diff --git a/.cups-pk-helper.metadata b/.cups-pk-helper.metadata new file mode 100644 index 0000000..38b7805 --- /dev/null +++ b/.cups-pk-helper.metadata @@ -0,0 +1 @@ +36c6e132eda3dc41d8f53e88e493adb013a4da74 SOURCES/cups-pk-helper-0.2.4.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Be-stricter-when-validating-printer-names.patch b/SOURCES/0001-Be-stricter-when-validating-printer-names.patch new file mode 100644 index 0000000..0a6ba60 --- /dev/null +++ b/SOURCES/0001-Be-stricter-when-validating-printer-names.patch @@ -0,0 +1,54 @@ +From 7bf9cbe43ef8f648f308e4760f75c2aa6b61fa8e Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Tue, 27 Mar 2012 17:47:07 +0200 +Subject: [PATCH] Be stricter when validating printer names + +Only alphanumerical characters and the underscore are valid, and the +name must not be longer than 127 characters. See +http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1 +--- + src/cups.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/cups.c b/src/cups.c +index 332abbe..1b2562b 100644 +--- a/src/cups.c ++++ b/src/cups.c +@@ -287,23 +287,25 @@ _cph_cups_is_printer_name_valid_internal (const char *name) + int i; + int len; + ++ /* Quoting http://www.cups.org/documentation.php/doc-1.1/sam.html#4_1: ++ * ++ * The printer name must start with any printable character except ++ * " ", "/", and "@". It can contain up to 127 letters, numbers, and ++ * the underscore (_). ++ * ++ * The first part is a bit weird, as the second part is more ++ * restrictive. So we only consider the second part. */ ++ + /* no empty string */ + if (!name || name[0] == '\0') + return FALSE; + + len = strlen (name); +- /* no string that is too long; see comment at the beginning of the +- * validation code block */ +- if (len > CPH_STR_MAXLEN) ++ if (len > 127) + return FALSE; + +- /* only printable characters, no space, no /, no # */ + for (i = 0; i < len; i++) { +- if (!g_ascii_isprint (name[i])) +- return FALSE; +- if (g_ascii_isspace (name[i])) +- return FALSE; +- if (name[i] == '/' || name[i] == '#') ++ if (!g_ascii_isalnum (name[i]) && name[i] != '_') + return FALSE; + } + +-- +1.7.12.1 + diff --git a/SOURCES/polkit_result.patch b/SOURCES/polkit_result.patch new file mode 100644 index 0000000..b2a0ac2 --- /dev/null +++ b/SOURCES/polkit_result.patch @@ -0,0 +1,11 @@ +--- cups-pk-helper-0.1.3/src/cups-pk-helper-mechanism.c 2011-09-02 11:30:26.000000000 +0200 ++++ cups-pk-helper-0.1.3/src/cups-pk-helper-mechanism.c 2011-09-02 11:31:34.000000000 +0200 +@@ -291,7 +291,7 @@ _check_polkit_for_action_internal (CphMe + return FALSE; + } + +- if (!polkit_authorization_result_get_is_authorized (pk_result)) { ++ if (pk_result == NULL || !polkit_authorization_result_get_is_authorized (pk_result)) { + g_set_error (error, + CPH_MECHANISM_ERROR, + CPH_MECHANISM_ERROR_NOT_PRIVILEGED, diff --git a/SPECS/cups-pk-helper.spec b/SPECS/cups-pk-helper.spec new file mode 100644 index 0000000..9ef0f2c --- /dev/null +++ b/SPECS/cups-pk-helper.spec @@ -0,0 +1,193 @@ +Name: cups-pk-helper +Version: 0.2.4 +Release: 2%{?dist} +Summary: A helper that makes system-config-printer use PolicyKit + +Group: System Environment/Base +License: GPLv2+ +URL: http://www.vuntz.net/download/cups-pk-helper/ +Source0: http://cgit.freedesktop.org/cups-pk-helper/snapshot/cups-pk-helper-%{version}.tar.bz2 + +Patch0: polkit_result.patch +Patch1: 0001-Be-stricter-when-validating-printer-names.patch + +BuildRequires: libtool >= 1.4.3 +BuildRequires: cups-devel >= 1.2 +BuildRequires: python-devel >= 2.4 +BuildRequires: glib2-devel >= 2.29.8 +BuildRequires: gtk2-devel >= 2.12.0 +BuildRequires: dbus-glib-devel >= 0.74 +BuildRequires: polkit-devel >= 0.97 +BuildRequires: polkit-gnome >= 0.97 +BuildRequires: intltool >= 0.40.6 +BuildRequires: gettext-devel >= 0.17 +BuildRequires: gnome-common >= 2.26 +BuildRequires: autoconf automake libtool + +Requires: python >= 2.4 +Requires: cups-libs >= 1.2 +Requires: dbus >= 1.2 +Requires: dbus-glib >= 0.74 +Requires: glib2 >= 2.29.8 + + +%description +cups-pk-helper is an application which makes cups configuration +interfaces available under control of PolicyKit. + +%prep +%setup -q + +%patch0 -p1 -b .polkit-result +%patch1 -p1 -R -b .strict-names + + +%build +# grr, tarball without configure +./autogen.sh + +%configure +make %{?_smp_mflags} + + +%install +make install DESTDIR=$RPM_BUILD_ROOT + + +%find_lang %{name} + +%files -f %{name}.lang +%defattr(-,root,root,-) +%{_libexecdir}/cups-pk-helper-mechanism +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.opensuse.CupsPkHelper.Mechanism.conf +%{_datadir}/dbus-1/system-services/org.opensuse.CupsPkHelper.Mechanism.service +%{_datadir}/polkit-1/actions/org.opensuse.cupspkhelper.mechanism.policy +%doc AUTHORS COPYING NEWS + + + +%changelog +* Wed Feb 13 2013 Fedora Release Engineering - 0.2.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Oct 17 2012 Marek Kasik - 0.2.4-1 +- Update to 0.2.4 +- Resolves CVE-2012-4510 +- Revert stricter validation of printer names + +* Wed Jul 18 2012 Fedora Release Engineering - 0.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Mar 22 2012 Marek Kasik - 0.2.2-1 +- Update to 0.2.2 +- Remove upstreamed patches + +* Fri Jan 13 2012 Fedora Release Engineering - 0.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 22 2011 Marek Kasik - 0.2.1-2 +- Fix configure.ac + +* Tue Nov 22 2011 Marek Kasik - 0.2.1-1 +- Update to 0.2.1 +- Remove upstreamed patches +- Actualize Requires + +* Thu Oct 27 2011 Marek Kasik - 0.1.3-3 +- Set requesting-user-name for IPP_GET_JOB_ATTRIBUTES +- Resolves: #743886 + +* Fri Sep 2 2011 Marek Kasik - 0.1.3-2 +- Make ppd-name parameter optional +- Readd patch for allowing authentication for any and inactive users +- Readd patch for check of result of polkit authorization check +- Resolves: #724959 + +* Fri Aug 5 2011 Marek Kasik - 0.1.3-1 +- Update to 0.1.3 +- Fix #724959 + +* Wed Mar 23 2011 Marek Kasik - 0.1.2-1 +- Update to 0.1.2 + +* Thu Mar 10 2011 Matthias Clasen - 0.1.1-1 +- Update to 0.1.1 +- Drop accumulated upstreamed patches + +* Tue Feb 08 2011 Fedora Release Engineering - 0.0.4-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Mar 22 2010 Marek Kasik - 0.0.4-13 +- Add JobCancelPurge method +- Related: #548756 + +* Tue Feb 23 2010 Marek Kasik - 0.0.4-12 +- Avoid timeout on job-related methods for invalid jobs +- Make sure to return an error via dbus in case of failure +- Remove a small leak +- Resolves: #548790 + +* Tue Feb 23 2010 Marek Kasik - 0.0.4-11 +- Make cph_cups_job_get_status() efficient +- Resolves: #548771 + +* Tue Feb 23 2010 Marek Kasik - 0.0.4-10 +- Fix adding of printers without specification of ppd-name. +- Patch by Tim Waugh. +- Resolves: #545452 + +* Tue Feb 23 2010 Marek Kasik - 0.0.4-9 +- Allow inactive users and any user to authenticate +- Resolves: #543085 + +* Wed Sep 30 2009 Marek Kasik - 0.0.4-8 +- Fix adding of printers without specification of device-uri. +- Patch by Tim Waugh. +- Resolves: #526442 + +* Tue Aug 18 2009 Marek Kasik - 0.0.4-7 +- Fix policies to check when editing a job. + +* Tue Aug 18 2009 Marek Kasik - 0.0.4-6 +- Check result of polkit_authority_check_authorization_sync() for NULL. + +* Thu Aug 13 2009 Marek Kasik - 0.0.4-5 +- Add parameters to DevicesGet method. + +* Fri Jul 24 2009 Fedora Release Engineering - 0.0.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 16 2009 Marek Kasik - 0.0.4-3 +- Add devices_get() function. + +* Thu Jun 18 2009 Marek Kasik - 0.0.4-2 +- Update to polkit-1 + +* Tue Mar 31 2009 Marek Kasik - 0.0.4-1 +- Update to 0.0.4 + +* Fri Feb 27 2009 Marek Kasik - 0.0.3-6 +- Replace job-cancel, job-restart and job-set-hold-until with job-edit +- Replace job-cancel-another-owner, job-restart-another-owner + and job-set-hold-until-another-owner with job-not-owned-edit +- Add cph_cups_job_get_status() function + some minor changes + +* Tue Feb 24 2009 Fedora Release Engineering - 0.0.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 13 2009 Marek Kasik 0.0.3-4 +- Add ability to reconnect to CUPS server after its reload + (caused by cupsAdminSetServerSettings() or cupsPutFile()) + +* Tue Jan 28 2009 Marek Kasik 0.0.3-3 +- Add functions for handling jobs (JobRestart, JobCancel, JobSetHoldUntil) + +* Tue Jan 26 2009 Marek Kasik 0.0.3-2 +- Add handling of file:/ protocol +- Change order of checked policies so the PolicyKit asks only for + "printer-enable" policy when enabling/disabling a printer +- Change order of checked policies so the PolicyKit asks only for + "printer-set-default" policy when setting default printer + +* Tue Jan 13 2009 Marek Kasik 0.0.3-1 +- Initial spec file.