diff --git a/cups-1.3.7-additional_policies.patch b/cups-1.3.7-additional_policies.patch
new file mode 100644
index 0000000..7f4f70a
--- /dev/null
+++ b/cups-1.3.7-additional_policies.patch
@@ -0,0 +1,58 @@
+--- cups-1.3.7/conf/cupsd.conf.in.orig 2008-07-08 12:11:01.000000000 +0200
++++ cups-1.3.7/conf/cupsd.conf.in 2008-07-08 13:11:57.000000000 +0200
+@@ -78,6 +78,55 @@
+
+
+
++DefaultPolicy default
++
++# easy is a very relaxed policy
++
++ # Job-related operations must be done by the owner or an administrator...
++
++ Satisfany any
++ Order allow,deny
++
++
++
++# paranoid is a very restricted policy
++
++ # Job-related operations must be done by the owner
++
++ Require user @OWNER
++ Allow from 127.0.0.0/8
++ Order deny,allow
++
++ # All administration operations require an administrator to authenticate...
++
++ AuthType Default
++ Require user @SYSTEM
++ Allow from 127.0.0.0/8
++ Order deny,allow
++
++
++ # All printer operations require a printer operator to authenticate...
++
++ AuthType Default
++ Require user @CUPS_DEFAULT_PRINTADMIN_AUTH@
++ Allow from 127.0.0.0/8
++ Order deny,allow
++
++
++ # Only the owner or an administrator can cancel or authenticate a job...
++
++ Require user @OWNER
++ Allow from 127.0.0.0/8
++ Order deny,allow
++
++
++
++ Require user @OWNER @CUPS_DEFAULT_PRINTADMIN_AUTH@
++ Allow from 127.0.0.0/8
++ Order deny,allow
++
++
++
+ #
+ # End of "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $".
+ #
diff --git a/cups.changes b/cups.changes
index 435ce68..f6e6f57 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Jul 10 17:08:55 CEST 2008 - kssingvo@suse.de
+
+- added two additional policies to cupsd.conf (fate#303515)
+
+-------------------------------------------------------------------
+Tue Jul 9 13:19:34 CEST 2008 - kssingvo@suse.de
+
+- fixed abuild failure: ownership of lppasswd
+
-------------------------------------------------------------------
Tue Jul 1 15:59:34 CEST 2008 - kssingvo@suse.de
diff --git a/cups.spec b/cups.spec
index e9dc200..a1621ad 100644
--- a/cups.spec
+++ b/cups.spec
@@ -22,7 +22,7 @@ License: GPL v2 or later
Group: Hardware/Printing
Summary: The Common UNIX Printing System
Version: 1.3.7
-Release: 29
+Release: 30
Requires: cups-libs = %{version}, cups-client = %{version}
Requires: ghostscript_any, ghostscript-fonts-std, foomatic-filters
Requires: util-linux /usr/bin/pdftops
@@ -73,6 +73,7 @@ Patch20: cups-1.4svn-pdftops_dont_fail_on_cancel.patch
Patch21: cups-1.3.7-keeping_recommended.patch
Patch22: cups-1.3.7-configfile_NoBrowseAddress.patch
Patch23: cups-1.3.7-lppasswd_fixperm.patch
+Patch24: cups-1.3.7-additional_policies.patch
Patch100: cups-1.1.23-testpage.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -175,6 +176,7 @@ mv pdftops pdftos.use_filter_pdftops_c
%patch21 -p1
%patch22 -p1
%patch23 -p1
+%patch24 -p1
if [ -f /.buildenv ]; then
. /.buildenv
else
@@ -396,7 +398,7 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
%{_bindir}/lpc
%{_bindir}/lphelp
%{_bindir}/lpoptions
-%attr(2755,-,lp) %{_bindir}/lppasswd
+%attr(2755,lp,lp) %{_bindir}/lppasswd
%{_bindir}/lpq
%{_bindir}/lpr
%{_bindir}/lprm
@@ -419,7 +421,7 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
%files libs
%defattr(-,root,root)
%{_bindir}/cups-config
-%dir %attr(0775,root,lp) %{_sysconfdir}/cups/
+# %dir %attr(0775,root,lp) %{_sysconfdir}/cups/
%dir %attr(0710,root,lp) %{_var}/spool/cups
%dir %attr(1770,root,lp) %{_var}/spool/cups/tmp
%dir %attr(0755,lp,lp) %{_var}/log/cups/
@@ -430,6 +432,10 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
%{_datadir}/locale/*/cups_*
%changelog
+* Thu Jul 10 2008 kssingvo@suse.de
+- added two additional policies to cupsd.conf (fate#303515)
+* Wed Jul 09 2008 kssingvo@suse.de
+- fixed abuild failure: ownership of lppasswd
* Tue Jul 01 2008 kssingvo@suse.de
- fix directory/setgid permissions for lppasswd use (bnc#404142)
* Wed Jun 04 2008 kssingvo@suse.de