From: Alexander Marx <alexander.marx@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] cups: Update to 2.1.4
Date: Fri, 09 Sep 2016 07:42:03 +0000 [thread overview]
Message-ID: <1473406923-20798-1-git-send-email-alexander.marx@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 131963 bytes --]
Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
---
cups/cups.nm | 6 +-
cups/patches/001_cups-no-gzip-man.patch | 18 -
cups/patches/002_cups-system-auth.patch | 38 -
cups/patches/003_cups-multilib.patch | 16 -
cups/patches/004_cups-banners.patch | 12 -
cups/patches/005_cups-serverbin-compat.patch | 190 --
cups/patches/006_cups-no-export-ssllibs.patch | 12 -
cups/patches/007_cups-direct-usb.patch | 27 -
cups/patches/008_cups-lpr-help.patch | 48 -
cups/patches/009_cups-peercred.patch | 11 -
cups/patches/010_cups-pid.patch | 37 -
cups/patches/011_cups-eggcups.patch | 130 --
cups/patches/012_cups-driverd-timeout.patch | 21 -
cups/patches/013_cups-strict-ppd-line-length.patch | 30 -
cups/patches/014_cups-logrotate.patch | 63 -
cups/patches/015_cups-usb-paperout.patch | 52 -
cups/patches/016_cups-res_init.patch | 26 -
cups/patches/017_cups-filter-debug.patch | 32 -
cups/patches/018_cups-uri-compat.patch | 51 -
cups/patches/019_cups-cups-get-classes.patch | 89 -
cups/patches/020_cups-str3382.patch | 64 -
cups/patches/021_cups-0755.patch | 21 -
cups/patches/022_cups-hp-deviceid-oid.patch | 21 -
cups/patches/023_cups-dnssd-deviceid.patch | 38 -
cups/patches/024_cups-ricoh-deviceid-oid.patch | 21 -
cups/patches/025_cups-systemd-socket.patch | 395 ----
cups/patches/026_cups-lspp.patch | 1999 --------------------
27 files changed, 3 insertions(+), 3465 deletions(-)
delete mode 100644 cups/patches/001_cups-no-gzip-man.patch
delete mode 100644 cups/patches/002_cups-system-auth.patch
delete mode 100644 cups/patches/003_cups-multilib.patch
delete mode 100644 cups/patches/004_cups-banners.patch
delete mode 100644 cups/patches/005_cups-serverbin-compat.patch
delete mode 100644 cups/patches/006_cups-no-export-ssllibs.patch
delete mode 100644 cups/patches/007_cups-direct-usb.patch
delete mode 100644 cups/patches/008_cups-lpr-help.patch
delete mode 100644 cups/patches/009_cups-peercred.patch
delete mode 100644 cups/patches/010_cups-pid.patch
delete mode 100644 cups/patches/011_cups-eggcups.patch
delete mode 100644 cups/patches/012_cups-driverd-timeout.patch
delete mode 100644 cups/patches/013_cups-strict-ppd-line-length.patch
delete mode 100644 cups/patches/014_cups-logrotate.patch
delete mode 100644 cups/patches/015_cups-usb-paperout.patch
delete mode 100644 cups/patches/016_cups-res_init.patch
delete mode 100644 cups/patches/017_cups-filter-debug.patch
delete mode 100644 cups/patches/018_cups-uri-compat.patch
delete mode 100644 cups/patches/019_cups-cups-get-classes.patch
delete mode 100644 cups/patches/020_cups-str3382.patch
delete mode 100644 cups/patches/021_cups-0755.patch
delete mode 100644 cups/patches/022_cups-hp-deviceid-oid.patch
delete mode 100644 cups/patches/023_cups-dnssd-deviceid.patch
delete mode 100644 cups/patches/024_cups-ricoh-deviceid-oid.patch
delete mode 100644 cups/patches/025_cups-systemd-socket.patch
delete mode 100644 cups/patches/026_cups-lspp.patch
diff --git a/cups/cups.nm b/cups/cups.nm
index 3b5672b..5abb804 100644
--- a/cups/cups.nm
+++ b/cups/cups.nm
@@ -4,7 +4,7 @@
###############################################################################
name = cups
-version = 1.6.1
+version = 2.1.4
release = 1
groups = Applications/Printing
@@ -17,8 +17,8 @@ description
by Apple Inc. for Mac OS(R) X and other UNIX(R)-like operating systems.
end
-source_dl = http://ftp.easysw.com/pub/cups/%{version}/
-sources = %{thisapp}-source.tar.bz2
+source_dl = https://github.com/apple/cups/releases/download/release-%{version}/
+sources = %{thisapp}-source.tar.gz
build
requires
diff --git a/cups/patches/001_cups-no-gzip-man.patch b/cups/patches/001_cups-no-gzip-man.patch
deleted file mode 100644
index cabfcf1..0000000
--- a/cups/patches/001_cups-no-gzip-man.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man cups-1.6b1/config-scripts/cups-manpages.m4
---- cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man 2012-04-23 19:26:57.000000000 +0200
-+++ cups-1.6b1/config-scripts/cups-manpages.m4 2012-05-25 14:57:01.959845267 +0200
-@@ -69,10 +69,10 @@ case "$uname" in
- ;;
- Linux* | GNU* | Darwin*)
- # Linux, GNU Hurd, and OS X
-- MAN1EXT=1.gz
-- MAN5EXT=5.gz
-- MAN7EXT=7.gz
-- MAN8EXT=8.gz
-+ MAN1EXT=1
-+ MAN5EXT=5
-+ MAN7EXT=7
-+ MAN8EXT=8
- MAN8DIR=8
- ;;
- *)
diff --git a/cups/patches/002_cups-system-auth.patch b/cups/patches/002_cups-system-auth.patch
deleted file mode 100644
index 60117a9..0000000
--- a/cups/patches/002_cups-system-auth.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth
---- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
-+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200
-@@ -0,0 +1,4 @@
-+#%PAM-1.0
-+# Use password-auth common PAM configuration for the daemon
-+auth include password-auth
-+account include password-auth
-diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth
---- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200
-+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200
-@@ -0,0 +1,3 @@
-+#%PAM-1.0
-+auth include system-auth
-+account include system-auth
-diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile
---- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200
-+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200
-@@ -90,10 +90,16 @@ install-data:
- done
- -if test x$(PAMDIR) != x; then \
- $(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \
-- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
-- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
-+ if test -f /etc/pam.d/password-auth; then \
-+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \
-+ elif test -f /etc/pam.d/system-auth; then \
-+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \
- else \
-- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
-+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \
-+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \
-+ else \
-+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \
-+ fi ; \
- fi ; \
- fi
-
diff --git a/cups/patches/003_cups-multilib.patch b/cups/patches/003_cups-multilib.patch
deleted file mode 100644
index 3c6bc39..0000000
--- a/cups/patches/003_cups-multilib.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in
---- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200
-+++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200
-@@ -22,8 +22,10 @@ prefix=@prefix@
- exec_prefix=@exec_prefix@
- bindir=@bindir@
- includedir=@includedir@
--libdir=@libdir@
--imagelibdir=@libdir@
-+# Fetch libdir from gnutls's pkg-config script. This is a bit
-+# of a cheat, but the cups-devel package requires gnutls-devel anyway.
-+libdir=`pkg-config --variable=libdir gnutls`
-+imagelibdir=`pkg-config --variable=libdir gnutls`
- datarootdir=@datadir@
- datadir=@datadir@
- sysconfdir=@sysconfdir@
diff --git a/cups/patches/004_cups-banners.patch b/cups/patches/004_cups-banners.patch
deleted file mode 100644
index aa19282..0000000
--- a/cups/patches/004_cups-banners.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c
---- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200
-@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I -
- if ((ext = strrchr(dent->filename, '.')) != NULL)
- if (!strcmp(ext, ".bck") ||
- !strcmp(ext, ".bak") ||
-+ !strcmp(ext, ".rpmnew") ||
-+ !strcmp(ext, ".rpmsave") ||
- !strcmp(ext, ".sav"))
- continue;
-
diff --git a/cups/patches/005_cups-serverbin-compat.patch b/cups/patches/005_cups-serverbin-compat.patch
deleted file mode 100644
index 0ca72fd..0000000
--- a/cups/patches/005_cups-serverbin-compat.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-diff -up cups-1.5b1/scheduler/conf.c.serverbin-compat cups-1.5b1/scheduler/conf.c
---- cups-1.5b1/scheduler/conf.c.serverbin-compat 2011-05-20 06:24:54.000000000 +0200
-+++ cups-1.5b1/scheduler/conf.c 2011-05-23 17:20:33.000000000 +0200
-@@ -491,6 +491,9 @@ cupsdReadConfiguration(void)
- cupsdClearString(&ServerName);
- cupsdClearString(&ServerAdmin);
- cupsdSetString(&ServerBin, CUPS_SERVERBIN);
-+#ifdef __x86_64__
-+ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups");
-+#endif /* __x86_64__ */
- cupsdSetString(&RequestRoot, CUPS_REQUESTS);
- cupsdSetString(&CacheDir, CUPS_CACHEDIR);
- cupsdSetString(&DataDir, CUPS_DATADIR);
-@@ -1378,7 +1381,12 @@ cupsdReadConfiguration(void)
- * Read the MIME type and conversion database...
- */
-
-+#ifdef __x86_64__
-+ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin,
-+ ServerBin_compat);
-+#else
- snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
-+#endif
- snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
-
- MimeDatabase = mimeNew();
-diff -up cups-1.5b1/scheduler/conf.h.serverbin-compat cups-1.5b1/scheduler/conf.h
---- cups-1.5b1/scheduler/conf.h.serverbin-compat 2011-04-22 19:47:03.000000000 +0200
-+++ cups-1.5b1/scheduler/conf.h 2011-05-23 15:34:25.000000000 +0200
-@@ -105,6 +105,10 @@ VAR char *ConfigurationFile VALUE(NULL)
- /* Root directory for scheduler */
- *ServerBin VALUE(NULL),
- /* Root directory for binaries */
-+#ifdef __x86_64__
-+ *ServerBin_compat VALUE(NULL),
-+ /* Compat directory for binaries */
-+#endif /* __x86_64__ */
- *StateDir VALUE(NULL),
- /* Root directory for state data */
- *RequestRoot VALUE(NULL),
-diff -up cups-1.5b1/scheduler/env.c.serverbin-compat cups-1.5b1/scheduler/env.c
---- cups-1.5b1/scheduler/env.c.serverbin-compat 2011-01-11 04:48:42.000000000 +0100
-+++ cups-1.5b1/scheduler/env.c 2011-05-23 17:07:17.000000000 +0200
-@@ -218,8 +218,13 @@ cupsdUpdateEnv(void)
- set_if_undefined("LD_PRELOAD", NULL);
- set_if_undefined("NLSPATH", NULL);
- if (find_env("PATH") < 0)
-+#ifdef __x86_64__
-+ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR
-+ ":/bin:/usr/bin", ServerBin, ServerBin_compat);
-+#else /* ! defined(__x86_64__) */
- cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR
- ":/bin:/usr/bin", ServerBin);
-+#endif
- set_if_undefined("SERVER_ADMIN", ServerAdmin);
- set_if_undefined("SHLIB_PATH", NULL);
- set_if_undefined("SOFTWARE", CUPS_MINIMAL);
-diff -up cups-1.5b1/scheduler/ipp.c.serverbin-compat cups-1.5b1/scheduler/ipp.c
---- cups-1.5b1/scheduler/ipp.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/scheduler/ipp.c 2011-05-23 16:09:57.000000000 +0200
-@@ -2586,9 +2586,18 @@ add_printer(cupsd_client_t *con, /* I -
- * Could not find device in list!
- */
-
-+#ifdef __x86_64__
-+ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat,
-+ scheme);
-+ if (access(srcfile, X_OK))
-+ {
-+#endif /* __x86_64__ */
- send_ipp_status(con, IPP_NOT_POSSIBLE,
- _("Bad device-uri scheme \"%s\"."), scheme);
- return;
-+#ifdef __x86_64__
-+ }
-+#endif /* __x86_64__ */
- }
- }
-
-diff -up cups-1.5b1/scheduler/job.c.serverbin-compat cups-1.5b1/scheduler/job.c
---- cups-1.5b1/scheduler/job.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/scheduler/job.c 2011-05-23 16:18:57.000000000 +0200
-@@ -1047,8 +1047,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I
- i ++, filter = (mime_filter_t *)cupsArrayNext(filters))
- {
- if (filter->filter[0] != '/')
-- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
-- filter->filter);
-+ {
-+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
-+ filter->filter);
-+#ifdef __x86_64__
-+ if (access(command, F_OK))
-+ {
-+ snprintf(command, sizeof(command), "%s/filter/%s",
-+ ServerBin_compat, filter->filter);
-+ if (!access(command, F_OK))
-+ {
-+ /* Not in the correct directory, but found it in the compat
-+ * directory. Issue a warning. */
-+ cupsdLogMessage(CUPSD_LOG_INFO,
-+ "Filter '%s' not in %s/filter!",
-+ filter->filter, ServerBin);
-+ }
-+ else
-+ {
-+ /* Not in the compat directory either; make any error
-+ * messages use the correct directory name then. */
-+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin,
-+ filter->filter);
-+ }
-+ }
-+#endif /* __x86_64__ */
-+ }
- else
- strlcpy(command, filter->filter, sizeof(command));
-
-@@ -1199,6 +1223,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I
- {
- cupsdClosePipe(job->back_pipes);
- cupsdClosePipe(job->side_pipes);
-+#ifdef __x86_64__
-+ if (access(command, F_OK))
-+ {
-+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat,
-+ scheme);
-+ if (!access(command, F_OK))
-+ {
-+ /* Not in the correct directory, but we found it in the compat
-+ * directory. Issue a warning. */
-+ cupsdLogMessage(CUPSD_LOG_INFO,
-+ "Backend '%s' not in %s/backend!", scheme,
-+ ServerBin);
-+ }
-+ else
-+ {
-+ /* Not in the compat directory either; make any error
-+ messages use the correct directory name then. */
-+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin,
-+ scheme);
-+ }
-+ }
-+#endif /* __x86_64__ */
-
- close(job->status_pipes[1]);
- job->status_pipes[1] = -1;
-diff -up cups-1.5b1/scheduler/printers.c.serverbin-compat cups-1.5b1/scheduler/printers.c
---- cups-1.5b1/scheduler/printers.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/scheduler/printers.c 2011-05-23 17:09:04.000000000 +0200
-@@ -1030,9 +1030,19 @@ cupsdLoadAllPrinters(void)
- * Backend does not exist, stop printer...
- */
-
-+#ifdef __x86_64__
-+ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat,
-+ p->device_uri);
-+ if (access(line, 0))
-+ {
-+#endif /* __x86_64__ */
-+
- p->state = IPP_PRINTER_STOPPED;
- snprintf(p->state_message, sizeof(p->state_message),
- "Backend %s does not exist!", line);
-+#ifdef __x86_64__
-+ }
-+#endif /* __x86_64__ */
- }
- }
-
-@@ -3621,8 +3631,20 @@ add_printer_filter(
- else
- snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, program);
-
-+#ifdef __x86_64__
-+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
-+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) {
-+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat,
-+ program);
-+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
-+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING)
-+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin,
-+ program);
-+ }
-+#else /* ! defined(__x86_64__) */
- _cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
- cupsdLogFCMessage, p);
-+#endif
- }
-
- /*
diff --git a/cups/patches/006_cups-no-export-ssllibs.patch b/cups/patches/006_cups-no-export-ssllibs.patch
deleted file mode 100644
index de277d8..0000000
--- a/cups/patches/006_cups-no-export-ssllibs.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5.3/config-scripts/cups-ssl.m4
---- cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs 2012-03-21 05:45:48.000000000 +0100
-+++ cups-1.5.3/config-scripts/cups-ssl.m4 2012-05-15 16:47:13.753314620 +0200
-@@ -173,7 +173,7 @@ AC_SUBST(IPPALIASES)
- AC_SUBST(SSLFLAGS)
- AC_SUBST(SSLLIBS)
-
--EXPORT_SSLLIBS="$SSLLIBS"
-+EXPORT_SSLLIBS=""
- AC_SUBST(EXPORT_SSLLIBS)
-
- dnl
diff --git a/cups/patches/007_cups-direct-usb.patch b/cups/patches/007_cups-direct-usb.patch
deleted file mode 100644
index 4e25ce7..0000000
--- a/cups/patches/007_cups-direct-usb.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c
---- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200
-@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De
- _cups_strncasecmp(hostname, "Minolta", 7);
- #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
-
-+ if (use_bc && !strncmp(uri, "usb:/dev/", 9))
-+ use_bc = 0;
-+
- if ((device_fd = open_device(uri, &use_bc)) == -1)
- {
- if (getenv("CLASS") != NULL)
-@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev
- if (!strncmp(uri, "usb:/dev/", 9))
- #ifdef __linux
- {
-- /*
-- * Do not allow direct devices anymore...
-- */
--
-- errno = ENODEV;
-- return (-1);
-+ return (open(uri + 4, O_RDWR | O_EXCL));
- }
- else if (!strncmp(uri, "usb://", 6))
- {
diff --git a/cups/patches/008_cups-lpr-help.patch b/cups/patches/008_cups-lpr-help.patch
deleted file mode 100644
index c42434d..0000000
--- a/cups/patches/008_cups-lpr-help.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -up cups-1.5b1/berkeley/lpr.c.lpr-help cups-1.5b1/berkeley/lpr.c
---- cups-1.5b1/berkeley/lpr.c.lpr-help 2011-03-21 23:02:00.000000000 +0100
-+++ cups-1.5b1/berkeley/lpr.c 2011-05-23 17:58:06.000000000 +0200
-@@ -24,6 +24,31 @@
- #include <cups/cups-private.h>
-
-
-+static void
-+usage (const char *name)
-+{
-+ _cupsLangPrintf(stdout,
-+"Usage: %s [OPTION] [ file(s) ]\n"
-+"Print files.\n\n"
-+" -E force encryption\n"
-+" -H server[:port] specify alternate server\n"
-+" -C title, -J title, -T title\n"
-+" set the job name\n\n"
-+" -P destination/instance print to named printer\n"
-+" -U username specify alternate username\n"
-+" -# num-copies set number of copies\n"
-+" -h disable banner printing\n"
-+" -l print without filtering\n"
-+" -m send email on completion\n"
-+" -o option[=value] set a job option\n"
-+" -p format text file with header\n"
-+" -q hold job for printing\n"
-+" -r delete files after printing\n"
-+"\nWith no file given, read standard input.\n"
-+, name);
-+}
-+
-+
- /*
- * 'main()' - Parse options and send files for printing.
- */
-@@ -270,6 +294,12 @@ main(int argc, /* I - Number of comm
- break;
-
- default :
-+ if (!strcmp (argv[i], "--help"))
-+ {
-+ usage (argv[0]);
-+ return (0);
-+ }
-+
- _cupsLangPrintf(stderr,
- _("%s: Error - unknown option \"%c\"."), argv[0],
- argv[i][1]);
diff --git a/cups/patches/009_cups-peercred.patch b/cups/patches/009_cups-peercred.patch
deleted file mode 100644
index a106abb..0000000
--- a/cups/patches/009_cups-peercred.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c
---- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200
-@@ -52,6 +52,7 @@
- * Include necessary headers...
- */
-
-+#define _GNU_SOURCE
- #include "cupsd.h"
- #include <grp.h>
- #ifdef HAVE_SHADOW_H
diff --git a/cups/patches/010_cups-pid.patch b/cups/patches/010_cups-pid.patch
deleted file mode 100644
index 23ffd47..0000000
--- a/cups/patches/010_cups-pid.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c
---- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200
-+++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200
-@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm
- * Setup signal handlers for the parent...
- */
-
-+ pid_t pid;
-+
- #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */
- sigset(SIGUSR1, parent_handler);
- sigset(SIGCHLD, parent_handler);
-@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm
- signal(SIGHUP, SIG_IGN);
- #endif /* HAVE_SIGSET */
-
-- if (fork() > 0)
-+ if ((pid = fork()) > 0)
- {
- /*
- * OK, wait for the child to startup and send us SIGUSR1 or to crash
-@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm
- sleep(1);
-
- if (parent_signal == SIGUSR1)
-+ {
-+ FILE *f = fopen ("/var/run/cupsd.pid", "w");
-+ if (f)
-+ {
-+ fprintf (f, "%d\n", pid);
-+ fclose (f);
-+ }
- return (0);
-+ }
-
- if (wait(&i) < 0)
- {
diff --git a/cups/patches/011_cups-eggcups.patch b/cups/patches/011_cups-eggcups.patch
deleted file mode 100644
index 981d920..0000000
--- a/cups/patches/011_cups-eggcups.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-diff -up cups-1.5.3/backend/ipp.c.eggcups cups-1.5.3/backend/ipp.c
---- cups-1.5.3/backend/ipp.c.eggcups 2012-05-05 01:00:01.000000000 +0200
-+++ cups-1.5.3/backend/ipp.c 2012-05-15 16:50:41.142868986 +0200
-@@ -138,6 +138,70 @@ static cups_array_t *state_reasons; /* A
- static char tmpfilename[1024] = "";
- /* Temporary spool file name */
-
-+#if HAVE_DBUS
-+#include <dbus/dbus.h>
-+
-+static DBusConnection *dbus_connection = NULL;
-+
-+static int
-+init_dbus (void)
-+{
-+ DBusConnection *connection;
-+ DBusError error;
-+
-+ if (dbus_connection &&
-+ !dbus_connection_get_is_connected (dbus_connection)) {
-+ dbus_connection_unref (dbus_connection);
-+ dbus_connection = NULL;
-+ }
-+
-+ dbus_error_init (&error);
-+ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error);
-+ if (connection == NULL) {
-+ dbus_error_free (&error);
-+ return -1;
-+ }
-+
-+ dbus_connection = connection;
-+ return 0;
-+}
-+
-+int
-+dbus_broadcast_queued_remote (const char *printer_uri,
-+ ipp_status_t status,
-+ unsigned int local_job_id,
-+ unsigned int remote_job_id,
-+ const char *username,
-+ const char *printer_name)
-+{
-+ DBusMessage *message;
-+ DBusMessageIter iter;
-+ const char *errstr;
-+
-+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) {
-+ if (init_dbus () || !dbus_connection)
-+ return -1;
-+ }
-+
-+ errstr = ippErrorString (status);
-+ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler",
-+ "com.redhat.PrinterSpooler",
-+ "JobQueuedRemote");
-+ dbus_message_iter_init_append (message, &iter);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username);
-+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name);
-+
-+ dbus_connection_send (dbus_connection, message, NULL);
-+ dbus_connection_flush (dbus_connection);
-+ dbus_message_unref (message);
-+
-+ return 0;
-+}
-+#endif /* HAVE_DBUS */
-
- /*
- * Local functions...
-@@ -1520,6 +1584,15 @@ main(int argc, /* I - Number of comm
- _("Print file accepted - job ID %d."), job_id);
- }
-
-+#if HAVE_DBUS
-+ dbus_broadcast_queued_remote (argv[0],
-+ ipp_status,
-+ atoi (argv[1]),
-+ job_id,
-+ argv[2],
-+ getenv ("PRINTER"));
-+#endif /* HAVE_DBUS */
-+
- fprintf(stderr, "DEBUG: job-id=%d\n", job_id);
- ippDelete(response);
-
-diff -up cups-1.5.3/backend/Makefile.eggcups cups-1.5.3/backend/Makefile
---- cups-1.5.3/backend/Makefile.eggcups 2012-04-23 19:42:12.000000000 +0200
-+++ cups-1.5.3/backend/Makefile 2012-05-15 16:48:17.253871982 +0200
-@@ -212,7 +212,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac
-
- ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a
- echo Linking $@...
-- $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS)
-+ $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS)
- $(RM) http
- $(LN) ipp http
-
-diff -up cups-1.5.3/scheduler/subscriptions.c.eggcups cups-1.5.3/scheduler/subscriptions.c
---- cups-1.5.3/scheduler/subscriptions.c.eggcups 2012-02-12 06:48:09.000000000 +0100
-+++ cups-1.5.3/scheduler/subscriptions.c 2012-05-15 16:48:17.253871982 +0200
-@@ -1314,13 +1314,13 @@ cupsd_send_dbus(cupsd_eventmask_t event,
- what = "PrinterAdded";
- else if (event & CUPSD_EVENT_PRINTER_DELETED)
- what = "PrinterRemoved";
-- else if (event & CUPSD_EVENT_PRINTER_CHANGED)
-- what = "QueueChanged";
- else if (event & CUPSD_EVENT_JOB_CREATED)
- what = "JobQueuedLocal";
- else if ((event & CUPSD_EVENT_JOB_STATE) && job &&
- job->state_value == IPP_JOB_PROCESSING)
- what = "JobStartedLocal";
-+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED))
-+ what = "QueueChanged";
- else
- return;
-
-@@ -1356,7 +1356,7 @@ cupsd_send_dbus(cupsd_eventmask_t event,
- dbus_message_append_iter_init(message, &iter);
- if (dest)
- dbus_message_iter_append_string(&iter, dest->name);
-- if (job)
-+ if (job && strcmp (what, "QueueChanged") != 0)
- {
- dbus_message_iter_append_uint32(&iter, job->id);
- dbus_message_iter_append_string(&iter, job->username);
diff --git a/cups/patches/012_cups-driverd-timeout.patch b/cups/patches/012_cups-driverd-timeout.patch
deleted file mode 100644
index cb9e5cf..0000000
--- a/cups/patches/012_cups-driverd-timeout.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up cups-1.5.0/scheduler/ipp.c.driverd-timeout cups-1.5.0/scheduler/ipp.c
---- cups-1.5.0/scheduler/ipp.c.driverd-timeout 2011-10-10 17:03:41.801690962 +0100
-+++ cups-1.5.0/scheduler/ipp.c 2011-10-10 17:03:41.861689834 +0100
-@@ -5723,7 +5723,7 @@ copy_model(cupsd_client_t *con, /* I -
- close(temppipe[1]);
-
- /*
-- * Wait up to 30 seconds for the PPD file to be copied...
-+ * Wait up to 70 seconds for the PPD file to be copied...
- */
-
- total = 0;
-@@ -5743,7 +5743,7 @@ copy_model(cupsd_client_t *con, /* I -
- FD_SET(temppipe[0], &input);
- FD_SET(CGIPipes[0], &input);
-
-- timeout.tv_sec = 30;
-+ timeout.tv_sec = 70;
- timeout.tv_usec = 0;
-
- if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0)
diff --git a/cups/patches/013_cups-strict-ppd-line-length.patch b/cups/patches/013_cups-strict-ppd-line-length.patch
deleted file mode 100644
index b2697ec..0000000
--- a/cups/patches/013_cups-strict-ppd-line-length.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -up cups-1.5b1/cups/ppd.c.strict-ppd-line-length cups-1.5b1/cups/ppd.c
---- cups-1.5b1/cups/ppd.c.strict-ppd-line-length 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/cups/ppd.c 2011-05-24 15:46:13.000000000 +0200
-@@ -2786,7 +2786,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
- *lineptr++ = ch;
- col ++;
-
-- if (col > (PPD_MAX_LINE - 1))
-+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT)
- {
- /*
- * Line is too long...
-@@ -2847,7 +2847,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
- {
- col ++;
-
-- if (col > (PPD_MAX_LINE - 1))
-+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT)
- {
- /*
- * Line is too long...
-@@ -2906,7 +2906,7 @@ ppd_read(cups_file_t *fp, /* I - Fil
- {
- col ++;
-
-- if (col > (PPD_MAX_LINE - 1))
-+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT)
- {
- /*
- * Line is too long...
diff --git a/cups/patches/014_cups-logrotate.patch b/cups/patches/014_cups-logrotate.patch
deleted file mode 100644
index a6485a9..0000000
--- a/cups/patches/014_cups-logrotate.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff -up cups-1.5b1/scheduler/log.c.logrotate cups-1.5b1/scheduler/log.c
---- cups-1.5b1/scheduler/log.c.logrotate 2011-05-14 01:04:16.000000000 +0200
-+++ cups-1.5b1/scheduler/log.c 2011-05-24 15:47:20.000000000 +0200
-@@ -32,6 +32,9 @@
- #include "cupsd.h"
- #include <stdarg.h>
- #include <syslog.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-
-
- /*
-@@ -71,12 +74,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I
- return (1);
-
- /*
-- * Format the filename as needed...
-+ * Format the filename...
- */
-
-- if (!*lf ||
-- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize &&
-- MaxLogSize > 0))
-+ if (strncmp(logname, "/dev/", 5))
- {
- /*
- * Handle format strings...
-@@ -186,6 +187,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I
- }
-
- /*
-+ * Has someone else (i.e. logrotate) already rotated the log for us?
-+ */
-+ else if (strncmp(filename, "/dev/", 5))
-+ {
-+ struct stat st;
-+ if (stat(filename, &st) || st.st_size == 0)
-+ {
-+ /* File is either missing or has zero size. */
-+
-+ cupsFileClose(*lf);
-+ if ((*lf = cupsFileOpen(filename, "a")) == NULL)
-+ {
-+ syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename,
-+ strerror(errno));
-+
-+ return (0);
-+ }
-+
-+ /*
-+ * Change ownership and permissions of non-device logs...
-+ */
-+
-+ fchown(cupsFileNumber(*lf), RunUser, Group);
-+ fchmod(cupsFileNumber(*lf), LogFilePerm);
-+ }
-+ }
-+
-+ /*
- * Do we need to rotate the log?
- */
-
diff --git a/cups/patches/015_cups-usb-paperout.patch b/cups/patches/015_cups-usb-paperout.patch
deleted file mode 100644
index f1f73f0..0000000
--- a/cups/patches/015_cups-usb-paperout.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c
---- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200
-+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200
-@@ -30,6 +30,11 @@
-
- #include <sys/select.h>
-
-+#ifdef __linux
-+#include <sys/ioctl.h>
-+#include <linux/lp.h>
-+#endif /* __linux */
-+
-
- /*
- * Local functions...
-@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev
- if (!strncmp(uri, "usb:/dev/", 9))
- #ifdef __linux
- {
-- return (open(uri + 4, O_RDWR | O_EXCL));
-+ fd = open(uri + 4, O_RDWR | O_EXCL);
-+
-+ if (fd != -1)
-+ {
-+ /*
-+ * Tell the driver to return from write() with errno==ENOSPACE
-+ * on paper-out.
-+ */
-+ unsigned int t = 1;
-+ ioctl (fd, LPABORT, &t);
-+ }
-+
-+ return fd;
- }
- else if (!strncmp(uri, "usb://", 6))
- {
-@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev
- if (!strcmp(uri, device_uri))
- {
- /*
-- * Yes, return this file descriptor...
-+ * Yes, tell the driver to return from write() with
-+ * errno==ENOSPACE on paper-out.
-+ */
-+ unsigned int t = 1;
-+ ioctl (fd, LPABORT, &t);
-+
-+ /*
-+ * Return this file descriptor...
- */
-
- fprintf(stderr, "DEBUG: Printer using device file \"%s\"...\n",
diff --git a/cups/patches/016_cups-res_init.patch b/cups/patches/016_cups-res_init.patch
deleted file mode 100644
index 94a81a4..0000000
--- a/cups/patches/016_cups-res_init.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -up cups-1.6b1/cups/http-addr.c.res_init cups-1.6b1/cups/http-addr.c
---- cups-1.6b1/cups/http-addr.c.res_init 2012-05-17 00:57:03.000000000 +0200
-+++ cups-1.6b1/cups/http-addr.c 2012-05-25 15:51:51.323916352 +0200
-@@ -254,7 +254,8 @@ httpAddrLookup(
-
- if (error)
- {
-- if (error == EAI_FAIL)
-+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA ||
-+ error == EAI_NONAME)
- cg->need_res_init = 1;
-
- return (httpAddrString(addr, name, namelen));
-diff -up cups-1.6b1/cups/http-addrlist.c.res_init cups-1.6b1/cups/http-addrlist.c
---- cups-1.6b1/cups/http-addrlist.c.res_init 2012-04-23 19:26:57.000000000 +0200
-+++ cups-1.6b1/cups/http-addrlist.c 2012-05-25 16:05:05.930377452 +0200
-@@ -540,7 +540,8 @@ httpAddrGetList(const char *hostname, /*
- }
- else
- {
-- if (error == EAI_FAIL)
-+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA ||
-+ error == EAI_NONAME)
- cg->need_res_init = 1;
-
- _cupsSetError(IPP_INTERNAL_ERROR, gai_strerror(error), 0);
diff --git a/cups/patches/017_cups-filter-debug.patch b/cups/patches/017_cups-filter-debug.patch
deleted file mode 100644
index 96c82da..0000000
--- a/cups/patches/017_cups-filter-debug.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c
---- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200
-+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200
-@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I
-
- if (!filters)
- {
-+ mime_filter_t *current;
-+
- cupsdLogJob(job, CUPSD_LOG_ERROR,
- "Unable to convert file %d to printable format.",
- job->current_file);
-
-+ cupsdLogJob(job, CUPSD_LOG_ERROR,
-+ "Required: %s/%s -> %s/%s",
-+ job->filetypes[job->current_file]->super,
-+ job->filetypes[job->current_file]->type,
-+ job->printer->filetype->super,
-+ job->printer->filetype->type);
-+
-+ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs);
-+ current;
-+ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs))
-+ cupsdLogJob(job, CUPSD_LOG_ERROR,
-+ "Available: %s/%s -> %s/%s (%s)",
-+ current->src->super, current->src->type,
-+ current->dst->super, current->dst->type,
-+ current->filter);
-+
- abort_message = "Aborting job because it cannot be printed.";
- abort_state = IPP_JOB_ABORTED;
-
diff --git a/cups/patches/018_cups-uri-compat.patch b/cups/patches/018_cups-uri-compat.patch
deleted file mode 100644
index 2520a5b..0000000
--- a/cups/patches/018_cups-uri-compat.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c
---- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200
-+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200
-@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De
- int device_fd; /* USB device */
- ssize_t tbytes; /* Total number of bytes written */
- struct termios opts; /* Parallel port options */
-+ char *fixed_uri = strdup (uri);
-+ char *p;
-
-
- (void)argc;
- (void)argv;
-
-+ p = strchr (fixed_uri, ':');
-+ if (p++ != NULL)
-+ {
-+ char *e;
-+ p += strspn (p, "/");
-+ e = strchr (p, '/');
-+ if (e > p)
-+ {
-+ size_t mfrlen = e - p;
-+ e++;
-+ if (!strncasecmp (e, p, mfrlen))
-+ {
-+ char *x = e + mfrlen;
-+ if (!strncmp (x, "%20", 3))
-+ /* Take mfr name out of mdl name for compatibility with
-+ * Fedora 11 before bug #507244 was fixed. */
-+ strcpy (e, x + 3); puts(fixed_uri);
-+ }
-+ }
-+ }
-+
- /*
- * Open the USB port device...
- */
-@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De
- _cups_strncasecmp(hostname, "Minolta", 7);
- #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */
-
-- if (use_bc && !strncmp(uri, "usb:/dev/", 9))
-+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9))
- use_bc = 0;
-
-- if ((device_fd = open_device(uri, &use_bc)) == -1)
-+ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1)
- {
- if (getenv("CLASS") != NULL)
- {
diff --git a/cups/patches/019_cups-cups-get-classes.patch b/cups/patches/019_cups-cups-get-classes.patch
deleted file mode 100644
index b0ffe1c..0000000
--- a/cups/patches/019_cups-cups-get-classes.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-diff -up cups-1.5.0/cups/dest.c.cups-get-classes cups-1.5.0/cups/dest.c
---- cups-1.5.0/cups/dest.c.cups-get-classes 2011-05-20 04:49:49.000000000 +0100
-+++ cups-1.5.0/cups/dest.c 2011-09-14 12:10:05.111635428 +0100
-@@ -534,6 +534,7 @@ _cupsGetDests(http_t *http, /* I -
- char uri[1024]; /* printer-uri value */
- int num_options; /* Number of options */
- cups_option_t *options; /* Options */
-+ int get_classes; /* Whether we need to fetch class */
- #ifdef __APPLE__
- char media_default[41]; /* Default paper size */
- #endif /* __APPLE__ */
-@@ -590,6 +591,8 @@ _cupsGetDests(http_t *http, /* I -
- * printer-uri [for IPP_GET_PRINTER_ATTRIBUTES]
- */
-
-+ get_classes = (op == CUPS_GET_PRINTERS);
-+
- request = ippNewRequest(op);
-
- ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD,
-@@ -647,6 +650,23 @@ _cupsGetDests(http_t *http, /* I -
- attr->value_tag != IPP_TAG_URI)
- continue;
-
-+ if (get_classes &&
-+
-+ /* Is this a class? */
-+ ((attr->value_tag == IPP_TAG_ENUM &&
-+ !strcmp(attr->name, "printer-type") &&
-+ (attr->values[0].integer & CUPS_PRINTER_CLASS)) ||
-+
-+ /* Or, is this an attribute from CUPS 1.2 or later? */
-+ !strcmp(attr->name, "auth-info-required") ||
-+ !strncmp(attr->name, "marker-", 7) ||
-+ !strcmp(attr->name, "printer-commands") ||
-+ !strcmp(attr->name, "printer-is-shared")))
-+ /* We are talking to a recent enough CUPS server that
-+ * CUPS_GET_PRINTERS returns classes as well.
-+ */
-+ get_classes = 0;
-+
- if (!strcmp(attr->name, "auth-info-required") ||
- !strcmp(attr->name, "device-uri") ||
- !strcmp(attr->name, "marker-change-time") ||
-@@ -738,6 +758,28 @@ _cupsGetDests(http_t *http, /* I -
- continue;
- }
-
-+ /*
-+ * If we sent a CUPS_GET_CLASSES request, check whether
-+ * CUPS_GET_PRINTERS already gave us this destination and exit
-+ * early if so.
-+ */
-+
-+ if (op == CUPS_GET_CLASSES && num_dests > 0)
-+ {
-+ int diff;
-+ cups_find_dest (printer_name, NULL, num_dests, *dests, 0, &diff);
-+ if (diff == 0)
-+ {
-+ /*
-+ * Found it. The CUPS server already gave us the classes in
-+ * its CUPS_GET_PRINTERS response.
-+ */
-+
-+ cupsFreeOptions(num_options, options);
-+ break;
-+ }
-+ }
-+
- if ((dest = cups_add_dest(printer_name, NULL, &num_dests, dests)) != NULL)
- {
- dest->num_options = num_options;
-@@ -754,6 +796,15 @@ _cupsGetDests(http_t *http, /* I -
- }
-
- /*
-+ * If this is a CUPS_GET_PRINTERS request but we didn't see any
-+ * classes we might be talking to an older CUPS server that requires
-+ * CUPS_GET_CLASSES as well.
-+ */
-+
-+ if (get_classes)
-+ num_dests = _cupsGetDests (http, CUPS_GET_CLASSES, name, dests, 0, 0);
-+
-+ /*
- * Return the count...
- */
-
diff --git a/cups/patches/020_cups-str3382.patch b/cups/patches/020_cups-str3382.patch
deleted file mode 100644
index 2e8736d..0000000
--- a/cups/patches/020_cups-str3382.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-diff -up cups-1.5b1/cups/tempfile.c.str3382 cups-1.5b1/cups/tempfile.c
---- cups-1.5b1/cups/tempfile.c.str3382 2010-03-24 01:45:34.000000000 +0100
-+++ cups-1.5b1/cups/tempfile.c 2011-05-24 16:04:47.000000000 +0200
-@@ -33,6 +33,7 @@
- # include <io.h>
- #else
- # include <unistd.h>
-+# include <sys/types.h>
- #endif /* WIN32 || __EMX__ */
-
-
-@@ -54,7 +55,7 @@ cupsTempFd(char *filename, /* I - Point
- char tmppath[1024]; /* Windows temporary directory */
- DWORD curtime; /* Current time */
- #else
-- struct timeval curtime; /* Current time */
-+ mode_t old_umask; /* Old umask before using mkstemp() */
- #endif /* WIN32 */
-
-
-@@ -105,33 +106,25 @@ cupsTempFd(char *filename, /* I - Point
-
- snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir,
- GetCurrentProcessId(), curtime);
--#else
-- /*
-- * Get the current time of day...
-- */
--
-- gettimeofday(&curtime, NULL);
--
-- /*
-- * Format a string using the hex time values...
-- */
--
-- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(),
-- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries));
--#endif /* WIN32 */
-
- /*
- * Open the file in "exclusive" mode, making sure that we don't
- * stomp on an existing file or someone's symlink crack...
- */
-
--#ifdef WIN32
- fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
- _S_IREAD | _S_IWRITE);
--#elif defined(O_NOFOLLOW)
-- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
- #else
-- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
-+
-+ /*
-+ * Use the standard mkstemp() call to make a temporary filename
-+ * securely. -- andrew.wood(a)jdplc.com
-+ */
-+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir);
-+
-+ old_umask = umask(0077);
-+ fd = mkstemp(filename);
-+ umask(old_umask);
- #endif /* WIN32 */
-
- if (fd < 0 && errno != EEXIST)
diff --git a/cups/patches/021_cups-0755.patch b/cups/patches/021_cups-0755.patch
deleted file mode 100644
index b0df3a0..0000000
--- a/cups/patches/021_cups-0755.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up cups-1.6b1/Makedefs.in.0755 cups-1.6b1/Makedefs.in
---- cups-1.6b1/Makedefs.in.0755 2012-05-23 01:58:31.000000000 +0200
-+++ cups-1.6b1/Makedefs.in 2012-05-25 16:09:40.545463214 +0200
-@@ -40,14 +40,14 @@ SHELL = /bin/sh
- # Installation programs...
- #
-
--INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@
-+INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@
- INSTALL_COMPDATA = $(INSTALL) -c -m 444 @INSTALL_GZIP@
- INSTALL_CONFIG = $(INSTALL) -c -m @CUPS_CONFIG_FILE_PERM@
- INSTALL_DATA = $(INSTALL) -c -m 444
- INSTALL_DIR = $(INSTALL) -d
--INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@
-+INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@
- INSTALL_MAN = $(INSTALL) -c -m 444
--INSTALL_SCRIPT = $(INSTALL) -c -m 555
-+INSTALL_SCRIPT = $(INSTALL) -c -m 755
-
- #
- # Default user, group, and system groups for the scheduler...
diff --git a/cups/patches/022_cups-hp-deviceid-oid.patch b/cups/patches/022_cups-hp-deviceid-oid.patch
deleted file mode 100644
index da5136a..0000000
--- a/cups/patches/022_cups-hp-deviceid-oid.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c
---- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200
-@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p
- static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 };
- static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 };
- static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 };
-+static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 };
- static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 };
- static cups_array_t *DeviceURIs = NULL;
- static int HostNameLookups = 0;
-@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP
- _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
- packet.community, CUPS_ASN1_GET_REQUEST,
- DEVICE_PRODUCT, XeroxProductOID);
-+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
-+ packet.community, CUPS_ASN1_GET_REQUEST,
-+ DEVICE_ID, HPDeviceIdOID);
- break;
-
- case DEVICE_DESCRIPTION :
diff --git a/cups/patches/023_cups-dnssd-deviceid.patch b/cups/patches/023_cups-dnssd-deviceid.patch
deleted file mode 100644
index b3c2b8e..0000000
--- a/cups/patches/023_cups-dnssd-deviceid.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -up cups-1.6b1/backend/dnssd.c.dnssd-deviceid cups-1.6b1/backend/dnssd.c
---- cups-1.6b1/backend/dnssd.c.dnssd-deviceid 2012-05-21 18:05:58.000000000 +0200
-+++ cups-1.6b1/backend/dnssd.c 2012-05-25 16:27:49.226874427 +0200
-@@ -1181,15 +1181,22 @@ query_callback(
- if (device->device_id)
- free(device->device_id);
-
-+ if (device_id[0])
-+ {
-+ /* Mark this as the real device ID. */
-+ ptr = device_id + strlen(device_id);
-+ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;");
-+ }
-+
- if (!device_id[0] && strcmp(model, "Unknown"))
- {
- if (make_and_model[0])
-- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;",
-+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;",
- make_and_model, model);
- else if (!_cups_strncasecmp(model, "designjet ", 10))
-- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s", model + 10);
-+ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model + 10);
- else if (!_cups_strncasecmp(model, "stylus ", 7))
-- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s", model + 7);
-+ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", model + 7);
- else if ((ptr = strchr(model, ' ')) != NULL)
- {
- /*
-@@ -1199,7 +1206,7 @@ query_callback(
- memcpy(make_and_model, model, ptr - model);
- make_and_model[ptr - model] = '\0';
-
-- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s",
-+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;",
- make_and_model, ptr + 1);
- }
- }
diff --git a/cups/patches/024_cups-ricoh-deviceid-oid.patch b/cups/patches/024_cups-ricoh-deviceid-oid.patch
deleted file mode 100644
index c148f95..0000000
--- a/cups/patches/024_cups-ricoh-deviceid-oid.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c
---- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200
-+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200
-@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = {
- static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 };
- static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 };
- static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 };
-+static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 };
- static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 };
- static cups_array_t *DeviceURIs = NULL;
- static int HostNameLookups = 0;
-@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP
- packet.community, CUPS_ASN1_GET_REQUEST,
- DEVICE_ID, LexmarkDeviceIdOID);
- _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
-+ packet.community, CUPS_ASN1_GET_REQUEST,
-+ DEVICE_ID, RicohDeviceIdOID);
-+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
- packet.community, CUPS_ASN1_GET_REQUEST,
- DEVICE_PRODUCT, XeroxProductOID);
- _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1,
diff --git a/cups/patches/025_cups-systemd-socket.patch b/cups/patches/025_cups-systemd-socket.patch
deleted file mode 100644
index 83fabdb..0000000
--- a/cups/patches/025_cups-systemd-socket.patch
+++ /dev/null
@@ -1,395 +0,0 @@
-diff -up cups-1.6b1/config.h.in.systemd-socket cups-1.6b1/config.h.in
---- cups-1.6b1/config.h.in.systemd-socket 2012-05-17 00:57:03.000000000 +0200
-+++ cups-1.6b1/config.h.in 2012-05-28 11:16:35.657250584 +0200
-@@ -506,6 +506,13 @@
-
-
- /*
-+ * Do we have systemd support?
-+ */
-+
-+#undef HAVE_SYSTEMD
-+
-+
-+/*
- * Various scripting languages...
- */
-
-diff -up cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket cups-1.6b1/config-scripts/cups-systemd.m4
---- cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket 2012-05-28 11:16:35.658250577 +0200
-+++ cups-1.6b1/config-scripts/cups-systemd.m4 2012-05-28 11:16:35.658250577 +0200
-@@ -0,0 +1,36 @@
-+dnl
-+dnl "$Id$"
-+dnl
-+dnl systemd stuff for CUPS.
-+
-+dnl Find whether systemd is available
-+
-+SDLIBS=""
-+AC_ARG_WITH([systemdsystemunitdir],
-+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
-+ [], [with_systemdsystemunitdir=$($PKGCONFIG --variable=systemdsystemunitdir systemd)])
-+if test "x$with_systemdsystemunitdir" != xno; then
-+ AC_MSG_CHECKING(for libsystemd-daemon)
-+ if $PKGCONFIG --exists libsystemd-daemon; then
-+ AC_MSG_RESULT(yes)
-+ SDCFLAGS=`$PKGCONFIG --cflags libsystemd-daemon`
-+ SDLIBS=`$PKGCONFIG --libs libsystemd-daemon`
-+ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
-+ AC_DEFINE(HAVE_SYSTEMD)
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+fi
-+
-+if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ; then
-+ SYSTEMD_UNITS="cups.service cups.socket cups.path"
-+else
-+ SYSTEMD_UNITS=""
-+fi
-+
-+AC_SUBST(SYSTEMD_UNITS)
-+AC_SUBST(SDLIBS)
-+
-+dnl
-+dnl "$Id$"
-+dnl
-diff -up cups-1.6b1/configure.in.systemd-socket cups-1.6b1/configure.in
---- cups-1.6b1/configure.in.systemd-socket 2012-04-23 19:26:57.000000000 +0200
-+++ cups-1.6b1/configure.in 2012-05-28 11:16:35.658250577 +0200
-@@ -33,6 +33,7 @@ sinclude(config-scripts/cups-pam.m4)
- sinclude(config-scripts/cups-largefile.m4)
- sinclude(config-scripts/cups-dnssd.m4)
- sinclude(config-scripts/cups-launchd.m4)
-+sinclude(config-scripts/cups-systemd.m4)
- sinclude(config-scripts/cups-defaults.m4)
- sinclude(config-scripts/cups-scripting.m4)
-
-@@ -66,6 +67,9 @@ AC_OUTPUT(Makedefs
- conf/snmp.conf
- cups-config
- data/testprint
-+ data/cups.service
-+ data/cups.socket
-+ data/cups.path
- desktop/cups.desktop
- doc/help/ref-cupsd-conf.html
- doc/help/standard.html
-diff -up cups-1.6b1/cups/usersys.c.systemd-socket cups-1.6b1/cups/usersys.c
---- cups-1.6b1/cups/usersys.c.systemd-socket 2012-04-23 19:26:57.000000000 +0200
-+++ cups-1.6b1/cups/usersys.c 2012-05-28 11:16:35.659250570 +0200
-@@ -975,7 +975,7 @@ cups_read_client_conf(
- struct stat sockinfo; /* Domain socket information */
-
- if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
-- (sockinfo.st_mode & S_IRWXO) == S_IRWXO)
-+ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH))
- cups_server = CUPS_DEFAULT_DOMAINSOCKET;
- else
- #endif /* CUPS_DEFAULT_DOMAINSOCKET */
-diff -up cups-1.6b1/data/cups.path.in.systemd-socket cups-1.6b1/data/cups.path.in
---- cups-1.6b1/data/cups.path.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200
-+++ cups-1.6b1/data/cups.path.in 2012-05-28 11:16:35.659250570 +0200
-@@ -0,0 +1,8 @@
-+[Unit]
-+Description=CUPS Printer Service Spool
-+
-+[Path]
-+PathExistsGlob=@CUPS_REQUESTS@/d*
-+
-+[Install]
-+WantedBy=multi-user.target
-diff -up cups-1.6b1/data/cups.service.in.systemd-socket cups-1.6b1/data/cups.service.in
---- cups-1.6b1/data/cups.service.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200
-+++ cups-1.6b1/data/cups.service.in 2012-05-28 11:16:35.659250570 +0200
-@@ -0,0 +1,10 @@
-+[Unit]
-+Description=CUPS Printing Service
-+
-+[Service]
-+ExecStart=@sbindir@/cupsd -f
-+PrivateTmp=true
-+
-+[Install]
-+Also=cups.socket cups.path
-+WantedBy=printer.target
-diff -up cups-1.6b1/data/cups.socket.in.systemd-socket cups-1.6b1/data/cups.socket.in
---- cups-1.6b1/data/cups.socket.in.systemd-socket 2012-05-28 11:16:35.660250563 +0200
-+++ cups-1.6b1/data/cups.socket.in 2012-05-28 11:16:35.660250563 +0200
-@@ -0,0 +1,8 @@
-+[Unit]
-+Description=CUPS Printing Service Sockets
-+
-+[Socket]
-+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
-+
-+[Install]
-+WantedBy=sockets.target
-diff -up cups-1.6b1/data/Makefile.systemd-socket cups-1.6b1/data/Makefile
---- cups-1.6b1/data/Makefile.systemd-socket 2011-08-27 11:23:01.000000000 +0200
-+++ cups-1.6b1/data/Makefile 2012-05-28 11:16:35.660250563 +0200
-@@ -100,6 +100,12 @@ install-data:
- $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \
- done
- $(INSTALL_DIR) -m 755 $(DATADIR)/profiles
-+ if test "x$(SYSTEMD_UNITS)" != "x" ; then \
-+ $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \
-+ for file in $(SYSTEMD_UNITS); do \
-+ $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \
-+ done; \
-+ fi
-
-
- #
-@@ -143,6 +149,9 @@ uninstall:
- -$(RMDIR) $(DATADIR)/data
- -$(RMDIR) $(DATADIR)/banners
- -$(RMDIR) $(DATADIR)
-+ for file in $(SYSTEMD_UNITS); do \
-+ $(RM) $(SYSTEMDUNITDIR)/$$file; \
-+ done
-
-
- #
-diff -up cups-1.6b1/Makedefs.in.systemd-socket cups-1.6b1/Makedefs.in
---- cups-1.6b1/Makedefs.in.systemd-socket 2012-05-28 11:16:35.648250647 +0200
-+++ cups-1.6b1/Makedefs.in 2012-05-28 11:16:35.660250563 +0200
-@@ -134,11 +134,13 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
- CXXLIBS = @CXXLIBS@
- DBUS_NOTIFIER = @DBUS_NOTIFIER@
- DBUS_NOTIFIERLIBS = @DBUS_NOTIFIERLIBS@
-+SYSTEMD_UNITS = @SYSTEMD_UNITS@
- DNSSD_BACKEND = @DNSSD_BACKEND@
- DSOFLAGS = -L../cups @DSOFLAGS@
- DSOLIBS = @DSOLIBS@ $(COMMONLIBS)
- DNSSDLIBS = @DNSSDLIBS@
- LAUNCHDLIBS = @LAUNCHDLIBS@
-+SDLIBS = @SDLIBS@
- LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \
- -L../scheduler @LDARCHFLAGS@ \
- @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
-@@ -229,6 +231,7 @@ PAMFILE = @PAMFILE@
-
- DEFAULT_LAUNCHD_CONF = @DEFAULT_LAUNCHD_CONF@
- DBUSDIR = @DBUSDIR@
-+SYSTEMDUNITDIR = $(BUILDROOT)@systemdsystemunitdir@
-
-
- #
-diff -up cups-1.6b1/scheduler/client.h.systemd-socket cups-1.6b1/scheduler/client.h
---- cups-1.6b1/scheduler/client.h.systemd-socket 2012-03-22 21:30:20.000000000 +0100
-+++ cups-1.6b1/scheduler/client.h 2012-05-28 11:16:35.661250556 +0200
-@@ -77,6 +77,9 @@ typedef struct
- int fd; /* File descriptor for this server */
- http_addr_t address; /* Bind address of socket */
- http_encryption_t encryption; /* To encrypt or not to encrypt... */
-+#ifdef HAVE_SYSTEMD
-+ int is_systemd; /* Is this a systemd socket? */
-+#endif /* HAVE_SYSTEMD */
- } cupsd_listener_t;
-
-
-diff -up cups-1.6b1/scheduler/listen.c.systemd-socket cups-1.6b1/scheduler/listen.c
---- cups-1.6b1/scheduler/listen.c.systemd-socket 2011-04-16 01:38:13.000000000 +0200
-+++ cups-1.6b1/scheduler/listen.c 2012-05-28 11:16:35.661250556 +0200
-@@ -401,7 +401,11 @@ cupsdStopListening(void)
- lis;
- lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
- {
-- if (lis->fd != -1)
-+ if (lis->fd != -1
-+#ifdef HAVE_SYSTEMD
-+ && !lis->is_systemd
-+#endif /* HAVE_SYSTEMD */
-+ )
- {
- #ifdef WIN32
- closesocket(lis->fd);
-diff -up cups-1.6b1/scheduler/main.c.systemd-socket cups-1.6b1/scheduler/main.c
---- cups-1.6b1/scheduler/main.c.systemd-socket 2012-05-28 11:16:35.612250897 +0200
-+++ cups-1.6b1/scheduler/main.c 2012-05-28 12:49:32.698375139 +0200
-@@ -26,6 +26,8 @@
- * launchd_checkin() - Check-in with launchd and collect the listening
- * fds.
- * launchd_checkout() - Update the launchd KeepAlive file as needed.
-+ * systemd_checkin() - Check-in with systemd and collect the
-+ * listening fds.
- * parent_handler() - Catch USR1/CHLD signals...
- * process_children() - Process all dead children...
- * select_timeout() - Calculate the select timeout value.
-@@ -62,6 +64,10 @@
- # endif /* !LAUNCH_JOBKEY_SERVICEIPC */
- #endif /* HAVE_LAUNCH_H */
-
-+#ifdef HAVE_SYSTEMD
-+#include <systemd/sd-daemon.h>
-+#endif /* HAVE_SYSTEMD */
-+
- #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
- # include <malloc.h>
- #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */
-@@ -78,6 +84,9 @@
- static void launchd_checkin(void);
- static void launchd_checkout(void);
- #endif /* HAVE_LAUNCHD */
-+#ifdef HAVE_SYSTEMD
-+static void systemd_checkin(void);
-+#endif /* HAVE_SYSTEMD */
- static void parent_handler(int sig);
- static void process_children(void);
- static void sigchld_handler(int sig);
-@@ -528,6 +537,13 @@ main(int argc, /* I - Number of comm
- }
- #endif /* HAVE_LAUNCHD */
-
-+#ifdef HAVE_SYSTEMD
-+ /*
-+ * If we were started by systemd get the listen sockets file descriptors...
-+ */
-+ systemd_checkin();
-+#endif /* HAVE_SYSTEMD */
-+
- /*
- * Startup the server...
- */
-@@ -738,6 +754,15 @@ main(int argc, /* I - Number of comm
- }
- #endif /* HAVE_LAUNCHD */
-
-+#ifdef HAVE_SYSTEMD
-+ /*
-+ * If we were started by systemd get the listen sockets file
-+ * descriptors...
-+ */
-+
-+ systemd_checkin();
-+#endif /* HAVE_SYSTEMD */
-+
- /*
- * Startup the server...
- */
-@@ -1516,6 +1541,102 @@ launchd_checkout(void)
- }
- #endif /* HAVE_LAUNCHD */
-
-+#ifdef HAVE_SYSTEMD
-+static void
-+systemd_checkin(void)
-+{
-+ int n, fd;
-+
-+ n = sd_listen_fds(0);
-+ if (n < 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "systemd_checkin: Failed to acquire sockets from systemd - %s",
-+ strerror(-n));
-+ exit(EXIT_FAILURE);
-+ return;
-+ }
-+
-+ if (n == 0)
-+ return;
-+
-+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
-+ {
-+ http_addr_t addr;
-+ socklen_t addrlen = sizeof (addr);
-+ int r;
-+ cupsd_listener_t *lis;
-+ char s[256];
-+
-+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1);
-+ if (r < 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "systemd_checkin: Unable to verify socket type - %s",
-+ strerror(-r));
-+ continue;
-+ }
-+
-+ if (!r)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "systemd_checkin: Socket not of the right type");
-+ continue;
-+ }
-+
-+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen))
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "systemd_checkin: Unable to get local address - %s",
-+ strerror(errno));
-+ continue;
-+ }
-+
-+ /*
-+ * Try to match the systemd socket address to one of the listeners...
-+ */
-+
-+ for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
-+ lis;
-+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
-+ if (httpAddrEqual(&lis->address, &addr))
-+ break;
-+
-+ if (lis)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG,
-+ "systemd_checkin: Matched existing listener %s with fd %d...",
-+ httpAddrString(&(lis->address), s, sizeof(s)), fd);
-+ }
-+ else
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG,
-+ "systemd_checkin: Adding new listener %s with fd %d...",
-+ httpAddrString(&addr, s, sizeof(s)), fd);
-+
-+ if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "systemd_checkin: Unable to allocate listener - "
-+ "%s.", strerror(errno));
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ cupsArrayAdd(Listeners, lis);
-+
-+ memcpy(&lis->address, &addr, sizeof(lis->address));
-+ }
-+
-+ lis->fd = fd;
-+ lis->is_systemd = 1;
-+
-+# ifdef HAVE_SSL
-+ if (_httpAddrPort(&(lis->address)) == 443)
-+ lis->encryption = HTTP_ENCRYPT_ALWAYS;
-+# endif /* HAVE_SSL */
-+ }
-+}
-+#endif /* HAVE_SYSTEMD */
-
- /*
- * 'parent_handler()' - Catch USR1/CHLD signals...
-diff -up cups-1.6b1/scheduler/Makefile.systemd-socket cups-1.6b1/scheduler/Makefile
---- cups-1.6b1/scheduler/Makefile.systemd-socket 2012-05-21 19:40:22.000000000 +0200
-+++ cups-1.6b1/scheduler/Makefile 2012-05-28 11:16:35.663250542 +0200
-@@ -371,7 +371,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu
- $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \
- $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \
- $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \
-- $(LIBGSSAPI) $(LIBWRAP)
-+ $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS)
-
- cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC)
- echo Linking $@...
-@@ -379,7 +379,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a
- $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \
- ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \
- $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \
-- $(LIBWRAP)
-+ $(LIBWRAP) $(SDLIBS)
-
- tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c
-
diff --git a/cups/patches/026_cups-lspp.patch b/cups/patches/026_cups-lspp.patch
deleted file mode 100644
index d81ef06..0000000
--- a/cups/patches/026_cups-lspp.patch
+++ /dev/null
@@ -1,1999 +0,0 @@
-diff -up cups-1.6b1/config.h.in.lspp cups-1.6b1/config.h.in
---- cups-1.6b1/config.h.in.lspp 2012-05-25 17:01:32.000000000 +0200
-+++ cups-1.6b1/config.h.in 2012-05-25 17:03:16.889043298 +0200
-@@ -768,6 +768,13 @@ static __inline int _cups_abs(int i) { r
- # endif /* __GNUC__ || __STDC_VERSION__ */
- #endif /* !HAVE_ABS && !abs */
-
-+/*
-+ * Are we trying to meet LSPP requirements?
-+ */
-+
-+#undef WITH_LSPP
-+
-+
- #endif /* !_CUPS_CONFIG_H_ */
-
- /*
-diff -up cups-1.6b1/config-scripts/cups-lspp.m4.lspp cups-1.6b1/config-scripts/cups-lspp.m4
---- cups-1.6b1/config-scripts/cups-lspp.m4.lspp 2012-05-25 17:01:32.852768495 +0200
-+++ cups-1.6b1/config-scripts/cups-lspp.m4 2012-05-25 17:01:32.853768488 +0200
-@@ -0,0 +1,36 @@
-+dnl
-+dnl LSPP code for the Common UNIX Printing System (CUPS).
-+dnl
-+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
-+dnl
-+dnl This program is free software; you can redistribute it and/or modify
-+dnl it under the terms of the GNU General Public License as published by
-+dnl the Free Software Foundation; version 2.
-+dnl
-+dnl This program is distributed in the hope that it will be useful, but
-+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+dnl General Public License for more details.
-+dnl
-+dnl You should have received a copy of the GNU General Public License
-+dnl along with this program; if not, write to the Free Software Foundation,
-+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
-+dnl
-+
-+dnl Are we trying to meet LSPP requirements
-+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
-+
-+if test x"$enable_lspp" != xno; then
-+ case "$uname" in
-+ Linux)
-+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
-+ AC_CHECK_HEADER(libaudit.h)
-+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
-+ AC_CHECK_HEADER(selinux/selinux.h)
-+ AC_DEFINE(WITH_LSPP)
-+ ;;
-+ *)
-+ # All others
-+ ;;
-+ esac
-+fi
-diff -up cups-1.6b1/configure.in.lspp cups-1.6b1/configure.in
---- cups-1.6b1/configure.in.lspp 2012-05-25 17:01:32.000000000 +0200
-+++ cups-1.6b1/configure.in 2012-05-25 17:04:03.994714943 +0200
-@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4)
- sinclude(config-scripts/cups-defaults.m4)
- sinclude(config-scripts/cups-scripting.m4)
-
-+sinclude(config-scripts/cups-lspp.m4)
-+
- INSTALL_LANGUAGES=""
- UNINSTALL_LANGUAGES=""
- LANGFILES=""
-diff -up cups-1.6b1/filter/common.c.lspp cups-1.6b1/filter/common.c
---- cups-1.6b1/filter/common.c.lspp 2011-05-20 05:49:49.000000000 +0200
-+++ cups-1.6b1/filter/common.c 2012-05-25 17:01:32.854768481 +0200
-@@ -30,6 +30,12 @@
- * Include necessary headers...
- */
-
-+#include "config.h"
-+#ifdef WITH_LSPP
-+#define _GNU_SOURCE
-+#include <string.h>
-+#endif /* WITH_LSPP */
-+
- #include "common.h"
- #include <locale.h>
-
-@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label, /* I
- {
- const char *classification; /* CLASSIFICATION environment variable */
- const char *ptr; /* Temporary string pointer */
-+#ifdef WITH_LSPP
-+ int i, /* counter */
-+ n, /* counter */
-+ lines, /* number of lines needed */
-+ line_len, /* index into tmp_label */
-+ label_len, /* length of the label in characters */
-+ label_index, /* index into the label */
-+ longest, /* length of the longest line */
-+ longest_line, /* index to the longest line */
-+ max_width; /* maximum width in characters */
-+ char **wrapped_label; /* label with line breaks */
-+#endif /* WITH_LSPP */
-
-
- /*
-@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label, /* I
- return;
- }
-
-+#ifdef WITH_LSPP
-+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
-+ {
-+ /*
-+ * Based on the 12pt fixed width font below determine the max_width
-+ */
-+ max_width = width / 8;
-+ longest_line = 0;
-+ longest = 0;
-+ classification += 5; // Skip the "LSPP:"
-+ label_len = strlen(classification);
-+
-+ if (label_len > max_width)
-+ {
-+ lines = 1 + (int)(label_len / max_width);
-+ line_len = (int)(label_len / lines);
-+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
-+ label_index = i = n = 0;
-+ while (classification[label_index])
-+ {
-+ if ((label_index + line_len) > label_len)
-+ break;
-+ switch (classification[label_index + line_len + i])
-+ {
-+ case ':':
-+ case ',':
-+ case '-':
-+ i++;
-+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
-+ label_index += line_len + i;
-+ i = 0;
-+ break;
-+ default:
-+ i++;
-+ break;
-+ }
-+ if ((i + line_len) == max_width)
-+ {
-+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
-+ label_index = label_index + line_len + i;
-+ i = 0;
-+ }
-+ }
-+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
-+ }
-+ else
-+ {
-+ lines = 1;
-+ wrapped_label = malloc(sizeof(*wrapped_label));
-+ wrapped_label[0] = (char*)classification;
-+ }
-+
-+ for (n = 0; n < lines; n++ )
-+ {
-+ printf("userdict/ESPp%c(", ('a' + n));
-+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
-+ if (*ptr < 32 || *ptr > 126)
-+ printf("\\%03o", *ptr);
-+ else
-+ {
-+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
-+ putchar('\\');
-+
-+ printf("%c", *ptr);
-+ }
-+ if (i > longest)
-+ {
-+ longest = i;
-+ longest_line = n;
-+ }
-+ printf(")put\n");
-+ }
-+
-+ /*
-+ * For LSPP use a fixed width font so that line wrapping can be calculated
-+ */
-+
-+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
-+
-+ /*
-+ * Finally, the procedure to write the labels on the page...
-+ */
-+
-+ printf("userdict/ESPwl{\n"
-+ " ESPlf setfont\n");
-+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
-+ 'a' + longest_line, width * 0.5f);
-+ for (n = 1; n < lines; n++)
-+ printf(" dup");
-+ printf("\n 1 setgray\n");
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
-+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
-+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
-+ printf(" 0 setgray\n");
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
-+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
-+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
-+ for (n = 0; n < lines; n ++)
-+ {
-+ printf(" dup %.0f moveto ESPp%c show\n",
-+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
-+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
-+ }
-+ printf(" pop\n"
-+ "}bind put\n");
-+
-+ /*
-+ * Do some clean up at the end of the LSPP special case
-+ */
-+ free(wrapped_label);
-+
-+ }
-+ else
-+ {
-+#endif /* !WITH_LSPP */
-+
- /*
- * Set the classification + page label string...
- */
-@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label, /* I
- printf(" %.0f moveto ESPpl show\n", top - 14.0);
- puts("pop");
- puts("}bind put");
-+ }
-+#ifdef WITH_LSPP
- }
-+#endif /* WITH_LSPP */
-
-
- /*
-diff -up cups-1.6b1/filter/pstops.c.lspp cups-1.6b1/filter/pstops.c
---- cups-1.6b1/filter/pstops.c.lspp 2012-04-23 21:19:19.000000000 +0200
-+++ cups-1.6b1/filter/pstops.c 2012-05-25 17:01:32.855768474 +0200
-@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t *doc, /*
- {
- const char *classification; /* CLASSIFICATION environment variable */
- const char *ptr; /* Temporary string pointer */
-+#ifdef WITH_LSPP
-+ int i, /* counter */
-+ n, /* counter */
-+ lines, /* number of lines needed */
-+ line_len, /* index into tmp_label */
-+ label_len, /* length of the label in characters */
-+ label_index, /* index into the label */
-+ longest, /* length of the longest line */
-+ longest_line, /* index to the longest line */
-+ max_width; /* maximum width in characters */
-+ char **wrapped_label; /* label with line breaks */
-+#endif /* WITH_LSPP */
-
-
- /*
-@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t *doc, /*
- return;
- }
-
-+#ifdef WITH_LSPP
-+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
-+ {
-+ /*
-+ * Based on the 12pt fixed width font below determine the max_width
-+ */
-+ max_width = width / 8;
-+ longest_line = 0;
-+ longest = 0;
-+ classification += 5; // Skip the "LSPP:"
-+ label_len = strlen(classification);
-+
-+ if (label_len > max_width)
-+ {
-+ lines = 1 + (int)(label_len / max_width);
-+ line_len = (int)(label_len / lines);
-+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
-+ label_index = i = n = 0;
-+ while (classification[label_index])
-+ {
-+ if ((label_index + line_len) > label_len)
-+ break;
-+ switch (classification[label_index + line_len + i])
-+ {
-+ case ':':
-+ case ',':
-+ case '-':
-+ i++;
-+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
-+ label_index += line_len + i;
-+ i = 0;
-+ break;
-+ default:
-+ i++;
-+ break;
-+ }
-+ if ((i + line_len) == max_width)
-+ {
-+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
-+ label_index = label_index + line_len + i;
-+ i = 0;
-+ }
-+ }
-+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
-+ }
-+ else
-+ {
-+ lines = 1;
-+ wrapped_label = malloc(sizeof(*wrapped_label));
-+ wrapped_label[0] = (char*)classification;
-+ }
-+
-+ for (n = 0; n < lines; n++ )
-+ {
-+ printf("userdict/ESPp%c(", ('a' + n));
-+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
-+ if (*ptr < 32 || *ptr > 126)
-+ printf("\\%03o", *ptr);
-+ else
-+ {
-+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
-+ putchar('\\');
-+
-+ printf("%c", *ptr);
-+ }
-+ if (i > longest)
-+ {
-+ longest = i;
-+ longest_line = n;
-+ }
-+ printf(")put\n");
-+ }
-+
-+ /*
-+ * For LSPP use a fixed width font so that line wrapping can be calculated
-+ */
-+
-+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
-+
-+ /*
-+ * Finally, the procedure to write the labels on the page...
-+ */
-+
-+ printf("userdict/ESPwl{\n"
-+ " ESPlf setfont\n");
-+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
-+ 'a' + longest_line, width * 0.5f);
-+ for (n = 1; n < lines; n++)
-+ printf(" dup");
-+ printf("\n 1 setgray\n");
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
-+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
-+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
-+ printf(" 0 setgray\n");
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
-+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
-+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
-+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
-+ for (n = 0; n < lines; n ++)
-+ {
-+ printf(" dup %.0f moveto ESPp%c show\n",
-+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
-+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
-+ }
-+ printf(" pop\n"
-+ "}bind put\n");
-+
-+ /*
-+ * Do some clean up at the end of the LSPP special case
-+ */
-+ free(wrapped_label);
-+
-+ }
-+ else
-+ {
-+#endif /* !WITH_LSPP */
-+
- /*
- * Set the classification + page label string...
- */
-@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t *doc, /*
- doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
- doc_puts(doc, "pop\n");
- doc_puts(doc, "}bind put\n");
-+ }
-+#ifdef WITH_LSPP
- }
-+#endif /* WITH_LSPP */
-
-
- /*
-diff -up cups-1.6b1/Makedefs.in.lspp cups-1.6b1/Makedefs.in
---- cups-1.6b1/Makedefs.in.lspp 2012-05-25 17:01:32.000000000 +0200
-+++ cups-1.6b1/Makedefs.in 2012-05-25 17:07:57.325088484 +0200
-@@ -146,7 +146,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f
- @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
- LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ)
- LINKCUPSIMAGE = @LINKCUPSIMAGE@
--LIBS = $(LINKCUPS) $(COMMONLIBS)
-+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
- OPTIM = @OPTIM@
- OPTIONS =
- PAMLIBS = @PAMLIBS@
-diff -up cups-1.6b1/scheduler/client.c.lspp cups-1.6b1/scheduler/client.c
---- cups-1.6b1/scheduler/client.c.lspp 2012-05-08 00:41:30.000000000 +0200
-+++ cups-1.6b1/scheduler/client.c 2012-05-25 17:13:38.947707163 +0200
-@@ -41,6 +41,7 @@
- * valid_host() - Is the Host: field valid?
- * write_file() - Send a file via HTTP.
- * write_pipe() - Flag that data is available on the CGI pipe.
-+ * client_pid_to_auid() - Get the audit login uid of the client.
- */
-
- /*
-@@ -49,10 +50,16 @@
-
- #include "cupsd.h"
-
-+#define _GNU_SOURCE
- #ifdef HAVE_TCPD_H
- # include <tcpd.h>
- #endif /* HAVE_TCPD_H */
-
-+#ifdef WITH_LSPP
-+#include <selinux/selinux.h>
-+#include <selinux/context.h>
-+#include <fcntl.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Local globals...
-@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
- }
- #endif /* HAVE_TCPD_H */
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config())
-+ {
-+ struct ucred cr;
-+ unsigned int cl=sizeof(cr);
-+
-+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
-+ {
-+ /*
-+ * client_pid_to_auid() can be racey
-+ * In this case the pid is based on a socket connected to the client
-+ */
-+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
-+ {
-+ close(con->http.fd);
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "
-+ "unable to determine client auid for client pid=%d", cr.pid);
-+ free(con);
-+ return;
-+ }
-+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",
-+ cr.pid, cr.uid, cr.gid, con->auid);
-+ }
-+ else
-+ {
-+ close(con->http.fd);
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");
-+ free(con);
-+ return;
-+ }
-+
-+ /*
-+ * get the context of the peer connection
-+ */
-+ if (getpeercon(con->http.fd, &con->scon))
-+ {
-+ close(con->http.fd);
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");
-+ free(con);
-+ return;
-+ }
-+
-+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);
-+ }
-+ else
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()");
-+ cupsdSetString(&con->scon, UNKNOWN_SL);
-+ }
-+#endif /* WITH_LSPP */
-+
- #ifdef AF_LOCAL
- if (con->http.hostaddr->addr.sa_family == AF_LOCAL)
- cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)",
-@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t *con) /*
- mime_type_t *type; /* MIME type of file */
- cupsd_printer_t *p; /* Printer */
- static unsigned request_id = 0; /* Request ID for temp files */
-+#ifdef WITH_LSPP
-+ security_context_t spoolcon; /* context of the job file */
-+ context_t clicon; /* contex_t container for con->scon */
-+ context_t tmpcon; /* temp context to swap the level */
-+ char *clirange; /* SELinux sensitivity range */
-+ char *cliclearance; /* SELinux low end clearance */
-+#endif /* WITH_LSPP */
-
-
- status = HTTP_CONTINUE;
-@@ -2126,6 +2191,67 @@ cupsdReadClient(cupsd_client_t *con) /*
- fchmod(con->file, 0640);
- fchown(con->file, RunUser, Group);
- fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
-+#ifdef WITH_LSPP
-+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
-+ {
-+ if (getfilecon(con->filename, &spoolcon) == -1)
-+ {
-+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
-+ return (cupsdCloseClient(con));
-+ }
-+ clicon = context_new(con->scon);
-+ tmpcon = context_new(spoolcon);
-+ freecon(spoolcon);
-+ if (!clicon || !tmpcon)
-+ {
-+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
-+ if (clicon)
-+ context_free(clicon);
-+ if (tmpcon)
-+ context_free(tmpcon);
-+ return (cupsdCloseClient(con));
-+ }
-+ clirange = context_range_get(clicon);
-+ if (clirange)
-+ {
-+ clirange = strdup(clirange);
-+ if ((cliclearance = strtok(clirange, "-")) != NULL)
-+ {
-+ if (context_range_set(tmpcon, cliclearance) == -1)
-+ {
-+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
-+ free(clirange);
-+ context_free(tmpcon);
-+ context_free(clicon);
-+ return (cupsdCloseClient(con));
-+ }
-+ }
-+ else
-+ {
-+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
-+ {
-+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
-+ free(clirange);
-+ context_free(tmpcon);
-+ context_free(clicon);
-+ return (cupsdCloseClient(con));
-+ }
-+ }
-+ free(clirange);
-+ }
-+ if (setfilecon(con->filename, context_str(tmpcon)) == -1)
-+ {
-+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
-+ context_free(tmpcon);
-+ context_free(clicon);
-+ return (cupsdCloseClient(con));
-+ }
-+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",
-+ con->filename, context_str(tmpcon));
-+ context_free(tmpcon);
-+ context_free(clicon);
-+ }
-+#endif /* WITH_LSPP */
- }
-
- if (con->http.state != HTTP_POST_SEND)
-@@ -3581,6 +3707,49 @@ is_path_absolute(const char *path) /* I
- return (1);
- }
-
-+#ifdef WITH_LSPP
-+/*
-+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
-+ */
-+
-+uid_t client_pid_to_auid(pid_t clipid)
-+{
-+ uid_t uid;
-+ int len, in;
-+ char buf[16] = {0};
-+ char fname[32] = {0};
-+
-+
-+ /*
-+ * Hopefully this pid is still the one we are interested in.
-+ */
-+ snprintf(fname, 32, "/proc/%d/loginuid", clipid);
-+ in = open(fname, O_NOFOLLOW|O_RDONLY);
-+
-+ if (in < 0)
-+ return -1;
-+
-+ errno = 0;
-+
-+ do {
-+ len = read(in, buf, sizeof(buf));
-+ } while (len < 0 && errno == EINTR);
-+
-+ close(in);
-+
-+ if (len < 0 || len >= sizeof(buf))
-+ return -1;
-+
-+ errno = 0;
-+ buf[len] = 0;
-+ uid = strtol(buf, 0, 10);
-+
-+ if (errno != 0)
-+ return -1;
-+ else
-+ return uid;
-+}
-+#endif /* WITH_LSPP */
-
- /*
- * 'pipe_command()' - Pipe the output of a command to the remote client.
-diff -up cups-1.6b1/scheduler/client.h.lspp cups-1.6b1/scheduler/client.h
---- cups-1.6b1/scheduler/client.h.lspp 2012-05-25 17:01:32.847768530 +0200
-+++ cups-1.6b1/scheduler/client.h 2012-05-25 17:14:12.963470050 +0200
-@@ -18,6 +18,13 @@
- #endif /* HAVE_AUTHORIZATION_H */
-
-
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
-+#ifdef WITH_LSPP
-+#include <selinux/selinux.h>
-+#endif /* WITH_LSPP */
-+
- /*
- * HTTP client structure...
- */
-@@ -63,6 +70,10 @@ struct cupsd_client_s
- #ifdef HAVE_AUTHORIZATION_H
- AuthorizationRef authref; /* Authorization ref */
- #endif /* HAVE_AUTHORIZATION_H */
-+#ifdef WITH_LSPP
-+ security_context_t scon; /* Security context of connection */
-+ uid_t auid; /* Audit loginuid of the client */
-+#endif /* WITH_LSPP */
- };
-
- #define HTTP(con) &((con)->http)
-@@ -135,6 +146,9 @@ extern void cupsdStartListening(void);
- extern void cupsdStopListening(void);
- extern void cupsdUpdateCGI(void);
- extern void cupsdWriteClient(cupsd_client_t *con);
-+#ifdef WITH_LSPP
-+extern uid_t client_pid_to_auid(pid_t clipid);
-+#endif /* WITH_LSPP */
-
- #ifdef HAVE_SSL
- extern int cupsdEndTLS(cupsd_client_t *con);
-diff -up cups-1.6b1/scheduler/conf.c.lspp cups-1.6b1/scheduler/conf.c
---- cups-1.6b1/scheduler/conf.c.lspp 2012-05-25 17:01:32.778769011 +0200
-+++ cups-1.6b1/scheduler/conf.c 2012-05-25 17:01:32.860768439 +0200
-@@ -32,6 +32,7 @@
- * read_location() - Read a <Location path> definition.
- * read_policy() - Read a <Policy name> definition.
- * set_policy_defaults() - Set default policy values as needed.
-+ * is_lspp_config() - Is the system configured for LSPP
- */
-
- /*
-@@ -57,6 +58,9 @@
- # define INADDR_NONE 0xffffffff
- #endif /* !INADDR_NONE */
-
-+#ifdef WITH_LSPP
-+# include <libaudit.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Configuration variable structure...
-@@ -164,6 +168,10 @@ static const cupsd_var_t variables[] =
- # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
- { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
- # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
-+#ifdef WITH_LSPP
-+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER },
-+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN },
-+#endif /* WITH_LSPP */
- #endif /* HAVE_SSL */
- { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
- { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
-@@ -537,6 +545,9 @@ cupsdReadConfiguration(void)
- const char *tmpdir; /* TMPDIR environment variable */
- struct stat tmpinfo; /* Temporary directory info */
- cupsd_policy_t *p; /* Policy */
-+#ifdef WITH_LSPP
-+ char *audit_message; /* Audit message string */
-+#endif /* WITH_LSPP */
-
-
- /*
-@@ -801,6 +812,25 @@ cupsdReadConfiguration(void)
-
- RunUser = getuid();
-
-+#ifdef WITH_LSPP
-+ if (AuditLog != -1)
-+ {
-+ /*
-+ * ClassifyOverride is set during read_configuration, if its ON, report it now
-+ */
-+ if (ClassifyOverride)
-+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
-+ "[Config] ClassifyOverride=enabled Users can override print banners",
-+ ServerName, NULL, NULL, 1);
-+ /*
-+ * PerPageLabel is set during read_configuration, if its OFF, report it now
-+ */
-+ if (!PerPageLabels)
-+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
-+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);
-+ }
-+#endif /* WITH_LSPP */
-+
- cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
- RemotePort ? "enabled" : "disabled");
-
-@@ -1185,7 +1215,19 @@ cupsdReadConfiguration(void)
- cupsdClearString(&Classification);
-
- if (Classification)
-+ {
- cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
-+#ifdef WITH_LSPP
-+ if (AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
-+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
-+ ServerName, NULL, NULL, 1);
-+ cupsdClearString(&audit_message);
-+ }
-+#endif /* WITH_LSPP */
-+ }
-
- /*
- * Check the MaxClients setting, and then allocate memory for it...
-@@ -3423,6 +3465,18 @@ read_location(cups_file_t *fp, /* I - C
- return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
- }
-
-+#ifdef WITH_LSPP
-+int is_lspp_config()
-+{
-+ if (Classification != NULL)
-+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0)
-+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0)
-+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0));
-+ else
-+ return 0;
-+}
-+#endif /* WITH_LSPP */
-+
-
- /*
- * 'read_policy()' - Read a <Policy name> definition.
-diff -up cups-1.6b1/scheduler/conf.h.lspp cups-1.6b1/scheduler/conf.h
---- cups-1.6b1/scheduler/conf.h.lspp 2012-05-25 17:01:32.000000000 +0200
-+++ cups-1.6b1/scheduler/conf.h 2012-05-25 17:16:20.522580884 +0200
-@@ -247,6 +247,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO
- /* SSL/TLS options */
- #endif /* HAVE_SSL */
-
-+#ifdef WITH_LSPP
-+VAR int AuditLog VALUE(-1),
-+ /* File descriptor for audit */
-+ PerPageLabels VALUE(TRUE);
-+ /* Put the label on each page */
-+#endif /* WITH_LSPP */
-+
- #ifdef HAVE_LAUNCHD
- VAR int LaunchdTimeout VALUE(10);
- /* Time after which an idle cupsd will exit */
-@@ -265,6 +272,9 @@ int HaveServerCreds VALUE(0);
- gss_cred_id_t ServerCreds; /* Server's GSS credentials */
- #endif /* HAVE_GSSAPI */
-
-+#ifdef WITH_LSPP
-+extern int is_lspp_config(void);
-+#endif /* WITH_LSPP */
-
- /*
- * Prototypes...
-diff -up cups-1.6b1/scheduler/cupsd.h.lspp cups-1.6b1/scheduler/cupsd.h
---- cups-1.6b1/scheduler/cupsd.h.lspp 2012-05-21 19:40:22.000000000 +0200
-+++ cups-1.6b1/scheduler/cupsd.h 2012-05-25 17:01:32.861768432 +0200
-@@ -13,6 +13,8 @@
- * file is missing or damaged, see the license at "http://www.cups.org/".
- */
-
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-
- /*
- * Include necessary headers.
-@@ -37,13 +39,20 @@
- # include <unistd.h>
- #endif /* WIN32 */
-
-+#include "config.h"
-+#ifdef WITH_LSPP
-+# define MLS_CONFIG "mls"
-+# define TE_CONFIG "te"
-+# define SELINUX_CONFIG "SELinux"
-+# define UNKNOWN_SL "UNKNOWN SL"
-+#endif /* WITH_LSPP */
-+
- #include "mime.h"
-
- #if defined(HAVE_CDSASSL)
- # include <CoreFoundation/CoreFoundation.h>
- #endif /* HAVE_CDSASSL */
-
--
- /*
- * Some OS's don't have hstrerror(), most notably Solaris...
- */
-diff -up cups-1.6b1/scheduler/ipp.c.lspp cups-1.6b1/scheduler/ipp.c
---- cups-1.6b1/scheduler/ipp.c.lspp 2012-05-25 17:01:32.810768787 +0200
-+++ cups-1.6b1/scheduler/ipp.c 2012-05-25 17:18:06.620841313 +0200
-@@ -35,6 +35,7 @@
- * cancel_all_jobs() - Cancel all or selected print jobs.
- * cancel_job() - Cancel a print job.
- * cancel_subscription() - Cancel a subscription.
-+ * check_context() - Check the SELinux context for a user and job
- * check_rss_recipient() - Check that we do not have a duplicate RSS
- * feed URI.
- * check_quotas() - Check quotas for a printer and user.
-@@ -99,6 +100,9 @@
- * validate_user() - Validate the user for the request.
- */
-
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
- /*
- * Include necessary headers...
- */
-@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu
- # endif /* HAVE_MEMBERSHIPPRIV_H */
- #endif /* __APPLE__ */
-
-+#ifdef WITH_LSPP
-+#include <libaudit.h>
-+#include <selinux/selinux.h>
-+#include <selinux/context.h>
-+#include <selinux/avc.h>
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Local functions...
-@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client
- static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
- static void cancel_subscription(cupsd_client_t *con, int id);
- static int check_rss_recipient(const char *recipient);
-+#ifdef WITH_LSPP
-+static int check_context(cupsd_client_t *con, cupsd_job_t *job);
-+#endif /* WITH_LSPP */
- static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
- static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
- static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
-@@ -1285,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl
- ipp_attribute_t *media_col, /* media-col attribute */
- *media_margin; /* media-*-margin attribute */
- ipp_t *unsup_col; /* media-col in unsupported response */
-+#ifdef WITH_LSPP
-+ char *audit_message; /* Audit message string */
-+ char *printerfile; /* device file pointed to by the printer */
-+ char *userheader = NULL; /* User supplied job-sheets[0] */
-+ char *userfooter = NULL; /* User supplied job-sheets[1] */
-+ int override = 0; /* Was a banner overrode on a job */
-+ security_id_t clisid; /* SELinux SID for the client */
-+ security_id_t psid; /* SELinux SID for the printer */
-+ context_t printercon; /* Printer's context string */
-+ struct stat printerstat; /* Printer's stat buffer */
-+ security_context_t devcon; /* Printer's SELinux context */
-+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
-+ security_class_t tclass; /* Object class for the SELinux check */
-+ access_vector_t avr; /* Access method being requested */
-+#endif /* WITH_LSPP */
-
-
- cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
-@@ -1542,6 +1572,106 @@ add_job(cupsd_client_t *con, /* I - Cl
- ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL,
- "Untitled");
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config())
-+ {
-+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name);
-+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes."));
-+ return (NULL);
-+ }
-+
-+ /*
-+ * Perform an access check so that if the user gets feedback at enqueue time
-+ */
-+
-+ printerfile = strstr(printer->device_uri, "/dev/");
-+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
-+ printerfile = printer->device_uri + strlen("file:");
-+
-+ if (printerfile != NULL)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
-+ printerfile);
-+
-+ if (lstat(printerfile, &printerstat) < 0)
-+ {
-+ if (errno != ENOENT)
-+ {
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));
-+ return (NULL);
-+ }
-+ /*
-+ * The printer does not exist, so for now assume it's a FileDevice
-+ */
-+ tclass = SECCLASS_FILE;
-+ avr = FILE__WRITE;
-+ }
-+ else if (S_ISCHR(printerstat.st_mode))
-+ {
-+ tclass = SECCLASS_CHR_FILE;
-+ avr = CHR_FILE__WRITE;
-+ }
-+ else if (S_ISREG(printerstat.st_mode))
-+ {
-+ tclass = SECCLASS_FILE;
-+ avr = FILE__WRITE;
-+ }
-+ else
-+ {
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));
-+ return (NULL);
-+ }
-+ static avc_initialized = 0;
-+ if (!avc_initialized++)
-+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
-+ avc_entry_ref_init(&avcref);
-+ if (avc_context_to_sid(con->scon, &clisid) != 0)
-+ {
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
-+ return (NULL);
-+ }
-+ if (getfilecon(printerfile, &devcon) == -1)
-+ {
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
-+ return (NULL);
-+ }
-+ printercon = context_new(devcon);
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
-+ context_str(printercon), con->scon);
-+ context_free(printercon);
-+
-+ if (avc_context_to_sid(devcon, &psid) != 0)
-+ {
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
-+ freecon(devcon);
-+ return (NULL);
-+ }
-+ freecon(devcon);
-+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
-+ {
-+ /*
-+ * The access check failed, so cancel the job and send an audit message
-+ */
-+ if (AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused"
-+ " unable to access printer=%s", con->auid,
-+ con->username, con->scon, printer->name);
-+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
-+ ServerName, NULL, NULL, 0);
-+ cupsdClearString(&audit_message);
-+ }
-+
-+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
-+ return (NULL);
-+ }
-+ }
-+ }
-+#endif /* WITH_LSPP */
-+
- if ((job = cupsdAddJob(priority, printer->name)) == NULL)
- {
- send_ipp_status(con, IPP_INTERNAL_ERROR,
-@@ -1550,6 +1680,32 @@ add_job(cupsd_client_t *con, /* I - Cl
- return (NULL);
- }
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config())
-+ {
-+ /*
-+ * duplicate the security context and auid of the connection into the job structure
-+ */
-+ job->scon = strdup(con->scon);
-+ job->auid = con->auid;
-+
-+ /*
-+ * add the security context to the request so that on a restart the security
-+ * attributes will be able to be restored
-+ */
-+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",
-+ NULL, job->scon);
-+ }
-+ else
-+ {
-+ /*
-+ * Fill in the security context of the job as unlabeled
-+ */
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);
-+ cupsdSetString(&job->scon, UNKNOWN_SL);
-+ }
-+#endif /* WITH_LSPP */
-+
- job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
- job->attrs = con->request;
- job->dirty = 1;
-@@ -1759,6 +1915,29 @@ add_job(cupsd_client_t *con, /* I - Cl
- attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);
- attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);
- }
-+#ifdef WITH_LSPP
-+ else
-+ {
-+ /*
-+ * The option was present, so capture the user supplied strings
-+ */
-+ userheader = strdup(attr->values[0].string.text);
-+
-+ if (attr->num_values > 1)
-+ userfooter = strdup(attr->values[1].string.text);
-+
-+ if (Classification != NULL && (strcmp(userheader, Classification) == 0)
-+ && userfooter &&(strcmp(userfooter, Classification) == 0))
-+ {
-+ /*
-+ * Since both values are Classification, the user is not trying to Override
-+ */
-+ free(userheader);
-+ if (userfooter) free(userfooter);
-+ userheader = userfooter = NULL;
-+ }
-+ }
-+#endif /* WITH_LSPP */
-
- job->job_sheets = attr;
-
-@@ -1789,6 +1968,9 @@ add_job(cupsd_client_t *con, /* I - Cl
- "job-sheets=\"%s,none\", "
- "job-originating-user-name=\"%s\"",
- Classification, job->username);
-+#ifdef WITH_LSPP
-+ override = 1;
-+#endif /* WITH_LSPP */
- }
- else if (attr->num_values == 2 &&
- strcmp(attr->values[0].string.text,
-@@ -1807,6 +1989,9 @@ add_job(cupsd_client_t *con, /* I - Cl
- "job-originating-user-name=\"%s\"",
- attr->values[0].string.text,
- attr->values[1].string.text, job->username);
-+#ifdef WITH_LSPP
-+ override = 1;
-+#endif /* WITH_LSPP */
- }
- else if (strcmp(attr->values[0].string.text, Classification) &&
- strcmp(attr->values[0].string.text, "none") &&
-@@ -1827,6 +2012,9 @@ add_job(cupsd_client_t *con, /* I - Cl
- "job-originating-user-name=\"%s\"",
- attr->values[0].string.text,
- attr->values[1].string.text, job->username);
-+#ifdef WITH_LSPP
-+ override = 1;
-+#endif /* WITH_LSPP */
- }
- }
- else if (strcmp(attr->values[0].string.text, Classification) &&
-@@ -1867,8 +2055,52 @@ add_job(cupsd_client_t *con, /* I - Cl
- "job-sheets=\"%s\", "
- "job-originating-user-name=\"%s\"",
- Classification, job->username);
-+#ifdef WITH_LSPP
-+ override = 1;
-+#endif /* WITH_LSPP */
-+ }
-+#ifdef WITH_LSPP
-+ if (is_lspp_config() && AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+
-+ if (userheader || userfooter)
-+ {
-+ if (!override)
-+ {
-+ /*
-+ * The user overrode the banner, so audit it
-+ */
-+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
-+ " using banners=%s,%s", job->id, userheader,
-+ userfooter, attr->values[0].string.text,
-+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
-+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
-+ ServerName, NULL, NULL, 1);
-+ }
-+ else
-+ {
-+ /*
-+ * The user tried to override the banner, audit the failure
-+ */
-+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
-+ " ignored banners=%s,%s", job->id, userheader,
-+ userfooter, attr->values[0].string.text,
-+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
-+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
-+ ServerName, NULL, NULL, 0);
-+ }
-+ cupsdClearString(&audit_message);
-+ }
- }
-+
-+ if (userheader)
-+ free(userheader);
-+ if (userfooter)
-+ free(userfooter);
-+#endif /* WITH_LSPP */
- }
-+
-
- /*
- * See if we need to add the starting sheet...
-@@ -3615,6 +3847,111 @@ check_rss_recipient(
- }
-
-
-+#ifdef WITH_LSPP
-+/*
-+ * 'check_context()' - Check SELinux security context of a user and job
-+ */
-+
-+static int /* O - 1 if OK, 0 if not, -1 on error */
-+check_context(cupsd_client_t *con, /* I - Client connection */
-+ cupsd_job_t *job) /* I - Job */
-+{
-+ int enforcing; /* is SELinux in enforcing mode */
-+ char filename[1024]; /* Filename of the spool file */
-+ security_id_t clisid; /* SELinux SID of the client */
-+ security_id_t jobsid; /* SELinux SID of the job */
-+ security_id_t filesid; /* SELinux SID of the spool file */
-+ struct avc_entry_ref avcref; /* AVC entry cache pointer */
-+ security_class_t tclass; /* SELinux security class */
-+ access_vector_t avr; /* SELinux access being queried */
-+ security_context_t spoolfilecon; /* SELinux context of the spool file */
-+
-+
-+ /*
-+ * Validate the input to be sure there are contexts to work with...
-+ */
-+
-+ if (con->scon == NULL || job->scon == NULL
-+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0
-+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
-+ return -1;
-+
-+ if ((enforcing = security_getenforce()) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement");
-+ return -1;
-+ }
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon);
-+
-+
-+ /*
-+ * Initialize the avc engine...
-+ */
-+
-+ static avc_initialized = 0;
-+ if (! avc_initialized++)
-+ {
-+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init");
-+ return -1;
-+ }
-+ }
-+ if (avc_context_to_sid(con->scon, &clisid) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon);
-+ return -1;
-+ }
-+ if (avc_context_to_sid(job->scon, &jobsid) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon);
-+ return -1;
-+ }
-+ avc_entry_ref_init(&avcref);
-+ tclass = SECCLASS_FILE;
-+ avr = FILE__READ;
-+
-+ /*
-+ * Perform the check with the client as the subject, first with the job as the object
-+ * if that fails then with the spool file as the object...
-+ */
-+
-+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context");
-+
-+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
-+ if (getfilecon(filename, &spoolfilecon) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context");
-+ return -1;
-+ }
-+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file");
-+ freecon(spoolfilecon);
-+ return -1;
-+ }
-+ freecon(spoolfilecon);
-+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file");
-+ return 0;
-+ }
-+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file");
-+ return 1;
-+ }
-+ else
-+ if (enforcing == 0)
-+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode");
-+ else
-+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context");
-+
-+ return 1;
-+}
-+#endif /* WITH_LSPP */
-+
-+
- /*
- * 'check_quotas()' - Check quotas for a printer and user.
- */
-@@ -4067,6 +4404,15 @@ copy_banner(cupsd_client_t *con, /* I -
- char attrname[255], /* Name of attribute */
- *s; /* Pointer into name */
- ipp_attribute_t *attr; /* Attribute */
-+#ifdef WITH_LSPP
-+ const char *mls_label; /* SL of print job */
-+ char *jobrange; /* SELinux sensitivity range */
-+ char *jobclearance; /* SELinux low end clearance */
-+ context_t jobcon; /* SELinux context of the job */
-+ context_t tmpcon; /* Temp context to set the level */
-+ security_context_t spoolcon; /* Context of the file in the spool */
-+#endif /* WITH_LSPP */
-+
-
-
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
-@@ -4102,6 +4448,82 @@ copy_banner(cupsd_client_t *con, /* I -
-
- fchmod(cupsFileNumber(out), 0640);
- fchown(cupsFileNumber(out), RunUser, Group);
-+#ifdef WITH_LSPP
-+ if (job->scon != NULL &&
-+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
-+ {
-+ if (getfilecon(filename, &spoolcon) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "copy_banner: Unable to get the context of the banner file %s - %s",
-+ filename, strerror(errno));
-+ job->num_files --;
-+ return (0);
-+ }
-+ tmpcon = context_new(spoolcon);
-+ jobcon = context_new(job->scon);
-+ freecon(spoolcon);
-+ if (!tmpcon || !jobcon)
-+ {
-+ if (tmpcon)
-+ context_free(tmpcon);
-+ if (jobcon)
-+ context_free(jobcon);
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "copy_banner: Unable to get the SELinux contexts");
-+ job->num_files --;
-+ return (0);
-+ }
-+ jobrange = context_range_get(jobcon);
-+ if (jobrange)
-+ {
-+ jobrange = strdup(jobrange);
-+ if ((jobclearance = strtok(jobrange, "-")) != NULL)
-+ {
-+ if (context_range_set(tmpcon, jobclearance) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "copy_banner: Unable to set the level of the context for file %s - %s",
-+ filename, strerror(errno));
-+ free(jobrange);
-+ context_free(jobcon);
-+ context_free(tmpcon);
-+ job->num_files --;
-+ return (0);
-+ }
-+ }
-+ else
-+ {
-+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "copy_banner: Unable to set the level of the context for file %s - %s",
-+ filename, strerror(errno));
-+ free(jobrange);
-+ context_free(jobcon);
-+ context_free(tmpcon);
-+ job->num_files --;
-+ return (0);
-+ }
-+ }
-+ free(jobrange);
-+ }
-+ if (setfilecon(filename, context_str(tmpcon)) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "copy_banner: Unable to set the context of the banner file %s - %s",
-+ filename, strerror(errno));
-+ context_free(jobcon);
-+ context_free(tmpcon);
-+ job->num_files --;
-+ return (0);
-+ }
-+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",
-+ filename, context_str(tmpcon));
-+ context_free(jobcon);
-+ context_free(tmpcon);
-+ }
-+#endif /* WITH_LSPP */
-
- /*
- * Try the localized banner file under the subdirectory...
-@@ -4196,6 +4618,24 @@ copy_banner(cupsd_client_t *con, /* I -
- else
- s = attrname;
-
-+#ifdef WITH_LSPP
-+ if (strcmp(s, "mls-label") == 0)
-+ {
-+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
-+ {
-+ jobcon = context_new(job->scon);
-+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0)
-+ mls_label = context_range_get(jobcon);
-+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0)
-+ mls_label = context_type_get(jobcon);
-+ else // default to using the whole context string
-+ mls_label = context_str(jobcon);
-+ cupsFilePuts(out, mls_label);
-+ context_free(jobcon);
-+ }
-+ continue;
-+ }
-+#endif /* WITH_LSPP */
- if (!strcmp(s, "printer-name"))
- {
- cupsFilePuts(out, job->dest);
-@@ -6273,6 +6713,22 @@ get_job_attrs(cupsd_client_t *con, /* I
-
- exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
-
-+
-+#ifdef WITH_LSPP
-+ /*
-+ * Check SELinux...
-+ */
-+ if (is_lspp_config() && check_context(con, job) != 1)
-+ {
-+ /*
-+ * Unfortunately we have to lie to the user...
-+ */
-+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid);
-+ return;
-+ }
-+#endif /* WITH_LSPP */
-+
-+
- /*
- * Copy attributes...
- */
-@@ -6626,6 +7082,11 @@ get_jobs(cupsd_client_t *con, /* I - C
- if (username[0] && _cups_strcasecmp(username, job->username))
- continue;
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config() && check_context(con, job) != 1)
-+ continue;
-+#endif /* WITH_LSPP */
-+
- if (count > 0)
- ippAddSeparator(con->response);
-
-@@ -11106,6 +11567,11 @@ validate_user(cupsd_job_t *job, /* I
-
- strlcpy(username, get_username(con), userlen);
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config() && check_context(con, job) != 1)
-+ return 0;
-+#endif /* WITH_LSPP */
-+
- /*
- * Check the username against the owner...
- */
-diff -up cups-1.6b1/scheduler/job.c.lspp cups-1.6b1/scheduler/job.c
---- cups-1.6b1/scheduler/job.c.lspp 2012-05-25 17:01:32.824768691 +0200
-+++ cups-1.6b1/scheduler/job.c 2012-05-25 17:22:50.856860012 +0200
-@@ -68,6 +68,9 @@
- * update_job_attrs() - Update the job-printer-* attributes.
- */
-
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
- /*
- * Include necessary headers...
- */
-@@ -83,6 +86,14 @@
- # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
- #endif /* __APPLE__ */
-
-+#ifdef WITH_LSPP
-+#include <libaudit.h>
-+#include <selinux/selinux.h>
-+#include <selinux/context.h>
-+#include <selinux/avc.h>
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Design Notes for Job Management
-@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
- /* PRINTER_STATE_REASONS env var */
- rip_max_cache[255];
- /* RIP_MAX_CACHE env variable */
-+#ifdef WITH_LSPP
-+ char *audit_message = NULL; /* Audit message string */
-+ context_t jobcon; /* SELinux context of the job */
-+ char *label_template = NULL; /* SL to put in classification
-+ env var */
-+ const char *mls_label = NULL; /* SL to put in classification
-+ env var */
-+#endif /* WITH_LSPP */
-
-
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
-@@ -1071,6 +1090,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
- }
- }
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config())
-+ {
-+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
-+ {
-+ if (AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",
-+ job->id, job->auid, job->username, job->printer->name, title);
-+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,
-+ ServerName, NULL, NULL, 1);
-+ cupsdClearString(&audit_message);
-+ }
-+ }
-+ else
-+ {
-+ jobcon = context_new(job->scon);
-+
-+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)
-+ label_template = strdup(Classification);
-+ else if (attr->num_values > 1 &&
-+ strcmp(attr->values[1].string.text, "none") != 0)
-+ label_template = strdup(attr->values[1].string.text);
-+ else
-+ label_template = strdup(attr->values[0].string.text);
-+
-+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0)
-+ mls_label = context_range_get(jobcon);
-+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0)
-+ mls_label = context_type_get(jobcon);
-+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0)
-+ mls_label = context_str(jobcon);
-+ else
-+ mls_label = label_template;
-+
-+ if (mls_label && (PerPageLabels || banner_page))
-+ {
-+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label);
-+ envp[envc ++] = classification;
-+ }
-+
-+ if ((AuditLog != -1) && !banner_page)
-+ {
-+ audit_message = NULL;
-+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"
-+ " obj=%s label=%s", job->id, job->auid, job->username,
-+ job->printer->name, title, job->scon, mls_label?mls_label:"none");
-+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
-+ ServerName, NULL, NULL, 1);
-+ cupsdClearString(&audit_message);
-+ }
-+ context_free(jobcon);
-+ free(label_template);
-+ }
-+ }
-+ else
-+ /*
-+ * Fall through to the non-LSPP behavior
-+ */
-+#endif /* WITH_LSPP */
- if (Classification && !banner_page)
- {
- if ((attr = ippFindAttribute(job->attrs, "job-sheets",
-@@ -1845,6 +1925,20 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
- ippSetString(job->attrs, &job->reasons, 0, "none");
- }
-
-+#ifdef WITH_LSPP
-+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)
-+ cupsdSetString(&job->scon, attr->values[0].string.text);
-+ else if (is_lspp_config())
-+ {
-+ /*
-+ * There was no security context so delete the job
-+ */
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file \"%s\"!",
-+ jobfile);
-+ goto error;
-+ }
-+#endif /* WITH_LSPP */
-+
- job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed",
- IPP_TAG_INTEGER);
- job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
-@@ -2235,6 +2329,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
- {
- char filename[1024]; /* Job control filename */
- cups_file_t *fp; /* Job file */
-+#ifdef WITH_LSPP
-+ security_context_t spoolcon; /* context of the job control file */
-+ context_t jobcon; /* contex_t container for job->scon */
-+ context_t tmpcon; /* Temp context to swap the level */
-+ char *jobclearance; /* SELinux low end clearance */
-+ const char *jobrange; /* SELinux sensitivity range */
-+ char *jobrange_copy; /* SELinux sensitivity range */
-+#endif /* WITH_LSPP */
-
-
- cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
-@@ -2247,6 +2349,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
-
- fchown(cupsFileNumber(fp), RunUser, Group);
-
-+#ifdef WITH_LSPP
-+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
-+ {
-+ if (getfilecon(filename, &spoolcon) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "Unable to get context of job control file \"%s\" - %s.",
-+ filename, strerror(errno));
-+ return;
-+ }
-+ jobcon = context_new(job->scon);
-+ tmpcon = context_new(spoolcon);
-+ freecon(spoolcon);
-+ if (!jobcon || !tmpcon)
-+ {
-+ if (jobcon)
-+ context_free(jobcon);
-+ if (tmpcon)
-+ context_free(tmpcon);
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts");
-+ return;
-+ }
-+ jobrange = context_range_get(jobcon);
-+ if (jobrange)
-+ {
-+ jobrange_copy = strdup(jobrange);
-+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL)
-+ {
-+ if (context_range_set(tmpcon, jobclearance) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "Unable to set the range for job control file \"%s\" - %s.",
-+ filename, strerror(errno));
-+ free(jobrange_copy);
-+ context_free(tmpcon);
-+ context_free(jobcon);
-+ return;
-+ }
-+ }
-+ else
-+ {
-+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "Unable to set the range for job control file \"%s\" - %s.",
-+ filename, strerror(errno));
-+ free(jobrange_copy);
-+ context_free(tmpcon);
-+ context_free(jobcon);
-+ return;
-+ }
-+ }
-+ free(jobrange_copy);
-+ }
-+ if (setfilecon(filename, context_str(tmpcon)) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "Unable to set context of job control file \"%s\" - %s.",
-+ filename, strerror(errno));
-+ context_free(tmpcon);
-+ context_free(jobcon);
-+ return;
-+ }
-+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s",
-+ job, context_str(tmpcon));
-+ context_free(tmpcon);
-+ context_free(jobcon);
-+ }
-+#endif /* WITH_LSPP */
-+
- job->attrs->state = IPP_IDLE;
-
- if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
-@@ -3735,6 +3907,18 @@ get_options(cupsd_job_t *job, /* I - Jo
- banner_page)
- continue;
-
-+#ifdef WITH_LSPP
-+ /*
-+ * In LSPP mode refuse to honor the page-label
-+ */
-+ if (is_lspp_config() &&
-+ !strcmp(attr->name, "page-label"))
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode");
-+ continue;
-+ }
-+#endif /* WITH_LSPP */
-+
- /*
- * Otherwise add them to the list...
- */
-@@ -4457,6 +4641,19 @@ static void
- start_job(cupsd_job_t *job, /* I - Job ID */
- cupsd_printer_t *printer) /* I - Printer to print job */
- {
-+#ifdef WITH_LSPP
-+ char *audit_message = NULL; /* Audit message string */
-+ char *printerfile = NULL; /* Device file pointed to by the printer */
-+ security_id_t clisid; /* SELinux SID for the client */
-+ security_id_t psid; /* SELinux SID for the printer */
-+ context_t printercon; /* Printer's context string */
-+ struct stat printerstat; /* Printer's stat buffer */
-+ security_context_t devcon; /* Printer's SELinux context */
-+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
-+ security_class_t tclass; /* Object class for the SELinux check */
-+ access_vector_t avr; /* Access method being requested */
-+#endif /* WITH_LSPP */
-+
- cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))",
- job, job->id, printer, printer->name);
-
-@@ -4599,6 +4796,108 @@ start_job(cupsd_job_t *job, /* I -
- fcntl(job->side_pipes[1], F_SETFD,
- fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
-
-+#ifdef WITH_LSPP
-+ if (is_lspp_config())
-+ {
-+ /*
-+ * Perform an access check before printing, but only if the printer starts with /dev/
-+ */
-+ printerfile = strstr(printer->device_uri, "/dev/");
-+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
-+ printerfile = printer->device_uri + strlen("file:");
-+
-+ if (printerfile != NULL)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_DEBUG,
-+ "StartJob: Attempting to check access on printer device %s", printerfile);
-+ if (lstat(printerfile, &printerstat) < 0)
-+ {
-+ if (errno != ENOENT)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer");
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+ return ;
-+ }
-+ /*
-+ * The printer does not exist, so for now assume it's a FileDevice
-+ */
-+ tclass = SECCLASS_FILE;
-+ avr = FILE__WRITE;
-+ }
-+ else if (S_ISCHR(printerstat.st_mode))
-+ {
-+ tclass = SECCLASS_CHR_FILE;
-+ avr = CHR_FILE__WRITE;
-+ }
-+ else if (S_ISREG(printerstat.st_mode))
-+ {
-+ tclass = SECCLASS_FILE;
-+ avr = FILE__WRITE;
-+ }
-+ else
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "StartJob: Printer is not a character device or regular file");
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+ return ;
-+ }
-+ static avc_initialized = 0;
-+ if (!avc_initialized++)
-+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);
-+ avc_entry_ref_init(&avcref);
-+ if (avc_context_to_sid(job->scon, &clisid) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "StartJob: Unable to determine the SELinux sid for the job");
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+ return ;
-+ }
-+ if (getfilecon(printerfile, &devcon) == -1)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s",
-+ printerfile);
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+ return ;
-+ }
-+ printercon = context_new(devcon);
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s",
-+ context_str(printercon), job->scon);
-+ context_free(printercon);
-+
-+ if (avc_context_to_sid(devcon, &psid) != 0)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR,
-+ "StartJob: Unable to determine the SELinux sid for the printer");
-+ freecon(devcon);
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+ return ;
-+ }
-+ freecon(devcon);
-+
-+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
-+ {
-+ /*
-+ * The access check failed, so cancel the job and send an audit message
-+ */
-+ if (AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"
-+ " unable to access printer=%s", job->id,
-+ job->auid, (job->username)?job->username:"?", job->scon, printer->name);
-+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
-+ ServerName, NULL, NULL, 0);
-+ cupsdClearString(&audit_message);
-+ }
-+
-+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
-+
-+ return ;
-+ }
-+ }
-+ }
-+#endif /* WITH_LSPP */
-+
- /*
- * Now start the first file in the job...
- */
-diff -up cups-1.6b1/scheduler/job.h.lspp cups-1.6b1/scheduler/job.h
---- cups-1.6b1/scheduler/job.h.lspp 2012-05-23 03:36:50.000000000 +0200
-+++ cups-1.6b1/scheduler/job.h 2012-05-25 17:23:41.802504888 +0200
-@@ -13,6 +13,13 @@
- * file is missing or damaged, see the license at "http://www.cups.org/".
- */
-
-+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
-+#ifdef WITH_LSPP
-+#include <selinux/selinux.h>
-+#endif /* WITH_LSPP */
-+
- /*
- * Constants...
- */
-@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request *
- int progress; /* Printing progress */
- int num_keywords; /* Number of PPD keywords */
- cups_option_t *keywords; /* PPD keywords */
-+#ifdef WITH_LSPP
-+ security_context_t scon; /* Security context of job */
-+ uid_t auid; /* Audit loginuid for this job */
-+#endif /* WITH_LSPP */
- };
-
- typedef struct cupsd_joblog_s /**** Job log message ****/
-diff -up cups-1.6b1/scheduler/main.c.lspp cups-1.6b1/scheduler/main.c
---- cups-1.6b1/scheduler/main.c.lspp 2012-05-25 17:01:32.849768516 +0200
-+++ cups-1.6b1/scheduler/main.c 2012-05-25 17:01:32.868768383 +0200
-@@ -38,6 +38,8 @@
- * usage() - Show scheduler usage.
- */
-
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
- /*
- * Include necessary headers...
- */
-@@ -75,6 +77,9 @@
- # include <notify.h>
- #endif /* HAVE_NOTIFY_H */
-
-+#ifdef WITH_LSPP
-+# include <libaudit.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Local functions...
-@@ -138,6 +143,9 @@ main(int argc, /* I - Number of comm
- #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
- struct sigaction action; /* Actions for POSIX signals */
- #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
-+#if WITH_LSPP
-+ auditfail_t failmode; /* Action for audit_open failure */
-+#endif /* WITH_LSPP */
- #ifdef __sgi
- cups_file_t *fp; /* Fake lpsched lock file */
- struct stat statbuf; /* Needed for checking lpsched FIFO */
-@@ -463,6 +471,25 @@ main(int argc, /* I - Number of comm
- #endif /* DEBUG */
- }
-
-+#ifdef WITH_LSPP
-+ if ((AuditLog = audit_open()) < 0 )
-+ {
-+ if (get_auditfail_action(&failmode) == 0)
-+ {
-+ if (failmode == FAIL_LOG)
-+ {
-+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
-+ AuditLog = -1;
-+ }
-+ else if (failmode == FAIL_TERMINATE)
-+ {
-+ fprintf(stderr, "cupsd: unable to start auditing, terminating");
-+ return -1;
-+ }
-+ }
-+ }
-+#endif /* WITH_LSPP */
-+
- /*
- * Set the timezone info...
- */
-@@ -1180,6 +1207,11 @@ main(int argc, /* I - Number of comm
-
- cupsdStopSelect();
-
-+#ifdef WITH_LSPP
-+ if (AuditLog != -1)
-+ audit_close(AuditLog);
-+#endif /* WITH_LSPP */
-+
- return (!stop_scheduler);
- }
-
-diff -up cups-1.6b1/scheduler/printers.c.lspp cups-1.6b1/scheduler/printers.c
---- cups-1.6b1/scheduler/printers.c.lspp 2012-05-25 17:01:32.786768955 +0200
-+++ cups-1.6b1/scheduler/printers.c 2012-05-25 17:24:11.144300359 +0200
-@@ -56,6 +56,8 @@
- * write_xml_string() - Write a string with XML escaping.
- */
-
-+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
-+
- /*
- * Include necessary headers...
- */
-@@ -80,6 +82,10 @@
- # include <asl.h>
- #endif /* __APPLE__ */
-
-+#ifdef WITH_LSPP
-+# include <libaudit.h>
-+# include <selinux/context.h>
-+#endif /* WITH_LSPP */
-
- /*
- * Local functions...
-@@ -2101,6 +2107,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
- "username",
- "password"
- };
-+#ifdef WITH_LSPP
-+ char *audit_message; /* Audit message string */
-+ char *printerfile; /* Path to a local printer dev */
-+ char *rangestr; /* Printer's range if its available */
-+ security_context_t devcon; /* Printer SELinux context */
-+ context_t printercon; /* context_t for the printer */
-+#endif /* WITH_LSPP */
-
-
- DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
-@@ -2234,6 +2247,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
- attr->values[1].string.text = _cupsStrAlloc(Classification ?
- Classification : p->job_sheets[1]);
- }
-+#ifdef WITH_LSPP
-+ if (AuditLog != -1)
-+ {
-+ audit_message = NULL;
-+ rangestr = NULL;
-+ printercon = 0;
-+ printerfile = strstr(p->device_uri, "/dev/");
-+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
-+ printerfile = p->device_uri + strlen("file:");
-+
-+ if (printerfile != NULL)
-+ {
-+ if (getfilecon(printerfile, &devcon) == -1)
-+ {
-+ if(is_selinux_enabled())
-+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context");
-+ }
-+ else
-+ {
-+ printercon = context_new(devcon);
-+ freecon(devcon);
-+ }
-+ }
-+
-+ if (printercon && context_range_get(printercon))
-+ rangestr = strdup(context_range_get(printercon));
-+ else
-+ rangestr = strdup("unknown");
-+
-+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
-+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr);
-+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
-+ ServerName, NULL, NULL, 1);
-+ if (printercon)
-+ context_free(printercon);
-+ free(rangestr);
-+ cupsdClearString(&audit_message);
-+ }
-+#endif /* WITH_LSPP */
- }
-
- p->raw = 0;
-@@ -5320,7 +5372,6 @@ write_irix_state(cupsd_printer_t *p) /*
- }
- #endif /* __sgi */
-
--
- /*
- * 'write_xml_string()' - Write a string with XML escaping.
- */
--
2.6.3
next reply other threads:[~2016-09-09 7:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-09 7:42 Alexander Marx [this message]
2016-09-09 10:03 Alexander Marx
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1473406923-20798-1-git-send-email-alexander.marx@ipfire.org \
--to=alexander.marx@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox