1. 29 Aug, 2018 1 commit
  2. 12 Apr, 2018 1 commit
  3. 03 Feb, 2016 3 commits
  4. 28 Jan, 2016 1 commit
  5. 17 Dec, 2015 1 commit
  6. 12 Nov, 2015 1 commit
  7. 07 Jun, 2013 3 commits
  8. 01 Mar, 2013 2 commits
  9. 08 Feb, 2013 2 commits
  10. 10 Dec, 2012 2 commits
    • Vincent Untz's avatar
      Document our source for validating printer names · 810b0495
      Vincent Untz authored
      Since the change that got reverted was justified by some cups
      documentation, it's important to clearly document where the current
      validation scheme comes from (lpadmin man page and cups source).
      
      Also, fix the size check: the cups source code limits this to 127.
      810b0495
    • Vincent Untz's avatar
      Revert "Be stricter when validating printer names" · f00aee0b
      Vincent Untz authored
      Apparently, this is way too strict. The lpadmin man page says:
      
        CUPS allows printer names to contain any printable character except
        SPACE, TAB, "/", or  "#".
      
      So the previous code was (mostly) correct.
      
      This reverts commit 7bf9cbe4.
      f00aee0b
  11. 12 Oct, 2012 5 commits
  12. 10 Oct, 2012 2 commits
    • Vincent Untz's avatar
      Also change supplementary groups when changing effective uid/gid · a397b908
      Vincent Untz authored
      Thanks to Alexander Peslyak <solar@openwall.com> and Sebastian Krahmer
      <krahmer@suse.de> for catching this.
      
      Part of fix for CVE-2012-4510.
      a397b908
    • Vincent Untz's avatar
      Fix a bunch of issues when getting/putting a file from cups · 6995d308
      Vincent Untz authored
      There was basically no check for permissions. Now, we temporarily change
      our effective uid/gid to the one of the user to open the file for
      writing (when getting) or reading (when putting). We then only use
      operations that work on the file descriptor to avoid potential race
      conditions.
      
      Before that, people could:
       - overwrite any file with the content of a cups resource
       - put any file in a cups resource
      
      Part of fix for CVE-2012-4510.
      6995d308
  13. 04 Oct, 2012 1 commit
  14. 03 Oct, 2012 2 commits
  15. 02 Oct, 2012 1 commit
  16. 27 Mar, 2012 2 commits
  17. 16 Mar, 2012 3 commits
  18. 13 Mar, 2012 1 commit
  19. 02 Mar, 2012 6 commits