[Pkg-cups-devel] r858 - in cupsys/trunk: . debian debian/patches
Martin Pitt
mpitt at alioth.debian.org
Sat Sep 6 13:37:26 UTC 2008
Author: mpitt
Date: Sat Sep 6 13:37:26 2008
New Revision: 858
Log:
confdirperms.dpatch: Remove a few hunks which were only relevant for
running cups as system user. Remove the SSL certificate bits as well,
rewrite it to be upstream compatible, split it out to
dont-chown-symlinked-ssl.dpatch, reported it upstream.
Added:
cupsys/trunk/debian/patches/dont-chown-symlinked-ssl.dpatch (contents, props changed)
Modified:
cupsys/trunk/ (props changed)
cupsys/trunk/debian/changelog
cupsys/trunk/debian/patches/00list
cupsys/trunk/debian/patches/confdirperms.dpatch
Modified: cupsys/trunk/debian/changelog
==============================================================================
--- cupsys/trunk/debian/changelog (original)
+++ cupsys/trunk/debian/changelog Sat Sep 6 13:37:26 2008
@@ -18,8 +18,12 @@
* Drop quiesce_ipp_logging.dpatch: It was only necessary for the polling
from gnome-cups-icon, but fortunately gnome-cups-manager has been removed
now.
+ * confdirperms.dpatch: Remove a few hunks which were only relevant for
+ running cups as system user. Remove the SSL certificate bits as well,
+ rewrite it to be upstream compatible, split it out to
+ dont-chown-symlinked-ssl.dpatch, reported it upstream.
- -- Martin Pitt <mpitt at debian.org> Sat, 06 Sep 2008 14:49:12 +0200
+ -- Martin Pitt <mpitt at debian.org> Sat, 06 Sep 2008 14:59:30 +0200
cups (1.3.8-7) experimental; urgency=low
Modified: cupsys/trunk/debian/patches/00list
==============================================================================
--- cupsys/trunk/debian/patches/00list (original)
+++ cupsys/trunk/debian/patches/00list Sat Sep 6 13:37:26 2008
@@ -17,6 +17,7 @@
manpage-translations.dpatch
quiesce-bonjour-warning.dpatch
cupsaccept.dpatch
+dont-chown-symlinked-ssl.dpatch
# patches which should go upstream
device_uri.dpatch
Modified: cupsys/trunk/debian/patches/confdirperms.dpatch
==============================================================================
--- cupsys/trunk/debian/patches/confdirperms.dpatch (original)
+++ cupsys/trunk/debian/patches/confdirperms.dpatch Sat Sep 6 13:37:26 2008
@@ -1,69 +1,12 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
-## 44_fixconfdirperms.dpatch by Kenshi Muto <kmuto at debian.org>
+## confdirperms.dpatch by Martin Pitt <mpitt at debian.org>
##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
+## DP: Do not mess with the permissions of cupsd.conf.
@DPATCH@
diff -urNad cups-1.3.0~rc2~/scheduler/conf.c cups-1.3.0~rc2/scheduler/conf.c
--- cups-1.3.0~rc2~/scheduler/conf.c 2007-07-30 17:47:10.000000000 +0100
+++ cups-1.3.0~rc2/scheduler/conf.c 2007-08-02 16:30:54.000000000 +0100
-@@ -683,22 +683,10 @@
-
- cupsdLogMessage(CUPSD_LOG_NOTICE,
- "Group and SystemGroup cannot use the same groups!");
-- cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
-+ cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"root\"...");
-
-- group = getgrnam("nobody");
- endgrent();
--
-- if (group != NULL)
-- Group = group->gr_gid;
-- else
-- {
-- /*
-- * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
-- * complement number...)
-- */
--
-- Group = 65534;
-- }
-+ Group = 0;
- }
- }
-
-@@ -752,21 +740,10 @@
- if (ServerCertificate[0] != '/')
- cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
-
-- if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)))
-- {
-- chown(ServerCertificate, RunUser, Group);
-- chmod(ServerCertificate, 0600);
-- }
--
- # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
- if (ServerKey[0] != '/')
- cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
-
-- if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)))
-- {
-- chown(ServerKey, RunUser, Group);
-- chmod(ServerKey, 0600);
-- }
- # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
- #endif /* HAVE_SSL */
-
-@@ -781,7 +758,7 @@
- Group, 1, 1) < 0 ||
- cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
- Group, 1, 1) < 0 ||
-- cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
-+ cupsdCheckPermissions(StateDir, "certs", 0711, 0,
- SystemGroupIDs[0], 1, 1) < 0 ||
- cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
- Group, 1, 0) < 0 ||
@@ -789,8 +766,10 @@
Group, 1, 1) < 0 ||
cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
Added: cupsys/trunk/debian/patches/dont-chown-symlinked-ssl.dpatch
==============================================================================
--- (empty file)
+++ cupsys/trunk/debian/patches/dont-chown-symlinked-ssl.dpatch Sat Sep 6 13:37:26 2008
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## dont-chown-symlinked-ssl.dpatch by Martin Pitt <mpitt at debian.org>
+##
+## DP: Do not clobber permissions of SSL cert/key if they are symbolic links.
+## DP: (http://www.cups.org/str.php?L2937)
+
+ at DPATCH@
+diff -urNad trunk~/scheduler/conf.c trunk/scheduler/conf.c
+--- trunk~/scheduler/conf.c 2008-09-06 15:19:13.000000000 +0200
++++ trunk/scheduler/conf.c 2008-09-06 15:19:23.000000000 +0200
+@@ -754,7 +754,8 @@
+ if (ServerCertificate[0] != '/')
+ cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
+
+- if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)))
++ if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
++ !lstat(ServerCertificate, &tmpinfo) && !S_ISLNK(tmpinfo.st_mode))
+ {
+ chown(ServerCertificate, RunUser, Group);
+ chmod(ServerCertificate, 0600);
+@@ -764,7 +765,8 @@
+ if (ServerKey[0] != '/')
+ cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
+
+- if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)))
++ if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
++ !lstat(ServerKey, &tmpinfo) && !S_ISLNK(tmpinfo.st_mode))
+ {
+ chown(ServerKey, RunUser, Group);
+ chmod(ServerKey, 0600);
More information about the Pkg-cups-devel
mailing list