diff options
-rw-r--r-- | .SRCINFO | 26 | ||||
-rw-r--r-- | PKGBUILD | 44 | ||||
-rw-r--r-- | cups-1.6.0-fix-install-perms.patch | 25 | ||||
-rw-r--r-- | cups-no-gcrypt.patch | 11 | ||||
-rw-r--r-- | cups.install | 14 | ||||
-rw-r--r-- | cups.sysusers | 2 | ||||
-rw-r--r-- | guid.patch | 42 |
7 files changed, 96 insertions, 68 deletions
@@ -1,12 +1,12 @@ pkgbase = cups-ipp14 - pkgver = 2.2.2 - pkgrel = 2 - url = http://www.cups.org/ + pkgver = 2.2.6 + pkgrel = 1 + url = https://www.cups.org/ arch = i686 arch = x86_64 license = GPL - makedepends = libtiff>=4.0.0 - makedepends = libpng>=1.5.7 + makedepends = libtiff + makedepends = libpng makedepends = acl makedepends = pam makedepends = xdg-utils @@ -30,27 +30,27 @@ pkgbase = cups-ipp14 provides = cups-ipp14 conflicts = cups replaces = cups - source = https://github.com/apple/cups/releases/download/v2.2.2/cups-2.2.2-source.tar.gz - source = https://github.com/apple/cups/releases/download/v2.2.2/cups-2.2.2-source.tar.gz.sig + source = https://github.com/apple/cups/releases/download/v2.2.6/cups-2.2.6-source.tar.gz + source = https://github.com/apple/cups/releases/download/v2.2.6/cups-2.2.6-source.tar.gz.sig source = cups.logrotate source = cups.pam + source = cups.sysusers + source = guid.patch source = cups-no-export-ssllibs.patch - source = cups-no-gcrypt.patch source = cups-no-gzip-man.patch source = cups-1.6.2-statedir.patch - source = cups-1.6.0-fix-install-perms.patch source = cups-systemd-socket.patch source = add-ipp-backend-of-cups-1.4.patch validpgpkeys = 3737FD0D0E63B30172440D2DDBA3A7AB08D76223 - sha256sums = f589bb7d5d1dc3aa0915d7cf2b808571ef2e1530cd1a6ebe76ae8f9f4994e4f6 + sha256sums = 40385778c2b3bdf55030d1c999734e22774c79e3425d91339ce677825620169b sha256sums = SKIP sha256sums = d87fa0f0b5ec677aae34668f260333db17ce303aa1a752cba5f8e72623d9acf9 sha256sums = 57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5 + sha256sums = 06173dfaea37bdd9b39b3e09aba98c34ae7112a2f521db45a688907d8848caa2 + sha256sums = d4537526c1e075866ae22ad263da000fc2a592d36c26b79a459a1cfdade2bb2d sha256sums = ff3eb0782af0405f5dafe89e04b1b4ea7a49afc5496860d724343bd04f375832 - sha256sums = 1423673e16e374ed372c5b69aebc785b6674bf40601c74a5c08454f672ffa7f1 sha256sums = b8fc2e3bc603495f0278410350ea8f0161d9d83719feb64f573b63430cb4800b sha256sums = 23349c96f2f7aeb7d48e3bcd35a969f5d5ac8f55a032b0cfaa0a03d7e37ea9af - sha256sums = 4a4a885bb2e111bd67bcb90a5780f33841b18bc02382317fb5e64c384aa0c4c8 sha256sums = cdad3c266cb2abb0f90af3113420fa47a09e3ed974a2ffa9fb6a642e11971d65 sha256sums = 375614399e38ddb7af9375472a75e8a83eb3c587595ee079286cbc45094e3c26 @@ -59,7 +59,7 @@ pkgname = cups-ipp14 install = cups.install depends = acl depends = pam - depends = libcups-ipp14>=2.2.2 + depends = libcups-ipp14>=2.2.6 depends = cups-filters depends = bc depends = dbus @@ -7,39 +7,38 @@ pkgbase="${_pkgbase}-ipp14" ### Commenting the "split packages sections - unsupported by AUR apparently ### #pkgname=('libcups-ipp14' 'cups-ipp14') pkgname=(${pkgbase}) -pkgver=2.2.2 -pkgrel=2 +pkgver=2.2.6 +pkgrel=1 arch=('i686' 'x86_64') provides=('cups' 'cups-ipp14') replaces=('cups') conflicts=('cups') license=('GPL') -url="http://www.cups.org/" -makedepends=('libtiff>=4.0.0' 'libpng>=1.5.7' 'acl' 'pam' 'xdg-utils' 'krb5' 'gnutls' +url="https://www.cups.org/" +makedepends=('libtiff' 'libpng' 'acl' 'pam' 'xdg-utils' 'krb5' 'gnutls' 'cups-filters' 'bc' 'colord' 'xinetd' 'gzip' 'autoconf' 'libusb' 'dbus' 'avahi' 'hicolor-icon-theme' 'systemd' 'inetutils' 'libpaper' 'valgrind') source=(https://github.com/apple/cups/releases/download/v${pkgver}/cups-${pkgver}-source.tar.gz{,.sig} cups.logrotate cups.pam + cups.sysusers guid.patch # improve build and linking cups-no-export-ssllibs.patch - cups-no-gcrypt.patch cups-no-gzip-man.patch cups-1.6.2-statedir.patch - cups-1.6.0-fix-install-perms.patch # bugfixes cups-systemd-socket.patch # IPP 1.4 add-ipp-backend-of-cups-1.4.patch) -sha256sums=('f589bb7d5d1dc3aa0915d7cf2b808571ef2e1530cd1a6ebe76ae8f9f4994e4f6' +sha256sums=('40385778c2b3bdf55030d1c999734e22774c79e3425d91339ce677825620169b' 'SKIP' 'd87fa0f0b5ec677aae34668f260333db17ce303aa1a752cba5f8e72623d9acf9' '57dfd072fd7ef0018c6b0a798367aac1abb5979060ff3f9df22d1048bb71c0d5' + '06173dfaea37bdd9b39b3e09aba98c34ae7112a2f521db45a688907d8848caa2' + 'd4537526c1e075866ae22ad263da000fc2a592d36c26b79a459a1cfdade2bb2d' 'ff3eb0782af0405f5dafe89e04b1b4ea7a49afc5496860d724343bd04f375832' - '1423673e16e374ed372c5b69aebc785b6674bf40601c74a5c08454f672ffa7f1' 'b8fc2e3bc603495f0278410350ea8f0161d9d83719feb64f573b63430cb4800b' '23349c96f2f7aeb7d48e3bcd35a969f5d5ac8f55a032b0cfaa0a03d7e37ea9af' - '4a4a885bb2e111bd67bcb90a5780f33841b18bc02382317fb5e64c384aa0c4c8' 'cdad3c266cb2abb0f90af3113420fa47a09e3ed974a2ffa9fb6a642e11971d65' '375614399e38ddb7af9375472a75e8a83eb3c587595ee079286cbc45094e3c26') validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org (CUPS.org PGP key) <security@cups.org> @@ -54,24 +53,23 @@ prepare() { # improve build and linking # Do not export SSL libs in cups-config patch -Np1 -i ${srcdir}/cups-no-export-ssllibs.patch - # https://www.cups.org/str.php?L4399 - patch -Np1 -i ${srcdir}/cups-no-gcrypt.patch # don't zip man pages in make install, let makepkg do that / Fedora patch -Np1 -i ${srcdir}/cups-no-gzip-man.patch # move /var/run -> /run for pid file patch -Np1 -i ${srcdir}/cups-1.6.2-statedir.patch - # fix permissions on some files (by Gentoo) - alternative: cups-0755.patch by FC - patch -Np0 -i ${srcdir}/cups-1.6.0-fix-install-perms.patch # bug fixes # make sure network is up when starting and notify systemd - FC patch -Np1 -i ${srcdir}/cups-systemd-socket.patch + # FS#56818 - https://github.com/apple/cups/issues/5236 + patch -Np1 -i ${srcdir}/guid.patch + # set MaxLogSize to 0 to prevent using cups internal log rotation sed -i -e '5i\ ' conf/cupsd.conf.in sed -i -e '6i# Disable cups internal logging - use logrotate instead' conf/cupsd.conf.in sed -i -e '7iMaxLogSize 0' conf/cupsd.conf.in - + # Rebuild configure script for not zipping man-pages. aclocal -I config-scripts autoconf -I config-scripts @@ -79,6 +77,8 @@ prepare() { build() { cd ${_pkgbase}-${pkgver} + + # use fixed cups user (id 209) since systemd adds "lp" group without a fixed id ./configure --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ @@ -86,8 +86,9 @@ build() { --libdir=/usr/lib \ --with-logdir=/var/log/cups \ --with-docdir=/usr/share/cups/doc \ - --with-cups-user=daemon \ - --with-cups-group=lp \ + --with-exe-file-perm=0755 \ + --with-cups-user=209 \ + --with-cups-group=209 \ --enable-pam=yes \ --enable-raw-printing \ --enable-dbus --with-dbusdir=/etc/dbus-1 \ @@ -138,8 +139,13 @@ optdepends=('xdg-utils: xdg .desktop file support' chmod 755 ${pkgdir}/var/spool chmod 755 ${pkgdir}/etc + # use cups group FS#36769 + install -Dm644 "$srcdir"/cups.sysusers "${pkgdir}/usr/lib/sysusers.d/$pkgname.conf" + sed -i "s:#User 209:User 209:" ${pkgdir}/etc/cups/cups-files.conf{,.default} + sed -i "s:#Group 209:Group 209:" ${pkgdir}/etc/cups/cups-files.conf{,.default} + # install ssl directory where to store the certs, solves some samba issues - install -dm700 -g lp ${pkgdir}/etc/cups/ssl + install -dm700 -g 209 ${pkgdir}/etc/cups/ssl # remove directory from package, it will be recreated at each server start rm -rf ${pkgdir}/run @@ -147,7 +153,7 @@ optdepends=('xdg-utils: xdg .desktop file support' touch ${pkgdir}/etc/cups/printers.conf touch ${pkgdir}/etc/cups/classes.conf touch ${pkgdir}/etc/cups/subscriptions.conf - chgrp -R lp ${pkgdir}/etc/cups + chgrp -R 209 ${pkgdir}/etc/cups # fix .desktop file sed -i 's|^Exec=htmlview http://localhost:631/|Exec=xdg-open http://localhost:631/|g' ${pkgdir}/usr/share/applications/cups.desktop @@ -158,7 +164,7 @@ optdepends=('xdg-utils: xdg .desktop file support' # remove client.conf man page rm -f ${pkgdir}/usr/share/man/man5/client.conf.5 - # comment out all conversion rules which use any of the removed filters that are now part of cups-filters + # comment out all conversion rules which use any of the removed filters that are now part of cups-filters perl -p -i -e 's:^(.*\s+bannertops\s*)$:#\1:' $pkgdir/usr/share/cups/mime/mime.convs # comment out unnecessary PageLogFormat entry diff --git a/cups-1.6.0-fix-install-perms.patch b/cups-1.6.0-fix-install-perms.patch deleted file mode 100644 index 2d7a77c44f3d..000000000000 --- a/cups-1.6.0-fix-install-perms.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: Makedefs.in -=================================================================== ---- Makedefs.in (Revision 10520) -+++ Makedefs.in (Arbeitskopie) -@@ -40,14 +40,14 @@ - # Installation programs... - # - --INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ --INSTALL_COMPDATA = $(INSTALL) -c -m 444 @INSTALL_GZIP@ -+INSTALL_BIN = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ -+INSTALL_COMPDATA = $(INSTALL) -c -m 644 @INSTALL_GZIP@ - INSTALL_CONFIG = $(INSTALL) -c -m @CUPS_CONFIG_FILE_PERM@ --INSTALL_DATA = $(INSTALL) -c -m 444 -+INSTALL_DATA = $(INSTALL) -c -m 644 - INSTALL_DIR = $(INSTALL) -d --INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 555 @INSTALL_STRIP@ --INSTALL_MAN = $(INSTALL) -c -m 444 --INSTALL_SCRIPT = $(INSTALL) -c -m 555 -+INSTALL_LIB = $(LIBTOOL) $(INSTALL) -c -m 755 @INSTALL_STRIP@ -+INSTALL_MAN = $(INSTALL) -c -m 644 -+INSTALL_SCRIPT = $(INSTALL) -c -m 755 - - # - # Default user, group, and system groups for the scheduler... diff --git a/cups-no-gcrypt.patch b/cups-no-gcrypt.patch deleted file mode 100644 index 0cd64b191879..000000000000 --- a/cups-no-gcrypt.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up cups-2.0rc1/config-scripts/cups-ssl.m4.no-gcry cups-2.0rc1/config-scripts/cups-ssl.m4 ---- cups-2.0rc1/config-scripts/cups-ssl.m4.no-gcry 2014-09-12 15:41:23.324760213 +0200 -+++ cups-2.0rc1/config-scripts/cups-ssl.m4 2014-09-12 15:43:13.124203363 +0200 -@@ -60,7 +60,6 @@ if test x$enable_ssl != xno; then - dnl Then look for GNU TLS... - if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then - AC_PATH_TOOL(LIBGNUTLSCONFIG,libgnutls-config) -- AC_PATH_TOOL(LIBGCRYPTCONFIG,libgcrypt-config) - if $PKGCONFIG --exists gnutls; then - have_ssl=1 - SSLLIBS=`$PKGCONFIG --libs gnutls` diff --git a/cups.install b/cups.install index 23732bb74898..c83a437ea8c3 100644 --- a/cups.install +++ b/cups.install @@ -4,3 +4,17 @@ post_install() { echo ">> This is because the first request triggers the generation of the CUPS" echo ">> SSL certificates which can be a very time-consuming job." } + +post_upgrade() { + # FS#56818 - make sure we change the ownership to the new cups group + if [[ $(vercmp 2.2.6-3 $2) = 1 ]]; then + chgrp -R 209 /etc/cups + echo "Cups daemon is now running under \"cups\" user+group." + echo "Please make sure to enable the new user+group change in" + echo "/etc/cups/cups-files.conf or merge changes from" + echo "/etc/cups/cups-files.conf.default. After a service restart" + echo "make sure /etc/cups and all files within are owned by" + echo "cups group - run \"chgrp -R cups /etc/cups\"." + fi +} + diff --git a/cups.sysusers b/cups.sysusers new file mode 100644 index 000000000000..4ab9d5905968 --- /dev/null +++ b/cups.sysusers @@ -0,0 +1,2 @@ +u cups 209 "cups helper user" +m cups lp diff --git a/guid.patch b/guid.patch new file mode 100644 index 000000000000..ce28e024f3fd --- /dev/null +++ b/guid.patch @@ -0,0 +1,42 @@ +diff --git a/scheduler/cups-exec.c b/scheduler/cups-exec.c +index aab43a797..46c549075 100644 +--- a/scheduler/cups-exec.c ++++ b/scheduler/cups-exec.c +@@ -133,8 +133,13 @@ main(int argc, /* I - Number of command-line args */ + if (setgid(gid)) + exit(errno + 100); + +- if (setgroups(1, &gid)) ++#include <pwd.h> ++ struct passwd * pwd = getpwuid(uid); ++ if(initgroups(pwd->pw_name,pwd->pw_gid)) ++ { ++ fprintf(stderr, "DEBUG: initgroups failed\n"); + exit(errno + 100); ++ } + + if (uid && setuid(uid)) + exit(errno + 100); +diff --git a/scheduler/util.c b/scheduler/util.c +index 19ebf069b..4638562bd 100644 +--- a/scheduler/util.c ++++ b/scheduler/util.c +@@ -300,7 +300,16 @@ cupsdPipeCommand(int *pid, /* O - Process ID or 0 on error */ + */ + + if (!getuid() && user) +- setuid(user); /* Run as restricted user */ ++ { ++#include <pwd.h> ++ struct passwd * pwd = getpwuid(user); ++ if(initgroups(pwd->pw_name,pwd->pw_gid)) ++ { ++ fprintf(stderr, "DEBUG: initgroups failed\n"); ++ exit(errno + 100); ++ } ++ setuid(user); /* Run as restricted user */ ++ } + + if ((fd = open("/dev/null", O_RDONLY)) > 0) + { + |