Changelog:
===========
- GnuTLS follows system crypto policies now
- Added 'NoSystem' SSLOptions value
- Now we raise alert for certificate issues
- Added Kyocera USB quirk
- The scheduler now logs a job's debugging history if the backend fails
- Fixed a potential timing issue with 'cupsEnumDests'
- Fixed a potential "lost PPD" condition in the scheduler
- Fixed a compressed file error handling bug
- Fixed a bug in the make-and-model whitespace trimming code
- Fixed a removal of IPP Everywhere permanent queue if installation failed
- Fixed 'ServerToken None' in scheduler
- Fixed invalid IPP keyword values created from PPD option names
- Fixed handling of "media" and "PageSize" in the same print request
- Fixed client raster printing from macOS
- Fixed the default User-Agent string.
- Fixed a recursion issue in 'ippReadIO'.
- Fixed handling incorrect radix in 'scan_ps()'
- Fixed validation of dateTime values with time zones more than UTC+11
- Fixed attributes returned by the Create-Xxx-Subscriptions requests
- Fixed 'ippDateToTime' when using a non GMT/UTC timezone
- Fixed 'job-completed' event notifications for jobs that are cancelled before
started
- Fixed DNS-SD discovery with 'ippfind'
(From OE-Core rev: caab5dd2dd8705a58b2878a8d295117931114e65)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Fixed error handling when reading a mixed "1setOf" attribute.
- Fixed scheduler start if there is only domain socket to listen on
0001-use-echo-only-in-init.patch
0002-don-t-try-to-run-generated-binaries.patch
0004-cups-fix-multilib-install-file-conflicts.patch
refreshed for 2.4.10.
(From OE-Core rev: dd7a978d2d7feb11f6c265ba812c8ca29912ebc6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we want to be able to stop unpacking to WORKDIR, correct the WORKDIR
references in recipe do_compile/do_install tasks to use UNPACKDIR in the
appropraite places instead.
(From OE-Core rev: d73595df69667fe9d12ecd407b77a0b8dae2109c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Localized HTML templates in /usr/share/cups/templates are now part of
locale packages.
(From OE-Core rev: beb21ac92e95b6f4bf64e4932b154f78e2c6c2ef)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Cups documentation states:
The default contains "admin", "lpadmin", "root", "sys" and/or "system".
https://www.cups.org/doc/man-cups-files.conf.html#:~:text=SystemGroup
Add root and sys accordingly
Also add wheel group. This is required for systems with polkit support in order to
control the printer settings with cups-pk-helper.
Not only for gnome-control-center, but also when using plain system-config-printer on
a system with running polkit, cups-pk-helper would be a required rdepend.
(From OE-Core rev: 572fed0ac6dbcf5749e19c7b624826fc30cf301e)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- enable tls by default to fix:
| hash.c:16:12: fatal error: gnutls/crypto.h: No such file or directory
| 16 | # include <gnutls/crypto.h>
Changes in CUPS v2.4.7 (2023-09-20)
-----------------------------------
- CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript
in PPD files
- Added OpenSSL support for cupsHashData (Issue #762)
- Fixed delays in lpd backend (Issue #741)
- Fixed extensive logging in scheduler (Issue #604)
- Fixed hanging of `lpstat` on IBM AIX (Issue #773)
- Fixed hanging of `lpstat` on Solaris (Issue #156)
- Fixed printing to stderr if we can't open cups-files.conf (Issue #777)
- Fixed purging job files via `cancel -x` (Issue #742)
- Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743)
- Fixed a bug in the PPD command interpretation code (Issue #768)
(From OE-Core rev: 0e33d6fc646e76390e5bf8a0f7b38bd15c83729c)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenPrinting CUPS is an open source printing system. In versions 2.4.2
and prior, a heap buffer overflow vulnerability would allow a remote
attacker to launch a denial of service (DoS) attack. A buffer overflow
vulnerability in the function `format_log_line` could allow remote
attackers to cause a DoS on the affected system. Exploitation of the
vulnerability can be triggered when the configuration file `cupsd.conf`
sets the value of `loglevel `to `DEBUG`. No known patches or
workarounds exist at time of publication.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32324https://security-tracker.debian.org/tracker/CVE-2023-32324
Upstream Patch:
https://github.com/OpenPrinting/cups/commit/fd8bc2d32589
(From OE-Core rev: a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups includes a web server. Users can surf to port 631 (default) of a
machine running cups to (potentially, based on configuration, default off)
view jobs, add printers, and perform other forms of administration.
The location of the various resources that are used by the built-in web server
(e.g. index.html) are installed under ${datadir}/doc/cups. By default these
artifacts would be included in the ${PN}-doc package. The comments in this
recipe, however, would suggest an attempt was made to have them added to
${PN}; albeit unsuccessfully.
These resources add roughly 1.8M to an image.
Since cups does include a configuration option to disable the web interface
(--enable-webif), add a PACKAGECONFIG (default off) to allow the user to
decide whether or not they would like the web interface configured and its
pieces added to the image. Enabling this PACKAGECONFIG both enables the
web interface to be configured and built into cups, and also adds (by way
of a recommendation) the web interface package to the image. Considering
that the previous intention was not working, defaulting this option to off
preserves the existing behaviour. Previously in order to have the web
interface data included in an image, a user would have needed to explicitly
add the ${PN}-doc package to their image.
(From OE-Core rev: 2c9bd267ec532cd86a4a1be1d4e499e2aae89aba)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cups' PACKAGECONFIG is populated based on DISTRO_FEATURES, but a user
is free to enable or disable PACKAGECONFIGs at will. In theory it is
possible that pam is enabled globally in DISTRO_FEATURES but disabled in
cups' PACKAGECONFIG. Checking the PACKAGECONFIG to determine whether or not
pam is enabled would be a safer check rather than relying on DISTRO_FEATURES.
(From OE-Core rev: a053dd177ddc99ced11e68914079be0ffe261262)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The cups documentation is clear that the correct way to install into an
alternate root directory is to use the BUILDROOT variable. From INSTALL.md:
Use the `BUILDROOT` variable to install to an alternate root directory:
make BUILDROOT=/some/other/root/directory install
DESTDIR works, but we should use the mechanism the project specifically
created for this purpose.
(From OE-Core rev: f8fc70674e0ea5df46969a06da62f8ed135cae4e)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is fixed in 2.4.2, which we have, but the complex CPE in that CVE
isn't parsed by cve-check correctly so it thinks that we're vulnerable.
(From OE-Core rev: b40dd920f8b40eabe78db363249257818c63c074)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The cupsFileOpen function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
- IPP Everywhere queue (Issues #340, #343)
- The lpstat command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the -h option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the httpWriteResponse function (Issue #380)
- Brought back minimal AIX support (Issue #389)
cupsGetResponse did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
(From OE-Core rev: 6f4131e73553f47709e19871c23a411275ab3857)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configure checks /etc/dbus-1 and set DBUSDIR is null:
if test -d /etc/dbus-1 -a "x$DBUSDIR" = x; then
DBUSDIR="/etc/dbus-1"
fi
So that the build resutl would be different w/o /etc/dbus-1:
/etc/dbus-1/system.d/cups.conf (Only exists when DBUSDIR is set)
Add --with-dbusdir to EXTRA_OECONF to fix the issue
(From OE-Core rev: 0e4b2464138601c4c20882c001ef11eef5100395)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
one too many 's': dnsssd -> dnssd
(From OE-Core rev: 88da9b61b469654805fd51869790b1fd6d34c5a3)
Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark no-hardcode-lib patch as upstreamable.
(From OE-Core rev: 2d0475f9575a6679b4a9d5400220584597b84887)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The packageconfig needs to be --disable-systemd as documented in
configure file for cups. With the current value "--without-systemd" the
SYSTEM_DIR variable ends up being set to "no"
It is caused by the --without-* section in configure file resulting in
eval with_$ac_useropt=no ;;
$ac_useropt is "systemd" causing the variable $with_systemd to be set
to "no", because of below test
if test ${with_systemd+y}
then :
withval=$with_systemd; SYSTEMD_DIR="$withval"
else $as_nop
SYSTEMD_DIR=""
fi
cups configure test for i if SYSTEMD_DIR is empty to decide if the init
scripts need to be installed. A value of "no" results in that no init
scripts is installed.
With --disable-systemd it works as expected - installing the init files.
Though cups should properly improve their configure script.
(From OE-Core rev: 967fdd2ba12f22d8e46600ff085833993a32cfeb)
Signed-off-by: Claus Stovgaard <clst@ambu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Apple are no longer maintaining CUPS, and future development is now
happening under the OpenPrinting project:
https://ftp.pwg.org/pub/pwg/liaison/openprinting/presentations/cups-plenary-may-2021.pdf
Also stop disabling the manpage installation as manpages are useful, and
remove some patch chunks that are not required.
The CVE-2020-10001 patch is dropped as this is incorporated into 2.3.3op2.
(From OE-Core rev: 53bd9a96a003a7103b8475f9c1ad7ef999e34f87)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE relates to bad ownership of /var/log/cups, which we don't have.
(From OE-Core rev: 0792312f3637ec160d2ef90781a8cb1f75b84940)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
configure inspects the host's /etc/group for these configuration
options, fix this to the correct values by using configure options.
(From OE-Core rev: f16f9c727569414cd52862dcba18d8e423f4e961)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It only applies to MacOS.
(From OE-Core rev: cad1162f41c4c060744b98109514f761aa64d34a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE was against a cups plugin which is obsolete and we don't include.
(From OE-Core rev: 5f7cb9f6ec4b14f992d265b8c67a9f5589f9b842)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This an Ububtu specific issue:
The CUPS AppArmor profile incorrectly confined the dnssd backend
due to use of hard links. A local attacker could possibly use this
issue to escape confinement. This flaw affects versions prior to
2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1
in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS,
and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS
(From OE-Core rev: 22e89983a8f83a369d83bc67e4f3492bc50db648)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
(From OE-Core rev: 6c3f56020da7a26c2daea73e39c2f324f1f597db)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
this template service need to triggered by org.cups.cups-lpd.socket,
which will assigned an instance id for org.cups.cups-lpd@.service,
like org.cups.cups-lpd@0.service. add this in SYSTEMD_SERVICE will
cause post scriptlet fail as:
Failed to start org.cups.cups-lpd@.service: Unit name org.cups.cups-lpd@.service is missing the instance name.
See system logs and 'systemctl status org.cups.cups-lpd@.service' for details.
(From OE-Core rev: 4bb87c8b28b58a469c01f4a051361aa099cdfe1a)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add volatiles files to create /var/log/cups directory rather than create
it directly when do_install.
(From OE-Core rev: 315689f58536dec4042ef9880c227a69e71e749d)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups-config encodes the library dir in the script.
(From OE-Core rev: 0e19b25fbf1d760c06dd6a2cb8e291c7482330c4)
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix crossscripts to report the correct "serverbin" value.
While the packaged "cups-config --serverbin" reported
"/usr/libexec/cups" the crossscripts version reported
"/usr/lib/cups", causing packaging issues when building for example
cups-filters.
Also fix FILES_${PN} to use ${libexecdir}; previously it was working
just because "${libexecdir}/*" was part of the default values in
bitbake.conf.
(From OE-Core rev: 2ce6ef29b9bb4f16ed9d78e166d455b7a6d968bf)
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redefine CUPS_SERVERBIN to "$libexecdir/cups" for cups which solves file
confliction when multilib is enabled.
| Error: Transaction check error:
| file /lib/systemd/system/org.cups.cups-lpd@.service conflicts between
attempted installs of cups-2.2.11-r0.core2_64 and lib32-cups-2.2.11-r0.core2_32
(From OE-Core rev: 274bed042b9c2b50a8bdd11b42f1a62405fb5b11)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CUPS 2.2.11 is a bug fix release that addresses issues in the scheduler,
IPP Everywhere support, CUPS library, and USB printer support.
(From OE-Core rev: 2904ffdffc829ee7a0f0228babe392535fb5e544)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When pam PACKAGECONFIG is enabled a cups "pam.d" configuration file is
installed. The default configuration file uses a non-existing "pam_unknown.so",
but a different existing module can be selected by passing the
--with-pam-module parameter. Use the unix pam module when pam is enabled.
(From OE-Core rev: a7fb921e16e2eb4fa5a799b556d23d79801720b0)
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following patch is rebased.
0001-don-t-try-to-run-generated-binaries.patch
(From OE-Core rev: ee57d79aec06e9b160cf2713636cda650ba68d5a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
