From f6694a79fcce5630f8e5e7f9d40fb1318e2d04e0ded7ac000252952d4782c361 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Wed, 1 Jul 2015 13:50:32 +0000 Subject: [PATCH] Accepting request 314729 from home:jsmeix:branches:Printing CUPS bugfix for allowallforanybody policy https://www.cups.org/str.php?L4659 (boo#936309) OBS-URL: https://build.opensuse.org/request/show/314729 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=304 --- ...ch => cups-2.0.3-additional_policies.patch | 19 ++++++++++++------ cups.changes | 15 ++++++++++++-- cups.spec | 20 +++++++++---------- 3 files changed, 36 insertions(+), 18 deletions(-) rename cups-1.7-additional_policies.patch => cups-2.0.3-additional_policies.patch (75%) diff --git a/cups-1.7-additional_policies.patch b/cups-2.0.3-additional_policies.patch similarity index 75% rename from cups-1.7-additional_policies.patch rename to cups-2.0.3-additional_policies.patch index 8f0a1cc..a6a06ac 100644 --- a/cups-1.7-additional_policies.patch +++ b/cups-2.0.3-additional_policies.patch @@ -1,8 +1,6 @@ -Index: conf/cupsd.conf.in -=================================================================== ---- conf/cupsd.conf.in.orig -+++ conf/cupsd.conf.in -@@ -127,3 +127,36 @@ WebInterface @CUPS_WEBIF@ +--- conf/cupsd.conf.in.orig 2014-04-02 18:52:53.000000000 +0200 ++++ conf/cupsd.conf.in 2015-07-01 14:39:58.000000000 +0200 +@@ -127,3 +127,45 @@ WebInterface @CUPS_WEBIF@ Order deny,allow @@ -32,10 +30,19 @@ Index: conf/cupsd.conf.in + # must be additionally exlicitly specified because those IPP operations are not included + # in the "All" wildcard value - otherwise cupsd prints error messages of the form + # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found." -+ ++ ++ Order deny,allow ++ Allow from all ++ ++ # Since CUPS > 1.5.4 the "All" wildcard value must be specified separately, ++ # otherwise clients like "lpstat -p" just hang up, ++ # see https://bugzilla.opensuse.org/show_bug.cgi?id=936309 ++ # and https://www.cups.org/str.php?L4659 ++ + Order deny,allow + Allow from all + + +# Explicitly set the CUPS 'default' policy to be used by default: +DefaultPolicy default ++ diff --git a/cups.changes b/cups.changes index f231aff..7a10945 100644 --- a/cups.changes +++ b/cups.changes @@ -1,8 +1,19 @@ +------------------------------------------------------------------- +Wed Jul 1 14:44:57 CEST 2015 - jsmeix@suse.de + +- cups-2.0.3-additional_policies.patch replaces + cups-1.7-additional_policies.patch that still adds the same + "allowallforanybody" policy but now with separated "Limit All" + to avoid https://www.cups.org/str.php?L4659 (boo#936309). +- Added "-p /bin/bash" to RPM shell commands scriptlets that + enforces bash to be safe against any possible "bashisms", cf + https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets + ------------------------------------------------------------------- Thu Jun 25 08:00:20 UTC 2015 - tchvatal@suse.com -- Fix the previous commit by using direct systemd call and ensuring we - work even on older distros +- Fix the previous commit by using direct systemd call and + ensuring we work even on older distros ------------------------------------------------------------------- Mon Jun 22 12:22:42 UTC 2015 - tchvatal@suse.com diff --git a/cups.spec b/cups.spec index 52d4642..335b20b 100644 --- a/cups.spec +++ b/cups.spec @@ -47,9 +47,9 @@ Patch12: cups-systemd-socket.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff -# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy -# to cupsd.conf see https://fate.novell.com/303515 -Patch101: cups-1.7-additional_policies.patch +# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf +# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 +Patch101: cups-2.0.3-additional_policies.patch # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: Patch102: cups-1.3.9-desktop_file.patch # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch @@ -256,8 +256,8 @@ browsing". This is now handled by cups-browsed service. # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy -# to cupsd.conf see https://fate.novell.com/303515 +# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf +# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 %patch101 # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: %patch102 @@ -429,22 +429,22 @@ EOF # boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869 %fdupes -s %{buildroot}/%{_datadir}/cups/templates -%pre +%pre -p /bin/bash getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin 2>/dev/null %service_add_pre cups.service cups-lpd@.service cups-lpd.socket cups.socket -%post +%post -p /bin/bash %service_add_post cups.service cups-lpd@.service cups-lpd.socket cups.socket # Use %tmpfiles_create when 13.2 is oldest in support scope /usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/cups.conf || : -%preun +%preun -p /bin/bash %service_del_preun cups.service cups-lpd@.service cups-lpd.socket cups.socket -%postun +%postun -p /bin/bash %service_del_postun cups.service cups-lpd@.service cups-lpd.socket cups.socket -%posttrans +%posttrans -p /bin/bash # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe # an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed # see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets