Accepting request 315599 from Printing

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/315599 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=129
2015-07-16 15:15:20 +00:00 · 2015-07-16 15:15:20 +00:00 · 4e0d4b97b1
commit 4e0d4b97b1
parent 847020eaf9 f6694a79fc
3 changed files with 36 additions and 18 deletions
--- a/cups-2.0.3-additional_policies.patch
+++ b/cups-2.0.3-additional_policies.patch
@ -1,8 +1,6 @@
-Index: conf/cupsd.conf.in
-===================================================================
--- conf/cupsd.conf.in.orig
-+++ conf/cupsd.conf.in
-@@ -127,3 +127,36 @@ WebInterface @CUPS_WEBIF@
+--- conf/cupsd.conf.in.orig	2014-04-02 18:52:53.000000000 +0200
+++ conf/cupsd.conf.in	2015-07-01 14:39:58.000000000 +0200
+@@ -127,3 +127,45 @@ WebInterface @CUPS_WEBIF@
     Order deny,allow
   </Limit>
 </Policy>
@ -32,10 +30,19 @@ Index: conf/cupsd.conf.in
 +  # must be additionally exlicitly specified because those IPP operations are not included
 +  # in the "All" wildcard value - otherwise cupsd prints error messages of the form
 +  # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found."
-+  <Limit All Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document>
+  <Limit Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document>
+    Order deny,allow
+    Allow from all
+  </Limit>
+  # Since CUPS > 1.5.4 the "All" wildcard value must be specified separately,
+  # otherwise clients like "lpstat -p" just hang up,
+  # see https://bugzilla.opensuse.org/show_bug.cgi?id=936309
+  # and https://www.cups.org/str.php?L4659
+  <Limit All>
 +    Order deny,allow
 +    Allow from all
 +  </Limit>
 +</Policy>
 +# Explicitly set the CUPS 'default' policy to be used by default:
 +DefaultPolicy default
+
--- a/cups.changes
+++ b/cups.changes
@ -1,8 +1,19 @@
+-------------------------------------------------------------------
+Wed Jul  1 14:44:57 CEST 2015 - jsmeix@suse.de
+
+- cups-2.0.3-additional_policies.patch replaces
+  cups-1.7-additional_policies.patch that still adds the same
+  "allowallforanybody" policy but now with separated "Limit All"
+  to avoid https://www.cups.org/str.php?L4659 (boo#936309).
+- Added "-p /bin/bash" to RPM shell commands scriptlets that
+  enforces bash to be safe against any possible "bashisms", cf
+  https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
+
 -------------------------------------------------------------------
 Thu Jun 25 08:00:20 UTC 2015 - tchvatal@suse.com

- Fix the previous commit by using direct systemd call and ensuring we
-  work even on older distros
+- Fix the previous commit by using direct systemd call and
+  ensuring we work even on older distros

 -------------------------------------------------------------------
 Mon Jun 22 12:22:42 UTC 2015 - tchvatal@suse.com
--- a/cups.spec
+++ b/cups.spec
@ -47,9 +47,9 @@ Patch12:        cups-systemd-socket.patch
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 Patch100:       cups-pam.diff
-# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy
-# to cupsd.conf see https://fate.novell.com/303515
-Patch101:       cups-1.7-additional_policies.patch
+# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf
+# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
+Patch101:       cups-2.0.3-additional_policies.patch
 # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs:
 Patch102:       cups-1.3.9-desktop_file.patch
 # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch
@ -256,8 +256,8 @@ browsing". This is now handled by cups-browsed service.
 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream:
 # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE:
 %patch100
-# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy
-# to cupsd.conf see https://fate.novell.com/303515
+# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf
+# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309
 %patch101
 # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs:
 %patch102
@ -429,22 +429,22 @@ EOF
 # boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869
 %fdupes -s %{buildroot}/%{_datadir}/cups/templates

-%pre
+%pre -p /bin/bash
 getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin 2>/dev/null
 %service_add_pre cups.service cups-lpd@.service cups-lpd.socket cups.socket

-%post
+%post -p /bin/bash
 %service_add_post cups.service cups-lpd@.service cups-lpd.socket cups.socket
 # Use %tmpfiles_create when 13.2 is oldest in support scope
 /usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/cups.conf || :

-%preun
+%preun -p /bin/bash
 %service_del_preun cups.service cups-lpd@.service cups-lpd.socket cups.socket

-%postun
+%postun -p /bin/bash
 %service_del_postun cups.service cups-lpd@.service cups-lpd.socket cups.socket

-%posttrans
+%posttrans -p /bin/bash
 # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe
 # an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed
 # see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets