Merge branch 'f32' into f31

.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1 +1,103 @@
-/cups-filters-*.tar.gz
+/cups-filters-1.0.20.tar.xz
+/cups-filters-1.0.22.tar.xz
+/cups-filters-1.0.23.tar.xz
+/cups-filters-1.0.24.tar.xz
+/cups-filters-1.0.25.tar.xz
+/cups-filters-1.0.28.tar.xz
+/cups-filters-1.0.29.tar.xz
+/cups-filters-1.0.30.tar.xz
+/cups-filters-1.0.31.tar.xz
+/cups-filters-1.0.32.tar.xz
+/cups-filters-1.0.33.tar.xz
+/cups-filters-1.0.34.tar.xz
+/cups-filters-1.0.35.tar.xz
+/cups-filters-1.0.36.tar.xz
+/cups-filters-1.0.37.tar.xz
+/cups-filters-1.0.38.tar.xz
+/cups-filters-1.0.39.tar.xz
+/cups-filters-1.0.40.tar.xz
+/cups-filters-1.0.41.tar.xz
+/cups-filters-1.0.42.tar.xz
+/cups-filters-1.0.43.tar.xz
+/cups-filters-1.0.44.tar.xz
+/cups-filters-1.0.45.tar.xz
+/cups-filters-1.0.46.tar.xz
+/cups-filters-1.0.47.tar.xz
+/cups-filters-1.0.48.tar.xz
+/cups-filters-1.0.49.tar.xz
+/cups-filters-1.0.50.tar.xz
+/cups-filters-1.0.51.tar.xz
+/cups-filters-1.0.52.tar.xz
+/cups-filters-1.0.53.tar.xz
+/cups-filters-1.0.54.tar.xz
+/cups-filters-1.0.55.tar.xz
+/cups-filters-1.0.58.tar.xz
+/cups-filters-1.0.59.tar.xz
+/cups-filters-1.0.60.tar.xz
+/cups-filters-1.0.61.tar.xz
+/cups-filters-1.0.65.tar.xz
+/cups-filters-1.0.66.tar.xz
+/cups-filters-1.0.67.tar.xz
+/cups-filters-1.0.68.tar.xz
+/cups-filters-1.0.69.tar.xz
+/cups-filters-1.0.70.tar.xz
+/cups-filters-1.0.71.tar.xz
+/cups-filters-1.0.73.tar.xz
+/cups-filters-1.0.74.tar.xz
+/cups-filters-1.0.75.tar.xz
+/cups-filters-1.0.76.tar.xz
+/cups-filters-1.1.0.tar.xz
+/cups-filters-1.2.0.tar.xz
+/cups-filters-1.3.0.tar.xz
+/cups-filters-1.4.0.tar.xz
+/cups-filters-1.5.0.tar.xz
+/cups-filters-1.6.0.tar.xz
+/cups-filters-1.7.0.tar.xz
+/cups-filters-1.8.0.tar.xz
+/cups-filters-1.8.1.tar.xz
+/cups-filters-1.8.2.tar.xz
+/cups-filters-1.8.3.tar.xz
+/cups-filters-1.9.0.tar.xz
+/cups-filters-1.10.0.tar.xz
+/cups-filters-1.11.2.tar.xz
+/cups-filters-1.11.3.tar.xz
+/cups-filters-1.11.4.tar.xz
+/cups-filters-1.11.5.tar.xz
+/cups-filters-1.11.6.tar.xz
+/cups-filters-1.12.0.tar.xz
+/cups-filters-1.13.0.tar.xz
+/cups-filters-1.13.1.tar.xz
+/cups-filters-1.13.2.tar.xz
+/cups-filters-1.13.3.tar.xz
+/cups-filters-1.13.4.tar.xz
+/cups-filters-1.13.5.tar.xz
+/cups-filters-1.14.0.tar.xz
+/cups-filters-1.14.1.tar.xz
+/cups-filters-1.16.0.tar.xz
+/cups-filters-1.16.1.tar.xz
+/cups-filters-1.16.3.tar.xz
+/cups-filters-1.17.2.tar.xz
+/cups-filters-1.17.7.tar.xz
+/cups-filters-1.17.8.tar.xz
+/cups-filters-1.17.9.tar.xz
+/cups-filters-1.19.0.tar.xz
+/cups-filters-1.20.0.tar.xz
+/cups-filters-1.20.1.tar.xz
+/cups-filters-1.20.2.tar.xz
+/cups-filters-1.20.3.tar.xz
+/cups-filters-1.21.2.tar.xz
+/cups-filters-1.21.5.tar.xz
+/cups-filters-1.21.6.tar.xz
+/cups-filters-1.22.0.tar.xz
+/cups-filters-1.22.3.tar.xz
+/cups-filters-1.22.5.tar.xz
+/cups-filters-1.26.0.tar.xz
+/cups-filters-1.27.0.tar.xz
+/cups-filters-1.27.1.tar.xz
+/cups-filters-1.27.2.tar.xz
+/cups-filters-1.27.3.tar.xz
+/cups-filters-1.27.4.tar.xz
+/cups-filters-1.27.5.tar.xz
+/cups-filters-1.28.1.tar.xz
+/cups-filters-1.28.2.tar.xz
+/cups-filters-1.28.5.tar.xz

0001-Fix-build-failure-with-GCC-15-and-std-c23.patch

@@ -1,27 +0,0 @@
-From 44f59a1aa74c48515d8feba5a61b7ea3aaa592c4 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Fri, 24 Jan 2025 09:44:58 +0100
-Subject: [PATCH] Fix build failure with GCC 15 and -std=c23
-
-The newest standard has more strict data type checks, function pointers
-in function prototypes have to declare data types of its arguments.
----
- filter/foomatic-rip/process.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/filter/foomatic-rip/process.h b/filter/foomatic-rip/process.h
-index f6e15f65c..54a42923a 100644
---- a/filter/foomatic-rip/process.h
-+++ b/filter/foomatic-rip/process.h
-@@ -18,7 +18,7 @@
- #include <sys/wait.h>
- 
- 
--pid_t start_process(const char *name, int (*proc_func)(), void *user_arg,
-+pid_t start_process(const char *name, int (*proc_func)(FILE*, FILE*, void*), void *user_arg,
- 		    FILE **fdin, FILE **fdout);
- pid_t start_system_process(const char *name, const char *command, FILE **fdin,
- 			   FILE **fdout);
--- 
-2.48.1
-

0001-libcupsfilters-Added-NULL-check-when-removing-.Borde.patch

@@ -0,0 +1,58 @@
+From 240ffb901d06a117bb8e10b486bfd3de6fe464b2 Mon Sep 17 00:00:00 2001
+From: Till Kamppeter <till.kamppeter@gmail.com>
+Date: Wed, 28 Oct 2020 10:44:19 +0100
+Subject: [PATCH] libcupsfilters: Added NULL check when removing ".Borderless"
+ suffixes from page size names
+
+---
+ NEWS                       |  2 ++
+ cupsfilters/ppdgenerator.c | 12 ++++++++----
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/cupsfilters/ppdgenerator.c b/cupsfilters/ppdgenerator.c
+index 9fd4fb21..7b4aa0cf 100644
+--- a/cupsfilters/ppdgenerator.c
++++ b/cupsfilters/ppdgenerator.c
+@@ -2224,7 +2224,8 @@ ppdCreateFromIPP2(char         *buffer,          /* I - Filename buffer */
+ 
+     if (all_borderless) {
+       suffix = strcasestr(ppdname, ".Borderless");
+-      *suffix = '\0';
++      if (suffix)
++	*suffix = '\0';
+     }
+ 
+     cupsFilePrintf(fp, "*OpenUI *PageSize/%s: PickOne\n"
+@@ -2258,7 +2259,8 @@ ppdCreateFromIPP2(char         *buffer,          /* I - Filename buffer */
+ 
+       if (all_borderless) {
+ 	suffix = strcasestr(ppdsizename, ".Borderless");
+-	*suffix = '\0';
++	if (suffix)
++	  *suffix = '\0';
+       }
+ 
+       cupsFilePrintf(fp, "*PageSize %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
+@@ -2302,7 +2304,8 @@ ppdCreateFromIPP2(char         *buffer,          /* I - Filename buffer */
+ 
+       if (all_borderless) {
+ 	suffix = strcasestr(ppdsizename, ".Borderless");
+-	*suffix = '\0';
++	if (suffix)
++	  *suffix = '\0';
+       }
+ 
+       cupsFilePrintf(fp, "*PageRegion %s%s%s%s: \"<</PageSize[%s %s]>>setpagedevice\"\n",
+@@ -2338,7 +2341,8 @@ ppdCreateFromIPP2(char         *buffer,          /* I - Filename buffer */
+ 
+       if (all_borderless) {
+ 	suffix = strcasestr(ppdsizename, ".Borderless");
+-	*suffix = '\0';
++	if (suffix)
++	  *suffix = '\0';
+       }
+ 
+       cupsFilePrintf(fp, "*ImageableArea %s: \"%s %s %s %s\"\n", ppdsizename,
+-- 
+2.26.2
+

0001-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch

@@ -1,79 +0,0 @@
-From 0fe46c511e81062575b05936f804eb18c9f0a011 Mon Sep 17 00:00:00 2001
-From: Zdenek Dohnal <zdohnal@redhat.com>
-Date: Wed, 12 Nov 2025 15:47:24 +0100
-Subject: [PATCH] rastertopclx.c: Fix infinite loop caused by crafted file
-
-Infinite loop happened because of crafted input raster file, which led
-into heap buffer overflow of `CompressBuf` array.
-
-Based on comments there should be always some `count` when compressing
-the data, and processing of crafted file ended with offset and count
-being 0.
-
-Fixes CVE-2025-64524
----
- filter/rastertopclx.c | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/filter/rastertopclx.c b/filter/rastertopclx.c
-index ded86f114..39cb378bf 100644
---- a/filter/rastertopclx.c
-+++ b/filter/rastertopclx.c
-@@ -825,10 +825,10 @@ StartPage(cf_filter_data_t      *data,	// I - filter data
-   }
- 
-   if (header->cupsCompression)
--    CompBuffer = malloc(DotBufferSize * 4);
-+    CompBuffer = calloc(DotBufferSize * 4, sizeof(unsigned char));
- 
-   if (header->cupsCompression >= 3)
--    SeedBuffer = malloc(DotBufferSize);
-+    SeedBuffer = calloc(DotBufferSize, sizeof(unsigned char));
- 
-   SeedInvalid = 1;
- 
-@@ -1159,6 +1159,13 @@ CompressData(unsigned char *line,	// I - Data to compress
-               seed ++;
-               count ++;
-             }
-+
-+	    //
-+	    // Bail out if we don't have count to compress
-+	    //
-+
-+	    if (count == 0)
-+	      break;
- 	  }
- 
- 	  //
-@@ -1252,6 +1259,13 @@ CompressData(unsigned char *line,	// I - Data to compress
- 
-             count = line_ptr - start;
- 
-+	    //
-+	    // Bail out if we don't have count to compress
-+	    //
-+
-+	    if (count == 0)
-+	      break;
-+
- #if 0
-             fprintf(stderr,
- 		    "DEBUG: offset=%d, count=%d, comp_ptr=%p(%d of %d)...\n",
-@@ -1424,6 +1438,13 @@ CompressData(unsigned char *line,	// I - Data to compress
- 
-             count = (line_ptr - start) / 3;
- 
-+	    //
-+	    // Bail out if we don't have count to compress
-+	    //
-+
-+	    if (count == 0)
-+	      break;
-+
- 	    //
- 	    // Place mode 10 compression data in the buffer; each sequence
- 	    // starts with a command byte that looks like:
--- 
-2.51.1
-

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

cups-filters.spec

@@ -1,90 +1,128 @@
-%if 0%{?fedora}
-%bcond_without mdns
-%bcond_without braille
-%else
-%bcond_with mdns
-%bcond_with braille
-%endif
-
-# currently we use CUPS PPD compiler which will be removed
-# in CUPS 3.0, then we will use PPD compiler from libppd-tools
-%bcond_without cups_ppdc
-
 # we build CUPS also with relro
 %global _hardened_build 1
 
-Summary: OpenPrinting CUPS filters for CUPS 2.X
+Summary: OpenPrinting CUPS filters and backends
 Name:    cups-filters
-Epoch:   1
-Version: 2.0.1
-Release: 12%{?dist}
+Version: 1.28.5
+Release: 1%{?dist}
 
-# the CUPS exception text is the same as LLVM exception, so using that name with
-# agreement from legal team
-# https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/A7GFSD6M3GYGSI32L2FC5KB22DUAEQI3/
-License: Apache-2.0 WITH LLVM-exception
+# For a breakdown of the licensing, see COPYING file
+# GPLv2:   filters: commandto*, imagetoraster, pdftops, rasterto*,
+#                   imagetopdf, pstopdf, texttopdf
+#         backends: parallel, serial
+# GPLv2+:  filters: gstopxl, textonly, texttops, imagetops, foomatic-rip
+# GPLv3:   filters: bannertopdf
+# GPLv3+:  filters: urftopdf, rastertopdf
+# LGPLv2+:   utils: cups-browsed
+# MIT:     filters: gstoraster, pdftoijs, pdftoopvp, pdftopdf, pdftoraster
+License: GPLv2 and GPLv2+ and GPLv3 and GPLv3+ and LGPLv2+ and MIT and BSD with advertising
 
-URL:     https://github.com/OpenPrinting/cups-filters
-Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz
-Source1: lftocrlf.ppd
-Source2: lftocrlf
+Url:     http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters
+Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{version}.tar.xz
 
+# backported from upstream https://github.com/OpenPrinting/cups-filters/pull/313
+Patch01: foomatic-remove-tmpfile.patch
+# backported from upstream
+Patch02: 0001-libcupsfilters-Added-NULL-check-when-removing-.Borde.patch
 
-# Patches
-# https://github.com/OpenPrinting/cups-filters/pull/618
-Patch001: 0001-Fix-build-failure-with-GCC-15-and-std-c23.patch
-# introducing foomatic-hash, but without rejecting values in foomatic-rip
-# https://github.com/OpenPrinting/cups-filters/pull/648
-Patch002: 0001-Introduce-foomatic-hash-and-reject-unauthorized-valu.patch
-# make sure errors from foomatic-rip are propagated
-# https://github.com/OpenPrinting/cups-filters/pull/649
-Patch003: foomatic-ripdie-error.patch
-# rejecting the unknown values in foomatic-rip
-# https://github.com/OpenPrinting/cups-filters/pull/648
-Patch004: foomaticrip-reject-unknown-values.patch
-# CVE-2025-64524 fix
-Patch005: 0001-rastertopclx.c-Fix-infinite-loop-caused-by-crafted-f.patch
+Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
 
+# gcc and gcc-c++ is not in buildroot by default
 
-# driverless backend/driver was moved into a separate package to
-# remove avahi dependency for filters
-# remove once C10S is released and F40 is EOL
-Conflicts: cups-filters-driverless < 1:2.0.0-3
+# gcc for backends (implicitclass, parallel, serial, backend error handling)
+# cupsfilters (colord, color manager...), filter (banners, 
+# commandto*, braille, foomatic-rip, imagetoraster, imagetopdf, gstoraster e.g.),
+# fontembed, cups-browsed
+BuildRequires: gcc
+# gcc-c++ for pdftoopvp, pdftopdf
+BuildRequires: gcc-c++
+# for autosetup
+BuildRequires: git
+
+BuildRequires: cups-devel
+BuildRequires: pkgconf-pkg-config
+# pdftopdf
+BuildRequires: pkgconfig(libqpdf)
+# pdftops
+BuildRequires: poppler-utils
+# pdftoijs, pdftoopvp, pdftoraster, gstoraster
+BuildRequires: pkgconfig(poppler)
+BuildRequires: poppler-cpp-devel
+BuildRequires: libjpeg-turbo-devel
+BuildRequires: libtiff-devel
+BuildRequires: pkgconfig(libpng)
+BuildRequires: pkgconfig(zlib)
+BuildRequires: pkgconfig(dbus-1)
+BuildRequires: ghostscript
+# libijs
+BuildRequires: pkgconfig(ijs)
+BuildRequires: pkgconfig(freetype2)
+BuildRequires: pkgconfig(fontconfig)
+BuildRequires: pkgconfig(lcms2)
+# cups-browsed
+BuildRequires: avahi-devel
+BuildRequires: pkgconfig(avahi-glib)
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: systemd
+
+# Make sure we get postscriptdriver tags.
+BuildRequires: python3-cups
+
+# Testing font for test scripts.
+BuildRequires: dejavu-sans-fonts
 
 # autogen.sh
 BuildRequires: autoconf
-# autogen.sh
 BuildRequires: automake
-# filter binaries and backends are written in C
-BuildRequires: gcc
-# autogen.sh
 BuildRequires: gettext-devel
-# for autosetup
-BuildRequires: git-core
-# autogen.sh
 BuildRequires: libtool
-# uses make for compiling
-BuildRequires: make
-# we use pkgconfig to get a proper devel packages
-# proper CFLAGS and LDFLAGS
-BuildRequires: pkgconf-pkg-config
-# uses CUPS API
-BuildRequires: pkgconfig(cups) >= 2.2.2
-# uses cupsfilters API
-BuildRequires: pkgconfig(libcupsfilters) >= 2.0b3
-# uses PPD API
-BuildRequires: pkgconfig(libppd) >= 2.0b3
-# Make sure we get postscriptdriver tags.
-BuildRequires: python3-cups
-# for systemd unit for upgrade
+
+# needed for systemd rpm macros in scriptlets
 BuildRequires: systemd-rpm-macros
 
-%if %{with braille}
-Recommends: braille-printer-app
-%endif
-# needs cups dirs
 Requires: cups-filesystem
+# if --with-pdftops is set to hybrid, we use poppler filters for several printers
+# and for printing banners, for other printers we need gs - ghostscript
+Requires: poppler-utils
+# several filters calls 'gs' binary during filtering
+Requires: ghostscript
 
+# for getting ICC profiles for filters (dbus must run)
+Requires: colord
+
+# texttopdf
+Requires: liberation-mono-fonts
+
+# pstopdf
+Requires: bc grep sed which
+
+# cups-browsed
+# cups-browsed needs to have cups.service to run
+Requires: cups
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+# cups-browsed needs nss-mdns for resolving .local addresses of remote print queues
+# or device during discovery for newer (2012+) devices - make it recommended together
+# with avahi - needed for device discovery as well
+Recommends: nss-mdns
+# avahi is needed for device discovery
+Recommends: avahi
+
+# ipptool is used in driverless backend, not needed classic PPD based print queue
+Recommends: cups-ipptool
+
+%package libs
+Summary: OpenPrinting CUPS filters and backends - cupsfilters and fontembed libraries
+# LGPLv2: libcupsfilters
+# MIT:    libfontembed
+License: LGPLv2 and MIT
+
+%package devel
+Summary: OpenPrinting CUPS filters and backends - development environment
+License: LGPLv2 and MIT
+Requires: cups-filters-libs%{?_isa} = %{version}-%{release}
 
 %description
 Contains backends, filters, and other software that was
@@ -93,482 +131,226 @@ Apple Inc. In addition it contains additional filters developed
 independently of Apple, especially filters for the PDF-centric printing
 workflow introduced by OpenPrinting.
 
+%description libs
+This package provides cupsfilters and fontembed libraries.
 
-%package driverless
-Summary: OpenPrinting driverless backends and drivers for CUPS 2.X
-License: Apache-2.0 WITH LLVM-exception
-
-# backends and drivers has been moved from the main package to subpackage
-# to remove the avahi/mdns dependency needed for driverless
-# remove after F40 is EOL and C10S is released
-Conflicts: cups-filters < 1:2.0.0-3
-
-# finding device via driverless depends on running avahi-daemon
-Requires: avahi
-# ippfind is used in driverless backend, not needed classic PPD based print queue
-Requires: cups-ipptool
-# cups-browsed needs systemd-resolved or nss-mdns for resolving .local addresses of remote print queues
-# let's not require a specific package and let the user decide what he wants to use.
-# just recommend nss-mdns for Fedora for now to have working default, but
-# don't hardwire it for resolved users
-%if %{with mdns}
-Recommends: nss-mdns
-%endif
-
-# needs cups dirs
-Requires: cups-filesystem
-
-
-%description driverless
-Contains backends and drivers for driverless implementation for cups-filters,
-which makes driverless printers to be seen when listing printers nearby and gives
-a specific generated driver for driverless printer in the local network. They are
-tools for backward compatibility with applications which don't handle CUPS temporary
-queues.
-
+%description devel
+This is the development package for OpenPrinting CUPS filters and backends.
 
 %prep
-%autosetup -S git -N
-
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-%autopatch
-%else
-%autopatch -M 3
-%endif
-
+%autosetup -S git
 
 %build
 # work-around Rpath
 ./autogen.sh
 
-%configure --enable-driverless \
-           --enable-individual-cups-filters \
-           --disable-universal-cups-filter \
-           --disable-mutool \
-           --disable-rpath \
+# --with-pdftops=hybrid - use Poppler's pdftops instead of Ghostscript for
+#                         Brother, Minolta, and Konica Minolta to work around
+#                         bugs in the printer's PS interpreters
+# --with-rcdir=no - don't install SysV init script
+# --enable-driverless - enable PPD generator for driverless printing in 
+#                       /usr/lib/cups/driver, it is for manual setup of 
+#                       driverless printers with printer setup tool
+# --disable-static - do not build static libraries (becuase of Fedora Packaging
+#                    Guidelines)
+# --enable-dbus - enable DBus Connection Manager's code
+# --disable-silent-rules - verbose build output
+# --disable-mutool - mupdf is retired in Fedora, use qpdf
+# --enable-pclm - support for pclm language
+# --with-remote-cups-local-queue-naming=RemoteName - name created local queues, which point to
+#                                                    remote CUPS queue, by its name from the server
+
+%configure --disable-static \
            --disable-silent-rules \
-           --disable-static
+           --with-pdftops=hybrid \
+           --enable-dbus \
+           --with-rcdir=no \
+           --disable-mutool \
+           --enable-driverless \
+           --enable-pclm \
+           --with-remote-cups-local-queue-naming=RemoteName
 
 %make_build
 
-
 %install
 %make_install
 
-# 2229776 - Add textonly driver back, but as lftocrlf
-install -p -m 0755 %{SOURCE2} %{buildroot}%{_cups_serverbin}/filter/lftocrlf
-install -p -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/ppd/cupsfilters/lftocrlf.ppd
+# Don't ship libtool la files.
+rm -f %{buildroot}%{_libdir}/lib*.la
 
-# remove this once F43 is EOL
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
+# Not sure what is this good for.
+rm -f %{buildroot}%{_bindir}/ttfread
 
-mkdir -p %{buildroot}%{_libexecdir}/%{name}
-
-cat > %{buildroot}%{_libexecdir}/%{name}/posttrans.sh << EOF
-#!/usr/bin/bash
-
-if \$(grep -q -R 'FoomaticRIPCommandLine\|FoomaticRipOptionSetting' %{_sysconfdir}/cups/ppd)
-then
-  tmpfile=\$(mktemp -p /var/tmp foomatic-scan.XXXXXXXX)
-
-  for ppd in %{_sysconfdir}/cups/ppd/*.ppd
-  do
-    foomatic-hash --ppd \$ppd \$tmpfile %{_sysconfdir}/foomatic/hashes.d/hashes.upgrade || :
-  done
-
-  if test -f %{_sysconfdir}/foomatic/hashes.d/hashes.upgrade
-  then
-    echo "Foomatic-rip values which can inject code found - review findings in \$tmpfile. Read release notes for instructions." || :
-  fi
-else
-  touch %{_sysconfdir}/foomatic/hashes.d/hashes.new
-fi
-
-exit 0
-EOF
+rm -f %{buildroot}%{_pkgdocdir}/INSTALL
+mkdir -p %{buildroot}%{_pkgdocdir}/fontembed/
+cp -p fontembed/README %{buildroot}%{_pkgdocdir}/fontembed/
 
+# systemd unit file
 mkdir -p %{buildroot}%{_unitdir}
-
-cat > %{buildroot}%{_unitdir}/foomaticrip-upgrade.service << EOF
-[Unit]
-Description=Allowing already installed printers for foomatic-rip
-ConditionPathIsDirectory=%{_sysconfdir}/foomatic/hashes.d
-ConditionDirectoryNotEmpty=!%{_sysconfdir}/foomatic/hashes.d
-
-[Service]
-Type=oneshot
-ExecStart=bash -c %{_libexecdir}/%{name}/posttrans.sh
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-mkdir -p %{buildroot}%{_unitdir}/cups.service.d
-
-cat > %{buildroot}%{_unitdir}/cups.service.d/10-foomaticrip-upgrade.conf << EOF
-[Unit]
-After=foomaticrip-upgrade.service
-Wants=foomaticrip-upgrade.service
-EOF
-
-%endif
-
+install -p -m 644 utils/cups-browsed.service %{buildroot}%{_unitdir}
 
 # LSB3.2 requires /usr/bin/foomatic-rip,
 # create it temporarily as a relative symlink
-# we may use symlink to universal filter, but LSB is about guaranteed compatibility set
-# among distibutions, so rather have the strict foomatic-rip filter...
 ln -sf %{_cups_serverbin}/filter/foomatic-rip %{buildroot}%{_bindir}/foomatic-rip
 
-%if %{with cups_ppdc}
-mkdir -p %{buildroot}%{_datadir}/cups/ppdc
-mv %{buildroot}%{_datadir}/{ppdc/pcl.h,cups/ppdc/pcl.h}
-mv %{buildroot}%{_datadir}/{ppdc/escp.h,cups/ppdc/escp.h}
-%endif
+# Don't ship urftopdf for now (bug #1002947).
+rm -f %{buildroot}%{_cups_serverbin}/filter/urftopdf
+sed -i '/urftopdf/d' %{buildroot}%{_datadir}/cups/mime/cupsfilters.convs
 
-# remove license files which are in %%pkgdocdir
-rm -f %{buildroot}%{_pkgdocdir}/{COPYING,NOTICE,LICENSE}
-
-# remove INSTALL since it is unnecessary
-rm -f %{buildroot}%{_pkgdocdir}/INSTALL
-
-# remove CHANGES-1.x.md, since it is carried by a dependency
-rm -f %{buildroot}%{_pkgdocdir}/CHANGES-1.x.md
+# Don't ship pdftoopvp for now (bug #1027557).
+rm -f %{buildroot}%{_cups_serverbin}/filter/pdftoopvp
+rm -f %{buildroot}%{_sysconfdir}/fonts/conf.d/99pdftoopvp.conf
 
 
 %check
 make check
 
-
 %post
-# remove PPD cache to make bz#2351389 fix work right away
-# remove after F43 EOL
-if [ $1 -gt 1 ]
-then
-  rm -f /var/cache/cups/ppds.dat || :
-fi
-
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-  %systemd_post foomaticrip-upgrade.service
-%endif
+%systemd_post cups-browsed.service
 
+# put UpdateCUPSQueuesMaxPerCall and PauseBetweenCUPSQueueUpdates into cups-browsed.conf
+# for making cups-browsed work more stable for environments with many print queues
+# remove this after 1-2 releases
+for directive in "UpdateCUPSQueuesMaxPerCall" "PauseBetweenCUPSQueueUpdates"
+do
+    found=`%{_bindir}/grep "^[[:blank:]]*$directive" %{_sysconfdir}/cups/cups-browsed.conf`
+    if [ -z "$found" ]
+    then
+        if [ "x$directive" == "xUpdateCUPSQueuesMaxPerCall" ]
+        then
+            %{_bindir}/echo "UpdateCUPSQueuesMaxPerCall 20" >> %{_sysconfdir}/cups/cups-browsed.conf
+        else
+            %{_bindir}/echo "PauseBetweenCUPSQueueUpdates 5" >> %{_sysconfdir}/cups/cups-browsed.conf
+        fi
+    fi
+done
 
 %preun
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-  %systemd_preun foomaticrip-upgrade.service
-%endif
-
+%systemd_preun cups-browsed.service
 
 %postun
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-  %systemd_postun foomaticrip-upgrade.service
-%endif
+%systemd_postun_with_restart cups-browsed.service 
 
-
-%posttrans
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-  %systemd_posttrans_with_reload foomaticrip-upgrade.service
-%endif
-
-if [ $1 -gt 1 ]
-then
-  # since we moved to individual filters, we have to restart cups
-  # to load new conversion tables if it is running
-  # remove by F43 EOL and C11S release
-  if systemctl is-active cups &> /dev/null
-  then
-    systemctl restart cups || :
-  fi
-
-  %if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-    systemctl start foomaticrip-upgrade.service || :
-  %endif
-fi
+%ldconfig_scriptlets libs
 
 
 %files
-%license COPYING LICENSE NOTICE
-%doc AUTHORS ABOUT-NLS CHANGES.md CONTRIBUTING.md DEVELOPING.md README.md
-%{_bindir}/foomatic-hash
-%{_bindir}/foomatic-rip
-%attr(0744,root,root) %{_cups_serverbin}/backend/beh
-# all backends needs to be run only as root because of kerberos
-%attr(0744,root,root) %{_cups_serverbin}/backend/parallel
-# Serial backend needs to run as root (bug #212577#c4).
-%attr(0744,root,root) %{_cups_serverbin}/backend/serial
+%{_pkgdocdir}/README
+%{_pkgdocdir}/ABOUT-NLS
+%{_pkgdocdir}/AUTHORS
+%{_pkgdocdir}/NEWS
+%config(noreplace) %{_sysconfdir}/cups/cups-browsed.conf
+%{_cups_serverbin}/filter/cgmtopdf
+%{_cups_serverbin}/filter/cmxtopdf
+%{_cups_serverbin}/filter/emftopdf
+%{_cups_serverbin}/filter/imagetoubrl
+%{_cups_serverbin}/filter/svgtopdf
+%{_cups_serverbin}/filter/textbrftoindexv4
+%{_cups_serverbin}/filter/vectortoubrl
+%{_cups_serverbin}/filter/wmftopdf
+%{_cups_serverbin}/filter/xfigtopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/bannertopdf
+%attr(0755,root,root) %{_cups_serverbin}/filter/brftoembosser
+%attr(0755,root,root) %{_cups_serverbin}/filter/brftopagedbrf
 %attr(0755,root,root) %{_cups_serverbin}/filter/commandtoescpx
 %attr(0755,root,root) %{_cups_serverbin}/filter/commandtopclx
 %attr(0755,root,root) %{_cups_serverbin}/filter/foomatic-rip
 %attr(0755,root,root) %{_cups_serverbin}/filter/gstopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/gstopxl
 %attr(0755,root,root) %{_cups_serverbin}/filter/gstoraster
+%attr(0755,root,root) %{_cups_serverbin}/filter/imagetobrf
 %attr(0755,root,root) %{_cups_serverbin}/filter/imagetopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/imagetops
 %attr(0755,root,root) %{_cups_serverbin}/filter/imagetoraster
-# 2229776 - Add textonly driver back, but as lftocrlf
-%attr(0755,root,root) %{_cups_serverbin}/filter/lftocrlf
-%attr(0755,root,root) %{_cups_serverbin}/filter/pclmtoraster
+%attr(0755,root,root) %{_cups_serverbin}/filter/imageubrltoindexv3
+%attr(0755,root,root) %{_cups_serverbin}/filter/imageubrltoindexv4
+%attr(0755,root,root) %{_cups_serverbin}/filter/musicxmltobrf
 %attr(0755,root,root) %{_cups_serverbin}/filter/pdftopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/pdftops
 %attr(0755,root,root) %{_cups_serverbin}/filter/pdftoraster
-%attr(0755,root,root) %{_cups_serverbin}/filter/pwgtopclm
-%attr(0755,root,root) %{_cups_serverbin}/filter/pwgtopdf
-%attr(0755,root,root) %{_cups_serverbin}/filter/pwgtoraster
 %attr(0755,root,root) %{_cups_serverbin}/filter/rastertoescpx
+%attr(0755,root,root) %{_cups_serverbin}/filter/rastertopclm
 %attr(0755,root,root) %{_cups_serverbin}/filter/rastertopclx
+%attr(0755,root,root) %{_cups_serverbin}/filter/rastertopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/rastertops
+%attr(0755,root,root) %{_cups_serverbin}/filter/sys5ippprinter
+%attr(0755,root,root) %{_cups_serverbin}/filter/textbrftoindexv3
+%attr(0755,root,root) %{_cups_serverbin}/filter/texttobrf
 %attr(0755,root,root) %{_cups_serverbin}/filter/texttopdf
 %attr(0755,root,root) %{_cups_serverbin}/filter/texttops
 %attr(0755,root,root) %{_cups_serverbin}/filter/texttotext
-%{_datadir}/cups/drv/cupsfilters.drv
-%{_datadir}/cups/mime/cupsfilters.types
-%{_datadir}/cups/mime/cupsfilters.convs
-%{_datadir}/cups/mime/cupsfilters-ghostscript.convs
-%{_datadir}/cups/mime/cupsfilters-individual.convs
-%{_datadir}/cups/mime/cupsfilters-poppler.convs
-%dir %{_datadir}/foomatic
-%dir %{_datadir}/foomatic/hashes.d
-%{_datadir}/ppd/cupsfilters
-%if %{with cups_ppdc}
-# escp.h and pcl.h are required during runtime, because
-# CUPS PPD compiler (ppdc) uses them for generating drivers
-# per request from cupsfilters.drv file
-%{_datadir}/cups/ppdc/escp.h
-%{_datadir}/cups/ppdc/pcl.h
-%else
-%dir %{_datadir}/ppdc
-%{_datadir}/ppdc/escp.h
-%{_datadir}/ppdc/pcl.h
-%endif
-%{_mandir}/man1/foomatic-hash.1.gz
-%{_mandir}/man1/foomatic-rip.1.gz
-%config(noreplace) %{_sysconfdir}/foomatic
-%if 0%{?fedora} >= 43 || 0%{?rhel} >=9
-%dir %{_libexecdir}/%{name}
-%attr(0744,root,root) %{_libexecdir}/%{name}/posttrans.sh
-%ghost %attr(0644,root,root) %{_sysconfdir}/foomatic/hashes.d/hashes.new
-%dir %{_unitdir}/cups.service.d
-%{_unitdir}/cups.service.d/10-foomaticrip-upgrade.conf
-%{_unitdir}/foomaticrip-upgrade.service
-%endif
-
-%files driverless
-%license COPYING LICENSE NOTICE
+%attr(0755,root,root) %{_cups_serverbin}/filter/vectortobrf
+%attr(0755,root,root) %{_cups_serverbin}/filter/vectortopdf
+# all backends needs to be run only as root because of kerberos
+%attr(0700,root,root) %{_cups_serverbin}/backend/parallel
+# Serial backend needs to run as root (bug #212577#c4).
+%attr(0700,root,root) %{_cups_serverbin}/backend/serial
+# implicitclass backend must be run as root
+%attr(0700,root,root) %{_cups_serverbin}/backend/implicitclass
+%attr(0700,root,root) %{_cups_serverbin}/backend/beh
+# cups-brf needs to be run as root, otherwise it leaves error messages
+# in journal
+%attr(0700,root,root) %{_cups_serverbin}/backend/cups-brf
+%{_bindir}/foomatic-rip
 %{_bindir}/driverless
 %{_bindir}/driverless-fax
 %{_cups_serverbin}/backend/driverless
 %{_cups_serverbin}/backend/driverless-fax
 %{_cups_serverbin}/driver/driverless
 %{_cups_serverbin}/driver/driverless-fax
+%{_datadir}/cups/banners
+%{_datadir}/cups/braille
+%{_datadir}/cups/charsets
+%{_datadir}/cups/data/*
+# this needs to be in the main package because of cupsfilters.drv
+%{_datadir}/cups/ppdc/pcl.h
+%{_datadir}/cups/ppdc/braille.defs
+%{_datadir}/cups/ppdc/fr-braille.po
+%{_datadir}/cups/ppdc/imagemagick.defs
+%{_datadir}/cups/ppdc/index.defs
+%{_datadir}/cups/ppdc/liblouis.defs
+%{_datadir}/cups/ppdc/liblouis1.defs
+%{_datadir}/cups/ppdc/liblouis2.defs
+%{_datadir}/cups/ppdc/liblouis3.defs
+%{_datadir}/cups/ppdc/liblouis4.defs
+%{_datadir}/cups/ppdc/media-braille.defs
+%{_datadir}/cups/drv/cupsfilters.drv
+%{_datadir}/cups/drv/generic-brf.drv
+%{_datadir}/cups/drv/generic-ubrl.drv
+%{_datadir}/cups/drv/indexv3.drv
+%{_datadir}/cups/drv/indexv4.drv
+%{_datadir}/cups/mime/cupsfilters.types
+%{_datadir}/cups/mime/cupsfilters.convs
+%{_datadir}/cups/mime/cupsfilters-ghostscript.convs
+%{_datadir}/cups/mime/cupsfilters-poppler.convs
+%{_datadir}/cups/mime/braille.convs
+%{_datadir}/cups/mime/braille.types
+%{_datadir}/ppd/cupsfilters
+%{_sbindir}/cups-browsed
+%{_unitdir}/cups-browsed.service
+%{_mandir}/man8/cups-browsed.8.gz
+%{_mandir}/man5/cups-browsed.conf.5.gz
+%{_mandir}/man1/foomatic-rip.1.gz
 %{_mandir}/man1/driverless.1.gz
 
+%files libs
+%dir %{_pkgdocdir}/
+%{_pkgdocdir}/COPYING
+%dir %{_pkgdocdir}/fontembed
+%{_pkgdocdir}/fontembed/README
+%{_libdir}/libcupsfilters.so.1*
+%{_libdir}/libfontembed.so.1*
+
+%files devel
+%{_includedir}/cupsfilters
+%{_includedir}/fontembed
+%{_datadir}/cups/ppdc/escp.h
+%{_libdir}/pkgconfig/libcupsfilters.pc
+%{_libdir}/pkgconfig/libfontembed.pc
+%{_libdir}/libcupsfilters.so
+%{_libdir}/libfontembed.so
 
 %changelog
-* Fri Nov 28 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-12
-- fix CVE-2025-64524
-
-* Mon Nov 10 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-11
-- change return value of foomatic-hash if built without libppd
-
-* Wed Oct 01 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-10
-- protect older Fedoras from F43+ changes, fix installability report about hashes.new
-
-* Thu Jul 31 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-9
-- Reject unknown values in foomatic-rip in F43+
-
-* Wed Jul 30 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-8
-- Introduce foomatic-hash, but not rejecting values in foomatic-rip
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Mon Jun 09 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-6
-- CUPS restart has to happen after universal filter is gone for good (in posttrans) (fedora#2370978)
-
-* Mon Jun 02 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-5
-- individual filters have to explicitly enabled
-
-* Mon Jun 02 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-4
-- disable universal filter for now - some 3rd party drivers did not work with it
-
-* Tue Mar 11 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-3
-- textonly driver was missing (fedora#2351389)
-
-* Fri Jan 24 2025 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-2
-- fix FTBFS (fedora#2340017)
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Thu Aug 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.1-1
-- 2.0.1
-
-* Fri Jul 19 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-9
-- fix missing epochs in conflicts
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.0-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Tue May 28 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-7
-- 2283295 - The directory /usr/share/ppdc/ is not in the RPM database.
-
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Tue Dec 19 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-4
-- make driverless subpackage require avahi and ipptool - they don't 
-  work without them
-
-* Tue Dec 19 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-3
-- introduce cups-filters-driverless to strip avahi dependency for filters
-
-* Tue Dec 19 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-2
-- use exact foomatic-rip filter to comply with LSB
-
-* Thu Oct 19 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-1
-- rebase to 2.0.0
-
-* Mon Aug 07 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~rc2-3
-- 2229776 - Add textonly driver back as lftocrlf driver
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0~rc2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Wed Jun 28 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~rc2-1
-- 2.0rc2
-
-* Wed May 17 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~rc1-2
-- 2207970 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend
-
-* Thu Apr 27 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~rc1-1
-- 2.0rc1
-
-* Wed Mar 01 2023 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0~b3-2
-- use epoch to ensure clean upgrade path, because I didn't read FPG carefully
-
-* Mon Feb 20 2023 Zdenek Dohnal <zdohnal@redhat.com> - 2.0b3-1
-- 2170538 - rebase to 2.0b3
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.16-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Thu Oct 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-6
-- really build with qpdf-11.1.1 (forgot to wait for qpdf in side tag...)
-
-* Thu Oct 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-5
-- rebuilt with qpdf-11.1.1
-
-* Thu Sep 22 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-4
-- rebuilt with qpdf-11.1.0
-
-* Thu Sep 22 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-3
-- build braille subpackage only on Fedora and CentOS Stream > 9
-
-* Wed Sep 21 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-2
-- disable frequent network interface data update, which slows down the queue creation
-
-* Thu Sep 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.16-1
-- 1.28.16
-
-* Thu Sep 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.15-3
-- 2123809 - rpm -Va reports error on /etc/cups/cups-browsed.conf
-
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.15-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Apr 20 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.15-1
-- 1.28.15
-
-* Thu Apr 07 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.14-1
-- 1.28.14
-
-* Mon Mar 28 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.13-1
-- 1.28.13
-
-* Tue Mar 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.12-1
-- 1.28.12
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.11-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Tue Jan 18 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.11-2
-- raise the NVR to get a new build
-
-* Mon Jan 17 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.11-1
-- 1.28.11
-
-* Mon Jan 17 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.10-4
-- fix typo in braille requires
-
-* Mon Jan 17 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.10-3
-- 2040973 - Make Braille printing support optional
-
-* Mon Dec 06 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.10-2
-- 1995728 - Enable braille printing
-
-* Tue Sep 14 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.10-1
-- 1.28.10
-
-* Tue Jul 27 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.9-5
-- rebuilt with poppler-21.07.0
-
-* Tue Jul 27 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.9-4
-- remove build requirement on poppler-devel - we need just poppler-cpp-devel
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.9-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Wed Jul 14 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.9-2
-- 1981603 - pdftopdf doesn't handle "page-range=10-2147483647" correctly
-
-* Mon Jun 21 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.9-1
-- 1.28.9
-
-* Mon Jun 21 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.8-2
-- 1973056 - cups-browsed doesn't renew DBus subscription in time and all printing comes to a halt
-
-* Fri May 14 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.8-1
-- 1.28.8
-
-* Wed Apr 28 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-7
-- 1954524 - cups-browsed doesn't save "*-default" options
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.28.7-6
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Mon Feb 01 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-5
-- put nss-mdns only for Fedora
-
-* Thu Jan 28 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-4
-- remove nss-mdns - dont require a specific way how to resolve .local addresses
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.7-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Mon Jan 25 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-2
-- unpush fix for 1904405 - M281fdw now often chokes on URF
-
-* Mon Jan 11 2021 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-1
-- 1.28.7, urftopdf nor pdftoopvp aren't compiled anymore
-- 1904405 - HP M281fdw: čžš characters printed as squares with "driverless" driver
-
-* Mon Dec 07 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.6-1
-- 1.28.6
-
-* Tue Dec 01 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-4
-- filters using ijs were removed, removed the dep
-
-* Tue Nov 24 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-3
-- fix various memory issues within cups-browsed
-
-* Thu Nov 05 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-2
-- use make and git-core
-
 * Mon Nov 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.5-1
 - 1.28.5, 1881365 - cups-browsed crashing
 

foomatic-remove-tmpfile.patch

@@ -0,0 +1,17 @@
+diff --git a/filter/foomatic-rip/foomaticrip.c b/filter/foomatic-rip/foomaticrip.c
+index 7dc2426..146125f 100644
+--- a/filter/foomatic-rip/foomaticrip.c
++++ b/filter/foomatic-rip/foomaticrip.c
+@@ -672,6 +672,12 @@ int print_file(const char *filename, int convert)
+                 if (out != NULL)
+                   fclose(out);
+ 
++		// Delete temp file if we created one
++		if ( *tmpfilename ) {
++		  _log("Removing temporary file %s\n", tmpfilename);
++		  unlink(tmpfilename);
++		}
++
+                 return ret;
+             }
+ 

foomatic-ripdie-error.patch

@@ -1,13 +0,0 @@
-diff --git a/filter/foomatic-rip/util.c b/filter/foomatic-rip/util.c
-index 508bc09..ad79fbf 100644
---- a/filter/foomatic-rip/util.c
-+++ b/filter/foomatic-rip/util.c
-@@ -76,7 +76,7 @@ rip_die(int status,
- {
-   va_list ap;
- 
--  _log("Process is dying with \"");
-+  _log("ERROR: Process is dying with \"");
-   va_start(ap, msg);
-   _logv(msg, ap);
-   va_end(ap);

foomaticrip-reject-unknown-values.patch

@@ -1,188 +0,0 @@
-From 41c5f2f6139e4d3693c2483ee4281202a80ae451 Mon Sep 17 00:00:00 2001
-From: zdohnal <zdohnal@redhat.com>
-Date: Tue, 22 Jul 2025 15:12:19 +0200
-Subject: [PATCH] Introduce foomatic-hash and reject unauthorized values in
- foomatic-rip (#648)
-
-The change provides a way for users to have control over what values are
-allowed for the foomatic-rip-related PPD keywords FoomaticRIPCommandLine,
-FoomaticRIPCommandLinePDF, and FoomaticRIPOptionSetting. Since the
-values can be later used when constructing a shell command, the filter
-foomatic-rip was a target of several exploits (caused by issues at
-different places in CUPS or in different projects of the printing stack) to
-do arbitrary code execution when the filter is used.
-
-By default the filter is run by user lp, so the issue is mitigated, but
-this PR gives admin complete control over what can be run in
-foomatic-rip and reject anything injected into system via different
-ways.
-
-First, the new tool - foomatic-hash - can be called on a PPD file or
-directory with drivers/PPDs, with scan output and file with hexadecimal
-representation of hashed values. Once the scan output is reviewed by
-admin, admin can decide to put the resulting hashes into
-/etc/foomatic/hashes.d and allow them for the filter.
----
- Makefile.am                           |  44 ++-
- README.md                             |  23 ++
- configure.ac                          |   2 +-
- filter/foomatic-rip/foomatic-hash.1   |  66 ++++
- filter/foomatic-rip/foomatic-hash.c   | 549 ++++++++++++++++++++++++++
- filter/foomatic-rip/foomatic-rip.1.in |  16 +
- filter/foomatic-rip/foomaticrip.c     |  75 ----
- filter/foomatic-rip/foomaticrip.h     |  40 --
- filter/foomatic-rip/options.c         |  67 ++++
- filter/foomatic-rip/process.c         |   9 +
- filter/foomatic-rip/process.h         |   3 +
- filter/foomatic-rip/util.c            | 341 +++++++++++++++-
- filter/foomatic-rip/util.h            |  67 ++++
- 13 files changed, 1178 insertions(+), 124 deletions(-)
- create mode 100644 filter/foomatic-rip/foomatic-hash.1
- create mode 100644 filter/foomatic-rip/foomatic-hash.c
-
-diff --git a/filter/foomatic-rip/foomatic-rip.1.in b/filter/foomatic-rip/foomatic-rip.1.in
-index 9685a95f5..3dff5215f 100644
---- a/filter/foomatic-rip/foomatic-rip.1.in
-+++ b/filter/foomatic-rip/foomatic-rip.1.in
-@@ -193,6 +193,15 @@ friends. Several PPD files use shell constructs that require a more
- modern shell like \fBbash\fR, \fBzsh\fR, or \fBksh\fR.
- 
- 
-+.SH PPD OPTION VALUE RESTRICTIONS AND EXCEPTIONS
-+
-+The values of PPD options \fBFoomaticRIPCommandLine\fR, \fBFoomaticRIPCommandLinePDF\fR and \fBFoomaticRIPOptionSetting\fR
-+are rejected in the default configuration because of security implications. Users can use the tool \fBfoomatic-hash(1)\fR, which provides
-+values of affected PPD options from found drivers and hashes of those values in hexadecimal format. User is expected to review the found values,
-+and if there is nothing suspicious in the output, copy the file with hashes into into the directory \fB@sysconfdir@/foomatic/hashes.d\fR
-+to allow the exceptions for found values.
-+
-+
- .SH FILES
- .PD 0
- .TP 0
-@@ -209,6 +218,13 @@ The PPD files of the currently defined printers
- 
- Configuration file for foomatic-rip
- 
-+.TP 0
-+@sysconfdir@/foomatic/hashes.d
-+.TP 0
-+@datadir@/foomatic/hashes.d
-+
-+Directories with hashes of allowed values
-+
- .PD 0
- 
- .\".SH SEE ALSO
-diff --git a/filter/foomatic-rip/options.c b/filter/foomatic-rip/options.c
-index bad833bc1..032fe9ec3 100644
---- a/filter/foomatic-rip/options.c
-+++ b/filter/foomatic-rip/options.c
-@@ -102,6 +102,42 @@ get_icc_profile_for_qualifier(const char **qualifier)
- }
- 
- 
-+//
-+// 'is_allowed_value' - Check if the option value is allowed.
-+//
-+
-+int					 // O - Boolean value - true 1 / false 0
-+is_allowed_value(cups_array_t *ar,       // I - Array of already known hashes from system
-+		 char	      *value,    // I - Scanned value from PPD file
-+		 size_t       value_len) // I - Value length
-+{
-+  char hash_string[65];			 // Help array to store hexadecimal hashed string
-+
-+  //
-+  // Empty string is allowed...
-+  //
-+
-+  if (!value_len)
-+    return (1);
-+
-+  //
-+  // Hash the value and get hexadecimal string for it...
-+  //
-+
-+  if (hash_data((unsigned char*)value, value_len, hash_string, sizeof(hash_string)))
-+    return (0);
-+
-+  //
-+  // Check if the found hexadecimal hashed string is in the array -> allowed on the system...
-+  //
-+
-+  if (cupsArrayFind(ar, hash_string))
-+    return (1);
-+
-+  return (0);
-+}
-+
-+
- // a selector is a general tri-dotted specification.
- // The 2nd and 3rd elements of the qualifier are optionally modified by
- // cupsICCQualifier2 and cupsICCQualifier3:
-@@ -1866,12 +1902,19 @@ read_ppd_file(const char *filename)
-   option_t *opt, *current_opt = NULL;
-   param_t *param;
-   icc_mapping_entry_t *entry;
-+  cups_array_t *known_hashes = NULL;
- 
-   fh = fopen(filename, "r");
-   if (!fh)
-     rip_die(EXIT_PRNERR_NORETRY_BAD_SETTINGS, "Unable to open PPD file %s\n", filename);
-   _log("Parsing PPD file ...\n");
- 
-+  if (load_system_hashes(&known_hashes))
-+  {
-+    fclose(fh);
-+    rip_die(EXIT_PRNERR_NORETRY, "Not enough memory for array allocation\n.");
-+  }
-+
-   dstrassure(value, 256);
- 
-   qualifier_data = list_create();
-@@ -1955,10 +1998,26 @@ read_ppd_file(const char *filename)
-     }
-     else if (strcmp(key, "FoomaticRIPCommandLine") == 0)
-     {
-+      if (!is_allowed_value(known_hashes, value->data, strlen(value->data)))
-+      {
-+        cupsArrayDelete(known_hashes);
-+        fclose(fh);
-+
-+        rip_die(EXIT_PRNERR_NOTALLOWED, "ERROR: The value of the key %s is not among the allowed values - see foomatic-rip man page for more instructions.\n", key);
-+      }
-+
-       unhtmlify(cmd, 4096, value->data);
-     }
-     else if (strcmp(key, "FoomaticRIPCommandLinePDF") == 0)
-     {
-+      if (!is_allowed_value(known_hashes, value->data, strlen(value->data)))
-+      {
-+        cupsArrayDelete(known_hashes);
-+        fclose(fh);
-+
-+        rip_die(EXIT_PRNERR_NOTALLOWED, "ERROR: The value of the key %s is not among the allowed values - see foomatic-rip man page for more instructions.\n", key);
-+      }
-+
-       unhtmlify(cmd_pdf, 4096, value->data);
-     }
-     else if (!strcmp(key, "cupsFilter"))
-@@ -2097,6 +2156,14 @@ read_ppd_file(const char *filename)
-     }
-     else if (!strcmp(key, "FoomaticRIPOptionSetting"))
-     {
-+      if (!is_allowed_value(known_hashes, value->data, strlen(value->data)))
-+      {
-+        cupsArrayDelete(known_hashes);
-+        fclose(fh);
-+
-+        rip_die(EXIT_PRNERR_NOTALLOWED, "ERROR: The value of the key %s is not among the allowed values - see foomatic-rip man page for more instructions.\n", key);
-+      }
-+
-       // "*FoomaticRIPOptionSetting <option>[=<choice>]: <code>
-       // For boolean options <choice> is not given
-       option_set_choice(assure_option(name),
--- 
-2.50.1
-

gating.yaml

@@ -1,28 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/cups-tier1-public.functional}
-#Rawhide
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/cups-tier1-public.functional} 
-
-#gating rhel
---- !Policy
-product_versions:
-  - rhel-*
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/cups-tier1-public.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/cups-tier1-internal.functional}

lftocrlf

@@ -1,124 +0,0 @@
-#!/bin/bash
-## Copyright (C) 2003-2006 Red Hat, Inc.
-## Copyright (C) 2003-2006 Tim Waugh <twaugh@redhat.com>
-## Changed on 2007/05/17, Opher Shachar, LADPC Ltd.
-##     Added support for page-ranges option.
-##     Added page accounting.
-
-## This program is free software; you can redistribute it and/or
-## modify it under the terms of the GNU General Public License
-## as published by the Free Software Foundation; either version 2
-## of the License, or (at your option) any later version.
-
-## This program is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-## GNU General Public License for more details.
-
-## You should have received a copy of the GNU General Public License
-## along with this program; if not, write to the Free Software
-## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-if [ $# == 0 ]; then
-  echo >&2 "ERROR: $0 job-id user title copies options [file]"
-  exit 1
-fi
-
-# Extract the papersize
-SENDFF=`grep '^\*DefaultSendFF' "$PPD" | cut -d\  -f2`
-COPIES=1
-if [ $# -ge 4 ]; then
-  COPIES="$4"
-fi
-
-if [ $# -lt 6 ]; then
-  unset TMPFILE
-  trap -- 'rm -f "$TMPFILE"' EXIT
-  TMPFILE=$(mktemp ${TMPDIR:-/tmp}/lftocrlf.XXXXXX)
-  cat > "$TMPFILE"
-else
-  TMPFILE="$6"
-fi
-
-PR=${5#*page-ranges=}
-# Do options specify page-ranges?
-if [[ "$PR" != "$5" ]]; then
-  PR=${PR%% *}
-else
-  #unset PR
-  PR=1-999999
-fi
-
-if [[ "$PR" ]]; then
-  TMPFILE2=$(mktemp ${TMPDIR:-/tmp}/lftocrlf2.XXXXXX)
-  pagenum=0
-  EOF=
-  { 
-  while [[ "$PR" ]]; do
-    pl=${PR%%,*}		;# take first subrange
-    PR=${PR#$pl};PR=${PR#,}	;# remove from range list
-    pu=${pl#*-}			;# extract upper and lower
-    pl=${pl%-*}			;# pages of subrange
-    # Allows interpreting 0-5,3-10 as 1-5,6-10 rejects 5-1 or 1-
-    (( pagenum >= pl )) && pl=$(( pagenum + 1 ))
-    (( pl > pu )) && continue
-    
-    # Loop reading pages until at or over lower page of subrange.
-    while read -d `echo -ne '\f'` -r; do
-      (( pagenum++ ))
-      (( pagenum == pl )) && break
-    done
-    # Did we reach lower page of subrange or EOF?
-    if (( pagenum < pl )); then
-      [[ ! "$REPLY" ]] && break		;# empty last page - we're done.
-      (( pagenum++ ))
-      EOF=y
-    fi
-    # Output page and report to page log
-    if (( pagenum == pl )); then
-      echo -n "${REPLY}" >>"$TMPFILE2"
-      # If EOF then page has no final FF
-      [[ ! "$EOF" ]] && echo -ne '\f' >>"$TMPFILE2"
-      echo "PAGE: $pagenum $COPIES" >&2
-    fi
-    [[ "$EOF" ]] && break
-    # Is the current subrange a single page?
-    (( pagenum == pu )) && continue
-    while read -d `echo -ne '\f'` -r; do
-      (( pagenum++ ))
-      echo -ne "${REPLY}\f" >>"$TMPFILE2"
-      echo "PAGE: $pagenum $COPIES" >&2
-      (( pagenum == pu )) && break
-    done
-    # Could be that we reached EOF before page boundry
-    if (( pagenum < pu )); then
-      if [[ "$REPLY" ]]; then
-        (( pagenum++ ))
-        echo -n "${REPLY}" >>"$TMPFILE2"
-        echo "PAGE: $pagenum $COPIES" >&2
-      fi
-      break
-    fi
-  done
-  } <"$TMPFILE"
-else
-  TMPFILE2="$TMPFILE"
-  pc=$(grep -co `echo -ne '\f'` "$TMPFILE2")
-  pc=$(( pc * $COPIES ))
-  echo "PAGE: $pc" >&2
-fi
-
-while [ "$COPIES" -gt 0 ]; do
-  # Just translate LF->CRLF at the moment, until the PPD has options added.
-  sed -e 's/$/'`echo -ne '\r'`'/g' "$TMPFILE2"
-
-  if [ "$SENDFF" == "True" ]
-    then
-    echo -ne \\014
-  fi
-
-  COPIES=$(($COPIES - 1))
-done
-# Cleanup
-[[ "$TMPFILE" != "$TMPFILE2" ]] && rm -f "$TMPFILE2"
-exit 0

lftocrlf.ppd

@@ -1,47 +0,0 @@
-*PPD-Adobe: "4.3"
-*%
-*% Text-only printer definition
-*%
-*FormatVersion:	"4.3"
-*FileVersion:	"1.1"
-*LanguageVersion: English
-*LanguageEncoding: ISOLatin1
-*PCFileName:	"LFTOCRLF.PPD"
-*Manufacturer:	"Generic"
-*Product:	"(Generic)"
-*cupsVersion:   1.0
-*cupsManualCopies: True
-*cupsModelNumber:  2
-*cupsFilter:    "text/plain 0 lftocrlf"
-*ModelName:     "Generic LF-to-CRLF printer"
-*ShortNickName: "Generic LF-to-CRLF printer"
-*NickName:      "Generic LF-to-CRLF printer"
-*PSVersion:	"(2017.000) 0"
-*LanguageLevel:	"2"
-*ColorDevice:	False
-*DefaultColorSpace: Gray
-*FileSystem:	False
-*Throughput:	"8"
-*LandscapeOrientation: Plus90
-*VariablePaperSize: False
-*TTRasterizer:	Type42
-*DefaultImageableArea: Letter
-*ImageableArea Letter/US Letter:	"18 36 594 756"
-*DefaultPaperDimension: Letter
-*PaperDimension Letter/Letter:		"612 792"
-*OpenUI *PageSize/Media Size: PickOne
-*OrderDependency: 10 AnySetup *PageSize
-*DefaultPageSize: Letter
-*PageSize Letter/Letter:	"<</PageSize[612 792]/ImagingBBox null>>setpagedevice"
-*CloseUI: *PageSize
-*OpenUI *PageRegion: PickOne
-*OrderDependency: 10 AnySetup *PageRegion
-*DefaultPageRegion: Letter
-*PageRegion Letter/Letter:	"<</PageSize[612 792]/ImagingBBox null>>setpagedevice"
-*CloseUI: *PageRegion
-
-*OpenUI *SendFF: Boolean
-*DefaultSendFF: False
-*SendFF True/True:        ""
-*SendFF False/False:   ""
-*CloseUI: *SendFF

plans.fmf

@@ -1,59 +0,0 @@
-/tier1-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/tier1/internal
-
-/tier1-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/tier1/public
-
-/tier2-tier3-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/tier2-tier3/internal
-
-/tier2-tier3-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/tier2-tier3/public
-
-/others-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/others/internal
-
-/others-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/others/public
-
-/multihost:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/multihost/multihost
-
-/fips-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups-filters.git
-      name: /plans/others/fips
-
-/cups-tier1-internal:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups.git
-      name: /plans/tier1/internal
-
-/cups-tier1-public:
-  plan:
-    import:
-      url: https://gitlab.com/redhat/centos-stream/tests/cups.git
-      name: /plans/tier1/public

sources

@@ -1 +1 @@
-SHA512 (cups-filters-2.0.1.tar.gz) = b5d7b8f5a89a6a6bba0e861dd3c3263195be75996d22129d123f325f6bff74fbabf22f2ee2d953908ffb8294d825af5568af6695896c76ef4082ae98cd19c42c
+SHA512 (cups-filters-1.28.5.tar.xz) = e020d0e14ad70fbac4d367b4f1d653faf5030b961c6fc4b9f9587c068ccb63c286d07ee32e04e634a877fc8ca90c6dfa4b89aa288e896eea0026e1053cd8a4ef