~ubuntu-branches/ubuntu/precise/cups/precise-security

Viewing changes to man/cupsd.conf.man.in

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-12-03 09:05:49 UTC
mfrom: (97.1.4 precise-proposed)
Revision ID: package-import@ubuntu.com-20121203090549-z6f07kt2atlpxjpa

Tags: 1.5.3-0ubuntu5.1

* SECURITY UPDATE: privilege escalation via config file editing
  - debian/patches/CVE-2012-5519.patch: split configuration file into
    two, to isolate options that have a security impact.
  - debian/cups.install: also install cups-files.conf
  - debian/patches/removecvstag.patch: updated to remove tag from
    cups-files.conf.
  - CVE-2012-5519
* debian/control: remove libtiff5-dev alternate build-depends so this
  package can build in a schroot.
* NOTE: this package does _not_ include the changes from 1.5.3-0ubuntu5
  in precise-proposed.

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/CVE-2012-5519.patch

.pc/CVE-2012-5519.patch/conf

.pc/CVE-2012-5519.patch/conf/Makefile

.pc/CVE-2012-5519.patch/conf/cups-files.conf.in

.pc/CVE-2012-5519.patch/config-scripts

.pc/CVE-2012-5519.patch/config-scripts/cups-defaults.m4

.pc/CVE-2012-5519.patch/config-scripts/cups-ssl.m4

.pc/CVE-2012-5519.patch/configure.in

.pc/CVE-2012-5519.patch/doc

.pc/CVE-2012-5519.patch/doc/help

.pc/CVE-2012-5519.patch/doc/help/ref-cups-files-conf.html.in

.pc/CVE-2012-5519.patch/doc/help/ref-cupsd-conf.html.in

.pc/CVE-2012-5519.patch/man

.pc/CVE-2012-5519.patch/man/Makefile

.pc/CVE-2012-5519.patch/man/cups-files.conf.man.in

.pc/CVE-2012-5519.patch/man/cupsd.conf.man.in

.pc/CVE-2012-5519.patch/packaging

.pc/CVE-2012-5519.patch/packaging/cups.list.in

.pc/CVE-2012-5519.patch/packaging/cups.spec.in

.pc/CVE-2012-5519.patch/scheduler

.pc/CVE-2012-5519.patch/scheduler/client.c

.pc/CVE-2012-5519.patch/scheduler/conf.c

.pc/CVE-2012-5519.patch/scheduler/conf.h

.pc/CVE-2012-5519.patch/scheduler/main.c

.pc/CVE-2012-5519.patch/test

.pc/CVE-2012-5519.patch/test/run-stp-tests.sh

.pc/add-ipp-backend-of-cups-1.4.patch

.pc/add-ipp-backend-of-cups-1.4.patch/backend

.pc/add-ipp-backend-of-cups-1.4.patch/backend/Makefile

.pc/add-ipp-backend-of-cups-1.4.patch/backend/ipp14.c

.pc/install-sh-remove-bashism.patch

.pc/install-sh-remove-bashism.patch/install-sh

.pc/usb-backend-busy-loop-fix.patch

.pc/usb-backend-busy-loop-fix.patch/backend

.pc/usb-backend-busy-loop-fix.patch/backend/usb-libusb.c

.pc/usb-backend-detach-usblp-earlier-crash-guards.patch

.pc/usb-backend-detach-usblp-earlier-crash-guards.patch/backend

.pc/usb-backend-detach-usblp-earlier-crash-guards.patch/backend/usb-libusb.c

.pc/usb-backend-further-enhancements.patch

.pc/usb-backend-further-enhancements.patch/backend

.pc/usb-backend-further-enhancements.patch/backend/usb-libusb.c

.pc/usb-backend-initialize-usblp-attached-state.patch

.pc/usb-backend-initialize-usblp-attached-state.patch/backend

.pc/usb-backend-initialize-usblp-attached-state.patch/backend/usb-libusb.c

.pc/usb-backend-reset-after-job-only-for-specific-devices.patch

.pc/usb-backend-reset-after-job-only-for-specific-devices.patch/backend

.pc/usb-backend-reset-after-job-only-for-specific-devices.patch/backend/usb-libusb.c

backend/ipp14.c

conf/cups-files.conf.in

cups/libcups2.rc

debian/patches/CVE-2012-5519.patch

debian/patches/add-ipp-backend-of-cups-1.4.patch

debian/patches/install-sh-remove-bashism.patch

debian/patches/usb-backend-busy-loop-fix.patch

debian/patches/usb-backend-detach-usblp-earlier-crash-guards.patch

debian/patches/usb-backend-further-enhancements.patch

debian/patches/usb-backend-initialize-usblp-attached-state.patch

debian/patches/usb-backend-reset-after-job-only-for-specific-devices.patch

doc/help/ref-cups-files-conf.html.in

man/cups-files.conf.man.in

files removed:
.pc/add-status-reports-for-full-waste-trays-and-cleaner-unit-eol.patch

.pc/add-status-reports-for-full-waste-trays-and-cleaner-unit-eol.patch/backend

.pc/add-status-reports-for-full-waste-trays-and-cleaner-unit-eol.patch/backend/snmp-supplies.c

.pc/commandtops-make-robust-against-broken-postscript.patch

.pc/commandtops-make-robust-against-broken-postscript.patch/filter

.pc/commandtops-make-robust-against-broken-postscript.patch/filter/commandtops.c

.pc/cups-polld-reconnect.patch

.pc/cups-polld-reconnect.patch/scheduler

.pc/cups-polld-reconnect.patch/scheduler/cups-polld.c

.pc/do-not-suppress-inputslot-setting-with-empty-ap-d-inputslot.patch

.pc/do-not-suppress-inputslot-setting-with-empty-ap-d-inputslot.patch/cups

.pc/do-not-suppress-inputslot-setting-with-empty-ap-d-inputslot.patch/cups/mark.c

.pc/fix-empty-translations.patch

.pc/fix-empty-translations.patch/cups

.pc/fix-empty-translations.patch/cups/language.c

.pc/fix-status-reports-when-supply-levels-grow.patch

.pc/fix-status-reports-when-supply-levels-grow.patch/backend

.pc/fix-status-reports-when-supply-levels-grow.patch/backend/snmp-supplies.c

.pc/fix-supply-level-computation-for-percent-supply-unit.patch

.pc/fix-supply-level-computation-for-percent-supply-unit.patch/backend

.pc/fix-supply-level-computation-for-percent-supply-unit.patch/backend/backend-private.h

.pc/fix-supply-level-computation-for-percent-supply-unit.patch/backend/snmp-supplies.c

.pc/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch

.pc/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch/backend

.pc/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch/backend/backend-private.h

.pc/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch/backend/snmp-supplies.c

.pc/ipp-fixes-1.5.3.patch

.pc/ipp-fixes-1.5.3.patch/backend

.pc/ipp-fixes-1.5.3.patch/backend/ipp.c

.pc/ipp-fixes-1.5.3.patch/cups

.pc/ipp-fixes-1.5.3.patch/cups/auth.c

.pc/ipp-fixes-1.5.3.patch/cups/http-support.c

.pc/ipp-fixes-1.5.3.patch/cups/http.c

.pc/ipp-fixes-1.5.3.patch/cups/ppd-cache.c

.pc/ipp-fixes-1.5.3.patch/cups/ppd-private.h

.pc/ipp-fixes-1.5.3.patch/cups/pwg-media.c

.pc/ipp-fixes-1.5.3.patch/cups/pwg-private.h

.pc/match-marker-colorants-which-use-non-standard-string.patch

.pc/match-marker-colorants-which-use-non-standard-string.patch/backend

.pc/match-marker-colorants-which-use-non-standard-string.patch/backend/snmp-supplies.c

.pc/ppd-cache-fix-crash.patch

.pc/ppd-cache-fix-crash.patch/cups

.pc/ppd-cache-fix-crash.patch/cups/ppd-cache.c

.pc/truncate-marker-supply-names-at-comma.patch

.pc/truncate-marker-supply-names-at-comma.patch/backend

.pc/truncate-marker-supply-names-at-comma.patch/backend/snmp-supplies.c

.pc/usb-backend-backchannel-support.patch

.pc/usb-backend-backchannel-support.patch/backend

.pc/usb-backend-backchannel-support.patch/backend/usb-libusb.c

.pc/usb-backend-libusb-1.0.patch

.pc/usb-backend-libusb-1.0.patch/Makedefs.in

.pc/usb-backend-libusb-1.0.patch/backend

.pc/usb-backend-libusb-1.0.patch/backend/Makefile

.pc/usb-backend-libusb-1.0.patch/backend/usb-libusb.c

.pc/usb-backend-libusb-1.0.patch/config-scripts

.pc/usb-backend-libusb-1.0.patch/config-scripts/cups-common.m4

debian/patches/add-status-reports-for-full-waste-trays-and-cleaner-unit-eol.patch

debian/patches/commandtops-make-robust-against-broken-postscript.patch

debian/patches/cups-polld-reconnect.patch

debian/patches/do-not-suppress-inputslot-setting-with-empty-ap-d-inputslot.patch

debian/patches/fix-empty-translations.patch

debian/patches/fix-status-reports-when-supply-levels-grow.patch

debian/patches/fix-supply-level-computation-for-percent-supply-unit.patch

debian/patches/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch

debian/patches/ipp-fixes-1.5.3.patch

debian/patches/match-marker-colorants-which-use-non-standard-string.patch

debian/patches/ppd-cache-fix-crash.patch

debian/patches/truncate-marker-supply-names-at-comma.patch

debian/patches/usb-backend-backchannel-support.patch

debian/patches/usb-backend-libusb-1.0.patch

files modified:
.pc/airprint-support.patch/scheduler/dirsvc.c

.pc/applied-patches

.pc/colord-support.patch/scheduler/ipp.c

.pc/colord-support.patch/scheduler/printers.c

.pc/cups-avahi.patch/backend/dnssd.c

.pc/cups-avahi.patch/config.h.in

.pc/cups-avahi.patch/cups/http-support.c

.pc/cups-avahi.patch/scheduler/client.c

.pc/cups-avahi.patch/scheduler/dirsvc.c

.pc/cups-avahi.patch/scheduler/ipp.c

.pc/cups-avahi.patch/scheduler/printers.c

.pc/dnssd-reg-array-linear-search.patch/scheduler/dirsvc.c

.pc/do-not-broadcast-with-hostnames.patch/scheduler/client.c

.pc/drop_unnecessary_dependencies.patch/Makedefs.in

.pc/no-conffile-timestamp.patch/scheduler/dirsvc.c

.pc/no-conffile-timestamp.patch/scheduler/job.c

.pc/no-conffile-timestamp.patch/scheduler/printers.c

.pc/no-conffile-timestamp.patch/scheduler/subscriptions.c

.pc/pidfile.patch/test/run-stp-tests.sh

.pc/ppd-poll-with-client-conf.patch/cups/util.c

.pc/printer-filtering.patch/cups/ipp.c

.pc/reactivate_recommended_driver.patch/scheduler/cups-driverd.cxx

.pc/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch/scheduler/ipp.c

.pc/rootbackends-worldreadable.patch/backend/Makefile

.pc/rootbackends-worldreadable.patch/scheduler/job.c

.pc/show-compile-command-lines.patch/Makedefs.in

.pc/tests-ignore-usb-crash.patch/test/run-stp-tests.sh

.pc/tests-ignore-warnings.patch/test/run-stp-tests.sh

CHANGES.txt

INSTALL.txt

Makedefs.in

README.txt

backend/Dependencies

backend/Makefile

backend/backend-private.h

backend/dnssd.c

backend/ipp.c

backend/lpd.c

backend/runloop.c

backend/snmp-supplies.c

backend/usb-libusb.c

backend/usb.c

berkeley/Dependencies

berkeley/lpc.c

cgi-bin/Dependencies

cgi-bin/help.c

cgi-bin/var.c

conf/Makefile

config-scripts/cups-common.m4

config-scripts/cups-defaults.m4

config-scripts/cups-image.m4

config-scripts/cups-ssl.m4

config.h.in

configure

configure.in

cups/Dependencies

cups/auth.c

cups/cups.h

cups/debug-private.h

cups/debug.c

cups/dest.c

cups/globals.c

cups/http-support.c

cups/http.c

cups/ipp.c

cups/language.c

cups/localize.c

cups/mark.c

cups/ppd-cache.c

cups/ppd-private.h

cups/pwg-media.c

cups/pwg-private.h

cups/testconflicts.c

cups/thread-private.h

cups/thread.c

cups/util.c

debian/changelog

debian/control

debian/cups.config

debian/cups.install

debian/cups.lintian-overrides

debian/cups.postinst

debian/cups.postrm

debian/cups.preinst

debian/cups.prerm

debian/cups.templates

debian/patches/airprint-support.patch

debian/patches/colord-support.patch

debian/patches/cups-avahi.patch

debian/patches/drop_unnecessary_dependencies.patch

debian/patches/no-conffile-timestamp.patch

debian/patches/ppd-poll-with-client-conf.patch

debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch

debian/patches/removecvstag.patch

debian/patches/series

debian/patches/show-compile-command-lines.patch

doc/help/ref-cupsd-conf.html.in

driver/Dependencies

filter/Dependencies

install-sh

locale/Dependencies

locale/Makefile

locale/cups.header

locale/cups.pot

locale/cups.strings

locale/cups_da.po

locale/cups_de.po

locale/cups_es.po

locale/cups_eu.po

locale/cups_fi.po

locale/cups_fr.po

locale/cups_hu.po

locale/cups_id.po

locale/cups_it.po

locale/cups_ja.po

locale/cups_ko.po

locale/cups_nl.po

locale/cups_no.po

locale/cups_pl.po

locale/cups_pt.po

locale/cups_pt_BR.po

locale/cups_ru.po

locale/cups_sv.po

locale/cups_zh.po

locale/cups_zh_TW.po

locale/po2strings.c

man/Makefile

man/cupsd.conf.man.in

monitor/Dependencies

notifier/Dependencies

notifier/rss.c

packaging/cups.list.in

packaging/cups.spec

packaging/cups.spec.in

ppdc/Dependencies

ppdc/ppdc-file.cxx

ppdc/ppdc-source.cxx

ppdc/ppdc.h

scheduler/Dependencies

scheduler/cert.c

scheduler/client.c

scheduler/conf.c

scheduler/conf.h

scheduler/cups-driverd.cxx

scheduler/cups-lpd.c

scheduler/cups-polld.c

scheduler/dirsvc.c

scheduler/ipp.c

scheduler/job.c

scheduler/main.c

scheduler/network.c

scheduler/printers.c

scheduler/subscriptions.c

scheduler/sysman.c

scripting/php/Dependencies

systemv/Dependencies

systemv/cupstestppd.c

templates/help-header.tmpl

test/Dependencies

test/Makefile

test/get-jobs.test

test/print-job.test

test/run-stp-tests.sh

Show diffs side-by-side

added added

removed removed

man/cupsd.conf.man.in

cupsd.conf \- server configuration file for cups

.SH DESCRIPTION

The \fIcupsd.conf\fR file configures the CUPS scheduler, \fIcupsd(8)\fR. It

is normally located in the \fI@CUPS_SERVERROOT@\fR directory.

is normally located in the \fI@CUPS_SERVERROOT@\fR directory. \fBNote:\fR

File, directory, and user configuration directives that used to be allowed in

the \fIcupsd.conf\fR file are now stored in the \fIcups-files.conf(5)\fR instead

in order to prevent certain types of privilege escalation attacks.

.LP

Each line in the file can be a configuration directive, a blank line,

or a comment. Comment lines start with the # character. The

The following directives are understood by \fIcupsd(8)\fR. Consult the

on-line help for detailed descriptions:

.TP 5

AccessLog filename

.TP 5

AccessLog syslog

.br

Defines the access log filename.

.TP 5

AccessLogLevel config

.TP 5

AccessLogLevel actions

.br

Allows access from the named hosts or addresses.

.TP 5

AuthClass User

.TP 5

AuthClass Group

.TP 5

AuthClass System

.br

Specifies the authentication class (User, Group, System) -

\fBthis directive is deprecated\fR.

.TP 5

AuthGroupName group-name

.br

Specifies the authentication group - \fBthis directive is

deprecated\fR.

.TP 5

AuthType None

.TP 5

AuthType Basic

220

203

.TP 5

221

204

Browsing No

222

205

.br

223

Specifies whether or not remote printer browsing should be enabled.

206

Specifies whether or not shared printers should be advertised.

224

207

.TP 5

225

208

Classification banner

226

209

.br

233

216

Specifies whether to allow users to override the classification

234

217

of individual print jobs.

235

218

.TP 5

236

ConfigFilePerm mode

237

.br

238

Specifies the permissions for all configuration files that the scheduler

239

writes.

240

.TP 5

241

DataDir path

242

.br

243

Specified the directory where data files can be found.

244

.TP 5

245

219

DefaultAuthType Basic

246

220

.TP 5

247

221

DefaultAuthType BasicDigest

309

283

causes the update to happen as soon as possible, typically within a few

310

284

milliseconds.

311

285

.TP 5

312

DocumentRoot directory

313

.br

314

Specifies the root directory for the internal web server documents.

315

.TP 5

316

286

Encryption IfRequested

317

287

.TP 5

318

288

Encryption Never

322

292

Specifies the level of encryption that is required for a particular

323

293

location.

324

294

.TP 5

325

ErrorLog filename

326

.TP 5

327

ErrorLog syslog

328

.br

329

Specifies the error log filename.

330

.TP 5

331

FatalErrors none

332

.TP 5

333

FatalErrors all -kind [... -kind]

334

.TP 5

335

FatalErrors kind [... kind]

336

.br

337

Specifies which errors are fatal, causing the scheduler to exit. "Kind" is

338

"browse", "config", "listen", "log", or "permissions".

339

.TP 5

340

FileDevice Yes

341

.TP 5

342

FileDevice No

343

.br

344

Specifies whether the file pseudo-device can be used for new

345

printer queues.

346

.TP 5

347

295

FilterLimit limit

348

296

.br

349

297

Specifies the maximum cost of filters that are run concurrently.

353

301

Specifies the scheduling priority ("nice" value) of filters that

354

302

are run to print a job.

355

303

.TP 5

356

FontPath directory[:directory:...]

357

.br

358

Specifies the search path for fonts.

359

.TP 5

360

Group group-name-or-number

361

.br

362

Specifies the group name or ID that will be used when executing

363

external programs.

364

.TP 5

365

304

HideImplicitMembers Yes

366

305

.TP 5

367

306

HideImplicitMembers No

469

408

Specifies the number of debugging messages that are logged when an error

470

409

occurs in a print job.

471

410

.TP 5

472

LogFilePerm mode

473

.br

474

Specifies the permissions for all log files that the scheduler writes.

475

.TP 5

476

411

LogLevel alert

477

412

.TP 5

478

413

LogLevel crit

546

481

.br

547

482

Specifies the order of HTTP access control (allow,deny or deny,allow)

548

483

.TP 5

549

PageLog filename

550

.TP 5

551

PageLog syslog

552

.br

553

Specifies the page log filename.

554

.TP 5

555

484

PageLogFormat format string

556

485

.br

557

486

Specifies the format of page log lines.

581

510

Specifies whether or not to preserve the job history after they are

582

511

printed.

583

512

.TP 5

584

Printcap

585

.TP 5

586

Printcap filename

587

.br

588

Specifies the filename for a printcap file that is updated

589

automatically with a list of available printers (needed for

590

legacy applications); specifying Printcap with no filename

591

disables printcap generation.

592

.TP 5

593

513

PrintcapFormat bsd

594

514

.TP 5

595

515

PrintcapFormat plist

598

518

.br

599

519

Specifies the format of the printcap file.

600

520

.TP 5

601

PrintcapGUI

602

.TP 5

603

PrintcapGUI gui-program-filename

604

.br

605

Specifies whether to generate option panel definition files on

606

some operating systems. When provided with no program filename,

607

disables option panel definition files.

608

.TP 5

609

521

ReloadTimeout seconds

610

522

.br

611

523

Specifies the amount of time to wait for job completion before

612

524

restarting the scheduler.

613

525

.TP 5

614

RemoteRoot user-name

615

.br

616

Specifies the username that is associated with unauthenticated root

617

accesses.

618

.TP 5

619

RequestRoot directory

620

.br

621

Specifies the directory to store print jobs and other HTTP request

622

data.

623

.TP 5

624

526

Require group group-name-list

625

527

.TP 5

626

528

Require user user-name-list

652

554

Specifies an alternate name that the server is known by. The special name "*"

653

555

allows any name to be used.

654

556

.TP 5

655

ServerBin directory

656

.br

657

Specifies the directory where backends, CGIs, daemons, and filters may

658

be found.

659

.TP 5

660

ServerCertificate filename

661

.br

662

Specifies the encryption certificate to use.

663

.TP 5

664

ServerKey filename

665

.br

666

Specifies the encryption key to use.

667

.TP 5

668

557

ServerName hostname-or-ip-address

669

558

.br

670

559

Specifies the fully-qualified hostname of the server.

671

560

.TP 5

672

ServerRoot directory

673

.br

674

Specifies the directory where the server configuration files can be found.

675

.TP 5

676

561

ServerTokens Full

677

562

.TP 5

678

563

ServerTokens Major

729

614

"notify-events", "notify-pull-method", "notify-recipient-uri",

730

615

"notify-subscriber-user-name", and "notify-user-data".

731

616

.TP 5

732

SystemGroup group-name [group-name ...]

733

.br

734

Specifies the group(s) to use for System class authentication.

735

.TP 5

736

TempDir directory

737

.br

738

Specifies the directory where temporary files are stored.

739

.TP 5

740

617

Timeout seconds

741

618

.br

742

619

Specifies the HTTP request timeout in seconds.

743

620

.TP 5

744

User user-name

745

.br

746

Specifies the user name or ID that is used when running external programs.

747

.TP 5

748

621

WebInterface yes

749

622

.TP 5

750

623

WebInterface no

751

624

Specifies whether the web interface is enabled.

752

625

.SH SEE ALSO

753

\fIclasses.conf(5)\fR, \fIcupsd(8)\fR, \fImime.convs(5)\fR,

754

\fImime.types(5)\fR, \fIprinters.conf(5)\fR,

626

\fIclasses.conf(5)\fR, \fIcups-files.conf(5)\fR, \fIcupsd(8)\fR,

627

\fImime.convs(5)\fR, \fImime.types(5)\fR, \fIprinters.conf(5)\fR,

755

628

\fIsubscriptions.conf(5)\fR,

756

629

.br

757

630

http://localhost:631/help

Older »