From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Marx To: development@lists.ipfire.org Subject: [PATCH] cups: Update to 2.1.4 Date: Fri, 09 Sep 2016 07:42:03 +0000 Message-ID: <1473406923-20798-1-git-send-email-alexander.marx@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2878770649437078643==" List-Id: --===============2878770649437078643== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Alexander Marx --- cups/cups.nm | 6 +- cups/patches/001_cups-no-gzip-man.patch | 18 - cups/patches/002_cups-system-auth.patch | 38 - cups/patches/003_cups-multilib.patch | 16 - cups/patches/004_cups-banners.patch | 12 - cups/patches/005_cups-serverbin-compat.patch | 190 -- cups/patches/006_cups-no-export-ssllibs.patch | 12 - cups/patches/007_cups-direct-usb.patch | 27 - cups/patches/008_cups-lpr-help.patch | 48 - cups/patches/009_cups-peercred.patch | 11 - cups/patches/010_cups-pid.patch | 37 - cups/patches/011_cups-eggcups.patch | 130 -- cups/patches/012_cups-driverd-timeout.patch | 21 - cups/patches/013_cups-strict-ppd-line-length.patch | 30 - cups/patches/014_cups-logrotate.patch | 63 - cups/patches/015_cups-usb-paperout.patch | 52 - cups/patches/016_cups-res_init.patch | 26 - cups/patches/017_cups-filter-debug.patch | 32 - cups/patches/018_cups-uri-compat.patch | 51 - cups/patches/019_cups-cups-get-classes.patch | 89 - cups/patches/020_cups-str3382.patch | 64 - cups/patches/021_cups-0755.patch | 21 - cups/patches/022_cups-hp-deviceid-oid.patch | 21 - cups/patches/023_cups-dnssd-deviceid.patch | 38 - cups/patches/024_cups-ricoh-deviceid-oid.patch | 21 - cups/patches/025_cups-systemd-socket.patch | 395 ---- cups/patches/026_cups-lspp.patch | 1999 ------------------= -- 27 files changed, 3 insertions(+), 3465 deletions(-) delete mode 100644 cups/patches/001_cups-no-gzip-man.patch delete mode 100644 cups/patches/002_cups-system-auth.patch delete mode 100644 cups/patches/003_cups-multilib.patch delete mode 100644 cups/patches/004_cups-banners.patch delete mode 100644 cups/patches/005_cups-serverbin-compat.patch delete mode 100644 cups/patches/006_cups-no-export-ssllibs.patch delete mode 100644 cups/patches/007_cups-direct-usb.patch delete mode 100644 cups/patches/008_cups-lpr-help.patch delete mode 100644 cups/patches/009_cups-peercred.patch delete mode 100644 cups/patches/010_cups-pid.patch delete mode 100644 cups/patches/011_cups-eggcups.patch delete mode 100644 cups/patches/012_cups-driverd-timeout.patch delete mode 100644 cups/patches/013_cups-strict-ppd-line-length.patch delete mode 100644 cups/patches/014_cups-logrotate.patch delete mode 100644 cups/patches/015_cups-usb-paperout.patch delete mode 100644 cups/patches/016_cups-res_init.patch delete mode 100644 cups/patches/017_cups-filter-debug.patch delete mode 100644 cups/patches/018_cups-uri-compat.patch delete mode 100644 cups/patches/019_cups-cups-get-classes.patch delete mode 100644 cups/patches/020_cups-str3382.patch delete mode 100644 cups/patches/021_cups-0755.patch delete mode 100644 cups/patches/022_cups-hp-deviceid-oid.patch delete mode 100644 cups/patches/023_cups-dnssd-deviceid.patch delete mode 100644 cups/patches/024_cups-ricoh-deviceid-oid.patch delete mode 100644 cups/patches/025_cups-systemd-socket.patch delete mode 100644 cups/patches/026_cups-lspp.patch diff --git a/cups/cups.nm b/cups/cups.nm index 3b5672b..5abb804 100644 --- a/cups/cups.nm +++ b/cups/cups.nm @@ -4,7 +4,7 @@ ############################################################################= ### =20 name =3D cups -version =3D 1.6.1 +version =3D 2.1.4 release =3D 1 =20 groups =3D Applications/Printing @@ -17,8 +17,8 @@ description by Apple Inc. for Mac OS(R) X and other UNIX(R)-like operating systems. end =20 -source_dl =3D http://ftp.easysw.com/pub/cups/%{version}/ -sources =3D %{thisapp}-source.tar.bz2 +source_dl =3D https://github.com/apple/cups/releases/download/release-%{ver= sion}/ +sources =3D %{thisapp}-source.tar.gz =20 build requires diff --git a/cups/patches/001_cups-no-gzip-man.patch b/cups/patches/001_cups-= no-gzip-man.patch deleted file mode 100644 index cabfcf1..0000000 --- a/cups/patches/001_cups-no-gzip-man.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man cups-1.6b1/c= onfig-scripts/cups-manpages.m4 ---- cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man 2012-04-23 19:26:= 57.000000000 +0200 -+++ cups-1.6b1/config-scripts/cups-manpages.m4 2012-05-25 14:57:01.959845267= +0200 -@@ -69,10 +69,10 @@ case "$uname" in - ;; - Linux* | GNU* | Darwin*) - # Linux, GNU Hurd, and OS X -- MAN1EXT=3D1.gz -- MAN5EXT=3D5.gz -- MAN7EXT=3D7.gz -- MAN8EXT=3D8.gz -+ MAN1EXT=3D1 -+ MAN5EXT=3D5 -+ MAN7EXT=3D7 -+ MAN8EXT=3D8 - MAN8DIR=3D8 - ;; - *) diff --git a/cups/patches/002_cups-system-auth.patch b/cups/patches/002_cups-= system-auth.patch deleted file mode 100644 index 60117a9..0000000 --- a/cups/patches/002_cups-system-auth.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups= .password-auth ---- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.00000= 0000 +0200 -+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,4 @@ -+#%PAM-1.0 -+# Use password-auth common PAM configuration for the daemon -+auth include password-auth -+account include password-auth -diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.s= ystem-auth ---- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.0000000= 00 +0200 -+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+auth include system-auth -+account include system-auth -diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile ---- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200 -+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200 -@@ -90,10 +90,16 @@ install-data: - done - -if test x$(PAMDIR) !=3D x; then \ - $(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \ -- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ if test -f /etc/pam.d/password-auth; then \ -+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \ -+ elif test -f /etc/pam.d/system-auth; then \ -+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \ - else \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ else \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ fi ; \ - fi ; \ - fi -=20 diff --git a/cups/patches/003_cups-multilib.patch b/cups/patches/003_cups-mul= tilib.patch deleted file mode 100644 index 3c6bc39..0000000 --- a/cups/patches/003_cups-multilib.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in ---- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200 -+++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200 -@@ -22,8 +22,10 @@ prefix=3D@prefix@ - exec_prefix=3D@exec_prefix@ - bindir=3D@bindir@ - includedir=3D@includedir@ --libdir=3D@libdir@ --imagelibdir=3D@libdir@ -+# Fetch libdir from gnutls's pkg-config script. This is a bit -+# of a cheat, but the cups-devel package requires gnutls-devel anyway. -+libdir=3D`pkg-config --variable=3Dlibdir gnutls` -+imagelibdir=3D`pkg-config --variable=3Dlibdir gnutls` - datarootdir=3D@datadir@ - datadir=3D@datadir@ - sysconfdir=3D@sysconfdir@ diff --git a/cups/patches/004_cups-banners.patch b/cups/patches/004_cups-bann= ers.patch deleted file mode 100644 index aa19282..0000000 --- a/cups/patches/004_cups-banners.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners= .c ---- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +02= 00 -+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200 -@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I -=20 - if ((ext =3D strrchr(dent->filename, '.')) !=3D NULL) - if (!strcmp(ext, ".bck") || - !strcmp(ext, ".bak") || -+ !strcmp(ext, ".rpmnew") || -+ !strcmp(ext, ".rpmsave") || - !strcmp(ext, ".sav")) - continue; -=20 diff --git a/cups/patches/005_cups-serverbin-compat.patch b/cups/patches/005_= cups-serverbin-compat.patch deleted file mode 100644 index 0ca72fd..0000000 --- a/cups/patches/005_cups-serverbin-compat.patch +++ /dev/null @@ -1,190 +0,0 @@ -diff -up cups-1.5b1/scheduler/conf.c.serverbin-compat cups-1.5b1/scheduler/c= onf.c ---- cups-1.5b1/scheduler/conf.c.serverbin-compat 2011-05-20 06:24:54.0000000= 00 +0200 -+++ cups-1.5b1/scheduler/conf.c 2011-05-23 17:20:33.000000000 +0200 -@@ -491,6 +491,9 @@ cupsdReadConfiguration(void) - cupsdClearString(&ServerName); - cupsdClearString(&ServerAdmin); - cupsdSetString(&ServerBin, CUPS_SERVERBIN); -+#ifdef __x86_64__ -+ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups"); -+#endif /* __x86_64__ */ - cupsdSetString(&RequestRoot, CUPS_REQUESTS); - cupsdSetString(&CacheDir, CUPS_CACHEDIR); - cupsdSetString(&DataDir, CUPS_DATADIR); -@@ -1378,7 +1381,12 @@ cupsdReadConfiguration(void) - * Read the MIME type and conversion database... - */ -=20 -+#ifdef __x86_64__ -+ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin, -+ ServerBin_compat); -+#else - snprintf(temp, sizeof(temp), "%s/filter", ServerBin); -+#endif - snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir); -=20 - MimeDatabase =3D mimeNew(); -diff -up cups-1.5b1/scheduler/conf.h.serverbin-compat cups-1.5b1/scheduler/c= onf.h ---- cups-1.5b1/scheduler/conf.h.serverbin-compat 2011-04-22 19:47:03.0000000= 00 +0200 -+++ cups-1.5b1/scheduler/conf.h 2011-05-23 15:34:25.000000000 +0200 -@@ -105,6 +105,10 @@ VAR char *ConfigurationFile VALUE(NULL) - /* Root directory for scheduler */ - *ServerBin VALUE(NULL), - /* Root directory for binaries */ -+#ifdef __x86_64__ -+ *ServerBin_compat VALUE(NULL), -+ /* Compat directory for binaries */ -+#endif /* __x86_64__ */ - *StateDir VALUE(NULL), - /* Root directory for state data */ - *RequestRoot VALUE(NULL), -diff -up cups-1.5b1/scheduler/env.c.serverbin-compat cups-1.5b1/scheduler/en= v.c ---- cups-1.5b1/scheduler/env.c.serverbin-compat 2011-01-11 04:48:42.00000000= 0 +0100 -+++ cups-1.5b1/scheduler/env.c 2011-05-23 17:07:17.000000000 +0200 -@@ -218,8 +218,13 @@ cupsdUpdateEnv(void) - set_if_undefined("LD_PRELOAD", NULL); - set_if_undefined("NLSPATH", NULL); - if (find_env("PATH") < 0) -+#ifdef __x86_64__ -+ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR -+ ":/bin:/usr/bin", ServerBin, ServerBin_compat); -+#else /* ! defined(__x86_64__) */ - cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR - ":/bin:/usr/bin", ServerBin); -+#endif - set_if_undefined("SERVER_ADMIN", ServerAdmin); - set_if_undefined("SHLIB_PATH", NULL); - set_if_undefined("SOFTWARE", CUPS_MINIMAL); -diff -up cups-1.5b1/scheduler/ipp.c.serverbin-compat cups-1.5b1/scheduler/ip= p.c ---- cups-1.5b1/scheduler/ipp.c.serverbin-compat 2011-05-20 05:49:49.00000000= 0 +0200 -+++ cups-1.5b1/scheduler/ipp.c 2011-05-23 16:09:57.000000000 +0200 -@@ -2586,9 +2586,18 @@ add_printer(cupsd_client_t *con, /* I - - * Could not find device in list! - */ -=20 -+#ifdef __x86_64__ -+ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (access(srcfile, X_OK)) -+ { -+#endif /* __x86_64__ */ - send_ipp_status(con, IPP_NOT_POSSIBLE, - _("Bad device-uri scheme \"%s\"."), scheme); - return; -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } -=20 -diff -up cups-1.5b1/scheduler/job.c.serverbin-compat cups-1.5b1/scheduler/jo= b.c ---- cups-1.5b1/scheduler/job.c.serverbin-compat 2011-05-20 05:49:49.00000000= 0 +0200 -+++ cups-1.5b1/scheduler/job.c 2011-05-23 16:18:57.000000000 +0200 -@@ -1047,8 +1047,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I=20 - i ++, filter =3D (mime_filter_t *)cupsArrayNext(filters)) - { - if (filter->filter[0] !=3D '/') -- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -- filter->filter); -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", -+ ServerBin_compat, filter->filter); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Filter '%s' not in %s/filter!", -+ filter->filter, ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ * messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+ } -+ } -+#endif /* __x86_64__ */ -+ } - else - strlcpy(command, filter->filter, sizeof(command)); -=20 -@@ -1199,6 +1223,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I=20 - { - cupsdClosePipe(job->back_pipes); - cupsdClosePipe(job->side_pipes); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but we found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Backend '%s' not in %s/backend!", scheme, -+ ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin, -+ scheme); -+ } -+ } -+#endif /* __x86_64__ */ -=20 - close(job->status_pipes[1]); - job->status_pipes[1] =3D -1; -diff -up cups-1.5b1/scheduler/printers.c.serverbin-compat cups-1.5b1/schedul= er/printers.c ---- cups-1.5b1/scheduler/printers.c.serverbin-compat 2011-05-20 05:49:49.000= 000000 +0200 -+++ cups-1.5b1/scheduler/printers.c 2011-05-23 17:09:04.000000000 +0200 -@@ -1030,9 +1030,19 @@ cupsdLoadAllPrinters(void) - * Backend does not exist, stop printer... - */ -=20 -+#ifdef __x86_64__ -+ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat, -+ p->device_uri); -+ if (access(line, 0)) -+ { -+#endif /* __x86_64__ */ -+ - p->state =3D IPP_PRINTER_STOPPED; - snprintf(p->state_message, sizeof(p->state_message), - "Backend %s does not exist!", line); -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } -=20 -@@ -3621,8 +3631,20 @@ add_printer_filter( - else - snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, progr= am); -=20 -+#ifdef __x86_64__ -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) =3D=3D _CUPS_FILE_CHECK_MISSIN= G) { -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat, -+ program); -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) =3D=3D _CUPS_FILE_CHECK_MISS= ING) -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, -+ program); -+ } -+#else /* ! defined(__x86_64__) */ - _cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, - cupsdLogFCMessage, p); -+#endif=20 - } -=20 - /* diff --git a/cups/patches/006_cups-no-export-ssllibs.patch b/cups/patches/006= _cups-no-export-ssllibs.patch deleted file mode 100644 index de277d8..0000000 --- a/cups/patches/006_cups-no-export-ssllibs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5.3/= config-scripts/cups-ssl.m4 ---- cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs 2012-03-21 05:45= :48.000000000 +0100 -+++ cups-1.5.3/config-scripts/cups-ssl.m4 2012-05-15 16:47:13.753314620 +0200 -@@ -173,7 +173,7 @@ AC_SUBST(IPPALIASES) - AC_SUBST(SSLFLAGS) - AC_SUBST(SSLLIBS) -=20 --EXPORT_SSLLIBS=3D"$SSLLIBS" -+EXPORT_SSLLIBS=3D"" - AC_SUBST(EXPORT_SSLLIBS) -=20 - dnl diff --git a/cups/patches/007_cups-direct-usb.patch b/cups/patches/007_cups-d= irect-usb.patch deleted file mode 100644 index 4e25ce7..0000000 --- a/cups/patches/007_cups-direct-usb.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-uni= x.c ---- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 += 0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200 -@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ -=20 -+ if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ use_bc =3D 0; -+ - if ((device_fd =3D open_device(uri, &use_bc)) =3D=3D -1) - { - if (getenv("CLASS") !=3D NULL) -@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- /* -- * Do not allow direct devices anymore... -- */ -- -- errno =3D ENODEV; -- return (-1); -+ return (open(uri + 4, O_RDWR | O_EXCL)); - } - else if (!strncmp(uri, "usb://", 6)) - { diff --git a/cups/patches/008_cups-lpr-help.patch b/cups/patches/008_cups-lpr= -help.patch deleted file mode 100644 index c42434d..0000000 --- a/cups/patches/008_cups-lpr-help.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up cups-1.5b1/berkeley/lpr.c.lpr-help cups-1.5b1/berkeley/lpr.c ---- cups-1.5b1/berkeley/lpr.c.lpr-help 2011-03-21 23:02:00.000000000 +0100 -+++ cups-1.5b1/berkeley/lpr.c 2011-05-23 17:58:06.000000000 +0200 -@@ -24,6 +24,31 @@ - #include -=20 -=20 -+static void -+usage (const char *name) -+{ -+ _cupsLangPrintf(stdout, -+"Usage: %s [OPTION] [ file(s) ]\n" -+"Print files.\n\n" -+" -E force encryption\n" -+" -H server[:port] specify alternate server\n" -+" -C title, -J title, -T title\n" -+" set the job name\n\n" -+" -P destination/instance print to named printer\n" -+" -U username specify alternate username\n" -+" -# num-copies set number of copies\n" -+" -h disable banner printing\n" -+" -l print without filtering\n" -+" -m send email on completion\n" -+" -o option[=3Dvalue] set a job option\n" -+" -p format text file with header\n" -+" -q hold job for printing\n" -+" -r delete files after printing\n" -+"\nWith no file given, read standard input.\n" -+, name); -+} -+ -+ - /* - * 'main()' - Parse options and send files for printing. - */ -@@ -270,6 +294,12 @@ main(int argc, /* I - Number of comm - break; -=20 - default : -+ if (!strcmp (argv[i], "--help")) -+ { -+ usage (argv[0]); -+ return (0); -+ } -+ - _cupsLangPrintf(stderr, - _("%s: Error - unknown option \"%c\"."), argv[0], - argv[i][1]); diff --git a/cups/patches/009_cups-peercred.patch b/cups/patches/009_cups-pee= rcred.patch deleted file mode 100644 index a106abb..0000000 --- a/cups/patches/009_cups-peercred.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c ---- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200 -@@ -52,6 +52,7 @@ - * Include necessary headers... - */ -=20 -+#define _GNU_SOURCE - #include "cupsd.h" - #include - #ifdef HAVE_SHADOW_H diff --git a/cups/patches/010_cups-pid.patch b/cups/patches/010_cups-pid.patch deleted file mode 100644 index 23ffd47..0000000 --- a/cups/patches/010_cups-pid.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c ---- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200 -+++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200 -@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm - * Setup signal handlers for the parent... - */ -=20 -+ pid_t pid; -+ - #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */ - sigset(SIGUSR1, parent_handler); - sigset(SIGCHLD, parent_handler); -@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm - signal(SIGHUP, SIG_IGN); - #endif /* HAVE_SIGSET */ -=20 -- if (fork() > 0) -+ if ((pid =3D fork()) > 0) - { - /* - * OK, wait for the child to startup and send us SIGUSR1 or to crash -@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm - sleep(1); -=20 - if (parent_signal =3D=3D SIGUSR1) -+ { -+ FILE *f =3D fopen ("/var/run/cupsd.pid", "w"); -+ if (f) -+ { -+ fprintf (f, "%d\n", pid); -+ fclose (f); -+ } - return (0); -+ } -=20 - if (wait(&i) < 0) - { diff --git a/cups/patches/011_cups-eggcups.patch b/cups/patches/011_cups-eggc= ups.patch deleted file mode 100644 index 981d920..0000000 --- a/cups/patches/011_cups-eggcups.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up cups-1.5.3/backend/ipp.c.eggcups cups-1.5.3/backend/ipp.c ---- cups-1.5.3/backend/ipp.c.eggcups 2012-05-05 01:00:01.000000000 +0200 -+++ cups-1.5.3/backend/ipp.c 2012-05-15 16:50:41.142868986 +0200 -@@ -138,6 +138,70 @@ static cups_array_t *state_reasons; /* A - static char tmpfilename[1024] =3D ""; - /* Temporary spool file name */ -=20 -+#if HAVE_DBUS -+#include -+ -+static DBusConnection *dbus_connection =3D NULL; -+ -+static int -+init_dbus (void) -+{ -+ DBusConnection *connection; -+ DBusError error; -+ -+ if (dbus_connection && -+ !dbus_connection_get_is_connected (dbus_connection)) { -+ dbus_connection_unref (dbus_connection); -+ dbus_connection =3D NULL; -+ } -+ =20 -+ dbus_error_init (&error); -+ connection =3D dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYST= EM, &error); -+ if (connection =3D=3D NULL) { -+ dbus_error_free (&error); -+ return -1; -+ } -+ -+ dbus_connection =3D connection; -+ return 0; -+} -+ -+int -+dbus_broadcast_queued_remote (const char *printer_uri, -+ ipp_status_t status, -+ unsigned int local_job_id, -+ unsigned int remote_job_id, -+ const char *username, -+ const char *printer_name) -+{ -+ DBusMessage *message; -+ DBusMessageIter iter; -+ const char *errstr; -+ -+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connectio= n)) { -+ if (init_dbus () || !dbus_connection) -+ return -1; -+ } -+ -+ errstr =3D ippErrorString (status); -+ message =3D dbus_message_new_signal ("/com/redhat/PrinterSpooler", -+ "com.redhat.PrinterSpooler", -+ "JobQueuedRemote"); -+ dbus_message_iter_init_append (message, &iter); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name); -+ -+ dbus_connection_send (dbus_connection, message, NULL); -+ dbus_connection_flush (dbus_connection); -+ dbus_message_unref (message); -+ =20 -+ return 0; -+} -+#endif /* HAVE_DBUS */ -=20 - /* - * Local functions... -@@ -1520,6 +1584,15 @@ main(int argc, /* I - Number of comm - _("Print file accepted - job ID %d."), job_id); - } -=20 -+#if HAVE_DBUS -+ dbus_broadcast_queued_remote (argv[0], -+ ipp_status, -+ atoi (argv[1]), -+ job_id, -+ argv[2], -+ getenv ("PRINTER")); -+#endif /* HAVE_DBUS */ -+ - fprintf(stderr, "DEBUG: job-id=3D%d\n", job_id); - ippDelete(response); -=20 -diff -up cups-1.5.3/backend/Makefile.eggcups cups-1.5.3/backend/Makefile ---- cups-1.5.3/backend/Makefile.eggcups 2012-04-23 19:42:12.000000000 +0200 -+++ cups-1.5.3/backend/Makefile 2012-05-15 16:48:17.253871982 +0200 -@@ -212,7 +212,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac -=20 - ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a - echo Linking $@... -- $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) -+ $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) - $(RM) http - $(LN) ipp http -=20 -diff -up cups-1.5.3/scheduler/subscriptions.c.eggcups cups-1.5.3/scheduler/s= ubscriptions.c ---- cups-1.5.3/scheduler/subscriptions.c.eggcups 2012-02-12 06:48:09.0000000= 00 +0100 -+++ cups-1.5.3/scheduler/subscriptions.c 2012-05-15 16:48:17.253871982 +0200 -@@ -1314,13 +1314,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, - what =3D "PrinterAdded"; - else if (event & CUPSD_EVENT_PRINTER_DELETED) - what =3D "PrinterRemoved"; -- else if (event & CUPSD_EVENT_PRINTER_CHANGED) -- what =3D "QueueChanged"; - else if (event & CUPSD_EVENT_JOB_CREATED) - what =3D "JobQueuedLocal"; - else if ((event & CUPSD_EVENT_JOB_STATE) && job && - job->state_value =3D=3D IPP_JOB_PROCESSING) - what =3D "JobStartedLocal"; -+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANG= ED|CUPSD_EVENT_PRINTER_STATE_CHANGED)) -+ what =3D "QueueChanged"; - else - return; -=20 -@@ -1356,7 +1356,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, - dbus_message_append_iter_init(message, &iter); - if (dest) - dbus_message_iter_append_string(&iter, dest->name); -- if (job) -+ if (job && strcmp (what, "QueueChanged") !=3D 0) - { - dbus_message_iter_append_uint32(&iter, job->id); - dbus_message_iter_append_string(&iter, job->username); diff --git a/cups/patches/012_cups-driverd-timeout.patch b/cups/patches/012_c= ups-driverd-timeout.patch deleted file mode 100644 index cb9e5cf..0000000 --- a/cups/patches/012_cups-driverd-timeout.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5.0/scheduler/ipp.c.driverd-timeout cups-1.5.0/scheduler/ipp= .c ---- cups-1.5.0/scheduler/ipp.c.driverd-timeout 2011-10-10 17:03:41.801690962= +0100 -+++ cups-1.5.0/scheduler/ipp.c 2011-10-10 17:03:41.861689834 +0100 -@@ -5723,7 +5723,7 @@ copy_model(cupsd_client_t *con, /* I - - close(temppipe[1]); -=20 - /* -- * Wait up to 30 seconds for the PPD file to be copied... -+ * Wait up to 70 seconds for the PPD file to be copied... - */ -=20 - total =3D 0; -@@ -5743,7 +5743,7 @@ copy_model(cupsd_client_t *con, /* I - - FD_SET(temppipe[0], &input); - FD_SET(CGIPipes[0], &input); -=20 -- timeout.tv_sec =3D 30; -+ timeout.tv_sec =3D 70; - timeout.tv_usec =3D 0; -=20 - if ((i =3D select(maxfd, &input, NULL, NULL, &timeout)) < 0) diff --git a/cups/patches/013_cups-strict-ppd-line-length.patch b/cups/patche= s/013_cups-strict-ppd-line-length.patch deleted file mode 100644 index b2697ec..0000000 --- a/cups/patches/013_cups-strict-ppd-line-length.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up cups-1.5b1/cups/ppd.c.strict-ppd-line-length cups-1.5b1/cups/ppd.c ---- cups-1.5b1/cups/ppd.c.strict-ppd-line-length 2011-05-20 05:49:49.0000000= 00 +0200 -+++ cups-1.5b1/cups/ppd.c 2011-05-24 15:46:13.000000000 +0200 -@@ -2786,7 +2786,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - *lineptr++ =3D ch; - col ++; -=20 -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform =3D=3D PPD_CONFORM_STRICT) - { - /* - * Line is too long... -@@ -2847,7 +2847,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; -=20 -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform =3D=3D PPD_CONFORM_STRIC= T) - { - /* - * Line is too long... -@@ -2906,7 +2906,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; -=20 -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform =3D=3D PPD_CONFORM_STRIC= T) - { - /* - * Line is too long... diff --git a/cups/patches/014_cups-logrotate.patch b/cups/patches/014_cups-lo= grotate.patch deleted file mode 100644 index a6485a9..0000000 --- a/cups/patches/014_cups-logrotate.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up cups-1.5b1/scheduler/log.c.logrotate cups-1.5b1/scheduler/log.c ---- cups-1.5b1/scheduler/log.c.logrotate 2011-05-14 01:04:16.000000000 +0200 -+++ cups-1.5b1/scheduler/log.c 2011-05-24 15:47:20.000000000 +0200 -@@ -32,6 +32,9 @@ - #include "cupsd.h" - #include - #include -+#include -+#include -+#include -=20 -=20 - /* -@@ -71,12 +74,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - return (1); -=20 - /* -- * Format the filename as needed... -+ * Format the filename... - */ -=20 -- if (!*lf || -- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize && -- MaxLogSize > 0)) -+ if (strncmp(logname, "/dev/", 5)) - { - /* - * Handle format strings... -@@ -186,6 +187,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - } -=20 - /* -+ * Has someone else (i.e. logrotate) already rotated the log for us? -+ */ -+ else if (strncmp(filename, "/dev/", 5)) -+ { -+ struct stat st; -+ if (stat(filename, &st) || st.st_size =3D=3D 0) -+ { -+ /* File is either missing or has zero size. */ -+ -+ cupsFileClose(*lf); -+ if ((*lf =3D cupsFileOpen(filename, "a")) =3D=3D NULL) -+ { -+ syslog(LOG_ERR, "Unable to open log file \"%s\" - %s", filename, -+ strerror(errno)); -+ -+ return (0); -+ } -+ -+ /* -+ * Change ownership and permissions of non-device logs... -+ */ -+ -+ fchown(cupsFileNumber(*lf), RunUser, Group); -+ fchmod(cupsFileNumber(*lf), LogFilePerm); -+ } -+ } -+ -+ /* - * Do we need to rotate the log? - */ -=20 diff --git a/cups/patches/015_cups-usb-paperout.patch b/cups/patches/015_cups= -usb-paperout.patch deleted file mode 100644 index f1f73f0..0000000 --- a/cups/patches/015_cups-usb-paperout.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-u= nix.c ---- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000= +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200 -@@ -30,6 +30,11 @@ -=20 - #include -=20 -+#ifdef __linux -+#include -+#include -+#endif /* __linux */ -+ -=20 - /* - * Local functions... -@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- return (open(uri + 4, O_RDWR | O_EXCL)); -+ fd =3D open(uri + 4, O_RDWR | O_EXCL); -+ -+ if (fd !=3D -1) -+ { -+ /* -+ * Tell the driver to return from write() with errno=3D=3DENOSPACE -+ * on paper-out. -+ */ -+ unsigned int t =3D 1; -+ ioctl (fd, LPABORT, &t); -+ } -+ -+ return fd; - } - else if (!strncmp(uri, "usb://", 6)) - { -@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev - if (!strcmp(uri, device_uri)) - { - /* -- * Yes, return this file descriptor... -+ * Yes, tell the driver to return from write() with -+ * errno=3D=3DENOSPACE on paper-out. -+ */ -+ unsigned int t =3D 1; -+ ioctl (fd, LPABORT, &t); -+ -+ /* -+ * Return this file descriptor... - */ -=20 - fprintf(stderr, "DEBUG: Printer using device file \"%s\"...\n", diff --git a/cups/patches/016_cups-res_init.patch b/cups/patches/016_cups-res= _init.patch deleted file mode 100644 index 94a81a4..0000000 --- a/cups/patches/016_cups-res_init.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up cups-1.6b1/cups/http-addr.c.res_init cups-1.6b1/cups/http-addr.c ---- cups-1.6b1/cups/http-addr.c.res_init 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/cups/http-addr.c 2012-05-25 15:51:51.323916352 +0200 -@@ -254,7 +254,8 @@ httpAddrLookup( -=20 - if (error) - { -- if (error =3D=3D EAI_FAIL) -+ if (error =3D=3D EAI_FAIL || error =3D=3D EAI_AGAIN || error =3D=3D E= AI_NODATA || -+ error =3D=3D EAI_NONAME) - cg->need_res_init =3D 1; -=20 - return (httpAddrString(addr, name, namelen)); -diff -up cups-1.6b1/cups/http-addrlist.c.res_init cups-1.6b1/cups/http-addrl= ist.c ---- cups-1.6b1/cups/http-addrlist.c.res_init 2012-04-23 19:26:57.000000000 += 0200 -+++ cups-1.6b1/cups/http-addrlist.c 2012-05-25 16:05:05.930377452 +0200 -@@ -540,7 +540,8 @@ httpAddrGetList(const char *hostname, /* - } - else - { -- if (error =3D=3D EAI_FAIL) -+ if (error =3D=3D EAI_FAIL || error =3D=3D EAI_AGAIN || error =3D=3D E= AI_NODATA || -+ error =3D=3D EAI_NONAME) - cg->need_res_init =3D 1; -=20 - _cupsSetError(IPP_INTERNAL_ERROR, gai_strerror(error), 0); diff --git a/cups/patches/017_cups-filter-debug.patch b/cups/patches/017_cups= -filter-debug.patch deleted file mode 100644 index 96c82da..0000000 --- a/cups/patches/017_cups-filter-debug.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0= 200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200 -@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I -=20 - if (!filters) - { -+ mime_filter_t *current; -+ - cupsdLogJob(job, CUPSD_LOG_ERROR, - "Unable to convert file %d to printable format.", - job->current_file); -=20 -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Required: %s/%s -> %s/%s", -+ job->filetypes[job->current_file]->super, -+ job->filetypes[job->current_file]->type, -+ job->printer->filetype->super, -+ job->printer->filetype->type); -+ -+ for (current =3D (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs); -+ current; -+ current =3D (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs)) -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Available: %s/%s -> %s/%s (%s)", -+ current->src->super, current->src->type, -+ current->dst->super, current->dst->type, -+ current->filter); -+ - abort_message =3D "Aborting job because it cannot be printed."; - abort_state =3D IPP_JOB_ABORTED; -=20 diff --git a/cups/patches/018_cups-uri-compat.patch b/cups/patches/018_cups-u= ri-compat.patch deleted file mode 100644 index 2520a5b..0000000 --- a/cups/patches/018_cups-uri-compat.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-uni= x.c ---- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 += 0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200 -@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De - int device_fd; /* USB device */ - ssize_t tbytes; /* Total number of bytes written */ - struct termios opts; /* Parallel port options */ -+ char *fixed_uri =3D strdup (uri); -+ char *p; -=20 -=20 - (void)argc; - (void)argv; -=20 -+ p =3D strchr (fixed_uri, ':'); -+ if (p++ !=3D NULL) -+ { -+ char *e; -+ p +=3D strspn (p, "/"); -+ e =3D strchr (p, '/'); -+ if (e > p) -+ { -+ size_t mfrlen =3D e - p; -+ e++; -+ if (!strncasecmp (e, p, mfrlen)) -+ { -+ char *x =3D e + mfrlen; -+ if (!strncmp (x, "%20", 3)) -+ /* Take mfr name out of mdl name for compatibility with -+ * Fedora 11 before bug #507244 was fixed. */ -+ strcpy (e, x + 3); puts(fixed_uri); -+ } -+ } -+ } -+ - /* - * Open the USB port device... - */ -@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ -=20 -- if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9)) - use_bc =3D 0; -=20 -- if ((device_fd =3D open_device(uri, &use_bc)) =3D=3D -1) -+ if ((device_fd =3D open_device(fixed_uri, &use_bc)) =3D=3D -1) - { - if (getenv("CLASS") !=3D NULL) - { diff --git a/cups/patches/019_cups-cups-get-classes.patch b/cups/patches/019_= cups-cups-get-classes.patch deleted file mode 100644 index b0ffe1c..0000000 --- a/cups/patches/019_cups-cups-get-classes.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -up cups-1.5.0/cups/dest.c.cups-get-classes cups-1.5.0/cups/dest.c ---- cups-1.5.0/cups/dest.c.cups-get-classes 2011-05-20 04:49:49.000000000 +0= 100 -+++ cups-1.5.0/cups/dest.c 2011-09-14 12:10:05.111635428 +0100 -@@ -534,6 +534,7 @@ _cupsGetDests(http_t *http, /* I -=20 - char uri[1024]; /* printer-uri value */ - int num_options; /* Number of options */ - cups_option_t *options; /* Options */ -+ int get_classes; /* Whether we need to fetch class */ - #ifdef __APPLE__ - char media_default[41]; /* Default paper size */ - #endif /* __APPLE__ */ -@@ -590,6 +591,8 @@ _cupsGetDests(http_t *http, /* I -=20 - * printer-uri [for IPP_GET_PRINTER_ATTRIBUTES] - */ -=20 -+ get_classes =3D (op =3D=3D CUPS_GET_PRINTERS); -+ - request =3D ippNewRequest(op); -=20 - ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, -@@ -647,6 +650,23 @@ _cupsGetDests(http_t *http, /* I -=20 - attr->value_tag !=3D IPP_TAG_URI) - continue; -=20 -+ if (get_classes && -+ -+ /* Is this a class? */ -+ ((attr->value_tag =3D=3D IPP_TAG_ENUM && -+ !strcmp(attr->name, "printer-type") && -+ (attr->values[0].integer & CUPS_PRINTER_CLASS)) || -+ -+ /* Or, is this an attribute from CUPS 1.2 or later? */ -+ !strcmp(attr->name, "auth-info-required") || -+ !strncmp(attr->name, "marker-", 7) || -+ !strcmp(attr->name, "printer-commands") || -+ !strcmp(attr->name, "printer-is-shared"))) -+ /* We are talking to a recent enough CUPS server that -+ * CUPS_GET_PRINTERS returns classes as well. -+ */ -+ get_classes =3D 0; -+ - if (!strcmp(attr->name, "auth-info-required") || - !strcmp(attr->name, "device-uri") || - !strcmp(attr->name, "marker-change-time") || -@@ -738,6 +758,28 @@ _cupsGetDests(http_t *http, /* I -=20 - continue; - } -=20 -+ /* -+ * If we sent a CUPS_GET_CLASSES request, check whether -+ * CUPS_GET_PRINTERS already gave us this destination and exit -+ * early if so. -+ */ -+ -+ if (op =3D=3D CUPS_GET_CLASSES && num_dests > 0) -+ { -+ int diff; -+ cups_find_dest (printer_name, NULL, num_dests, *dests, 0, &diff); -+ if (diff =3D=3D 0) -+ { -+ /* -+ * Found it. The CUPS server already gave us the classes in -+ * its CUPS_GET_PRINTERS response. -+ */ -+ -+ cupsFreeOptions(num_options, options); -+ break; -+ } -+ } -+ - if ((dest =3D cups_add_dest(printer_name, NULL, &num_dests, dests)) != =3D NULL) - { - dest->num_options =3D num_options; -@@ -754,6 +796,15 @@ _cupsGetDests(http_t *http, /* I -=20 - } -=20 - /* -+ * If this is a CUPS_GET_PRINTERS request but we didn't see any -+ * classes we might be talking to an older CUPS server that requires -+ * CUPS_GET_CLASSES as well. -+ */ -+ -+ if (get_classes) -+ num_dests =3D _cupsGetDests (http, CUPS_GET_CLASSES, name, dests, 0, 0); -+ -+ /* - * Return the count... - */ -=20 diff --git a/cups/patches/020_cups-str3382.patch b/cups/patches/020_cups-str3= 382.patch deleted file mode 100644 index 2e8736d..0000000 --- a/cups/patches/020_cups-str3382.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -up cups-1.5b1/cups/tempfile.c.str3382 cups-1.5b1/cups/tempfile.c ---- cups-1.5b1/cups/tempfile.c.str3382 2010-03-24 01:45:34.000000000 +0100 -+++ cups-1.5b1/cups/tempfile.c 2011-05-24 16:04:47.000000000 +0200 -@@ -33,6 +33,7 @@ - # include - #else - # include -+# include - #endif /* WIN32 || __EMX__ */ -=20 -=20 -@@ -54,7 +55,7 @@ cupsTempFd(char *filename, /* I - Point - char tmppath[1024]; /* Windows temporary directory */ - DWORD curtime; /* Current time */ - #else -- struct timeval curtime; /* Current time */ -+ mode_t old_umask; /* Old umask before using mkstemp() */ - #endif /* WIN32 */ -=20 -=20 -@@ -105,33 +106,25 @@ cupsTempFd(char *filename, /* I - Point -=20 - snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir, - GetCurrentProcessId(), curtime); --#else -- /* -- * Get the current time of day... -- */ -- -- gettimeofday(&curtime, NULL); -- -- /* -- * Format a string using the hex time values... -- */ -- -- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), -- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); --#endif /* WIN32 */ -=20 - /* - * Open the file in "exclusive" mode, making sure that we don't - * stomp on an existing file or someone's symlink crack... - */ -=20 --#ifdef WIN32 - fd =3D open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, - _S_IREAD | _S_IWRITE); --#elif defined(O_NOFOLLOW) -- fd =3D open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); - #else -- fd =3D open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); -+ -+ /* -+ * Use the standard mkstemp() call to make a temporary filename -+ * securely. -- andrew.wood(a)jdplc.com -+ */ -+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); -+ -+ old_umask =3D umask(0077); -+ fd =3D mkstemp(filename); -+ umask(old_umask); - #endif /* WIN32 */ -=20 - if (fd < 0 && errno !=3D EEXIST) diff --git a/cups/patches/021_cups-0755.patch b/cups/patches/021_cups-0755.pa= tch deleted file mode 100644 index b0df3a0..0000000 --- a/cups/patches/021_cups-0755.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.6b1/Makedefs.in.0755 cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.0755 2012-05-23 01:58:31.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 16:09:40.545463214 +0200 -@@ -40,14 +40,14 @@ SHELL =3D /bin/sh - # Installation programs... - # -=20 --INSTALL_BIN =3D $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_BIN =3D $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_COMPDATA =3D $(INSTALL) -c -m 444 @INSTALL_GZIP@ - INSTALL_CONFIG =3D $(INSTALL) -c -m @CUPS_CONFIG_FILE_PERM@ - INSTALL_DATA =3D $(INSTALL) -c -m 444 - INSTALL_DIR =3D $(INSTALL) -d --INSTALL_LIB =3D $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_LIB =3D $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_MAN =3D $(INSTALL) -c -m 444 --INSTALL_SCRIPT =3D $(INSTALL) -c -m 555 -+INSTALL_SCRIPT =3D $(INSTALL) -c -m 755 -=20 - # - # Default user, group, and system groups for the scheduler... diff --git a/cups/patches/022_cups-hp-deviceid-oid.patch b/cups/patches/022_c= ups-hp-deviceid-oid.patch deleted file mode 100644 index da5136a..0000000 --- a/cups/patches/022_cups-hp-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 = +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200 -@@ -187,6 +187,7 @@ static const int UriOID[] =3D { CUPS_OID_p - static const int LexmarkProductOID[] =3D { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 }; - static const int LexmarkProductOID2[] =3D { 1,3,6,1,4,1,674,10898,100,2,1,2= ,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] =3D { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 = }; -+static const int HPDeviceIdOID[] =3D { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; - static const int XeroxProductOID[] =3D { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs =3D NULL; - static int HostNameLookups =3D 0; -@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP=20 - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, HPDeviceIdOID); - break; -=20 - case DEVICE_DESCRIPTION : diff --git a/cups/patches/023_cups-dnssd-deviceid.patch b/cups/patches/023_cu= ps-dnssd-deviceid.patch deleted file mode 100644 index b3c2b8e..0000000 --- a/cups/patches/023_cups-dnssd-deviceid.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.6b1/backend/dnssd.c.dnssd-deviceid cups-1.6b1/backend/dnssd.c ---- cups-1.6b1/backend/dnssd.c.dnssd-deviceid 2012-05-21 18:05:58.000000000 = +0200 -+++ cups-1.6b1/backend/dnssd.c 2012-05-25 16:27:49.226874427 +0200 -@@ -1181,15 +1181,22 @@ query_callback( - if (device->device_id) - free(device->device_id); -=20 -+ if (device_id[0]) -+ { -+ /* Mark this as the real device ID. */ -+ ptr =3D device_id + strlen(device_id); -+ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;"); -+ } -+ - if (!device_id[0] && strcmp(model, "Unknown")) - { - if (make_and_model[0]) -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, model); - else if (!_cups_strncasecmp(model, "designjet ", 10)) -- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s", model + 10); -+ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model = + 10); - else if (!_cups_strncasecmp(model, "stylus ", 7)) -- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s", model + 7); -+ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", mod= el + 7); - else if ((ptr =3D strchr(model, ' ')) !=3D NULL) - { - /* -@@ -1199,7 +1206,7 @@ query_callback( - memcpy(make_and_model, model, ptr - model); - make_and_model[ptr - model] =3D '\0'; -=20 -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, ptr + 1); - } - } diff --git a/cups/patches/024_cups-ricoh-deviceid-oid.patch b/cups/patches/02= 4_cups-ricoh-deviceid-oid.patch deleted file mode 100644 index c148f95..0000000 --- a/cups/patches/024_cups-ricoh-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snm= p.c ---- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.0000000= 00 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200 -@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] =3D { - static const int LexmarkProductOID2[] =3D { 1,3,6,1,4,1,674,10898,100,2,1,2= ,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] =3D { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 = }; - static const int HPDeviceIdOID[] =3D { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; -+static const int RicohDeviceIdOID[] =3D { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1= }; - static const int XeroxProductOID[] =3D { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs =3D NULL; - static int HostNameLookups =3D 0; -@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP=20 - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_ID, LexmarkDeviceIdOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, RicohDeviceIdOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, diff --git a/cups/patches/025_cups-systemd-socket.patch b/cups/patches/025_cu= ps-systemd-socket.patch deleted file mode 100644 index 83fabdb..0000000 --- a/cups/patches/025_cups-systemd-socket.patch +++ /dev/null @@ -1,395 +0,0 @@ -diff -up cups-1.6b1/config.h.in.systemd-socket cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.systemd-socket 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-28 11:16:35.657250584 +0200 -@@ -506,6 +506,13 @@ -=20 -=20 - /* -+ * Do we have systemd support? -+ */ -+ -+#undef HAVE_SYSTEMD -+ -+ -+/* - * Various scripting languages... - */ -=20 -diff -up cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket cups-1.6b1= /config-scripts/cups-systemd.m4 ---- cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket 2012-05-28 11:1= 6:35.658250577 +0200 -+++ cups-1.6b1/config-scripts/cups-systemd.m4 2012-05-28 11:16:35.658250577 = +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl "$Id$" -+dnl -+dnl systemd stuff for CUPS. -+ -+dnl Find whether systemd is available -+ -+SDLIBS=3D"" -+AC_ARG_WITH([systemdsystemunitdir], -+ AS_HELP_STRING([--with-systemdsystemunitdir=3DDIR], [Directory for = systemd service files]), -+ [], [with_systemdsystemunitdir=3D$($PKGCONFIG --variable=3Dsystemds= ystemunitdir systemd)]) -+if test "x$with_systemdsystemunitdir" !=3D xno; then -+ AC_MSG_CHECKING(for libsystemd-daemon) -+ if $PKGCONFIG --exists libsystemd-daemon; then -+ AC_MSG_RESULT(yes) -+ SDCFLAGS=3D`$PKGCONFIG --cflags libsystemd-daemon` -+ SDLIBS=3D`$PKGCONFIG --libs libsystemd-daemon` -+ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) -+ AC_DEFINE(HAVE_SYSTEMD) -+ else -+ AC_MSG_RESULT(no) -+ fi -+fi -+ -+if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != =3D xno ; then -+ SYSTEMD_UNITS=3D"cups.service cups.socket cups.path" -+else -+ SYSTEMD_UNITS=3D"" -+fi -+ -+AC_SUBST(SYSTEMD_UNITS) -+AC_SUBST(SDLIBS) -+ -+dnl -+dnl "$Id$" -+dnl -diff -up cups-1.6b1/configure.in.systemd-socket cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.systemd-socket 2012-04-23 19:26:57.000000000 +02= 00 -+++ cups-1.6b1/configure.in 2012-05-28 11:16:35.658250577 +0200 -@@ -33,6 +33,7 @@ sinclude(config-scripts/cups-pam.m4) - sinclude(config-scripts/cups-largefile.m4) - sinclude(config-scripts/cups-dnssd.m4) - sinclude(config-scripts/cups-launchd.m4) -+sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) -=20 -@@ -66,6 +67,9 @@ AC_OUTPUT(Makedefs - conf/snmp.conf - cups-config - data/testprint -+ data/cups.service -+ data/cups.socket -+ data/cups.path - desktop/cups.desktop - doc/help/ref-cupsd-conf.html - doc/help/standard.html -diff -up cups-1.6b1/cups/usersys.c.systemd-socket cups-1.6b1/cups/usersys.c ---- cups-1.6b1/cups/usersys.c.systemd-socket 2012-04-23 19:26:57.000000000 += 0200 -+++ cups-1.6b1/cups/usersys.c 2012-05-28 11:16:35.659250570 +0200 -@@ -975,7 +975,7 @@ cups_read_client_conf( - struct stat sockinfo; /* Domain socket information */ -=20 - if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && -- (sockinfo.st_mode & S_IRWXO) =3D=3D S_IRWXO) -+ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) =3D=3D (S_IROTH | S_IWOTH)) - cups_server =3D CUPS_DEFAULT_DOMAINSOCKET; - else - #endif /* CUPS_DEFAULT_DOMAINSOCKET */ -diff -up cups-1.6b1/data/cups.path.in.systemd-socket cups-1.6b1/data/cups.pa= th.in ---- cups-1.6b1/data/cups.path.in.systemd-socket 2012-05-28 11:16:35.65925057= 0 +0200 -+++ cups-1.6b1/data/cups.path.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=3DCUPS Printer Service Spool -+ -+[Path] -+PathExistsGlob=3D@CUPS_REQUESTS@/d* -+ -+[Install] -+WantedBy=3Dmulti-user.target -diff -up cups-1.6b1/data/cups.service.in.systemd-socket cups-1.6b1/data/cups= .service.in ---- cups-1.6b1/data/cups.service.in.systemd-socket 2012-05-28 11:16:35.65925= 0570 +0200 -+++ cups-1.6b1/data/cups.service.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,10 @@ -+[Unit] -+Description=3DCUPS Printing Service -+ -+[Service] -+ExecStart=3D@sbindir@/cupsd -f -+PrivateTmp=3Dtrue -+ -+[Install] -+Also=3Dcups.socket cups.path -+WantedBy=3Dprinter.target -diff -up cups-1.6b1/data/cups.socket.in.systemd-socket cups-1.6b1/data/cups.= socket.in ---- cups-1.6b1/data/cups.socket.in.systemd-socket 2012-05-28 11:16:35.660250= 563 +0200 -+++ cups-1.6b1/data/cups.socket.in 2012-05-28 11:16:35.660250563 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=3DCUPS Printing Service Sockets -+ -+[Socket] -+ListenStream=3D@CUPS_DEFAULT_DOMAINSOCKET@ -+ -+[Install] -+WantedBy=3Dsockets.target -diff -up cups-1.6b1/data/Makefile.systemd-socket cups-1.6b1/data/Makefile ---- cups-1.6b1/data/Makefile.systemd-socket 2011-08-27 11:23:01.000000000 +0= 200 -+++ cups-1.6b1/data/Makefile 2012-05-28 11:16:35.660250563 +0200 -@@ -100,6 +100,12 @@ install-data: - $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ - done - $(INSTALL_DIR) -m 755 $(DATADIR)/profiles -+ if test "x$(SYSTEMD_UNITS)" !=3D "x" ; then \ -+ $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \ -+ for file in $(SYSTEMD_UNITS); do \ -+ $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \ -+ done; \ -+ fi -=20 -=20 - # -@@ -143,6 +149,9 @@ uninstall: - -$(RMDIR) $(DATADIR)/data - -$(RMDIR) $(DATADIR)/banners - -$(RMDIR) $(DATADIR) -+ for file in $(SYSTEMD_UNITS); do \ -+ $(RM) $(SYSTEMDUNITDIR)/$$file; \ -+ done -=20 -=20 - # -diff -up cups-1.6b1/Makedefs.in.systemd-socket cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.systemd-socket 2012-05-28 11:16:35.648250647 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-28 11:16:35.660250563 +0200 -@@ -134,11 +134,13 @@ CXXFLAGS =3D @CPPFLAGS@ @CXXFLAGS@ - CXXLIBS =3D @CXXLIBS@ - DBUS_NOTIFIER =3D @DBUS_NOTIFIER@ - DBUS_NOTIFIERLIBS =3D @DBUS_NOTIFIERLIBS@ -+SYSTEMD_UNITS =3D @SYSTEMD_UNITS@ - DNSSD_BACKEND =3D @DNSSD_BACKEND@ - DSOFLAGS =3D -L../cups @DSOFLAGS@ - DSOLIBS =3D @DSOLIBS@ $(COMMONLIBS) - DNSSDLIBS =3D @DNSSDLIBS@ - LAUNCHDLIBS =3D @LAUNCHDLIBS@ -+SDLIBS =3D @SDLIBS@ - LDFLAGS =3D -L../cgi-bin -L../cups -L../filter -L../ppdc \ - -L../scheduler @LDARCHFLAGS@ \ - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) -@@ -229,6 +231,7 @@ PAMFILE =3D @PAMFILE@ -=20 - DEFAULT_LAUNCHD_CONF =3D @DEFAULT_LAUNCHD_CONF@ - DBUSDIR =3D @DBUSDIR@ -+SYSTEMDUNITDIR =3D $(BUILDROOT)@systemdsystemunitdir@ -=20 -=20 - # -diff -up cups-1.6b1/scheduler/client.h.systemd-socket cups-1.6b1/scheduler/c= lient.h ---- cups-1.6b1/scheduler/client.h.systemd-socket 2012-03-22 21:30:20.0000000= 00 +0100 -+++ cups-1.6b1/scheduler/client.h 2012-05-28 11:16:35.661250556 +0200 -@@ -77,6 +77,9 @@ typedef struct - int fd; /* File descriptor for this server */ - http_addr_t address; /* Bind address of socket */ - http_encryption_t encryption; /* To encrypt or not to encrypt... */ -+#ifdef HAVE_SYSTEMD -+ int is_systemd; /* Is this a systemd socket? */ -+#endif /* HAVE_SYSTEMD */ - } cupsd_listener_t; -=20 -=20 -diff -up cups-1.6b1/scheduler/listen.c.systemd-socket cups-1.6b1/scheduler/l= isten.c ---- cups-1.6b1/scheduler/listen.c.systemd-socket 2011-04-16 01:38:13.0000000= 00 +0200 -+++ cups-1.6b1/scheduler/listen.c 2012-05-28 11:16:35.661250556 +0200 -@@ -401,7 +401,11 @@ cupsdStopListening(void) - lis; - lis =3D (cupsd_listener_t *)cupsArrayNext(Listeners)) - { -- if (lis->fd !=3D -1) -+ if (lis->fd !=3D -1 -+#ifdef HAVE_SYSTEMD -+ && !lis->is_systemd -+#endif /* HAVE_SYSTEMD */ -+ ) - { - #ifdef WIN32 - closesocket(lis->fd); -diff -up cups-1.6b1/scheduler/main.c.systemd-socket cups-1.6b1/scheduler/mai= n.c ---- cups-1.6b1/scheduler/main.c.systemd-socket 2012-05-28 11:16:35.612250897= +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-28 12:49:32.698375139 +0200 -@@ -26,6 +26,8 @@ - * launchd_checkin() - Check-in with launchd and collect the listening - * fds. - * launchd_checkout() - Update the launchd KeepAlive file as needed. -+ * systemd_checkin() - Check-in with systemd and collect the -+ * listening fds. - * parent_handler() - Catch USR1/CHLD signals... - * process_children() - Process all dead children... - * select_timeout() - Calculate the select timeout value. -@@ -62,6 +64,10 @@ - # endif /* !LAUNCH_JOBKEY_SERVICEIPC */ - #endif /* HAVE_LAUNCH_H */ -=20 -+#ifdef HAVE_SYSTEMD -+#include -+#endif /* HAVE_SYSTEMD */ -+ - #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) - # include - #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ -@@ -78,6 +84,9 @@ - static void launchd_checkin(void); - static void launchd_checkout(void); - #endif /* HAVE_LAUNCHD */ -+#ifdef HAVE_SYSTEMD -+static void systemd_checkin(void); -+#endif /* HAVE_SYSTEMD */ - static void parent_handler(int sig); - static void process_children(void); - static void sigchld_handler(int sig); -@@ -528,6 +537,13 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ -=20 -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file descriptors... -+ */ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -738,6 +754,15 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ -=20 -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file -+ * descriptors... -+ */ -+ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -1516,6 +1541,102 @@ launchd_checkout(void) - } - #endif /* HAVE_LAUNCHD */ -=20 -+#ifdef HAVE_SYSTEMD -+static void -+systemd_checkin(void) -+{ -+ int n, fd; -+ -+ n =3D sd_listen_fds(0); -+ if (n < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Failed to acquire sockets from systemd - %s", -+ strerror(-n)); -+ exit(EXIT_FAILURE); -+ return; -+ } -+ -+ if (n =3D=3D 0) -+ return; -+ -+ for (fd =3D SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) -+ { -+ http_addr_t addr; -+ socklen_t addrlen =3D sizeof (addr); -+ int r; -+ cupsd_listener_t *lis; -+ char s[256]; -+ -+ r =3D sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); -+ if (r < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to verify socket type - %s", -+ strerror(-r)); -+ continue; -+ } -+ -+ if (!r) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Socket not of the right type"); -+ continue; -+ } -+ -+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to get local address - %s", -+ strerror(errno)); -+ continue; -+ } -+ -+ /* -+ * Try to match the systemd socket address to one of the listeners... -+ */ -+ -+ for (lis =3D (cupsd_listener_t *)cupsArrayFirst(Listeners); -+ lis; -+ lis =3D (cupsd_listener_t *)cupsArrayNext(Listeners)) -+ if (httpAddrEqual(&lis->address, &addr)) -+ break; -+ -+ if (lis) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Matched existing listener %s with f= d %d...", -+ httpAddrString(&(lis->address), s, sizeof(s)), fd); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Adding new listener %s with fd %d..= .", -+ httpAddrString(&addr, s, sizeof(s)), fd); -+ -+ if ((lis =3D calloc(1, sizeof(cupsd_listener_t))) =3D=3D NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to allocate listener - " -+ "%s.", strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+ cupsArrayAdd(Listeners, lis); -+ -+ memcpy(&lis->address, &addr, sizeof(lis->address)); -+ } -+ -+ lis->fd =3D fd; -+ lis->is_systemd =3D 1; -+ -+# ifdef HAVE_SSL -+ if (_httpAddrPort(&(lis->address)) =3D=3D 443) -+ lis->encryption =3D HTTP_ENCRYPT_ALWAYS; -+# endif /* HAVE_SSL */ -+ } -+} -+#endif /* HAVE_SYSTEMD */ -=20 - /* - * 'parent_handler()' - Catch USR1/CHLD signals... -diff -up cups-1.6b1/scheduler/Makefile.systemd-socket cups-1.6b1/scheduler/M= akefile ---- cups-1.6b1/scheduler/Makefile.systemd-socket 2012-05-21 19:40:22.0000000= 00 +0200 -+++ cups-1.6b1/scheduler/Makefile 2012-05-28 11:16:35.663250542 +0200 -@@ -371,7 +371,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu - $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \ -- $(LIBGSSAPI) $(LIBWRAP) -+ $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS) -=20 - cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) - echo Linking $@... -@@ -379,7 +379,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \ - $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ -- $(LIBWRAP) -+ $(LIBWRAP) $(SDLIBS) -=20 - tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c -=20 diff --git a/cups/patches/026_cups-lspp.patch b/cups/patches/026_cups-lspp.pa= tch deleted file mode 100644 index d81ef06..0000000 --- a/cups/patches/026_cups-lspp.patch +++ /dev/null @@ -1,1999 +0,0 @@ -diff -up cups-1.6b1/config.h.in.lspp cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-25 17:03:16.889043298 +0200 -@@ -768,6 +768,13 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ -=20 -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ -=20 - /* -diff -up cups-1.6b1/config-scripts/cups-lspp.m4.lspp cups-1.6b1/config-scrip= ts/cups-lspp.m4 ---- cups-1.6b1/config-scripts/cups-lspp.m4.lspp 2012-05-25 17:01:32.85276849= 5 +0200 -+++ cups-1.6b1/config-scripts/cups-lspp.m4 2012-05-25 17:01:32.853768488 +02= 00 -@@ -0,0 +1,36 @@ -+dnl -+dnl LSPP code for the Common UNIX Printing System (CUPS). -+dnl -+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P. -+dnl -+dnl This program is free software; you can redistribute it and/or modify -+dnl it under the terms of the GNU General Public License as published by -+dnl the Free Software Foundation; version 2. -+dnl -+dnl This program is distributed in the hope that it will be useful, but -+dnl WITHOUT ANY WARRANTY; without even the implied warranty of -+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+dnl General Public License for more details. -+dnl -+dnl You should have received a copy of the GNU General Public License -+dnl along with this program; if not, write to the Free Software Foundatio= n, -+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA -+dnl -+ -+dnl Are we trying to meet LSPP requirements -+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label s= upport, default=3Dno]) -+ -+if test x"$enable_lspp" !=3D xno; then -+ case "$uname" in -+ Linux) -+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT=3D"-laudit= " AC_SUBST(LIBAUDIT)]) -+ AC_CHECK_HEADER(libaudit.h) -+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX=3D"-lselinux" AC_S= UBST(LIBSELINUX)]) -+ AC_CHECK_HEADER(selinux/selinux.h) -+ AC_DEFINE(WITH_LSPP) -+ ;; -+ *) -+ # All others -+ ;; -+ esac -+fi -diff -up cups-1.6b1/configure.in.lspp cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/configure.in 2012-05-25 17:04:03.994714943 +0200 -@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) -=20 -+sinclude(config-scripts/cups-lspp.m4) -+ - INSTALL_LANGUAGES=3D"" - UNINSTALL_LANGUAGES=3D"" - LANGFILES=3D"" -diff -up cups-1.6b1/filter/common.c.lspp cups-1.6b1/filter/common.c ---- cups-1.6b1/filter/common.c.lspp 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.6b1/filter/common.c 2012-05-25 17:01:32.854768481 +0200 -@@ -30,6 +30,12 @@ - * Include necessary headers... - */ -=20 -+#include "config.h" -+#ifdef WITH_LSPP -+#define _GNU_SOURCE -+#include -+#endif /* WITH_LSPP */ -+ - #include "common.h" - #include -=20 -@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label, /* I - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in character= s */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ -=20 -=20 - /* -@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label, /* I - return; - } -=20 -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) =3D=3D 0 && label =3D=3D NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width =3D width / 8; -+ longest_line =3D 0; -+ longest =3D 0; -+ classification +=3D 5; // Skip the "LSPP:" -+ label_len =3D strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines =3D 1 + (int)(label_len / max_width); -+ line_len =3D (int)(label_len / lines); -+ wrapped_label =3D malloc(sizeof(*wrapped_label) * lines); -+ label_index =3D i =3D n =3D 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] =3D strndup(&classification[label_index], (l= ine_len + i)); -+ label_index +=3D line_len + i; -+ i =3D 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) =3D=3D max_width) -+ { -+ wrapped_label[n++] =3D strndup(&(classification[label_index]), (l= ine_len + i)); -+ label_index =3D label_index + line_len + i; -+ i =3D 0; -+ } -+ } -+ wrapped_label[n] =3D strndup(&classification[label_index], label_len = - label_index); -+ } -+ else -+ { -+ lines =3D 1; -+ wrapped_label =3D malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] =3D (char*)classification; -+ } -+ -+ for (n =3D 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr =3D wrapped_label[n], i =3D 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\\%03o", *ptr); -+ else -+ { -+ if (*ptr =3D=3D '(' || *ptr =3D=3D ')' || *ptr =3D=3D '\\') -+ putchar('\\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest =3D i; -+ longest_line =3D n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculat= ed -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n =3D 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n =3D 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), '= a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ =20 - /* - * Set the classification + page label string... - */ -@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label, /* I - printf(" %.0f moveto ESPpl show\n", top - 14.0); - puts("pop"); - puts("}bind put"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ -=20 -=20 - /* -diff -up cups-1.6b1/filter/pstops.c.lspp cups-1.6b1/filter/pstops.c ---- cups-1.6b1/filter/pstops.c.lspp 2012-04-23 21:19:19.000000000 +0200 -+++ cups-1.6b1/filter/pstops.c 2012-05-25 17:01:32.855768474 +0200 -@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t *doc, /* - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in character= s */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ -=20 -=20 - /* -@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t *doc, /* - return; - } -=20 -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) =3D=3D 0 && label =3D=3D NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width =3D width / 8; -+ longest_line =3D 0; -+ longest =3D 0; -+ classification +=3D 5; // Skip the "LSPP:" -+ label_len =3D strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines =3D 1 + (int)(label_len / max_width); -+ line_len =3D (int)(label_len / lines); -+ wrapped_label =3D malloc(sizeof(*wrapped_label) * lines); -+ label_index =3D i =3D n =3D 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] =3D strndup(&classification[label_index], (l= ine_len + i)); -+ label_index +=3D line_len + i; -+ i =3D 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) =3D=3D max_width) -+ { -+ wrapped_label[n++] =3D strndup(&(classification[label_index]), (l= ine_len + i)); -+ label_index =3D label_index + line_len + i; -+ i =3D 0; -+ } -+ } -+ wrapped_label[n] =3D strndup(&classification[label_index], label_len = - label_index); -+ } -+ else -+ { -+ lines =3D 1; -+ wrapped_label =3D malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] =3D (char*)classification; -+ } -+ -+ for (n =3D 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr =3D wrapped_label[n], i =3D 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\\%03o", *ptr); -+ else -+ { -+ if (*ptr =3D=3D '(' || *ptr =3D=3D ')' || *ptr =3D=3D '\\') -+ putchar('\\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest =3D i; -+ longest_line =3D n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculat= ed -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n =3D 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n =3D 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), '= a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t *doc, /* - doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); - doc_puts(doc, "pop\n"); - doc_puts(doc, "}bind put\n"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ -=20 -=20 - /* -diff -up cups-1.6b1/Makedefs.in.lspp cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 17:07:57.325088484 +0200 -@@ -146,7 +146,7 @@ LDFLAGS =3D -L../cgi-bin -L../cups -L../f - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) - LINKCUPS =3D @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ) - LINKCUPSIMAGE =3D @LINKCUPSIMAGE@ --LIBS =3D $(LINKCUPS) $(COMMONLIBS) -+LIBS =3D $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - OPTIM =3D @OPTIM@ - OPTIONS =3D - PAMLIBS =3D @PAMLIBS@ -diff -up cups-1.6b1/scheduler/client.c.lspp cups-1.6b1/scheduler/client.c ---- cups-1.6b1/scheduler/client.c.lspp 2012-05-08 00:41:30.000000000 +0200 -+++ cups-1.6b1/scheduler/client.c 2012-05-25 17:13:38.947707163 +0200 -@@ -41,6 +41,7 @@ - * valid_host() - Is the Host: field valid? - * write_file() - Send a file via HTTP. - * write_pipe() - Flag that data is available on the CGI pipe. -+ * client_pid_to_auid() - Get the audit login uid of the client. - */ -=20 - /* -@@ -49,10 +50,16 @@ -=20 - #include "cupsd.h" -=20 -+#define _GNU_SOURCE - #ifdef HAVE_TCPD_H - # include - #endif /* HAVE_TCPD_H */ -=20 -+#ifdef WITH_LSPP -+#include -+#include -+#include -+#endif /* WITH_LSPP */ -=20 - /* - * Local globals... -@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - #endif /* HAVE_TCPD_H */ -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ struct ucred cr; -+ unsigned int cl=3Dsizeof(cr); -+ -+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) =3D=3D = 0) -+ { -+ /* -+ * client_pid_to_auid() can be racey -+ * In this case the pid is based on a socket connected to the client -+ */ -+ if ((con->auid =3D client_pid_to_auid(cr.pid)) =3D=3D -1) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: " -+ "unable to determine client auid for client pid=3D%= d", cr.pid); -+ free(con); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=3D%d, = uid=3D%d, gid=3D%d, auid=3D%d", -+ cr.pid, cr.uid, cr.gid, con->auid); -+ } -+ else -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() fai= led"); -+ free(con); -+ return;=20 -+ } -+ -+ /* -+ * get the context of the peer connection -+ */ -+ if (getpeercon(con->http.fd, &con->scon)) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() fai= led"); -+ free(con); -+ return;=20 -+ } -+ -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=3D%s= ", con->scon); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeerco= n()"); -+ cupsdSetString(&con->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - #ifdef AF_LOCAL - if (con->http.hostaddr->addr.sa_family =3D=3D AF_LOCAL) - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)= ", -@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t *con) /* - mime_type_t *type; /* MIME type of file */ - cupsd_printer_t *p; /* Printer */ - static unsigned request_id =3D 0; /* Request ID for temp files */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job file */ -+ context_t clicon; /* contex_t container for con->scon */ -+ context_t tmpcon; /* temp context to swap the level */ -+ char *clirange; /* SELinux sensitivity range */ -+ char *cliclearance; /* SELinux low end clearance */ -+#endif /* WITH_LSPP */ -=20 -=20 - status =3D HTTP_CONTINUE; -@@ -2126,6 +2191,67 @@ cupsdReadClient(cupsd_client_t *con) /* - fchmod(con->file, 0640); - fchown(con->file, RunUser, Group); - fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXE= C); -+#ifdef WITH_LSPP -+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) !=3D 0) -+ { -+ if (getfilecon(con->filename, &spoolcon) =3D=3D -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ return (cupsdCloseClient(con)); -+ } -+ clicon =3D context_new(con->scon); -+ tmpcon =3D context_new(spoolcon); -+ freecon(spoolcon); -+ if (!clicon || !tmpcon) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ if (clicon) -+ context_free(clicon); -+ if (tmpcon) -+ context_free(tmpcon); -+ return (cupsdCloseClient(con)); -+ } -+ clirange =3D context_range_get(clicon); -+ if (clirange) -+ { -+ clirange =3D strdup(clirange); -+ if ((cliclearance =3D strtok(clirange, "-")) !=3D NULL) -+ { -+ if (context_range_set(tmpcon, cliclearance) =3D=3D -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(clicon))) =3D=3D -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ free(clirange); -+ } -+ if (setfilecon(con->filename, context_str(tmpcon)) =3D=3D -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",=20 -+ con->filename, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(clicon); -+ } -+#endif /* WITH_LSPP */ - } -=20 - if (con->http.state !=3D HTTP_POST_SEND) -@@ -3581,6 +3707,49 @@ is_path_absolute(const char *path) /* I - return (1); - } -=20 -+#ifdef WITH_LSPP -+/* -+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determin= e the loginuid. -+ */ -+ -+uid_t client_pid_to_auid(pid_t clipid) -+{ -+ uid_t uid; -+ int len, in; -+ char buf[16] =3D {0}; -+ char fname[32] =3D {0}; -+ -+ -+ /* -+ * Hopefully this pid is still the one we are interested in. -+ */ -+ snprintf(fname, 32, "/proc/%d/loginuid", clipid); -+ in =3D open(fname, O_NOFOLLOW|O_RDONLY); -+ -+ if (in < 0) -+ return -1; -+ -+ errno =3D 0; -+ -+ do { -+ len =3D read(in, buf, sizeof(buf)); -+ } while (len < 0 && errno =3D=3D EINTR); -+ -+ close(in); -+ -+ if (len < 0 || len >=3D sizeof(buf)) -+ return -1; -+ -+ errno =3D 0; -+ buf[len] =3D 0; -+ uid =3D strtol(buf, 0, 10); -+ -+ if (errno !=3D 0) -+ return -1; -+ else -+ return uid; -+} -+#endif /* WITH_LSPP */ -=20 - /* - * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-1.6b1/scheduler/client.h.lspp cups-1.6b1/scheduler/client.h ---- cups-1.6b1/scheduler/client.h.lspp 2012-05-25 17:01:32.847768530 +0200 -+++ cups-1.6b1/scheduler/client.h 2012-05-25 17:14:12.963470050 +0200 -@@ -18,6 +18,13 @@ - #endif /* HAVE_AUTHORIZATION_H */ -=20 -=20 -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include -+#endif /* WITH_LSPP */ -+ - /* - * HTTP client structure... - */ -@@ -63,6 +70,10 @@ struct cupsd_client_s - #ifdef HAVE_AUTHORIZATION_H - AuthorizationRef authref; /* Authorization ref */ - #endif /* HAVE_AUTHORIZATION_H */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of connection */ -+ uid_t auid; /* Audit loginuid of the client */ -+#endif /* WITH_LSPP */ - }; -=20 - #define HTTP(con) &((con)->http) -@@ -135,6 +146,9 @@ extern void cupsdStartListening(void); - extern void cupsdStopListening(void); - extern void cupsdUpdateCGI(void); - extern void cupsdWriteClient(cupsd_client_t *con); -+#ifdef WITH_LSPP -+extern uid_t client_pid_to_auid(pid_t clipid); -+#endif /* WITH_LSPP */ -=20 - #ifdef HAVE_SSL - extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-1.6b1/scheduler/conf.c.lspp cups-1.6b1/scheduler/conf.c ---- cups-1.6b1/scheduler/conf.c.lspp 2012-05-25 17:01:32.778769011 +0200 -+++ cups-1.6b1/scheduler/conf.c 2012-05-25 17:01:32.860768439 +0200 -@@ -32,6 +32,7 @@ - * read_location() - Read a definition. - * read_policy() - Read a definition. - * set_policy_defaults() - Set default policy values as needed. -+ * is_lspp_config() - Is the system configured for LSPP - */ -=20 - /* -@@ -57,6 +58,9 @@ - # define INADDR_NONE 0xffffffff - #endif /* !INADDR_NONE */ -=20 -+#ifdef WITH_LSPP -+# include -+#endif /* WITH_LSPP */ -=20 - /* - * Configuration variable structure... -@@ -164,6 +168,10 @@ static const cupsd_var_t variables[] =3D - # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS) - { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, - # endif /* HAVE_LIBSSL || HAVE_GNUTLS */ -+#ifdef WITH_LSPP -+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, -+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, -+#endif /* WITH_LSPP */ - #endif /* HAVE_SSL */ - { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, - { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, -@@ -537,6 +545,9 @@ cupsdReadConfiguration(void) - const char *tmpdir; /* TMPDIR environment variable */ - struct stat tmpinfo; /* Temporary directory info */ - cupsd_policy_t *p; /* Policy */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+#endif /* WITH_LSPP */ -=20 -=20 - /* -@@ -801,6 +812,25 @@ cupsdReadConfiguration(void) -=20 - RunUser =3D getuid(); -=20 -+#ifdef WITH_LSPP -+ if (AuditLog !=3D -1) -+ { -+ /* -+ * ClassifyOverride is set during read_configuration, if its ON, report = it now -+ */ -+ if (ClassifyOverride) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] ClassifyOverride=3Denabled Users can override pri= nt banners", -+ ServerName, NULL, NULL, 1); -+ /* -+ * PerPageLabel is set during read_configuration, if its OFF, report it = now -+ */ -+ if (!PerPageLabels) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] PerPageLabels=3Ddisabled", ServerName, NULL, NULL= , 1); -+ } -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", - RemotePort ? "enabled" : "disabled"); -=20 -@@ -1185,7 +1215,19 @@ cupsdReadConfiguration(void) - cupsdClearString(&Classification); -=20 - if (Classification) -+ { - cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classificatio= n); -+#ifdef WITH_LSPP -+ if (AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ cupsdSetStringf(&audit_message, "[Config] Classification=3D%s", Class= ification); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_mess= age, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ -+ } -=20 - /* - * Check the MaxClients setting, and then allocate memory for it... -@@ -3423,6 +3465,18 @@ read_location(cups_file_t *fp, /* I - C - return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); - } -=20 -+#ifdef WITH_LSPP -+int is_lspp_config() -+{ -+ if (Classification !=3D NULL) -+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) =3D=3D 0)=20 -+ || (_cups_strcasecmp(Classification, TE_CONFIG) =3D=3D 0) -+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) =3D=3D 0)); -+ else -+ return 0; -+} -+#endif /* WITH_LSPP */ -+ -=20 - /* - * 'read_policy()' - Read a definition. -diff -up cups-1.6b1/scheduler/conf.h.lspp cups-1.6b1/scheduler/conf.h ---- cups-1.6b1/scheduler/conf.h.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/scheduler/conf.h 2012-05-25 17:16:20.522580884 +0200 -@@ -247,6 +247,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO - /* SSL/TLS options */ - #endif /* HAVE_SSL */ -=20 -+#ifdef WITH_LSPP -+VAR int AuditLog VALUE(-1), -+ /* File descriptor for audit */ -+ PerPageLabels VALUE(TRUE); -+ /* Put the label on each page */ -+#endif /* WITH_LSPP */ -+ - #ifdef HAVE_LAUNCHD - VAR int LaunchdTimeout VALUE(10); - /* Time after which an idle cupsd will exit */ -@@ -265,6 +272,9 @@ int HaveServerCreds VALUE(0); - gss_cred_id_t ServerCreds; /* Server's GSS credentials */ - #endif /* HAVE_GSSAPI */ -=20 -+#ifdef WITH_LSPP -+extern int is_lspp_config(void); -+#endif /* WITH_LSPP */ -=20 - /* - * Prototypes... -diff -up cups-1.6b1/scheduler/cupsd.h.lspp cups-1.6b1/scheduler/cupsd.h ---- cups-1.6b1/scheduler/cupsd.h.lspp 2012-05-21 19:40:22.000000000 +0200 -+++ cups-1.6b1/scheduler/cupsd.h 2012-05-25 17:01:32.861768432 +0200 -@@ -13,6 +13,8 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ -=20 -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -=20 - /* - * Include necessary headers. -@@ -37,13 +39,20 @@ - # include - #endif /* WIN32 */ -=20 -+#include "config.h" -+#ifdef WITH_LSPP -+# define MLS_CONFIG "mls" -+# define TE_CONFIG "te" -+# define SELINUX_CONFIG "SELinux" -+# define UNKNOWN_SL "UNKNOWN SL" -+#endif /* WITH_LSPP */ -+ - #include "mime.h" -=20 - #if defined(HAVE_CDSASSL) - # include - #endif /* HAVE_CDSASSL */ -=20 -- - /* - * Some OS's don't have hstrerror(), most notably Solaris... - */ -diff -up cups-1.6b1/scheduler/ipp.c.lspp cups-1.6b1/scheduler/ipp.c ---- cups-1.6b1/scheduler/ipp.c.lspp 2012-05-25 17:01:32.810768787 +0200 -+++ cups-1.6b1/scheduler/ipp.c 2012-05-25 17:18:06.620841313 +0200 -@@ -35,6 +35,7 @@ - * cancel_all_jobs() - Cancel all or selected print jobs. - * cancel_job() - Cancel a print job. - * cancel_subscription() - Cancel a subscription. -+ * check_context() - Check the SELinux context for a user and= job - * check_rss_recipient() - Check that we do not have a duplicate RSS - * feed URI. - * check_quotas() - Check quotas for a printer and user. -@@ -99,6 +100,9 @@ - * validate_user() - Validate the user for the request. - */ -=20 -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu - # endif /* HAVE_MEMBERSHIPPRIV_H */ - #endif /* __APPLE__ */ -=20 -+#ifdef WITH_LSPP -+#include -+#include -+#include -+#include -+#include -+#include -+#endif /* WITH_LSPP */ -=20 - /* - * Local functions... -@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client - static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void cancel_subscription(cupsd_client_t *con, int id); - static int check_rss_recipient(const char *recipient); -+#ifdef WITH_LSPP -+static int check_context(cupsd_client_t *con, cupsd_job_t *job); -+#endif /* WITH_LSPP */ - static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); - static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1285,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl - ipp_attribute_t *media_col, /* media-col attribute */ - *media_margin; /* media-*-margin attribute */ - ipp_t *unsup_col; /* media-col in unsupported response */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* device file pointed to by the printer */ -+ char *userheader =3D NULL; /* User supplied job-sheets[0] */ -+ char *userfooter =3D NULL; /* User supplied job-sheets[1] */ -+ int override =3D 0; /* Was a banner overrode on a job */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ -=20 -=20 - cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1542,6 +1572,106 @@ add_job(cupsd_client_t *con, /* I - Cl - ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, - "Untitled"); -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) = =3D=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for= connection \'%s\'!", printer->name); -+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security= attributes.")); -+ return (NULL); -+ } -+ -+ /* -+ * Perform an access check so that if the user gets feedback at enqueue = time -+ */ -+ -+ printerfile =3D strstr(printer->device_uri, "/dev/"); -+ if (printerfile =3D=3D NULL && (strncmp(printer->device_uri, "file:/", = 6) =3D=3D 0)) -+ printerfile =3D printer->device_uri + strlen("file:"); -+ -+ if (printerfile !=3D NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check= on printer device %s", -+ printerfile); -+ -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno !=3D ENOENT) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")= ); -+ return (NULL); -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass =3D SECCLASS_FILE; -+ avr =3D FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass =3D SECCLASS_CHR_FILE; -+ avr =3D CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass =3D SECCLASS_FILE; -+ avr =3D FILE__WRITE; -+ } -+ else -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character dev= ice or regular file")); -+ return (NULL); -+ } -+ static avc_initialized =3D 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(con->scon, &clisid) !=3D 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELin= ux sid of the client")); -+ return (NULL); -+ } -+ if (getfilecon(printerfile, &devcon) =3D=3D -1) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELin= ux context of the printer")); -+ return (NULL); -+ } -+ printercon =3D context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client = context %s", -+ context_str(printercon), con->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) !=3D 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELin= ux sid of the printer")); -+ freecon(devcon); -+ return (NULL); -+ } -+ freecon(devcon); -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) !=3D 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit mess= age -+ */ -+ if (AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ cupsdSetStringf(&audit_message, "job=3D? auid=3D%u acct=3D%s obj= =3D%s refused" -+ " unable to access printer=3D%s", con->auid, -+ con->username, con->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit= _message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits acces= s to the printer")); -+ return (NULL); -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - if ((job =3D cupsdAddJob(priority, printer->name)) =3D=3D NULL) - { - send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1550,6 +1680,32 @@ add_job(cupsd_client_t *con, /* I - Cl - return (NULL); - } -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * duplicate the security context and auid of the connection into the jo= b structure -+ */ -+ job->scon =3D strdup(con->scon); -+ job->auid =3D con->auid; -+ -+ /*=20 -+ * add the security context to the request so that on a restart the secu= rity -+ * attributes will be able to be restored -+ */ -+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context= ",=20 -+ NULL, job->scon); -+ } -+ else -+ { -+ /* -+ * Fill in the security context of the job as unlabeled -+ */ -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s= ", UNKNOWN_SL); -+ cupsdSetString(&job->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - job->dtype =3D printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOT= E); - job->attrs =3D con->request; - job->dirty =3D 1; -@@ -1759,6 +1915,29 @@ add_job(cupsd_client_t *con, /* I - Cl - attr->values[0].string.text =3D _cupsStrRetain(printer->job_sheets[0]= ); - attr->values[1].string.text =3D _cupsStrRetain(printer->job_sheets[1]= ); - } -+#ifdef WITH_LSPP -+ else -+ { -+ /* -+ * The option was present, so capture the user supplied strings -+ */ -+ userheader =3D strdup(attr->values[0].string.text); -+ -+ if (attr->num_values > 1) -+ userfooter =3D strdup(attr->values[1].string.text); -+ =20 -+ if (Classification !=3D NULL && (strcmp(userheader, Classification) = =3D=3D 0) -+ && userfooter &&(strcmp(userfooter, Classification) =3D=3D 0)) -+ { -+ /* -+ * Since both values are Classification, the user is not trying to O= verride -+ */ -+ free(userheader); -+ if (userfooter) free(userfooter); -+ userheader =3D userfooter =3D NULL; -+ } -+ } -+#endif /* WITH_LSPP */ -=20 - job->job_sheets =3D attr; -=20 -@@ -1789,6 +1968,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets=3D\"%s,none\", " - "job-originating-user-name=3D\"%s\"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override =3D 1; -+#endif /* WITH_LSPP */ - } - else if (attr->num_values =3D=3D 2 && - strcmp(attr->values[0].string.text, -@@ -1807,6 +1989,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name=3D\"%s\"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override =3D 1; -+#endif /* WITH_LSPP */ - } - else if (strcmp(attr->values[0].string.text, Classification) && - strcmp(attr->values[0].string.text, "none") && -@@ -1827,6 +2012,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name=3D\"%s\"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override =3D 1; -+#endif /* WITH_LSPP */ - } - } - else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1867,8 +2055,52 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets=3D\"%s\", " - "job-originating-user-name=3D\"%s\"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override =3D 1; -+#endif /* WITH_LSPP */ -+ } -+#ifdef WITH_LSPP -+ if (is_lspp_config() && AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ -+ if (userheader || userfooter) -+ { -+ if (!override) -+ { -+ /* -+ * The user overrode the banner, so audit it -+ */ -+ cupsdSetStringf(&audit_message, "job=3D%d user supplied job-she= ets=3D%s,%s" -+ " using banners=3D%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string= .text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_me= ssage, -+ ServerName, NULL, NULL, 1); -+ } -+ else -+ { -+ /* -+ * The user tried to override the banner, audit the failure -+ */ -+ cupsdSetStringf(&audit_message, "job=3D%d user supplied job-she= ets=3D%s,%s" -+ " ignored banners=3D%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string= .text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_me= ssage, -+ ServerName, NULL, NULL, 0); -+ } -+ cupsdClearString(&audit_message); -+ } - } -+ -+ if (userheader) -+ free(userheader); -+ if (userfooter) -+ free(userfooter); -+#endif /* WITH_LSPP */ - } -+ =20 -=20 - /* - * See if we need to add the starting sheet... -@@ -3615,6 +3847,111 @@ check_rss_recipient( - } -=20 -=20 -+#ifdef WITH_LSPP -+/* -+ * 'check_context()' - Check SELinux security context of a user and job -+ */ -+ -+static int /* O - 1 if OK, 0 if not, -1 on error */ -+check_context(cupsd_client_t *con, /* I - Client connection */ -+ cupsd_job_t *job) /* I - Job */ -+{ -+ int enforcing; /* is SELinux in enforcing mode */ -+ char filename[1024]; /* Filename of the spool file */ -+ security_id_t clisid; /* SELinux SID of the client */ -+ security_id_t jobsid; /* SELinux SID of the job */ -+ security_id_t filesid; /* SELinux SID of the spool file */ -+ struct avc_entry_ref avcref; /* AVC entry cache pointer */ -+ security_class_t tclass; /* SELinux security class */ -+ access_vector_t avr; /* SELinux access being queried */ -+ security_context_t spoolfilecon; /* SELinux context of the spool file */ -+ -+ -+ /* -+ * Validate the input to be sure there are contexts to work with... -+ */ -+ -+ if (con->scon =3D=3D NULL || job->scon =3D=3D NULL -+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) =3D=3D 0 -+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) =3D=3D 0) -+ return -1; -+ -+ if ((enforcing =3D security_getenforce()) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enfor= cement"); -+ return -1; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job co= ntext %s", con->scon, job->scon); -+ -+ -+ /* -+ * Initialize the avc engine... -+ */ -+ -+ static avc_initialized =3D 0; -+ if (! avc_initialized++) -+ { -+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init"); -+ return -1; -+ }=20 -+ }=20 -+ if (avc_context_to_sid(con->scon, &clisid) !=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s t= o SELinux sid", con->scon); -+ return -1; -+ } -+ if (avc_context_to_sid(job->scon, &jobsid) !=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s t= o SELinux sid", job->scon); -+ return -1; -+ } -+ avc_entry_ref_init(&avcref); -+ tclass =3D SECCLASS_FILE; -+ avr =3D FILE__READ; -+ -+ /* -+ * Perform the check with the client as the subject, first with the job as= the object -+ * if that fails then with the spool file as the object... -+ */ -+ -+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) !=3D= 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access b= ased on the client context"); -+ -+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); -+ if (getfilecon(filename, &spoolfilecon) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolf= ile context"); -+ return -1; -+ } -+ if (avc_context_to_sid(spoolfilecon, &filesid) !=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine = the SELinux sid for the spool file"); -+ freecon(spoolfilecon); -+ return -1; -+ } -+ freecon(spoolfilecon); -+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != =3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access= to the spool file"); -+ return 0; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access = to the spool file"); -+ return 1; -+ } -+ else -+ if (enforcing =3D=3D 0) -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation = due to permissive mode"); -+ else -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed acc= ess based on the client context"); -+ -+ return 1; -+} -+#endif /* WITH_LSPP */ -+ -+ - /* - * 'check_quotas()' - Check quotas for a printer and user. - */ -@@ -4067,6 +4404,15 @@ copy_banner(cupsd_client_t *con, /* I - - char attrname[255], /* Name of attribute */ - *s; /* Pointer into name */ - ipp_attribute_t *attr; /* Attribute */ -+#ifdef WITH_LSPP -+ const char *mls_label; /* SL of print job */ -+ char *jobrange; /* SELinux sensitivity range */ -+ char *jobclearance; /* SELinux low end clearance */ -+ context_t jobcon; /* SELinux context of the job */ -+ context_t tmpcon; /* Temp context to set the level */ -+ security_context_t spoolcon; /* Context of the file in the spool */ -+#endif /* WITH_LSPP */ -+ -=20 -=20 - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4102,6 +4448,82 @@ copy_banner(cupsd_client_t *con, /* I - -=20 - fchmod(cupsFileNumber(out), 0640); - fchown(cupsFileNumber(out), RunUser, Group); -+#ifdef WITH_LSPP -+ if (job->scon !=3D NULL && -+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) !=3D 0) -+ { -+ if (getfilecon(filename, &spoolcon) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the context of the banner= file %s - %s", -+ filename, strerror(errno)); -+ job->num_files --; -+ return (0); -+ } -+ tmpcon =3D context_new(spoolcon); -+ jobcon =3D context_new(job->scon); -+ freecon(spoolcon); -+ if (!tmpcon || !jobcon) -+ { -+ if (tmpcon) -+ context_free(tmpcon); -+ if (jobcon) -+ context_free(jobcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the SELinux contexts"); -+ job->num_files --; -+ return (0); -+ } -+ jobrange =3D context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange =3D strdup(jobrange); -+ if ((jobclearance =3D strtok(jobrange, "-")) !=3D NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ free(jobrange); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the context of the banner= file %s - %s", -+ filename, strerror(errno)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", -+ filename, context_str(tmpcon)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ } -+#endif /* WITH_LSPP */ -=20 - /* - * Try the localized banner file under the subdirectory... -@@ -4196,6 +4618,24 @@ copy_banner(cupsd_client_t *con, /* I - - else - s =3D attrname; -=20 -+#ifdef WITH_LSPP -+ if (strcmp(s, "mls-label") =3D=3D 0) -+ { -+ if (job->scon !=3D NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UN= KNOWN_SL)) !=3D 0) -+ { -+ jobcon =3D context_new(job->scon); -+ if (_cups_strcasecmp(name, MLS_CONFIG) =3D=3D 0) -+ mls_label =3D context_range_get(jobcon); -+ else if (_cups_strcasecmp(name, TE_CONFIG) =3D=3D 0) -+ mls_label =3D context_type_get(jobcon); -+ else // default to using the whole context string -+ mls_label =3D context_str(jobcon); -+ cupsFilePuts(out, mls_label); -+ context_free(jobcon); -+ } -+ continue; -+ } -+#endif /* WITH_LSPP */ - if (!strcmp(s, "printer-name")) - { - cupsFilePuts(out, job->dest); -@@ -6273,6 +6713,22 @@ get_job_attrs(cupsd_client_t *con, /* I -=20 - exclude =3D cupsdGetPrivateAttrs(policy, con, printer, job->username); -=20 -+ -+#ifdef WITH_LSPP -+ /* -+ * Check SELinux... -+ */ -+ if (is_lspp_config() && check_context(con, job) !=3D 1) -+ { -+ /* -+ * Unfortunately we have to lie to the user... -+ */ -+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid= ); -+ return; -+ } -+#endif /* WITH_LSPP */ -+ -+ - /* - * Copy attributes... - */ -@@ -6626,6 +7082,11 @@ get_jobs(cupsd_client_t *con, /* I - C - if (username[0] && _cups_strcasecmp(username, job->username)) - continue; -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) !=3D 1) -+ continue; -+#endif /* WITH_LSPP */ -+ - if (count > 0) - ippAddSeparator(con->response); -=20 -@@ -11106,6 +11567,11 @@ validate_user(cupsd_job_t *job, /* I -=20 - strlcpy(username, get_username(con), userlen); -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) !=3D 1) -+ return 0; -+#endif /* WITH_LSPP */ -+ - /* - * Check the username against the owner... - */ -diff -up cups-1.6b1/scheduler/job.c.lspp cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.lspp 2012-05-25 17:01:32.824768691 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 17:22:50.856860012 +0200 -@@ -68,6 +68,9 @@ - * update_job_attrs() - Update the job-printer-* attributes. - */ -=20 -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -83,6 +86,14 @@ - # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ - #endif /* __APPLE__ */ -=20 -+#ifdef WITH_LSPP -+#include -+#include -+#include -+#include -+#include -+#include -+#endif /* WITH_LSPP */ -=20 - /* - * Design Notes for Job Management -@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - /* PRINTER_STATE_REASONS env var */ - rip_max_cache[255]; - /* RIP_MAX_CACHE env variable */ -+#ifdef WITH_LSPP -+ char *audit_message =3D NULL; /* Audit message string */ -+ context_t jobcon; /* SELinux context of the job */ -+ char *label_template =3D NULL; /* SL to put in classification -+ env var */ -+ const char *mls_label =3D NULL; /* SL to put in classification -+ env var */ -+#endif /* WITH_LSPP */ -=20 -=20 - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1071,6 +1090,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - } - } -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) = =3D=3D 0) -+ { -+ if (AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ cupsdSetStringf(&audit_message, "job=3D%d auid=3D%u acct=3D%s print= er=3D%s title=3D%s", -+ job->id, job->auid, job->username, job->printer->na= me, title); -+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit= _message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ } -+ else=20 -+ { -+ jobcon =3D context_new(job->scon); -+ -+ if ((attr =3D ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME= )) =3D=3D NULL) -+ label_template =3D strdup(Classification); -+ else if (attr->num_values > 1 && -+ strcmp(attr->values[1].string.text, "none") !=3D 0) -+ label_template =3D strdup(attr->values[1].string.text); -+ else -+ label_template =3D strdup(attr->values[0].string.text); -+ -+ if (_cups_strcasecmp(label_template, MLS_CONFIG) =3D=3D 0) -+ mls_label =3D context_range_get(jobcon); -+ else if (_cups_strcasecmp(label_template, TE_CONFIG) =3D=3D 0) -+ mls_label =3D context_type_get(jobcon); -+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) =3D=3D 0) -+ mls_label =3D context_str(jobcon); -+ else -+ mls_label =3D label_template; -+ -+ if (mls_label && (PerPageLabels || banner_page)) -+ { -+ snprintf(classification, sizeof(classification), "CLASSIFICATION=3D= LSPP:%s", mls_label); -+ envp[envc ++] =3D classification; -+ } -+ -+ if ((AuditLog !=3D -1) && !banner_page) -+ { -+ audit_message =3D NULL; -+ cupsdSetStringf(&audit_message, "job=3D%d auid=3D%u acct=3D%s print= er=3D%s title=3D%s" -+ " obj=3D%s label=3D%s", job->id, job->auid, job->us= ername, -+ job->printer->name, title, job->scon, mls_label?mls= _label:"none"); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_m= essage, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ context_free(jobcon); -+ free(label_template); -+ } -+ } -+ else -+ /* -+ * Fall through to the non-LSPP behavior -+ */ -+#endif /* WITH_LSPP */ - if (Classification && !banner_page) - { - if ((attr =3D ippFindAttribute(job->attrs, "job-sheets", -@@ -1845,6 +1925,20 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J - ippSetString(job->attrs, &job->reasons, 0, "none"); - } -=20 -+#ifdef WITH_LSPP -+ if ((attr =3D ippFindAttribute(job->attrs, "security-context", IPP_TAG_NA= ME)) !=3D NULL) -+ cupsdSetString(&job->scon, attr->values[0].string.text); -+ else if (is_lspp_config()) -+ { -+ /* -+ * There was no security context so delete the job -+ */ -+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-= context attribute in control file \"%s\"!", -+ jobfile); -+ goto error; -+ } -+#endif /* WITH_LSPP */ -+ - job->sheets =3D ippFindAttribute(job->attrs, "job-media-sheets-comple= ted", - IPP_TAG_INTEGER); - job->job_sheets =3D ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NA= ME); -@@ -2235,6 +2329,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - { - char filename[1024]; /* Job control filename */ - cups_file_t *fp; /* Job file */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job control file */ -+ context_t jobcon; /* contex_t container for job->scon */ -+ context_t tmpcon; /* Temp context to swap the level */ -+ char *jobclearance; /* SELinux low end clearance */ -+ const char *jobrange; /* SELinux sensitivity range */ -+ char *jobrange_copy; /* SELinux sensitivity range */ -+#endif /* WITH_LSPP */ -=20 -=20 - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=3D%p(%d)): job->attrs= =3D%p", -@@ -2247,6 +2349,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J -=20 - fchown(cupsFileNumber(fp), RunUser, Group); -=20 -+#ifdef WITH_LSPP -+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) !=3D = 0) -+ { -+ if (getfilecon(filename, &spoolcon) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to get context of job control file \"%s\" - %= s.", -+ filename, strerror(errno)); -+ return; -+ } -+ jobcon =3D context_new(job->scon); -+ tmpcon =3D context_new(spoolcon); -+ freecon(spoolcon); -+ if (!jobcon || !tmpcon) -+ { -+ if (jobcon) -+ context_free(jobcon); -+ if (tmpcon) -+ context_free(tmpcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); -+ return; -+ } -+ jobrange =3D context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange_copy =3D strdup(jobrange); -+ if ((jobclearance =3D strtok(jobrange_copy, "-")) !=3D NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file \"%s\" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ free(jobrange_copy); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set context of job control file \"%s\" - %= s.", -+ filename, strerror(errno)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=3D%p): new spool fi= le context=3D%s", -+ job, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ } -+#endif /* WITH_LSPP */ -+ - job->attrs->state =3D IPP_IDLE; -=20 - if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3735,6 +3907,18 @@ get_options(cupsd_job_t *job, /* I - Jo - banner_page) - continue; -=20 -+#ifdef WITH_LSPP -+ /* -+ * In LSPP mode refuse to honor the page-label -+ */ -+ if (is_lspp_config() && -+ !strcmp(attr->name, "page-label")) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to= LSPP mode"); -+ continue; -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Otherwise add them to the list... - */ -@@ -4457,6 +4641,19 @@ static void - start_job(cupsd_job_t *job, /* I - Job ID */ - cupsd_printer_t *printer) /* I - Printer to print job */ - { -+#ifdef WITH_LSPP -+ char *audit_message =3D NULL; /* Audit message string */ -+ char *printerfile =3D NULL; /* Device file pointed to by the printer */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=3D%p(%d), printer=3D%p(%= s))", - job, job->id, printer, printer->name); -=20 -@@ -4599,6 +4796,108 @@ start_job(cupsd_job_t *job, /* I - - fcntl(job->side_pipes[1], F_SETFD, - fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); -=20 -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * Perform an access check before printing, but only if the printer star= ts with /dev/ -+ */ -+ printerfile =3D strstr(printer->device_uri, "/dev/"); -+ if (printerfile =3D=3D NULL && (strncmp(printer->device_uri, "file:/", = 6) =3D=3D 0)) -+ printerfile =3D printer->device_uri + strlen("file:"); -+ -+ if (printerfile !=3D NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "StartJob: Attempting to check access on printer devi= ce %s", printerfile); -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno !=3D ENOENT) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass =3D SECCLASS_FILE; -+ avr =3D FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass =3D SECCLASS_CHR_FILE; -+ avr =3D CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass =3D SECCLASS_FILE; -+ avr =3D FILE__WRITE; -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Printer is not a character device or regular file"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ static avc_initialized =3D 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(job->scon, &clisid) !=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for = the job"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ if (getfilecon(printerfile, &devcon) =3D=3D -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELin= ux context of %s", -+ printerfile); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ printercon =3D context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client= context %s", -+ context_str(printercon), job->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) !=3D 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for = the printer"); -+ freecon(devcon); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ freecon(devcon); -+ -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) !=3D 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit mess= age -+ */ -+ if (AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ cupsdSetStringf(&audit_message, "job=3D%d auid=3D%u acct=3D%s obj= =3D%s canceled" -+ " unable to access printer=3D%s",= job->id, -+ job->auid, (job->username)?job->username:"?", job= ->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit= _message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ -+ return ; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Now start the first file in the job... - */ -diff -up cups-1.6b1/scheduler/job.h.lspp cups-1.6b1/scheduler/job.h ---- cups-1.6b1/scheduler/job.h.lspp 2012-05-23 03:36:50.000000000 +0200 -+++ cups-1.6b1/scheduler/job.h 2012-05-25 17:23:41.802504888 +0200 -@@ -13,6 +13,13 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ -=20 -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include -+#endif /* WITH_LSPP */ -+ - /* - * Constants... - */ -@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request * - int progress; /* Printing progress */ - int num_keywords; /* Number of PPD keywords */ - cups_option_t *keywords; /* PPD keywords */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of job */ -+ uid_t auid; /* Audit loginuid for this job */ -+#endif /* WITH_LSPP */ - }; -=20 - typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-1.6b1/scheduler/main.c.lspp cups-1.6b1/scheduler/main.c ---- cups-1.6b1/scheduler/main.c.lspp 2012-05-25 17:01:32.849768516 +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-25 17:01:32.868768383 +0200 -@@ -38,6 +38,8 @@ - * usage() - Show scheduler usage. - */ -=20 -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -75,6 +77,9 @@ - # include - #endif /* HAVE_NOTIFY_H */ -=20 -+#ifdef WITH_LSPP -+# include -+#endif /* WITH_LSPP */ -=20 - /* - * Local functions... -@@ -138,6 +143,9 @@ main(int argc, /* I - Number of comm - #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) - struct sigaction action; /* Actions for POSIX signals */ - #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ -+#if WITH_LSPP -+ auditfail_t failmode; /* Action for audit_open failure */ -+#endif /* WITH_LSPP */ - #ifdef __sgi - cups_file_t *fp; /* Fake lpsched lock file */ - struct stat statbuf; /* Needed for checking lpsched FIFO */ -@@ -463,6 +471,25 @@ main(int argc, /* I - Number of comm - #endif /* DEBUG */ - } -=20 -+#ifdef WITH_LSPP -+ if ((AuditLog =3D audit_open()) < 0 ) -+ { -+ if (get_auditfail_action(&failmode) =3D=3D 0) -+ { -+ if (failmode =3D=3D FAIL_LOG) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsys= tem."); -+ AuditLog =3D -1; -+ } -+ else if (failmode =3D=3D FAIL_TERMINATE) -+ { -+ fprintf(stderr, "cupsd: unable to start auditing, terminating"); -+ return -1; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Set the timezone info... - */ -@@ -1180,6 +1207,11 @@ main(int argc, /* I - Number of comm -=20 - cupsdStopSelect(); -=20 -+#ifdef WITH_LSPP -+ if (AuditLog !=3D -1) -+ audit_close(AuditLog); -+#endif /* WITH_LSPP */ -+ - return (!stop_scheduler); - } -=20 -diff -up cups-1.6b1/scheduler/printers.c.lspp cups-1.6b1/scheduler/printers.c ---- cups-1.6b1/scheduler/printers.c.lspp 2012-05-25 17:01:32.786768955 +0200 -+++ cups-1.6b1/scheduler/printers.c 2012-05-25 17:24:11.144300359 +0200 -@@ -56,6 +56,8 @@ - * write_xml_string() - Write a string with XML escaping. - */ -=20 -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -80,6 +82,10 @@ - # include - #endif /* __APPLE__ */ -=20 -+#ifdef WITH_LSPP -+# include -+# include -+#endif /* WITH_LSPP */ -=20 - /* - * Local functions... -@@ -2101,6 +2107,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - "username", - "password" - }; -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* Path to a local printer dev */ -+ char *rangestr; /* Printer's range if its available */ -+ security_context_t devcon; /* Printer SELinux context */ -+ context_t printercon; /* context_t for the printer */ -+#endif /* WITH_LSPP */ -=20 -=20 - DEBUG_printf(("cupsdSetPrinterAttrs: entering name =3D %s, type =3D %x\n"= , p->name, -@@ -2234,6 +2247,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - attr->values[1].string.text =3D _cupsStrAlloc(Classification ? - Classification : p->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ if (AuditLog !=3D -1) -+ { -+ audit_message =3D NULL; -+ rangestr =3D NULL; -+ printercon =3D 0; -+ printerfile =3D strstr(p->device_uri, "/dev/"); -+ if (printerfile =3D=3D NULL && (strncmp(p->device_uri, "file:/", 6) = =3D=3D 0)) -+ printerfile =3D p->device_uri + strlen("file:"); -+ -+ if (printerfile !=3D NULL) -+ { -+ if (getfilecon(printerfile, &devcon) =3D=3D -1) -+ { -+ if(is_selinux_enabled()) -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable = to get printer context"); -+ } -+ else -+ { -+ printercon =3D context_new(devcon); -+ freecon(devcon); -+ } -+ } -+ -+ if (printercon && context_range_get(printercon)) -+ rangestr =3D strdup(context_range_get(printercon)); -+ else -+ rangestr =3D strdup("unknown"); -+ -+ cupsdSetStringf(&audit_message, "printer=3D%s uri=3D%s banners=3D%s,%= s range=3D%s", -+ p->name, p->sanitized_device_uri, p->job_sheets[0], p= ->job_sheets[1], rangestr); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_mess= age, -+ ServerName, NULL, NULL, 1); -+ if (printercon) -+ context_free(printercon); -+ free(rangestr); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ - } -=20 - p->raw =3D 0; -@@ -5320,7 +5372,6 @@ write_irix_state(cupsd_printer_t *p) /* - } - #endif /* __sgi */ -=20 -- - /* - * 'write_xml_string()' - Write a string with XML escaping. - */ --=20 2.6.3 --===============2878770649437078643==--