|
|
@ -7,6 +7,13 @@ |
|
|
|
# but we use lib for compatibility with 3rd party drivers (at upstream request). |
|
|
|
# but we use lib for compatibility with 3rd party drivers (at upstream request). |
|
|
|
%global cups_serverbin %{_exec_prefix}/lib/cups |
|
|
|
%global cups_serverbin %{_exec_prefix}/lib/cups |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# we still need something for python2... |
|
|
|
|
|
|
|
%if 0%{?rhel} >= 8 || 0%{?fedora} |
|
|
|
|
|
|
|
%bcond_without python3 |
|
|
|
|
|
|
|
%else |
|
|
|
|
|
|
|
%bcond_with python3 |
|
|
|
|
|
|
|
%endif |
|
|
|
|
|
|
|
|
|
|
|
#%%global prever rc1 |
|
|
|
#%%global prever rc1 |
|
|
|
#%%global VERSION %%{version}%%{prever} |
|
|
|
#%%global VERSION %%{version}%%{prever} |
|
|
|
%global VERSION %{version} |
|
|
|
%global VERSION %{version} |
|
|
@ -17,7 +24,7 @@ Summary: CUPS printing system |
|
|
|
Name: cups |
|
|
|
Name: cups |
|
|
|
Epoch: 1 |
|
|
|
Epoch: 1 |
|
|
|
Version: 2.3.3%{OP_VER} |
|
|
|
Version: 2.3.3%{OP_VER} |
|
|
|
Release: 13%{?dist}.1 |
|
|
|
Release: 24%{?dist} |
|
|
|
License: ASL 2.0 |
|
|
|
License: ASL 2.0 |
|
|
|
Url: http://www.cups.org/ |
|
|
|
Url: http://www.cups.org/ |
|
|
|
# Apple stopped uploading the new versions into github, use OpenPrinting fork |
|
|
|
# Apple stopped uploading the new versions into github, use OpenPrinting fork |
|
|
@ -26,6 +33,8 @@ Source0: https://github.com/OpenPrinting/cups/releases/download/v%{VERSION}/cups |
|
|
|
Source1: cupsprinter.png |
|
|
|
Source1: cupsprinter.png |
|
|
|
# cups_serverbin macro definition for use during builds |
|
|
|
# cups_serverbin macro definition for use during builds |
|
|
|
Source2: macros.cups |
|
|
|
Source2: macros.cups |
|
|
|
|
|
|
|
# CVE-2023-32360 migration script |
|
|
|
|
|
|
|
Source3: upgrade_get_document.py.in |
|
|
|
|
|
|
|
|
|
|
|
# PAM enablement, very old patch, not even git can track when or why |
|
|
|
# PAM enablement, very old patch, not even git can track when or why |
|
|
|
# the patch was added. |
|
|
|
# the patch was added. |
|
|
@ -97,8 +106,32 @@ Patch25: cups-fips-restrict-md5.patch |
|
|
|
# Memory leak fixes (bug #1964975) |
|
|
|
# Memory leak fixes (bug #1964975) |
|
|
|
# https://github.com/OpenPrinting/cups/pull/322 |
|
|
|
# https://github.com/OpenPrinting/cups/pull/322 |
|
|
|
Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch |
|
|
|
Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch |
|
|
|
|
|
|
|
# 2073266 - 30-second delays printing to Windows 2016 server via HTTPS |
|
|
|
|
|
|
|
Patch27: 0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch |
|
|
|
|
|
|
|
# 2091997 - manpage update to acknowledge order dependency of -h option |
|
|
|
|
|
|
|
Patch28: 0001-Update-man-pages-for-h-option-Issue-357.patch |
|
|
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch |
|
|
|
Patch29: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch |
|
|
|
|
|
|
|
# 2189919 - CGI scripts don't work with local Negotiate authentication |
|
|
|
|
|
|
|
Patch30: cups-local-negotiate.patch |
|
|
|
|
|
|
|
# 2217177 - Delays printing to lpd when reserved ports are exhausted |
|
|
|
|
|
|
|
Patch31: 0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch |
|
|
|
|
|
|
|
# 2217284 - The command "cancel -x <job>" does not remove job files |
|
|
|
|
|
|
|
Patch32: 0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch |
|
|
|
|
|
|
|
# 2217954 - Enlarge backlog queue for listen() in cupsd |
|
|
|
|
|
|
|
Patch33: 0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch |
|
|
|
|
|
|
|
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c |
|
|
|
|
|
|
|
Patch34: 0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch |
|
|
|
|
|
|
|
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS |
|
|
|
|
|
|
|
Patch35: 0001-cups-strlcpy-handle-zero-size.patch |
|
|
|
|
|
|
|
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation |
|
|
|
|
|
|
|
Patch36: 0001-Require-authentication-for-CUPS-Get-Document.patch |
|
|
|
|
|
|
|
# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" |
|
|
|
|
|
|
|
Patch37: cups-preservejobfiles-leak.patch |
|
|
|
|
|
|
|
# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost |
|
|
|
|
|
|
|
Patch38: 0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch |
|
|
|
|
|
|
|
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents |
|
|
|
|
|
|
|
Patch39: 0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##### Patches removed because IMHO they aren't no longer needed |
|
|
|
##### Patches removed because IMHO they aren't no longer needed |
|
|
@ -165,6 +198,13 @@ Requires(post): grep, sed |
|
|
|
Requires(preun): systemd |
|
|
|
Requires(preun): systemd |
|
|
|
Requires(postun): systemd |
|
|
|
Requires(postun): systemd |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# for upgrade-get-document script |
|
|
|
|
|
|
|
%if %{with python3} |
|
|
|
|
|
|
|
Requires(post): python3 |
|
|
|
|
|
|
|
%else |
|
|
|
|
|
|
|
Requires(post): python |
|
|
|
|
|
|
|
%endif |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%package client |
|
|
|
%package client |
|
|
|
Summary: CUPS printing system - client programs |
|
|
|
Summary: CUPS printing system - client programs |
|
|
@ -327,9 +367,32 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in |
|
|
|
%patch25 -p1 -b .restrict-md5 |
|
|
|
%patch25 -p1 -b .restrict-md5 |
|
|
|
# 1964975 - Memory leak fixes |
|
|
|
# 1964975 - Memory leak fixes |
|
|
|
%patch26 -p1 -b .memleak-fixes |
|
|
|
%patch26 -p1 -b .memleak-fixes |
|
|
|
|
|
|
|
# 2073266 - 30-second delays printing to Windows 2016 server via HTTPS |
|
|
|
|
|
|
|
%patch27 -p1 -b .gnutlsbye |
|
|
|
|
|
|
|
# 2091997 - manpage update to acknowledge order dependency of -h option |
|
|
|
|
|
|
|
%patch28 -p1 -b .manpage-update |
|
|
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
# CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
%patch27 -p1 -b .cve26691 |
|
|
|
%patch29 -p1 -b .cve26691 |
|
|
|
|
|
|
|
# 2189919 - CGI scripts don't work with local Negotiate authentication |
|
|
|
|
|
|
|
%patch30 -p1 -b .local-negotiate |
|
|
|
|
|
|
|
# 2217177 - Delays printing to lpd when reserved ports are exhausted |
|
|
|
|
|
|
|
%patch31 -p1 -b .lpd-delay |
|
|
|
|
|
|
|
# 2217284 - The command "cancel -x <job>" does not remove job files |
|
|
|
|
|
|
|
%patch32 -p1 -b .purge-job |
|
|
|
|
|
|
|
# 2217954 - Enlarge backlog queue for listen() in cupsd |
|
|
|
|
|
|
|
%patch33 -p1 -b .listen-backlog |
|
|
|
|
|
|
|
# CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c |
|
|
|
|
|
|
|
%patch34 -p1 -b .cve34241 |
|
|
|
|
|
|
|
# CVE-2023-32324 cups: heap buffer overflow may lead to DoS |
|
|
|
|
|
|
|
%patch35 -p1 -b .cve32324 |
|
|
|
|
|
|
|
# CVE-2023-32360 cups: Information leak through Cups-Get-Document operation |
|
|
|
|
|
|
|
%patch36 -p1 -b .get-document-auth |
|
|
|
|
|
|
|
# RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" |
|
|
|
|
|
|
|
%patch37 -p1 -b .preservejobfiles-leak |
|
|
|
|
|
|
|
# RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost |
|
|
|
|
|
|
|
%patch38 -p1 -b .log-stderr |
|
|
|
|
|
|
|
# RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents |
|
|
|
|
|
|
|
%patch39 -p1 -b .cupsgetjobs-pollhup |
|
|
|
|
|
|
|
|
|
|
|
%if %{lspp} |
|
|
|
%if %{lspp} |
|
|
|
# LSPP support. |
|
|
|
# LSPP support. |
|
|
@ -493,6 +556,15 @@ s:.*\('%{_datadir}'/\)\([^/_]\+\)\(.*\.po$\):%lang(\2) \1\2\3: |
|
|
|
/^\([^%].*\)/d |
|
|
|
/^\([^%].*\)/d |
|
|
|
' > %{name}.lang |
|
|
|
' > %{name}.lang |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# install get-document upgrade script |
|
|
|
|
|
|
|
install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/upgrade_get_document |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with python3} |
|
|
|
|
|
|
|
sed -i 's,@PYTHON_SHEBANG@,#!/usr/bin/python3,' %{buildroot}%{_sbindir}/upgrade_get_document |
|
|
|
|
|
|
|
%else |
|
|
|
|
|
|
|
sed -i 's,@PYTHON_SHEBANG@,#!/usr/bin/python,' %{buildroot}%{_sbindir}/upgrade_get_document |
|
|
|
|
|
|
|
%endif |
|
|
|
|
|
|
|
|
|
|
|
%post |
|
|
|
%post |
|
|
|
%systemd_post %{name}.path %{name}.socket %{name}.service |
|
|
|
%systemd_post %{name}.path %{name}.socket %{name}.service |
|
|
|
|
|
|
|
|
|
|
@ -540,6 +612,8 @@ do |
|
|
|
done |
|
|
|
done |
|
|
|
%endif |
|
|
|
%endif |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%{_sbindir}/upgrade_get_document |
|
|
|
|
|
|
|
|
|
|
|
exit 0 |
|
|
|
exit 0 |
|
|
|
|
|
|
|
|
|
|
|
%post client |
|
|
|
%post client |
|
|
@ -753,9 +827,50 @@ rm -f %{cups_serverbin}/backend/smb |
|
|
|
%{_mandir}/man7/ippeveps.7.gz |
|
|
|
%{_mandir}/man7/ippeveps.7.gz |
|
|
|
|
|
|
|
|
|
|
|
%changelog |
|
|
|
%changelog |
|
|
|
* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1 |
|
|
|
* Mon Feb 26 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-24 |
|
|
|
|
|
|
|
- revert RHEL-19205 - new packages are not needed |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Dec 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-23 |
|
|
|
|
|
|
|
- RHEL-19205 Recommend new cups-filters subpackages with weak dep for better upgrade exp |
|
|
|
|
|
|
|
- RHEL-19495 cupsGetJobs fails to connect if poll() gets POLLOUT|POLLHUP in revents |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Nov 02 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-22 |
|
|
|
|
|
|
|
- RHEL-14931 cupsd memory leak in cupsdDeleteJob() with "PreserveJobHistory Off" |
|
|
|
|
|
|
|
- RHEL-15308 cupsd fails to open cups-files.conf and the resulting error message is lost |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-21 |
|
|
|
|
|
|
|
- bump the spec because the previous build was made with buildroot 9.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-20 |
|
|
|
|
|
|
|
- CVE-2023-32360 cups: Information leak through Cups-Get-Document operation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Jun 29 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19 |
|
|
|
|
|
|
|
- CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c |
|
|
|
|
|
|
|
- CVE-2023-32324 cups: heap buffer overflow may lead to DoS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-19 |
|
|
|
|
|
|
|
- 2217177 - Delays printing to lpd when reserved ports are exhausted |
|
|
|
|
|
|
|
- 2217284 - The command "cancel -x <job>" does not remove job files |
|
|
|
|
|
|
|
- 2217954 - Enlarge backlog queue for listen() in cupsd |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Apr 26 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-18 |
|
|
|
|
|
|
|
- 2189919 - CGI scripts don't work with local Negotiate authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Apr 03 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17 |
|
|
|
|
|
|
|
- RHEL-314 - Enable fmf tests in centos stream |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Mar 23 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-17 |
|
|
|
|
|
|
|
- RHEL-317 - upstream test suite fails due uncorrect number of expected warnings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Thu Jun 16 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-16 |
|
|
|
- CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
- CVE-2022-26691 cups: authorization bypass when using "local" authorization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Jun 10 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-15 |
|
|
|
|
|
|
|
- 2091997 - update man pages to mention order dependency of -h option |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Apr 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-14 |
|
|
|
|
|
|
|
- 2073266 - 30-second delays printing to Windows 2016 server via HTTPS |
|
|
|
|
|
|
|
|
|
|
|
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13 |
|
|
|
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13 |
|
|
|
- 1964975 - added fix for uninit jump into the leaks patch |
|
|
|
- 1964975 - added fix for uninit jump into the leaks patch |
|
|
|
|
|
|
|
|
|
|
|