From b8ef8c2fd049b6428a66948dbb1d97a5ac8732b5 Mon Sep 17 00:00:00 2001 From: kreiserlee Date: Tue, 11 Jun 2024 14:13:39 +0800 Subject: [PATCH] New upstream version 2.4.7 --- CHANGES.md | 49 +- README.md | 2 +- backend/lpd.c | 18 +- configure | 22 +- configure.ac | 2 +- cups/cups.h | 4 +- cups/hash.c | 675 ++++++++++++---------------- cups/http-addrlist.c | 29 +- cups/md5.c | 179 ++++---- cups/raster-interpret.c | 19 +- cups/request.c | 6 +- cups/tls-openssl.c | 29 +- packaging/cups.spec | 4 +- scheduler/conf.c | 6 +- scheduler/job.c | 4 +- scheduler/log.c | 3 + vcnet/config.h | 4 +- vcnet/cupstestppd.vcxproj | 4 +- vcnet/ippeveprinter.vcxproj | 4 +- vcnet/ippfind.vcxproj | 4 +- vcnet/ipptool.vcxproj | 4 +- vcnet/libcups2.vcxproj | 8 +- vcnet/libcups2_native.nuspec | 4 +- vcnet/libcups2_native.redist.nuspec | 2 +- vcnet/packages.config | 4 +- vcnet/testhttp.vcxproj | 4 +- xcode/config.h | 4 +- 27 files changed, 495 insertions(+), 602 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 33c7a7d..e9a2de8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,31 +1,49 @@ -CHANGES - OpenPrinting CUPS 2.4.6 - TBA -============================================== +CHANGES - OpenPrinting CUPS 2.4.7 - (2023-09-20) +================================================ -Changes in CUPS v2.4.6 - TBA ----------------------------- - -- Fix linking error on old MacOS (Issue #715) -- Fix printing multiple files on specific printers (Issue #643) -- Fix use-after-free when logging warnings in case of failures - in `cupsdAcceptClient()` (fixes CVE-2023-34241) - - -Changes in CUPS v2.4.5 - 2023-06-13 +Changes in CUPS v2.4.7 (2023-09-20) ----------------------------------- -- Fix corruption of locally saved certificates (Issue #724) +- CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript + in PPD files +- Added OpenSSL support for cupsHashData (Issue #762) +- Fixed delays in lpd backend (Issue #741) +- Fixed extensive logging in scheduler (Issue #604) +- Fixed hanging of `lpstat` on IBM AIX (Issue #773) +- Fixed hanging of `lpstat` on Solaris (Issue #156) +- Fixed printing to stderr if we can't open cups-files.conf (Issue #777) +- Fixed purging job files via `cancel -x` (Issue #742) +- Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) +- Fixed a bug in the PPD command interpretation code (Issue #768) -Changes in CUPS v2.4.4 - 2023-06-06 +Changes in CUPS v2.4.6 (2023-06-22) ----------------------------------- -- Fix segfault in `cupsGetNamedDest()` when trying to get default printer, but +- CVE-2023-34241: Fixed use-after-free when logging warnings in case of failures + in `cupsdAcceptClient()`. +- Fixed linking error on old MacOS (Issue #715) +- Fixed printing multiple files on specific printers (Issue #643) + + +Changes in CUPS v2.4.5 (2023-06-13) +----------------------------------- + +- Fixed corruption of locally saved certificates (Issue #724) + + +Changes in CUPS v2.4.4 (2023-06-06) +----------------------------------- + +- Fixed segfault in `cupsGetNamedDest()` when trying to get default printer, but the default printer is not set (Issue #719) Changes in CUPS v2.4.3 (2023-06-01) ----------------------------------- +- CVE-2023-32360: Fixed default policy for CUPS-Get-Document operation +- CVE-2023-32324: Fixed possible heap buffer overflow in `_cups_strlcpy()`. - Added a title with device uri for found network printers (Issues #402, #393) - Added new media sizes defined by IANA (Issues #501) - Added quirk for GoDEX label printers (Issue #440) @@ -41,7 +59,6 @@ Changes in CUPS v2.4.3 (2023-06-01) (Issue #529) - Fixed default color settings for CMYK printers as well (Issue #500) - Fixed duplicate PPD2IPP media-type names (Issue #688) -- Fixed possible heap buffer overflow in `_cups_strlcpy()` (fixes CVE-2023-32324) - Fixed InputSlot heuristic for photo sizes smaller than 5x7" if there is no media-source in the request (Issue #569) - Fixed invalid memory access during generating IPP Everywhere queue diff --git a/README.md b/README.md index a3063e1..5acad87 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -OpenPrinting CUPS v2.4.6 +OpenPrinting CUPS v2.4.7 ======================== ![Version](https://img.shields.io/github/v/release/openprinting/cups?include_prereleases) diff --git a/backend/lpd.c b/backend/lpd.c index a7a44ab..2089b53 100644 --- a/backend/lpd.c +++ b/backend/lpd.c @@ -63,14 +63,14 @@ static int abort_job = 0; /* Non-zero if we get SIGTERM */ #define RESERVE_NONE 0 /* Don't reserve a privileged port */ #define RESERVE_RFC1179 1 /* Reserve port 721-731 */ -#define RESERVE_ANY 2 /* Reserve port 1-1023 */ +#define RESERVE_ANY 2 /* Reserve port 512-1023 */ /* * Local functions... */ -static int cups_rresvport(int *port, int family); +static int cups_rresvport(int *port, int min, int family); static int lpd_command(int lpd_fd, char *format, ...) # ifdef __GNUC__ __attribute__ ((__format__ (__printf__, 2, 3))) @@ -552,6 +552,7 @@ main(int argc, /* I - Number of command-line arguments (6 or 7) */ static int /* O - Socket or -1 on error */ cups_rresvport(int *port, /* IO - Port number to bind to */ + int min, /* I - Minimim port number use */ int family) /* I - Address family */ { http_addr_t addr; /* Socket address */ @@ -576,7 +577,7 @@ cups_rresvport(int *port, /* IO - Port number to bind to */ * Try to bind the socket to a reserved port... */ - while (*port > 511) + while (*port >= min) { /* * Set the port number... @@ -775,7 +776,7 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ if (lport < 721 && reserve == RESERVE_RFC1179) lport = 731; - else if (lport < 1) + else if (lport < 512) lport = 1023; #ifdef HAVE_GETEUID @@ -801,11 +802,14 @@ lpd_queue(const char *hostname, /* I - Host to connect to */ else { /* - * We're running as root and want to comply with RFC 1179. Reserve a - * privileged lport between 721 and 731... + * We're running as root and want to either: + * a) comply with RFC 1179 and reserve a lport between 721 and 731 + * b) just reserve a privileged port between 512 and 1023 */ - if ((fd = cups_rresvport(&lport, addr->addr.addr.sa_family)) < 0) + if ((fd = cups_rresvport(&lport, + reserve == RESERVE_RFC1179 ? 721 : 512, + addr->addr.addr.sa_family)) < 0) { perror("DEBUG: Unable to reserve port"); sleep(1); diff --git a/configure b/configure index 7c1b2e9..ad8bb61 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for CUPS 2.4.6. +# Generated by GNU Autoconf 2.71 for CUPS 2.4.7. # # Report bugs to . # @@ -610,8 +610,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='CUPS' PACKAGE_TARNAME='cups' -PACKAGE_VERSION='2.4.6' -PACKAGE_STRING='CUPS 2.4.6' +PACKAGE_VERSION='2.4.7' +PACKAGE_STRING='CUPS 2.4.7' PACKAGE_BUGREPORT='https://github.com/openprinting/cups/issues' PACKAGE_URL='https://openprinting.github.io/cups' @@ -1504,7 +1504,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures CUPS 2.4.6 to adapt to many kinds of systems. +\`configure' configures CUPS 2.4.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1570,7 +1570,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of CUPS 2.4.6:";; + short | recursive ) echo "Configuration of CUPS 2.4.7:";; esac cat <<\_ACEOF @@ -1758,7 +1758,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -CUPS configure 2.4.6 +CUPS configure 2.4.7 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2113,7 +2113,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by CUPS $as_me 2.4.6, which was +It was created by CUPS $as_me 2.4.7, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3244,8 +3244,8 @@ done ac_config_headers="$ac_config_headers config.h" -CUPS_VERSION="2.4.6" -CUPS_API_VERSION="$(echo 2.4.6 | awk -F. '{print $1 "." $2}')" +CUPS_VERSION="2.4.7" +CUPS_API_VERSION="$(echo 2.4.7 | awk -F. '{print $1 "." $2}')" CUPS_BUILD="cups-$CUPS_VERSION" @@ -12884,7 +12884,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by CUPS $as_me 2.4.6, which was +This file was extended by CUPS $as_me 2.4.7, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -12949,7 +12949,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -CUPS config.status 2.4.6 +CUPS config.status 2.4.7 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 5ad5ead..cf8ba03 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ dnl We need at least autoconf 2.71... AC_PREREQ([2.71]) dnl Package name and version... -AC_INIT([CUPS],[2.4.6],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) +AC_INIT([CUPS],[2.4.7],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) dnl This line is provided to ensure that you don't run the autoheader program dnl against this project. Doing so is completely unsupported and WILL cause diff --git a/cups/cups.h b/cups/cups.h index 6281ec9..3a76db3 100644 --- a/cups/cups.h +++ b/cups/cups.h @@ -43,10 +43,10 @@ extern "C" { * Constants... */ -# define CUPS_VERSION 2.0406 +# define CUPS_VERSION 2.0407 # define CUPS_VERSION_MAJOR 2 # define CUPS_VERSION_MINOR 4 -# define CUPS_VERSION_PATCH 6 +# define CUPS_VERSION_PATCH 7 # define CUPS_BC_FD 3 /* Back-channel file descriptor for diff --git a/cups/hash.c b/cups/hash.c index 103b14b..93ca552 100644 --- a/cups/hash.c +++ b/cups/hash.c @@ -1,52 +1,59 @@ -/* - * Hashing function for CUPS. - * - * Copyright © 2015-2019 by Apple Inc. - * - * Licensed under Apache License v2.0. See the file "LICENSE" for more - * information. - */ - -/* - * Include necessary headers... - */ +// +// Hashing functions for CUPS. +// +// Copyright © 2022-2023 by OpenPrinting. +// Copyright © 2015-2019 by Apple Inc. +// +// Licensed under Apache License v2.0. See the file "LICENSE" for more +// information. +// #include "cups-private.h" -#include "debug-internal.h" -#ifdef __APPLE__ -# include -#elif defined(HAVE_GNUTLS) +#include "md5-internal.h" +#ifdef HAVE_OPENSSL +# include +#else // HAVE_GNUTLS # include -# include "md5-internal.h" -#elif _WIN32 -# include -# include -#else -# include "md5-internal.h" -#endif /* __APPLE__ */ +#endif // HAVE_OPENSSL -/* - * 'cupsHashData()' - Perform a hash function on the given data. - * - * The "algorithm" argument can be any of the registered, non-deprecated IPP - * hash algorithms for the "job-password-encryption" attribute, including - * "sha" for SHA-1, "sha-256" for SHA2-256, etc. - * - * The "hash" argument points to a buffer of "hashsize" bytes and should be at - * least 64 bytes in length for all of the supported algorithms. - * - * The returned hash is binary data. - * - * @since CUPS 2.2/macOS 10.12@ - */ +// +// Note: While both GNU TLS and OpenSSL offer HMAC functions, they also exclude +// certain hashes depending on the version of library and whatever patches are +// applied by the OS vendor/Linux distribution. Since printers sometimes rely +// on otherwise deprecated/obsolete hash functions for things like PIN printing +// ("job-password"), and since such uses already have poor security regardless +// of the hash function used, it is more important to provide guaranteed +// implementations over some imaginary notion of "guaranteed security"... +// -ssize_t /* O - Size of hash or -1 on error */ -cupsHashData(const char *algorithm, /* I - Algorithm name */ - const void *data, /* I - Data to hash */ - size_t datalen, /* I - Length of data to hash */ - unsigned char *hash, /* I - Hash buffer */ - size_t hashsize) /* I - Size of hash buffer */ +// +// Local functions... +// + +static ssize_t hash_data(const char *algorithm, unsigned char *hash, size_t hashsize, const void *a, size_t alen, const void *b, size_t blen); + + +// +// 'cupsHashData()' - Perform a hash function on the given data. +// +// This function performs a hash function on the given data. The "algorithm" +// argument can be any of the registered, non-deprecated IPP hash algorithms for +// the "job-password-encryption" attribute, including "sha" for SHA-1, +// "sha2-256" for SHA2-256, etc. +// +// The "hash" argument points to a buffer of "hashsize" bytes and should be at +// least 64 bytes in length for all of the supported algorithms. +// +// The returned hash is binary data. +// + +ssize_t // O - Size of hash or -1 on error +cupsHashData(const char *algorithm, // I - Algorithm name + const void *data, // I - Data to hash + size_t datalen, // I - Length of data to hash + unsigned char *hash, // I - Hash buffer + size_t hashsize) // I - Size of hash buffer { if (!algorithm || !data || datalen == 0 || !hash || hashsize == 0) { @@ -54,367 +61,29 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ return (-1); } -#ifdef __APPLE__ - if (!strcmp(algorithm, "md5")) - { - /* - * MD5 (deprecated but widely used...) - */ - - CC_MD5_CTX ctx; /* MD5 context */ - - if (hashsize < CC_MD5_DIGEST_LENGTH) - goto too_small; - - CC_MD5_Init(&ctx); - CC_MD5_Update(&ctx, data, (CC_LONG)datalen); - CC_MD5_Final(hash, &ctx); - - return (CC_MD5_DIGEST_LENGTH); - } - else if (!strcmp(algorithm, "sha")) - { - /* - * SHA-1... - */ - - CC_SHA1_CTX ctx; /* SHA-1 context */ - - if (hashsize < CC_SHA1_DIGEST_LENGTH) - goto too_small; - - CC_SHA1_Init(&ctx); - CC_SHA1_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA1_Final(hash, &ctx); - - return (CC_SHA1_DIGEST_LENGTH); - } -# ifdef CC_SHA224_DIGEST_LENGTH - else if (!strcmp(algorithm, "sha2-224")) - { - CC_SHA256_CTX ctx; /* SHA-224 context */ - - if (hashsize < CC_SHA224_DIGEST_LENGTH) - goto too_small; - - CC_SHA224_Init(&ctx); - CC_SHA224_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA224_Final(hash, &ctx); - - return (CC_SHA224_DIGEST_LENGTH); - } -# endif /* CC_SHA224_DIGEST_LENGTH */ - else if (!strcmp(algorithm, "sha2-256")) - { - CC_SHA256_CTX ctx; /* SHA-256 context */ - - if (hashsize < CC_SHA256_DIGEST_LENGTH) - goto too_small; - - CC_SHA256_Init(&ctx); - CC_SHA256_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA256_Final(hash, &ctx); - - return (CC_SHA256_DIGEST_LENGTH); - } - else if (!strcmp(algorithm, "sha2-384")) - { - CC_SHA512_CTX ctx; /* SHA-384 context */ - - if (hashsize < CC_SHA384_DIGEST_LENGTH) - goto too_small; - - CC_SHA384_Init(&ctx); - CC_SHA384_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA384_Final(hash, &ctx); - - return (CC_SHA384_DIGEST_LENGTH); - } - else if (!strcmp(algorithm, "sha2-512")) - { - CC_SHA512_CTX ctx; /* SHA-512 context */ - - if (hashsize < CC_SHA512_DIGEST_LENGTH) - goto too_small; - - CC_SHA512_Init(&ctx); - CC_SHA512_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA512_Final(hash, &ctx); - - return (CC_SHA512_DIGEST_LENGTH); - } -# ifdef CC_SHA224_DIGEST_LENGTH - else if (!strcmp(algorithm, "sha2-512_224")) - { - CC_SHA512_CTX ctx; /* SHA-512 context */ - unsigned char temp[CC_SHA512_DIGEST_LENGTH]; - /* SHA-512 hash */ - - /* - * SHA2-512 truncated to 224 bits (28 bytes)... - */ - - if (hashsize < CC_SHA224_DIGEST_LENGTH) - goto too_small; - - CC_SHA512_Init(&ctx); - CC_SHA512_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA512_Final(temp, &ctx); - - memcpy(hash, temp, CC_SHA224_DIGEST_LENGTH); - - return (CC_SHA224_DIGEST_LENGTH); - } -# endif /* CC_SHA224_DIGEST_LENGTH */ - else if (!strcmp(algorithm, "sha2-512_256")) - { - CC_SHA512_CTX ctx; /* SHA-512 context */ - unsigned char temp[CC_SHA512_DIGEST_LENGTH]; - /* SHA-512 hash */ - - /* - * SHA2-512 truncated to 256 bits (32 bytes)... - */ - - if (hashsize < CC_SHA256_DIGEST_LENGTH) - goto too_small; - - CC_SHA512_Init(&ctx); - CC_SHA512_Update(&ctx, data, (CC_LONG)datalen); - CC_SHA512_Final(temp, &ctx); - - memcpy(hash, temp, CC_SHA256_DIGEST_LENGTH); - - return (CC_SHA256_DIGEST_LENGTH); - } - -#elif defined(HAVE_GNUTLS) - gnutls_digest_algorithm_t alg = GNUTLS_DIG_UNKNOWN; - /* Algorithm */ - unsigned char temp[64]; /* Temporary hash buffer */ - size_t tempsize = 0; /* Truncate to this size? */ - - - if (!strcmp(algorithm, "md5")) - { - /* - * Some versions of GNU TLS disable MD5 without warning... - */ - - _cups_md5_state_t state; /* MD5 state info */ - - if (hashsize < 16) - goto too_small; - - _cupsMD5Init(&state); - _cupsMD5Append(&state, data, (int)datalen); - _cupsMD5Finish(&state, hash); - - return (16); - } - else if (!strcmp(algorithm, "sha")) - alg = GNUTLS_DIG_SHA1; - else if (!strcmp(algorithm, "sha2-224")) - alg = GNUTLS_DIG_SHA224; - else if (!strcmp(algorithm, "sha2-256")) - alg = GNUTLS_DIG_SHA256; - else if (!strcmp(algorithm, "sha2-384")) - alg = GNUTLS_DIG_SHA384; - else if (!strcmp(algorithm, "sha2-512")) - alg = GNUTLS_DIG_SHA512; - else if (!strcmp(algorithm, "sha2-512_224")) - { - alg = GNUTLS_DIG_SHA512; - tempsize = 28; - } - else if (!strcmp(algorithm, "sha2-512_256")) - { - alg = GNUTLS_DIG_SHA512; - tempsize = 32; - } - - if (alg != GNUTLS_DIG_UNKNOWN) - { - if (tempsize > 0) - { - /* - * Truncate result to tempsize bytes... - */ - - if (hashsize < tempsize) - goto too_small; - - gnutls_hash_fast(alg, data, datalen, temp); - memcpy(hash, temp, tempsize); - - return ((ssize_t)tempsize); - } - - if (hashsize < gnutls_hash_get_len(alg)) - goto too_small; - - gnutls_hash_fast(alg, data, datalen, hash); - - return ((ssize_t)gnutls_hash_get_len(alg)); - } - -#elif _WIN32 - // Use Windows CNG APIs to perform hashing... - BCRYPT_ALG_HANDLE alg; // Algorithm handle - LPCWSTR algid = NULL; // Algorithm ID - ssize_t hashlen; // Hash length - NTSTATUS status; // Status of hash - unsigned char temp[64]; // Temporary hash buffer - size_t tempsize = 0; // Truncate to this size? - - - if (!strcmp(algorithm, "md5")) - { - algid = BCRYPT_MD5_ALGORITHM; - hashlen = 16; - } - else if (!strcmp(algorithm, "sha")) - { - algid = BCRYPT_SHA1_ALGORITHM; - hashlen = 20; - } - else if (!strcmp(algorithm, "sha2-256")) - { - algid = BCRYPT_SHA256_ALGORITHM; - hashlen = 32; - } - else if (!strcmp(algorithm, "sha2-384")) - { - algid = BCRYPT_SHA384_ALGORITHM; - hashlen = 48; - } - else if (!strcmp(algorithm, "sha2-512")) - { - algid = BCRYPT_SHA512_ALGORITHM; - hashlen = 64; - } - else if (!strcmp(algorithm, "sha2-512_224")) - { - algid = BCRYPT_SHA512_ALGORITHM; - hashlen = tempsize = 28; - } - else if (!strcmp(algorithm, "sha2-512_256")) - { - algid = BCRYPT_SHA512_ALGORITHM; - hashlen = tempsize = 32; - } - - if (algid) - { - if (hashsize < (size_t)hashlen) - goto too_small; - - if ((status = BCryptOpenAlgorithmProvider(&alg, algid, NULL, 0)) < 0) - { - DEBUG_printf(("2cupsHashData: BCryptOpenAlgorithmProvider returned %d.", status)); - - if (status == STATUS_INVALID_PARAMETER) - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad algorithm parameter."), 1); - else - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to access cryptographic provider."), 1); - - return (-1); - } - - if (tempsize > 0) - { - // Do a truncated SHA2-512 hash... - status = BCryptHash(alg, NULL, 0, (PUCHAR)data, (ULONG)datalen, temp, sizeof(temp)); - memcpy(hash, temp, hashlen); - } - else - { - // Hash directly to buffer... - status = BCryptHash(alg, NULL, 0, (PUCHAR)data, (ULONG)datalen, hash, (ULONG)hashlen); - } - - BCryptCloseAlgorithmProvider(alg, 0); - - if (status < 0) - { - DEBUG_printf(("2cupsHashData: BCryptHash returned %d.", status)); - - if (status == STATUS_INVALID_PARAMETER) - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Bad hashing parameter."), 1); - else - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hashing failed."), 1); - - return (-1); - } - - return (hashlen); - } - -#else - /* - * No hash support beyond MD5 without CommonCrypto, GNU TLS, or CNG... - */ - - if (!strcmp(algorithm, "md5")) - { - _cups_md5_state_t state; /* MD5 state info */ - - if (hashsize < 16) - goto too_small; - - _cupsMD5Init(&state); - _cupsMD5Append(&state, data, datalen); - _cupsMD5Finish(&state, hash); - - return (16); - } - else if (hashsize < 64) - goto too_small; -#endif /* __APPLE__ */ - - /* - * Unknown hash algorithm... - */ - - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unknown hash algorithm."), 1); - - return (-1); - - /* - * We get here if the buffer is too small. - */ - - too_small: - - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); - return (-1); + return (hash_data(algorithm, hash, hashsize, data, datalen, NULL, 0)); } -/* - * 'cupsHashString()' - Format a hash value as a hexadecimal string. - * - * The passed buffer must be at least 2 * hashsize + 1 characters in length. - * - * @since CUPS 2.2.7@ - */ +// +// 'cupsHashString()' - Format a hash value as a hexadecimal string. +// +// The passed buffer must be at least 2 * hashsize + 1 characters in length. +// -const char * /* O - Formatted string */ +const char * // O - Formatted string cupsHashString( - const unsigned char *hash, /* I - Hash */ - size_t hashsize, /* I - Size of hash */ - char *buffer, /* I - String buffer */ - size_t bufsize) /* I - Size of string buffer */ + const unsigned char *hash, // I - Hash + size_t hashsize, // I - Size of hash + char *buffer, // I - String buffer + size_t bufsize) // I - Size of string buffer { - char *bufptr = buffer; /* Pointer into buffer */ + char *bufptr = buffer; // Pointer into buffer static const char *hex = "0123456789abcdef"; - /* Hex characters (lowercase!) */ + // Hex characters (lowercase!) - /* - * Range check input... - */ - + // Range check input... if (!hash || hashsize < 1 || !buffer || bufsize < (2 * hashsize + 1)) { if (buffer) @@ -422,10 +91,7 @@ cupsHashString( return (NULL); } - /* - * Loop until we've converted the whole hash... - */ - + // Loop until we've converted the whole hash... while (hashsize > 0) { *bufptr++ = hex[*hash >> 4]; @@ -439,3 +105,214 @@ cupsHashString( return (buffer); } + + +// +// 'cupsHMACData()' - Perform a HMAC function on the given data. +// +// This function performs a HMAC function on the given data with the given key. +// The "algorithm" argument can be any of the registered, non-deprecated IPP +// hash algorithms for the "job-password-encryption" attribute, including +// "sha" for SHA-1, "sha2-256" for SHA2-256, etc. +// +// The "hmac" argument points to a buffer of "hmacsize" bytes and should be at +// least 64 bytes in length for all of the supported algorithms. +// +// The returned HMAC is binary data. +// + +ssize_t // O - The length of the HMAC or `-1` on error +cupsHMACData( + const char *algorithm, // I - Hash algorithm + const unsigned char *key, // I - Key + size_t keylen, // I - Length of key + const void *data, // I - Data to hash + size_t datalen, // I - Length of data to hash + unsigned char *hmac, // I - HMAC buffer + size_t hmacsize) // I - Size of HMAC buffer +{ + size_t i, // Looping var + b; // Block size + unsigned char buffer[128], // Intermediate buffer + hash[128], // Hash buffer + hkey[128]; // Hashed key buffer + ssize_t hashlen; // Length of hash + + + // Range check input... + if (!algorithm || !key || keylen == 0 || !data || datalen == 0 || !hmac || hmacsize < 32) + return (-1); + + // Determine the block size... + if (!strcmp(algorithm, "sha2-384") || !strncmp(algorithm, "sha2-512", 8)) + b = 128; + else + b = 64; + + // If the key length is larger than the block size, hash it and use that + // instead... + if (keylen > b) + { + if ((hashlen = hash_data(algorithm, hkey, sizeof(hkey), key, keylen, NULL, 0)) < 0) + return (-1); + + key = hkey; + keylen = (size_t)hashlen; + } + + // HMAC = H(K' ^ opad, H(K' ^ ipad, data)) + // K' = Klen > b ? H(K) : K, padded with 0's + // opad = 0x5c, ipad = 0x36 + for (i = 0; i < b && i < keylen; i ++) + buffer[i] = key[i] ^ 0x36; + for (; i < b; i ++) + buffer[i] = 0x36; + + if ((hashlen = hash_data(algorithm, hash, sizeof(hash), buffer, b, data, datalen)) < 0) + return (-1); + + for (i = 0; i < b && i < keylen; i ++) + buffer[i] = key[i] ^ 0x5c; + for (; i < b; i ++) + buffer[i] = 0x5c; + + return (hash_data(algorithm, hmac, hmacsize, buffer, b, hash, (size_t)hashlen)); +} + + +// +// 'hash_data()' - Hash up to two blocks of data. +// + +static ssize_t // O - Size of hash or `-1` on error +hash_data(const char *algorithm, // I - Algorithm + unsigned char *hash, // I - Hash buffer + size_t hashsize, // I - Size of hash buffer + const void *a, // I - First block + size_t alen, // I - Length of first block + const void *b, // I - Second block or `NULL` for none + size_t blen) // I - Length of second block or `0` for none +{ + unsigned hashlen; // Length of hash + unsigned char hashtemp[64]; // Temporary hash buffer +#ifdef HAVE_OPENSSL + const EVP_MD *md = NULL; // Message digest implementation + EVP_MD_CTX *ctx; // Context +#else // HAVE_GNUTLS + gnutls_digest_algorithm_t alg = GNUTLS_DIG_UNKNOWN; + // Algorithm + gnutls_hash_hd_t ctx; // Context +#endif // HAVE_OPENSSL + + + if (!strcmp(algorithm, "md5")) + { + // Some versions of GNU TLS and OpenSSL disable MD5 without warning... + _cups_md5_state_t state; // MD5 state info + + if (hashsize < 16) + goto too_small; + + _cupsMD5Init(&state); + _cupsMD5Append(&state, a, (int)alen); + if (b && blen) + _cupsMD5Append(&state, b, (int)blen); + _cupsMD5Finish(&state, hash); + + return (16); + } + +#ifdef HAVE_OPENSSL + if (!strcmp(algorithm, "sha")) + { + // SHA-1 + md = EVP_sha1(); + } + else if (!strcmp(algorithm, "sha2-224")) + { + md = EVP_sha224(); + } + else if (!strcmp(algorithm, "sha2-256")) + { + md = EVP_sha256(); + } + else if (!strcmp(algorithm, "sha2-384")) + { + md = EVP_sha384(); + } + else if (!strcmp(algorithm, "sha2-512")) + { + md = EVP_sha512(); + } + + if (md) + { + ctx = EVP_MD_CTX_new(); + EVP_DigestInit(ctx, md); + EVP_DigestUpdate(ctx, a, alen); + if (b && blen) + EVP_DigestUpdate(ctx, b, blen); + EVP_DigestFinal(ctx, hashtemp, &hashlen); + + if (hashlen > hashsize) + goto too_small; + + memcpy(hash, hashtemp, hashlen); + + return ((ssize_t)hashlen); + } + +#else // HAVE_GNUTLS + if (!strcmp(algorithm, "sha")) + { + // SHA-1 + alg = GNUTLS_DIG_SHA1; + } + else if (!strcmp(algorithm, "sha2-224")) + { + alg = GNUTLS_DIG_SHA224; + } + else if (!strcmp(algorithm, "sha2-256")) + { + alg = GNUTLS_DIG_SHA256; + } + else if (!strcmp(algorithm, "sha2-384")) + { + alg = GNUTLS_DIG_SHA384; + } + else if (!strcmp(algorithm, "sha2-512")) + { + alg = GNUTLS_DIG_SHA512; + } + + if (alg != GNUTLS_DIG_UNKNOWN) + { + hashlen = gnutls_hash_get_len(alg); + + if (hashlen > hashsize) + goto too_small; + + gnutls_hash_init(&ctx, alg); + gnutls_hash(ctx, a, alen); + if (b && blen) + gnutls_hash(ctx, b, blen); + gnutls_hash_deinit(ctx, hashtemp); + + memcpy(hash, hashtemp, hashlen); + + return ((ssize_t)hashlen); + } +#endif // HAVE_OPENSSL + + // Unknown hash algorithm... + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unknown hash algorithm."), 1); + + return (-1); + + // We get here if the buffer is too small. + too_small: + + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); + return (-1); +} + diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c index 4fde80c..198d073 100644 --- a/cups/http-addrlist.c +++ b/cups/http-addrlist.c @@ -318,6 +318,23 @@ httpAddrConnect2( { # ifdef HAVE_POLL DEBUG_printf(("pfds[%d].revents=%x\n", i, pfds[i].revents)); +# ifdef __sun + // Solaris connect runs asynchronously returning EINPROGRESS. Following + // poll() does not detect the socket is not connected and returns + // POLLIN|POLLOUT. Check the connection status and update error flag. + int sres, serr; + socklen_t slen = sizeof(serr); + sres = getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &serr, &slen); + if (sres || serr) + { + pfds[i].revents |= POLLERR; +# ifdef DEBUG + DEBUG_printf(("1httpAddrConnect2: getsockopt returned: %d with error: %s", sres, strerror(serr))); +# endif + } +# endif // __sun + + if (pfds[i].revents && !(pfds[i].revents & (POLLERR | POLLHUP))) # else if (FD_ISSET(fds[i], &input_set) && !FD_ISSET(fds[i], &error_set)) @@ -340,18 +357,6 @@ httpAddrConnect2( else if (FD_ISSET(fds[i], &error_set)) # endif /* HAVE_POLL */ { -# ifdef __sun - // Solaris incorrectly returns errors when you poll() a socket that is - // still connecting. This check prevents us from removing the socket - // from the pool if the "error" is EINPROGRESS... - int sockerr; // Current error on socket - socklen_t socklen = sizeof(sockerr); - // Size of error variable - - if (!getsockopt(fds[i], SOL_SOCKET, SO_ERROR, &sockerr, &socklen) && (!sockerr || sockerr == EINPROGRESS)) - continue; // Not an error -# endif // __sun - /* * Error on socket, remove from the "pool"... */ diff --git a/cups/md5.c b/cups/md5.c index 38d23b4..8a0aee6 100644 --- a/cups/md5.c +++ b/cups/md5.c @@ -1,9 +1,10 @@ /* * Private MD5 implementation for CUPS. * - * Copyright 2007-2017 by Apple Inc. - * Copyright 2005 by Easy Software Products - * Copyright (C) 1999 Aladdin Enterprises. All rights reserved. + * Copyright © 2023 by OpenPrinting. + * Copyright © 2007-2017 by Apple Inc. + * Copyright © 2005 by Easy Software Products + * Copyright © 1999 Aladdin Enterprises. All rights reserved. * * This software is provided 'as-is', without any express or implied * warranty. In no event will the authors be held liable for any damages @@ -43,71 +44,70 @@ #include "md5-internal.h" #include "string-private.h" -#if !defined(__APPLE__) -# define T1 0xd76aa478 -# define T2 0xe8c7b756 -# define T3 0x242070db -# define T4 0xc1bdceee -# define T5 0xf57c0faf -# define T6 0x4787c62a -# define T7 0xa8304613 -# define T8 0xfd469501 -# define T9 0x698098d8 -# define T10 0x8b44f7af -# define T11 0xffff5bb1 -# define T12 0x895cd7be -# define T13 0x6b901122 -# define T14 0xfd987193 -# define T15 0xa679438e -# define T16 0x49b40821 -# define T17 0xf61e2562 -# define T18 0xc040b340 -# define T19 0x265e5a51 -# define T20 0xe9b6c7aa -# define T21 0xd62f105d -# define T22 0x02441453 -# define T23 0xd8a1e681 -# define T24 0xe7d3fbc8 -# define T25 0x21e1cde6 -# define T26 0xc33707d6 -# define T27 0xf4d50d87 -# define T28 0x455a14ed -# define T29 0xa9e3e905 -# define T30 0xfcefa3f8 -# define T31 0x676f02d9 -# define T32 0x8d2a4c8a -# define T33 0xfffa3942 -# define T34 0x8771f681 -# define T35 0x6d9d6122 -# define T36 0xfde5380c -# define T37 0xa4beea44 -# define T38 0x4bdecfa9 -# define T39 0xf6bb4b60 -# define T40 0xbebfbc70 -# define T41 0x289b7ec6 -# define T42 0xeaa127fa -# define T43 0xd4ef3085 -# define T44 0x04881d05 -# define T45 0xd9d4d039 -# define T46 0xe6db99e5 -# define T47 0x1fa27cf8 -# define T48 0xc4ac5665 -# define T49 0xf4292244 -# define T50 0x432aff97 -# define T51 0xab9423a7 -# define T52 0xfc93a039 -# define T53 0x655b59c3 -# define T54 0x8f0ccc92 -# define T55 0xffeff47d -# define T56 0x85845dd1 -# define T57 0x6fa87e4f -# define T58 0xfe2ce6e0 -# define T59 0xa3014314 -# define T60 0x4e0811a1 -# define T61 0xf7537e82 -# define T62 0xbd3af235 -# define T63 0x2ad7d2bb -# define T64 0xeb86d391 +#define T1 0xd76aa478 +#define T2 0xe8c7b756 +#define T3 0x242070db +#define T4 0xc1bdceee +#define T5 0xf57c0faf +#define T6 0x4787c62a +#define T7 0xa8304613 +#define T8 0xfd469501 +#define T9 0x698098d8 +#define T10 0x8b44f7af +#define T11 0xffff5bb1 +#define T12 0x895cd7be +#define T13 0x6b901122 +#define T14 0xfd987193 +#define T15 0xa679438e +#define T16 0x49b40821 +#define T17 0xf61e2562 +#define T18 0xc040b340 +#define T19 0x265e5a51 +#define T20 0xe9b6c7aa +#define T21 0xd62f105d +#define T22 0x02441453 +#define T23 0xd8a1e681 +#define T24 0xe7d3fbc8 +#define T25 0x21e1cde6 +#define T26 0xc33707d6 +#define T27 0xf4d50d87 +#define T28 0x455a14ed +#define T29 0xa9e3e905 +#define T30 0xfcefa3f8 +#define T31 0x676f02d9 +#define T32 0x8d2a4c8a +#define T33 0xfffa3942 +#define T34 0x8771f681 +#define T35 0x6d9d6122 +#define T36 0xfde5380c +#define T37 0xa4beea44 +#define T38 0x4bdecfa9 +#define T39 0xf6bb4b60 +#define T40 0xbebfbc70 +#define T41 0x289b7ec6 +#define T42 0xeaa127fa +#define T43 0xd4ef3085 +#define T44 0x04881d05 +#define T45 0xd9d4d039 +#define T46 0xe6db99e5 +#define T47 0x1fa27cf8 +#define T48 0xc4ac5665 +#define T49 0xf4292244 +#define T50 0x432aff97 +#define T51 0xab9423a7 +#define T52 0xfc93a039 +#define T53 0x655b59c3 +#define T54 0x8f0ccc92 +#define T55 0xffeff47d +#define T56 0x85845dd1 +#define T57 0x6fa87e4f +#define T58 0xfe2ce6e0 +#define T59 0xa3014314 +#define T60 0x4e0811a1 +#define T61 0xf7537e82 +#define T62 0xbd3af235 +#define T63 0x2ad7d2bb +#define T64 0xeb86d391 static void _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) @@ -117,10 +117,10 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) c = pms->abcd[2], d = pms->abcd[3]; unsigned int t; -# ifndef ARCH_IS_BIG_ENDIAN -# define ARCH_IS_BIG_ENDIAN 1 /* slower, default implementation */ -# endif -# if ARCH_IS_BIG_ENDIAN +#ifndef ARCH_IS_BIG_ENDIAN +# define ARCH_IS_BIG_ENDIAN 1 /* slower, default implementation */ +#endif +#if ARCH_IS_BIG_ENDIAN /* * On big-endian machines, we must arrange the bytes in the right @@ -131,10 +131,10 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) int i; for (i = 0; i < 16; ++i, xp += 4) - X[i] = (unsigned)xp[0] | ((unsigned)xp[1] << 8) | - ((unsigned)xp[2] << 16) | ((unsigned)xp[3] << 24); + X[i] = (unsigned)xp[0] + ((unsigned)xp[1] << 8) + + ((unsigned)xp[2] << 16) + ((unsigned)xp[3] << 24); -# else /* !ARCH_IS_BIG_ENDIAN */ +#else /* !ARCH_IS_BIG_ENDIAN */ /* * On little-endian machines, we can process properly aligned data @@ -151,15 +151,15 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) memcpy(xbuf, data, 64); X = xbuf; } -# endif +#endif -# define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) /* Round 1. */ /* Let [abcd k s i] denote the operation a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ -# define F(x, y, z) (((x) & (y)) | (~(x) & (z))) -# define SET(a, b, c, d, k, s, Ti)\ +#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define SET(a, b, c, d, k, s, Ti)\ t = a + F(b,c,d) + X[k] + Ti;\ a = ROTATE_LEFT(t, s) + b /* Do the following 16 operations. */ @@ -179,13 +179,13 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) SET(d, a, b, c, 13, 12, T14); SET(c, d, a, b, 14, 17, T15); SET(b, c, d, a, 15, 22, T16); -# undef SET +#undef SET /* Round 2. */ /* Let [abcd k s i] denote the operation a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ -# define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) -# define SET(a, b, c, d, k, s, Ti)\ +#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define SET(a, b, c, d, k, s, Ti)\ t = a + G(b,c,d) + X[k] + Ti;\ a = ROTATE_LEFT(t, s) + b /* Do the following 16 operations. */ @@ -205,13 +205,13 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) SET(d, a, b, c, 2, 9, T30); SET(c, d, a, b, 7, 14, T31); SET(b, c, d, a, 12, 20, T32); -# undef SET +#undef SET /* Round 3. */ /* Let [abcd k s t] denote the operation a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ -# define H(x, y, z) ((x) ^ (y) ^ (z)) -# define SET(a, b, c, d, k, s, Ti)\ +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define SET(a, b, c, d, k, s, Ti)\ t = a + H(b,c,d) + X[k] + Ti;\ a = ROTATE_LEFT(t, s) + b /* Do the following 16 operations. */ @@ -231,13 +231,13 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) SET(d, a, b, c, 12, 11, T46); SET(c, d, a, b, 15, 16, T47); SET(b, c, d, a, 2, 23, T48); -# undef SET +#undef SET /* Round 4. */ /* Let [abcd k s t] denote the operation a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ -# define I(x, y, z) ((y) ^ ((x) | ~(z))) -# define SET(a, b, c, d, k, s, Ti)\ +#define I(x, y, z) ((y) ^ ((x) | ~(z))) +#define SET(a, b, c, d, k, s, Ti)\ t = a + I(b,c,d) + X[k] + Ti;\ a = ROTATE_LEFT(t, s) + b /* Do the following 16 operations. */ @@ -257,7 +257,7 @@ _cups_md5_process(_cups_md5_state_t *pms, const unsigned char *data /*[64]*/) SET(d, a, b, c, 11, 10, T62); SET(c, d, a, b, 2, 15, T63); SET(b, c, d, a, 9, 21, T64); -# undef SET +#undef SET /* Then perform the following additions. (That is increment each of the four registers by the value it had before this block @@ -338,4 +338,3 @@ _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]) for (i = 0; i < 16; ++i) digest[i] = (unsigned char)(pms->abcd[i >> 2] >> ((i & 3) << 3)); } -#endif /* !__APPLE__ */ diff --git a/cups/raster-interpret.c b/cups/raster-interpret.c index 97662ec..b8655c8 100644 --- a/cups/raster-interpret.c +++ b/cups/raster-interpret.c @@ -727,7 +727,10 @@ copy_stack(_cups_ps_stack_t *st, /* I - Stack */ while (c > 0) { - if (!push_stack(st, st->objs + n)) + _cups_ps_obj_t temp; /* Temporary copy of object */ + + temp = st->objs[n]; + if (!push_stack(st, &temp)) return (-1); n ++; @@ -1113,7 +1116,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - Stack */ cur ++; - if (*cur == 'b') + /* + * Return NULL if we reached NULL terminator, a lone backslash + * is not a valid character in PostScript. + */ + + if (!*cur) + { + *ptr = NULL; + + return (NULL); + } + + if (*cur == 'b') *valptr++ = '\b'; else if (*cur == 'f') *valptr++ = '\f'; diff --git a/cups/request.c b/cups/request.c index 66c803a..4526dd6 100644 --- a/cups/request.c +++ b/cups/request.c @@ -25,9 +25,11 @@ #ifndef O_BINARY # define O_BINARY 0 #endif /* O_BINARY */ -#ifndef MSG_DONTWAIT +#ifdef _AIX +# define MSG_DONTWAIT MSG_NONBLOCK +#elif !defined(MSG_DONTWAIT) # define MSG_DONTWAIT 0 -#endif /* !MSG_DONTWAIT */ +#endif /* _AIX */ /* diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c index 191b45d..804e45f 100644 --- a/cups/tls-openssl.c +++ b/cups/tls-openssl.c @@ -1462,38 +1462,13 @@ static time_t // O - UNIX time in seconds http_get_date(X509 *cert, // I - Certificate int which) // I - 0 for notBefore, 1 for notAfter { - unsigned char *expiration; // Expiration date of cert struct tm exptm; // Expiration date components if (which) - ASN1_STRING_to_UTF8(&expiration, X509_get0_notAfter(cert)); + ASN1_TIME_to_tm(X509_get0_notAfter(cert), &exptm); else - ASN1_STRING_to_UTF8(&expiration, X509_get0_notBefore(cert)); - - memset(&exptm, 0, sizeof(exptm)); - if (strlen((char *)expiration) > 13) - { - // 4-digit year - exptm.tm_year = (expiration[0] - '0') * 1000 + (expiration[1] - '0') * 100 + (expiration[2] - '0') * 10 + expiration[3] - '0' - 1900; - exptm.tm_mon = (expiration[4] - '0') * 10 + expiration[5] - '0' - 1; - exptm.tm_mday = (expiration[6] - '0') * 10 + expiration[7] - '0'; - exptm.tm_hour = (expiration[8] - '0') * 10 + expiration[9] - '0'; - exptm.tm_min = (expiration[10] - '0') * 10 + expiration[11] - '0'; - exptm.tm_sec = (expiration[12] - '0') * 10 + expiration[13] - '0'; - } - else - { - // 2-digit year - exptm.tm_year = 100 + (expiration[0] - '0') * 10 + expiration[1] - '0'; - exptm.tm_mon = (expiration[2] - '0') * 10 + expiration[3] - '0' - 1; - exptm.tm_mday = (expiration[4] - '0') * 10 + expiration[5] - '0'; - exptm.tm_hour = (expiration[6] - '0') * 10 + expiration[7] - '0'; - exptm.tm_min = (expiration[8] - '0') * 10 + expiration[9] - '0'; - exptm.tm_sec = (expiration[10] - '0') * 10 + expiration[11] - '0'; - } - - OPENSSL_free(expiration); + ASN1_TIME_to_tm(X509_get0_notBefore(cert), &exptm); return (mktime(&exptm)); } diff --git a/packaging/cups.spec b/packaging/cups.spec index c96c789..e14686d 100644 --- a/packaging/cups.spec +++ b/packaging/cups.spec @@ -41,12 +41,12 @@ Summary: CUPS Name: cups -Version: 2.4.6 +Version: 2.4.7 Release: 0 Epoch: 1 License: GPL Group: System Environment/Daemons -Source: https://github.com/openprinting/cups/releases/download/v2.4.6/cups-2.4.6-source.tar.gz +Source: https://github.com/openprinting/cups/releases/download/v2.4.7/cups-2.4.7-source.tar.gz Url: https://openprinting.github.io/cups Packager: Anonymous Vendor: OpenPrinting diff --git a/scheduler/conf.c b/scheduler/conf.c index b185351..4fa7eb1 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -811,11 +811,7 @@ cupsdReadConfiguration(void) cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile); else { -#ifdef HAVE_SYSTEMD_SD_JOURNAL_H - sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); -#else - syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno)); -#endif /* HAVE_SYSTEMD_SD_JOURNAL_H */ + fprintf(stderr, "Unable to read \"%s\" - %s\n", CupsFilesFile, strerror(errno)); return (0); } diff --git a/scheduler/job.c b/scheduler/job.c index 5ac782e..49e4fa3 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -443,12 +443,12 @@ cupsdCleanJobs(void) job; job = (cupsd_job_t *)cupsArrayNext(Jobs)) { - cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: Job %d, state=%d, printer=%p, history_time=%d, file_time=%d", job->id, (int)job->state_value, (void *)job->printer, (int)job->history_time, (int)job->file_time); + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCleanJobs: Job %d, state=%d, printer=%p, history_time=%d, file_time=%d, num_files=%d", job->id, (int)job->state_value, (void *)job->printer, (int)job->history_time, (int)job->file_time, (int)job->num_files); if ((job->history_time && job->history_time < JobHistoryUpdate) || !JobHistoryUpdate) JobHistoryUpdate = job->history_time; - if ((job->file_time && job->file_time < JobHistoryUpdate) || !JobHistoryUpdate) + if (job->num_files > 0 && ((job->file_time && job->file_time < JobHistoryUpdate) || !JobHistoryUpdate)) JobHistoryUpdate = job->file_time; if (job->state_value >= IPP_JOB_CANCELED && !job->printer) diff --git a/scheduler/log.c b/scheduler/log.c index 8aafb66..8a2996e 100644 --- a/scheduler/log.c +++ b/scheduler/log.c @@ -22,6 +22,9 @@ # include #endif /* HAVE_ASL_H */ #include +#ifndef va_copy +# define va_copy(__list1, __list2) ((void)(__list1 = __list2)) +#endif /* diff --git a/vcnet/config.h b/vcnet/config.h index d46344f..238a8ae 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -100,8 +100,8 @@ typedef unsigned long useconds_t; * Version of software... */ -#define CUPS_SVERSION "CUPS v2.4.6" -#define CUPS_MINIMAL "CUPS/2.4.6" +#define CUPS_SVERSION "CUPS v2.4.7" +#define CUPS_MINIMAL "CUPS/2.4.7" /* diff --git a/vcnet/cupstestppd.vcxproj b/vcnet/cupstestppd.vcxproj index eb0c129..25470bb 100644 --- a/vcnet/cupstestppd.vcxproj +++ b/vcnet/cupstestppd.vcxproj @@ -61,7 +61,7 @@ Disabled - ..;..\vcnet;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..;..\vcnet;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) true EnableFastChecks @@ -83,7 +83,7 @@ X64 - ..;..\vcnet;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..;..\vcnet;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) MultiThreadedDLL diff --git a/vcnet/ippeveprinter.vcxproj b/vcnet/ippeveprinter.vcxproj index 75caee2..e4581a8 100644 --- a/vcnet/ippeveprinter.vcxproj +++ b/vcnet/ippeveprinter.vcxproj @@ -61,7 +61,7 @@ Disabled - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) false EnableFastChecks @@ -84,7 +84,7 @@ X64 - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) MultiThreadedDLL diff --git a/vcnet/ippfind.vcxproj b/vcnet/ippfind.vcxproj index 63f978e..a30261b 100644 --- a/vcnet/ippfind.vcxproj +++ b/vcnet/ippfind.vcxproj @@ -61,7 +61,7 @@ Disabled - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) true EnableFastChecks @@ -84,7 +84,7 @@ X64 - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) MultiThreadedDLL diff --git a/vcnet/ipptool.vcxproj b/vcnet/ipptool.vcxproj index 2240728..9fcbce4 100644 --- a/vcnet/ipptool.vcxproj +++ b/vcnet/ipptool.vcxproj @@ -61,7 +61,7 @@ Disabled - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) true EnableFastChecks @@ -83,7 +83,7 @@ X64 - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) MultiThreadedDLL diff --git a/vcnet/libcups2.vcxproj b/vcnet/libcups2.vcxproj index 1e68d01..32d2542 100644 --- a/vcnet/libcups2.vcxproj +++ b/vcnet/libcups2.vcxproj @@ -62,7 +62,7 @@ Disabled - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) DEBUG;_DEBUG;_WINDOWS;_USRDLL;LIBCUPS2_EXPORTS;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebugDLL @@ -72,7 +72,7 @@ ProgramDatabase - packages\libressl_native.3.5.3.2\build\native\lib\x64\Release\ssl.lib;packages\libressl_native.3.5.3.2\build\native\lib\x64\Release\crypto.lib;bcrypt.lib;ws2_32.lib;advapi32.lib;%(AdditionalDependencies) + packages\libressl_native.3.7.3\build\native\lib\x64\Release\ssl.lib;packages\libressl_native.3.7.3\build\native\lib\x64\Release\crypto.lib;bcrypt.lib;ws2_32.lib;advapi32.lib;%(AdditionalDependencies) $(OutDir)libcups2.dll ..\cups\libcups2.def true @@ -88,7 +88,7 @@ MinSpace - ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;..\vcnet\regex;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) DEBUG;NDEBUG;_WINDOWS;_USRDLL;LIBCUPS2_EXPORTS;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) MultiThreadedDLL @@ -96,7 +96,7 @@ ProgramDatabase - packages\libressl_native.3.5.3.2\build\native\lib\x64\Release\ssl.lib;packages\libressl_native.3.5.3.2\build\native\lib\x64\Release\crypto.lib;bcrypt.lib;ws2_32.lib;advapi32.lib;%(AdditionalDependencies) + packages\libressl_native.3.7.3\build\native\lib\x64\Release\ssl.lib;packages\libressl_native.3.7.3\build\native\lib\x64\Release\crypto.lib;bcrypt.lib;ws2_32.lib;advapi32.lib;%(AdditionalDependencies) $(OutDir)libcups2.dll ..\cups\libcups2.def true diff --git a/vcnet/libcups2_native.nuspec b/vcnet/libcups2_native.nuspec index a5d26fc..db6b466 100644 --- a/vcnet/libcups2_native.nuspec +++ b/vcnet/libcups2_native.nuspec @@ -3,7 +3,7 @@ libcups2_native OpenPrinting CUPS Library for VS2019+ - 2.4.6.0 + 2.4.7.0 Michael R Sweet, OpenPrinting michaelrsweet https://github.com/OpenPrinting/cups @@ -16,7 +16,7 @@ and other Unix®-like operating systems. The CUPS library provides a convenient Copyright © 2020-2023 by OpenPrinting, Copyright © 2007-2019 by Apple Inc., Copyright © 1997-2007 by Easy Software Products. http ipp native - + diff --git a/vcnet/libcups2_native.redist.nuspec b/vcnet/libcups2_native.redist.nuspec index 927bee6..0ac5332 100644 --- a/vcnet/libcups2_native.redist.nuspec +++ b/vcnet/libcups2_native.redist.nuspec @@ -3,7 +3,7 @@ libcups2_native.redist OpenPrinting CUPS Library for VS2019+ Redist - 2.4.6.0 + 2.4.7.0 Michael R Sweet, OpenPrinting michaelrsweet https://github.com/OpenPrinting/cups diff --git a/vcnet/packages.config b/vcnet/packages.config index 48d46fb..6d48227 100644 --- a/vcnet/packages.config +++ b/vcnet/packages.config @@ -1,7 +1,7 @@  - - + + \ No newline at end of file diff --git a/vcnet/testhttp.vcxproj b/vcnet/testhttp.vcxproj index 9647e0a..bab15d5 100644 --- a/vcnet/testhttp.vcxproj +++ b/vcnet/testhttp.vcxproj @@ -58,7 +58,7 @@ Disabled - ..\vcnet;..;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebug @@ -79,7 +79,7 @@ - ..\vcnet;..;packages\libressl_native.3.5.3.2\build\native\include;%(AdditionalIncludeDirectories) + ..\vcnet;..;packages\libressl_native.3.7.3\build\native\include;%(AdditionalIncludeDirectories) WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) MultiThreaded diff --git a/xcode/config.h b/xcode/config.h index 2b6c145..a41306e 100644 --- a/xcode/config.h +++ b/xcode/config.h @@ -19,8 +19,8 @@ * Version of software... */ -#define CUPS_SVERSION "CUPS v2.4.6" -#define CUPS_MINIMAL "CUPS/2.4.6" +#define CUPS_SVERSION "CUPS v2.4.7" +#define CUPS_MINIMAL "CUPS/2.4.7" /*