From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 1 Mar 2022 21:18:19 +0000 (-0500)
Subject: Don't use the machine store for certs on Windows.
X-Git-Tag: v2.4.2~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=377e542d0c6139851ab7b52c95d628885348eed2;p=thirdparty%2Fcups.git

Don't use the machine store for certs on Windows.
---

diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c
index 7493400f89..6c3dd01580 100644
--- a/cups/tls-sspi.c
+++ b/cups/tls-sspi.c
@@ -2,9 +2,11 @@
  * TLS support for CUPS on Windows using the Security Support Provider
  * Interface (SSPI).
  *
- * Copyright 2010-2018 by Apple Inc.
+ * Copyright © 2020-2022 by OpenPrinting.
+ * Copyright © 2010-2018 by Apple Inc.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /**** This file is included from tls.c ****/
@@ -445,11 +447,11 @@ httpLoadCredentials(
     return (-1);
   }
 
-  if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
+  if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET /*| CRYPT_MACHINE_KEYSET*/))
   {
     if (GetLastError() == NTE_EXISTS)
     {
-      if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
+      if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, 0 /*CRYPT_MACHINE_KEYSET*/))
       {
         DEBUG_printf(("1httpLoadCredentials: CryptAcquireContext failed: %s", http_sspi_strerror(error, sizeof(error), GetLastError())));
         goto cleanup;
@@ -568,11 +570,11 @@ httpSaveCredentials(
     return (-1);
   }
 
-  if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
+  if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET /*| CRYPT_MACHINE_KEYSET*/))
   {
     if (GetLastError() == NTE_EXISTS)
     {
-      if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
+      if (!CryptAcquireContextW(&hProv, L"RememberedContainer", MS_DEF_PROV_W, PROV_RSA_FULL, 0 /*CRYPT_MACHINE_KEYSET*/))
       {
         DEBUG_printf(("1httpSaveCredentials: CryptAcquireContext failed: %s", http_sspi_strerror(error, sizeof(error), GetLastError())));
         goto cleanup;
@@ -625,7 +627,7 @@ httpSaveCredentials(
   ckp.pwszContainerName = L"RememberedContainer";
   ckp.pwszProvName      = MS_DEF_PROV_W;
   ckp.dwProvType        = PROV_RSA_FULL;
-  ckp.dwFlags           = CRYPT_MACHINE_KEYSET;
+  ckp.dwFlags           = 0 /*CRYPT_MACHINE_KEYSET*/;
   ckp.dwKeySpec         = AT_KEYEXCHANGE;
 
   if (!CertSetCertificateContextProperty(storedContext, CERT_KEY_PROV_INFO_PROP_ID, 0, &ckp))
@@ -1689,11 +1691,11 @@ http_sspi_find_credentials(
   BOOL		ok = TRUE;		/* Return value */
 
 
-  if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
+  if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET /*| CRYPT_MACHINE_KEYSET*/))
   {
     if (GetLastError() == NTE_EXISTS)
     {
-      if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
+      if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, 0 /*CRYPT_MACHINE_KEYSET*/))
       {
         DEBUG_printf(("5http_sspi_find_credentials: CryptAcquireContext failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
         ok = FALSE;
@@ -1907,11 +1909,11 @@ http_sspi_make_credentials(
 
   DEBUG_printf(("4http_sspi_make_credentials(sspi=%p, container=%p, common_name=\"%s\", mode=%d, years=%d)", sspi, container, common_name, mode, years));
 
-  if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
+  if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET /* | CRYPT_MACHINE_KEYSET*/))
   {
     if (GetLastError() == NTE_EXISTS)
     {
-      if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
+      if (!CryptAcquireContextW(&hProv, (LPWSTR)container, MS_DEF_PROV_W, PROV_RSA_FULL, 0 /*CRYPT_MACHINE_KEYSET*/))
       {
         DEBUG_printf(("5http_sspi_make_credentials: CryptAcquireContext failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
 //        fprintf(stderr, "5http_sspi_make_credentials: CryptAcquireContext failed: %s\n", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()));
@@ -2015,7 +2017,7 @@ http_sspi_make_credentials(
   ckp.pwszContainerName = (LPWSTR) container;
   ckp.pwszProvName      = MS_DEF_PROV_W;
   ckp.dwProvType        = PROV_RSA_FULL;
-  ckp.dwFlags           = CRYPT_MACHINE_KEYSET;
+  ckp.dwFlags           = 0 /*CRYPT_MACHINE_KEYSET*/;
   ckp.dwKeySpec         = AT_KEYEXCHANGE;
 
   if (!CertSetCertificateContextProperty(storedContext, CERT_KEY_PROV_INFO_PROP_ID, 0, &ckp))
diff --git a/vcnet/config.h b/vcnet/config.h
index 7d6e30829a..e58373206a 100644
--- a/vcnet/config.h
+++ b/vcnet/config.h
@@ -100,8 +100,8 @@ typedef unsigned long useconds_t;
  * Version of software...
  */
 
-#define CUPS_SVERSION "CUPS v2.4rc1"
-#define CUPS_MINIMAL "CUPS/2.4rc1"
+#define CUPS_SVERSION "CUPS v2.4.1"
+#define CUPS_MINIMAL "CUPS/2.4.1"
 
 
 /*
diff --git a/vcnet/libcups2_native.nuspec b/vcnet/libcups2_native.nuspec
index 101b196c45..06261da2ed 100644
--- a/vcnet/libcups2_native.nuspec
+++ b/vcnet/libcups2_native.nuspec
@@ -3,7 +3,7 @@
     <metadata>
         <id>libcups2_native</id>
         <title>OpenPrinting CUPS Library for VS2019+</title>
-        <version>2.4.0.3</version>
+        <version>2.4.1.0</version>
         <authors>Michael R Sweet, OpenPrinting</authors>
         <owners>michaelrsweet</owners>
         <projectUrl>https://github.com/OpenPrinting/cups</projectUrl>
@@ -16,7 +16,7 @@ and other Unix®-like operating systems. The CUPS library provides a convenient
         <copyright>Copyright © 2020-2022 by OpenPrinting, Copyright © 2007-2019 by Apple Inc., Copyright © 1997-2007 by Easy Software Products.</copyright>
         <tags>http ipp native</tags>
 	<dependencies>
-	    <dependency id="libcups2_native.redist" version="2.4.0.3" />
+	    <dependency id="libcups2_native.redist" version="2.4.1.0" />
 	</dependencies>
     </metadata>
     <files>
diff --git a/vcnet/libcups2_native.redist.nuspec b/vcnet/libcups2_native.redist.nuspec
index 19929922f7..ee4001a59f 100644
--- a/vcnet/libcups2_native.redist.nuspec
+++ b/vcnet/libcups2_native.redist.nuspec
@@ -3,7 +3,7 @@
     <metadata>
         <id>libcups2_native.redist</id>
         <title>OpenPrinting CUPS Library for VS2019+ Redist</title>
-        <version>2.4.0.3</version>
+        <version>2.4.1.0</version>
         <authors>Michael R Sweet, OpenPrinting</authors>
         <owners>michaelrsweet</owners>
         <projectUrl>https://github.com/OpenPrinting/cups</projectUrl>
diff --git a/xcode/config.h b/xcode/config.h
index 3eedc67abf..34e34aea7c 100644
--- a/xcode/config.h
+++ b/xcode/config.h
@@ -1,7 +1,7 @@
 /*
  * Configuration file for CUPS and Xcode.
  *
- * Copyright © 2021 by OpenPrinting
+ * Copyright © 2021-2022 by OpenPrinting
  * Copyright © 2007-2019 by Apple Inc.
  * Copyright © 1997-2007 by Easy Software Products.
  *
@@ -19,8 +19,8 @@
  * Version of software...
  */
 
-#define CUPS_SVERSION "CUPS v2.4rc1"
-#define CUPS_MINIMAL "CUPS/2.4rc1"
+#define CUPS_SVERSION "CUPS v2.4.1"
+#define CUPS_MINIMAL "CUPS/2.4.1"
 
 
 /*