1 files changed, 66 insertions, 70 deletions

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 57cdf2650e..2994973b8c 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -1,123 +1,119 @@
 SUMMARY = "An Internet printing system for Unix"
+DESCRIPTION = "The Common UNIX Printing System is a printing system and \
+general replacement for lpd and the like. It supports the Internet Printing \
+Protocol (IPP), and has its own filtering driver model for handling various \
+document types."
+HOMEPAGE = "https://www.cups.org/"
 SECTION = "console/utils"
-LICENSE = "GPLv2 & LGPLv2"
-DEPENDS = "gnutls libpng jpeg dbus dbus-glib zlib libusb"
-
-SRC_URI = "http://www.cups.org/software/${PV}/${BP}-source.tar.bz2 \
-           file://use_echo_only_in_init.patch \
-           file://0001-don-t-try-to-run-generated-binaries.patch \
-           file://cups_serverbin.patch \
-           file://cups.socket \
-           file://cups.path \
-           file://cups.service \
-	  "
+LICENSE = "Apache-2.0"
+DEPENDS = "libpng jpeg dbus zlib libusb1"
+
+SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${PV}-source.tar.gz \
+           file://0001-use-echo-only-in-init.patch \
+           file://0002-don-t-try-to-run-generated-binaries.patch \
+           file://libexecdir.patch \
+           file://0004-cups-fix-multilib-install-file-conflicts.patch \
+           file://volatiles.99_cups \
+           file://cups-volatiles.conf \
+           "
+
+UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
+UPSTREAM_CHECK_REGEX = "cups-(?P<pver>(?!.+\d(b|rc)\d.+).+)-source.tar"
+
+# Issue only applies to MacOS
+CVE_CHECK_WHITELIST += "CVE-2008-1033"
+# Issue affects pdfdistiller plugin used with but not part of cups
+CVE_CHECK_WHITELIST += "CVE-2009-0032"
+# This is an Ubuntu only issue.
+CVE_CHECK_WHITELIST += "CVE-2018-6553"
 
 LEAD_SONAME = "libcupsdriver.so"
 
 CLEANBROKEN = "1"
 
-inherit autotools-brokensep binconfig useradd systemd
+inherit autotools-brokensep binconfig useradd systemd pkgconfig multilib_script
 
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "--system lpadmin"
+GROUPADD_PARAM:${PN} = "--system lpadmin"
 
-SYSTEMD_SERVICE_${PN} = "cups.socket cups.path cups.service"
+SYSTEMD_SERVICE:${PN} = "cups.socket cups.path cups.service cups-lpd.socket"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam systemd', d)}"
 PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi"
 PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl"
-PACKAGECONFIG[pam] = "--enable-pam, --disable-pam, libpam"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
+PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam"
+PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd"
+PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd"
 
 EXTRA_OECONF = " \
-               --enable-gnutls \
                --enable-dbus \
                --enable-browsing \
                --disable-gssapi \
                --enable-debug \
                --disable-relro \
                --enable-libusb \
-               --without-php \
-               --without-perl \
-               --without-python \
-               --without-java \
+               --with-system-groups=lpadmin \
+               --with-cups-group=lp \
+               --with-domainsocket=/run/cups/cups.sock \
+               DSOFLAGS='${LDFLAGS}' \
                "
 
 EXTRA_AUTORECONF += "--exclude=autoheader"
 
-do_compile () {
-	echo "all:"    >  man/Makefile
-	echo "libs:" >> man/Makefile
-	echo "install:" >> man/Makefile
-	echo "install-data:" >> man/Makefile
-	echo "install-exec:" >> man/Makefile
-	echo "install-headers:" >> man/Makefile
-	echo "install-libs:" >> man/Makefile
-
-	oe_runmake
-}
-
 do_install () {
-	oe_runmake "DSTROOT=${D}" install
+	oe_runmake "DESTDIR=${D}" install
 
 	# Remove /var/run from package as cupsd will populate it on startup
 	rm -fr ${D}/${localstatedir}/run
-	rmdir ${D}/${libdir}/${BPN}/driver
+	rm -fr ${D}/${localstatedir}/log
+	rmdir ${D}/${libexecdir}/${BPN}/driver
+
+	# Fix the pam configuration file permissions
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
+	    chmod 0644 ${D}${sysconfdir}/pam.d/cups
+	fi
 
 	# Remove sysinit script and symlinks if sysvinit is not in DISTRO_FEATURES
 	if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
 	    rm -rf ${D}${sysconfdir}/init.d/
 	    rm -rf ${D}${sysconfdir}/rc*
+	    install -d ${D}${sysconfdir}/tmpfiles.d
+	    install -m 0644 ${WORKDIR}/cups-volatiles.conf \
+		    ${D}${sysconfdir}/tmpfiles.d/cups.conf
+	else
+	    install -d ${D}${sysconfdir}/default/volatiles
+	    install -m 0644 ${WORKDIR}/volatiles.99_cups \
+		    ${D}${sysconfdir}/default/volatiles/99_cups
 	fi
-
-	# Install systemd unit files
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/cups.socket ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/cups.path ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/cups.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/cups.service
-}
-
-python do_package_append() {
-    import subprocess
-    # Change permissions back the way they were, they probably had a reason...
-    workdir = d.getVar('WORKDIR', True)
-    subprocess.call('chmod 0511 %s/install/cups/var/run/cups/certs' % workdir, shell=True)
 }
 
 PACKAGES =+ "${PN}-lib ${PN}-libimage"
 
-RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}"
-FILES_${PN} += "${libdir}/cups/backend \
-		${libdir}/cups/cgi-bin \
-		${libdir}/cups/filter \
-		${libdir}/cups/monitor \
-		${libdir}/cups/notifier \
-		${libdir}/cups/daemon \
-	       "
-
-FILES_${PN}-lib = "${libdir}/libcups.so.*"
+RDEPENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'procps', '', d)}"
+FILES:${PN} += "${libexecdir}/cups/"
 
-FILES_${PN}-libimage = "${libdir}/libcupsimage.so.*"
+FILES:${PN}-lib = "${libdir}/libcups.so.*"
 
-FILES_${PN}-dbg += "${libdir}/cups/backend/.debug \
-                    ${libdir}/cups/cgi-bin/.debug \
-                    ${libdir}/cups/filter/.debug \
-                    ${libdir}/cups/monitor/.debug \
-                    ${libdir}/cups/notifier/.debug \
-                    ${libdir}/cups/daemon/.debug \
-                   "
+FILES:${PN}-libimage = "${libdir}/libcupsimage.so.*"
 
 #package the html for the webgui inside the main packages (~1MB uncompressed)
 
-FILES_${PN} += "${datadir}/doc/cups/images \
+FILES:${PN} += "${datadir}/doc/cups/images \
                 ${datadir}/doc/cups/*html \
                 ${datadir}/doc/cups/*.css \
                 ${datadir}/icons/ \
                "
-CONFFILES_${PN} += "${sysconfdir}/cups/cupsd.conf"
+CONFFILES:${PN} += "${sysconfdir}/cups/cupsd.conf"
+
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/cups-config"
 
 SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess"
 cups_sysroot_preprocess () {
-	sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libdir}/cups:'
+	sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
 }
+
+# -25317 concerns /var/log/cups having lp ownership.  Our /var/log/cups is
+# root:root, so this doesn't apply.
+CVE_CHECK_WHITELIST += "CVE-2021-25317"