--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: authentication problems due to wrong filename in /etc/pam.d
- From: root <root@capitanata.ca.astro.it>
- Date: Wed, 23 May 2007 15:09:34 +0200 (CEST)
- Message-id: <Pine.LNX.4.64.0705231500050.11621@capitanata.ca.astro.it>
Package: cupsys
Version: 1.2.11-2
Severity: normal
--- Please enter the report below this line. ---
The cupsys package provides the file /etc/pam.d/cupsys, while the daemon
auxilliary program cups-check-pam-auth tries to open /etc/pam.d/cups and,
failing that (which is likely unless a custom file was created by the
user) it falls back to opening /etc/pam.d/other. In default installations
this goes unnoticed, since the default /etc/pam.d/other file is equivalent
to /etc/pam.d/cupsys, as far as authentication is concerned. But if the
/etc/pam.d/other was modified, authentication may have quite unexpected
results. This bug happened a couple of times already in past years, it was
reported (sometimes by me) and corrected, but alas it always finds a way
to resurface, probably because upstream uses /etc/pam.d/cups instead of
/etc/pam.d/cupsys and it's easy to overlook one change in pam library
calls. Wouldn't it be easier to just use /etc/pam.d/cups as in upstream
and forget it?
Thanks, bye
Giacomo Mulas
--- System information. ---
Architecture: amd64
Kernel: Linux 2.6.21-ck2-turion64-jak
Debian Release: lenny/sid
500 unstable www.debian-multimedia.org
500 unstable ftp.de.debian.org
500 stable tddft.org
--- Package information. ---
Depends (Version) | Installed
===============================-+-==============
libc6 (>= 2.5-5) | 2.5-8
libcupsimage2 (>= 1.2.5) | 1.2.11-2
libcupsys2 (>= 1.2.7) | 1.2.11-2
libdbus-1-3 (>= 0.94) | 1.0.2-5
libgnutls13 (>= 1.5.3-0) | 1.6.2-2
libldap2 (>= 2.1.17-1) | 2.1.30-13.4
libpam0g (>= 0.76) | 0.79-4
libpaper1 | 1.1.21
libslp1 | 1.2.1-6.2
zlib1g (>= 1:1.2.1) | 1:1.2.3-15
adduser (>= 3.12) | 3.102
debconf (>= 1.2.9) | 1.5.13
OR debconf-2.0 |
patch | 2.5.9-4
poppler-utils |
OR xpdf-utils | 3.02-1
perl-modules | 5.8.8-7
procps | 1:3.2.7-3
gs-esp | 8.15.3.dfsg.1-1
lsb-base (>= 3) | 3.1-23.1
cupsys-common | 1.2.11-2
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--- End Message ---
--- Begin Message ---
Source: cupsys
Source-Version: 1.2.12-2
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.2.12-2_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.2.12-2_i386.deb
cupsys-client_1.2.12-2_i386.deb
to pool/main/c/cupsys/cupsys-client_1.2.12-2_i386.deb
cupsys-common_1.2.12-2_all.deb
to pool/main/c/cupsys/cupsys-common_1.2.12-2_all.deb
cupsys-dbg_1.2.12-2_i386.deb
to pool/main/c/cupsys/cupsys-dbg_1.2.12-2_i386.deb
cupsys_1.2.12-2.diff.gz
to pool/main/c/cupsys/cupsys_1.2.12-2.diff.gz
cupsys_1.2.12-2.dsc
to pool/main/c/cupsys/cupsys_1.2.12-2.dsc
cupsys_1.2.12-2_i386.deb
to pool/main/c/cupsys/cupsys_1.2.12-2_i386.deb
libcupsimage2-dev_1.2.12-2_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.2.12-2_i386.deb
libcupsimage2_1.2.12-2_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.2.12-2_i386.deb
libcupsys2-dev_1.2.12-2_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.2.12-2_i386.deb
libcupsys2_1.2.12-2_i386.deb
to pool/main/c/cupsys/libcupsys2_1.2.12-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425701@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 06 Aug 2007 15:47:33 +0200
Source: cupsys
Binary: libcupsys2-dev cupsys libcupsys2 libcupsimage2 cupsys-common cupsys-client cupsys-dbg cupsys-bsd libcupsimage2-dev
Architecture: source i386 all
Version: 1.2.12-2
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
cupsys-common - Common UNIX Printing System(tm) - common files
cupsys-dbg - Common UNIX Printing System(tm) - debugging symbols
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
Closes: 193076 402370 415684 425701 426521
Changes:
cupsys (1.2.12-2) unstable; urgency=low
.
[ Kenshi Muto ]
* Added scripting directory to /usr/share/doc/cupsys/examples.
This directory contains the binding code from Java, Perl, and PHP
to CUPS. (closes: #193076)
Although we Debian CUPS team cannot afford to maintain them,
some of you may want them.
* Added 'Recommends: cupsys' to cupsys-bsd. (closes: #426521)
* Changed cupsys-client from 'Recommends: cupsys-bsd' to 'Suggests:
cupsys-bsd.' because cupsys-bsd isn't so necessary for cupsys-client.
* Fixed to use 'cupsys' instead of 'cups' for PAM on cups-check-pam-auth.
(though Debian CUPS doesn't use this daemon) (closes: #425701)
* Added debconf-2.0 to the dependency of cupsys-bsd. (closes: #415684)
.
[ Martin Pitt ]
* Drop the derooting changes. It still has some regressions, and with
upstream not even acknowledging the need for improving cupsys' security we
will sit on this forever. This will be replaced by an AppArmor/SELinux
profiles in the future.
- Drop derooting related patches:
06_disable_backend_setuid.dpatch
10_external_pam_helper.dpatch
09_runasuser.dpatch
09_runasuser_autoconf.dpatch
- debian/cupsys{,-client}.postinst: Drop the 'cupsys' user setup and file
permission juggling.
- debian/rules:
+ Drop --with-cups-user configure option.
+ Do not modify the upstream default backend permissions.
- debian/cupsys.init.d: Do not touch log file permissions any more.
- debian/cupsys.files: Drop cups-check-pam-auth.
- debian/NEWS: Drop description of derooting changes.
- debian/control: Drop adduser dependency.
* debian/patches/44_fixconfdirperms.dpatch: Do not create
/var/run/cups/certs as lp:lpadmin, but as root:lpadmin, so that cupsd
does not need CAP_DAC_OVERRIDE. This will make it possible to create a
sensible AppArmor/SELinux profile.
* debian/cupsys.preinst: Fix file permissions on upgrades (owner cupsys ->
root).
* debian/control, debian/rules: Remove references to libcupsys2-gnutls10,
since it's a transitional package in Etch and not relevant any more in
Lenny.
* debian/cupsys.{pre,post}inst: Remove obsolete transition bits.
* Remove obsolete debian/patches/05_avoidunknowngroup.dpatch.
* Use ssl-cert's "snakeoil" SSL certificate by default: (Closes: #402370)
- debian/control: Add ssl-cert dependency.
- debian/cupsys.postinst: Symlink snakeoil SSL certificate if present, and
there is none present yet.
* debian/control: Replace obsolete ${Source-Version} with ${binary:Version}.
.
[ Till Kamppeter ]
* Add debian/local/textonly.{ppd,filter}: Text-only printer driver from Red
Hat. Install it in debian/rules.
* debian/rules: Install the D-Bus config file so that CUPS reports
job progress to dbus clients (like sytem-config-printer).
* Add debian/local/oopstops.{.pl,types,convs}: Helge Bliscke's oopstops
filter to work around the bugs in the PostScript output of OpenOffice.org
(from http://www.srz.de/Members/bla/cups/filter/oopstops). Install them in
debian/rules.
Files:
bc465920c1a60e45cfe608f72e31c23a 1087 net optional cupsys_1.2.12-2.dsc
056b4baac9cb1a4fe1a929207f7ccbfe 97823 net optional cupsys_1.2.12-2.diff.gz
40551844936496d477033f4ad28b774c 936254 net optional cupsys-common_1.2.12-2_all.deb
fbd369741eb2db8af5db7d92e35a4b6c 167082 libs optional libcupsys2_1.2.12-2_i386.deb
e8f394073bd1c9a8e593c22c71dfa21a 93576 libs optional libcupsimage2_1.2.12-2_i386.deb
b5a249a7a094a27b0e81d4d3651d034e 1871846 net optional cupsys_1.2.12-2_i386.deb
92b05e1a6c215d5b5053e9cd93bda8f7 81578 net optional cupsys-client_1.2.12-2_i386.deb
89b0369788fc960fdba6dc811d363704 137754 libdevel optional libcupsys2-dev_1.2.12-2_i386.deb
72c2dbb59432f6cbebb0e5bcb11ea628 54884 libdevel optional libcupsimage2-dev_1.2.12-2_i386.deb
32d528d1a3fc246f7fa29a5cba94ea25 36804 net extra cupsys-bsd_1.2.12-2_i386.deb
939a108cfe31e97058bf0a01a2d83c42 991202 libdevel extra cupsys-dbg_1.2.12-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGtyrVDecnbV4Fd/IRAkpUAKDGSHFaqkBxadAKMcj5lIEZ1bNq5QCghJXy
Wba8U3PJRo2vZL+6ShS7+R8=
=ku2o
-----END PGP SIGNATURE-----
--- End Message ---