Hello community, here is the log from the commit of package cups.3550 for openSUSE:13.1:Update checked in at 2015-02-26 08:39:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/cups.3550 (Old) and /work/SRC/openSUSE:13.1:Update/.cups.3550.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups.3550" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.cups.3550.new/cups.changes 2015-02-26 08:39:19.000000000 +0100 @@ -0,0 +1,2943 @@ +------------------------------------------------------------------- +Tue Feb 17 16:21:52 CET 2015 - [email protected] + +- str4551.CVE-2014-9679.CUPS-1.5.4.patch + fixes a possible buffer overflow in filter/raster.c + (CUPS STR#4551 CVE-2014-9679 bugzilla.suse.com bsc#917799). + +------------------------------------------------------------------- +Tue Mar 4 09:36:29 UTC 2014 - [email protected] + +- cups-0003-systemd-only-listen-on-localhost-for-socket-activation.patch + Remove all network listening from the cups.socket file, leave this + to the server process itself. (bnc#857372) + + For starting the server by default instead of on-demand, + please run "systemctl enable cups.service". + +------------------------------------------------------------------- +Tue Jan 14 12:42:11 CET 2014 - [email protected] + +- cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch + fixes the systemd cups.socket file so that systemd listens only + on localhost (bnc#857372). + +------------------------------------------------------------------- +Fri Jul 5 14:33:53 CEST 2013 - [email protected] + +- cups-polld_avoid_busy_loop.patch avoids any possible busy loop + in cups-polld in case of unusual issues by sleeping interval + seconds (bnc#828228). + +------------------------------------------------------------------- +Fri Jun 28 20:16:52 UTC 2013 - [email protected] + +- Fix endless loop if IPP server does not accect job (bnc#827418) + see also https://www.cups.org/str.php?L4190 (STR#4190, + patch str4190.patch). + +------------------------------------------------------------------- +Wed Jun 26 15:30:45 CEST 2013 - [email protected] + +- Changed Source0 URL from + http://ftp.easysw.com/pub/cups/1.5.4/cups-1.5.4-source.tar.bz2 + to its currently valid location + http://www.cups.org/software/1.5.4/cups-1.5.4-source.tar.bz2 + so that the factory-auto check script does no longer error out + with "Failed to download ... Source URLs are not valid." + +------------------------------------------------------------------- +Wed Jun 26 10:39:30 CEST 2013 - [email protected] + +- Use BuildRequires krb5-mini-devel to avoid this build cycle: + cups -> krb5 -> python-Jinja2 -> vim -> gtk2 -> cups + (according to OBS request 180870). + Because krb5-mini-devel is not available for SLE11 + krb5-devel must still be used for SLE11 builds + (required addition to OBS request 180870). + +------------------------------------------------------------------- +Fri Mar 22 08:56:10 UTC 2013 - [email protected] + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Wed Jan 30 13:24:43 UTC 2013 - [email protected] + +- Move everything (pid, lock, socket files) to /run only for 12.3. + Added: cups-move-everything-to-run.patch + See also + http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html + +------------------------------------------------------------------- +Thu Dec 20 12:38:47 CET 2012 - [email protected] + +- Added "BuildRequires: poppler-tools" which installs + /usr/bin/pdftops for the build-time check in cups-pdf.m4 + regarding HAVE_PDFTOPS_WITH_ORIGPAGESIZE that makes sure + that the CUPS filter /usr/lib/cups/filter/pdftops calls + /usr/bin/pdftops with "-origpagesizes" otherwise it would + result wrong PostScript output for poppler > 0.18.0 (bnc#776080) + see also https://www.cups.org/str.php?L3689 (STR #3689). +- Changed 'configure --with-pdftops=/usr/bin/pdftops' back to + the upstream default 'configure --with-pdftops=pdftops' + (compare the entry dated 'Fri Jul 31 15:08:41 CEST 2009'). +- Removed leftover and since a longer time obsolete + "BuildRequires: avahi-compat-mDNSResponder-devel". + +------------------------------------------------------------------- +Tue Nov 13 13:54:02 UTC 2012 - [email protected] + +- Add cups-provides-cupsd.service: ensure cupsd.service is provided + by cups.service. + +------------------------------------------------------------------- +Thu Oct 18 12:07:09 UTC 2012 - [email protected] + +- buildrequire systemd through the pkgconfig provide to get + systemd-mini in build environment (to break cycle) + +------------------------------------------------------------------- +Thu Sep 27 07:27:01 UTC 2012 - [email protected] + +- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes + some IPP printing issues. + Excerpt: + * The IPP backend no longer tries to get the job status for + printers that do not implement the required operation + (STR #4083). + * Sending a document in an unsupported format to an IPP printer + now automatically cancels the job (STR #4093). + * The IPP backend now treats the client-error-not-possible + status code as a job history issue, allowing IPP printing to + Windows to work(STR #4047). + For a complete list see the CHANGES.txt file. +- revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of + an upstream fix. + +------------------------------------------------------------------- +Tue Sep 4 14:55:57 UTC 2012 - [email protected] + +- license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 + Apple grant an openssl linking exception (and an exception for + linking on Apple owned operating systems). + +------------------------------------------------------------------- +Wed Aug 1 11:32:13 CEST 2012 - [email protected] + +- Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default + from becoming hardlinked via the fdupes run in cups.spec + (see the 'Wed Aug 26 21:43:03 CEST 2009' entry below) + by making their content different and at the same time + fix the misleading comment (openSUSE Bugzilla bnc#773971). +- Minor clean-up in cups.spec (the "Remove unpackaged files" + via "rm -rf <some_man-pages>") is no longer needed because + those man pages are no longer installed. + +------------------------------------------------------------------- +Wed May 16 14:32:36 CEST 2012 - [email protected] + +- Upgraded to CUPS 1.5.3 (mainly a bugfix release) that fixes + a number of PostScript, SSL, authenticated printing, + and networking issues. + Excerpt: + * The scheduler could crash if a PPD file contained + an invalid paper size (STR #4049). + * Missing localizations caused empty output (STR #4033). + * Changed how timeouts are implemented in the LPD backend + (STR #4013). + * The default InputSlot setting was never used (STR #3957). + * Fixed the IPP backend's handling of HTTP/1.0 compatibility + (STR #3988). + For a complete list see the CHANGES.txt file. +- revert_cups-ssl.m4_to_1.5.2.patch reverts cups-ssl.m4 to what + it was in CUPS 1.5.2 so that autoconf produces a syntactically + correct configure script otherwise "bash -n configure" fails + with "syntax error: unexpected end of file", + see http://www.cups.org/str.php?L4084 + +------------------------------------------------------------------- +Thu Apr 12 10:53:55 CEST 2012 - [email protected] + +- No longer require Ghostscript but only "Recommends: ghostscript" + because the Ghostscript device "cups" is needed by several CUPS + filters (in particular the "rasterto..." filters) but those + filters are not used on all systems (e.g. on a print server + with only "raw" queues) so that a weak Recommends fits better. + Furthermore this avoids a build dependency cycle between the + main-packages cups and ghostscript. +- No longer require /usr/bin/pdftops but only a "Recommends" + because the CUPS filter /usr/lib/cups/filter/pdftops + (which calls /usr/bin/pdftops) is not used on all systems + (e.g. on a print server with only "raw" queues) so that + a weak Recommends fits better. + +------------------------------------------------------------------- +Tue Apr 10 16:25:24 CEST 2012 - [email protected] + +- In cups.spec only "Requires: ghostscript" but no longer require + ghostscript-fonts-std in cups.spec because in ghostscript.spec + there is already "Requires: ghostscript-fonts-std" + (related to openSUSE Bugzilla bnc#735824). +- In cups.spec remove the Obsoletes/Provides cups-SUSE-ppds-dat + because cups-SUSE-ppds-dat.rpm existed only up to SLE10 + but it does no longer exist since 11.1/SLE11 + and CUPS 1.5.x is not provided for SLE10. +- Use traditional bash scriptlets for post/postun with + an explicite "exit 0" line at the end to be fail safe and + therefore also "PreReq: /sbin/ldconfig" explicitly for the + cups-libs sub-package, see the "Shared_libraries" section in + http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets + +------------------------------------------------------------------- +Tue Feb 7 14:42:59 CET 2012 - [email protected] + +- Upgraded to CUPS 1.5.2 (mainly a bugfix release). This release + fixes a number of printing, encryption, and ipptool issues. ++++ 2746 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.cups.3550.new/cups.changes New: ---- PSLEVEL1.PPD.bz2 PSLEVEL2.PPD.bz2 baselibs.conf cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch cups-0003-systemd-only-listen-on-localhost-for-socket-activation.patch cups-1.2rc1-template.patch cups-1.3.6-access_conf.patch cups-1.3.9-desktop_file.patch cups-1.4-do_not_strip_recommended_from_PPDs.patch cups-1.4.3-default-webcontent-path.patch cups-1.5-additional_policies.patch cups-1.5.4-source.tar.bz2 cups-client.conf cups-config-libs.patch cups-move-everything-to-run.patch cups-pam.diff cups-polld_avoid_busy_loop.patch cups-provides-cupsd-service.patch cups.changes cups.init cups.spec cups.sysconfig cups.xinetd postscript.ppd.bz2 str4190.patch str4551.CVE-2014-9679.CUPS-1.5.4.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ ++++ 720 lines (skipped) ++++++ baselibs.conf ++++++ cups-libs ++++++ cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch ++++++ --- config.h.in.orig +++ config.h.in @@ -496,6 +496,13 @@ /* + * Do we have systemd support? + */ + +#undef HAVE_SYSTEMD + + +/* * Various scripting languages... */ --- /dev/null +++ config-scripts/cups-systemd.m4 @@ -0,0 +1,36 @@ +dnl +dnl "$Id$" +dnl +dnl systemd stuff for CUPS. + +dnl Find whether systemd is available + +SDLIBS="" +AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), + [], [with_systemdsystemunitdir=$($PKGCONFIG --variable=systemdsystemunitdir systemd)]) +if test "x$with_systemdsystemunitdir" != xno; then + AC_MSG_CHECKING(for libsystemd-daemon) + if $PKGCONFIG --exists libsystemd-daemon; then + AC_MSG_RESULT(yes) + SDCFLAGS=`$PKGCONFIG --cflags libsystemd-daemon` + SDLIBS=`$PKGCONFIG --libs libsystemd-daemon` + AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) + AC_DEFINE(HAVE_SYSTEMD) + else + AC_MSG_RESULT(no) + fi +fi + +if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ; then + SYSTEMD_UNITS="cups.service cups.socket cups.path" +else + SYSTEMD_UNITS="" +fi + +AC_SUBST(SYSTEMD_UNITS) +AC_SUBST(SDLIBS) + +dnl +dnl "$Id$" +dnl --- configure.in.orig +++ configure.in @@ -37,6 +37,7 @@ sinclude(config-scripts/cups-pam.m4) sinclude(config-scripts/cups-largefile.m4) sinclude(config-scripts/cups-dnssd.m4) sinclude(config-scripts/cups-launchd.m4) +sinclude(config-scripts/cups-systemd.m4) sinclude(config-scripts/cups-defaults.m4) sinclude(config-scripts/cups-pdf.m4) sinclude(config-scripts/cups-scripting.m4) @@ -71,6 +72,9 @@ AC_OUTPUT(Makedefs conf/snmp.conf cups-config data/testprint + data/cups.service + data/cups.socket + data/cups.path desktop/cups.desktop doc/help/ref-cupsd-conf.html doc/help/standard.html --- cups/usersys.c.orig +++ cups/usersys.c @@ -750,7 +750,7 @@ cups_read_client_conf( struct stat sockinfo; /* Domain socket information */ if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && - (sockinfo.st_mode & S_IRWXO) == S_IRWXO) + (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH)) cups_server = CUPS_DEFAULT_DOMAINSOCKET; else #endif /* CUPS_DEFAULT_DOMAINSOCKET */ --- /dev/null +++ data/cups.path.in @@ -0,0 +1,8 @@ +[Unit] +Description=CUPS Printer Service Spool + +[Path] +PathExistsGlob=@CUPS_REQUESTS@/d* + +[Install] +WantedBy=multi-user.target --- /dev/null +++ data/cups.service.in @@ -0,0 +1,9 @@ +[Unit] +Description=CUPS Printing Service + +[Service] +ExecStart=@sbindir@/cupsd -f + +[Install] +Also=cups.socket cups.path +WantedBy=printer.target --- /dev/null +++ data/cups.socket.in @@ -0,0 +1,11 @@ +[Unit] +Description=CUPS Printing Service Sockets + +[Socket] +ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ +ListenStream=631 +ListenDatagram=0.0.0.0:631 +BindIPv6Only=ipv6-only + +[Install] +WantedBy=sockets.target --- data/Makefile.orig +++ data/Makefile @@ -112,6 +112,12 @@ install-data: $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ done $(INSTALL_DIR) -m 755 $(DATADIR)/profiles + if test "x$(SYSTEMD_UNITS)" != "x" ; then \ + $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \ + for file in $(SYSTEMD_UNITS); do \ + $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \ + done; \ + fi # @@ -159,6 +165,9 @@ uninstall: -$(RMDIR) $(DATADIR)/charsets -$(RMDIR) $(DATADIR)/banners -$(RMDIR) $(DATADIR) + for file in $(SYSTEMD_UNITS); do \ + $(RM) $(SYSTEMDUNITDIR)/$$file; \ + done # --- Makedefs.in.orig +++ Makedefs.in @@ -143,6 +143,7 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ CXXLIBS = @CXXLIBS@ DBUS_NOTIFIER = @DBUS_NOTIFIER@ DBUS_NOTIFIERLIBS = @DBUS_NOTIFIERLIBS@ +SYSTEMD_UNITS = @SYSTEMD_UNITS@ DNSSD_BACKEND = @DNSSD_BACKEND@ DSOFLAGS = -L../cups @DSOFLAGS@ DSOLIBS = @DSOLIBS@ $(COMMONLIBS) @@ -151,6 +152,7 @@ FONTS = @FONTS@ IMGLIBS = @IMGLIBS@ IMGFILTERS = @IMGFILTERS@ LAUNCHDLIBS = @LAUNCHDLIBS@ +SDLIBS = @SDLIBS@ LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \ -L../scheduler @LDARCHFLAGS@ \ @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) @@ -267,6 +269,7 @@ PAMFILE = @PAMFILE@ DEFAULT_LAUNCHD_CONF = @DEFAULT_LAUNCHD_CONF@ DBUSDIR = @DBUSDIR@ +SYSTEMDUNITDIR = $(BUILDROOT)@systemdsystemunitdir@ # --- scheduler/client.h.orig +++ scheduler/client.h @@ -75,6 +75,9 @@ typedef struct int fd; /* File descriptor for this server */ http_addr_t address; /* Bind address of socket */ http_encryption_t encryption; /* To encrypt or not to encrypt... */ +#ifdef HAVE_SYSTEMD + int is_systemd; /* Is this a systemd socket? */ +#endif /* HAVE_SYSTEMD */ } cupsd_listener_t; --- scheduler/dirsvc.c.orig +++ scheduler/dirsvc.c @@ -1457,7 +1457,7 @@ cupsdStartBrowsing(void) } } - if (BrowseSocket >= 0) + if (BrowseSocket >= 0 && !BrowseSocketIsSystemd) { /* * Bind the socket to browse port... @@ -1501,13 +1501,17 @@ cupsdStartBrowsing(void) cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.", strerror(errno)); + if (!BrowseSocketIsSystemd) + { #ifdef WIN32 - closesocket(BrowseSocket); + closesocket(BrowseSocket); #else - close(BrowseSocket); + close(BrowseSocket); #endif /* WIN32 */ - BrowseSocket = -1; + BrowseSocket = -1; + } + BrowseLocalProtocols &= ~BROWSE_CUPS; BrowseRemoteProtocols &= ~BROWSE_CUPS; @@ -1820,15 +1824,22 @@ cupsdStopBrowsing(void) if (((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS) && BrowseSocket >= 0) { - /* - * Close the socket and remove it from the input selection set. - */ + if (!BrowseSocketIsSystemd) + { + /* + * Close the socket. + */ #ifdef WIN32 - closesocket(BrowseSocket); + closesocket(BrowseSocket); #else - close(BrowseSocket); + close(BrowseSocket); #endif /* WIN32 */ + } + + /* + * Remove it from the input selection set. + */ cupsdRemoveSelect(BrowseSocket); BrowseSocket = -1; @@ -5146,11 +5157,14 @@ update_cups_browse(void) strerror(errno)); cupsdLogMessage(CUPSD_LOG_ERROR, "CUPS browsing turned off."); + if (!BrowseSocketIsSystemd) + { #ifdef WIN32 - closesocket(BrowseSocket); + closesocket(BrowseSocket); #else - close(BrowseSocket); + close(BrowseSocket); #endif /* WIN32 */ + } cupsdRemoveSelect(BrowseSocket); BrowseSocket = -1; --- scheduler/dirsvc.h.orig +++ scheduler/dirsvc.h @@ -96,6 +96,8 @@ VAR int Browsing VALUE(TRUE), /* Short names for remote printers? */ BrowseSocket VALUE(-1), /* Socket for browsing */ + BrowseSocketIsSystemd VALUE(0), + /* BrowseSocket is systemd-provided? */ BrowsePort VALUE(IPP_PORT), /* Port number for broadcasts */ BrowseInterval VALUE(DEFAULT_INTERVAL), --- scheduler/listen.c.orig +++ scheduler/listen.c @@ -401,7 +401,11 @@ cupsdStopListening(void) lis; lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) { - if (lis->fd != -1) + if (lis->fd != -1 +#ifdef HAVE_SYSTEMD + && !lis->is_systemd +#endif /* HAVE_SYSTEMD */ + ) { #ifdef WIN32 closesocket(lis->fd); --- scheduler/main.c.orig +++ scheduler/main.c @@ -26,6 +26,8 @@ * launchd_checkin() - Check-in with launchd and collect the listening * fds. * launchd_checkout() - Update the launchd KeepAlive file as needed. + * systemd_checkin() - Check-in with systemd and collect the + * listening fds. * parent_handler() - Catch USR1/CHLD signals... * process_children() - Process all dead children... * select_timeout() - Calculate the select timeout value. @@ -62,6 +64,10 @@ # endif /* !LAUNCH_JOBKEY_SERVICEIPC */ #endif /* HAVE_LAUNCH_H */ +#ifdef HAVE_SYSTEMD +#include <systemd/sd-daemon.h> +#endif /* HAVE_SYSTEMD */ + #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) # include <malloc.h> #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ @@ -78,6 +84,9 @@ static void launchd_checkin(void); static void launchd_checkout(void); #endif /* HAVE_LAUNCHD */ +#ifdef HAVE_SYSTEMD +static void systemd_checkin(void); +#endif /* HAVE_SYSTEMD */ static void parent_handler(int sig); static void process_children(void); static void sigchld_handler(int sig); @@ -519,6 +528,13 @@ main(int argc, /* I - Number of comm } #endif /* HAVE_LAUNCHD */ +#ifdef HAVE_SYSTEMD + /* + * If we were started by systemd get the listen sockets file descriptors... + */ + systemd_checkin(); +#endif /* HAVE_SYSTEMD */ + /* * Startup the server... */ @@ -730,6 +746,15 @@ main(int argc, /* I - Number of comm } #endif /* HAVE_LAUNCHD */ +#ifdef HAVE_SYSTEMD + /* + * If we were started by systemd get the listen sockets file + * descriptors... + */ + + systemd_checkin(); +#endif /* HAVE_SYSTEMD */ + /* * Startup the server... */ @@ -1535,6 +1560,147 @@ launchd_checkout(void) } #endif /* HAVE_LAUNCHD */ +#ifdef HAVE_SYSTEMD +static void +systemd_checkin(void) +{ + int n, fd; + + n = sd_listen_fds(0); + if (n < 0) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Failed to acquire sockets from systemd - %s", + strerror(-n)); + exit(EXIT_FAILURE); + return; + } + + if (n == 0) + return; + + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) + { + http_addr_t addr; + socklen_t addrlen = sizeof (addr); + int r; + cupsd_listener_t *lis; + char s[256]; + + r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); + if (r < 0) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to verify socket type - %s", + strerror(-r)); + continue; + } + + if (!r) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "Browsing=%d", Browsing); + cupsdLogMessage(CUPSD_LOG_ERROR, + "BrowseLocalProtocols=%x", BrowseLocalProtocols); + cupsdLogMessage(CUPSD_LOG_ERROR, + "BrowseRemoteProtocols=%x", BrowseRemoteProtocols); + cupsdLogMessage(CUPSD_LOG_ERROR, + "BROWSE_CUPS=%x", BROWSE_CUPS); + if (Browsing && + ((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS)) + { + r = sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, 0); + if (r < 0) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to verify socket type - %s", + strerror(-r)); + continue; + } + + if (r) + { + /* + * This is the browse socket. + */ + + char addrstr[256]; + if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to get local address - %s", + strerror(errno)); + continue; + } + + httpAddrString (&addr, addrstr, sizeof (addrstr)); + BrowseSocket = fd; + BrowseSocketIsSystemd = 1; + cupsdLogMessage(CUPSD_LOG_DEBUG, + "systemd_checkin: Matched browse (port %d) with fd %d:%s...", + BrowsePort, fd, addrstr); + continue; + } + + } + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Socket not of the right type"); + continue; + } + + if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to get local address - %s", + strerror(errno)); + continue; + } + + /* + * Try to match the systemd socket address to one of the listeners... + */ + + for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); + lis; + lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) + if (httpAddrEqual(&lis->address, &addr)) + break; + + if (lis) + { + cupsdLogMessage(CUPSD_LOG_DEBUG, + "systemd_checkin: Matched existing listener %s with fd %d...", + httpAddrString(&(lis->address), s, sizeof(s)), fd); + } + else + { + cupsdLogMessage(CUPSD_LOG_DEBUG, + "systemd_checkin: Adding new listener %s with fd %d...", + httpAddrString(&addr, s, sizeof(s)), fd); + + if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "systemd_checkin: Unable to allocate listener - " + "%s.", strerror(errno)); + exit(EXIT_FAILURE); + } + + cupsArrayAdd(Listeners, lis); + + memcpy(&lis->address, &addr, sizeof(lis->address)); + } + + lis->fd = fd; + lis->is_systemd = 1; + +# ifdef HAVE_SSL + if (_httpAddrPort(&(lis->address)) == 443) + lis->encryption = HTTP_ENCRYPT_ALWAYS; +# endif /* HAVE_SSL */ + } +} +#endif /* HAVE_SYSTEMD */ /* * 'parent_handler()' - Catch USR1/CHLD signals... --- scheduler/Makefile.orig +++ scheduler/Makefile @@ -379,7 +379,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \ - $(LIBGSSAPI) $(LIBWRAP) + $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS) cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) echo Linking $@... @@ -387,7 +387,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \ $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ - $(LIBWRAP) + $(LIBWRAP) $(SDLIBS) # ++++++ cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch ++++++ --- data/cups.socket.in.orig 2014-01-08 15:31:12.000000000 +0100 +++ data/cups.socket.in 2014-01-08 15:33:07.000000000 +0100 @@ -3,8 +3,10 @@ Description=CUPS Printing Service Socket [Socket] ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -ListenStream=631 -ListenDatagram=0.0.0.0:631 +ListenStream=127.0.0.1:631 +ListenStream=[::1]:631 +ListenDatagram=127.0.0.1:631 +ListenDatagram=[::1]:631 BindIPv6Only=ipv6-only [Install] ++++++ cups-0003-systemd-only-listen-on-localhost-for-socket-activation.patch ++++++ Index: data/cups.socket.in =================================================================== --- data/cups.socket.in +++ data/cups.socket.in @@ -3,11 +3,6 @@ Description=CUPS Printing Service Socket [Socket] ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -ListenStream=127.0.0.1:631 -ListenStream=[::1]:631 -ListenDatagram=127.0.0.1:631 -ListenDatagram=[::1]:631 -BindIPv6Only=ipv6-only [Install] WantedBy=sockets.target ++++++ cups-1.2rc1-template.patch ++++++ --- cups-1.2rc1/templates/choose-uri.tmpl.orig 2006-03-18 13:56:48.000000000 +0100 +++ cups-1.2rc1/templates/choose-uri.tmpl 2006-03-29 20:03:30.000000000 +0200 @@ -24,6 +24,9 @@ lpd://hostname/queue + smb://servername/printer + smb://username:password@workgroup/servername/printer + socket://hostname socket://hostname:9100 </PRE> ++++++ cups-1.3.6-access_conf.patch ++++++ --- cups-1.3.6/conf/cupsd.conf.in.orig 2008-02-28 20:08:52.000000000 +0100 +++ cups-1.3.6/conf/cupsd.conf.in 2008-02-28 20:13:47.000000000 +0100 @@ -29,6 +29,7 @@ # Restrict access to the server... <Location /> Order allow,deny + Allow 127.0.0.2 </Location> # Restrict access to the admin pages... ++++++ cups-1.3.9-desktop_file.patch ++++++ Index: desktop/cups.desktop.in =================================================================== --- desktop/cups.desktop.in.orig +++ desktop/cups.desktop.in @@ -1,6 +1,7 @@ [Desktop Entry] -Categories=System;Printing;HardwareSettings;X-Red-Hat-Base; -Exec=@CUPS_HTMLVIEW@ http://localhost:631/ +Categories=System;Printing;Settings;HardwareSettings; +Exec=desktop-launch http://localhost:631/ +NotShowIn=GNOME; Icon=cups StartupNotify=false Terminal=false ++++++ cups-1.4-do_not_strip_recommended_from_PPDs.patch ++++++ --- scheduler/cups-driverd.cxx.orig 2009-06-09 00:00:14.000000000 +0200 +++ scheduler/cups-driverd.cxx 2009-07-01 14:38:44.000000000 +0200 @@ -211,7 +211,6 @@ add_ppd(const char *filename, /* I - PP const char *scheme) /* I - PPD scheme */ { ppd_info_t *ppd; /* PPD */ - char *recommended; /* Foomatic driver string */ /* @@ -250,15 +249,6 @@ add_ppd(const char *filename, /* I - PP strlcpy(ppd->record.scheme, scheme, sizeof(ppd->record.scheme)); /* - * Strip confusing (and often wrong) "recommended" suffix added by - * Foomatic drivers... - */ - - if ((recommended = strstr(ppd->record.make_and_model, - " (recommended)")) != NULL) - *recommended = '\0'; - - /* * Add the PPD to the PPD arrays... */ ++++++ cups-1.4.3-default-webcontent-path.patch ++++++ --- config-scripts/cups-directories.m4.orig 2009-04-13 01:04:51.000000000 +0200 +++ config-scripts/cups-directories.m4 2010-05-06 11:34:04.000000000 +0200 @@ -323,11 +323,11 @@ fi AC_SUBST(MENUDIR) # Documentation files -AC_ARG_WITH(docdir, [ --with-docdir set path for documentation],docdir="$withval",docdir="") +AC_ARG_WITH(docdir, [ --with-docdir set path and DocumentRoot directive for web content, default=datadir/cups/webcontent],docdir="$withval",docdir="") if test x$docdir = x; then - CUPS_DOCROOT="$datadir/doc/cups" - docdir="$datadir/doc/cups" + CUPS_DOCROOT="$datadir/cups/webcontent" + docdir="$datadir/cups/webcontent" else CUPS_DOCROOT="$docdir" fi ++++++ cups-1.5-additional_policies.patch ++++++ --- conf/cupsd.conf.in.orig 2010-12-09 22:24:51.000000000 +0100 +++ conf/cupsd.conf.in 2011-10-05 13:51:39.000000000 +0200 @@ -138,3 +138,25 @@ WebInterface @CUPS_WEBIF@ # # End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". # + +# The policy below is added by SUSE during build of our cups package. +# The policy 'allowallforanybody' is totally open and insecure and therefore +# it can only be used within an internal network where only trused users exist +# and where the cupsd is not accessible at all from any external host, see +# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings +# Have in mind that any user who is allowed to do printer admin tasks +# can change the print queues as he likes - e.g. send copies of confidental +# print jobs from an internal network to any external destination, see +# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell +# For documentation regarding 'Managing Operation Policies' see +# http://www.cups.org/documentation.php/doc-1.5/policies.html +<Policy allowallforanybody> + <Limit All> + Order deny,allow + Allow from all + </Limit> +</Policy> +# Explicitly set the CUPS 'default' policy to be used by default: +DefaultPolicy default +# End of additions by SUSE. + ++++++ cups-client.conf ++++++ # Sample client configuration file for the Common UNIX Printing System # (CUPS). # # Copyright 1997-2005 by Easy Software Products, all rights reserved. # Klaus Singvogel <[email protected]> modified it for SUSE distribution. # # These coded instructions, statements, and computer programs are the # property of Easy Software Products and are protected by Federal # copyright law. Distribution and use rights are outlined in the file # "LICENSE.txt" which should have been included with this file. If this # file is missing or damaged please contact Easy Software Products # at: # # Attn: CUPS Licensing Information # Easy Software Products # 44141 Airport View Drive, Suite 204 # Hollywood, Maryland 20636 USA # # Voice: (301) 373-9600 # EMail: [email protected] # WWW: http://www.cups.org # ######################################################################## # # # This is the CUPS client configuration file. This file is used to # # define client-specific parameters, such as the default server or # # default encryption settings. # # # # Put this file on /etc/cups/client.conf (system use) or # # ~/.cups/client.conf (personal use). # # # # more information in the manual page client.conf(5) ######################################################################## # # Encryption: directive specifies the default encryption settings for # the client. # # Possible values: # # IfRequested # Never # Required # Always # # The default value is "IfRequested". # This parameter can also be set # using the CUPS_ENCRYPTION environment # variable. # #Encryption IfRequested #Encryption Never #Encryption Required #Encryption Always # # ServerName: directive specifies sets the remote server that is to be # used for all client operations. That is, it redirects all client # requests to the remote server. # # By default CUPS will use the domain socket /var/run/cups/cups.sock or # local server ("localhost"), if so configured. The value can be # overwritten by the CUPS_SERVER environment variable. # # The default port number is 631 but can be overridden by adding a colon # followed by the desired port number to the value. # # ONLY ONE SERVER NAME MAY BE SPECIFIED AT A TIME. To use more than one # server you must use a local scheduler with browsing and possibly # polling. # #ServerName /domain/socket #ServerName foo.bar.com #ServerName 11.22.33.444 #ServerName foo.bar.com:8631 ++++++ cups-config-libs.patch ++++++ --- cups-config.in.orig +++ cups-config.in @@ -35,8 +35,8 @@ INSTALLSTATIC=@INSTALLSTATIC@ # flags for C++ compiler: CFLAGS="" LDFLAGS="@EXPORT_LDFLAGS@" -LIBS="@LIBGSSAPI@ @EXPORT_SSLLIBS@ @EXPORT_LIBZ@ @LIBS@" -IMGLIBS="@EXPORT_LIBTIFF@ @EXPORT_LIBJPEG@ @EXPORT_LIBPNG@" +LIBS="" +IMGLIBS="" # Check for local invocation... selfdir=`dirname $0` ++++++ cups-move-everything-to-run.patch ++++++ Index: cups-1.5.4/config.h.in =================================================================== --- cups-1.5.4.orig/config.h.in +++ cups-1.5.4/config.h.in @@ -131,7 +131,7 @@ #define CUPS_SBINDIR "/usr/sbin" #define CUPS_SERVERBIN "/usr/lib/cups" #define CUPS_SERVERROOT "/etc/cups" -#define CUPS_STATEDIR "/var/run/cups" +#define CUPS_STATEDIR "/run/cups" /* Index: cups-1.5.4/configure =================================================================== --- cups-1.5.4.orig/configure +++ cups-1.5.4/configure @@ -6424,7 +6424,7 @@ case "$uname" in ;; *) # All others - CUPS_STATEDIR="$localstatedir/run/cups" + CUPS_STATEDIR="/run/cups" ;; esac cat >>confdefs.h <<_ACEOF ++++++ cups-pam.diff ++++++ --- conf/pam.suse 2003/02/07 11:09:32 1.1 +++ conf/pam.suse 2003/02/07 11:10:03 @@ -0,0 +1,2 @@ +auth include common-auth +account include common-account ++++++ cups-polld_avoid_busy_loop.patch ++++++ --- scheduler/cups-polld.c.orig 2012-03-02 19:26:30.000000000 +0100 +++ scheduler/cups-polld.c 2013-07-05 14:33:08.000000000 +0200 @@ -169,10 +169,15 @@ main(int argc, /* I - Number of comm /* * Sleep for any remaining time... + * but in case of unusual issues (if remain <= 0 or if restart_polling) + * sleep interval seconds to avoid any possible busy-loop + * see for example https://bugzilla.novell.com/show_bug.cgi?id=828228 */ if (remain > 0 && !restart_polling) sleep(remain); + else + sleep(interval); } return (1); ++++++ cups-provides-cupsd-service.patch ++++++ Index: cups-1.5.4/data/cups.service.in =================================================================== --- cups-1.5.4.orig/data/cups.service.in +++ cups-1.5.4/data/cups.service.in @@ -5,5 +5,6 @@ Description=CUPS Printing Service ExecStart=@sbindir@/cupsd -f [Install] +Alias=cupsd.service Also=cups.socket cups.path WantedBy=printer.target ++++++ cups.init ++++++ #! /bin/bash # # Copyright (C) 1995-2001 SuSE GmbH Nuernberg, Germany. # Copyright (C) 2002 SuSE Linux AG, Nuernberg, Germany. # Copyright (C) 2002--2008 Klaus Singvogel, SUSE / Novell Inc. # Copyright (C) 2010 Johannes Meixner, SUSE LINUX Products GmbH # # Author: Kurt Garloff, 2000 # Klaus Singvogel, 2002--2008 # Johannes Meixner, 2010 # # /etc/init.d/cups # and its symbolic link # /usr/sbin/rccups # # System startup script for the CUPS printer daemon # ### BEGIN INIT INFO # Provides: cupsd # Required-Start: $local_fs $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: dbus $named $portmap ptal slpd printbill # Should-Stop: $portmap # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Short-Description: CUPS printer daemon # Description: Start CUPS to provide spooling and printing files # functionality for local and remote printers. Also required if # printers are broadcasted ("Browsing") by remote CUPS servers. ### END INIT INFO # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - insufficient privilege # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signalling is not supported) are # considered a success. # Source SuSE config, only if exists with size greater zero test -s /etc/rc.config && . /etc/rc.config # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num><num> # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status if test -s /etc/rc.status then . /etc/rc.status else exit 1 fi # Reset status of this service: rc_reset CUPSD_BIN=/usr/sbin/cupsd test -x $CUPSD_BIN || exit 5 # Get CUPSD_OPTIONS test -s /etc/sysconfig/cups && . /etc/sysconfig/cups # Enforce default umask to avoid problems with wrong file permissions # for example of /etc/printcap (see Novell/Suse Bugzilla bnc#31567). umask 022 case "$1" in start) echo -n "Starting cupsd" ## Start daemon with startproc(8). ## If this fails the echo return value is set appropriate. # NOTE: startproc return 0, even if service is # already running to match LSB spec. startproc $CUPSD_BIN $CUPSD_OPTIONS # Remember status and be verbose: rc_status -v ;; stop) echo -n "Shutting down cupsd" ## Stop daemon with killproc(8). ## If this fails the echo return value is set appropriate. # NOTE: killproc with explicite signal specified # like "killproc -TERM" sends only SIGTERM and exits # to match LSB spec. (see Novell/Suse Bugzilla bnc#595796). # Without explicite signal the default signal SIGTERM is sent # and afterwards killproc waits by default only up to 5 seconds # before killproc sends SIGKILL if cupsd has not yet terminated. # Wait at most 10 seconds until the cupsd does actually no longer run # so that the cupsd should have sufficient time for its clean up: killproc -t 10 $CUPSD_BIN # Remember status and be verbose: rc_status -v ;; try-restart) ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) $0 status >/dev/null && $0 restart # Remember status and be quiet: rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop # The above waits at most 10 seconds until the cupsd does actually no longer run # otherwise "startproc $CUPSD_BIN" would not start a new cupsd # (see Novell/Suse Bugzilla bnc#622058). # Start a new cupsd: $0 start # Remember status and be quiet: rc_status ;; force-reload) ## Signal the daemon to reload its config. ## Most daemons do this on signal 1 (SIGHUP). ## If it does not support it, restart. if ps -C cupsd -o user | grep -q '^root$' then echo -n "Reload service cupsd" killproc -HUP $CUPSD_BIN rc_status -v else $0 restart fi ;; reload) ## Like force-reload, but if daemon does not support ## signalling, do nothing. # If it supports signalling: if ps -C cupsd -o user | grep -q '^root$' then echo -n "Reload service cupsd" killproc -HUP $CUPSD_BIN rc_status -v else echo -n '"reload" not possible (cupsd does not run as user root) use "restart" instead' rc_status -s fi ;; status) echo -n "Checking for cupsd: " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Status has a slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running # NOTE: checkproc returns LSB compliant status values. checkproc $CUPSD_BIN rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. rc_failed 3 ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ cups.sysconfig ++++++ ## Path: System/Printing/CUPS ## Description: Cups options ## Type: string ## Default: cups ## ServiceReload: cups ## ServiceRestart: cups # IDENT="cups" ## Type: string ## Default: "CUPS printer daemon" DESCRIPTIVE="CUPS printer daemon" ## Type: string ## Default: "" # # change CUPSD_OPTIONS for arguments of start of cupsd # e.g. CUPSD_OPTIONS="-c /etc/cups/cupsd.conf" CUPSD_OPTIONS="" ++++++ cups.xinetd ++++++ service printer { disable = yes flags = NAMEINARGS socket_type = stream protocol = tcp wait = no user = lp server = /usr/lib/cups/daemon/cups-lpd server_args = cups-lpd -o document-format=application/octet-stream } ++++++ str4190.patch ++++++ Index: backend/ipp.c =================================================================== --- backend/ipp.c (revision 10611) +++ backend/ipp.c (working copy) @@ -1279,6 +1279,16 @@ } /* + * If the printer only claims to support IPP/1.0, or if the user specifically + * included version=1.0 in the URI, then do not try to use Create-Job or + * Send-Document. This is another dreaded compatibility hack, but unfortunately + * there are enough broken printers out there that we need this for now... + */ + + if (version == 10) + create_job = send_document = 0; + + /* * Start monitoring the printer in the background... */ @@ -1494,10 +1504,9 @@ goto cleanup; } } - else if (ipp_status == IPP_ERROR_JOB_CANCELED) + else if (ipp_status == IPP_ERROR_JOB_CANCELED || + ipp_status == IPP_NOT_AUTHORIZED) goto cleanup; - else if (ipp_status == IPP_NOT_AUTHORIZED) - continue; else { /* @@ -1678,14 +1687,35 @@ ipp_status == IPP_NOT_POSSIBLE || ipp_status == IPP_PRINTER_BUSY) continue; - else if (ipp_status == IPP_REQUEST_VALUE) + else if (ipp_status == IPP_REQUEST_VALUE || + ipp_status == IPP_ERROR_JOB_CANCELED || + ipp_status == IPP_NOT_AUTHORIZED) { /* - * Print file is too large, abort this job... + * Print file is too large, job was canceled, or we need new + * authentication data... */ goto cleanup; } + else if (ipp_status == IPP_NOT_FOUND) + { + /* + * Printer does not actually implement support for Create-Job/ + * Send-Document, so log the conformance issue and stop the printer. + */ + + fputs("DEBUG: This printer claims to support Create-Job and " + "Send-Document, but those operations failed.\n", stderr); + fputs("DEBUG: Add '?version=1.0' to the device URI to use legacy " + "compatibility mode.\n", stderr); + update_reasons(NULL, "+cups-ipp-conformance-failure-report," + "cups-ipp-missing-send-document"); + + ipp_status = IPP_INTERNAL_ERROR; /* Force queue to stop */ + + goto cleanup; + } else copies_remaining --; ++++++ str4551.CVE-2014-9679.CUPS-1.5.4.patch ++++++ --- filter/raster.c.orig 2011-09-20 20:36:33.000000000 +0200 +++ filter/raster.c 2015-02-17 15:51:05.000000000 +0100 @@ -284,7 +284,10 @@ */ if (!cups_raster_read_header(r)) + { + memset(h, 0, sizeof(cups_page_header_t)); return (0); + } /* * Copy the header to the user-supplied buffer... @@ -313,7 +316,10 @@ */ if (!cups_raster_read_header(r)) + { + memset(h, 0, sizeof(cups_page_header2_t)); return (0); + } /* * Copy the header to the user-supplied buffer... @@ -991,7 +997,7 @@ cups_raster_update(r); - return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0); + return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0 && (r->header.cupsBytesPerLine % r->bpp) == 0); } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
