powerel9
/
cups
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

add missing new patches 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 4 months ago
parent
229f51a978
commit
87a6086851
13 changed files with 1539 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
  2. 64
      SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
  3. 31
      SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch
  4. 855
      SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch
  5. 48
      SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
  6. 35
      SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
  7. 34
      SOURCES/0001-cups-strlcpy-handle-zero-size.patch
  8. 55
      SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
  9. 43
      SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
  10. 36
      SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
  11. 115
      SOURCES/cups-local-negotiate.patch
  12. 31
      SOURCES/cups-preservejobfiles-leak.patch
  13. 171
      SOURCES/upgrade_get_document.py.in

21
SOURCES/0001-Fix-delays-printing-to-lpd-when-reserved-ports-are-e.patch
Unescape View File

@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
diff -up cups-2.3.3op2/backend/lpd.c.lpd-delay cups-2.3.3op2/backend/lpd.c
--- cups-2.3.3op2/backend/lpd.c.lpd-delay 2021-02-01 22:10:25.000000000 +0100
+++ cups-2.3.3op2/backend/lpd.c 2023-06-28 17:28:52.465476261 +0200
@@ -63,7 +63,7 @@ static int abort_job = 0; /* Non-zero i
#define RESERVE_NONE 0 /* Don't reserve a priviledged port */
#define RESERVE_RFC1179 1 /* Reserve port 721-731 */
-#define RESERVE_ANY 2 /* Reserve port 1-1023 */
+#define RESERVE_ANY 2 /* Reserve port 512-1023 */
/*
@@ -778,7 +778,7 @@ lpd_queue(const char *hostname, /*
if (lport < 721 && reserve == RESERVE_RFC1179)
lport = 731;
- else if (lport < 1)
+ else if (lport < 512)
lport = 1023;
#ifdef HAVE_GETEUID

64
SOURCES/0001-Log-result-of-httpGetHostname-BEFORE-closing-the-con.patch
Unescape View File

@ -0,0 +1,64 @@ @@ -0,0 +1,64 @@
From ffd290b4ab247f82722927ba9b21358daa16dbf1 Mon Sep 17 00:00:00 2001
From: Rose <83477269+AtariDreams@users.noreply.github.com>
Date: Thu, 1 Jun 2023 11:33:39 -0400
Subject: [PATCH] Log result of httpGetHostname BEFORE closing the connection

httpClose frees the memory of con->http. This is problematic because httpGetHostname then tries to access the memory it points to.

We have to log the hostname first.
---
scheduler/client.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/scheduler/client.c b/scheduler/client.c
index 91e441188..327473a4d 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -193,13 +193,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
/*
* Can't have an unresolved IP address with double-lookups enabled...
*/
-
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "Name lookup failed - connection from %s closed!",
+ "Name lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+ httpClose(con->http);
free(con);
return;
}
@@ -235,11 +233,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
* with double-lookups enabled...
*/
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
- "IP lookup failed - connection from %s closed!",
+ "IP lookup failed - closing connection from %s!",
httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
@@ -256,11 +254,11 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
if (!hosts_access(&wrap_req))
{
- httpClose(con->http);
-
cupsdLogClient(con, CUPSD_LOG_WARN,
"Connection from %s refused by /etc/hosts.allow and "
"/etc/hosts.deny rules.", httpGetHostname(con->http, NULL, 0));
+
+ httpClose(con->http);
free(con);
return;
}
--
2.41.0

31
SOURCES/0001-Require-authentication-for-CUPS-Get-Document.patch
Unescape View File

@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 6 Dec 2022 09:04:01 -0500
Subject: [PATCH] Require authentication for CUPS-Get-Document.

---
conf/cupsd.conf.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index b25884907..a07536f3e 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
--
2.41.0

855
SOURCES/0001-Update-man-pages-for-h-option-Issue-357.patch
Unescape View File

@ -0,0 +1,855 @@ @@ -0,0 +1,855 @@
From 4d6787bd98c2fac8dcc58f34125d299d82e622aa Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 2 May 2022 15:35:20 -0400
Subject: [PATCH] Update man pages for -h option (Issue #357)

---
doc/help/man-cancel.html | 7 ++++---
doc/help/man-cupsctl.html | 7 ++++---
doc/help/man-ipptool.html | 6 ++++++
doc/help/man-lp.html | 9 +++++----
doc/help/man-lpinfo.html | 9 +++++----
doc/help/man-lpmove.html | 9 +++++----
doc/help/man-lpoptions.html | 17 +++++++++--------
doc/help/man-lpq.html | 5 +++--
doc/help/man-lpr.html | 5 +++--
doc/help/man-lprm.html | 6 +++---
doc/help/man-lpstat.html | 5 +++--
man/cancel.1 | 9 +++++----
man/cupsctl.8 | 9 +++++----
man/lp.1 | 11 ++++++-----
man/lpinfo.8 | 11 ++++++-----
man/lpmove.8 | 11 ++++++-----
man/lpoptions.1 | 19 ++++++++++---------
man/lpq.1 | 7 ++++---
man/lpr.1 | 7 ++++---
man/lprm.1 | 8 ++++----
man/lpstat.1 | 11 ++++++-----
22 files changed, 107 insertions(+), 82 deletions(-)

diff --git a/doc/help/man-cancel.html b/doc/help/man-cancel.html
index d51bb2b91..a0b52369c 100644
--- a/doc/help/man-cancel.html
+++ b/doc/help/man-cancel.html
@@ -12,6 +12,9 @@ cancel - cancel jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cancel</b>
[
+<b>-h</b>
+<i>hostname[:port]</i>
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -19,9 +22,6 @@ cancel - cancel jobs
] [
<b>-a</b>
] [
-<b>-h</b>
-<i>hostname[:port]</i>
-] [
<b>-u</b>
<i>username</i>
] [
@@ -46,6 +46,7 @@ destinations if none is provided.
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>hostname</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-U </b><i>username</i>
<dd style="margin-left: 5.0em">Specifies the username to use when connecting to the server.
<dt><b>-u </b><i>username</i>
diff --git a/doc/help/man-cupsctl.html b/doc/help/man-cupsctl.html
index b3f892ef9..e5c98dccb 100644
--- a/doc/help/man-cupsctl.html
+++ b/doc/help/man-cupsctl.html
@@ -12,14 +12,14 @@ cupsctl - configure cupsd.conf options
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>cupsctl</b>
[
+<b>-h</b>
+<i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<b>:</b><i>port</i>]
-] [
<b>--</b>[<b>no-</b>]<b>debug-logging</b>
] [
<b>--</b>[<b>no-</b>]<b>remote-admin</b>
@@ -45,6 +45,7 @@ The following options are recognized:
<dd style="margin-left: 5.0em">Specifies an alternate username to use when authenticating with the scheduler.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies the server address.
+Note: This option must occur before all others.
<dt><b>--</b>[<b>no-</b>]<b>debug-logging</b>
<dd style="margin-left: 5.0em">Enables (disables) debug logging to the <i>error_log</i> file.
<dt><b>--</b>[<b>no-</b>]<b>remote-admin</b>
diff --git a/doc/help/man-ipptool.html b/doc/help/man-ipptool.html
index 81f67d77f..688454c69 100644
--- a/doc/help/man-ipptool.html
+++ b/doc/help/man-ipptool.html
@@ -59,6 +59,8 @@ ipptool - perform internet printing protocol requests
<b>-i</b>
<i>seconds</i>
] [
+<b>-j</b>
+] [
<b>-n</b>
<i>repeat-count</i>
] [
@@ -150,6 +152,10 @@ This option is incompatible with the <b>-i</b> (interval) and <b>-n</b> (repeat-
<i>testfile</i>
should be repeated at the specified interval.
This option is incompatible with the <b>-X</b> (XML plist output) option.
+<dt><b>-j</b>
+<dd style="margin-left: 5.0em">Specifies that
+<b>ipptool</b>
+will produce JSON output.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Specifies that plain text output is desired.
<dt><b>-n</b><i> repeat-count</i>
diff --git a/doc/help/man-lp.html b/doc/help/man-lp.html
index f70c088d3..6442e900d 100644
--- a/doc/help/man-lp.html
+++ b/doc/help/man-lp.html
@@ -12,6 +12,8 @@ lp - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -21,8 +23,6 @@ lp - print files
] [
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-m</b>
] [
<b>-n</b>
@@ -51,6 +51,8 @@ lp - print files
<br>
<b>lp</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
@@ -58,8 +60,6 @@ lp - print files
] [
<b>-c</b>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-i</b>
<i>job-id</i>
] [
@@ -106,6 +106,7 @@ In CUPS, print files are always sent to the scheduler via IPP which has the same
<dd style="margin-left: 5.0em">Prints files to the named printer.
<dt><b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Chooses an alternate server.
+Note: This option must occur before all others.
<dt><b>-i </b><i>job-id</i>
<dd style="margin-left: 5.0em">Specifies an existing job to modify.
<dt><b>-m</b>
diff --git a/doc/help/man-lpinfo.html b/doc/help/man-lpinfo.html
index a1aed9421..30df7691c 100644
--- a/doc/help/man-lpinfo.html
+++ b/doc/help/man-lpinfo.html
@@ -12,10 +12,10 @@ lpinfo - show available devices or drivers (deprecated)
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--device-id</b>
@@ -40,10 +40,10 @@ lpinfo - show available devices or drivers (deprecated)
<br>
<b>lpinfo</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-l</b>
] [
<b>--exclude-schemes</b>
@@ -66,6 +66,7 @@ The first form (<i>-m</i>) lists the available drivers, while the second form (<
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Selects an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a "long" listing of devices or drivers.
<dt><b>--device-id </b><i>device-id-string</i>
diff --git a/doc/help/man-lpmove.html b/doc/help/man-lpmove.html
index d8019ee25..b0db753f9 100644
--- a/doc/help/man-lpmove.html
+++ b/doc/help/man-lpmove.html
@@ -12,10 +12,10 @@ lpmove - move a job or all jobs to a new destination
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -24,10 +24,10 @@ lpmove - move a job or all jobs to a new destination
<br>
<b>lpmove</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
]
@@ -44,6 +44,7 @@ The <b>lpmove</b> command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="EXAMPLES">Examples</a></h2>
Move job 123 from "oldprinter" to "newprinter":
diff --git a/doc/help/man-lpoptions.html b/doc/help/man-lpoptions.html
index 6dda87f64..6af78290b 100644
--- a/doc/help/man-lpoptions.html
+++ b/doc/help/man-lpoptions.html
@@ -12,9 +12,9 @@ lpoptions - display or set printer options and defaults
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
]
<b>-d </b><i>destination</i>[<b>/</b><i>instance</i>]
[
@@ -23,20 +23,20 @@ lpoptions - display or set printer options and defaults
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-o </b><i>option</i>[<b>=</b><i>value</i>] ...
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-p </b><i>destination</i>[<b>/</b><i>instance</i>]
]
<b>-r</b>
@@ -44,9 +44,9 @@ lpoptions - display or set printer options and defaults
<br>
<b>lpoptions</b>
[
-<b>-E</b>
-] [
<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
+<b>-E</b>
]
<b>-x </b><i>destination</i>[<b>/</b><i>instance</i>]
<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
@@ -72,6 +72,7 @@ If <i>instance</i> is supplied then that particular instance is used.
This option overrides the system default printer for the current user.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Uses an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Lists the printer specific options and their current settings.
<dt><b>-o </b><i>option</i>[<b>=</b><i>value</i>]
diff --git a/doc/help/man-lpq.html b/doc/help/man-lpq.html
index 1c9e704ff..19e536d3c 100644
--- a/doc/help/man-lpq.html
+++ b/doc/help/man-lpq.html
@@ -12,13 +12,13 @@ lpq - show printer queue status
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpq</b>
[
+<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>server</i>[<b>:</b><i>port</i>]
-] [
<b>-P </b><i>destination</i>[<b>/</b><i>instance</i>]
] [
<b>-a</b>
@@ -44,6 +44,7 @@ Jobs queued on the default destination will be shown if no printer or class is s
<dd style="margin-left: 5.0em">Reports jobs on all printers.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Requests a more verbose (long) reporting format.
</dl>
diff --git a/doc/help/man-lpr.html b/doc/help/man-lpr.html
index d044ab1a8..f9b19e1fe 100644
--- a/doc/help/man-lpr.html
+++ b/doc/help/man-lpr.html
@@ -12,10 +12,10 @@ lpr - print files
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpr</b>
[
-<b>-E</b>
-] [
<b>-H </b><i>server</i>[<b>:</b><i>port</i>]
] [
+<b>-E</b>
+] [
<b>-U</b>
<i>username</i>
] [
@@ -67,6 +67,7 @@ The following options are recognized by <i>lpr</i>:
<dd style="margin-left: 5.0em">Forces encryption when connecting to the server.
<dt><b>-H </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-C "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-J "</b><i>name</i><b>"</b>
<dd style="margin-left: 5.0em"><dt><b>-T "</b><i>name</i><b>"</b>
diff --git a/doc/help/man-lprm.html b/doc/help/man-lprm.html
index 7410320a3..dbe7f20de 100644
--- a/doc/help/man-lprm.html
+++ b/doc/help/man-lprm.html
@@ -12,14 +12,13 @@ lprm - cancel print jobs
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lprm</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-U</b>
<i>username</i>
] [
-<b>-h</b>
-<i>server</i>[<i>:port</i>]
-] [
<b>-P</b>
<i>destination</i>[<i>/instance</i>]
] [
@@ -45,6 +44,7 @@ command supports the following options:
<dd style="margin-left: 5.0em">Specifies an alternate username.
<dt><b>-h </b><i>server</i>[<i>:port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
</dl>
<h2 class="title"><a name="CONFORMING_TO">Conforming To</a></h2>
The CUPS version of
diff --git a/doc/help/man-lpstat.html b/doc/help/man-lpstat.html
index f23089bbe..2c5dedc7c 100644
--- a/doc/help/man-lpstat.html
+++ b/doc/help/man-lpstat.html
@@ -12,6 +12,8 @@ lpstat - print cups status information
<h2 class="title"><a name="SYNOPSIS">Synopsis</a></h2>
<b>lpstat</b>
[
+<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
+] [
<b>-E</b>
] [
<b>-H</b>
@@ -19,8 +21,6 @@ lpstat - print cups status information
<b>-U</b>
<i>username</i>
] [
-<b>-h </b><i>hostname</i>[<b>:</b><i>port</i>]
-] [
<b>-l</b>
] [
<b>-W</b>
@@ -91,6 +91,7 @@ If no classes are specified then all classes are listed.
<dd style="margin-left: 5.0em">Shows all available destinations on the local network.
<dt><b>-h </b><i>server</i>[<b>:</b><i>port</i>]
<dd style="margin-left: 5.0em">Specifies an alternate server.
+Note: This option must occur before all others.
<dt><b>-l</b>
<dd style="margin-left: 5.0em">Shows a long listing of printers, classes, or jobs.
<dt><b>-o </b>[<i>destination(s)</i>]
diff --git a/man/cancel.1 b/man/cancel.1
index 34a5d9fc0..caea0ed69 100644
--- a/man/cancel.1
+++ b/man/cancel.1
@@ -8,12 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH cancel 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH cancel 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cancel \- cancel jobs
.SH SYNOPSIS
.B cancel
[
+.B \-h
+.I hostname[:port]
+] [
.B \-E
] [
.B \-U
@@ -21,9 +24,6 @@ cancel \- cancel jobs
] [
.B \-a
] [
-.B \-h
-.I hostname[:port]
-] [
.B \-u
.I username
] [
@@ -50,6 +50,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-h \fIhostname\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-U \fIusername\fR
Specifies the username to use when connecting to the server.
diff --git a/man/cupsctl.8 b/man/cupsctl.8
index 1b1ff4183..7e50d07ac 100644
--- a/man/cupsctl.8
+++ b/man/cupsctl.8
@@ -8,20 +8,20 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH cupsctl 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH cupsctl 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
cupsctl \- configure cupsd.conf options
.SH SYNOPSIS
.B cupsctl
[
+.B \-h
+\fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-\fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
] [
\fB\-\-\fR[\fBno\-\fR]\fBremote\-admin\fR
@@ -49,6 +49,7 @@ Specifies an alternate username to use when authenticating with the scheduler.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies the server address.
+Note: This option must occur before all others.
.TP 5
\fB\-\-\fR[\fBno\-\fR]\fBdebug\-logging\fR
Enables (disables) debug logging to the \fIerror_log\fR file.
diff --git a/man/lp.1 b/man/lp.1
index a54f904a5..4bdd2de7b 100644
--- a/man/lp.1
+++ b/man/lp.1
@@ -8,12 +8,14 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lp 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lp 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lp \- print files
.SH SYNOPSIS
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -23,8 +25,6 @@ lp \- print files
] [
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-m
] [
.B \-n
@@ -53,6 +53,8 @@ lp \- print files
.br
.B lp
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
@@ -60,8 +62,6 @@ lp \- print files
] [
.B \-c
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-i
.I job-id
] [
@@ -113,6 +113,7 @@ Prints files to the named printer.
.TP 5
\fB\-h \fIhostname\fR[\fB:\fIport\fR]
Chooses an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-i \fIjob-id\fR
Specifies an existing job to modify.
diff --git a/man/lpinfo.8 b/man/lpinfo.8
index d238f9a60..d44b568d2 100644
--- a/man/lpinfo.8
+++ b/man/lpinfo.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpinfo 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpinfo 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpinfo \- show available devices or drivers (deprecated)
.SH SYNOPSIS
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-device\-id
@@ -42,10 +42,10 @@ lpinfo \- show available devices or drivers (deprecated)
.br
.B lpinfo
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-l
] [
.B \-\-exclude\-schemes
@@ -69,6 +69,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Selects an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a "long" listing of devices or drivers.
diff --git a/man/lpmove.8 b/man/lpmove.8
index af3c6b63c..62adba654 100644
--- a/man/lpmove.8
+++ b/man/lpmove.8
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpmove 8 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpmove 8 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpmove \- move a job or all jobs to a new destination
.SH SYNOPSIS
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -26,10 +26,10 @@ lpmove \- move a job or all jobs to a new destination
.br
.B lpmove
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
]
@@ -48,6 +48,7 @@ Specifies an alternate username.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH EXAMPLES
Move job 123 from "oldprinter" to "newprinter":
.nf
diff --git a/man/lpoptions.1 b/man/lpoptions.1
index 372f46a37..2eb5b6010 100644
--- a/man/lpoptions.1
+++ b/man/lpoptions.1
@@ -8,15 +8,15 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpoptions 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpoptions 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpoptions \- display or set printer options and defaults
.SH SYNOPSIS
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
]
\fB\-d \fIdestination\fR[\fB/\fIinstance\fR]
[
@@ -25,20 +25,20 @@ lpoptions \- display or set printer options and defaults
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
\fB\-o \fIoption\fR[\fB=\fIvalue\fR] ...
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
\fB\-p \fIdestination\fR[\fB/\fIinstance\fR]
]
.B \-r
@@ -46,9 +46,9 @@ lpoptions \- display or set printer options and defaults
.br
.B lpoptions
[
-.B \-E
-] [
\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
+.B \-E
]
\fB\-x \fIdestination\fR[\fB/\fIinstance\fR]
.SH DESCRIPTION
@@ -79,6 +79,7 @@ This option overrides the system default printer for the current user.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Uses an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Lists the printer specific options and their current settings.
diff --git a/man/lpq.1 b/man/lpq.1
index ce23a6c81..a81633ecb 100644
--- a/man/lpq.1
+++ b/man/lpq.1
@@ -8,19 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpq 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpq 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpq \- show printer queue status
.SH SYNOPSIS
.B lpq
[
+\fB\-h \fIserver\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-\fB\-h \fIserver\fR[\fB:\fIport\fR]
-] [
\fB\-P \fIdestination\fR[\fB/\fIinstance\fR]
] [
.B \-a
@@ -51,6 +51,7 @@ Reports jobs on all printers.
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Requests a more verbose (long) reporting format.
diff --git a/man/lpr.1 b/man/lpr.1
index e5f9f9018..77a62b305 100644
--- a/man/lpr.1
+++ b/man/lpr.1
@@ -8,16 +8,16 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lpr 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpr 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpr \- print files
.SH SYNOPSIS
.B lpr
[
-.B \-E
-] [
\fB\-H \fIserver\fR[\fB:\fIport\fR]
] [
+.B \-E
+] [
.B \-U
.I username
] [
@@ -70,6 +70,7 @@ Forces encryption when connecting to the server.
.TP 5
\fB\-H \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
\fB\-C "\fIname\fB"\fR
.TP 5
diff --git a/man/lprm.1 b/man/lprm.1
index 094166539..0cf88ac51 100644
--- a/man/lprm.1
+++ b/man/lprm.1
@@ -8,20 +8,19 @@
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more
.\" information.
.\"
-.TH lprm 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lprm 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lprm \- cancel print jobs
.SH SYNOPSIS
.B lprm
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-U
.I username
] [
-.B \-h
-.IR server [ :port ]
-] [
.B \-P
.IR destination [ /instance ]
] [
@@ -50,6 +49,7 @@ Specifies an alternate username.
.TP 5
\fB\-h \fIserver\fR[\fI:port\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.SH CONFORMING TO
The CUPS version of
.B lprm
diff --git a/man/lpstat.1 b/man/lpstat.1
index 0a10cd9bc..88acff7b3 100644
--- a/man/lpstat.1
+++ b/man/lpstat.1
@@ -1,17 +1,20 @@
.\"
.\" lpstat man page for CUPS.
.\"
-.\" Copyright 2007-2019 by Apple Inc.
-.\" Copyright 1997-2006 by Easy Software Products.
+.\" Copyright © 2021-2022 by OpenPrinting.
+.\" Copyright © 2007-2019 by Apple Inc.
+.\" Copyright © 1997-2006 by Easy Software Products.
.\"
.\" Licensed under Apache License v2.0. See the file "LICENSE" for more information.
.\"
-.TH lpstat 1 "CUPS" "26 April 2019" "Apple Inc."
+.TH lpstat 1 "CUPS" "2022-05-02" "OpenPrinting"
.SH NAME
lpstat \- print cups status information
.SH SYNOPSIS
.B lpstat
[
+\fB\-h \fIhostname\fR[\fB:\fIport\fR]
+] [
.B \-E
] [
.B \-H
@@ -19,8 +22,6 @@
.B \-U
.I username
] [
-\fB\-h \fIhostname\fR[\fB:\fIport\fR]
-] [
.B \-l
] [
.B \-W
@@ -100,6 +101,7 @@
.TP 5
\fB\-h \fIserver\fR[\fB:\fIport\fR]
Specifies an alternate server.
+Note: This option must occur before all others.
.TP 5
.B \-l
Shows a long listing of printers, classes, or jobs.
@@ -145,4 +147,4 @@
.BR lprm (1),
CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright \[co] 2007-2019 by Apple Inc.
+Copyright \[co] 2021-2022 by OpenPrinting.

48
SOURCES/0001-Use-purge-job-instead-of-purge-jobs-when-canceling-a.patch
Unescape View File

@ -0,0 +1,48 @@ @@ -0,0 +1,48 @@
From c5ad7aaf6c8063a39974c6b4a3cf59b7f912daae Mon Sep 17 00:00:00 2001
From: Bryan Mason <bmason@redhat.com>
Date: Tue, 27 Jun 2023 04:18:46 -0700
Subject: [PATCH 1/2] Use "purge-job" instead of "purge-jobs" when canceling a
single job (#742)

The command "cancel -x <job>" adds "purge-jobs true" to the Cancel-Job
operation; however, the correct attribute to use for Cancel-job is
"purge-job" (singular), not "purge-jobs" (plural). As a result, job
files are not removed from /var/spool/cups when "cancel -x <job>" is
executed.

This patch resolves the issue by adding "purge-job" when the IPP
operation is Cancel-Job and "purge-jobs" for other IPP operations
(Purge-Jobs, Cancel-Jobs, and Cancel-My-Jobs)
---
systemv/cancel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/systemv/cancel.c b/systemv/cancel.c
index 572f413e1..f5b8e12b5 100644
--- a/systemv/cancel.c
+++ b/systemv/cancel.c
@@ -260,6 +260,7 @@ main(int argc, /* I - Number of command-line arguments */
* attributes-natural-language
* printer-uri + job-id *or* job-uri
* [requesting-user-name]
+ * [purge-job] or [purge-jobs]
*/
request = ippNewRequest(op);
@@ -294,7 +295,12 @@ main(int argc, /* I - Number of command-line arguments */
"requesting-user-name", NULL, cupsUser());
if (purge)
- ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ {
+ if (op == IPP_CANCEL_JOB)
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-job", (char)purge);
+ else
+ ippAddBoolean(request, IPP_TAG_OPERATION, "purge-jobs", (char)purge);
+ }
/*
* Do the request and get back a response...
--
2.41.0

35
SOURCES/0001-cups-http-addr.c-Set-listen-backlog-size-to-INT_MAX-.patch
Unescape View File

@ -0,0 +1,35 @@ @@ -0,0 +1,35 @@
From 876fdc1c90a885a58644c8757bc1283c9fd5bcb7 Mon Sep 17 00:00:00 2001
From: Vasilis Liaskovitis <vliaskovitis@suse.com>
Date: Wed, 1 Mar 2023 13:46:28 +0100
Subject: [PATCH] cups/http-addr.c: Set listen backlog size to INT_MAX (fixes
#308)

Use a listen queue size of INT_MAX, which should default to the maximum
supported queue size on the system.

This avoids the problem of the listening backlog queue getting full when
there are too many requests at the same time. The problem was observed
with the previous backlog size (128) by customers when submitting large
batches of print jobs, resulting in some jobs getting lost.

Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
---
cups/http-addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cups/http-addr.c b/cups/http-addr.c
index a61ee0449..6aeeb8074 100644
--- a/cups/http-addr.c
+++ b/cups/http-addr.c
@@ -249,7 +249,7 @@ httpAddrListen(http_addr_t *addr, /* I - Address to bind to */
* Listen...
*/
- if (listen(fd, 128))
+ if (listen(fd, INT_MAX))
{
_cupsSetHTTPError(HTTP_STATUS_ERROR);
--
2.41.0

34
SOURCES/0001-cups-strlcpy-handle-zero-size.patch
Unescape View File

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
From 5e3107e734f06d410a490e8bc923dc3119f17671 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 17 May 2023 12:59:57 -0400
Subject: [PATCH] Consensus fix.

---
cups/string.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/cups/string.c b/cups/string.c
index 00454203c..b4fc12050 100644
--- a/cups/string.c
+++ b/cups/string.c
@@ -1,6 +1,7 @@
/*
* String functions for CUPS.
*
+ * Copyright © 2023 by OpenPrinting.
* Copyright © 2007-2019 by Apple Inc.
* Copyright © 1997-2007 by Easy Software Products.
*
@@ -730,6 +731,9 @@ _cups_strlcpy(char *dst, /* O - Destination string */
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
+
/*
* Figure out how much room is needed...
*/
--
2.40.1

55
SOURCES/0001-cups-tls-gnutls.c-Use-always-GNUTLS_SHUT_WR.patch
Unescape View File

@ -0,0 +1,55 @@ @@ -0,0 +1,55 @@
From bdb1ca45454d90410031c4c2054005a995f76180 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 6 Apr 2022 15:04:45 +0200
Subject: [PATCH] cups/tls-gnutls.c: Use always GNUTLS_SHUT_WR

The current mode for `gnutls_bye()` in client use cases strictly
follows TLS v1.2 standard, which in this particular part says:

```
Unless some other fatal alert has been transmitted, each party is
required to send a close_notify alert before closing the write
side of the connection. The other party MUST respond with a
close_notify alert of its own and close down the connection immediately,
discarding any pending writes. It is not required for the initiator
of the close to wait for the responding close_notify alert before
closing the read side of the connection.
```

and waits for the other side of TLS connection to confirm the close.

Unfortunately it can undesired for reasons:
- we support switching of TLS versions in CUPS, and this mode strictly
follows TLS v1.2 - so for older version this behavior is not expected
and can cause delays
- even some TLS v1.2 implementations (like Windows Server 2016) don't
comply TLS v1.2 behavior even if it says it does - in that case,
encrypted printing takes 30s till HTTP timeout is reached, because the
other side didn't send confirmation
- AFAIU openssl's SSL_shutdown() doesn't make this TLS v1.2 difference,
so we could end up with two TLS implementations in CUPS which will
behave differently

Since the standard defines that waiting for confirmation is not required
and due the problems above, I would propose using GNUTLS_SHUT_WR mode
regardless of HTTP mode.
---
cups/tls-gnutls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index c55995b2b..f87b4f4df 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1667,7 +1667,7 @@ _httpTLSStop(http_t *http) /* I - Connection to server */
int error; /* Error code */
- error = gnutls_bye(http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+ error = gnutls_bye(http->tls, GNUTLS_SHUT_WR);
if (error != GNUTLS_E_SUCCESS)
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(errno), 0);
--
2.35.1

43
SOURCES/0001-httpAddrConnect2-Check-for-error-if-POLLHUP-is-in-va.patch
Unescape View File

@ -0,0 +1,43 @@ @@ -0,0 +1,43 @@
diff -up cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup cups-2.2.6/cups/http-addrlist.c
--- cups-2.2.6/cups/http-addrlist.c.cupsgetjobs-pollhup 2023-12-19 18:25:15.484637450 +0100
+++ cups-2.2.6/cups/http-addrlist.c 2023-12-19 18:28:57.129163387 +0100
@@ -313,6 +313,39 @@ httpAddrConnect2(
{
# ifdef HAVE_POLL
DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents));
+
+# ifdef _WIN32
+ if (((WSAGetLastError() == WSAEINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# else
+ if (((errno == EINPROGRESS) && (pfds[i].revents & POLLIN) && (pfds[i].revents & POLLOUT)) ||
+ ((pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN|POLLOUT))))
+# endif /* _WIN32 */
+ {
+ // Some systems generate POLLIN or POLLOUT together with POLLHUP when doing
+ // asynchronous connections. The solution seems to be to use getsockopt to
+ // check the SO_ERROR value and ignore the POLLHUP if there is no error or
+ // the error is EINPROGRESS.
+
+ int sres, /* Return value from getsockopt() - 0, or -1 if error */
+ serr; /* Option SO_ERROR value */
+ socklen_t slen = sizeof(serr); /* Option value size */
+
+ sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen);
+
+ if (sres || serr)
+ {
+ pfds[i].revents |= POLLERR;
+# ifdef DEBUG
+ DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr)));
+# endif
+ }
+ else if (pfds[i].revents && (pfds[i].revents & POLLHUP) && (pfds[i].revents & (POLLIN | POLLOUT)))
+ {
+ pfds[i].revents &= ~POLLHUP;
+ }
+ }
+
if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP)))
# else
if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set))

36
SOURCES/0001-scheduler-conf.c-Print-to-stderr-if-we-don-t-open-cu.patch
Unescape View File

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
From db9cecdd932e58c51d2d659f63415ad47d151717 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Fri, 1 Sep 2023 17:11:54 +0200
Subject: [PATCH] scheduler/conf.c: Print to stderr if we don't open
cups-files.conf

In case cupsd can't open the cups-files.conf, the error message is lost
if journal and syslog don't exist or work on system (usually in
containers).

Log the error into stderr at this place to get the error message if
needed.
---
scheduler/conf.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/scheduler/conf.c b/scheduler/conf.c
index b18535162..4fa7eb1df 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -811,11 +811,7 @@ cupsdReadConfiguration(void)
cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
else
{
-#ifdef HAVE_SYSTEMD_SD_JOURNAL_H
- sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#else
- syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
-#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */
+ fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno));
return (0);
}
--
2.41.0

115
SOURCES/cups-local-negotiate.patch
Unescape View File

@ -0,0 +1,115 @@ @@ -0,0 +1,115 @@
diff --git a/cups/auth.c b/cups/auth.c
index db45bbb..b6fec6b 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -90,6 +90,7 @@ static void cups_gss_printf(OM_uint32 major_status, OM_uint32 minor_status,
# define cups_gss_printf(major, minor, message)
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int cups_is_local_connection(http_t *http);
static int cups_local_auth(http_t *http);
@@ -174,10 +175,10 @@ cupsDoAuthentication(
DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme));
#ifdef HAVE_GSSAPI
- if (!_cups_strcasecmp(scheme, "Negotiate"))
+ if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http))
{
/*
- * Kerberos authentication...
+ * Kerberos authentication to remote server...
*/
int gss_status; /* Auth status */
@@ -201,7 +202,9 @@ cupsDoAuthentication(
}
else
#endif /* HAVE_GSSAPI */
- if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest"))
+ if (_cups_strcasecmp(scheme, "Basic") &&
+ _cups_strcasecmp(scheme, "Digest") &&
+ _cups_strcasecmp(scheme, "Negotiate"))
{
/*
* Other schemes not yet supported...
@@ -215,7 +218,7 @@ cupsDoAuthentication(
* See if we should retry the current username:password...
*/
- if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest"))))
+ if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
@@ -295,7 +298,7 @@ cupsDoAuthentication(
}
}
- if (http->authstring)
+ if (http->authstring && http->authstring[0])
{
DEBUG_printf(("1cupsDoAuthentication: authstring=\"%s\".", http->authstring));
@@ -916,6 +919,14 @@ cups_gss_printf(OM_uint32 major_status,/* I - Major status code */
# endif /* DEBUG */
#endif /* HAVE_GSSAPI */
+static int /* O - 0 if not a local connection */
+ /* 1 if local connection */
+cups_is_local_connection(http_t *http) /* I - HTTP connection to server */
+{
+ if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ return 0;
+ return 1;
+}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
@@ -958,7 +969,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
* See if we are accessing localhost...
*/
- if (!httpAddrLocalhost(http->hostaddr) && _cups_strcasecmp(http->hostname, "localhost") != 0)
+ if (!cups_is_local_connection(http))
{
DEBUG_puts("8cups_local_auth: Not a local connection!");
return (1);
@@ -1032,11 +1043,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
}
# endif /* HAVE_AUTHORIZATION_H */
-# ifdef HAVE_GSSAPI
- if (cups_auth_find(www_auth, "Negotiate"))
- return (1);
-# endif /* HAVE_GSSAPI */
-
# if defined(SO_PEERCRED) && defined(AF_LOCAL)
/*
* See if we can authenticate using the peer credentials provided over a
diff --git a/scheduler/client.c b/scheduler/client.c
index 89c76bf..40708d9 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2244,18 +2244,13 @@ cupsdSendHeader(
}
else if (auth_type == CUPSD_AUTH_NEGOTIATE)
{
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
- strlcpy(auth_str, "PeerCred", sizeof(auth_str));
- else
-#endif /* SO_PEERCRED && AF_LOCAL */
strlcpy(auth_str, "Negotiate", sizeof(auth_str));
}
- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
+ if (con->best && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))
{
/*
- * Add a "trc" (try root certification) parameter for local non-Kerberos
+ * Add a "trc" (try root certification) parameter for local
* requests when the request requires system group membership - then the
* client knows the root certificate can/should be used.
*

31
SOURCES/cups-preservejobfiles-leak.patch
Unescape View File

@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
diff --git a/scheduler/colorman.c b/scheduler/colorman.c
index 8af4e5c..9bfdb0c 100644
--- a/scheduler/colorman.c
+++ b/scheduler/colorman.c
@@ -1083,7 +1083,7 @@ colord_create_profile(
dbus_message_iter_get_basic(&args, &profile_path);
cupsdLogMessage(CUPSD_LOG_DEBUG, "Created profile \"%s\".", profile_path);
- cupsArrayAdd(profiles, strdup(profile_path));
+ cupsArrayAdd(profiles, profile_path);
out:
diff --git a/scheduler/job.c b/scheduler/job.c
index 0223bee..47d4c72 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -1496,11 +1496,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
job->num_files = 0;
}
+ unload_job(job);
+
if (job->history)
free_job_history(job);
- unload_job(job);
-
cupsArrayRemove(Jobs, job);
cupsArrayRemove(ActiveJobs, job);
cupsArrayRemove(PrintingJobs, job);

171
SOURCES/upgrade_get_document.py.in
Unescape View File

@ -0,0 +1,171 @@ @@ -0,0 +1,171 @@
@PYTHON_SHEBANG@

"""
Upgrade script to enable authentication for CUPS-Get-Document in
default policy
"""

import os
import sys
from shutil import copy


def get_cupsd_conf():
"""
Get all lines from cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf'):
return None

lines = []
with open('/etc/cups/cupsd.conf', 'r') as conf:
lines = conf.readlines()

return lines


def get_default_policy(lines):
"""
Get the default policy lines

:param list lines: lines from cupsd.conf
"""
default_policy = []
in_policy = False

for line in lines:
if not in_policy and not line.lstrip().startswith('<Policy default>'):
continue

default_policy.append(line)

if line.lstrip().startswith('</Policy>'):
return default_policy

in_policy = True

return default_policy


def get_limit_with_document(lines):
"""
Get <Limit> scope which defines CUPS-Get-Document operation

:param list lines: Lines containing the default policy
"""
limit = []
in_limit = False

for line in lines:
if not in_limit and not line.lstrip().startswith('<Limit'):
continue

if (not in_limit and line.lstrip().startswith('<Limit') and
not 'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
continue

limit.append(line)

if line.lstrip().startswith('</Limit>'):
return limit

in_limit = True

return limit


def check_for_authtype(lines):
"""
Check if <Limit> defining CUPS-Get-Document defines
any authentication

:param list lines: Lines of <Limit> scope which defines CUPS-Get-Document
"""
for line in lines:
if line.lstrip().startswith('AuthType'):
return True
return False


def migrate_cupsd_conf(lines):
"""
Make changes to cupsd.conf contents to use authentication
for CUPS-Get-Document

:param list lines: Lines from cupsd.conf
"""
new_lines = []
in_policy = False
create_document_limit = False

for line in lines:
if (in_policy and line.lstrip().startswith('<Limit') and
not line.lstrip().startswith('<Limit CUPS-Get-Document>') and
'CUPS-Get-Document' in line.lstrip().split('#')[0][1:-1]):
line = line.replace(' CUPS-Get-Document', '')
create_document_limit = True

if in_policy and line.lstrip().startswith('</Policy>') and create_document_limit:
new_lines.append('\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'<Limit CUPS-Get-Document>\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'AuthType Default\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Require user @OWNER @SYSTEM\n')
new_lines.append((len(line) - len(line.lstrip()) + 4) * ' ' +
'Order deny,allow\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'</Limit>\n')
create_document_limit = False

new_lines.append(line)

if not in_policy:
if line.lstrip().startswith('<Policy default>'):
in_policy = True
continue

if line.lstrip().startswith('<Limit CUPS-Get-Document>'):
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'# added during upgrade\n')
new_lines.append((len(line) - len(line.lstrip()) + 2) * ' ' +
'AuthType Default\n')
continue

if line.lstrip().startswith('</Policy>'):
in_policy = False
continue

return new_lines


def apply_changes(lines):
"""
Backup the original file if there is no .rpmsave already and
apply changes to the actual cupsd.conf

:param list lines: New lines for cupsd.conf
"""
if not os.path.exists('/etc/cups/cupsd.conf.rpmsave'):
copy('/etc/cups/cupsd.conf', '/etc/cups/cupsd.conf.rpmsave')

with open('/etc/cups/cupsd.conf', 'w') as conf:
conf.writelines(lines)



content = get_cupsd_conf()
if content is None:
sys.exit(1)

if check_for_authtype(get_limit_with_document(get_default_policy(content))):
sys.exit(0)

new_content = migrate_cupsd_conf(content)

apply_changes(new_content)

sys.exit(0)
Write Preview
Loading…
Cancel
Save