diff --git a/extra/cups/PKGBUILD b/extra/cups/PKGBUILD index c8d77c381..f727610a3 100644 --- a/extra/cups/PKGBUILD +++ b/extra/cups/PKGBUILD @@ -7,7 +7,7 @@ pkgbase="cups" pkgname=('libcups' 'cups') pkgver=2.2.7 -pkgrel=1 +pkgrel=2 arch=('x86_64') license=('GPL') url="https://www.cups.org/" @@ -22,6 +22,7 @@ source=(https://github.com/apple/cups/releases/download/v${pkgver}/cups-${pkgver cups-no-gzip-man.patch cups-1.6.2-statedir.patch # bugfixes + auth-workaround-for-certain-web-browsers.patch cups-systemd-socket.patch) sha256sums=('3c4b637b737077565ccdfbd5f61785d03f49461ae736fcc2c0ffaf41d2c6ea6a' 'SKIP' @@ -32,6 +33,7 @@ sha256sums=('3c4b637b737077565ccdfbd5f61785d03f49461ae736fcc2c0ffaf41d2c6ea6a' 'ff3eb0782af0405f5dafe89e04b1b4ea7a49afc5496860d724343bd04f375832' 'b8fc2e3bc603495f0278410350ea8f0161d9d83719feb64f573b63430cb4800b' '23349c96f2f7aeb7d48e3bcd35a969f5d5ac8f55a032b0cfaa0a03d7e37ea9af' + 'e5ad0e967c2ae9a9780211acb41980e4aa203df1dacff49d14d75a6ab6c8b8ed' 'c04627383d66f19b78e78f960d4d46577111ec9789b937ac4efba4cf369c921f') validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org (CUPS.org PGP key) validpgpkeys+=('45D083946E3035282B3CCA9AF434104235DA97EB') # "CUPS.org " @@ -48,6 +50,8 @@ prepare() { patch -Np1 -i ${srcdir}/cups-1.6.2-statedir.patch # bug fixes + # https://github.com/apple/cups/issues/5289 + patch -Np1 -i ${srcdir}/auth-workaround-for-certain-web-browsers.patch # make sure network is up when starting and notify systemd - FC patch -Np1 -i ${srcdir}/cups-systemd-socket.patch diff --git a/extra/cups/auth-workaround-for-certain-web-browsers.patch b/extra/cups/auth-workaround-for-certain-web-browsers.patch new file mode 100644 index 000000000..9b5af9eb4 --- /dev/null +++ b/extra/cups/auth-workaround-for-certain-web-browsers.patch @@ -0,0 +1,59 @@ +From 4feb1fe2e5bb9f418f51f5f517f70b451159baa2 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Mon, 16 Apr 2018 17:16:31 -0400 +Subject: [PATCH] - Added a workaround for certain web browsers that do not + support multiple authentication schemes in a single response header (Issue + #5289) + +--- + scheduler/client.c | 22 +++++++++++++++++----- + scheduler/client.h | 8 +++++--- + 2 files changed, 22 insertions(+), 8 deletions(-) + +diff --git a/scheduler/client.c b/scheduler/client.c +index f388499dc..95c34877d 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -813,6 +814,18 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + + if (status == HTTP_STATUS_OK) + { ++ /* ++ * Record whether the client is a web browser. "Mozilla" was the original ++ * and it seems that every web browser in existence now uses that as the ++ * prefix with additional information identifying *which* browser. ++ * ++ * Chrome (at least) has problems with multiple WWW-Authenticate values in ++ * a single header, so we only report Basic or Negotiate to web browsers and ++ * leave the multiple choices to the native CUPS client... ++ */ ++ ++ con->is_browser = !strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), "Mozilla/", 8); ++ + if (httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0]) + { + /* +@@ -2103,8 +2116,7 @@ cupsdSendHeader( + strlcpy(auth_str, "Negotiate", sizeof(auth_str)); + } + +- if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && +- !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) ++ if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) + { + /* + * Add a "trc" (try root certification) parameter for local non-Kerberos +diff --git a/scheduler/client.h b/scheduler/client.h +index aaca8279a..fc7af5400 100644 +--- a/scheduler/client.h ++++ b/scheduler/client.h +@@ -26,6 +27,7 @@ struct cupsd_client_s + struct timeval start; /* Request start time */ + http_state_t operation; /* Request operation */ + off_t bytes; /* Bytes transferred for this request */ ++ int is_browser; /* Is the client a web browser? */ + int type; /* AuthType for username */ + char username[HTTP_MAX_VALUE], + /* Username from Authorization: line */ +-- +2.17.0