c7ccef2b9b
Final submission, there seem to be no activity on factory so it works
or nobody cares :)
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.
- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid page header and
compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was
already an IPP keyword (<rdar://problem/19121005>)
* cupsGetPPD* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
as most do not want it
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by the %service bla
ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package
* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only
OBS-URL: https://build.opensuse.org/request/show/286363
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=294
42 lines
2.0 KiB
Diff
42 lines
2.0 KiB
Diff
Index: conf/cupsd.conf.in
|
|
===================================================================
|
|
--- conf/cupsd.conf.in.orig
|
|
+++ conf/cupsd.conf.in
|
|
@@ -127,3 +127,36 @@ WebInterface @CUPS_WEBIF@
|
|
Order deny,allow
|
|
</Limit>
|
|
</Policy>
|
|
+
|
|
+# The policy below is added by SUSE during build of our cups package.
|
|
+# The policy 'allowallforanybody' is totally open and insecure and therefore
|
|
+# it can only be used within an internal network where only trused users exist
|
|
+# and where the cupsd is not accessible at all from any external host, see
|
|
+# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
|
|
+# Have in mind that any user who is allowed to do printer admin tasks
|
|
+# can change the print queues as he likes - e.g. send copies of confidental
|
|
+# print jobs from an internal network to any external destination, see
|
|
+# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell
|
|
+# For documentation regarding 'Managing Operation Policies' see
|
|
+# http://www.cups.org/documentation.php/doc-1.7/policies.html
|
|
+<Policy allowallforanybody>
|
|
+ # Allow anybody to access job's private values:
|
|
+ JobPrivateAccess all
|
|
+ # Make none of the job values to be private:
|
|
+ JobPrivateValues none
|
|
+ # Allow anybody to access subscription's private values:
|
|
+ SubscriptionPrivateAccess all
|
|
+ # Make none of the subscription values to be private:
|
|
+ SubscriptionPrivateValues none
|
|
+ # Allow anybody to do all IPP operations:
|
|
+ # Currently the IPP operations Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document
|
|
+ # must be additionally exlicitly specified because those IPP operations are not included
|
|
+ # in the "All" wildcard value - otherwise cupsd prints error messages of the form
|
|
+ # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found."
|
|
+ <Limit All Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document>
|
|
+ Order deny,allow
|
|
+ Allow from all
|
|
+ </Limit>
|
|
+</Policy>
|
|
+# Explicitly set the CUPS 'default' policy to be used by default:
|
|
+DefaultPolicy default
|