Andreas Radke pushed to branch main at Arch Linux / Packaging / Packages / cups
Commits:
b86e8dea by Thomas at 2025-05-20T18:18:19+02:00
Make guid.patch more robust
- - - - -
2 changed files:
- PKGBUILD
- guid.patch
Changes:
=====================================
PKGBUILD
=====================================
@@ -27,7 +27,7 @@
sha256sums=('b1dde191a4ae2760c47220c82ca6155a28c382701e6c1a0159d1054990231d59'
'5324bd933385713e0dfd0b20cf5f861d1401bdeb693c5be7edc3ca4404e78e2b'
'f0b15192952c151b1843742c87850ff3a7d0f3ba5dd236ed16623ef908472ad7'
'3385047b9ac8a7b13aeb8f0ca55d15f793ce7283516db0155fe28a67923c592d'
- '1b1c3268bdff6627b78070b6cd9abec6ef41572c27abbafccb237199f7137653')
+ '8becc2ad17787ef755fb77f83a87cf52f1a38154c5dde0f4a0051e06a0583fb9')
#validpgpkeys=('3737FD0D0E63B30172440D2DDBA3A7AB08D76223') # CUPS.org
(CUPS.org PGP key) <secur...@cups.org>
#validpgpkeys+=('45D083946E3035282B3CCA9AF434104235DA97EB') # "CUPS.org
<secur...@cups.org>"
#validpgpkeys+=('845464660B686AAB36540B6F999559A027815955') # "Michael R Sweet
<michael.r.sw...@gmail.com>"
=====================================
guid.patch
=====================================
@@ -1,40 +1,60 @@
---- cups-2.4.0/scheduler/cups-exec.c 2021-11-29 16:19:34.235186064 +0100
-+++ cups-2.4.0/scheduler/cups-exec.c.new 2021-11-29 16:25:30.764049649
+0100
-@@ -134,9 +134,15 @@ main(int argc, /* I - Number
of command-line args */
+--- cups-2.4.12/scheduler/cups-exec.c 2025-05-16 15:26:32.965993145 +0200
++++ cups-2.4.12/scheduler/cups-exec.c.new 2025-05-16 16:09:20.507974911
+0200
+@@ -20,6 +20,7 @@
+ #include <cups/file.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <pwd.h>
+ #include <grp.h>
+ #include <sys/stat.h>
+ #ifdef HAVE_SANDBOX_H
+@@ -133,10 +134,22 @@
+
# if CUPS_SNAP
if (setgroups(0, NULL))
++ exit(errno + 100);
# else
- if (setgroups(1, &gid))
--# endif /* CUPS_SNAP */
-+#include <pwd.h>
-+#include <grp.h>
-+ struct passwd * pwd = getpwuid(uid);
-+ if(initgroups(pwd->pw_name,pwd->pw_gid))
++ struct passwd *pwd = getpwuid(uid);
++ if (!pwd)
+ {
-+ fprintf(stderr, "DEBUG: initgroups failed\n");
- exit(errno + 100);
++ fprintf(stderr, "WARNING: getpwuid failed to find user %lu; permissions
of supplementary groups will not be applied\n", (unsigned long int)uid);
++ if (setgroups(1, &gid))
++ exit(errno + 100);
++ }
++ else if (initgroups(pwd->pw_name, pwd->pw_gid))
++ {
++ fprintf(stderr, "WARNING: initgroups failed; permissions of
supplementary groups will not be applied\n");
++ if (setgroups(1, &gid))
++ exit(errno + 100);
+ }
-+# endif /* CUPS_SNAP */
+ # endif /* CUPS_SNAP */
+- exit(errno + 100);
if (uid && setuid(uid))
exit(errno + 100);
---- cups-2.4.0/scheduler/util.c 2021-11-29 15:27:31.000000000 +0100
-+++ cups-2.4.0/scheduler/util.c.new 2021-11-29 16:29:58.810719066 +0100
-@@ -296,7 +296,17 @@
+--- cups-2.4.12/scheduler/util.c 2025-05-16 15:26:32.965936994 +0200
++++ cups-2.4.12/scheduler/util.c.new 2025-05-16 16:04:22.758834894 +0200
+@@ -16,6 +16,8 @@
+ #include <unistd.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
++#include <pwd.h>
++#include <grp.h>
+ #ifdef __APPLE__
+ # include <libgen.h>
+ extern char **environ;
+@@ -297,7 +299,14 @@
*/
if (!getuid() && user)
-- setuid(user); /* Run as restricted user */
+ {
-+#include <pwd.h>
-+#include <grp.h>
-+ struct passwd * pwd = getpwuid(user);
-+ if(initgroups(pwd->pw_name,pwd->pw_gid))
++ struct passwd *pwd = getpwuid(user);
++ if (pwd)
+ {
-+ fprintf(stderr, "DEBUG: initgroups failed\n");
-+ exit(errno + 100);
++ initgroups(pwd->pw_name, pwd->pw_gid);
+ }
-+ setuid(user); /* Run as restricted user */
+ setuid(user); /* Run as restricted user */
+ }
if ((fd = open("/dev/null", O_RDONLY)) > 0)
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/cups/-/commit/b86e8dea21e54bb1bd003b14ee823c924129c7c8
--
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/cups/-/commit/b86e8dea21e54bb1bd003b14ee823c924129c7c8
You're receiving this email because of your account on gitlab.archlinux.org.
