From d10ba264865bb0b7fd944f11cddb450eba74f69c Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Aug 26 2014 13:58:54 +0000
Subject: Use upstream patch for STR #4461.


---

diff --git a/cups-str4461.patch b/cups-str4461.patch
index 81121f5..44152c9 100644
--- a/cups-str4461.patch
+++ b/cups-str4461.patch
@@ -1,24 +1,97 @@
-diff -up cups-1.7.4/scheduler/client.c.str4461 cups-1.7.4/scheduler/client.c
---- cups-1.7.4/scheduler/client.c.str4461	2014-08-11 16:30:04.695889827 +0100
-+++ cups-1.7.4/scheduler/client.c	2014-08-11 16:30:04.697889838 +0100
-@@ -3360,8 +3360,18 @@ get_file(cupsd_client_t *con,		/* I  - C
+diff -up cups-1.7.5/scheduler/client.c.str4461 cups-1.7.5/scheduler/client.c
+--- cups-1.7.5/scheduler/client.c.str4461	2014-07-22 15:03:19.000000000 +0100
++++ cups-1.7.5/scheduler/client.c	2014-08-26 14:58:04.461055778 +0100
+@@ -3263,6 +3263,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+   char		*ptr;			/* Pointer info filename */
+   int		plen;			/* Remaining length after pointer */
+   char		language[7];		/* Language subdirectory, if any */
++  int		perm_check = 1;		/* Do permissions check? */
  
-   if (!status && !(filestats->st_mode & S_IROTH))
+ 
+  /*
+@@ -3272,17 +3273,27 @@ get_file(cupsd_client_t *con,		/* I  - C
+   language[0] = '\0';
+ 
+   if (!strncmp(con->uri, "/ppd/", 5) && !strchr(con->uri + 5, '/'))
++  {
+     snprintf(filename, len, "%s%s", ServerRoot, con->uri);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/icons/", 7) && !strchr(con->uri + 7, '/'))
    {
--    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
--    return (NULL);
-+   /*
-+    * The exception is for cupsd.conf and log files for
-+    * authenticated access.
-+    */
+     snprintf(filename, len, "%s/%s", CacheDir, con->uri + 7);
+     if (access(filename, F_OK) < 0)
+       snprintf(filename, len, "%s/images/generic.png", DocumentRoot);
 +
-+    if ((strcmp(con->uri, "/admin/conf/cupsd.conf") &&
-+	 strncmp(con->uri, "/admin/log/", 11)) ||
-+	cupsdIsAuthorized(con, NULL) != HTTP_OK)
-+    {
-+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
-+      return (NULL);
-+    }
++    perm_check = 0;
    }
+   else if (!strncmp(con->uri, "/rss/", 5) && !strchr(con->uri + 5, '/'))
+     snprintf(filename, len, "%s/rss/%s", CacheDir, con->uri + 5);
+-  else if (!strncmp(con->uri, "/admin/conf/", 12))
+-    snprintf(filename, len, "%s%s", ServerRoot, con->uri + 11);
++  else if (!strcmp(con->uri, "/admin/conf/cupsd.conf"))
++  {
++    strlcpy(filename, ConfigurationFile, len);
++
++    perm_check = 0;
++  }
+   else if (!strncmp(con->uri, "/admin/log/", 11))
+   {
+     if (!strncmp(con->uri + 11, "access_log", 10) && AccessLog[0] == '/')
+@@ -3293,6 +3304,8 @@ get_file(cupsd_client_t *con,		/* I  - C
+       strlcpy(filename, PageLog, len);
+     else
+       return (NULL);
++
++    perm_check = 0;
+   }
+   else if (con->language)
+   {
+@@ -3358,7 +3371,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+   * not allow access...
+   */
+ 
+-  if (!status && !(filestats->st_mode & S_IROTH))
++  if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+   {
+     cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+     return (NULL);
+@@ -3466,7 +3479,7 @@ get_file(cupsd_client_t *con,		/* I  - C
+     * not allow access...
+     */
+ 
+-    if (!status && !(filestats->st_mode & S_IROTH))
++    if (!status && perm_check && !(filestats->st_mode & S_IROTH))
+     {
+       cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+       return (NULL);
+diff -up cups-1.7.5/scheduler/ipp.c.str4461 cups-1.7.5/scheduler/ipp.c
+--- cups-1.7.5/scheduler/ipp.c.str4461	2014-08-26 14:57:56.387013559 +0100
++++ cups-1.7.5/scheduler/ipp.c	2014-08-26 14:58:04.467055810 +0100
+@@ -2743,7 +2743,6 @@ add_printer(cupsd_client_t  *con,	/* I -
+ 
+       cupsdLogMessage(CUPSD_LOG_DEBUG,
+ 		      "Copied PPD file successfully");
+-      chmod(dstfile, 0644);
+     }
+   }
+ 
+@@ -4650,7 +4649,7 @@ copy_model(cupsd_client_t *con,		/* I -
+   * Open the destination file for a copy...
+   */
+ 
+-  if ((dst = cupsFileOpen(to, "wb")) == NULL)
++  if ((dst = cupsdCreateConfFile(to, ConfigFilePerm)) == NULL)
+   {
+     cupsFreeOptions(num_defaults, defaults);
+     cupsFileClose(src);
+@@ -4705,7 +4704,7 @@ copy_model(cupsd_client_t *con,		/* I -
+ 
+   unlink(tempfile);
+ 
+-  return (cupsFileClose(dst));
++  return (cupsdCloseCreatedConfFile(dst, to));
+ }
+ 
  
-  /*
diff --git a/cups.spec b/cups.spec
index 0991033..2063920 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@@ -650,6 +650,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.5-4
+- Use upstream patch for STR #4461.
+
 * Wed Aug 20 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.5-3
 - Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
 - Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs