File cups.spec of Package cups.13211

#
# spec file for package cups
#
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           cups
BuildRequires:  dbus-1-devel
BuildRequires:  fdupes
BuildRequires:  gcc-c++
BuildRequires:  krb5-devel
BuildRequires:  libavahi-devel
BuildRequires:  libjpeg-devel
BuildRequires:  libpng-devel
BuildRequires:  libtiff-devel
# Have libtool as explicit buildrequirement to no longer depend
# on a "hidden" buildrequirement in the OBS project definition:
BuildRequires:  libtool
# See the comment at 'configure' below why on SLE11 (suse_version = 1110)
# the 'usb' backend must be built without libusb:
%if 0%{?suse_version} > 1110
BuildRequires:  libusb-1_0-devel
%endif
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
BuildRequires:  pkgconfig
# See http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
# that reads as of this writing (Thu Feb 13 12:20:32 CET 2014)
# where here the RPM macro percentage sign is replaced with '@' to be safe:
#  Starting with openSUSE 12.1, several RPM macros
#  must be used to package systemd services files
#    Build Requirement
#      You should add :
#        @if 0@{?suse_version} >= 1210
#        BuildRequires: systemd
#        @endif
#      as Build Requires.
#    Requires
#      Add
#        @{?systemd_requires}
#      to ensure the needed dependencies are added to your package
%if 0%{?suse_version} >= 1210
BuildRequires:  pkgconfig(libsystemd-daemon)
BuildRequires:  pkgconfig(systemd)
%{?systemd_requires}
%define have_systemd 1
# _tmpfilesdir is not defined in systemd macros up to openSUSE 12.3 and
# in openSUSE 13.1 "rpm --eval @{_tmpfilesdir}" results /usr/lib/tmpfiles.d
# (above the RPM macro percentage sign is replaced with '@' to be safe):
%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d }
%endif
BuildRequires:  update-desktop-files
BuildRequires:  zlib-devel
PreReq:         coreutils
# /usr/sbin/groupadd is called by the "pre" scriptlet:
PreReq:         /usr/sbin/groupadd
PreReq:         %insserv_prereq
PreReq:         %fillup_prereq
# sysvinit(syslog) is first provided in openSUSE 11.4:
%if 0%{?suse_version} > 1130
PreReq:         sysvinit(syslog)
%endif
Url:            http://www.cups.org/
Summary:        The Common UNIX Printing System
License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
Group:          Hardware/Printing
# Source0...Source9 is for sources from upstream:
# URL for Source0: http://www.cups.org/software/1.7.5/cups-1.7.5-source.tar.bz2
# MD5 sum for Source0 on http://www.cups.org/software.php 5d893edc2957005f78e2b2423fdace2e
Version:        1.7.5
Release:        0
Source0:        http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
# Require the exact matching version-release of the cups-libs sub-package because
# non-matching CUPS libraries may let CUPS software crash (e.g. segfault)
# because all CUPS software is built from the one same CUPS source tar ball
# so that there are CUPS-internal dependencies via CUPS private API calls
# (which do not happen for third-party software which uses only the CUPS public API).
# The exact matching version-release of the cups-libs sub-package is available
# on the same package repository where the cups package is because
# all are built simulaneously from the same cups source package
# and all required packages are provided on the same repository:
Requires:       cups-libs = %{version}-%{release}
# Require the exact matching version-release of the cups-client sub-package because
# because all CUPS software is built from the one same CUPS source tar ball
# so that there could be whatever subtle CUPS-internal dependencies.
# The exact matching version-release of the cups-client sub-package is available
# on the same package repository where the cups package is because
# all are built simulaneously from the same cups source package
# and all required packages are provided on the same repository:
Requires:       cups-client = %{version}-%{release}
# Since CUPS 1.6 all all non-Mac filters are dropped
# (in particular pdftops, imagetops, imagetoraster, and texttops).
# Linux-specific printing filters for CUPS are now provided by the cups-filters package.
# But those filters are not strictly required for CUPS
# (e.g. on client systems in the network where the filtering hapens on a CUPS server
# or on a CUPS server with only "raw" queues) so that a weak Recommends fits better:
Recommends:     cups-filters
# The Ghostscript device "cups" is needed by several CUPS filters
# (in particular the "rasterto..." filters) which might justify a RPM Requires.
# But a RPM requirement for ghostscript would cause a build dependency cycle because
# cups Requires ghostscript which BuildRequires cups-devel which Requires cups-libs
# and cups-libs is a sub-package of cups so that there is an implicit build dependency
# cycle between the main-packages cups and ghostscript.
# Furthermore Ghostscript is not needed on a system where those CUPS filters are not used
# (e.g. on client systems in the network where the filtering hapens on a CUPS server
# or on a CUPS server with only "raw" queues) so that a weak Recommends fits better:
Recommends:     ghostscript
# Our Source105 PSLEVEL1.PPD.bz2 and Source106 PSLEVEL2.PPD.bz2 need foomatic-rip
# but this does not justify a RPM Requires so that a weak Recommends is sufficient:
Recommends:     foomatic-filters
# Conflicts with CUPS < 1.6 versions because CUPS 1.6 has major incompatible changes,
# see https://bugzilla.novell.com/show_bug.cgi?id=735404
Conflicts:      cups < 1.6
# Conflicts with other print spoolers which provide same binaries like /usr/bin/lp and so on
# or which may listen on the same port (e.g. cups-lpd versus traditional lpd on port 515):
Conflicts:      lprng
Conflicts:      lprold
Conflicts:      plp
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from SUSE which are intended for upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-1.2rc1-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
Patch10:        cups-1.2rc1-template.patch
# Patch11 cups-1.4.3-default-webcontent-path.patch changes the default path whereto the
# web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
Patch11:        cups-1.4.3-default-webcontent-path.patch
# Patch12 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch bsc#955432 -- React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
Patch12:        0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch
# Patch13 0002-Save-work-on-Avahi-code.patch bsc#955432 -- React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
Patch13:        0002-Save-work-on-Avahi-code.patch
# Patch14 0003-Avahi-fixes-for-cupsEnumDests.patch bsc#955432 -- React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
Patch14:        0003-Avahi-fixes-for-cupsEnumDests.patch
# Patch15 0004-Fix-authorization-check-for-kerberos-local-connectio.patch
# Fix authorization check for clients (like samba) connected through the
# local socket when Kerberos authentication is enabled (bsc#1050082)
Patch15:        0004-Fix-authorization-check-for-kerberos-local-connectio.patch
# Patch16 Fix UTF-8 validation issue (bsc#1118118, Issue #5509)
Patch16:        issue5509-fix-utf-8-validation-issue.patch
# Source100...Source999 is for private sources from SUSE which are not intended for upstream:
Source101:      cups.init
Source102:      Postscript.ppd.gz
Source103:      cups.sysconfig
Source104:      cups.xinetd
Source105:      Postscript-level1.ppd.gz
Source106:      Postscript-level2.ppd.gz
Source108:      cups-client.conf
Source109:      baselibs.conf
Source110:      cups.service
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
Patch100:       cups-pam.diff
# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy
# to cupsd.conf see https://fate.novell.com/303515
Patch101:       cups-1.7-additional_policies.patch
# Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs:
Patch102:       cups-1.3.9-desktop_file.patch
# Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch
# reverts the change which was added by Michael Sweet in Jan 2007
# which strips the word "recommended" from NickName in PPDs because
# at least yast2-printer in SUSE needs it, compare the
# 'Why not "recommend" PPDs in the NickName?' and the subsequent
# 'RFC: New Driver Rating/Information Attributes' mail thread on cups@easysw.com:
Patch103:       cups-1.4-do_not_strip_recommended_from_PPDs.patch
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
Patch104:       cups-config-libs.patch
# Patch105 was str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail
# is obsolete because it is fixed upstream since CUPS 1.7.2
# Patch106 str4551.CVE-2014-9679.CUPS-1.7.5.patch is the upstream patch
# https://www.cups.org/strfiles.php/3438/str4551.patch
# backported to CUPS-1.7.5
# that fixes a possible buffer overflow in filter/raster.c
# (CUPS STR#4551 CVE-2014-9679 bugzilla.suse.com bsc#917799):
Patch106:       str4551.CVE-2014-9679.CUPS-1.7.5.patch
# Patch107 str4609.CERT-VU-810572.CUPS-1.7.5.patch is the upstream patch
# https://www.cups.org/strfiles.php/3480/str4609-1.7.patch
# adapted to fit exactly for CUPS-1.7.5
# that fixes a possible privilege escalation via cross-site scripting
# and bad print job submission used to replace cupsd.conf on server
# plus possible bad ld.so interaction via dynamic linker variables
# (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159 bugzilla.suse.com bsc#924208):
Patch107:       str4609.CERT-VU-810572.CUPS-1.7.5.patch
# Patch108 add_gziptoany_filter_when_raw_printing_multiple_files_GitHub4782.patch
# is the upstream patch part for scheduler/job.c from
# https://github.com/apple/cups/commit/f62664600159820a136a6e726a01a598b9ea292e
# adapted to fit exactly for CUPS-1.7.5
# that fixes raw printing multiple files by adding the gziptoany filter see
# https://github.com/apple/cups/issues/4782
# (bsc#968706)
Patch108:       add_gziptoany_filter_when_raw_printing_multiple_files_GitHub4782.patch
# Patch109 cups-lpd_remove_adding_docname_GitHub4790.patch
# is an excerpt from the upstream patch part for scheduler/cups-lpd.c from
# https://github.com/apple/cups/commit/4cc64a80fd01016eb5c3b62b754fc684d87bfb89
# that avoids warnings in error_log of the form
#  "Unexpected 'document-name' operation attribute in a Create-Job request." see
# https://github.com/apple/cups/issues/4790
# (SUSE Service Request 10994025138)
Patch109:       cups-lpd_remove_adding_docname_GitHub4790.patch
# Patch110 cups-scheduler_logs_jobs_at_loglevel_info.patch is based on the upstream patch
# https://github.com/apple/cups/commit/75c86da7a721554caea2dcc22a2f84b2fff465e8
# so that the scheduler now also logs messages for jobs at LogLevel "info" see
# https://github.com/apple/cups/issues/4815
# and bsc#1021133 and bsc#990045
Patch110:       cups-scheduler_logs_jobs_at_loglevel_info.patch
# Patch111 CVE-2017-18190.patch removes localhost.localdomain from list
# of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP
# command execution in conjunction with DNS rebinding (CVE-2017-18190 bsc#1081557).
Patch111:       CVE-2017-18190.patch
# Patch112 Patch113 Patch114
#   DBUS-notifications-could-crash-the-scheduler-Issue-5.patch
#   ipp-The-scheduler-now-substitutes-default-values-for-inv.patch
#   ipp-additional-changes-for-the-scheduler-to-substitute-d.patch
# fix bsc#1061066
#   DBUS library aborts caller process in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
# which are the CUPS upstream issues
# https://github.com/apple/cups/issues/5143
#   Remote DoS attack against cupsd via invalid username and malicious D-Bus library
# https://github.com/apple/cups/issues/5186
#   squash non-UTF-8 strings into ASCII on plain IPP level
# https://github.com/apple/cups/issues/5229
#   persistently substitute invalid job attributes with default values - not only in add_job
Patch112:       DBUS-notifications-could-crash-the-scheduler-Issue-5.patch
Patch113:       ipp-The-scheduler-now-substitutes-default-values-for-inv.patch
Patch114:       ipp-additional-changes-for-the-scheduler-to-substitute-d.patch
# Patch115 cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff
# is derived from https://github.com/apple/cups/commit/97cb566568a8c3a9c07c7ccec09f28f5c5015954
# and stripped down to only what is needed for CUPS 1.7.5
# that fixes local privilege escalation to root and sandbox bypasses in scheduler
# (Apple's internal issues rdar://37836779, rdar://37836995, rdar://37837252, rdar://37837581)
# bsc#1096405 CVE-2018-4180: cups: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
# bsc#1096406 CVE-2018-4181: cups: Limited Local File Reads as Root via cupsd.conf Include Directive
# bsc#1096407 CVE-2018-4182: cups: cups-exec Sandbox Bypass Due to Insecure Error Handling
# bsc#1096408 CVE-2018-4183: cups: cups-exec Sandbox Bypass Due to Profile Misconfiguration
Patch115:       cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff
# Patch116 cups-2.2.7-CVE-2018-4700.patch from SLE15 also applies to cups-1.7.5 in SLE12 and fixes
# CVE-2018-4700: session cookie is extremely predictable, effectively
# breaking the CSRF protection of the CUPS web interface
# https://bugzilla.suse.com/show_bug.cgi?id=1115750 (bsc#1115750):
Patch116:       cups-2.2.7-CVE-2018-4700.patch
# Patch117 cups-1.7.5-CVE-2019-8675.CVE-2019-8696.patch fixes CVE-2019-8675 and CVE-2019-8696
# bsc#1146358 CVE-2019-8675: cups: stack-buffer-overflow in libcups's asn1_get_type function
# bsc#1146359 CVE-2019-8696: cups: stack-buffer-overflow in libcups's asn1_get_packed function
# and some other security/disclosure issues in
# https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
# except scheduler/client.c where the cups-1.7.5 code is too different
Patch117:       cups-1.7.5-CVE-2019-8675.CVE-2019-8696.patch
# Install into this non-root directory (required when norootforbuild is used):
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%description
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.

See http://www.cups.org

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
https://bugzilla.novell.com/show_bug.cgi?id=735404
and follow the links therein.


%package libs
Summary:        Libraries for CUPS
License:        SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.1-only
Group:          Hardware/Printing
# Conflicts with CUPS < 1.6 versions because CUPS 1.6 has major incompatible changes,
# see https://bugzilla.novell.com/show_bug.cgi?id=735404
Conflicts:      cups-libs < 1.6
# Prerequire /sbin/ldconfig which is used in the traditional bash scriptlets for post/postun:
PreReq:         /sbin/ldconfig
# https://bugzilla.novell.com/show_bug.cgi?id=437293
%ifarch ppc64
Obsoletes:      cups-libs-64bit
%endif

%description libs
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.

See http://www.cups.org

This package contains libraries needed by CUPS
and other packages.

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
https://bugzilla.novell.com/show_bug.cgi?id=735404
and follow the links therein.


%package client
Summary:        CUPS Client Programs
License:        SUSE-GPL-2.0-with-openssl-exception
Group:          Hardware/Printing
# Conflicts with CUPS < 1.6 versions because CUPS 1.6 has major incompatible changes,
# see https://bugzilla.novell.com/show_bug.cgi?id=735404
Conflicts:      cups-client < 1.6
# Conflicts with other print spoolers which provide same binaries like /usr/bin/lp and so on:
Conflicts:      lprng
Conflicts:      lprold
Conflicts:      plp
# Require the exact matching version-release of the cups-libs sub-package because
# non-matching CUPS libraries may let CUPS software crash (e.g. segfault)
# because all CUPS software is built from the one same CUPS source tar ball
# so that there are CUPS-internal dependencies via CUPS private API calls
# (which do not happen for third-party software which uses only the CUPS public API).
# The exact matching version-release of the cups-libs sub-package is available
# on the same package repository where the cups package is because
# all are built simulaneously from the same cups source package
# and all required packages are provided on the same repository:
Requires:       cups-libs = %{version}-%{release}

%description client
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.

See http://www.cups.org

This package contains all programs needed
for running a CUPS client, not a server.

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
https://bugzilla.novell.com/show_bug.cgi?id=735404
and follow the links therein.


%package devel
Summary:        Development Environment for CUPS
License:        SUSE-GPL-2.0-with-openssl-exception
Group:          Development/Libraries/C and C++
# Conflicts with CUPS < 1.6 versions because CUPS 1.6 has major incompatible changes,
# see https://bugzilla.novell.com/show_bug.cgi?id=735404
Conflicts:      cups-devel < 1.6
# Do not require the exact matching version-release of cups-libs
# but only a cups-libs package with matching version because
# for building third-party software which uses only the CUPS public API
# there are no CUPS-internal dependencies via CUPS private API calls
# (the latter would require the exact matching cups-libs version-release):
Requires:       cups-libs = %{version}
Requires:       glibc-devel
# https://bugzilla.novell.com/show_bug.cgi?id=437293
%ifarch ppc64
Obsoletes:      cups-devel-64bit
%endif

%description devel
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.

See http://www.cups.org

This is the development package.

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
https://bugzilla.novell.com/show_bug.cgi?id=735404
and follow the links therein.


%package ddk
Summary:        CUPS Driver Development Kit
License:        SUSE-GPL-2.0-with-openssl-exception
Group:          Hardware/Printing
# Conflicts with CUPS < 1.6 versions because CUPS 1.6 has major incompatible changes,
# see https://bugzilla.novell.com/show_bug.cgi?id=735404
Conflicts:      cups-ddk < 1.6
Requires:       cups = %{version}
Requires:       cups-devel = %{version}
# Since CUPS 1.4 the CUPS Driver Development Kit (DDK) is bundled with CUPS.
# For CUPS 1.2.x and 1.3.x, the DDK was separated software
# which we provided (up to openSUSE 11.1 / SLE11) in our cupsddk package:
Provides:       cupsddk = %{version}
Obsoletes:      cupsddk < %{version}

%description ddk
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.

See http://www.cups.org

The CUPS Driver Development Kit (DDK) provides
a suite of standard drivers, a PPD file compiler,
and other utilities that can be used to develop
printer drivers for CUPS.

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
https://bugzilla.novell.com/show_bug.cgi?id=735404
and follow the links therein.


%prep
# Be quiet when unpacking:
%setup -q -n cups-%{version}
# Patch0...Patch9 is for patches from upstream:
# Patch10...Patch99 is for patches from SUSE which are intended for upstream:
# Patch10 cups-1.2rc1-template.patch adds 'smb://...' URIs to templates/choose-uri.tmpl:
%patch10 -p1
# Patch11 cups-1.4.3-default-webcontent-path.patch changes the default path whereto the
# web content is installed from /usr/share/doc/cups to /usr/share/cups/webcontent
# because the files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments:
%patch11
# Patch12 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
%patch12 -p1
# Patch13 0002-Save-work-on-Avahi-code.patch React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
%patch13 -p1
# Patch14 0003-Avahi-fixes-for-cupsEnumDests.patch React properly to avahi's ALL_FOR_NOW signal to reduce unneeded delay
%patch14 -p1
# Patch15 0004-Fix-authorization-check-for-kerberos-local-connectio.patch
# Fix authorization check for clients (like samba) connected through the
# local socket when Kerberos authentication is enabled (bsc#1050082)
%patch15 -p1
%patch16 -p1
# Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
# Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
%patch100
# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy
# to cupsd.conf see https://fate.novell.com/303515
%patch101
# Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs:
%patch102
# Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch
# reverts the change which was added by Michael Sweet in Jan 2007
# which strips the word "recommended" from NickName in PPDs because
# at least yast2-printer in SUSE needs it, compare the
# 'Why not "recommend" PPDs in the NickName?' and the subsequent
# 'RFC: New Driver Rating/Information Attributes' mail thread on cups@easysw.com:
%patch103
# Patch104 cups-config-libs.patch fixes option --libs in cups-config script:
%patch104
# Patch105 was str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail
# is obsolete because it is fixed upstream since CUPS 1.7.2
# Patch106 str4551.CVE-2014-9679.CUPS-1.7.5.patch is the upstream patch
# https://www.cups.org/strfiles.php/3438/str4551.patch
# backported to CUPS-1.7.5
# that fixes a possible buffer overflow in filter/raster.c
# (CUPS STR#4551 CVE-2014-9679 bugzilla.suse.com bsc#917799):
%patch106
# Patch107 str4609.CERT-VU-810572.CUPS-1.7.5.patch is the upstream patch
# https://www.cups.org/strfiles.php/3480/str4609-1.7.patch
# adapted to fit exactly for CUPS-1.7.5
# that fixes a possible privilege escalation via cross-site scripting
# and bad print job submission used to replace cupsd.conf on server
# plus possible bad ld.so interaction via dynamic linker variables
# (CUPS STR#4609 CERT-VU-810572 bugzilla.suse.com bsc#924208):
%patch107 -p1
# Patch108 add_gziptoany_filter_when_raw_printing_multiple_files_GitHub4782.patch
# is the upstream patch part for scheduler/job.c from
# https://github.com/apple/cups/commit/f62664600159820a136a6e726a01a598b9ea292e
# adapted to fit exactly for CUPS-1.7.5
# that fixes raw printing multiple files by adding the gziptoany filter see
# https://github.com/apple/cups/issues/4782
# (bsc#968706)
%patch108
# Patch109 cups-lpd_remove_adding_docname_GitHub4790.patch
# is an excerpt from the upstream patch part for scheduler/cups-lpd.c from
# https://github.com/apple/cups/commit/4cc64a80fd01016eb5c3b62b754fc684d87bfb89
# that avoids warnings in error_log of the form
#  "Unexpected 'document-name' operation attribute in a Create-Job request." see
# https://github.com/apple/cups/issues/4790
# (SUSE Service Request 10994025138)
%patch109
# Patch110 cups-scheduler_logs_jobs_at_loglevel_info.patch is based on the upstream patch
# https://github.com/apple/cups/commit/75c86da7a721554caea2dcc22a2f84b2fff465e8
# so that the scheduler now also logs messages for jobs at LogLevel "info" see
# https://github.com/apple/cups/issues/4815
# and bsc#1021133 and bsc#990045
%patch110 -p1
# Patch111 CVE-2017-18190.patch removes localhost.localdomain from list
# of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP
# command execution in conjunction with DNS rebinding (CVE-2017-18190 bsc#1081557).
%patch111 -p1
# Patch112 Patch113 Patch114
#   DBUS-notifications-could-crash-the-scheduler-Issue-5.patch
#   ipp-The-scheduler-now-substitutes-default-values-for-inv.patch
#   ipp-additional-changes-for-the-scheduler-to-substitute-d.patch
# fix bsc#1061066
#   DBUS library aborts caller process in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
# which are the CUPS upstream issues
# https://github.com/apple/cups/issues/5143
#   Remote DoS attack against cupsd via invalid username and malicious D-Bus library
# https://github.com/apple/cups/issues/5186
#   squash non-UTF-8 strings into ASCII on plain IPP level
# https://github.com/apple/cups/issues/5229
#   persistently substitute invalid job attributes with default values - not only in add_job
%patch112 -p1
%patch113 -p1
%patch114 -p1
# Patch115 cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff
# is derived from https://github.com/apple/cups/commit/97cb566568a8c3a9c07c7ccec09f28f5c5015954
# and stripped down to only what is needed for CUPS 1.7.5
# that fixes local privilege escalation to root and sandbox bypasses in scheduler
# (Apple's internal issues rdar://37836779, rdar://37836995, rdar://37837252, rdar://37837581)
# bsc#1096405 CVE-2018-4180: cups: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
# bsc#1096406 CVE-2018-4181: cups: Limited Local File Reads as Root via cupsd.conf Include Directive
# bsc#1096407 CVE-2018-4182: cups: cups-exec Sandbox Bypass Due to Insecure Error Handling
# bsc#1096408 CVE-2018-4183: cups: cups-exec Sandbox Bypass Due to Profile Misconfiguration
%patch115
# Patch116 cups-2.2.7-CVE-2018-4700.patch from SLE15 also applies to cups-1.7.5 in SLE12 and fixes
# CVE-2018-4700: session cookie is extremely predictable, effectively
# breaking the CSRF protection of the CUPS web interface
# https://bugzilla.suse.com/show_bug.cgi?id=1115750 (bsc#1115750):
%patch116
# Patch117 cups-1.7.5-CVE-2019-8675.CVE-2019-8696.patch fixes CVE-2019-8675 and CVE-2019-8696
# bsc#1146358 CVE-2019-8675: cups: stack-buffer-overflow in libcups's asn1_get_type function
# bsc#1146359 CVE-2019-8696: cups: stack-buffer-overflow in libcups's asn1_get_packed function
# and some other security/disclosure issues in
# https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
# except scheduler/client.c where the cups-1.7.5 code is too different
%patch117

%build
# Disable SILENT run of make so that make runs verbose as usual:
sed -i -e 's/^\.SILENT:/# .SILENT:/' Makedefs.in
libtoolize --force
aclocal
autoconf
export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fstack-protector"
export CFLAGS="$RPM_OPT_FLAGS -fstack-protector -DLDAP_DEPRECATED"
export CXX=g++
# As long as cups-1.4.3-default-webcontent-path.patch is applied
# configure --with-docdir=... would be no longer needed
# because cups-1.4.3-default-webcontent-path.patch changes the
# default with-docdir path whereto the web content is installed
# from /usr/share/doc/cups to /usr/share/cups/webcontent because the
# files of the CUPS web content are no documentation, see CUPS STR #3578
# and http://bugzilla.novell.com/show_bug.cgi?id=546023#c6 and subsequent comments
# so that the new default could be used as is but upstream may accept
# cups-1.4.3-default-webcontent-path.patch in general but change its default
# so that with-docdir is explicitly set here to be future proof.
# Regarding --with-rundir and --with-domainsocket
# see https://www.cups.org/str.php?L4306
# and the explanation that I got via mail from Robert Milasan (quotation):
#   the changes are due to systemd. Systemd needs /run and in our case
#   openSUSE we bind /run to /var/run which at boot time can created
#   issues, meaning /var/run is used before being binded to /run.
#   All apps should use /run and /run/lock instead of /var/run and /var/lock.
#   In other distro's they links /run to /var/run and /run/lock
#   to /var/lock, but we don't, so it's better to move everything
#   and yes upstream should do the same. Please also check:
#   http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html
# Without "BuildRequires: libusb-1_0-devel" the --enable-libusb configure option
# silently falls back to building the 'usb' backend without libusb.
# Up to SLE11-SP1 building the 'usb' backend with libusb fails with
# /usr/src/packages/BUILD/cups-1.7.0/backend/usb-libusb.c:745: undefined reference to `libusb_attach_kernel_driver'
# and since SLE11-SP2 building the 'usb' backend with libusb works.
# But there is the SUSE rule not to differentiate SP levels.
# Quotation from the "If sles_version is not defined or 0 for SLES 12 on IBS" thread
# on research@suse.de dated Fri, 7 Feb 2014 22:29:49 +0100:
#   According to FATE 316290 there will be no rpm macro to differentiate SP levels...
#   Because major updates and changes are no longer bound to a special SP version.
# As far as I understand it this means cups built on SLE11-SP2 must also run on SLE11-SP1
# so that cups on whole SLE11 must be built with "--disable-libusb" to (hopefully) ensure
# it is not accidentally built with libusb (e.g. by obscure build system install magic
# that may install libusb-1_0-devel plus configure magic that may use "--enable-libusb").
# For the right suse_version value for SLE11 (SLE11 => suse_version = 1110)
# see http://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto
./configure \
        --enable-option-checking \
        --mandir=%{_mandir} \
        --sysconfdir=%{_sysconfdir} \
        --libdir=%{_libdir} \
        --datadir=%{_datadir} \
        --with-docdir=%{_datadir}/cups/webcontent \
        --with-cups-user=lp \
        --with-cups-group=lp \
        --with-system-groups=root \
        --enable-debug \
        --enable-debug-printfs \
        --enable-relro \
        --enable-gssapi \
%if 0%{?suse_version} > 1110
        --enable-libusb \
%else
        --disable-libusb \
%endif
        --disable-static \
        --without-rcdir \
        --enable-dbus \
        --with-cachedir=/var/cache/cups \
%if 0%{?have_systemd}
        --with-rundir=/run/cups \
        --with-domainsocket=/run/cups/cups.sock \
%endif
        --prefix=/
make %{?_smp_mflags} CXX=g++

%install
make BUILDROOT=%{buildroot} install
# Remove the CUPS banner files in /usr/share/cups/banners/ and
# the CUPS testpage /usr/share/cups/data/testprint (which is also a CUPS banner file type)
# because they do no longer work since CUPS >= 1.6, see http://www.cups.org/str.php?L4120
# because there is no longer a filter for Linux that can convert the CUPS banner files.
# Since CUPS >= 1.6 only the banner files and testpage in the cups-filters package work
# via the cups-filters PDF workflow and the cups-filters package also provides
# the matching bannertopdf filter (see https://bugzilla.novell.com/show_bug.cgi?id=873376):
rm -r %{buildroot}%{_datadir}/cups/banners
rm  %{buildroot}%{_datadir}/cups/data/testprint
# Use CUPS' own fonts (i.e. make CUPS work again in compliance with upstream).
# In ancient times (see the RPM changelog entry dated "Thu Aug 16 17:05:19 CEST 2001")
# there was the general opinion it would be a great idea to deviate from CUPS upstream
# and save some disk space and do not install CUPS' own fonts in CUPS' own font directory.
# Therefore CUPS' own fonts were removed and the CUPS font directory was replaced
# by a symbolic link /usr/share/cups/fonts -> ../ghostscript/fonts
# because at that times the Ghostscript fonts had been the same as CUPS' own fonts.
# In any case such a link is a fragile non-future-proof interference because when either
# the Ghostscript fonts or CUPS' own fonts change, linking them as same is wrong.
# Meanwhile (I don't know exactly since when but since a long time) the Ghostscript fonts
# do no longer work for CUPS' particular needs (CUPS has its own fonts because it needs them).
# Nobody noticed it until 2014 via https://bugzilla.novell.com/show_bug.cgi?id=856731
# But it is not possible with RPM to replace a directory by a symbolic link or vice versa
# see https://bugzilla.novell.com/show_bug.cgi?id=856731#c7
# and https://bugzilla.novell.com/show_bug.cgi?id=856731#c8
# This means /usr/share/cups/fonts must stay forever as a symbolic link
# and the only way out is to move CUPS' own fonts to an artificial
# surrogate directory /usr/share/cups/CUPSfonts and have the
# symbolic link /usr/share/cups/fonts -> /usr/share/cups/CUPSfonts:
pushd %{buildroot}%{_datadir}/cups/
mv fonts CUPSfonts && ln -s CUPSfonts fonts
popd
# Source103: cups.sysconfig
install -d -m755 %{buildroot}/var/adm/fillup-templates
install -m 644 %{SOURCE103} %{buildroot}/var/adm/fillup-templates/sysconfig.cups
# Make directory for ssl files:
mkdir -p %{buildroot}%{_sysconfdir}/cups/ssl
# Add a client.conf as template (Source108: cups-client.conf):
install -m644 %{SOURCE108} %{buildroot}%{_sysconfdir}/cups/client.conf
# Source104: cups.xinetd
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 -D %{SOURCE104} %{buildroot}%{_sysconfdir}/xinetd.d/cups-lpd
# Make the libraries accessible also via generic named links:
ln -sf libcupsimage.so.2 %{buildroot}%{_libdir}/libcupsimage.so
ln -sf libcups.so.2 %{buildroot}%{_libdir}/libcups.so
# Add missing usual directories:
install -d -m755 %{buildroot}%{_datadir}/cups/drivers
install -d -m755 %{buildroot}/var/cache/cups
# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff):
install -m 644 -D conf/pam.suse %{buildroot}/etc/pam.d/cups
# Add missing usual documentation:
install -d -m755 %{buildroot}/%{_defaultdocdir}/cups
for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt
do install -m 644 "$f" %{buildroot}%{_defaultdocdir}/cups/
done
# Add generic PostScript printer PPDs:
# Source102: Postscript.ppd.gz
install -m 644 %{SOURCE102} %{buildroot}%{_datadir}/cups/model/Postscript.ppd.gz
# Source105: Postscript-level1.ppd,gz
install -m 644 %{SOURCE105} %{buildroot}%{_datadir}/cups/model/Postscript-level1.ppd.gz
# Source106: Postscript-level2.ppd.gz
install -m 644 %{SOURCE106} %{buildroot}%{_datadir}/cups/model/Postscript-level2.ppd.gz
# Add files for desktop menu:
rm -f %{buildroot}%{_datadir}/applications/cups.desktop
%suse_update_desktop_file -i cups PrintingUtility 2>/dev/null
mkdir %{buildroot}%{_datadir}/pixmaps
install -m 644 %{buildroot}%{_datadir}/icons/hicolor/64x64/apps/cups.png %{buildroot}%{_datadir}/pixmaps
rm -rf %{buildroot}%{_datadir}/icons
# Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked
# via the fdupes run below, see https://bugzilla.novell.com/show_bug.cgi?id=773971
# by making their content different and at the same time fix the misleading comment.
# Intentionally let the build fail if 'grep' does not find what 'sed' should change
# because if upstream changed it 'sed' would silently no longer change the files:
grep -q '^# Sample configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf
sed -i -e 's/^# Sample configuration /# Configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf
grep -q '^# Sample configuration ' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
sed -i -e 's/^# Sample configuration /# Default configuration /' %{buildroot}/%{_sysconfdir}/cups/cupsd.conf.default
# Begin how cupsd is launched (via SysVinit or systemd):
%if 0%{?have_systemd}
# Begin launch cupsd via systemd:
# See http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
# that reads as of this writing (Thu Feb 13 12:20:32 CET 2014)
# where here the RPM macro percentage sign is replaced with '@' to be safe:
#   Service files
#     Service files should always be installed in @_unitdir
#     (ie /usr/lib/systemd/system) and never in /etc/systemd/system
#     (so they can be overriden by users without conflicting with packaging).
# Install Source110: cups.service
install -d -m755 %{buildroot}/%{_unitdir}
install -m 644 %{SOURCE110} %{buildroot}/%{_unitdir}/cups.service
# Install /usr/lib/tmpfiles.d/cups.conf
mkdir -p %{buildroot}%{_tmpfilesdir}
cat > %{buildroot}%{_tmpfilesdir}/cups.conf <<EOF
# See tmpfiles.d(5) for details
d /run/cups 0755 root lp -
d /run/cups/certs 0511 lp sys -
d /var/spool/cups/tmp - - - 30d
EOF
# Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO
# /usr/sbin/service exists only since openSUSE 12.3:
%if 0%{?suse_version} > 1220
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rccups
%else
ln -s /sbin/service %{buildroot}%{_sbindir}/rccups
%endif
# End launch cupsd via systemd
%else
# Begin launch cupsd via SysVinit:
install -d -m755 $RPM_BUILD_ROOT/etc/init.d
# Source101: cups.init
install -m755 %{SOURCE101} %{buildroot}/etc/init.d/cups
ln -sf ../../etc/init.d/cups %{buildroot}/usr/sbin/rccups
# End launch cupsd via SysVinit
%endif
# End how cupsd is launched (via SysVinit or systemd)
# Run fdupes:
# The RPM macro fdupes runs /usr/bin/fdupes that links files with identical content.
# Never run fdupes carelessly over the whole buildroot directory
# because in older openSUSE and SLE11 versions fdupes
# links files with different owner, group, or permissions
# see https://bugzilla.novell.com/show_bug.cgi?id=784670
# and even in current openSUSE versions fdupes links across sub-package boundaries,
# compare https://bugzilla.novell.com/show_bug.cgi?id=784869
# so that fdupes can only run for specific directories where linking files is safe.
# Using fdupes -s, which will create symlinks that are easier to grasp for rpm and
# rpmlint will give a "dangling symlink" error if the file and link ended up in different packages.
# All symlinks created by fdupes are in /usr/share/cups/templates/
# except /usr/share/cups/webcontent/images/cups-icon.png -> /usr/share/cups/webcontent/images/cups.png
# but that one must not be a symlink because since CUPS 1.7.4/1.7.5 the cupsd web server does no longer
# follow symlink to avoid security issues (see bnc#892587 and bnc#887240 and and the upstream
# issues http://www.cups.org/str.php?L4450 and https://www.cups.org/str.php?L4455)
# so that fdupes should only create symlinks in /usr/share/cups/templates/:
%fdupes -s %{buildroot}/%{_datadir}/cups/templates

%pre
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
/usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || :
%if 0%{?have_systemd}
# Begin service_add_pre cups.service
%service_add_pre cups.service
# End service_add_pre cups.service
%endif
exit 0

%post
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
%if 0%{?have_systemd}
# Begin service_add_post cups.service
%service_add_post cups.service
# End service_add_post cups.service
%else
# Begin fillup_and_insserv -ny cups cups
%{fillup_and_insserv -ny cups cups}
# End fillup_and_insserv -ny cups cups
%endif
exit 0

%preun
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
%if 0%{?have_systemd}
# Begin service_del_preun cups.service
%service_del_preun cups.service
# End service_del_preun cups.service
%else
# Begin stop_on_removal cups
%stop_on_removal cups
# End stop_on_removal cups
%endif
exit 0

%postun
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
%if 0%{?have_systemd}
# Begin service_del_postun cups.service
%service_del_postun cups.service
# End service_del_postun cups.service
%else
# Begin restart_on_update cups
%restart_on_update cups
# End restart_on_update cups
# Begin insserv_cleanup
%{insserv_cleanup}
# End insserv_cleanup
%endif
exit 0

%post libs
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
/sbin/ldconfig
exit 0

%postun libs
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
# an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
# see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
/sbin/ldconfig
exit 0

%files
# The files sections list all mandatory files explicitly one by one.
# In particular all executables are listed explicitly.
# This avoids that CUPS' configure magic might silently
# not build and install an executable when whatever condition
# for configure's automated tests is not fulfilled in the build system.
# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9
# When all mandatory files are explicitly listed,
# the build fails intentionally if a mandatory file was not built
# which ensures that already existing correctly built binary RPMs
# are not overwritten by broken RPMs where mandatory files are missing.
%defattr(-,root,root)
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cups-files.conf
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/snmp.conf
%config(noreplace) %{_sysconfdir}/xinetd.d/cups-lpd
%config %{_sysconfdir}/pam.d/cups
%config %{_sysconfdir}/dbus-1/system.d/cups.conf
%{_sysconfdir}/cups/cupsd.conf.default
%dir %attr(755,root,lp) %{_sysconfdir}/cups/interfaces
%dir %attr(755,root,lp) %{_sysconfdir}/cups/ppd
%dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl
/var/adm/fillup-templates/sysconfig.cups
%if 0%{?have_systemd}
%{_unitdir}/cups.service
%{_tmpfilesdir}/cups.conf
%else
%config %attr(0755,root,root) %{_sysconfdir}/init.d/cups
%endif
%{_bindir}/cupstestppd
%{_sbindir}/cupsaddsmb
%{_sbindir}/cupsctl
%{_sbindir}/cupsd
%{_sbindir}/cupsfilter
%{_sbindir}/rccups
%dir /usr/lib/cups
%dir /usr/lib/cups/backend
/usr/lib/cups/backend/dnssd
/usr/lib/cups/backend/http
/usr/lib/cups/backend/https
/usr/lib/cups/backend/ipp
/usr/lib/cups/backend/ipps
/usr/lib/cups/backend/lpd
# Dropped in CUPS 1.6: /usr/lib/cups/backend/parallel
# Dropped in CUPS 1.6: /usr/lib/cups/backend/serial
/usr/lib/cups/backend/snmp
/usr/lib/cups/backend/socket
/usr/lib/cups/backend/usb
%dir /usr/lib/cups/cgi-bin
/usr/lib/cups/cgi-bin/admin.cgi
/usr/lib/cups/cgi-bin/classes.cgi
/usr/lib/cups/cgi-bin/help.cgi
/usr/lib/cups/cgi-bin/jobs.cgi
/usr/lib/cups/cgi-bin/printers.cgi
%dir /usr/lib/cups/daemon
/usr/lib/cups/daemon/cups-deviced
/usr/lib/cups/daemon/cups-driverd
/usr/lib/cups/daemon/cups-exec
/usr/lib/cups/daemon/cups-lpd
# Dropped in CUPS 1.6: /usr/lib/cups/daemon/cups-polld
%dir /usr/lib/cups/driver
%dir /usr/lib/cups/filter
# Dropped in CUPS 1.6: /usr/lib/cups/filter/bannertops
# Dropped in CUPS 1.6: /usr/lib/cups/filter/commandtoescpx
# Dropped in CUPS 1.6: /usr/lib/cups/filter/commandtopclx
/usr/lib/cups/filter/commandtops
/usr/lib/cups/filter/gziptoany
# Dropped in CUPS 1.6: /usr/lib/cups/filter/imagetops
# Dropped in CUPS 1.6: /usr/lib/cups/filter/imagetoraster
# Dropped in CUPS 1.6: /usr/lib/cups/filter/pdftops
/usr/lib/cups/filter/pstops
/usr/lib/cups/filter/rastertodymo
/usr/lib/cups/filter/rastertoepson
# Dropped in CUPS 1.6: /usr/lib/cups/filter/rastertoescpx
/usr/lib/cups/filter/rastertohp
/usr/lib/cups/filter/rastertolabel
# Dropped in CUPS 1.6: /usr/lib/cups/filter/rastertopclx
/usr/lib/cups/filter/rastertopwg
# Dropped in CUPS 1.6: /usr/lib/cups/filter/texttops
%dir /usr/lib/cups/monitor
/usr/lib/cups/monitor/bcp
/usr/lib/cups/monitor/tbcp
%dir /usr/lib/cups/notifier
/usr/lib/cups/notifier/dbus
/usr/lib/cups/notifier/mailto
/usr/lib/cups/notifier/rss
%dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers
%{_datadir}/applications/cups.desktop
%{_datadir}/pixmaps/cups.png
%doc %{_defaultdocdir}/cups
%doc %{_mandir}/man1/cupstestppd.1.gz
%doc %{_mandir}/man5/classes.conf.5.gz
%doc %{_mandir}/man5/client.conf.5.gz
%doc %{_mandir}/man5/cups-snmp.conf.5.gz
%doc %{_mandir}/man5/cups-files.conf.5.gz
%doc %{_mandir}/man5/cupsd.conf.5.gz
%doc %{_mandir}/man5/mailto.conf.5.gz
%doc %{_mandir}/man5/mime.convs.5.gz
%doc %{_mandir}/man5/mime.types.5.gz
%doc %{_mandir}/man5/printers.conf.5.gz
%doc %{_mandir}/man5/subscriptions.conf.5.gz
%doc %{_mandir}/man7/backend.7.gz
%doc %{_mandir}/man7/filter.7.gz
%doc %{_mandir}/man7/notifier.7.gz
%doc %{_mandir}/man8/cups-deviced.8.gz
%doc %{_mandir}/man8/cups-driverd.8.gz
%doc %{_mandir}/man8/cups-lpd.8.gz
# Dropped in CUPS 1.6: doc {_mandir}/man8/cups-polld.8.gz
%doc %{_mandir}/man8/cups-snmp.8.gz
%doc %{_mandir}/man8/cupsaddsmb.8.gz
%doc %{_mandir}/man8/cupsctl.8.gz
%doc %{_mandir}/man8/cupsd.8.gz
%doc %{_mandir}/man8/cupsfilter.8.gz
%{_datadir}/cups/
%exclude %{_datadir}/cups/ppdc/

%files client
# Set explicite owner, group, and permissions for lppasswd
# to enforce to have the upstream owner, group, and permissions in the RPM
# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755
# according to /etc/permissions.secure in the build system,
# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12
# and subsequent comments up to comment #17 therein.
# Even if /etc/permissions.secure in the openSUSE:Factory build system might be
# already fixed, it must also work for build systems for released products.
%defattr(-,root,root)
%{_bindir}/cancel
%{_bindir}/cupstestdsc
%{_bindir}/ippfind
%{_bindir}/ipptool
%{_bindir}/lp
%{_bindir}/lpoptions
%attr(0555,root,root) %{_bindir}/lppasswd
%{_bindir}/lpq
%{_bindir}/lpr
%{_bindir}/lprm
%{_bindir}/lpstat
%{_sbindir}/accept
%{_sbindir}/cupsaccept
%{_sbindir}/cupsdisable
%{_sbindir}/cupsenable
%{_sbindir}/cupsreject
%{_sbindir}/lpadmin
%{_sbindir}/lpc
%{_sbindir}/lpinfo
%{_sbindir}/lpmove
%{_sbindir}/reject
%doc %{_mandir}/man1/cancel.1.gz
%doc %{_mandir}/man1/cupstestdsc.1.gz
%doc %{_mandir}/man1/ippfind.1.gz
%doc %{_mandir}/man1/ipptool.1.gz
%doc %{_mandir}/man1/lp.1.gz
%doc %{_mandir}/man1/lpoptions.1.gz
%doc %{_mandir}/man1/lppasswd.1.gz
%doc %{_mandir}/man1/lpq.1.gz
%doc %{_mandir}/man1/lpr.1.gz
%doc %{_mandir}/man1/lprm.1.gz
%doc %{_mandir}/man1/lpstat.1.gz
%doc %{_mandir}/man5/ipptoolfile.5.gz
%doc %{_mandir}/man8/accept.8.gz
%doc %{_mandir}/man8/cupsaccept.8.gz
%doc %{_mandir}/man8/cupsdisable.8.gz
%doc %{_mandir}/man8/cupsenable.8.gz
%doc %{_mandir}/man8/cupsreject.8.gz
%doc %{_mandir}/man8/lpadmin.8.gz
%doc %{_mandir}/man8/lpc.8.gz
%doc %{_mandir}/man8/lpinfo.8.gz
%doc %{_mandir}/man8/lpmove.8.gz
%doc %{_mandir}/man8/reject.8.gz

%files devel
%defattr(-,root,root)
%{_includedir}/cups/
%{_libdir}/libcups.so
%{_libdir}/libcupsimage.so
%{_libdir}/libcupscgi.so
# Dropped in CUPS 1.6: {_libdir}/libcupsdriver.so
%{_libdir}/libcupsmime.so
%{_libdir}/libcupsppdc.so
%{_datadir}/cups/ppdc/

%files ddk
%defattr(-,root,root)
%{_bindir}/ppdc
%{_bindir}/ppdhtml
%{_bindir}/ppdi
%{_bindir}/ppdmerge
%{_bindir}/ppdpo
%doc %{_mandir}/man1/ppdc.1.gz
%doc %{_mandir}/man1/ppdhtml.1.gz
%doc %{_mandir}/man1/ppdi.1.gz
%doc %{_mandir}/man1/ppdmerge.1.gz
%doc %{_mandir}/man1/ppdpo.1.gz
%doc %{_mandir}/man5/ppdcfile.5.gz

%files libs
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/cups/client.conf
%dir %attr(0710,root,lp) %{_var}/spool/cups
%dir %attr(1770,root,lp) %{_var}/spool/cups/tmp
%dir %attr(0755,lp,lp) %{_var}/log/cups/
%dir %attr(0775,lp,lp) %{_var}/cache/cups
%{_bindir}/cups-config
%{_libdir}/libcups.so.*
%{_libdir}/libcupscgi.so.*
# Dropped in CUPS 1.6: {_libdir}/libcupsdriver.so.*
%{_libdir}/libcupsimage.so.*
%{_libdir}/libcupsmime.so.*
%{_libdir}/libcupsppdc.so.*
%{_datadir}/locale/*/cups_*
%doc %{_mandir}/man1/cups-config.1.gz

%changelog