-CHANGES.txt - 1.7.1 - 2014-01-06
+CHANGES.txt - 1.7.1 - 2014-01-08
--------------------------------
CHANGES IN CUPS V1.7.1
scheduler (<rdar://problem/15382819>)
- The RPM spec file did not list the build requirements; this was on
purpose, but now we are listing the Red Hat package names
- (<rdar://problem/15375760>)
+ (<rdar://problem/15375760>, STR #4322)
- Printing to a raw queue could result in corrupt output due to
opportunistic compression (<rdar://problem/15008524>)
- The GNU TLS support code triggered many compiler warnings due to the
- lpq and lpstat did not list jobs in the correct order when priorities
were specified (STR #4326)
- The D-BUS notifier did not remove its lockfile (STR #4314)
+ - CUPS incorrectly used the USER environment variable when the name did
+ not match the user ID (STR #4327)
CHANGES IN CUPS V1.7.0
cups_expiredcerts = getenv("CUPS_EXPIREDCERTS");
if ((cups_user = getenv("CUPS_USER")) == NULL)
- cups_user = getenv("USER");
+ {
+ /*
+ * Try the USER environment variable...
+ */
+
+ if ((cups_user = getenv("USER")) != NULL)
+ {
+ /*
+ * Validate USER matches the current UID, otherwise don't allow it to
+ * override things... This makes sure that printing after doing su or
+ * sudo records the correct username.
+ */
+
+ struct passwd *pw; /* Account information */
+
+ if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
+ cups_user = NULL;
+ }
+ }
/*
* Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
projects / thirdparty / cups.git / commitdiff
