[Pkg-cups-devel] Bug#640901: cups: web interface uses hardwired base URL
Gabor Kiss
kissg at ssg.ki.iif.hu
Thu Sep 8 11:39:24 UTC 2011
Package: cups
Version: 1.4.4-7
Severity: normal
Tags: upstream
CUPS is installed on host 'foo'.
My desktop is 'bar'.
I don't want passwords travel on network in plaintext so
I start an ssh tunnel from bar to foo's IPP port:
bar$ ssh -L 9631:localhost:631 foo
Then I enter "http://localhost:9631" in my browser.
Cookies and JavaScript is temporary allowed for this "host".
Browser stores session cookie.
Everythink seems to be okay but links related jobs
point to "http://foo:631/blahblahblah" instead of
"http://localhost:9631/blahblahblah".
Click "Show All Jobs" button of some printers and check page source.
You can see that job ID-s have absolute URL behind while
any other links use relative URLs as well as form actions.
So following job links all my security settings get broken.
Gabor
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages cups depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii bc 1.06.95-2 The GNU bc arbitrary precision cal
ii cups-client 1.4.4-7 Common UNIX Printing System(tm) -
ii cups-common 1.4.4-7 Common UNIX Printing System(tm) -
ii cups-ppdc 1.4.4-7 Common UNIX Printing System(tm) -
ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy
ii ghostscript 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library
ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcups2 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupscgi1 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupsdriver1 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupsimage2 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupsmime1 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupsppdc1 1.4.4-7 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst
ii libgcc1 1:4.4.5-8 GCC support library
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze1 MIT Kerberos runtime libraries - k
ii libijs-0.35 0.35-7 IJS raster image transport protoco
ii libkrb5-3 1.8.3+dfsg-4squeeze1 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libpaper1 1.1.24 library for handling paper charact
ii libpoppler5 0.12.4-1.2 PDF rendering library
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libusb-0.1-4 2:0.1.12-16 userspace USB programming library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii poppler-utils 0.12.4-1.2 PDF utilitites (based on libpopple
ii procps 1:3.2.8-9 /proc file system utilities
ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL
ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages cups recommends:
ii cups-driver-gutenprint 5.2.6-1 printer drivers for CUPS
ii foomatic-filters 4.0.5-6 OpenPrinting printer support - fil
ii ghostscript-cups 8.71~dfsg2-9 The GPL Ghostscript PostScript/PDF
Versions of packages cups suggests:
ii cups-bsd 1.4.4-7 Common UNIX Printing System(tm) -
pn cups-pdf <none> (no description available)
ii foomatic-db 20100630-1 OpenPrinting printer support - dat
ii hplip 3.10.6-2 HP Linux Printing and Imaging Syst
ii smbclient 2:3.5.6~dfsg-3squeeze5 command-line SMB/CIFS clients for
ii udev 164-3 /dev/ and hotplug management daemo
pn xpdf-korean | xpd <none> (no description available)
-- Configuration Files:
/etc/cups/cupsd.conf changed [not included]
-- debconf information excluded
More information about the Pkg-cups-devel
mailing list