work on cupsenumdest

cups-dbus_crash.patch

@@ -0,0 +1,38 @@
+commit 49fa4983f25b64ec29d548ffa3b9782426007df3
+Author: Michael Sweet <michael.r.sweet@gmail.com>
+Date:   Mon Oct 23 16:23:43 2017 -0400
+
+    DBUS notifications could crash the scheduler (Issue #5143)
+    
+    - scheduler/ipp.c: Make sure requesting-user-name string is valid UTF-8.
+
+diff --git a/scheduler/ipp.c b/scheduler/ipp.c
+index e6743cdcb..5cf980ab3 100644
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -1597,6 +1597,16 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
+     return (NULL);
+   }
+ 
++  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
++
++  if (attr && !ippValidateAttribute(attr))
++  {
++    send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
++    if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
++      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
++    return (NULL);
++  }
++
+   if ((job = cupsdAddJob(priority, printer->name)) == NULL)
+   {
+     send_ipp_status(con, IPP_INTERNAL_ERROR,
+@@ -1615,8 +1625,6 @@ add_job(cupsd_client_t  *con,		/* I - Client connection */
+   add_job_uuid(job);
+   apply_printer_defaults(printer, job);
+ 
+-  attr = ippFindAttribute(job->attrs, "requesting-user-name", IPP_TAG_NAME);
+-
+   if (con->username[0])
+   {
+     cupsdSetString(&job->username, con->username);

cups-printer-lpdest.patch

@@ -0,0 +1,12 @@
+diff -up cups-2.2.4/cups/dest.c.printer-lpdest cups-2.2.4/cups/dest.c
+--- cups-2.2.4/cups/dest.c.printer-lpdest	2018-01-09 12:36:28.625063928 +0100
++++ cups-2.2.4/cups/dest.c	2018-01-09 12:41:08.057940668 +0100
+@@ -2687,7 +2687,7 @@ cupsGetNamedDest(http_t     *http,	/* I
+       dest_name = cups_get_default(filename, defname, sizeof(defname), &instance);
+     }
+ 
+-    if (!name)
++    if (!dest_name)
+     {
+      /*
+       * Still not there?  Try the system lpoptions file...

cups-resolv_reload.patch

@@ -1,332 +0,0 @@
-diff -up cups-2.2.0/cups/auth.c.resolv_reload cups-2.2.0/cups/auth.c
---- cups-2.2.0/cups/auth.c.resolv_reload	2017-05-09 10:36:47.764075800 +0200
-+++ cups-2.2.0/cups/auth.c	2017-05-09 10:40:50.074052694 +0200
-@@ -519,6 +519,18 @@ cups_gss_getname(
-   DEBUG_printf(("7cups_gss_getname(http=%p, service_name=\"%s\")", http,
-                 service_name));
- 
-+#ifdef HAVE_RES_INIT
-+ /*
-+  * Check if /etc/resolv.conf is modified.
-+  * If so, reload resolver.
-+  */
-+
-+  dns_resolver_reload_rv retval;
-+
-+  retval = dnsReloadResolver();
-+  if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+    DEBUG_printf(("1cups_gss_getname: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
-+#endif /* HAVE_RES_INIT */
- 
-  /*
-   * Get the hostname...
-diff -up cups-2.2.0/cups/http-addr.c.resolv_reload cups-2.2.0/cups/http-addr.c
---- cups-2.2.0/cups/http-addr.c.resolv_reload	2017-05-09 10:36:58.094989545 +0200
-+++ cups-2.2.0/cups/http-addr.c	2017-05-09 10:43:51.958516333 +0200
-@@ -361,6 +361,20 @@ httpAddrLookup(
- 
- #ifdef HAVE_RES_INIT
-  /*
-+  * Check if /etc/resolv.conf is modified.
-+  * If so, reload resolver and set need_res_init to 0.
-+  */
-+
-+  dns_resolver_reload_rv retval;
-+
-+  retval = dnsReloadResolver();
-+
-+  if (retval.status == DNS_RESOLVER_RELOAD_RELOADED && cg->need_res_init == 1)
-+    cg->need_res_init = 0;
-+
-+  if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+    DEBUG_printf(("1httpAddrLookup: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
-+ /*
-   * STR #2920: Initialize resolver after failure in cups-polld
-   *
-   * If the previous lookup failed, re-initialize the resolver to prevent
-diff -up cups-2.2.0/cups/http-addrlist.c.resolv_reload cups-2.2.0/cups/http-addrlist.c
---- cups-2.2.0/cups/http-addrlist.c.resolv_reload	2017-05-09 10:37:03.834941621 +0200
-+++ cups-2.2.0/cups/http-addrlist.c	2017-05-09 10:45:10.426832540 +0200
-@@ -483,6 +483,20 @@ httpAddrGetList(const char *hostname,	/*
- 
- #ifdef HAVE_RES_INIT
-  /*
-+  * Check if /etc/resolv.conf is modified.
-+  * If so, reload resolver and set cg->need_res_init to 0
-+  */
-+
-+  dns_resolver_reload_rv retval;
-+
-+  retval = dnsReloadResolver();
-+
-+  if (retval.status == DNS_RESOLVER_RELOAD_RELOADED && cg->need_res_init == 1)
-+    cg->need_res_init = 0;
-+
-+  if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+    DEBUG_printf(("1httpAddrGetList: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
-+ /*
-   * STR #2920: Initialize resolver after failure in cups-polld
-   *
-   * If the previous lookup failed, re-initialize the resolver to prevent
-diff -up cups-2.2.0/cups/http.c.resolv_reload cups-2.2.0/cups/http.c
---- cups-2.2.0/cups/http.c.resolv_reload	2017-05-09 10:37:23.282779246 +0200
-+++ cups-2.2.0/cups/http.c	2017-05-09 10:47:21.406691147 +0200
-@@ -107,7 +107,9 @@ static const char * const http_fields[]
- 			  "Allow",
- 			  "Server"
- 			};
--
-+#ifdef HAVE_RES_INIT
-+time_t resolv_conf_modtime = 0;
-+#endif /* HAVE_RES_INIT */
- 
- /*
-  * 'httpAcceptConnection()' - Accept a new HTTP client connection from the
-@@ -4811,3 +4813,107 @@ http_write_chunk(http_t     *http,	/* I
- 
-   return (bytes);
- }
-+
-+#ifdef HAVE_RES_INIT
-+/*
-+ * Function to check modification time of resolv.conf. 
-+ * If time is changed, it reloads resolver. 
-+ * If /etc/resolv.conf doesn't exist, it tries to reload resolver with local nameserver, if it wasn't reloaded before
-+ * If even reloading resolver with local nameserver doesn't work, it ends with error.
-+ * Global variable resolv_conf_modtime is set to -1 before the first call of this function - this is for prevention of resolver's reloading when cupsd is just started and resolv.conf exists - cupsd has current configuration in that case.
-+ */
-+
-+dns_resolver_reload_rv
-+dnsReloadResolver()
-+{
-+  dns_resolver_reload_rv retval, lstat_retval, stat_retval, res_init_retval;
-+  struct stat resolv_conf_stat, resolv_conf_lstat, resolv_conf_status;
-+  retval.status = DNS_RESOLVER_RELOAD_OK;
-+  retval.errnum = 0;
-+  stat_retval.errnum = 0;
-+  lstat_retval.errnum = 0;
-+  res_init_retval.errnum = 0;
-+
-+  /* Variable to store /etc/resolv.conf modification time - initialized by actual time*/
-+  static time_t resolv_conf_modtime = -1;
-+
-+  /* This part of code is to ensure we get modification time of symlink and original file - we will decide which is newer later */
-+  stat_retval.status = stat(DNS_RESOLV_CONF_PATH, &resolv_conf_stat);
-+  stat_retval.errnum = errno;
-+  lstat_retval.status = lstat(DNS_RESOLV_CONF_PATH, &resolv_conf_lstat);
-+  lstat_retval.errnum = errno;
-+
-+  /* symlink /etc/resolv.conf or original file couldn't be stated because it doesn't exist, try resolver on localhost 
-+   * Covers cases:
-+   * - resolv.conf and original file existed and it doesn't now - resolv_conf_modtime has different value than 0  - reload resolver with local nameserver
-+   * - resolv.conf and original file didn't exist and still doesn't exist - resolv_conf_modtime is set to 0 - do nothing
-+   */
-+  if (stat_retval.status == -1 && lstat_retval.status == -1 && stat_retval.errnum == ENOENT && lstat_retval.errnum == ENOENT)
-+  {
-+    /* if resolv_conf_modtime is set to 0, it means previous reload was for resolver with local nameserver - no need to reload again */
-+    if (resolv_conf_modtime != 0)
-+    {
-+      res_init_retval.status = res_init();
-+      res_init_retval.errnum = errno;
-+      if (res_init_retval.status == 0)
-+      {
-+        resolv_conf_modtime = 0;
-+        retval.status = DNS_RESOLVER_RELOAD_RELOADED;
-+      }
-+      else
-+        retval.status = res_init_retval.status;
-+
-+      retval.errnum = res_init_retval.errnum;
-+    }
-+    else
-+    {
-+      retval.status = DNS_RESOLVER_RELOAD_OK;
-+      retval.errnum = ENOENT;
-+    }
-+
-+    return (retval);
-+  }
-+
-+  /* If stat ends with different errno, return status - it should return both statuses and errnos, but for simplification it returns only stat */
-+  if (stat_retval.status == -1 && lstat_retval.status == -1)
-+  {
-+    retval.errnum = stat_retval.errnum;
-+    retval.status = stat_retval.status;
-+    return (retval);
-+  }
-+
-+  /* Here we compare modification times from lstat and stat to decide which is newer - if they are equal, lstat modification time is used. We are checking only stat() errno, because case with errors in both lstat() and stat() functions is checked before */
-+  if (stat_retval.errnum == 0)
-+    if (resolv_conf_stat.st_mtime > resolv_conf_lstat.st_mtime)
-+      resolv_conf_status = resolv_conf_stat;
-+    else
-+      resolv_conf_status = resolv_conf_lstat;
-+  else
-+    resolv_conf_status = resolv_conf_lstat;
-+
-+  /* If /etc/resolv.conf exists and modification times are different, reload resolver.
-+   * Covers cases:
-+   * - resolv.conf or original file exists and it was modified - resolv_conf_modtime has different value than resolv_conf_status.st_mtime - reload resolver with nameserver from /etc/resolv.conf 
-+   * - resolv.conf or original file didn't exist and it does now - resolv_conf_modtime is set to 0 and resolv_conf_status.st_mtime has value - reload resolver with nameserver form /etc/resolv.conf
-+   * - resolv.conf or original file exists and it wasn't modified - resolv_conf_modtime is equal to resolv_conf_status.st_mtime - do nothing
-+   */
-+  if (resolv_conf_status.st_mtime != resolv_conf_modtime)
-+  {
-+    res_init_retval.status = res_init();
-+    res_init_retval.errnum = errno;
-+    if (res_init_retval.status == 0)
-+    {
-+      retval.status = DNS_RESOLVER_RELOAD_RELOADED;
-+    }
-+    else
-+      retval.status = res_init_retval.status;
-+
-+    retval.errnum = res_init_retval.errnum;
-+  }
-+
-+  resolv_conf_modtime = resolv_conf_status.st_mtime;
-+
-+  return (retval);
-+}
-+#endif /* HAVE_RES_INIT */
-+
-diff -up cups-2.2.0/cups/http.h.resolv_reload cups-2.2.0/cups/http.h
---- cups-2.2.0/cups/http.h.resolv_reload	2017-05-09 10:37:41.108630413 +0200
-+++ cups-2.2.0/cups/http.h	2017-05-09 12:20:16.115333557 +0200
-@@ -55,6 +55,12 @@ typedef off_t ssize_t;			/* @private@ */
- #      define SO_PEERCRED LOCAL_PEERCRED
- #    endif /* LOCAL_PEERCRED && !SO_PEERCRED */
- #  endif /* WIN32 */
-+#  ifdef HAVE_RES_INIT
-+#    include <sys/stat.h>
-+#    include <unistd.h>
-+#    include <arpa/nameser.h>
-+#    include <resolv.h>
-+#  endif /* HAVE_RES_INIT */
- 
- 
- /*
-@@ -95,6 +101,13 @@ extern "C" {
- #endif /* AF_INET6 && !s6_addr32 */
- 
- 
-+#ifdef HAVE_RES_INIT
-+/*
-+ * Global variable for storing old modification time of resolv.conf 
-+ */
-+  extern time_t resolv_conf_modtime;
-+#endif /* HAVE_RES_INIT */
-+
- /*
-  * Limits...
-  */
-@@ -103,6 +116,9 @@ extern "C" {
- #  define HTTP_MAX_HOST		256	/* Max length of hostname string */
- #  define HTTP_MAX_BUFFER	2048	/* Max length of data buffer */
- #  define HTTP_MAX_VALUE	256	/* Max header field value length */
-+#  ifdef HAVE_RES_INIT
-+#    define DNS_RESOLV_CONF_PATH	"/etc/resolv.conf" /* Path to resolv.conf */
-+#  endif /* HAVE_RES_INIT */
- 
- 
- /*
-@@ -406,6 +422,15 @@ typedef enum http_version_e		/**** HTTP
- #  endif /* !_CUPS_NO_DEPRECATED */
- } http_version_t;
- 
-+#ifdef HAVE_RES_INIT
-+typedef enum dns_resolver_reload_e
-+{
-+  DNS_RESOLVER_RELOAD_ERROR = -1,
-+  DNS_RESOLVER_RELOAD_OK = 0,
-+  DNS_RESOLVER_RELOAD_RELOADED = 1
-+} dns_resolver_reload_t;
-+#endif /* HAVE_RES_INIT */
-+
- typedef union _http_addr_u		/**** Socket address union, which
- 					 **** makes using IPv6 and other
- 					 **** address types easier and
-@@ -444,6 +469,13 @@ typedef struct http_credential_s	/**** H
- typedef int (*http_timeout_cb_t)(http_t *http, void *user_data);
- 					/**** HTTP timeout callback @since CUPS 1.5/macOS 10.7@ ****/
- 
-+#ifdef HAVE_RES_INIT
-+typedef struct dns_resolver_reload_retval
-+{
-+  dns_resolver_reload_t status;
-+  int errnum;
-+} dns_resolver_reload_rv;
-+#endif /* HAVE_RES_INIT */
- 
- 
- /*
-@@ -590,6 +622,10 @@ extern http_version_t	httpGetVersion(htt
- extern int		httpReconnect2(http_t *http, int msec, int *cancel)
- 			               _CUPS_API_1_6;
- 
-+/**** Prototype of function to check modification time of /etc/resolv.conf ****/
-+#ifdef HAVE_RES_INIT
-+extern dns_resolver_reload_rv	dnsReloadResolver();
-+#endif /* HAVE_RES_INIT */
- 
- /**** New in CUPS 1.7/macOS 10.9 ****/
- extern http_t		*httpAcceptConnection(int fd, int blocking)
-diff -up cups-2.2.0/cups/http-support.c.resolv_reload cups-2.2.0/cups/http-support.c
---- cups-2.2.0/cups/http-support.c.resolv_reload	2017-05-09 10:38:11.314378218 +0200
-+++ cups-2.2.0/cups/http-support.c	2017-05-09 12:21:40.455565953 +0200
-@@ -2258,6 +2258,18 @@ http_resolve_cb(
-     http_addrlist_t	*addrlist,	/* List of addresses */
- 			*addr;		/* Current address */
- 
-+#ifdef HAVE_RES_INIT
-+   /*
-+    * Check if resolv.conf is modified, if so, reload resolver
-+    */
-+
-+    dns_resolver_reload_rv retval;
-+
-+    retval = dnsReloadResolver();
-+    if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+      DEBUG_printf(("1http_resolve_cb: dnsReloadResolver() failed - %s.", strerror(retval.errnum)));
-+#endif /* HAVE_RES_INIT */
-+
-     DEBUG_printf(("5http_resolve_cb: Looking up \"%s\".", hostTarget));
- 
-     snprintf(fqdn, sizeof(fqdn), "%d", ntohs(port));
-diff -up cups-2.2.0/scheduler/conf.c.resolv_reload cups-2.2.0/scheduler/conf.c
---- cups-2.2.0/scheduler/conf.c.resolv_reload	2017-05-09 10:38:29.869223299 +0200
-+++ cups-2.2.0/scheduler/conf.c	2017-05-09 12:22:40.442020000 +0200
-@@ -937,6 +937,15 @@ cupsdReadConfiguration(void)
-   if (!RemotePort)
-     BrowseLocalProtocols = 0;		/* Disable sharing - no remote access */
- 
-+#ifdef HAVE_RES_INIT
-+  dns_resolver_reload_rv retval;	/* Return status of dnsReloadResolver() */
-+
-+  retval = dnsReloadResolver();
-+
-+  if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+    syslog(LOG_LPR, "1cupsdReadConfiguration: dnsReloadResolver() failed - %s.", strerror(retval.errnum));
-+#endif /* HAVE_RES_INIT */
-+
-  /*
-   * See if the ServerName is an IP address...
-   */
-diff -up cups-2.2.0/scheduler/main.c.resolv_reload cups-2.2.0/scheduler/main.c
---- cups-2.2.0/scheduler/main.c.resolv_reload	2017-05-09 10:38:37.699157925 +0200
-+++ cups-2.2.0/scheduler/main.c	2017-05-09 12:23:36.280514244 +0200
-@@ -136,6 +136,14 @@ main(int  argc,				/* I - Number of comm
-   long			tmo_delay;	/* Time before it must be called */
- #endif /* HAVE_AVAHI */
- 
-+#ifdef HAVE_RES_INIT
-+  dns_resolver_reload_rv retval;	/* Return status from dnsReloadResolver() */
-+
-+  retval = dnsReloadResolver();
-+  if (retval.status == DNS_RESOLVER_RELOAD_ERROR)
-+    fprintf(stderr, "cupsd: Cannot reload a resolver - %s , using old configuration now.\n", strerror(retval.errnum));
-+#endif /* HAVE_RES_INIT */
-+
- #ifdef HAVE_GETEUID
-  /*
-   * Check for setuid invocation, which we do not support!

cups-substitute-bad-attrs.patch

@@ -0,0 +1,141 @@
+diff -up cups-2.2.4/scheduler/ipp.c.substitute-bad-attrs cups-2.2.4/scheduler/ipp.c
+--- cups-2.2.4/scheduler/ipp.c.substitute-bad-attrs	2018-04-12 08:44:42.202592413 +0200
++++ cups-2.2.4/scheduler/ipp.c	2018-04-12 08:46:21.347689359 +0200
+@@ -164,6 +164,7 @@ cupsdProcessIPPRequest(
+   ipp_attribute_t	*uri = NULL;	/* Printer or job URI attribute */
+   ipp_attribute_t	*username;	/* requesting-user-name attr */
+   int			sub_id;		/* Subscription ID */
++  int			valid = 1;	/* Valid request? */
+ 
+ 
+   cupsdLogMessage(CUPSD_LOG_DEBUG2,
+@@ -402,20 +403,55 @@ cupsdProcessIPPRequest(
+       else
+       {
+        /*
+-	* OK, all the checks pass so far; make sure requesting-user-name is
+-	* not "root" from a remote host...
++	* OK, all the checks pass so far; validate "requesting-user-name"
++	* attribute value...
+ 	*/
+ 
+-        if ((username = ippFindAttribute(con->request, "requesting-user-name",
+-	                                 IPP_TAG_NAME)) != NULL)
+-	{
+-	 /*
+-	  * Check for root user...
+-	  */
+-
+-	  if (!strcmp(username->values[0].string.text, "root") &&
+-	      _cups_strcasecmp(con->http->hostname, "localhost") &&
+-	      strcmp(con->username, "root"))
++        if ((username = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_ZERO)) != NULL)
++        {
++         /*
++          * Validate "requesting-user-name"...
++          */
++
++          if (username->group_tag != IPP_TAG_OPERATION && StrictConformance)
++          {
++	    cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute in wrong group.", IPP_STATUS_ERROR_BAD_REQUEST, con->http->hostname);
++	    send_ipp_status(con, IPP_STATUS_ERROR_BAD_REQUEST, _("\"requesting-user-name\" attribute in wrong group."));
++	    valid = 0;
++          }
++          else if (username->value_tag != IPP_TAG_NAME && username->value_tag != IPP_TAG_NAMELANG)
++          {
++	    cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with wrong syntax.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
++	    send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
++	    if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
++	      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
++	    valid = 0;
++          }
++          else if (!ippValidateAttribute(username))
++          {
++	    cupsdAddEvent(CUPSD_EVENT_SERVER_AUDIT, NULL, NULL, "%04X %s \"requesting-user-name\" attribute with bad value.", IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, con->http->hostname);
++
++            if (StrictConformance)
++            {
++             /*
++              * Throw an error...
++              */
++
++	      send_ipp_status(con, IPP_STATUS_ERROR_ATTRIBUTES_OR_VALUES, _("\"requesting-user-name\" attribute with wrong syntax."));
++              if ((attr = ippCopyAttribute(con->response, username, 0)) != NULL)
++                attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
++	      valid = 0;
++	    }
++	    else
++	    {
++	     /*
++	      * Map bad "requesting-user-name" to 'anonymous'...
++	      */
++
++              ippSetString(con->request, &username, 0, "anonymous");
++	    }
++          }
++          else if (!strcmp(username->values[0].string.text, "root") && _cups_strcasecmp(con->http->hostname, "localhost") && strcmp(con->username, "root"))
+ 	  {
+ 	   /*
+ 	    * Remote unauthenticated user masquerading as local root...
+@@ -431,6 +467,8 @@ cupsdProcessIPPRequest(
+ 	else
+ 	  sub_id = 0;
+ 
++        if (valid)
++        {
+        /*
+         * Then try processing the operation...
+ 	*/
+@@ -634,6 +672,7 @@ cupsdProcessIPPRequest(
+ 			      ippOpString(
+ 			          con->request->request.op.operation_id));
+ 	      break;
++        }
+ 	}
+       }
+     }
+@@ -1594,27 +1633,34 @@ add_job(cupsd_client_t  *con,		/* I - Cl
+                     _("Bad job-name value: Wrong type or count."));
+     if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+       attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+-    return (NULL);
++
++    if (StrictConformance)
++      return (NULL);
++
++    /* Don't use invalid attribute */
++    ippDeleteAttribute(con->request, attr);
++
++    ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
+   }
+   else if (!ippValidateAttribute(attr))
+   {
+     send_ipp_status(con, IPP_ATTRIBUTES, _("Bad job-name value: %s"),
+                     cupsLastErrorString());
++
+     if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+       attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+-    return (NULL);
+-  }
+ 
+-  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
++    if (StrictConformance)
++      return (NULL);
+ 
+-  if (attr && !ippValidateAttribute(attr))
+-  {
+-    send_ipp_status(con, IPP_ATTRIBUTES, _("Bad requesting-user-name value: %s"), cupsLastErrorString());
+-    if ((attr = ippCopyAttribute(con->response, attr, 0)) != NULL)
+-      attr->group_tag = IPP_TAG_UNSUPPORTED_GROUP;
+-    return (NULL);
++    /* Don't use invalid attribute */
++    ippDeleteAttribute(con->request, attr);
++
++    ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL, "Untitled");
+   }
+ 
++  attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
++
+ #ifdef WITH_LSPP
+   if (is_lspp_config())
+   {

cups.spec

@@ -15,7 +15,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.2.4
-Release: 6%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source0: https://github.com/apple/cups/releases/download/v%{VERSION}/cups-%{VERSION}-source.tar.gz
@@ -61,10 +61,12 @@ Patch34: cups-avahi-no-threaded.patch
 Patch35: cups-ipp-multifile.patch
 Patch36: cups-web-devices-timeout.patch
 Patch37: cups-synconclose.patch
-Patch38: cups-resolv_reload.patch
 Patch39: cups-ypbind.patch
 Patch40: cups-no-dest.patch
 Patch41: cups-cupsenumdests2.patch
+Patch42: cups-printer-lpdest.patch
+Patch43: cups-dbus_crash.patch
+Patch44: cups-substitute-bad-attrs.patch
 
 Patch100: cups-lspp.patch
 
@@ -256,19 +258,22 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch36 -p1 -b .web-devices-timeout
 # Set the default for SyncOnClose to Yes.
 %patch37 -p1 -b .synconclose
-# CUPS does not recognize changes to /etc/resolv.conf until CUPS restart (bug #1437065)
-%patch38 -p1 -b .resolv_reload
 # CUPS may fail to start if NIS groups are used (bug #1494558)
 %patch39 -p1 -b .ypbind
 # Can not get destinations from CUPS server (bug #1484916)
 %patch40 -p1 -b .no-dest
 # Cannot browse CUPS servers in GNOME Control Panel Printers (bug #1498091)
 %patch41 -p1 -b .cupsenumdests2
-
+# 1532536 - Commanline tools such as 'lpr' don't use default printer from environment any more (bug #1532536)
+%patch42 -p1 -b .printer-lpdest
+# https://bugzilla.redhat.com/show_bug.cgi?id=1561298
+%patch43 -p1 -b .dbus_notify
 %if %{lspp}
 # LSPP support.
 %patch100 -p1 -b .lspp
 %endif
+# Substitute default values for invalid job attributes (upstream #5186 and #5229)
+%patch44 -p1 -b .substitute-bad-attrs
 
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
 
@@ -502,7 +507,7 @@ rm -f %{cups_serverbin}/backend/smb
 %verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/snmp.conf
 %attr(0640,root,lp) %{_sysconfdir}/cups/snmp.conf.default
 %verify(not md5 size mtime) %config(noreplace) %attr(0640,root,lp) %{_sysconfdir}/cups/subscriptions.conf
-#%{_sysconfdir}/cups/interfaces
+#%%{_sysconfdir}/cups/interfaces
 %verify(not md5 size mtime) %config(noreplace) %attr(0644,root,lp) %{_sysconfdir}/cups/lpoptions
 %dir %attr(0755,root,lp) %{_sysconfdir}/cups/ppd
 %dir %attr(0700,root,lp) %{_sysconfdir}/cups/ssl
@@ -629,6 +634,18 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Thu Apr 12 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-10
+- Substitute default values for invalid job attributes (upstream #5186 and #5229)
+
+* Wed Mar 28 2018 Pavel Zhukov <pzhukov@redhat.com> - 1:2.2.4-9
+- Fix for CVE-2017-18248
+
+* Fri Jan 12 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-8
+- 1437345 - Remove cups-resolv_reload.patch
+
+* Tue Jan 09 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-7
+- 1532536 - Commanline tools such as 'lpr' don't use default printer from environment any more 
+
 * Wed Oct 04 2017 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.2.4-6
 - 1498091 - Cannot browse CUPS servers in GNOME Control Panel Printers