[Pkg-cups-devel] r503 - in cupsys/branches/cups-1.2-ubuntu/debian: . patches

Martin Pitt mpitt at debian.org
Thu Aug 2 12:19:25 UTC 2007 

Hi all,

Martin Pitt [2007-08-02 11:50 +0000]:
> * Drop our derooting changes. It still has some regressions, and with
>   upstream not even acknowledging the need for improving cupsys' security we
>   will sit on this forever. (LP: #119289, LP: #129634)
>   - Drop derooting related patches:
>     06_disable_backend_setuid.dpatch
>     10_external_pam_helper.dpatch
>     09_runasuser.dpatch
>     09_runasuser_autoconf.dpatch
>   - debian/cupsys{,-client}.postinst: Drop the 'cupsys' user setup and file
>     permission juggling.
>   - debian/rules:
>     + Drop --with-cups-user and --enable-privilege-dropping configure
>       options.
>     + Do not modify the upstream default backend permissions.
>   - debian/cupsys.init.d: Do not touch log file permissions any more.
>   - debian/cupsys.files: Drop cups-check-pam-auth.
>   - debian/NEWS: Drop description of derooting changes.
>   - debian/control: Drop adduser dependency.
>  * debian/patches/44_fixconfdirperms.dpatch: Do not create
>    /var/run/cups/certs as lp:lpadmin, but as root:lpadmin, so that cupsd
>    does not need CAP_DAC_OVERRIDE. This will make it possible to create a
>    sensible AppArmor profile.

Just for the records, I'll do the same cleanups in the Debian branch
as well, I just want to get some days of testing with this version.

I'll also get some more feedback about the new apparmor profile. If
you want, I'll commit it to the Debian branch as well. There are
certainly things that need to be improved in the profile, but it's a
good start I think, and all things work for me.

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20070802/03d29549/attachment.pgp

More information about the Pkg-cups-devel mailing list