diff --git a/cups-lspp.patch b/cups-lspp.patch index dbab270..a9b6add 100644 --- a/cups-lspp.patch +++ b/cups-lspp.patch @@ -1,7 +1,7 @@ -diff -up cups-1.5.2/config.h.in.lspp cups-1.5.2/config.h.in ---- cups-1.5.2/config.h.in.lspp 2012-02-15 13:02:38.423776301 +0000 -+++ cups-1.5.2/config.h.in 2012-02-15 13:02:38.438776307 +0000 -@@ -754,6 +754,12 @@ +diff -up cups-1.5.4/config.h.in.lspp cups-1.5.4/config.h.in +--- cups-1.5.4/config.h.in.lspp 2012-11-27 13:27:45.851112089 +0000 ++++ cups-1.5.4/config.h.in 2012-11-27 13:27:45.901112305 +0000 +@@ -761,6 +761,12 @@ #undef HAVE_XPC @@ -14,9 +14,9 @@ diff -up cups-1.5.2/config.h.in.lspp cups-1.5.2/config.h.in #endif /* !_CUPS_CONFIG_H_ */ -diff -up cups-1.5.2/config-scripts/cups-lspp.m4.lspp cups-1.5.2/config-scripts/cups-lspp.m4 ---- cups-1.5.2/config-scripts/cups-lspp.m4.lspp 2012-02-15 13:02:38.438776307 +0000 -+++ cups-1.5.2/config-scripts/cups-lspp.m4 2012-02-15 13:02:38.438776307 +0000 +diff -up cups-1.5.4/config-scripts/cups-lspp.m4.lspp cups-1.5.4/config-scripts/cups-lspp.m4 +--- cups-1.5.4/config-scripts/cups-lspp.m4.lspp 2012-11-27 13:27:45.902112309 +0000 ++++ cups-1.5.4/config-scripts/cups-lspp.m4 2012-11-27 13:27:45.902112309 +0000 @@ -0,0 +1,36 @@ +dnl +dnl LSPP code for the Common UNIX Printing System (CUPS). @@ -54,9 +54,9 @@ diff -up cups-1.5.2/config-scripts/cups-lspp.m4.lspp cups-1.5.2/config-scripts/c + ;; + esac +fi -diff -up cups-1.5.2/configure.in.lspp cups-1.5.2/configure.in ---- cups-1.5.2/configure.in.lspp 2012-02-15 13:02:38.424776301 +0000 -+++ cups-1.5.2/configure.in 2012-02-15 13:02:38.439776308 +0000 +diff -up cups-1.5.4/configure.in.lspp cups-1.5.4/configure.in +--- cups-1.5.4/configure.in.lspp 2012-11-27 13:27:45.892112265 +0000 ++++ cups-1.5.4/configure.in 2012-11-27 13:27:45.902112309 +0000 @@ -42,6 +42,8 @@ sinclude(config-scripts/cups-defaults.m4 sinclude(config-scripts/cups-pdf.m4) sinclude(config-scripts/cups-scripting.m4) @@ -66,9 +66,9 @@ diff -up cups-1.5.2/configure.in.lspp cups-1.5.2/configure.in INSTALL_LANGUAGES="" UNINSTALL_LANGUAGES="" LANGFILES="" -diff -up cups-1.5.2/filter/common.c.lspp cups-1.5.2/filter/common.c ---- cups-1.5.2/filter/common.c.lspp 2011-05-20 04:49:49.000000000 +0100 -+++ cups-1.5.2/filter/common.c 2012-02-15 13:02:38.441776309 +0000 +diff -up cups-1.5.4/filter/common.c.lspp cups-1.5.4/filter/common.c +--- cups-1.5.4/filter/common.c.lspp 2011-05-20 04:49:49.000000000 +0100 ++++ cups-1.5.4/filter/common.c 2012-11-27 13:27:45.903112313 +0000 @@ -30,6 +30,12 @@ * Include necessary headers... */ @@ -237,9 +237,9 @@ diff -up cups-1.5.2/filter/common.c.lspp cups-1.5.2/filter/common.c /* -diff -up cups-1.5.2/filter/pstops.c.lspp cups-1.5.2/filter/pstops.c ---- cups-1.5.2/filter/pstops.c.lspp 2011-09-02 19:14:34.000000000 +0100 -+++ cups-1.5.2/filter/pstops.c 2012-02-15 13:02:38.441776310 +0000 +diff -up cups-1.5.4/filter/pstops.c.lspp cups-1.5.4/filter/pstops.c +--- cups-1.5.4/filter/pstops.c.lspp 2011-09-02 19:14:34.000000000 +0100 ++++ cups-1.5.4/filter/pstops.c 2012-11-27 13:27:45.905112321 +0000 @@ -3259,6 +3259,18 @@ write_label_prolog(pstops_doc_t *doc, /* { const char *classification; /* CLASSIFICATION environment variable */ @@ -395,10 +395,10 @@ diff -up cups-1.5.2/filter/pstops.c.lspp cups-1.5.2/filter/pstops.c /* -diff -up cups-1.5.2/Makedefs.in.lspp cups-1.5.2/Makedefs.in ---- cups-1.5.2/Makedefs.in.lspp 2012-02-15 13:02:38.429776302 +0000 -+++ cups-1.5.2/Makedefs.in 2012-02-15 13:02:38.442776310 +0000 -@@ -159,7 +159,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f +diff -up cups-1.5.4/Makedefs.in.lspp cups-1.5.4/Makedefs.in +--- cups-1.5.4/Makedefs.in.lspp 2012-11-27 13:27:45.853112098 +0000 ++++ cups-1.5.4/Makedefs.in 2012-11-27 13:27:45.906112326 +0000 +@@ -160,7 +160,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f LEGACY_BACKENDS = @LEGACY_BACKENDS@ LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ) LINKCUPSIMAGE = @LINKCUPSIMAGE@ @@ -407,9 +407,9 @@ diff -up cups-1.5.2/Makedefs.in.lspp cups-1.5.2/Makedefs.in OPTIM = @OPTIM@ OPTIONS = PAMLIBS = @PAMLIBS@ -diff -up cups-1.5.2/scheduler/client.c.lspp cups-1.5.2/scheduler/client.c ---- cups-1.5.2/scheduler/client.c.lspp 2012-02-15 13:02:38.394776287 +0000 -+++ cups-1.5.2/scheduler/client.c 2012-02-15 13:02:38.444776310 +0000 +diff -up cups-1.5.4/scheduler/client.c.lspp cups-1.5.4/scheduler/client.c +--- cups-1.5.4/scheduler/client.c.lspp 2012-11-27 13:27:45.895112279 +0000 ++++ cups-1.5.4/scheduler/client.c 2012-11-27 13:27:45.909112339 +0000 @@ -45,6 +45,7 @@ * valid_host() - Is the Host: field valid? * write_file() - Send a file via HTTP. @@ -508,7 +508,7 @@ diff -up cups-1.5.2/scheduler/client.c.lspp cups-1.5.2/scheduler/client.c status = HTTP_CONTINUE; -@@ -2140,6 +2206,67 @@ cupsdReadClient(cupsd_client_t *con) /* +@@ -2137,6 +2203,67 @@ cupsdReadClient(cupsd_client_t *con) /* fchmod(con->file, 0640); fchown(con->file, RunUser, Group); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); @@ -576,7 +576,7 @@ diff -up cups-1.5.2/scheduler/client.c.lspp cups-1.5.2/scheduler/client.c } if (con->http.state != HTTP_POST_SEND) -@@ -4550,6 +4677,50 @@ make_certificate(cupsd_client_t *con) /* +@@ -4551,6 +4678,50 @@ make_certificate(cupsd_client_t *con) /* #endif /* HAVE_SSL */ @@ -627,9 +627,9 @@ diff -up cups-1.5.2/scheduler/client.c.lspp cups-1.5.2/scheduler/client.c /* * 'pipe_command()' - Pipe the output of a command to the remote client. */ -diff -up cups-1.5.2/scheduler/client.h.lspp cups-1.5.2/scheduler/client.h ---- cups-1.5.2/scheduler/client.h.lspp 2012-02-15 13:02:38.430776303 +0000 -+++ cups-1.5.2/scheduler/client.h 2012-02-15 13:02:38.446776310 +0000 +diff -up cups-1.5.4/scheduler/client.h.lspp cups-1.5.4/scheduler/client.h +--- cups-1.5.4/scheduler/client.h.lspp 2012-11-27 13:27:45.853112098 +0000 ++++ cups-1.5.4/scheduler/client.h 2012-11-27 13:27:45.910112343 +0000 @@ -18,6 +18,13 @@ #endif /* HAVE_AUTHORIZATION_H */ @@ -665,10 +665,10 @@ diff -up cups-1.5.2/scheduler/client.h.lspp cups-1.5.2/scheduler/client.h /* -diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c ---- cups-1.5.2/scheduler/conf.c.lspp 2012-02-15 13:02:38.397776287 +0000 -+++ cups-1.5.2/scheduler/conf.c 2012-02-15 13:02:38.448776311 +0000 -@@ -31,6 +31,7 @@ +diff -up cups-1.5.4/scheduler/conf.c.lspp cups-1.5.4/scheduler/conf.c +--- cups-1.5.4/scheduler/conf.c.lspp 2012-11-27 13:27:45.896112283 +0000 ++++ cups-1.5.4/scheduler/conf.c 2012-11-27 13:28:56.788369589 +0000 +@@ -32,6 +32,7 @@ * read_location() - Read a definition. * read_policy() - Read a definition. * set_policy_defaults() - Set default policy values as needed. @@ -676,7 +676,7 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c */ /* -@@ -56,6 +57,9 @@ +@@ -57,6 +58,9 @@ # define INADDR_NONE 0xffffffff #endif /* !INADDR_NONE */ @@ -686,18 +686,18 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c /* * Configuration variable structure... -@@ -173,6 +177,10 @@ static const cupsd_var_t variables[] = - # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS) - { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, - # endif /* HAVE_LIBSSL || HAVE_GNUTLS */ +@@ -157,6 +161,10 @@ static const cupsd_var_t cupsd_vars[] = + { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, + { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER }, + { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }, +#ifdef WITH_LSPP + { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER }, + { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN }, +#endif /* WITH_LSPP */ - #endif /* HAVE_SSL */ - { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, - { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, -@@ -434,6 +442,9 @@ cupsdReadConfiguration(void) + { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } + }; + static const cupsd_var_t cupsfiles_vars[] = +@@ -440,6 +448,9 @@ cupsdReadConfiguration(void) const char *tmpdir; /* TMPDIR environment variable */ struct stat tmpinfo; /* Temporary directory info */ cupsd_policy_t *p; /* Policy */ @@ -707,7 +707,7 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c /* -@@ -726,6 +737,25 @@ cupsdReadConfiguration(void) +@@ -758,6 +769,25 @@ cupsdReadConfiguration(void) RunUser = getuid(); @@ -733,7 +733,7 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", RemotePort ? "enabled" : "disabled"); -@@ -1116,7 +1146,19 @@ cupsdReadConfiguration(void) +@@ -1148,7 +1178,19 @@ cupsdReadConfiguration(void) cupsdClearString(&Classification); if (Classification) @@ -753,7 +753,7 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c /* * Check the MaxClients setting, and then allocate memory for it... -@@ -3781,6 +3823,18 @@ read_location(cups_file_t *fp, /* I - C +@@ -4024,6 +4066,18 @@ read_location(cups_file_t *fp, /* I - C return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum); } @@ -772,10 +772,10 @@ diff -up cups-1.5.2/scheduler/conf.c.lspp cups-1.5.2/scheduler/conf.c /* * 'read_policy()' - Read a definition. -diff -up cups-1.5.2/scheduler/conf.h.lspp cups-1.5.2/scheduler/conf.h ---- cups-1.5.2/scheduler/conf.h.lspp 2012-02-15 13:02:38.320776250 +0000 -+++ cups-1.5.2/scheduler/conf.h 2012-02-15 13:02:38.450776313 +0000 -@@ -250,6 +250,12 @@ VAR char *ServerKey VALUE(NULL); +diff -up cups-1.5.4/scheduler/conf.h.lspp cups-1.5.4/scheduler/conf.h +--- cups-1.5.4/scheduler/conf.h.lspp 2012-11-27 13:27:45.896112283 +0000 ++++ cups-1.5.4/scheduler/conf.h 2012-11-27 13:27:45.912112351 +0000 +@@ -252,6 +252,12 @@ VAR char *ServerKey VALUE(NULL); VAR int SSLOptions VALUE(CUPSD_SSL_NONE); /* SSL/TLS options */ #endif /* HAVE_SSL */ @@ -788,7 +788,7 @@ diff -up cups-1.5.2/scheduler/conf.h.lspp cups-1.5.2/scheduler/conf.h #ifdef HAVE_LAUNCHD VAR int LaunchdTimeout VALUE(DEFAULT_KEEPALIVE); -@@ -261,6 +267,9 @@ VAR char *SystemGroupAuthKey VALUE(NULL +@@ -263,6 +269,9 @@ VAR char *SystemGroupAuthKey VALUE(NULL /* System group auth key */ #endif /* HAVE_AUTHORIZATION_H */ @@ -798,9 +798,9 @@ diff -up cups-1.5.2/scheduler/conf.h.lspp cups-1.5.2/scheduler/conf.h /* * Prototypes... -diff -up cups-1.5.2/scheduler/cupsd.h.lspp cups-1.5.2/scheduler/cupsd.h ---- cups-1.5.2/scheduler/cupsd.h.lspp 2012-02-15 13:02:38.383776281 +0000 -+++ cups-1.5.2/scheduler/cupsd.h 2012-02-15 13:02:38.450776313 +0000 +diff -up cups-1.5.4/scheduler/cupsd.h.lspp cups-1.5.4/scheduler/cupsd.h +--- cups-1.5.4/scheduler/cupsd.h.lspp 2012-11-27 13:27:45.815111935 +0000 ++++ cups-1.5.4/scheduler/cupsd.h 2012-11-27 13:27:45.912112351 +0000 @@ -13,6 +13,8 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -832,9 +832,9 @@ diff -up cups-1.5.2/scheduler/cupsd.h.lspp cups-1.5.2/scheduler/cupsd.h /* * Some OS's don't have hstrerror(), most notably Solaris... */ -diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c ---- cups-1.5.2/scheduler/ipp.c.lspp 2012-02-15 13:02:38.417776295 +0000 -+++ cups-1.5.2/scheduler/ipp.c 2012-02-15 13:02:38.454776315 +0000 +diff -up cups-1.5.4/scheduler/ipp.c.lspp cups-1.5.4/scheduler/ipp.c +--- cups-1.5.4/scheduler/ipp.c.lspp 2012-11-27 13:27:45.865112149 +0000 ++++ cups-1.5.4/scheduler/ipp.c 2012-11-27 13:27:45.915112365 +0000 @@ -41,6 +41,7 @@ * cancel_all_jobs() - Cancel all or selected print jobs. * cancel_job() - Cancel a print job. @@ -1153,7 +1153,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c /* * See if we need to add the starting sheet... -@@ -4709,6 +4941,111 @@ check_rss_recipient( +@@ -4708,6 +4940,111 @@ check_rss_recipient( } @@ -1265,7 +1265,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c /* * 'check_quotas()' - Check quotas for a printer and user. */ -@@ -5349,6 +5686,15 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -5348,6 +5685,15 @@ copy_banner(cupsd_client_t *con, /* I - char attrname[255], /* Name of attribute */ *s; /* Pointer into name */ ipp_attribute_t *attr; /* Attribute */ @@ -1281,7 +1281,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -5384,6 +5730,82 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -5383,6 +5729,82 @@ copy_banner(cupsd_client_t *con, /* I - fchmod(cupsFileNumber(out), 0640); fchown(cupsFileNumber(out), RunUser, Group); @@ -1364,7 +1364,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c /* * Try the localized banner file under the subdirectory... -@@ -5478,6 +5900,24 @@ copy_banner(cupsd_client_t *con, /* I - +@@ -5477,6 +5899,24 @@ copy_banner(cupsd_client_t *con, /* I - else s = attrname; @@ -1389,7 +1389,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c if (!strcmp(s, "printer-name")) { cupsFilePuts(out, job->dest); -@@ -7475,6 +7915,22 @@ get_job_attrs(cupsd_client_t *con, /* I +@@ -7474,6 +7914,22 @@ get_job_attrs(cupsd_client_t *con, /* I exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); @@ -1412,7 +1412,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c /* * Copy attributes... */ -@@ -7828,6 +8284,11 @@ get_jobs(cupsd_client_t *con, /* I - C +@@ -7827,6 +8283,11 @@ get_jobs(cupsd_client_t *con, /* I - C if (username[0] && _cups_strcasecmp(username, job->username)) continue; @@ -1424,7 +1424,7 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c if (count > 0) ippAddSeparator(con->response); -@@ -12287,6 +12748,11 @@ validate_user(cupsd_job_t *job, /* I +@@ -12380,6 +12841,11 @@ validate_user(cupsd_job_t *job, /* I strlcpy(username, get_username(con), userlen); @@ -1436,9 +1436,9 @@ diff -up cups-1.5.2/scheduler/ipp.c.lspp cups-1.5.2/scheduler/ipp.c /* * Check the username against the owner... */ -diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c ---- cups-1.5.2/scheduler/job.c.lspp 2012-02-15 13:02:38.362776272 +0000 -+++ cups-1.5.2/scheduler/job.c 2012-02-15 13:02:38.457776315 +0000 +diff -up cups-1.5.4/scheduler/job.c.lspp cups-1.5.4/scheduler/job.c +--- cups-1.5.4/scheduler/job.c.lspp 2012-11-27 13:27:45.784111801 +0000 ++++ cups-1.5.4/scheduler/job.c 2012-11-27 13:27:45.916112369 +0000 @@ -64,6 +64,9 @@ * update_job_attrs() - Update the job-printer-* attributes. */ @@ -1568,7 +1568,7 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER); job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME); -@@ -2116,6 +2210,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2136,6 +2230,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J char filename[1024], /* Job control filename */ newfile[1024]; /* New job control filename */ cups_file_t *fp; /* Job file */ @@ -1583,7 +1583,7 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -2135,6 +2237,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J +@@ -2155,6 +2257,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J fchmod(cupsFileNumber(fp), 0600); fchown(cupsFileNumber(fp), RunUser, Group); @@ -1660,7 +1660,7 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c job->attrs->state = IPP_IDLE; if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -3525,6 +3697,18 @@ get_options(cupsd_job_t *job, /* I - Jo +@@ -3550,6 +3722,18 @@ get_options(cupsd_job_t *job, /* I - Jo banner_page) continue; @@ -1679,7 +1679,7 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c /* * Otherwise add them to the list... */ -@@ -4159,6 +4343,19 @@ static void +@@ -4184,6 +4368,19 @@ static void start_job(cupsd_job_t *job, /* I - Job ID */ cupsd_printer_t *printer) /* I - Printer to print job */ { @@ -1699,7 +1699,7 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))", job, job->id, printer, printer->name); -@@ -4288,6 +4485,108 @@ start_job(cupsd_job_t *job, /* I - +@@ -4317,6 +4514,108 @@ start_job(cupsd_job_t *job, /* I - fcntl(job->side_pipes[1], F_SETFD, fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC); @@ -1808,9 +1808,9 @@ diff -up cups-1.5.2/scheduler/job.c.lspp cups-1.5.2/scheduler/job.c /* * Now start the first file in the job... */ -diff -up cups-1.5.2/scheduler/job.h.lspp cups-1.5.2/scheduler/job.h ---- cups-1.5.2/scheduler/job.h.lspp 2011-05-18 03:27:11.000000000 +0100 -+++ cups-1.5.2/scheduler/job.h 2012-02-15 13:02:38.459776316 +0000 +diff -up cups-1.5.4/scheduler/job.h.lspp cups-1.5.4/scheduler/job.h +--- cups-1.5.4/scheduler/job.h.lspp 2011-05-18 03:27:11.000000000 +0100 ++++ cups-1.5.4/scheduler/job.h 2012-11-27 13:27:45.917112373 +0000 @@ -13,6 +13,13 @@ * file is missing or damaged, see the license at "http://www.cups.org/". */ @@ -1836,9 +1836,9 @@ diff -up cups-1.5.2/scheduler/job.h.lspp cups-1.5.2/scheduler/job.h }; typedef struct cupsd_joblog_s /**** Job log message ****/ -diff -up cups-1.5.2/scheduler/main.c.lspp cups-1.5.2/scheduler/main.c ---- cups-1.5.2/scheduler/main.c.lspp 2012-02-15 13:02:38.436776304 +0000 -+++ cups-1.5.2/scheduler/main.c 2012-02-15 13:02:38.461776318 +0000 +diff -up cups-1.5.4/scheduler/main.c.lspp cups-1.5.4/scheduler/main.c +--- cups-1.5.4/scheduler/main.c.lspp 2012-11-27 13:27:45.897112287 +0000 ++++ cups-1.5.4/scheduler/main.c 2012-11-27 13:27:45.917112373 +0000 @@ -38,6 +38,8 @@ * usage() - Show scheduler usage. */ @@ -1868,7 +1868,7 @@ diff -up cups-1.5.2/scheduler/main.c.lspp cups-1.5.2/scheduler/main.c #ifdef __sgi cups_file_t *fp; /* Fake lpsched lock file */ struct stat statbuf; /* Needed for checking lpsched FIFO */ -@@ -472,6 +480,25 @@ main(int argc, /* I - Number of comm +@@ -523,6 +531,25 @@ main(int argc, /* I - Number of comm #endif /* DEBUG */ } @@ -1894,7 +1894,7 @@ diff -up cups-1.5.2/scheduler/main.c.lspp cups-1.5.2/scheduler/main.c /* * Set the timezone info... */ -@@ -1246,6 +1273,11 @@ main(int argc, /* I - Number of comm +@@ -1297,6 +1324,11 @@ main(int argc, /* I - Number of comm cupsdStopSelect(); @@ -1906,9 +1906,9 @@ diff -up cups-1.5.2/scheduler/main.c.lspp cups-1.5.2/scheduler/main.c return (!stop_scheduler); } -diff -up cups-1.5.2/scheduler/printers.c.lspp cups-1.5.2/scheduler/printers.c ---- cups-1.5.2/scheduler/printers.c.lspp 2012-02-15 13:02:38.420776300 +0000 -+++ cups-1.5.2/scheduler/printers.c 2012-02-15 13:02:38.463776320 +0000 +diff -up cups-1.5.4/scheduler/printers.c.lspp cups-1.5.4/scheduler/printers.c +--- cups-1.5.4/scheduler/printers.c.lspp 2012-11-27 13:27:45.846112069 +0000 ++++ cups-1.5.4/scheduler/printers.c 2012-11-27 13:27:45.918112378 +0000 @@ -56,6 +56,8 @@ * write_xml_string() - Write a string with XML escaping. */ @@ -1930,7 +1930,7 @@ diff -up cups-1.5.2/scheduler/printers.c.lspp cups-1.5.2/scheduler/printers.c /* * Local functions... */ -@@ -2199,6 +2206,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2231,6 +2238,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) "username", "password" }; @@ -1944,7 +1944,7 @@ diff -up cups-1.5.2/scheduler/printers.c.lspp cups-1.5.2/scheduler/printers.c DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name, -@@ -2336,6 +2350,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) +@@ -2368,6 +2382,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p) attr->values[1].string.text = _cupsStrAlloc(Classification ? Classification : p->job_sheets[1]); } @@ -1990,7 +1990,7 @@ diff -up cups-1.5.2/scheduler/printers.c.lspp cups-1.5.2/scheduler/printers.c } p->raw = 0; -@@ -5546,7 +5599,6 @@ write_irix_state(cupsd_printer_t *p) /* +@@ -5578,7 +5631,6 @@ write_irix_state(cupsd_printer_t *p) /* } #endif /* __sgi */ diff --git a/cups-str4223.patch b/cups-str4223.patch new file mode 100644 index 0000000..ae4804d --- /dev/null +++ b/cups-str4223.patch @@ -0,0 +1,2615 @@ +diff -up cups-1.5.4/conf/cupsd.conf.in.str4223 cups-1.5.4/conf/cupsd.conf.in +--- cups-1.5.4/conf/cupsd.conf.in.str4223 2010-12-09 21:24:51.000000000 +0000 ++++ cups-1.5.4/conf/cupsd.conf.in 2012-11-27 13:36:54.512147828 +0000 +@@ -9,10 +9,6 @@ + # for troubleshooting... + LogLevel @CUPS_LOG_LEVEL@ + +-# Administrator user group... +-SystemGroup @CUPS_SYSTEM_GROUPS@ +-@CUPS_SYSTEM_AUTHKEY@ +- + # Only listen for connections from the local machine. + Listen localhost:@DEFAULT_IPP_PORT@ + @CUPS_LISTEN_DOMAINSOCKET@ +diff -up cups-1.5.4/conf/cups-files.conf.in.str4223 cups-1.5.4/conf/cups-files.conf.in +--- cups-1.5.4/conf/cups-files.conf.in.str4223 2012-11-27 13:36:54.512147828 +0000 ++++ cups-1.5.4/conf/cups-files.conf.in 2012-11-27 13:36:54.512147828 +0000 +@@ -0,0 +1,98 @@ ++# ++# "$Id$" ++# ++# Sample file/directory/user/group configuration file for the CUPS scheduler. ++# See "man cups-files.conf" for a complete description of this file. ++# ++ ++# List of events that are considered fatal errors for the scheduler... ++#FatalErrors @CUPS_FATAL_ERRORS@ ++ ++# Default user and group for filters/backends/helper programs; this cannot be ++# any user or group that resolves to ID 0 for security reasons... ++#User @CUPS_USER@ ++#Group @CUPS_GROUP@ ++ ++# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules... ++SystemGroup @CUPS_SYSTEM_GROUPS@ ++@CUPS_SYSTEM_AUTHKEY@ ++ ++# User that is substituted for unauthenticated (remote) root accesses... ++#RemoteRoot remroot ++ ++# Do we allow file: device URIs other than to /dev/null? ++#FileDevice No ++ ++# Permissions for configuration and log files... ++#ConfigFilePerm @CUPS_CONFIG_FILE_PERM@ ++#LogFilePerm @CUPS_LOG_FILE_PERM@ ++ ++# Location of the file logging all access to the scheduler; may be the name ++# "syslog". If not an absolute path, the value of ServerRoot is used as the ++# root directory. Also see the "AccessLogLevel" directive in cupsd.conf. ++AccessLog @CUPS_LOGDIR@/access_log ++ ++# Location of cache files used by the scheduler... ++#CacheDir @CUPS_CACHEDIR@ ++ ++# Location of data files used by the scheduler... ++#DataDir @CUPS_DATADIR@ ++ ++# Location of the static web content served by the scheduler... ++#DocRoot @CUPS_DOCROOT@ ++ ++# Location of the file logging all messages produced by the scheduler and any ++# helper programs; may be the name "syslog". If not an absolute path, the value ++# of ServerRoot is used as the root directory. Also see the "LogLevel" ++# directive in cupsd.conf. ++ErrorLog @CUPS_LOGDIR@/error_log ++ ++# Location of fonts used by older print filters... ++#FontPath @CUPS_FONTPATH@ ++ ++# Location of LPD configuration ++#LPDConfigFile @CUPS_DEFAULT_LPD_CONFIG_FILE@ ++ ++# Location of the file logging all pages printed by the scheduler and any ++# helper programs; may be the name "syslog". If not an absolute path, the value ++# of ServerRoot is used as the root directory. Also see the "PageLogFormat" ++# directive in cupsd.conf. ++PageLog @CUPS_LOGDIR@/page_log ++ ++# Location of the file listing all of the local printers... ++#Printcap @CUPS_DEFAULT_PRINTCAP@ ++ ++# Format of the Printcap file... ++#PrintcapFormat bsd ++#PrintcapFormat plist ++#PrintcapFormat solaris ++ ++# Location of all spool files... ++#RequestRoot @CUPS_REQUESTS@ ++ ++# Location of helper programs... ++#ServerBin @CUPS_SERVERBIN@ ++ ++# SSL/TLS certificate for the scheduler... ++#ServerCertificate @CUPS_SERVERCERT@ ++ ++# SSL/TLS private key for the scheduler... ++#ServerKey @CUPS_SERVERKEY@ ++ ++# Location of other configuration files... ++#ServerRoot @CUPS_SERVERROOT@ ++ ++# Location of Samba configuration file... ++#SMBConfigFile @CUPS_DEFAULT_SMB_CONFIG_FILE@ ++ ++# Location of scheduler state files... ++#StateDir @CUPS_STATEDIR@ ++ ++# Location of scheduler/helper temporary files. This directory is emptied on ++# scheduler startup and cannot be one of the standard (public) temporary ++# directory locations for security reasons... ++#TempDir @CUPS_REQUESTS@/tmp ++ ++# ++# End of "$Id$". ++# +diff -up cups-1.5.4/config-scripts/cups-defaults.m4.str4223 cups-1.5.4/config-scripts/cups-defaults.m4 +--- cups-1.5.4/config-scripts/cups-defaults.m4.str4223 2011-05-06 23:53:53.000000000 +0100 ++++ cups-1.5.4/config-scripts/cups-defaults.m4 2012-11-27 13:36:54.513147832 +0000 +@@ -367,6 +367,7 @@ else + fi + + AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LPD_CONFIG_FILE, "$CUPS_DEFAULT_LPD_CONFIG_FILE") ++AC_SUBST(CUPS_DEFAULT_LPD_CONFIG_FILE) + + dnl Default SMB config file... + AC_ARG_WITH(smbconfigfile, [ --with-smbconfigfile set default SMBConfigFile URI], +@@ -388,6 +389,7 @@ else + fi + + AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SMB_CONFIG_FILE, "$CUPS_DEFAULT_SMB_CONFIG_FILE") ++AC_SUBST(CUPS_DEFAULT_SMB_CONFIG_FILE) + + dnl Default MaxCopies value... + AC_ARG_WITH(max-copies, [ --with-max-copies set default max copies value, default=9999 ], +diff -up cups-1.5.4/config-scripts/cups-ssl.m4.str4223 cups-1.5.4/config-scripts/cups-ssl.m4 +--- cups-1.5.4/config-scripts/cups-ssl.m4.str4223 2012-11-27 13:36:54.356147158 +0000 ++++ cups-1.5.4/config-scripts/cups-ssl.m4 2012-11-27 13:36:54.513147832 +0000 +@@ -27,6 +27,8 @@ AC_ARG_WITH(openssl-includes, [ --with- + SSLFLAGS="" + SSLLIBS="" + have_ssl=0 ++CUPS_SERVERCERT="" ++CUPS_SERVERKEY="" + + if test x$enable_ssl != xno; then + dnl Look for CDSA... +@@ -36,6 +38,7 @@ if test x$enable_ssl != xno; then + have_ssl=1 + AC_DEFINE(HAVE_SSL) + AC_DEFINE(HAVE_CDSASSL) ++ CUPS_SERVERCERT="/Library/Keychains/System.keychain" + + dnl Check for the various security headers... + AC_CHECK_HEADER(Security/SecureTransportPriv.h, +@@ -112,6 +115,9 @@ if test x$enable_ssl != xno; then + fi + + if test $have_ssl = 1; then ++ CUPS_SERVERCERT="ssl/server.crt" ++ CUPS_SERVERKEY="ssl/server.key" ++ + if $PKGCONFIG --exists gcrypt; then + SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`" + SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`" +@@ -154,6 +160,9 @@ if test x$enable_ssl != xno; then + done + + if test "x${SSLLIBS}" != "x"; then ++ CUPS_SERVERCERT="ssl/server.crt" ++ CUPS_SERVERKEY="ssl/server.key" ++ + LIBS="$SAVELIBS $SSLLIBS" + AC_CHECK_FUNCS(SSL_set_tlsext_host_name) + fi +@@ -171,6 +180,8 @@ elif test x$enable_cdsa = xyes -o x$enab + AC_MSG_ERROR([Unable to enable SSL support.]) + fi + ++AC_SUBST(CUPS_SERVERCERT) ++AC_SUBST(CUPS_SERVERKEY) + AC_SUBST(IPPALIASES) + AC_SUBST(SSLFLAGS) + AC_SUBST(SSLLIBS) +diff -up cups-1.5.4/configure.in.str4223 cups-1.5.4/configure.in +--- cups-1.5.4/configure.in.str4223 2012-11-27 13:36:54.482147699 +0000 ++++ cups-1.5.4/configure.in 2012-11-27 13:36:54.513147832 +0000 +@@ -66,6 +66,7 @@ AC_SUBST(INSTALL_LANGUAGES) + AC_SUBST(UNINSTALL_LANGUAGES) + + AC_OUTPUT(Makedefs ++ conf/cups-files.conf + conf/cupsd.conf + conf/mime.convs + conf/pam.std +@@ -82,6 +83,7 @@ AC_OUTPUT(Makedefs + man/client.conf.man + man/cups-deviced.man + man/cups-driverd.man ++ man/cups-files.conf.man + man/cups-lpd.man + man/cupsaddsmb.man + man/cupsd.conf.man +diff -up cups-1.5.4/conf/Makefile.str4223 cups-1.5.4/conf/Makefile +--- cups-1.5.4/conf/Makefile.str4223 2012-11-27 13:36:54.336147072 +0000 ++++ cups-1.5.4/conf/Makefile 2012-11-27 13:36:54.513147832 +0000 +@@ -19,7 +19,7 @@ include ../Makedefs + # Config files... + # + +-KEEP = cupsd.conf snmp.conf ++KEEP = cups-files.conf cupsd.conf snmp.conf + REPLACE = mime.convs mime.types + + +diff -up cups-1.5.4/doc/help/ref-cupsd-conf.html.in.str4223 cups-1.5.4/doc/help/ref-cupsd-conf.html.in +--- cups-1.5.4/doc/help/ref-cupsd-conf.html.in.str4223 2012-01-30 21:40:21.000000000 +0000 ++++ cups-1.5.4/doc/help/ref-cupsd-conf.html.in 2012-11-27 13:36:54.514147836 +0000 +@@ -191,82 +191,6 @@ HREF="#Location">LocationLimit section.

+ + +-

DeprecatedAuthClass

+- +-

Examples

+- +-
+-<Location /path>
+-  ...
+-  AuthClass Anonymous
+-  AuthClass User
+-  AuthClass System
+-  AuthClass Group
+-</Location>
+-
+- +-

Description

+- +-

The AuthClass directive defines what level of +-authentication is required:

+- +-
    +- +-
  • Anonymous - No authentication should be +- performed (default)
    • +- +-
  • User - A valid username and password is +- required
    • +- +-
  • System - A valid username and password +- is required, and the username must belong to the "sys" +- group; this can be changed using the SystemGroup +- directive
    • +- +-
  • Group - A valid username and password is +- required, and the username must belong to the group named +- by the AuthGroupName +- directive
    • +- +-
+- +-

The AuthClass directive must appear inside a Location or Limit section.

+- +-

This directive is deprecated and will be removed from a +-future release of CUPS. Consider using the more flexible Require directive instead.

+- +- +-

DeprecatedAuthGroupName

+- +-

Examples

+- +-
+-<Location /path>
+-  ...
+-  AuthGroupName mygroup
+-  AuthGroupName lp
+-</Location>
+-
+- +-

Description

+- +-

The AuthGroupName directive sets the group to use +-for Group authentication.

+- +-

The AuthGroupName directive must appear inside a +-Location or Limit section.

+- +-

This directive is deprecated and will be removed from a +-future release of CUPS. Consider using the more flexible Require directive instead.

+- +- +

AuthType

+ +

Examples

+@@ -2544,65 +2468,6 @@ purged.

+ files as soon as each job is completed, canceled, or aborted.

+ + +-

Printcap

+- +-

Examples

+- +-
+-Printcap
+-Printcap /etc/printcap
+-Printcap /etc/printers.conf
+-Printcap /Library/Preferences/org.cups.printers.plist
+-
+- +-

Description

+- +-

The Printcap directive controls whether or not a +-printcap file is automatically generated and updated with a list +-of available printers. If specified with no value, then no +-printcap file will be generated. The default is to generate a +-file named @CUPS_DEFAUL_PRINTCAP@.

+- +-

When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@), +-the printcap file is written whenever a printer is added or +-removed. The printcap file can then be used by applications that +-are hardcoded to look at the printcap file for the available +-printers.

+- +- +-

PrintcapFormat

+- +-

Examples

+- +-
+-PrintcapFormat BSD
+-PrintcapFormat Solaris
+-PrintcapFormat plist
+-
+- +-

Description

+- +-

The PrintcapFormat directive controls the output format of the +-printcap file. The default is to generate the plist format on Mac OS X, the +-Solaris format on Solaris, and the BSD format on other operating systems.

+- +- +-

CUPS 1.1.13PrintcapGUI

+- +-

Examples

+- +-
+-PrintGUI /usr/bin/glpoptions
+-
+- +-

Description

+- +-

The PrintcapGUI directive sets the program to +-associate with the IRIX printer GUI interface script which is +-used by IRIX applications to display printer-specific options. +-There is no default program.

+- +- +

CUPS 1.1.21ReloadTimeout

+ +

Examples

+@@ -2619,42 +2484,6 @@ of seconds the scheduler will wait for a + before doing a restart. The default is 30 seconds.

+ + +-

CUPS 1.1.3RemoteRoot

+- +-

Examples

+- +-
+-RemoteRoot remroot
+-RemoteRoot root
+-
+- +-

Description

+- +-

The RemoteRoot directive sets the username for +-unauthenticated root requests from remote hosts. The default +-username is remroot. Setting RemoteRoot +-to root effectively disables this security +-mechanism.

+- +- +-

RequestRoot

+- +-

Examples

+- +-
+-RequestRoot /var/spool/cups
+-RequestRoot /foo/bar/spool/cups
+-
+- +-

Description

+- +-

The RequestRoot directive sets the directory for +-incoming IPP requests and HTML forms. If an absolute path is not +-provided then it is assumed to be relative to the ServerRoot directory. The +-default request directory is @CUPS_REQUESTS@.

+- +- +

CUPS 1.1.7Require

+ +

Examples

+@@ -2806,64 +2635,6 @@ alternate name with a ServerAlias direct + + + +-

ServerBin

+- +-

Examples

+- +-
+-ServerBin /usr/lib/cups
+-ServerBin /foo/bar/lib/cups
+-
+- +-

Description

+- +-

The ServerBin directive sets the directory for +-server-run executables. If an absolute path is not provided then +-it is assumed to be relative to the ServerRoot directory. The +-default executable directory is /usr/lib/cups, +-/usr/lib32/cups, or /usr/libexec/cups +-depending on the operating system.

+- +- +-

ServerCertificate

+- +-

Examples

+- +-
+-ServerCertificate /etc/cups/ssl/server.crt
+-
+- +-

Description

+- +-

The ServerCertificate directive specifies the +-location of the SSL certificate file used by the server when +-negotiating encrypted connections. The certificate must not be +-encrypted (password protected) since the scheduler normally runs +-in the background and will be unable to ask for a password.

+- +-

The default certificate file is +-/etc/cups/ssl/server.crt.

+- +- +-

ServerKey

+- +-

Examples

+- +-
+-ServerKey /etc/cups/ssl/server.key
+-
+- +-

Description

+- +-

The ServerKey directive specifies the location of +-the SSL private key file used by the server when negotiating +-encrypted connections.

+- +-

The default key file is +-/etc/cups/ssl/server.crt.

+- +- +

ServerName

+ +

Examples

+@@ -2880,23 +2651,6 @@ that is reported to clients. By default + hostname.

+ + +-

ServerRoot

+- +-

Examples

+- +-
+-ServerRoot /etc/cups
+-ServerRoot /foo/bar/cups
+-
+- +-

Description

+- +-

The ServerRoot directive specifies the absolute +-path to the server configuration and state files. It is also used +-to resolve relative paths in the cupsd.conf file. The +-default server directory is /etc/cups.

+- +- +

CUPS 1.1.21ServerTokens

+ +

Examples

+@@ -3075,53 +2829,6 @@ subscription values to make private. The + HREF="#Policy">Policy section.

+ + +-

SystemGroup

+- +-

Examples

+- +-
+-SystemGroup lpadmin
+-SystemGroup sys
+-SystemGroup system
+-SystemGroup root
+-SystemGroup root lpadmin
+-
+- +-

Description

+- +-

The SystemGroup directive specifies the system +-administration group for System authentication. +-Multiple groups can be listed, separated with spaces. The default +-group list is @CUPS_SYSTEM_GROUPS@.

+- +- +-

TempDir

+- +-

Examples

+- +-
+-TempDir /var/tmp
+-TempDir /foo/bar/tmp
+-
+- +-

Description

+- +-

The TempDir directive specifies an absolute path +-for the directory to use for temporary files. The default +-directory is @CUPS_REQUESTS@/tmp.

+- +-

Temporary directories must be world-writable and should have +-the "sticky" permission bit enabled so that other users cannot +-delete filter temporary files. The following commands will create +-an appropriate temporary directory called +-/foo/bar/tmp:

+- +-
+-mkdir /foo/bar/tmp
+-chmod a+rwxt /foo/bar/tmp
+-
+- +- +

Timeout

+ +

Examples

+@@ -3160,31 +2867,6 @@ the same printer available from multiple +

The default is @CUPS_USE_NETWORK_DEFAULT@.

+ + +-

User

+- +-

Examples

+- +-
+-User lp
+-User guest
+-
+- +-

Description

+- +-

The User directive specifies the UNIX user that +-filter and CGI programs run as. The default user is +-@CUPS_USER@.

+- +-
Note: +- +-

You may not use user root, as that would expose +-the system to unacceptable security risks. The scheduler will +-automatically choose user nobody if you specify a +-user whose ID is 0.

+- +-
+- +- +

CUPS 1.5WebInterface

+ +

Examples

+diff -up cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 cups-1.5.4/doc/help/ref-cups-files-conf.html.in +--- cups-1.5.4/doc/help/ref-cups-files-conf.html.in.str4223 2012-11-27 13:36:54.514147836 +0000 ++++ cups-1.5.4/doc/help/ref-cups-files-conf.html.in 2012-11-27 13:36:54.514147836 +0000 +@@ -0,0 +1,531 @@ ++ ++ ++ ++ cups-files.conf ++ ++ ++ ++ ++

cups-files.conf

++ ++

The /etc/cups/cups-files.conf file contains configuration directives that control the files, directories. users. and groups that are used by the CUPS scheduler, cupsd(8). Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.

++ ++

AccessLog

++ ++

Examples

++ ++
++AccessLog /var/log/cups/access_log
++AccessLog /var/log/cups/access_log-%s
++AccessLog syslog
++
++ ++

Description

++ ++

The AccessLog directive sets the name of the ++access log file. If the filename is not absolute then it is ++assumed to be relative to the ServerRoot directory. The ++access log file is stored in "common log format" and can be used ++by any web access reporting tool to generate a report on CUPS ++server activity.

++ ++

The server name can be included in the filename by using ++%s in the name.

++ ++

The special name "syslog" can be used to send the access ++information to the system log instead of a plain file.

++ ++

The default access log file is ++@CUPS_LOGDIR@/access_log.

++ ++ ++

CUPS 1.1.15ConfigFilePerm

++ ++

Examples

++ ++
++ConfigFilePerm 0644
++ConfigFilePerm 0640
++
++ ++

Description

++ ++

The ConfigFilePerm directive specifies the permissions to use when the scheduler writes configuration and cache files, typically in response to IPP or HTTP requests. The default is @CUPS_CONFIG_FILE_PERM@.

++ ++
Note: ++ ++

The permissions for the printers.conf file are always masked to only allow access from the scheduler user (typically root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. There is no way to disable this security feature.

++ ++
++ ++ ++

DataDir

++ ++

Examples

++ ++
++DataDir /usr/share/cups
++
++ ++

Description

++ ++

The DataDir directive sets the directory to use ++for data files.

++ ++ ++

CUPS 1.2/OS X 10.5DefaultAuthType

++ ++

Examples

++ ++
++DefaultAuthType Basic
++DefaultAuthType BasicDigest
++DefaultAuthType Digest
++DefaultAuthType Negotiate
++
++ ++

Description

++ ++

The DefaultAuthType directive specifies the type ++of authentication to use for IPP operations that require a ++username. The default is Basic.

++ ++ ++

DocumentRoot

++ ++

Examples

++ ++
++DocumentRoot /usr/share/doc/cups
++DocumentRoot /foo/bar/doc/cups
++
++ ++

Description

++ ++

The DocumentRoot directive specifies the location ++of web content for the HTTP server in CUPS. If an absolute path ++is not specified then it is assumed to be relative to the ServerRoot directory. The ++default directory is @CUPS_DOCROOT@.

++ ++

Documents are first looked up in a sub-directory for the ++primary language requested by the client (e.g. ++@CUPS_DOCROOT@/fr/...) and then directly under ++the DocumentRoot directory (e.g. ++@CUPS_DOCROOT@/...), so it is possible to ++localize the web content by providing subdirectories for each ++language needed.

++ ++ ++

ErrorLog

++ ++

Examples

++ ++
++ErrorLog /var/log/cups/error_log
++ErrorLog /var/log/cups/error_log-%s
++ErrorLog syslog
++
++ ++

Description

++ ++

The ErrorLog directive sets the name of the error ++log file. If the filename is not absolute then it is assumed to ++be relative to the ServerRoot directory. The ++default error log file is @CUPS_LOGDIR@/error_log.

++ ++

The server name can be included in the filename by using ++%s in the name.

++ ++

The special name "syslog" can be used to send the error ++information to the system log instead of a plain file.

++ ++ ++

CUPS 1.4/OS X 10.6FatalErrors

++ ++

Examples

++ ++
++FatalErrors none
++FatalErrors all
++FatalErrors browse
++FatalErrors config
++FatalErrors listen
++FatalErrors log
++FatalErrors permissions
++FatalErrors all -permissions
++FatalErrors config permissions log
++
++ ++

Description

++ ++

The FatalErrors directive determines whether certain kinds of ++errors are fatal. The following kinds of errors are currently recognized:

++ ++
    ++ ++
  • none - No errors are fatal
    • ++ ++
  • all - All of the errors below are fatal
    • ++ ++
  • browse - Browsing initialization errors are fatal, ++ for example failed binding to the CUPS browse port or failed connections ++ to LDAP servers
    • ++ ++
  • config - Configuration file syntax errors are ++ fatal
    • ++ ++
  • listen - Listen or Port errors are fatal, except for ++ IPv6 failures on the loopback or "any" addresses
    • ++ ++
  • log - Log file creation or write errors are fatal
    • ++ ++
  • permissions - Bad startup file permissions are ++ fatal, for example shared SSL certificate and key files with world- ++ read permissions
    • ++ ++
++ ++

Multiple errors can be listed, and the form "-kind" can be used with ++all to remove specific kinds of errors. The default setting is ++@CUPS_FATAL_ERRORS@.

++ ++ ++

CUPS 1.1.18FileDevice

++ ++

Examples

++ ++
++FileDevice Yes
++FileDevice No
++
++ ++

Description

++ ++

The FileDevice directive determines whether the ++scheduler allows new printers to be added using device URIs of ++the form file:/filename. File devices are most often ++used to test new printer drivers and do not support raw file ++printing.

++ ++

The default setting is No.

++ ++
Note: ++ ++

File devices are managed by the scheduler. Since the ++scheduler normally runs as the root user, file devices ++can be used to overwrite system files and potentially ++gain unauthorized access to the system. If you must ++create printers using file devices, we recommend that ++you set the FileDevice directive to ++Yes for only as long as you need to add the ++printers to the system, and then reset the directive to ++No.

++ ++
++ ++ ++

CUPS 1.1.3FontPath

++ ++

Examples

++ ++
++FontPath /foo/bar/fonts
++FontPath /usr/share/cups/fonts:/foo/bar/fonts
++
++ ++

Description

++ ++

The FontPath directive specifies the font path to ++use when searching for fonts. The default font path is ++/usr/share/cups/fonts.

++ ++ ++

Group

++ ++

Examples

++ ++
++Group lp
++Group nobody
++
++ ++

Description

++ ++

The Group directive specifies the UNIX group that ++filter and CGI programs run as. The default group is ++system-specific but is usually lp or ++nobody.

++ ++ ++

CUPS 1.1.15LogFilePerm

++ ++

Examples

++ ++
++LogFilePerm 0644
++LogFilePerm 0600
++
++ ++

Description

++ ++

The LogFilePerm directive specifies the ++permissions to use when writing log files. The default ++is @CUPS_LOG_FILE_PERM@.

++ ++ ++

PageLog

++ ++

Examples

++ ++
++PageLog /var/log/cups/page_log
++PageLog /var/log/cups/page_log-%s
++PageLog syslog
++
++ ++

Description

++ ++

The PageLog directive sets the name of the page ++log file. If the filename is not absolute then it is assumed to ++be relative to the ServerRoot directory. The ++default page log file is @CUPS_LOGDIR@/page_log.

++ ++

The server name can be included in the filename by using ++%s in the name.

++ ++

The special name "syslog" can be used to send the page ++information to the system log instead of a plain file.

++ ++ ++

Printcap

++ ++

Examples

++ ++
++Printcap
++Printcap /etc/printcap
++Printcap /etc/printers.conf
++Printcap /Library/Preferences/org.cups.printers.plist
++
++ ++

Description

++ ++

The Printcap directive controls whether or not a ++printcap file is automatically generated and updated with a list ++of available printers. If specified with no value, then no ++printcap file will be generated. The default is to generate a ++file named @CUPS_DEFAULT_PRINTCAP@.

++ ++

When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@), ++the printcap file is written whenever a printer is added or ++removed. The printcap file can then be used by applications that ++are hardcoded to look at the printcap file for the available ++printers.

++ ++ ++

PrintcapFormat

++ ++

Examples

++ ++
++PrintcapFormat BSD
++PrintcapFormat Solaris
++PrintcapFormat plist
++
++ ++

Description

++ ++

The PrintcapFormat directive controls the output format of the ++printcap file. The default is to generate the plist format on OS X, the ++Solaris format on Solaris, and the BSD format on other operating systems.

++ ++ ++

CUPS 1.1.3RemoteRoot

++ ++

Examples

++ ++
++RemoteRoot remroot
++RemoteRoot root
++
++ ++

Description

++ ++

The RemoteRoot directive sets the username for ++unauthenticated root requests from remote hosts. The default ++username is remroot. Setting RemoteRoot ++to root effectively disables this security ++mechanism.

++ ++ ++

RequestRoot

++ ++

Examples

++ ++
++RequestRoot /var/spool/cups
++RequestRoot /foo/bar/spool/cups
++
++ ++

Description

++ ++

The RequestRoot directive sets the directory for ++incoming IPP requests and HTML forms. If an absolute path is not ++provided then it is assumed to be relative to the ServerRoot directory. The ++default request directory is @CUPS_REQUESTS@.

++ ++ ++

ServerBin

++ ++

Examples

++ ++
++ServerBin /usr/lib/cups
++ServerBin /foo/bar/lib/cups
++
++ ++

Description

++ ++

The ServerBin directive sets the directory for ++server-run executables. If an absolute path is not provided then ++it is assumed to be relative to the ServerRoot directory. The ++default executable directory is /usr/lib/cups, ++/usr/lib32/cups, or /usr/libexec/cups ++depending on the operating system.

++ ++ ++

ServerCertificate

++ ++

Examples

++ ++
++ServerCertificate /etc/cups/ssl/server.crt
++
++ ++

Description

++ ++

The ServerCertificate directive specifies the ++location of the SSL certificate file used by the server when ++negotiating encrypted connections. The certificate must not be ++encrypted (password protected) since the scheduler normally runs ++in the background and will be unable to ask for a password.

++ ++

The default certificate file is ++/etc/cups/ssl/server.crt.

++ ++ ++

ServerKey

++ ++

Examples

++ ++
++ServerKey /etc/cups/ssl/server.key
++
++ ++

Description

++ ++

The ServerKey directive specifies the location of ++the SSL private key file used by the server when negotiating ++encrypted connections.

++ ++

The default key file is ++/etc/cups/ssl/server.crt.

++ ++ ++

ServerRoot

++ ++

Examples

++ ++
++ServerRoot /etc/cups
++ServerRoot /foo/bar/cups
++
++ ++

Description

++ ++

The ServerRoot directive specifies the absolute ++path to the server configuration and state files. It is also used ++to resolve relative paths in the cupsd.conf file. The ++default server directory is /etc/cups.

++ ++ ++

SystemGroup

++ ++

Examples

++ ++
++SystemGroup lpadmin
++SystemGroup sys
++SystemGroup system
++SystemGroup root
++SystemGroup root lpadmin
++
++ ++

Description

++ ++

The SystemGroup directive specifies the system ++administration group for System authentication. ++Multiple groups can be listed, separated with spaces. The default ++group list is @CUPS_SYSTEM_GROUPS@.

++ ++ ++

TempDir

++ ++

Examples

++ ++
++TempDir /var/tmp
++TempDir /foo/bar/tmp
++
++ ++

Description

++ ++

The TempDir directive specifies an absolute path ++for the directory to use for temporary files. The default ++directory is @CUPS_REQUESTS@/tmp.

++ ++

Temporary directories must be world-writable and should have ++the "sticky" permission bit enabled so that other users cannot ++delete filter temporary files. The following commands will create ++an appropriate temporary directory called ++/foo/bar/tmp:

++ ++
++mkdir /foo/bar/tmp
++chmod a+rwxt /foo/bar/tmp
++
++ ++ ++

User

++ ++

Examples

++ ++
++User lp
++User guest
++
++ ++

Description

++ ++

The User directive specifies the UNIX user that ++filter and CGI programs run as. The default user is ++@CUPS_USER@.

++ ++
Note: ++ ++

You may not use user root, as that would expose ++the system to unacceptable security risks. The scheduler will ++automatically choose user nobody if you specify a ++user whose ID is 0.

++ ++
++ ++ ++ ++ +diff -up cups-1.5.4/doc/Makefile.str4223 cups-1.5.4/doc/Makefile +--- cups-1.5.4/doc/Makefile.str4223 2011-01-17 05:40:28.000000000 +0000 ++++ cups-1.5.4/doc/Makefile 2012-11-27 13:36:54.514147836 +0000 +@@ -3,7 +3,7 @@ + # + # Documentation makefile for CUPS. + # +-# Copyright 2007-2011 by Apple Inc. ++# Copyright 2007-2012 by Apple Inc. + # Copyright 1997-2007 by Easy Software Products. + # + # These coded instructions, statements, and computer programs are the +diff -up cups-1.5.4/man/cupsd.conf.man.in.str4223 cups-1.5.4/man/cupsd.conf.man.in +--- cups-1.5.4/man/cupsd.conf.man.in.str4223 2011-05-18 22:33:35.000000000 +0100 ++++ cups-1.5.4/man/cupsd.conf.man.in 2012-11-27 13:36:54.515147841 +0000 +@@ -12,12 +12,15 @@ + .\" which should have been included with this file. If this file is + .\" file is missing or damaged, see the license at "http://www.cups.org/". + .\" +-.TH cupsd.conf 5 "CUPS" "18 May 2011" "Apple Inc." ++.TH cupsd.conf 5 "CUPS" "19 November 2012" "Apple Inc." + .SH NAME + cupsd.conf \- server configuration file for cups + .SH DESCRIPTION + The \fIcupsd.conf\fR file configures the CUPS scheduler, \fIcupsd(8)\fR. It +-is normally located in the \fI@CUPS_SERVERROOT@\fR directory. ++is normally located in the \fI@CUPS_SERVERROOT@\fR directory. \fBNote:\fR ++File, directory, and user configuration directives that used to be allowed in ++the \fIcupsd.conf\fR file are now stored in the \fIcups-files.conf(5)\fR instead ++in order to prevent certain types of privilege escalation attacks. + .LP + Each line in the file can be a configuration directive, a blank line, + or a comment. Comment lines start with the # character. The +@@ -27,12 +30,6 @@ popular Apache web server software and a + The following directives are understood by \fIcupsd(8)\fR. Consult the + on-line help for detailed descriptions: + .TP 5 +-AccessLog filename +-.TP 5 +-AccessLog syslog +-.br +-Defines the access log filename. +-.TP 5 + AccessLogLevel config + .TP 5 + AccessLogLevel actions +@@ -61,20 +58,6 @@ Allow @LOCAL + .br + Allows access from the named hosts or addresses. + .TP 5 +-AuthClass User +-.TP 5 +-AuthClass Group +-.TP 5 +-AuthClass System +-.br +-Specifies the authentication class (User, Group, System) - +-\fBthis directive is deprecated\fR. +-.TP 5 +-AuthGroupName group-name +-.br +-Specifies the authentication group - \fBthis directive is +-deprecated\fR. +-.TP 5 + AuthType None + .TP 5 + AuthType Basic +@@ -220,7 +203,7 @@ Browsing Yes + .TP 5 + Browsing No + .br +-Specifies whether or not remote printer browsing should be enabled. ++Specifies whether or not shared printers should be advertised. + .TP 5 + Classification banner + .br +@@ -233,15 +216,6 @@ ClassifyOverride No + Specifies whether to allow users to override the classification + of individual print jobs. + .TP 5 +-ConfigFilePerm mode +-.br +-Specifies the permissions for all configuration files that the scheduler +-writes. +-.TP 5 +-DataDir path +-.br +-Specified the directory where data files can be found. +-.TP 5 + DefaultAuthType Basic + .TP 5 + DefaultAuthType BasicDigest +@@ -309,10 +283,6 @@ Specifies the delay for updating of conf + causes the update to happen as soon as possible, typically within a few + milliseconds. + .TP 5 +-DocumentRoot directory +-.br +-Specifies the root directory for the internal web server documents. +-.TP 5 + Encryption IfRequested + .TP 5 + Encryption Never +@@ -322,28 +292,6 @@ Encryption Required + Specifies the level of encryption that is required for a particular + location. + .TP 5 +-ErrorLog filename +-.TP 5 +-ErrorLog syslog +-.br +-Specifies the error log filename. +-.TP 5 +-FatalErrors none +-.TP 5 +-FatalErrors all -kind [... -kind] +-.TP 5 +-FatalErrors kind [... kind] +-.br +-Specifies which errors are fatal, causing the scheduler to exit. "Kind" is +-"browse", "config", "listen", "log", or "permissions". +-.TP 5 +-FileDevice Yes +-.TP 5 +-FileDevice No +-.br +-Specifies whether the file pseudo-device can be used for new +-printer queues. +-.TP 5 + FilterLimit limit + .br + Specifies the maximum cost of filters that are run concurrently. +@@ -353,15 +301,6 @@ FilterNice nice-value + Specifies the scheduling priority ("nice" value) of filters that + are run to print a job. + .TP 5 +-FontPath directory[:directory:...] +-.br +-Specifies the search path for fonts. +-.TP 5 +-Group group-name-or-number +-.br +-Specifies the group name or ID that will be used when executing +-external programs. +-.TP 5 + HideImplicitMembers Yes + .TP 5 + HideImplicitMembers No +@@ -469,10 +408,6 @@ LogDebugHistory #-messages + Specifies the number of debugging messages that are logged when an error + occurs in a print job. + .TP 5 +-LogFilePerm mode +-.br +-Specifies the permissions for all log files that the scheduler writes. +-.TP 5 + LogLevel alert + .TP 5 + LogLevel crit +@@ -546,12 +481,6 @@ Order deny,allow + .br + Specifies the order of HTTP access control (allow,deny or deny,allow) + .TP 5 +-PageLog filename +-.TP 5 +-PageLog syslog +-.br +-Specifies the page log filename. +-.TP 5 + PageLogFormat format string + .br + Specifies the format of page log lines. +@@ -581,15 +510,6 @@ PreserveJobHistory No + Specifies whether or not to preserve the job history after they are + printed. + .TP 5 +-Printcap +-.TP 5 +-Printcap filename +-.br +-Specifies the filename for a printcap file that is updated +-automatically with a list of available printers (needed for +-legacy applications); specifying Printcap with no filename +-disables printcap generation. +-.TP 5 + PrintcapFormat bsd + .TP 5 + PrintcapFormat plist +@@ -598,29 +518,11 @@ PrintcapFormat solaris + .br + Specifies the format of the printcap file. + .TP 5 +-PrintcapGUI +-.TP 5 +-PrintcapGUI gui-program-filename +-.br +-Specifies whether to generate option panel definition files on +-some operating systems. When provided with no program filename, +-disables option panel definition files. +-.TP 5 + ReloadTimeout seconds + .br + Specifies the amount of time to wait for job completion before + restarting the scheduler. + .TP 5 +-RemoteRoot user-name +-.br +-Specifies the username that is associated with unauthenticated root +-accesses. +-.TP 5 +-RequestRoot directory +-.br +-Specifies the directory to store print jobs and other HTTP request +-data. +-.TP 5 + Require group group-name-list + .TP 5 + Require user user-name-list +@@ -652,27 +554,10 @@ ServerAlias * + Specifies an alternate name that the server is known by. The special name "*" + allows any name to be used. + .TP 5 +-ServerBin directory +-.br +-Specifies the directory where backends, CGIs, daemons, and filters may +-be found. +-.TP 5 +-ServerCertificate filename +-.br +-Specifies the encryption certificate to use. +-.TP 5 +-ServerKey filename +-.br +-Specifies the encryption key to use. +-.TP 5 + ServerName hostname-or-ip-address + .br + Specifies the fully-qualified hostname of the server. + .TP 5 +-ServerRoot directory +-.br +-Specifies the directory where the server configuration files can be found. +-.TP 5 + ServerTokens Full + .TP 5 + ServerTokens Major +@@ -729,29 +614,17 @@ Specifies the list of job values to make + "notify-events", "notify-pull-method", "notify-recipient-uri", + "notify-subscriber-user-name", and "notify-user-data". + .TP 5 +-SystemGroup group-name [group-name ...] +-.br +-Specifies the group(s) to use for System class authentication. +-.TP 5 +-TempDir directory +-.br +-Specifies the directory where temporary files are stored. +-.TP 5 + Timeout seconds + .br + Specifies the HTTP request timeout in seconds. + .TP 5 +-User user-name +-.br +-Specifies the user name or ID that is used when running external programs. +-.TP 5 + WebInterface yes + .TP 5 + WebInterface no + Specifies whether the web interface is enabled. + .SH SEE ALSO +-\fIclasses.conf(5)\fR, \fIcupsd(8)\fR, \fImime.convs(5)\fR, +-\fImime.types(5)\fR, \fIprinters.conf(5)\fR, ++\fIclasses.conf(5)\fR, \fIcups-files.conf(5)\fR, \fIcupsd(8)\fR, ++\fImime.convs(5)\fR, \fImime.types(5)\fR, \fIprinters.conf(5)\fR, + \fIsubscriptions.conf(5)\fR, + .br + http://localhost:631/help +diff -up cups-1.5.4/man/cups-files.conf.man.in.str4223 cups-1.5.4/man/cups-files.conf.man.in +--- cups-1.5.4/man/cups-files.conf.man.in.str4223 2012-11-27 13:36:54.515147841 +0000 ++++ cups-1.5.4/man/cups-files.conf.man.in 2012-11-27 13:36:54.515147841 +0000 +@@ -0,0 +1,146 @@ ++.\" ++.\" "$Id$" ++.\" ++.\" cupsd.conf man page for CUPS. ++.\" ++.\" Copyright 2007-2012 by Apple Inc. ++.\" Copyright 1997-2006 by Easy Software Products. ++.\" ++.\" These coded instructions, statements, and computer programs are the ++.\" property of Apple Inc. and are protected by Federal copyright ++.\" law. Distribution and use rights are outlined in the file "LICENSE.txt" ++.\" which should have been included with this file. If this file is ++.\" file is missing or damaged, see the license at "http://www.cups.org/". ++.\" ++.TH cups-files.conf 5 "CUPS" "19 November 2012" "Apple Inc." ++.SH NAME ++cups-files.conf \- file and directory configuration file for cups ++.SH DESCRIPTION ++The \fIcups-file.conf\fR file configures the files and directories used by the ++CUPS scheduler, \fIcupsd(8)\fR. It is normally located in the ++\fI@CUPS_SERVERROOT@\fR directory. ++.LP ++Each line in the file can be a configuration directive, a blank line, ++or a comment. Comment lines start with the # character. ++.SH DIRECTIVES ++The following directives are understood by \fIcupsd(8)\fR. Consult the ++on-line help for detailed descriptions: ++.TP 5 ++AccessLog filename ++.TP 5 ++AccessLog syslog ++.br ++Defines the access log filename. ++.TP 5 ++ConfigFilePerm mode ++.br ++Specifies the permissions for all configuration files that the scheduler ++writes. ++.TP 5 ++DataDir path ++.br ++Specified the directory where data files can be found. ++.TP 5 ++DocumentRoot directory ++.br ++Specifies the root directory for the internal web server documents. ++.TP 5 ++ErrorLog filename ++.TP 5 ++ErrorLog syslog ++.br ++Specifies the error log filename. ++.TP 5 ++FatalErrors none ++.TP 5 ++FatalErrors all -kind [... -kind] ++.TP 5 ++FatalErrors kind [... kind] ++.br ++Specifies which errors are fatal, causing the scheduler to exit. "Kind" is ++"browse", "config", "listen", "log", or "permissions". ++.TP 5 ++FileDevice Yes ++.TP 5 ++FileDevice No ++.br ++Specifies whether the file pseudo-device can be used for new ++printer queues. ++.TP 5 ++FontPath directory[:directory:...] ++.br ++Specifies the search path for fonts. ++.TP 5 ++Group group-name-or-number ++.br ++Specifies the group name or ID that will be used when executing ++external programs. ++.TP 5 ++LogFilePerm mode ++.br ++Specifies the permissions for all log files that the scheduler writes. ++.TP 5 ++PageLog filename ++.TP 5 ++PageLog syslog ++.br ++Specifies the page log filename. ++.TP 5 ++Printcap ++.TP 5 ++Printcap filename ++.br ++Specifies the filename for a printcap file that is updated ++automatically with a list of available printers (needed for ++legacy applications); specifying Printcap with no filename ++disables printcap generation. ++.TP 5 ++RemoteRoot user-name ++.br ++Specifies the username that is associated with unauthenticated root ++accesses. ++.TP 5 ++RequestRoot directory ++.br ++Specifies the directory to store print jobs and other HTTP request ++data. ++.TP 5 ++ServerBin directory ++.br ++Specifies the directory where backends, CGIs, daemons, and filters may ++be found. ++.TP 5 ++ServerCertificate filename ++.br ++Specifies the encryption certificate to use. ++.TP 5 ++ServerKey filename ++.br ++Specifies the encryption key to use. ++.TP 5 ++ServerRoot directory ++.br ++Specifies the directory where the server configuration files can be found. ++.TP 5 ++SystemGroup group-name [group-name ...] ++.br ++Specifies the group(s) to use for System class authentication. ++.TP 5 ++TempDir directory ++.br ++Specifies the directory where temporary files are stored. ++.TP 5 ++User user-name ++.br ++Specifies the user name or ID that is used when running external programs. ++.SH SEE ALSO ++\fIclasses.conf(5)\fR, \fIcupsd(8)\fR, \fIcupsd.conf(5)\fR, \fImime.convs(5)\fR, ++\fImime.types(5)\fR, \fIprinters.conf(5)\fR, ++\fIsubscriptions.conf(5)\fR, ++.br ++http://localhost:631/help ++.SH COPYRIGHT ++Copyright 2007-2012 by Apple Inc. ++.\" ++.\" End of "$Id$". ++.\" +diff -up cups-1.5.4/man/Makefile.str4223 cups-1.5.4/man/Makefile +--- cups-1.5.4/man/Makefile.str4223 2010-06-22 22:21:37.000000000 +0100 ++++ cups-1.5.4/man/Makefile 2012-11-27 13:36:54.515147841 +0000 +@@ -39,6 +39,7 @@ MAN1 = cancel.$(MAN1EXT) \ + ppdpo.$(MAN1EXT) + MAN5 = classes.conf.$(MAN5EXT) \ + client.conf.$(MAN5EXT) \ ++ cups-files.conf.$(MAN5EXT) \ + cups-snmp.conf.$(MAN5EXT) \ + cupsd.conf.$(MAN5EXT) \ + ipptoolfile.$(MAN5EXT) \ +diff -up cups-1.5.4/packaging/cups.list.in.str4223 cups-1.5.4/packaging/cups.list.in +--- cups-1.5.4/packaging/cups.list.in.str4223 2012-04-24 00:49:19.000000000 +0100 ++++ cups-1.5.4/packaging/cups.list.in 2012-11-27 13:36:54.515147841 +0000 +@@ -588,6 +588,7 @@ d 0755 root $CUPS_GROUP $SERVERROOT/inte + d 0755 root $CUPS_GROUP $SERVERROOT/ppd - + d 0700 root $CUPS_GROUP $SERVERROOT/ssl - + c $CUPS_PERM root $CUPS_GROUP $SERVERROOT/ conf/*.conf ++f $CUPS_PERM root $CUPS_GROUP $SERVERROOT/cups-files.conf.default conf/cups-files.conf + f $CUPS_PERM root $CUPS_GROUP $SERVERROOT/cupsd.conf.default conf/cupsd.conf + + %if PAMDIR +diff -up cups-1.5.4/packaging/cups.spec.in.str4223 cups-1.5.4/packaging/cups.spec.in +--- cups-1.5.4/packaging/cups.spec.in.str4223 2012-04-23 18:46:53.000000000 +0100 ++++ cups-1.5.4/packaging/cups.spec.in 2012-11-27 13:36:54.516147846 +0000 +@@ -152,6 +152,7 @@ rm -rf $RPM_BUILD_ROOT + %defattr(-,root,root) + %dir /etc/cups + %config(noreplace) /etc/cups/*.conf ++/etc/cups/cups-files.conf.default + /etc/cups/cupsd.conf.default + %dir /etc/cups/interfaces + %dir /etc/cups/ppd +diff -up cups-1.5.4/scheduler/client.c.str4223 cups-1.5.4/scheduler/client.c +--- cups-1.5.4/scheduler/client.c.str4223 2012-11-27 13:36:54.461147608 +0000 ++++ cups-1.5.4/scheduler/client.c 2012-11-27 13:36:54.516147846 +0000 +@@ -35,7 +35,7 @@ + * data_ready() - Check whether data is available from a client. + * encrypt_client() - Enable encryption for the client... + * get_file() - Get a filename and state info. +- * install_conf_file() - Install a configuration file. ++ * install_cupsd_conf() - Install a configuration file. + * is_cgi() - Is the resource a CGI script/program? + * is_path_absolute() - Is a path absolute and free of relative elements + * (i.e. ".."). +@@ -75,7 +75,7 @@ static int encrypt_client(cupsd_client_ + #endif /* HAVE_SSL */ + static char *get_file(cupsd_client_t *con, struct stat *filestats, + char *filename, int len); +-static http_status_t install_conf_file(cupsd_client_t *con); ++static http_status_t install_cupsd_conf(cupsd_client_t *con); + static int is_cgi(cupsd_client_t *con, const char *filename, + struct stat *filestats, mime_type_t *type); + static int is_path_absolute(const char *path); +@@ -1685,17 +1685,14 @@ cupsdReadClient(cupsd_client_t *con) /* + * Validate the resource name... + */ + +- if (strncmp(con->uri, "/admin/conf/", 12) || +- strchr(con->uri + 12, '/') || +- strlen(con->uri) == 12) ++ if (strcmp(con->uri, "/admin/conf/cupsd.conf")) + { + /* +- * PUT can only be done to configuration files under +- * /admin/conf... ++ * PUT can only be done to the cupsd.conf file... + */ + + cupsdLogMessage(CUPSD_LOG_ERROR, +- "Request for subdirectory \"%s\"!", con->uri); ++ "Disallowed PUT request for \"%s\"!", con->uri); + + if (!cupsdSendError(con, HTTP_FORBIDDEN, CUPSD_AUTH_NONE)) + { +@@ -2059,7 +2056,7 @@ cupsdReadClient(cupsd_client_t *con) /* + * Install the configuration file... + */ + +- status = install_conf_file(con); ++ status = install_cupsd_conf(con); + + /* + * Return the status to the client... +@@ -3814,14 +3811,13 @@ get_file(cupsd_client_t *con, /* I - C + + + /* +- * 'install_conf_file()' - Install a configuration file. ++ * 'install_cupsd_conf()' - Install a configuration file. + */ + + static http_status_t /* O - Status */ +-install_conf_file(cupsd_client_t *con) /* I - Connection */ ++install_cupsd_conf(cupsd_client_t *con) /* I - Connection */ + { + char filename[1024]; /* Configuration filename */ +- mode_t mode; /* Permissions */ + cups_file_t *in, /* Input file */ + *out; /* Output file */ + char buffer[16384]; /* Copy buffer */ +@@ -3843,13 +3839,8 @@ install_conf_file(cupsd_client_t *con) / + * Open the new config file... + */ + +- snprintf(filename, sizeof(filename), "%s%s", ServerRoot, con->uri + 11); +- if (!strcmp(con->uri, "/admin/conf/printers.conf")) +- mode = ConfigFilePerm & 0600; +- else +- mode = ConfigFilePerm; +- +- if ((out = cupsdCreateConfFile(filename, mode)) == NULL) ++ snprintf(filename, sizeof(filename), "%s/cupsd.conf", ServerRoot); ++ if ((out = cupsdCreateConfFile(filename, ConfigFilePerm)) == NULL) + { + cupsFileClose(in); + return (HTTP_SERVER_ERROR); +@@ -3894,14 +3885,10 @@ install_conf_file(cupsd_client_t *con) / + cupsdClearString(&con->filename); + + /* +- * If the cupsd.conf file was updated, set the NeedReload flag... ++ * Set the NeedReload flag... + */ + +- if (!strcmp(con->uri, "/admin/conf/cupsd.conf")) +- NeedReload = RELOAD_CUPSD; +- else +- NeedReload = RELOAD_ALL; +- ++ NeedReload = RELOAD_CUPSD; + ReloadTime = time(NULL); + + /* +diff -up cups-1.5.4/scheduler/conf.c.str4223 cups-1.5.4/scheduler/conf.c +--- cups-1.5.4/scheduler/conf.c.str4223 2012-11-27 13:36:54.461147608 +0000 ++++ cups-1.5.4/scheduler/conf.c 2012-11-27 13:37:21.371244571 +0000 +@@ -27,7 +27,8 @@ + * parse_fatal_errors() - Parse FatalErrors values in a string. + * parse_groups() - Parse system group names in a string. + * parse_protocols() - Parse browse protocols in a string. +- * read_configuration() - Read a configuration file. ++ * read_cupsd_conf() - Read the cupsd.conf configuration file. ++ * read_cups_files_conf() - Read the cups-files.conf configuration file. + * read_location() - Read a definition. + * read_policy() - Read a definition. + * set_policy_defaults() - Set default policy values as needed. +@@ -81,9 +82,8 @@ typedef struct + * Local globals... + */ + +-static const cupsd_var_t variables[] = ++static const cupsd_var_t cupsd_vars[] = + { +- { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING }, + { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN }, + #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI) + { "BrowseDNSSDRegType", &DNSSDRegType, CUPSD_VARTYPE_STRING }, +@@ -105,24 +105,17 @@ static const cupsd_var_t variables[] = + { "BrowseTimeout", &BrowseTimeout, CUPSD_VARTYPE_INTEGER }, + { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN }, + { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN }, +- { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING }, + { "Classification", &Classification, CUPSD_VARTYPE_STRING }, + { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN }, +- { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER }, +- { "DataDir", &DataDir, CUPSD_VARTYPE_STRING }, + { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING }, + { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_INTEGER }, + { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING }, + { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING }, + { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN }, + { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_INTEGER }, +- { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING }, +- { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING }, + { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING }, +- { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN }, + { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER }, + { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER }, +- { "FontPath", &FontPath, CUPSD_VARTYPE_STRING }, + { "HideImplicitMembers", &HideImplicitMembers, CUPSD_VARTYPE_BOOLEAN }, + { "ImplicitClasses", &ImplicitClasses, CUPSD_VARTYPE_BOOLEAN }, + { "ImplicitAnyClasses", &ImplicitAnyClasses, CUPSD_VARTYPE_BOOLEAN }, +@@ -137,8 +130,6 @@ static const cupsd_var_t variables[] = + { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER }, + { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER }, + { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER }, +- { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER }, +- { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING }, + { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER }, + { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER }, + { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER }, +@@ -155,18 +146,33 @@ static const cupsd_var_t variables[] = + { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER }, + { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER }, + { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_INTEGER }, +- { "PageLog", &PageLog, CUPSD_VARTYPE_STRING }, + { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING }, + { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_BOOLEAN }, + { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_BOOLEAN }, +- { "Printcap", &Printcap, CUPSD_VARTYPE_STRING }, +- { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING }, + { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_INTEGER }, + { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING }, +- { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING }, + { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING }, + { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER }, + { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING }, ++ { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, ++ { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER }, ++ { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }, ++ { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } ++}; ++static const cupsd_var_t cupsfiles_vars[] = ++{ ++ { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING }, ++ { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING }, ++ { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER }, ++ { "DataDir", &DataDir, CUPSD_VARTYPE_STRING }, ++ { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING }, ++ { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING }, ++ { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN }, ++ { "FontPath", &FontPath, CUPSD_VARTYPE_STRING }, ++ { "PageLog", &PageLog, CUPSD_VARTYPE_STRING }, ++ { "Printcap", &Printcap, CUPSD_VARTYPE_STRING }, ++ { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING }, ++ + { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME }, + #ifdef HAVE_SSL + { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME }, +@@ -174,19 +180,14 @@ static const cupsd_var_t variables[] = + { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME }, + # endif /* HAVE_LIBSSL || HAVE_GNUTLS */ + #endif /* HAVE_SSL */ +- { "ServerName", &ServerName, CUPSD_VARTYPE_STRING }, + { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME }, + { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING }, + { "StateDir", &StateDir, CUPSD_VARTYPE_STRING }, + #ifdef HAVE_AUTHORIZATION_H + { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING }, + #endif /* HAVE_AUTHORIZATION_H */ +- { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }, +- { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER }, +- { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }, +- { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN } ++ { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME } + }; +-#define NUM_VARS (sizeof(variables) / sizeof(variables[0])) + + + static const unsigned ones[4] = +@@ -212,7 +213,12 @@ static int parse_aaa(cupsd_location_t * + static int parse_fatal_errors(const char *s); + static int parse_groups(const char *s); + static int parse_protocols(const char *s); +-static int read_configuration(cups_file_t *fp); ++static int parse_variable(const char *filename, int linenum, ++ const char *line, const char *value, ++ size_t num_vars, ++ const cupsd_var_t *vars); ++static int read_cupsd_conf(cups_file_t *fp); ++static int read_cups_files_conf(cups_file_t *fp); + static int read_location(cups_file_t *fp, char *name, int linenum); + static int read_policy(cups_file_t *fp, char *name, int linenum); + static void set_policy_defaults(cupsd_policy_t *pol); +@@ -708,22 +714,48 @@ cupsdReadConfiguration(void) + cupsdInitEnv(); + + /* +- * Read the configuration file... ++ * Read the cups-files.conf file... ++ */ ++ ++ if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL) ++ { ++ status = read_cups_files_conf(fp); ++ ++ cupsFileClose(fp); ++ ++ if (!status) ++ return (0); ++ } ++ else if (errno == ENOENT) ++ cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile); ++ else ++ { ++ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", CupsFilesFile, ++ strerror(errno)); ++ return (0); ++ } ++ ++ if (!ErrorLog) ++ cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log"); ++ ++ /* ++ * Read the cupsd.conf file... + */ + + if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL) ++ { ++ cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", ConfigurationFile, ++ strerror(errno)); + return (0); ++ } + +- status = read_configuration(fp); ++ status = read_cupsd_conf(fp); + + cupsFileClose(fp); + + if (!status) + return (0); + +- if (!ErrorLog) +- cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log"); +- + RunUser = getuid(); + + cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.", +@@ -2512,13 +2544,174 @@ parse_protocols(const char *s) /* I - S + + + /* +- * 'read_configuration()' - Read a configuration file. ++ * 'parse_variable()' - Parse a variable line. + */ + + static int /* O - 1 on success, 0 on failure */ +-read_configuration(cups_file_t *fp) /* I - File to read from */ ++parse_variable( ++ const char *filename, /* I - Name of configuration file */ ++ int linenum, /* I - Line in configuration file */ ++ const char *line, /* I - Line from configuration file */ ++ const char *value, /* I - Value from configuration file */ ++ size_t num_vars, /* I - Number of variables */ ++ const cupsd_var_t *vars) /* I - Variables */ ++{ ++ size_t i; /* Looping var */ ++ const cupsd_var_t *var; /* Variables */ ++ char temp[1024]; /* Temporary string */ ++ ++ ++ for (i = num_vars, var = vars; i > 0; i --, var ++) ++ if (!_cups_strcasecmp(line, var->name)) ++ break; ++ ++ if (i == 0) ++ { ++ /* ++ * Unknown directive! Output an error message and continue... ++ */ ++ ++ if (!value) ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", ++ line, linenum, filename); ++ else ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", ++ line, linenum, filename); ++ ++ return (0); ++ } ++ ++ switch (var->type) ++ { ++ case CUPSD_VARTYPE_INTEGER : ++ if (!value) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Missing integer value for %s on line %d of %s.", ++ line, linenum, filename); ++ return (0); ++ } ++ else if (!isdigit(*value & 255)) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Bad integer value for %s on line %d of %s.", ++ line, linenum, filename); ++ return (0); ++ } ++ else ++ { ++ int n; /* Number */ ++ char *units; /* Units */ ++ ++ n = strtol(value, &units, 0); ++ ++ if (units && *units) ++ { ++ if (tolower(units[0] & 255) == 'g') ++ n *= 1024 * 1024 * 1024; ++ else if (tolower(units[0] & 255) == 'm') ++ n *= 1024 * 1024; ++ else if (tolower(units[0] & 255) == 'k') ++ n *= 1024; ++ else if (tolower(units[0] & 255) == 't') ++ n *= 262144; ++ else ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown integer value for %s on line %d of %s.", ++ line, linenum, filename); ++ return (0); ++ } ++ } ++ ++ if (n < 0) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Bad negative integer value for %s on line %d of " ++ "%s.", line, linenum, filename); ++ return (0); ++ } ++ else ++ { ++ *((int *)var->ptr) = n; ++ } ++ } ++ break; ++ ++ case CUPSD_VARTYPE_BOOLEAN : ++ if (!value) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Missing boolean value for %s on line %d of %s.", ++ line, linenum, filename); ++ return (0); ++ } ++ else if (!_cups_strcasecmp(value, "true") || ++ !_cups_strcasecmp(value, "on") || ++ !_cups_strcasecmp(value, "enabled") || ++ !_cups_strcasecmp(value, "yes") || ++ atoi(value) != 0) ++ { ++ *((int *)var->ptr) = TRUE; ++ } ++ else if (!_cups_strcasecmp(value, "false") || ++ !_cups_strcasecmp(value, "off") || ++ !_cups_strcasecmp(value, "disabled") || ++ !_cups_strcasecmp(value, "no") || ++ !_cups_strcasecmp(value, "0")) ++ { ++ *((int *)var->ptr) = FALSE; ++ } ++ else ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown boolean value %s on line %d of %s.", ++ value, linenum, filename); ++ return (0); ++ } ++ break; ++ ++ case CUPSD_VARTYPE_PATHNAME : ++ if (!value) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Missing pathname value for %s on line %d of %s.", ++ line, linenum, filename); ++ return (0); ++ } ++ ++ if (value[0] == '/') ++ strlcpy(temp, value, sizeof(temp)); ++ else ++ snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value); ++ ++ if (access(temp, 0)) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "File or directory for \"%s %s\" on line %d of %s " ++ "does not exist.", line, value, linenum, filename); ++ return (0); ++ } ++ ++ cupsdSetString((char **)var->ptr, temp); ++ break; ++ ++ case CUPSD_VARTYPE_STRING : ++ cupsdSetString((char **)var->ptr, value); ++ break; ++ } ++ ++ return (1); ++} ++ ++ ++/* ++ * 'read_cupsd_conf()' - Read the cupsd.conf configuration file. ++ */ ++ ++static int /* O - 1 on success, 0 on failure */ ++read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + { +- int i; /* Looping var */ + int linenum; /* Current line number */ + char line[HTTP_MAX_BUFFER], + /* Line from file */ +@@ -2528,7 +2721,6 @@ read_configuration(cups_file_t *fp) /* I + *value, /* Pointer to value */ + *valueptr; /* Pointer into value */ + int valuelen; /* Length of value */ +- cupsd_var_t const *var; /* Current variable */ + http_addrlist_t *addrlist, /* Address list */ + *addr; /* Current address */ + unsigned ip[4], /* Address value */ +@@ -2538,7 +2730,6 @@ read_configuration(cups_file_t *fp) /* I + cupsd_location_t *location; /* Browse location */ + cups_file_t *incfile; /* Include file */ + char incname[1024]; /* Include filename */ +- struct group *group; /* Group */ + + + /* +@@ -2570,7 +2761,7 @@ read_configuration(cups_file_t *fp) /* I + incname, strerror(errno)); + else + { +- read_configuration(incfile); ++ read_cupsd_conf(incfile); + cupsFileClose(incfile); + } + } +@@ -2594,8 +2785,6 @@ read_configuration(cups_file_t *fp) /* I + if (linenum == 0) + return (0); + } +- else if (!_cups_strcasecmp(line, "FatalErrors")) +- FatalErrors = parse_fatal_errors(value); + else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value) + { + JobRetryInterval = atoi(value); +@@ -3254,81 +3443,6 @@ read_configuration(cups_file_t *fp) /* I + } + } + #endif /* HAVE_SSL */ +- else if (!_cups_strcasecmp(line, "User") && value) +- { +- /* +- * User ID to run as... +- */ +- +- if (isdigit(value[0] & 255)) +- { +- int uid = atoi(value); +- +- if (!uid) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Will not use User 0 as specified on line %d " +- "for security reasons. You must use a non-" +- "privileged account instead.", +- linenum); +- else +- User = atoi(value); +- } +- else +- { +- struct passwd *p; /* Password information */ +- +- endpwent(); +- p = getpwnam(value); +- +- if (p) +- { +- if (!p->pw_uid) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Will not use User %s (UID=0) as specified on line " +- "%d for security reasons. You must use a non-" +- "privileged account instead.", +- value, linenum); +- else +- User = p->pw_uid; +- } +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Unknown User \"%s\" on line %d, ignoring.", +- value, linenum); +- } +- } +- else if (!_cups_strcasecmp(line, "Group") && value) +- { +- /* +- * Group ID to run as... +- */ +- +- if (isdigit(value[0])) +- Group = atoi(value); +- else +- { +- endgrent(); +- group = getgrnam(value); +- +- if (group != NULL) +- Group = group->gr_gid; +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Unknown Group \"%s\" on line %d, ignoring.", +- value, linenum); +- } +- } +- else if (!_cups_strcasecmp(line, "SystemGroup") && value) +- { +- /* +- * SystemGroup (admin) group(s)... +- */ +- +- if (!parse_groups(value)) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Unknown SystemGroup \"%s\" on line %d, ignoring.", +- value, linenum); +- } + else if (!_cups_strcasecmp(line, "HostNameLookups") && value) + { + /* +@@ -3407,22 +3521,6 @@ read_configuration(cups_file_t *fp) /* I + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.", + value, linenum); + } +- else if (!_cups_strcasecmp(line, "PrintcapFormat") && value) +- { +- /* +- * Format of printcap file? +- */ +- +- if (!_cups_strcasecmp(value, "bsd")) +- PrintcapFormat = PRINTCAP_BSD; +- else if (!_cups_strcasecmp(value, "plist")) +- PrintcapFormat = PRINTCAP_PLIST; +- else if (!_cups_strcasecmp(value, "solaris")) +- PrintcapFormat = PRINTCAP_SOLARIS; +- else +- cupsdLogMessage(CUPSD_LOG_WARN, "Unknown PrintcapFormat %s on line %d.", +- value, linenum); +- } + else if (!_cups_strcasecmp(line, "ServerTokens") && value) + { + /* +@@ -3548,117 +3646,192 @@ read_configuration(cups_file_t *fp) /* I + "line %d.", value, linenum); + } + #endif /* HAVE_SSL */ ++ else if (!_cups_strcasecmp(line, "AccessLog") || ++ !_cups_strcasecmp(line, "CacheDir") || ++ !_cups_strcasecmp(line, "ConfigFilePerm") || ++ !_cups_strcasecmp(line, "DataDir") || ++ !_cups_strcasecmp(line, "DocumentRoot") || ++ !_cups_strcasecmp(line, "ErrorLog") || ++ !_cups_strcasecmp(line, "FatalErrors") || ++ !_cups_strcasecmp(line, "FileDevice") || ++ !_cups_strcasecmp(line, "FontPath") || ++ !_cups_strcasecmp(line, "Group") || ++ !_cups_strcasecmp(line, "LogFilePerm") || ++ !_cups_strcasecmp(line, "LPDConfigFile") || ++ !_cups_strcasecmp(line, "PageLog") || ++ !_cups_strcasecmp(line, "Printcap") || ++ !_cups_strcasecmp(line, "PrintcapFormat") || ++ !_cups_strcasecmp(line, "RequestRoot") || ++ !_cups_strcasecmp(line, "ServerBin") || ++ !_cups_strcasecmp(line, "ServerCertificate") || ++ !_cups_strcasecmp(line, "ServerKey") || ++ !_cups_strcasecmp(line, "ServerRoot") || ++ !_cups_strcasecmp(line, "SMBConfigFile") || ++ !_cups_strcasecmp(line, "StateDir") || ++ !_cups_strcasecmp(line, "SystemGroup") || ++ !_cups_strcasecmp(line, "SystemGroupAuthKey") || ++ !_cups_strcasecmp(line, "TempDir") || ++ !_cups_strcasecmp(line, "User")) ++ { ++ cupsdLogMessage(CUPSD_LOG_WARN, ++ "Please move \"%s%s%s\" on line %d of %s to the %s file; " ++ "this will become an error in a future release.", ++ line, value ? " " : "", value ? value : "", linenum, ++ ConfigurationFile, CupsFilesFile); ++ } + else ++ parse_variable(ConfigurationFile, linenum, line, value, ++ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars); ++ } ++ ++ return (1); ++} ++ ++ ++/* ++ * 'read_cups_files_conf()' - Read the cups-files.conf configuration file. ++ */ ++ ++static int /* O - 1 on success, 0 on failure */ ++read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ ++{ ++ int linenum; /* Current line number */ ++ char line[HTTP_MAX_BUFFER], /* Line from file */ ++ *value; /* Value from line */ ++ struct group *group; /* Group */ ++ ++ ++ /* ++ * Loop through each line in the file... ++ */ ++ ++ linenum = 0; ++ ++ while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) ++ { ++ if (!_cups_strcasecmp(line, "FatalErrors")) ++ FatalErrors = parse_fatal_errors(value); ++ else if (!_cups_strcasecmp(line, "Group") && value) + { + /* +- * Find a simple variable in the list... ++ * Group ID to run as... + */ + +- for (i = NUM_VARS, var = variables; i > 0; i --, var ++) +- if (!_cups_strcasecmp(line, var->name)) +- break; +- +- if (i == 0) ++ if (isdigit(value[0])) ++ Group = atoi(value); ++ else + { +- /* +- * Unknown directive! Output an error message and continue... +- */ ++ endgrent(); ++ group = getgrnam(value); + +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d.", +- line, linenum); ++ if (group != NULL) ++ Group = group->gr_gid; + else +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d.", +- line, linenum); +- continue; ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown Group \"%s\" on line %d of %s.", value, ++ linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } + } ++ } ++ else if (!_cups_strcasecmp(line, "PrintcapFormat") && value) ++ { ++ /* ++ * Format of printcap file? ++ */ + +- switch (var->type) ++ if (!_cups_strcasecmp(value, "bsd")) ++ PrintcapFormat = PRINTCAP_BSD; ++ else if (!_cups_strcasecmp(value, "plist")) ++ PrintcapFormat = PRINTCAP_PLIST; ++ else if (!_cups_strcasecmp(value, "solaris")) ++ PrintcapFormat = PRINTCAP_SOLARIS; ++ else + { +- case CUPSD_VARTYPE_INTEGER : +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Missing integer value for %s on line %d.", +- line, linenum); +- else +- { +- int n; /* Number */ +- char *units; /* Units */ +- +- +- n = strtol(value, &units, 0); +- +- if (units && *units) +- { +- if (tolower(units[0] & 255) == 'g') +- n *= 1024 * 1024 * 1024; +- else if (tolower(units[0] & 255) == 'm') +- n *= 1024 * 1024; +- else if (tolower(units[0] & 255) == 'k') +- n *= 1024; +- else if (tolower(units[0] & 255) == 't') +- n *= 262144; +- } +- +- if (n < 0) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Bad negative integer value for %s on line %d.", +- line, linenum); +- else +- *((int *)var->ptr) = n; +- } +- break; ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown PrintcapFormat \"%s\" on line %d of %s.", ++ value, linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } ++ } ++ else if (!_cups_strcasecmp(line, "SystemGroup") && value) ++ { ++ /* ++ * SystemGroup (admin) group(s)... ++ */ + +- case CUPSD_VARTYPE_BOOLEAN : +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Missing boolean value for %s on line %d.", +- line, linenum); +- else if (!_cups_strcasecmp(value, "true") || +- !_cups_strcasecmp(value, "on") || +- !_cups_strcasecmp(value, "enabled") || +- !_cups_strcasecmp(value, "yes") || +- atoi(value) != 0) +- *((int *)var->ptr) = TRUE; +- else if (!_cups_strcasecmp(value, "false") || +- !_cups_strcasecmp(value, "off") || +- !_cups_strcasecmp(value, "disabled") || +- !_cups_strcasecmp(value, "no") || +- !_cups_strcasecmp(value, "0")) +- *((int *)var->ptr) = FALSE; +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Unknown boolean value %s on line %d.", +- value, linenum); +- break; ++ if (!parse_groups(value)) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown SystemGroup \"%s\" on line %d of %s.", value, ++ linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } ++ } ++ else if (!_cups_strcasecmp(line, "User") && value) ++ { ++ /* ++ * User ID to run as... ++ */ + +- case CUPSD_VARTYPE_PATHNAME : +- if (!value) +- { +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "Missing pathname value for %s on line %d.", +- line, linenum); +- break; +- } ++ if (isdigit(value[0] & 255)) ++ { ++ int uid = atoi(value); + +- if (value[0] == '/') +- strlcpy(temp, value, sizeof(temp)); +- else +- snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value); ++ if (!uid) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Will not use User 0 as specified on line %d of %s " ++ "for security reasons. You must use a non-" ++ "privileged account instead.", ++ linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } ++ else ++ User = atoi(value); ++ } ++ else ++ { ++ struct passwd *p; /* Password information */ + +- if (access(temp, 0)) +- { +- cupsdLogMessage(CUPSD_LOG_ERROR, +- "File or directory for \"%s %s\" on line %d " +- "does not exist.", line, value, linenum); +- break; +- } ++ endpwent(); ++ p = getpwnam(value); + +- case CUPSD_VARTYPE_STRING : +- cupsdSetString((char **)var->ptr, value); +- break; ++ if (p) ++ { ++ if (!p->pw_uid) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Will not use User %s (UID=0) as specified on line " ++ "%d of %s for security reasons. You must use a " ++ "non-privileged account instead.", ++ value, linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } ++ else ++ User = p->pw_uid; ++ } ++ else ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "Unknown User \"%s\" on line %d of %s.", ++ value, linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } + } + } ++ else if (!parse_variable(CupsFilesFile, linenum, line, value, ++ sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]), ++ cupsfiles_vars) && ++ (FatalErrors & CUPSD_FATAL_CONFIG)) ++ return (0); + } + + return (1); +diff -up cups-1.5.4/scheduler/conf.h.str4223 cups-1.5.4/scheduler/conf.h +--- cups-1.5.4/scheduler/conf.h.str4223 2012-11-27 13:36:54.347147118 +0000 ++++ cups-1.5.4/scheduler/conf.h 2012-11-27 13:36:54.518147854 +0000 +@@ -96,7 +96,9 @@ typedef struct + */ + + VAR char *ConfigurationFile VALUE(NULL), +- /* Configuration file to use */ ++ /* cupsd.conf file to use */ ++ *CupsFilesFile VALUE(NULL), ++ /* cups-files.conf file to use */ + *ServerName VALUE(NULL), + /* FQDN for server */ + *ServerAdmin VALUE(NULL), +diff -up cups-1.5.4/scheduler/main.c.str4223 cups-1.5.4/scheduler/main.c +--- cups-1.5.4/scheduler/main.c.str4223 2012-11-27 13:36:54.491147738 +0000 ++++ cups-1.5.4/scheduler/main.c 2012-11-27 13:36:54.518147854 +0000 +@@ -225,7 +225,6 @@ main(int argc, /* I - Number of comm + + char *current; /* Current directory */ + +- + /* + * Allocate a buffer for the current working directory to + * reduce run-time stack usage; this approximates the +@@ -251,6 +250,35 @@ main(int argc, /* I - Number of comm + cupsdSetStringf(&ConfigurationFile, "%s/%s", current, argv[i]); + free(current); + } ++ ++ if (!CupsFilesFile) ++ { ++ char *filename, /* Copy of cupsd.conf filename */ ++ *slash; /* Final slash in cupsd.conf filename */ ++ size_t len; /* Size of buffer */ ++ ++ len = strlen(ConfigurationFile) + 15; ++ if ((filename = malloc(len)) == NULL) ++ { ++ _cupsLangPrintf(stderr, ++ _("cupsd: Unable to get path to " ++ "cups-files.conf file.")); ++ return (1); ++ } ++ ++ strlcpy(filename, ConfigurationFile, len); ++ if ((slash = strrchr(filename, '/')) == NULL) ++ { ++ _cupsLangPrintf(stderr, ++ _("cupsd: Unable to get path to " ++ "cups-files.conf file.")); ++ return (1); ++ } ++ ++ strlcpy(slash, "/cups-files.conf", len - (slash - filename)); ++ cupsdSetString(&CupsFilesFile, filename); ++ free(filename); ++ } + break; + + case 'f' : /* Run in foreground... */ +@@ -289,6 +317,29 @@ main(int argc, /* I - Number of comm + UseProfiles = 0; + break; + ++ case 's' : /* Set cups-files.conf location */ ++ i ++; ++ if (i >= argc) ++ { ++ _cupsLangPuts(stderr, _("cupsd: Expected cups-files.conf " ++ "filename after \"-s\" option.")); ++ usage(1); ++ } ++ ++ if (argv[i][0] != '/') ++ { ++ /* ++ * Relative filename not allowed... ++ */ ++ ++ _cupsLangPuts(stderr, _("cupsd: Relative cups-files.conf " ++ "filename not allowed.")); ++ usage(1); ++ } ++ ++ cupsdSetString(&CupsFilesFile, argv[i]); ++ break; ++ + #ifdef __APPLE__ + case 'S' : /* Disable system management functions */ + fputs("cupsd: -S (disable system management) for internal " +diff -up cups-1.5.4/test/run-stp-tests.sh.str4223 cups-1.5.4/test/run-stp-tests.sh +--- cups-1.5.4/test/run-stp-tests.sh.str4223 2012-05-15 15:04:18.000000000 +0100 ++++ cups-1.5.4/test/run-stp-tests.sh 2012-11-27 13:36:54.518147854 +0000 +@@ -337,25 +337,10 @@ fi + + cat >/tmp/cups-$user/cupsd.conf < + EOF + ++cat >/tmp/cups-$user/cups-files.conf <= 13 Requires(post): systemd-units +Requires(post): grep, sed Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-sysv @@ -325,6 +328,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results. # Apply upstream patch to stop backend spinning on failed auth (bug #873264). %patch46 -p1 -b .str4190 +# Apply upstream fix for CVE-2012-5519 (STR #4223, bug #875898). +%patch47 -p1 -b .str4223 + %if %lspp # LSPP support. %patch100 -p1 -b .lspp @@ -477,6 +483,42 @@ php --no-php-ini \ %post +# Deal with config migration due to CVE-2012-5519 (STR #4223) +IN=%{_sysconfdir}/cups/cupsd.conf +OUT=%{_sysconfdir}/cups/cups-files.conf +copiedany=no +for keyword in AccessLog CacheDir ConfigFilePerm \ + DataDir DocumentRoot ErrorLog FatalErrors \ + FileDevice FontPath Group LogFilePerm \ + LPDConfigFile PageLog Printcap PrintcapFormat \ + RequestRoot ServerBin ServerCertificate \ + ServerKey ServerRoot SMBConfigFile StateDir \ + SystemGroup SystemGroupAuthKey TempDir User; do + if ! /usr/bin/grep -iq ^$keyword "$IN"; then continue; fi + copy=yes + if /usr/bin/grep -iq ^$keyword "$OUT"; then + if [ "`/usr/bin/grep -i ^$keyword "$IN"`" == \ + "`/usr/bin/grep -i ^$keyword "$OUT"`" ]; then + copy=no + else + /usr/bin/sed -i -e "s,^$keyword,#$keyword,i" "$OUT" + fi + fi + if [ "$copy" == "yes" ]; then + if [ "$copiedany" == "no" ]; then + cat >> "$OUT" <> "$OUT" + copiedany=yes + fi + + /usr/bin/sed -i -e "s,^$keyword,#$keyword,i" "$IN" +done + if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl enable cups.{service,socket,path} >/dev/null 2>&1 || : @@ -570,6 +612,7 @@ rm -f %{cups_serverbin}/backend/smb %{_prefix}/lib/tmpfiles.d/cups.conf %{_prefix}/lib/tmpfiles.d/cups-lp.conf %verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf +%verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/cups-files.conf %attr(0640,root,lp) %{_sysconfdir}/cups/cupsd.conf.default %verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/client.conf %verify(not md5 size mtime) %config(noreplace) %attr(0600,root,lp) %{_sysconfdir}/cups/classes.conf @@ -693,6 +736,10 @@ rm -f %{cups_serverbin}/backend/smb %{_mandir}/man1/ipptool.1.gz %changelog +* Mon Nov 26 2012 Tim Waugh 1:1.5.4-12 +- Apply upstream fix for CVE-2012-5519 (STR #4223, bug #875898). + Migrate configuration keywords as needed. + * Mon Nov 5 2012 Tim Waugh 1:1.5.4-11 - Apply upstream patch to stop backend spinning on failed auth (bug #873264).