From 02491b4eded7be406a64d8e55bd23f11643283fc Mon Sep 17 00:00:00 2001
From: Saul Wold
Date: Thu, 13 Dec 2012 19:03:52 -0800
Subject: cups: Update to 1.6.1
License change was due to update of Date.
Remove CVE patches as they where backports from this release
(From OE-Core rev: 9524c0ed85592c87ff30b54ca705b5d1b447eb6f)
Signed-off-by: Saul Wold
Signed-off-by: Richard Purdie
---
.../0001-don-t-try-to-run-generated-binaries.patch | 70 -
.../cups/cups-1.4.6/cups-CVE-2011-2896.patch | 140 -
.../cups/cups-1.4.6/cups-CVE-2011-3170.patch | 54 -
.../cups/cups-1.4.6/cups-CVE-2012-5519.patch | 2965 --------------------
.../cups/cups-1.4.6/cups_serverbin.patch | 32 -
.../cups/cups-1.4.6/use_echo_only_in_init.patch | 13 -
.../0001-don-t-try-to-run-generated-binaries.patch | 70 +
.../cups/cups/cups-CVE-2011-2896.patch | 140 +
.../cups/cups/cups-CVE-2011-3170.patch | 54 +
.../cups/cups/cups-CVE-2012-5519.patch | 2965 ++++++++++++++++++++
.../cups/cups/cups_serverbin.patch | 32 +
.../cups/cups/use_echo_only_in_init.patch | 15 +
meta/recipes-extended/cups/cups14.inc | 101 -
meta/recipes-extended/cups/cups16.inc | 101 +
meta/recipes-extended/cups/cups_1.4.6.bb | 23 -
meta/recipes-extended/cups/cups_1.6.1.bb | 19 +
16 files changed, 3396 insertions(+), 3398 deletions(-)
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/0001-don-t-try-to-run-generated-binaries.patch
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-2896.patch
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-3170.patch
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2012-5519.patch
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/cups_serverbin.patch
delete mode 100644 meta/recipes-extended/cups/cups-1.4.6/use_echo_only_in_init.patch
create mode 100644 meta/recipes-extended/cups/cups/0001-don-t-try-to-run-generated-binaries.patch
create mode 100644 meta/recipes-extended/cups/cups/cups-CVE-2011-2896.patch
create mode 100644 meta/recipes-extended/cups/cups/cups-CVE-2011-3170.patch
create mode 100644 meta/recipes-extended/cups/cups/cups-CVE-2012-5519.patch
create mode 100644 meta/recipes-extended/cups/cups/cups_serverbin.patch
create mode 100644 meta/recipes-extended/cups/cups/use_echo_only_in_init.patch
delete mode 100644 meta/recipes-extended/cups/cups14.inc
create mode 100644 meta/recipes-extended/cups/cups16.inc
delete mode 100644 meta/recipes-extended/cups/cups_1.4.6.bb
create mode 100644 meta/recipes-extended/cups/cups_1.6.1.bb
(limited to 'meta/recipes-extended')
diff --git a/meta/recipes-extended/cups/cups-1.4.6/0001-don-t-try-to-run-generated-binaries.patch b/meta/recipes-extended/cups/cups-1.4.6/0001-don-t-try-to-run-generated-binaries.patch
deleted file mode 100644
index e6544b5607..0000000000
--- a/meta/recipes-extended/cups/cups-1.4.6/0001-don-t-try-to-run-generated-binaries.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-From 90069586167b930befce7303aea57078f04b4ed8 Mon Sep 17 00:00:00 2001
-From: Koen Kooi
-Date: Sun, 30 Jan 2011 16:37:27 +0100
-Subject: [PATCH] don't try to run generated binaries
-
-Signed-off-by: Koen Kooi
----
- ppdc/Makefile | 30 +++++++++++++++---------------
- 1 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/ppdc/Makefile b/ppdc/Makefile
-index 0288d47..fc87f1b 100644
---- a/ppdc/Makefile
-+++ b/ppdc/Makefile
-@@ -243,8 +243,8 @@ genstrings: genstrings.o libcupsppdc.a ../cups/libcups.a \
- $(CXX) $(ARCHFLAGS) $(LDFLAGS) -o genstrings genstrings.o \
- libcupsppdc.a ../cups/libcups.a $(LIBGSSAPI) $(SSLLIBS) \
- $(DNSSDLIBS) $(COMMONLIBS) $(LIBZ)
-- echo Generating localization strings...
-- ./genstrings >sample.c
-+# echo Generating localization strings...
-+# ./genstrings >sample.c
-
-
- #
-@@ -261,9 +261,9 @@ ppdc-static: ppdc.o libcupsppdc.a ../cups/libcups.a foo.drv foo-fr.po
- $(CXX) $(ARCHFLAGS) $(LDFLAGS) -o ppdc-static ppdc.o libcupsppdc.a \
- ../cups/libcups.a $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) \
- $(COMMONLIBS) $(LIBZ)
-- echo Testing PPD compiler...
-- ./ppdc-static -l en,fr -I ../data foo.drv
-- ./ppdc-static -l en,fr -z -I ../data foo.drv
-+# echo Testing PPD compiler...
-+# ./ppdc-static -l en,fr -I ../data foo.drv
-+# ./ppdc-static -l en,fr -z -I ../data foo.drv
-
-
- #
-@@ -290,16 +290,16 @@ ppdi-static: ppdc-static ppdi.o libcupsppdc.a ../cups/libcups.a
- ../cups/libcups.a $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) \
- $(COMMONLIBS) $(LIBZ)
- echo Testing PPD importer...
-- $(RM) -r ppd ppd2 sample-import.drv
-- ./ppdc-static -I ../data sample.drv
-- ./ppdi-static -I ../data -o sample-import.drv ppd/*
-- ./ppdc-static -I ../data -d ppd2 sample-import.drv
-- if diff -r ppd ppd2 >/dev/null; then \
-- echo PPD import OK; \
-- else \
-- echo PPD import FAILED; \
-- exit 1; \
-- fi
-+# $(RM) -r ppd ppd2 sample-import.drv
-+# ./ppdc-static -I ../data sample.drv
-+# ./ppdi-static -I ../data -o sample-import.drv ppd/*
-+# ./ppdc-static -I ../data -d ppd2 sample-import.drv
-+# if diff -r ppd ppd2 >/dev/null; then \
-+# echo PPD import OK; \
-+# else \
-+# echo PPD import FAILED; \
-+# exit 1; \
-+# fi
-
-
- #
---
-1.6.6.1
-
diff --git a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-2896.patch b/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-2896.patch
deleted file mode 100644
index 7c6f75bd6c..0000000000
--- a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-2896.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-cups - CVE-2011-2896
-
-the patch come from:
-http://cups.org/strfiles/3867/str3867.patch
-
-The LZW decompressor in the LWZReadByte function in giftoppm.c
-in the David Koblas GIF decoder in PBMPLUS, as used in the
-gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7,
-the LZWReadByte function in plug-ins/common/file-gif-load.c
-in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c
-in XPCE in SWI-Prolog 5.10.4 and earlier, and other products,
-does not properly handle code words that are absent from the
-decompression table when encountered, which allows remote attackers to
-trigger an infinite loop or a heap-based buffer overflow, and possibly
-execute arbitrary code, via a crafted compressed stream, a related
-issue to CVE-2006-1168 and CVE-2011-2895.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896
-
-Integrated-by: Li Wang
----
- filter/image-gif.c | 46 ++++++++++++++++++++--------------------------
- 1 files changed, 20 insertions(+), 26 deletions(-)
-
-diff --git a/filter/image-gif.c b/filter/image-gif.c
-index 3857c21..fa9691e 100644
---- a/filter/image-gif.c
-+++ b/filter/image-gif.c
-@@ -353,7 +353,7 @@ gif_get_code(FILE *fp, /* I - File to read from */
- * Read in another buffer...
- */
-
-- if ((count = gif_get_block (fp, buf + last_byte)) <= 0)
-+ if ((count = gif_get_block(fp, buf + last_byte)) <= 0)
- {
- /*
- * Whoops, no more data!
-@@ -582,19 +582,13 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
- gif_get_code(fp, 0, 1);
-
- /*
-- * Wipe the decompressor table...
-+ * Wipe the decompressor table (already mostly 0 due to the calloc above...)
- */
-
- fresh = 1;
-
-- for (i = 0; i < clear_code; i ++)
-- {
-- table[0][i] = 0;
-+ for (i = 1; i < clear_code; i ++)
- table[1][i] = i;
-- }
--
-- for (; i < 4096; i ++)
-- table[0][i] = table[1][0] = 0;
-
- sp = stack;
-
-@@ -605,29 +599,30 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
- fresh = 0;
-
- do
-+ {
- firstcode = oldcode = gif_get_code(fp, code_size, 0);
-+ }
- while (firstcode == clear_code);
-
-- return (firstcode);
-+ return (firstcode & 255);
- }
- else if (!table)
- return (0);
-
- if (sp > stack)
-- return (*--sp);
-+ return ((*--sp) & 255);
-
-- while ((code = gif_get_code (fp, code_size, 0)) >= 0)
-+ while ((code = gif_get_code(fp, code_size, 0)) >= 0)
- {
- if (code == clear_code)
- {
-- for (i = 0; i < clear_code; i ++)
-- {
-- table[0][i] = 0;
-- table[1][i] = i;
-- }
-+ /*
-+ * Clear/reset the compression table...
-+ */
-
-- for (; i < 4096; i ++)
-- table[0][i] = table[1][i] = 0;
-+ memset(table, 0, 2 * sizeof(gif_table_t));
-+ for (i = 1; i < clear_code; i ++)
-+ table[1][i] = i;
-
- code_size = set_code_size + 1;
- max_code_size = 2 * clear_code;
-@@ -637,12 +632,11 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
-
- firstcode = oldcode = gif_get_code(fp, code_size, 0);
-
-- return (firstcode);
-+ return (firstcode & 255);
- }
-- else if (code == end_code)
-+ else if (code == end_code || code > max_code)
- {
-- unsigned char buf[260];
--
-+ unsigned char buf[260]; /* Block buffer */
-
- if (!gif_eof)
- while (gif_get_block(fp, buf) > 0);
-@@ -652,7 +646,7 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
-
- incode = code;
-
-- if (code >= max_code)
-+ if (code == max_code)
- {
- if (sp < (stack + 8192))
- *sp++ = firstcode;
-@@ -690,10 +684,10 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
- oldcode = incode;
-
- if (sp > stack)
-- return (*--sp);
-+ return ((*--sp) & 255);
- }
-
-- return (code);
-+ return (code & 255);
- }
-
-
---
-1.7.0.5
-
diff --git a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-3170.patch b/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-3170.patch
deleted file mode 100644
index fd1b95847c..0000000000
--- a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2011-3170.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-cups CVE-2011-3170
-
-the patch come from:
-http://cups.org/strfiles/3914/str3914.patch
-
-The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
-earlier does not properly handle the first code word in an LZW stream,
-which allows remote attackers to trigger a heap-based buffer overflow,
-and possibly execute arbitrary code, via a crafted stream, a different
-vulnerability than CVE-2011-2896.
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
-
-Integrated-by: Li Wang
----
- filter/image-gif.c | 14 +++++++++-----
- 1 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/filter/image-gif.c b/filter/image-gif.c
-index 9542704..3857c21 100644
---- a/filter/image-gif.c
-+++ b/filter/image-gif.c
-@@ -654,11 +654,13 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
-
- if (code >= max_code)
- {
-- *sp++ = firstcode;
-- code = oldcode;
-+ if (sp < (stack + 8192))
-+ *sp++ = firstcode;
-+
-+ code = oldcode;
- }
-
-- while (code >= clear_code)
-+ while (code >= clear_code && sp < (stack + 8192))
- {
- *sp++ = table[1][code];
- if (code == table[0][code])
-@@ -667,8 +669,10 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
- code = table[0][code];
- }
-
-- *sp++ = firstcode = table[1][code];
-- code = max_code;
-+ if (sp < (stack + 8192))
-+ *sp++ = firstcode = table[1][code];
-+
-+ code = max_code;
-
- if (code < 4096)
- {
---
-1.7.0.5
-
diff --git a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2012-5519.patch b/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2012-5519.patch
deleted file mode 100644
index 6b2887a5c9..0000000000
--- a/meta/recipes-extended/cups/cups-1.4.6/cups-CVE-2012-5519.patch
+++ /dev/null
@@ -1,2965 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## DP: Description: Move file, directory, user, and group configuration to a
-## DP: separate file. Also warn about directives that have moved and set
-## DP: default cups-files.conf.
-## DP:
-## DP: Author: Michael Sweet
-## DP: Origin: http://svn.cups.org/public/cups/branches/branch-1.6@10710
-## DP: Origin: http://svn.cups.org/public/cups/branches/branch-1.6@10713
-## DP:
-## DP: Author: Marc Deslauriers
-## DP: Author: Tim Waugh
-## DP:
-## DP: Bug-Upstream: https://www.cups.org/str.php?L4223
-## DP: Bug-Debian: http://bugs.debian.org/692791
-## DP: Bug-CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
-
-@DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/Makefile cups/conf/Makefile
---- cups~/conf/Makefile 2012-12-08 00:29:09.000000000 +0100
-+++ cups/conf/Makefile 2012-12-08 00:29:10.000000000 +0100
-@@ -19,7 +19,7 @@
- # Config files...
- #
-
--KEEP = cupsd.conf snmp.conf
-+KEEP = cups-files.conf cupsd.conf snmp.conf
- REPLACE = mime.convs mime.types
-
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/cups-files.conf.in cups/conf/cups-files.conf.in
---- cups~/conf/cups-files.conf.in 1970-01-01 01:00:00.000000000 +0100
-+++ cups/conf/cups-files.conf.in 2012-12-08 00:29:10.000000000 +0100
-@@ -0,0 +1,98 @@
-+#
-+# "$Id$"
-+#
-+# Sample file/directory/user/group configuration file for the CUPS scheduler.
-+# See "man cups-files.conf" for a complete description of this file.
-+#
-+
-+# List of events that are considered fatal errors for the scheduler...
-+#FatalErrors @CUPS_FATAL_ERRORS@
-+
-+# Default user and group for filters/backends/helper programs; this cannot be
-+# any user or group that resolves to ID 0 for security reasons...
-+#User @CUPS_USER@
-+#Group @CUPS_GROUP@
-+
-+# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
-+SystemGroup @CUPS_SYSTEM_GROUPS@
-+@CUPS_SYSTEM_AUTHKEY@
-+
-+# User that is substituted for unauthenticated (remote) root accesses...
-+#RemoteRoot remroot
-+
-+# Do we allow file: device URIs other than to /dev/null?
-+#FileDevice No
-+
-+# Permissions for configuration and log files...
-+#ConfigFilePerm @CUPS_CONFIG_FILE_PERM@
-+#LogFilePerm @CUPS_LOG_FILE_PERM@
-+
-+# Location of the file logging all access to the scheduler; may be the name
-+# "syslog". If not an absolute path, the value of ServerRoot is used as the
-+# root directory. Also see the "AccessLogLevel" directive in cupsd.conf.
-+AccessLog @CUPS_LOGDIR@/access_log
-+
-+# Location of cache files used by the scheduler...
-+#CacheDir @CUPS_CACHEDIR@
-+
-+# Location of data files used by the scheduler...
-+#DataDir @CUPS_DATADIR@
-+
-+# Location of the static web content served by the scheduler...
-+#DocumentRoot @CUPS_DOCROOT@
-+
-+# Location of the file logging all messages produced by the scheduler and any
-+# helper programs; may be the name "syslog". If not an absolute path, the value
-+# of ServerRoot is used as the root directory. Also see the "LogLevel"
-+# directive in cupsd.conf.
-+ErrorLog @CUPS_LOGDIR@/error_log
-+
-+# Location of fonts used by older print filters...
-+#FontPath @CUPS_FONTPATH@
-+
-+# Location of LPD configuration
-+#LPDConfigFile @CUPS_DEFAULT_LPD_CONFIG_FILE@
-+
-+# Location of the file logging all pages printed by the scheduler and any
-+# helper programs; may be the name "syslog". If not an absolute path, the value
-+# of ServerRoot is used as the root directory. Also see the "PageLogFormat"
-+# directive in cupsd.conf.
-+PageLog @CUPS_LOGDIR@/page_log
-+
-+# Location of the file listing all of the local printers...
-+#Printcap @CUPS_DEFAULT_PRINTCAP@
-+
-+# Format of the Printcap file...
-+#PrintcapFormat bsd
-+#PrintcapFormat plist
-+#PrintcapFormat solaris
-+
-+# Location of all spool files...
-+#RequestRoot @CUPS_REQUESTS@
-+
-+# Location of helper programs...
-+#ServerBin @CUPS_SERVERBIN@
-+
-+# SSL/TLS certificate for the scheduler...
-+#ServerCertificate @CUPS_SERVERCERT@
-+
-+# SSL/TLS private key for the scheduler...
-+#ServerKey @CUPS_SERVERKEY@
-+
-+# Location of other configuration files...
-+#ServerRoot @CUPS_SERVERROOT@
-+
-+# Location of Samba configuration file...
-+#SMBConfigFile @CUPS_DEFAULT_SMB_CONFIG_FILE@
-+
-+# Location of scheduler state files...
-+#StateDir @CUPS_STATEDIR@
-+
-+# Location of scheduler/helper temporary files. This directory is emptied on
-+# scheduler startup and cannot be one of the standard (public) temporary
-+# directory locations for security reasons...
-+#TempDir @CUPS_REQUESTS@/tmp
-+
-+#
-+# End of "$Id$".
-+#
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/conf/cupsd.conf.in cups/conf/cupsd.conf.in
---- cups~/conf/cupsd.conf.in 2012-12-08 00:29:09.000000000 +0100
-+++ cups/conf/cupsd.conf.in 2012-12-08 00:29:10.000000000 +0100
-@@ -13,10 +13,6 @@
- # LogLevel debug2 gets usable now
- MaxLogSize 0
-
--# Administrator user group...
--SystemGroup @CUPS_SYSTEM_GROUPS@
--@CUPS_SYSTEM_AUTHKEY@
--
- # Only listen for connections from the local machine.
- Listen localhost:@DEFAULT_IPP_PORT@
- @CUPS_LISTEN_DOMAINSOCKET@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/config-scripts/cups-defaults.m4 cups/config-scripts/cups-defaults.m4
---- cups~/config-scripts/cups-defaults.m4 2012-12-07 13:00:47.000000000 +0100
-+++ cups/config-scripts/cups-defaults.m4 2012-12-08 00:29:10.000000000 +0100
-@@ -353,6 +353,7 @@
- fi
-
- AC_DEFINE_UNQUOTED(CUPS_DEFAULT_LPD_CONFIG_FILE, "$CUPS_DEFAULT_LPD_CONFIG_FILE")
-+AC_SUBST(CUPS_DEFAULT_LPD_CONFIG_FILE)
-
- dnl Default SMB config file...
- AC_ARG_WITH(smbconfigfile, [ --with-smbconfigfile set default SMBConfigFile URI],
-@@ -374,6 +375,7 @@
- fi
-
- AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SMB_CONFIG_FILE, "$CUPS_DEFAULT_SMB_CONFIG_FILE")
-+AC_SUBST(CUPS_DEFAULT_SMB_CONFIG_FILE)
-
- dnl Default MaxCopies value...
- AC_ARG_WITH(max-copies, [ --with-max-copies set default max copies value, default=9999 ],
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/config-scripts/cups-ssl.m4 cups/config-scripts/cups-ssl.m4
---- cups~/config-scripts/cups-ssl.m4 2012-12-07 13:00:47.000000000 +0100
-+++ cups/config-scripts/cups-ssl.m4 2012-12-08 00:29:10.000000000 +0100
-@@ -27,6 +27,8 @@
- SSLFLAGS=""
- SSLLIBS=""
- have_ssl=0
-+CUPS_SERVERCERT=""
-+CUPS_SERVERKEY=""
-
- if test x$enable_ssl != xno; then
- dnl Look for CDSA...
-@@ -36,6 +38,7 @@
- have_ssl=1
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_CDSASSL)
-+ CUPS_SERVERCERT="/Library/Keychains/System.keychain"
-
- dnl Check for the various security headers...
- AC_CHECK_HEADER(Security/SecPolicy.h,
-@@ -85,6 +88,9 @@
- fi
-
- if test $have_ssl = 1; then
-+ CUPS_SERVERCERT="ssl/server.crt"
-+ CUPS_SERVERKEY="ssl/server.key"
-+
- if $PKGCONFIG --exists gcrypt; then
- SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
- SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
-@@ -122,6 +128,9 @@
- $libcrypto)
-
- if test "x${SSLLIBS}" != "x"; then
-+ CUPS_SERVERCERT="ssl/server.crt"
-+ CUPS_SERVERKEY="ssl/server.key"
-+
- break
- fi
- done
-@@ -135,6 +144,8 @@
- AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
- fi
-
-+AC_SUBST(CUPS_SERVERCERT)
-+AC_SUBST(CUPS_SERVERKEY)
- AC_SUBST(SSLFLAGS)
- AC_SUBST(SSLLIBS)
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/configure.in cups/configure.in
---- cups~/configure.in 2012-12-07 13:00:47.000000000 +0100
-+++ cups/configure.in 2012-12-08 00:29:10.000000000 +0100
-@@ -63,14 +63,14 @@
- AC_SUBST(UNINSTALL_LANGUAGES)
-
- AC_OUTPUT(Makedefs packaging/cups.list init/cups.sh init/cups-lpd cups-config
-- conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf
-+ conf/cups-files.conf conf/cupsd.conf conf/mime.convs conf/pam.std conf/snmp.conf
- data/testprint
- desktop/cups.desktop
- doc/index.html doc/help/ref-cupsd-conf.html doc/help/standard.html
- init/org.cups.cups-lpd.plist init/cups.xml
- man/client.conf.man man/cups-deviced.man man/cups-driverd.man
- man/cups-lpd.man man/cupsaddsmb.man man/cupsd.man
-- man/cupsd.conf.man man/lpoptions.man
-+ man/cups-files.conf.man man/cupsd.conf.man man/lpoptions.man
- templates/header.tmpl
- $LANGFILES)
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/doc/help/ref-cups-files-conf.html.in cups/doc/help/ref-cups-files-conf.html.in
---- cups~/doc/help/ref-cups-files-conf.html.in 1970-01-01 01:00:00.000000000 +0100
-+++ cups/doc/help/ref-cups-files-conf.html.in 2012-12-08 00:29:10.000000000 +0100
-@@ -0,0 +1,531 @@
-+
-+
-+
-+ cups-files.conf
-+
-+
-+
-+
-+
cups-files.conf
-+
-+
The /etc/cups/cups-files.conf file contains configuration directives that control the files, directories. users. and groups that are used by the CUPS scheduler, cupsd(8). Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.
The AccessLog directive sets the name of the
-+access log file. If the filename is not absolute then it is
-+assumed to be relative to the ServerRoot directory. The
-+access log file is stored in "common log format" and can be used
-+by any web access reporting tool to generate a report on CUPS
-+server activity.
-+
-+
The server name can be included in the filename by using
-+%s in the name.
-+
-+
The special name "syslog" can be used to send the access
-+information to the system log instead of a plain file.
-+
-+
The default access log file is
-+@CUPS_LOGDIR@/access_log.
The ConfigFilePerm directive specifies the permissions to use when the scheduler writes configuration and cache files, typically in response to IPP or HTTP requests. The default is @CUPS_CONFIG_FILE_PERM@.
-+
-+
Note:
-+
-+
The permissions for the printers.conf file are always masked to only allow access from the scheduler user (typically root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. There is no way to disable this security feature.
The DocumentRoot directive specifies the location
-+of web content for the HTTP server in CUPS. If an absolute path
-+is not specified then it is assumed to be relative to the ServerRoot directory. The
-+default directory is @CUPS_DOCROOT@.
-+
-+
Documents are first looked up in a sub-directory for the
-+primary language requested by the client (e.g.
-+@CUPS_DOCROOT@/fr/...) and then directly under
-+the DocumentRoot directory (e.g.
-+@CUPS_DOCROOT@/...), so it is possible to
-+localize the web content by providing subdirectories for each
-+language needed.
The ErrorLog directive sets the name of the error
-+log file. If the filename is not absolute then it is assumed to
-+be relative to the ServerRoot directory. The
-+default error log file is @CUPS_LOGDIR@/error_log.
-+
-+
The server name can be included in the filename by using
-+%s in the name.
-+
-+
The special name "syslog" can be used to send the error
-+information to the system log instead of a plain file.
The FatalErrors directive determines whether certain kinds of
-+errors are fatal. The following kinds of errors are currently recognized:
-+
-+
-+
-+
none - No errors are fatal
-+
-+
all - All of the errors below are fatal
-+
-+
browse - Browsing initialization errors are fatal,
-+ for example failed binding to the CUPS browse port or failed connections
-+ to LDAP servers
-+
-+
config - Configuration file syntax errors are
-+ fatal
-+
-+
listen - Listen or Port errors are fatal, except for
-+ IPv6 failures on the loopback or "any" addresses
-+
-+
log - Log file creation or write errors are fatal
-+
-+
permissions - Bad startup file permissions are
-+ fatal, for example shared SSL certificate and key files with world-
-+ read permissions
-+
-+
-+
-+
Multiple errors can be listed, and the form "-kind" can be used with
-+all to remove specific kinds of errors. The default setting is
-+@CUPS_FATAL_ERRORS@.
The FileDevice directive determines whether the
-+scheduler allows new printers to be added using device URIs of
-+the form file:/filename. File devices are most often
-+used to test new printer drivers and do not support raw file
-+printing.
-+
-+
The default setting is No.
-+
-+
Note:
-+
-+
File devices are managed by the scheduler. Since the
-+scheduler normally runs as the root user, file devices
-+can be used to overwrite system files and potentially
-+gain unauthorized access to the system. If you must
-+create printers using file devices, we recommend that
-+you set the FileDevice directive to
-+Yes for only as long as you need to add the
-+printers to the system, and then reset the directive to
-+No.
The Group directive specifies the UNIX group that
-+filter and CGI programs run as. The default group is
-+system-specific but is usually lp or
-+nobody.
The PageLog directive sets the name of the page
-+log file. If the filename is not absolute then it is assumed to
-+be relative to the ServerRoot directory. The
-+default page log file is @CUPS_LOGDIR@/page_log.
-+
-+
The server name can be included in the filename by using
-+%s in the name.
-+
-+
The special name "syslog" can be used to send the page
-+information to the system log instead of a plain file.
The Printcap directive controls whether or not a
-+printcap file is automatically generated and updated with a list
-+of available printers. If specified with no value, then no
-+printcap file will be generated. The default is to generate a
-+file named @CUPS_DEFAULT_PRINTCAP@.
-+
-+
When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@),
-+the printcap file is written whenever a printer is added or
-+removed. The printcap file can then be used by applications that
-+are hardcoded to look at the printcap file for the available
-+printers.
-+PrintcapFormat BSD
-+PrintcapFormat Solaris
-+PrintcapFormat plist
-+
-+
-+
Description
-+
-+
The PrintcapFormat directive controls the output format of the
-+printcap file. The default is to generate the plist format on OS X, the
-+Solaris format on Solaris, and the BSD format on other operating systems.
The RemoteRoot directive sets the username for
-+unauthenticated root requests from remote hosts. The default
-+username is remroot. Setting RemoteRoot
-+to root effectively disables this security
-+mechanism.
The RequestRoot directive sets the directory for
-+incoming IPP requests and HTML forms. If an absolute path is not
-+provided then it is assumed to be relative to the ServerRoot directory. The
-+default request directory is @CUPS_REQUESTS@.
The ServerBin directive sets the directory for
-+server-run executables. If an absolute path is not provided then
-+it is assumed to be relative to the ServerRoot directory. The
-+default executable directory is /usr/lib/cups,
-+/usr/lib32/cups, or /usr/libexec/cups
-+depending on the operating system.
The ServerCertificate directive specifies the
-+location of the SSL certificate file used by the server when
-+negotiating encrypted connections. The certificate must not be
-+encrypted (password protected) since the scheduler normally runs
-+in the background and will be unable to ask for a password.
-+
-+
The default certificate file is
-+/etc/cups/ssl/server.crt.
The ServerRoot directive specifies the absolute
-+path to the server configuration and state files. It is also used
-+to resolve relative paths in the cupsd.conf file. The
-+default server directory is /etc/cups.
The SystemGroup directive specifies the system
-+administration group for System authentication.
-+Multiple groups can be listed, separated with spaces. The default
-+group list is @CUPS_SYSTEM_GROUPS@.
The TempDir directive specifies an absolute path
-+for the directory to use for temporary files. The default
-+directory is @CUPS_REQUESTS@/tmp.
-+
-+
Temporary directories must be world-writable and should have
-+the "sticky" permission bit enabled so that other users cannot
-+delete filter temporary files. The following commands will create
-+an appropriate temporary directory called
-+/foo/bar/tmp:
The User directive specifies the UNIX user that
-+filter and CGI programs run as. The default user is
-+@CUPS_USER@.
-+
-+
Note:
-+
-+
You may not use user root, as that would expose
-+the system to unacceptable security risks. The scheduler will
-+automatically choose user nobody if you specify a
-+user whose ID is 0.
--<Location /path>
-- ...
-- AuthClass Anonymous
-- AuthClass User
-- AuthClass System
-- AuthClass Group
--</Location>
--
--
--
Description
--
--
The AuthClass directive defines what level of
--authentication is required:
--
--
--
--
Anonymous - No authentication should be
-- performed (default)
--
--
User - A valid username and password is
-- required
--
--
System - A valid username and password
-- is required, and the username must belong to the "sys"
-- group; this can be changed using the SystemGroup
-- directive
--
--
Group - A valid username and password is
-- required, and the username must belong to the group named
-- by the AuthGroupName
-- directive
--
--
--
--
The AuthClass directive must appear inside a Location or Limit section.
--
--
This directive is deprecated and will be removed from a
--future release of CUPS. Consider using the more flexible Require directive instead.
The Printcap directive controls whether or not a
--printcap file is automatically generated and updated with a list
--of available printers. If specified with no value, then no
--printcap file will be generated. The default is to generate a
--file named @CUPS_DEFAUL_PRINTCAP@.
--
--
When a filename is specified (e.g. @CUPS_DEFAULT_PRINTCAP@),
--the printcap file is written whenever a printer is added or
--removed. The printcap file can then be used by applications that
--are hardcoded to look at the printcap file for the available
--printers.
--PrintcapFormat BSD
--PrintcapFormat Solaris
--PrintcapFormat plist
--
--
--
Description
--
--
The PrintcapFormat directive controls the output format of the
--printcap file. The default is to generate the plist format on Mac OS X, the
--Solaris format on Solaris, and the BSD format on other operating systems.
The PrintcapGUI directive sets the program to
--associate with the IRIX printer GUI interface script which is
--used by IRIX applications to display printer-specific options.
--There is no default program.
The RemoteRoot directive sets the username for
--unauthenticated root requests from remote hosts. The default
--username is remroot. Setting RemoteRoot
--to root effectively disables this security
--mechanism.
The RequestRoot directive sets the directory for
--incoming IPP requests and HTML forms. If an absolute path is not
--provided then it is assumed to be relative to the ServerRoot directory. The
--default request directory is @CUPS_REQUESTS@.
The ServerBin directive sets the directory for
--server-run executables. If an absolute path is not provided then
--it is assumed to be relative to the ServerRoot directory. The
--default executable directory is /usr/lib/cups,
--/usr/lib32/cups, or /usr/libexec/cups
--depending on the operating system.
The ServerCertificate directive specifies the
--location of the SSL certificate file used by the server when
--negotiating encrypted connections. The certificate must not be
--encrypted (password protected) since the scheduler normally runs
--in the background and will be unable to ask for a password.
--
--
The default certificate file is
--/etc/cups/ssl/server.crt.
The ServerRoot directive specifies the absolute
--path to the server configuration and state files. It is also used
--to resolve relative paths in the cupsd.conf file. The
--default server directory is /etc/cups.
The SystemGroup directive specifies the system
--administration group for System authentication.
--Multiple groups can be listed, separated with spaces. The default
--group list is @CUPS_SYSTEM_GROUPS@.
The TempDir directive specifies an absolute path
--for the directory to use for temporary files. The default
--directory is @CUPS_REQUESTS@/tmp.
--
--
Temporary directories must be world-writable and should have
--the "sticky" permission bit enabled so that other users cannot
--delete filter temporary files. The following commands will create
--an appropriate temporary directory called
--/foo/bar/tmp:
The UseNetworkDefault directive controls whether
--the client will use a network/remote printer as a default
--printer. If enabled, the default printer of a server is used as
--the default printer on a client. When multiple servers are
--advertising a default printer, the client's default printer is
--set to the first discovered printer, or to the implicit class for
--the same printer available from multiple servers.
The User directive specifies the UNIX user that
--filter and CGI programs run as. The default user is
--@CUPS_USER@.
--
--
Note:
--
--
You may not use user root, as that would expose
--the system to unacceptable security risks. The scheduler will
--automatically choose user nobody if you specify a
--user whose ID is 0.