Description of problem: When upgrading from version 1.2.4 to 1.3.7 of CUPS, the "Satisfy Any" directive in cupsd.conf was broken. How reproducible: Very We used to use something like this until the update: <Location /> # Restrict access to the server... Satisfy Any Order Allow, Deny Allow from 127.0.0.1 Allow from a.b.c.0/24 Allow from d.e.f.0/24 AuthType Basic </Location> Which would allow clients with addresses a.b.c.nnn and d.e.f.nnn to print jobs without authenticating. All others would have to authenticate in order to print jobs. This was broken in the upgrade to RHEL5.3 and CUPS version 1.3.7 This following web page pretty much sums up the problem and points to a patch (str2782.patch) to fix the "Satisfy Any" directive. https://bugs.launchpad.net/ubuntu/+source/cupsys/+bug/247687 At our site we have now disabled printing from laptops to our CUPS server over IPP. We wait for a fix that will restore the functionality we had with RHEL5.2 and CUPS 1.2.4 Eskil... :-)
Created attachment 329844 [details] cups-str2782.patch
Thanks for reporting this, and apologies for not catching it before RHEL-5.3 was released.
This bugzilla has Keywords: Regression. Since no regressions are allowed between releases, it is also being proposed as a blocker for this release. Please resolve ASAP.
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The CUPS configuration file directive "Satisfy Any" was not correctly implemented, causing access to be restricted in situations where it should not have been.
As far as I can see, there still has been no updates to the CUPS software and we still cannot print from our sites laptops to our IPP server because of this. Must I apply the patches myself? This is somewhat dissapointing. Eskil... :-)
The fix will be included in RHEL-5.4. Thanks & regards, Phil
*** Bug 497620 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1360.html