pkgsrc/print/cups/patches/patch-scheduler_auth.c
wiz aeaec6c262 Update to 1.7.3 based on patch by Leonardo Taccari on pkgsrc-users.
Additionally, remove patch-au since it is now superfluous.

CHANGES IN CUPS V1.7.3

	- Added Brazilian Portuguese translation (STR #4409)
	- Fixed mapping of OutputBin values such as "Tray1"
	  (<rdar://problem/16685606>)
	- Several ippGet* functions incorrectly returned -1 instead of 0 on
	  error.
	- The cupsGetResponse function did not work properly with
	  CUPS_HTTP_DEFAULT (<rdar://problem/16762593>)
	- The IPP backend did not abort a job when the printer did not validate
	  the supplied options (<rdar://problem/16836752>)
	- Fixed an authentication race condition in cupsSendRequest (STR #4403)
	- The scheduler did not add the "job-hold-until-specified" reason when
	  holding a job using the lp command (STR #4405)
	- The CUPS headers incorrectly needed libdispatch for blocks support
	  (STR #4397)
	- The configure script incorrectly added libgcrypt as a GNU TLS
	  dependency (STR #4399)
	- CUPS did not compile when Avahi or mDNSResponder was not present
	  (STR #4402)
	- cupsGetDestMediaCount did not work for CUPS_MEDIA_FLAGS DEFAULT
	  (STR #4414)
	- Auto-typing of PWG Raster files did not work (STR #4417)
	- IPP queues using hardcoded credentials would ask for credentials
	  (STR #4371)
	- Dates in non-UTF-8 locales did not display correctly (STR #4388)
	- The RPM spec file now looks for libusb-devel 1.0 or later.
	- Fixed the "create-printer-subscription.test" file for IPPTOOL
	  (STR #4420)


CHANGES IN CUPS V1.7.2

	- Security: The scheduler now blocks URLs containing embedded HTML
	  (STR #4356)
	- Documentation fixes (STR #3259, STR #4346, STR #4355)
	- Fixed the Japanese localization (STR #4385)
	- Added a German localization (STR #4363)
	- The cupsfilter command incorrectly read the cupsd.conf file; it now
	  reads the cups-files.conf file instead.
	- Fixed OS X builds with Xcode 5.x (<rdar://problem/15914959>)
	- Fixed SSL support on Windows (STR #4358)
	- Fixed documentation and naming of Create-Job/Printer-Subscriptions
	  operations (STR #4389)
	- Phone numbers in fax jobs were not properly filtered for IPP FaxOut
	  (<rdar://problem/16351701>)
	- Fixed a memory leak in the label printer driver (STR #4393)
	- Updated Linux "relro" support (STR #4349)
	- cupsEnumDests did not set the "is_default" field (STR #4332)
	- cupsDoIORequest could miss the server status, causing failed lpadmin
	  and other administrative commands (STR #4386)
	- cupsEnumDests didn't always call the callback function (STR #4380)
	- "lp -i job-id -H hold" did not work (STR #4401)
	- CUPS didn't compile on older platforms (STR #4338)
	- Several libcups files did not have the Apple license exception
	  notice (STR #4361)
	- Fixed a D-BUS threading issue that caused the scheduler to crash
	  (STR #4347)
	- The scheduler now automatically reconnects to Avahi as needed
	  (STR #4370, STR #4373)
	- The scheduler did not handle GET requests for the log files properly
	  (STR #3265)
	- The dnssd backend did not always report all discovered printers using
	  Avahi (STR #4365)
	- The Zebra printer driver did not properly handle negative "label top"
	  values (STR #4354)
	- The scheduler did not always update the MakeModel value in
	  printers.conf after updating the driver (STR #4264)
	- The LPD mini daemon did not support print jobs larger than 2GB
	  (STR #4351)
	- Fixed a bug in the status reading code when sending a compressed data
	  stream to an IPP printer/server (<rdar://problem/16019623>)
	- The IPP backend might not include all job attributes in Validate-Job
	  operations (<rdar://problem/16025435>)
	- Fixed some clang-reported issues (<rdar://problem/15936066>)


CHANGES IN CUPS V1.7.1

	- Security: the lppasswd program incorrectly used settings from
	  ~/.cups/client.conf (STR #4319)
	- Auto debug logging was broken in 1.7.0 (<rdar://problem/15331639>)
	- Some gzip'd PPD files could not be used (<rdar://problem/15386424>)
	- Cleaned up some job logging in the scheduler
	  (<rdar://problem/15332672>)
	- ATTR messages could cause string pool memory corruption in the
	  scheduler (<rdar://problem/15382819>)
	- The RPM spec file did not list the build requirements; this was on
	  purpose, but now we are listing the Red Hat package names
	  (<rdar://problem/15375760>, STR #4322)
	- Printing to a raw queue could result in corrupt output due to
	  opportunistic compression (<rdar://problem/15008524>)
	- The GNU TLS support code triggered many compiler warnings due to the
	  use of old GNU TLS compatibility type names
	  (<rdar://problem/15392966>)
	- The "make check" test suite did not work on Linux without the
	  cups-filters package installed (<rdar://problem/14292998>)
	- Japanese PPDs using with the Shift-JIS encoding did not work
	  (<rdar://problem/15427759>)
	- "tel:" URIs incorrectly had slashes (<rdar://problem/15418463>)
	- The libusb-based USB backend incorrectly used write timeouts
	  (<rdar://problem/15564888>)
	- Shared printers could become inaccessible after a few days on OS X
	  (<rdar://problem/15426838>)
	- The IPP backend did not wait for a busy printer to become available
	  before attempting to print (<rdar://problem/15465667>)
	- CUPS did not support "auto-monochrome" or "process-monochrome" for the
	  "print-color-mode" option (<rdar://problem/15482520>)
	- Using "@IF(name)" in an Allow or Deny rule did not work (STR #4328)
	- lpq and lpstat did not list jobs in the correct order when priorities
	  were specified (STR #4326)
	- The D-BUS notifier did not remove its lockfile (STR #4314)
	- CUPS incorrectly used the USER environment variable when the name did
	  not match the user ID (STR #4327)


CHANGES IN CUPS V1.7.0

	- Updated Japanese localization.
	- The lpadmin command did not send the PPD name from the "-m" option
	  (<rdar://problem/15264697>)
	- Network backends now use the prtMarkerSuppliesClass property to
	  determine the direction of supply level values
	  (<rdar://problem/14302628>)
	- The scheduler did not remove backup PPD files when a printer was
	  deleted (<rdar://problem/15065555>)
	- The scheduler incorrectly responded to HEAD requests when the web
	  interface was disabled (<rdar://problem/15090332>)
	- The scheduler did not respond using the hostname specified by the
	  client (<rdar://problem/14583574>)
	- Fax queues did not work when shared via Bonjour
	  (<rdar://problem/14498310>)
	- Error messages from the scheduler were not localized using the
	  language specified in the client's IPP request
	  (<rdar://problem/14128011>)
	- Added an Italian localization (<rdar://problem/14481578>)
	- Fixed a couple memory leaks in ippfind that were reported by Clang.
	- Fixed a compile issue on 64-bit Linux with Clang - need to use the
	  -pie option instead of -Wl,-pie now (<rdar://problem/14480938>)
	- The ippfind utility reported the wrong port numbers when compiled
	  against Avahi (<rdar://problem/14508324>)
	- httpGetFd, httpGetFile, httpPutFd, and httpPutFile did not
	  automatically reconnect if the server closed the connecion after the
	  previous response.
	- Fixed a compile error in libcups (<rdar://problem/14467141>)
	- The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE
	  environment variable to the filters or backend
	  (<rdar://problem/14355011>)
	- The cups-exec helper program could fail randomly on OS X due to
	  sandbox violations when closing excess file descriptors
	  (<rdar://problem/14421943>)
	- The scheduler incorrectly did not use the kqueue interface on OS X.


CHANGES IN CUPS V1.7rc1

	- Printer xxx-default values were not reported by Get-Printer-Attributes
	  or lpoptions (<rdar://problem/14401795>)
	- Fixed deprecation warnings for many functions on OS X so they are tied
	  to the deployment version when building (<rdar://problem/14210079>)
	- Fixed a build issue on ARM-based Linux systems - unable to validate
	  va_list arguments.
	- Added a new ippfind tool for finding IPP printers and other Bonjour
	  services (<rdar://problem/13876199>)
	- Fixed some issues with conversion of PWG media size names to
	  hundredths of millimeters (<rdar://problem/14065748>)
	- The IPP backend could crash on OS X when printing to a Kerberized
	  printer (<rdar://problem/14040186>)
	- The ipptool program now automatically extends timeouts when the
	  output buffer is filled (<rdar://problem/14016099>)
	- The ipptool program now supports the --help and --version options.
	- The ipptool program did not continue past include file errors by
	  default (<rdar://problem/13875803>)
	- The ipptool program now supports FILE-ID and TEST-ID directives and
	  includes their values in its XML output (<rdar://problem/13876038>)
	- The ipptool program now supports WITH-HOSTNAME, WITH-RESOURCE, and
	  WITH-SCHEME expect predicates to compare the corresponding URI
	  components (<rdar://problem/13876091>)


CHANGES IN CUPS V1.7b1

	- The configure script now supports a --with-rundir option to change
	  the transient run-time state directory from the default to other
	  locations like /run/cups (STR #4306)
	- The scheduler now supports PPD lookups for classes (STR #4296)
	- The cupsfilter program did not set the FINAL_CONTENT_TYPE
	  environment variable for filters.
	- Added a new "-x" option to the cancel command (STR #4103)
	- Made the PWG media handling APIs public (STR #4267)
	- Implemented ready media support for the cupsGetDestMediaXxx APIs
	  (STR #4289)
	- Added new cupsFindDestDefault, cupsFindDestReady, and
	  cupsFindDestSupported APIs (STR #4289)
	- Added new cupsGetDestMediaByIndex, cupsGetDestMediaCount, and
	  cupsGetDestMediaDefault APIs (STR #4289)
	- Added new ippGet/SetOctetString APIs for getting and setting an
	  octetString value (STR #4289)
	- Added new ippCreateRequestedArray API for generating a array of
	  attributes from the requested-attributes attribute.
	- The ipptool utility now supports compression, conditional tests based
	  on the presence of files, and new DEFINE predicates for STATUS.
	- Added new IPP APIs for checking values (STR #4167)
	- Added new IPP APis for adding and setting formatted strings.
	- Added new HTTP APIs to support basic server functionality via libcups.
	- The dnssd backend now generates a 1284 device ID as needed (STR #3702)
	- CUPS now supports compressing and decompressing streamed data
	  (STR #4168)
	- CUPS now supports higher-level PIN printing, external accounting
	  systems, and "print here" printing environments (STR #4169)
	- IRIX is no longer a supported operating system (STR #4092)
	- The PPD compiler now supports JCL options properly (STR #4115)
	- The web interface now checks whether the web browser has cookies
	  enabled and displays a suitable error message (STR #4141)

CHANGES IN CUPS V1.6.4

	- Removed some duplicate size definitions for some ISO sizes that were
	  causing problems (<rdar://problem/14722721>)
	- The IPP backend did not add the "last-document" attribute
	  (<rdar://problem/114660379>)
	- Added a SyncOnClose directive to cups-files.conf to force cupsd to
	  call fsync before closing any configuration/state files it writes
	  (<rdar://problem/14523043>)
	- Added USB quirk rule for Lexmark E238 (<rdar://problem/14493054>)
	- Closed server connections were still not always detected
	  (<rdar://problem/14484313>)
	- The libusb-based USB backend now loads its list of quirks from files
	  in /usr/share/cups/usb instead of using a hardcoded table
	  (<rdar://problem/14442769>)
	- The scheduler did not properly register ICC color profiles with
	  colord (<rdar://problem/14455625>)


CHANGES IN CUPS V1.6.3

	- The configure script now prefers Clang over GCC.
	- Fixed a compile problem on AIX (STR #4307)
	- The default IPP version did not always get set before creating a new
	  IPP request message (<rdar://problem/14401718>)
	- The lp, lpq, lpr, and lpstat now display an error message advising the
	  use of the /version=1.1 ServerName option (<rdar://problem/14290628>)
	- Added documentation about the /version=1.1 option to ServerName in
	  client.conf (<rdar://problem/14216262>)
	- httpStatus(HTTP_ERROR) did not return a useful error message
	  (<rdar://problem/14217326>)
	- The lp, lpq, lpr, and lpstat commands incorrectly ignored the default
	  printer set in the lpoptions file (<rdar://problem/14216472>)
	- Fixed a URI encoding issue for hostnames containing the ` (backquote)
	  character (<rdar://problem/14243133>)
	- Added support for RFC 6874's IPv6 link local address format in URIs
	  (<rdar://problem/13979453>)
	- The USB backend could crash on libusb-based systems if USB was
	  disabled in the BIOS (<rdar://problem/13875729>)
	- Fixed a rounding error in the PWG media size mapping code
	  (<rdar://problem/13493241>)
	- Fixed several ipptool test files that used old STATUS names.
	- Kerberos credentials could get truncated when printing to a shared
	  printer.
	- Printing using "ipps" URIs was not encrypted.
	- Insecure ICC profiles prevented installation of user profiles for a
	  printer on OS X.
	- Added more USB quirks for the libusb-based backend (STR #4311,
	  <rdar://problem/13736470>)
	- The Russian web interface templates were broken (STR #4310)
	- The scheduler no longer tries to do Kerberos authentication over the
	  loopback interface.
	- The IPP backend could fail to pause a job for authentication
	  (STR #4298)
	- Fixed a regression on the handling of auth keys on OS X if the
	  cups-files.conf was not present or did not contain a SystemAuthKey
	  value.
	- The scheduler incorrectly did a reverse lookup of the server address
	  when HostNameLookups was turned off (STR #4302)
	- The scheduler incorrectly computed the final content type value when
	  null filters were present.


CHANGES IN CUPS V1.6.2

	- Documentation fixes (STR #4229, STR #4239, STR #4234, STR #4248,
	  STR #4259)
	- Security: All file, directory, user, and group settings are now stored
	  in a separate cups-files.conf configuration file that cannot be set
	  through the CUPS web interface or APIs (STR #4223)
	- Added a Czech localization (STR #4201)
	- Added a French localization (STR #4247)
	- Added a Russian localization (STR #4228, STR #4285)
	- Updated the Catalan localization (STR #4202)
	- Local certificate authentication did not guard against an empty
	  certification file (STR #4293)
	- The scheduler did not reject device URIs with spaces.
	- Added USB quirk rule for Epson Stylus Photo 750 (STR #4286)
	- The IPP backend could crash if the printer disconnects early
	  (STR #4284)
	- cupsGetPPD did not work with statically-configured CUPS shared
	  queues (STR #4178)
	- The scheduler did not support long MIME media types (STR #4270)
	- The cupsfilter command did not set the CHARSET environment variable
	  for the text filters (STR #4273)
	- The lp command did not show errors for unknown "--foo" (STR #4261)
	- Bad IPP responses could crash ipptool (STR #4262)
	- Updated USB quirk rules for Canon and Xerox printers (STR #4217,
	  STR #4263)
	- Added USB blacklisting for printers that require a custom backend
	  (STR #4218)
	- The PPD compiler did not correctly JCL options (STR #4115, STR #4203)
	- The ipptool program now supports DEFINE-MATCH and DEFINE-NO-MATCH
	  predicates for STATUS directives.
	- Fixed a problem with local Kerberos authentication (STR #4140)
	- Coverity scan: fixed some minor issues (STR #4242)
	- The scheduler did not remove color profiles after deleting a printer
	  (STR #4232, STR #4276)
	- The CUPS library did not always detect a timed out connection to the
	  server which could cause temporary loss of printing from applications
	  (STR #4187)
	- The ipptool program now supports variable substitution in OPERATION
	  and DELAY directives (STR #4175)
	- The IPP backend now stops queues when the server configuration
	  prevents successful job submission (STR #4125)
	- The XML output of ipptool contained empty dictionaries (STR #4136)
	- The scheduler did not delete job control backup files (STR #4244)
	- cupsGetPPD3 could return a local PPD instead of the correct remote
	  PPD.
	- The scheduler incorrectly advertised auth-info-required for local
	  queues needing local authentication (STR #4205)
	- CUPS 1.6 clients using the ServerName directive in client.conf did not
	  work with CUPS 1.3.x or older servers (STR #4231, STR #4291)
	- The SNMP backend now tries to work around broken printers that use a
	  newline to separate key/value pairs.
	- The IPP backend did not send a cancel request to printers when a job
	  was canceled and the printer did not support Create-Job.
	- Fixed EPM packaging files (STR #4199)
	- OpenBSD build fix (STR #4195, STR #4196, STR #4197)
	- The scheduler could crash when using Avahi (STR #4183, STR #4192,
	  STR #4200, STR #4213)
	- The IPP backend could get stuck in an endless loop on certain network
	  errors (STR #4194)
	- 32-bit builds failed on Debian (STR #4133)
	- The scheduler no longer accepts or sends job description attributes.
	- The IPP backend now works around some conformance issues for broken
	  printers (STR #4190)
	- cupsBackendReport() now filters out all control characters from the
	  reported 1284 device IDs (STR #4124)
	- The scheduler no longer allows job-name values that are not valid
	  network Unicode strings (STR #4072)
	- The web interface did not preserve the order of classes, jobs, or
	  printers (STR #4170)
	- The network backends now support disabling of SNMP supply level
	  queries via the "snmp" URI option (STR #4106)
	- The IPP backend did not specify the compression used (STR #4181)
	- ipptool did not support octetString values.
	- The scheduler did not recognize dnssd: or ipps: URIs as Bonjour shared
	  queues (STR #4158)
	- Applications could not get the PPD file for statically-configured
	  Bonjour-shared print queues (STR #4159)
	- The cupsd.conf file included obsolete browsing directives (STR #4157)
	- Fixed a USB backend compatibility issue on systems using libusb
	  (STR #4155, STR #4191)
	- Some Bonjour features were not available on systems with Avahi
	  (STR #4156)
	- CUPS now includes the port number in the Host: header for HTTP
	  requests.
	- Fixed REPEAT-MATCH for STATUS and EXPECT - was incorrectly erroring
	  out.


CHANGES IN CUPS V1.6.1

	- Documentation fix (STR #4149)
	- RPM packaging fixes (STR #4129, #4145)
	- The Japanese and English web interface headers were swapped
	  (STR #4148)


CHANGES IN CUPS V1.6.0

	- Document changes (STR #4131)
	- Added new Catalan (STR #4107) and Spanish (STR #4137) localizations.


CHANGES IN CUPS V1.6rc1

	- Added a new Japanese localization (STR #4122)
	- The SNMP backend no longer exits if it is unable to obtain an IPv6
	  socket (STR #4109)
	- The LPD backend incorrectly used "localhost" in the control file
	  instead of the current hostname.


CHANGES IN CUPS V1.6b1

	- Documentation updates (STR #3927, STR #3980, STR #4010, STR #4068)
	- The scheduler now consolidates all PPD updates from filters at the
	  end of the job (STR #4075)
	- CUPS now supports color management using colord (STR #3808)
	- CUPS now supports Bonjour using Avahi (STR #3066)
	- The PreserveJobFiles and PreserveJobHistory directives now support
	  specification of a time interval (STR #3143)
	- PPD files can now be archived in (gzip'd) tar files to further reduce
	  the disk space used by PPD files (STR #3772)
	- The network backends now deal with printers that report their levels
	  in percent but do not specify a maximum capacity of 100 (STR #3551)
	- The network backends now report full/almost-full waste bins in
	  printers along with end-of-life for cleaning pads (STR #4017)
	- Added a configure option to set the permissions of the installed
	  cupsd (STR #3459)
	- Added a new WITH-ALL-VALUES directive to ipptool EXPECT predicates
	  (STR #3949)
	- CUPS now supports a User directive in client.conf and the CUPS_USER
	  environment variable for overriding the default username (STR #3114)
	- Now set the PJL USERNAME variable as needed (STR #3100)
	- Added support for usernames and passwords longer than 32 characters
	  (STR #2856)
	- Added a new MaxHoldTime directive to automatically cancel jobs that
	  have been held indefinitely after a specific number of seconds
	  (STR #2291)
	- The LPD backend now uses the originating host name when it is not the
	  local system (STR #2053)
	- CUPS now prefers the suffix "dpcm" when reporting resolution in dots-
	  per-centimeter (STR #4006)
	- The configure script and build system no longer support building of
	  separate 32-bit and 64-bit libraries.
	- The "brightness", "columns", "fitplot", "gamma", "hue",
	  "natural-scaling", "penwidth", "position", "ppi", "saturation", and
	  "scaling" options are not longer supported (STR #4010)
	- The "page-bottom", "page-left", "page-right", "page-top",
	  "prettyprint", and "wrap" options have been deprecated (STR #4010)
	- The scheduler now reports the standard "number-of-documents" attribute
	  instead of the CUPS-specific "document-count" attribute in
	  job objects.
	- Added new destination connection and enumeration functions (STR #3924)
	- Added new option, localization, and job submission functions that do
	  not depend on PPD files (STR #3925)
	- Added a new MaxJobTime directive for cupsd that specifies the maximum
	  amount of time allowed for a job to complete before it is canceled.
	- The default password callback now supports passwords up to 127
	  characters.
	- The scheduler now supports a DefaultAuthType of "auto" to
	  automatically choose between Basic (username/password) and Negotiate
	  (Kerberos) authentication.
	- cupsSideChannelSNMPGet/Walk now support OIDs and values up to 64k in
	  length.
	- CUPS no longer supports automatic remote printers or implicit classes
	  via the CUPS, LDAP, or SLP protocols (STR #3922, STR #3923)
	- The PPD APIs are now deprecated and will be removed in a future
	  version of CUPS (STR #3927)
	- The default IPP version for requests is now 2.0 (STR #3929)
	- The IPP APIs no longer expose the ipp_t or ipp_attribute_t structures
	  and instead provide accessor functions (STR #3928)
	- The scheduler will no longer run programs with group write permission.
	- The PHP module has been removed (STR #3932)
	- The bannertops, commandtoescpx, commandtopclx, imagetops,
	  imagetoraster, pdftops, rastertoescpx, rastertopclx, and texttops
	  filters have been removed (STR #3930)
	- The serial and parallel backends have been removed (STR 3935)
2014-06-07 07:34:05 +00:00

36 lines
1.5 KiB
C

$NetBSD: patch-scheduler_auth.c,v 1.3 2014/06/07 07:34:05 wiz Exp $
Don't pull in sys/ucred.h on Solaris as it results in procfs.h being
included and conflicts between _FILE_OFFSET_BITS=64 and 32-bit procfs.
OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
--- scheduler/auth.c.orig 2014-01-06 22:21:15.000000000 +0000
+++ scheduler/auth.c
@@ -84,7 +84,7 @@ extern const char *cssmErrorString(int e
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
-#ifdef HAVE_SYS_UCRED_H
+#if defined(HAVE_SYS_UCRED_H) && !defined(__sun) && !defined(__OpenBSD__)
# include <sys/ucred.h>
typedef struct xucred cupsd_ucred_t;
# define CUPSD_UCRED_UID(c) (c).cr_uid
@@ -500,7 +500,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I
con->type = CUPSD_AUTH_BASIC;
}
#endif /* HAVE_AUTHORIZATION_H */
-#if defined(SO_PEERCRED) && defined(AF_LOCAL)
+#if defined(SO_PEERCRED) && defined(AF_LOCAL) && !defined(__OpenBSD__)
else if (!strncmp(authorization, "PeerCred ", 9) &&
con->http.hostaddr->addr.sa_family == AF_LOCAL)
{
@@ -1142,7 +1142,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I
gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER);
-# if defined(SO_PEERCRED) && defined(AF_LOCAL)
+# if defined(SO_PEERCRED) && defined(AF_LOCAL) && !defined(__OpenBSD__)
/*
* Get the client's UID if we are printing locally - that allows a backend
* to run as the correct user to get Kerberos credentials of its own.