs(int i) { r
# endif /* __GNUC__ || __STDC_VERSION__ */ # endif /* __GNUC__ || __STDC_VERSION__ */
#endif /* !HAVE_ABS && !abs */ #endif /* !HAVE_ABS && !abs */
+
+/* +/*
+ * Are we trying to meet LSPP requirements? + * Are we trying to meet LSPP requirements?
+ */ + */
@ -13,9 +14,9 @@ diff -up cups-2.2.5/config.h.in.lspp cups-2.2.5/config.h.in
+ +
+ +
#endif /* !_CUPS_CONFIG_H_ */ #endif /* !_CUPS_CONFIG_H_ */
diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/cups-lspp.m4 diff -up cups-2.2.6/config-scripts/cups-lspp.m4.lspp cups-2.2.6/config-scripts/cups-lspp.m4
--- cups-2.2.5/config-scripts/cups-lspp.m4.lspp 2017-10-17 19:06:19.640228964 +0200 --- cups-2.2.6/config-scripts/cups-lspp.m4.lspp 2024-08-15 14:55:07.310818870 +0200
+++ cups-2.2.5/config-scripts/cups-lspp.m4 2017-10-17 19:06:19.640228964 +0200 +++ cups-2.2.6/config-scripts/cups-lspp.m4 2024-08-15 14:55:07.310818870 +0200
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+dnl +dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS). +dnl LSPP code for the Common UNIX Printing System (CUPS).
@ -40,7 +41,7 @@ diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/c
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) +AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+ +
+if test x"$enable_lspp" != xno; then +if test x"$enable_lspp" != xno; then
+ case "$uname" in + case "$(uname)" in
+ Linux) + Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) + AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h) + AC_CHECK_HEADER(libaudit.h)
@ -53,9 +54,9 @@ diff -up cups-2.2.5/config-scripts/cups-lspp.m4.lspp cups-2.2.5/config-scripts/c
+ ;; + ;;
+ esac + esac
+fi +fi
diff -up cups-2.2.5/configure.ac.lspp cups-2.2.5/configure.ac diff -up cups-2.2.6/configure.ac.lspp cups-2.2.6/configure.ac
--- cups-2.2.5/configure.ac.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/configure.ac.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/configure.ac 2017-10-17 19:06:19.640228964 +0200 +++ cups-2.2.6/configure.ac 2024-08-15 14:55:07.310818870 +0200
@@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4) @@ -38,6 +38,8 @@ sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4) sinclude(config-scripts/cups-defaults.m4)
sinclude(config-scripts/cups-scripting.m4) sinclude(config-scripts/cups-scripting.m4)
@ -65,9 +66,9 @@ diff -up cups-2.2.5/configure.ac.lspp cups-2.2.5/configure.ac
INSTALL_LANGUAGES="" INSTALL_LANGUAGES=""
UNINSTALL_LANGUAGES="" UNINSTALL_LANGUAGES=""
LANGFILES="" LANGFILES=""
diff -up cups-2.2.5/filter/common.c.lspp cups-2.2.5/filter/common.c diff -up cups-2.2.6/filter/common.c.lspp cups-2.2.6/filter/common.c
--- cups-2.2.5/filter/common.c.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/filter/common.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/filter/common.c 2017-10-17 19:06:19.640228964 +0200 +++ cups-2.2.6/filter/common.c 2024-08-15 14:55:07.310818870 +0200
@@ -17,6 +17,12 @@ @@ -17,6 +17,12 @@
* Include necessary headers... * Include necessary headers...
*/ */
@ -236,9 +237,9 @@ diff -up cups-2.2.5/filter/common.c.lspp cups-2.2.5/filter/common.c
/* /*
diff -up cups-2.2.5/filter/pstops.c.lspp cups-2.2.5/filter/pstops.c diff -up cups-2.2.6/filter/pstops.c.lspp cups-2.2.6/filter/pstops.c
--- cups-2.2.5/filter/pstops.c.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/filter/pstops.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/filter/pstops.c 2017-10-17 19:06:19.641228955 +0200 +++ cups-2.2.6/filter/pstops.c 2024-08-15 14:55:07.311818856 +0200
@@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /* @@ -3176,6 +3176,18 @@ write_label_prolog(pstops_doc_t *doc, /*
{ {
const char *classification; /* CLASSIFICATION environment variable */ const char *classification; /* CLASSIFICATION environment variable */
@ -394,21 +395,21 @@ diff -up cups-2.2.5/filter/pstops.c.lspp cups-2.2.5/filter/pstops.c
/* /*
diff -up cups-2.2.5/Makedefs.in.lspp cups-2.2.5/Makedefs.in diff -up cups-2.2.6/Makedefs.in.lspp cups-2.2.6/Makedefs.in
--- cups-2.2.5/Makedefs.in.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/Makedefs.in.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/Makedefs.in 2017-10-17 19:06:19.641228955 +0200 +++ cups-2.2.6/Makedefs.in 2024-08-15 14:55:07.310818870 +0200
@@ -161,7 +161,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f @@ -145,7 +145,7 @@ ARFLAGS = @ARFLAGS@
@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) BACKLIBS = @BACKLIBS@
LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(SSLLIBS) $(LIBZ) BUILDDIRS = @BUILDDIRS@
LINKCUPSIMAGE = @LINKCUPSIMAGE@ CFLAGS = @CPPFLAGS@ @CFLAGS@
-LIBS = $(LINKCUPS) $(COMMONLIBS) -COMMONLIBS = @LIBS@
+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ +COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
ONDEMANDFLAGS = @ONDEMANDFLAGS@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
ONDEMANDLIBS = @ONDEMANDLIBS@ CXXLIBS = @CXXLIBS@
OPTIM = @OPTIM@ DBUS_NOTIFIER = @DBUS_NOTIFIER@
diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c diff -up cups-2.2.6/scheduler/client.c.lspp cups-2.2.6/scheduler/client.c
--- cups-2.2.5/scheduler/client.c.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/scheduler/client.c.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/scheduler/client.c 2017-10-17 19:06:19.689228556 +0200 +++ cups-2.2.6/scheduler/client.c 2024-08-15 14:55:07.311818856 +0200
@@ -22,12 +22,20 @@ @@ -22,12 +22,20 @@
#define _HTTP_NO_PRIVATE #define _HTTP_NO_PRIVATE
#include "cupsd.h" #include "cupsd.h"
@ -490,7 +491,19 @@ diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
#ifdef AF_LOCAL #ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{ {
@@ -562,6 +623,13 @@ cupsdReadClient(cupsd_client_t *con) /* @@ -522,6 +583,11 @@ cupsdCloseClient(cupsd_client_t *con) /*
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -562,6 +628,13 @@ cupsdReadClient(cupsd_client_t *con) /*
mime_type_t *type; /* MIME type of file */ mime_type_t *type; /* MIME type of file */
cupsd_printer_t *p; /* Printer */ cupsd_printer_t *p; /* Printer */
static unsigned request_id = 0; /* Request ID for temp files */ static unsigned request_id = 0; /* Request ID for temp files */
@ -504,10 +517,10 @@ diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
status = HTTP_STATUS_CONTINUE; status = HTTP_STATUS_CONTINUE;
@@ -1926,6 +1994,73 @@ cupsdReadClient(cupsd_client_t *con) /* @@ -1924,7 +1997,73 @@ cupsdReadClient(cupsd_client_t *con) /*
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
}
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ { + {
@ -572,13 +585,13 @@ diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
+ con->filename, context_str(tmpcon)); + con->filename, context_str(tmpcon));
+ context_free(tmpcon); + context_free(tmpcon);
+ context_free(clicon); + context_free(clicon);
+ } }
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
+ + }
if (httpGetState(con->http) != HTTP_STATE_POST_SEND) if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{ {
if (!httpWait(con->http, 0)) @@ -3456,6 +3595,49 @@ is_path_absolute(const char *path) /* I
@@ -3456,6 +3591,49 @@ is_path_absolute(const char *path) /* I
return (1); return (1);
} }
@ -628,9 +641,9 @@ diff -up cups-2.2.5/scheduler/client.c.lspp cups-2.2.5/scheduler/client.c
/* /*
* 'pipe_command()' - Pipe the output of a command to the remote client. * 'pipe_command()' - Pipe the output of a command to the remote client.
diff -up cups-2.2.5/scheduler/client.h.lspp cups-2.2.5/scheduler/client.h diff -up cups-2.2.6/scheduler/client.h.lspp cups-2.2.6/scheduler/client.h
--- cups-2.2.5/scheduler/client.h.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/scheduler/client.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/scheduler/client.h 2017-10-17 19:06:19.690228548 +0200 +++ cups-2.2.6/scheduler/client.h 2024-08-15 14:55:07.312818843 +0200
@@ -16,6 +16,13 @@ @@ -16,6 +16,13 @@
#endif /* HAVE_AUTHORIZATION_H */ #endif /* HAVE_AUTHORIZATION_H */
@ -656,19 +669,20 @@ diff -up cups-2.2.5/scheduler/client.h.lspp cups-2.2.5/scheduler/client.h
}; };
#define HTTP(con) ((con)->http) #define HTTP(con) ((con)->http)
@@ -138,6 +149,9 @@ extern void cupsdStartListening(void); @@ -139,6 +150,10 @@ extern void cupsdStopListening(void);
extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void); extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con); extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid); +extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
+
#ifdef HAVE_SSL #ifdef HAVE_SSL
extern int cupsdEndTLS(cupsd_client_t *con); extern int cupsdEndTLS(cupsd_client_t *con);
diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c extern int cupsdStartTLS(cupsd_client_t *con);
--- cups-2.2.5/scheduler/conf.c.lspp 2017-10-17 19:06:19.637228989 +0200 diff -up cups-2.2.6/scheduler/conf.c.lspp cups-2.2.6/scheduler/conf.c
+++ cups-2.2.5/scheduler/conf.c 2017-10-17 19:06:19.691228540 +0200 --- cups-2.2.6/scheduler/conf.c.lspp 2024-08-15 14:55:07.306818923 +0200
+++ cups-2.2.6/scheduler/conf.c 2024-08-15 14:55:07.312818843 +0200
@@ -40,6 +40,9 @@ @@ -40,6 +40,9 @@
# define INADDR_NONE 0xffffffff # define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */ #endif /* !INADDR_NONE */
@ -726,7 +740,7 @@ diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled"); RemotePort ? "enabled" : "disabled");
@@ -1286,7 +1315,19 @@ cupsdReadConfiguration(void) @@ -1277,7 +1306,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification); cupsdClearString(&Classification);
if (Classification) if (Classification)
@ -746,7 +760,7 @@ diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c
/* /*
* Check the MaxClients setting, and then allocate memory for it... * Check the MaxClients setting, and then allocate memory for it...
@@ -3770,6 +3811,18 @@ read_location(cups_file_t *fp, /* I - C @@ -3761,6 +3802,18 @@ read_location(cups_file_t *fp, /* I - C
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
} }
@ -765,9 +779,9 @@ diff -up cups-2.2.5/scheduler/conf.c.lspp cups-2.2.5/scheduler/conf.c
/* /*
* 'read_policy()' - Read a <Policy name> definition. * 'read_policy()' - Read a <Policy name> definition.
diff -up cups-2.2.5/scheduler/conf.h.lspp cups-2.2.5/scheduler/conf.h diff -up cups-2.2.6/scheduler/conf.h.lspp cups-2.2.6/scheduler/conf.h
--- cups-2.2.5/scheduler/conf.h.lspp 2017-10-17 19:06:19.585229421 +0200 --- cups-2.2.6/scheduler/conf.h.lspp 2024-08-15 14:55:07.250819672 +0200
+++ cups-2.2.5/scheduler/conf.h 2017-10-17 19:06:19.691228540 +0200 +++ cups-2.2.6/scheduler/conf.h 2024-08-15 14:55:07.312818843 +0200
@@ -250,6 +250,13 @@ VAR char *ServerKeychain VALUE(NULL); @@ -250,6 +250,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */ /* Keychain holding cert + key */
#endif /* HAVE_SSL */ #endif /* HAVE_SSL */
@ -792,19 +806,10 @@ diff -up cups-2.2.5/scheduler/conf.h.lspp cups-2.2.5/scheduler/conf.h
/* /*
* Prototypes... * Prototypes...
diff -up cups-2.2.5/scheduler/cupsd.h.lspp cups-2.2.5/scheduler/cupsd.h diff -up cups-2.2.6/scheduler/cupsd.h.lspp cups-2.2.6/scheduler/cupsd.h
--- cups-2.2.5/scheduler/cupsd.h.lspp 2017-10-17 19:06:19.626229080 +0200 --- cups-2.2.6/scheduler/cupsd.h.lspp 2024-08-15 14:55:07.298819030 +0200
+++ cups-2.2.5/scheduler/cupsd.h 2017-10-17 19:06:19.691228540 +0200 +++ cups-2.2.6/scheduler/cupsd.h 2024-08-15 14:55:07.312818843 +0200
@@ -11,6 +11,8 @@ @@ -36,6 +36,14 @@
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
/*
* Include necessary headers.
@@ -36,13 +38,20 @@
# include <unistd.h> # include <unistd.h>
#endif /* WIN32 */ #endif /* WIN32 */
@ -819,27 +824,17 @@ diff -up cups-2.2.5/scheduler/cupsd.h.lspp cups-2.2.5/scheduler/cupsd.h
#include "mime.h" #include "mime.h"
#if defined(HAVE_CDSASSL) #if defined(HAVE_CDSASSL)
# include <CoreFoundation/CoreFoundation.h> @@ -248,4 +256,4 @@ extern void cupsdRunTimeout (cupsd_t
#endif /* HAVE_CDSASSL */ extern void cupsdUpdateTimeout (cupsd_timeout_t *timeout,
const struct timeval *tv);
- extern void cupsdRemoveTimeout (cupsd_timeout_t *timeout);
/* -#endif /* HAVE_AVAHI */
* Some OS's don't have hstrerror(), most notably Solaris... \ No newline at end of file
*/ +#endif /* HAVE_AVAHI */
diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c diff -up cups-2.2.6/scheduler/ipp.c.lspp cups-2.2.6/scheduler/ipp.c
--- cups-2.2.5/scheduler/ipp.c.lspp 2017-10-17 19:06:19.599229305 +0200 --- cups-2.2.6/scheduler/ipp.c.lspp 2024-08-15 14:55:07.268819431 +0200
+++ cups-2.2.5/scheduler/ipp.c 2017-10-17 19:06:19.695228506 +0200 +++ cups-2.2.6/scheduler/ipp.c 2024-08-15 14:56:15.961900807 +0200
@@ -14,6 +14,9 @@ @@ -37,6 +37,12 @@ extern int mbr_check_membership_by_id(uu
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -37,6 +40,14 @@ extern int mbr_check_membership_by_id(uu
# endif /* HAVE_MEMBERSHIPPRIV_H */ # endif /* HAVE_MEMBERSHIPPRIV_H */
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -848,13 +843,11 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/context.h> +#include <selinux/context.h>
+#include <selinux/avc.h> +#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
/* /*
* Local functions... * Local functions...
@@ -61,6 +72,9 @@ static void cancel_all_jobs(cupsd_client @@ -61,6 +67,9 @@ static void cancel_all_jobs(cupsd_client
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id); static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient); static int check_rss_recipient(const char *recipient);
@ -864,7 +857,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1286,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1286,6 +1295,21 @@ add_job(cupsd_client_t *con, /* I - Cl
"time-at-creation", "time-at-creation",
"time-at-processing" "time-at-processing"
}; };
@ -886,7 +879,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1597,6 +1626,106 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1607,6 +1631,106 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL); return (NULL);
} }
@ -923,18 +916,18 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
+ /* + /*
+ * The printer does not exist, so for now assume it's a FileDevice + * The printer does not exist, so for now assume it's a FileDevice
+ */ + */
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISCHR(printerstat.st_mode)) + else if (S_ISCHR(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_CHR_FILE; + tclass = string_to_security_class("chr_file");
+ avr = CHR_FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISREG(printerstat.st_mode)) + else if (S_ISREG(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else + else
+ { + {
@ -993,7 +986,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
if ((job = cupsdAddJob(priority, printer->name)) == NULL) if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{ {
send_ipp_status(con, IPP_INTERNAL_ERROR, send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1605,6 +1734,32 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1615,6 +1739,32 @@ add_job(cupsd_client_t *con, /* I - Cl
return (NULL); return (NULL);
} }
@ -1026,7 +1019,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request; job->attrs = con->request;
job->dirty = 1; job->dirty = 1;
@@ -1794,6 +1949,29 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1802,6 +1952,29 @@ add_job(cupsd_client_t *con, /* I - Cl
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]); ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]); ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
} }
@ -1056,7 +1049,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
job->job_sheets = attr; job->job_sheets = attr;
@@ -1824,6 +2002,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1832,6 +2005,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s,none\", " "job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
Classification, job->username); Classification, job->username);
@ -1066,7 +1059,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
} }
else if (attr->num_values == 2 && else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text, strcmp(attr->values[0].string.text,
@@ -1842,6 +2023,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1850,6 +2026,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
attr->values[0].string.text, attr->values[0].string.text,
attr->values[1].string.text, job->username); attr->values[1].string.text, job->username);
@ -1076,7 +1069,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
} }
else if (strcmp(attr->values[0].string.text, Classification) && else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") && strcmp(attr->values[0].string.text, "none") &&
@@ -1862,6 +2046,9 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1870,6 +2049,9 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
attr->values[0].string.text, attr->values[0].string.text,
attr->values[1].string.text, job->username); attr->values[1].string.text, job->username);
@ -1086,14 +1079,14 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
} }
} }
else if (strcmp(attr->values[0].string.text, Classification) && else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1902,8 +2089,52 @@ add_job(cupsd_client_t *con, /* I - Cl @@ -1910,9 +2092,55 @@ add_job(cupsd_client_t *con, /* I - Cl
"job-sheets=\"%s\", " "job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"", "job-originating-user-name=\"%s\"",
Classification, job->username); Classification, job->username);
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+ override = 1; + override = 1;
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
} + }
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+ if (is_lspp_config() && AuditLog != -1) + if (is_lspp_config() && AuditLog != -1)
+ { + {
@ -1127,19 +1120,22 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
+ } + }
+ cupsdClearString(&audit_message); + cupsdClearString(&audit_message);
+ } + }
+ } }
+ +#endif /* WITH_LSPP */
}
+#ifdef WITH_LSPP
+ if (userheader) + if (userheader)
+ free(userheader); + free(userheader);
+ if (userfooter) + if (userfooter)
+ free(userfooter); + free(userfooter);
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
}
+ +
+
/* /*
* See if we need to add the starting sheet... * See if we need to add the starting sheet...
@@ -3686,6 +3917,128 @@ check_rss_recipient( */
@@ -3694,6 +3922,128 @@ check_rss_recipient(
} }
@ -1211,8 +1207,8 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
+ return -1; + return -1;
+ } + }
+ avc_entry_ref_init(&avcref); + avc_entry_ref_init(&avcref);
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__READ; + avr = string_to_av_perm(tclass, "read");
+ +
+ /* + /*
+ * Perform the check with the client as the subject, first with the job as the object + * Perform the check with the client as the subject, first with the job as the object
@ -1268,7 +1264,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
/* /*
* 'check_quotas()' - Check quotas for a printer and user. * 'check_quotas()' - Check quotas for a printer and user.
*/ */
@@ -4142,6 +4495,15 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4150,6 +4500,15 @@ copy_banner(cupsd_client_t *con, /* I -
char attrname[255], /* Name of attribute */ char attrname[255], /* Name of attribute */
*s; /* Pointer into name */ *s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */ ipp_attribute_t *attr; /* Attribute */
@ -1284,7 +1280,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4177,6 +4539,85 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4185,6 +4544,85 @@ copy_banner(cupsd_client_t *con, /* I -
fchmod(cupsFileNumber(out), 0640); fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group); fchown(cupsFileNumber(out), RunUser, Group);
@ -1370,7 +1366,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
/* /*
* Try the localized banner file under the subdirectory... * Try the localized banner file under the subdirectory...
@@ -4271,6 +4712,24 @@ copy_banner(cupsd_client_t *con, /* I - @@ -4279,6 +4717,24 @@ copy_banner(cupsd_client_t *con, /* I -
else else
s = attrname; s = attrname;
@ -1395,7 +1391,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
if (!strcmp(s, "printer-name")) if (!strcmp(s, "printer-name"))
{ {
cupsFilePuts(out, job->dest); cupsFilePuts(out, job->dest);
@@ -6459,6 +6918,22 @@ get_job_attrs(cupsd_client_t *con, /* I @@ -6467,6 +6923,22 @@ get_job_attrs(cupsd_client_t *con, /* I
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
@ -1418,7 +1414,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
/* /*
* Copy attributes... * Copy attributes...
*/ */
@@ -6856,6 +7331,11 @@ get_jobs(cupsd_client_t *con, /* I - C @@ -6864,6 +7336,11 @@ get_jobs(cupsd_client_t *con, /* I - C
if (username[0] && _cups_strcasecmp(username, job->username)) if (username[0] && _cups_strcasecmp(username, job->username))
continue; continue;
@ -1430,7 +1426,7 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
if (count > 0) if (count > 0)
ippAddSeparator(con->response); ippAddSeparator(con->response);
@@ -11487,6 +11967,11 @@ validate_user(cupsd_job_t *job, /* I @@ -11495,6 +11972,11 @@ validate_user(cupsd_job_t *job, /* I
strlcpy(username, get_username(con), userlen); strlcpy(username, get_username(con), userlen);
@ -1442,20 +1438,10 @@ diff -up cups-2.2.5/scheduler/ipp.c.lspp cups-2.2.5/scheduler/ipp.c
/* /*
* Check the username against the owner... * Check the username against the owner...
*/ */
diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c diff -up cups-2.2.6/scheduler/job.c.lspp cups-2.2.6/scheduler/job.c
--- cups-2.2.5/scheduler/job.c.lspp 2017-10-17 19:06:19.607229238 +0200 --- cups-2.2.6/scheduler/job.c.lspp 2024-08-15 14:55:07.278819298 +0200
+++ cups-2.2.5/scheduler/job.c 2017-10-17 19:06:19.696228498 +0200 +++ cups-2.2.6/scheduler/job.c 2024-08-15 14:55:07.316818790 +0200
@@ -11,6 +11,9 @@ @@ -26,6 +26,12 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -26,6 +29,14 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -1464,13 +1450,11 @@ diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/context.h> +#include <selinux/context.h>
+#include <selinux/avc.h> +#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
/* /*
* Design Notes for Job Management * Design Notes for Job Management
@@ -547,6 +558,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I @@ -547,6 +553,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
/* PRINTER_STATE_REASONS env var */ /* PRINTER_STATE_REASONS env var */
rip_max_cache[255]; rip_max_cache[255];
/* RIP_MAX_CACHE env variable */ /* RIP_MAX_CACHE env variable */
@ -1485,7 +1469,7 @@ diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
cupsdLogMessage(CUPSD_LOG_DEBUG2, cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1083,6 +1102,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I @@ -1083,6 +1097,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
if (final_content_type[0]) if (final_content_type[0])
envp[envc ++] = final_content_type; envp[envc ++] = final_content_type;
@ -1553,6 +1537,18 @@ diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
if (Classification && !banner_page) if (Classification && !banner_page)
{ {
if ((attr = ippFindAttribute(job->attrs, "job-sheets", if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1464,6 +1539,11 @@ cupsdDeleteJob(cupsd_job_t *job, /
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J @@ -1908,6 +1988,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
ippSetString(job->attrs, &job->reasons, 0, "none"); ippSetString(job->attrs, &job->reasons, 0, "none");
} }
@ -1740,18 +1736,18 @@ diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
+ /* + /*
+ * The printer does not exist, so for now assume it's a FileDevice + * The printer does not exist, so for now assume it's a FileDevice
+ */ + */
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISCHR(printerstat.st_mode)) + else if (S_ISCHR(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_CHR_FILE; + tclass = string_to_security_class("chr_file");
+ avr = CHR_FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else if (S_ISREG(printerstat.st_mode)) + else if (S_ISREG(printerstat.st_mode))
+ { + {
+ tclass = SECCLASS_FILE; + tclass = string_to_security_class("file");
+ avr = FILE__WRITE; + avr = string_to_av_perm(tclass, "write");
+ } + }
+ else + else
+ { + {
@ -1823,16 +1819,13 @@ diff -up cups-2.2.5/scheduler/job.c.lspp cups-2.2.5/scheduler/job.c
/* /*
* Now start the first file in the job... * Now start the first file in the job...
*/ */
diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h diff -up cups-2.2.6/scheduler/job.h.lspp cups-2.2.6/scheduler/job.h
--- cups-2.2.5/scheduler/job.h.lspp 2017-10-13 20:22:26.000000000 +0200 --- cups-2.2.6/scheduler/job.h.lspp 2017-11-01 15:57:53.000000000 +0100
+++ cups-2.2.5/scheduler/job.h 2017-10-17 19:06:19.696228498 +0200 +++ cups-2.2.6/scheduler/job.h 2024-08-15 14:55:07.316818790 +0200
@@ -11,6 +11,13 @@ @@ -11,6 +11,10 @@
* missing or damaged, see the license at "http://www.cups.org/". * missing or damaged, see the license at "http://www.cups.org/".
*/ */
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
+#ifdef WITH_LSPP +#ifdef WITH_LSPP
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#endif /* WITH_LSPP */ +#endif /* WITH_LSPP */
@ -1840,7 +1833,7 @@ diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h
/* /*
* Constants... * Constants...
*/ */
@@ -88,6 +95,10 @@ struct cupsd_job_s /**** Job request * @@ -88,6 +92,10 @@ struct cupsd_job_s /**** Job request *
int progress; /* Printing progress */ int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */ int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */ cups_option_t *keywords; /* PPD keywords */
@ -1851,9 +1844,9 @@ diff -up cups-2.2.5/scheduler/job.h.lspp cups-2.2.5/scheduler/job.h
}; };
typedef struct cupsd_joblog_s /**** Job log message ****/ typedef struct cupsd_joblog_s /**** Job log message ****/
diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c diff -up cups-2.2.6/scheduler/main.c.lspp cups-2.2.6/scheduler/main.c
--- cups-2.2.5/scheduler/main.c.lspp 2017-10-17 19:06:19.637228989 +0200 --- cups-2.2.6/scheduler/main.c.lspp 2024-08-15 14:55:07.299819017 +0200
+++ cups-2.2.5/scheduler/main.c 2017-10-17 19:08:26.642173026 +0200 +++ cups-2.2.6/scheduler/main.c 2024-08-15 14:55:07.316818790 +0200
@@ -56,6 +56,9 @@ @@ -56,6 +56,9 @@
# include <sys/param.h> # include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */ #endif /* HAVE_SYS_PARAM_H */
@ -1874,7 +1867,7 @@ diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c
#ifdef __APPLE__ #ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */ int use_sysman = 1; /* Use system management functions? */
#else #else
@@ -516,6 +522,25 @@ main(int argc, /* I - Number of comm @@ -508,6 +514,25 @@ main(int argc, /* I - Number of comm
exit(errno); exit(errno);
} }
@ -1900,7 +1893,7 @@ diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c
/* /*
* Let the system know we are busy while we bring up cupsd... * Let the system know we are busy while we bring up cupsd...
*/ */
@@ -1227,6 +1252,11 @@ main(int argc, /* I - Number of comm @@ -1219,6 +1244,11 @@ main(int argc, /* I - Number of comm
cupsdStopSelect(); cupsdStopSelect();
@ -1912,19 +1905,10 @@ diff -up cups-2.2.5/scheduler/main.c.lspp cups-2.2.5/scheduler/main.c
return (!stop_scheduler); return (!stop_scheduler);
} }
diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c diff -up cups-2.2.6/scheduler/printers.c.lspp cups-2.2.6/scheduler/printers.c
--- cups-2.2.5/scheduler/printers.c.lspp 2017-10-17 19:06:19.587229404 +0200 --- cups-2.2.6/scheduler/printers.c.lspp 2024-08-15 14:55:07.253819632 +0200
+++ cups-2.2.5/scheduler/printers.c 2017-10-17 19:06:19.697228490 +0200 +++ cups-2.2.6/scheduler/printers.c 2024-08-15 14:55:07.317818776 +0200
@@ -11,6 +11,8 @@ @@ -35,6 +35,10 @@
* missing or damaged, see the license at "http://www.cups.org/".
*/
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -35,6 +37,10 @@
# include <asl.h> # include <asl.h>
#endif /* __APPLE__ */ #endif /* __APPLE__ */
@ -1935,7 +1919,7 @@ diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c
/* /*
* Local functions... * Local functions...
@@ -2212,6 +2218,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) @@ -2212,6 +2216,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
ipp_attribute_t *attr; /* Attribute data */ ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */ char *name, /* Current user/group name */
*filter; /* Current filter */ *filter; /* Current filter */
@ -1949,7 +1933,7 @@ diff -up cups-2.2.5/scheduler/printers.c.lspp cups-2.2.5/scheduler/printers.c
DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
@@ -2339,6 +2352,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) @@ -2339,6 +2350,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
attr->values[1].string.text = _cupsStrAlloc(Classification ? attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]); Classification : p->job_sheets[1]);
} }

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,42 @@
diff --git a/cups/ppd.c b/cups/ppd.c
index ff52df2e..199cf034 100644
--- a/cups/ppd.c
+++ b/cups/ppd.c
@@ -1719,8 +1719,7 @@ _ppdOpen(
constraint->choice1, constraint->option2,
constraint->choice2))
{
- case 0 : /* Error */
- case 1 : /* Error */
+ default : /* Error */
pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
goto error;
diff --git a/ppdc/ppdc-source.cxx b/ppdc/ppdc-source.cxx
index c25d4966..236c00db 100644
--- a/ppdc/ppdc-source.cxx
+++ b/ppdc/ppdc-source.cxx
@@ -1743,15 +1743,17 @@ ppdcSource::get_resolution(ppdcFile *fp)// I - File to read
switch (sscanf(name, "%dx%d", &xdpi, &ydpi))
{
- case 0 :
- _cupsLangPrintf(stderr,
- _("ppdc: Bad resolution name \"%s\" on line %d of "
- "%s."), name, fp->line, fp->filename);
- break;
case 1 :
ydpi = xdpi;
break;
- }
+ case 2 :
+ break;
+ default :
+ _cupsLangPrintf(stderr,
+ _("ppdc: Bad resolution name \"%s\" on line %d of "
+ "%s."), name, fp->line, fp->filename);
+ break;
+}
// Create the necessary PS commands...
snprintf(command, sizeof(command),

View File

@ -0,0 +1,31 @@
diff --git a/scheduler/colorman.c b/scheduler/colorman.c
index 8af4e5c..9bfdb0c 100644
--- a/scheduler/colorman.c
+++ b/scheduler/colorman.c
@@ -1083,7 +1083,7 @@ colord_create_profile(
dbus_message_iter_get_basic(&args, &profile_path);
cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
- cupsArrayAdd(profiles, strdup(profile_path));
+ cupsArrayAdd(profiles, profile_path);
out:
diff --git a/scheduler/job.c b/scheduler/job.c
index 0223bee..47d4c72 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
job->num_files = 0;
}
+ unload_job(job);
+
if (job->history)
free_job_history(job);
- unload_job(job);
-
cupsArrayRemove(Jobs, job);
cupsArrayRemove(ActiveJobs, job);
cupsArrayRemove(PrintingJobs, job);

View File

@ -0,0 +1,13 @@
diff --git a/filter/rastertoepson.c b/filter/rastertoepson.c
index 4efe669..e8fe0c6 100644
--- a/filter/rastertoepson.c
+++ b/filter/rastertoepson.c
@@ -307,7 +307,7 @@ StartPage(
if (DotBytes)
{
- if ((LineBuffers[0] = calloc((size_t)DotBytes, header->cupsWidth * (size_t)(Shingling + 1))) == NULL)
+ if ((LineBuffers[0] = calloc((size_t)DotBytes, (header->cupsWidth + 7) * (size_t)(Shingling + 1))) == NULL)
{
fputs("ERROR: Unable to allocate memory\n", stderr);
exit(1);

View File

@ -0,0 +1,12 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index c02412fb0..18b5e0386 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -2,6 +2,7 @@
Description=CUPS Scheduler
Documentation=man:cupsd(8)
After=network.target nss-user-lookup.target
+Requires=cups.socket
[Service]
ExecStart=@sbindir@/cupsd -l

View File

@ -0,0 +1,20 @@
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index e0dbc4a..5e9a985 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -9891,11 +9891,10 @@ restart_job(cupsd_client_t *con, /* I - Client connection */
cupsdLogJob(job, CUPSD_LOG_DEBUG,
"Restarted by \"%s\" with job-hold-until=%s.",
username, attr->values[0].string.text);
- cupsdSetJobHoldUntil(job, attr->values[0].string.text, 0);
-
- cupsdAddEvent(CUPSD_EVENT_JOB_CONFIG_CHANGED | CUPSD_EVENT_JOB_STATE,
- NULL, job, "Job restarted by user with job-hold-until=%s",
- attr->values[0].string.text);
+ cupsdSetJobHoldUntil(job, attr->values[0].string.text, 1);
+ cupsdSetJobState(job, IPP_JOB_HELD, CUPSD_JOB_DEFAULT,
+ "Job restarted by user with job-hold-until=%s",
+ attr->values[0].string.text);
}
else
{

View File

@ -0,0 +1,52 @@
diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 9082348..8ab1ce8 100644
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -90,7 +90,7 @@ The default value is "30".
<dd style="margin-left: 5.0em">Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
<dt><b>ErrorPolicy retry-job</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
-<dt><b>ErrorPolicy retry-this-job</b>
+<dt><b>ErrorPolicy retry-current-job</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
<dt><b>ErrorPolicy stop-printer</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
index 53a028d..ba12b07 100644
--- a/man/cupsd.conf.man.in
+++ b/man/cupsd.conf.man.in
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR
diff --git a/man/cupsd.conf.man.in.privilege-escalation b/man/cupsd.conf.man.in.privilege-escalation
index ab89e15..130ea8a 100644
--- a/man/cupsd.conf.man.in.privilege-escalation
+++ b/man/cupsd.conf.man.in.privilege-escalation
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR
diff --git a/man/cupsd.conf.man.in.remove-weak-ciphers b/man/cupsd.conf.man.in.remove-weak-ciphers
index 5516780..35065ca 100644
--- a/man/cupsd.conf.man.in.remove-weak-ciphers
+++ b/man/cupsd.conf.man.in.remove-weak-ciphers
@@ -135,7 +135,7 @@ Specifies that a failed print job should be aborted (discarded) unless otherwise
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
+\fBErrorPolicy retry-current-job\fR
Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
.TP 5
\fBErrorPolicy stop-printer\fR

View File

@ -0,0 +1,12 @@
diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in
index 613b977a6..1deee826a 100644
--- a/scheduler/org.cups.cupsd.socket.in
+++ b/scheduler/org.cups.cupsd.socket.in
@@ -4,6 +4,7 @@ PartOf=org.cups.cupsd.service
[Socket]
ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
+RemoveOnStop=on
[Install]
WantedBy=sockets.target

13
SOURCES/cups-sssd.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in
index 11e0662..6fb7a32 100644
--- a/scheduler/org.cups.cupsd.service.in
+++ b/scheduler/org.cups.cupsd.service.in
@@ -1,7 +1,7 @@
[Unit]
Description=CUPS Scheduler
Documentation=man:cupsd(8)
-After=network.target ypbind.service
+After=network.target nss-user-lookup.target
[Service]
ExecStart=@sbindir@/cupsd -l

View File

@ -0,0 +1,28 @@
diff --git a/backend/ipp.c b/backend/ipp.c
index 0a70a87..f8bf7e1 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -327,6 +327,7 @@ main(int argc, /* I - Number of command-line args */
get_job_attrs = 0, /* Does printer support Get-Job-Attributes? */
send_document = 0, /* Does printer support Send-Document? */
validate_job = 0, /* Does printer support Validate-Job? */
+ validation_retried = 0, /* Indicate whether Validate-Job was retried */
copies, /* Number of copies for job */
copies_remaining; /* Number of copies remaining */
const char *content_type, /* CONTENT_TYPE environment variable */
@@ -1597,7 +1598,15 @@ main(int argc, /* I - Number of command-line args */
ipp_status == IPP_BAD_REQUEST)
break;
else if (job_auth == NULL && ipp_status > IPP_BAD_REQUEST)
+ {
+ if (!validation_retried)
+ {
+ validation_retried = 1;
+ sleep(10);
+ continue;
+ }
goto cleanup;
+ }
}
/*

View File

@ -0,0 +1,171 @@
@PYTHON_SHEBANG@
"""
Upgrade script to enable authentication for CUPS-Get-Document in
default policy
"""
import os
import sys
from shutil import copy
def get_cupsd_conf():
"""
Get all lines from cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf'):
return None
lines = []
with open('/etc/cups/cupsd.conf', 'r') as conf:
lines = conf.readlines()
return lines
def get_default_policy(lines):
"""
Get the default policy lines
:param list lines: lines from cupsd.conf
"""
default_policy = []
in_policy = False
for line in lines:
if not in_policy and not line.lstrip().startswith('<Policy default>'):
continue
default_policy.append(line)
if line.lstrip().startswith('</Policy>'):
return default_policy
in_policy = True
return default_policy
def get_limit_with_document(lines):
"""
Get <Limit> scope which defines CUPS-Get-Document operation
:param list lines: Lines containing the default policy
"""
limit = []
in_limit = False
for line in lines:
if not in_limit and not line.lstrip().startswith('<Limit'):
continue
if (not in_limit and line.lstrip().startswith('<Limit') and
not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
continue
limit.append(line)
if line.lstrip().startswith('</Limit>'):
return limit
in_limit = True
return limit
def check_for_authtype(lines):
"""
Check if <Limit> defining CUPS-Get-Document defines
any authentication
:param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
"""
for line in lines:
if line.lstrip().startswith('AuthType'):
return True
return False
def migrate_cupsd_conf(lines):
"""
Make changes to cupsd.conf contents to use authentication
for CUPS-Get-Document
:param list lines: Lines from cupsd.conf
"""
new_lines = []
in_policy = False
create_document_limit = False
for line in lines:
if (in_policy and line.lstrip().startswith('<Limit') and
not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
line = line.replace(' CUPS-Get-Document', '')
create_document_limit = True
if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
new_lines.append('\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'<Limit CUPS-Get-Document>\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'AuthType Default\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Require user @OWNER @SYSTEM\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Order deny,allow\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'</Limit>\n')
create_document_limit = False
new_lines.append(line)
if not in_policy:
if line.lstrip().startswith('<Policy default>'):
in_policy = True
continue
if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'AuthType Default\n')
continue
if line.lstrip().startswith('</Policy>'):
in_policy = False
continue
return new_lines
def apply_changes(lines):
"""
Backup the original file if there is no .rpmsave already and
apply changes to the actual cupsd.conf
:param list lines: New lines for cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')
with open('/etc/cups/cupsd.conf', 'w') as conf:
conf.writelines(lines)
content = get_cupsd_conf()
if content is None:
sys.exit(1)
if check_for_authtype(get_limit_with_document(get_default_policy(content))):
sys.exit(0)
new_content = migrate_cupsd_conf(content)
apply_changes(new_content)
sys.exit(0)

View File

@ -7,6 +7,13 @@
# but we use lib for compatibility with 3rd party drivers (at upstream request). # but we use lib for compatibility with 3rd party drivers (at upstream request).
%global cups_serverbin %{_exec_prefix}/lib/cups %global cups_serverbin %{_exec_prefix}/lib/cups
# we still need something for python2...
%if 0%{?rhel} >= 8 || 0%{?fedora}
%global __python %{__python3}
%else
%global __python /usr/bin/python2
%endif
#%%global prever rc1 #%%global prever rc1
#%%global VERSION %%{version}%%{prever} #%%global VERSION %%{version}%%{prever}
%global VERSION %{version} %global VERSION %{version}
@ -15,7 +22,7 @@ Summary: CUPS printing system
Name: cups Name: cups
Epoch: 1 Epoch: 1
Version: 2.2.6 Version: 2.2.6
Release: 28%{?dist} Release: 61%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/ Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@ -26,6 +33,8 @@ Source6: cups.logrotate
# Backend for NCP protocol # Backend for NCP protocol
Source7: ncp.backend Source7: ncp.backend
Source8: macros.cups Source8: macros.cups
# CVE-2023-32360 migration script
Source9: upgrade_get_document.py.in
Patch1: cups-no-gzip-man.patch Patch1: cups-no-gzip-man.patch
Patch2: cups-system-auth.patch Patch2: cups-system-auth.patch
@ -82,8 +91,103 @@ Patch47: 0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch
Patch48: 0001-Remove-web-log-buttons.patch Patch48: 0001-Remove-web-log-buttons.patch
# 1650233 - cups uses md5 for hashing credentials sent through tls connection # 1650233 - cups uses md5 for hashing credentials sent through tls connection
Patch49: cups-fips-compliance.patch Patch49: cups-fips-compliance.patch
# 1700663 - Stop advertising the HTTP methods that are supported
Patch50: cups-do-not-advertise-http-methods.patch
# 1774462, 1774463 - CVE-2019-8696, CVE-2019-8675 - buffer overflow in SNMP and IPP,
# memory disclosure and DoS in scheduler
Patch51: 0001-Multiple-security-disclosure-issues.patch
# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created
Patch52: cups-memory-consumption.patch
# 1784884 - cups.service doesn't execute automatically on request
Patch53: cups-autostart-when-enabled.patch
# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
Patch54: cups-ppdopen-heap-overflow.patch
# 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied)
Patch55: cups-etimedout.patch
# 1689207 - Add failover backend
Patch56: cups-failover-backend.patch
# 1833516 - DirtyCleanInterval ignored if there are open client connections
Patch57: cups-dirtyclean.patch
# 1775590 - rastertoepson filter crashes with paper size A6
Patch58: cups-rastertoepson-crash.patch
# 1941437 - cupsd doesn't log job ids when logging into journal
Patch59: cups-logs.patch
# 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP
Patch60: cups-validate-1st.patch
# 1938384 - CUPS doesn't start if sssd starts after cupsd
Patch61: cups-sssd.patch
# 1955964 - PreserveJobHistory doesn't work with seconds
Patch62: cups-fix-preservejob-times.patch
# 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8]
Patch63: cups-cve202010001.patch
# 2006987 - Unauthenticated users can't move print jobs in Web UI
Patch64: 0001-cgi-bin-ipp-var.c-Use-guest-user-for-Move-Job-when-n.patch
# 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited
Patch65: 0001-Fix-handling-of-MaxJobTime-0-Issue-5438.patch
# 1726383 - "lpadmin -p <queue> -o cupsSNMPSupplies:false" doesn't work
Patch66: 0001-Fix-lpadmin-with-cupsIPPSupplies-and-cupsSNMPSupplie.patch
# 1982891 - Printing of banner before PCL file only prints banner
Patch67: 0001-scheduler-job.c-use-gziptoany-for-raw-files-not-just.patch
# 2006591 - Trying to restart and hold a job doesn't work
Patch68: cups-restart-job-hold-until.patch
# 1811716 - lpr to non-existent printer reports incorrect error
Patch69: 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
# 2015182 - RFE: Implement IdleExitTimeout configuration during build
Patch70: 0001-Add-with-idle-exit-timeout-configure-option.patch
# 2013865 - RFE: Implement TimeoutStartSec configuration during build
Patch71: 0001-Add-with-systemd-timeoutstartsec-configure-option.patch
# 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere
Patch72: cups-ippeve-web-support.patch
# 2071417 - 30-second delays printing to Windows 2016 server via HTTPS
Patch73: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
# 2074684 - lp to a remote server takes a long time
Patch74: 0001-Use-cupsGetNamedDest-for-legacy-printing-APIs-Issue-.patch
# 2074736 - CUPS is too chatty about "Removing document files." in debug mode
Patch75: cups-cupsd-too-chatty.patch
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
Patch76: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
# 2084257 - ErrorPolicy documentation is incorrect
Patch77: cups-retry-current-job-man.patch
# 1910415 - manpage update to acknowledge order dependency of -h option
Patch78: 0001-Update-man-pages-for-h-option-Issue-357.patch
# 2130391 - Kerberized IPP Printing Fails
Patch79: cups-kerberos.patch
# 2217178 - Delays printing to lpd when reserved ports are exhausted
Patch80: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
# 2217283 - The command "cancel -x <job>" does not remove job files
Patch81: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
# 2217955 - Enlarge backlog queue for listen() in cupsd
Patch82: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
Patch83: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
Patch84: 0001-cups-strlcpy-handle-zero-size.patch
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
Patch85: 0001-Require-authentication-for-CUPS-Get-Document.patch
# RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
Patch86: cups-preservejob-leak.patch
# RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
Patch87: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
Patch88: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
Patch89: 0001-Fix-domain-socket-handling.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/pull/31
Patch90: cups-require-cups-socket.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
Patch91: cups-socket-remove-on-stop.patch
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
Patch92: cups-check-for-listeners.patch
Patch100: cups-lspp.patch Patch1000: cups-lspp.patch
Requires: %{name}-filesystem = %{epoch}:%{version}-%{release} Requires: %{name}-filesystem = %{epoch}:%{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -128,6 +232,9 @@ Requires(post): grep, sed
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
# for upgrade-get-document script
Requires(post): %{__python}
# We ship udev rules which use setfacl. # We ship udev rules which use setfacl.
Requires: systemd Requires: systemd
Requires: acl Requires: acl
@ -282,7 +389,7 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%if %{lspp} %if %{lspp}
# LSPP support. # LSPP support.
%patch100 -p1 -b .lspp %patch1000 -p1 -b .lspp
%endif %endif
# substitute default values for invalid job attributes (upstream #5186 and #5229) # substitute default values for invalid job attributes (upstream #5186 and #5229)
@ -307,6 +414,101 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch48 -p1 -b .rm-webui-buttons %patch48 -p1 -b .rm-webui-buttons
# 1650233 - cups uses md5 for hashing credentials sent through tls connection # 1650233 - cups uses md5 for hashing credentials sent through tls connection
%patch49 -p1 -b .fips-compliance %patch49 -p1 -b .fips-compliance
# 1700663 - Stop advertising the HTTP methods that are supported
%patch50 -p1 -b .do-not-advertise-http-methods
# 1774462, 1774463 - CVE-2019-8696, CVE-2019-8675 - buffer overflow in SNMP and IPP,
# memory disclosure and DoS in scheduler
%patch51 -p1 -b .cve-in-scheduler
# 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created
%patch52 -p1 -b .memory-consumption
# 1784884 - cups.service doesn't execute automatically on request
%patch53 -p1 -b .autostart-when-enabled
# 1825253 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
%patch54 -p1 -b .ppdopen-heap-overflow
# 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied)
%patch55 -p1 -b .etimedout
# 1689207 - Add failover backend
%patch56 -p1 -b .failover
# 1833516 - DirtyCleanInterval ignored if there are open client connections
%patch57 -p1 -b .dirtyclean
# 1775590 - rastertoepson filter crashes with paper size A6
%patch58 -p1 -b .rastertoepson-crash
# 1941437 - cupsd doesn't log job ids when logging into journal
%patch59 -p1 -b .logs
# 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP
%patch60 -p1 -b .validate-1st
# 1938384 - CUPS doesn't start if sssd starts after cupsd
%patch61 -p1 -b .sssd
# 1955964 - PreserveJobHistory doesn't work with seconds
%patch62 -p1 -b .cups-fix-preservejob-times
# 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8]
%patch63 -p1 -b .cve202010001
# 2006987 - Unauthenticated users can't move print jobs in Web UI
%patch64 -p1 -b .move-job
# 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited
%patch65 -p1 -b .maxjobtime
# 1726383 - "lpadmin -p <queue> -o cupsSNMPSupplies:false" doesn't work
%patch66 -p1 -b .supplies
# 1982891 - Printing of banner before PCL file only prints banner
%patch67 -p1 -b .banner-rawfiles
# 2006591 - Trying to restart and hold a job doesn't work
%patch68 -p1 -b .restart-hold-job
# 1811716 - lpr to non-existent printer reports incorrect error
%patch69 -p1 -b .lplpr-better-error
# 2015182 - RFE: Implement IdleExitTimeout configuration during build
%patch70 -p1 -b .idleexittimeout
# 2013865 - RFE: Implement TimeoutStartSec configuration during build
%patch71 -p1 -b .timeoutstartsec
# 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere
%patch72 -p1 -b .ippeve-web-support
# 2071417 - 30-second delays printing to Windows 2016 server via HTTPS
%patch73 -p1 -b .gnutlsbye
# 2074684 - lp to a remote server takes a long time
%patch74 -p1 -b .lp-long-time
# 2074736 - CUPS is too chatty about "Removing document files." in debug mode
%patch75 -p1 -b .cupsd-too-chatty
# CVE-2022-26691 cups: authorization bypass when using "local" authorization
%patch76 -p1 -b .cve26691
# 2084257 - ErrorPolicy documentation is incorrect
%patch77 -p1 -b .retry-current-job-man
# 1910415 - manpage update to acknowledge order dependency of -h option
%patch78 -p1 -b .manpage-update
# 2130391 - Kerberized IPP Printing Fails
%patch79 -p1 -b .kerberos
# 2217178 - Delays printing to lpd when reserved ports are exhausted
%patch80 -p1 -b .lpd-delay
# 2217283 - The command "cancel -x <job>" does not remove job files
%patch81 -p1 -b .purge-job
# 2217955 - Enlarge backlog queue for listen() in cupsd
%patch82 -p1 -b .listen-backlog
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
%patch83 -p1 -b .cve34241
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS
%patch84 -p1 -b .cve32324
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
%patch85 -p1 -b .get-document-auth
# RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
%patch86 -p1 -b .preservejob-leak
# RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
%patch87 -p1 -b .message-stderr
# RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
%patch88 -p1 -b .cupsgetjobs-pollhup
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/a436956
%patch89 -p1 -b .cve2024-35235
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/pull/31
%patch90 -p1 -b .cups-require-cups-socket
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/3448c52
%patch91 -p1 -b .cups-remove-on-stop
# RHEL-40386 CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
# https://github.com/OpenPrinting/cups/commit/7adb508
# https://github.com/OpenPrinting/cups/commit/824f49f
# https://github.com/OpenPrinting/cups/commit/56b9728
# https://github.com/OpenPrinting/cups/commit/74f437b
# https://github.com/OpenPrinting/cups/commit/fb0c914
%patch92 -p1 -b .cups-check-for-listeners
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@ -356,6 +558,10 @@ export CXX=g++
--with-xinetd=no \ --with-xinetd=no \
--with-access-log-level=actions \ --with-access-log-level=actions \
--enable-page-logging \ --enable-page-logging \
%if 0%{?rhel}
--without-idle-exit-timeout \
--without-systemd-timeoutstartsec \
%endif
localedir=%{_datadir}/locale localedir=%{_datadir}/locale
# If we got this far, all prerequisite libraries must be here. # If we got this far, all prerequisite libraries must be here.
@ -452,6 +658,11 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3:
/^\([^%].*\)/d /^\([^%].*\)/d
' > %{name}.lang ' > %{name}.lang
# install get-document upgrade script
install -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/upgrade_get_document
sed -i 's,@PYTHON_SHEBANG@,#!%{__python},' %{buildroot}%{_sbindir}/upgrade_get_document
%post %post
%systemd_post %{name}.path %{name}.socket %{name}.service %systemd_post %{name}.path %{name}.socket %{name}.service
@ -502,6 +713,20 @@ do
done done
%endif %endif
%{_bindir}/rm /var/cache/cups/*.data > /dev/null 2>&1
if [ -e /etc/systemd/system/printer.target.wants/cups.service ]
then
%{_bindir}/systemctl enable cups.service > /dev/null 2>&1
fi
# 2013865 - if the directive is not in cupsd.conf, add it (needed during upgrades if
# user had changed the config file)
grep '^\s*IdleExitTimeout' %{_sysconfdir}/cups/cupsd.conf &> /dev/null || echo -e '\nIdleExitTimeout 0' \
>> %{_sysconfdir}/cups/cupsd.conf
%{_sbindir}/upgrade_get_document
exit 0 exit 0
%post client %post client
@ -710,6 +935,139 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz %{_mandir}/man5/ipptoolfile.5.gz
%changelog %changelog
* Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-61
- RHEL-54038 cups source rpm doesn't actually build lspp support
- fix memory leaks caused by lspp
* Tue Jun 18 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-60
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
- Delete the domain socket file after stopping the cups.socket service
- Fix cupsd Listener checks
* Fri Jun 14 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-59
- RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777
- Require cups.socket in cupsd service file
* Mon Jun 10 2024 Pavol Zacik <pzacik@redhat.com> - 1:2.2.6-58
- CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-57
- revert RHEL-19200 - no new subpackages are needed
* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-56
- RHEL-10702 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents
- RHEL-19200 Recommend new cups-filters subpackages with weak dep for better upgrade exp
* Fri Nov 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-55
- RHEL-14933 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off"
- RHEL-15309 cupsd fails to open cups-files.conf and the resulting error message is lost
* Tue Sep 12 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-54
- RHEL-2612 - cups pulls an unneeded dependency on python3
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-53
- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation
* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-52
- 2217178 - Delays printing to lpd when reserved ports are exhausted
- 2217283 - The command "cancel -x <job>" does not remove job files
- 2217955 - Enlarge backlog queue for listen() in cupsd
- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
- CVE-2023-32324 cups: heap buffer overflow may lead to DoS
* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- RHEL-316 - Enable fmf tests in centos stream
* Wed Dec 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-51
- 2130391 - Kerberized IPP Printing Fails
* Fri Jul 01 2022 Richard Lescak <rlescak@redhat.com> - 1:2.2.6-50
- 1910415 - corrected manpage patch, one lpoptions usage wasn't changed
* Thu Jun 16 2022 Richard Lescak <rlescak@redhat.com> - 1:2.2.6-49
- 1910415 - manpage update to acknowledge order dependency of -h option
* Tue May 31 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-48
- 2084257 - ErrorPolicy documentation is incorrect
* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-47
- CVE-2022-26691 cups: authorization bypass when using "local" authorization
* Fri May 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-46
- 2074684 - lp to a remote server takes a long time
- 2074736 - CUPS is too chatty about "Removing document files." in debug mode
* Fri Apr 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-45
- 2071417 - 30-second delays printing to Windows 2016 server via HTTPS
* Wed Jan 19 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-44
- 2015182 - RFE: Implement IdleExitTimeout configuration during build
* Thu Jan 06 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-43
- 2032965 - [RFE] RHEL8 - CUPS Web UI supports adding IPP Everywhere
* Thu Dec 16 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-42
- 2013865 - RFE: Implement TimeoutStartSec configuration during build
* Mon Nov 29 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-42
- 2015182 - RFE: Implement IdleExitTimeout configuration during build
* Wed Nov 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-41
- 2006987 - Unauthenticated users can't move print jobs in Web UI
- 2017919 - Setting 'MaxJobTime 0' does not set a job time to unlimited
- 1726383 - "lpadmin -p <queue> -o cupsSNMPSupplies:false" doesn't work
- 1982891 - Printing of banner before PCL file only prints banner
- 2006591 - Trying to restart and hold a job doesn't work
- 1811716 - lpr to non-existent printer reports incorrect error
* Fri May 14 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-40
- 1955964 - PreserveJobHistory doesn't work with seconds
- 1927452 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c [rhel-8]
* Wed May 05 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-39
- 1941437 - cupsd doesn't log job ids when logging into journal
- 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP
- 1938384 - CUPS doesn't start if sssd starts after cupsd
* Tue May 26 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-38
- 1775590 - rastertoepson filter crashes with paper size A6
* Mon May 25 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-37
- forgot to enable optimization - 1833516
* Fri May 22 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-36
- 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied)
- 1689207 - Add failover backend
- 1833516 - DirtyCleanInterval ignored if there are open client connections
* Tue Apr 21 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-35
- 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
* Mon Apr 20 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data'
* Thu Apr 09 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1784884 - cups.service doesn't execute automatically on request
* Wed Apr 08 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-34
- 1822135 - _ppdOpen() leaks 'string' variable
* Fri Feb 14 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-33
- fix more memory leaks found by coverity in 1775668
* Fri Feb 14 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-32
- fix covscan issues raised by 1775668
* Thu Feb 06 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-31
- 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created
* Tue Nov 26 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-30
- 1774462 - CVE-2019-8675 - buffer overflow in SNMP and IPP, memory disclosure and DoS in scheduler
- 1774463 - CVE-2019-8696
* Mon Oct 07 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-29
- 1700663 - Stop advertising the HTTP methods that are supported
* Tue Aug 13 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-28 * Tue Aug 13 2019 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.6-28
- 1650233 - cups uses md5 for hashing credentials sent through tls connection - 1650233 - cups uses md5 for hashing credentials sent through tls connection