cups 2.2.8

[skip-ci]
2025-02-03 10:07:15 +08:00 · 2018-07-09 23:40:34 +02:00 · 2018-07-09 23:40:34 +02:00 · a05aeffd5e
commit a05aeffd5e
parent e90843ff30
5 changed files with 139 additions and 25 deletions
--- a/cups/PKGBUILD
+++ b/cups/PKGBUILD
@ -1,7 +1,7 @@
 pkgbase="cups"
 pkgname=('libcups' 'cups')
-pkgver=2.2.6
-pkgrel=4
+pkgver=2.2.8
+pkgrel=1
 arch=('x86_64')
 license=('GPL')
 url="http://www.cups.org/"
@ -9,25 +9,31 @@ makedepends=('libtiff>=4.0.0' 'libpng>=1.5.7' 'acl' 'pam' 'xdg-utils' 'krb5' 'gn
             'cups-filters' 'bc' 'colord' 'xinetd' 'gzip' 'autoconf' 'libusb' 'dbus' 
             'avahi'  'hicolor-icon-theme' 'systemd' 'inetutils' 'libpaper' 'valgrind')
 source=("https://github.com/apple/cups/releases/download/v${pkgver}/${pkgbase}-${pkgver}-source.tar.gz"{,.sig}
-        cups.logrotate cups.pam
+        cups.logrotate
+        cups.pam
+        cups.sysusers
        # improve build and linking
        cups-no-export-ssllibs.patch
        cups-no-gzip-man.patch
        cups-1.6.2-statedir.patch
        # bugfixes
        cups-systemd-socket.patch
-        cups-ppdLocalize.patch
-)
-md5sums=('e91c26d8d97b5a1630a962f530f02192'
+        guid.patch
+        cups-2.2.8-5325.patch)
+md5sums=('33150d08993a04c8e22176e93805a051'
         'SKIP'
         'fc8286f185e2cc5f7e1f6843bf193e2b'
         '96f82c38f3f540b53f3e5144900acf17'
+         '76422fe851f79800a3b0a83467c3fceb'
         '3ba9e3410df1dc3015463d615ef91b3b'
         '39dd3141991c3052b73f59ece70e1ea6'
         '451609db34f95209d64c38474de27ce1'
-         '53bb3c80ee6823d36f9ab499373edfc5'
-         '95f76349f46cd05c5943e2459dd1e747')
-validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org (CUPS.org PGP key) <security [at] cups.org>
+         '2642d914f0b3b05f9c38d9864b670302'
+         'e42820dd62ef79f1a2f0448bf06393d2'
+         'e9825ade79e15524a85a00820a20d324')
+validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org (CUPS.org PGP key) <security@cups.org>
+validpgpkeys+=('45D083946E3035282B3CCA9AF434104235DA97EB') # "CUPS.org <security@cups.org>"
+validpgpkeys+=('845464660B686AAB36540B6F999559A027815955') # "Michael R Sweet <michael.r.sweet@gmail.com>"

 prepare() {

@ -45,7 +51,10 @@ prepare() {
  # make sure network is up when starting and notify systemd - FC
  patch -Np1 -i ${srcdir}/cups-systemd-socket.patch
  # https://github.com/apple/cups/pull/5303
-  patch -Np1 -i ${srcdir}/cups-ppdLocalize.patch
+  patch -Np1 -i ${srcdir}/cups-2.2.8-5325.patch
+  
+  # FS#56818 - https://github.com/apple/cups/issues/5236
+  patch -Np1 -i ${srcdir}/guid.patch
  
  # set MaxLogSize to 0 to prevent using cups internal log rotation
  sed -i -e '5i\ ' conf/cupsd.conf.in
@ -67,8 +76,8 @@ build() {
     --with-logdir=/var/log/cups \
     --with-docdir=/usr/share/cups/doc \
     --with-exe-file-perm=0755 \
-     --with-cups-user=daemon \
-     --with-cups-group=lp \
+     --with-cups-user=209 \
+     --with-cups-group=209 \
     --enable-pam=yes \
     --enable-raw-printing \
     --enable-dbus --with-dbusdir=/etc/dbus-1 \
@ -83,7 +92,7 @@ build() {

 package_libcups() {
 pkgdesc="The CUPS Printing System - client libraries and headers"
-depends=('gnutls>=3.4.6' 'libtiff>=4.0.0' 'libpng>=1.5.7' 'krb5' 'avahi' 'libusb')
+depends=('gnutls' 'libtiff>=4.0.0' 'libpng>=1.5.7' 'krb5' 'avahi' 'libusb')
 backup=(etc/cups/client.conf)

  cd ${pkgbase}-${pkgver}
@ -91,15 +100,6 @@ backup=(etc/cups/client.conf)
  # put this into the libs pkg to make other software find the libs(no pkg-config file included)
  mkdir -p ${pkgdir}/usr/bin 
  install -m755 ${srcdir}/${pkgbase}-${pkgver}/cups-config ${pkgdir}/usr/bin/cups-config
-  
-  # install client.conf man page and config file
-  install -dm755 ${pkgdir}/usr/share/man/man5
-  install -Dm644  ${srcdir}/${pkgbase}-${pkgver}/man/client.conf.man ${pkgdir}/usr/share/man/man5/
-  install -dm755 -g lp ${pkgdir}/etc/cups
-  touch ${pkgdir}/etc/cups/client.conf
-  echo "# see 'man client.conf'" >> ${pkgdir}/etc/cups/client.conf
-  echo "ServerName /run/cups/cups.sock #  alternative: ServerName hostname-or-ip-address[:port] of a remote server" >> ${pkgdir}/etc/cups/client.conf
-  chgrp -R lp ${pkgdir}/etc/cups
 }

 package_cups() {
@ -134,8 +134,13 @@ optdepends=('xdg-utils: xdg .desktop file support')
  chmod 755 ${pkgdir}/var/spool
  chmod 755 ${pkgdir}/etc

+  # use cups group FS#36769
+  install -Dm644 "$srcdir"/cups.sysusers "${pkgdir}/usr/lib/sysusers.d/$pkgname.conf"
+  sed -i "s:#User 209:User 209:" ${pkgdir}/etc/cups/cups-files.conf{,.default}
+  sed -i "s:#Group 209:Group 209:" ${pkgdir}/etc/cups/cups-files.conf{,.default}
+
  # install ssl directory where to store the certs, solves some samba issues
-  install -dm700 -g lp ${pkgdir}/etc/cups/ssl
+  install -dm700 -g 209 ${pkgdir}/etc/cups/ssl
  # remove directory from package, it will be recreated at each server start
  rm -rf ${pkgdir}/run

@ -143,7 +148,7 @@ optdepends=('xdg-utils: xdg .desktop file support')
  touch ${pkgdir}/etc/cups/printers.conf
  touch ${pkgdir}/etc/cups/classes.conf
  touch ${pkgdir}/etc/cups/subscriptions.conf 
-  chgrp -R lp ${pkgdir}/etc/cups
+  chgrp -R 209 ${pkgdir}/etc/cups
  
  # fix .desktop file
  sed -i 's|^Exec=htmlview http://localhost:631/|Exec=xdg-open http://localhost:631/|g' ${pkgdir}/usr/share/applications/cups.desktop
--- a/cups/cups-2.2.8-5325.patch
+++ b/cups/cups-2.2.8-5325.patch
@ -0,0 +1,64 @@
+diff --git a/cups/ipp.c b/cups/ipp.c
+index 9346b201f..d6e39d5d8 100644
+--- a/cups/ipp.c
+++ b/cups/ipp.c
+@@ -5101,16 +5101,19 @@ ippValidateAttribute(
+ 	      break;
+ 	  }
+ 
+-	  if (*ptr < ' ' || *ptr == 0x7f)
+-	  {
+-	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text);
+-	    return (0);
+-	  }
+-	  else if (*ptr)
+-	  {
+-	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text);
+-	    return (0);
+-	  }
+          if (*ptr)
+          {
+	    if (*ptr < ' ' || *ptr == 0x7f)
+	    {
+	      ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text);
+	      return (0);
+	    }
+	    else
+	    {
+	      ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text);
+	      return (0);
+	    }
+          }
+ 
+ 	  if ((ptr - attr->values[i].string.text) > (IPP_MAX_TEXT - 1))
+ 	  {
+@@ -5163,16 +5166,19 @@ ippValidateAttribute(
+ 	      break;
+ 	  }
+ 
+-	  if (*ptr < ' ' || *ptr == 0x7f)
+-	  {
+-	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text);
+-	    return (0);
+-	  }
+-	  else if (*ptr)
+	  if (*ptr)
+ 	  {
+-	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text);
+-	    return (0);
+-	  }
+	    if (*ptr < ' ' || *ptr == 0x7f)
+	    {
+	      ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text);
+	      return (0);
+	    }
+	    else
+	    {
+	      ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text);
+	      return (0);
+	    }
+          }
+ 
+ 	  if ((ptr - attr->values[i].string.text) > (IPP_MAX_NAME - 1))
+ 	  {
+
--- a/cups/cups-systemd-socket.patch
+++ b/cups/cups-systemd-socket.patch
@ -43,6 +43,7 @@ diff -up cups-2.0.2/scheduler/org.cups.cupsd.service.in.ustTJg cups-2.0.2/schedu
 ExecStart=@sbindir@/cupsd -l
 -Type=simple
 +Type=notify
+ Restart=on-failure
 
 [Install]
- Also=org.cups.cupsd.socket org.cups.cupsd.path
+
--- a/cups/cups.sysusers
+++ b/cups/cups.sysusers
@ -0,0 +1,2 @@
+u cups 209 "cups helper user"
+m cups lp
--- a/cups/guid.patch
+++ b/cups/guid.patch
@ -0,0 +1,42 @@
+diff --git a/scheduler/cups-exec.c b/scheduler/cups-exec.c
+index aab43a797..46c549075 100644
+--- a/scheduler/cups-exec.c
+++ b/scheduler/cups-exec.c
+@@ -133,8 +133,13 @@ main(int  argc,				/* I - Number of command-line args */
+     if (setgid(gid))
+       exit(errno + 100);
+ 
+-    if (setgroups(1, &gid))
+#include <pwd.h>
+    struct passwd * pwd = getpwuid(uid);
+    if(initgroups(pwd->pw_name,pwd->pw_gid))
+    {
+      fprintf(stderr, "DEBUG: initgroups failed\n");
+       exit(errno + 100);
+    }
+ 
+     if (uid && setuid(uid))
+       exit(errno + 100);
+diff --git a/scheduler/util.c b/scheduler/util.c
+index 19ebf069b..4638562bd 100644
+--- a/scheduler/util.c
+++ b/scheduler/util.c
+@@ -300,7 +300,16 @@ cupsdPipeCommand(int        *pid,	/* O - Process ID or 0 on error */
+     */
+ 
+     if (!getuid() && user)
+-      setuid(user);			/* Run as restricted user */
+    {
+#include <pwd.h>
+      struct passwd * pwd = getpwuid(user);
+      if(initgroups(pwd->pw_name,pwd->pw_gid))
+      {
+        fprintf(stderr, "DEBUG: initgroups failed\n");
+        exit(errno + 100);
+      }
+      setuid(user); /* Run as restricted user */
+    }
+ 
+     if ((fd = open("/dev/null", O_RDONLY)) > 0)
+     {
+