[Pkg-cups-devel] r47 - in cupsys/branches/cups-1.2/debian: . patches

Martin Pitt mpitt at costa.debian.org
Wed Dec 7 14:11:51 UTC 2005 

Author: mpitt
Date: Wed Dec  7 14:11:49 2005
New Revision: 47

Added:
   cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch   (contents, props changed)
Modified:
   cupsys/branches/cups-1.2/debian/changelog
   cupsys/branches/cups-1.2/debian/patches/00list
Log:
Add debian/patches/09_runasuser_fixes.dpatch:
- scheduler/main.c: Generate a certificate even when running as user, just
  as in 1.1.x; this unbreaks local certificate authorization for cupsd
  when it runs as normal user.
- scheduler/main.c: When running as non-root, call initgroups() instead of
  setgroups() to allow auxiliary groups. These are required to access
  different device types (lp for USB/parallel printers, dialout for serial
  printers, etc.)



Modified: cupsys/branches/cups-1.2/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2/debian/changelog	(original)
+++ cupsys/branches/cups-1.2/debian/changelog	Wed Dec  7 14:11:49 2005
@@ -22,8 +22,16 @@
     - Put configuration files into group root instead of nobody to avoid
       privilege escalation of nobody/nogroup and comply to Debian standards.
     - Disable changing permissions of cupsd.conf conffile.
+  * Add debian/patches/09_runasuser_fixes.dpatch:
+    - scheduler/main.c: Generate a certificate even when running as user, just
+      as in 1.1.x; this unbreaks local certificate authorization for cupsd
+      when it runs as normal user.
+    - scheduler/main.c: When running as non-root, call initgroups() instead of
+      setgroups() to allow auxiliary groups. These are required to access
+      different device types (lp for USB/parallel printers, dialout for serial
+      printers, etc.)
 
- -- Martin Pitt <mpitt at debian.org>  Wed,  7 Dec 2005 14:44:33 +0100
+ -- Martin Pitt <mpitt at debian.org>  Wed,  7 Dec 2005 15:01:24 +0100
 
 cupsys (1.1.99.b1.r4841-1) experimental; urgency=low
 

Modified: cupsys/branches/cups-1.2/debian/patches/00list
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/00list	(original)
+++ cupsys/branches/cups-1.2/debian/patches/00list	Wed Dec  7 14:11:49 2005
@@ -5,6 +5,7 @@
 06_replacepdftops.dpatch
 07_removecvstag.dpatch
 08_cupsd.conf.conf.d.dpatch
+09_runasuser_fixes.dpatch
 10_cupsd.conf2.dpatch
 11_pam.dpatch
 19_cupsaccept.dpatch

Added: cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch
==============================================================================
--- (empty file)
+++ cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch	Wed Dec  7 14:11:49 2005
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 09_runasuser_fixes.dpatch by  <mpitt at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad cupsys~/scheduler/main.c cupsys/scheduler/main.c
+--- cupsys~/scheduler/main.c	2005-12-07 14:51:18.000000000 +0100
++++ cupsys/scheduler/main.c	2005-12-07 15:00:24.000000000 +0100
+@@ -52,6 +52,7 @@
+ #include <sys/resource.h>
+ #include <syslog.h>
+ #include <grp.h>
++#include <pwd.h>
+ 
+ #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
+ #  include <malloc.h>
+@@ -434,7 +435,7 @@
+   if (RunAsUser)
+   {
+     setgid(Group);
+-    setgroups(1, &Group);
++    initgroups(getpwuid(User)->pw_name, Group);
+     setuid(User);
+   }
+ 
+@@ -812,8 +813,7 @@
+     * Update the root certificate once every 5 minutes...
+     */
+ 
+-    if ((current_time - RootCertTime) >= RootCertDuration && RootCertDuration &&
+-        !RunUser)
++    if ((current_time - RootCertTime) >= RootCertDuration && RootCertDuration)
+     {
+      /*
+       * Update the root certificate...

More information about the Pkg-cups-devel mailing list