[Pkg-cups-devel] r193 - in cupsys/branches/cups-1.2/debian: .
patches
Martin Pitt
mpitt at costa.debian.org
Fri Apr 21 14:06:05 UTC 2006
Author: mpitt
Date: Fri Apr 21 14:06:05 2006
New Revision: 193
Modified:
cupsys/branches/cups-1.2/debian/changelog
cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch
Log:
merge r192 from Ubuntu branch:
* debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
certificate permissions from 0440 to 0240, so that the CGI programs cannot
read it any more. Without this patch, cupsd presented its own certificate
to itself, and *every* user could do admin tasks without authentication.
Modified: cupsys/branches/cups-1.2/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2/debian/changelog (original)
+++ cupsys/branches/cups-1.2/debian/changelog Fri Apr 21 14:06:05 2006
@@ -10,8 +10,12 @@
the old /usr/share/cups/model directory for backwards compatibility.
* debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if
it's missing.
+ * debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
+ certificate permissions from 0440 to 0240, so that the CGI programs cannot
+ read it any more. Without this patch, cupsd presented its own certificate
+ to itself, and *every* user could do admin tasks without authentication.
- -- Kenshi Muto <kmuto at debian.org> Wed, 19 Apr 2006 14:27:12 +0200
+ -- Kenshi Muto <kmuto at debian.org> Fri, 21 Apr 2006 16:05:36 +0200
cupsys (1.1.99.rc2-0exp1) experimental; urgency=low
Modified: cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch (original)
+++ cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch Fri Apr 21 14:06:05 2006
@@ -5,9 +5,9 @@
## DP: No description.
@DPATCH@
-diff -urNad cupsys~/config-scripts/cups-defaults.m4 cupsys/config-scripts/cups-defaults.m4
---- cupsys~/config-scripts/cups-defaults.m4 2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/config-scripts/cups-defaults.m4 2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/config-scripts/cups-defaults.m4 cups-1.2-ubuntu/config-scripts/cups-defaults.m4
+--- cups-1.2-ubuntu~/config-scripts/cups-defaults.m4 2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/config-scripts/cups-defaults.m4 2006-04-21 15:52:19.000000000 +0200
@@ -218,6 +218,17 @@
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_GROUP, "$CUPS_GROUP")
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SYSTEM_GROUPS, "$CUPS_SYSTEM_GROUPS")
@@ -26,9 +26,9 @@
dnl Default printcap file...
AC_ARG_WITH(printcap, [ --with-printcap set default printcap file],
default_printcap="$withval",
-diff -urNad cupsys~/config.h.in cupsys/config.h.in
---- cupsys~/config.h.in 2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/config.h.in 2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/config.h.in cups-1.2-ubuntu/config.h.in
+--- cups-1.2-ubuntu~/config.h.in 2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/config.h.in 2006-04-21 15:52:19.000000000 +0200
@@ -41,6 +41,11 @@
#define CUPS_DEFAULT_GROUP "sys"
#define CUPS_DEFAULT_SYSTEM_GROUPS "sys root system"
@@ -41,9 +41,21 @@
/*
* Default file permissions...
-diff -urNad cupsys~/scheduler/conf.c cupsys/scheduler/conf.c
---- cupsys~/scheduler/conf.c 2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/scheduler/conf.c 2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/scheduler/cert.c cups-1.2-ubuntu/scheduler/cert.c
+--- cups-1.2-ubuntu~/scheduler/cert.c 2006-04-07 16:39:46.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/cert.c 2006-04-21 15:52:42.000000000 +0200
+@@ -116,7 +116,7 @@
+ * Root certificate...
+ */
+
+- fchmod(fd, 0440);
++ fchmod(fd, 0240);
+ fchown(fd, RunUser, SystemGroupIDs[0]);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d",
+diff -urNad cups-1.2-ubuntu~/scheduler/conf.c cups-1.2-ubuntu/scheduler/conf.c
+--- cups-1.2-ubuntu~/scheduler/conf.c 2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/conf.c 2006-04-21 15:52:19.000000000 +0200
@@ -460,7 +460,11 @@
if (!status)
return (0);
@@ -56,9 +68,9 @@
/*
* Use the default system group if none was supplied in cupsd.conf...
-diff -urNad cupsys~/scheduler/main.c cupsys/scheduler/main.c
---- cupsys~/scheduler/main.c 2006-04-07 17:36:10.000000000 +0200
-+++ cupsys/scheduler/main.c 2006-04-12 16:12:54.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/scheduler/main.c cups-1.2-ubuntu/scheduler/main.c
+--- cups-1.2-ubuntu~/scheduler/main.c 2006-04-07 17:36:10.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/main.c 2006-04-21 15:52:19.000000000 +0200
@@ -56,6 +56,9 @@
#include <sys/resource.h>
#include <syslog.h>
More information about the Pkg-cups-devel
mailing list