[Pkg-cups-devel] Bug#692791: Proposed patch now available...
Didier 'OdyX' Raboud
odyx at debian.org
Tue Nov 27 11:45:01 UTC 2012
Le lundi, 26 novembre 2012 19.52:46, Michael Sweet a écrit :
> OK, I've posted proposed patches for CUPS 1.6 and trunk (1.7); patches for
> older versions of CUPS will be substantially similar (might be some churn
> due to new configuration directives)
>
> Available at:
>
> http://www.cups.org/str.php?L4223
Hi Michael, hi Debian Security Team,
I have now taken a look at the proposed upstream security fix and have merged
it in the 1.6.1 branch, see the two commits on the pkg-cups/cups.git
repository:
- 6026af39ea3da038c6e49226779de59520da7cc6 for the proposed patches;
- d39e6abee95f747d024f2b41970c6d7a888f0dd0 for the fixes in other patches;
Roughly, the patch splits the configuration stanzas from /etc/cups/cupsd.conf
into two files: /etc/cups/cupsd.conf and /etc/cups/cups-files.conf. The first
stays web-configurable and the latter can only be configured by root.
While it's a nice long-term solution for new cups installs, I'm afraid it's
not suitable as a security hotfix (so probably not targetted at Debian testing
nor stable): the administrator has to handle the configuration files split un
himself. In addition to that, web-modified cupsd.conf is very likely to hinder
the automatic configuration stanza's split.
On the longer term (for Jessie), I think web-modifiable cupsd.conf (and
printers.conf) should be moved to /var/lib/cupsd/ and I think we should stick
to this new cups configuration files handling.
Opinions on ways forward for Wheezy (testing) and Squeeze (stable) ?
Cheers,
OdyX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20121127/e157264b/attachment.pgp>
More information about the Pkg-cups-devel
mailing list