From faeeb2e5c85a69962f1803f0b334c35adb156cd763c22481c4e8d22f64128e5d Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 3 Aug 2007 22:15:24 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=14

---
 cups-conf-relaxed-policy.patch |  53 ---------
 cups-domain-socket-auth.patch  | 191 ---------------------------------
 cups.changes                   |  10 --
 cups.spec                      |  13 +--
 4 files changed, 1 insertion(+), 266 deletions(-)
 delete mode 100644 cups-conf-relaxed-policy.patch
 delete mode 100644 cups-domain-socket-auth.patch

diff --git a/cups-conf-relaxed-policy.patch b/cups-conf-relaxed-policy.patch
deleted file mode 100644
index 59e9864..0000000
--- a/cups-conf-relaxed-policy.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-diff -ur /usr/src/packages/BUILD/cups-1.2.11/conf/cupsd.conf.in ./conf/cupsd.conf.in
---- /usr/src/packages/BUILD/cups-1.2.11/conf/cupsd.conf.in	2007-07-30 13:56:58.000000000 -0400
-+++ ./conf/cupsd.conf.in	2007-07-30 13:52:20.000000000 -0400
-@@ -25,6 +25,9 @@
- # Default authentication type, when authentication is required...
- DefaultAuthType Basic
- 
-+# Set the default policy to relaxed...
-+DefaultPolicy relaxed
-+
- # Restrict access to the server...
- <Location />
-   Order allow,deny
-@@ -47,6 +50,39 @@
-   Allow localhost
- </Location>
- 
-+# relaxed policy
-+<Policy relaxed>
-+
-+# Let local users do reasonable things
-+<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Deactivate-Printer Activate-Printer CUPS-Delete-Printer CUPS-Add-Printer CUPS-Set-Default>
-+Require user @users @SYSTEM
-+Order deny,allow
-+Allow From localhost
-+</Limit> 
-+
-+# Job-related operations must be done by the owner or an adminstrator...
-+<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
-+Require user @OWNER @SYSTEM
-+Order deny,allow
-+</Limit>
-+<Limit All>
-+Order deny,allow
-+</Limit>
-+
-+<Limit Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
-+AuthType Basic
-+Require user @SYSTEM
-+Order deny,allow
-+</Limit> 
-+
-+# Only the owner or an administrator can cancel or authenticate a job...
-+<Limit Cancel-Job CUPS-Authenticate-Job>
-+Require user @OWNER @SYSTEM
-+Order deny,allow
-+</Limit>
-+
-+</Policy>
-+
- # Set the default printer/job policies...
- <Policy default>
-   # Job-related operations must be done by the owner or an adminstrator...
diff --git a/cups-domain-socket-auth.patch b/cups-domain-socket-auth.patch
deleted file mode 100644
index 2d39b19..0000000
--- a/cups-domain-socket-auth.patch
+++ /dev/null
@@ -1,191 +0,0 @@
---- cups-1.2.10/cups/auth.c.af_unix-auth	2007-01-10 16:48:37.000000000 +0000
-+++ cups-1.2.10/cups/auth.c	2007-03-29 16:59:51.000000000 +0100
-@@ -26,6 +26,8 @@
-  * Contents:
-  *
-  *   cupsDoAuthentication() - Authenticate a request.
-+ *   cups_peercred_auth()   - Find out if SO_PEERCRED authentication
-+ *                            is possible
-  *   cups_local_auth()      - Get the local authorization certificate if
-  *                            available/applicable...
-  */
-@@ -40,7 +42,9 @@
- #include <ctype.h>
- #include <errno.h>
- #include <fcntl.h>
-+#include <pwd.h>
- #include <sys/stat.h>
-+#include <sys/types.h>
- #if defined(WIN32) || defined(__EMX__)
- #  include <io.h>
- #else
-@@ -177,6 +181,76 @@
-   return (0);
- }
- 
-+/*
-+ * 'cups_peercred_auth()'
-+ *                     - UNIX Domain Sockets authentication
-+ */
-+
-+static int				/* O - 0 if available, -1 if not */
-+cups_peercred_auth(http_t *http)	/* I - HTTP connection to server */
-+{
-+#ifdef SO_PEERCRED
-+  long buflen;
-+  char *buf, *newbuf;
-+  struct passwd pwbuf, *pwbufptr;
-+  int r;
-+
-+  if (http->hostaddr->addr.sa_family != AF_LOCAL)
-+    return (-1);
-+
-+ /*
-+  * Are we trying to authenticate as ourselves?  If not, SO_PEERCRED
-+  * is no use.
-+  */
-+  buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
-+  buf = NULL;
-+  do
-+  {
-+    newbuf = realloc (buf, buflen);
-+    if (newbuf == NULL)
-+    {
-+      free (buf);
-+      return (-1);
-+    }
-+
-+    buf = newbuf;
-+    r = getpwnam_r (cupsUser(), &pwbuf, buf, buflen, &pwbufptr);
-+    if (r != 0)
-+    {
-+      if (r == ERANGE)
-+      {
-+	buflen *= 2;
-+	continue;
-+      }
-+
-+      free (buf);
-+      return (-1);
-+    }
-+  }
-+  while (r != 0);
-+
-+  if (pwbuf.pw_uid != getuid())
-+  {
-+    free (buf);
-+    return (-1);
-+  }
-+
-+  free (buf);
-+
-+ /*
-+  * Set the authorization string and return...
-+  */
-+
-+  snprintf(http->authstring, sizeof(http->authstring), "SO_PEERCRED");
-+
-+  DEBUG_printf(("cups_peercred_auth: Returning authstring = \"%s\"\n",
-+		http->authstring));
-+
-+  return (0);
-+#else
-+  return (-1);
-+#endif /* SO_PEERCRED */
-+}
- 
- /*
-  * 'cups_local_auth()' - Get the local authorization certificate if
-@@ -234,7 +308,7 @@
-   {
-     DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
-                   filename, strerror(errno)));
--    return (-1);
-+    return cups_peercred_auth(http);
-   }
- 
-  /*
---- cups-1.2.10/scheduler/auth.c.af_unix-auth	2006-09-12 14:58:39.000000000 +0100
-+++ cups-1.2.10/scheduler/auth.c	2007-03-29 17:03:53.000000000 +0100
-@@ -60,6 +60,9 @@
- 
- #include "cupsd.h"
- #include <grp.h>
-+#include <pwd.h>
-+#include <sys/socket.h>
-+#include <sys/types.h>
- #ifdef HAVE_SHADOW_H
- #  include <shadow.h>
- #endif /* HAVE_SHADOW_H */
-@@ -79,6 +82,9 @@
- #ifdef HAVE_MEMBERSHIP_H
- #  include <membership.h>
- #endif /* HAVE_MEMBERSHIP_H */
-+#if !defined(WIN32) && !defined(__EMX__)
-+#  include <unistd.h>
-+#endif
- 
- 
- /*
-@@ -384,6 +390,61 @@
-                     "cupsdAuthorize: No authentication data provided.");
-     return;
-   }
-+#ifdef SO_PEERCRED
-+  else if (!strncmp(authorization, "SO_PEERCRED", 3) &&
-+	   con->http.hostaddr->addr.sa_family == AF_LOCAL)
-+  {
-+    long buflen;
-+    char *buf, *newbuf;
-+    struct passwd pwbuf, *pwbufptr;
-+    struct ucred u;
-+    socklen_t ulen = sizeof(u);
-+    int r;
-+
-+    if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &u, &ulen) == -1)
-+    {
-+      cupsdLogMessage(CUPSD_LOG_ERROR,
-+		      "cupsdAuthorize: getsockopt failed for SO_PEERCRED");
-+      return;
-+    }
-+
-+    buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
-+    buf = NULL;
-+    do
-+    {
-+      newbuf = realloc (buf, buflen);
-+      if (newbuf == NULL)
-+      {
-+	free (buf);
-+	return;
-+      }
-+
-+      buf = newbuf;
-+
-+      /* Look up which username the UID is for. */
-+      r = getpwuid_r (u.uid, &pwbuf, buf, buflen, &pwbufptr);
-+      if (r != 0)
-+      {
-+	if (r == ERANGE)
-+	{
-+	  buflen *= 2;
-+	  continue;
-+	}
-+
-+	cupsdLogMessage(CUPSD_LOG_ERROR,
-+			"cupsdAuthorize: getpwuid_r failed after SO_PEERCRED");
-+	free (buf);
-+	return;
-+      }
-+    }
-+    while (r != 0);
-+
-+    strlcpy(username, pwbuf.pw_name, sizeof(username));
-+    free (buf);
-+    cupsdLogMessage(CUPSD_LOG_DEBUG2,
-+		    "cupsdAuthorize: using SO_PEERCRED (uid=%d)", u.uid);
-+  }
-+#endif /* SO_PEERCRED */
-   else if (!strncmp(authorization, "Local", 5) &&
-            !strcasecmp(con->http.hostname, "localhost"))
-   {
diff --git a/cups.changes b/cups.changes
index b898c9d..7647148 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,13 +1,3 @@
--------------------------------------------------------------------
-Fri Aug  3 16:20:23 CEST 2007 - crivera@suse.de
-
-- Add cups-conf-relaxed-policy.patch, which defines a relaxed 
-  policy in cupsd.conf and makes it the default.  This allows
-  normal users to make changes to local printers.
-- Add cups-domain-socket-auth.patch, which has already been 
-  accepted upstream, to allow cups to use domain socket 
-  authentication for clients on the local machine.
-
 -------------------------------------------------------------------
 Mon Jul 30 15:41:27 CEST 2007 - kssingvo@suse.de
 
diff --git a/cups.spec b/cups.spec
index 1207639..d954824 100644
--- a/cups.spec
+++ b/cups.spec
@@ -17,7 +17,7 @@ License:        GPL v2 or later, individual distribution permission.
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.2.12
-Release:        2
+Release:        3
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux
@@ -52,8 +52,6 @@ Patch14:        cups-1.1.21-testppd_duplex.patch
 Patch15:        cups-1.2.11-testppd_filename.patch
 Patch16:        cups-1.2.5-desktop_file.patch
 Patch17:        cups-1.2.6-lppasswd_permission.patch
-Patch18:        cups-conf-relaxed-policy.patch
-Patch19:        cups-domain-socket-auth.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %suse_version >= 801
@@ -146,8 +144,6 @@ Authors:
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
-%patch18 -p1
-%patch19 -p1
 if [ -f /.buildenv ]; then
 	. /.buildenv
 else
@@ -385,13 +381,6 @@ install -m 644 %{SOURCE17} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/service
 %{_datadir}/locale/*/cups_*
 
 %changelog
-* Fri Aug 03 2007 - crivera@suse.de
-- Add cups-conf-relaxed-policy.patch, which defines a relaxed
-  policy in cupsd.conf and makes it the default.  This allows
-  normal users to make changes to local printers.
-- Add cups-domain-socket-auth.patch, which has already been
-  accepted upstream, to allow cups to use domain socket
-  authentication for clients on the local machine.
 * Mon Jul 30 2007 - kssingvo@suse.de
 - upgrade to cups-1.2.12:
   * The PHP cups_print_file() function crashed if the options array