Signed-off-by: Alexander Marx alexander.marx@ipfire.org --- cups/cups.nm | 6 +- cups/patches/001_cups-no-gzip-man.patch | 18 - cups/patches/002_cups-system-auth.patch | 38 - cups/patches/003_cups-multilib.patch | 16 - cups/patches/004_cups-banners.patch | 12 - cups/patches/005_cups-serverbin-compat.patch | 190 -- cups/patches/006_cups-no-export-ssllibs.patch | 12 - cups/patches/007_cups-direct-usb.patch | 27 - cups/patches/008_cups-lpr-help.patch | 48 - cups/patches/009_cups-peercred.patch | 11 - cups/patches/010_cups-pid.patch | 37 - cups/patches/011_cups-eggcups.patch | 130 -- cups/patches/012_cups-driverd-timeout.patch | 21 - cups/patches/013_cups-strict-ppd-line-length.patch | 30 - cups/patches/014_cups-logrotate.patch | 63 - cups/patches/015_cups-usb-paperout.patch | 52 - cups/patches/016_cups-res_init.patch | 26 - cups/patches/017_cups-filter-debug.patch | 32 - cups/patches/018_cups-uri-compat.patch | 51 - cups/patches/019_cups-cups-get-classes.patch | 89 - cups/patches/020_cups-str3382.patch | 64 - cups/patches/021_cups-0755.patch | 21 - cups/patches/022_cups-hp-deviceid-oid.patch | 21 - cups/patches/023_cups-dnssd-deviceid.patch | 38 - cups/patches/024_cups-ricoh-deviceid-oid.patch | 21 - cups/patches/025_cups-systemd-socket.patch | 395 ---- cups/patches/026_cups-lspp.patch | 1999 -------------------- 27 files changed, 3 insertions(+), 3465 deletions(-) delete mode 100644 cups/patches/001_cups-no-gzip-man.patch delete mode 100644 cups/patches/002_cups-system-auth.patch delete mode 100644 cups/patches/003_cups-multilib.patch delete mode 100644 cups/patches/004_cups-banners.patch delete mode 100644 cups/patches/005_cups-serverbin-compat.patch delete mode 100644 cups/patches/006_cups-no-export-ssllibs.patch delete mode 100644 cups/patches/007_cups-direct-usb.patch delete mode 100644 cups/patches/008_cups-lpr-help.patch delete mode 100644 cups/patches/009_cups-peercred.patch delete mode 100644 cups/patches/010_cups-pid.patch delete mode 100644 cups/patches/011_cups-eggcups.patch delete mode 100644 cups/patches/012_cups-driverd-timeout.patch delete mode 100644 cups/patches/013_cups-strict-ppd-line-length.patch delete mode 100644 cups/patches/014_cups-logrotate.patch delete mode 100644 cups/patches/015_cups-usb-paperout.patch delete mode 100644 cups/patches/016_cups-res_init.patch delete mode 100644 cups/patches/017_cups-filter-debug.patch delete mode 100644 cups/patches/018_cups-uri-compat.patch delete mode 100644 cups/patches/019_cups-cups-get-classes.patch delete mode 100644 cups/patches/020_cups-str3382.patch delete mode 100644 cups/patches/021_cups-0755.patch delete mode 100644 cups/patches/022_cups-hp-deviceid-oid.patch delete mode 100644 cups/patches/023_cups-dnssd-deviceid.patch delete mode 100644 cups/patches/024_cups-ricoh-deviceid-oid.patch delete mode 100644 cups/patches/025_cups-systemd-socket.patch delete mode 100644 cups/patches/026_cups-lspp.patch
diff --git a/cups/cups.nm b/cups/cups.nm index 3b5672b..5abb804 100644 --- a/cups/cups.nm +++ b/cups/cups.nm @@ -4,7 +4,7 @@ ###############################################################################
name = cups -version = 1.6.1 +version = 2.1.4 release = 1
groups = Applications/Printing @@ -17,8 +17,8 @@ description by Apple Inc. for Mac OS(R) X and other UNIX(R)-like operating systems. end
-source_dl = http://ftp.easysw.com/pub/cups/%%7Bversion%7D/ -sources = %{thisapp}-source.tar.bz2 +source_dl = https://github.com/apple/cups/releases/download/release-%%7Bversion%7D/ +sources = %{thisapp}-source.tar.gz
build requires diff --git a/cups/patches/001_cups-no-gzip-man.patch b/cups/patches/001_cups-no-gzip-man.patch deleted file mode 100644 index cabfcf1..0000000 --- a/cups/patches/001_cups-no-gzip-man.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man cups-1.6b1/config-scripts/cups-manpages.m4 ---- cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/config-scripts/cups-manpages.m4 2012-05-25 14:57:01.959845267 +0200 -@@ -69,10 +69,10 @@ case "$uname" in - ;; - Linux* | GNU* | Darwin*) - # Linux, GNU Hurd, and OS X -- MAN1EXT=1.gz -- MAN5EXT=5.gz -- MAN7EXT=7.gz -- MAN8EXT=8.gz -+ MAN1EXT=1 -+ MAN5EXT=5 -+ MAN7EXT=7 -+ MAN8EXT=8 - MAN8DIR=8 - ;; - *) diff --git a/cups/patches/002_cups-system-auth.patch b/cups/patches/002_cups-system-auth.patch deleted file mode 100644 index 60117a9..0000000 --- a/cups/patches/002_cups-system-auth.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth ---- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 -+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,4 @@ -+#%PAM-1.0 -+# Use password-auth common PAM configuration for the daemon -+auth include password-auth -+account include password-auth -diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth ---- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 -+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+auth include system-auth -+account include system-auth -diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile ---- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200 -+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200 -@@ -90,10 +90,16 @@ install-data: - done - -if test x$(PAMDIR) != x; then \ - $(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \ -- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ if test -f /etc/pam.d/password-auth; then \ -+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \ -+ elif test -f /etc/pam.d/system-auth; then \ -+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \ - else \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ else \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ fi ; \ - fi ; \ - fi - diff --git a/cups/patches/003_cups-multilib.patch b/cups/patches/003_cups-multilib.patch deleted file mode 100644 index 3c6bc39..0000000 --- a/cups/patches/003_cups-multilib.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in ---- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200 -+++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200 -@@ -22,8 +22,10 @@ prefix=@prefix@ - exec_prefix=@exec_prefix@ - bindir=@bindir@ - includedir=@includedir@ --libdir=@libdir@ --imagelibdir=@libdir@ -+# Fetch libdir from gnutls's pkg-config script. This is a bit -+# of a cheat, but the cups-devel package requires gnutls-devel anyway. -+libdir=`pkg-config --variable=libdir gnutls` -+imagelibdir=`pkg-config --variable=libdir gnutls` - datarootdir=@datadir@ - datadir=@datadir@ - sysconfdir=@sysconfdir@ diff --git a/cups/patches/004_cups-banners.patch b/cups/patches/004_cups-banners.patch deleted file mode 100644 index aa19282..0000000 --- a/cups/patches/004_cups-banners.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c ---- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200 -@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I - - if ((ext = strrchr(dent->filename, '.')) != NULL) - if (!strcmp(ext, ".bck") || - !strcmp(ext, ".bak") || -+ !strcmp(ext, ".rpmnew") || -+ !strcmp(ext, ".rpmsave") || - !strcmp(ext, ".sav")) - continue; - diff --git a/cups/patches/005_cups-serverbin-compat.patch b/cups/patches/005_cups-serverbin-compat.patch deleted file mode 100644 index 0ca72fd..0000000 --- a/cups/patches/005_cups-serverbin-compat.patch +++ /dev/null @@ -1,190 +0,0 @@ -diff -up cups-1.5b1/scheduler/conf.c.serverbin-compat cups-1.5b1/scheduler/conf.c ---- cups-1.5b1/scheduler/conf.c.serverbin-compat 2011-05-20 06:24:54.000000000 +0200 -+++ cups-1.5b1/scheduler/conf.c 2011-05-23 17:20:33.000000000 +0200 -@@ -491,6 +491,9 @@ cupsdReadConfiguration(void) - cupsdClearString(&ServerName); - cupsdClearString(&ServerAdmin); - cupsdSetString(&ServerBin, CUPS_SERVERBIN); -+#ifdef __x86_64__ -+ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups"); -+#endif /* __x86_64__ */ - cupsdSetString(&RequestRoot, CUPS_REQUESTS); - cupsdSetString(&CacheDir, CUPS_CACHEDIR); - cupsdSetString(&DataDir, CUPS_DATADIR); -@@ -1378,7 +1381,12 @@ cupsdReadConfiguration(void) - * Read the MIME type and conversion database... - */ - -+#ifdef __x86_64__ -+ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin, -+ ServerBin_compat); -+#else - snprintf(temp, sizeof(temp), "%s/filter", ServerBin); -+#endif - snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir); - - MimeDatabase = mimeNew(); -diff -up cups-1.5b1/scheduler/conf.h.serverbin-compat cups-1.5b1/scheduler/conf.h ---- cups-1.5b1/scheduler/conf.h.serverbin-compat 2011-04-22 19:47:03.000000000 +0200 -+++ cups-1.5b1/scheduler/conf.h 2011-05-23 15:34:25.000000000 +0200 -@@ -105,6 +105,10 @@ VAR char *ConfigurationFile VALUE(NULL) - /* Root directory for scheduler */ - *ServerBin VALUE(NULL), - /* Root directory for binaries */ -+#ifdef __x86_64__ -+ *ServerBin_compat VALUE(NULL), -+ /* Compat directory for binaries */ -+#endif /* __x86_64__ */ - *StateDir VALUE(NULL), - /* Root directory for state data */ - *RequestRoot VALUE(NULL), -diff -up cups-1.5b1/scheduler/env.c.serverbin-compat cups-1.5b1/scheduler/env.c ---- cups-1.5b1/scheduler/env.c.serverbin-compat 2011-01-11 04:48:42.000000000 +0100 -+++ cups-1.5b1/scheduler/env.c 2011-05-23 17:07:17.000000000 +0200 -@@ -218,8 +218,13 @@ cupsdUpdateEnv(void) - set_if_undefined("LD_PRELOAD", NULL); - set_if_undefined("NLSPATH", NULL); - if (find_env("PATH") < 0) -+#ifdef __x86_64__ -+ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR -+ ":/bin:/usr/bin", ServerBin, ServerBin_compat); -+#else /* ! defined(__x86_64__) */ - cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR - ":/bin:/usr/bin", ServerBin); -+#endif - set_if_undefined("SERVER_ADMIN", ServerAdmin); - set_if_undefined("SHLIB_PATH", NULL); - set_if_undefined("SOFTWARE", CUPS_MINIMAL); -diff -up cups-1.5b1/scheduler/ipp.c.serverbin-compat cups-1.5b1/scheduler/ipp.c ---- cups-1.5b1/scheduler/ipp.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/ipp.c 2011-05-23 16:09:57.000000000 +0200 -@@ -2586,9 +2586,18 @@ add_printer(cupsd_client_t *con, /* I - - * Could not find device in list! - */ - -+#ifdef __x86_64__ -+ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (access(srcfile, X_OK)) -+ { -+#endif /* __x86_64__ */ - send_ipp_status(con, IPP_NOT_POSSIBLE, - _("Bad device-uri scheme "%s"."), scheme); - return; -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } - -diff -up cups-1.5b1/scheduler/job.c.serverbin-compat cups-1.5b1/scheduler/job.c ---- cups-1.5b1/scheduler/job.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/job.c 2011-05-23 16:18:57.000000000 +0200 -@@ -1047,8 +1047,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I - i ++, filter = (mime_filter_t *)cupsArrayNext(filters)) - { - if (filter->filter[0] != '/') -- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -- filter->filter); -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", -+ ServerBin_compat, filter->filter); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Filter '%s' not in %s/filter!", -+ filter->filter, ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ * messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+ } -+ } -+#endif /* __x86_64__ */ -+ } - else - strlcpy(command, filter->filter, sizeof(command)); - -@@ -1199,6 +1223,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I - { - cupsdClosePipe(job->back_pipes); - cupsdClosePipe(job->side_pipes); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but we found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Backend '%s' not in %s/backend!", scheme, -+ ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin, -+ scheme); -+ } -+ } -+#endif /* __x86_64__ */ - - close(job->status_pipes[1]); - job->status_pipes[1] = -1; -diff -up cups-1.5b1/scheduler/printers.c.serverbin-compat cups-1.5b1/scheduler/printers.c ---- cups-1.5b1/scheduler/printers.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/printers.c 2011-05-23 17:09:04.000000000 +0200 -@@ -1030,9 +1030,19 @@ cupsdLoadAllPrinters(void) - * Backend does not exist, stop printer... - */ - -+#ifdef __x86_64__ -+ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat, -+ p->device_uri); -+ if (access(line, 0)) -+ { -+#endif /* __x86_64__ */ -+ - p->state = IPP_PRINTER_STOPPED; - snprintf(p->state_message, sizeof(p->state_message), - "Backend %s does not exist!", line); -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } - -@@ -3621,8 +3631,20 @@ add_printer_filter( - else - snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, program); - -+#ifdef __x86_64__ -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) { -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat, -+ program); -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, -+ program); -+ } -+#else /* ! defined(__x86_64__) */ - _cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, - cupsdLogFCMessage, p); -+#endif - } - - /* diff --git a/cups/patches/006_cups-no-export-ssllibs.patch b/cups/patches/006_cups-no-export-ssllibs.patch deleted file mode 100644 index de277d8..0000000 --- a/cups/patches/006_cups-no-export-ssllibs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5.3/config-scripts/cups-ssl.m4 ---- cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs 2012-03-21 05:45:48.000000000 +0100 -+++ cups-1.5.3/config-scripts/cups-ssl.m4 2012-05-15 16:47:13.753314620 +0200 -@@ -173,7 +173,7 @@ AC_SUBST(IPPALIASES) - AC_SUBST(SSLFLAGS) - AC_SUBST(SSLLIBS) - --EXPORT_SSLLIBS="$SSLLIBS" -+EXPORT_SSLLIBS="" - AC_SUBST(EXPORT_SSLLIBS) - - dnl diff --git a/cups/patches/007_cups-direct-usb.patch b/cups/patches/007_cups-direct-usb.patch deleted file mode 100644 index 4e25ce7..0000000 --- a/cups/patches/007_cups-direct-usb.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200 -@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ - -+ if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ use_bc = 0; -+ - if ((device_fd = open_device(uri, &use_bc)) == -1) - { - if (getenv("CLASS") != NULL) -@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- /* -- * Do not allow direct devices anymore... -- */ -- -- errno = ENODEV; -- return (-1); -+ return (open(uri + 4, O_RDWR | O_EXCL)); - } - else if (!strncmp(uri, "usb://", 6)) - { diff --git a/cups/patches/008_cups-lpr-help.patch b/cups/patches/008_cups-lpr-help.patch deleted file mode 100644 index c42434d..0000000 --- a/cups/patches/008_cups-lpr-help.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up cups-1.5b1/berkeley/lpr.c.lpr-help cups-1.5b1/berkeley/lpr.c ---- cups-1.5b1/berkeley/lpr.c.lpr-help 2011-03-21 23:02:00.000000000 +0100 -+++ cups-1.5b1/berkeley/lpr.c 2011-05-23 17:58:06.000000000 +0200 -@@ -24,6 +24,31 @@ - #include <cups/cups-private.h> - - -+static void -+usage (const char *name) -+{ -+ _cupsLangPrintf(stdout, -+"Usage: %s [OPTION] [ file(s) ]\n" -+"Print files.\n\n" -+" -E force encryption\n" -+" -H server[:port] specify alternate server\n" -+" -C title, -J title, -T title\n" -+" set the job name\n\n" -+" -P destination/instance print to named printer\n" -+" -U username specify alternate username\n" -+" -# num-copies set number of copies\n" -+" -h disable banner printing\n" -+" -l print without filtering\n" -+" -m send email on completion\n" -+" -o option[=value] set a job option\n" -+" -p format text file with header\n" -+" -q hold job for printing\n" -+" -r delete files after printing\n" -+"\nWith no file given, read standard input.\n" -+, name); -+} -+ -+ - /* - * 'main()' - Parse options and send files for printing. - */ -@@ -270,6 +294,12 @@ main(int argc, /* I - Number of comm - break; - - default : -+ if (!strcmp (argv[i], "--help")) -+ { -+ usage (argv[0]); -+ return (0); -+ } -+ - _cupsLangPrintf(stderr, - _("%s: Error - unknown option "%c"."), argv[0], - argv[i][1]); diff --git a/cups/patches/009_cups-peercred.patch b/cups/patches/009_cups-peercred.patch deleted file mode 100644 index a106abb..0000000 --- a/cups/patches/009_cups-peercred.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c ---- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200 -@@ -52,6 +52,7 @@ - * Include necessary headers... - */ - -+#define _GNU_SOURCE - #include "cupsd.h" - #include <grp.h> - #ifdef HAVE_SHADOW_H diff --git a/cups/patches/010_cups-pid.patch b/cups/patches/010_cups-pid.patch deleted file mode 100644 index 23ffd47..0000000 --- a/cups/patches/010_cups-pid.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c ---- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200 -+++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200 -@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm - * Setup signal handlers for the parent... - */ - -+ pid_t pid; -+ - #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */ - sigset(SIGUSR1, parent_handler); - sigset(SIGCHLD, parent_handler); -@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm - signal(SIGHUP, SIG_IGN); - #endif /* HAVE_SIGSET */ - -- if (fork() > 0) -+ if ((pid = fork()) > 0) - { - /* - * OK, wait for the child to startup and send us SIGUSR1 or to crash -@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm - sleep(1); - - if (parent_signal == SIGUSR1) -+ { -+ FILE *f = fopen ("/var/run/cupsd.pid", "w"); -+ if (f) -+ { -+ fprintf (f, "%d\n", pid); -+ fclose (f); -+ } - return (0); -+ } - - if (wait(&i) < 0) - { diff --git a/cups/patches/011_cups-eggcups.patch b/cups/patches/011_cups-eggcups.patch deleted file mode 100644 index 981d920..0000000 --- a/cups/patches/011_cups-eggcups.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up cups-1.5.3/backend/ipp.c.eggcups cups-1.5.3/backend/ipp.c ---- cups-1.5.3/backend/ipp.c.eggcups 2012-05-05 01:00:01.000000000 +0200 -+++ cups-1.5.3/backend/ipp.c 2012-05-15 16:50:41.142868986 +0200 -@@ -138,6 +138,70 @@ static cups_array_t *state_reasons; /* A - static char tmpfilename[1024] = ""; - /* Temporary spool file name */ - -+#if HAVE_DBUS -+#include <dbus/dbus.h> -+ -+static DBusConnection *dbus_connection = NULL; -+ -+static int -+init_dbus (void) -+{ -+ DBusConnection *connection; -+ DBusError error; -+ -+ if (dbus_connection && -+ !dbus_connection_get_is_connected (dbus_connection)) { -+ dbus_connection_unref (dbus_connection); -+ dbus_connection = NULL; -+ } -+ -+ dbus_error_init (&error); -+ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error); -+ if (connection == NULL) { -+ dbus_error_free (&error); -+ return -1; -+ } -+ -+ dbus_connection = connection; -+ return 0; -+} -+ -+int -+dbus_broadcast_queued_remote (const char *printer_uri, -+ ipp_status_t status, -+ unsigned int local_job_id, -+ unsigned int remote_job_id, -+ const char *username, -+ const char *printer_name) -+{ -+ DBusMessage *message; -+ DBusMessageIter iter; -+ const char *errstr; -+ -+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) { -+ if (init_dbus () || !dbus_connection) -+ return -1; -+ } -+ -+ errstr = ippErrorString (status); -+ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler", -+ "com.redhat.PrinterSpooler", -+ "JobQueuedRemote"); -+ dbus_message_iter_init_append (message, &iter); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name); -+ -+ dbus_connection_send (dbus_connection, message, NULL); -+ dbus_connection_flush (dbus_connection); -+ dbus_message_unref (message); -+ -+ return 0; -+} -+#endif /* HAVE_DBUS */ - - /* - * Local functions... -@@ -1520,6 +1584,15 @@ main(int argc, /* I - Number of comm - _("Print file accepted - job ID %d."), job_id); - } - -+#if HAVE_DBUS -+ dbus_broadcast_queued_remote (argv[0], -+ ipp_status, -+ atoi (argv[1]), -+ job_id, -+ argv[2], -+ getenv ("PRINTER")); -+#endif /* HAVE_DBUS */ -+ - fprintf(stderr, "DEBUG: job-id=%d\n", job_id); - ippDelete(response); - -diff -up cups-1.5.3/backend/Makefile.eggcups cups-1.5.3/backend/Makefile ---- cups-1.5.3/backend/Makefile.eggcups 2012-04-23 19:42:12.000000000 +0200 -+++ cups-1.5.3/backend/Makefile 2012-05-15 16:48:17.253871982 +0200 -@@ -212,7 +212,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac - - ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a - echo Linking $@... -- $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) -+ $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) - $(RM) http - $(LN) ipp http - -diff -up cups-1.5.3/scheduler/subscriptions.c.eggcups cups-1.5.3/scheduler/subscriptions.c ---- cups-1.5.3/scheduler/subscriptions.c.eggcups 2012-02-12 06:48:09.000000000 +0100 -+++ cups-1.5.3/scheduler/subscriptions.c 2012-05-15 16:48:17.253871982 +0200 -@@ -1314,13 +1314,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, - what = "PrinterAdded"; - else if (event & CUPSD_EVENT_PRINTER_DELETED) - what = "PrinterRemoved"; -- else if (event & CUPSD_EVENT_PRINTER_CHANGED) -- what = "QueueChanged"; - else if (event & CUPSD_EVENT_JOB_CREATED) - what = "JobQueuedLocal"; - else if ((event & CUPSD_EVENT_JOB_STATE) && job && - job->state_value == IPP_JOB_PROCESSING) - what = "JobStartedLocal"; -+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED)) -+ what = "QueueChanged"; - else - return; - -@@ -1356,7 +1356,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, - dbus_message_append_iter_init(message, &iter); - if (dest) - dbus_message_iter_append_string(&iter, dest->name); -- if (job) -+ if (job && strcmp (what, "QueueChanged") != 0) - { - dbus_message_iter_append_uint32(&iter, job->id); - dbus_message_iter_append_string(&iter, job->username); diff --git a/cups/patches/012_cups-driverd-timeout.patch b/cups/patches/012_cups-driverd-timeout.patch deleted file mode 100644 index cb9e5cf..0000000 --- a/cups/patches/012_cups-driverd-timeout.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5.0/scheduler/ipp.c.driverd-timeout cups-1.5.0/scheduler/ipp.c ---- cups-1.5.0/scheduler/ipp.c.driverd-timeout 2011-10-10 17:03:41.801690962 +0100 -+++ cups-1.5.0/scheduler/ipp.c 2011-10-10 17:03:41.861689834 +0100 -@@ -5723,7 +5723,7 @@ copy_model(cupsd_client_t *con, /* I - - close(temppipe[1]); - - /* -- * Wait up to 30 seconds for the PPD file to be copied... -+ * Wait up to 70 seconds for the PPD file to be copied... - */ - - total = 0; -@@ -5743,7 +5743,7 @@ copy_model(cupsd_client_t *con, /* I - - FD_SET(temppipe[0], &input); - FD_SET(CGIPipes[0], &input); - -- timeout.tv_sec = 30; -+ timeout.tv_sec = 70; - timeout.tv_usec = 0; - - if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0) diff --git a/cups/patches/013_cups-strict-ppd-line-length.patch b/cups/patches/013_cups-strict-ppd-line-length.patch deleted file mode 100644 index b2697ec..0000000 --- a/cups/patches/013_cups-strict-ppd-line-length.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up cups-1.5b1/cups/ppd.c.strict-ppd-line-length cups-1.5b1/cups/ppd.c ---- cups-1.5b1/cups/ppd.c.strict-ppd-line-length 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/cups/ppd.c 2011-05-24 15:46:13.000000000 +0200 -@@ -2786,7 +2786,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - *lineptr++ = ch; - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... -@@ -2847,7 +2847,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... -@@ -2906,7 +2906,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... diff --git a/cups/patches/014_cups-logrotate.patch b/cups/patches/014_cups-logrotate.patch deleted file mode 100644 index a6485a9..0000000 --- a/cups/patches/014_cups-logrotate.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up cups-1.5b1/scheduler/log.c.logrotate cups-1.5b1/scheduler/log.c ---- cups-1.5b1/scheduler/log.c.logrotate 2011-05-14 01:04:16.000000000 +0200 -+++ cups-1.5b1/scheduler/log.c 2011-05-24 15:47:20.000000000 +0200 -@@ -32,6 +32,9 @@ - #include "cupsd.h" - #include <stdarg.h> - #include <syslog.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <unistd.h> - - - /* -@@ -71,12 +74,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - return (1); - - /* -- * Format the filename as needed... -+ * Format the filename... - */ - -- if (!*lf || -- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize && -- MaxLogSize > 0)) -+ if (strncmp(logname, "/dev/", 5)) - { - /* - * Handle format strings... -@@ -186,6 +187,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - } - - /* -+ * Has someone else (i.e. logrotate) already rotated the log for us? -+ */ -+ else if (strncmp(filename, "/dev/", 5)) -+ { -+ struct stat st; -+ if (stat(filename, &st) || st.st_size == 0) -+ { -+ /* File is either missing or has zero size. */ -+ -+ cupsFileClose(*lf); -+ if ((*lf = cupsFileOpen(filename, "a")) == NULL) -+ { -+ syslog(LOG_ERR, "Unable to open log file "%s" - %s", filename, -+ strerror(errno)); -+ -+ return (0); -+ } -+ -+ /* -+ * Change ownership and permissions of non-device logs... -+ */ -+ -+ fchown(cupsFileNumber(*lf), RunUser, Group); -+ fchmod(cupsFileNumber(*lf), LogFilePerm); -+ } -+ } -+ -+ /* - * Do we need to rotate the log? - */ - diff --git a/cups/patches/015_cups-usb-paperout.patch b/cups/patches/015_cups-usb-paperout.patch deleted file mode 100644 index f1f73f0..0000000 --- a/cups/patches/015_cups-usb-paperout.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200 -@@ -30,6 +30,11 @@ - - #include <sys/select.h> - -+#ifdef __linux -+#include <sys/ioctl.h> -+#include <linux/lp.h> -+#endif /* __linux */ -+ - - /* - * Local functions... -@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- return (open(uri + 4, O_RDWR | O_EXCL)); -+ fd = open(uri + 4, O_RDWR | O_EXCL); -+ -+ if (fd != -1) -+ { -+ /* -+ * Tell the driver to return from write() with errno==ENOSPACE -+ * on paper-out. -+ */ -+ unsigned int t = 1; -+ ioctl (fd, LPABORT, &t); -+ } -+ -+ return fd; - } - else if (!strncmp(uri, "usb://", 6)) - { -@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev - if (!strcmp(uri, device_uri)) - { - /* -- * Yes, return this file descriptor... -+ * Yes, tell the driver to return from write() with -+ * errno==ENOSPACE on paper-out. -+ */ -+ unsigned int t = 1; -+ ioctl (fd, LPABORT, &t); -+ -+ /* -+ * Return this file descriptor... - */ - - fprintf(stderr, "DEBUG: Printer using device file "%s"...\n", diff --git a/cups/patches/016_cups-res_init.patch b/cups/patches/016_cups-res_init.patch deleted file mode 100644 index 94a81a4..0000000 --- a/cups/patches/016_cups-res_init.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up cups-1.6b1/cups/http-addr.c.res_init cups-1.6b1/cups/http-addr.c ---- cups-1.6b1/cups/http-addr.c.res_init 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/cups/http-addr.c 2012-05-25 15:51:51.323916352 +0200 -@@ -254,7 +254,8 @@ httpAddrLookup( - - if (error) - { -- if (error == EAI_FAIL) -+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || -+ error == EAI_NONAME) - cg->need_res_init = 1; - - return (httpAddrString(addr, name, namelen)); -diff -up cups-1.6b1/cups/http-addrlist.c.res_init cups-1.6b1/cups/http-addrlist.c ---- cups-1.6b1/cups/http-addrlist.c.res_init 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/cups/http-addrlist.c 2012-05-25 16:05:05.930377452 +0200 -@@ -540,7 +540,8 @@ httpAddrGetList(const char *hostname, /* - } - else - { -- if (error == EAI_FAIL) -+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || -+ error == EAI_NONAME) - cg->need_res_init = 1; - - _cupsSetError(IPP_INTERNAL_ERROR, gai_strerror(error), 0); diff --git a/cups/patches/017_cups-filter-debug.patch b/cups/patches/017_cups-filter-debug.patch deleted file mode 100644 index 96c82da..0000000 --- a/cups/patches/017_cups-filter-debug.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200 -@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I - - if (!filters) - { -+ mime_filter_t *current; -+ - cupsdLogJob(job, CUPSD_LOG_ERROR, - "Unable to convert file %d to printable format.", - job->current_file); - -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Required: %s/%s -> %s/%s", -+ job->filetypes[job->current_file]->super, -+ job->filetypes[job->current_file]->type, -+ job->printer->filetype->super, -+ job->printer->filetype->type); -+ -+ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs); -+ current; -+ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs)) -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Available: %s/%s -> %s/%s (%s)", -+ current->src->super, current->src->type, -+ current->dst->super, current->dst->type, -+ current->filter); -+ - abort_message = "Aborting job because it cannot be printed."; - abort_state = IPP_JOB_ABORTED; - diff --git a/cups/patches/018_cups-uri-compat.patch b/cups/patches/018_cups-uri-compat.patch deleted file mode 100644 index 2520a5b..0000000 --- a/cups/patches/018_cups-uri-compat.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200 -@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De - int device_fd; /* USB device */ - ssize_t tbytes; /* Total number of bytes written */ - struct termios opts; /* Parallel port options */ -+ char *fixed_uri = strdup (uri); -+ char *p; - - - (void)argc; - (void)argv; - -+ p = strchr (fixed_uri, ':'); -+ if (p++ != NULL) -+ { -+ char *e; -+ p += strspn (p, "/"); -+ e = strchr (p, '/'); -+ if (e > p) -+ { -+ size_t mfrlen = e - p; -+ e++; -+ if (!strncasecmp (e, p, mfrlen)) -+ { -+ char *x = e + mfrlen; -+ if (!strncmp (x, "%20", 3)) -+ /* Take mfr name out of mdl name for compatibility with -+ * Fedora 11 before bug #507244 was fixed. */ -+ strcpy (e, x + 3); puts(fixed_uri); -+ } -+ } -+ } -+ - /* - * Open the USB port device... - */ -@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ - -- if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9)) - use_bc = 0; - -- if ((device_fd = open_device(uri, &use_bc)) == -1) -+ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1) - { - if (getenv("CLASS") != NULL) - { diff --git a/cups/patches/019_cups-cups-get-classes.patch b/cups/patches/019_cups-cups-get-classes.patch deleted file mode 100644 index b0ffe1c..0000000 --- a/cups/patches/019_cups-cups-get-classes.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -up cups-1.5.0/cups/dest.c.cups-get-classes cups-1.5.0/cups/dest.c ---- cups-1.5.0/cups/dest.c.cups-get-classes 2011-05-20 04:49:49.000000000 +0100 -+++ cups-1.5.0/cups/dest.c 2011-09-14 12:10:05.111635428 +0100 -@@ -534,6 +534,7 @@ _cupsGetDests(http_t *http, /* I - - char uri[1024]; /* printer-uri value */ - int num_options; /* Number of options */ - cups_option_t *options; /* Options */ -+ int get_classes; /* Whether we need to fetch class */ - #ifdef __APPLE__ - char media_default[41]; /* Default paper size */ - #endif /* __APPLE__ */ -@@ -590,6 +591,8 @@ _cupsGetDests(http_t *http, /* I - - * printer-uri [for IPP_GET_PRINTER_ATTRIBUTES] - */ - -+ get_classes = (op == CUPS_GET_PRINTERS); -+ - request = ippNewRequest(op); - - ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, -@@ -647,6 +650,23 @@ _cupsGetDests(http_t *http, /* I - - attr->value_tag != IPP_TAG_URI) - continue; - -+ if (get_classes && -+ -+ /* Is this a class? */ -+ ((attr->value_tag == IPP_TAG_ENUM && -+ !strcmp(attr->name, "printer-type") && -+ (attr->values[0].integer & CUPS_PRINTER_CLASS)) || -+ -+ /* Or, is this an attribute from CUPS 1.2 or later? */ -+ !strcmp(attr->name, "auth-info-required") || -+ !strncmp(attr->name, "marker-", 7) || -+ !strcmp(attr->name, "printer-commands") || -+ !strcmp(attr->name, "printer-is-shared"))) -+ /* We are talking to a recent enough CUPS server that -+ * CUPS_GET_PRINTERS returns classes as well. -+ */ -+ get_classes = 0; -+ - if (!strcmp(attr->name, "auth-info-required") || - !strcmp(attr->name, "device-uri") || - !strcmp(attr->name, "marker-change-time") || -@@ -738,6 +758,28 @@ _cupsGetDests(http_t *http, /* I - - continue; - } - -+ /* -+ * If we sent a CUPS_GET_CLASSES request, check whether -+ * CUPS_GET_PRINTERS already gave us this destination and exit -+ * early if so. -+ */ -+ -+ if (op == CUPS_GET_CLASSES && num_dests > 0) -+ { -+ int diff; -+ cups_find_dest (printer_name, NULL, num_dests, *dests, 0, &diff); -+ if (diff == 0) -+ { -+ /* -+ * Found it. The CUPS server already gave us the classes in -+ * its CUPS_GET_PRINTERS response. -+ */ -+ -+ cupsFreeOptions(num_options, options); -+ break; -+ } -+ } -+ - if ((dest = cups_add_dest(printer_name, NULL, &num_dests, dests)) != NULL) - { - dest->num_options = num_options; -@@ -754,6 +796,15 @@ _cupsGetDests(http_t *http, /* I - - } - - /* -+ * If this is a CUPS_GET_PRINTERS request but we didn't see any -+ * classes we might be talking to an older CUPS server that requires -+ * CUPS_GET_CLASSES as well. -+ */ -+ -+ if (get_classes) -+ num_dests = _cupsGetDests (http, CUPS_GET_CLASSES, name, dests, 0, 0); -+ -+ /* - * Return the count... - */ - diff --git a/cups/patches/020_cups-str3382.patch b/cups/patches/020_cups-str3382.patch deleted file mode 100644 index 2e8736d..0000000 --- a/cups/patches/020_cups-str3382.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -up cups-1.5b1/cups/tempfile.c.str3382 cups-1.5b1/cups/tempfile.c ---- cups-1.5b1/cups/tempfile.c.str3382 2010-03-24 01:45:34.000000000 +0100 -+++ cups-1.5b1/cups/tempfile.c 2011-05-24 16:04:47.000000000 +0200 -@@ -33,6 +33,7 @@ - # include <io.h> - #else - # include <unistd.h> -+# include <sys/types.h> - #endif /* WIN32 || __EMX__ */ - - -@@ -54,7 +55,7 @@ cupsTempFd(char *filename, /* I - Point - char tmppath[1024]; /* Windows temporary directory */ - DWORD curtime; /* Current time */ - #else -- struct timeval curtime; /* Current time */ -+ mode_t old_umask; /* Old umask before using mkstemp() */ - #endif /* WIN32 */ - - -@@ -105,33 +106,25 @@ cupsTempFd(char *filename, /* I - Point - - snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir, - GetCurrentProcessId(), curtime); --#else -- /* -- * Get the current time of day... -- */ -- -- gettimeofday(&curtime, NULL); -- -- /* -- * Format a string using the hex time values... -- */ -- -- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), -- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); --#endif /* WIN32 */ - - /* - * Open the file in "exclusive" mode, making sure that we don't - * stomp on an existing file or someone's symlink crack... - */ - --#ifdef WIN32 - fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, - _S_IREAD | _S_IWRITE); --#elif defined(O_NOFOLLOW) -- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); - #else -- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); -+ -+ /* -+ * Use the standard mkstemp() call to make a temporary filename -+ * securely. -- andrew.wood@jdplc.com -+ */ -+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); -+ -+ old_umask = umask(0077); -+ fd = mkstemp(filename); -+ umask(old_umask); - #endif /* WIN32 */ - - if (fd < 0 && errno != EEXIST) diff --git a/cups/patches/021_cups-0755.patch b/cups/patches/021_cups-0755.patch deleted file mode 100644 index b0df3a0..0000000 --- a/cups/patches/021_cups-0755.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.6b1/Makedefs.in.0755 cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.0755 2012-05-23 01:58:31.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 16:09:40.545463214 +0200 -@@ -40,14 +40,14 @@ SHELL = /bin/sh - # Installation programs... - # - --INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_COMPDATA = $(INSTALL) -c -m 444 @INSTALL_GZIP@ - INSTALL_CONFIG = $(INSTALL) -c -m @CUPS_CONFIG_FILE_PERM@ - INSTALL_DATA = $(INSTALL) -c -m 444 - INSTALL_DIR = $(INSTALL) -d --INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_MAN = $(INSTALL) -c -m 444 --INSTALL_SCRIPT = $(INSTALL) -c -m 555 -+INSTALL_SCRIPT = $(INSTALL) -c -m 755 - - # - # Default user, group, and system groups for the scheduler... diff --git a/cups/patches/022_cups-hp-deviceid-oid.patch b/cups/patches/022_cups-hp-deviceid-oid.patch deleted file mode 100644 index da5136a..0000000 --- a/cups/patches/022_cups-hp-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200 -@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p - static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 }; - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; -+static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, HPDeviceIdOID); - break; - - case DEVICE_DESCRIPTION : diff --git a/cups/patches/023_cups-dnssd-deviceid.patch b/cups/patches/023_cups-dnssd-deviceid.patch deleted file mode 100644 index b3c2b8e..0000000 --- a/cups/patches/023_cups-dnssd-deviceid.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.6b1/backend/dnssd.c.dnssd-deviceid cups-1.6b1/backend/dnssd.c ---- cups-1.6b1/backend/dnssd.c.dnssd-deviceid 2012-05-21 18:05:58.000000000 +0200 -+++ cups-1.6b1/backend/dnssd.c 2012-05-25 16:27:49.226874427 +0200 -@@ -1181,15 +1181,22 @@ query_callback( - if (device->device_id) - free(device->device_id); - -+ if (device_id[0]) -+ { -+ /* Mark this as the real device ID. */ -+ ptr = device_id + strlen(device_id); -+ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;"); -+ } -+ - if (!device_id[0] && strcmp(model, "Unknown")) - { - if (make_and_model[0]) -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, model); - else if (!_cups_strncasecmp(model, "designjet ", 10)) -- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s", model + 10); -+ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model + 10); - else if (!_cups_strncasecmp(model, "stylus ", 7)) -- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s", model + 7); -+ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", model + 7); - else if ((ptr = strchr(model, ' ')) != NULL) - { - /* -@@ -1199,7 +1206,7 @@ query_callback( - memcpy(make_and_model, model, ptr - model); - make_and_model[ptr - model] = '\0'; - -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, ptr + 1); - } - } diff --git a/cups/patches/024_cups-ricoh-deviceid-oid.patch b/cups/patches/024_cups-ricoh-deviceid-oid.patch deleted file mode 100644 index c148f95..0000000 --- a/cups/patches/024_cups-ricoh-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200 -@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = { - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; - static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; -+static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_ID, LexmarkDeviceIdOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, RicohDeviceIdOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, diff --git a/cups/patches/025_cups-systemd-socket.patch b/cups/patches/025_cups-systemd-socket.patch deleted file mode 100644 index 83fabdb..0000000 --- a/cups/patches/025_cups-systemd-socket.patch +++ /dev/null @@ -1,395 +0,0 @@ -diff -up cups-1.6b1/config.h.in.systemd-socket cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.systemd-socket 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-28 11:16:35.657250584 +0200 -@@ -506,6 +506,13 @@ - - - /* -+ * Do we have systemd support? -+ */ -+ -+#undef HAVE_SYSTEMD -+ -+ -+/* - * Various scripting languages... - */ - -diff -up cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket cups-1.6b1/config-scripts/cups-systemd.m4 ---- cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket 2012-05-28 11:16:35.658250577 +0200 -+++ cups-1.6b1/config-scripts/cups-systemd.m4 2012-05-28 11:16:35.658250577 +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl "$Id$" -+dnl -+dnl systemd stuff for CUPS. -+ -+dnl Find whether systemd is available -+ -+SDLIBS="" -+AC_ARG_WITH([systemdsystemunitdir], -+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), -+ [], [with_systemdsystemunitdir=$($PKGCONFIG --variable=systemdsystemunitdir systemd)]) -+if test "x$with_systemdsystemunitdir" != xno; then -+ AC_MSG_CHECKING(for libsystemd-daemon) -+ if $PKGCONFIG --exists libsystemd-daemon; then -+ AC_MSG_RESULT(yes) -+ SDCFLAGS=`$PKGCONFIG --cflags libsystemd-daemon` -+ SDLIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) -+ AC_DEFINE(HAVE_SYSTEMD) -+ else -+ AC_MSG_RESULT(no) -+ fi -+fi -+ -+if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ; then -+ SYSTEMD_UNITS="cups.service cups.socket cups.path" -+else -+ SYSTEMD_UNITS="" -+fi -+ -+AC_SUBST(SYSTEMD_UNITS) -+AC_SUBST(SDLIBS) -+ -+dnl -+dnl "$Id$" -+dnl -diff -up cups-1.6b1/configure.in.systemd-socket cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.systemd-socket 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/configure.in 2012-05-28 11:16:35.658250577 +0200 -@@ -33,6 +33,7 @@ sinclude(config-scripts/cups-pam.m4) - sinclude(config-scripts/cups-largefile.m4) - sinclude(config-scripts/cups-dnssd.m4) - sinclude(config-scripts/cups-launchd.m4) -+sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) - -@@ -66,6 +67,9 @@ AC_OUTPUT(Makedefs - conf/snmp.conf - cups-config - data/testprint -+ data/cups.service -+ data/cups.socket -+ data/cups.path - desktop/cups.desktop - doc/help/ref-cupsd-conf.html - doc/help/standard.html -diff -up cups-1.6b1/cups/usersys.c.systemd-socket cups-1.6b1/cups/usersys.c ---- cups-1.6b1/cups/usersys.c.systemd-socket 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/cups/usersys.c 2012-05-28 11:16:35.659250570 +0200 -@@ -975,7 +975,7 @@ cups_read_client_conf( - struct stat sockinfo; /* Domain socket information */ - - if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && -- (sockinfo.st_mode & S_IRWXO) == S_IRWXO) -+ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH)) - cups_server = CUPS_DEFAULT_DOMAINSOCKET; - else - #endif /* CUPS_DEFAULT_DOMAINSOCKET */ -diff -up cups-1.6b1/data/cups.path.in.systemd-socket cups-1.6b1/data/cups.path.in ---- cups-1.6b1/data/cups.path.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200 -+++ cups-1.6b1/data/cups.path.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=CUPS Printer Service Spool -+ -+[Path] -+PathExistsGlob=@CUPS_REQUESTS@/d* -+ -+[Install] -+WantedBy=multi-user.target -diff -up cups-1.6b1/data/cups.service.in.systemd-socket cups-1.6b1/data/cups.service.in ---- cups-1.6b1/data/cups.service.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200 -+++ cups-1.6b1/data/cups.service.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,10 @@ -+[Unit] -+Description=CUPS Printing Service -+ -+[Service] -+ExecStart=@sbindir@/cupsd -f -+PrivateTmp=true -+ -+[Install] -+Also=cups.socket cups.path -+WantedBy=printer.target -diff -up cups-1.6b1/data/cups.socket.in.systemd-socket cups-1.6b1/data/cups.socket.in ---- cups-1.6b1/data/cups.socket.in.systemd-socket 2012-05-28 11:16:35.660250563 +0200 -+++ cups-1.6b1/data/cups.socket.in 2012-05-28 11:16:35.660250563 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=CUPS Printing Service Sockets -+ -+[Socket] -+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -+ -+[Install] -+WantedBy=sockets.target -diff -up cups-1.6b1/data/Makefile.systemd-socket cups-1.6b1/data/Makefile ---- cups-1.6b1/data/Makefile.systemd-socket 2011-08-27 11:23:01.000000000 +0200 -+++ cups-1.6b1/data/Makefile 2012-05-28 11:16:35.660250563 +0200 -@@ -100,6 +100,12 @@ install-data: - $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ - done - $(INSTALL_DIR) -m 755 $(DATADIR)/profiles -+ if test "x$(SYSTEMD_UNITS)" != "x" ; then \ -+ $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \ -+ for file in $(SYSTEMD_UNITS); do \ -+ $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \ -+ done; \ -+ fi - - - # -@@ -143,6 +149,9 @@ uninstall: - -$(RMDIR) $(DATADIR)/data - -$(RMDIR) $(DATADIR)/banners - -$(RMDIR) $(DATADIR) -+ for file in $(SYSTEMD_UNITS); do \ -+ $(RM) $(SYSTEMDUNITDIR)/$$file; \ -+ done - - - # -diff -up cups-1.6b1/Makedefs.in.systemd-socket cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.systemd-socket 2012-05-28 11:16:35.648250647 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-28 11:16:35.660250563 +0200 -@@ -134,11 +134,13 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ - CXXLIBS = @CXXLIBS@ - DBUS_NOTIFIER = @DBUS_NOTIFIER@ - DBUS_NOTIFIERLIBS = @DBUS_NOTIFIERLIBS@ -+SYSTEMD_UNITS = @SYSTEMD_UNITS@ - DNSSD_BACKEND = @DNSSD_BACKEND@ - DSOFLAGS = -L../cups @DSOFLAGS@ - DSOLIBS = @DSOLIBS@ $(COMMONLIBS) - DNSSDLIBS = @DNSSDLIBS@ - LAUNCHDLIBS = @LAUNCHDLIBS@ -+SDLIBS = @SDLIBS@ - LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \ - -L../scheduler @LDARCHFLAGS@ \ - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) -@@ -229,6 +231,7 @@ PAMFILE = @PAMFILE@ - - DEFAULT_LAUNCHD_CONF = @DEFAULT_LAUNCHD_CONF@ - DBUSDIR = @DBUSDIR@ -+SYSTEMDUNITDIR = $(BUILDROOT)@systemdsystemunitdir@ - - - # -diff -up cups-1.6b1/scheduler/client.h.systemd-socket cups-1.6b1/scheduler/client.h ---- cups-1.6b1/scheduler/client.h.systemd-socket 2012-03-22 21:30:20.000000000 +0100 -+++ cups-1.6b1/scheduler/client.h 2012-05-28 11:16:35.661250556 +0200 -@@ -77,6 +77,9 @@ typedef struct - int fd; /* File descriptor for this server */ - http_addr_t address; /* Bind address of socket */ - http_encryption_t encryption; /* To encrypt or not to encrypt... */ -+#ifdef HAVE_SYSTEMD -+ int is_systemd; /* Is this a systemd socket? */ -+#endif /* HAVE_SYSTEMD */ - } cupsd_listener_t; - - -diff -up cups-1.6b1/scheduler/listen.c.systemd-socket cups-1.6b1/scheduler/listen.c ---- cups-1.6b1/scheduler/listen.c.systemd-socket 2011-04-16 01:38:13.000000000 +0200 -+++ cups-1.6b1/scheduler/listen.c 2012-05-28 11:16:35.661250556 +0200 -@@ -401,7 +401,11 @@ cupsdStopListening(void) - lis; - lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) - { -- if (lis->fd != -1) -+ if (lis->fd != -1 -+#ifdef HAVE_SYSTEMD -+ && !lis->is_systemd -+#endif /* HAVE_SYSTEMD */ -+ ) - { - #ifdef WIN32 - closesocket(lis->fd); -diff -up cups-1.6b1/scheduler/main.c.systemd-socket cups-1.6b1/scheduler/main.c ---- cups-1.6b1/scheduler/main.c.systemd-socket 2012-05-28 11:16:35.612250897 +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-28 12:49:32.698375139 +0200 -@@ -26,6 +26,8 @@ - * launchd_checkin() - Check-in with launchd and collect the listening - * fds. - * launchd_checkout() - Update the launchd KeepAlive file as needed. -+ * systemd_checkin() - Check-in with systemd and collect the -+ * listening fds. - * parent_handler() - Catch USR1/CHLD signals... - * process_children() - Process all dead children... - * select_timeout() - Calculate the select timeout value. -@@ -62,6 +64,10 @@ - # endif /* !LAUNCH_JOBKEY_SERVICEIPC */ - #endif /* HAVE_LAUNCH_H */ - -+#ifdef HAVE_SYSTEMD -+#include <systemd/sd-daemon.h> -+#endif /* HAVE_SYSTEMD */ -+ - #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) - # include <malloc.h> - #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ -@@ -78,6 +84,9 @@ - static void launchd_checkin(void); - static void launchd_checkout(void); - #endif /* HAVE_LAUNCHD */ -+#ifdef HAVE_SYSTEMD -+static void systemd_checkin(void); -+#endif /* HAVE_SYSTEMD */ - static void parent_handler(int sig); - static void process_children(void); - static void sigchld_handler(int sig); -@@ -528,6 +537,13 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file descriptors... -+ */ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -738,6 +754,15 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file -+ * descriptors... -+ */ -+ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -1516,6 +1541,102 @@ launchd_checkout(void) - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+static void -+systemd_checkin(void) -+{ -+ int n, fd; -+ -+ n = sd_listen_fds(0); -+ if (n < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Failed to acquire sockets from systemd - %s", -+ strerror(-n)); -+ exit(EXIT_FAILURE); -+ return; -+ } -+ -+ if (n == 0) -+ return; -+ -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) -+ { -+ http_addr_t addr; -+ socklen_t addrlen = sizeof (addr); -+ int r; -+ cupsd_listener_t *lis; -+ char s[256]; -+ -+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); -+ if (r < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to verify socket type - %s", -+ strerror(-r)); -+ continue; -+ } -+ -+ if (!r) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Socket not of the right type"); -+ continue; -+ } -+ -+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to get local address - %s", -+ strerror(errno)); -+ continue; -+ } -+ -+ /* -+ * Try to match the systemd socket address to one of the listeners... -+ */ -+ -+ for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); -+ lis; -+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) -+ if (httpAddrEqual(&lis->address, &addr)) -+ break; -+ -+ if (lis) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Matched existing listener %s with fd %d...", -+ httpAddrString(&(lis->address), s, sizeof(s)), fd); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Adding new listener %s with fd %d...", -+ httpAddrString(&addr, s, sizeof(s)), fd); -+ -+ if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to allocate listener - " -+ "%s.", strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+ cupsArrayAdd(Listeners, lis); -+ -+ memcpy(&lis->address, &addr, sizeof(lis->address)); -+ } -+ -+ lis->fd = fd; -+ lis->is_systemd = 1; -+ -+# ifdef HAVE_SSL -+ if (_httpAddrPort(&(lis->address)) == 443) -+ lis->encryption = HTTP_ENCRYPT_ALWAYS; -+# endif /* HAVE_SSL */ -+ } -+} -+#endif /* HAVE_SYSTEMD */ - - /* - * 'parent_handler()' - Catch USR1/CHLD signals... -diff -up cups-1.6b1/scheduler/Makefile.systemd-socket cups-1.6b1/scheduler/Makefile ---- cups-1.6b1/scheduler/Makefile.systemd-socket 2012-05-21 19:40:22.000000000 +0200 -+++ cups-1.6b1/scheduler/Makefile 2012-05-28 11:16:35.663250542 +0200 -@@ -371,7 +371,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu - $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \ -- $(LIBGSSAPI) $(LIBWRAP) -+ $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS) - - cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) - echo Linking $@... -@@ -379,7 +379,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \ - $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ -- $(LIBWRAP) -+ $(LIBWRAP) $(SDLIBS) - - tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c - diff --git a/cups/patches/026_cups-lspp.patch b/cups/patches/026_cups-lspp.patch deleted file mode 100644 index d81ef06..0000000 --- a/cups/patches/026_cups-lspp.patch +++ /dev/null @@ -1,1999 +0,0 @@ -diff -up cups-1.6b1/config.h.in.lspp cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-25 17:03:16.889043298 +0200 -@@ -768,6 +768,13 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ - -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ - - /* -diff -up cups-1.6b1/config-scripts/cups-lspp.m4.lspp cups-1.6b1/config-scripts/cups-lspp.m4 ---- cups-1.6b1/config-scripts/cups-lspp.m4.lspp 2012-05-25 17:01:32.852768495 +0200 -+++ cups-1.6b1/config-scripts/cups-lspp.m4 2012-05-25 17:01:32.853768488 +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl LSPP code for the Common UNIX Printing System (CUPS). -+dnl -+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P. -+dnl -+dnl This program is free software; you can redistribute it and/or modify -+dnl it under the terms of the GNU General Public License as published by -+dnl the Free Software Foundation; version 2. -+dnl -+dnl This program is distributed in the hope that it will be useful, but -+dnl WITHOUT ANY WARRANTY; without even the implied warranty of -+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+dnl General Public License for more details. -+dnl -+dnl You should have received a copy of the GNU General Public License -+dnl along with this program; if not, write to the Free Software Foundation, -+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA -+dnl -+ -+dnl Are we trying to meet LSPP requirements -+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) -+ -+if test x"$enable_lspp" != xno; then -+ case "$uname" in -+ Linux) -+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) -+ AC_CHECK_HEADER(libaudit.h) -+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)]) -+ AC_CHECK_HEADER(selinux/selinux.h) -+ AC_DEFINE(WITH_LSPP) -+ ;; -+ *) -+ # All others -+ ;; -+ esac -+fi -diff -up cups-1.6b1/configure.in.lspp cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/configure.in 2012-05-25 17:04:03.994714943 +0200 -@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) - -+sinclude(config-scripts/cups-lspp.m4) -+ - INSTALL_LANGUAGES="" - UNINSTALL_LANGUAGES="" - LANGFILES="" -diff -up cups-1.6b1/filter/common.c.lspp cups-1.6b1/filter/common.c ---- cups-1.6b1/filter/common.c.lspp 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.6b1/filter/common.c 2012-05-25 17:01:32.854768481 +0200 -@@ -30,6 +30,12 @@ - * Include necessary headers... - */ - -+#include "config.h" -+#ifdef WITH_LSPP -+#define _GNU_SOURCE -+#include <string.h> -+#endif /* WITH_LSPP */ -+ - #include "common.h" - #include <locale.h> - -@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label, /* I - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label, /* I - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\') -+ putchar('\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label, /* I - printf(" %.0f moveto ESPpl show\n", top - 14.0); - puts("pop"); - puts("}bind put"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-1.6b1/filter/pstops.c.lspp cups-1.6b1/filter/pstops.c ---- cups-1.6b1/filter/pstops.c.lspp 2012-04-23 21:19:19.000000000 +0200 -+++ cups-1.6b1/filter/pstops.c 2012-05-25 17:01:32.855768474 +0200 -@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t *doc, /* - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t *doc, /* - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\') -+ putchar('\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t *doc, /* - doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); - doc_puts(doc, "pop\n"); - doc_puts(doc, "}bind put\n"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-1.6b1/Makedefs.in.lspp cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 17:07:57.325088484 +0200 -@@ -146,7 +146,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) - LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ) - LINKCUPSIMAGE = @LINKCUPSIMAGE@ --LIBS = $(LINKCUPS) $(COMMONLIBS) -+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - OPTIM = @OPTIM@ - OPTIONS = - PAMLIBS = @PAMLIBS@ -diff -up cups-1.6b1/scheduler/client.c.lspp cups-1.6b1/scheduler/client.c ---- cups-1.6b1/scheduler/client.c.lspp 2012-05-08 00:41:30.000000000 +0200 -+++ cups-1.6b1/scheduler/client.c 2012-05-25 17:13:38.947707163 +0200 -@@ -41,6 +41,7 @@ - * valid_host() - Is the Host: field valid? - * write_file() - Send a file via HTTP. - * write_pipe() - Flag that data is available on the CGI pipe. -+ * client_pid_to_auid() - Get the audit login uid of the client. - */ - - /* -@@ -49,10 +50,16 @@ - - #include "cupsd.h" - -+#define _GNU_SOURCE - #ifdef HAVE_TCPD_H - # include <tcpd.h> - #endif /* HAVE_TCPD_H */ - -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <fcntl.h> -+#endif /* WITH_LSPP */ - - /* - * Local globals... -@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - #endif /* HAVE_TCPD_H */ - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ struct ucred cr; -+ unsigned int cl=sizeof(cr); -+ -+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) -+ { -+ /* -+ * client_pid_to_auid() can be racey -+ * In this case the pid is based on a socket connected to the client -+ */ -+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: " -+ "unable to determine client auid for client pid=%d", cr.pid); -+ free(con); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d", -+ cr.pid, cr.uid, cr.gid, con->auid); -+ } -+ else -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed"); -+ free(con); -+ return; -+ } -+ -+ /* -+ * get the context of the peer connection -+ */ -+ if (getpeercon(con->http.fd, &con->scon)) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed"); -+ free(con); -+ return; -+ } -+ -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()"); -+ cupsdSetString(&con->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - #ifdef AF_LOCAL - if (con->http.hostaddr->addr.sa_family == AF_LOCAL) - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)", -@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t *con) /* - mime_type_t *type; /* MIME type of file */ - cupsd_printer_t *p; /* Printer */ - static unsigned request_id = 0; /* Request ID for temp files */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job file */ -+ context_t clicon; /* contex_t container for con->scon */ -+ context_t tmpcon; /* temp context to swap the level */ -+ char *clirange; /* SELinux sensitivity range */ -+ char *cliclearance; /* SELinux low end clearance */ -+#endif /* WITH_LSPP */ - - - status = HTTP_CONTINUE; -@@ -2126,6 +2191,67 @@ cupsdReadClient(cupsd_client_t *con) /* - fchmod(con->file, 0640); - fchown(con->file, RunUser, Group); - fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); -+#ifdef WITH_LSPP -+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(con->filename, &spoolcon) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ return (cupsdCloseClient(con)); -+ } -+ clicon = context_new(con->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!clicon || !tmpcon) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ if (clicon) -+ context_free(clicon); -+ if (tmpcon) -+ context_free(tmpcon); -+ return (cupsdCloseClient(con)); -+ } -+ clirange = context_range_get(clicon); -+ if (clirange) -+ { -+ clirange = strdup(clirange); -+ if ((cliclearance = strtok(clirange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, cliclearance) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ free(clirange); -+ } -+ if (setfilecon(con->filename, context_str(tmpcon)) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s", -+ con->filename, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(clicon); -+ } -+#endif /* WITH_LSPP */ - } - - if (con->http.state != HTTP_POST_SEND) -@@ -3581,6 +3707,49 @@ is_path_absolute(const char *path) /* I - return (1); - } - -+#ifdef WITH_LSPP -+/* -+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid. -+ */ -+ -+uid_t client_pid_to_auid(pid_t clipid) -+{ -+ uid_t uid; -+ int len, in; -+ char buf[16] = {0}; -+ char fname[32] = {0}; -+ -+ -+ /* -+ * Hopefully this pid is still the one we are interested in. -+ */ -+ snprintf(fname, 32, "/proc/%d/loginuid", clipid); -+ in = open(fname, O_NOFOLLOW|O_RDONLY); -+ -+ if (in < 0) -+ return -1; -+ -+ errno = 0; -+ -+ do { -+ len = read(in, buf, sizeof(buf)); -+ } while (len < 0 && errno == EINTR); -+ -+ close(in); -+ -+ if (len < 0 || len >= sizeof(buf)) -+ return -1; -+ -+ errno = 0; -+ buf[len] = 0; -+ uid = strtol(buf, 0, 10); -+ -+ if (errno != 0) -+ return -1; -+ else -+ return uid; -+} -+#endif /* WITH_LSPP */ - - /* - * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-1.6b1/scheduler/client.h.lspp cups-1.6b1/scheduler/client.h ---- cups-1.6b1/scheduler/client.h.lspp 2012-05-25 17:01:32.847768530 +0200 -+++ cups-1.6b1/scheduler/client.h 2012-05-25 17:14:12.963470050 +0200 -@@ -18,6 +18,13 @@ - #endif /* HAVE_AUTHORIZATION_H */ - - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#endif /* WITH_LSPP */ -+ - /* - * HTTP client structure... - */ -@@ -63,6 +70,10 @@ struct cupsd_client_s - #ifdef HAVE_AUTHORIZATION_H - AuthorizationRef authref; /* Authorization ref */ - #endif /* HAVE_AUTHORIZATION_H */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of connection */ -+ uid_t auid; /* Audit loginuid of the client */ -+#endif /* WITH_LSPP */ - }; - - #define HTTP(con) &((con)->http) -@@ -135,6 +146,9 @@ extern void cupsdStartListening(void); - extern void cupsdStopListening(void); - extern void cupsdUpdateCGI(void); - extern void cupsdWriteClient(cupsd_client_t *con); -+#ifdef WITH_LSPP -+extern uid_t client_pid_to_auid(pid_t clipid); -+#endif /* WITH_LSPP */ - - #ifdef HAVE_SSL - extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-1.6b1/scheduler/conf.c.lspp cups-1.6b1/scheduler/conf.c ---- cups-1.6b1/scheduler/conf.c.lspp 2012-05-25 17:01:32.778769011 +0200 -+++ cups-1.6b1/scheduler/conf.c 2012-05-25 17:01:32.860768439 +0200 -@@ -32,6 +32,7 @@ - * read_location() - Read a <Location path> definition. - * read_policy() - Read a <Policy name> definition. - * set_policy_defaults() - Set default policy values as needed. -+ * is_lspp_config() - Is the system configured for LSPP - */ - - /* -@@ -57,6 +58,9 @@ - # define INADDR_NONE 0xffffffff - #endif /* !INADDR_NONE */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+#endif /* WITH_LSPP */ - - /* - * Configuration variable structure... -@@ -164,6 +168,10 @@ static const cupsd_var_t variables[] = - # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS) - { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, - # endif /* HAVE_LIBSSL || HAVE_GNUTLS */ -+#ifdef WITH_LSPP -+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, -+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, -+#endif /* WITH_LSPP */ - #endif /* HAVE_SSL */ - { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, - { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, -@@ -537,6 +545,9 @@ cupsdReadConfiguration(void) - const char *tmpdir; /* TMPDIR environment variable */ - struct stat tmpinfo; /* Temporary directory info */ - cupsd_policy_t *p; /* Policy */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+#endif /* WITH_LSPP */ - - - /* -@@ -801,6 +812,25 @@ cupsdReadConfiguration(void) - - RunUser = getuid(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ /* -+ * ClassifyOverride is set during read_configuration, if its ON, report it now -+ */ -+ if (ClassifyOverride) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] ClassifyOverride=enabled Users can override print banners", -+ ServerName, NULL, NULL, 1); -+ /* -+ * PerPageLabel is set during read_configuration, if its OFF, report it now -+ */ -+ if (!PerPageLabels) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1); -+ } -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", - RemotePort ? "enabled" : "disabled"); - -@@ -1185,7 +1215,19 @@ cupsdReadConfiguration(void) - cupsdClearString(&Classification); - - if (Classification) -+ { - cupsdLogMessage(CUPSD_LOG_INFO, "Security set to "%s"", Classification); -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ -+ } - - /* - * Check the MaxClients setting, and then allocate memory for it... -@@ -3423,6 +3465,18 @@ read_location(cups_file_t *fp, /* I - C - return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); - } - -+#ifdef WITH_LSPP -+int is_lspp_config() -+{ -+ if (Classification != NULL) -+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0)); -+ else -+ return 0; -+} -+#endif /* WITH_LSPP */ -+ - - /* - * 'read_policy()' - Read a <Policy name> definition. -diff -up cups-1.6b1/scheduler/conf.h.lspp cups-1.6b1/scheduler/conf.h ---- cups-1.6b1/scheduler/conf.h.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/scheduler/conf.h 2012-05-25 17:16:20.522580884 +0200 -@@ -247,6 +247,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO - /* SSL/TLS options */ - #endif /* HAVE_SSL */ - -+#ifdef WITH_LSPP -+VAR int AuditLog VALUE(-1), -+ /* File descriptor for audit */ -+ PerPageLabels VALUE(TRUE); -+ /* Put the label on each page */ -+#endif /* WITH_LSPP */ -+ - #ifdef HAVE_LAUNCHD - VAR int LaunchdTimeout VALUE(10); - /* Time after which an idle cupsd will exit */ -@@ -265,6 +272,9 @@ int HaveServerCreds VALUE(0); - gss_cred_id_t ServerCreds; /* Server's GSS credentials */ - #endif /* HAVE_GSSAPI */ - -+#ifdef WITH_LSPP -+extern int is_lspp_config(void); -+#endif /* WITH_LSPP */ - - /* - * Prototypes... -diff -up cups-1.6b1/scheduler/cupsd.h.lspp cups-1.6b1/scheduler/cupsd.h ---- cups-1.6b1/scheduler/cupsd.h.lspp 2012-05-21 19:40:22.000000000 +0200 -+++ cups-1.6b1/scheduler/cupsd.h 2012-05-25 17:01:32.861768432 +0200 -@@ -13,6 +13,8 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ - - /* - * Include necessary headers. -@@ -37,13 +39,20 @@ - # include <unistd.h> - #endif /* WIN32 */ - -+#include "config.h" -+#ifdef WITH_LSPP -+# define MLS_CONFIG "mls" -+# define TE_CONFIG "te" -+# define SELINUX_CONFIG "SELinux" -+# define UNKNOWN_SL "UNKNOWN SL" -+#endif /* WITH_LSPP */ -+ - #include "mime.h" - - #if defined(HAVE_CDSASSL) - # include <CoreFoundation/CoreFoundation.h> - #endif /* HAVE_CDSASSL */ - -- - /* - * Some OS's don't have hstrerror(), most notably Solaris... - */ -diff -up cups-1.6b1/scheduler/ipp.c.lspp cups-1.6b1/scheduler/ipp.c ---- cups-1.6b1/scheduler/ipp.c.lspp 2012-05-25 17:01:32.810768787 +0200 -+++ cups-1.6b1/scheduler/ipp.c 2012-05-25 17:18:06.620841313 +0200 -@@ -35,6 +35,7 @@ - * cancel_all_jobs() - Cancel all or selected print jobs. - * cancel_job() - Cancel a print job. - * cancel_subscription() - Cancel a subscription. -+ * check_context() - Check the SELinux context for a user and job - * check_rss_recipient() - Check that we do not have a duplicate RSS - * feed URI. - * check_quotas() - Check quotas for a printer and user. -@@ -99,6 +100,9 @@ - * validate_user() - Validate the user for the request. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu - # endif /* HAVE_MEMBERSHIPPRIV_H */ - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include <libaudit.h> -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <selinux/avc.h> -+#include <selinux/flask.h> -+#include <selinux/av_permissions.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client - static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void cancel_subscription(cupsd_client_t *con, int id); - static int check_rss_recipient(const char *recipient); -+#ifdef WITH_LSPP -+static int check_context(cupsd_client_t *con, cupsd_job_t *job); -+#endif /* WITH_LSPP */ - static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); - static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1285,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl - ipp_attribute_t *media_col, /* media-col attribute */ - *media_margin; /* media-*-margin attribute */ - ipp_t *unsup_col; /* media-col in unsupported response */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* device file pointed to by the printer */ -+ char *userheader = NULL; /* User supplied job-sheets[0] */ -+ char *userfooter = NULL; /* User supplied job-sheets[1] */ -+ int override = 0; /* Was a banner overrode on a job */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1542,6 +1572,106 @@ add_job(cupsd_client_t *con, /* I - Cl - ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, - "Untitled"); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection '%s'!", printer->name); -+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes.")); -+ return (NULL); -+ } -+ -+ /* -+ * Perform an access check so that if the user gets feedback at enqueue time -+ */ -+ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s", -+ printerfile); -+ -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")); -+ return (NULL); -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file")); -+ return (NULL); -+ } -+ static avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client")); -+ return (NULL); -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer")); -+ return (NULL); -+ } -+ printercon = context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s", -+ context_str(printercon), con->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer")); -+ freecon(devcon); -+ return (NULL); -+ } -+ freecon(devcon); -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused" -+ " unable to access printer=%s", con->auid, -+ con->username, con->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer")); -+ return (NULL); -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - if ((job = cupsdAddJob(priority, printer->name)) == NULL) - { - send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1550,6 +1680,32 @@ add_job(cupsd_client_t *con, /* I - Cl - return (NULL); - } - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * duplicate the security context and auid of the connection into the job structure -+ */ -+ job->scon = strdup(con->scon); -+ job->auid = con->auid; -+ -+ /* -+ * add the security context to the request so that on a restart the security -+ * attributes will be able to be restored -+ */ -+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", -+ NULL, job->scon); -+ } -+ else -+ { -+ /* -+ * Fill in the security context of the job as unlabeled -+ */ -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL); -+ cupsdSetString(&job->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); - job->attrs = con->request; - job->dirty = 1; -@@ -1759,6 +1915,29 @@ add_job(cupsd_client_t *con, /* I - Cl - attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]); - attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ else -+ { -+ /* -+ * The option was present, so capture the user supplied strings -+ */ -+ userheader = strdup(attr->values[0].string.text); -+ -+ if (attr->num_values > 1) -+ userfooter = strdup(attr->values[1].string.text); -+ -+ if (Classification != NULL && (strcmp(userheader, Classification) == 0) -+ && userfooter &&(strcmp(userfooter, Classification) == 0)) -+ { -+ /* -+ * Since both values are Classification, the user is not trying to Override -+ */ -+ free(userheader); -+ if (userfooter) free(userfooter); -+ userheader = userfooter = NULL; -+ } -+ } -+#endif /* WITH_LSPP */ - - job->job_sheets = attr; - -@@ -1789,6 +1968,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets="%s,none", " - "job-originating-user-name="%s"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (attr->num_values == 2 && - strcmp(attr->values[0].string.text, -@@ -1807,6 +1989,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name="%s"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (strcmp(attr->values[0].string.text, Classification) && - strcmp(attr->values[0].string.text, "none") && -@@ -1827,6 +2012,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name="%s"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - } - else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1867,8 +2055,52 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets="%s", " - "job-originating-user-name="%s"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ -+ } -+#ifdef WITH_LSPP -+ if (is_lspp_config() && AuditLog != -1) -+ { -+ audit_message = NULL; -+ -+ if (userheader || userfooter) -+ { -+ if (!override) -+ { -+ /* -+ * The user overrode the banner, so audit it -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " using banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 1); -+ } -+ else -+ { -+ /* -+ * The user tried to override the banner, audit the failure -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " ignored banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 0); -+ } -+ cupsdClearString(&audit_message); -+ } - } -+ -+ if (userheader) -+ free(userheader); -+ if (userfooter) -+ free(userfooter); -+#endif /* WITH_LSPP */ - } -+ - - /* - * See if we need to add the starting sheet... -@@ -3615,6 +3847,111 @@ check_rss_recipient( - } - - -+#ifdef WITH_LSPP -+/* -+ * 'check_context()' - Check SELinux security context of a user and job -+ */ -+ -+static int /* O - 1 if OK, 0 if not, -1 on error */ -+check_context(cupsd_client_t *con, /* I - Client connection */ -+ cupsd_job_t *job) /* I - Job */ -+{ -+ int enforcing; /* is SELinux in enforcing mode */ -+ char filename[1024]; /* Filename of the spool file */ -+ security_id_t clisid; /* SELinux SID of the client */ -+ security_id_t jobsid; /* SELinux SID of the job */ -+ security_id_t filesid; /* SELinux SID of the spool file */ -+ struct avc_entry_ref avcref; /* AVC entry cache pointer */ -+ security_class_t tclass; /* SELinux security class */ -+ access_vector_t avr; /* SELinux access being queried */ -+ security_context_t spoolfilecon; /* SELinux context of the spool file */ -+ -+ -+ /* -+ * Validate the input to be sure there are contexts to work with... -+ */ -+ -+ if (con->scon == NULL || job->scon == NULL -+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0 -+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ return -1; -+ -+ if ((enforcing = security_getenforce()) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement"); -+ return -1; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon); -+ -+ -+ /* -+ * Initialize the avc engine... -+ */ -+ -+ static avc_initialized = 0; -+ if (! avc_initialized++) -+ { -+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init"); -+ return -1; -+ } -+ } -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon); -+ return -1; -+ } -+ if (avc_context_to_sid(job->scon, &jobsid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon); -+ return -1; -+ } -+ avc_entry_ref_init(&avcref); -+ tclass = SECCLASS_FILE; -+ avr = FILE__READ; -+ -+ /* -+ * Perform the check with the client as the subject, first with the job as the object -+ * if that fails then with the spool file as the object... -+ */ -+ -+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context"); -+ -+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); -+ if (getfilecon(filename, &spoolfilecon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context"); -+ return -1; -+ } -+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file"); -+ freecon(spoolfilecon); -+ return -1; -+ } -+ freecon(spoolfilecon); -+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file"); -+ return 0; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file"); -+ return 1; -+ } -+ else -+ if (enforcing == 0) -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode"); -+ else -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context"); -+ -+ return 1; -+} -+#endif /* WITH_LSPP */ -+ -+ - /* - * 'check_quotas()' - Check quotas for a printer and user. - */ -@@ -4067,6 +4404,15 @@ copy_banner(cupsd_client_t *con, /* I - - char attrname[255], /* Name of attribute */ - *s; /* Pointer into name */ - ipp_attribute_t *attr; /* Attribute */ -+#ifdef WITH_LSPP -+ const char *mls_label; /* SL of print job */ -+ char *jobrange; /* SELinux sensitivity range */ -+ char *jobclearance; /* SELinux low end clearance */ -+ context_t jobcon; /* SELinux context of the job */ -+ context_t tmpcon; /* Temp context to set the level */ -+ security_context_t spoolcon; /* Context of the file in the spool */ -+#endif /* WITH_LSPP */ -+ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4102,6 +4448,82 @@ copy_banner(cupsd_client_t *con, /* I - - - fchmod(cupsFileNumber(out), 0640); - fchown(cupsFileNumber(out), RunUser, Group); -+#ifdef WITH_LSPP -+ if (job->scon != NULL && -+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the context of the banner file %s - %s", -+ filename, strerror(errno)); -+ job->num_files --; -+ return (0); -+ } -+ tmpcon = context_new(spoolcon); -+ jobcon = context_new(job->scon); -+ freecon(spoolcon); -+ if (!tmpcon || !jobcon) -+ { -+ if (tmpcon) -+ context_free(tmpcon); -+ if (jobcon) -+ context_free(jobcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the SELinux contexts"); -+ job->num_files --; -+ return (0); -+ } -+ jobrange = context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ free(jobrange); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the context of the banner file %s - %s", -+ filename, strerror(errno)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", -+ filename, context_str(tmpcon)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ } -+#endif /* WITH_LSPP */ - - /* - * Try the localized banner file under the subdirectory... -@@ -4196,6 +4618,24 @@ copy_banner(cupsd_client_t *con, /* I - - else - s = attrname; - -+#ifdef WITH_LSPP -+ if (strcmp(s, "mls-label") == 0) -+ { -+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ jobcon = context_new(job->scon); -+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else // default to using the whole context string -+ mls_label = context_str(jobcon); -+ cupsFilePuts(out, mls_label); -+ context_free(jobcon); -+ } -+ continue; -+ } -+#endif /* WITH_LSPP */ - if (!strcmp(s, "printer-name")) - { - cupsFilePuts(out, job->dest); -@@ -6273,6 +6713,22 @@ get_job_attrs(cupsd_client_t *con, /* I - - exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); - -+ -+#ifdef WITH_LSPP -+ /* -+ * Check SELinux... -+ */ -+ if (is_lspp_config() && check_context(con, job) != 1) -+ { -+ /* -+ * Unfortunately we have to lie to the user... -+ */ -+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid); -+ return; -+ } -+#endif /* WITH_LSPP */ -+ -+ - /* - * Copy attributes... - */ -@@ -6626,6 +7082,11 @@ get_jobs(cupsd_client_t *con, /* I - C - if (username[0] && _cups_strcasecmp(username, job->username)) - continue; - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ continue; -+#endif /* WITH_LSPP */ -+ - if (count > 0) - ippAddSeparator(con->response); - -@@ -11106,6 +11567,11 @@ validate_user(cupsd_job_t *job, /* I - - strlcpy(username, get_username(con), userlen); - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ return 0; -+#endif /* WITH_LSPP */ -+ - /* - * Check the username against the owner... - */ -diff -up cups-1.6b1/scheduler/job.c.lspp cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.lspp 2012-05-25 17:01:32.824768691 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 17:22:50.856860012 +0200 -@@ -68,6 +68,9 @@ - * update_job_attrs() - Update the job-printer-* attributes. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -83,6 +86,14 @@ - # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include <libaudit.h> -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <selinux/avc.h> -+#include <selinux/flask.h> -+#include <selinux/av_permissions.h> -+#endif /* WITH_LSPP */ - - /* - * Design Notes for Job Management -@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - /* PRINTER_STATE_REASONS env var */ - rip_max_cache[255]; - /* RIP_MAX_CACHE env variable */ -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ context_t jobcon; /* SELinux context of the job */ -+ char *label_template = NULL; /* SL to put in classification -+ env var */ -+ const char *mls_label = NULL; /* SL to put in classification -+ env var */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1071,6 +1090,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - } - } - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s", -+ job->id, job->auid, job->username, job->printer->name, title); -+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ } -+ else -+ { -+ jobcon = context_new(job->scon); -+ -+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL) -+ label_template = strdup(Classification); -+ else if (attr->num_values > 1 && -+ strcmp(attr->values[1].string.text, "none") != 0) -+ label_template = strdup(attr->values[1].string.text); -+ else -+ label_template = strdup(attr->values[0].string.text); -+ -+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0) -+ mls_label = context_str(jobcon); -+ else -+ mls_label = label_template; -+ -+ if (mls_label && (PerPageLabels || banner_page)) -+ { -+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label); -+ envp[envc ++] = classification; -+ } -+ -+ if ((AuditLog != -1) && !banner_page) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s" -+ " obj=%s label=%s", job->id, job->auid, job->username, -+ job->printer->name, title, job->scon, mls_label?mls_label:"none"); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ context_free(jobcon); -+ free(label_template); -+ } -+ } -+ else -+ /* -+ * Fall through to the non-LSPP behavior -+ */ -+#endif /* WITH_LSPP */ - if (Classification && !banner_page) - { - if ((attr = ippFindAttribute(job->attrs, "job-sheets", -@@ -1845,6 +1925,20 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J - ippSetString(job->attrs, &job->reasons, 0, "none"); - } - -+#ifdef WITH_LSPP -+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL) -+ cupsdSetString(&job->scon, attr->values[0].string.text); -+ else if (is_lspp_config()) -+ { -+ /* -+ * There was no security context so delete the job -+ */ -+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file "%s"!", -+ jobfile); -+ goto error; -+ } -+#endif /* WITH_LSPP */ -+ - job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", - IPP_TAG_INTEGER); - job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2235,6 +2329,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - { - char filename[1024]; /* Job control filename */ - cups_file_t *fp; /* Job file */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job control file */ -+ context_t jobcon; /* contex_t container for job->scon */ -+ context_t tmpcon; /* Temp context to swap the level */ -+ char *jobclearance; /* SELinux low end clearance */ -+ const char *jobrange; /* SELinux sensitivity range */ -+ char *jobrange_copy; /* SELinux sensitivity range */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2247,6 +2349,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - - fchown(cupsFileNumber(fp), RunUser, Group); - -+#ifdef WITH_LSPP -+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to get context of job control file "%s" - %s.", -+ filename, strerror(errno)); -+ return; -+ } -+ jobcon = context_new(job->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!jobcon || !tmpcon) -+ { -+ if (jobcon) -+ context_free(jobcon); -+ if (tmpcon) -+ context_free(tmpcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); -+ return; -+ } -+ jobrange = context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange_copy = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file "%s" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file "%s" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ free(jobrange_copy); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set context of job control file "%s" - %s.", -+ filename, strerror(errno)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s", -+ job, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ } -+#endif /* WITH_LSPP */ -+ - job->attrs->state = IPP_IDLE; - - if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3735,6 +3907,18 @@ get_options(cupsd_job_t *job, /* I - Jo - banner_page) - continue; - -+#ifdef WITH_LSPP -+ /* -+ * In LSPP mode refuse to honor the page-label -+ */ -+ if (is_lspp_config() && -+ !strcmp(attr->name, "page-label")) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode"); -+ continue; -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Otherwise add them to the list... - */ -@@ -4457,6 +4641,19 @@ static void - start_job(cupsd_job_t *job, /* I - Job ID */ - cupsd_printer_t *printer) /* I - Printer to print job */ - { -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ char *printerfile = NULL; /* Device file pointed to by the printer */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))", - job, job->id, printer, printer->name); - -@@ -4599,6 +4796,108 @@ start_job(cupsd_job_t *job, /* I - - fcntl(job->side_pipes[1], F_SETFD, - fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * Perform an access check before printing, but only if the printer starts with /dev/ -+ */ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "StartJob: Attempting to check access on printer device %s", printerfile); -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Printer is not a character device or regular file"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ static avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(job->scon, &clisid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for the job"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s", -+ printerfile); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ printercon = context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s", -+ context_str(printercon), job->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for the printer"); -+ freecon(devcon); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ freecon(devcon); -+ -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled" -+ " unable to access printer=%s", job->id, -+ job->auid, (job->username)?job->username:"?", job->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ -+ return ; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Now start the first file in the job... - */ -diff -up cups-1.6b1/scheduler/job.h.lspp cups-1.6b1/scheduler/job.h ---- cups-1.6b1/scheduler/job.h.lspp 2012-05-23 03:36:50.000000000 +0200 -+++ cups-1.6b1/scheduler/job.h 2012-05-25 17:23:41.802504888 +0200 -@@ -13,6 +13,13 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#endif /* WITH_LSPP */ -+ - /* - * Constants... - */ -@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request * - int progress; /* Printing progress */ - int num_keywords; /* Number of PPD keywords */ - cups_option_t *keywords; /* PPD keywords */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of job */ -+ uid_t auid; /* Audit loginuid for this job */ -+#endif /* WITH_LSPP */ - }; - - typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-1.6b1/scheduler/main.c.lspp cups-1.6b1/scheduler/main.c ---- cups-1.6b1/scheduler/main.c.lspp 2012-05-25 17:01:32.849768516 +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-25 17:01:32.868768383 +0200 -@@ -38,6 +38,8 @@ - * usage() - Show scheduler usage. - */ - -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -75,6 +77,9 @@ - # include <notify.h> - #endif /* HAVE_NOTIFY_H */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -138,6 +143,9 @@ main(int argc, /* I - Number of comm - #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) - struct sigaction action; /* Actions for POSIX signals */ - #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ -+#if WITH_LSPP -+ auditfail_t failmode; /* Action for audit_open failure */ -+#endif /* WITH_LSPP */ - #ifdef __sgi - cups_file_t *fp; /* Fake lpsched lock file */ - struct stat statbuf; /* Needed for checking lpsched FIFO */ -@@ -463,6 +471,25 @@ main(int argc, /* I - Number of comm - #endif /* DEBUG */ - } - -+#ifdef WITH_LSPP -+ if ((AuditLog = audit_open()) < 0 ) -+ { -+ if (get_auditfail_action(&failmode) == 0) -+ { -+ if (failmode == FAIL_LOG) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem."); -+ AuditLog = -1; -+ } -+ else if (failmode == FAIL_TERMINATE) -+ { -+ fprintf(stderr, "cupsd: unable to start auditing, terminating"); -+ return -1; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Set the timezone info... - */ -@@ -1180,6 +1207,11 @@ main(int argc, /* I - Number of comm - - cupsdStopSelect(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ audit_close(AuditLog); -+#endif /* WITH_LSPP */ -+ - return (!stop_scheduler); - } - -diff -up cups-1.6b1/scheduler/printers.c.lspp cups-1.6b1/scheduler/printers.c ---- cups-1.6b1/scheduler/printers.c.lspp 2012-05-25 17:01:32.786768955 +0200 -+++ cups-1.6b1/scheduler/printers.c 2012-05-25 17:24:11.144300359 +0200 -@@ -56,6 +56,8 @@ - * write_xml_string() - Write a string with XML escaping. - */ - -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -80,6 +82,10 @@ - # include <asl.h> - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+# include <selinux/context.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -2101,6 +2107,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - "username", - "password" - }; -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* Path to a local printer dev */ -+ char *rangestr; /* Printer's range if its available */ -+ security_context_t devcon; /* Printer SELinux context */ -+ context_t printercon; /* context_t for the printer */ -+#endif /* WITH_LSPP */ - - - DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, -@@ -2234,6 +2247,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - attr->values[1].string.text = _cupsStrAlloc(Classification ? - Classification : p->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ rangestr = NULL; -+ printercon = 0; -+ printerfile = strstr(p->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0)) -+ printerfile = p->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ if(is_selinux_enabled()) -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context"); -+ } -+ else -+ { -+ printercon = context_new(devcon); -+ freecon(devcon); -+ } -+ } -+ -+ if (printercon && context_range_get(printercon)) -+ rangestr = strdup(context_range_get(printercon)); -+ else -+ rangestr = strdup("unknown"); -+ -+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s", -+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ if (printercon) -+ context_free(printercon); -+ free(rangestr); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ - } - - p->raw = 0; -@@ -5320,7 +5372,6 @@ write_irix_state(cupsd_printer_t *p) /* - } - #endif /* __sgi */ - -- - /* - * 'write_xml_string()' - Write a string with XML escaping. - */