pool/cups
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 247233 from home:jsmeix:branches:Printing

Browse Source 
CUPS additional fix for bnc#892587 a regression of the security fix bnc#887240

OBS-URL: https://build.opensuse.org/request/show/247233
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=286
This commit is contained in:
Johannes Meixner 2014-09-02 13:58:54 +00:00 committed by Git OBS Bridge
parent dd0e9ee7fb
commit a3d3596ebb
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cups.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Sep 2 15:48:23 CEST 2014 - jsmeix@suse.de
- Let fdupes only create symlinks in /usr/share/cups/templates/ to
avoid a symlink /usr/share/cups/webcontent/images/cups-icon.png
because the cupsd web server does no longer follow symlinks
to avoid the security issues mentioned in the previous entry
below (fixes bnc#892587 a regression of bnc#887240).
-------------------------------------------------------------------
Tue Sep 2 15:26:36 CEST 2014 - jsmeix@suse.de

10
cups.spec
View File

@ -586,8 +586,14 @@ sed -i -e 's|/var/lock|/run/lock|g' %{buildroot}/etc/init.d/cups
# compare https://bugzilla.novell.com/show_bug.cgi?id=784869
# so that fdupes can only run for specific directories where linking files is safe.
# Using fdupes -s, which will create symlinks that are easier to grasp for rpm and
# rpmlint will give a "dangling symlink" error if the file and link ended up in different packages:
%fdupes -s %{buildroot}/%{_datadir}/cups
# rpmlint will give a "dangling symlink" error if the file and link ended up in different packages.
# All symlinks created by fdupes are in /usr/share/cups/templates/
# except /usr/share/cups/webcontent/images/cups-icon.png -> /usr/share/cups/webcontent/images/cups.png
# but that one must not be a symlink because since CUPS 1.7.4/1.7.5 the cupsd web server does no longer
# follow symlink to avoid security issues (see bnc#892587 and bnc#887240 and and the upstream
# issues http://www.cups.org/str.php?L4450 and https://www.cups.org/str.php?L4455)
# so that fdupes should only create symlinks in /usr/share/cups/templates/:
%fdupes -s %{buildroot}/%{_datadir}/cups/templates
%pre
# Use a real bash script with an explicit "exit 0" at the end to be by default fail safe