diff --git a/SOURCES/0001-Remove-web-log-buttons.patch b/SOURCES/0001-Remove-web-log-buttons.patch
new file mode 100644
index 0000000..a19d806
--- /dev/null
+++ b/SOURCES/0001-Remove-web-log-buttons.patch
@@ -0,0 +1,98 @@
+diff --git a/templates/admin.tmpl b/templates/admin.tmpl
+index 101f960..5ebd813 100644
+--- a/templates/admin.tmpl
++++ b/templates/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/de/admin.tmpl b/templates/de/admin.tmpl
+index fb2851a..f8ddeff 100644
+--- a/templates/de/admin.tmpl
++++ b/templates/de/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/es/admin.tmpl b/templates/es/admin.tmpl
+index 097c65c..b83b1a0 100644
+--- a/templates/es/admin.tmpl
++++ b/templates/es/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/fr/admin.tmpl b/templates/fr/admin.tmpl
+index 2fcd9c5..e365ff3 100644
+--- a/templates/fr/admin.tmpl
++++ b/templates/fr/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/ja/admin.tmpl b/templates/ja/admin.tmpl
+index 13d6f13..f5fa750 100644
+--- a/templates/ja/admin.tmpl
++++ b/templates/ja/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/pt_BR/admin.tmpl b/templates/pt_BR/admin.tmpl
+index b847bef..e11d889 100644
+--- a/templates/pt_BR/admin.tmpl
++++ b/templates/pt_BR/admin.tmpl
+@@ -27,9 +27,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
+diff --git a/templates/ru/admin.tmpl b/templates/ru/admin.tmpl
+index 49a168c..44b1493 100644
+--- a/templates/ru/admin.tmpl
++++ b/templates/ru/admin.tmpl
+@@ -26,9 +26,6 @@
+
+
+
+-
+-
+-
+
+
+ {SETTINGS_ERROR?{SETTINGS_MESSAGE}
diff --git a/SOURCES/cups-fips-compliance.patch b/SOURCES/cups-fips-compliance.patch
new file mode 100644
index 0000000..df13e75
--- /dev/null
+++ b/SOURCES/cups-fips-compliance.patch
@@ -0,0 +1,371 @@
+diff --git a/cups/cups.h b/cups/cups.h
+index 8f5c818..9d8c3a3 100644
+--- a/cups/cups.h
++++ b/cups/cups.h
+@@ -606,6 +606,9 @@ extern ssize_t cupsHashData(const char *algorithm, const void *data, size_t dat
+ extern int cupsAddIntegerOption(const char *name, int value, int num_options, cups_option_t **options) _CUPS_API_2_2_4;
+ extern int cupsGetIntegerOption(const char *name, int num_options, cups_option_t *options) _CUPS_API_2_2_4;
+
++/* New in CUPS 2.3 */
++extern const char *cupsHashString(const unsigned char *hash, size_t hashsize, char *buffer, size_t bufsize);
++
+ # ifdef __cplusplus
+ }
+ # endif /* __cplusplus */
+diff --git a/cups/hash.c b/cups/hash.c
+index ede5461..8ebe20b 100644
+--- a/cups/hash.c
++++ b/cups/hash.c
+@@ -21,6 +21,8 @@
+ # include
+ #elif defined(HAVE_GNUTLS)
+ # include
++#else
++# include "md5-private.h"
+ #endif /* __APPLE__ */
+
+
+@@ -171,7 +173,9 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
+ unsigned char temp[64]; /* Temporary hash buffer */
+ size_t tempsize = 0; /* Truncate to this size? */
+
+- if (!strcmp(algorithm, "sha"))
++ if (!strcmp(algorithm, "md5"))
++ alg = GNUTLS_DIG_MD5;
++ else if (!strcmp(algorithm, "sha"))
+ alg = GNUTLS_DIG_SHA1;
+ else if (!strcmp(algorithm, "sha2-224"))
+ alg = GNUTLS_DIG_SHA224;
+@@ -219,10 +223,20 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
+
+ #else
+ /*
+- * No hash support without CommonCrypto or GNU TLS...
++ * No hash support beyond MD5 without CommonCrypto or GNU TLS...
+ */
+
+- if (hashsize < 64)
++ if (!strcmp(algorithm, "md5"))
++ {
++ _cups_md5_state_t state; /* MD5 state info */
++
++ _cupsMD5Init(&state);
++ _cupsMD5Append(&state, data, datalen);
++ _cupsMD5Finish(&state, hash);
++
++ return (16);
++ }
++ else if (hashsize < 64)
+ goto too_small;
+ #endif /* __APPLE__ */
+
+@@ -243,3 +257,51 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1);
+ return (-1);
+ }
++
++
++/*
++ * 'cupsHashString()' - Format a hash value as a hexadecimal string.
++ *
++ * The passed buffer must be at least 2 * hashsize + 1 characters in length.
++ */
++
++const char * /* O - Formatted string */
++cupsHashString(
++ const unsigned char *hash, /* I - Hash */
++ size_t hashsize, /* I - Size of hash */
++ char *buffer, /* I - String buffer */
++ size_t bufsize) /* I - Size of string buffer */
++{
++ char *bufptr = buffer; /* Pointer into buffer */
++ static const char *hex = "0123456789abcdef";
++ /* Hex characters (lowercase!) */
++
++
++ /*
++ * Range check input...
++ */
++
++ if (!hash || hashsize < 1 || !buffer || bufsize < (2 * hashsize + 1))
++ {
++ if (buffer)
++ *buffer = '\0';
++ return (NULL);
++ }
++
++ /*
++ * Loop until we've converted the whole hash...
++ */
++
++ while (hashsize > 0)
++ {
++ *bufptr++ = hex[*hash >> 4];
++ *bufptr++ = hex[*hash & 15];
++
++ hash ++;
++ hashsize --;
++ }
++
++ *bufptr = '\0';
++
++ return (buffer);
++}
+diff --git a/cups/md5passwd.c b/cups/md5passwd.c
+index a9817aa..c9ffe04 100644
+--- a/cups/md5passwd.c
++++ b/cups/md5passwd.c
+@@ -17,6 +17,7 @@
+ * Include necessary headers...
+ */
+
++#include
+ #include "http-private.h"
+ #include "string-private.h"
+
+@@ -31,7 +32,6 @@ httpMD5(const char *username, /* I - User name */
+ const char *passwd, /* I - Password string */
+ char md5[33]) /* O - MD5 string */
+ {
+- _cups_md5_state_t state; /* MD5 state info */
+ unsigned char sum[16]; /* Sum data */
+ char line[256]; /* Line to sum */
+
+@@ -41,15 +41,13 @@ httpMD5(const char *username, /* I - User name */
+ */
+
+ snprintf(line, sizeof(line), "%s:%s:%s", username, realm, passwd);
+- _cupsMD5Init(&state);
+- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
+- _cupsMD5Finish(&state, sum);
++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
+
+ /*
+ * Return the sum...
+ */
+
+- return (httpMD5String(sum, md5));
++ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ }
+
+
+@@ -65,7 +63,6 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
+ const char *resource, /* I - Resource path */
+ char md5[33]) /* IO - MD5 sum */
+ {
+- _cups_md5_state_t state; /* MD5 state info */
+ unsigned char sum[16]; /* Sum data */
+ char line[1024]; /* Line of data */
+ char a2[33]; /* Hash of method and resource */
+@@ -76,9 +73,7 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
+ */
+
+ snprintf(line, sizeof(line), "%s:%s", method, resource);
+- _cupsMD5Init(&state);
+- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
+- _cupsMD5Finish(&state, sum);
++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
+ httpMD5String(sum, a2);
+
+ /*
+@@ -88,12 +83,9 @@ httpMD5Final(const char *nonce, /* I - Server nonce value */
+ */
+
+ snprintf(line, sizeof(line), "%s:%s:%s", md5, nonce, a2);
++ cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
+
+- _cupsMD5Init(&state);
+- _cupsMD5Append(&state, (unsigned char *)line, (int)strlen(line));
+- _cupsMD5Finish(&state, sum);
+-
+- return (httpMD5String(sum, md5));
++ return ((char *)cupsHashString(sum, sizeof(sum), md5, 33));
+ }
+
+
+@@ -106,23 +98,5 @@ httpMD5String(const unsigned char *sum, /* I - MD5 sum data */
+ char md5[33])
+ /* O - MD5 sum in hex */
+ {
+- int i; /* Looping var */
+- char *md5ptr; /* Pointer into MD5 string */
+- static const char hex[] = "0123456789abcdef";
+- /* Hex digits */
+-
+-
+- /*
+- * Convert the MD5 sum to hexadecimal...
+- */
+-
+- for (i = 16, md5ptr = md5; i > 0; i --, sum ++)
+- {
+- *md5ptr++ = hex[*sum >> 4];
+- *md5ptr++ = hex[*sum & 15];
+- }
+-
+- *md5ptr = '\0';
+-
+- return (md5);
++ return ((char *)cupsHashString(sum, 16, md5, 33));
+ }
+diff --git a/scheduler/auth.c b/scheduler/auth.c
+index 71df9dc..e7d0006 100644
+--- a/scheduler/auth.c
++++ b/scheduler/auth.c
+@@ -72,9 +72,6 @@ static int check_authref(cupsd_client_t *con, const char *right);
+ static int compare_locations(cupsd_location_t *a,
+ cupsd_location_t *b);
+ static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data);
+-#if !HAVE_LIBPAM
+-static char *cups_crypt(const char *pw, const char *salt);
+-#endif /* !HAVE_LIBPAM */
+ static void free_authmask(cupsd_authmask_t *am, void *data);
+ #if HAVE_LIBPAM
+ static int pam_func(int, const struct pam_message **,
+@@ -695,14 +692,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
+ * client...
+ */
+
+- pass = cups_crypt(password, pw->pw_passwd);
++ pass = crypt(password, pw->pw_passwd);
+
+ if (!pass || strcmp(pw->pw_passwd, pass))
+ {
+ # ifdef HAVE_SHADOW_H
+ if (spw)
+ {
+- pass = cups_crypt(password, spw->sp_pwdp);
++ pass = crypt(password, spw->sp_pwdp);
+
+ if (pass == NULL || strcmp(spw->sp_pwdp, pass))
+ {
+@@ -1988,129 +1985,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */
+ }
+
+
+-#if !HAVE_LIBPAM
+-/*
+- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
+- * as needed.
+- */
+-
+-static char * /* O - Encrypted password */
+-cups_crypt(const char *pw, /* I - Password string */
+- const char *salt) /* I - Salt (key) string */
+-{
+- if (!strncmp(salt, "$1$", 3))
+- {
+- /*
+- * Use MD5 passwords without the benefit of PAM; this is for
+- * Slackware Linux, and the algorithm was taken from the
+- * old shadow-19990827/lib/md5crypt.c source code... :(
+- */
+-
+- int i; /* Looping var */
+- unsigned long n; /* Output number */
+- int pwlen; /* Length of password string */
+- const char *salt_end; /* End of "salt" data for MD5 */
+- char *ptr; /* Pointer into result string */
+- _cups_md5_state_t state; /* Primary MD5 state info */
+- _cups_md5_state_t state2; /* Secondary MD5 state info */
+- unsigned char digest[16]; /* MD5 digest result */
+- static char result[120]; /* Final password string */
+-
+-
+- /*
+- * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
+- * Get a maximum of 8 characters of salt data after $1$...
+- */
+-
+- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
+- if (*salt_end == '$')
+- break;
+-
+- /*
+- * Compute the MD5 sum we need...
+- */
+-
+- pwlen = strlen(pw);
+-
+- _cupsMD5Init(&state);
+- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
+-
+- _cupsMD5Init(&state2);
+- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
+- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+- _cupsMD5Finish(&state2, digest);
+-
+- for (i = pwlen; i > 0; i -= 16)
+- _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
+-
+- for (i = pwlen; i > 0; i >>= 1)
+- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
+-
+- _cupsMD5Finish(&state, digest);
+-
+- for (i = 0; i < 1000; i ++)
+- {
+- _cupsMD5Init(&state);
+-
+- if (i & 1)
+- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+- else
+- _cupsMD5Append(&state, digest, 16);
+-
+- if (i % 3)
+- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
+-
+- if (i % 7)
+- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+- if (i & 1)
+- _cupsMD5Append(&state, digest, 16);
+- else
+- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+- _cupsMD5Finish(&state, digest);
+- }
+-
+- /*
+- * Copy the final sum to the result string and return...
+- */
+-
+- memcpy(result, salt, (size_t)(salt_end - salt));
+- ptr = result + (salt_end - salt);
+- *ptr++ = '$';
+-
+- for (i = 0; i < 5; i ++, ptr += 4)
+- {
+- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
+-
+- if (i < 4)
+- n |= (unsigned)digest[i + 12];
+- else
+- n |= (unsigned)digest[5];
+-
+- to64(ptr, n, 4);
+- }
+-
+- to64(ptr, (unsigned)digest[11], 2);
+- ptr += 2;
+- *ptr = '\0';
+-
+- return (result);
+- }
+- else
+- {
+- /*
+- * Use the standard crypt() function...
+- */
+-
+- return (crypt(pw, salt));
+- }
+-}
+-#endif /* !HAVE_LIBPAM */
+-
+-
+ /*
+ * 'free_authmask()' - Free function for auth masks.
+ */
diff --git a/SPECS/cups.spec b/SPECS/cups.spec
index 64e64c3..d61bd8d 100644
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@@ -15,7 +15,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 2.2.6
-Release: 25%{?dist}
+Release: 28%{?dist}
License: GPLv2+ and LGPLv2 with exceptions and AML
Url: http://www.cups.org/
Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -78,6 +78,10 @@ Patch45: 0001-Fix-stuck-multi-file-jobs-Issue-5359-Issue-5413.patch
Patch46: 0001-CVE-2018-4700-Linux-session-cookies-used-a-predictab.patch
# 1659486 - cupsd crash on startup in ippCopyAttribute
Patch47: 0001-The-scheduler-could-crash-while-adding-an-IPP-Everyw.patch
+# 1677577 - Remove 'View X log' buttons from web ui
+Patch48: 0001-Remove-web-log-buttons.patch
+# 1650233 - cups uses md5 for hashing credentials sent through tls connection
+Patch49: cups-fips-compliance.patch
Patch100: cups-lspp.patch
@@ -299,6 +303,10 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
%patch46 -p1 -b .predictable-cookie
# 1659486 - cupsd crash on startup in ippCopyAttribute
%patch47 -p1 -b .ippeve-crash
+# 1677577 - Remove 'View X log' buttons from web ui
+%patch48 -p1 -b .rm-webui-buttons
+# 1650233 - cups uses md5 for hashing credentials sent through tls connection
+%patch49 -p1 -b .fips-compliance
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@@ -328,6 +336,8 @@ autoconf -I config-scripts
# add Fedora specific flags to DSOFLAGS
export DSOFLAGS="$DSOFLAGS -L../cgi-bin -L../filter -L../ppdc -L../scheduler -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,relro,-z,now -fPIE -pie"
export CFLAGS="$RPM_OPT_FLAGS -fstack-protector-all -DLDAP_DEPRECATED=1"
+export CC=gcc
+export CXX=g++
# --enable-debug to avoid stripping binaries
%configure --with-docdir=%{_datadir}/%{name}/www --enable-debug \
%if %{lspp}
@@ -700,6 +710,15 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
+* Tue Aug 13 2019 Zdenek Dohnal - 1:2.2.6-28
+- 1650233 - cups uses md5 for hashing credentials sent through tls connection
+
+* Mon Jun 10 2019 Tomas Korbar - 1:2.2.6-27
+- 1677577 - Remove 'View X log' buttons from web ui
+
+* Fri Jun 07 2019 Tomas Korbar - 1:2.2.6-26
+- 1659998 - cups fails to build if clang is installed
+
* Fri Dec 14 2018 Zdenek Dohnal - 1:2.2.6-25
- 1659486 - cupsd crash on startup in ippCopyAttribute