Bug 481303 - cupsd.conf directive "Satisfy Any" broken when upgrading from CUPS v1.2.4 to CUPS v1.3.7
Summary: cupsd.conf directive "Satisfy Any" broken when upgrading from CUPS v1.2.4 to ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cups
Version: 5.3
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Tim Waugh
QA Contact: desktop-bugs@redhat.com
URL:
Whiteboard:
: 497620 (view as bug list)
Depends On:
Blocks: 5.4, TechnicalNotes
TreeView+ depends on / blocked
 
Reported: 2009-01-23 14:37 UTC by Eskil Brun
Modified: 2015-06-23 08:41 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The CUPS configuration file directive "Satisfy Any" was not correctly implemented, causing access to be restricted in situations where it should not have been.
Clone Of:
Environment:
Last Closed: 2009-09-02 11:25:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
cups-str2782.patch (623 bytes, patch)
2009-01-23 15:11 UTC, Tim Waugh 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
CUPS Bugs and Features 2782 0 None None None Never
Red Hat Product Errata RHBA-2009:1360 0 normal SHIPPED_LIVE cups bug fix update 2009-09-01 10:55:27 UTC

Description Eskil Brun 2009-01-23 14:37:37 UTC 
Description of problem:

When upgrading from version 1.2.4 to 1.3.7 of CUPS, the
"Satisfy Any" directive in cupsd.conf was broken.

How reproducible: Very

We used to use something like this until the update:

<Location />
  # Restrict access to the server...
  Satisfy Any
  Order Allow, Deny
  Allow from 127.0.0.1
  Allow from a.b.c.0/24
  Allow from d.e.f.0/24
  AuthType Basic
</Location>

Which would allow clients with addresses a.b.c.nnn and d.e.f.nnn
to print jobs without authenticating. All others would have to
authenticate in order to print jobs.

This was broken in the upgrade to RHEL5.3 and CUPS version 1.3.7

This following web page pretty much sums up the problem and points to a
patch (str2782.patch) to fix the "Satisfy Any" directive.

  https://bugs.launchpad.net/ubuntu/+source/cupsys/+bug/247687

At our site we have now disabled printing from laptops to our CUPS server
over IPP. We wait for a fix that will restore the functionality we had
with RHEL5.2 and CUPS 1.2.4

Eskil...
:-)
Comment 1 Tim Waugh 2009-01-23 15:11:54 UTC 
Created attachment 329844 [details]
cups-str2782.patch
Comment 2 Tim Waugh 2009-01-23 15:13:39 UTC 
Thanks for reporting this, and apologies for not catching it before RHEL-5.3 was released.
Comment 9 RHEL Program Management 2009-01-28 18:01:12 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 12 Tim Waugh 2009-02-02 17:11:56 UTC 
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
The CUPS configuration file directive "Satisfy Any" was not correctly implemented, causing access to be restricted in situations where it should not have been.
Comment 13 Eskil Brun 2009-03-30 12:32:50 UTC 
As far as I can see, there still has been no updates to the CUPS software
and we still cannot print from our sites laptops to our IPP server
because of this.

Must I apply the patches myself?

This is somewhat dissapointing.

Eskil...
:-)
Comment 14 Phil Knirsch 2009-03-30 12:40:59 UTC 
The fix will be included in RHEL-5.4.

Thanks & regards, Phil
Comment 15 Tim Waugh 2009-04-27 12:05:29 UTC 
*** Bug 497620 has been marked as a duplicate of this bug. ***
Comment 20 errata-xmlrpc 2009-09-02 11:25:27 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1360.html
Note You need to log in before you can comment on or make changes to this bug.