cupsys (1.2.12-1ubuntu2) gutsy; urgency=low
* Drop our derooting changes. It still has some regressions, and with
upstream not even acknowledging the need for improving cupsys' security we
will sit on this forever. (LP: #119289, LP: #129634)
- Drop derooting related patches:
06_disable_backend_setuid.dpatch
10_external_pam_helper.dpatch
09_runasuser.dpatch
09_runasuser_autoconf.dpatch
- debian/cupsys{,-client}.postinst: Drop the 'cupsys' user setup and file
permission juggling.
- debian/rules:
+ Drop --with-cups-user and --enable-privilege-dropping configure
options.
+ Do not modify the upstream default backend permissions.
- debian/cupsys.init.d: Do not touch log file permissions any more.
- debian/cupsys.files: Drop cups-check-pam-auth.
- debian/NEWS: Drop description of derooting changes.
- debian/control: Drop adduser dependency.
* debian/patches/44_fixconfdirperms.dpatch: Do not create
/var/run/cups/certs as lp:lpadmin, but as root:lpadmin, so that cupsd
does not need CAP_DAC_OVERRIDE. This will make it possible to create a
sensible AppArmor profile.
* debian/cupsys.preinst: Fix file permissions on upgrades (owner cupsys ->
root).
* Add debian/local/apparmor-profile: AppArmor profile for cupsys, to replace
the former derooting patches. This uses complain mode for now, until we
got some more testing. Install it to /etc/apparmor.d/usr.sbin.cupsd in
debian/rules and reload apparmor in debian/cupsys.postinst on configure.
-- Martin Pitt <[EMAIL PROTECTED]> Thu, 02 Aug 2007 14:06:05
+0200
** Changed in: cupsys (Ubuntu)
Status: In Progress => Fix Released
--
make backend invocation compatible to upstream
https://bugs.launchpad.net/bugs/119289
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
