From 9db046f6c4f1b7f8afc79cec03780144c9244631 Mon Sep 17 00:00:00 2001 From: Jiri Popelka Date: Dec 18 2012 14:32:27 +0000 Subject: backport fixes for STR #4125, STR #4140, STR #4187, STR #4205, STR #4232 --- diff --git a/cups-icc.patch b/cups-icc.patch index db4ae22..3e5db6c 100644 --- a/cups-icc.patch +++ b/cups-icc.patch @@ -517,7 +517,7 @@ index 0000000..bd06e1c + "DeleteDevice"); + + dbus_message_iter_init_append(message, &args); -+ dbus_message_iter_append_basic(&args, DBUS_TYPE_STRING, &device_id); ++ dbus_message_iter_append_basic(&args, DBUS_TYPE_OBJECT_PATH, &device_id); + + /* send syncronous */ + dbus_error_init(&error); diff --git a/cups-lspp.patch b/cups-lspp.patch index a9b6add..57fa80b 100644 --- a/cups-lspp.patch +++ b/cups-lspp.patch @@ -1931,9 +1931,9 @@ diff -up cups-1.5.4/scheduler/printers.c.lspp cups-1.5.4/scheduler/printers.c * Local functions... */ @@ -2231,6 +2238,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - "username", - "password" - }; + cups_option_t *option; /* Current printer option */ + char *name, /* Current user/group name */ + *filter; /* Current filter */ +#ifdef WITH_LSPP + char *audit_message; /* Audit message string */ + char *printerfile; /* Path to a local printer dev */ diff --git a/cups-str4125.patch b/cups-str4125.patch new file mode 100644 index 0000000..83d02b5 --- /dev/null +++ b/cups-str4125.patch @@ -0,0 +1,54 @@ +From 997514f0f7eb360d55a0e77fdba916221a395cb0 Mon Sep 17 00:00:00 2001 +From: mike +Date: Thu, 13 Dec 2012 16:38:56 +0000 +Subject: [PATCH] The IPP backend now stops queues when the server + configuration prevents successful job submission (STR #4125) + +git-svn-id: http://svn.easysw.com/public/cups/trunk@10758 7a7537e8-13f0-0310-91df-b6672ffda945 +diff --git a/backend/ipp.c b/backend/ipp.c +index 05843ea..c61d6c8 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -1354,8 +1354,9 @@ main(int argc, /* I - Number of command-line args */ + /* + * If the printer only claims to support IPP/1.0, or if the user specifically + * included version=1.0 in the URI, then do not try to use Create-Job or +- * Send-Document. This is another dreaded compatibility hack, but unfortunately +- * there are enough broken printers out there that we need this for now... ++ * Send-Document. This is another dreaded compatibility hack, but ++ * unfortunately there are enough broken printers out there that we need ++ * this for now... + */ + + if (version == 10) +@@ -1812,6 +1813,27 @@ main(int argc, /* I - Number of command-line args */ + + goto cleanup; + } ++ else if (ipp_status == IPP_UPGRADE_REQUIRED) ++ { ++ /* ++ * Server is configured incorrectly; the policy for Create-Job and ++ * Send-Document has to be the same (auth or no auth, encryption or ++ * no encryption). Force the queue to stop since printing will never ++ * work. ++ */ ++ ++ fputs("DEBUG: The server or printer is configured incorrectly.\n", ++ stderr); ++ fputs("DEBUG: The policy for Create-Job and Send-Document must have the " ++ "same authentication and encryption requirements.\n", stderr); ++ ++ ipp_status = IPP_INTERNAL_ERROR; ++ ++ if (job_id > 0) ++ cancel_job(http, uri, job_id, resource, argv[2], version); ++ ++ goto cleanup; ++ } + else if (ipp_status == IPP_NOT_FOUND) + { + /* +-- +1.8.0.1 + diff --git a/cups-str4140.patch b/cups-str4140.patch new file mode 100644 index 0000000..33e49bc --- /dev/null +++ b/cups-str4140.patch @@ -0,0 +1,29 @@ +From b28fd9a0ad2262e7caa8615d891cff2422e496e5 Mon Sep 17 00:00:00 2001 +From: mike +Date: Mon, 17 Dec 2012 22:40:54 +0000 +Subject: [PATCH] Fixed a problem with local Kerberos authentication (STR + #4140) + +git-svn-id: http://svn.easysw.com/public/cups/trunk@10778 7a7537e8-13f0-0310-91df-b6672ffda945 +diff --git a/scheduler/client.c b/scheduler/client.c +index 663c64b..e9abb82 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -2580,14 +2580,7 @@ cupsdSendHeader( + con->http.hostname); + #ifdef HAVE_GSSAPI + else if (auth_type == CUPSD_AUTH_NEGOTIATE) +- { +-# ifdef AF_LOCAL +- if (_httpAddrFamily(con->http.hostaddr) == AF_LOCAL) +- strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str)); +- else +-# endif /* AF_LOCAL */ + strlcpy(auth_str, "Negotiate", sizeof(auth_str)); +- } + #endif /* HAVE_GSSAPI */ + + if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && +-- +1.8.0.1 + diff --git a/cups-str4187.patch b/cups-str4187.patch new file mode 100644 index 0000000..c54dd07 --- /dev/null +++ b/cups-str4187.patch @@ -0,0 +1,41 @@ +From c6ae62cb67ef957fea5bf0e0bcd0a3201a2d6b4d Mon Sep 17 00:00:00 2001 +From: mike +Date: Thu, 13 Dec 2012 19:57:25 +0000 +Subject: [PATCH] The CUPS library did not always detect a timed out connection + to the server which could cause temporary loss of printing from applications + (STR #4187) + +git-svn-id: http://svn.easysw.com/public/cups/trunk@10760 7a7537e8-13f0-0310-91df-b6672ffda945 +diff --git a/cups/request.c b/cups/request.c +index a04fbb3..f81785d 100644 +--- a/cups/request.c ++++ b/cups/request.c +@@ -1007,6 +1007,25 @@ _cupsConnect(void) + httpClose(cg->http); + cg->http = NULL; + } ++ else ++ { ++ /* ++ * Same server, see if the connection is still established... ++ */ ++ ++ char ch; /* Connection check byte */ ++ ++ if (recv(cg->http->fd, &ch, 1, MSG_PEEK | MSG_DONTWAIT) < 0 && ++ errno != EWOULDBLOCK) ++ { ++ /* ++ * Nope, close the connection... ++ */ ++ ++ httpClose(cg->http); ++ cg->http = NULL; ++ } ++ } + } + + /* +-- +1.8.0.1 + diff --git a/cups-str4205.patch b/cups-str4205.patch new file mode 100644 index 0000000..78a1fc4 --- /dev/null +++ b/cups-str4205.patch @@ -0,0 +1,69 @@ +From 7d54edf278380093a00fd850ca3f88d6e4777e46 Mon Sep 17 00:00:00 2001 +From: mike +Date: Wed, 12 Dec 2012 12:27:27 +0000 +Subject: [PATCH] Don't set auth-info-required all of the time (STR #4205) + +git-svn-id: http://svn.easysw.com/public/cups/trunk@10749 7a7537e8-13f0-0310-91df-b6672ffda945 + +diff -up cups-1.5.4/scheduler/printers.c.str4205 cups-1.5.4/scheduler/printers.c +--- cups-1.5.4/scheduler/printers.c.str4205 2012-12-18 14:15:01.000000000 +0100 ++++ cups-1.5.4/scheduler/printers.c 2012-12-18 14:24:12.269701428 +0100 +@@ -2213,8 +2213,6 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + int i, /* Looping var */ + length; /* Length of browse attributes */ + char resource[HTTP_MAX_URI]; /* Resource portion of URI */ +- int num_air; /* Number of auth-info-required values */ +- const char * const *air; /* auth-info-required values */ + cupsd_location_t *auth; /* Pointer to authentication element */ + const char *auth_supported; /* Authentication supported */ + ipp_t *oldattrs; /* Old printer attributes */ +@@ -2222,15 +2220,6 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + cups_option_t *option; /* Current printer option */ + char *name, /* Current user/group name */ + *filter; /* Current filter */ +- static const char * const air_none[] = +- { /* No authentication */ +- "none" +- }; +- static const char * const air_userpass[] = +- { /* Basic/Digest authentication */ +- "username", +- "password" +- }; + + + DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, +@@ -2254,20 +2243,6 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + */ + + auth_supported = "requesting-user-name"; +- num_air = 1; +- air = air_none; +- +- if (p->num_auth_info_required > 0 && strcmp(p->auth_info_required[0], "none")) +- { +- num_air = p->num_auth_info_required; +- air = p->auth_info_required; +- } +- else if ((p->type & CUPS_PRINTER_AUTHENTICATED) && +- (p->type & CUPS_PRINTER_DISCOVERED)) +- { +- num_air = 2; +- air = air_userpass; +- } + + if (p->type & CUPS_PRINTER_CLASS) + snprintf(resource, sizeof(resource), "/classes/%s", p->name); +@@ -2349,8 +2324,10 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) + "job-k-limit", p->k_limit); + ippAddInteger(p->attrs, IPP_TAG_PRINTER, IPP_TAG_INTEGER, + "job-page-limit", p->page_limit); +- ippAddStrings(p->attrs, IPP_TAG_PRINTER, IPP_TAG_KEYWORD, +- "auth-info-required", num_air, NULL, air); ++ if (p->num_auth_info_required > 0 && strcmp(p->auth_info_required[0], "none")) ++ ippAddStrings(p->attrs, IPP_TAG_PRINTER, IPP_TAG_KEYWORD, ++ "auth-info-required", p->num_auth_info_required, NULL, ++ p->auth_info_required); + + if (cupsArrayCount(Banners) > 0 && !(p->type & CUPS_PRINTER_DISCOVERED)) + { diff --git a/cups.spec b/cups.spec index 6d65dcd..4babc52 100644 --- a/cups.spec +++ b/cups.spec @@ -12,7 +12,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.5.4 -Release: 21%{?dist} +Release: 22%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -82,6 +82,11 @@ Patch46: cups-str4190.patch Patch47: cups-str4223.patch +Patch48: cups-str4125.patch +Patch49: cups-str4140.patch +Patch50: cups-str4187.patch +Patch51: cups-str4205.patch + Patch100: cups-lspp.patch Epoch: 1 @@ -331,6 +336,17 @@ Sends IPP requests to the specified URI and tests and/or displays the results. # Apply upstream fix for CVE-2012-5519 (STR #4223, bug #875898). %patch47 -p1 -b .str4223 +# The IPP backend now stops queues when the server +# configuration prevents successful job submission (STR #4125) +%patch48 -p1 -b .str4125 +# Fixed a problem with local Kerberos authentication (STR #4140, bug #837602) +%patch49 -p1 -b .str4140 +# The CUPS library did not always detect a timed out connection to the server +# which could cause temporary loss of printing from applications (STR #4187) +%patch50 -p1 -b .str4187 +# Don't set auth-info-required all of the time (STR #4205) +%patch51 -p1 -b .str4205 + %if %lspp # LSPP support. %patch100 -p1 -b .lspp @@ -732,6 +748,9 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man5/ipptoolfile.5.gz %changelog +* Tue Dec 18 2012 Jiri Popelka 1:1.5.4-22 +- backport fixes for STR #4125, STR #4140, STR #4187, STR #4205, STR #4232 + * Thu Dec 6 2012 Tim Waugh 1:1.5.4-21 - Additional fix relating to CVE-2012-5519 to avoid misleading error message about actions to take to enable file device URIs.