On Thu, 21 Sep 2023 19:38:44 +0200 IOhannes m zmoelnig
<umlae...@debian.org> wrote:
> Package: cups-daemon
> Version: 2.4.2-6
> Followup-For: Bug #1052419
>
> Just as a follow-up: after double-checking my cupsd.conf file, I see
that
> the <Limit CUPS-Get-Document/> section is present multiple-times in
the
> document, once each in the "default", "authenticated" and "kerberos"
Policy
> section.
> I assume, that the patch needs to be applied to the "default"
policy, as for the
> other policies there is already an AuthType defined.
>
> is this correct?
> (the nature of a patch file does not make this obvious)
> this ought to be documented as well.
>
> And since i'm pretty sure that i've neve touched this file myself
(at least
> etckeeper shows that it was only ever changed while i installed
cups-daemon 1½
> years ago), i wonder why there was no dialog showing me the
differences between
> the files.
>
>
> cheers
It is confusing. Given that the vast majority of people don't touch
cupsd.conf, maybe the NEWS entry should say something like the
following?
"If you've never touched cupsd.conf and are unsure what to do, it's
probably safest to simply run the following commands:
sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf-bak; sudo cp
/usr/share/cups/cupsd.conf.default /etc/cups/cupsd.conf
In case printing stops working after making that change, you can
restore the old configuration file. However, note that restoring the
old config will reintroduce the security hole. Do the configuration
file restoration by running:
sudo mv /etc/cups/cupsd.conf-bak /etc/cups/cupsd.conf
"
Or even better, have a cups.postinst that checks /etc/cups/cupsd.conf's
md5sum == 758e3a2fb820f5cfb8aed788f2c8f353, and if so automatically
copy over that cupsd.conf.default config and restart cupsd. I just
checked two machines (sid and bookworm) and my untouched cupsd.conf
matches that checksum on both.
