[Pkg-cups-devel] r149 - in cupsys/branches/cups-1.2/debian: .
patches
Martin Pitt
mpitt at costa.debian.org
Wed Apr 12 13:36:02 UTC 2006
Author: mpitt
Date: Wed Apr 12 13:36:00 2006
New Revision: 149
Added:
cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch
- copied, changed from r145, cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch
cupsys/branches/cups-1.2/debian/patches/09_runasuser_autoconf.dpatch (contents, props changed)
Removed:
cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch
Modified:
cupsys/branches/cups-1.2/debian/changelog
cupsys/branches/cups-1.2/debian/patches/00list
Log:
* debian/patches/09_runasuser_fixes.dpatch: RunAsUser was removed upstream;
rename the patch to 09_runasuser.dpatch and rewrite it:
- Enclose all changes in an #if CUPS_DROP_PRIVILEGES, so that it is easy to
enable this feature.
- scheduler/main.c: Drop privileges after initialization.
- scheduler/conf.c: If we build with CUPS_DROP_PRIVILEGES, set RunUser to
User instead of getuid(), since at that point we will always run as root
(privileges cannot yet be dropped at that point).
- config-scripts/cups-defaults.m4: Add --enable-privilege-dropping option.
- config.h.in: Add CUPS_DROP_PRIVILEGES option template.
* Add debian/patches/09_runasuser_autoconf.dpatch: autoconf changes for
09_runasuser_fixes.dpatch changes.
Modified: cupsys/branches/cups-1.2/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2/debian/changelog (original)
+++ cupsys/branches/cups-1.2/debian/changelog Wed Apr 12 13:36:00 2006
@@ -47,11 +47,21 @@
0660, which is inaccessible for a process which runs as lp:root).
* debian/rules: Remove --with-cups-user, upstream does not support
it any more.
- * debian/patches/09_runasuser_fixes.dpatch: Remove group handling bits,
- since RunAsUser was dropped upstream.
+ * debian/patches/09_runasuser_fixes.dpatch: RunAsUser was removed upstream;
+ rename the patch to 09_runasuser.dpatch and rewrite it:
+ - Enclose all changes in an #if CUPS_DROP_PRIVILEGES, so that it is easy to
+ enable this feature.
+ - scheduler/main.c: Drop privileges after initialization.
+ - scheduler/conf.c: If we build with CUPS_DROP_PRIVILEGES, set RunUser to
+ User instead of getuid(), since at that point we will always run as root
+ (privileges cannot yet be dropped at that point).
+ - config-scripts/cups-defaults.m4: Add --enable-privilege-dropping option.
+ - config.h.in: Add CUPS_DROP_PRIVILEGES option template.
+ * Add debian/patches/09_runasuser_autoconf.dpatch: autoconf changes for
+ 09_runasuser_fixes.dpatch changes.
* debian/pdftops: Fix reading from stdin (https://launchpad.net/bugs/17124)
- -- Martin Pitt <mpitt at debian.org> Wed, 12 Apr 2006 00:19:46 +0200
+ -- Martin Pitt <mpitt at debian.org> Wed, 12 Apr 2006 15:34:06 +0200
cupsys (1.1.99.b1.r4885-1) experimental; urgency=low
Modified: cupsys/branches/cups-1.2/debian/patches/00list
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/00list (original)
+++ cupsys/branches/cups-1.2/debian/patches/00list Wed Apr 12 13:36:00 2006
@@ -7,7 +7,8 @@
06_disable_backend_setuid.dpatch
07_removecvstag.dpatch
08_cupsd.conf.conf.d.dpatch
-09_runasuser_fixes.dpatch
+09_runasuser.dpatch
+09_runasuser_autoconf.dpatch
11_pam.dpatch
19_cupsaccept.dpatch
26_modprobe.dpatch
Copied: cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch (from r145, cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch)
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/09_runasuser_fixes.dpatch (original)
+++ cupsys/branches/cups-1.2/debian/patches/09_runasuser.dpatch Wed Apr 12 13:36:00 2006
@@ -1,14 +1,91 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
-## 09_runasuser_fixes.dpatch by <mpitt at debian.org>
+## 09_runasuser.dpatch by <mpitt at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
+diff -urNad cupsys~/config-scripts/cups-defaults.m4 cupsys/config-scripts/cups-defaults.m4
+--- cupsys~/config-scripts/cups-defaults.m4 2006-04-06 22:03:32.000000000 +0200
++++ cupsys/config-scripts/cups-defaults.m4 2006-04-12 15:09:38.000000000 +0200
+@@ -218,6 +218,17 @@
+ AC_DEFINE_UNQUOTED(CUPS_DEFAULT_GROUP, "$CUPS_GROUP")
+ AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SYSTEM_GROUPS, "$CUPS_SYSTEM_GROUPS")
+
++dnl Privilege dropping
++AC_ARG_ENABLE(privilege-dropping, [ --enable-privilege-dropping drop root privileges to normal user, default=no])
++if test "x$enable_privilege_dropping" = xyes; then
++ CUPS_DROP_PRIVILEGES=1
++ AC_DEFINE_UNQUOTED(CUPS_DROP_PRIVILEGES, 1)
++else
++ CUPS_DROP_PRIVILEGES=0
++ AC_DEFINE_UNQUOTED(CUPS_DROP_PRIVILEGES, 0)
++fi
++AC_SUBST(CUPS_DROP_PRIVILEGES)
++
+ dnl Default printcap file...
+ AC_ARG_WITH(printcap, [ --with-printcap set default printcap file],
+ default_printcap="$withval",
+diff -urNad cupsys~/config.h.in cupsys/config.h.in
+--- cupsys~/config.h.in 2006-04-06 22:03:32.000000000 +0200
++++ cupsys/config.h.in 2006-04-12 15:11:17.000000000 +0200
+@@ -41,6 +41,11 @@
+ #define CUPS_DEFAULT_GROUP "sys"
+ #define CUPS_DEFAULT_SYSTEM_GROUPS "sys root system"
+
++/*
++ * Privilege dropping
++ */
++
++#define CUPS_DROP_PRIVILEGES 0
+
+ /*
+ * Default file permissions...
+diff -urNad cupsys~/scheduler/conf.c cupsys/scheduler/conf.c
+--- cupsys~/scheduler/conf.c 2006-04-12 14:59:21.000000000 +0200
++++ cupsys/scheduler/conf.c 2006-04-12 15:11:38.000000000 +0200
+@@ -460,7 +460,11 @@
+ if (!status)
+ return (0);
+
++#if CUPS_DROP_PRIVILEGES == 1
++ RunUser = User;
++#else
+ RunUser = getuid();
++#endif
+
+ /*
+ * Use the default system group if none was supplied in cupsd.conf...
diff -urNad cupsys~/scheduler/main.c cupsys/scheduler/main.c
---- cupsys~/scheduler/main.c 2005-12-07 14:51:18.000000000 +0100
-+++ cupsys/scheduler/main.c 2005-12-07 15:00:24.000000000 +0100
-@@ -812,8 +813,7 @@
+--- cupsys~/scheduler/main.c 2006-04-12 14:59:21.000000000 +0200
++++ cupsys/scheduler/main.c 2006-04-12 15:11:27.000000000 +0200
+@@ -56,6 +56,9 @@
+ #include <sys/resource.h>
+ #include <syslog.h>
+ #include <grp.h>
++#if CUPS_DROP_PRIVILEGES == 1
++#include <pwd.h>
++#endif
+
+ #ifdef HAVE_LAUNCH_H
+ # include <launch.h>
+@@ -515,6 +518,15 @@
+ cupsdStartSystemMonitor();
+ #endif /* __APPLE__ */
+
++#if CUPS_DROP_PRIVILEGES == 1
++ /*
++ * Drop root privileges
++ */
++ setgid(Group);
++ initgroups(getpwuid(User)->pw_name, Group);
++ setuid(User);
++#endif
++
+ /*
+ * Start any pending print jobs...
+ */
+@@ -996,8 +1008,7 @@
* Update the root certificate once every 5 minutes...
*/
Added: cupsys/branches/cups-1.2/debian/patches/09_runasuser_autoconf.dpatch
==============================================================================
--- (empty file)
+++ cupsys/branches/cups-1.2/debian/patches/09_runasuser_autoconf.dpatch Wed Apr 12 13:36:00 2006
@@ -0,0 +1,54 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_autoconf.dpatch by <mpitt at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad cupsys~/configure cupsys/configure
+--- cupsys~/configure 2006-04-12 15:15:03.000000000 +0200
++++ cupsys/configure 2006-04-12 15:15:11.000000000 +0200
+@@ -309,7 +310,7 @@
+ #endif"
+
+ ac_default_prefix=/
+-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CUPS_VERSION CUPS_REVISION AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CXX CXXFLAGS ac_ct_CXX CPP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RANLIB ac_ct_RANLIB AR HTMLDOC LD LN MV RM RMDIR SED STRIP INSTALLSTATIC LIBMALLOC LIBPAPER EGREP ARFLAGS PKGCONFIG BACKLIBS CUPSDLIBS DBUSDIR DEFAULT_IPP_PORT INITDDIR INITDIR XINETD CUPS_CACHEDIR CUPS_DATADIR CUPS_DOCROOT CUPS_FONTPATH CUPS_LOCALEDIR CUPS_LOGDIR CUPS_REQUESTS CUPS_SERVERBIN INSTALL_SYSV CUPS_SERVERROOT CUPS_STATEDIR AMANDIR PMANDIR MAN1EXT MAN5EXT MAN7EXT MAN8EXT MAN8DIR DSO DSOFLAGS LIBCUPS LIBCUPSIMAGE LINKCUPS LINKCUPSIMAGE DSOLIBS IMGLIBS EXPORT_LDFLAGS LIBTOOL ARCHFLAGS OPTIM ARCH32FLAGS INSTALL32 LIB32CUPS LIB32CUPSIMAGE LIB32DIR UNINSTALL32 ARCH64FLAGS INSTALL64 LIB64CUPS LIB64CUPSIMAGE LIB64DIR UNINSTALL64 CXXLIBS IMGFILTERS LIBJPEG LIBPNG LIBTIFF LIBZ EXPORT_LIBJPEG EXPORT_LIBPNG EXPORT_LIBTIFF EXPORT_LIBZ CUPS_DEFAULT_DOMAINSOCKET CUPS_LISTEN_DOMAINSOCKET LIBSLP LIBLDAP SSLFLAGS SSLLIBS EXPORT_SSLLIBS PAMDIR PAMFILE PAMLIBS PAMMOD PTHREAD_FLAGS LARGEFILE DEFAULT_LAUNCHD_CONF LAUNCHDLIBS LANGUAGES CUPS_CONFIG_FILE_PERM CUPS_LOG_FILE_PERM CUPS_BROWSING CUPS_BROWSE_LOCAL_PROTOCOLS CUPS_BROWSE_REMOTE_PROTOCOLS CUPS_BROWSE_SHORT_NAMES CUPS_DEFAULT_SHARED CUPS_IMPLICIT_CLASSES CUPS_USE_NETWORK_DEFAULT CUPS_USER CUPS_GROUP CUPS_SYSTEM_GROUPS CUPS_PRIMARY_SYSTEM_GROUP PDFTOPS JAVA PERL PHP PHPCONFIG PHPDIR PYTHON LIBOBJS LTLIBOBJS'
++ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CUPS_VERSION CUPS_REVISION AWK CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CXX CXXFLAGS ac_ct_CXX CPP INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RANLIB ac_ct_RANLIB AR HTMLDOC LD LN MV RM RMDIR SED STRIP INSTALLSTATIC LIBMALLOC LIBPAPER EGREP ARFLAGS PKGCONFIG BACKLIBS CUPSDLIBS DBUSDIR DEFAULT_IPP_PORT INITDDIR INITDIR XINETD CUPS_CACHEDIR CUPS_DATADIR CUPS_DOCROOT CUPS_FONTPATH CUPS_LOCALEDIR CUPS_LOGDIR CUPS_REQUESTS CUPS_SERVERBIN INSTALL_SYSV CUPS_SERVERROOT CUPS_STATEDIR AMANDIR PMANDIR MAN1EXT MAN5EXT MAN7EXT MAN8EXT MAN8DIR DSO DSOFLAGS LIBCUPS LIBCUPSIMAGE LINKCUPS LINKCUPSIMAGE DSOLIBS IMGLIBS EXPORT_LDFLAGS LIBTOOL ARCHFLAGS OPTIM ARCH32FLAGS INSTALL32 LIB32CUPS LIB32CUPSIMAGE LIB32DIR UNINSTALL32 ARCH64FLAGS INSTALL64 LIB64CUPS LIB64CUPSIMAGE LIB64DIR UNINSTALL64 CXXLIBS IMGFILTERS LIBJPEG LIBPNG LIBTIFF LIBZ EXPORT_LIBJPEG EXPORT_LIBPNG EXPORT_LIBTIFF EXPORT_LIBZ CUPS_DEFAULT_DOMAINSOCKET CUPS_LISTEN_DOMAINSOCKET LIBSLP LIBLDAP SSLFLAGS SSLLIBS EXPORT_SSLLIBS PAMDIR PAMFILE PAMLIBS PAMMOD PTHREAD_FLAGS LARGEFILE DEFAULT_LAUNCHD_CONF LAUNCHDLIBS LANGUAGES CUPS_CONFIG_FILE_PERM CUPS_LOG_FILE_PERM CUPS_BROWSING CUPS_BROWSE_LOCAL_PROTOCOLS CUPS_BROWSE_REMOTE_PROTOCOLS CUPS_BROWSE_SHORT_NAMES CUPS_DEFAULT_SHARED CUPS_IMPLICIT_CLASSES CUPS_USE_NETWORK_DEFAULT CUPS_USER CUPS_GROUP CUPS_SYSTEM_GROUPS CUPS_PRIMARY_SYSTEM_GROUP CUPS_DROP_PRIVILEGES PDFTOPS JAVA PERL PHP PHPCONFIG PHPDIR PYTHON LIBOBJS LTLIBOBJS'
+ ac_subst_files=''
+
+ # Initialize some variables set by options.
+@@ -13273,6 +14238,26 @@
+ _ACEOF
+
+
++# Check whether --enable-privilege-dropping or --disable-privilege-dropping was given.
++if test "${enable_privilege_dropping+set}" = set; then
++ enableval="$enable_privilege_dropping"
++
++fi;
++if test "x$enable_privilege_dropping" = xyes; then
++ CUPS_DROP_PRIVILEGES=1
++ cat >>confdefs.h <<_ACEOF
++#define CUPS_DROP_PRIVILEGES 1
++_ACEOF
++
++else
++ CUPS_DROP_PRIVILEGES=0
++ cat >>confdefs.h <<_ACEOF
++#define CUPS_DROP_PRIVILEGES 0
++_ACEOF
++
++fi
++
++
+
+ # Check whether --with-printcap or --without-printcap was given.
+ if test "${with_printcap+set}" = set; then
+@@ -14388,6 +15374,7 @@
+ s, at CUPS_GROUP@,$CUPS_GROUP,;t t
+ s, at CUPS_SYSTEM_GROUPS@,$CUPS_SYSTEM_GROUPS,;t t
+ s, at CUPS_PRIMARY_SYSTEM_GROUP@,$CUPS_PRIMARY_SYSTEM_GROUP,;t t
++s, at CUPS_DROP_PRIVILEGES@,$CUPS_DROP_PRIVILEGES,;t t
+ s, at PDFTOPS@,$PDFTOPS,;t t
+ s, at JAVA@,$JAVA,;t t
+ s, at PERL@,$PERL,;t t
More information about the Pkg-cups-devel
mailing list