diff --git a/SOURCES/cups-browsed-socket-leak.patch b/SOURCES/cups-browsed-socket-leak.patch new file mode 100644 index 0000000..cf18dfa --- /dev/null +++ b/SOURCES/cups-browsed-socket-leak.patch @@ -0,0 +1,18 @@ +diff --git a/utils/cups-browsed.c b/utils/cups-browsed.c +index c6c257e..2cc64dd 100644 +--- a/utils/cups-browsed.c ++++ b/utils/cups-browsed.c +@@ -2747,6 +2747,13 @@ on_printer_state_changed (CupsNotifier *object, + if (i == q->last_printer) + break; + } ++ ++ /* Close remote connection */ ++ if (http) { ++ httpClose(http); ++ http = NULL; ++ } ++ + /* Find the ID of the current job */ + request = ippNewRequest(IPP_GET_JOBS); + httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, diff --git a/SOURCES/pdftopdf-nocrypt.patch b/SOURCES/pdftopdf-nocrypt.patch new file mode 100644 index 0000000..24caf5c --- /dev/null +++ b/SOURCES/pdftopdf-nocrypt.patch @@ -0,0 +1,20 @@ +diff --git a/filter/pdftopdf/qpdf_pdftopdf_processor.cc b/filter/pdftopdf/qpdf_pdftopdf_processor.cc +index 73e4f06..0752a99 100644 +--- a/filter/pdftopdf/qpdf_pdftopdf_processor.cc ++++ b/filter/pdftopdf/qpdf_pdftopdf_processor.cc +@@ -623,6 +623,7 @@ void QPDF_PDFTOPDF_Processor::emitFile(FILE *f,ArgOwnership take) // {{{ + if (!extraheader.empty()) { + out.setExtraHeaderText(extraheader); + } ++ out.setPreserveEncryption(false); + out.write(); + } + // }}} +@@ -642,6 +643,7 @@ void QPDF_PDFTOPDF_Processor::emitFilename(const char *name) // {{{ + if (!extraheader.empty()) { + out.setExtraHeaderText(extraheader); + } ++ out.setPreserveEncryption(false); + out.write(); + } + // }}} diff --git a/SPECS/cups-filters.spec b/SPECS/cups-filters.spec index ca4f86f..29e0e9e 100644 --- a/SPECS/cups-filters.spec +++ b/SPECS/cups-filters.spec @@ -4,7 +4,7 @@ Summary: OpenPrinting CUPS filters and backends Name: cups-filters Version: 1.20.0 -Release: 15%{?dist} +Release: 19%{?dist} # For a breakdown of the licensing, see COPYING file # GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*, @@ -35,6 +35,10 @@ Patch05: cups-browsed.8.patch # different ghostscript option, taken from upstream # bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1712814 Patch06: 0001-foomatic-rip-Changed-Ghostscript-call-to-count-pages.patch +# rebuild and patch for FIPS compliance, backported from upstream (#1605101) +Patch07: pdftopdf-nocrypt.patch +# 1776270 - cups-browsed leaks sockets +Patch08: cups-browsed-socket-leak.patch Requires: cups-filters-libs%{?_isa} = %{version}-%{release} @@ -148,6 +152,10 @@ This is the development package for OpenPrinting CUPS filters and backends. %patch05 -p1 -b .manpage # 1712814 - Removed option from Ghostscript causes breakage of printing by foomatic-rip filter %patch06 -p1 -b .foomatic-rip-crash +# 1605101 - qpdf: should not re-implement crypto +%patch07 -p1 -b .pdftopdf-nocrypt +# 1776270 - cups-browsed leaks sockets +%patch08 -p1 -b .cups-browsed-socket-leak %build # work-around Rpath @@ -215,32 +223,6 @@ make check %post %systemd_post cups-browsed.service -# Initial installation -if [ $1 -eq 1 ] ; then - IN=%{_sysconfdir}/cups/cupsd.conf - OUT=%{_sysconfdir}/cups/cups-browsed.conf - keyword=BrowsePoll - - # We can remove this after few releases, it's just for the introduction of cups-browsed. - if [ -f "$OUT" ]; then - echo -e "\n# NOTE: This file is not part of CUPS.\n# You need to enable cups-browsed service\n# and allow ipp-client service in firewall." >> "$OUT" - fi - - # move BrowsePoll from cupsd.conf to cups-browsed.conf - if [ -f "$IN" ] && grep -iq ^$keyword "$IN"; then - if ! grep -iq ^$keyword "$OUT"; then - (cat >> "$OUT" <> "$OUT") || : - #systemctl enable cups-browsed.service >/dev/null 2>&1 || : - fi - sed -i -e "s,^$keyword,#$keyword directive moved to cups-browsed.conf\n#$keyword,i" "$IN" || : - fi -fi - %preun %systemd_preun cups-browsed.service @@ -320,6 +302,19 @@ fi %{_libdir}/libfontembed.so %changelog +* Mon Nov 25 2019 Zdenek Dohnal - 1.20.0-19 +- 1776270 - cups-browsed leaks sockets + +* Mon Sep 02 2019 Zdenek Dohnal - 1.20.0-18 +- 1605101 - qpdf: should not re-implement crypto + +* Wed Aug 07 2019 Zdenek Dohnal - 1.20.0-17 +- 1738533 - rpm -V failed for /etc/cups/cups-browsed.conf + +* Fri Jun 28 2019 Marek Kasik - 1.20.0-16 +- Rebuild due to soname bump in poppler-0.66.0-21 +- Resolves: #1715836 + * Thu May 23 2019 Zdenek Dohnal - 1.20.0-15 - 1712814 - Removed option from Ghostscript causes breakage of printing by foomatic-rip filter