Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at 2015-07-16 17:15:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cups (Old) and /work/SRC/openSUSE:Factory/.cups.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups" Changes: -------- --- /work/SRC/openSUSE:Factory/cups/cups.changes 2015-06-30 10:15:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cups.new/cups.changes 2015-07-16 17:15:21.000000000 +0200 @@ -1,0 +2,11 @@ +Wed Jul 1 14:44:57 CEST 2015 - [email protected] + +- cups-2.0.3-additional_policies.patch replaces + cups-1.7-additional_policies.patch that still adds the same + "allowallforanybody" policy but now with separated "Limit All" + to avoid https://www.cups.org/str.php?L4659 (boo#936309). +- Added "-p /bin/bash" to RPM shell commands scriptlets that + enforces bash to be safe against any possible "bashisms", cf + https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets + +------------------------------------------------------------------- @@ -4,2 +15,2 @@ -- Fix the previous commit by using direct systemd call and ensuring we - work even on older distros +- Fix the previous commit by using direct systemd call and + ensuring we work even on older distros Old: ---- cups-1.7-additional_policies.patch New: ---- cups-2.0.3-additional_policies.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.luKyao/_old 2015-07-16 17:15:22.000000000 +0200 +++ /var/tmp/diff_new_pack.luKyao/_new 2015-07-16 17:15:22.000000000 +0200 @@ -47,9 +47,9 @@ # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff -# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy -# to cupsd.conf see https://fate.novell.com/303515 -Patch101: cups-1.7-additional_policies.patch +# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf +# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 +Patch101: cups-2.0.3-additional_policies.patch # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: Patch102: cups-1.3.9-desktop_file.patch # Patch103 cups-1.4-do_not_strip_recommended_from_PPDs.patch @@ -256,8 +256,8 @@ # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -# Patch101 cups-1.7-additional_policies.patch adds the 'allowallforanybody' policy -# to cupsd.conf see https://fate.novell.com/303515 +# Patch101 cups-2.0.3-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf +# see https://fate.novell.com/303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 %patch101 # Patch102 cups-1.3.9-desktop_file.patch changes desktop/cups.desktop according to what SUSE needs: %patch102 @@ -429,22 +429,22 @@ # boundaries, compare https://bugzilla.novell.com/show_bug.cgi?id=784869 %fdupes -s %{buildroot}/%{_datadir}/cups/templates -%pre +%pre -p /bin/bash getent group ntadmin >/dev/null || %{_sbindir}/groupadd -g 71 -o -r ntadmin 2>/dev/null %service_add_pre cups.service [email protected] cups-lpd.socket cups.socket -%post +%post -p /bin/bash %service_add_post cups.service [email protected] cups-lpd.socket cups.socket # Use %tmpfiles_create when 13.2 is oldest in support scope /usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/cups.conf || : -%preun +%preun -p /bin/bash %service_del_preun cups.service [email protected] cups-lpd.socket cups.socket -%postun +%postun -p /bin/bash %service_del_postun cups.service [email protected] cups-lpd.socket cups.socket -%posttrans +%posttrans -p /bin/bash # Use a real bash script with an explicit "exit 0" at the end to be by default fail safe # an explicit "exit 1" must be use to enforce package install/upgrade/erase failure where needed # see the "Shared_libraries" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets ++++++ cups-1.7-additional_policies.patch -> cups-2.0.3-additional_policies.patch ++++++ --- /work/SRC/openSUSE:Factory/cups/cups-1.7-additional_policies.patch 2015-02-20 13:50:46.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.cups.new/cups-2.0.3-additional_policies.patch 2015-07-16 17:15:21.000000000 +0200 @@ -1,8 +1,6 @@ -Index: conf/cupsd.conf.in -=================================================================== ---- conf/cupsd.conf.in.orig -+++ conf/cupsd.conf.in -@@ -127,3 +127,36 @@ WebInterface @CUPS_WEBIF@ +--- conf/cupsd.conf.in.orig 2014-04-02 18:52:53.000000000 +0200 ++++ conf/cupsd.conf.in 2015-07-01 14:39:58.000000000 +0200 +@@ -127,3 +127,45 @@ WebInterface @CUPS_WEBIF@ Order deny,allow </Limit> </Policy> @@ -32,10 +30,19 @@ + # must be additionally exlicitly specified because those IPP operations are not included + # in the "All" wildcard value - otherwise cupsd prints error messages of the form + # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found." -+ <Limit All Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document> ++ <Limit Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document> ++ Order deny,allow ++ Allow from all ++ </Limit> ++ # Since CUPS > 1.5.4 the "All" wildcard value must be specified separately, ++ # otherwise clients like "lpstat -p" just hang up, ++ # see https://bugzilla.opensuse.org/show_bug.cgi?id=936309 ++ # and https://www.cups.org/str.php?L4659 ++ <Limit All> + Order deny,allow + Allow from all + </Limit> +</Policy> +# Explicitly set the CUPS 'default' policy to be used by default: +DefaultPolicy default ++
