SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cups-libs-1.3.11-4.9.1.i586.rpm :
Tue Nov 23 13:00:00 2010 jsmeixAATTsuse.de
- cups-1.3.9-CVE-2010-1748.patch fixes a CUPS web interface
memory disclosure
(CUPS STR#3577 CVE-2010-1748 Novell/Suse Bugzilla bnc#604271)
- cups-1.3.9-texttops-CVE-2010-0542.patch fixes a possible
crash via NULL pointer dereference in the texttops filter
(CUPS STR#3516 CVE-2010-0542 Novell/Suse Bugzilla bnc#601352)
- Added TCP port 515 to cups.SuSEfirewall2
(which becomes /etc/sysconfig/SuSEfirewall2.d/services/cups)
to accept also remote print jobs via LPD port 515 for
the cups-lpd (Novell/Suse Bugzilla bnc#635012).
- cups-1.3.11-CVE-2009-2820-one-more-regression-fix.patch
fixes one more regression which was introduced by
cups-1.3.11-CVE-2009-2820.patch which lets
the CUPS web frontend only shows job list of all printers
(CUPS STR #3436 and Novell/Suse Bugzilla bnc#631121).
- cups-1.3.9-CVE-2010-2941.patch fixes IPP parsing memory management
issues (CVE-2010-2941, and Novell/Suse Bugzilla bnc#649256).
- Checked and fixed patches so that all apply now with fuzz=0.
The new patch
cups-1.3.3-mime-adapted_for_cups-1.3.11_with_fuzz0.patch
was derived from cups-1.3.3-mime.patch and
replaces it so that the new patch applies for
the CUPS 1.3.11 sources with fuzz=0.
The new patch
cups-1.2.0-ppdsdat_generation-adapted_for_cups-1.3.11_with_fuzz0.patch
was derived from cups-1.2.0-ppdsdat_generation.patch and
replaces it so that the new patch applies for
the CUPS 1.3.11 sources with fuzz=0.
The new patch
cups-1.3.3-pswrite.patch-adapted_for_cups-1.3.11_with_fuzz0.patch
was derived from cups-1.3.3-pswrite.patch and
replaces it so that the new patch applies for
the CUPS 1.3.11 sources with fuzz=0.
The old patch
cups-1.1.21-testppd_duplex.patch
which became meanwhile applied since CUPS 1.3.9
with the default fuzz=2 at a totally wrong place
at the \"Check for ImageableArea\" instead of the
check for the duplex options for which it
was initially made for the CUPS 1.1.21 sources.
Furthermore the idea behind a testppd_duplex.patch
does no longer apply since CUPS 1.3.9 and therefore
this old patch is completely removed.
The new patch
cups-1.2.11-testppd_filename-adapted_for_cups-1.3.11_with_fuzz0.patch
was derived from cups-1.2.11-testppd_filename.patch and
replaces it so that the new patch applies for
the CUPS 1.3.11 sources with fuzz=0.
- Added \"export AVAHI_COMPAT_NOWARN=1\" to /etc/init.d/cups
to silence the Avahi Bonjour compat warning, since this
can cause SIGPIPE if stderr is not available
when cupsd does not run in the foreground
which lets cupsd crash with \"cupsd: Child exited on signal 13\"
(see Novell/Suse Bugzilla bnc#576507 and CUPS STR #2931).

Fri Mar 5 13:00:00 2010 jsmeixAATTsuse.de
- Removed failing and obsolete \"perl -pi ... PATCH100\" line
in cups.spec because PATCH100 was cups-1.1.23-testpage.patch
which was removed since the upgrade to CUPS 1.3.10, see the
changelog entry on \"Wed Jun 24 14:02:29 CEST 2009\" below.

Fri Mar 5 13:00:00 2010 jsmeixAATTsuse.de
- cups-1.3.9-CVE-2010-0393.patch fixes a lppasswd format string bug
(CVE-2010-0393, CUPS STR #3482,
and Novell/Suse Bugzilla bnc#574336).

Wed Feb 10 13:00:00 2010 jsmeixAATTsuse.de
- cups-1.3.9-CVE-2010-0302.patch provides the rest of the fix
to fix the below mentioned use-after-free bug in the scheduler
which leads to remote denial of service because the below
cups-1.3.9-CVE-2009-3553.patch was an incomplete fix
(CVE-2010-0302, and Novell/Suse Bugzilla bnc#578215).

Tue Dec 15 13:00:00 2009 jsmeixAATTsuse.de
- Fixed the URL and MD5 sum comments for Source0 in cups.spec.
- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
in the scheduler which leads to remote denial of service,
(CVE-2009-3553, CUPS STR #3200,
and Novell/Suse Bugzilla bnc#554861)

Wed Nov 11 13:00:00 2009 jsmeixAATTsuse.de
- cups-1.3.11-CVE-2009-2820-regression-fix.patch
fixes a regression which was introduced by
the previous cups-1.3.11-CVE-2009-2820.patch
which lets adding a class via CUPS Web Interface fail
with an \'Unknown operation \"{op}\"\' error message
(CUPS STR #3401 and
Novell/Suse Bugzilla bnc#548317 starting at comment #24).
- cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface
Cross-Site Scripting (XSS) and CRLF injection in HTTP headers
(CVE-2009-2820 and CUPS STR #3367 and
Novell/Suse Bugzilla bnc#548317).

Wed Aug 26 14:00:00 2009 meissnerAATTsuse.de
- Fixed as-needed issues when compiling additional tools
by using the right ordering of source and linked library
in \'gcc -opoll_ppd_base ... SOURCE1 -lcups\'
and \'gcc -olphelp ... SOURCE2 -lcups\' which
obsoletes the \'export SUSE_ASNEEDED=0\' workaround,
see the \'Fri Jul 10 12:34:54 CEST 2009\' entry below.
- Run fdupes.

Fri Jul 31 14:00:00 2009 jsmeixAATTsuse.de
- full_path_to_configure_with-pdftops.patch
adds support to specify a full path in
\'configure --with-pdftops=/usr/bin/pdftops\'
to avoid \'BuildRequires: xpdf-tools\' which would
bloat the build system but would be only needed to
satisfy \'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)\'
in cups-pdf.m4 if only \'configure --with-pdftops=pdftops\'
was possible (Novell/Suse Bugzilla bnc#526847).

Tue Jul 28 14:00:00 2009 jsmeixAATTsuse.de
- Upgraded to CUPS 1.3.11:

* The scheduler and cupsfilter utility would crash with
certain MIME .types rules (CUPS STR #3159).

* cups-1.3.10-fix-DNS-rebinding-protection.patch
(Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238)
is obsolete since CUPS 1.3.11 because it is fixed
in the source (it is fixed via CUPS STR #3164).

* For a complete list see the CHANGES.txt file.

Fri Jul 10 14:00:00 2009 jsmeixAATTsuse.de
- Set \'export SUSE_ASNEEDED=0\' in cups.spec because build fails
with --as-needed so that this is for now simply disabled.

Fri Jun 26 14:00:00 2009 jsmeixAATTsuse.de
- cups-1.3.10-fix-DNS-rebinding-protection.patch fixes
a regression of the CUPS 1.3.10 DNS rebinding protection which
lets e.g. \"lpoptions -h localhost -p -l\" fail with
\"lpoptions: Unable to get PPD file for : Bad Request\"
and in /var/log/cups/error_log there is the warning
W ... Request from \"localhost\" using invalid Host: field \"::1\"
but \"::1\" is the IPv6 loopback IP address for \"localhost\"
(Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).

Wed Jun 24 14:00:00 2009 jsmeixAATTsuse.de
- Upgraded to CUPS 1.3.10:

* Use a wrapper program filter/pdftops.c which only calls
/usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops)
instead of the CUPS fork of the Xpdf source code which was in
the pdftops directory (CUPS STR #3129). Because of this
cups-1.4svn-pdftops_as_filter.patch and
cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete
since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808).

* The scheduler now protects against DNS rebinding attacks
(CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624).

* cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2979).

* cups-1.3.9-max_subscription.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(no CUPS STR but mentioned in CHANGES.txt \"The scheduler
would crash if you exceeded the MaxSubscriptions limit\").

* cups-1.3.9-filter_png_overflow2.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631).

* cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2966 which is the
successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543).

* cups-1.3.9-cupsImageReadTiff.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).

* For a complete list see the CHANGES.txt file.
- cups-1.1.21rc2-preauth_security.patch and
cups-1.1.21rc2-usermode.patch and
cups-1.1.21-umlaut_printer.patch and
cups-1.1.23-testpage.patch are finally removed
since CUPS 1.3.10 because they were made for CUPS 1.1 and
were no longer applied since CUPS 1.2 in Suse Linux 10.3.
In particular cups-1.1.21rc2-usermode.patch can no longer
apply since CUPS 1.2 because RunAsUser in cupsd.conf is
no longer supported since CUPS 1.2, for more info see e.g. the
\"RunAsUser removed; reassurance wanted\" mails on cupsAATTeasysw.com.
Furthermore we neither got any Suse Linux/openSUSE user request
nor any SLE11 beta-tester/customer request for them.

Mon Jun 8 14:00:00 2009 crrodriguezAATTsuse.de
- Replaced \"--enable-static\" by \"--disable-static\" in configure
so that the static libraries /usr/lib[64]/libcups.a and
/usr/lib[64]/libcupsimage.a are no longer built and included
in the cups-devel package to enforce detection of other software
which might be built with static CUPS libraries so that those
other software could be fixed to use the dynamic libraries
(see also Novell/Suse Bugzilla bnc#509945).

Wed Jun 3 14:00:00 2009 jsmeixAATTsuse.de
- Set BROADCAST=\"ipp\" in cups.SuSEfirewall2 source file (which
gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups)
so that adding \"cups\" to allowed services in the firewall
also allows CUPS Browsing information via UDP broadcasts
(Novell/Suse Bugzilla bnc#498429).

Thu Mar 26 13:00:00 2009 jsmeixAATTsuse.de
- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
in the \"_cupsImageReadTIFF()\" function CVE-2009-0163
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).


  
ICM