diff --git a/SOURCES/cups-1.6.3-legacy-iso88591.patch b/SOURCES/cups-1.6.3-legacy-iso88591.patch new file mode 100644 index 0000000..7be2a04 --- /dev/null +++ b/SOURCES/cups-1.6.3-legacy-iso88591.patch @@ -0,0 +1,135 @@ +diff -up cups-1.6.3/scheduler/cups-lpd.c.legacy-iso88591 cups-1.6.3/scheduler/cups-lpd.c +--- cups-1.6.3/scheduler/cups-lpd.c.legacy-iso88591 2013-06-07 03:12:52.000000000 +0200 ++++ cups-1.6.3/scheduler/cups-lpd.c 2017-09-21 15:16:28.104331875 +0200 +@@ -82,7 +82,7 @@ static int remove_jobs(const char *name, + static int send_state(const char *name, const char *list, + int longstatus); + static char *smart_gets(char *s, int len, FILE *fp); +- ++static void smart_strlcpy(char *dst, const char *src, size_t dstsize); + + /* + * 'main()' - Process an incoming LPD request... +@@ -1053,15 +1053,15 @@ recv_print_job( + switch (line[0]) + { + case 'J' : /* Job name */ +- strlcpy(title, line + 1, sizeof(title)); ++ smart_strlcpy(title, line + 1, sizeof(title)); + break; + + case 'N' : /* Document name */ +- strlcpy(docname, line + 1, sizeof(docname)); ++ smart_strlcpy(docname, line + 1, sizeof(docname)); + break; + + case 'P' : /* User identification */ +- strlcpy(user, line + 1, sizeof(user)); ++ smart_strlcpy(user, line + 1, sizeof(user)); + break; + + case 'L' : /* Print banner page */ +@@ -1146,7 +1146,7 @@ recv_print_job( + switch (line[0]) + { + case 'N' : /* Document name */ +- strlcpy(docname, line + 1, sizeof(docname)); ++ smart_strlcpy(docname, line + 1, sizeof(docname)); + break; + + case 'c' : /* Plot CIF file */ +@@ -1622,5 +1622,94 @@ smart_gets(char *s, /* I - Pointer to + + + /* ++ * 'smart_strlcpy()' - Copy a string and convert from ISO-8859-1 to UTF-8 as needed. ++ */ ++ ++static void ++smart_strlcpy(char *dst, /* I - Output buffer */ ++ const char *src, /* I - Input string */ ++ size_t dstsize) /* I - Size of output buffer */ ++{ ++ const unsigned char *srcptr; /* Pointer into input string */ ++ unsigned char *dstptr, /* Pointer into output buffer */ ++ *dstend; /* End of output buffer */ ++ int saw_8859 = 0; /* Saw an extended character that was not UTF-8? */ ++ ++ ++ for (srcptr = (unsigned char *)src, dstptr = (unsigned char *)dst, dstend = dstptr + dstsize - 1; *srcptr;) ++ { ++ if (*srcptr < 0x80) ++ *dstptr++ = *srcptr++; /* ASCII */ ++ else if (saw_8859) ++ { ++ /* ++ * Map ISO-8859-1 (most likely character set for legacy LPD clients) to ++ * UTF-8... ++ */ ++ ++ if (dstptr > (dstend - 2)) ++ break; ++ ++ *dstptr++ = 0xc0 | (*srcptr >> 6); ++ *dstptr++ = 0x80 | (*srcptr++ & 0x3f); ++ } ++ else if ((*srcptr & 0xe0) == 0xc0 && (srcptr[1] & 0xc0) == 0x80) ++ { ++ /* ++ * 2-byte UTF-8 sequence... ++ */ ++ ++ if (dstptr > (dstend - 2)) ++ break; ++ ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ } ++ else if ((*srcptr & 0xf0) == 0xe0 && (srcptr[1] & 0xc0) == 0x80 && (srcptr[2] & 0xc0) == 0x80) ++ { ++ /* ++ * 3-byte UTF-8 sequence... ++ */ ++ ++ if (dstptr > (dstend - 3)) ++ break; ++ ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ } ++ else if ((*srcptr & 0xf8) == 0xf0 && (srcptr[1] & 0xc0) == 0x80 && (srcptr[2] & 0xc0) == 0x80 && (srcptr[3] & 0xc0) == 0x80) ++ { ++ /* ++ * 4-byte UTF-8 sequence... ++ */ ++ ++ if (dstptr > (dstend - 4)) ++ break; ++ ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ *dstptr++ = *srcptr++; ++ } ++ else ++ { ++ /* ++ * Bad UTF-8 sequence, this must be an ISO-8859-1 string... ++ */ ++ ++ saw_8859 = 1; ++ ++ if (dstptr > (dstend - 2)) ++ break; ++ ++ *dstptr++ = 0xc0 | (*srcptr >> 6); ++ *dstptr++ = 0x80 | (*srcptr++ & 0x3f); ++ } ++ } ++ ++ *dstptr = '\0'; ++} ++/* + * End of "$Id: cups-lpd.c 7899 2008-09-03 12:57:17Z mike $". + */ diff --git a/SOURCES/cups-1.6.3-overriden-h.patch b/SOURCES/cups-1.6.3-overriden-h.patch new file mode 100644 index 0000000..6bcff5f --- /dev/null +++ b/SOURCES/cups-1.6.3-overriden-h.patch @@ -0,0 +1,32 @@ +diff -up cups-1.6.3/cups/usersys.c.overriden-h cups-1.6.3/cups/usersys.c +--- cups-1.6.3/cups/usersys.c.overriden-h 2017-09-22 13:33:48.389439818 +0200 ++++ cups-1.6.3/cups/usersys.c 2017-09-22 13:41:08.580033663 +0200 +@@ -380,6 +380,20 @@ cupsSetServer(const char *server) /* I - + cg->ipp_port = atoi(port); + } + ++ if (!cg->ipp_port) ++ { ++ const char *ipp_port; /* IPP_PORT environment variable */ ++ ++ if ((ipp_port = getenv("IPP_PORT")) != NULL) ++ { ++ if ((cg->ipp_port = atoi(ipp_port)) <= 0) ++ cg->ipp_port = CUPS_DEFAULT_IPP_PORT; ++ } ++ else ++ cg->ipp_port = CUPS_DEFAULT_IPP_PORT; ++ } ++ ++ + if (cg->server[0] == '/') + strcpy(cg->servername, "localhost"); + else +@@ -390,6 +404,7 @@ cupsSetServer(const char *server) /* I - + cg->server[0] = '\0'; + cg->servername[0] = '\0'; + cg->server_version = 20; ++ cg->ipp_port = 0; + } + + if (cg->http) diff --git a/SOURCES/cups-1.6.3-page-count.patch b/SOURCES/cups-1.6.3-page-count.patch new file mode 100644 index 0000000..f0a5147 --- /dev/null +++ b/SOURCES/cups-1.6.3-page-count.patch @@ -0,0 +1,56 @@ +--- cups-1.6.3.rsac.old/backend/snmp-supplies.c 2013-06-06 18:12:52.000000000 -0700 ++++ cups-1.6.3.rsac.new/backend/snmp-supplies.c 2017-02-20 15:57:28.420977310 -0800 +@@ -90,6 +90,8 @@ static backend_supplies_t supplies[CUPS_ + /* Supply information */ + static int supply_state = -1; + /* Supply state info */ ++static int use_snmp_pages = 1; ++ /* Report pages used or not */ + + static const int hrDeviceDescr[] = + { CUPS_OID_hrDeviceDescr, 1, -1 }; +@@ -410,16 +412,21 @@ backendSNMPSupplies( + + if (page_count) + { +- if (!_cupsSNMPWrite(snmp_fd, addr, CUPS_SNMP_VERSION_1, +- _cupsSNMPDefaultCommunity(), CUPS_ASN1_GET_REQUEST, 1, +- prtMarkerLifeCount)) +- return (-1); +- +- if (!_cupsSNMPRead(snmp_fd, &packet, CUPS_SUPPLY_TIMEOUT) || +- packet.object_type != CUPS_ASN1_COUNTER) +- return (-1); +- +- *page_count = packet.object_value.counter; ++ if (use_snmp_pages) ++ { ++ if (!_cupsSNMPWrite(snmp_fd, addr, CUPS_SNMP_VERSION_1, ++ _cupsSNMPDefaultCommunity(), CUPS_ASN1_GET_REQUEST, 1, ++ prtMarkerLifeCount)) ++ return (-1); ++ ++ if (!_cupsSNMPRead(snmp_fd, &packet, CUPS_SUPPLY_TIMEOUT) || ++ packet.object_type != CUPS_ASN1_COUNTER) ++ return (-1); ++ ++ *page_count = packet.object_value.counter; ++ } ++ else ++ *page_count = 0; + } + + return (0); +@@ -521,6 +528,12 @@ backend_init_supplies( + quirks |= CUPS_SNMP_CAPACITY; + } + ++ if ((ppdattr = ppdFindAttr(ppd, "cupsSNMPPages", NULL)) != NULL ) ++ { ++ if (_cups_strcasecmp(ppdattr->value, "true")) ++ use_snmp_pages = 0; ++ } ++ + ppdClose(ppd); + + /* diff --git a/SOURCES/cups-1.6.3-tlsv12.patch b/SOURCES/cups-1.6.3-tlsv12.patch new file mode 100644 index 0000000..a845d43 --- /dev/null +++ b/SOURCES/cups-1.6.3-tlsv12.patch @@ -0,0 +1,178 @@ +diff -up cups-1.6.3/cups/http.c.tlsv12 cups-1.6.3/cups/http.c +--- cups-1.6.3/cups/http.c.tlsv12 2017-12-12 14:40:02.672393885 +0100 ++++ cups-1.6.3/cups/http.c 2017-12-12 16:45:11.417535244 +0100 +@@ -3726,6 +3726,8 @@ http_send(http_t *http, /* I - Con + httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade"); + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.1,TLS/1.0,SSL/3.0"); ++ else if (tls_options & _HTTP_TLS_MIN_TLS12) ++ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2+"); + else + httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.1,TLS/1.0"); + } +@@ -3968,6 +3970,8 @@ http_setup_ssl(http_t *http) /* I - Con + SSL_CTX_set_options(context, SSL_OP_NO_SSLv3); /* Don't use SSLv3 */ + if (!(tls_options & _HTTP_TLS_ALLOW_RC4)) + SSL_CTX_set_cipher_list(context, "DEFAULT:-RC4"); ++ if (tls_options & _HTTP_TLS_MIN_TLS12) ++ SSL_CTX_set_cipher_list(context, "DEFAULT:!SSLv3:!TLSv1"); + + bio = BIO_new(_httpBIOMethods()); + BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http); +@@ -4453,6 +4457,8 @@ http_upgrade(http_t *http) /* I - Conne + httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade"); + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0, SSL/3.0"); ++ else if (tls_options & _HTTP_TLS_MIN_TLS12) ++ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2+"); + else + httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0"); + +diff -up cups-1.6.3/cups/http-private.h.tlsv12 cups-1.6.3/cups/http-private.h +--- cups-1.6.3/cups/http-private.h.tlsv12 2017-12-12 14:40:02.642394135 +0100 ++++ cups-1.6.3/cups/http-private.h 2017-12-12 14:40:02.689393744 +0100 +@@ -143,6 +143,7 @@ extern "C" { + /* care - these should be the same values as the CUPSD_SSL_* equivalents */ + #define _HTTP_TLS_ALLOW_RC4 2 + #define _HTTP_TLS_ALLOW_SSL3 4 ++#define _HTTP_TLS_MIN_TLS12 8 + + + /* +diff -up cups-1.6.3/cups/usersys.c.tlsv12 cups-1.6.3/cups/usersys.c +--- cups-1.6.3/cups/usersys.c.tlsv12 2017-12-12 14:40:02.676393852 +0100 ++++ cups-1.6.3/cups/usersys.c 2017-12-12 14:40:02.689393744 +0100 +@@ -992,7 +992,7 @@ cups_read_client_conf( + else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value) + { + /* +- * SSLOptions [AllowRC4] [AllowSSL3] [None] ++ * SSLOptions [AllowRC4] [AllowSSL3] [MinTLS1.2] [None] + */ + + int options = 0; /* SSL/TLS options */ +@@ -1020,6 +1020,8 @@ cups_read_client_conf( + options |= _HTTP_TLS_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + options |= _HTTP_TLS_ALLOW_SSL3; ++ else if (!_cups_strcasecmp(start, "MinTLS1.2")) ++ options |= _HTTP_TLS_MIN_TLS12; + else if (!_cups_strcasecmp(start, "None")) + options = 0; + } +diff -up cups-1.6.3/man/client.conf.man.in.tlsv12 cups-1.6.3/man/client.conf.man.in +--- cups-1.6.3/man/client.conf.man.in.tlsv12 2017-12-12 14:40:02.643394126 +0100 ++++ cups-1.6.3/man/client.conf.man.in 2017-12-14 12:51:09.366872384 +0100 +@@ -53,14 +53,15 @@ Specifies the address and optionally the + server running CUPS 1.3.12 and earlier. \fBNote: Not supported on OS X 10.7 or + later.\fR + .TP 5 +-SSLOptions \fR[\fIAllowRC4\fR] [\fIAllow SSL3\fR] ++SSLOptions \fR[\fIAllowRC4\fR] [\fIAllow SSL3\fR] [\fIMinTLS1.2\fR] + .br + Sets SSL/TLS protocol options for encrypted connections. By default, + CUPS only supports encryption using TLS v1.0 or higher using known + secure cipher suites. The \fIAllowRC4\fR option enables the 128-bit + RC4 cipher suites, which are required for some older clients that do + not implement newer ones. The \fIAllowSSL3\fR option enables SSL v3.0, +-which is required for some older clients that do not support TLS v1.0. ++which is required for some older clients that do not support TLS v1.0. ++The \fIMinTLS1.2\fR option enforces CUPS to use TLS v1.2 and higher. + .TP 5 + User name + .br +diff -up cups-1.6.3/man/cupsd.conf.man.in.tlsv12 cups-1.6.3/man/cupsd.conf.man.in +--- cups-1.6.3/man/cupsd.conf.man.in.tlsv12 2017-12-14 12:42:34.233473538 +0100 ++++ cups-1.6.3/man/cupsd.conf.man.in 2017-12-14 12:51:09.327872724 +0100 +@@ -480,7 +480,7 @@ Listens on the specified address and por + .TP 5 + SSLOptions None + .TP 5 +-SSLOptions \fR[\fINoEmptyFragments\fR] [\fIAllowRC4\fR] [\fIAllow SSL3\fR] ++SSLOptions \fR[\fINoEmptyFragments\fR] [\fIAllowRC4\fR] [\fIAllow SSL3\fR] [\fIMinTLS1.2\fR] + .br + Sets SSL/TLS protocol options for encrypted connections. By default, + CUPS only supports encryption using TLS v1.0 or higher using known +@@ -490,6 +490,7 @@ enabled. The \fIAllowRC4\fR option enabl + suites, which are required for some older clients that do not + implement newer ones. The \fIAllowSSL3\fR option enables SSL v3.0, + which is required for some older clients that do not support TLS v1.0. ++The \fIMinTLS1.2\fR option enforces CUPS to use TLS v1.2 and higher. + .TP 5 + SSLPort + .br +diff -up cups-1.6.3/scheduler/client.c.tlsv12 cups-1.6.3/scheduler/client.c +--- cups-1.6.3/scheduler/client.c.tlsv12 2017-12-12 15:18:01.683589773 +0100 ++++ cups-1.6.3/scheduler/client.c 2017-12-12 16:44:38.721796794 +0100 +@@ -1189,7 +1189,11 @@ cupsdReadClient(cupsd_client_t *con) /* + } + + httpPrintf(HTTP(con), "Connection: Upgrade\r\n"); +- httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n"); ++ if ((SSLOptions & CUPSD_SSL_MIN_TLS12) || ++ !_cups_strcasecmp(con->http.fields[HTTP_FIELD_UPGRADE], "TLS/1.2+")) ++ httpPrintf(HTTP(con), "Upgrade: TLS/1.2+,HTTP/1.1\r\n"); ++ else ++ httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n"); + httpPrintf(HTTP(con), "Content-Length: 0\r\n"); + httpPrintf(HTTP(con), "\r\n"); + +@@ -1263,7 +1268,11 @@ cupsdReadClient(cupsd_client_t *con) /* + } + + httpPrintf(HTTP(con), "Connection: Upgrade\r\n"); +- httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n"); ++ if ((SSLOptions & CUPSD_SSL_MIN_TLS12) || ++ !_cups_strcasecmp(con->http.fields[HTTP_FIELD_UPGRADE], "TLS/1.2+")) ++ httpPrintf(HTTP(con), "Upgrade: TLS/1.2+,HTTP/1.1\r\n"); ++ else ++ httpPrintf(HTTP(con), "Upgrade: TLS/1.0,HTTP/1.1\r\n"); + httpPrintf(HTTP(con), "Content-Length: 0\r\n"); + httpPrintf(HTTP(con), "\r\n"); + +diff -up cups-1.6.3/scheduler/conf.c.tlsv12 cups-1.6.3/scheduler/conf.c +--- cups-1.6.3/scheduler/conf.c.tlsv12 2017-12-12 14:40:02.681393811 +0100 ++++ cups-1.6.3/scheduler/conf.c 2017-12-12 14:40:02.689393744 +0100 +@@ -3383,7 +3383,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - + else if (!_cups_strcasecmp(line, "SSLOptions")) + { + /* +- * SSLOptions [AllowRC4] [AllowSSL3] [NoEmptyFragments] [None] ++ * SSLOptions [AllowRC4] [AllowSSL3] [MinTLS1.2] [NoEmptyFragments] [None] + */ + + int options = 0; /* SSL/TLS options */ +@@ -3420,6 +3420,8 @@ read_cupsd_conf(cups_file_t *fp) /* I - + options |= CUPSD_SSL_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + options |= CUPSD_SSL_ALLOW_SSL3; ++ else if (!_cups_strcasecmp(start, "MinTLS1.2")) ++ options |= CUPSD_SSL_MIN_TLS12; + else if (!_cups_strcasecmp(start, "None")) + options = 0; + else +diff -up cups-1.6.3/scheduler/conf.h.tlsv12 cups-1.6.3/scheduler/conf.h +--- cups-1.6.3/scheduler/conf.h.tlsv12 2017-12-12 14:40:02.681393811 +0100 ++++ cups-1.6.3/scheduler/conf.h 2017-12-12 14:40:02.690393736 +0100 +@@ -80,7 +80,7 @@ typedef enum + #define CUPSD_SSL_NOEMPTY 1 /* Do not insert empty fragments */ + #define CUPSD_SSL_ALLOW_RC4 2 /* Allow RC4 cipher suites */ + #define CUPSD_SSL_ALLOW_SSL3 4 /* Allow SSL 3.0 */ +- ++#define CUPSD_SSL_MIN_TLS12 8 /* Deny TLS 1.1 */ + + /* + * ServerAlias data... +diff -up cups-1.6.3/scheduler/tls-openssl.c.tlsv12 cups-1.6.3/scheduler/tls-openssl.c +--- cups-1.6.3/scheduler/tls-openssl.c.tlsv12 2017-12-12 14:40:02.645394110 +0100 ++++ cups-1.6.3/scheduler/tls-openssl.c 2017-12-12 16:49:10.357623844 +0100 +@@ -111,6 +111,9 @@ cupsdStartTLS(cupsd_client_t *con) /* I + SSL_CTX_set_options(context, SSL_OP_NO_SSLv3); /* Don't use SSLv3 */ + if (!(SSLOptions & CUPSD_SSL_ALLOW_RC4)) + SSL_CTX_set_cipher_list(context, "DEFAULT:-RC4"); ++ if ((SSLOptions & CUPSD_SSL_MIN_TLS12) || ++ !_cups_strcasecmp(con->http.fields[HTTP_FIELD_UPGRADE], "TLS/1.2+")) ++ SSL_CTX_set_cipher_list(context, "DEFAULT:!SSLv3:!TLSv1"); + SSL_CTX_use_PrivateKey_file(context, ServerKey, SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(context, ServerCertificate); + diff --git a/SOURCES/cups-1.6.3-ypbind.patch b/SOURCES/cups-1.6.3-ypbind.patch new file mode 100644 index 0000000..6cc5fab --- /dev/null +++ b/SOURCES/cups-1.6.3-ypbind.patch @@ -0,0 +1,11 @@ +diff -up cups-1.6.3/data/cups.service.in.ypbind cups-1.6.3/data/cups.service.in +--- cups-1.6.3/data/cups.service.in.ypbind 2017-09-15 15:40:12.193292843 +0200 ++++ cups-1.6.3/data/cups.service.in 2017-09-15 15:40:46.441010187 +0200 +@@ -1,6 +1,6 @@ + [Unit] + Description=CUPS Printing Service +-After=network.target ++After=network.target ypbind.service + + [Service] + ExecStart=@sbindir@/cupsd -f diff --git a/SOURCES/cups-failover-backend.patch b/SOURCES/cups-failover-backend.patch index d6182ea..acaf4b0 100644 --- a/SOURCES/cups-failover-backend.patch +++ b/SOURCES/cups-failover-backend.patch @@ -1,7 +1,7 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failover.c ---- cups-1.6.3/backend/failover.c.failover-backend 2014-10-21 16:58:34.588301166 +0100 -+++ cups-1.6.3/backend/failover.c 2014-10-21 16:58:34.588301166 +0100 -@@ -0,0 +1,799 @@ +--- cups-1.6.3/backend/failover.c.failover-backend 2017-10-25 13:57:43.032337219 +0200 ++++ cups-1.6.3/backend/failover.c 2017-10-25 16:15:31.746984025 +0200 +@@ -0,0 +1,837 @@ +/* + * Failover Backend for the Common UNIX Printing System (CUPS). + * @@ -69,6 +69,17 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo +#include "backend-private.h" + +/* ++ * Return Values ++ */ ++typedef enum fo_state_e ++{ ++ FO_PRINTER_GOOD = 0, ++ FO_PRINTER_BAD, ++ FO_PRINTER_BUSY, ++ FO_AUTH_REQUIRED ++} fo_state_t; ++ ++/* + * Constants + */ +#define FAILOVER_DEFAULT_RETRIES (3) @@ -212,27 +223,43 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo + + fprintf(stderr,"DEBUG: Checking printer #%d: %s\n", + printer_count+1, tmp_device_uri); -+ -+ if ((rc = check_printer(tmp_device_uri)) == CUPS_BACKEND_OK) ++ ++ rc = check_printer(tmp_device_uri); ++ ++ // Printer is available and not busy. ++ if ( rc == FO_PRINTER_GOOD ) + { + selected_uri = tmp_device_uri; + break; + } -+ else if (rc == CUPS_BACKEND_AUTH_REQUIRED) { ++ // Printer is busy ++ else if ( rc == FO_PRINTER_BUSY ) ++ { ++ fprintf(stderr, "DEBUG: Waiting for job to complete.\n"); ++ sleep(2); ++ continue; ++ } ++ // Authorization is required to access the printer. ++ else if (rc == FO_AUTH_REQUIRED) ++ { + auth_failed_count++; -+ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count); ++ fprintf(stderr, "DEBUG: auth_failed_count = %d\n", auth_failed_count); + } -+ else if (!printer_count) -+ fprintf(stderr, "INFO: Primary Printer, %s, not available. " -+ "Attempting Failovers...\n", -+ tmp_device_uri); ++ // Printer is stopped or not accepting jobs + else -+ fprintf(stderr, "INFO: Failover Printer, %s, not available. " -+ "Attempting Failovers..\n", -+ tmp_device_uri); -+ -+ printer_count++; -+ } while ((tmp_device_uri = (char *)cupsArrayNext(printer_array)) != NULL); ++ { ++ if (!printer_count) ++ fprintf(stderr, "INFO: Primary Printer, %s, not available. " ++ "Attempting Failovers...\n", ++ tmp_device_uri); ++ else ++ fprintf(stderr, "INFO: Failover Printer, %s, not available. " ++ "Attempting Failovers..\n", ++ tmp_device_uri); ++ printer_count++; ++ tmp_device_uri = (char *)cupsArrayNext(printer_array); ++ } ++ } while (tmp_device_uri != NULL); + + if (selected_uri && !printer_count) + fprintf(stderr, "STATE: -primary-printer-failed\n"); @@ -295,25 +322,28 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo + +/* + * 'check_printer()' - Checks the status of a remote printer and returns -+ * back BACKEND_FAILURE if the remote printer is -+ * unable to take the job. ++ * back a good/bad/busy status. + */ +int +check_printer(const char *device_uri) +{ + ipp_t *attributes = NULL; /* attributes for device_uri */ + ipp_attribute_t *tmp_attribute; /* for examining attribs */ -+ int rc = CUPS_BACKEND_OK; /* return code */ ++ int rc = FO_PRINTER_GOOD; /* return code */ + char *reason; /* printer state reason */ + int i; + + fprintf(stderr, "DEBUG: Checking printer %s\n",device_uri); -+ -+ if ((rc = get_printer_attributes(device_uri, &attributes)) != CUPS_BACKEND_OK) ++ ++ rc = get_printer_attributes(device_uri, &attributes); ++ if ( rc != CUPS_BACKEND_OK ) + { + fprintf(stderr, "DEBUG: Failed to get attributes from printer: %s\n", + device_uri); -+ return (rc); ++ if ( rc == CUPS_BACKEND_AUTH_REQUIRED ) ++ return (FO_AUTH_REQUIRED); ++ else ++ return (FO_PRINTER_BAD); + } + + /* @@ -328,20 +358,28 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo + "DEBUG: Printer, %s, is not accepting jobs.\n", + device_uri); + -+ rc = CUPS_BACKEND_FAILED; ++ rc = FO_PRINTER_BAD; + } + + /* -+ * Check if printer is stopped ++ * Check if printer is stopped or busy processing + */ + if ((tmp_attribute = ippFindAttribute(attributes, + "printer-state", -+ IPP_TAG_ENUM)) != NULL && -+ tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED) ++ IPP_TAG_ENUM)) != NULL) + { -+ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri); -+ -+ rc = CUPS_BACKEND_FAILED; ++ // Printer Stopped ++ if ( tmp_attribute->values[0].integer == IPP_PRINTER_STOPPED ) ++ { ++ fprintf(stderr, "DEBUG: Printer, %s, stopped.\n", device_uri); ++ rc = FO_PRINTER_BAD; ++ } ++ // Printer Busy ++ else if ( tmp_attribute->values[0].integer == IPP_PRINTER_PROCESSING ) ++ { ++ fprintf(stderr, "DEBUG: Printer %s is busy.\n", device_uri); ++ rc = FO_PRINTER_BUSY; ++ } + } + + /* @@ -358,12 +396,12 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo + if (len > 8 && !strcmp(reason + len - 8, "-warning")) + { + fprintf(stderr, "DEBUG: Printer Supply Warning, %s\n", reason); -+ rc = CUPS_BACKEND_FAILED; ++ rc = FO_PRINTER_BAD; + } + else if (len > 6 && !strcmp(reason + len - 6, "-error")) + { + fprintf(stderr, "DEBUG: Printer Supply Error, %s\n", reason); -+ rc = CUPS_BACKEND_FAILED; ++ rc = FO_PRINTER_BAD; + } + } + } @@ -802,8 +840,8 @@ diff -up cups-1.6.3/backend/failover.c.failover-backend cups-1.6.3/backend/failo + return (NULL); +} diff -up cups-1.6.3/backend/Makefile.failover-backend cups-1.6.3/backend/Makefile ---- cups-1.6.3/backend/Makefile.failover-backend 2014-10-21 16:58:31.298283423 +0100 -+++ cups-1.6.3/backend/Makefile 2014-10-21 16:59:16.972529746 +0100 +--- cups-1.6.3/backend/Makefile.failover-backend 2017-10-25 13:57:42.940337847 +0200 ++++ cups-1.6.3/backend/Makefile 2017-10-25 13:57:43.032337219 +0200 @@ -30,6 +30,7 @@ include ../Makedefs RBACKENDS = \ ipp \ diff --git a/SOURCES/cups-net-backends-etimedout-enotconn.patch b/SOURCES/cups-net-backends-etimedout-enotconn.patch new file mode 100644 index 0000000..328540d --- /dev/null +++ b/SOURCES/cups-net-backends-etimedout-enotconn.patch @@ -0,0 +1,102 @@ +From 4cf66fef48e992ae8f8196db50a742c6276e415b Mon Sep 17 00:00:00 2001 +From: Michael Sweet +Date: Thu, 5 Oct 2017 15:04:19 -0400 +Subject: [PATCH] The network backends now retry on more error conditions + (Issue #5123) + +--- + backend/ipp.c | 5 ++--- + backend/lpd.c | 5 ++--- + backend/socket.c | 5 ++--- + 4 files changed, 6 insertions(+), 9 deletions(-) + +diff --git a/backend/ipp.c b/backend/ipp.c +index 685d4d9df..588ad995e 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -743,8 +743,7 @@ main(int argc, /* I - Number of command-line args */ + + fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(errno)); + +- if (errno == ECONNREFUSED || errno == EHOSTDOWN || +- errno == EHOSTUNREACH) ++ if (errno == ECONNREFUSED || errno == EHOSTDOWN || errno == EHOSTUNREACH || errno == ETIMEDOUT || errno == ENOTCONN) + { + if (contimeout && (time(NULL) - start_time) > contimeout) + { +@@ -763,13 +762,13 @@ main(int argc, /* I - Number of command-line args */ + break; + + case EHOSTUNREACH : ++ default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is unreachable at this " + "time.")); + break; + + case ECONNREFUSED : +- default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is in use.")); + break; +diff --git a/backend/lpd.c b/backend/lpd.c +index 835f9eaee..4325b7c78 100644 +--- a/backend/lpd.c ++++ b/backend/lpd.c +@@ -867,8 +867,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ + + fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(error)); + +- if (error == ECONNREFUSED || error == EHOSTDOWN || +- error == EHOSTUNREACH) ++ if (errno == ECONNREFUSED || errno == EHOSTDOWN || errno == EHOSTUNREACH || errno == ETIMEDOUT || errno == ENOTCONN) + { + if (contimeout && (time(NULL) - start_time) > contimeout) + { +@@ -886,13 +885,13 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ + break; + + case EHOSTUNREACH : ++ default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is unreachable at " + "this time.")); + break; + + case ECONNREFUSED : +- default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is in use.")); + break; +diff --git a/backend/socket.c b/backend/socket.c +index 7fc0880f1..c16a1a097 100644 +--- a/backend/socket.c ++++ b/backend/socket.c +@@ -330,8 +330,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ + + fprintf(stderr, "DEBUG: Connection error: %s\n", strerror(error)); + +- if (error == ECONNREFUSED || error == EHOSTDOWN || +- error == EHOSTUNREACH) ++ if (errno == ECONNREFUSED || errno == EHOSTDOWN || errno == EHOSTUNREACH || errno == ETIMEDOUT || errno == ENOTCONN) + { + if (contimeout && (time(NULL) - start_time) > contimeout) + { +@@ -349,13 +348,13 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ + break; + + case EHOSTUNREACH : ++ default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is unreachable at this " + "time.")); + break; + + case ECONNREFUSED : +- default : + _cupsLangPrintFilter(stderr, "WARNING", + _("The printer is in use.")); + break; +-- +2.13.6 + diff --git a/SPECS/cups.spec b/SPECS/cups.spec index 6b507b6..5b3d2a2 100644 --- a/SPECS/cups.spec +++ b/SPECS/cups.spec @@ -11,7 +11,7 @@ Summary: CUPS printing system Name: cups Epoch: 1 Version: 1.6.3 -Release: 29%{?dist} +Release: 35%{?dist} License: GPLv2 Group: System Environment/Daemons Url: http://www.cups.org/ @@ -94,6 +94,12 @@ Patch63: cups-163-enotif.patch Patch64: cups-163-fdleak.patch Patch65: cups-state-message.patch Patch66: cups-1.6.3-resolv_reload.patch +Patch67: cups-1.6.3-legacy-iso88591.patch +Patch68: cups-1.6.3-ypbind.patch +Patch69: cups-1.6.3-overriden-h.patch +Patch70: cups-net-backends-etimedout-enotconn.patch +Patch71: cups-1.6.3-tlsv12.patch +Patch72: cups-1.6.3-page-count.patch Patch100: cups-lspp.patch @@ -361,11 +367,22 @@ Sends IPP requests to the specified URI and tests and/or displays the results. %patch65 -p1 -b .state-message # CUPS does not recognize changes to /etc/resolv.conf until CUPS restart (bug #1325692) %patch66 -p1 -b .resolv_reload - +# cups-lpd program did not catch all legacy usage of ISO-8859-1 (bug #1386751) +%patch67 -p1 -b .legacy-iso88591 +# CUPS may fail to start if NIS groups are used (bug #1441860) +%patch68 -p1 -b .ypbind +# The -h option is overridden by _cupsSetDefaults settings when the IPP port is not given (bug #1430882) +%patch69 -p1 -b .overriden-h %if %lspp # LSPP support. %patch100 -p1 -b .lspp %endif +# Failover backend won't fail-over if the printer is disconnected (bug #1469816) +%patch70 -p1 -b .net-backends-etimedout-enotconn +# Remove weak SSL/TLS ciphers from CUPS (bug #1466497) +%patch71 -p1 -b .tlsv12 +# CUPS print jobs show incorrect number under the "pages" column (bug #1434153) +%patch72 -p1 -b .page-count sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in @@ -757,6 +774,27 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Fri Dec 15 2017 Zdenek Dohnal - 1:1.6.3-35 +- 1466497 - Remove weak SSL/TLS ciphers from CUPS - fixing covscan issues + +* Mon Dec 11 2017 Zdenek Dohnal - 1:1.6.3-34 +- 1466497 - Remove weak SSL/TLS ciphers from CUPS - fixing the patch + +* Wed Nov 01 2017 Zdenek Dohnal - 1:1.6.3-33 +- 1466497 - Remove weak SSL/TLS ciphers from CUPS +- 1434153 - CUPS print jobs show incorrect number under the "pages" column + +* Wed Oct 25 2017 Zdenek Dohnal - 1:1.6.3-32 +- 1468747 - CUPS failover backend allows multiple jobs to get stuck in failed queue +- 1469816 - Failover backend won't fail-over if the printer is disconnected + +* Mon Sep 25 2017 Zdenek Dohnal - 1:1.6.3-31 +- 1430882 - The -h option is overridden by _cupsSetDefaults settings when the IPP port is not given + +* Fri Sep 22 2017 Zdenek Dohnal - 1:1.6.3-30 +- 1386751 - cups-lpd program did not catch all legacy usage of ISO-8859-1 +- 1441860 - CUPS may fail to start if NIS groups are used + * Thu Apr 06 2017 Zdenek Dohnal - 1:1.6.3-29 - fixing cups-1.6.3-resolv_reload.patch for rhbz#1325692