[cups/f20] Fix conf/log file reading for authenticated users (STR #4461).

Tim Waugh twaugh at fedoraproject.org
Thu Aug 14 12:24:21 UTC 2014 

commit ba58bf89e4f7eeab1cdf32a16a1cbac3cde7ea18
Author: Tim Waugh <twaugh at redhat.com>
Date:   Mon Aug 11 16:30:21 2014 +0100

    Fix conf/log file reading for authenticated users (STR #4461).

 cups-str4461.patch |   24 ++++++++++++++++++++++++
 cups.spec          |    8 +++++++-
 2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/cups-str4461.patch b/cups-str4461.patch
new file mode 100644
index 0000000..81121f5
--- /dev/null
+++ b/cups-str4461.patch
@@ -0,0 +1,24 @@
+diff -up cups-1.7.4/scheduler/client.c.str4461 cups-1.7.4/scheduler/client.c
+--- cups-1.7.4/scheduler/client.c.str4461	2014-08-11 16:30:04.695889827 +0100
++++ cups-1.7.4/scheduler/client.c	2014-08-11 16:30:04.697889838 +0100
+@@ -3360,8 +3360,18 @@ get_file(cupsd_client_t *con,		/* I  - C
+ 
+   if (!status && !(filestats->st_mode & S_IROTH))
+   {
+-    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+-    return (NULL);
++   /*
++    * The exception is for cupsd.conf and log files for
++    * authenticated access.
++    */
++
++    if ((strcmp(con->uri, "/admin/conf/cupsd.conf") &&
++	 strncmp(con->uri, "/admin/log/", 11)) ||
++	cupsdIsAuthorized(con, NULL) != HTTP_OK)
++    {
++      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
++      return (NULL);
++    }
+   }
+ 
+  /*
diff --git a/cups.spec b/cups.spec
index a0b5127..a52042a 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@@ -65,6 +65,7 @@ Patch36: cups-web-devices-timeout.patch
 Patch37: cups-final-content-type.patch
 Patch38: cups-journal.patch
 Patch39: cups-synconclose.patch
+Patch40: cups-str4461.patch
 
 Patch100: cups-lspp.patch
 
@@ -252,6 +253,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch38 -p1 -b .journal
 # Set the default for SyncOnClose to Yes.
 %patch39 -p1 -b .synconclose
+# Fix conf/log file reading for authenticated users (STR #4461).
+%patch40 -p1 -b .str4461
 
 %if %lspp
 # LSPP support.
@@ -640,6 +643,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Mon Aug 11 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-2
+- Fix conf/log file reading for authenticated users (STR #4461).
+
 * Fri Aug 01 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.5-1
 - 1.7.5

More information about the scm-commits mailing list