Replace the RedHat patch restoring the access to cupsd.conf and logfiles with Upstream's

6 files changed, 111 insertions, 39 deletions

diff --git a/debian/patches/color-management-extension.patch b/debian/patches/color-management-extension.patch
index c8be3b9e..9b49a4d9 100644
--- a/debian/patches/color-management-extension.patch
+++ b/debian/patches/color-management-extension.patch
@@ -327,7 +327,7 @@ Last-Update: 2014-08-29
    if ((attr = ippFindAttribute(con->request, "printer-is-shared",
                                 IPP_TAG_BOOLEAN)) != NULL)
    {
-@@ -4901,6 +4921,10 @@
+@@ -4900,6 +4920,10 @@
      ippAddBoolean(con->response, IPP_TAG_PRINTER, "printer-is-accepting-jobs",
                    printer->accepting);
  
@@ -338,7 +338,7 @@ Last-Update: 2014-08-29
    if (!ra || cupsArrayFind(ra, "printer-is-shared"))
      ippAddBoolean(con->response, IPP_TAG_PRINTER, "printer-is-shared",
                    printer->shared);
-@@ -4950,6 +4974,9 @@
+@@ -4949,6 +4973,9 @@
      if (!printer->accepting)
        type |= CUPS_PRINTER_REJECTING;
  
diff --git a/debian/patches/cups-restore-access-to-logfiles.patch b/debian/patches/cups-restore-access-to-logfiles.patch
deleted file mode 100644
index 0b73e398..00000000
--- a/debian/patches/cups-restore-access-to-logfiles.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Restore access to cupsd.conf and logfiles, fix regression
- introduced by STR: #4455
-Author: Tim Waugh <twaugh@redhat.com>
-Bug-Upstream: https://www.cups.org/str.php?L4461
-Bug-Debian: https://bugs.debian.org/757964
-Last-Update: 2014-08-12
---- a/scheduler/client.c
-+++ b/scheduler/client.c
-@@ -3360,8 +3360,18 @@
- 
-   if (!status && !(filestats->st_mode & S_IROTH))
-   {
--    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
--    return (NULL);
-+   /*
-+    * The exception is for cupsd.conf and log files for
-+    * authenticated access.
-+    */
-+
-+    if ((strncmp(con->uri, "/admin/conf/cupsd.conf", 22) &&
-+        strncmp(con->uri, "/admin/log/", 11)) ||
-+       cupsdIsAuthorized(con, NULL) != HTTP_OK)
-+    {
-+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
-+      return (NULL);
-+    }
-   }
- 
-  /*
diff --git a/debian/patches/cupsd-write-systemd-Port.patch b/debian/patches/cupsd-write-systemd-Port.patch
index 05d73395..8e9e5010 100644
--- a/debian/patches/cupsd-write-systemd-Port.patch
+++ b/debian/patches/cupsd-write-systemd-Port.patch
@@ -146,7 +146,7 @@ Last-Update: 2014-03-05
  	      */
  
  	      cupsdLogMessage(CUPSD_LOG_ERROR,
-@@ -3507,6 +3507,7 @@
+@@ -3510,6 +3510,7 @@
  		*out;			/* Output file */
    char		buffer[16384];		/* Copy buffer */
    ssize_t	bytes;			/* Number of bytes */
@@ -154,7 +154,7 @@ Last-Update: 2014-03-05
  
  
   /*
-@@ -3521,17 +3522,30 @@
+@@ -3524,17 +3525,30 @@
    }
  
   /*
@@ -187,7 +187,7 @@ Last-Update: 2014-03-05
  
   /*
    * Copy from the request to the new config file...
-@@ -3542,12 +3556,12 @@
+@@ -3545,12 +3559,12 @@
      {
        cupsdLogMessage(CUPSD_LOG_ERROR,
                        "Unable to copy to config file \"%s\": %s",
@@ -202,7 +202,7 @@ Last-Update: 2014-03-05
        cupsdUnlinkOrRemoveFile(filename);
  
        return (HTTP_SERVER_ERROR);
-@@ -3559,7 +3573,7 @@
+@@ -3562,7 +3576,7 @@
  
    cupsFileClose(in);
  
@@ -211,7 +211,7 @@ Last-Update: 2014-03-05
      return (HTTP_SERVER_ERROR);
  
   /*
-@@ -3573,8 +3587,15 @@
+@@ -3576,8 +3590,15 @@
    * Set the NeedReload flag...
    */
  
diff --git a/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch b/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch
index 518d896d..a58e274a 100644
--- a/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch
+++ b/debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch
@@ -11,7 +11,7 @@ Bug: https://www.cups.org/str.php?L4344
 
 --- a/scheduler/ipp.c
 +++ b/scheduler/ipp.c
-@@ -8270,6 +8270,11 @@
+@@ -8269,6 +8269,11 @@
    ipp_attribute_t	*attr,		/* Current attribute */
  			*attr2,		/* Job attribute */
  			*prev2;		/* Previous job attribute */
@@ -23,7 +23,7 @@ Bug: https://www.cups.org/str.php?L4344
  
  
   /*
-@@ -8331,6 +8336,85 @@
+@@ -8330,6 +8335,85 @@
    }
  
   /*
diff --git a/debian/patches/series b/debian/patches/series
index 7a792d0b..db9a75e8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 # patches accepted and committed upstream
+str4461-restore-access-to-logfiles.patch
 
 # patches sent upstream
 pwg-raster-attributes.patch
@@ -7,7 +8,6 @@ rootbackends-worldreadable.patch
 fixes-for-jobs-with-multiple-files-and-multiple-formats.patch
 cupsd-idleexittimeout.patch
 cups-no-gcrypt.patch
-cups-restore-access-to-logfiles.patch
 
 # patches which should go upstream
 color-management-extension.patch
diff --git a/debian/patches/str4461-restore-access-to-logfiles.patch b/debian/patches/str4461-restore-access-to-logfiles.patch
new file mode 100644
index 00000000..7aacabaa
--- /dev/null
+++ b/debian/patches/str4461-restore-access-to-logfiles.patch
@@ -0,0 +1,101 @@
+Description: Restore access to cupsd.conf and logfiles, fix regression
+ introduced by STR: #4455
+Author: Michael Sweet <msweet@apple.com>
+Bug-Upstream: https://www.cups.org/str.php?L4461
+Bug-Debian: https://bugs.debian.org/757964
+Last-Update: 2014-08-25
+--- a/scheduler/client.c
++++ b/scheduler/client.c
+@@ -3263,6 +3263,7 @@
+   char		*ptr;			/* Pointer info filename */
+   int		plen;			/* Remaining length after pointer */
+   char		language[7];		/* Language subdirectory, if any */
++  int		perm_check = 1;		/* Do permissions check? */
+ 
+ 
+  /*
+@@ -3272,17 +3273,27 @@
+   language[0] = '\0';
+ 
+   if (!strncmp(con->uri, "/ppd/", 5) && !strchr(con->uri + 5, '/'))
++  {
+     snprintf(filename, len, "%s%s", ServerRoot, con->uri);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/icons/", 7) && !strchr(con->uri + 7, '/'))
+   {
+     snprintf(filename, len, "%s/%s", CacheDir, con->uri + 7);
+     if (access(filename, F_OK) < 0)
+       snprintf(filename, len, "%s/images/generic.png", DocumentRoot);
++
++    perm_check = 0;
+   }
+   else if (!strncmp(con->uri, "/rss/", 5) && !strchr(con->uri + 5, '/'))
+     snprintf(filename, len, "%s/rss/%s", CacheDir, con->uri + 5);
+-  else if (!strncmp(con->uri, "/admin/conf/", 12))
+-    snprintf(filename, len, "%s%s", ServerRoot, con->uri + 11);
++  else if (!strcmp(con->uri, "/admin/conf/cupsd.conf"))
++  {
++    strlcpy(filename, ConfigurationFile, len);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/admin/log/", 11))
+   {
+     if (!strncmp(con->uri + 11, "access_log", 10) && AccessLog[0] == '/')
+@@ -3293,6 +3304,8 @@
+       strlcpy(filename, PageLog, len);
+     else
+       return (NULL);
++
++    perm_check = 0;
+   }
+   else if (con->language)
+   {
+@@ -3358,7 +3371,7 @@
+   * not allow access...
+   */
+ 
+-  if (!status && !(filestats->st_mode & S_IROTH))
++  if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+   {
+     cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+     return (NULL);
+@@ -3466,7 +3479,7 @@
+     * not allow access...
+     */
+ 
+-    if (!status && !(filestats->st_mode & S_IROTH))
++    if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+     {
+       cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+       return (NULL);
+--- a/scheduler/ipp.c
++++ b/scheduler/ipp.c
+@@ -2734,7 +2734,6 @@
+ 
+       cupsdLogMessage(CUPSD_LOG_DEBUG,
+ 		      "Copied PPD file successfully");
+-      chmod(dstfile, 0644);
+     }
+   }
+ 
+@@ -4641,7 +4640,7 @@
+   * Open the destination file for a copy...
+   */
+ 
+-  if ((dst = cupsFileOpen(to, "wb")) == NULL)
++  if ((dst = cupsdCreateConfFile(to, ConfigFilePerm)) == NULL)
+   {
+     cupsFreeOptions(num_defaults, defaults);
+     cupsFileClose(src);
+@@ -4696,7 +4695,7 @@
+ 
+   unlink(tempfile);
+ 
+-  return (cupsFileClose(dst));
++  return (cupsdCloseCreatedConfFile(dst, to));
+ }
+ 
+