diff --git a/cups-lspp.patch b/cups-lspp.patch index 72e5a1d..c273dea 100644 --- a/cups-lspp.patch +++ b/cups-lspp.patch @@ -955,7 +955,7 @@ OPTIONS = PAMLIBS = @PAMLIBS@ --- cups-1.2.4-orig/scheduler/client.c 2006-09-19 16:44:07.000000000 -0400 -+++ cups-1.2.4/scheduler/client.c 2006-10-03 12:04:45.000000000 -0400 ++++ cups-1.2.4/scheduler/client.c 2006-10-04 11:53:10.000000000 -0400 @@ -44,12 +44,17 @@ * make_certificate() - Make a self-signed SSL/TLS certificate. * pipe_command() - Pipe the output of a command to the remote client. @@ -987,7 +987,7 @@ /* * Local functions... -@@ -381,6 +392,53 @@ +@@ -381,6 +392,55 @@ "cupsdAcceptClient: %d connected to server on %s:%d", con->http.fd, con->servername, con->serverport); @@ -1007,7 +1007,8 @@ + { + close(con->http.fd); + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: unable to determine client auid"); -+ return (cupsdCloseClient(con)); ++ free(con); ++ return; + } + cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d", + cr.pid, cr.uid, cr.gid, con->auid); @@ -1016,7 +1017,8 @@ + { + close(con->http.fd); + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed"); -+ return (cupsdCloseClient(con)); ++ free(con); ++ return; + } + + /* @@ -1041,7 +1043,7 @@ /* * Using TCP_NODELAY improves responsiveness, especially on systems * with a slow loopback interface... Since we write large buffers -@@ -711,6 +769,11 @@ +@@ -711,6 +771,11 @@ mime_type_t *type; /* MIME type of file */ cupsd_printer_t *p; /* Printer */ static unsigned request_id = 0; /* Request ID for temp files */ @@ -1053,7 +1055,7 @@ status = HTTP_CONTINUE; -@@ -1797,6 +1860,38 @@ +@@ -1797,6 +1862,47 @@ fchmod(con->file, 0640); fchown(con->file, RunUser, Group); fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC); @@ -1069,6 +1071,15 @@ + clicon = context_new(con->scon); + tmpcon = context_new(spoolcon); + freecon(spoolcon); ++ if (!clicon || !tmpcon) ++ { ++ cupsdSendError(con, HTTP_SERVER_ERROR); ++ if (clicon) ++ context_free(clicon); ++ if (tmpcon) ++ context_free(tmpcon); ++ return (cupsdCloseClient(con)); ++ } + if (context_range_set(tmpcon, (context_range_get(clicon))) == -1) + { + cupsdSendError(con, HTTP_SERVER_ERROR); @@ -1092,7 +1103,7 @@ } if (con->http.state != HTTP_POST_SEND) -@@ -3810,6 +3905,49 @@ +@@ -3810,6 +3916,49 @@ #endif /* HAVE_SSL */ @@ -1304,7 +1315,7 @@ /* * End of "$Id: conf.h 5696 2006-06-26 18:34:20Z mike $". --- cups-1.2.4-orig/scheduler/ipp.c 2006-09-28 11:38:08.000000000 -0400 -+++ cups-1.2.4/scheduler/ipp.c 2006-10-03 13:15:06.000000000 -0400 ++++ cups-1.2.4/scheduler/ipp.c 2006-10-04 11:53:10.000000000 -0400 @@ -96,6 +96,9 @@ * validate_user() - Validate the user for the request. */ @@ -1514,14 +1525,14 @@ } } else if (strcmp(attr->values[0].string.text, Classification) && -@@ -1652,9 +1805,52 @@ +@@ -1652,7 +1805,50 @@ "job-sheets=\"%s\", " "job-originating-user-name=\"%s\"", job->id, Classification, job->username); +#ifdef WITH_LSPP + override = 1; +#endif /* WITH_LSPP */ -+ } + } +#ifdef WITH_LSPP + if (is_lspp_config() && AuditLog != -1) + { @@ -1554,19 +1565,17 @@ + ServerName, NULL, NULL, 0); + } + free(audit_message); - } - } - ++ } ++ } ++ + if (userheader) + free(userheader); + if (userfooter) + free(userfooter); +#endif /* WITH_LSPP */ -+ } -+ + } + /* - * See if we need to add the starting sheet... - */ @@ -3504,6 +3700,13 @@ char attrname[255], /* Name of attribute */ *s; /* Pointer into name */ @@ -1581,7 +1590,7 @@ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner(%p[%d], %p[%d], %s)", -@@ -3537,6 +3740,46 @@ +@@ -3537,6 +3740,57 @@ fchmod(cupsFileNumber(out), 0640); fchown(cupsFileNumber(out), RunUser, Group); @@ -1599,6 +1608,17 @@ + tmpcon = context_new(spoolcon); + jobcon = context_new(con->scon); + freecon(spoolcon); ++ if (!tmpcon || !jobcon) ++ { ++ if (tmpcon) ++ context_free(tmpcon); ++ if (jobcon) ++ context_free(jobcon); ++ cupsdLogMessage(CUPSD_LOG_ERROR, ++ "copy_banner: Unable to get the SELinux contexts"); ++ job->num_files --; ++ return (0); ++ } + if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) + { + cupsdLogMessage(CUPSD_LOG_ERROR, @@ -1628,7 +1648,7 @@ /* * Try the localized banner file under the subdirectory... -@@ -3631,6 +3874,24 @@ +@@ -3631,6 +3885,24 @@ else s = attrname; @@ -1653,7 +1673,7 @@ if (!strcmp(s, "printer-name")) { cupsFilePuts(out, job->dest); -@@ -5352,6 +5613,18 @@ +@@ -5352,6 +5624,18 @@ cupsd_printer_t *printer; /* Printer */ cups_array_t *list; /* Which job list... */ cups_array_t *ra; /* Requested attributes array */ @@ -1672,7 +1692,7 @@ cupsdLogMessage(CUPSD_LOG_DEBUG2, "get_jobs(%p[%d], %s)", con, con->http.fd, -@@ -5469,6 +5742,45 @@ +@@ -5469,6 +5753,45 @@ ra = create_requested_array(con->request); @@ -1718,7 +1738,7 @@ /* * OK, build a list of jobs for this printer... */ -@@ -5506,6 +5818,42 @@ +@@ -5506,6 +5829,42 @@ if (count > 0) ippAddSeparator(con->response); @@ -1761,7 +1781,7 @@ count ++; cupsdLogMessage(CUPSD_LOG_DEBUG2, "get_jobs: count = %d", count); -@@ -7944,12 +8292,22 @@ +@@ -7944,12 +8303,22 @@ * See if we need to add the ending sheet... */ @@ -1784,7 +1804,7 @@ /* * Yes... */ -@@ -9201,6 +9559,17 @@ +@@ -9201,6 +9570,17 @@ int userlen) /* I - Length of username */ { cupsd_printer_t *printer; /* Printer for job */ @@ -1802,7 +1822,7 @@ cupsdLogMessage(CUPSD_LOG_DEBUG2, -@@ -9222,6 +9591,59 @@ +@@ -9222,6 +9602,59 @@ strlcpy(username, get_username(con), userlen); @@ -1863,7 +1883,7 @@ * Check the username against the owner... */ --- cups-1.2.4-orig/scheduler/job.c 2006-09-28 11:38:08.000000000 -0400 -+++ cups-1.2.4/scheduler/job.c 2006-10-03 12:04:45.000000000 -0400 ++++ cups-1.2.4/scheduler/job.c 2006-10-04 11:53:10.000000000 -0400 @@ -68,6 +68,9 @@ * unload_job() - Unload a job from memory. */ @@ -1925,7 +1945,7 @@ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p", -@@ -1359,6 +1392,44 @@ +@@ -1359,6 +1392,53 @@ fchmod(cupsFileNumber(fp), 0600); fchown(cupsFileNumber(fp), RunUser, Group); @@ -1942,6 +1962,15 @@ + jobcon = context_new(job->scon); + tmpcon = context_new(spoolcon); + freecon(spoolcon); ++ if (!jobcon || !tmpcon) ++ { ++ if (jobcon) ++ context_free(jobcon); ++ if (tmpcon) ++ context_free(tmpcon); ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts"); ++ return; ++ } + if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) + { + cupsdLogMessage(CUPSD_LOG_ERROR, @@ -1970,7 +1999,7 @@ job->attrs->state = IPP_IDLE; if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL, -@@ -2487,6 +2558,21 @@ +@@ -2487,6 +2567,21 @@ /* RIP_MAX_CACHE env variable */ static char *options = NULL;/* Full list of options */ static int optlength = 0; /* Length of option buffer */ @@ -1992,7 +2021,7 @@ cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job: id = %d, file = %d/%d", -@@ -2740,6 +2826,77 @@ +@@ -2740,6 +2835,77 @@ cupsdLogMessage(CUPSD_LOG_DEBUG, "banner_page = %d", banner_page); @@ -2070,14 +2099,14 @@ /* * Building the options string is harder than it needs to be, but * for the moment we need to pass strings for command-line args and -@@ -3069,7 +3226,66 @@ +@@ -3069,7 +3235,66 @@ snprintf(classification, sizeof(classification), "CLASSIFICATION=%s", attr->values[0].string.text); +#ifdef WITH_LSPP + if (is_lspp_config()) + { -+ if (job->scon == NULL) ++ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) + { + if (AuditLog != -1) + { diff --git a/cups.spec b/cups.spec index a25394b..f1f7e01 100644 --- a/cups.spec +++ b/cups.spec @@ -6,7 +6,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.2.4 -Release: 7 +Release: 8 License: GPL Group: System Environment/Daemons Source: ftp://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -413,7 +413,7 @@ rm -rf $RPM_BUILD_ROOT %{cups_serverbin}/daemon/cups-lpd %changelog -* Wed Oct 4 2006 Tim Waugh +* Wed Oct 4 2006 Tim Waugh 1:1.2.4-8 - LSPP patch didn't get updated properly in 1:1.2.4-6. Use the right patch this time (bug #208676). LSPP re-enabled.