[cups/f19] Use upstream patch for STR #4461.

Tue Aug 26 14:41:17 UTC 2014

commit 89ffcf3c458aa59077a4f22e7fd32b29b188a5e4
Author: Tim Waugh <twaugh at redhat.com>
Date:   Tue Aug 26 14:58:54 2014 +0100

    Use upstream patch for STR #4461.
    
    (cherry picked from commit d10ba264865bb0b7fd944f11cddb450eba74f69c)
    
    Conflicts:
    	cups-str4461.patch
    	cups.spec

 cups-str4461.patch |  109 +++++++++++++++++++++++++++++++++++++++++++---------
 cups.spec          |    5 ++-
 2 files changed, 95 insertions(+), 19 deletions(-)
---

diff --git a/cups-str4461.patch b/cups-str4461.patch
index 409ba29..ab4fab8 100644
--- a/cups-str4461.patch
+++ b/cups-str4461.patch
@@ -1,24 +1,97 @@
 diff -up cups-1.6.4/scheduler/client.c.str4461 cups-1.6.4/scheduler/client.c
---- cups-1.6.4/scheduler/client.c.str4461	2014-08-14 13:37:14.618887315 +0100
-+++ cups-1.6.4/scheduler/client.c	2014-08-14 13:37:14.620887326 +0100
-@@ -3235,8 +3235,18 @@ get_file(cupsd_client_t *con,		/* I  - C
+--- cups-1.6.4/scheduler/client.c.str4461	2014-08-26 15:07:32.750999443 +0100
++++ cups-1.6.4/scheduler/client.c	2014-08-26 15:07:37.319022923 +0100
+@@ -3138,6 +3138,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+   char		*ptr;			/* Pointer info filename */
+   int		plen;			/* Remaining length after pointer */
+   char		language[7];		/* Language subdirectory, if any */
++  int		perm_check = 1;		/* Do permissions check? */
  
-   if (!status && !(filestats->st_mode & S_IROTH))
+ 
+  /*
+@@ -3147,17 +3148,27 @@ get_file(cupsd_client_t *con,		/* I  - C
+   language[0] = '\0';
+ 
+   if (!strncmp(con->uri, "/ppd/", 5) && !strchr(con->uri + 5, '/'))
++  {
+     snprintf(filename, len, "%s%s", ServerRoot, con->uri);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/icons/", 7) && !strchr(con->uri + 7, '/'))
    {
--    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
--    return (NULL);
-+   /*
-+    * The exception is for cupsd.conf and log files for
-+    * authenticated access.
-+    */
+     snprintf(filename, len, "%s/%s", CacheDir, con->uri + 7);
+     if (access(filename, F_OK) < 0)
+       snprintf(filename, len, "%s/images/generic.png", DocumentRoot);
 +
-+    if ((strcmp(con->uri, "/admin/conf/cupsd.conf") &&
-+	 strncmp(con->uri, "/admin/log/", 11)) ||
-+	cupsdIsAuthorized(con, NULL) != HTTP_OK)
-+    {
-+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
-+      return (NULL);
-+    }
++    perm_check = 0;
    }
+   else if (!strncmp(con->uri, "/rss/", 5) && !strchr(con->uri + 5, '/'))
+     snprintf(filename, len, "%s/rss/%s", CacheDir, con->uri + 5);
+-  else if (!strncmp(con->uri, "/admin/conf/", 12))
+-    snprintf(filename, len, "%s%s", ServerRoot, con->uri + 11);
++  else if (!strcmp(con->uri, "/admin/conf/cupsd.conf"))
++  {
++    strlcpy(filename, ConfigurationFile, len);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/admin/log/", 11))
+   {
+     if (!strncmp(con->uri + 11, "access_log", 10) && AccessLog[0] == '/')
+@@ -3168,6 +3179,8 @@ get_file(cupsd_client_t *con,		/* I  - C
+       strlcpy(filename, PageLog, len);
+     else
+       return (NULL);
++
++    perm_check = 0;
+   }
+   else if (con->language)
+   {
+@@ -3233,7 +3246,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+   * not allow access...
+   */
+ 
+-  if (!status && !(filestats->st_mode & S_IROTH))
++  if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+   {
+     cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+     return (NULL);
+@@ -3341,7 +3354,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+     * not allow access...
+     */
+ 
+-    if (!status && !(filestats->st_mode & S_IROTH))
++    if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+     {
+       cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+       return (NULL);
+diff -up cups-1.6.4/scheduler/ipp.c.str4461 cups-1.6.4/scheduler/ipp.c
+--- cups-1.6.4/scheduler/ipp.c.str4461	2014-08-26 15:07:32.560998466 +0100
++++ cups-1.6.4/scheduler/ipp.c	2014-08-26 15:07:37.321022934 +0100
+@@ -2831,7 +2831,6 @@ add_printer(cupsd_client_t  *con,	/* I -
+ 
+       cupsdLogMessage(CUPSD_LOG_DEBUG,
+ 		      "Copied PPD file successfully");
+-      chmod(dstfile, 0644);
+     }
+   }
+ 
+@@ -4726,7 +4725,7 @@ copy_model(cupsd_client_t *con,		/* I -
+   * Open the destination file for a copy...
+   */
+ 
+-  if ((dst = cupsFileOpen(to, "wb")) == NULL)
++  if ((dst = cupsdCreateConfFile(to, ConfigFilePerm)) == NULL)
+   {
+     cupsFreeOptions(num_defaults, defaults);
+     cupsFileClose(src);
+@@ -4781,7 +4780,7 @@ copy_model(cupsd_client_t *con,		/* I -
+ 
+   unlink(tempfile);
+ 
+-  return (cupsFileClose(dst));
++  return (cupsdCloseCreatedConfFile(dst, to));
+ }
+ 
  
-  /*
diff --git a/cups.spec b/cups.spec
index b13c4d1..6d46b6b 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.6.4
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Url: http://www.cups.org/
@@ -686,6 +686,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Tue Aug 26 2014 Tim Waugh <twaugh at redhat.com> - 1:1.6.4-10
+- Use upstream patch for STR #4461.
+
 * Thu Aug 21 2014 Tim Waugh <twaugh at redhat.com> - 1:1.6.4-9
 - Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
 - Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
