diff options
| author | Michael Sweet <msweet@msweet-imac.local> | 2016-03-15 10:40:34 -0400 |
|---|---|---|
| committer | Michael Sweet <msweet@msweet-imac.local> | 2016-03-15 10:40:34 -0400 |
| commit | 86243a7551807f728b7c2cdc42c8b5c38eef5823 (patch) | |
| tree | 66e85e7831c23ca8328ab544e89ffbdb03d78ba8 | |
| parent | b93671244e94868fdcb9cafead4cd13b244e06e4 (diff) | |
| download | cups-release-2.0.1.tar.gz | |
Import CUPS v2.0.1release-2.0.1
41 files changed, 909 insertions, 284 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 84405df66..1d1b67e8d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,34 @@ -CHANGES.txt - 2.0.0 - 2014-10-01 +CHANGES.txt - 2.0.1 - 2014-11-14 -------------------------------- +CHANGES IN CUPS V2.0.1 + + - Security: SSLv3 is now disabled by default to protect against the + POODLE attack (STR #4476) + - Printer sharing did not work when systemd was being used (STR #4497) + - cupsGetPPD* would return a symlink to the PPD in /etc/cups/ppd even if + it was not readable by the user (STR #4500) + - The web interface now protects against frame "click-jacking" attacks + (STR #4492) + - Fixed a crash in ippAttributeString (<rdar://problem/17903871>) + - Fixed a crash in the scheduler on Linux/*BSD if colord was not running + (STR #4496) + - Fixed a random crash in the scheduler when not using systemd + (STR #4484) + - Added systemd support for cups-lpd (STR #4493) + - The scheduler did not honor the FatalErrors directive for mis- + configured Group and SystemGroup values (STR #4495) + - The network backends no longer report waste-receptacle conditions when + using SNMP (STR #4499) + - The IPP backend did not work with some configurations of Windows + (STR #4503) + - RPMs did not build (STR #4490) + - Added a USB quirk rule for the Brother HL-1250 (STR #4519) + - Fixed compiles on unsupported platforms (STR #4510) + - "cancel -a" did not cancel all jobs on all destinations (STR #4513) + - The web interface did not work on OpenBSD (STR #4496) + + CHANGES IN CUPS V2.0.0 - The scheduler did not preserve listener sockets from launchd or diff --git a/INSTALL.txt b/INSTALL.txt index d05de97ec..0609e6e25 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,4 +1,4 @@ -INSTALL - CUPS v2.0.0 - 2014-10-01 +INSTALL - CUPS v2.0.1 - 2014-11-14 ---------------------------------- This file describes how to compile and install CUPS from source code. For more diff --git a/README.txt b/README.txt index a2f12f2dc..4ce7eaee1 100644 --- a/README.txt +++ b/README.txt @@ -1,4 +1,4 @@ -README - CUPS v2.0.0 - 2014-10-01 +README - CUPS v2.0.1 - 2014-11-14 --------------------------------- Looking for compile instructions? Read the file "INSTALL.txt" instead... diff --git a/backend/org.cups.usb-quirks b/backend/org.cups.usb-quirks index aecb9ea69..6566b73bc 100644 --- a/backend/org.cups.usb-quirks +++ b/backend/org.cups.usb-quirks @@ -84,6 +84,9 @@ # Canon, Inc. MF4150 Printer, https://bugs.launchpad.net/bugs/1160638 0x04a9 0x26a3 no-reattach +# Brother Industries, Ltd HL-1250 Laser Printer, https://bugs.debian.org/712512 +0x04f9 0x0007 no-reattach + # Brother Industries, Ltd HL-1430 Laser Printer, https://bugs.launchpad.net/bugs/1038695 0x04f9 0x001a no-reattach diff --git a/backend/snmp-supplies.c b/backend/snmp-supplies.c index 4b1f13867..93d0ff114 100644 --- a/backend/snmp-supplies.c +++ b/backend/snmp-supplies.c @@ -1,5 +1,5 @@ /* - * "$Id: snmp-supplies.c 11558 2014-02-06 18:33:34Z msweet $" + * "$Id: snmp-supplies.c 12228 2014-10-21 13:42:05Z msweet $" * * SNMP supplies functions for CUPS. * @@ -297,6 +297,7 @@ backendSNMPSupplies( else new_supply_state |= CUPS_OPC_NEAR_EOL; break; +#if 0 /* Because no two vendors report waste containers the same, disable SNMP reporting of same */ case CUPS_TC_wasteInk : case CUPS_TC_wastePaper : case CUPS_TC_wasteToner : @@ -307,6 +308,7 @@ backendSNMPSupplies( else new_supply_state |= CUPS_WASTE_ALMOST_FULL; break; +#endif /* 0 */ case CUPS_TC_cleanerUnit : case CUPS_TC_fuserCleaningPad : if (percent <= 1) @@ -1096,5 +1098,5 @@ utf16_to_utf8( /* - * End of "$Id: snmp-supplies.c 11558 2014-02-06 18:33:34Z msweet $". + * End of "$Id: snmp-supplies.c 12228 2014-10-21 13:42:05Z msweet $". */ diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in index f3f702321..71683a654 100644 --- a/conf/cups-files.conf.in +++ b/conf/cups-files.conf.in @@ -15,6 +15,7 @@ #Group @CUPS_GROUP@ # Administrator user group, used to match @SYSTEM in cupsd.conf policy rules... +# This cannot contain the Group value for security reasons... SystemGroup @CUPS_SYSTEM_GROUPS@ @CUPS_SYSTEM_AUTHKEY@ diff --git a/config-scripts/cups-common.m4 b/config-scripts/cups-common.m4 index 88aaabbc1..30b04233a 100644 --- a/config-scripts/cups-common.m4 +++ b/config-scripts/cups-common.m4 @@ -1,5 +1,5 @@ dnl -dnl "$Id: cups-common.m4 12180 2014-10-01 12:08:02Z msweet $" +dnl "$Id: cups-common.m4 12195 2014-10-02 18:45:59Z msweet $" dnl dnl Common configuration stuff for CUPS. dnl @@ -20,7 +20,7 @@ dnl Set the name of the config header file... AC_CONFIG_HEADER(config.h) dnl Version number information... -CUPS_VERSION=2.0.0 +CUPS_VERSION=2.0.1 CUPS_REVISION= #if test -z "$CUPS_REVISION" -a -d .svn; then # CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`" @@ -462,5 +462,5 @@ esac AC_SUBST(BUILDDIRS) dnl -dnl End of "$Id: cups-common.m4 12180 2014-10-01 12:08:02Z msweet $". +dnl End of "$Id: cups-common.m4 12195 2014-10-02 18:45:59Z msweet $". dnl @@ -2520,7 +2520,7 @@ esac ac_config_headers="$ac_config_headers config.h" -CUPS_VERSION=2.0.0 +CUPS_VERSION=2.0.1 CUPS_REVISION= #if test -z "$CUPS_REVISION" -a -d .svn; then # CUPS_REVISION="-r`svnversion . | awk -F: '{print $NF}' | sed -e '1,$s/[[a-zA-Z]]*//g'`" @@ -10101,7 +10101,7 @@ fi -ac_config_files="$ac_config_files Makedefs conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf cups-config data/testprint desktop/cups.desktop doc/index.html man/client.conf.man man/cups-files.conf.man man/cups-lpd.man man/cups-snmp.man man/cupsaddsmb.man man/cupsd.conf.man man/cupsd.man man/lpoptions.man scheduler/cups-lpd.xinetd scheduler/cups.sh scheduler/cups.xml scheduler/org.cups.cups-lpd.plist scheduler/org.cups.cupsd.path scheduler/org.cups.cupsd.service scheduler/org.cups.cupsd.socket templates/header.tmpl packaging/cups.list $LANGFILES" +ac_config_files="$ac_config_files Makedefs conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf cups-config data/testprint desktop/cups.desktop doc/index.html man/client.conf.man man/cups-files.conf.man man/cups-lpd.man man/cups-snmp.man man/cupsaddsmb.man man/cupsd.conf.man man/cupsd.man man/lpoptions.man scheduler/cups-lpd.xinetd scheduler/cups.sh scheduler/cups.xml scheduler/org.cups.cups-lpd.plist scheduler/org.cups.cups-lpdAT.service scheduler/org.cups.cupsd.path scheduler/org.cups.cupsd.service scheduler/org.cups.cupsd.socket templates/header.tmpl packaging/cups.list $LANGFILES" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -10828,6 +10828,7 @@ do "scheduler/cups.sh") CONFIG_FILES="$CONFIG_FILES scheduler/cups.sh" ;; "scheduler/cups.xml") CONFIG_FILES="$CONFIG_FILES scheduler/cups.xml" ;; "scheduler/org.cups.cups-lpd.plist") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cups-lpd.plist" ;; + "scheduler/org.cups.cups-lpdAT.service") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cups-lpdAT.service" ;; "scheduler/org.cups.cupsd.path") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.path" ;; "scheduler/org.cups.cupsd.service") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.service" ;; "scheduler/org.cups.cupsd.socket") CONFIG_FILES="$CONFIG_FILES scheduler/org.cups.cupsd.socket" ;; diff --git a/configure.ac b/configure.ac index 21d7f93a7..26b7b713e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl -dnl "$Id: configure.ac 11823 2014-04-21 12:22:03Z msweet $" +dnl "$Id: configure.ac 12222 2014-10-21 11:55:01Z msweet $" dnl dnl Configuration script for CUPS. dnl @@ -81,6 +81,7 @@ AC_OUTPUT(Makedefs scheduler/cups.sh scheduler/cups.xml scheduler/org.cups.cups-lpd.plist + scheduler/org.cups.cups-lpdAT.service scheduler/org.cups.cupsd.path scheduler/org.cups.cupsd.service scheduler/org.cups.cupsd.socket @@ -91,5 +92,5 @@ AC_OUTPUT(Makedefs chmod +x cups-config dnl -dnl End of "$Id: configure.ac 11823 2014-04-21 12:22:03Z msweet $". +dnl End of "$Id: configure.ac 12222 2014-10-21 11:55:01Z msweet $". dnl diff --git a/cups/auth.c b/cups/auth.c index 048dd4f08..4b4c936ad 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -1,5 +1,5 @@ /* - * "$Id: auth.c 11776 2014-03-28 19:16:05Z msweet $" + * "$Id: auth.c 12230 2014-10-21 13:55:24Z msweet $" * * Authentication functions for CUPS. * @@ -761,7 +761,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ if ( # ifdef HAVE_GSSAPI - strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9) && + _cups_strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9) && # endif /* HAVE_GSSAPI */ # ifdef HAVE_AUTHORIZATION_H !httpGetSubField2(http, HTTP_FIELD_WWW_AUTHENTICATE, "authkey", @@ -808,7 +808,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ filename, strerror(errno))); # ifdef HAVE_GSSAPI - if (!strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9)) + if (!_cups_strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9)) { /* * Kerberos required, don't try the root certificate... @@ -876,5 +876,5 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ /* - * End of "$Id: auth.c 11776 2014-03-28 19:16:05Z msweet $". + * End of "$Id: auth.c 12230 2014-10-21 13:55:24Z msweet $". */ diff --git a/cups/cups.h b/cups/cups.h index b7047dae5..e8bf4cc9d 100644 --- a/cups/cups.h +++ b/cups/cups.h @@ -1,5 +1,5 @@ /* - * "$Id: cups.h 12094 2014-08-19 12:15:11Z msweet $" + * "$Id: cups.h 12195 2014-10-02 18:45:59Z msweet $" * * API definitions for CUPS. * @@ -49,10 +49,10 @@ extern "C" { * Constants... */ -# define CUPS_VERSION 2.0000 +# define CUPS_VERSION 2.0001 # define CUPS_VERSION_MAJOR 2 # define CUPS_VERSION_MINOR 0 -# define CUPS_VERSION_PATCH 0 +# define CUPS_VERSION_PATCH 1 # define CUPS_BC_FD 3 /* Back-channel file descriptor for @@ -628,5 +628,5 @@ extern int cupsSetServerCredentials(const char *path, const char *common_name, #endif /* !_CUPS_CUPS_H_ */ /* - * End of "$Id: cups.h 12094 2014-08-19 12:15:11Z msweet $". + * End of "$Id: cups.h 12195 2014-10-02 18:45:59Z msweet $". */ diff --git a/cups/http-private.h b/cups/http-private.h index 2c18052c5..7156bf869 100644 --- a/cups/http-private.h +++ b/cups/http-private.h @@ -1,5 +1,5 @@ /* - * "$Id: http-private.h 12126 2014-08-28 16:02:00Z msweet $" + * "$Id: http-private.h 12243 2014-11-12 12:12:59Z msweet $" * * Private HTTP definitions for CUPS. * @@ -161,6 +161,9 @@ extern "C" { #define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ #define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ +#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ +#define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */ + /* * Types and functions for SSL support... @@ -420,6 +423,7 @@ extern void _httpTLSInitialize(void); extern size_t _httpTLSPending(http_t *http); extern int _httpTLSRead(http_t *http, char *buf, int len); extern int _httpTLSSetCredentials(http_t *http); +extern void _httpTLSSetOptions(int options); extern int _httpTLSStart(http_t *http); extern void _httpTLSStop(http_t *http); extern int _httpTLSWrite(http_t *http, const char *buf, int len); @@ -438,5 +442,5 @@ extern int _httpWait(http_t *http, int msec, int usessl); #endif /* !_CUPS_HTTP_PRIVATE_H_ */ /* - * End of "$Id: http-private.h 12126 2014-08-28 16:02:00Z msweet $". + * End of "$Id: http-private.h 12243 2014-11-12 12:12:59Z msweet $". */ diff --git a/cups/http.c b/cups/http.c index b5cf4e167..23d56d2de 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1,5 +1,5 @@ /* - * "$Id: http.c 12125 2014-08-28 15:49:29Z msweet $" + * "$Id: http.c 12230 2014-10-21 13:55:24Z msweet $" * * HTTP routines for CUPS. * @@ -2702,6 +2702,19 @@ httpSetField(http_t *http, /* I - HTTP connection */ http->server = _cupsStrAlloc(value); break; + case HTTP_FIELD_WWW_AUTHENTICATE : + /* CUPS STR #4503 - don't override WWW-Authenticate for unknown auth schemes */ + if (http->fields[HTTP_FIELD_WWW_AUTHENTICATE][0] && + _cups_strncasecmp(value, "Basic ", 6) && + _cups_strncasecmp(value, "Digest ", 7) && + _cups_strncasecmp(value, "Negotiate ", 10)) + { + DEBUG_printf(("1httpSetField: Ignoring unknown auth scheme in \"%s\".", value)); + return; + } + + /* Fall through to copy */ + default : strlcpy(http->fields[field], value, HTTP_MAX_VALUE); break; @@ -3611,6 +3624,17 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ return (-1); } } + + /* + * "Click-jacking" defense (STR #4492)... + */ + + if (httpPrintf(http, "X-Frame-Options: DENY\r\n" + "Content-Security-Policy: frame-ancestors 'none'\r\n") < 1) + { + http->status = HTTP_STATUS_ERROR; + return (-1); + } } if (httpWrite2(http, "\r\n", 2) < 2) @@ -4826,5 +4850,5 @@ http_write_chunk(http_t *http, /* I - HTTP connection */ /* - * End of "$Id: http.c 12125 2014-08-28 15:49:29Z msweet $". + * End of "$Id: http.c 12230 2014-10-21 13:55:24Z msweet $". */ diff --git a/cups/ipp-support.c b/cups/ipp-support.c index 926be7a5e..88e4065f9 100644 --- a/cups/ipp-support.c +++ b/cups/ipp-support.c @@ -1,5 +1,5 @@ /* - * "$Id: ipp-support.c 12095 2014-08-19 16:16:06Z msweet $" + * "$Id: ipp-support.c 12194 2014-10-02 18:44:36Z msweet $" * * Internet Printing Protocol support functions for CUPS. * @@ -2223,6 +2223,14 @@ ipp_col_string(ipp_t *col, /* I - Collection attribute */ ipp_attribute_t *attr; /* Current member attribute */ + if (!col) + { + if (buffer) + *buffer = '\0'; + + return (0); + } + bufptr = buffer; bufend = buffer + bufsize - 1; @@ -2263,5 +2271,5 @@ ipp_col_string(ipp_t *col, /* I - Collection attribute */ /* - * End of "$Id: ipp-support.c 12095 2014-08-19 16:16:06Z msweet $". + * End of "$Id: ipp-support.c 12194 2014-10-02 18:44:36Z msweet $". */ diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c index be788a608..3509a4766 100644 --- a/cups/tls-darwin.c +++ b/cups/tls-darwin.c @@ -1,5 +1,5 @@ /* - * "$Id: tls-darwin.c 12159 2014-09-23 14:56:14Z msweet $" + * "$Id: tls-darwin.c 12215 2014-10-20 18:24:56Z msweet $" * * TLS support code for CUPS on OS X. * @@ -27,6 +27,14 @@ extern char **environ; /* + * Test define - set to 1 to use SSLSetEnabledCiphers. Currently disabled (0) + * because of <rdar://problem/18707430>. + */ + +#define USE_SET_ENABLED_CIPHERS 0 + + +/* * Local globals... */ @@ -41,6 +49,7 @@ static char *tls_keypath = NULL; /* Server cert keychain path */ static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; /* Mutex for keychain/certs */ +static int tls_options = 0;/* Options for TLS connections */ #endif /* HAVE_SECKEYCHAINOPEN */ @@ -973,6 +982,17 @@ _httpTLSRead(http_t *http, /* I - HTTP connection */ /* + * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. + */ + +void +_httpTLSSetOptions(int options) /* I - Options */ +{ + tls_options = options; +} + + +/* * '_httpTLSStart()' - Set up SSL/TLS support on a connection. */ @@ -1033,9 +1053,108 @@ _httpTLSStart(http_t *http) /* I - HTTP connection */ { error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth, true); - DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", - (int)error)); + DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", (int)error)); + } + + if (!error) + { + error = SSLSetProtocolVersionMin(http->tls, (tls_options & _HTTP_TLS_ALLOW_SSL3) ? kSSLProtocol3 : kTLSProtocol1); + DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin, error=%d", (int)error)); + } + +# if USE_SET_ENABLED_CIPHERS + if (!error) + { + SSLCipherSuite supported[100]; /* Supported cipher suites */ + size_t num_supported; /* Number of supported cipher suites */ + SSLCipherSuite enabled[100]; /* Cipher suites to enable */ + size_t num_enabled; /* Number of cipher suites to enable */ + + num_supported = sizeof(supported) / sizeof(supported[0]); + error = SSLGetSupportedCiphers(http->tls, supported, &num_supported); + + if (!error) + { + DEBUG_printf(("4_httpTLSStart: %d cipher suites supported.", (int)num_supported)); + + for (i = 0, num_enabled = 0; i < (int)num_supported && num_enabled < (sizeof(enabled) / sizeof(enabled[0])); i ++) + { + switch (supported[i]) + { + /* Obviously insecure cipher suites that we never want to use */ + case SSL_NULL_WITH_NULL_NULL : + case SSL_RSA_WITH_NULL_MD5 : + case SSL_RSA_WITH_NULL_SHA : + case SSL_RSA_EXPORT_WITH_RC4_40_MD5 : + case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 : + case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA : + case SSL_RSA_WITH_DES_CBC_SHA : + case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA : + case SSL_DH_DSS_WITH_DES_CBC_SHA : + case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA : + case SSL_DH_RSA_WITH_DES_CBC_SHA : + case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA : + case SSL_DHE_DSS_WITH_DES_CBC_SHA : + case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA : + case SSL_DHE_RSA_WITH_DES_CBC_SHA : + case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 : + case SSL_DH_anon_WITH_RC4_128_MD5 : + case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA : + case SSL_DH_anon_WITH_DES_CBC_SHA : + case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA : + case SSL_FORTEZZA_DMS_WITH_NULL_SHA : + case TLS_DH_anon_WITH_AES_128_CBC_SHA : + case TLS_DH_anon_WITH_AES_256_CBC_SHA : + case TLS_ECDH_ECDSA_WITH_NULL_SHA : + case TLS_ECDHE_RSA_WITH_NULL_SHA : + case TLS_ECDH_anon_WITH_NULL_SHA : + case TLS_ECDH_anon_WITH_RC4_128_SHA : + case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA : + case TLS_ECDH_anon_WITH_AES_128_CBC_SHA : + case TLS_ECDH_anon_WITH_AES_256_CBC_SHA : + case TLS_RSA_WITH_NULL_SHA256 : + case TLS_DH_anon_WITH_AES_128_CBC_SHA256 : + case TLS_DH_anon_WITH_AES_256_CBC_SHA256 : + case TLS_PSK_WITH_NULL_SHA : + case TLS_DHE_PSK_WITH_NULL_SHA : + case TLS_RSA_PSK_WITH_NULL_SHA : + case TLS_DH_anon_WITH_AES_128_GCM_SHA256 : + case TLS_DH_anon_WITH_AES_256_GCM_SHA384 : + case TLS_PSK_WITH_NULL_SHA256 : + case TLS_PSK_WITH_NULL_SHA384 : + case TLS_DHE_PSK_WITH_NULL_SHA256 : + case TLS_DHE_PSK_WITH_NULL_SHA384 : + case TLS_RSA_PSK_WITH_NULL_SHA256 : + case TLS_RSA_PSK_WITH_NULL_SHA384 : + case SSL_RSA_WITH_DES_CBC_MD5 : + break; + + /* RC4 cipher suites that should only be used as a last resort */ + case SSL_RSA_WITH_RC4_128_MD5 : + case SSL_RSA_WITH_RC4_128_SHA : + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : + case TLS_ECDH_RSA_WITH_RC4_128_SHA : + case TLS_ECDHE_RSA_WITH_RC4_128_SHA : + case TLS_PSK_WITH_RC4_128_SHA : + case TLS_DHE_PSK_WITH_RC4_128_SHA : + case TLS_RSA_PSK_WITH_RC4_128_SHA : + if (tls_options & _HTTP_TLS_ALLOW_RC4) + enabled[num_enabled ++] = supported[i]; + break; + + /* Anything else we'll assume is secure */ + default : + enabled[num_enabled ++] = supported[i]; + break; + } + } + + DEBUG_printf(("4_httpTLSStart: %d cipher suites enabled.", (int)num_enabled)); + error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled); + } } +#endif /* USE_SET_ENABLED_CIPHERS */ if (!error && http->mode == _HTTP_MODE_CLIENT) { @@ -1660,5 +1779,5 @@ http_cdsa_write( /* - * End of "$Id: tls-darwin.c 12159 2014-09-23 14:56:14Z msweet $". + * End of "$Id: tls-darwin.c 12215 2014-10-20 18:24:56Z msweet $". */ diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 36331d437..e8a795c41 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1,5 +1,5 @@ /* - * "$Id: tls-gnutls.c 12159 2014-09-23 14:56:14Z msweet $" + * "$Id: tls-gnutls.c 12215 2014-10-20 18:24:56Z msweet $" * * TLS support code for CUPS using GNU TLS. * @@ -36,6 +36,7 @@ static char *tls_keypath = NULL; /* Server cert keychain path */ static _cups_mutex_t tls_mutex = _CUPS_MUTEX_INITIALIZER; /* Mutex for keychain/certs */ +static int tls_options = 0;/* Options for TLS connections */ /* @@ -1002,6 +1003,17 @@ _httpTLSSetCredentials(http_t *http) /* I - Connection to server */ /* + * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. + */ + +void +_httpTLSSetOptions(int options) /* I - Options */ +{ + tls_options = options; +} + + +/* * '_httpTLSStart()' - Set up SSL/TLS support on a connection. */ @@ -1185,6 +1197,15 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ return (-1); } + if (!tls_options) + gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL); + else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4)) + gnutls_priority_set_direct(http->tls, "NORMAL", NULL); + else if (tls_options & _HTTP_TLS_ALLOW_SSL3) + gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL); + else + gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL); + gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http); gnutls_transport_set_pull_function(http->tls, http_gnutls_read); #ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION @@ -1292,5 +1313,5 @@ _httpTLSWrite(http_t *http, /* I - Connection to server */ /* - * End of "$Id: tls-gnutls.c 12159 2014-09-23 14:56:14Z msweet $". + * End of "$Id: tls-gnutls.c 12215 2014-10-20 18:24:56Z msweet $". */ diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c index 171fa45bf..b8e4a3fae 100644 --- a/cups/tls-sspi.c +++ b/cups/tls-sspi.c @@ -1,7 +1,8 @@ /* - * "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $" + * "$Id: tls-sspi.c 12215 2014-10-20 18:24:56Z msweet $" * - * TLS support for CUPS on Windows using SSPI. + * TLS support for CUPS on Windows using the Security Support Provider + * Interface (SSPI). * * Copyright 2010-2014 by Apple Inc. * @@ -48,6 +49,14 @@ # define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID 0x00002000 /* Expired X509 Cert. */ #endif /* !SECURITY_FLAG_IGNORE_CERT_DATE_INVALID */ + +/* + * Local globals... + */ + +static int tls_options = 0;/* Options for TLS connections */ + + /* * Local functions... */ @@ -897,6 +906,17 @@ _httpTLSRead(http_t *http, /* I - HTTP connection */ /* + * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options. + */ + +void +_httpTLSSetOptions(int options) /* I - Options */ +{ + tls_options = options; +} + + +/* * '_httpTLSStart()' - Set up SSL/TLS support on a connection. */ @@ -1727,11 +1747,43 @@ http_sspi_find_credentials( SchannelCred.paCred = &storedContext; /* - * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client. + * Set supported protocols (can also be overriden in the registry...) */ +#ifdef SP_PROT_TLS1_2_SERVER if (http->mode == _HTTP_MODE_SERVER) - SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1; + { + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER | SP_PROT_SSL3_SERVER; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER; + } + else + { + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_SSL3_CLIENT; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT; + } + +#else + if (http->mode == _HTTP_MODE_SERVER) + { + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER; + } + else + { + if (tls_options & _HTTP_TLS_ALLOW_SSL3) + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT; + else + SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT; + } +#endif /* SP_PROT_TLS1_2_SERVER */ + + /* TODO: Support _HTTP_TLS_ALLOW_RC4 option; right now we'll rely on Windows registry to enable/disable RC4... */ /* * Create an SSPI credential. @@ -2361,5 +2413,5 @@ http_sspi_verify( /* - * End of "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $". + * End of "$Id: tls-sspi.c 12215 2014-10-20 18:24:56Z msweet $". */ diff --git a/cups/usersys.c b/cups/usersys.c index 8b00cb8cd..2e5472b10 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -1,5 +1,5 @@ /* - * "$Id: usersys.c 12124 2014-08-28 15:37:22Z msweet $" + * "$Id: usersys.c 12215 2014-10-20 18:24:56Z msweet $" * * User, system, and password routines for CUPS. * @@ -52,7 +52,8 @@ static void cups_read_client_conf(cups_file_t *fp, #endif /* HAVE_GSSAPI */ const char *cups_anyroot, const char *cups_expiredcerts, - const char *cups_validatecerts); + const char *cups_validatecerts, + int ssl_options); /* @@ -863,6 +864,30 @@ _cupsSetDefaults(void) if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] || !cg->user[0] || !cg->ipp_port) { + /* + * Look for CUPS_SERVERROOT/client.conf... + */ + + snprintf(filename, sizeof(filename), "%s/client.conf", + cg->cups_serverroot); + fp = cupsFileOpen(filename, "r"); + + /* + * Read the configuration file and apply any environment variables; both + * functions handle NULL cups_file_t pointers... + */ + + cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, +#ifdef HAVE_GSSAPI + cups_gssservicename, +#endif /* HAVE_GSSAPI */ + cups_anyroot, cups_expiredcerts, cups_validatecerts, 1); + cupsFileClose(fp); + + /* + * Then user defaults, if it is safe to do so... + */ + # ifdef HAVE_GETEUID if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL) # elif !defined(WIN32) @@ -877,32 +902,19 @@ _cupsSetDefaults(void) snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home); fp = cupsFileOpen(filename, "r"); - } - else - fp = NULL; - if (!fp) - { /* - * Look for CUPS_SERVERROOT/client.conf... + * Read the configuration file and apply any environment variables; both + * functions handle NULL cups_file_t pointers... */ - snprintf(filename, sizeof(filename), "%s/client.conf", - cg->cups_serverroot); - fp = cupsFileOpen(filename, "r"); - } - - /* - * Read the configuration file and apply any environment variables; both - * functions handle NULL cups_file_t pointers... - */ - - cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, + cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user, #ifdef HAVE_GSSAPI - cups_gssservicename, + cups_gssservicename, #endif /* HAVE_GSSAPI */ - cups_anyroot, cups_expiredcerts, cups_validatecerts); - cupsFileClose(fp); + cups_anyroot, cups_expiredcerts, cups_validatecerts, 0); + cupsFileClose(fp); + } } } @@ -924,7 +936,8 @@ cups_read_client_conf( #endif /* HAVE_GSSAPI */ const char *cups_anyroot, /* I - CUPS_ANYROOT env var */ const char *cups_expiredcerts, /* I - CUPS_EXPIREDCERTS env var */ - const char *cups_validatecerts)/* I - CUPS_VALIDATECERTS env var */ + const char *cups_validatecerts,/* I - CUPS_VALIDATECERTS env var */ + int ssl_options) /* I - Allow setting of SSLOptions? */ { int linenum; /* Current line number */ char line[1024], /* Line from file */ @@ -996,6 +1009,43 @@ cups_read_client_conf( cups_gssservicename = gss_service_name; } #endif /* HAVE_GSSAPI */ + else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value) + { + /* + * SSLOptions [AllowRC4] [AllowSSL3] [None] + */ + + int options = 0; /* SSL/TLS options */ + char *start, /* Start of option */ + *end; /* End of option */ + + for (start = value; *start; start = end) + { + /* + * Find end of keyword... + */ + + end = start; + while (*end && !_cups_isspace(*end)) + end ++; + + if (*end) + *end++ = '\0'; + + /* + * Compare... + */ + + if (!_cups_strcasecmp(start, "AllowRC4")) + options |= _HTTP_TLS_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + options |= _HTTP_TLS_ALLOW_SSL3; + else if (!_cups_strcasecmp(start, "None")) + options = 0; + } + + _httpTLSSetOptions(options); + } } /* @@ -1129,5 +1179,5 @@ cups_read_client_conf( /* - * End of "$Id: usersys.c 12124 2014-08-28 15:37:22Z msweet $". + * End of "$Id: usersys.c 12215 2014-10-20 18:24:56Z msweet $". */ diff --git a/cups/util.c b/cups/util.c index 753fbbccc..89f8a26b9 100644 --- a/cups/util.c +++ b/cups/util.c @@ -1,5 +1,5 @@ /* - * "$Id: util.c 12073 2014-07-31 00:58:00Z msweet $" + * "$Id: util.c 12220 2014-10-20 22:03:01Z msweet $" * * Printing utilities for CUPS. * @@ -846,10 +846,10 @@ cupsGetPPD3(http_t *http, /* I - HTTP connection or @code CUPS_HTTP_DEFAUL snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot, name); - if (!stat(ppdname, &ppdinfo)) + if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK)) { /* - * OK, the file exists, use it! + * OK, the file exists and is readable, use it! */ if (buffer[0]) @@ -1655,5 +1655,5 @@ cups_get_printer_uri( /* - * End of "$Id: util.c 12073 2014-07-31 00:58:00Z msweet $". + * End of "$Id: util.c 12220 2014-10-20 22:03:01Z msweet $". */ diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html index a25435927..06093fb77 100644 --- a/doc/help/man-client.conf.html +++ b/doc/help/man-client.conf.html @@ -38,6 +38,12 @@ CUPS adds the remote hostname ("name@server.example.com") for you. The default n <b>Note: This directive it not supported on OS X 10.7 or later.</b> <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b> <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. +<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>] +<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b> +<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf). +By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. +The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. <dt><b>User </b><i>name</i> <dd style="margin-left: 5.0em">Specifies the default user name to use for requests. <dt><b>ValidateCerts Yes</b> diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html index c627824a7..d6a927b6a 100644 --- a/doc/help/man-cupsd.conf.html +++ b/doc/help/man-cupsd.conf.html @@ -303,6 +303,12 @@ The default is "Minimal". <dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i> <dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i> <dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections. +<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>] +<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b> +<dd style="margin-left: 5.0em">Sets encryption options. +By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. +The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. <dt><b>SSLPort </b><i>port</i> <dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections. <dt><b>StrictConformance Yes</b> diff --git a/man/client.conf.man.in b/man/client.conf.man.in index a32316e91..30e0d1ea0 100644 --- a/man/client.conf.man.in +++ b/man/client.conf.man.in @@ -1,5 +1,5 @@ .\" -.\" "$Id: client.conf.man.in 11851 2014-05-07 23:55:35Z msweet $" +.\" "$Id: client.conf.man.in 12215 2014-10-20 18:24:56Z msweet $" .\" .\" client.conf man page for CUPS. .\" @@ -12,7 +12,7 @@ .\" which should have been included with this file. If this file is .\" file is missing or damaged, see the license at "http://www.cups.org/". .\" -.TH client.conf 5 "CUPS" "7 May 2014" "Apple Inc." +.TH client.conf 5 "CUPS" "20 October 2014" "Apple Inc." .SH NAME client.conf \- client configuration file for cups (deprecated) .SH DESCRIPTION @@ -56,6 +56,14 @@ Specifies the address and optionally the port to use when connecting to the serv \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. .TP 5 +\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR] +.TP 5 +\fBSSLOptions None\fR +Sets encryption options (only in /etc/cups/client.conf). +By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. +The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. +.TP 5 \fBUser \fIname\fR Specifies the default user name to use for requests. .TP 5 @@ -72,5 +80,5 @@ CUPS Online Help (http://localhost:631/help) .SH COPYRIGHT Copyright \[co] 2007-2014 by Apple Inc. .\" -.\" End of "$Id: client.conf.man.in 11851 2014-05-07 23:55:35Z msweet $". +.\" End of "$Id: client.conf.man.in 12215 2014-10-20 18:24:56Z msweet $". .\" diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in index 3926a5324..dcbbff44e 100644 --- a/man/cupsd.conf.man.in +++ b/man/cupsd.conf.man.in @@ -1,5 +1,5 @@ .\" -.\" "$Id: cupsd.conf.man.in 12059 2014-07-28 14:04:32Z msweet $" +.\" "$Id: cupsd.conf.man.in 12215 2014-10-20 18:24:56Z msweet $" .\" .\" cupsd.conf man page for CUPS. .\" @@ -12,7 +12,7 @@ .\" which should have been included with this file. If this file is .\" file is missing or damaged, see the license at "http://www.cups.org/". .\" -.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc." +.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc." .SH NAME cupsd.conf \- server configuration file for cups .SH DESCRIPTION @@ -415,6 +415,14 @@ Set the specified environment variable to be passed to child processes. \fBSSLListen *:\fIport\fR Listens on the specified address and port for encrypted connections. .TP 5 +\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR] +.TP 5 +\fBSSLOptions None\fR +Sets encryption options. +By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. +The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. +The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. +.TP 5 \fBSSLPort \fIport\fR Listens on the specified port for encrypted connections. .TP 5 @@ -801,5 +809,5 @@ CUPS Online Help (http://localhost:631/help) .SH COPYRIGHT Copyright \[co] 2007-2014 by Apple Inc. .\" -.\" End of "$Id: cupsd.conf.man.in 12059 2014-07-28 14:04:32Z msweet $". +.\" End of "$Id: cupsd.conf.man.in 12215 2014-10-20 18:24:56Z msweet $". .\" diff --git a/packaging/cups.spec b/packaging/cups.spec index 0aa786f5a..1c10ef05d 100644 --- a/packaging/cups.spec +++ b/packaging/cups.spec @@ -1,5 +1,5 @@ # -# "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $" +# "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $" # # RPM "spec" file for CUPS. # @@ -44,12 +44,12 @@ Summary: CUPS Name: cups -Version: 2.0.0 +Version: 2.0.1 Release: 1 Epoch: 1 License: GPL Group: System Environment/Daemons -Source: http://www.cups.org/software/2.0.0/cups-2.0.0-source.tar.bz2 +Source: http://www.cups.org/software/2.0.1/cups-2.0.1-source.tar.bz2 Url: http://www.cups.org Packager: Anonymous <anonymous@foo.com> Vendor: Apple Inc. @@ -180,7 +180,7 @@ rm -rf $RPM_BUILD_ROOT %if %{?_with_systemd:1}%{!?_with_systemd:0} # SystemD -/usr/lib/systemd/system/* +/usr/lib/systemd/system/org.cups.cupsd.* %else # Legacy init support on Linux @@ -268,8 +268,8 @@ rm -rf $RPM_BUILD_ROOT #/usr/share/doc/cups/ca/* #%dir /usr/share/doc/cups/cs #/usr/share/doc/cups/cs/* -#%dir /usr/share/doc/cups/es -#/usr/share/doc/cups/es/* +%dir /usr/share/doc/cups/es +/usr/share/doc/cups/es/* #%dir /usr/share/doc/cups/fr #/usr/share/doc/cups/fr/* #%dir /usr/share/doc/cups/ja @@ -379,7 +379,14 @@ rm -rf $RPM_BUILD_ROOT %files lpd %defattr(-,root,root) +%if %{?_with_systemd:1}%{!?_with_systemd:0} +# SystemD +/usr/lib/systemd/system/org.cups.cups-lpd* +%else +# Legacy xinetd /etc/xinetd.d/cups-lpd +%endif + %dir /usr/lib/cups %dir /usr/lib/cups/daemon /usr/lib/cups/daemon/cups-lpd @@ -388,5 +395,5 @@ rm -rf $RPM_BUILD_ROOT # -# End of "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $". +# End of "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $". # diff --git a/packaging/cups.spec.in b/packaging/cups.spec.in index dc942e68a..efdab213e 100644 --- a/packaging/cups.spec.in +++ b/packaging/cups.spec.in @@ -1,5 +1,5 @@ # -# "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $" +# "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $" # # RPM "spec" file for CUPS. # @@ -180,7 +180,7 @@ rm -rf $RPM_BUILD_ROOT %if %{?_with_systemd:1}%{!?_with_systemd:0} # SystemD -/usr/lib/systemd/system/* +/usr/lib/systemd/system/org.cups.cupsd.* %else # Legacy init support on Linux @@ -268,8 +268,8 @@ rm -rf $RPM_BUILD_ROOT #/usr/share/doc/cups/ca/* #%dir /usr/share/doc/cups/cs #/usr/share/doc/cups/cs/* -#%dir /usr/share/doc/cups/es -#/usr/share/doc/cups/es/* +%dir /usr/share/doc/cups/es +/usr/share/doc/cups/es/* #%dir /usr/share/doc/cups/fr #/usr/share/doc/cups/fr/* #%dir /usr/share/doc/cups/ja @@ -379,7 +379,14 @@ rm -rf $RPM_BUILD_ROOT %files lpd %defattr(-,root,root) +%if %{?_with_systemd:1}%{!?_with_systemd:0} +# SystemD +/usr/lib/systemd/system/org.cups.cups-lpd* +%else +# Legacy xinetd /etc/xinetd.d/cups-lpd +%endif + %dir /usr/lib/cups %dir /usr/lib/cups/daemon /usr/lib/cups/daemon/cups-lpd @@ -388,5 +395,5 @@ rm -rf $RPM_BUILD_ROOT # -# End of "$Id: cups.spec.in 12074 2014-07-31 01:10:14Z msweet $". +# End of "$Id: cups.spec.in 12222 2014-10-21 11:55:01Z msweet $". # diff --git a/scheduler/Makefile b/scheduler/Makefile index c0c54a4b6..3e0884a21 100644 --- a/scheduler/Makefile +++ b/scheduler/Makefile @@ -1,9 +1,9 @@ # -# "$Id: Makefile 12132 2014-08-29 11:27:18Z msweet $" +# "$Id: Makefile 12222 2014-10-21 11:55:01Z msweet $" # # Scheduler Makefile for CUPS. # -# Copyright 2007-2013 by Apple Inc. +# Copyright 2007-2014 by Apple Inc. # Copyright 1997-2007 by Easy Software Products, all rights reserved. # # These coded instructions, statements, and computer programs are the @@ -206,8 +206,9 @@ install-data: $(INSTALL_DATA) org.cups.cupsd.path $(BUILDROOT)$(SYSTEMD_DIR); \ $(INSTALL_DATA) org.cups.cupsd.service $(BUILDROOT)$(SYSTEMD_DIR); \ $(INSTALL_DATA) org.cups.cupsd.socket $(BUILDROOT)$(SYSTEMD_DIR); \ - fi - if test "x$(XINETD)" != x; then \ + $(INSTALL_DATA) org.cups.cups-lpdAT.service $(BUILDROOT)$(SYSTEMD_DIR)/org.cups.cups-lpd@.service; \ + $(INSTALL_DATA) org.cups.cups-lpd.socket $(BUILDROOT)$(SYSTEMD_DIR); \ + elif test "x$(XINETD)" != x; then \ echo Installing xinetd configuration file for cups-lpd...; \ $(INSTALL_DIR) -m 755 $(BUILDROOT)$(XINETD); \ $(INSTALL_DATA) cups-lpd.xinetd $(BUILDROOT)$(XINETD)/cups-lpd; \ @@ -547,5 +548,5 @@ include Dependencies # -# End of "$Id: Makefile 12132 2014-08-29 11:27:18Z msweet $". +# End of "$Id: Makefile 12222 2014-10-21 11:55:01Z msweet $". # diff --git a/scheduler/colorman.c b/scheduler/colorman.c index 964932a3f..4a3f03077 100644 --- a/scheduler/colorman.c +++ b/scheduler/colorman.c @@ -1,5 +1,5 @@ /* - * "$Id: colorman.c 11558 2014-02-06 18:33:34Z msweet $" + * "$Id: colorman.c 12226 2014-10-21 13:36:05Z msweet $" * * Color management routines for the CUPS scheduler. * @@ -186,7 +186,8 @@ void cupsdStopColor(void) { #if !defined(__APPLE__) && defined(HAVE_DBUS) - dbus_connection_unref(colord_con); + if (colord_con) + dbus_connection_unref(colord_con); colord_con = NULL; #endif /* !__APPLE__ && HAVE_DBUS */ } @@ -1514,5 +1515,5 @@ colord_unregister_printer( /* - * End of "$Id: colorman.c 11558 2014-02-06 18:33:34Z msweet $". + * End of "$Id: colorman.c 12226 2014-10-21 13:36:05Z msweet $". */ diff --git a/scheduler/conf.c b/scheduler/conf.c index 454fd240d..68ab09319 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -1,5 +1,5 @@ /* - * "$Id: conf.c 12178 2014-09-30 18:56:48Z msweet $" + * "$Id: conf.c 12224 2014-10-21 13:16:30Z msweet $" * * Configuration routines for the CUPS scheduler. * @@ -596,6 +596,8 @@ cupsdReadConfiguration(void) # else cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); # endif /* HAVE_GNUTLS */ + + _httpTLSSetOptions(0); #endif /* HAVE_SSL */ language = cupsLangDefault(); @@ -993,6 +995,9 @@ cupsdReadConfiguration(void) cupsdLogMessage(CUPSD_LOG_NOTICE, "Group and SystemGroup cannot use the same groups."); + if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS)) + return (0); + cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"..."); group = getgrnam("nobody"); @@ -2929,6 +2934,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ "FaxRetryLimit is deprecated; use " "JobRetryLimit on line %d.", linenum); } + else if (!_cups_strcasecmp(line, "SSLOptions")) + { + /* + * SSLOptions [AllowRC4] [AllowSSL3] [None] + */ + + int options = 0; /* SSL/TLS options */ + + if (value) + { + char *start, /* Start of option */ + *end; /* End of option */ + + for (start = value; *start; start = end) + { + /* + * Find end of keyword... + */ + + end = start; + while (*end && !_cups_isspace(*end)) + end ++; + + if (*end) + *end++ = '\0'; + + /* + * Compare... + */ + + if (!_cups_strcasecmp(start, "AllowRC4")) + options |= _HTTP_TLS_ALLOW_RC4; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + options |= _HTTP_TLS_ALLOW_SSL3; + else if (!_cups_strcasecmp(start, "None")) + options = 0; + else if (_cups_strcasecmp(start, "NoEmptyFragments")) + cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum); + } + } + + _httpTLSSetOptions(options); + } else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") #ifdef HAVE_SSL || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen") @@ -4093,5 +4141,5 @@ set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */ /* - * End of "$Id: conf.c 12178 2014-09-30 18:56:48Z msweet $". + * End of "$Id: conf.c 12224 2014-10-21 13:16:30Z msweet $". */ diff --git a/scheduler/main.c b/scheduler/main.c index 1d3ac1b55..76e095bfd 100644 --- a/scheduler/main.c +++ b/scheduler/main.c @@ -1,5 +1,5 @@ /* - * "$Id: main.c 12140 2014-08-30 01:51:22Z msweet $" + * "$Id: main.c 12248 2014-11-12 16:32:57Z msweet $" * * Main loop for the CUPS scheduler. * @@ -100,7 +100,11 @@ main(int argc, /* I - Number of command-line args */ { int i; /* Looping var */ char *opt; /* Option character */ - int fg; /* Run in the foreground */ + int close_all = 1, /* Close all file descriptors? */ + disconnect = 1, /* Disconnect from controlling terminal? */ + fg = 0, /* Run in foreground? */ + run_as_child = 0; + /* Running as child process? */ int fds; /* Number of ready descriptors */ cupsd_client_t *con; /* Current client */ cupsd_job_t *job; /* Current job */ @@ -116,8 +120,6 @@ main(int argc, /* I - Number of command-line args */ #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) struct sigaction action; /* Actions for POSIX signals */ #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ - int run_as_child = 0; - /* Needed for background fork/exec */ #ifdef __APPLE__ int use_sysman = 1; /* Use system management functions? */ #else @@ -150,8 +152,10 @@ main(int argc, /* I - Number of command-line args */ #ifdef HAVE_LAUNCHD if (getenv("CUPSD_LAUNCHD")) { - OnDemand = 1; - fg = 1; + OnDemand = 1; + fg = 1; + close_all = 0; + disconnect = 0; } #endif /* HAVE_LAUNCHD */ @@ -162,7 +166,8 @@ main(int argc, /* I - Number of command-line args */ { case 'C' : /* Run as child with config file */ run_as_child = 1; - fg = -1; + fg = 1; + close_all = 0; case 'c' : /* Configuration file */ i ++; @@ -217,11 +222,14 @@ main(int argc, /* I - Number of command-line args */ break; case 'f' : /* Run in foreground... */ - fg = 1; + fg = 1; + disconnect = 0; + close_all = 0; break; case 'F' : /* Run in foreground, but disconnect from terminal... */ - fg = -1; + fg = 1; + close_all = 0; break; case 'h' : /* Show usage/help */ @@ -230,12 +238,16 @@ main(int argc, /* I - Number of command-line args */ case 'l' : /* Started by launchd/systemd... */ #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD) - OnDemand = 1; - fg = 1; + OnDemand = 1; + fg = 1; + close_all = 0; + disconnect = 0; #else _cupsLangPuts(stderr, _("cupsd: On-demand support not compiled " "in, running in normal mode.")); - fg = 0; + fg = 0; + disconnect = 1; + close_all = 1; #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */ break; @@ -244,6 +256,8 @@ main(int argc, /* I - Number of command-line args */ "use only!\n", stderr); stop_scheduler = 1; fg = 1; + disconnect = 0; + close_all = 0; break; case 'P' : /* Disable security profiles */ @@ -285,6 +299,8 @@ main(int argc, /* I - Number of command-line args */ case 't' : /* Test the cupsd.conf file... */ TestConfigFile = 1; fg = 1; + disconnect = 0; + close_all = 0; break; default : /* Unknown option */ @@ -332,8 +348,57 @@ main(int argc, /* I - Number of command-line args */ free(filename); } + if (disconnect) + { + /* + * Make sure we aren't tying up any filesystems... + */ + + chdir("/"); + + /* + * Disconnect from the controlling terminal... + */ + + setsid(); + } + + if (close_all) + { + /* + * Close all open files... + */ + + getrlimit(RLIMIT_NOFILE, &limit); + + for (i = 0; i < (int)limit.rlim_cur && i < 1024; i ++) + close(i); + + /* + * Redirect stdin/out/err to /dev/null... + */ + + if ((i = open("/dev/null", O_RDONLY)) != 0) + { + dup2(i, 0); + close(i); + } + + if ((i = open("/dev/null", O_WRONLY)) != 1) + { + dup2(i, 1); + close(i); + } + + if ((i = open("/dev/null", O_WRONLY)) != 2) + { + dup2(i, 2); + close(i); + } + } + /* - * If the user hasn't specified "-f", run in the background... + * Run in the background as needed... */ if (!fg) @@ -408,74 +473,17 @@ main(int argc, /* I - Number of command-line args */ #endif /* __OpenBSD__ && OpenBSD < 201211 */ /* - * Since CoreFoundation and DBUS both create fork-unsafe data on execution of - * a program, and since this kind of really unfriendly behavior seems to be - * more common these days in system libraries, we need to re-execute the - * background cupsd with the "-C" option to avoid problems. Unfortunately, - * we also have to assume that argv[0] contains the name of the cupsd - * executable - there is no portable way to get the real pathname... + * Since many system libraries create fork-unsafe data on execution of a + * program, we need to re-execute the background cupsd with the "-C" and "-s" + * options to avoid problems. Unfortunately, we also have to assume that + * argv[0] contains the name of the cupsd executable - there is no portable + * way to get the real pathname... */ - execlp(argv[0], argv[0], "-C", ConfigurationFile, (char *)0); + execlp(argv[0], argv[0], "-C", ConfigurationFile, "-s", CupsFilesFile, (char *)0); exit(errno); } - if (fg < 1) - { - /* - * Make sure we aren't tying up any filesystems... - */ - - chdir("/"); - -#ifndef DEBUG - /* - * Disable core dumps... - */ - - getrlimit(RLIMIT_CORE, &limit); - limit.rlim_cur = 0; - setrlimit(RLIMIT_CORE, &limit); - - /* - * Disconnect from the controlling terminal... - */ - - setsid(); - - /* - * Close all open files... - */ - - getrlimit(RLIMIT_NOFILE, &limit); - - for (i = 0; i < limit.rlim_cur && i < 1024; i ++) - close(i); - - /* - * Redirect stdin/out/err to /dev/null... - */ - - if ((i = open("/dev/null", O_RDONLY)) != 0) - { - dup2(i, 0); - close(i); - } - - if ((i = open("/dev/null", O_WRONLY)) != 1) - { - dup2(i, 1); - close(i); - } - - if ((i = open("/dev/null", O_WRONLY)) != 2) - { - dup2(i, 2); - close(i); - } -#endif /* DEBUG */ - } - /* * Set the timezone info... */ @@ -763,6 +771,9 @@ main(int argc, /* I - Number of command-line args */ if (timeout == 86400 && OnDemand && IdleExitTimeout && !cupsArrayCount(ActiveJobs) && +# ifdef HAVE_SYSTEMD + !WebInterface && +# endif /* HAVE_SYSTEMD */ (!Browsing || !BrowseLocalProtocols || !cupsArrayCount(Printers))) { timeout = IdleExitTimeout; @@ -2114,8 +2125,12 @@ service_checkout(void) * jobs or shared printers to advertise... */ - if (cupsArrayCount(ActiveJobs) || + if (cupsArrayCount(ActiveJobs) || /* Active jobs */ +# ifdef HAVE_SYSTEMD + WebInterface || /* Web interface enabled */ +# endif /* HAVE_SYSTEMD */ (Browsing && BrowseLocalProtocols && cupsArrayCount(Printers))) + /* Printers being shared */ { cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating keep-alive file \"" CUPS_KEEPALIVE "\"."); @@ -2158,5 +2173,5 @@ usage(int status) /* O - Exit status */ /* - * End of "$Id: main.c 12140 2014-08-30 01:51:22Z msweet $". + * End of "$Id: main.c 12248 2014-11-12 16:32:57Z msweet $". */ diff --git a/scheduler/org.cups.cups-lpd.socket b/scheduler/org.cups.cups-lpd.socket new file mode 100644 index 000000000..dd5288c62 --- /dev/null +++ b/scheduler/org.cups.cups-lpd.socket @@ -0,0 +1,9 @@ +[Unit] +Description=CUPS LPD Server Socket + +[Socket] +ListenStream=515 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/scheduler/org.cups.cups-lpdAT.service.in b/scheduler/org.cups.cups-lpdAT.service.in new file mode 100644 index 000000000..5c7827340 --- /dev/null +++ b/scheduler/org.cups.cups-lpdAT.service.in @@ -0,0 +1,9 @@ +[Unit] +Description=CUPS LPD server +Documentation=man:cups-lpd(8) + +[Service] +ExecStart=-@CUPS_SERVERBIN@/daemon/cups-lpd +StandardInput=socket +User=@CUPS_USER@ + diff --git a/scheduler/org.cups.cupsd.service.in b/scheduler/org.cups.cupsd.service.in index 43900167b..0a27c769f 100644 --- a/scheduler/org.cups.cupsd.service.in +++ b/scheduler/org.cups.cupsd.service.in @@ -1,5 +1,6 @@ [Unit] Description=CUPS Scheduler +Documentation=man:cupsd(8) [Service] ExecStart=@sbindir@/cupsd -l diff --git a/scheduler/org.cups.cupsd.socket.in b/scheduler/org.cups.cupsd.socket.in index cd98aa56e..b0928c51c 100644 --- a/scheduler/org.cups.cupsd.socket.in +++ b/scheduler/org.cups.cupsd.socket.in @@ -3,10 +3,6 @@ Description=CUPS Scheduler [Socket] ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@ -ListenStream=[::1]:631 -ListenStream=127.0.0.1:631 -BindIPv6Only=ipv6-only -ReusePort=true [Install] WantedBy=sockets.target diff --git a/scheduler/process.c b/scheduler/process.c index d23a352c7..7a9df0f34 100644 --- a/scheduler/process.c +++ b/scheduler/process.c @@ -1,5 +1,5 @@ /* - * "$Id: process.c 12102 2014-08-20 15:19:09Z msweet $" + * "$Id: process.c 12252 2014-11-14 17:14:45Z msweet $" * * Process management routines for the CUPS scheduler. * @@ -459,18 +459,19 @@ cupsdStartProcess( int i; /* Looping var */ const char *exec_path = command; /* Command to be exec'd */ char *real_argv[110], /* Real command-line arguments */ - cups_exec[1024]; /* Path to "cups-exec" program */ + cups_exec[1024], /* Path to "cups-exec" program */ + user_str[16], /* User string */ + group_str[16], /* Group string */ + nice_str[16]; /* FilterNice string */ uid_t user; /* Command UID */ cupsd_proc_t *proc; /* New process record */ -#ifdef HAVE_POSIX_SPAWN +#if defined(HAVE_POSIX_SPAWN) && !defined(__OpenBSD__) posix_spawn_file_actions_t actions; /* Spawn file actions */ posix_spawnattr_t attrs; /* Spawn attributes */ - char user_str[16], /* User string */ - group_str[16], /* Group string */ - nice_str[16]; /* FilterNice string */ + sigset_t defsignals; /* Default signals */ #elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) struct sigaction action; /* POSIX signal handler */ -#endif /* HAVE_POSIX_SPAWN */ +#endif /* HAVE_POSIX_SPAWN && !__OpenBSD__ */ #if defined(__APPLE__) char processPath[1024], /* CFProcessPath environment variable */ linkpath[1024]; /* Link path for symlinks... */ @@ -534,9 +535,9 @@ cupsdStartProcess( * Use helper program when we have a sandbox profile... */ -#ifndef HAVE_POSIX_SPAWN +#if !defined(HAVE_POSIX_SPAWN) || defined(__OpenBSD__) if (profile) -#endif /* !HAVE_POSIX_SPAWN */ +#endif /* !HAVE_POSIX_SPAWN || __OpenBSD__ */ { snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin); snprintf(user_str, sizeof(user_str), "%d", user); @@ -572,14 +573,21 @@ cupsdStartProcess( cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]); } -#ifdef HAVE_POSIX_SPAWN +#if defined(HAVE_POSIX_SPAWN) && !defined(__OpenBSD__) /* OpenBSD posix_spawn is busted with SETSIGDEF */ /* * Setup attributes and file actions for the spawn... */ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes."); + sigemptyset(&defsignals); + sigaddset(&defsignals, SIGTERM); + sigaddset(&defsignals, SIGCHLD); + sigaddset(&defsignals, SIGPIPE); + posix_spawnattr_init(&attrs); posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF); + posix_spawnattr_setpgroup(&attrs, 0); + posix_spawnattr_setsigdefault(&attrs, &defsignals); cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions."); posix_spawn_file_actions_init(&actions); @@ -788,7 +796,7 @@ cupsdStartProcess( } cupsdReleaseSignals(); -#endif /* HAVE_POSIX_SPAWN */ +#endif /* HAVE_POSIX_SPAWN && !__OpenBSD__ */ if (*pid) { @@ -870,5 +878,5 @@ cupsd_requote(char *dst, /* I - Destination buffer */ /* - * End of "$Id: process.c 12102 2014-08-20 15:19:09Z msweet $". + * End of "$Id: process.c 12252 2014-11-14 17:14:45Z msweet $". */ diff --git a/systemv/cancel.c b/systemv/cancel.c index 02c56911c..dbe5e70be 100644 --- a/systemv/cancel.c +++ b/systemv/cancel.c @@ -1,5 +1,5 @@ /* - * "$Id: cancel.c 10996 2013-05-29 11:51:34Z msweet $" + * "$Id: cancel.c 12248 2014-11-12 16:32:57Z msweet $" * * "cancel" command for CUPS. * @@ -315,7 +315,7 @@ main(int argc, /* I - Number of command-line arguments */ ippDelete(response); } - if (num_dests == 0 && op == IPP_PURGE_JOBS) + if (num_dests == 0 && op != IPP_CANCEL_JOB) { /* * Open a connection to the server... @@ -383,5 +383,5 @@ main(int argc, /* I - Number of command-line arguments */ /* - * End of "$Id: cancel.c 10996 2013-05-29 11:51:34Z msweet $". + * End of "$Id: cancel.c 12248 2014-11-12 16:32:57Z msweet $". */ diff --git a/templates/es/header.tmpl.in b/templates/es/header.tmpl.in index 044966157..a6df94cfb 100644 --- a/templates/es/header.tmpl.in +++ b/templates/es/header.tmpl.in @@ -8,7 +8,15 @@ {refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:} <meta http-equiv="X-UA-Compatible" content="IE=9"> <meta name="viewport" content="width=device-width"> + <style>html{display:none;}</style> <script type="text/javascript"><!-- + /* Only display document if we are not in a frame... */ + if (self == top) { + document.documentElement.style.display = 'block'; + } else { + top.location = self.location; + } + /* Show an error if cookies are disabled */ function check_cookies() { if (!navigator.cookieEnabled) { diff --git a/templates/header.tmpl.in b/templates/header.tmpl.in index e41da576b..a4beb53df 100644 --- a/templates/header.tmpl.in +++ b/templates/header.tmpl.in @@ -8,7 +8,15 @@ {refresh_page?<meta http-equiv="refresh" content="{refresh_page}">:} <meta http-equiv="X-UA-Compatible" content="IE=9"> <meta name="viewport" content="width=device-width"> + <style>html{display:none;}</style> <script type="text/javascript"><!-- + /* Only display document if we are not in a frame... */ + if (self == top) { + document.documentElement.style.display = 'block'; + } else { + top.location = self.location; + } + /* Show an error if cookies are disabled */ function check_cookies() { if (!navigator.cookieEnabled) { diff --git a/test/ippserver.c b/test/ippserver.c index f2055a197..c785e5f62 100644 --- a/test/ippserver.c +++ b/test/ippserver.c @@ -1,5 +1,5 @@ /* - * "$Id: ippserver.c 12136 2014-08-29 15:19:40Z msweet $" + * "$Id: ippserver.c 12215 2014-10-20 18:24:56Z msweet $" * * Sample IPP Everywhere server for CUPS. * @@ -57,6 +57,11 @@ extern char **environ; #ifdef HAVE_DNSSD # include <dns_sd.h> +#elif defined(HAVE_AVAHI) +# include <avahi-client/client.h> +# include <avahi-client/publish.h> +# include <avahi-common/error.h> +# include <avahi-common/thread-watch.h> #endif /* HAVE_DNSSD */ #ifdef HAVE_SYS_MOUNT_H # include <sys/mount.h> @@ -231,6 +236,19 @@ static const char * const printer_supplies[] = * Structures... */ +#ifdef HAVE_DNSSD +typedef DNSServiceRef _ipp_srv_t; /* Service reference */ +typedef TXTRecordRef _ipp_txt_t; /* TXT record */ + +#elif defined(HAVE_AVAHI) +typedef AvahiEntryGroup *_ipp_srv_t; /* Service reference */ +typedef AvahiStringList *_ipp_txt_t; /* TXT record */ + +#else +typedef void *_ipp_srv_t; /* Service reference */ +typedef void *_ipp_txt_t; /* TXT record */ +#endif /* HAVE_DNSSD */ + typedef struct _ipp_filter_s /**** Attribute filter ****/ { cups_array_t *ra; /* Requested attributes */ @@ -243,18 +261,12 @@ typedef struct _ipp_printer_s /**** Printer data ****/ { int ipv4, /* IPv4 listener */ ipv6; /* IPv6 listener */ -#ifdef HAVE_DNSSD - DNSServiceRef common_ref, /* Shared service connection */ - ipp_ref, /* Bonjour IPP service */ -# ifdef HAVE_SSL + _ipp_srv_t ipp_ref, /* Bonjour IPP service */ ipps_ref, /* Bonjour IPPS service */ -# endif /* HAVE_SSL */ http_ref, /* Bonjour HTTP service */ printer_ref; /* Bonjour LPD service */ - TXTRecordRef ipp_txt; /* Bonjour IPP TXT record */ - char *dnssd_name; /* printer-dnssd-name */ -#endif /* HAVE_DNSSD */ - char *name, /* printer-name */ + char *dnssd_name, /* printer-dnssd-name */ + *name, /* printer-name */ *icon, /* Icon filename */ *directory, /* Spool directory */ *hostname, /* Hostname */ @@ -340,10 +352,7 @@ static _ipp_printer_t *create_printer(const char *servername, const char *icon, const char *docformats, int ppm, int ppm_color, int duplex, int port, - int pin, -#ifdef HAVE_DNSSD - const char *subtype, -#endif /* HAVE_DNSSD */ + int pin, const char *subtype, const char *directory, const char *command); static void debug_attributes(const char *title, ipp_t *ipp, @@ -359,7 +368,11 @@ static void dnssd_callback(DNSServiceRef sdRef, const char *regtype, const char *domain, _ipp_printer_t *printer); +#elif defined(HAVE_AVAHI) +static void dnssd_callback(AvahiEntryGroup *p, AvahiEntryGroupState state, void *context); +static void dnssd_client_cb(AvahiClient *c, AvahiClientState state, void *userdata); #endif /* HAVE_DNSSD */ +static void dnssd_init(void); static int filter_cb(_ipp_filter_t *filter, ipp_t *dst, ipp_attribute_t *attr); static _ipp_job_t *find_job(_ipp_client_t *client); static void html_escape(_ipp_client_t *client, const char *s, @@ -386,9 +399,7 @@ static void *process_client(_ipp_client_t *client); static int process_http(_ipp_client_t *client); static int process_ipp(_ipp_client_t *client); static void *process_job(_ipp_job_t *job); -#ifdef HAVE_DNSSD static int register_printer(_ipp_printer_t *printer, const char *location, const char *make, const char *model, const char *formats, const char *adminurl, const char *uuid, int color, int duplex, const char *regtype); -#endif /* HAVE_DNSSD */ static int respond_http(_ipp_client_t *client, http_status_t code, const char *content_coding, const char *type, size_t length); @@ -408,6 +419,13 @@ static int valid_job_attributes(_ipp_client_t *client); * Globals... */ +# ifdef HAVE_DNSSD +static DNSServiceRef DNSSDMaster = NULL; +# else /* HAVE_AVAHI */ +static AvahiThreadedPoll *DNSSDMaster = NULL; +static AvahiClient *DNSSDClient = NULL; +# endif /* HAVE_DNSSD */ + static int KeepFiles = 0, Verbosity = 0; @@ -434,9 +452,7 @@ main(int argc, /* I - Number of command-line args */ #ifdef HAVE_SSL const char *keypath = NULL; /* Keychain path */ #endif /* HAVE_SSL */ -#ifdef HAVE_DNSSD const char *subtype = "_print"; /* Bonjour service subtype */ -#endif /* HAVE_DNSSD */ int port = 0, /* Port number (0 = auto) */ duplex = 0, /* Duplex mode */ ppm = 10, /* Pages per minute for mono */ @@ -546,14 +562,12 @@ main(int argc, /* I - Number of command-line args */ port = atoi(argv[i]); break; -#ifdef HAVE_DNSSD case 'r' : /* -r subtype */ i ++; if (i >= argc) usage(1); subtype = argv[i]; break; -#endif /* HAVE_DNSSD */ case 's' : /* -s speed[,color-speed] */ i ++; @@ -597,8 +611,8 @@ main(int argc, /* I - Number of command-line args */ { #ifdef WIN32 /* - * Windows is almost always used as a single user system, so use a default port - * number of 8631. + * Windows is almost always used as a single user system, so use a default + * port number of 8631. */ port = 8631; @@ -634,15 +648,18 @@ main(int argc, /* I - Number of command-line args */ #endif /* HAVE_SSL */ /* + * Initialize Bonjour... + */ + + dnssd_init(); + + /* * Create the printer... */ if ((printer = create_printer(servername, name, location, make, model, icon, formats, ppm, ppm_color, duplex, port, pin, -#ifdef HAVE_DNSSD - subtype, -#endif /* HAVE_DNSSD */ - directory, command)) == NULL) + subtype, directory, command)) == NULL) return (1); /* @@ -1197,9 +1214,7 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default) int duplex, /* I - 1 = duplex, 0 = simplex */ int port, /* I - Port for listeners or 0 for auto */ int pin, /* I - Require PIN printing */ -#ifdef HAVE_DNSSD const char *subtype, /* I - Bonjour service subtype */ -#endif /* HAVE_DNSSD */ const char *directory, /* I - Spool directory */ const char *command) /* I - Command to run on job files */ { @@ -1435,9 +1450,7 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default) printer->ipv4 = -1; printer->ipv6 = -1; printer->name = strdup(name); -#ifdef HAVE_DNSSD printer->dnssd_name = strdup(printer->name); -#endif /* HAVE_DNSSD */ printer->command = command ? strdup(command) : NULL; printer->directory = strdup(directory); printer->hostname = strdup(servername); @@ -2078,14 +2091,12 @@ create_printer(const char *servername, /* I - Server hostname (NULL for default) debug_attributes("Printer", printer->attrs, 0); -#ifdef HAVE_DNSSD /* * Register the printer with Bonjour... */ if (!register_printer(printer, location, make, model, docformats, adminurl, uuid + 9, ppm_color > 0, duplex, subtype)) goto bad_printer; -#endif /* HAVE_DNSSD */ /* * Return it! @@ -2227,26 +2238,29 @@ delete_printer(_ipp_printer_t *printer) /* I - Printer */ #if HAVE_DNSSD if (printer->printer_ref) DNSServiceRefDeallocate(printer->printer_ref); - if (printer->ipp_ref) DNSServiceRefDeallocate(printer->ipp_ref); - -# ifdef HAVE_SSL if (printer->ipps_ref) DNSServiceRefDeallocate(printer->ipps_ref); -# endif /* HAVE_SSL */ if (printer->http_ref) DNSServiceRefDeallocate(printer->http_ref); +#elif defined(HAVE_AVAHI) + avahi_threaded_poll_lock(DNSSDMaster); - if (printer->common_ref) - DNSServiceRefDeallocate(printer->common_ref); + if (printer->printer_ref) + avahi_entry_group_free(printer->printer_ref); + if (printer->ipp_ref) + avahi_entry_group_free(printer->ipp_ref); + if (printer->ipps_ref) + avahi_entry_group_free(printer->ipps_ref); + if (printer->http_ref) + avahi_entry_group_free(printer->http_ref); - TXTRecordDeallocate(&(printer->ipp_txt)); + avahi_threaded_poll_unlock(DNSSDMaster); +#endif /* HAVE_DNSSD */ if (printer->dnssd_name) free(printer->dnssd_name); -#endif /* HAVE_DNSSD */ - if (printer->name) free(printer->name); if (printer->icon) @@ -2302,10 +2316,95 @@ dnssd_callback( printer->dnssd_name = strdup(name); } } + + +#elif defined(HAVE_AVAHI) +/* + * 'dnssd_callback()' - Handle Bonjour registration events. + */ + +static void +dnssd_callback( + AvahiEntryGroup *srv, /* I - Service */ + AvahiEntryGroupState state, /* I - Registration state */ + void *context) /* I - Printer */ +{ + (void)srv; + (void)state; + (void)context; +} + + +/* + * 'dnssd_client_cb()' - Client callback for Avahi. + * + * Called whenever the client or server state changes... + */ + +static void +dnssd_client_cb( + AvahiClient *c, /* I - Client */ + AvahiClientState state, /* I - Current state */ + void *userdata) /* I - User data (unused) */ +{ + (void)userdata; + + if (!c) + return; + + switch (state) + { + default : + fprintf(stderr, "Ignore Avahi state %d.\n", state); + break; + + case AVAHI_CLIENT_FAILURE: + if (avahi_client_errno(c) == AVAHI_ERR_DISCONNECTED) + { + fputs("Avahi server crashed, exiting.\n", stderr); + exit(1); + } + break; + } +} #endif /* HAVE_DNSSD */ /* + * 'dnssd_init()' - Initialize the DNS-SD service connections... + */ + +static void +dnssd_init(void) +{ +#ifdef HAVE_DNSSD + if (DNSServiceCreateConnection(&DNSSDMaster) != kDNSServiceErr_NoError) + { + fputs("Error: Unable to initialize Bonjour.\n", stderr); + exit(1); + } + +#elif defined(HAVE_AVAHI) + int error; /* Error code, if any */ + + if ((DNSSDMaster = avahi_threaded_poll_new()) == NULL) + { + fputs("Error: Unable to initialize Bonjour.\n", stderr); + exit(1); + } + + if ((DNSSDClient = avahi_client_new(avahi_threaded_poll_get(DNSSDMaster), AVAHI_CLIENT_NO_FAIL, dnssd_client_cb, NULL, &error)) == NULL) + { + fputs("Error: Unable to initialize Bonjour.\n", stderr); + exit(1); + } + + avahi_threaded_poll_start(DNSSDMaster); +#endif /* HAVE_DNSSD */ +} + + +/* * 'filter_cb()' - Filter printer attributes based on the requested array. */ @@ -2318,7 +2417,9 @@ filter_cb(_ipp_filter_t *filter, /* I - Filter parameters */ * Filter attributes as needed... */ -// (void)dst; +#ifndef WIN32 /* Avoid MS compiler bug */ + (void)dst; +#endif /* !WIN32 */ ipp_tag_t group = ippGetGroupTag(attr); const char *name = ippGetName(attr); @@ -5426,7 +5527,6 @@ process_job(_ipp_job_t *job) /* I - Job */ } -#ifdef HAVE_DNSSD /* * 'register_printer()' - Register a printer object via Bonjour. */ @@ -5444,6 +5544,8 @@ register_printer( int duplex, /* I - 1 = duplex, 0 = simplex */ const char *subtype) /* I - Service subtype */ { + _ipp_txt_t ipp_txt; /* Bonjour IPP TXT record */ +#ifdef HAVE_DNSSD DNSServiceErrorType error; /* Error from Bonjour */ char make_model[256],/* Make and model together */ product[256], /* Product string */ @@ -5457,47 +5559,36 @@ register_printer( snprintf(make_model, sizeof(make_model), "%s %s", make, model); snprintf(product, sizeof(product), "(%s)", model); - TXTRecordCreate(&(printer->ipp_txt), 1024, NULL); - TXTRecordSetValue(&(printer->ipp_txt), "rp", 9, "ipp/print"); - TXTRecordSetValue(&(printer->ipp_txt), "ty", (uint8_t)strlen(make_model), + TXTRecordCreate(&ipp_txt, 1024, NULL); + TXTRecordSetValue(&ipp_txt, "rp", 9, "ipp/print"); + TXTRecordSetValue(&ipp_txt, "ty", (uint8_t)strlen(make_model), make_model); - TXTRecordSetValue(&(printer->ipp_txt), "adminurl", (uint8_t)strlen(adminurl), + TXTRecordSetValue(&ipp_txt, "adminurl", (uint8_t)strlen(adminurl), adminurl); if (*location) - TXTRecordSetValue(&(printer->ipp_txt), "note", (uint8_t)strlen(location), + TXTRecordSetValue(&ipp_txt, "note", (uint8_t)strlen(location), location); - TXTRecordSetValue(&(printer->ipp_txt), "product", (uint8_t)strlen(product), + TXTRecordSetValue(&ipp_txt, "product", (uint8_t)strlen(product), product); - TXTRecordSetValue(&(printer->ipp_txt), "pdl", (uint8_t)strlen(formats), + TXTRecordSetValue(&ipp_txt, "pdl", (uint8_t)strlen(formats), formats); - TXTRecordSetValue(&(printer->ipp_txt), "Color", 1, color ? "T" : "F"); - TXTRecordSetValue(&(printer->ipp_txt), "Duplex", 1, duplex ? "T" : "F"); - TXTRecordSetValue(&(printer->ipp_txt), "usb_MFG", (uint8_t)strlen(make), + TXTRecordSetValue(&ipp_txt, "Color", 1, color ? "T" : "F"); + TXTRecordSetValue(&ipp_txt, "Duplex", 1, duplex ? "T" : "F"); + TXTRecordSetValue(&ipp_txt, "usb_MFG", (uint8_t)strlen(make), make); - TXTRecordSetValue(&(printer->ipp_txt), "usb_MDL", (uint8_t)strlen(model), + TXTRecordSetValue(&ipp_txt, "usb_MDL", (uint8_t)strlen(model), model); - TXTRecordSetValue(&(printer->ipp_txt), "UUID", (uint8_t)strlen(uuid), uuid); + TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(uuid), uuid); # ifdef HAVE_SSL - TXTRecordSetValue(&(printer->ipp_txt), "TLS", 3, "1.2"); + TXTRecordSetValue(&ipp_txt, "TLS", 3, "1.2"); # endif /* HAVE_SSL */ /* - * Create a shared service reference for Bonjour... - */ - - if ((error = DNSServiceCreateConnection(&(printer->common_ref))) - != kDNSServiceErr_NoError) - { - fprintf(stderr, "Unable to create mDNSResponder connection: %d\n", error); - return (0); - } - - /* * Register the _printer._tcp (LPD) service type with a port number of 0 to * defend our service name but not actually support LPD... */ - printer->printer_ref = printer->common_ref; + printer->printer_ref = DNSSDMaster; if ((error = DNSServiceRegister(&(printer->printer_ref), kDNSServiceFlagsShareConnection, @@ -5518,7 +5609,7 @@ register_printer( * advertise our IPP printer... */ - printer->ipp_ref = printer->common_ref; + printer->ipp_ref = DNSSDMaster; if (subtype && *subtype) snprintf(regtype, sizeof(regtype), "_ipp._tcp,%s", subtype); @@ -5530,8 +5621,8 @@ register_printer( 0 /* interfaceIndex */, printer->dnssd_name, regtype, NULL /* domain */, NULL /* host */, htons(printer->port), - TXTRecordGetLength(&(printer->ipp_txt)), - TXTRecordGetBytesPtr(&(printer->ipp_txt)), + TXTRecordGetLength(&ipp_txt), + TXTRecordGetBytesPtr(&ipp_txt), (DNSServiceRegisterReply)dnssd_callback, printer)) != kDNSServiceErr_NoError) { @@ -5543,10 +5634,10 @@ register_printer( # ifdef HAVE_SSL /* * Then register the _ipps._tcp (IPP) service type with the real port number to - * advertise our IPP printer... + * advertise our IPPS printer... */ - printer->ipps_ref = printer->common_ref; + printer->ipps_ref = DNSSDMaster; if (subtype && *subtype) snprintf(regtype, sizeof(regtype), "_ipps._tcp,%s", subtype); @@ -5558,8 +5649,8 @@ register_printer( 0 /* interfaceIndex */, printer->dnssd_name, regtype, NULL /* domain */, NULL /* host */, htons(printer->port), - TXTRecordGetLength(&(printer->ipp_txt)), - TXTRecordGetBytesPtr(&(printer->ipp_txt)), + TXTRecordGetLength(&ipp_txt), + TXTRecordGetBytesPtr(&ipp_txt), (DNSServiceRegisterReply)dnssd_callback, printer)) != kDNSServiceErr_NoError) { @@ -5574,7 +5665,7 @@ register_printer( * real port number to advertise our IPP printer... */ - printer->http_ref = printer->common_ref; + printer->http_ref = DNSSDMaster; if ((error = DNSServiceRegister(&(printer->http_ref), kDNSServiceFlagsShareConnection, @@ -5590,9 +5681,85 @@ register_printer( return (0); } + TXTRecordDeallocate(&ipp_txt); + +#elif defined(HAVE_AVAHI) + char temp[256]; /* Subtype service string */ + + /* + * Create the TXT record... + */ + + ipp_txt = NULL; + ipp_txt = avahi_string_list_add_printf(ipp_txt, "rp=ipp/print"); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "ty=%s %s", make, model); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "adminurl=%s", adminurl); + if (*location) + ipp_txt = avahi_string_list_add_printf(ipp_txt, "note=%s", location); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "product=(%s)", model); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "pdl=%s", formats); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "Color=%s", color ? "T" : "F"); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "Duplex=%s", duplex ? "T" : "F"); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "usb_MFG=%s", make); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "usb_MDL=%s", model); + ipp_txt = avahi_string_list_add_printf(ipp_txt, "UUID=%s", uuid); +# ifdef HAVE_SSL + ipp_txt = avahi_string_list_add_printf(ipp_txt, "TLS=1.2"); +# endif /* HAVE_SSL */ + + /* + * Register _printer._tcp (LPD) with port 0 to reserve the service name... + */ + + avahi_threaded_poll_lock(DNSSDMaster); + + printer->ipp_ref = avahi_entry_group_new(DNSSDClient, dnssd_callback, NULL); + + avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_printer._tcp", NULL, NULL, 0, NULL); + + /* + * Then register the _ipp._tcp (IPP)... + */ + + avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipp._tcp", NULL, NULL, printer->port, ipp_txt); + if (subtype && *subtype) + { + snprintf(temp, sizeof(temp), "%s._sub._ipp._tcp", subtype); + avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipp._tcp", NULL, temp); + } + +#ifdef HAVE_SSL + /* + * _ipps._tcp (IPPS) for secure printing... + */ + + avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipps._tcp", NULL, NULL, printer->port, ipp_txt); + if (subtype && *subtype) + { + snprintf(temp, sizeof(temp), "%s._sub._ipps._tcp", subtype); + avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_ipps._tcp", NULL, temp); + } +#endif /* HAVE_SSL */ + + /* + * Finally _http.tcp (HTTP) for the web interface... + */ + + avahi_entry_group_add_service_strlst(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_http._tcp", NULL, NULL, printer->port, NULL); + avahi_entry_group_add_service_subtype(printer->ipp_ref, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, printer->dnssd_name, "_http._tcp", NULL, "_printer._sub._http._tcp"); + + /* + * Commit it... + */ + + avahi_entry_group_commit(printer->ipp_ref); + avahi_threaded_poll_unlock(DNSSDMaster); + + avahi_string_list_free(ipp_txt); +#endif /* HAVE_DNSSD */ + return (1); } -#endif /* HAVE_DNSSD */ /* @@ -5786,7 +5953,7 @@ run_printer(_ipp_printer_t *printer) /* I - Printer */ num_fds = 2; #ifdef HAVE_DNSSD - polldata[num_fds ].fd = DNSServiceRefSockFD(printer->common_ref); + polldata[num_fds ].fd = DNSServiceRefSockFD(DNSSDMaster); polldata[num_fds ++].events = POLLIN; #endif /* HAVE_DNSSD */ @@ -5833,7 +6000,7 @@ run_printer(_ipp_printer_t *printer) /* I - Printer */ #ifdef HAVE_DNSSD if (polldata[2].revents & POLLIN) - DNSServiceProcessResult(printer->common_ref); + DNSServiceProcessResult(DNSSDMaster); #endif /* HAVE_DNSSD */ /* @@ -5871,7 +6038,7 @@ usage(int status) /* O - Exit status */ { if (!status) { - puts(CUPS_SVERSION " - Copyright 2010-2013 by Apple Inc. All rights " + puts(CUPS_SVERSION " - Copyright 2010-2014 by Apple Inc. All rights " "reserved."); puts(""); } @@ -5894,9 +6061,7 @@ usage(int status) /* O - Exit status */ puts("-m model Model name (default=Printer)"); puts("-n hostname Hostname for printer"); puts("-p port Port number (default=auto)"); -#ifdef HAVE_DNSSD puts("-r subtype Bonjour service subtype (default=_print)"); -#endif /* HAVE_DNSSD */ puts("-s speed[,color-speed] Speed in pages per minute (default=10,0)"); puts("-v[vvv] Be (very) verbose"); @@ -6303,5 +6468,5 @@ valid_job_attributes( /* - * End of "$Id: ippserver.c 12136 2014-08-29 15:19:40Z msweet $". + * End of "$Id: ippserver.c 12215 2014-10-20 18:24:56Z msweet $". */ diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh index 9241fe605..eefe97d96 100755 --- a/test/run-stp-tests.sh +++ b/test/run-stp-tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# "$Id: run-stp-tests.sh 12151 2014-09-04 00:57:41Z msweet $" +# "$Id: run-stp-tests.sh 12248 2014-11-12 16:32:57Z msweet $" # # Perform the complete set of IPP compliance tests specified in the # CUPS Software Test Plan. @@ -875,7 +875,7 @@ fi # Requests logged count=`wc -l $BASE/log/access_log | awk '{print $1}'` -expected=`expr 37 + 18 + 28 + $pjobs \* 8 + $pprinters \* $pjobs \* 4` +expected=`expr 37 + 18 + 29 + $pjobs \* 8 + $pprinters \* $pjobs \* 4` if test $count != $expected; then echo "FAIL: $count requests logged, expected $expected." echo "<P>FAIL: $count requests logged, expected $expected.</P>" >>$strfile @@ -1066,5 +1066,5 @@ if test $fail != 0; then fi # -# End of "$Id: run-stp-tests.sh 12151 2014-09-04 00:57:41Z msweet $" +# End of "$Id: run-stp-tests.sh 12248 2014-11-12 16:32:57Z msweet $" # diff --git a/vcnet/config.h b/vcnet/config.h index 9db00bc92..de30ae62d 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -1,5 +1,5 @@ /* - * "$Id: config.h 12136 2014-08-29 15:19:40Z msweet $" + * "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $" * * Configuration file for CUPS on Windows. * @@ -96,8 +96,8 @@ typedef unsigned long useconds_t; * Version of software... */ -#define CUPS_SVERSION "CUPS v2.0.0" -#define CUPS_MINIMAL "CUPS/2.0.0" +#define CUPS_SVERSION "CUPS v2.0.1" +#define CUPS_MINIMAL "CUPS/2.0.1" /* @@ -792,5 +792,5 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); } #endif /* !_CUPS_CONFIG_H_ */ /* - * End of "$Id: config.h 12136 2014-08-29 15:19:40Z msweet $". + * End of "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $". */ diff --git a/xcode/config.h b/xcode/config.h index 51a993829..33cc55ae2 100644 --- a/xcode/config.h +++ b/xcode/config.h @@ -1,5 +1,5 @@ /* - * "$Id: config.h 12140 2014-08-30 01:51:22Z msweet $" + * "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $" * * Configuration file for CUPS and Xcode. * @@ -20,8 +20,8 @@ * Version of software... */ -#define CUPS_SVERSION "CUPS v2.0.0" -#define CUPS_MINIMAL "CUPS/2.0.0" +#define CUPS_SVERSION "CUPS v2.0.1" +#define CUPS_MINIMAL "CUPS/2.0.1" /* @@ -699,5 +699,5 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); } #endif /* !_CUPS_CONFIG_H_ */ /* - * End of "$Id: config.h 12140 2014-08-30 01:51:22Z msweet $". + * End of "$Id: config.h 12254 2014-11-14 17:24:18Z msweet $". */ |