Update libcups to v2.2.1 am: bfe95db54f am: aa24d4b551
am: ed68ab3200
Change-Id: I0599c8b7930a70db67aa8861ab0ea4d498d9c097
diff --git a/cups/cups.h b/cups/cups.h
index c9bea80..cef5697 100644
--- a/cups/cups.h
+++ b/cups/cups.h
@@ -47,10 +47,10 @@
* Constants...
*/
-# define CUPS_VERSION 2.0200
+# define CUPS_VERSION 2.0201
# define CUPS_VERSION_MAJOR 2
# define CUPS_VERSION_MINOR 2
-# define CUPS_VERSION_PATCH 0
+# define CUPS_VERSION_PATCH 1
# define CUPS_BC_FD 3
/* Back-channel file descriptor for
diff --git a/cups/hash.c b/cups/hash.c
index 6b7b6da..d52807e 100644
--- a/cups/hash.c
+++ b/cups/hash.c
@@ -1,7 +1,7 @@
/*
* Hashing function for CUPS.
*
- * Copyright 2015 by Apple Inc.
+ * Copyright 2015-2016 by Apple Inc.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
@@ -53,7 +53,7 @@
}
#ifdef __APPLE__
- if (strcmp(algorithm, "sha"))
+ if (!strcmp(algorithm, "sha"))
{
/*
* SHA-1...
@@ -70,7 +70,7 @@
return (CC_SHA1_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-224"))
+ else if (!strcmp(algorithm, "sha2-224"))
{
CC_SHA256_CTX ctx; /* SHA-224 context */
@@ -83,7 +83,7 @@
return (CC_SHA224_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-256"))
+ else if (!strcmp(algorithm, "sha2-256"))
{
CC_SHA256_CTX ctx; /* SHA-256 context */
@@ -96,7 +96,7 @@
return (CC_SHA256_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-384"))
+ else if (!strcmp(algorithm, "sha2-384"))
{
CC_SHA512_CTX ctx; /* SHA-384 context */
@@ -109,7 +109,7 @@
return (CC_SHA384_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-512"))
+ else if (!strcmp(algorithm, "sha2-512"))
{
CC_SHA512_CTX ctx; /* SHA-512 context */
@@ -122,7 +122,7 @@
return (CC_SHA512_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-512_224"))
+ else if (!strcmp(algorithm, "sha2-512_224"))
{
CC_SHA512_CTX ctx; /* SHA-512 context */
unsigned char temp[CC_SHA512_DIGEST_LENGTH];
@@ -143,7 +143,7 @@
return (CC_SHA224_DIGEST_LENGTH);
}
- else if (strcmp(algorithm, "sha2-512_256"))
+ else if (!strcmp(algorithm, "sha2-512_256"))
{
CC_SHA512_CTX ctx; /* SHA-512 context */
unsigned char temp[CC_SHA512_DIGEST_LENGTH];
@@ -171,22 +171,22 @@
unsigned char temp[64]; /* Temporary hash buffer */
size_t tempsize = 0; /* Truncate to this size? */
- if (strcmp(algorithm, "sha"))
+ if (!strcmp(algorithm, "sha"))
alg = GNUTLS_DIG_SHA1;
- else if (strcmp(algorithm, "sha2-224"))
+ else if (!strcmp(algorithm, "sha2-224"))
alg = GNUTLS_DIG_SHA224;
- else if (strcmp(algorithm, "sha2-256"))
+ else if (!strcmp(algorithm, "sha2-256"))
alg = GNUTLS_DIG_SHA256;
- else if (strcmp(algorithm, "sha2-384"))
+ else if (!strcmp(algorithm, "sha2-384"))
alg = GNUTLS_DIG_SHA384;
- else if (strcmp(algorithm, "sha2-512"))
+ else if (!strcmp(algorithm, "sha2-512"))
alg = GNUTLS_DIG_SHA512;
- else if (strcmp(algorithm, "sha2-512_224"))
+ else if (!strcmp(algorithm, "sha2-512_224"))
{
alg = GNUTLS_DIG_SHA512;
tempsize = 28;
}
- else if (strcmp(algorithm, "sha2-512_256"))
+ else if (!strcmp(algorithm, "sha2-512_256"))
{
alg = GNUTLS_DIG_SHA512;
tempsize = 32;
diff --git a/cups/http-addrlist.c b/cups/http-addrlist.c
index 6e2ad81..e9ef53e 100644
--- a/cups/http-addrlist.c
+++ b/cups/http-addrlist.c
@@ -304,6 +304,8 @@
if (result > 0)
{
+ http_addrlist_t *connaddr = NULL; /* Connected address, if any */
+
for (i = 0; i < nfds; i ++)
{
# ifdef HAVE_POLL
@@ -314,7 +316,7 @@
# endif /* HAVE_POLL */
{
*sock = fds[i];
- addrlist = addrs[i];
+ connaddr = addrs[i];
# ifdef DEBUG
len = sizeof(peer);
@@ -322,11 +324,29 @@
DEBUG_printf(("1httpAddrConnect2: Connected to %s:%d...", httpAddrString(&peer, temp, sizeof(temp)), httpAddrPort(&peer)));
# endif /* DEBUG */
}
- else
+# ifdef HAVE_POLL
+ else if (pfds[i].revents & (POLLERR | POLLHUP))
+# else
+ else if (FD_ISSET(fds[i], &error))
+# endif /* HAVE_POLL */
+ {
+ /*
+ * Error on socket, remove from the "pool"...
+ */
+
httpAddrClose(NULL, fds[i]);
+ nfds --;
+ if (i < nfds)
+ {
+ memmove(fds + i, fds + i + 1, (size_t)(nfds - i) * (sizeof(fds[0])));
+ memmove(addrs + i, addrs + i + 1, (size_t)(nfds - i) * (sizeof(addrs[0])));
+ }
+ i --;
+ }
}
- return (addrlist);
+ if (connaddr)
+ return (connaddr);
}
#endif /* O_NONBLOCK */
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index d5e639e..9941e51 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -1371,34 +1371,46 @@
if (hostname[0])
{
/*
- * First look for CA certs...
+ * First look in the CUPS keystore...
*/
- snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostname);
- snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostname);
-
- if ((access(crtfile, R_OK) || access(keyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
- {
- /*
- * Try just domain name...
- */
-
- hostptr ++;
- if (strchr(hostptr, '.'))
- {
- snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr);
- snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr);
- }
- }
+ http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, hostname, "crt");
+ http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, hostname, "key");
if (access(crtfile, R_OK) || access(keyfile, R_OK))
{
/*
- * Then look in the CUPS keystore...
- */
+ * No CUPS-managed certs, look for CA certs...
+ */
- http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, hostname, "crt");
- http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, hostname, "key");
+ char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */
+
+ snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostname);
+ snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostname);
+
+ if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
+ {
+ /*
+ * Try just domain name...
+ */
+
+ hostptr ++;
+ if (strchr(hostptr, '.'))
+ {
+ snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr);
+ snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr);
+ }
+ }
+
+ if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
+ {
+ /*
+ * Use the CA certs...
+ */
+
+ strlcpy(crtfile, cacrtfile, sizeof(crtfile));
+ strlcpy(keyfile, cakeyfile, sizeof(keyfile));
+ }
}
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
@@ -1406,34 +1418,46 @@
else if (tls_common_name)
{
/*
- * First look for CA certs...
+ * First look in the CUPS keystore...
*/
- snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", tls_common_name);
- snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", tls_common_name);
-
- if ((access(crtfile, R_OK) || access(keyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
- {
- /*
- * Try just domain name...
- */
-
- hostptr ++;
- if (strchr(hostptr, '.'))
- {
- snprintf(crtfile, sizeof(crtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr);
- snprintf(keyfile, sizeof(keyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr);
- }
- }
+ http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, tls_common_name, "crt");
+ http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, tls_common_name, "key");
if (access(crtfile, R_OK) || access(keyfile, R_OK))
{
/*
- * Then look in the CUPS keystore...
- */
+ * No CUPS-managed certs, look for CA certs...
+ */
- http_gnutls_make_path(crtfile, sizeof(crtfile), tls_keypath, tls_common_name, "crt");
- http_gnutls_make_path(keyfile, sizeof(keyfile), tls_keypath, tls_common_name, "key");
+ char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */
+
+ snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", tls_common_name);
+ snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", tls_common_name);
+
+ if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
+ {
+ /*
+ * Try just domain name...
+ */
+
+ hostptr ++;
+ if (strchr(hostptr, '.'))
+ {
+ snprintf(cacrtfile, sizeof(cacrtfile), "/etc/letsencrypt/live/%s/fullchain.pem", hostptr);
+ snprintf(cakeyfile, sizeof(cakeyfile), "/etc/letsencrypt/live/%s/privkey.pem", hostptr);
+ }
+ }
+
+ if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
+ {
+ /*
+ * Use the CA certs...
+ */
+
+ strlcpy(crtfile, cacrtfile, sizeof(crtfile));
+ strlcpy(keyfile, cakeyfile, sizeof(keyfile));
+ }
}
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
