Mailinglist Archive: opensuse-packaging (144 mails)

< Previous Next >
Re: [opensuse-packaging] cups: upgrade from 1.4.x to version 1.5.0
  • From: Werner Flamme <werner.flamme@xxxxxx>
  • Date: Thu, 03 Nov 2011 16:38:07 +0100
  • Message-id: <4EB2B55F.4000304@ufz.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johannes Meixner [03.11.2011 14:38]:

Hello,

On Nov 3 12:12 Werner Flamme wrote (excerpt):
finally I found a real bug! And a workaround...

In /etc/cups/cupsd.conf, I have lines like:

ServerName printlpz1l.intranet.ufz.de ServerAlias printlpz1l
ServerAlias 141.65.124.19

Whenever I try to access
<https://printlpz1l.intranet.ufz.de:631>, I get "Bad Request".
But: I can access <https://printlpz1l:631> or
<https://141.65.124.19:631> without problems.

lpstat -h printlpz1l.intranet.ufz.de -a - -> error

lpstat -h printlpz1l - -> long list

Five minutes ago, I added

ServerAlias printlpz1l.intranet.ufz.de

to /etc/cups/cupsd.conf and voilĂ  - the host is accessible with
its FQDN. Via web as well as via lpstat.

Obviously, CUPS allows access to the ServerAlias only, and
refuses access to ServerName. In /var/log/cups/error_log I see
lines like

Request from "141.65.31.19" using invalid Host: field
"printlpz1l.intranet.ufz.de"

That's an interesting bug. They may have invested a lot of brain
power for that :-) BTW, The entry after ServerName is the "real"
hostname...

Yes, they invested a lot of brain power to protect you against DNS
rebinding attacks which unfortunately results in some cases that
you get "overprotected".

Is this really a new issue since CUPS 1.5.x (i.e. it worked with
1.4.6)?

Yes, it is. I did the update last week, and two hours later the Sun
Ray admin asked why he could not access the printers any longer. And
he discovered that it worked with the short name, but not with the
FQDN. Before the upgrade, the last version from the
Printing:SLE_11_SP1 repo was installed.

BTW, the machines that still run CUPS 1.4.x answer on ServerAlias as
well as on ServerName. Another BTW: cups-lpd worked well all the time,
even on CUPS 1.5.0 boxes :-> That's why we were able to print from our
SAP systems, I guess...

See for example the "cupsd no longer allows using cname (alias)
must use hostname" mail thread on cups@xxxxxxxxxx

The DNS entry is not a CNAME. This IP address is resolved directly,
and the PTR record works as well.

The host was installed with its IP Address and hostname, and neither
did change.

Why should it be that the FQDN works when used as a ServerAlias, but
not as ServerName? If the "real" hostname was different from the
ServerAlias entry, the ServerName requests should be honoured as well.
There might be a reason for the ServerName directive to exist, and a
reason to use it as well...


http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cupsd+no+longer+allows+using+cname%22


- -------------------------------------------------------------------------
From: Michael Sweet ...
-------------------------------------------------------------------------

Well,

we have one ServerName entry and several (3 to 12) ServerAlias
entries in cupsd.conf. The ServerName is always set to the name the
server is used with most often.But there was never a necessity to have
a ServerAlias saying the same name as ServerName - and the CUPS
servers went all through the 1.4.x releases.

or see the "cups server not responds by alias name since
cups-1.3.9" mail thread on cups@xxxxxxxxxx

http://www.cups.org/newsgroups.php?gcups.general+T+Q%22cups+server+not+responds+by+alias+name%22

This

can't be us, since everything worked at least with 1.4.6 :-\

If your particular issue is a different case, please report it on
cups@xxxxxxxxxx

I think it is *sigh*

Kind Regards Johannes Meixner

Thank you,
Werner

- --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6ytV8ACgkQk33Krq8b42MELACggzLuRLJA3R/A/Ptb+cLHkltG
7FAAn0VdgGR+JuKXjB14XL7aRb/YSRS3
=NcNp
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >