From 63b906b273dea45a60773d1d772ef4f4a750a3e9 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Jan 08 2014 16:31:16 +0000
Subject: Apply upstream patch to improve cupsUser() (STR #4327).


---

diff --git a/cups-str4327.patch b/cups-str4327.patch
new file mode 100644
index 0000000..f5cb51f
--- /dev/null
+++ b/cups-str4327.patch
@@ -0,0 +1,30 @@
+diff -up cups-1.7.0/cups/usersys.c.str4327 cups-1.7.0/cups/usersys.c
+--- cups-1.7.0/cups/usersys.c.str4327	2013-07-10 15:08:39.000000000 +0100
++++ cups-1.7.0/cups/usersys.c	2014-01-08 16:30:40.443026913 +0000
+@@ -875,7 +875,25 @@ _cupsSetDefaults(void)
+   cups_expiredcerts   = getenv("CUPS_EXPIREDCERTS");
+ 
+   if ((cups_user = getenv("CUPS_USER")) == NULL)
+-    cups_user = getenv("USER");
++  {
++   /*
++    * Try the USER environment variable...
++    */
++
++    if ((cups_user = getenv("USER")) != NULL)
++    {
++     /*
++      * Validate USER matches the current UID, otherwise don't allow it to
++      * override things...  This makes sure that printing after doing su or
++      * sudo records the correct username.
++      */
++
++      struct passwd	*pw;		/* Account information */
++
++      if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
++        cups_user = NULL;
++    }
++  }
+ 
+  /*
+   * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
diff --git a/cups.spec b/cups.spec
index 4951967..f476b11 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Url: http://www.cups.org/
@@ -31,6 +31,7 @@ Source8: macros.cups
 Patch1: cups-no-gzip-man.patch
 Patch2: cups-system-auth.patch
 Patch3: cups-multilib.patch
+Patch4: cups-str4327.patch
 Patch5: cups-banners.patch
 Patch6: cups-serverbin-compat.patch
 Patch7: cups-no-export-ssllibs.patch
@@ -192,6 +193,8 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 %patch2 -p1 -b .system-auth
 # Prevent multilib conflict in cups-config script.
 %patch3 -p1 -b .multilib
+# Apply upstream patch to improve cupsUser() (STR #4327).
+%patch4 -p1 -b .str4327
 # Ignore rpm save/new files in the banners directory.
 %patch5 -p1 -b .banners
 # Use compatibility fallback path for ServerBin.
@@ -658,6 +661,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Wed Jan  8 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-11
+- Apply upstream patch to improve cupsUser() (STR #4327).
+
 * Tue Jan  7 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-10
 - Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
 - Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).