This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via d9157db9289ad3fdc86d5239163a25244161c597 (commit) from 58e0cdc69440670791bf7fec4fe9eaf17d80e390 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit d9157db9289ad3fdc86d5239163a25244161c597 Author: Alexander Marx alexander.marx@ipfire.org Date: Fri Sep 9 10:03:22 2016 +0000
cups: Update to 2.1.4
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: cups/cups.nm | 6 +- cups/patches/001_cups-no-gzip-man.patch | 18 - cups/patches/002_cups-system-auth.patch | 38 - cups/patches/003_cups-multilib.patch | 16 - cups/patches/004_cups-banners.patch | 12 - cups/patches/005_cups-serverbin-compat.patch | 190 -- cups/patches/006_cups-no-export-ssllibs.patch | 12 - cups/patches/007_cups-direct-usb.patch | 27 - cups/patches/008_cups-lpr-help.patch | 48 - cups/patches/009_cups-peercred.patch | 11 - cups/patches/010_cups-pid.patch | 37 - cups/patches/011_cups-eggcups.patch | 130 -- cups/patches/012_cups-driverd-timeout.patch | 21 - cups/patches/013_cups-strict-ppd-line-length.patch | 30 - cups/patches/014_cups-logrotate.patch | 63 - cups/patches/015_cups-usb-paperout.patch | 52 - cups/patches/016_cups-res_init.patch | 26 - cups/patches/017_cups-filter-debug.patch | 32 - cups/patches/018_cups-uri-compat.patch | 51 - cups/patches/019_cups-cups-get-classes.patch | 89 - cups/patches/020_cups-str3382.patch | 64 - cups/patches/021_cups-0755.patch | 21 - cups/patches/022_cups-hp-deviceid-oid.patch | 21 - cups/patches/023_cups-dnssd-deviceid.patch | 38 - cups/patches/024_cups-ricoh-deviceid-oid.patch | 21 - cups/patches/025_cups-systemd-socket.patch | 395 ---- cups/patches/026_cups-lspp.patch | 1999 -------------------- 27 files changed, 3 insertions(+), 3465 deletions(-) delete mode 100644 cups/patches/001_cups-no-gzip-man.patch delete mode 100644 cups/patches/002_cups-system-auth.patch delete mode 100644 cups/patches/003_cups-multilib.patch delete mode 100644 cups/patches/004_cups-banners.patch delete mode 100644 cups/patches/005_cups-serverbin-compat.patch delete mode 100644 cups/patches/006_cups-no-export-ssllibs.patch delete mode 100644 cups/patches/007_cups-direct-usb.patch delete mode 100644 cups/patches/008_cups-lpr-help.patch delete mode 100644 cups/patches/009_cups-peercred.patch delete mode 100644 cups/patches/010_cups-pid.patch delete mode 100644 cups/patches/011_cups-eggcups.patch delete mode 100644 cups/patches/012_cups-driverd-timeout.patch delete mode 100644 cups/patches/013_cups-strict-ppd-line-length.patch delete mode 100644 cups/patches/014_cups-logrotate.patch delete mode 100644 cups/patches/015_cups-usb-paperout.patch delete mode 100644 cups/patches/016_cups-res_init.patch delete mode 100644 cups/patches/017_cups-filter-debug.patch delete mode 100644 cups/patches/018_cups-uri-compat.patch delete mode 100644 cups/patches/019_cups-cups-get-classes.patch delete mode 100644 cups/patches/020_cups-str3382.patch delete mode 100644 cups/patches/021_cups-0755.patch delete mode 100644 cups/patches/022_cups-hp-deviceid-oid.patch delete mode 100644 cups/patches/023_cups-dnssd-deviceid.patch delete mode 100644 cups/patches/024_cups-ricoh-deviceid-oid.patch delete mode 100644 cups/patches/025_cups-systemd-socket.patch delete mode 100644 cups/patches/026_cups-lspp.patch
Difference in files: diff --git a/cups/cups.nm b/cups/cups.nm index 3b5672b..5abb804 100644 --- a/cups/cups.nm +++ b/cups/cups.nm @@ -4,7 +4,7 @@ ###############################################################################
name = cups -version = 1.6.1 +version = 2.1.4 release = 1
groups = Applications/Printing @@ -17,8 +17,8 @@ description by Apple Inc. for Mac OS(R) X and other UNIX(R)-like operating systems. end
-source_dl = http://ftp.easysw.com/pub/cups/%%7Bversion%7D/ -sources = %{thisapp}-source.tar.bz2 +source_dl = https://github.com/apple/cups/releases/download/release-%%7Bversion%7D/ +sources = %{thisapp}-source.tar.gz
build requires diff --git a/cups/patches/001_cups-no-gzip-man.patch b/cups/patches/001_cups-no-gzip-man.patch deleted file mode 100644 index cabfcf1..0000000 --- a/cups/patches/001_cups-no-gzip-man.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man cups-1.6b1/config-scripts/cups-manpages.m4 ---- cups-1.6b1/config-scripts/cups-manpages.m4.no-gzip-man 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/config-scripts/cups-manpages.m4 2012-05-25 14:57:01.959845267 +0200 -@@ -69,10 +69,10 @@ case "$uname" in - ;; - Linux* | GNU* | Darwin*) - # Linux, GNU Hurd, and OS X -- MAN1EXT=1.gz -- MAN5EXT=5.gz -- MAN7EXT=7.gz -- MAN8EXT=8.gz -+ MAN1EXT=1 -+ MAN5EXT=5 -+ MAN7EXT=7 -+ MAN8EXT=8 - MAN8DIR=8 - ;; - *) diff --git a/cups/patches/002_cups-system-auth.patch b/cups/patches/002_cups-system-auth.patch deleted file mode 100644 index 60117a9..0000000 --- a/cups/patches/002_cups-system-auth.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.5b1/conf/cups.password-auth.system-auth cups-1.5b1/conf/cups.password-auth ---- cups-1.5b1/conf/cups.password-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 -+++ cups-1.5b1/conf/cups.password-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,4 @@ -+#%PAM-1.0 -+# Use password-auth common PAM configuration for the daemon -+auth include password-auth -+account include password-auth -diff -up cups-1.5b1/conf/cups.system-auth.system-auth cups-1.5b1/conf/cups.system-auth ---- cups-1.5b1/conf/cups.system-auth.system-auth 2011-05-23 17:27:27.000000000 +0200 -+++ cups-1.5b1/conf/cups.system-auth 2011-05-23 17:27:27.000000000 +0200 -@@ -0,0 +1,3 @@ -+#%PAM-1.0 -+auth include system-auth -+account include system-auth -diff -up cups-1.5b1/conf/Makefile.system-auth cups-1.5b1/conf/Makefile ---- cups-1.5b1/conf/Makefile.system-auth 2011-05-12 07:21:56.000000000 +0200 -+++ cups-1.5b1/conf/Makefile 2011-05-23 17:27:27.000000000 +0200 -@@ -90,10 +90,16 @@ install-data: - done - -if test x$(PAMDIR) != x; then \ - $(INSTALL_DIR) -m 755 $(BUILDROOT)$(PAMDIR); \ -- if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ if test -f /etc/pam.d/password-auth; then \ -+ $(INSTALL_DATA) cups.password-auth $(BUILDROOT)$(PAMDIR)/cups; \ -+ elif test -f /etc/pam.d/system-auth; then \ -+ $(INSTALL_DATA) cups.system-auth $(BUILDROOT)$(PAMDIR)/cups; \ - else \ -- $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ if test -r $(BUILDROOT)$(PAMDIR)/cups ; then \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups.N ; \ -+ else \ -+ $(INSTALL_DATA) $(PAMFILE) $(BUILDROOT)$(PAMDIR)/cups ; \ -+ fi ; \ - fi ; \ - fi - diff --git a/cups/patches/003_cups-multilib.patch b/cups/patches/003_cups-multilib.patch deleted file mode 100644 index 3c6bc39..0000000 --- a/cups/patches/003_cups-multilib.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up cups-1.5b1/cups-config.in.multilib cups-1.5b1/cups-config.in ---- cups-1.5b1/cups-config.in.multilib 2010-06-16 02:48:25.000000000 +0200 -+++ cups-1.5b1/cups-config.in 2011-05-23 17:33:31.000000000 +0200 -@@ -22,8 +22,10 @@ prefix=@prefix@ - exec_prefix=@exec_prefix@ - bindir=@bindir@ - includedir=@includedir@ --libdir=@libdir@ --imagelibdir=@libdir@ -+# Fetch libdir from gnutls's pkg-config script. This is a bit -+# of a cheat, but the cups-devel package requires gnutls-devel anyway. -+libdir=`pkg-config --variable=libdir gnutls` -+imagelibdir=`pkg-config --variable=libdir gnutls` - datarootdir=@datadir@ - datadir=@datadir@ - sysconfdir=@sysconfdir@ diff --git a/cups/patches/004_cups-banners.patch b/cups/patches/004_cups-banners.patch deleted file mode 100644 index aa19282..0000000 --- a/cups/patches/004_cups-banners.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5b1/scheduler/banners.c.banners cups-1.5b1/scheduler/banners.c ---- cups-1.5b1/scheduler/banners.c.banners 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/banners.c 2011-05-23 17:35:30.000000000 +0200 -@@ -110,6 +110,8 @@ cupsdLoadBanners(const char *d) /* I - - if ((ext = strrchr(dent->filename, '.')) != NULL) - if (!strcmp(ext, ".bck") || - !strcmp(ext, ".bak") || -+ !strcmp(ext, ".rpmnew") || -+ !strcmp(ext, ".rpmsave") || - !strcmp(ext, ".sav")) - continue; - diff --git a/cups/patches/005_cups-serverbin-compat.patch b/cups/patches/005_cups-serverbin-compat.patch deleted file mode 100644 index 0ca72fd..0000000 --- a/cups/patches/005_cups-serverbin-compat.patch +++ /dev/null @@ -1,190 +0,0 @@ -diff -up cups-1.5b1/scheduler/conf.c.serverbin-compat cups-1.5b1/scheduler/conf.c ---- cups-1.5b1/scheduler/conf.c.serverbin-compat 2011-05-20 06:24:54.000000000 +0200 -+++ cups-1.5b1/scheduler/conf.c 2011-05-23 17:20:33.000000000 +0200 -@@ -491,6 +491,9 @@ cupsdReadConfiguration(void) - cupsdClearString(&ServerName); - cupsdClearString(&ServerAdmin); - cupsdSetString(&ServerBin, CUPS_SERVERBIN); -+#ifdef __x86_64__ -+ cupsdSetString(&ServerBin_compat, "/usr/lib64/cups"); -+#endif /* __x86_64__ */ - cupsdSetString(&RequestRoot, CUPS_REQUESTS); - cupsdSetString(&CacheDir, CUPS_CACHEDIR); - cupsdSetString(&DataDir, CUPS_DATADIR); -@@ -1378,7 +1381,12 @@ cupsdReadConfiguration(void) - * Read the MIME type and conversion database... - */ - -+#ifdef __x86_64__ -+ snprintf(temp, sizeof(temp), "%s/filter:%s/filter", ServerBin, -+ ServerBin_compat); -+#else - snprintf(temp, sizeof(temp), "%s/filter", ServerBin); -+#endif - snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir); - - MimeDatabase = mimeNew(); -diff -up cups-1.5b1/scheduler/conf.h.serverbin-compat cups-1.5b1/scheduler/conf.h ---- cups-1.5b1/scheduler/conf.h.serverbin-compat 2011-04-22 19:47:03.000000000 +0200 -+++ cups-1.5b1/scheduler/conf.h 2011-05-23 15:34:25.000000000 +0200 -@@ -105,6 +105,10 @@ VAR char *ConfigurationFile VALUE(NULL) - /* Root directory for scheduler */ - *ServerBin VALUE(NULL), - /* Root directory for binaries */ -+#ifdef __x86_64__ -+ *ServerBin_compat VALUE(NULL), -+ /* Compat directory for binaries */ -+#endif /* __x86_64__ */ - *StateDir VALUE(NULL), - /* Root directory for state data */ - *RequestRoot VALUE(NULL), -diff -up cups-1.5b1/scheduler/env.c.serverbin-compat cups-1.5b1/scheduler/env.c ---- cups-1.5b1/scheduler/env.c.serverbin-compat 2011-01-11 04:48:42.000000000 +0100 -+++ cups-1.5b1/scheduler/env.c 2011-05-23 17:07:17.000000000 +0200 -@@ -218,8 +218,13 @@ cupsdUpdateEnv(void) - set_if_undefined("LD_PRELOAD", NULL); - set_if_undefined("NLSPATH", NULL); - if (find_env("PATH") < 0) -+#ifdef __x86_64__ -+ cupsdSetEnvf("PATH", "%s/filter:%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR -+ ":/bin:/usr/bin", ServerBin, ServerBin_compat); -+#else /* ! defined(__x86_64__) */ - cupsdSetEnvf("PATH", "%s/filter:" CUPS_BINDIR ":" CUPS_SBINDIR - ":/bin:/usr/bin", ServerBin); -+#endif - set_if_undefined("SERVER_ADMIN", ServerAdmin); - set_if_undefined("SHLIB_PATH", NULL); - set_if_undefined("SOFTWARE", CUPS_MINIMAL); -diff -up cups-1.5b1/scheduler/ipp.c.serverbin-compat cups-1.5b1/scheduler/ipp.c ---- cups-1.5b1/scheduler/ipp.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/ipp.c 2011-05-23 16:09:57.000000000 +0200 -@@ -2586,9 +2586,18 @@ add_printer(cupsd_client_t *con, /* I - - * Could not find device in list! - */ - -+#ifdef __x86_64__ -+ snprintf(srcfile, sizeof(srcfile), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (access(srcfile, X_OK)) -+ { -+#endif /* __x86_64__ */ - send_ipp_status(con, IPP_NOT_POSSIBLE, - _("Bad device-uri scheme "%s"."), scheme); - return; -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } - -diff -up cups-1.5b1/scheduler/job.c.serverbin-compat cups-1.5b1/scheduler/job.c ---- cups-1.5b1/scheduler/job.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/job.c 2011-05-23 16:18:57.000000000 +0200 -@@ -1047,8 +1047,32 @@ cupsdContinueJob(cupsd_job_t *job) /* I - i ++, filter = (mime_filter_t *)cupsArrayNext(filters)) - { - if (filter->filter[0] != '/') -- snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -- filter->filter); -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/filter/%s", -+ ServerBin_compat, filter->filter); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Filter '%s' not in %s/filter!", -+ filter->filter, ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ * messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/filter/%s", ServerBin, -+ filter->filter); -+ } -+ } -+#endif /* __x86_64__ */ -+ } - else - strlcpy(command, filter->filter, sizeof(command)); - -@@ -1199,6 +1223,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I - { - cupsdClosePipe(job->back_pipes); - cupsdClosePipe(job->side_pipes); -+#ifdef __x86_64__ -+ if (access(command, F_OK)) -+ { -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin_compat, -+ scheme); -+ if (!access(command, F_OK)) -+ { -+ /* Not in the correct directory, but we found it in the compat -+ * directory. Issue a warning. */ -+ cupsdLogMessage(CUPSD_LOG_INFO, -+ "Backend '%s' not in %s/backend!", scheme, -+ ServerBin); -+ } -+ else -+ { -+ /* Not in the compat directory either; make any error -+ messages use the correct directory name then. */ -+ snprintf(command, sizeof(command), "%s/backend/%s", ServerBin, -+ scheme); -+ } -+ } -+#endif /* __x86_64__ */ - - close(job->status_pipes[1]); - job->status_pipes[1] = -1; -diff -up cups-1.5b1/scheduler/printers.c.serverbin-compat cups-1.5b1/scheduler/printers.c ---- cups-1.5b1/scheduler/printers.c.serverbin-compat 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/printers.c 2011-05-23 17:09:04.000000000 +0200 -@@ -1030,9 +1030,19 @@ cupsdLoadAllPrinters(void) - * Backend does not exist, stop printer... - */ - -+#ifdef __x86_64__ -+ snprintf(line, sizeof(line), "%s/backend/%s", ServerBin_compat, -+ p->device_uri); -+ if (access(line, 0)) -+ { -+#endif /* __x86_64__ */ -+ - p->state = IPP_PRINTER_STOPPED; - snprintf(p->state_message, sizeof(p->state_message), - "Backend %s does not exist!", line); -+#ifdef __x86_64__ -+ } -+#endif /* __x86_64__ */ - } - } - -@@ -3621,8 +3631,20 @@ add_printer_filter( - else - snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, program); - -+#ifdef __x86_64__ -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) { -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin_compat, -+ program); -+ if (_cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, -+ cupsdLogFCMessage, p) == _CUPS_FILE_CHECK_MISSING) -+ snprintf(filename, sizeof(filename), "%s/filter/%s", ServerBin, -+ program); -+ } -+#else /* ! defined(__x86_64__) */ - _cupsFileCheck(filename, _CUPS_FILE_CHECK_PROGRAM, !RunUser, - cupsdLogFCMessage, p); -+#endif - } - - /* diff --git a/cups/patches/006_cups-no-export-ssllibs.patch b/cups/patches/006_cups-no-export-ssllibs.patch deleted file mode 100644 index de277d8..0000000 --- a/cups/patches/006_cups-no-export-ssllibs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5.3/config-scripts/cups-ssl.m4 ---- cups-1.5.3/config-scripts/cups-ssl.m4.no-export-ssllibs 2012-03-21 05:45:48.000000000 +0100 -+++ cups-1.5.3/config-scripts/cups-ssl.m4 2012-05-15 16:47:13.753314620 +0200 -@@ -173,7 +173,7 @@ AC_SUBST(IPPALIASES) - AC_SUBST(SSLFLAGS) - AC_SUBST(SSLLIBS) - --EXPORT_SSLLIBS="$SSLLIBS" -+EXPORT_SSLLIBS="" - AC_SUBST(EXPORT_SSLLIBS) - - dnl diff --git a/cups/patches/007_cups-direct-usb.patch b/cups/patches/007_cups-direct-usb.patch deleted file mode 100644 index 4e25ce7..0000000 --- a/cups/patches/007_cups-direct-usb.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.direct-usb cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.direct-usb 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-23 17:52:14.000000000 +0200 -@@ -102,6 +102,9 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ - -+ if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ use_bc = 0; -+ - if ((device_fd = open_device(uri, &use_bc)) == -1) - { - if (getenv("CLASS") != NULL) -@@ -331,12 +334,7 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- /* -- * Do not allow direct devices anymore... -- */ -- -- errno = ENODEV; -- return (-1); -+ return (open(uri + 4, O_RDWR | O_EXCL)); - } - else if (!strncmp(uri, "usb://", 6)) - { diff --git a/cups/patches/008_cups-lpr-help.patch b/cups/patches/008_cups-lpr-help.patch deleted file mode 100644 index c42434d..0000000 --- a/cups/patches/008_cups-lpr-help.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up cups-1.5b1/berkeley/lpr.c.lpr-help cups-1.5b1/berkeley/lpr.c ---- cups-1.5b1/berkeley/lpr.c.lpr-help 2011-03-21 23:02:00.000000000 +0100 -+++ cups-1.5b1/berkeley/lpr.c 2011-05-23 17:58:06.000000000 +0200 -@@ -24,6 +24,31 @@ - #include <cups/cups-private.h> - - -+static void -+usage (const char *name) -+{ -+ _cupsLangPrintf(stdout, -+"Usage: %s [OPTION] [ file(s) ]\n" -+"Print files.\n\n" -+" -E force encryption\n" -+" -H server[:port] specify alternate server\n" -+" -C title, -J title, -T title\n" -+" set the job name\n\n" -+" -P destination/instance print to named printer\n" -+" -U username specify alternate username\n" -+" -# num-copies set number of copies\n" -+" -h disable banner printing\n" -+" -l print without filtering\n" -+" -m send email on completion\n" -+" -o option[=value] set a job option\n" -+" -p format text file with header\n" -+" -q hold job for printing\n" -+" -r delete files after printing\n" -+"\nWith no file given, read standard input.\n" -+, name); -+} -+ -+ - /* - * 'main()' - Parse options and send files for printing. - */ -@@ -270,6 +294,12 @@ main(int argc, /* I - Number of comm - break; - - default : -+ if (!strcmp (argv[i], "--help")) -+ { -+ usage (argv[0]); -+ return (0); -+ } -+ - _cupsLangPrintf(stderr, - _("%s: Error - unknown option "%c"."), argv[0], - argv[i][1]); diff --git a/cups/patches/009_cups-peercred.patch b/cups/patches/009_cups-peercred.patch deleted file mode 100644 index a106abb..0000000 --- a/cups/patches/009_cups-peercred.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up cups-1.5b1/scheduler/auth.c.peercred cups-1.5b1/scheduler/auth.c ---- cups-1.5b1/scheduler/auth.c.peercred 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/scheduler/auth.c 2011-05-23 18:00:18.000000000 +0200 -@@ -52,6 +52,7 @@ - * Include necessary headers... - */ - -+#define _GNU_SOURCE - #include "cupsd.h" - #include <grp.h> - #ifdef HAVE_SHADOW_H diff --git a/cups/patches/010_cups-pid.patch b/cups/patches/010_cups-pid.patch deleted file mode 100644 index 23ffd47..0000000 --- a/cups/patches/010_cups-pid.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up cups-1.5b1/scheduler/main.c.pid cups-1.5b1/scheduler/main.c ---- cups-1.5b1/scheduler/main.c.pid 2011-05-18 22:44:16.000000000 +0200 -+++ cups-1.5b1/scheduler/main.c 2011-05-23 18:01:20.000000000 +0200 -@@ -311,6 +311,8 @@ main(int argc, /* I - Number of comm - * Setup signal handlers for the parent... - */ - -+ pid_t pid; -+ - #ifdef HAVE_SIGSET /* Use System V signals over POSIX to avoid bugs */ - sigset(SIGUSR1, parent_handler); - sigset(SIGCHLD, parent_handler); -@@ -334,7 +336,7 @@ main(int argc, /* I - Number of comm - signal(SIGHUP, SIG_IGN); - #endif /* HAVE_SIGSET */ - -- if (fork() > 0) -+ if ((pid = fork()) > 0) - { - /* - * OK, wait for the child to startup and send us SIGUSR1 or to crash -@@ -346,7 +348,15 @@ main(int argc, /* I - Number of comm - sleep(1); - - if (parent_signal == SIGUSR1) -+ { -+ FILE *f = fopen ("/var/run/cupsd.pid", "w"); -+ if (f) -+ { -+ fprintf (f, "%d\n", pid); -+ fclose (f); -+ } - return (0); -+ } - - if (wait(&i) < 0) - { diff --git a/cups/patches/011_cups-eggcups.patch b/cups/patches/011_cups-eggcups.patch deleted file mode 100644 index 981d920..0000000 --- a/cups/patches/011_cups-eggcups.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -up cups-1.5.3/backend/ipp.c.eggcups cups-1.5.3/backend/ipp.c ---- cups-1.5.3/backend/ipp.c.eggcups 2012-05-05 01:00:01.000000000 +0200 -+++ cups-1.5.3/backend/ipp.c 2012-05-15 16:50:41.142868986 +0200 -@@ -138,6 +138,70 @@ static cups_array_t *state_reasons; /* A - static char tmpfilename[1024] = ""; - /* Temporary spool file name */ - -+#if HAVE_DBUS -+#include <dbus/dbus.h> -+ -+static DBusConnection *dbus_connection = NULL; -+ -+static int -+init_dbus (void) -+{ -+ DBusConnection *connection; -+ DBusError error; -+ -+ if (dbus_connection && -+ !dbus_connection_get_is_connected (dbus_connection)) { -+ dbus_connection_unref (dbus_connection); -+ dbus_connection = NULL; -+ } -+ -+ dbus_error_init (&error); -+ connection = dbus_bus_get (getuid () ? DBUS_BUS_SESSION : DBUS_BUS_SYSTEM, &error); -+ if (connection == NULL) { -+ dbus_error_free (&error); -+ return -1; -+ } -+ -+ dbus_connection = connection; -+ return 0; -+} -+ -+int -+dbus_broadcast_queued_remote (const char *printer_uri, -+ ipp_status_t status, -+ unsigned int local_job_id, -+ unsigned int remote_job_id, -+ const char *username, -+ const char *printer_name) -+{ -+ DBusMessage *message; -+ DBusMessageIter iter; -+ const char *errstr; -+ -+ if (!dbus_connection || !dbus_connection_get_is_connected (dbus_connection)) { -+ if (init_dbus () || !dbus_connection) -+ return -1; -+ } -+ -+ errstr = ippErrorString (status); -+ message = dbus_message_new_signal ("/com/redhat/PrinterSpooler", -+ "com.redhat.PrinterSpooler", -+ "JobQueuedRemote"); -+ dbus_message_iter_init_append (message, &iter); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_uri); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &errstr); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &local_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &remote_job_id); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &username); -+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &printer_name); -+ -+ dbus_connection_send (dbus_connection, message, NULL); -+ dbus_connection_flush (dbus_connection); -+ dbus_message_unref (message); -+ -+ return 0; -+} -+#endif /* HAVE_DBUS */ - - /* - * Local functions... -@@ -1520,6 +1584,15 @@ main(int argc, /* I - Number of comm - _("Print file accepted - job ID %d."), job_id); - } - -+#if HAVE_DBUS -+ dbus_broadcast_queued_remote (argv[0], -+ ipp_status, -+ atoi (argv[1]), -+ job_id, -+ argv[2], -+ getenv ("PRINTER")); -+#endif /* HAVE_DBUS */ -+ - fprintf(stderr, "DEBUG: job-id=%d\n", job_id); - ippDelete(response); - -diff -up cups-1.5.3/backend/Makefile.eggcups cups-1.5.3/backend/Makefile ---- cups-1.5.3/backend/Makefile.eggcups 2012-04-23 19:42:12.000000000 +0200 -+++ cups-1.5.3/backend/Makefile 2012-05-15 16:48:17.253871982 +0200 -@@ -212,7 +212,7 @@ dnssd: dnssd.o ../cups/$(LIBCUPS) libbac - - ipp: ipp.o ../cups/$(LIBCUPS) libbackend.a - echo Linking $@... -- $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) -+ $(CC) $(LDFLAGS) -o ipp ipp.o libbackend.a $(LIBS) $(SERVERLIBS) - $(RM) http - $(LN) ipp http - -diff -up cups-1.5.3/scheduler/subscriptions.c.eggcups cups-1.5.3/scheduler/subscriptions.c ---- cups-1.5.3/scheduler/subscriptions.c.eggcups 2012-02-12 06:48:09.000000000 +0100 -+++ cups-1.5.3/scheduler/subscriptions.c 2012-05-15 16:48:17.253871982 +0200 -@@ -1314,13 +1314,13 @@ cupsd_send_dbus(cupsd_eventmask_t event, - what = "PrinterAdded"; - else if (event & CUPSD_EVENT_PRINTER_DELETED) - what = "PrinterRemoved"; -- else if (event & CUPSD_EVENT_PRINTER_CHANGED) -- what = "QueueChanged"; - else if (event & CUPSD_EVENT_JOB_CREATED) - what = "JobQueuedLocal"; - else if ((event & CUPSD_EVENT_JOB_STATE) && job && - job->state_value == IPP_JOB_PROCESSING) - what = "JobStartedLocal"; -+ else if (event & (CUPSD_EVENT_PRINTER_CHANGED|CUPSD_EVENT_JOB_STATE_CHANGED|CUPSD_EVENT_PRINTER_STATE_CHANGED)) -+ what = "QueueChanged"; - else - return; - -@@ -1356,7 +1356,7 @@ cupsd_send_dbus(cupsd_eventmask_t event, - dbus_message_append_iter_init(message, &iter); - if (dest) - dbus_message_iter_append_string(&iter, dest->name); -- if (job) -+ if (job && strcmp (what, "QueueChanged") != 0) - { - dbus_message_iter_append_uint32(&iter, job->id); - dbus_message_iter_append_string(&iter, job->username); diff --git a/cups/patches/012_cups-driverd-timeout.patch b/cups/patches/012_cups-driverd-timeout.patch deleted file mode 100644 index cb9e5cf..0000000 --- a/cups/patches/012_cups-driverd-timeout.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5.0/scheduler/ipp.c.driverd-timeout cups-1.5.0/scheduler/ipp.c ---- cups-1.5.0/scheduler/ipp.c.driverd-timeout 2011-10-10 17:03:41.801690962 +0100 -+++ cups-1.5.0/scheduler/ipp.c 2011-10-10 17:03:41.861689834 +0100 -@@ -5723,7 +5723,7 @@ copy_model(cupsd_client_t *con, /* I - - close(temppipe[1]); - - /* -- * Wait up to 30 seconds for the PPD file to be copied... -+ * Wait up to 70 seconds for the PPD file to be copied... - */ - - total = 0; -@@ -5743,7 +5743,7 @@ copy_model(cupsd_client_t *con, /* I - - FD_SET(temppipe[0], &input); - FD_SET(CGIPipes[0], &input); - -- timeout.tv_sec = 30; -+ timeout.tv_sec = 70; - timeout.tv_usec = 0; - - if ((i = select(maxfd, &input, NULL, NULL, &timeout)) < 0) diff --git a/cups/patches/013_cups-strict-ppd-line-length.patch b/cups/patches/013_cups-strict-ppd-line-length.patch deleted file mode 100644 index b2697ec..0000000 --- a/cups/patches/013_cups-strict-ppd-line-length.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up cups-1.5b1/cups/ppd.c.strict-ppd-line-length cups-1.5b1/cups/ppd.c ---- cups-1.5b1/cups/ppd.c.strict-ppd-line-length 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/cups/ppd.c 2011-05-24 15:46:13.000000000 +0200 -@@ -2786,7 +2786,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - *lineptr++ = ch; - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... -@@ -2847,7 +2847,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... -@@ -2906,7 +2906,7 @@ ppd_read(cups_file_t *fp, /* I - Fil - { - col ++; - -- if (col > (PPD_MAX_LINE - 1)) -+ if (col > (PPD_MAX_LINE - 1) && cg->ppd_conform == PPD_CONFORM_STRICT) - { - /* - * Line is too long... diff --git a/cups/patches/014_cups-logrotate.patch b/cups/patches/014_cups-logrotate.patch deleted file mode 100644 index a6485a9..0000000 --- a/cups/patches/014_cups-logrotate.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up cups-1.5b1/scheduler/log.c.logrotate cups-1.5b1/scheduler/log.c ---- cups-1.5b1/scheduler/log.c.logrotate 2011-05-14 01:04:16.000000000 +0200 -+++ cups-1.5b1/scheduler/log.c 2011-05-24 15:47:20.000000000 +0200 -@@ -32,6 +32,9 @@ - #include "cupsd.h" - #include <stdarg.h> - #include <syslog.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <unistd.h> - - - /* -@@ -71,12 +74,10 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - return (1); - - /* -- * Format the filename as needed... -+ * Format the filename... - */ - -- if (!*lf || -- (strncmp(logname, "/dev/", 5) && cupsFileTell(*lf) > MaxLogSize && -- MaxLogSize > 0)) -+ if (strncmp(logname, "/dev/", 5)) - { - /* - * Handle format strings... -@@ -186,6 +187,34 @@ cupsdCheckLogFile(cups_file_t **lf, /* I - } - - /* -+ * Has someone else (i.e. logrotate) already rotated the log for us? -+ */ -+ else if (strncmp(filename, "/dev/", 5)) -+ { -+ struct stat st; -+ if (stat(filename, &st) || st.st_size == 0) -+ { -+ /* File is either missing or has zero size. */ -+ -+ cupsFileClose(*lf); -+ if ((*lf = cupsFileOpen(filename, "a")) == NULL) -+ { -+ syslog(LOG_ERR, "Unable to open log file "%s" - %s", filename, -+ strerror(errno)); -+ -+ return (0); -+ } -+ -+ /* -+ * Change ownership and permissions of non-device logs... -+ */ -+ -+ fchown(cupsFileNumber(*lf), RunUser, Group); -+ fchmod(cupsFileNumber(*lf), LogFilePerm); -+ } -+ } -+ -+ /* - * Do we need to rotate the log? - */ - diff --git a/cups/patches/015_cups-usb-paperout.patch b/cups/patches/015_cups-usb-paperout.patch deleted file mode 100644 index f1f73f0..0000000 --- a/cups/patches/015_cups-usb-paperout.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.usb-paperout cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.usb-paperout 2011-05-24 15:51:39.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 15:51:39.000000000 +0200 -@@ -30,6 +30,11 @@ - - #include <sys/select.h> - -+#ifdef __linux -+#include <sys/ioctl.h> -+#include <linux/lp.h> -+#endif /* __linux */ -+ - - /* - * Local functions... -@@ -334,7 +339,19 @@ open_device(const char *uri, /* I - Dev - if (!strncmp(uri, "usb:/dev/", 9)) - #ifdef __linux - { -- return (open(uri + 4, O_RDWR | O_EXCL)); -+ fd = open(uri + 4, O_RDWR | O_EXCL); -+ -+ if (fd != -1) -+ { -+ /* -+ * Tell the driver to return from write() with errno==ENOSPACE -+ * on paper-out. -+ */ -+ unsigned int t = 1; -+ ioctl (fd, LPABORT, &t); -+ } -+ -+ return fd; - } - else if (!strncmp(uri, "usb://", 6)) - { -@@ -400,7 +417,14 @@ open_device(const char *uri, /* I - Dev - if (!strcmp(uri, device_uri)) - { - /* -- * Yes, return this file descriptor... -+ * Yes, tell the driver to return from write() with -+ * errno==ENOSPACE on paper-out. -+ */ -+ unsigned int t = 1; -+ ioctl (fd, LPABORT, &t); -+ -+ /* -+ * Return this file descriptor... - */ - - fprintf(stderr, "DEBUG: Printer using device file "%s"...\n", diff --git a/cups/patches/016_cups-res_init.patch b/cups/patches/016_cups-res_init.patch deleted file mode 100644 index 94a81a4..0000000 --- a/cups/patches/016_cups-res_init.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up cups-1.6b1/cups/http-addr.c.res_init cups-1.6b1/cups/http-addr.c ---- cups-1.6b1/cups/http-addr.c.res_init 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/cups/http-addr.c 2012-05-25 15:51:51.323916352 +0200 -@@ -254,7 +254,8 @@ httpAddrLookup( - - if (error) - { -- if (error == EAI_FAIL) -+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || -+ error == EAI_NONAME) - cg->need_res_init = 1; - - return (httpAddrString(addr, name, namelen)); -diff -up cups-1.6b1/cups/http-addrlist.c.res_init cups-1.6b1/cups/http-addrlist.c ---- cups-1.6b1/cups/http-addrlist.c.res_init 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/cups/http-addrlist.c 2012-05-25 16:05:05.930377452 +0200 -@@ -540,7 +540,8 @@ httpAddrGetList(const char *hostname, /* - } - else - { -- if (error == EAI_FAIL) -+ if (error == EAI_FAIL || error == EAI_AGAIN || error == EAI_NODATA || -+ error == EAI_NONAME) - cg->need_res_init = 1; - - _cupsSetError(IPP_INTERNAL_ERROR, gai_strerror(error), 0); diff --git a/cups/patches/017_cups-filter-debug.patch b/cups/patches/017_cups-filter-debug.patch deleted file mode 100644 index 96c82da..0000000 --- a/cups/patches/017_cups-filter-debug.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up cups-1.6b1/scheduler/job.c.filter-debug cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.filter-debug 2012-05-25 16:06:01.000000000 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 16:07:46.309259511 +0200 -@@ -625,10 +625,28 @@ cupsdContinueJob(cupsd_job_t *job) /* I - - if (!filters) - { -+ mime_filter_t *current; -+ - cupsdLogJob(job, CUPSD_LOG_ERROR, - "Unable to convert file %d to printable format.", - job->current_file); - -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Required: %s/%s -> %s/%s", -+ job->filetypes[job->current_file]->super, -+ job->filetypes[job->current_file]->type, -+ job->printer->filetype->super, -+ job->printer->filetype->type); -+ -+ for (current = (mime_filter_t *)cupsArrayFirst(MimeDatabase->srcs); -+ current; -+ current = (mime_filter_t *)cupsArrayNext(MimeDatabase->srcs)) -+ cupsdLogJob(job, CUPSD_LOG_ERROR, -+ "Available: %s/%s -> %s/%s (%s)", -+ current->src->super, current->src->type, -+ current->dst->super, current->dst->type, -+ current->filter); -+ - abort_message = "Aborting job because it cannot be printed."; - abort_state = IPP_JOB_ABORTED; - diff --git a/cups/patches/018_cups-uri-compat.patch b/cups/patches/018_cups-uri-compat.patch deleted file mode 100644 index 2520a5b..0000000 --- a/cups/patches/018_cups-uri-compat.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up cups-1.5b1/backend/usb-unix.c.uri-compat cups-1.5b1/backend/usb-unix.c ---- cups-1.5b1/backend/usb-unix.c.uri-compat 2011-05-24 15:59:05.000000000 +0200 -+++ cups-1.5b1/backend/usb-unix.c 2011-05-24 16:02:03.000000000 +0200 -@@ -63,11 +63,34 @@ print_device(const char *uri, /* I - De - int device_fd; /* USB device */ - ssize_t tbytes; /* Total number of bytes written */ - struct termios opts; /* Parallel port options */ -+ char *fixed_uri = strdup (uri); -+ char *p; - - - (void)argc; - (void)argv; - -+ p = strchr (fixed_uri, ':'); -+ if (p++ != NULL) -+ { -+ char *e; -+ p += strspn (p, "/"); -+ e = strchr (p, '/'); -+ if (e > p) -+ { -+ size_t mfrlen = e - p; -+ e++; -+ if (!strncasecmp (e, p, mfrlen)) -+ { -+ char *x = e + mfrlen; -+ if (!strncmp (x, "%20", 3)) -+ /* Take mfr name out of mdl name for compatibility with -+ * Fedora 11 before bug #507244 was fixed. */ -+ strcpy (e, x + 3); puts(fixed_uri); -+ } -+ } -+ } -+ - /* - * Open the USB port device... - */ -@@ -107,10 +130,10 @@ print_device(const char *uri, /* I - De - _cups_strncasecmp(hostname, "Minolta", 7); - #endif /* __FreeBSD__ || __NetBSD__ || __OpenBSD__ || __DragonFly__ */ - -- if (use_bc && !strncmp(uri, "usb:/dev/", 9)) -+ if (use_bc && !strncmp(fixed_uri, "usb:/dev/", 9)) - use_bc = 0; - -- if ((device_fd = open_device(uri, &use_bc)) == -1) -+ if ((device_fd = open_device(fixed_uri, &use_bc)) == -1) - { - if (getenv("CLASS") != NULL) - { diff --git a/cups/patches/019_cups-cups-get-classes.patch b/cups/patches/019_cups-cups-get-classes.patch deleted file mode 100644 index b0ffe1c..0000000 --- a/cups/patches/019_cups-cups-get-classes.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -up cups-1.5.0/cups/dest.c.cups-get-classes cups-1.5.0/cups/dest.c ---- cups-1.5.0/cups/dest.c.cups-get-classes 2011-05-20 04:49:49.000000000 +0100 -+++ cups-1.5.0/cups/dest.c 2011-09-14 12:10:05.111635428 +0100 -@@ -534,6 +534,7 @@ _cupsGetDests(http_t *http, /* I - - char uri[1024]; /* printer-uri value */ - int num_options; /* Number of options */ - cups_option_t *options; /* Options */ -+ int get_classes; /* Whether we need to fetch class */ - #ifdef __APPLE__ - char media_default[41]; /* Default paper size */ - #endif /* __APPLE__ */ -@@ -590,6 +591,8 @@ _cupsGetDests(http_t *http, /* I - - * printer-uri [for IPP_GET_PRINTER_ATTRIBUTES] - */ - -+ get_classes = (op == CUPS_GET_PRINTERS); -+ - request = ippNewRequest(op); - - ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, -@@ -647,6 +650,23 @@ _cupsGetDests(http_t *http, /* I - - attr->value_tag != IPP_TAG_URI) - continue; - -+ if (get_classes && -+ -+ /* Is this a class? */ -+ ((attr->value_tag == IPP_TAG_ENUM && -+ !strcmp(attr->name, "printer-type") && -+ (attr->values[0].integer & CUPS_PRINTER_CLASS)) || -+ -+ /* Or, is this an attribute from CUPS 1.2 or later? */ -+ !strcmp(attr->name, "auth-info-required") || -+ !strncmp(attr->name, "marker-", 7) || -+ !strcmp(attr->name, "printer-commands") || -+ !strcmp(attr->name, "printer-is-shared"))) -+ /* We are talking to a recent enough CUPS server that -+ * CUPS_GET_PRINTERS returns classes as well. -+ */ -+ get_classes = 0; -+ - if (!strcmp(attr->name, "auth-info-required") || - !strcmp(attr->name, "device-uri") || - !strcmp(attr->name, "marker-change-time") || -@@ -738,6 +758,28 @@ _cupsGetDests(http_t *http, /* I - - continue; - } - -+ /* -+ * If we sent a CUPS_GET_CLASSES request, check whether -+ * CUPS_GET_PRINTERS already gave us this destination and exit -+ * early if so. -+ */ -+ -+ if (op == CUPS_GET_CLASSES && num_dests > 0) -+ { -+ int diff; -+ cups_find_dest (printer_name, NULL, num_dests, *dests, 0, &diff); -+ if (diff == 0) -+ { -+ /* -+ * Found it. The CUPS server already gave us the classes in -+ * its CUPS_GET_PRINTERS response. -+ */ -+ -+ cupsFreeOptions(num_options, options); -+ break; -+ } -+ } -+ - if ((dest = cups_add_dest(printer_name, NULL, &num_dests, dests)) != NULL) - { - dest->num_options = num_options; -@@ -754,6 +796,15 @@ _cupsGetDests(http_t *http, /* I - - } - - /* -+ * If this is a CUPS_GET_PRINTERS request but we didn't see any -+ * classes we might be talking to an older CUPS server that requires -+ * CUPS_GET_CLASSES as well. -+ */ -+ -+ if (get_classes) -+ num_dests = _cupsGetDests (http, CUPS_GET_CLASSES, name, dests, 0, 0); -+ -+ /* - * Return the count... - */ - diff --git a/cups/patches/020_cups-str3382.patch b/cups/patches/020_cups-str3382.patch deleted file mode 100644 index 2e8736d..0000000 --- a/cups/patches/020_cups-str3382.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -up cups-1.5b1/cups/tempfile.c.str3382 cups-1.5b1/cups/tempfile.c ---- cups-1.5b1/cups/tempfile.c.str3382 2010-03-24 01:45:34.000000000 +0100 -+++ cups-1.5b1/cups/tempfile.c 2011-05-24 16:04:47.000000000 +0200 -@@ -33,6 +33,7 @@ - # include <io.h> - #else - # include <unistd.h> -+# include <sys/types.h> - #endif /* WIN32 || __EMX__ */ - - -@@ -54,7 +55,7 @@ cupsTempFd(char *filename, /* I - Point - char tmppath[1024]; /* Windows temporary directory */ - DWORD curtime; /* Current time */ - #else -- struct timeval curtime; /* Current time */ -+ mode_t old_umask; /* Old umask before using mkstemp() */ - #endif /* WIN32 */ - - -@@ -105,33 +106,25 @@ cupsTempFd(char *filename, /* I - Point - - snprintf(filename, len - 1, "%s/%05lx%08lx", tmpdir, - GetCurrentProcessId(), curtime); --#else -- /* -- * Get the current time of day... -- */ -- -- gettimeofday(&curtime, NULL); -- -- /* -- * Format a string using the hex time values... -- */ -- -- snprintf(filename, len - 1, "%s/%05x%08x", tmpdir, (unsigned)getpid(), -- (unsigned)(curtime.tv_sec + curtime.tv_usec + tries)); --#endif /* WIN32 */ - - /* - * Open the file in "exclusive" mode, making sure that we don't - * stomp on an existing file or someone's symlink crack... - */ - --#ifdef WIN32 - fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY, - _S_IREAD | _S_IWRITE); --#elif defined(O_NOFOLLOW) -- fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600); - #else -- fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600); -+ -+ /* -+ * Use the standard mkstemp() call to make a temporary filename -+ * securely. -- andrew.wood@jdplc.com -+ */ -+ snprintf(filename, len - 1, "%s/cupsXXXXXX", tmpdir); -+ -+ old_umask = umask(0077); -+ fd = mkstemp(filename); -+ umask(old_umask); - #endif /* WIN32 */ - - if (fd < 0 && errno != EEXIST) diff --git a/cups/patches/021_cups-0755.patch b/cups/patches/021_cups-0755.patch deleted file mode 100644 index b0df3a0..0000000 --- a/cups/patches/021_cups-0755.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.6b1/Makedefs.in.0755 cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.0755 2012-05-23 01:58:31.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 16:09:40.545463214 +0200 -@@ -40,14 +40,14 @@ SHELL = /bin/sh - # Installation programs... - # - --INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_COMPDATA = $(INSTALL) -c -m 444 @INSTALL_GZIP@ - INSTALL_CONFIG = $(INSTALL) -c -m @CUPS_CONFIG_FILE_PERM@ - INSTALL_DATA = $(INSTALL) -c -m 444 - INSTALL_DIR = $(INSTALL) -d --INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ -+INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ - INSTALL_MAN = $(INSTALL) -c -m 444 --INSTALL_SCRIPT = $(INSTALL) -c -m 555 -+INSTALL_SCRIPT = $(INSTALL) -c -m 755 - - # - # Default user, group, and system groups for the scheduler... diff --git a/cups/patches/022_cups-hp-deviceid-oid.patch b/cups/patches/022_cups-hp-deviceid-oid.patch deleted file mode 100644 index da5136a..0000000 --- a/cups/patches/022_cups-hp-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.hp-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.hp-deviceid-oid 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:24:48.000000000 +0200 -@@ -187,6 +187,7 @@ static const int UriOID[] = { CUPS_OID_p - static const int LexmarkProductOID[] = { 1,3,6,1,4,1,641,2,1,2,1,2,1,-1 }; - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; -+static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1006,6 +1007,9 @@ read_snmp_response(int fd) /* I - SNMP - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, HPDeviceIdOID); - break; - - case DEVICE_DESCRIPTION : diff --git a/cups/patches/023_cups-dnssd-deviceid.patch b/cups/patches/023_cups-dnssd-deviceid.patch deleted file mode 100644 index b3c2b8e..0000000 --- a/cups/patches/023_cups-dnssd-deviceid.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up cups-1.6b1/backend/dnssd.c.dnssd-deviceid cups-1.6b1/backend/dnssd.c ---- cups-1.6b1/backend/dnssd.c.dnssd-deviceid 2012-05-21 18:05:58.000000000 +0200 -+++ cups-1.6b1/backend/dnssd.c 2012-05-25 16:27:49.226874427 +0200 -@@ -1181,15 +1181,22 @@ query_callback( - if (device->device_id) - free(device->device_id); - -+ if (device_id[0]) -+ { -+ /* Mark this as the real device ID. */ -+ ptr = device_id + strlen(device_id); -+ snprintf(ptr, sizeof(device_id) - (ptr - device_id), "FZY:0;"); -+ } -+ - if (!device_id[0] && strcmp(model, "Unknown")) - { - if (make_and_model[0]) -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, model); - else if (!_cups_strncasecmp(model, "designjet ", 10)) -- snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s", model + 10); -+ snprintf(device_id, sizeof(device_id), "MFG:HP;MDL:%s;FZY:1;", model + 10); - else if (!_cups_strncasecmp(model, "stylus ", 7)) -- snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s", model + 7); -+ snprintf(device_id, sizeof(device_id), "MFG:EPSON;MDL:%s;FZY:1;", model + 7); - else if ((ptr = strchr(model, ' ')) != NULL) - { - /* -@@ -1199,7 +1206,7 @@ query_callback( - memcpy(make_and_model, model, ptr - model); - make_and_model[ptr - model] = '\0'; - -- snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s", -+ snprintf(device_id, sizeof(device_id), "MFG:%s;MDL:%s;FZY:1;", - make_and_model, ptr + 1); - } - } diff --git a/cups/patches/024_cups-ricoh-deviceid-oid.patch b/cups/patches/024_cups-ricoh-deviceid-oid.patch deleted file mode 100644 index c148f95..0000000 --- a/cups/patches/024_cups-ricoh-deviceid-oid.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid cups-1.5b1/backend/snmp.c ---- cups-1.5b1/backend/snmp.c.ricoh-deviceid-oid 2011-05-24 17:29:48.000000000 +0200 -+++ cups-1.5b1/backend/snmp.c 2011-05-24 17:29:48.000000000 +0200 -@@ -188,6 +188,7 @@ static const int LexmarkProductOID[] = { - static const int LexmarkProductOID2[] = { 1,3,6,1,4,1,674,10898,100,2,1,2,1,2,1,-1 }; - static const int LexmarkDeviceIdOID[] = { 1,3,6,1,4,1,641,2,1,2,1,3,1,-1 }; - static const int HPDeviceIdOID[] = { 1,3,6,1,4,1,11,2,3,9,1,1,7,0,-1 }; -+static const int RicohDeviceIdOID[] = { 1,3,6,1,4,1,367,3,2,1,1,1,11,0,-1 }; - static const int XeroxProductOID[] = { 1,3,6,1,4,1,128,2,1,3,1,2,0,-1 }; - static cups_array_t *DeviceURIs = NULL; - static int HostNameLookups = 0; -@@ -1005,6 +1006,9 @@ read_snmp_response(int fd) /* I - SNMP - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_ID, LexmarkDeviceIdOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, -+ packet.community, CUPS_ASN1_GET_REQUEST, -+ DEVICE_ID, RicohDeviceIdOID); -+ _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, - packet.community, CUPS_ASN1_GET_REQUEST, - DEVICE_PRODUCT, XeroxProductOID); - _cupsSNMPWrite(fd, &(packet.address), CUPS_SNMP_VERSION_1, diff --git a/cups/patches/025_cups-systemd-socket.patch b/cups/patches/025_cups-systemd-socket.patch deleted file mode 100644 index 83fabdb..0000000 --- a/cups/patches/025_cups-systemd-socket.patch +++ /dev/null @@ -1,395 +0,0 @@ -diff -up cups-1.6b1/config.h.in.systemd-socket cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.systemd-socket 2012-05-17 00:57:03.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-28 11:16:35.657250584 +0200 -@@ -506,6 +506,13 @@ - - - /* -+ * Do we have systemd support? -+ */ -+ -+#undef HAVE_SYSTEMD -+ -+ -+/* - * Various scripting languages... - */ - -diff -up cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket cups-1.6b1/config-scripts/cups-systemd.m4 ---- cups-1.6b1/config-scripts/cups-systemd.m4.systemd-socket 2012-05-28 11:16:35.658250577 +0200 -+++ cups-1.6b1/config-scripts/cups-systemd.m4 2012-05-28 11:16:35.658250577 +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl "$Id$" -+dnl -+dnl systemd stuff for CUPS. -+ -+dnl Find whether systemd is available -+ -+SDLIBS="" -+AC_ARG_WITH([systemdsystemunitdir], -+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), -+ [], [with_systemdsystemunitdir=$($PKGCONFIG --variable=systemdsystemunitdir systemd)]) -+if test "x$with_systemdsystemunitdir" != xno; then -+ AC_MSG_CHECKING(for libsystemd-daemon) -+ if $PKGCONFIG --exists libsystemd-daemon; then -+ AC_MSG_RESULT(yes) -+ SDCFLAGS=`$PKGCONFIG --cflags libsystemd-daemon` -+ SDLIBS=`$PKGCONFIG --libs libsystemd-daemon` -+ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) -+ AC_DEFINE(HAVE_SYSTEMD) -+ else -+ AC_MSG_RESULT(no) -+ fi -+fi -+ -+if test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ; then -+ SYSTEMD_UNITS="cups.service cups.socket cups.path" -+else -+ SYSTEMD_UNITS="" -+fi -+ -+AC_SUBST(SYSTEMD_UNITS) -+AC_SUBST(SDLIBS) -+ -+dnl -+dnl "$Id$" -+dnl -diff -up cups-1.6b1/configure.in.systemd-socket cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.systemd-socket 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/configure.in 2012-05-28 11:16:35.658250577 +0200 -@@ -33,6 +33,7 @@ sinclude(config-scripts/cups-pam.m4) - sinclude(config-scripts/cups-largefile.m4) - sinclude(config-scripts/cups-dnssd.m4) - sinclude(config-scripts/cups-launchd.m4) -+sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) - -@@ -66,6 +67,9 @@ AC_OUTPUT(Makedefs - conf/snmp.conf - cups-config - data/testprint -+ data/cups.service -+ data/cups.socket -+ data/cups.path - desktop/cups.desktop - doc/help/ref-cupsd-conf.html - doc/help/standard.html -diff -up cups-1.6b1/cups/usersys.c.systemd-socket cups-1.6b1/cups/usersys.c ---- cups-1.6b1/cups/usersys.c.systemd-socket 2012-04-23 19:26:57.000000000 +0200 -+++ cups-1.6b1/cups/usersys.c 2012-05-28 11:16:35.659250570 +0200 -@@ -975,7 +975,7 @@ cups_read_client_conf( - struct stat sockinfo; /* Domain socket information */ - - if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) && -- (sockinfo.st_mode & S_IRWXO) == S_IRWXO) -+ (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH)) - cups_server = CUPS_DEFAULT_DOMAINSOCKET; - else - #endif /* CUPS_DEFAULT_DOMAINSOCKET */ -diff -up cups-1.6b1/data/cups.path.in.systemd-socket cups-1.6b1/data/cups.path.in ---- cups-1.6b1/data/cups.path.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200 -+++ cups-1.6b1/data/cups.path.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=CUPS Printer Service Spool -+ -+[Path] -+PathExistsGlob=@CUPS_REQUESTS@/d* -+ -+[Install] -+WantedBy=multi-user.target -diff -up cups-1.6b1/data/cups.service.in.systemd-socket cups-1.6b1/data/cups.service.in ---- cups-1.6b1/data/cups.service.in.systemd-socket 2012-05-28 11:16:35.659250570 +0200 -+++ cups-1.6b1/data/cups.service.in 2012-05-28 11:16:35.659250570 +0200 -@@ -0,0 +1,10 @@ -+[Unit] -+Description=CUPS Printing Service -+ -+[Service] -+ExecStart=@sbindir@/cupsd -f -+PrivateTmp=true -+ -+[Install] -+Also=cups.socket cups.path -+WantedBy=printer.target -diff -up cups-1.6b1/data/cups.socket.in.systemd-socket cups-1.6b1/data/cups.socket.in ---- cups-1.6b1/data/cups.socket.in.systemd-socket 2012-05-28 11:16:35.660250563 +0200 -+++ cups-1.6b1/data/cups.socket.in 2012-05-28 11:16:35.660250563 +0200 -@@ -0,0 +1,8 @@ -+[Unit] -+Description=CUPS Printing Service Sockets -+ -+[Socket] -+ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -+ -+[Install] -+WantedBy=sockets.target -diff -up cups-1.6b1/data/Makefile.systemd-socket cups-1.6b1/data/Makefile ---- cups-1.6b1/data/Makefile.systemd-socket 2011-08-27 11:23:01.000000000 +0200 -+++ cups-1.6b1/data/Makefile 2012-05-28 11:16:35.660250563 +0200 -@@ -100,6 +100,12 @@ install-data: - $(INSTALL_DATA) $$file $(DATADIR)/ppdc; \ - done - $(INSTALL_DIR) -m 755 $(DATADIR)/profiles -+ if test "x$(SYSTEMD_UNITS)" != "x" ; then \ -+ $(INSTALL_DIR) -m 755 $(SYSTEMDUNITDIR); \ -+ for file in $(SYSTEMD_UNITS); do \ -+ $(INSTALL_DATA) $$file $(SYSTEMDUNITDIR); \ -+ done; \ -+ fi - - - # -@@ -143,6 +149,9 @@ uninstall: - -$(RMDIR) $(DATADIR)/data - -$(RMDIR) $(DATADIR)/banners - -$(RMDIR) $(DATADIR) -+ for file in $(SYSTEMD_UNITS); do \ -+ $(RM) $(SYSTEMDUNITDIR)/$$file; \ -+ done - - - # -diff -up cups-1.6b1/Makedefs.in.systemd-socket cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.systemd-socket 2012-05-28 11:16:35.648250647 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-28 11:16:35.660250563 +0200 -@@ -134,11 +134,13 @@ CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@ - CXXLIBS = @CXXLIBS@ - DBUS_NOTIFIER = @DBUS_NOTIFIER@ - DBUS_NOTIFIERLIBS = @DBUS_NOTIFIERLIBS@ -+SYSTEMD_UNITS = @SYSTEMD_UNITS@ - DNSSD_BACKEND = @DNSSD_BACKEND@ - DSOFLAGS = -L../cups @DSOFLAGS@ - DSOLIBS = @DSOLIBS@ $(COMMONLIBS) - DNSSDLIBS = @DNSSDLIBS@ - LAUNCHDLIBS = @LAUNCHDLIBS@ -+SDLIBS = @SDLIBS@ - LDFLAGS = -L../cgi-bin -L../cups -L../filter -L../ppdc \ - -L../scheduler @LDARCHFLAGS@ \ - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) -@@ -229,6 +231,7 @@ PAMFILE = @PAMFILE@ - - DEFAULT_LAUNCHD_CONF = @DEFAULT_LAUNCHD_CONF@ - DBUSDIR = @DBUSDIR@ -+SYSTEMDUNITDIR = $(BUILDROOT)@systemdsystemunitdir@ - - - # -diff -up cups-1.6b1/scheduler/client.h.systemd-socket cups-1.6b1/scheduler/client.h ---- cups-1.6b1/scheduler/client.h.systemd-socket 2012-03-22 21:30:20.000000000 +0100 -+++ cups-1.6b1/scheduler/client.h 2012-05-28 11:16:35.661250556 +0200 -@@ -77,6 +77,9 @@ typedef struct - int fd; /* File descriptor for this server */ - http_addr_t address; /* Bind address of socket */ - http_encryption_t encryption; /* To encrypt or not to encrypt... */ -+#ifdef HAVE_SYSTEMD -+ int is_systemd; /* Is this a systemd socket? */ -+#endif /* HAVE_SYSTEMD */ - } cupsd_listener_t; - - -diff -up cups-1.6b1/scheduler/listen.c.systemd-socket cups-1.6b1/scheduler/listen.c ---- cups-1.6b1/scheduler/listen.c.systemd-socket 2011-04-16 01:38:13.000000000 +0200 -+++ cups-1.6b1/scheduler/listen.c 2012-05-28 11:16:35.661250556 +0200 -@@ -401,7 +401,11 @@ cupsdStopListening(void) - lis; - lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) - { -- if (lis->fd != -1) -+ if (lis->fd != -1 -+#ifdef HAVE_SYSTEMD -+ && !lis->is_systemd -+#endif /* HAVE_SYSTEMD */ -+ ) - { - #ifdef WIN32 - closesocket(lis->fd); -diff -up cups-1.6b1/scheduler/main.c.systemd-socket cups-1.6b1/scheduler/main.c ---- cups-1.6b1/scheduler/main.c.systemd-socket 2012-05-28 11:16:35.612250897 +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-28 12:49:32.698375139 +0200 -@@ -26,6 +26,8 @@ - * launchd_checkin() - Check-in with launchd and collect the listening - * fds. - * launchd_checkout() - Update the launchd KeepAlive file as needed. -+ * systemd_checkin() - Check-in with systemd and collect the -+ * listening fds. - * parent_handler() - Catch USR1/CHLD signals... - * process_children() - Process all dead children... - * select_timeout() - Calculate the select timeout value. -@@ -62,6 +64,10 @@ - # endif /* !LAUNCH_JOBKEY_SERVICEIPC */ - #endif /* HAVE_LAUNCH_H */ - -+#ifdef HAVE_SYSTEMD -+#include <systemd/sd-daemon.h> -+#endif /* HAVE_SYSTEMD */ -+ - #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO) - # include <malloc.h> - #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */ -@@ -78,6 +84,9 @@ - static void launchd_checkin(void); - static void launchd_checkout(void); - #endif /* HAVE_LAUNCHD */ -+#ifdef HAVE_SYSTEMD -+static void systemd_checkin(void); -+#endif /* HAVE_SYSTEMD */ - static void parent_handler(int sig); - static void process_children(void); - static void sigchld_handler(int sig); -@@ -528,6 +537,13 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file descriptors... -+ */ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -738,6 +754,15 @@ main(int argc, /* I - Number of comm - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+ /* -+ * If we were started by systemd get the listen sockets file -+ * descriptors... -+ */ -+ -+ systemd_checkin(); -+#endif /* HAVE_SYSTEMD */ -+ - /* - * Startup the server... - */ -@@ -1516,6 +1541,102 @@ launchd_checkout(void) - } - #endif /* HAVE_LAUNCHD */ - -+#ifdef HAVE_SYSTEMD -+static void -+systemd_checkin(void) -+{ -+ int n, fd; -+ -+ n = sd_listen_fds(0); -+ if (n < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Failed to acquire sockets from systemd - %s", -+ strerror(-n)); -+ exit(EXIT_FAILURE); -+ return; -+ } -+ -+ if (n == 0) -+ return; -+ -+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) -+ { -+ http_addr_t addr; -+ socklen_t addrlen = sizeof (addr); -+ int r; -+ cupsd_listener_t *lis; -+ char s[256]; -+ -+ r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1); -+ if (r < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to verify socket type - %s", -+ strerror(-r)); -+ continue; -+ } -+ -+ if (!r) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Socket not of the right type"); -+ continue; -+ } -+ -+ if (getsockname(fd, (struct sockaddr*) &addr, &addrlen)) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to get local address - %s", -+ strerror(errno)); -+ continue; -+ } -+ -+ /* -+ * Try to match the systemd socket address to one of the listeners... -+ */ -+ -+ for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); -+ lis; -+ lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) -+ if (httpAddrEqual(&lis->address, &addr)) -+ break; -+ -+ if (lis) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Matched existing listener %s with fd %d...", -+ httpAddrString(&(lis->address), s, sizeof(s)), fd); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "systemd_checkin: Adding new listener %s with fd %d...", -+ httpAddrString(&addr, s, sizeof(s)), fd); -+ -+ if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "systemd_checkin: Unable to allocate listener - " -+ "%s.", strerror(errno)); -+ exit(EXIT_FAILURE); -+ } -+ -+ cupsArrayAdd(Listeners, lis); -+ -+ memcpy(&lis->address, &addr, sizeof(lis->address)); -+ } -+ -+ lis->fd = fd; -+ lis->is_systemd = 1; -+ -+# ifdef HAVE_SSL -+ if (_httpAddrPort(&(lis->address)) == 443) -+ lis->encryption = HTTP_ENCRYPT_ALWAYS; -+# endif /* HAVE_SSL */ -+ } -+} -+#endif /* HAVE_SYSTEMD */ - - /* - * 'parent_handler()' - Catch USR1/CHLD signals... -diff -up cups-1.6b1/scheduler/Makefile.systemd-socket cups-1.6b1/scheduler/Makefile ---- cups-1.6b1/scheduler/Makefile.systemd-socket 2012-05-21 19:40:22.000000000 +0200 -+++ cups-1.6b1/scheduler/Makefile 2012-05-28 11:16:35.663250542 +0200 -@@ -371,7 +371,7 @@ cupsd: $(CUPSDOBJS) $(LIBCUPSMIME) ../cu - $(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \ - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - $(LIBPAPER) $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBS) \ -- $(LIBGSSAPI) $(LIBWRAP) -+ $(LIBGSSAPI) $(LIBWRAP) $(SDLIBS) - - cupsd-static: $(CUPSDOBJS) libcupsmime.a ../cups/$(LIBCUPSSTATIC) - echo Linking $@... -@@ -379,7 +379,7 @@ cupsd-static: $(CUPSDOBJS) libcupsmime.a - $(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \ - ../cups/$(LIBCUPSSTATIC) $(COMMONLIBS) $(LIBZ) $(LIBPAPER) \ - $(LIBMALLOC) $(SERVERLIBS) $(DNSSDLIBS) $(LIBGSSAPI) \ -- $(LIBWRAP) -+ $(LIBWRAP) $(SDLIBS) - - tls.o: tls-darwin.c tls-gnutls.c tls-openssl.c - diff --git a/cups/patches/026_cups-lspp.patch b/cups/patches/026_cups-lspp.patch deleted file mode 100644 index d81ef06..0000000 --- a/cups/patches/026_cups-lspp.patch +++ /dev/null @@ -1,1999 +0,0 @@ -diff -up cups-1.6b1/config.h.in.lspp cups-1.6b1/config.h.in ---- cups-1.6b1/config.h.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/config.h.in 2012-05-25 17:03:16.889043298 +0200 -@@ -768,6 +768,13 @@ static __inline int _cups_abs(int i) { r - # endif /* __GNUC__ || __STDC_VERSION__ */ - #endif /* !HAVE_ABS && !abs */ - -+/* -+ * Are we trying to meet LSPP requirements? -+ */ -+ -+#undef WITH_LSPP -+ -+ - #endif /* !_CUPS_CONFIG_H_ */ - - /* -diff -up cups-1.6b1/config-scripts/cups-lspp.m4.lspp cups-1.6b1/config-scripts/cups-lspp.m4 ---- cups-1.6b1/config-scripts/cups-lspp.m4.lspp 2012-05-25 17:01:32.852768495 +0200 -+++ cups-1.6b1/config-scripts/cups-lspp.m4 2012-05-25 17:01:32.853768488 +0200 -@@ -0,0 +1,36 @@ -+dnl -+dnl LSPP code for the Common UNIX Printing System (CUPS). -+dnl -+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P. -+dnl -+dnl This program is free software; you can redistribute it and/or modify -+dnl it under the terms of the GNU General Public License as published by -+dnl the Free Software Foundation; version 2. -+dnl -+dnl This program is distributed in the hope that it will be useful, but -+dnl WITHOUT ANY WARRANTY; without even the implied warranty of -+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+dnl General Public License for more details. -+dnl -+dnl You should have received a copy of the GNU General Public License -+dnl along with this program; if not, write to the Free Software Foundation, -+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA -+dnl -+ -+dnl Are we trying to meet LSPP requirements -+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no]) -+ -+if test x"$enable_lspp" != xno; then -+ case "$uname" in -+ Linux) -+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)]) -+ AC_CHECK_HEADER(libaudit.h) -+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)]) -+ AC_CHECK_HEADER(selinux/selinux.h) -+ AC_DEFINE(WITH_LSPP) -+ ;; -+ *) -+ # All others -+ ;; -+ esac -+fi -diff -up cups-1.6b1/configure.in.lspp cups-1.6b1/configure.in ---- cups-1.6b1/configure.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/configure.in 2012-05-25 17:04:03.994714943 +0200 -@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4) - sinclude(config-scripts/cups-defaults.m4) - sinclude(config-scripts/cups-scripting.m4) - -+sinclude(config-scripts/cups-lspp.m4) -+ - INSTALL_LANGUAGES="" - UNINSTALL_LANGUAGES="" - LANGFILES="" -diff -up cups-1.6b1/filter/common.c.lspp cups-1.6b1/filter/common.c ---- cups-1.6b1/filter/common.c.lspp 2011-05-20 05:49:49.000000000 +0200 -+++ cups-1.6b1/filter/common.c 2012-05-25 17:01:32.854768481 +0200 -@@ -30,6 +30,12 @@ - * Include necessary headers... - */ - -+#include "config.h" -+#ifdef WITH_LSPP -+#define _GNU_SOURCE -+#include <string.h> -+#endif /* WITH_LSPP */ -+ - #include "common.h" - #include <locale.h> - -@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label, /* I - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label, /* I - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\') -+ putchar('\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label, /* I - printf(" %.0f moveto ESPpl show\n", top - 14.0); - puts("pop"); - puts("}bind put"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-1.6b1/filter/pstops.c.lspp cups-1.6b1/filter/pstops.c ---- cups-1.6b1/filter/pstops.c.lspp 2012-04-23 21:19:19.000000000 +0200 -+++ cups-1.6b1/filter/pstops.c 2012-05-25 17:01:32.855768474 +0200 -@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t *doc, /* - { - const char *classification; /* CLASSIFICATION environment variable */ - const char *ptr; /* Temporary string pointer */ -+#ifdef WITH_LSPP -+ int i, /* counter */ -+ n, /* counter */ -+ lines, /* number of lines needed */ -+ line_len, /* index into tmp_label */ -+ label_len, /* length of the label in characters */ -+ label_index, /* index into the label */ -+ longest, /* length of the longest line */ -+ longest_line, /* index to the longest line */ -+ max_width; /* maximum width in characters */ -+ char **wrapped_label; /* label with line breaks */ -+#endif /* WITH_LSPP */ - - - /* -@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t *doc, /* - return; - } - -+#ifdef WITH_LSPP -+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL) -+ { -+ /* -+ * Based on the 12pt fixed width font below determine the max_width -+ */ -+ max_width = width / 8; -+ longest_line = 0; -+ longest = 0; -+ classification += 5; // Skip the "LSPP:" -+ label_len = strlen(classification); -+ -+ if (label_len > max_width) -+ { -+ lines = 1 + (int)(label_len / max_width); -+ line_len = (int)(label_len / lines); -+ wrapped_label = malloc(sizeof(*wrapped_label) * lines); -+ label_index = i = n = 0; -+ while (classification[label_index]) -+ { -+ if ((label_index + line_len) > label_len) -+ break; -+ switch (classification[label_index + line_len + i]) -+ { -+ case ':': -+ case ',': -+ case '-': -+ i++; -+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i)); -+ label_index += line_len + i; -+ i = 0; -+ break; -+ default: -+ i++; -+ break; -+ } -+ if ((i + line_len) == max_width) -+ { -+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i)); -+ label_index = label_index + line_len + i; -+ i = 0; -+ } -+ } -+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index); -+ } -+ else -+ { -+ lines = 1; -+ wrapped_label = malloc(sizeof(*wrapped_label)); -+ wrapped_label[0] = (char*)classification; -+ } -+ -+ for (n = 0; n < lines; n++ ) -+ { -+ printf("userdict/ESPp%c(", ('a' + n)); -+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++) -+ if (*ptr < 32 || *ptr > 126) -+ printf("\%03o", *ptr); -+ else -+ { -+ if (*ptr == '(' || *ptr == ')' || *ptr == '\') -+ putchar('\'); -+ -+ printf("%c", *ptr); -+ } -+ if (i > longest) -+ { -+ longest = i; -+ longest_line = n; -+ } -+ printf(")put\n"); -+ } -+ -+ /* -+ * For LSPP use a fixed width font so that line wrapping can be calculated -+ */ -+ -+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put"); -+ -+ /* -+ * Finally, the procedure to write the labels on the page... -+ */ -+ -+ printf("userdict/ESPwl{\n" -+ " ESPlf setfont\n"); -+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ", -+ 'a' + longest_line, width * 0.5f); -+ for (n = 1; n < lines; n++) -+ printf(" dup"); -+ printf("\n 1 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ printf(" 0 setgray\n"); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines)); -+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n", -+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines)); -+ for (n = 0; n < lines; n ++) -+ { -+ printf(" dup %.0f moveto ESPp%c show\n", -+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n); -+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n); -+ } -+ printf(" pop\n" -+ "}bind put\n"); -+ -+ /* -+ * Do some clean up at the end of the LSPP special case -+ */ -+ free(wrapped_label); -+ -+ } -+ else -+ { -+#endif /* !WITH_LSPP */ -+ - /* - * Set the classification + page label string... - */ -@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t *doc, /* - doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0); - doc_puts(doc, "pop\n"); - doc_puts(doc, "}bind put\n"); -+ } -+#ifdef WITH_LSPP - } -+#endif /* WITH_LSPP */ - - - /* -diff -up cups-1.6b1/Makedefs.in.lspp cups-1.6b1/Makedefs.in ---- cups-1.6b1/Makedefs.in.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/Makedefs.in 2012-05-25 17:07:57.325088484 +0200 -@@ -146,7 +146,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f - @LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM) - LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ) - LINKCUPSIMAGE = @LINKCUPSIMAGE@ --LIBS = $(LINKCUPS) $(COMMONLIBS) -+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@ - OPTIM = @OPTIM@ - OPTIONS = - PAMLIBS = @PAMLIBS@ -diff -up cups-1.6b1/scheduler/client.c.lspp cups-1.6b1/scheduler/client.c ---- cups-1.6b1/scheduler/client.c.lspp 2012-05-08 00:41:30.000000000 +0200 -+++ cups-1.6b1/scheduler/client.c 2012-05-25 17:13:38.947707163 +0200 -@@ -41,6 +41,7 @@ - * valid_host() - Is the Host: field valid? - * write_file() - Send a file via HTTP. - * write_pipe() - Flag that data is available on the CGI pipe. -+ * client_pid_to_auid() - Get the audit login uid of the client. - */ - - /* -@@ -49,10 +50,16 @@ - - #include "cupsd.h" - -+#define _GNU_SOURCE - #ifdef HAVE_TCPD_H - # include <tcpd.h> - #endif /* HAVE_TCPD_H */ - -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <fcntl.h> -+#endif /* WITH_LSPP */ - - /* - * Local globals... -@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - #endif /* HAVE_TCPD_H */ - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ struct ucred cr; -+ unsigned int cl=sizeof(cr); -+ -+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) -+ { -+ /* -+ * client_pid_to_auid() can be racey -+ * In this case the pid is based on a socket connected to the client -+ */ -+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: " -+ "unable to determine client auid for client pid=%d", cr.pid); -+ free(con); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d", -+ cr.pid, cr.uid, cr.gid, con->auid); -+ } -+ else -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed"); -+ free(con); -+ return; -+ } -+ -+ /* -+ * get the context of the peer connection -+ */ -+ if (getpeercon(con->http.fd, &con->scon)) -+ { -+ close(con->http.fd); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed"); -+ free(con); -+ return; -+ } -+ -+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon); -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()"); -+ cupsdSetString(&con->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - #ifdef AF_LOCAL - if (con->http.hostaddr->addr.sa_family == AF_LOCAL) - cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)", -@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t *con) /* - mime_type_t *type; /* MIME type of file */ - cupsd_printer_t *p; /* Printer */ - static unsigned request_id = 0; /* Request ID for temp files */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job file */ -+ context_t clicon; /* contex_t container for con->scon */ -+ context_t tmpcon; /* temp context to swap the level */ -+ char *clirange; /* SELinux sensitivity range */ -+ char *cliclearance; /* SELinux low end clearance */ -+#endif /* WITH_LSPP */ - - - status = HTTP_CONTINUE; -@@ -2126,6 +2191,67 @@ cupsdReadClient(cupsd_client_t *con) /* - fchmod(con->file, 0640); - fchown(con->file, RunUser, Group); - fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); -+#ifdef WITH_LSPP -+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(con->filename, &spoolcon) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ return (cupsdCloseClient(con)); -+ } -+ clicon = context_new(con->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!clicon || !tmpcon) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ if (clicon) -+ context_free(clicon); -+ if (tmpcon) -+ context_free(tmpcon); -+ return (cupsdCloseClient(con)); -+ } -+ clirange = context_range_get(clicon); -+ if (clirange) -+ { -+ clirange = strdup(clirange); -+ if ((cliclearance = strtok(clirange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, cliclearance) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ free(clirange); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ } -+ free(clirange); -+ } -+ if (setfilecon(con->filename, context_str(tmpcon)) == -1) -+ { -+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE); -+ context_free(tmpcon); -+ context_free(clicon); -+ return (cupsdCloseClient(con)); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s", -+ con->filename, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(clicon); -+ } -+#endif /* WITH_LSPP */ - } - - if (con->http.state != HTTP_POST_SEND) -@@ -3581,6 +3707,49 @@ is_path_absolute(const char *path) /* I - return (1); - } - -+#ifdef WITH_LSPP -+/* -+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid. -+ */ -+ -+uid_t client_pid_to_auid(pid_t clipid) -+{ -+ uid_t uid; -+ int len, in; -+ char buf[16] = {0}; -+ char fname[32] = {0}; -+ -+ -+ /* -+ * Hopefully this pid is still the one we are interested in. -+ */ -+ snprintf(fname, 32, "/proc/%d/loginuid", clipid); -+ in = open(fname, O_NOFOLLOW|O_RDONLY); -+ -+ if (in < 0) -+ return -1; -+ -+ errno = 0; -+ -+ do { -+ len = read(in, buf, sizeof(buf)); -+ } while (len < 0 && errno == EINTR); -+ -+ close(in); -+ -+ if (len < 0 || len >= sizeof(buf)) -+ return -1; -+ -+ errno = 0; -+ buf[len] = 0; -+ uid = strtol(buf, 0, 10); -+ -+ if (errno != 0) -+ return -1; -+ else -+ return uid; -+} -+#endif /* WITH_LSPP */ - - /* - * 'pipe_command()' - Pipe the output of a command to the remote client. -diff -up cups-1.6b1/scheduler/client.h.lspp cups-1.6b1/scheduler/client.h ---- cups-1.6b1/scheduler/client.h.lspp 2012-05-25 17:01:32.847768530 +0200 -+++ cups-1.6b1/scheduler/client.h 2012-05-25 17:14:12.963470050 +0200 -@@ -18,6 +18,13 @@ - #endif /* HAVE_AUTHORIZATION_H */ - - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#endif /* WITH_LSPP */ -+ - /* - * HTTP client structure... - */ -@@ -63,6 +70,10 @@ struct cupsd_client_s - #ifdef HAVE_AUTHORIZATION_H - AuthorizationRef authref; /* Authorization ref */ - #endif /* HAVE_AUTHORIZATION_H */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of connection */ -+ uid_t auid; /* Audit loginuid of the client */ -+#endif /* WITH_LSPP */ - }; - - #define HTTP(con) &((con)->http) -@@ -135,6 +146,9 @@ extern void cupsdStartListening(void); - extern void cupsdStopListening(void); - extern void cupsdUpdateCGI(void); - extern void cupsdWriteClient(cupsd_client_t *con); -+#ifdef WITH_LSPP -+extern uid_t client_pid_to_auid(pid_t clipid); -+#endif /* WITH_LSPP */ - - #ifdef HAVE_SSL - extern int cupsdEndTLS(cupsd_client_t *con); -diff -up cups-1.6b1/scheduler/conf.c.lspp cups-1.6b1/scheduler/conf.c ---- cups-1.6b1/scheduler/conf.c.lspp 2012-05-25 17:01:32.778769011 +0200 -+++ cups-1.6b1/scheduler/conf.c 2012-05-25 17:01:32.860768439 +0200 -@@ -32,6 +32,7 @@ - * read_location() - Read a <Location path> definition. - * read_policy() - Read a <Policy name> definition. - * set_policy_defaults() - Set default policy values as needed. -+ * is_lspp_config() - Is the system configured for LSPP - */ - - /* -@@ -57,6 +58,9 @@ - # define INADDR_NONE 0xffffffff - #endif /* !INADDR_NONE */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+#endif /* WITH_LSPP */ - - /* - * Configuration variable structure... -@@ -164,6 +168,10 @@ static const cupsd_var_t variables[] = - # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS) - { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, - # endif /* HAVE_LIBSSL || HAVE_GNUTLS */ -+#ifdef WITH_LSPP -+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, -+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, -+#endif /* WITH_LSPP */ - #endif /* HAVE_SSL */ - { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, - { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, -@@ -537,6 +545,9 @@ cupsdReadConfiguration(void) - const char *tmpdir; /* TMPDIR environment variable */ - struct stat tmpinfo; /* Temporary directory info */ - cupsd_policy_t *p; /* Policy */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+#endif /* WITH_LSPP */ - - - /* -@@ -801,6 +812,25 @@ cupsdReadConfiguration(void) - - RunUser = getuid(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ /* -+ * ClassifyOverride is set during read_configuration, if its ON, report it now -+ */ -+ if (ClassifyOverride) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] ClassifyOverride=enabled Users can override print banners", -+ ServerName, NULL, NULL, 1); -+ /* -+ * PerPageLabel is set during read_configuration, if its OFF, report it now -+ */ -+ if (!PerPageLabels) -+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG, -+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1); -+ } -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", - RemotePort ? "enabled" : "disabled"); - -@@ -1185,7 +1215,19 @@ cupsdReadConfiguration(void) - cupsdClearString(&Classification); - - if (Classification) -+ { - cupsdLogMessage(CUPSD_LOG_INFO, "Security set to "%s"", Classification); -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ -+ } - - /* - * Check the MaxClients setting, and then allocate memory for it... -@@ -3423,6 +3465,18 @@ read_location(cups_file_t *fp, /* I - C - return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); - } - -+#ifdef WITH_LSPP -+int is_lspp_config() -+{ -+ if (Classification != NULL) -+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0) -+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0)); -+ else -+ return 0; -+} -+#endif /* WITH_LSPP */ -+ - - /* - * 'read_policy()' - Read a <Policy name> definition. -diff -up cups-1.6b1/scheduler/conf.h.lspp cups-1.6b1/scheduler/conf.h ---- cups-1.6b1/scheduler/conf.h.lspp 2012-05-25 17:01:32.000000000 +0200 -+++ cups-1.6b1/scheduler/conf.h 2012-05-25 17:16:20.522580884 +0200 -@@ -247,6 +247,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO - /* SSL/TLS options */ - #endif /* HAVE_SSL */ - -+#ifdef WITH_LSPP -+VAR int AuditLog VALUE(-1), -+ /* File descriptor for audit */ -+ PerPageLabels VALUE(TRUE); -+ /* Put the label on each page */ -+#endif /* WITH_LSPP */ -+ - #ifdef HAVE_LAUNCHD - VAR int LaunchdTimeout VALUE(10); - /* Time after which an idle cupsd will exit */ -@@ -265,6 +272,9 @@ int HaveServerCreds VALUE(0); - gss_cred_id_t ServerCreds; /* Server's GSS credentials */ - #endif /* HAVE_GSSAPI */ - -+#ifdef WITH_LSPP -+extern int is_lspp_config(void); -+#endif /* WITH_LSPP */ - - /* - * Prototypes... -diff -up cups-1.6b1/scheduler/cupsd.h.lspp cups-1.6b1/scheduler/cupsd.h ---- cups-1.6b1/scheduler/cupsd.h.lspp 2012-05-21 19:40:22.000000000 +0200 -+++ cups-1.6b1/scheduler/cupsd.h 2012-05-25 17:01:32.861768432 +0200 -@@ -13,6 +13,8 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ - - /* - * Include necessary headers. -@@ -37,13 +39,20 @@ - # include <unistd.h> - #endif /* WIN32 */ - -+#include "config.h" -+#ifdef WITH_LSPP -+# define MLS_CONFIG "mls" -+# define TE_CONFIG "te" -+# define SELINUX_CONFIG "SELinux" -+# define UNKNOWN_SL "UNKNOWN SL" -+#endif /* WITH_LSPP */ -+ - #include "mime.h" - - #if defined(HAVE_CDSASSL) - # include <CoreFoundation/CoreFoundation.h> - #endif /* HAVE_CDSASSL */ - -- - /* - * Some OS's don't have hstrerror(), most notably Solaris... - */ -diff -up cups-1.6b1/scheduler/ipp.c.lspp cups-1.6b1/scheduler/ipp.c ---- cups-1.6b1/scheduler/ipp.c.lspp 2012-05-25 17:01:32.810768787 +0200 -+++ cups-1.6b1/scheduler/ipp.c 2012-05-25 17:18:06.620841313 +0200 -@@ -35,6 +35,7 @@ - * cancel_all_jobs() - Cancel all or selected print jobs. - * cancel_job() - Cancel a print job. - * cancel_subscription() - Cancel a subscription. -+ * check_context() - Check the SELinux context for a user and job - * check_rss_recipient() - Check that we do not have a duplicate RSS - * feed URI. - * check_quotas() - Check quotas for a printer and user. -@@ -99,6 +100,9 @@ - * validate_user() - Validate the user for the request. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu - # endif /* HAVE_MEMBERSHIPPRIV_H */ - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include <libaudit.h> -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <selinux/avc.h> -+#include <selinux/flask.h> -+#include <selinux/av_permissions.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client - static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void cancel_subscription(cupsd_client_t *con, int id); - static int check_rss_recipient(const char *recipient); -+#ifdef WITH_LSPP -+static int check_context(cupsd_client_t *con, cupsd_job_t *job); -+#endif /* WITH_LSPP */ - static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); - static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); - static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, -@@ -1285,6 +1300,21 @@ add_job(cupsd_client_t *con, /* I - Cl - ipp_attribute_t *media_col, /* media-col attribute */ - *media_margin; /* media-*-margin attribute */ - ipp_t *unsup_col; /* media-col in unsupported response */ -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* device file pointed to by the printer */ -+ char *userheader = NULL; /* User supplied job-sheets[0] */ -+ char *userfooter = NULL; /* User supplied job-sheets[1] */ -+ int override = 0; /* Was a banner overrode on a job */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", -@@ -1542,6 +1572,106 @@ add_job(cupsd_client_t *con, /* I - Cl - ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, - "Untitled"); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection '%s'!", printer->name); -+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes.")); -+ return (NULL); -+ } -+ -+ /* -+ * Perform an access check so that if the user gets feedback at enqueue time -+ */ -+ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s", -+ printerfile); -+ -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")); -+ return (NULL); -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file")); -+ return (NULL); -+ } -+ static avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client")); -+ return (NULL); -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer")); -+ return (NULL); -+ } -+ printercon = context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s", -+ context_str(printercon), con->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer")); -+ freecon(devcon); -+ return (NULL); -+ } -+ freecon(devcon); -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused" -+ " unable to access printer=%s", con->auid, -+ con->username, con->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer")); -+ return (NULL); -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - if ((job = cupsdAddJob(priority, printer->name)) == NULL) - { - send_ipp_status(con, IPP_INTERNAL_ERROR, -@@ -1550,6 +1680,32 @@ add_job(cupsd_client_t *con, /* I - Cl - return (NULL); - } - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * duplicate the security context and auid of the connection into the job structure -+ */ -+ job->scon = strdup(con->scon); -+ job->auid = con->auid; -+ -+ /* -+ * add the security context to the request so that on a restart the security -+ * attributes will be able to be restored -+ */ -+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", -+ NULL, job->scon); -+ } -+ else -+ { -+ /* -+ * Fill in the security context of the job as unlabeled -+ */ -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL); -+ cupsdSetString(&job->scon, UNKNOWN_SL); -+ } -+#endif /* WITH_LSPP */ -+ - job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); - job->attrs = con->request; - job->dirty = 1; -@@ -1759,6 +1915,29 @@ add_job(cupsd_client_t *con, /* I - Cl - attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]); - attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ else -+ { -+ /* -+ * The option was present, so capture the user supplied strings -+ */ -+ userheader = strdup(attr->values[0].string.text); -+ -+ if (attr->num_values > 1) -+ userfooter = strdup(attr->values[1].string.text); -+ -+ if (Classification != NULL && (strcmp(userheader, Classification) == 0) -+ && userfooter &&(strcmp(userfooter, Classification) == 0)) -+ { -+ /* -+ * Since both values are Classification, the user is not trying to Override -+ */ -+ free(userheader); -+ if (userfooter) free(userfooter); -+ userheader = userfooter = NULL; -+ } -+ } -+#endif /* WITH_LSPP */ - - job->job_sheets = attr; - -@@ -1789,6 +1968,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets="%s,none", " - "job-originating-user-name="%s"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (attr->num_values == 2 && - strcmp(attr->values[0].string.text, -@@ -1807,6 +1989,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name="%s"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - else if (strcmp(attr->values[0].string.text, Classification) && - strcmp(attr->values[0].string.text, "none") && -@@ -1827,6 +2012,9 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-originating-user-name="%s"", - attr->values[0].string.text, - attr->values[1].string.text, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ - } - } - else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1867,8 +2055,52 @@ add_job(cupsd_client_t *con, /* I - Cl - "job-sheets="%s", " - "job-originating-user-name="%s"", - Classification, job->username); -+#ifdef WITH_LSPP -+ override = 1; -+#endif /* WITH_LSPP */ -+ } -+#ifdef WITH_LSPP -+ if (is_lspp_config() && AuditLog != -1) -+ { -+ audit_message = NULL; -+ -+ if (userheader || userfooter) -+ { -+ if (!override) -+ { -+ /* -+ * The user overrode the banner, so audit it -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " using banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 1); -+ } -+ else -+ { -+ /* -+ * The user tried to override the banner, audit the failure -+ */ -+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" -+ " ignored banners=%s,%s", job->id, userheader, -+ userfooter, attr->values[0].string.text, -+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)"); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, -+ ServerName, NULL, NULL, 0); -+ } -+ cupsdClearString(&audit_message); -+ } - } -+ -+ if (userheader) -+ free(userheader); -+ if (userfooter) -+ free(userfooter); -+#endif /* WITH_LSPP */ - } -+ - - /* - * See if we need to add the starting sheet... -@@ -3615,6 +3847,111 @@ check_rss_recipient( - } - - -+#ifdef WITH_LSPP -+/* -+ * 'check_context()' - Check SELinux security context of a user and job -+ */ -+ -+static int /* O - 1 if OK, 0 if not, -1 on error */ -+check_context(cupsd_client_t *con, /* I - Client connection */ -+ cupsd_job_t *job) /* I - Job */ -+{ -+ int enforcing; /* is SELinux in enforcing mode */ -+ char filename[1024]; /* Filename of the spool file */ -+ security_id_t clisid; /* SELinux SID of the client */ -+ security_id_t jobsid; /* SELinux SID of the job */ -+ security_id_t filesid; /* SELinux SID of the spool file */ -+ struct avc_entry_ref avcref; /* AVC entry cache pointer */ -+ security_class_t tclass; /* SELinux security class */ -+ access_vector_t avr; /* SELinux access being queried */ -+ security_context_t spoolfilecon; /* SELinux context of the spool file */ -+ -+ -+ /* -+ * Validate the input to be sure there are contexts to work with... -+ */ -+ -+ if (con->scon == NULL || job->scon == NULL -+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0 -+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ return -1; -+ -+ if ((enforcing = security_getenforce()) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement"); -+ return -1; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon); -+ -+ -+ /* -+ * Initialize the avc engine... -+ */ -+ -+ static avc_initialized = 0; -+ if (! avc_initialized++) -+ { -+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init"); -+ return -1; -+ } -+ } -+ if (avc_context_to_sid(con->scon, &clisid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon); -+ return -1; -+ } -+ if (avc_context_to_sid(job->scon, &jobsid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon); -+ return -1; -+ } -+ avc_entry_ref_init(&avcref); -+ tclass = SECCLASS_FILE; -+ avr = FILE__READ; -+ -+ /* -+ * Perform the check with the client as the subject, first with the job as the object -+ * if that fails then with the spool file as the object... -+ */ -+ -+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context"); -+ -+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); -+ if (getfilecon(filename, &spoolfilecon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context"); -+ return -1; -+ } -+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file"); -+ freecon(spoolfilecon); -+ return -1; -+ } -+ freecon(spoolfilecon); -+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file"); -+ return 0; -+ } -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file"); -+ return 1; -+ } -+ else -+ if (enforcing == 0) -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode"); -+ else -+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context"); -+ -+ return 1; -+} -+#endif /* WITH_LSPP */ -+ -+ - /* - * 'check_quotas()' - Check quotas for a printer and user. - */ -@@ -4067,6 +4404,15 @@ copy_banner(cupsd_client_t *con, /* I - - char attrname[255], /* Name of attribute */ - *s; /* Pointer into name */ - ipp_attribute_t *attr; /* Attribute */ -+#ifdef WITH_LSPP -+ const char *mls_label; /* SL of print job */ -+ char *jobrange; /* SELinux sensitivity range */ -+ char *jobclearance; /* SELinux low end clearance */ -+ context_t jobcon; /* SELinux context of the job */ -+ context_t tmpcon; /* Temp context to set the level */ -+ security_context_t spoolcon; /* Context of the file in the spool */ -+#endif /* WITH_LSPP */ -+ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -4102,6 +4448,82 @@ copy_banner(cupsd_client_t *con, /* I - - - fchmod(cupsFileNumber(out), 0640); - fchown(cupsFileNumber(out), RunUser, Group); -+#ifdef WITH_LSPP -+ if (job->scon != NULL && -+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the context of the banner file %s - %s", -+ filename, strerror(errno)); -+ job->num_files --; -+ return (0); -+ } -+ tmpcon = context_new(spoolcon); -+ jobcon = context_new(job->scon); -+ freecon(spoolcon); -+ if (!tmpcon || !jobcon) -+ { -+ if (tmpcon) -+ context_free(tmpcon); -+ if (jobcon) -+ context_free(jobcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to get the SELinux contexts"); -+ job->num_files --; -+ return (0); -+ } -+ jobrange = context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the level of the context for file %s - %s", -+ filename, strerror(errno)); -+ free(jobrange); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ } -+ free(jobrange); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "copy_banner: Unable to set the context of the banner file %s - %s", -+ filename, strerror(errno)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ job->num_files --; -+ return (0); -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", -+ filename, context_str(tmpcon)); -+ context_free(jobcon); -+ context_free(tmpcon); -+ } -+#endif /* WITH_LSPP */ - - /* - * Try the localized banner file under the subdirectory... -@@ -4196,6 +4618,24 @@ copy_banner(cupsd_client_t *con, /* I - - else - s = attrname; - -+#ifdef WITH_LSPP -+ if (strcmp(s, "mls-label") == 0) -+ { -+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ jobcon = context_new(job->scon); -+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else // default to using the whole context string -+ mls_label = context_str(jobcon); -+ cupsFilePuts(out, mls_label); -+ context_free(jobcon); -+ } -+ continue; -+ } -+#endif /* WITH_LSPP */ - if (!strcmp(s, "printer-name")) - { - cupsFilePuts(out, job->dest); -@@ -6273,6 +6713,22 @@ get_job_attrs(cupsd_client_t *con, /* I - - exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); - -+ -+#ifdef WITH_LSPP -+ /* -+ * Check SELinux... -+ */ -+ if (is_lspp_config() && check_context(con, job) != 1) -+ { -+ /* -+ * Unfortunately we have to lie to the user... -+ */ -+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid); -+ return; -+ } -+#endif /* WITH_LSPP */ -+ -+ - /* - * Copy attributes... - */ -@@ -6626,6 +7082,11 @@ get_jobs(cupsd_client_t *con, /* I - C - if (username[0] && _cups_strcasecmp(username, job->username)) - continue; - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ continue; -+#endif /* WITH_LSPP */ -+ - if (count > 0) - ippAddSeparator(con->response); - -@@ -11106,6 +11567,11 @@ validate_user(cupsd_job_t *job, /* I - - strlcpy(username, get_username(con), userlen); - -+#ifdef WITH_LSPP -+ if (is_lspp_config() && check_context(con, job) != 1) -+ return 0; -+#endif /* WITH_LSPP */ -+ - /* - * Check the username against the owner... - */ -diff -up cups-1.6b1/scheduler/job.c.lspp cups-1.6b1/scheduler/job.c ---- cups-1.6b1/scheduler/job.c.lspp 2012-05-25 17:01:32.824768691 +0200 -+++ cups-1.6b1/scheduler/job.c 2012-05-25 17:22:50.856860012 +0200 -@@ -68,6 +68,9 @@ - * update_job_attrs() - Update the job-printer-* attributes. - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -83,6 +86,14 @@ - # endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */ - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+#include <libaudit.h> -+#include <selinux/selinux.h> -+#include <selinux/context.h> -+#include <selinux/avc.h> -+#include <selinux/flask.h> -+#include <selinux/av_permissions.h> -+#endif /* WITH_LSPP */ - - /* - * Design Notes for Job Management -@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - /* PRINTER_STATE_REASONS env var */ - rip_max_cache[255]; - /* RIP_MAX_CACHE env variable */ -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ context_t jobcon; /* SELinux context of the job */ -+ char *label_template = NULL; /* SL to put in classification -+ env var */ -+ const char *mls_label = NULL; /* SL to put in classification -+ env var */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -1071,6 +1090,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - } - } - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) -+ { -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s", -+ job->id, job->auid, job->username, job->printer->name, title); -+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ } -+ else -+ { -+ jobcon = context_new(job->scon); -+ -+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL) -+ label_template = strdup(Classification); -+ else if (attr->num_values > 1 && -+ strcmp(attr->values[1].string.text, "none") != 0) -+ label_template = strdup(attr->values[1].string.text); -+ else -+ label_template = strdup(attr->values[0].string.text); -+ -+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0) -+ mls_label = context_range_get(jobcon); -+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0) -+ mls_label = context_type_get(jobcon); -+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0) -+ mls_label = context_str(jobcon); -+ else -+ mls_label = label_template; -+ -+ if (mls_label && (PerPageLabels || banner_page)) -+ { -+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label); -+ envp[envc ++] = classification; -+ } -+ -+ if ((AuditLog != -1) && !banner_page) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s" -+ " obj=%s label=%s", job->id, job->auid, job->username, -+ job->printer->name, title, job->scon, mls_label?mls_label:"none"); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 1); -+ cupsdClearString(&audit_message); -+ } -+ context_free(jobcon); -+ free(label_template); -+ } -+ } -+ else -+ /* -+ * Fall through to the non-LSPP behavior -+ */ -+#endif /* WITH_LSPP */ - if (Classification && !banner_page) - { - if ((attr = ippFindAttribute(job->attrs, "job-sheets", -@@ -1845,6 +1925,20 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J - ippSetString(job->attrs, &job->reasons, 0, "none"); - } - -+#ifdef WITH_LSPP -+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL) -+ cupsdSetString(&job->scon, attr->values[0].string.text); -+ else if (is_lspp_config()) -+ { -+ /* -+ * There was no security context so delete the job -+ */ -+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file "%s"!", -+ jobfile); -+ goto error; -+ } -+#endif /* WITH_LSPP */ -+ - job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", - IPP_TAG_INTEGER); - job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2235,6 +2329,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - { - char filename[1024]; /* Job control filename */ - cups_file_t *fp; /* Job file */ -+#ifdef WITH_LSPP -+ security_context_t spoolcon; /* context of the job control file */ -+ context_t jobcon; /* contex_t container for job->scon */ -+ context_t tmpcon; /* Temp context to swap the level */ -+ char *jobclearance; /* SELinux low end clearance */ -+ const char *jobrange; /* SELinux sensitivity range */ -+ char *jobrange_copy; /* SELinux sensitivity range */ -+#endif /* WITH_LSPP */ - - - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2247,6 +2349,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J - - fchown(cupsFileNumber(fp), RunUser, Group); - -+#ifdef WITH_LSPP -+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) -+ { -+ if (getfilecon(filename, &spoolcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to get context of job control file "%s" - %s.", -+ filename, strerror(errno)); -+ return; -+ } -+ jobcon = context_new(job->scon); -+ tmpcon = context_new(spoolcon); -+ freecon(spoolcon); -+ if (!jobcon || !tmpcon) -+ { -+ if (jobcon) -+ context_free(jobcon); -+ if (tmpcon) -+ context_free(tmpcon); -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); -+ return; -+ } -+ jobrange = context_range_get(jobcon); -+ if (jobrange) -+ { -+ jobrange_copy = strdup(jobrange); -+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL) -+ { -+ if (context_range_set(tmpcon, jobclearance) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file "%s" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ else -+ { -+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set the range for job control file "%s" - %s.", -+ filename, strerror(errno)); -+ free(jobrange_copy); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ } -+ free(jobrange_copy); -+ } -+ if (setfilecon(filename, context_str(tmpcon)) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "Unable to set context of job control file "%s" - %s.", -+ filename, strerror(errno)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ return; -+ } -+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s", -+ job, context_str(tmpcon)); -+ context_free(tmpcon); -+ context_free(jobcon); -+ } -+#endif /* WITH_LSPP */ -+ - job->attrs->state = IPP_IDLE; - - if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3735,6 +3907,18 @@ get_options(cupsd_job_t *job, /* I - Jo - banner_page) - continue; - -+#ifdef WITH_LSPP -+ /* -+ * In LSPP mode refuse to honor the page-label -+ */ -+ if (is_lspp_config() && -+ !strcmp(attr->name, "page-label")) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode"); -+ continue; -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Otherwise add them to the list... - */ -@@ -4457,6 +4641,19 @@ static void - start_job(cupsd_job_t *job, /* I - Job ID */ - cupsd_printer_t *printer) /* I - Printer to print job */ - { -+#ifdef WITH_LSPP -+ char *audit_message = NULL; /* Audit message string */ -+ char *printerfile = NULL; /* Device file pointed to by the printer */ -+ security_id_t clisid; /* SELinux SID for the client */ -+ security_id_t psid; /* SELinux SID for the printer */ -+ context_t printercon; /* Printer's context string */ -+ struct stat printerstat; /* Printer's stat buffer */ -+ security_context_t devcon; /* Printer's SELinux context */ -+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */ -+ security_class_t tclass; /* Object class for the SELinux check */ -+ access_vector_t avr; /* Access method being requested */ -+#endif /* WITH_LSPP */ -+ - cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))", - job, job->id, printer, printer->name); - -@@ -4599,6 +4796,108 @@ start_job(cupsd_job_t *job, /* I - - fcntl(job->side_pipes[1], F_SETFD, - fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); - -+#ifdef WITH_LSPP -+ if (is_lspp_config()) -+ { -+ /* -+ * Perform an access check before printing, but only if the printer starts with /dev/ -+ */ -+ printerfile = strstr(printer->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) -+ printerfile = printer->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ cupsdLogMessage(CUPSD_LOG_DEBUG, -+ "StartJob: Attempting to check access on printer device %s", printerfile); -+ if (lstat(printerfile, &printerstat) < 0) -+ { -+ if (errno != ENOENT) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ /* -+ * The printer does not exist, so for now assume it's a FileDevice -+ */ -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else if (S_ISCHR(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_CHR_FILE; -+ avr = CHR_FILE__WRITE; -+ } -+ else if (S_ISREG(printerstat.st_mode)) -+ { -+ tclass = SECCLASS_FILE; -+ avr = FILE__WRITE; -+ } -+ else -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Printer is not a character device or regular file"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ static avc_initialized = 0; -+ if (!avc_initialized++) -+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL); -+ avc_entry_ref_init(&avcref); -+ if (avc_context_to_sid(job->scon, &clisid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for the job"); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s", -+ printerfile); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ printercon = context_new(devcon); -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s", -+ context_str(printercon), job->scon); -+ context_free(printercon); -+ -+ if (avc_context_to_sid(devcon, &psid) != 0) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, -+ "StartJob: Unable to determine the SELinux sid for the printer"); -+ freecon(devcon); -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ return ; -+ } -+ freecon(devcon); -+ -+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) -+ { -+ /* -+ * The access check failed, so cancel the job and send an audit message -+ */ -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled" -+ " unable to access printer=%s", job->id, -+ job->auid, (job->username)?job->username:"?", job->scon, printer->name); -+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, -+ ServerName, NULL, NULL, 0); -+ cupsdClearString(&audit_message); -+ } -+ -+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL); -+ -+ return ; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Now start the first file in the job... - */ -diff -up cups-1.6b1/scheduler/job.h.lspp cups-1.6b1/scheduler/job.h ---- cups-1.6b1/scheduler/job.h.lspp 2012-05-23 03:36:50.000000000 +0200 -+++ cups-1.6b1/scheduler/job.h 2012-05-25 17:23:41.802504888 +0200 -@@ -13,6 +13,13 @@ - * file is missing or damaged, see the license at "http://www.cups.org/". - */ - -+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ -+#ifdef WITH_LSPP -+#include <selinux/selinux.h> -+#endif /* WITH_LSPP */ -+ - /* - * Constants... - */ -@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request * - int progress; /* Printing progress */ - int num_keywords; /* Number of PPD keywords */ - cups_option_t *keywords; /* PPD keywords */ -+#ifdef WITH_LSPP -+ security_context_t scon; /* Security context of job */ -+ uid_t auid; /* Audit loginuid for this job */ -+#endif /* WITH_LSPP */ - }; - - typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-1.6b1/scheduler/main.c.lspp cups-1.6b1/scheduler/main.c ---- cups-1.6b1/scheduler/main.c.lspp 2012-05-25 17:01:32.849768516 +0200 -+++ cups-1.6b1/scheduler/main.c 2012-05-25 17:01:32.868768383 +0200 -@@ -38,6 +38,8 @@ - * usage() - Show scheduler usage. - */ - -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -75,6 +77,9 @@ - # include <notify.h> - #endif /* HAVE_NOTIFY_H */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -138,6 +143,9 @@ main(int argc, /* I - Number of comm - #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) - struct sigaction action; /* Actions for POSIX signals */ - #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ -+#if WITH_LSPP -+ auditfail_t failmode; /* Action for audit_open failure */ -+#endif /* WITH_LSPP */ - #ifdef __sgi - cups_file_t *fp; /* Fake lpsched lock file */ - struct stat statbuf; /* Needed for checking lpsched FIFO */ -@@ -463,6 +471,25 @@ main(int argc, /* I - Number of comm - #endif /* DEBUG */ - } - -+#ifdef WITH_LSPP -+ if ((AuditLog = audit_open()) < 0 ) -+ { -+ if (get_auditfail_action(&failmode) == 0) -+ { -+ if (failmode == FAIL_LOG) -+ { -+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem."); -+ AuditLog = -1; -+ } -+ else if (failmode == FAIL_TERMINATE) -+ { -+ fprintf(stderr, "cupsd: unable to start auditing, terminating"); -+ return -1; -+ } -+ } -+ } -+#endif /* WITH_LSPP */ -+ - /* - * Set the timezone info... - */ -@@ -1180,6 +1207,11 @@ main(int argc, /* I - Number of comm - - cupsdStopSelect(); - -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ audit_close(AuditLog); -+#endif /* WITH_LSPP */ -+ - return (!stop_scheduler); - } - -diff -up cups-1.6b1/scheduler/printers.c.lspp cups-1.6b1/scheduler/printers.c ---- cups-1.6b1/scheduler/printers.c.lspp 2012-05-25 17:01:32.786768955 +0200 -+++ cups-1.6b1/scheduler/printers.c 2012-05-25 17:24:11.144300359 +0200 -@@ -56,6 +56,8 @@ - * write_xml_string() - Write a string with XML escaping. - */ - -+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ -+ - /* - * Include necessary headers... - */ -@@ -80,6 +82,10 @@ - # include <asl.h> - #endif /* __APPLE__ */ - -+#ifdef WITH_LSPP -+# include <libaudit.h> -+# include <selinux/context.h> -+#endif /* WITH_LSPP */ - - /* - * Local functions... -@@ -2101,6 +2107,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - "username", - "password" - }; -+#ifdef WITH_LSPP -+ char *audit_message; /* Audit message string */ -+ char *printerfile; /* Path to a local printer dev */ -+ char *rangestr; /* Printer's range if its available */ -+ security_context_t devcon; /* Printer SELinux context */ -+ context_t printercon; /* context_t for the printer */ -+#endif /* WITH_LSPP */ - - - DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, -@@ -2234,6 +2247,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) - attr->values[1].string.text = _cupsStrAlloc(Classification ? - Classification : p->job_sheets[1]); - } -+#ifdef WITH_LSPP -+ if (AuditLog != -1) -+ { -+ audit_message = NULL; -+ rangestr = NULL; -+ printercon = 0; -+ printerfile = strstr(p->device_uri, "/dev/"); -+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0)) -+ printerfile = p->device_uri + strlen("file:"); -+ -+ if (printerfile != NULL) -+ { -+ if (getfilecon(printerfile, &devcon) == -1) -+ { -+ if(is_selinux_enabled()) -+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context"); -+ } -+ else -+ { -+ printercon = context_new(devcon); -+ freecon(devcon); -+ } -+ } -+ -+ if (printercon && context_range_get(printercon)) -+ rangestr = strdup(context_range_get(printercon)); -+ else -+ rangestr = strdup("unknown"); -+ -+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s", -+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr); -+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message, -+ ServerName, NULL, NULL, 1); -+ if (printercon) -+ context_free(printercon); -+ free(rangestr); -+ cupsdClearString(&audit_message); -+ } -+#endif /* WITH_LSPP */ - } - - p->raw = 0; -@@ -5320,7 +5372,6 @@ write_irix_state(cupsd_printer_t *p) /* - } - #endif /* __sgi */ - -- - /* - * 'write_xml_string()' - Write a string with XML escaping. - */
hooks/post-receive -- IPFire 3.x development tree