Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:branches:openSUSE:Factory:Rings:1-MinimalX
cups
cups-2.4.2-additional_policies.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cups-2.4.2-additional_policies.patch of Package cups
--- conf/cupsd.conf.in.CVE-2023-32360.patched 2023-09-20 13:39:53.316719260 +0200 +++ conf/cupsd.conf.in 2023-09-20 13:46:48.474661749 +0200 @@ -196,3 +196,45 @@ IdleExitTimeout @EXIT_TIMEOUT@ Order deny,allow </Limit> </Policy> + +# The policy below is added by SUSE during build of our cups package. +# The policy 'allowallforanybody' is totally open and insecure and therefore +# it can only be used within an internal network where only trused users exist +# and where the cupsd is not accessible at all from any external host, see +# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings +# Have in mind that any user who is allowed to do printer admin tasks +# can change the print queues as he likes - e.g. send copies of confidental +# print jobs from an internal network to any external destination, see +# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell +# For documentation regarding 'Managing Operation Policies' see +# https://openprinting.github.io/cups/doc/policies.html +<Policy allowallforanybody> + # Allow anybody to access job's private values: + JobPrivateAccess all + # Make none of the job values to be private: + JobPrivateValues none + # Allow anybody to access subscription's private values: + SubscriptionPrivateAccess all + # Make none of the subscription values to be private: + SubscriptionPrivateValues none + # Allow anybody to do all IPP operations: + # Currently the IPP operations Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document + # must be additionally exlicitly specified because those IPP operations are not included + # in the "All" wildcard value - otherwise cupsd prints error messages of the form + # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found." + <Limit Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document> + Order deny,allow + Allow from all + </Limit> + # Since CUPS > 1.5.4 the "All" wildcard value must be specified separately, + # otherwise clients like "lpstat -p" just hang up, + # see https://bugzilla.opensuse.org/show_bug.cgi?id=936309 + # and https://www.cups.org/str.php?L4659 + <Limit All> + Order deny,allow + Allow from all + </Limit> +</Policy> +# Explicitly set the CUPS 'default' policy to be used by default: +DefaultPolicy default +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor