diff --git a/.gitignore b/.gitignore
index 0ceb184..0984f35 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,4 @@ cups-1.4.4-source.tar.bz2
 /cups-1.7.5-source.tar.bz2
 /cups-2.0rc1-source.tar.bz2
 /cups-2.0.0-source.tar.bz2
+/cups-2.0.1-source.tar.bz2
diff --git a/cups-lpd.socket b/cups-lpd.socket
deleted file mode 100644
index b098052..0000000
--- a/cups-lpd.socket
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=CUPS-LPD Server Socket
-
-[Socket]
-ListenStream=515
-Accept=yes
-
-[Install]
-WantedBy=sockets.target
diff --git a/cups-lpd@.service b/cups-lpd@.service
deleted file mode 100644
index 23b59c1..0000000
--- a/cups-lpd@.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Allow legacy LPD clients to communicate with CUPS
-Documentation=man:cups-lpd(8)
-
-[Service]
-ExecStart=-/usr/lib/cups/daemon/cups-lpd
-StandardInput=socket
-User=lp
diff --git a/cups-lspp.patch b/cups-lspp.patch
index feff07b..15d1bcb 100644
--- a/cups-lspp.patch
+++ b/cups-lspp.patch
@@ -1,6 +1,6 @@
-diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in
---- cups-2.0.0/config.h.in.lspp	2014-08-30 02:51:22.000000000 +0100
-+++ cups-2.0.0/config.h.in	2014-11-06 14:49:08.220421810 +0000
+diff -up cups-2.0.1/config.h.in.lspp cups-2.0.1/config.h.in
+--- cups-2.0.1/config.h.in.lspp	2014-08-30 03:51:22.000000000 +0200
++++ cups-2.0.1/config.h.in	2014-11-15 15:22:47.838306259 +0100
 @@ -709,6 +709,13 @@ static __inline int _cups_abs(int i) { r
  #  endif /* __GNUC__ || __STDC_VERSION__ */
  #endif /* !HAVE_ABS && !abs */
@@ -15,9 +15,9 @@ diff -up cups-2.0.0/config.h.in.lspp cups-2.0.0/config.h.in
  #endif /* !_CUPS_CONFIG_H_ */
  
  /*
-diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/cups-lspp.m4
---- cups-2.0.0/config-scripts/cups-lspp.m4.lspp	2014-11-06 14:49:08.220421810 +0000
-+++ cups-2.0.0/config-scripts/cups-lspp.m4	2014-11-06 14:49:08.220421810 +0000
+diff -up cups-2.0.1/config-scripts/cups-lspp.m4.lspp cups-2.0.1/config-scripts/cups-lspp.m4
+--- cups-2.0.1/config-scripts/cups-lspp.m4.lspp	2014-11-15 15:22:47.838306259 +0100
++++ cups-2.0.1/config-scripts/cups-lspp.m4	2014-11-15 15:22:47.838306259 +0100
 @@ -0,0 +1,36 @@
 +dnl
 +dnl   LSPP code for the Common UNIX Printing System (CUPS).
@@ -55,9 +55,9 @@ diff -up cups-2.0.0/config-scripts/cups-lspp.m4.lspp cups-2.0.0/config-scripts/c
 +            ;;
 +    esac
 +fi
-diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac
---- cups-2.0.0/configure.ac.lspp	2014-04-21 13:22:03.000000000 +0100
-+++ cups-2.0.0/configure.ac	2014-11-06 14:49:08.220421810 +0000
+diff -up cups-2.0.1/configure.ac.lspp cups-2.0.1/configure.ac
+--- cups-2.0.1/configure.ac.lspp	2014-10-21 13:55:01.000000000 +0200
++++ cups-2.0.1/configure.ac	2014-11-15 15:22:47.838306259 +0100
 @@ -36,6 +36,8 @@ sinclude(config-scripts/cups-startup.m4)
  sinclude(config-scripts/cups-defaults.m4)
  sinclude(config-scripts/cups-scripting.m4)
@@ -67,9 +67,9 @@ diff -up cups-2.0.0/configure.ac.lspp cups-2.0.0/configure.ac
  INSTALL_LANGUAGES=""
  UNINSTALL_LANGUAGES=""
  LANGFILES=""
-diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c
---- cups-2.0.0/filter/common.c.lspp	2014-02-06 18:33:34.000000000 +0000
-+++ cups-2.0.0/filter/common.c	2014-11-06 14:49:08.220421810 +0000
+diff -up cups-2.0.1/filter/common.c.lspp cups-2.0.1/filter/common.c
+--- cups-2.0.1/filter/common.c.lspp	2014-02-06 19:33:34.000000000 +0100
++++ cups-2.0.1/filter/common.c	2014-11-15 15:22:47.838306259 +0100
 @@ -19,6 +19,12 @@
   * Include necessary headers...
   */
@@ -238,9 +238,9 @@ diff -up cups-2.0.0/filter/common.c.lspp cups-2.0.0/filter/common.c
  
  
  /*
-diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c
---- cups-2.0.0/filter/pstops.c.lspp	2014-02-06 18:33:34.000000000 +0000
-+++ cups-2.0.0/filter/pstops.c	2014-11-06 14:49:08.221421819 +0000
+diff -up cups-2.0.1/filter/pstops.c.lspp cups-2.0.1/filter/pstops.c
+--- cups-2.0.1/filter/pstops.c.lspp	2014-02-06 19:33:34.000000000 +0100
++++ cups-2.0.1/filter/pstops.c	2014-11-15 15:22:47.839306246 +0100
 @@ -3173,6 +3173,18 @@ write_label_prolog(pstops_doc_t *doc,	/*
  {
    const char	*classification;	/* CLASSIFICATION environment variable */
@@ -396,9 +396,9 @@ diff -up cups-2.0.0/filter/pstops.c.lspp cups-2.0.0/filter/pstops.c
  
  
  /*
-diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in
---- cups-2.0.0/Makedefs.in.lspp	2014-11-06 14:49:08.186421483 +0000
-+++ cups-2.0.0/Makedefs.in	2014-11-06 14:49:08.232421926 +0000
+diff -up cups-2.0.1/Makedefs.in.lspp cups-2.0.1/Makedefs.in
+--- cups-2.0.1/Makedefs.in.lspp	2014-11-15 15:22:47.766307192 +0100
++++ cups-2.0.1/Makedefs.in	2014-11-15 15:22:47.840306233 +0100
 @@ -145,7 +145,7 @@ LDFLAGS		=	-L../cgi-bin -L../cups -L../f
  			@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
  LINKCUPS	=	@LINKCUPS@ $(LIBGSSAPI) $(DNSSDLIBS) $(LIBZ)
@@ -408,9 +408,9 @@ diff -up cups-2.0.0/Makedefs.in.lspp cups-2.0.0/Makedefs.in
  ONDEMANDFLAGS	=	@ONDEMANDFLAGS@
  ONDEMANDLIBS	=	@ONDEMANDLIBS@
  OPTIM		=	@OPTIM@
-diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c
---- cups-2.0.0/scheduler/client.c.lspp	2014-08-28 16:37:22.000000000 +0100
-+++ cups-2.0.0/scheduler/client.c	2014-11-06 14:54:15.305993839 +0000
+diff -up cups-2.0.1/scheduler/client.c.lspp cups-2.0.1/scheduler/client.c
+--- cups-2.0.1/scheduler/client.c.lspp	2014-08-28 17:37:22.000000000 +0200
++++ cups-2.0.1/scheduler/client.c	2014-11-15 15:22:47.842306207 +0100
 @@ -24,12 +24,20 @@
  #define _HTTP_NO_PRIVATE
  #include "cupsd.h"
@@ -630,9 +630,9 @@ diff -up cups-2.0.0/scheduler/client.c.lspp cups-2.0.0/scheduler/client.c
  
  /*
   * 'pipe_command()' - Pipe the output of a command to the remote client.
-diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h
---- cups-2.0.0/scheduler/client.h.lspp	2014-03-21 16:42:53.000000000 +0000
-+++ cups-2.0.0/scheduler/client.h	2014-11-06 14:49:08.222421829 +0000
+diff -up cups-2.0.1/scheduler/client.h.lspp cups-2.0.1/scheduler/client.h
+--- cups-2.0.1/scheduler/client.h.lspp	2014-03-21 17:42:53.000000000 +0100
++++ cups-2.0.1/scheduler/client.h	2014-11-15 15:22:47.842306207 +0100
 @@ -18,6 +18,13 @@
  #endif /* HAVE_AUTHORIZATION_H */
  
@@ -668,9 +668,9 @@ diff -up cups-2.0.0/scheduler/client.h.lspp cups-2.0.0/scheduler/client.h
  
  #ifdef HAVE_SSL
  extern int	cupsdEndTLS(cupsd_client_t *con);
-diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
---- cups-2.0.0/scheduler/conf.c.lspp	2014-11-06 14:49:08.215421762 +0000
-+++ cups-2.0.0/scheduler/conf.c	2014-11-06 14:49:08.222421829 +0000
+diff -up cups-2.0.1/scheduler/conf.c.lspp cups-2.0.1/scheduler/conf.c
+--- cups-2.0.1/scheduler/conf.c.lspp	2014-11-15 15:22:47.832306336 +0100
++++ cups-2.0.1/scheduler/conf.c	2014-11-15 15:22:47.844306181 +0100
 @@ -36,6 +36,9 @@
  #  define INADDR_NONE	0xffffffff
  #endif /* !INADDR_NONE */
@@ -702,7 +702,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
  
  
   /*
-@@ -829,6 +839,25 @@ cupsdReadConfiguration(void)
+@@ -831,6 +841,25 @@ cupsdReadConfiguration(void)
  
    RunUser = getuid();
  
@@ -728,7 +728,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
    cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
                    RemotePort ? "enabled" : "disabled");
  
-@@ -1220,7 +1249,19 @@ cupsdReadConfiguration(void)
+@@ -1225,7 +1254,19 @@ cupsdReadConfiguration(void)
      cupsdClearString(&Classification);
  
    if (Classification)
@@ -748,7 +748,7 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
  
   /*
    * Check the MaxClients setting, and then allocate memory for it...
-@@ -3652,6 +3693,18 @@ read_location(cups_file_t *fp,		/* I - C
+@@ -3700,6 +3741,18 @@ read_location(cups_file_t *fp,		/* I - C
    return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
  }
  
@@ -767,9 +767,9 @@ diff -up cups-2.0.0/scheduler/conf.c.lspp cups-2.0.0/scheduler/conf.c
  
  /*
   * 'read_policy()' - Read a <Policy name> definition.
-diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h
---- cups-2.0.0/scheduler/conf.h.lspp	2014-11-06 14:49:08.212421733 +0000
-+++ cups-2.0.0/scheduler/conf.h	2014-11-06 14:49:08.222421829 +0000
+diff -up cups-2.0.1/scheduler/conf.h.lspp cups-2.0.1/scheduler/conf.h
+--- cups-2.0.1/scheduler/conf.h.lspp	2014-11-15 15:22:47.825306427 +0100
++++ cups-2.0.1/scheduler/conf.h	2014-11-15 15:22:47.845306168 +0100
 @@ -248,6 +248,13 @@ VAR char		*ServerKeychain		VALUE(NULL);
  					/* Keychain holding cert + key */
  #endif /* HAVE_SSL */
@@ -794,9 +794,9 @@ diff -up cups-2.0.0/scheduler/conf.h.lspp cups-2.0.0/scheduler/conf.h
  
  /*
   * Prototypes...
-diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h
---- cups-2.0.0/scheduler/cupsd.h.lspp	2014-11-06 14:49:08.205421665 +0000
-+++ cups-2.0.0/scheduler/cupsd.h	2014-11-06 14:49:08.222421829 +0000
+diff -up cups-2.0.1/scheduler/cupsd.h.lspp cups-2.0.1/scheduler/cupsd.h
+--- cups-2.0.1/scheduler/cupsd.h.lspp	2014-11-15 15:22:47.805306686 +0100
++++ cups-2.0.1/scheduler/cupsd.h	2014-11-15 15:22:47.846306155 +0100
 @@ -13,6 +13,8 @@
   * file is missing or damaged, see the license at "http://www.cups.org/".
   */
@@ -828,9 +828,9 @@ diff -up cups-2.0.0/scheduler/cupsd.h.lspp cups-2.0.0/scheduler/cupsd.h
  /*
   * Some OS's don't have hstrerror(), most notably Solaris...
   */
-diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c
---- cups-2.0.0/scheduler/ipp.c.lspp	2014-11-06 14:49:08.175421377 +0000
-+++ cups-2.0.0/scheduler/ipp.c	2014-11-06 15:07:01.724894473 +0000
+diff -up cups-2.0.1/scheduler/ipp.c.lspp cups-2.0.1/scheduler/ipp.c
+--- cups-2.0.1/scheduler/ipp.c.lspp	2014-11-15 15:22:47.739307542 +0100
++++ cups-2.0.1/scheduler/ipp.c	2014-11-15 15:22:47.851306090 +0100
 @@ -16,6 +16,9 @@
   * file is missing or damaged, see the license at "http://www.cups.org/".
   */
@@ -1444,9 +1444,9 @@ diff -up cups-2.0.0/scheduler/ipp.c.lspp cups-2.0.0/scheduler/ipp.c
   /*
    * Check the username against the owner...
    */
-diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c
---- cups-2.0.0/scheduler/job.c.lspp	2014-11-06 14:49:08.182421444 +0000
-+++ cups-2.0.0/scheduler/job.c	2014-11-06 15:07:38.589074429 +0000
+diff -up cups-2.0.1/scheduler/job.c.lspp cups-2.0.1/scheduler/job.c
+--- cups-2.0.1/scheduler/job.c.lspp	2014-11-15 15:22:47.755307335 +0100
++++ cups-2.0.1/scheduler/job.c	2014-11-15 15:22:47.855306038 +0100
 @@ -13,6 +13,9 @@
   * file is missing or damaged, see the license at "http://www.cups.org/".
   */
@@ -1825,9 +1825,9 @@ diff -up cups-2.0.0/scheduler/job.c.lspp cups-2.0.0/scheduler/job.c
   /*
    * Now start the first file in the job...
    */
-diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h
---- cups-2.0.0/scheduler/job.h.lspp	2014-07-31 01:02:30.000000000 +0100
-+++ cups-2.0.0/scheduler/job.h	2014-11-06 14:49:08.225421858 +0000
+diff -up cups-2.0.1/scheduler/job.h.lspp cups-2.0.1/scheduler/job.h
+--- cups-2.0.1/scheduler/job.h.lspp	2014-07-31 02:02:30.000000000 +0200
++++ cups-2.0.1/scheduler/job.h	2014-11-15 15:22:47.856306025 +0100
 @@ -13,6 +13,13 @@
   * file is missing or damaged, see the license at "http://www.cups.org/".
   */
@@ -1853,9 +1853,9 @@ diff -up cups-2.0.0/scheduler/job.h.lspp cups-2.0.0/scheduler/job.h
  };
  
  typedef struct cupsd_joblog_s		/**** Job log message ****/
-diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
---- cups-2.0.0/scheduler/main.c.lspp	2014-11-06 14:49:08.206421675 +0000
-+++ cups-2.0.0/scheduler/main.c	2014-11-06 14:49:08.225421858 +0000
+diff -up cups-2.0.1/scheduler/main.c.lspp cups-2.0.1/scheduler/main.c
+--- cups-2.0.1/scheduler/main.c.lspp	2014-11-15 15:22:47.808306648 +0100
++++ cups-2.0.1/scheduler/main.c	2014-11-15 15:27:00.487987203 +0100
 @@ -56,6 +56,9 @@ extern int launch_activate_socket(const
  #  include <sys/param.h>
  #endif /* HAVE_SYS_PARAM_H */
@@ -1866,18 +1866,18 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
  
  /*
   * Local functions...
-@@ -116,6 +119,9 @@ main(int  argc,				/* I - Number of comm
+@@ -120,6 +123,9 @@ main(int  argc,				/* I - Number of comm
  #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
    struct sigaction	action;		/* Actions for POSIX signals */
  #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
 +#if WITH_LSPP
 +  auditfail_t           failmode;       /* Action for audit_open failure */
 +#endif /* WITH_LSPP */
-   int			run_as_child = 0;
- 					/* Needed for background fork/exec */
  #ifdef __APPLE__
-@@ -490,6 +496,25 @@ main(int  argc,				/* I - Number of comm
- #endif /* DEBUG */
+   int			use_sysman = 1;	/* Use system management functions? */
+ #else
+@@ -498,6 +504,25 @@ main(int  argc,				/* I - Number of comm
+     exit(errno);
    }
  
 +#ifdef WITH_LSPP
@@ -1902,7 +1902,7 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
   /*
    * Set the timezone info...
    */
-@@ -1149,6 +1174,11 @@ main(int  argc,				/* I - Number of comm
+@@ -1160,6 +1185,11 @@ main(int  argc,				/* I - Number of comm
  
    cupsdStopSelect();
  
@@ -1914,9 +1914,9 @@ diff -up cups-2.0.0/scheduler/main.c.lspp cups-2.0.0/scheduler/main.c
    return (!stop_scheduler);
  }
  
-diff -up cups-2.0.0/scheduler/printers.c.lspp cups-2.0.0/scheduler/printers.c
---- cups-2.0.0/scheduler/printers.c.lspp	2014-11-06 14:49:08.160421232 +0000
-+++ cups-2.0.0/scheduler/printers.c	2014-11-06 14:49:08.226421868 +0000
+diff -up cups-2.0.1/scheduler/printers.c.lspp cups-2.0.1/scheduler/printers.c
+--- cups-2.0.1/scheduler/printers.c.lspp	2014-11-15 15:22:47.716307840 +0100
++++ cups-2.0.1/scheduler/printers.c	2014-11-15 15:22:47.860305973 +0100
 @@ -13,6 +13,8 @@
   * file is missing or damaged, see the license at "http://www.cups.org/".
   */
diff --git a/cups-str4476.patch b/cups-str4476.patch
deleted file mode 100644
index a7a28bf..0000000
--- a/cups-str4476.patch
+++ /dev/null
@@ -1,599 +0,0 @@
-diff -up cups-2.0.0/cups/http-private.h.str4476 cups-2.0.0/cups/http-private.h
---- cups-2.0.0/cups/http-private.h.str4476	2014-08-28 17:02:00.000000000 +0100
-+++ cups-2.0.0/cups/http-private.h	2014-11-07 08:56:53.793831198 +0000
-@@ -161,6 +161,9 @@ extern "C" {
- #define _HTTP_RESOLVE_FQDN	2	/* Resolve to a FQDN */
- #define _HTTP_RESOLVE_FAXOUT	4	/* Resolve FaxOut service? */
- 
-+#define _HTTP_TLS_ALLOW_RC4	1	/* Allow RC4 cipher suites */
-+#define _HTTP_TLS_ALLOW_SSL3	1	/* Allow SSL 3.0 */
-+
- 
- /*
-  * Types and functions for SSL support...
-@@ -420,6 +423,7 @@ extern void		_httpTLSInitialize(void);
- extern size_t		_httpTLSPending(http_t *http);
- extern int		_httpTLSRead(http_t *http, char *buf, int len);
- extern int		_httpTLSSetCredentials(http_t *http);
-+extern void		_httpTLSSetOptions(int options);
- extern int		_httpTLSStart(http_t *http);
- extern void		_httpTLSStop(http_t *http);
- extern int		_httpTLSWrite(http_t *http, const char *buf, int len);
-diff -up cups-2.0.0/cups/tls-darwin.c.str4476 cups-2.0.0/cups/tls-darwin.c
---- cups-2.0.0/cups/tls-darwin.c.str4476	2014-09-23 15:56:14.000000000 +0100
-+++ cups-2.0.0/cups/tls-darwin.c	2014-11-07 08:56:53.791831189 +0000
-@@ -27,6 +27,14 @@ extern char **environ;
- 
- 
- /*
-+ * Test define - set to 1 to use SSLSetEnabledCiphers.  Currently disabled (0)
-+ * because of <rdar://problem/18707430>.
-+ */
-+
-+#define USE_SET_ENABLED_CIPHERS 0
-+
-+
-+/*
-  * Local globals...
-  */
- 
-@@ -41,6 +49,7 @@ static char		*tls_keypath = NULL;
- 					/* Server cert keychain path */
- static _cups_mutex_t	tls_mutex = _CUPS_MUTEX_INITIALIZER;
- 					/* Mutex for keychain/certs */
-+static int		tls_options = 0;/* Options for TLS connections */
- #endif /* HAVE_SECKEYCHAINOPEN */
- 
- 
-@@ -973,6 +982,17 @@ _httpTLSRead(http_t *http,		/* I - HTTP
- 
- 
- /*
-+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
-+ */
-+
-+void
-+_httpTLSSetOptions(int options)		/* I - Options */
-+{
-+  tls_options = options;
-+}
-+
-+
-+/*
-  * '_httpTLSStart()' - Set up SSL/TLS support on a connection.
-  */
- 
-@@ -1033,9 +1053,108 @@ _httpTLSStart(http_t *http)		/* I - HTTP
-   {
-     error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth,
-                                 true);
--    DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d",
--                  (int)error));
-+    DEBUG_printf(("4_httpTLSStart: SSLSetSessionOption, error=%d", (int)error));
-+  }
-+
-+  if (!error)
-+  {
-+    error = SSLSetProtocolVersionMin(http->tls, (tls_options & _HTTP_TLS_ALLOW_SSL3) ? kSSLProtocol3 : kTLSProtocol1);
-+    DEBUG_printf(("4_httpTLSStart: SSLSetProtocolVersionMin, error=%d", (int)error));
-+  }
-+
-+#  if USE_SET_ENABLED_CIPHERS
-+  if (!error)
-+  {
-+    SSLCipherSuite	supported[100];	/* Supported cipher suites */
-+    size_t		num_supported;	/* Number of supported cipher suites */
-+    SSLCipherSuite	enabled[100];	/* Cipher suites to enable */
-+    size_t		num_enabled;	/* Number of cipher suites to enable */
-+
-+    num_supported = sizeof(supported) / sizeof(supported[0]);
-+    error         = SSLGetSupportedCiphers(http->tls, supported, &num_supported);
-+
-+    if (!error)
-+    {
-+      DEBUG_printf(("4_httpTLSStart: %d cipher suites supported.", (int)num_supported));
-+
-+      for (i = 0, num_enabled = 0; i < (int)num_supported && num_enabled < (sizeof(enabled) / sizeof(enabled[0])); i ++)
-+      {
-+        switch (supported[i])
-+	{
-+	  /* Obviously insecure cipher suites that we never want to use */
-+	  case SSL_NULL_WITH_NULL_NULL :
-+	  case SSL_RSA_WITH_NULL_MD5 :
-+	  case SSL_RSA_WITH_NULL_SHA :
-+	  case SSL_RSA_EXPORT_WITH_RC4_40_MD5 :
-+	  case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 :
-+	  case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_RSA_WITH_DES_CBC_SHA :
-+	  case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_DH_DSS_WITH_DES_CBC_SHA :
-+	  case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_DH_RSA_WITH_DES_CBC_SHA :
-+	  case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_DHE_DSS_WITH_DES_CBC_SHA :
-+	  case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_DHE_RSA_WITH_DES_CBC_SHA :
-+	  case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 :
-+	  case SSL_DH_anon_WITH_RC4_128_MD5 :
-+	  case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA :
-+	  case SSL_DH_anon_WITH_DES_CBC_SHA :
-+	  case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA :
-+	  case SSL_FORTEZZA_DMS_WITH_NULL_SHA :
-+	  case TLS_DH_anon_WITH_AES_128_CBC_SHA :
-+	  case TLS_DH_anon_WITH_AES_256_CBC_SHA :
-+	  case TLS_ECDH_ECDSA_WITH_NULL_SHA :
-+	  case TLS_ECDHE_RSA_WITH_NULL_SHA :
-+	  case TLS_ECDH_anon_WITH_NULL_SHA :
-+	  case TLS_ECDH_anon_WITH_RC4_128_SHA :
-+	  case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA :
-+	  case TLS_ECDH_anon_WITH_AES_128_CBC_SHA :
-+	  case TLS_ECDH_anon_WITH_AES_256_CBC_SHA :
-+	  case TLS_RSA_WITH_NULL_SHA256 :
-+	  case TLS_DH_anon_WITH_AES_128_CBC_SHA256 :
-+	  case TLS_DH_anon_WITH_AES_256_CBC_SHA256 :
-+	  case TLS_PSK_WITH_NULL_SHA :
-+	  case TLS_DHE_PSK_WITH_NULL_SHA :
-+	  case TLS_RSA_PSK_WITH_NULL_SHA :
-+	  case TLS_DH_anon_WITH_AES_128_GCM_SHA256 :
-+	  case TLS_DH_anon_WITH_AES_256_GCM_SHA384 :
-+	  case TLS_PSK_WITH_NULL_SHA256 :
-+	  case TLS_PSK_WITH_NULL_SHA384 :
-+	  case TLS_DHE_PSK_WITH_NULL_SHA256 :
-+	  case TLS_DHE_PSK_WITH_NULL_SHA384 :
-+	  case TLS_RSA_PSK_WITH_NULL_SHA256 :
-+	  case TLS_RSA_PSK_WITH_NULL_SHA384 :
-+	  case SSL_RSA_WITH_DES_CBC_MD5 :
-+	      break;
-+
-+          /* RC4 cipher suites that should only be used as a last resort */
-+	  case SSL_RSA_WITH_RC4_128_MD5 :
-+	  case SSL_RSA_WITH_RC4_128_SHA :
-+	  case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
-+	  case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
-+	  case TLS_ECDH_RSA_WITH_RC4_128_SHA :
-+	  case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
-+	  case TLS_PSK_WITH_RC4_128_SHA :
-+	  case TLS_DHE_PSK_WITH_RC4_128_SHA :
-+	  case TLS_RSA_PSK_WITH_RC4_128_SHA :
-+	      if (tls_options & _HTTP_TLS_ALLOW_RC4)
-+	        enabled[num_enabled ++] = supported[i];
-+	      break;
-+
-+          /* Anything else we'll assume is secure */
-+          default :
-+	      enabled[num_enabled ++] = supported[i];
-+	      break;
-+	}
-+      }
-+
-+      DEBUG_printf(("4_httpTLSStart: %d cipher suites enabled.", (int)num_enabled));
-+      error = SSLSetEnabledCiphers(http->tls, enabled, num_enabled);
-+    }
-   }
-+#endif /* USE_SET_ENABLED_CIPHERS */
- 
-   if (!error && http->mode == _HTTP_MODE_CLIENT)
-   {
-diff -up cups-2.0.0/cups/tls-gnutls.c.str4476 cups-2.0.0/cups/tls-gnutls.c
---- cups-2.0.0/cups/tls-gnutls.c.str4476	2014-09-23 15:56:14.000000000 +0100
-+++ cups-2.0.0/cups/tls-gnutls.c	2014-11-07 08:56:53.792831194 +0000
-@@ -36,6 +36,7 @@ static char		*tls_keypath = NULL;
- 					/* Server cert keychain path */
- static _cups_mutex_t	tls_mutex = _CUPS_MUTEX_INITIALIZER;
- 					/* Mutex for keychain/certs */
-+static int		tls_options = 0;/* Options for TLS connections */
- 
- 
- /*
-@@ -1002,6 +1003,17 @@ _httpTLSSetCredentials(http_t *http)	/*
- 
- 
- /*
-+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
-+ */
-+
-+void
-+_httpTLSSetOptions(int options)		/* I - Options */
-+{
-+  tls_options = options;
-+}
-+
-+
-+/*
-  * '_httpTLSStart()' - Set up SSL/TLS support on a connection.
-  */
- 
-@@ -1185,6 +1197,15 @@ _httpTLSStart(http_t *http)		/* I - Conn
-     return (-1);
-   }
- 
-+  if (!tls_options)
-+    gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
-+  else if ((tls_options & _HTTP_TLS_ALLOW_SSL3) && (tls_options & _HTTP_TLS_ALLOW_RC4))
-+    gnutls_priority_set_direct(http->tls, "NORMAL", NULL);
-+  else if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-+    gnutls_priority_set_direct(http->tls, "NORMAL:-ARCFOUR-128:VERS-TLS-ALL", NULL);
-+  else
-+    gnutls_priority_set_direct(http->tls, "NORMAL:VERS-TLS-ALL:-VERS-SSL3.0", NULL);
-+
-   gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr_t)http);
-   gnutls_transport_set_pull_function(http->tls, http_gnutls_read);
- #ifdef HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION
-diff -up cups-2.0.0/cups/tls-sspi.c.str4476 cups-2.0.0/cups/tls-sspi.c
---- cups-2.0.0/cups/tls-sspi.c.str4476	2014-09-23 15:56:14.000000000 +0100
-+++ cups-2.0.0/cups/tls-sspi.c	2014-11-07 08:56:53.790831185 +0000
-@@ -1,7 +1,8 @@
- /*
-  * "$Id: tls-sspi.c 12159 2014-09-23 14:56:14Z msweet $"
-  *
-- * TLS support for CUPS on Windows using SSPI.
-+ * TLS support for CUPS on Windows using the Security Support Provider
-+ * Interface (SSPI).
-  *
-  * Copyright 2010-2014 by Apple Inc.
-  *
-@@ -48,6 +49,14 @@
- #  define SECURITY_FLAG_IGNORE_CERT_DATE_INVALID  0x00002000 /* Expired X509 Cert. */
- #endif /* !SECURITY_FLAG_IGNORE_CERT_DATE_INVALID */
- 
-+
-+/*
-+ * Local globals...
-+ */
-+
-+static int		tls_options = 0;/* Options for TLS connections */
-+
-+
- /*
-  * Local functions...
-  */
-@@ -897,6 +906,17 @@ _httpTLSRead(http_t *http,		/* I - HTTP
- 
- 
- /*
-+ * '_httpTLSSetOptions()' - Set TLS protocol and cipher suite options.
-+ */
-+
-+void
-+_httpTLSSetOptions(int options)		/* I - Options */
-+{
-+  tls_options = options;
-+}
-+
-+
-+/*
-  * '_httpTLSStart()' - Set up SSL/TLS support on a connection.
-  */
- 
-@@ -1727,11 +1747,43 @@ http_sspi_find_credentials(
-   SchannelCred.paCred    = &storedContext;
- 
-  /*
--  * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client.
-+  * Set supported protocols (can also be overriden in the registry...)
-   */
- 
-+#ifdef SP_PROT_TLS1_2_SERVER
-   if (http->mode == _HTTP_MODE_SERVER)
--    SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1;
-+  {
-+    if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER | SP_PROT_SSL3_SERVER;
-+    else
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_0_SERVER;
-+  }
-+  else
-+  {
-+    if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_SSL3_CLIENT;
-+    else
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_0_CLIENT;
-+  }
-+
-+#else
-+  if (http->mode == _HTTP_MODE_SERVER)
-+  {
-+    if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
-+    else
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_SERVER;
-+  }
-+  else
-+  {
-+    if (tls_options & _HTTP_TLS_ALLOW_SSL3)
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
-+    else
-+      SchannelCred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT;
-+  }
-+#endif /* SP_PROT_TLS1_2_SERVER */
-+
-+  /* TODO: Support _HTTP_TLS_ALLOW_RC4 option; right now we'll rely on Windows registry to enable/disable RC4... */
- 
-  /*
-   * Create an SSPI credential.
-diff -up cups-2.0.0/cups/usersys.c.str4476 cups-2.0.0/cups/usersys.c
---- cups-2.0.0/cups/usersys.c.str4476	2014-08-28 16:37:22.000000000 +0100
-+++ cups-2.0.0/cups/usersys.c	2014-11-07 08:56:53.791831189 +0000
-@@ -52,7 +52,8 @@ static void	cups_read_client_conf(cups_f
- #endif /* HAVE_GSSAPI */
- 				      const char *cups_anyroot,
- 				      const char *cups_expiredcerts,
--				      const char *cups_validatecerts);
-+				      const char *cups_validatecerts,
-+				      int ssl_options);
- 
- 
- /*
-@@ -863,6 +864,30 @@ _cupsSetDefaults(void)
-   if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
-       !cg->user[0] || !cg->ipp_port)
-   {
-+   /*
-+    * Look for CUPS_SERVERROOT/client.conf...
-+    */
-+
-+    snprintf(filename, sizeof(filename), "%s/client.conf",
-+	     cg->cups_serverroot);
-+    fp = cupsFileOpen(filename, "r");
-+
-+   /*
-+    * Read the configuration file and apply any environment variables; both
-+    * functions handle NULL cups_file_t pointers...
-+    */
-+
-+    cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
-+#ifdef HAVE_GSSAPI
-+			  cups_gssservicename,
-+#endif /* HAVE_GSSAPI */
-+			  cups_anyroot, cups_expiredcerts, cups_validatecerts, 1);
-+    cupsFileClose(fp);
-+
-+   /*
-+    * Then user defaults, if it is safe to do so...
-+    */
-+
- #  ifdef HAVE_GETEUID
-     if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
- #  elif !defined(WIN32)
-@@ -877,32 +902,19 @@ _cupsSetDefaults(void)
- 
-       snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
-       fp = cupsFileOpen(filename, "r");
--    }
--    else
--      fp = NULL;
- 
--    if (!fp)
--    {
-      /*
--      * Look for CUPS_SERVERROOT/client.conf...
-+      * Read the configuration file and apply any environment variables; both
-+      * functions handle NULL cups_file_t pointers...
-       */
- 
--      snprintf(filename, sizeof(filename), "%s/client.conf",
--               cg->cups_serverroot);
--      fp = cupsFileOpen(filename, "r");
--    }
--
--   /*
--    * Read the configuration file and apply any environment variables; both
--    * functions handle NULL cups_file_t pointers...
--    */
--
--    cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
-+      cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
- #ifdef HAVE_GSSAPI
--			  cups_gssservicename,
-+			    cups_gssservicename,
- #endif /* HAVE_GSSAPI */
--			  cups_anyroot, cups_expiredcerts, cups_validatecerts);
--    cupsFileClose(fp);
-+			    cups_anyroot, cups_expiredcerts, cups_validatecerts, 0);
-+      cupsFileClose(fp);
-+    }
-   }
- }
- 
-@@ -924,7 +936,8 @@ cups_read_client_conf(
- #endif /* HAVE_GSSAPI */
-     const char	    *cups_anyroot,	/* I - CUPS_ANYROOT env var */
-     const char	    *cups_expiredcerts,	/* I - CUPS_EXPIREDCERTS env var */
--    const char      *cups_validatecerts)/* I - CUPS_VALIDATECERTS env var */
-+    const char      *cups_validatecerts,/* I - CUPS_VALIDATECERTS env var */
-+    int             ssl_options)	/* I - Allow setting of SSLOptions? */
- {
-   int	linenum;			/* Current line number */
-   char	line[1024],			/* Line from file */
-@@ -996,6 +1009,43 @@ cups_read_client_conf(
-       cups_gssservicename = gss_service_name;
-     }
- #endif /* HAVE_GSSAPI */
-+    else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value)
-+    {
-+     /*
-+      * SSLOptions [AllowRC4] [AllowSSL3] [None]
-+      */
-+
-+      int	options = 0;		/* SSL/TLS options */
-+      char	*start,			/* Start of option */
-+		*end;			/* End of option */
-+
-+      for (start = value; *start; start = end)
-+      {
-+       /*
-+	* Find end of keyword...
-+	*/
-+
-+	end = start;
-+	while (*end && !_cups_isspace(*end))
-+	  end ++;
-+
-+	if (*end)
-+	  *end++ = '\0';
-+
-+       /*
-+	* Compare...
-+	*/
-+
-+	if (!_cups_strcasecmp(start, "AllowRC4"))
-+	  options |= _HTTP_TLS_ALLOW_RC4;
-+	else if (!_cups_strcasecmp(start, "AllowSSL3"))
-+	  options |= _HTTP_TLS_ALLOW_SSL3;
-+	else if (!_cups_strcasecmp(start, "None"))
-+	  options = 0;
-+      }
-+
-+      _httpTLSSetOptions(options);
-+    }
-   }
- 
-  /*
-diff -up cups-2.0.0/doc/help/man-client.conf.html.str4476 cups-2.0.0/doc/help/man-client.conf.html
---- cups-2.0.0/doc/help/man-client.conf.html.str4476	2014-05-23 03:45:48.000000000 +0100
-+++ cups-2.0.0/doc/help/man-client.conf.html	2014-11-07 08:56:53.787831171 +0000
-@@ -38,6 +38,12 @@ CUPS adds the remote hostname ("name@ser
- <b>Note: This directive it not supported on OS X 10.7 or later.</b>
- <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
- <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
-+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
-+<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
-+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
-+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
- <dt><b>User </b><i>name</i>
- <dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
- <dt><b>ValidateCerts Yes</b>
-diff -up cups-2.0.0/doc/help/man-cupsd.conf.html.str4476 cups-2.0.0/doc/help/man-cupsd.conf.html
---- cups-2.0.0/doc/help/man-cupsd.conf.html.str4476	2014-07-31 01:58:00.000000000 +0100
-+++ cups-2.0.0/doc/help/man-cupsd.conf.html	2014-11-07 08:56:53.788831175 +0000
-@@ -303,6 +303,12 @@ The default is "Minimal".
- <dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
- <dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
- <dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
-+<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
-+<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
-+<dd style="margin-left: 5.0em">Sets encryption options.
-+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
-+The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
- <dt><b>SSLPort </b><i>port</i>
- <dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
- <dt><b>StrictConformance Yes</b>
-diff -up cups-2.0.0/man/client.conf.man.in.str4476 cups-2.0.0/man/client.conf.man.in
---- cups-2.0.0/man/client.conf.man.in.str4476	2014-05-08 00:55:35.000000000 +0100
-+++ cups-2.0.0/man/client.conf.man.in	2014-11-07 08:56:53.794831203 +0000
-@@ -12,7 +12,7 @@
- .\" which should have been included with this file.  If this file is
- .\" file is missing or damaged, see the license at "http://www.cups.org/".
- .\"
--.TH client.conf 5 "CUPS" "7 May 2014" "Apple Inc."
-+.TH client.conf 5 "CUPS" "20 October 2014" "Apple Inc."
- .SH NAME
- client.conf \- client configuration file for cups (deprecated)
- .SH DESCRIPTION
-@@ -56,6 +56,14 @@ Specifies the address and optionally the
- \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
- Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
- .TP 5
-+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
-+.TP 5
-+\fBSSLOptions None\fR
-+Sets encryption options (only in /etc/cups/client.conf).
-+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
-+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
-+.TP 5
- \fBUser \fIname\fR
- Specifies the default user name to use for requests.
- .TP 5
-diff -up cups-2.0.0/man/cupsd.conf.man.in.str4476 cups-2.0.0/man/cupsd.conf.man.in
---- cups-2.0.0/man/cupsd.conf.man.in.str4476	2014-07-28 15:04:32.000000000 +0100
-+++ cups-2.0.0/man/cupsd.conf.man.in	2014-11-07 08:56:53.794831203 +0000
-@@ -12,7 +12,7 @@
- .\" which should have been included with this file.  If this file is
- .\" file is missing or damaged, see the license at "http://www.cups.org/".
- .\"
--.TH cupsd.conf 5 "CUPS" "28 July 2014" "Apple Inc."
-+.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc."
- .SH NAME
- cupsd.conf \- server configuration file for cups
- .SH DESCRIPTION
-@@ -415,6 +415,14 @@ Set the specified environment variable t
- \fBSSLListen *:\fIport\fR
- Listens on the specified address and port for encrypted connections.
- .TP 5
-+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
-+.TP 5
-+\fBSSLOptions None\fR
-+Sets encryption options.
-+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
-+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
-+.TP 5
- \fBSSLPort \fIport\fR
- Listens on the specified port for encrypted connections.
- .TP 5
-diff -up cups-2.0.0/scheduler/conf.c.str4476 cups-2.0.0/scheduler/conf.c
---- cups-2.0.0/scheduler/conf.c.str4476	2014-09-30 19:56:48.000000000 +0100
-+++ cups-2.0.0/scheduler/conf.c	2014-11-07 08:56:53.796831212 +0000
-@@ -596,6 +596,8 @@ cupsdReadConfiguration(void)
- #  else
-   cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
- #  endif /* HAVE_GNUTLS */
-+
-+  _httpTLSSetOptions(0);
- #endif /* HAVE_SSL */
- 
-   language = cupsLangDefault();
-@@ -2929,6 +2931,49 @@ read_cupsd_conf(cups_file_t *fp)	/* I -
- 		      "FaxRetryLimit is deprecated; use "
- 		      "JobRetryLimit on line %d.", linenum);
-     }
-+    else if (!_cups_strcasecmp(line, "SSLOptions"))
-+    {
-+     /*
-+      * SSLOptions [AllowRC4] [AllowSSL3] [None]
-+      */
-+
-+      int	options = 0;		/* SSL/TLS options */
-+
-+      if (value)
-+      {
-+        char	*start,			/* Start of option */
-+		*end;			/* End of option */
-+
-+	for (start = value; *start; start = end)
-+	{
-+	 /*
-+	  * Find end of keyword...
-+	  */
-+
-+	  end = start;
-+	  while (*end && !_cups_isspace(*end))
-+	    end ++;
-+
-+	  if (*end)
-+	    *end++ = '\0';
-+
-+         /*
-+	  * Compare...
-+	  */
-+
-+          if (!_cups_strcasecmp(start, "AllowRC4"))
-+	    options |= _HTTP_TLS_ALLOW_RC4;
-+          else if (!_cups_strcasecmp(start, "AllowSSL3"))
-+	    options |= _HTTP_TLS_ALLOW_SSL3;
-+          else if (!_cups_strcasecmp(start, "None"))
-+	    options = 0;
-+	  else if (_cups_strcasecmp(start, "NoEmptyFragments"))
-+	    cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
-+        }
-+      }
-+
-+      _httpTLSSetOptions(options);
-+    }
-     else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
- #ifdef HAVE_SSL
-              || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
diff --git a/cups-str4496.patch b/cups-str4496.patch
deleted file mode 100644
index 5b8625d..0000000
--- a/cups-str4496.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up cups-1.7.5/scheduler/colorman.c.dbus-unref cups-1.7.5/scheduler/colorman.c
---- cups-1.7.5/scheduler/colorman.c.dbus-unref	2014-10-21 12:43:10.401299966 +0100
-+++ cups-1.7.5/scheduler/colorman.c	2014-10-21 12:43:12.870312593 +0100
-@@ -208,7 +208,9 @@ void
- cupsdStopColor(void)
- {
- #if !defined(__APPLE__) && defined(HAVE_DBUS)
--  dbus_connection_unref(colord_con);
-+  if (colord_con)
-+    dbus_connection_unref(colord_con);
-+
-   colord_con = NULL;
- #endif /* !__APPLE__ && HAVE_DBUS */
- }
diff --git a/cups-str4500.patch b/cups-str4500.patch
deleted file mode 100644
index cabe572..0000000
--- a/cups-str4500.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up cups-2.0.0/cups/util.c.str4500 cups-2.0.0/cups/util.c
---- cups-2.0.0/cups/util.c.str4500	2014-10-15 12:59:27.105942488 +0100
-+++ cups-2.0.0/cups/util.c	2014-10-15 13:03:38.618187112 +0100
-@@ -846,10 +846,10 @@ cupsGetPPD3(http_t     *http,		/* I  - H
- 
-     snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd", cg->cups_serverroot,
-              name);
--    if (!stat(ppdname, &ppdinfo))
-+    if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
-     {
-      /*
--      * OK, the file exists, use it!
-+      * OK, the file exists and is readable, use it!
-       */
- 
-       if (buffer[0])
diff --git a/cups-systemd-socket.patch b/cups-systemd-socket.patch
index 619f3af..7f1b0b2 100644
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@@ -1,7 +1,7 @@
-diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c
---- cups-2.0.0/cups/usersys.c.systemd-socket	2014-08-28 16:37:22.000000000 +0100
-+++ cups-2.0.0/cups/usersys.c	2014-10-16 14:39:05.839530224 +0100
-@@ -1028,7 +1028,7 @@ cups_read_client_conf(
+diff -up cups-2.0.1/cups/usersys.c.systemd-socket cups-2.0.1/cups/usersys.c
+--- cups-2.0.1/cups/usersys.c.systemd-socket	2014-10-20 20:24:56.000000000 +0200
++++ cups-2.0.1/cups/usersys.c	2014-11-15 15:19:11.108125832 +0100
+@@ -1078,7 +1078,7 @@ cups_read_client_conf(
      struct stat	sockinfo;		/* Domain socket information */
  
      if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
@@ -10,10 +10,10 @@ diff -up cups-2.0.0/cups/usersys.c.systemd-socket cups-2.0.0/cups/usersys.c
        cups_server = CUPS_DEFAULT_DOMAINSOCKET;
      else
  #endif /* CUPS_DEFAULT_DOMAINSOCKET */
-diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c
---- cups-2.0.0/scheduler/main.c.systemd-socket	2014-10-16 14:39:05.811530076 +0100
-+++ cups-2.0.0/scheduler/main.c	2014-10-16 14:39:05.839530224 +0100
-@@ -653,6 +653,12 @@ main(int  argc,				/* I - Number of comm
+diff -up cups-2.0.1/scheduler/main.c.systemd-socket cups-2.0.1/scheduler/main.c
+--- cups-2.0.1/scheduler/main.c.systemd-socket	2014-11-15 15:19:11.057126510 +0100
++++ cups-2.0.1/scheduler/main.c	2014-11-15 15:19:11.108125832 +0100
+@@ -661,6 +661,12 @@ main(int  argc,				/* I - Number of comm
      cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started on demand.");
    else
  #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
@@ -26,9 +26,9 @@ diff -up cups-2.0.0/scheduler/main.c.systemd-socket cups-2.0.0/scheduler/main.c
    if (fg)
      cupsdAddEvent(CUPSD_EVENT_SERVER_STARTED, NULL, NULL, "Scheduler started in foreground.");
    else
-diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.path.in
---- cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket	2014-03-21 14:50:24.000000000 +0000
-+++ cups-2.0.0/scheduler/org.cups.cupsd.path.in	2014-10-16 14:39:05.839530224 +0100
+diff -up cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.path.in
+--- cups-2.0.1/scheduler/org.cups.cupsd.path.in.systemd-socket	2014-03-21 15:50:24.000000000 +0100
++++ cups-2.0.1/scheduler/org.cups.cupsd.path.in	2014-11-15 15:19:11.108125832 +0100
 @@ -2,7 +2,7 @@
  Description=CUPS Scheduler
  
@@ -38,11 +38,13 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.path.in.systemd-socket cups-2.0.0/s
  
  [Install]
  WantedBy=multi-user.target
-diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.0/scheduler/org.cups.cupsd.service.in
---- cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket	2014-03-21 14:50:24.000000000 +0000
-+++ cups-2.0.0/scheduler/org.cups.cupsd.service.in	2014-10-16 14:39:28.636650224 +0100
-@@ -2,9 +2,10 @@
+diff -up cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.1/scheduler/org.cups.cupsd.service.in
+--- cups-2.0.1/scheduler/org.cups.cupsd.service.in.systemd-socket	2014-11-15 15:19:11.109125818 +0100
++++ cups-2.0.1/scheduler/org.cups.cupsd.service.in	2014-11-15 15:19:56.480528155 +0100
+@@ -1,10 +1,11 @@
+ [Unit]
  Description=CUPS Scheduler
+ Documentation=man:cupsd(8)
 +After=network.target
  
  [Service]
@@ -53,4 +55,3 @@ diff -up cups-2.0.0/scheduler/org.cups.cupsd.service.in.systemd-socket cups-2.0.
  
  [Install]
  Also=org.cups.cupsd.socket org.cups.cupsd.path
- WantedBy=printer.target
diff --git a/cups.spec b/cups.spec
index 0d9b801..34c5aa5 100644
--- a/cups.spec
+++ b/cups.spec
@@ -10,17 +10,13 @@
 Summary: CUPS printing system
 Name: cups
 Epoch: 1
-Version: 2.0.0
-Release: 12%{?dist}
+Version: 2.0.1
+Release: 1%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
-Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
+Source0: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
 # Pixmap for desktop file
 Source2: cupsprinter.png
-# socket unit for cups-lpd service
-Source3: cups-lpd.socket
-# cups-lpd service unit configuration
-Source4: cups-lpd@.service
 # Logrotate configuration
 Source6: cups.logrotate
 # Backend for NCP protocol
@@ -30,7 +26,6 @@ Source8: macros.cups
 Patch1: cups-no-gzip-man.patch
 Patch2: cups-system-auth.patch
 Patch3: cups-multilib.patch
-Patch4: cups-str4476.patch
 Patch5: cups-banners.patch
 Patch6: cups-serverbin-compat.patch
 Patch7: cups-no-export-ssllibs.patch
@@ -65,8 +60,6 @@ Patch35: cups-ipp-multifile.patch
 Patch36: cups-web-devices-timeout.patch
 Patch37: cups-journal.patch
 Patch38: cups-synconclose.patch
-Patch39: cups-str4500.patch
-Patch40: cups-str4496.patch
 
 Patch100: cups-lspp.patch
 
@@ -196,9 +189,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch2 -p1 -b .system-auth
 # Prevent multilib conflict in cups-config script.
 %patch3 -p1 -b .multilib
-# Re-introduce SSLOptions configuration directive, disable SSL3 by
-# default (STR #4476).
-%patch4 -p1 -b .str4476
 # Ignore rpm save/new files in the banners directory.
 %patch5 -p1 -b .banners
 # Use compatibility fallback path for ServerBin.
@@ -266,12 +256,6 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch37 -p1 -b .journal
 # Set the default for SyncOnClose to Yes.
 %patch38 -p1 -b .synconclose
-# Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
-# (bug #1150917, STR #4500).
-%patch39 -p1 -b .str4500
-# Upstream fix for cupsd crash on restart when colord not available
-# (STR #4496).
-%patch40 -p1 -b .str4496
 
 %if %lspp
 # LSPP support.
@@ -345,12 +329,12 @@ popd
 mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.path $RPM_BUILD_ROOT%{_unitdir}/cups.path
 mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.service $RPM_BUILD_ROOT%{_unitdir}/cups.service
 mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cupsd.socket $RPM_BUILD_ROOT%{_unitdir}/cups.socket
+mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd.socket $RPM_BUILD_ROOT%{_unitdir}/cups-lpd.socket
+mv $RPM_BUILD_ROOT%{_unitdir}/org.cups.cups-lpd@.service $RPM_BUILD_ROOT%{_unitdir}/cups-lpd@.service
 /bin/sed -i -e "s,org.cups.cupsd,cups,g" $RPM_BUILD_ROOT%{_unitdir}/cups.service
 
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps $RPM_BUILD_ROOT%{_sysconfdir}/X11/sysconfig $RPM_BUILD_ROOT%{_sysconfdir}/X11/applnk/System $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
 install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps
-install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}
-install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}
 install -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/cups
 install -p -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{cups_serverbin}/backend/ncp
 
@@ -618,6 +602,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Sat Nov 15 2014 Jiri Popelka <jpopelka@redhat.com> - 1:2.0.1-1
+- 2.0.1
+
 * Fri Nov  7 2014 Tim Waugh <twaugh@redhat.com> - 1:2.0.0-12
 - Re-introduce SSLOptions configuration directive, disable SSL3 by
   default (STR #4476).
diff --git a/sources b/sources
index b335198..b605784 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2cdd81fea23e9e29555c24bdfd0d7c89  cups-2.0.0-source.tar.bz2
+7f7c33071035fb20d0879929a42da711  cups-2.0.1-source.tar.bz2