diff options
| author | Sven Hebrok | 2023-01-13 12:33:44 +0100 |
|---|---|---|
| committer | Sven Hebrok | 2023-01-13 13:03:47 +0100 |
| commit | 64868e0299ffbdc37d5cfa9e7b0aa385e3dd030e (patch) | |
| tree | d6cbae7409bbd22005e7c932a156d8511e7c16cd | |
| download | aur-64868e0299ffbdc37d5cfa9e7b0aa385e3dd030e.tar.gz | |
Initial Commit
| -rw-r--r-- | .SRCINFO | 87 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | 0001_Fix_OpenSSL_crash_bug.patch | 17 | ||||
| -rw-r--r-- | PKGBUILD | 185 | ||||
| -rwxr-xr-x | _create_package.sh | 27 | ||||
| -rw-r--r-- | _patch.sed | 17 | ||||
| -rw-r--r-- | cups-2.4.0-statedir.patch | 11 | ||||
| -rw-r--r-- | cups-freebind.patch | 15 | ||||
| -rw-r--r-- | cups.install | 28 | ||||
| -rw-r--r-- | cups.logrotate | 5 | ||||
| -rw-r--r-- | cups.pam | 3 | ||||
| -rw-r--r-- | cups.sysusers | 2 | ||||
| -rw-r--r-- | guid.patch | 39 |
13 files changed, 440 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..0249d42d51af --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,87 @@ +pkgbase = cups-gssapi + pkgdesc = The CUPS Printing System with gssapi (kerberos) enabled + pkgver = 2.4.2 + pkgrel = 3 + epoch = 1 + url = https://openprinting.github.io/cups/ + arch = x86_64 + license = Apache + license = custom + makedepends = libtiff + makedepends = libpng + makedepends = acl + makedepends = pam + makedepends = xdg-utils + makedepends = krb5 + makedepends = gnutls + makedepends = cups-filters + makedepends = bc + makedepends = colord + makedepends = gzip + makedepends = autoconf + makedepends = libusb + makedepends = dbus + makedepends = avahi + makedepends = hicolor-icon-theme + makedepends = systemd + makedepends = libxcrypt + makedepends = inetutils + makedepends = libpaper + makedepends = valgrind + makedepends = git + conflicts = libcups + conflicts = cups + source = https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz + source = https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz.sig + source = cups.logrotate + source = cups.pam + source = cups.sysusers + source = cups-2.4.0-statedir.patch + source = cups-freebind.patch + source = guid.patch + source = 0001_Fix_OpenSSL_crash_bug.patch + validpgpkeys = 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 + sha256sums = f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908 + sha256sums = SKIP + sha256sums = d87fa0f0b5ec677aae34668f260333db17ce303aa1a752cba5f8e72623d9acf9 + sha256sums = 57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5 + sha256sums = 06173dfaea37bdd9b39b3e09aba98c34ae7112a2f521db45a688907d8848caa2 + sha256sums = f0b15192952c151b1843742c87850ff3a7d0f3ba5dd236ed16623ef908472ad7 + sha256sums = 3385047b9ac8a7b13aeb8f0ca55d15f793ce7283516db0155fe28a67923c592d + sha256sums = 0bf6a75ba1b051771f155d9a5d36b307a6d40c6857d645b250fe93f3fb713474 + sha256sums = 632faf08bfd1863e9ad6807aff766983e84030a0e4df441167f17de7266ca152 + +pkgname = libcups-gssapi + pkgdesc = The CUPS Printing System - client libraries and headers + depends = gnutls + depends = libtiff>=4.0.0 + depends = libpng>=1.5.7 + depends = krb5 + depends = avahi + depends = libusb + depends = libxcrypt + +pkgname = cups-gssapi + pkgdesc = The CUPS Printing System - daemon package + install = cups.install + depends = acl + depends = pam + depends = libcups>=2.4.2 + depends = cups-filters + depends = bc + depends = dbus + depends = systemd + depends = libpaper + depends = hicolor-icon-theme + optdepends = ipp-usb: allows to send HTTP requests via a USB connection on devices without Ethernet or WiFi connections + optdepends = xdg-utils: xdg .desktop file support + optdepends = colord: for ICC color profile support + optdepends = logrotate: for logfile rotation support + backup = etc/cups/cupsd.conf + backup = etc/cups/snmp.conf + backup = etc/cups/printers.conf + backup = etc/cups/classes.conf + backup = etc/cups/cups-files.conf + backup = etc/cups/subscriptions.conf + backup = etc/logrotate.d/cups + backup = etc/pam.d/cups diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..e8eff929af0e --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +cups/ +src +cups-*-source.tar.* +*.pkg.tar.zst diff --git a/0001_Fix_OpenSSL_crash_bug.patch b/0001_Fix_OpenSSL_crash_bug.patch new file mode 100644 index 000000000000..68c9f711ac7a --- /dev/null +++ b/0001_Fix_OpenSSL_crash_bug.patch @@ -0,0 +1,17 @@ +From c0c403744b1bf4a9790a8fcaabcd60970cbefe06 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet <michael.r.sweet@gmail.com> +Date: Tue, 7 Jun 2022 13:45:29 -0400 +Subject: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after + freeing it (Issue #409) + +diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c +index c3e57742e..6db9f8a9c 100644 +--- a/cups/tls-openssl.c ++++ b/cups/tls-openssl.c +@@ -1152,6 +1152,8 @@ _httpTLSStop(http_t *http) // I - Connection to server + SSL_shutdown(http->tls); + SSL_CTX_free(context); + SSL_free(http->tls); ++ ++ http->tls = NULL; + } diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..903e786bfc9c --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,185 @@ +# Maintainer: Sven Hebrok <xoimex[at]gmail[dot]com> +# Automatically created from cuops PKGBUILD +# Upstream Maintainer: Andreas Radke <andyrtr@archlinux.org> + +pkgdesc="The CUPS Printing System with gssapi (kerberos) enabled" +conflicts=('libcups' 'cups') +pkgbase="cups-gssapi" +pkgname=('libcups-gssapi' 'cups-gssapi') +pkgver=2.4.2 +pkgrel=3 +epoch=1 +arch=('x86_64') +license=('Apache' 'custom') +url="https://openprinting.github.io/cups/" +makedepends=('libtiff' 'libpng' 'acl' 'pam' 'xdg-utils' 'krb5' 'gnutls' + 'cups-filters' 'bc' 'colord' 'gzip' 'autoconf' 'libusb' 'dbus' + 'avahi' 'hicolor-icon-theme' 'systemd' 'libxcrypt' 'inetutils' 'libpaper' 'valgrind' + 'git') +source=(https://github.com/OpenPrinting/cups/releases/download/v${pkgver}/cups-${pkgver}-source.tar.gz{,.sig} + cups.logrotate + cups.pam + cups.sysusers + cups-2.4.0-statedir.patch + # bugfixes + cups-freebind.patch + guid.patch + 0001_Fix_OpenSSL_crash_bug.patch +) +sha256sums=('f03ccb40b087d1e30940a40e0141dcbba263f39974c20eb9f2521066c9c6c908' + 'SKIP' + 'd87fa0f0b5ec677aae34668f260333db17ce303aa1a752cba5f8e72623d9acf9' + '57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5' + '06173dfaea37bdd9b39b3e09aba98c34ae7112a2f521db45a688907d8848caa2' + 'f0b15192952c151b1843742c87850ff3a7d0f3ba5dd236ed16623ef908472ad7' + '3385047b9ac8a7b13aeb8f0ca55d15f793ce7283516db0155fe28a67923c592d' + '0bf6a75ba1b051771f155d9a5d36b307a6d40c6857d645b250fe93f3fb713474' + '632faf08bfd1863e9ad6807aff766983e84030a0e4df441167f17de7266ca152') +#validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org (CUPS.org PGP key) <security@cups.org> +#validpgpkeys+=('45D083946E3035282B3CCA9AF434104235DA97EB') # "CUPS.org <security@cups.org>" +#validpgpkeys+=('845464660B686AAB36540B6F999559A027815955') # "Michael R Sweet <michael.r.sweet@gmail.com>" +#validpgpkeys=('7ADB58203CA5F046F28025B215AA6A7F4D4227D7') # "Zdenek Dohnal (Associate Software Engineer) <zdohnal@redhat.com>" +validpgpkeys=('7082A0A50A2E92640F3880E0E4522DCC9B246FF7') # Zdenek Dohnal (The old 4D4227D7 key revoked) <zdohnal@redhat.com> +#options=(!makeflags) + +prepare() { + cd "cups"-${pkgver} + + # move /var/run -> /run for pid file + patch -Np1 -i "${srcdir}"/cups-2.4.0-statedir.patch + + # bug fixes + + # https://github.com/OpenPrinting/cups/issues/53 + # use IP_FREEBIND, because cupsd cannot bind to not yet existing IP address + patch -Np1 -i "${srcdir}"/cups-freebind.patch + + # FS#56818 - https://github.com/apple/cups/issues/5236 + patch -Np1 -i "${srcdir}"/guid.patch + + # FS#75005 - Fix OpenSSL crash bug - "tls" pointer wasn't cleared after + # Fix OpenSSL crash bug - "tls" pointer wasn't cleared after + patch -Np1 -i "${srcdir}"/0001_Fix_OpenSSL_crash_bug.patch + + # Rebuild configure script + aclocal -I config-scripts + autoconf -I config-scripts +} + +build() { + cd "cups"-${pkgver} + + # The build system uses only DSOFLAGS but not LDFLAGS to build some libraries. + export DSOFLAGS=${LDFLAGS} + + # use fixed cups user (id 209) since systemd adds "lp" group without a fixed id + ./configure --prefix=/usr --with-gssapi \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --sbindir=/usr/bin \ + --libdir=/usr/lib \ + --with-logdir=/var/log/cups \ + --with-docdir=/usr/share/cups/doc \ + --with-exe-file-perm=0755 \ + --with-cups-user=209 \ + --with-cups-group=209 \ + --with-max-log-size=0 \ + --enable-pam=yes \ + --enable-raw-printing \ + --enable-dbus=yes \ + --with-tls=gnutls \ + --with-dbusdir=/usr/share/dbus-1 \ + --enable-relro \ + --enable-libpaper \ + --with-optim="$CFLAGS" #--help + make +} + +check() { + cd "cups"-${pkgver} +# make -k check || /bin/true +# make check +} + +package_libcups-gssapi() { +pkgdesc="The CUPS Printing System - client libraries and headers" +depends=('gnutls' 'libtiff>=4.0.0' 'libpng>=1.5.7' 'krb5' 'avahi' 'libusb' 'libxcrypt') + + cd cups-${pkgver} + make BUILDROOT="${pkgdir}" install-headers install-libs + # put this into the libs pkg to make other software find the libs(no pkg-config file included) + mkdir -p "${pkgdir}"/usr/bin + install -m755 "${srcdir}"/"cups"-${pkgver}/cups-config "${pkgdir}"/usr/bin/cups-config + + # add license + exception + install -m644 -Dt "${pkgdir}/usr/share/licenses/${pkgname}" {LICENSE,NOTICE} +} + +package_cups-gssapi() { +pkgdesc="The CUPS Printing System - daemon package" +install=cups.install +backup=(etc/cups/cupsd.conf + etc/cups/snmp.conf + etc/cups/printers.conf + etc/cups/classes.conf + etc/cups/cups-files.conf + etc/cups/subscriptions.conf + etc/logrotate.d/cups + etc/pam.d/cups) +depends=('acl' 'pam' "libcups>=${pkgver}" 'cups-filters' 'bc' + 'dbus' 'systemd' 'libpaper' 'hicolor-icon-theme') +optdepends=('ipp-usb: allows to send HTTP requests via a USB connection on devices without Ethernet or WiFi connections' + 'xdg-utils: xdg .desktop file support' + 'colord: for ICC color profile support' + 'logrotate: for logfile rotation support') + + cd "cups"-${pkgver} + make BUILDROOT="${pkgdir}" install-data install-exec + + # this one we ship in the libcups pkg + rm -f "${pkgdir}"/usr/bin/cups-config + + # kill the sysv stuff + rm -rf "${pkgdir}"/etc/rc*.d + rm -rf "${pkgdir}"/etc/init.d + install -D -m644 ../cups.logrotate "${pkgdir}"/etc/logrotate.d/cups + install -D -m644 ../cups.pam "${pkgdir}"/etc/pam.d/cups + + # fix perms on /var/spool and /etc + chmod 755 "${pkgdir}"/var/spool + chmod 755 "${pkgdir}"/etc + + # use cups group FS#36769 + install -Dm644 "$srcdir"/cups.sysusers "${pkgdir}/usr/lib/sysusers.d/$pkgname.conf" + sed -i "s:#User 209:User 209:" "${pkgdir}"/etc/cups/cups-files.conf{,.default} + sed -i "s:#Group 209:Group 209:" "${pkgdir}"/etc/cups/cups-files.conf{,.default} + + # install ssl directory where to store the certs, solves some samba issues + install -dm700 -g 209 "${pkgdir}"/etc/cups/ssl + # remove directory from package, it will be recreated at each server start + rm -rf "${pkgdir}"/run + + # install some more configuration files that will get filled by cupsd + touch "${pkgdir}"/etc/cups/printers.conf + touch "${pkgdir}"/etc/cups/classes.conf + touch "${pkgdir}"/etc/cups/subscriptions.conf + chgrp -R 209 "${pkgdir}"/etc/cups + + # fix .desktop file + sed -i 's|^Exec=htmlview http://localhost:631/|Exec=xdg-open http://localhost:631/|g' "${pkgdir}"/usr/share/applications/cups.desktop + + # compress some driver files, adopted from Fedora + find "${pkgdir}"/usr/share/cups/model -name "*.ppd" | xargs gzip -n9f + + # remove client.conf man page + rm -f "${pkgdir}"/usr/share/man/man5/client.conf.5 + + # comment out removed filters that are now part of cups-filters + perl -p -i -e 's:^(.*\s+bannertops\s*)$:#\1:' "$pkgdir"/usr/share/cups/mime/mime.convs + + # comment out unnecessary PageLogFormat entry + sed -i -e 's:PageLogFormat:#PageLogFormat:' "$pkgdir"/etc/cups/cupsd.conf* + + # no more xinetd support + rm -rf "${pkgdir}"/etc/xinetd.d +} diff --git a/_create_package.sh b/_create_package.sh new file mode 100755 index 000000000000..76edda3d07ca --- /dev/null +++ b/_create_package.sh @@ -0,0 +1,27 @@ +#!/bin/bash -e +# requires asp to be installed + +# needed for removing old contents but sparing our files +shopt -s extglob + +# cleanup +if [ -d cups ]; then + rm -r cups +fi +if ls !("_create_package.sh"|"_patch.sed") >/dev/null 2>/dev/null; then + rm -r !("_create_package.sh"|"_patch.sed") +fi + +# get upstream cups package +asp export cups +mv cups/* ./ +rmdir cups + +# apply our patches +sed -Ef _patch.sed -i PKGBUILD + +# seemingly the AUR does not like subdirectories +rm -r -- */ + +# update metadata +makepkg --printsrcinfo > .SRCINFO diff --git a/_patch.sed b/_patch.sed new file mode 100644 index 000000000000..d4eef94567c6 --- /dev/null +++ b/_patch.sed @@ -0,0 +1,17 @@ +1 i # Maintainer: Sven Hebrok <xoimex[at]gmail[dot]com> +1 i # Automatically created from cuops PKGBUILD + +s/# Maintainer: (.+)/# Upstream Maintainer: \1/g + +s/.\/configure (.+) \\/.\/configure \1 --with-gssapi \\/ + +# replace cups with cups-gssapi in package definitions +/^(pkgbase|pkgname)=/ s/cups/cups-gssapi/g +/^package_\S*cups\(\)/ s/cups/cups-gssapi/g + +# add further fields +/^pkgbase=/ i pkgdesc="The CUPS Printing System with gssapi (kerberos) enabled" +/^pkgbase=/ i conflicts=('libcups' 'cups') + +# fix usage of "${pkgbase}" +s/\$\{pkgbase\}/cups/g diff --git a/cups-2.4.0-statedir.patch b/cups-2.4.0-statedir.patch new file mode 100644 index 000000000000..c6d030346121 --- /dev/null +++ b/cups-2.4.0-statedir.patch @@ -0,0 +1,11 @@ +--- cups-2.4.0/config-scripts/cups-directories.m4 2021-11-29 16:12:17.094244942 +0100 ++++ cups-2.4.0/config-scripts/cups-directories.m4.new 2021-11-29 16:15:16.958747398 +0100 +@@ -268,7 +268,7 @@ + CUPS_STATEDIR="$CUPS_SERVERROOT" + ], [*], [ + # All others +- CUPS_STATEDIR="$localstatedir/run/cups" ++ CUPS_STATEDIR="/run/cups" + ]) + ]) + AC_DEFINE_UNQUOTED([CUPS_STATEDIR], ["$CUPS_STATEDIR"], [Location of transient state files.]) diff --git a/cups-freebind.patch b/cups-freebind.patch new file mode 100644 index 000000000000..6d9ba430b5e4 --- /dev/null +++ b/cups-freebind.patch @@ -0,0 +1,15 @@ +diff -up cups-2.0.2/cups/http-addr.c.freebind cups-2.0.2/cups/http-addr.c +--- cups-2.0.2/cups/http-addr.c.freebind 2015-02-10 14:46:33.000000000 +0100 ++++ cups-2.0.2/cups/http-addr.c 2015-02-10 14:50:35.074759141 +0100 +@@ -186,6 +186,10 @@ httpAddrListen(http_addr_t *addr, /* I - + val = 1; + setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, CUPS_SOCAST &val, sizeof(val)); + ++#ifdef __linux ++ setsockopt(fd, IPPROTO_IP, IP_FREEBIND, CUPS_SOCAST &val, sizeof(val)); ++#endif /* __linux */ ++ + #ifdef IPV6_V6ONLY + if (addr->addr.sa_family == AF_INET6) + setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, CUPS_SOCAST &val, sizeof(val)); +diff -up cups-2.0.2/scheduler/listen.c.freebind cups-2.0.2/scheduler/listen.c diff --git a/cups.install b/cups.install new file mode 100644 index 000000000000..017cc4dcae13 --- /dev/null +++ b/cups.install @@ -0,0 +1,28 @@ +post_install() { + echo ">> If you use an HTTPS connection to CUPS, the first time you access" + echo ">> the interface it may take a very long time before the site comes up." + echo ">> This is because the first request triggers the generation of the CUPS" + echo ">> SSL certificates which can be a very time-consuming job." +} + +post_upgrade() { + # FS#56818 - make sure we change the ownership to the new cups group + if [[ $(vercmp 2.2.6-3 $2) = 1 ]]; then + chgrp -R 209 /etc/cups + echo "Cups daemon is now running under \"cups\" user+group." + echo "Please make sure to enable the new user+group change in" + echo "/etc/cups/cups-files.conf or merge changes from" + echo "/etc/cups/cups-files.conf.default. After a service restart" + echo "make sure /etc/cups and all files within are owned by" + echo "cups group - run \"chgrp -R cups /etc/cups\"." + fi + + # upstream reverted back to common old naming scheme + if [[ $(vercmp 2.3.3+105+g59137acc1-1 $2) = 1 ]]; then + echo ">>> Cups systemd socket and service files have been" + echo ">>> renamed by upstream decision. Please make sure" + echo ">>> to disable/reenable the services to your need." + echo ">>> hint: \"pacman -Ql cups | grep systemd\" and" + echo ">>> \"ls -lR /etc/systemd/ | grep cups\" " + fi +} diff --git a/cups.logrotate b/cups.logrotate new file mode 100644 index 000000000000..19e12101be2b --- /dev/null +++ b/cups.logrotate @@ -0,0 +1,5 @@ +/var/log/cups/*_log { + missingok + notifempty + sharedscripts +} diff --git a/cups.pam b/cups.pam new file mode 100644 index 000000000000..53724d1f86a7 --- /dev/null +++ b/cups.pam @@ -0,0 +1,3 @@ +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so diff --git a/cups.sysusers b/cups.sysusers new file mode 100644 index 000000000000..4ab9d5905968 --- /dev/null +++ b/cups.sysusers @@ -0,0 +1,2 @@ +u cups 209 "cups helper user" +m cups lp diff --git a/guid.patch b/guid.patch new file mode 100644 index 000000000000..b1bd19232e72 --- /dev/null +++ b/guid.patch @@ -0,0 +1,39 @@ +--- cups-2.4.0/scheduler/cups-exec.c 2021-11-29 16:19:34.235186064 +0100 ++++ cups-2.4.0/scheduler/cups-exec.c.new 2021-11-29 16:25:30.764049649 +0100 +@@ -134,9 +134,14 @@ main(int argc, /* I - Number of command-line args */ + # if CUPS_SNAP + if (setgroups(0, NULL)) + # else +- if (setgroups(1, &gid)) +-# endif /* CUPS_SNAP */ ++#include <pwd.h> ++ struct passwd * pwd = getpwuid(uid); ++ if(initgroups(pwd->pw_name,pwd->pw_gid)) ++ { ++ fprintf(stderr, "DEBUG: initgroups failed\n"); + exit(errno + 100); ++ } ++# endif /* CUPS_SNAP */ + + if (uid && setuid(uid)) + exit(errno + 100); +--- cups-2.4.0/scheduler/util.c 2021-11-29 15:27:31.000000000 +0100 ++++ cups-2.4.0/scheduler/util.c.new 2021-11-29 16:29:58.810719066 +0100 +@@ -296,7 +296,16 @@ + */ + + if (!getuid() && user) +- setuid(user); /* Run as restricted user */ ++ { ++#include <pwd.h> ++ struct passwd * pwd = getpwuid(user); ++ if(initgroups(pwd->pw_name,pwd->pw_gid)) ++ { ++ fprintf(stderr, "DEBUG: initgroups failed\n"); ++ exit(errno + 100); ++ } ++ setuid(user); /* Run as restricted user */ ++ } + + if ((fd = open("/dev/null", O_RDONLY)) > 0) + { |