summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2018-05-01 06:12:59 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2018-05-01 06:13:58 +0200
commitb745e216e4e17272d2ccd8f92acd6a9065db9112 (patch)
treebb523512851016cda08ab88886790defdf7389a5
parent5ecd5fefd0e9fb0965662f2094c16363325ba614 (diff)
downloadguix-b745e216e4e17272d2ccd8f92acd6a9065db9112.tar.gz
gnu: cups-minimal, cups: Update to 2.2.7.
* gnu/packages/cups.scm (cups-minimal): Update to 2.2.7.
[source]: Add patch to build without LINUX-PAM.
* gnu/packages/patches/cups-fix-builds-without-PAM.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/cups.scm7
-rw-r--r--gnu/packages/patches/cups-fix-builds-without-PAM.patch201
3 files changed, 207 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 74e86d97a0..4fa88e300d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -616,6 +616,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/crossmap-allow-system-pysam.patch	\
   %D%/packages/patches/clucene-contribs-lib.patch               \
   %D%/packages/patches/cube-nocheck.patch			\
+  %D%/packages/patches/cups-fix-builds-without-PAM.patch	\
   %D%/packages/patches/cursynth-wave-rand.patch			\
   %D%/packages/patches/cvs-2017-12836.patch			\
   %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch		\
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index a9cc3acba0..4ff79bdecb 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -173,7 +173,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
 (define-public cups-minimal
   (package
     (name "cups-minimal")
-    (version "2.2.6")
+    (version "2.2.7")
     (source
      (origin
        (method url-fetch)
@@ -181,7 +181,10 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                            version "/cups-" version "-source.tar.gz"))
        (sha256
         (base32
-         "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20"))))
+         "0spaqv943bzzq31gqdp73934jgyhhlbzdmgvrmf5cxvhfdxn6jrw"))
+       ;; “PAM will soon [in 2.3.x] be required for authentication, period.”
+       ;; <https://github.com/apple/cups/pull/5253#issuecomment-368066917>
+       (patches (search-patches "cups-fix-builds-without-PAM.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/patches/cups-fix-builds-without-PAM.patch b/gnu/packages/patches/cups-fix-builds-without-PAM.patch
new file mode 100644
index 0000000000..cf51bfb0f7
--- /dev/null
+++ b/gnu/packages/patches/cups-fix-builds-without-PAM.patch
@@ -0,0 +1,201 @@
+From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Mon, 2 Apr 2018 20:05:13 -0400
+Subject: [PATCH] Fix builds without PAM (Issue #5283)
+
+---
+ CHANGES.md       |   8 +++-
+ scheduler/auth.c | 134 ++-----------------------------------------------------
+ 2 files changed, 11 insertions(+), 131 deletions(-)
+
+diff --git a/CHANGES.md b/CHANGES.md
+index f568f35af..e8fc1fbdd 100644
+--- a/CHANGES.md
++++ b/CHANGES.md
+@@ -1,7 +1,13 @@
+-CHANGES - 2.2.7 - 2018-03-22
++CHANGES - 2.2.8 - 2018-04-02
+ ============================
+ 
+ 
++Changes in CUPS v2.2.8
++----------------------
++
++- Fixed builds without PAM (Issue #5283)
++
++
+ Changes in CUPS v2.2.7
+ ----------------------
+ 
+diff --git a/scheduler/auth.c b/scheduler/auth.c
+index 8b134b5d7..fa4e2715d 100644
+--- a/scheduler/auth.c
++++ b/scheduler/auth.c
+@@ -1,8 +1,8 @@
+ /*
+  * Authorization routines for the CUPS scheduler.
+  *
+- * Copyright 2007-2016 by Apple Inc.
+- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
++ * Copyright © 2007-2018 by Apple Inc.
++ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
+  *
+  * This file contains Kerberos support code, copyright 2006 by
+  * Jelmer Vernooij.
+@@ -71,9 +71,6 @@ static int		check_authref(cupsd_client_t *con, const char *right);
+ static int		compare_locations(cupsd_location_t *a,
+ 			                  cupsd_location_t *b);
+ static cupsd_authmask_t	*copy_authmask(cupsd_authmask_t *am, void *data);
+-#if !HAVE_LIBPAM
+-static char		*cups_crypt(const char *pw, const char *salt);
+-#endif /* !HAVE_LIBPAM */
+ static void		free_authmask(cupsd_authmask_t *am, void *data);
+ #if HAVE_LIBPAM
+ static int		pam_func(int, const struct pam_message **,
+@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)	/* I - Client connection */
+ 	    * client...
+ 	    */
+ 
+-	    pass = cups_crypt(password, pw->pw_passwd);
++	    pass = crypt(password, pw->pw_passwd);
+ 
+ 	    if (!pass || strcmp(pw->pw_passwd, pass))
+ 	    {
+ #  ifdef HAVE_SHADOW_H
+ 	      if (spw)
+ 	      {
+-		pass = cups_crypt(password, spw->sp_pwdp);
++		pass = crypt(password, spw->sp_pwdp);
+ 
+ 		if (pass == NULL || strcmp(spw->sp_pwdp, pass))
+ 		{
+@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,	/* I - Existing auth mask */
+ }
+ 
+ 
+-#if !HAVE_LIBPAM
+-/*
+- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
+- *                  as needed.
+- */
+-
+-static char *				/* O - Encrypted password */
+-cups_crypt(const char *pw,		/* I - Password string */
+-           const char *salt)		/* I - Salt (key) string */
+-{
+-  if (!strncmp(salt, "$1$", 3))
+-  {
+-   /*
+-    * Use MD5 passwords without the benefit of PAM; this is for
+-    * Slackware Linux, and the algorithm was taken from the
+-    * old shadow-19990827/lib/md5crypt.c source code... :(
+-    */
+-
+-    int			i;		/* Looping var */
+-    unsigned long	n;		/* Output number */
+-    int			pwlen;		/* Length of password string */
+-    const char		*salt_end;	/* End of "salt" data for MD5 */
+-    char		*ptr;		/* Pointer into result string */
+-    _cups_md5_state_t	state;		/* Primary MD5 state info */
+-    _cups_md5_state_t	state2;		/* Secondary MD5 state info */
+-    unsigned char	digest[16];	/* MD5 digest result */
+-    static char		result[120];	/* Final password string */
+-
+-
+-   /*
+-    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
+-    * Get a maximum of 8 characters of salt data after $1$...
+-    */
+-
+-    for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
+-      if (*salt_end == '$')
+-        break;
+-
+-   /*
+-    * Compute the MD5 sum we need...
+-    */
+-
+-    pwlen = strlen(pw);
+-
+-    _cupsMD5Init(&state);
+-    _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-    _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
+-
+-    _cupsMD5Init(&state2);
+-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+-    _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
+-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+-    _cupsMD5Finish(&state2, digest);
+-
+-    for (i = pwlen; i > 0; i -= 16)
+-      _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
+-
+-    for (i = pwlen; i > 0; i >>= 1)
+-      _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
+-
+-    _cupsMD5Finish(&state, digest);
+-
+-    for (i = 0; i < 1000; i ++)
+-    {
+-      _cupsMD5Init(&state);
+-
+-      if (i & 1)
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-      else
+-        _cupsMD5Append(&state, digest, 16);
+-
+-      if (i % 3)
+-        _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
+-
+-      if (i % 7)
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+-      if (i & 1)
+-        _cupsMD5Append(&state, digest, 16);
+-      else
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+-      _cupsMD5Finish(&state, digest);
+-    }
+-
+-   /*
+-    * Copy the final sum to the result string and return...
+-    */
+-
+-    memcpy(result, salt, (size_t)(salt_end - salt));
+-    ptr = result + (salt_end - salt);
+-    *ptr++ = '$';
+-
+-    for (i = 0; i < 5; i ++, ptr += 4)
+-    {
+-      n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
+-
+-      if (i < 4)
+-        n |= (unsigned)digest[i + 12];
+-      else
+-        n |= (unsigned)digest[5];
+-
+-      to64(ptr, n, 4);
+-    }
+-
+-    to64(ptr, (unsigned)digest[11], 2);
+-    ptr += 2;
+-    *ptr = '\0';
+-
+-    return (result);
+-  }
+-  else
+-  {
+-   /*
+-    * Use the standard crypt() function...
+-    */
+-
+-    return (crypt(pw, salt));
+-  }
+-}
+-#endif /* !HAVE_LIBPAM */
+-
+-
+ /*
+  * 'free_authmask()' - Free function for auth masks.
+  */