nixpkgs/pkgs/misc/cups/use-initgroups.patch

diff -ru3 cups-2.0.0-old/scheduler/cups-exec.c cups-2.0.0/scheduler/cups-exec.c
--- cups-2.0.0-old/scheduler/cups-exec.c	2014-11-04 19:55:05.734768315 +0300
+++ cups-2.0.0/scheduler/cups-exec.c	2014-11-04 20:24:15.936670878 +0300
@@ -25,6 +25,7 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <grp.h>
+#include <pwd.h>
 #include <sys/stat.h>
 #ifdef HAVE_SANDBOX_H
 #  include <sandbox.h>
@@ -55,6 +56,7 @@
   uid_t		uid = getuid();		/* UID */
   gid_t		gid = getgid();		/* GID */
   int		niceval = 0;		/* Nice value */
+  struct passwd *pwd;                   /* User passwd entry */
 #ifdef HAVE_SANDBOX_H
   char		*sandbox_error = NULL;	/* Sandbox error, if any */
 #endif /* HAVE_SANDBOX_H */
@@ -135,7 +137,15 @@
     if (setgid(gid))
       exit(errno + 100);
 
-    if (setgroups(1, &gid))
+    if (uid)
+    {
+      if ((pwd = getpwuid(uid)) == NULL)
+        exit(errno + 100);
+
+      if (initgroups(pwd->pw_name, gid))
+        exit(errno + 100);
+    }
+    else if (setgroups(1, &gid))
       exit(errno + 100);
 
     if (uid && setuid(uid))
diff -ru3 cups-2.0.0-old/scheduler/process.c cups-2.0.0/scheduler/process.c
--- cups-2.0.0-old/scheduler/process.c	2014-11-04 19:55:05.736768298 +0300
+++ cups-2.0.0/scheduler/process.c	2014-11-04 20:23:55.001850057 +0300
@@ -19,6 +19,7 @@
 
 #include "cupsd.h"
 #include <grp.h>
+#include <pwd.h>
 #ifdef __APPLE__
 #  include <libgen.h>
 #endif /* __APPLE__ */
@@ -462,6 +463,7 @@
 		cups_exec[1024];	/* Path to "cups-exec" program */
   uid_t		user;			/* Command UID */
   cupsd_proc_t	*proc;			/* New process record */
+  struct passwd *pwd;                   /* User passwd entry */
 #ifdef HAVE_POSIX_SPAWN
   posix_spawn_file_actions_t actions;	/* Spawn file actions */
   posix_spawnattr_t attrs;		/* Spawn attributes */
@@ -716,13 +718,22 @@
       nice(FilterNice);
 
    /*
-    * Reset group membership to just the main one we belong to.
+    * Reset group membership to the main one we belong to with its 
+    * supplementary groups.
     */
 
     if (!RunUser && setgid(Group))
       exit(errno + 100);
 
-    if (!RunUser && setgroups(1, &Group))
+    if (!RunUser && user)
+    {
+      if ((pwd = getpwuid(user)) == NULL)
+        exit(errno + 100);
+
+      if (initgroups(pwd->pw_name, Group))
+        exit(errno + 100);
+    }
+    else if (!RunUser && setgroups(1, &Group))
       exit(errno + 100);
 
    /*
cups: update package 2014-11-05 05:32:41 +03:00			`diff -ru3 cups-2.0.0-old/scheduler/cups-exec.c cups-2.0.0/scheduler/cups-exec.c`
			`--- cups-2.0.0-old/scheduler/cups-exec.c 2014-11-04 19:55:05.734768315 +0300`
			`+++ cups-2.0.0/scheduler/cups-exec.c 2014-11-04 20:24:15.936670878 +0300`
			`@@ -25,6 +25,7 @@`
			`#include <unistd.h>`
			`#include <fcntl.h>`
			`#include <grp.h>`
			`+#include <pwd.h>`
			`#include <sys/stat.h>`
			`#ifdef HAVE_SANDBOX_H`
			`# include <sandbox.h>`
			`@@ -55,6 +56,7 @@`
			`uid_t uid = getuid(); /* UID */`
			`gid_t gid = getgid(); /* GID */`
			`int niceval = 0; /* Nice value */`
			`+ struct passwd pwd; / User passwd entry */`
			`#ifdef HAVE_SANDBOX_H`
			`char sandbox_error = NULL; / Sandbox error, if any */`
			`#endif /* HAVE_SANDBOX_H */`
			`@@ -135,7 +137,15 @@`
			`if (setgid(gid))`
			`exit(errno + 100);`

			`- if (setgroups(1, &gid))`
			`+ if (uid)`
			`+ {`
			`+ if ((pwd = getpwuid(uid)) == NULL)`
			`+ exit(errno + 100);`
			`+`
			`+ if (initgroups(pwd->pw_name, gid))`
			`+ exit(errno + 100);`
			`+ }`
			`+ else if (setgroups(1, &gid))`
			`exit(errno + 100);`

			`if (uid && setuid(uid))`
			`diff -ru3 cups-2.0.0-old/scheduler/process.c cups-2.0.0/scheduler/process.c`
			`--- cups-2.0.0-old/scheduler/process.c 2014-11-04 19:55:05.736768298 +0300`
			`+++ cups-2.0.0/scheduler/process.c 2014-11-04 20:23:55.001850057 +0300`
			`@@ -19,6 +19,7 @@`

			`#include "cupsd.h"`
			`#include <grp.h>`
			`+#include <pwd.h>`
			`#ifdef __APPLE__`
			`# include <libgen.h>`
			`#endif /* __APPLE__ */`
			`@@ -462,6 +463,7 @@`
			`cups_exec[1024]; /* Path to "cups-exec" program */`
			`uid_t user; /* Command UID */`
			`cupsd_proc_t proc; / New process record */`
			`+ struct passwd pwd; / User passwd entry */`
			`#ifdef HAVE_POSIX_SPAWN`
			`posix_spawn_file_actions_t actions; /* Spawn file actions */`
			`posix_spawnattr_t attrs; /* Spawn attributes */`
			`@@ -716,13 +718,22 @@`
			`nice(FilterNice);`

			`/*`
			`- * Reset group membership to just the main one we belong to.`
			`+ * Reset group membership to the main one we belong to with its`
			`+ * supplementary groups.`
			`*/`

			`if (!RunUser && setgid(Group))`
			`exit(errno + 100);`

			`- if (!RunUser && setgroups(1, &Group))`
			`+ if (!RunUser && user)`
			`+ {`
			`+ if ((pwd = getpwuid(user)) == NULL)`
			`+ exit(errno + 100);`
			`+`
			`+ if (initgroups(pwd->pw_name, Group))`
			`+ exit(errno + 100);`
			`+ }`
			`+ else if (!RunUser && setgroups(1, &Group))`
			`exit(errno + 100);`

			`/*`