SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cups154-1.5.4-3.2.x86_64.rpm :

* Tue Nov 04 2014 jsmeixAATTsuse.de- Also for SLE12 krb5-devel must be used for build (cf. the entry below dated \"Wed Jun 26 10:39:30 CEST 2013\") because in contrast to IBS where krb5-mini-devel is available for build in SUSE:SLE-12:GA in OBS it cannot build for SLE_12 with \"unresolvable: nothing provides krb5-mini-devel\".
* Wed Sep 03 2014 jsmeixAATTsuse.de- Split those filters, backends, and banners from CUPS 1.5.4 into a cups154-filters sub-package so that CUPS 1.5.4 can be installed without cups154-filters and instead with cups-filters. Those filters, backends, and banners are not strictly required so that the cups154-filters sub-package is only recommended.- Do no longer obsolete cups-filters because now CUPS 1.5.4 can be used with cups-filters (instead of cups154-filters). This way it is possible to use traditional CUPS 1.5.4 even with the new PDF printing workflow from cups-filters (instead of the PostScript printing workflow from CUPS 1.5.4).
* Tue Sep 02 2014 jsmeixAATTsuse.de- CUPS traditional version 1.5.4 for the SLE12 \"legacy\" module. For SLE12 we provide the last traditional CUPS version 1.5.4 as \"cups154\" RPMs in the SLE12 \"legacy\" module. This way users where the SLE12 default CUPS version 1.7 does not support their particular needs (in particular users who need a traditional CUPS server with original CUPS Browsing features) can still use CUPS 1.5.4 on SLE12. For those users any (semi)-automated CUPS version upgrade must be prohibited because CUPS > 1.5.4 has major incompatible changes compared to CUPS <= 1.5.4 (see the SLE12 release notes). Therefore the CUPS 1.5.4 RPM package name contains the version and it conflicts with higher versions to avoid that an installed CUPS 1.5.4 gets accidentally replaced with a higher version. It is not possible to have different CUPS libraries versions installed at the same time. The API in the SLE12 default CUPS 1.7 version is compatible with the CUPS 1.5.4 API (existing functions are not changed) but newer CUPS libraries provide some new functions. In openSUSE 13.1 and openSUSE Factory (as of this writing) we still have the traditional CUPS version 1.5.4 so ensure that applications that are built on openSUSE work with the traditional CUPS version 1.5.4 libraries, see http://lists.opensuse.org/opensuse-factory/2013-08/msg00408.html But there could be third-party applications or applications built on SLE12 that might use newer CUPS library functions via configure magic so that such applications would require the current CUPS 1.7 libraries. On SLE12 it is not possible to use CUPS 1.5.4 together with applications that require the current CUPS 1.7 libraries.- Traditional CUPS 1.5.4 obsoletes any version of cups-filters because CUPS 1.5.4 provides equivalents for those filters via the traditional PostScript workflow.- CUPS 1.5.4 for SLE12 provides the same simple, safe, and reliably working way how cupsd is launched by systemd as CUPS 1.7 for SLE12 via one same single cups.service systemd unit file so that launching cupsd for SLE12 is compatible with how it had worked for SLE11. Therefore optional fancy systemd features from openSUSE in cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch cups-0003-systemd-secure-cups.service-unit-file.patch and cups-provides-cupsd-service.patch are dropped in CUPS for SLE12 to avoid various issues as described in bnc#857372 - see in particular https://bugzilla.novell.com/show_bug.cgi?id=857372#c47 https://bugzilla.novell.com/show_bug.cgi?id=857372#c66 https://bugzilla.novell.com/show_bug.cgi?id=857372#c120- str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch fixes that the web interface incorrectly served symlinked files and files that were not world-readable, potentially leading to a disclosure of information (CVE-2014-3537 STR #4450 plus the subsequent CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 STR #4455 all in bnc#887240).
* Thu May 22 2014 wernerAATTsuse.de- Add build require pkgconfig(libsystemd-daemon) to allow to move systemd.pc back to systemd package
* Fri Apr 11 2014 jsmeixAATTsuse.de- cups-1.5.4-strftime.patch fixes CUPS upstream STR #4388: no or malformed output from lpstat in charset other than utf-8 (bnc#873030).
* Thu Feb 20 2014 jsmeixAATTsuse.de- Cautious clean up of systemd units via RPM scriptlets (see the entry below dated \"Wed Feb 19 15:05:44 CET 2014\") does not work reliable because it would leave a messsed up systemd setup for cupsd when YaST was used before to start/stop/enable/disable the cupsd, see https://bugzilla.novell.com/show_bug.cgi?id=857372#c115 so that now cups.socket and cups.path are stopped and disabled in any case to ensure starting/stopping/enabling/disabling of the cupsd also works with YaST, see https://bugzilla.novell.com/show_bug.cgi?id=857372#c120 (bnc#857372).- str4351.patch from CUPS upstream fixes https://www.cups.org/str.php?L4351 \"STR #4351 cups-lpd hugh jobs (>2G) fail\" (bnc#864782).
* Wed Feb 19 2014 jsmeixAATTsuse.de- Cautious clean up of systemd units via RPM scriptlets:
* When /usr/lib/systemd/system/cups.path and/or /usr/lib/systemd/system/cups.socket are in use stop and disable them because they are no longer provided but keep manually set up cups.path and/or cups.socket units.
* Enforce systemd to use the cups.service file in this package by \"systemctl reenable cups.service\" if it was enabled (intentionally this does not restart a running cupsd). For details see \"rpm -q --scripts cups\" and have a look at http://lists.opensuse.org/opensuse-packaging/2014-02/msg00096.html
* Wed Feb 12 2014 jsmeixAATTsuse.de- Added Begin/End comments in scriptlets for RPM macros so that it is easier to see in the \"rpm -q --scripts cups\" output what each RPM macro actually does.
* Wed Feb 12 2014 jsmeixAATTsuse.de- Clean up how cupsd is launched (via SysVinit or systemd) by maintaining strictly separated sections in cups.spec: Either for launching cupsd via systemd (if have_systemd is set) or for launching cupsd via SysVinit (if have_systemd is not set). SysVinit support cannot be removed because CUPS 1.5.4 is provided for SLE11 in the OBS devel project \"Printing\".
* Wed Feb 05 2014 jsmeixAATTsuse.de- cups-1.5.4-CVE-2012-5519.patch adds better default protection against misuse of privileges by normal users who have been specifically allowed by root to do cupsd configuration changes (CUPS STR#4223 CVE-2012-5519 Novell/Suse Bugzilla bnc#789566). The new ConfigurationChangeRestriction cupsd.conf directive specifies the level of restriction for cupsd.conf changes that happen via HTTP/IPP requests to the running cupsd (e.g. via CUPS web interface or via the cupsctl command). By default certain cupsd.conf directives that deal with filenames, paths, and users can no longer be changed via requests to the running cupsd but only by manual editing the cupsd.conf file and its default file permissions permit only root to write the cupsd.conf file. Those directives are: ConfigurationChangeRestriction, AccessLog, BrowseLDAPCACertFile, CacheDir, ConfigFilePerm, DataDir, DocumentRoot, ErrorLog, FatalErrors, FileDevice, FontPath, Group, JobPrivateAccess, JobPrivateValues, LogFilePerm, PageLog, Printcap, PrintcapFormat, PrintcapGUI, RemoteRoot, RequestRoot, ServerBin, ServerCertificate, ServerKey, ServerRoot, StateDir, SubscriptionPrivateAccess, SubscriptionPrivateValues, SystemGroup, SystemGroupAuthKey, TempDir, User, WebInterface.- The default group of users who are allowed to do cupsd configuration changes via requests to the running cupsd (i.e. the SystemGroup directive in cupsd.conf) is set to \'root\' only.- In this context a general security advice: When root allows normal users to do system administration tasks (in particular when root allows normal users to administer system processes - i.e. processes that run as root), then this or that kind of privilege escalation will be possible. Only trustworthy users who do not misuse their privileges may get allowed to do specific system administration tasks.
* Wed Jan 29 2014 jsmeixAATTsuse.de- cups-0003-systemd-secure-cups.service-unit-file.patch changes the cups.service systemd unit file to be more secure and to let the cupsd again work as it did all the time for printing in a network (bnc#857372 in particular comment #61 therein).- cups-1.5-additional_policies.patch was updated to avoid cupsd warning messages of the form \"No limit for ... defined in policy allowallforanybody and no suitable template found\" (bnc#857372 in particular comment #48 therein).
* Fri Jan 10 2014 jsmeixAATTsuse.de- Fix how to use CUPS\' own fonts (bnc#856731). In ancient times (see the below entry dated \"Thu Aug 16 17:05:19 CEST 2001\") there was the idea to deviate from CUPS upstream and save some disk space and do not install CUPS\' own fonts. CUPS\' own fonts were removed and the CUPS font directory was replaced by a symbolic link /usr/share/cups/fonts -> ../ghostscript/fonts because at that times the Ghostscript fonts had been the same as CUPS\' own fonts. In any case such a link is a fragile non-future-proof interference because when either the Ghostscript fonts or CUPS\' own fonts change, linking them as same is wrong. Since a long time the Ghostscript fonts do no longer work for CUPS\' particular needs but nobody noticed it until now. But it is not possible with RPM to replace a directory by a symbolic link or vice versa. This means /usr/share/cups/fonts must stay forever as a symbolic link and the only way out is to move CUPS\' own fonts to an artificial surrogate directory /usr/share/cups/CUPSfonts and have the symbolic link now /usr/share/cups/fonts -> /usr/share/cups/CUPSfonts
* Wed Jan 08 2014 jsmeixAATTsuse.de- cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch fixes the systemd cups.socket file so that systemd listens only on localhost (bnc#857372).- Do no longer use the Ghostscript fonts for CUPS. Instead be in compliance with upstream and use CUPS\' own Monospace fonts in /usr/share/cups/fonts because those fonts are hardcoded used by the CUPS filters bannertops (for CUPS banner pages and the CUPS test page that is a special kind of banner page) and texttops (when printing plain text files). Without CUPS\' own Monospace fonts bannertops and texttops create PostScript that uses those fonts but without those fonts embedded which results that PostScript interpreters use a (different) fallback font or fail to print for some PostScript printers (bnc#856731).
* Wed Oct 09 2013 crrodriguezAATTopensuse.org- patch cups-move-everything-to-run.patch missed to move CUPS_STATEDIR to run, so systemd sockets are still created in /var/run- Add required tmpfiles.d config snippet to ensure /run/cups is always available.
* Fri Jul 05 2013 jsmeixAATTsuse.de- cups-polld_avoid_busy_loop.patch avoids any possible busy loop in cups-polld in case of unusual issues by sleeping interval seconds (bnc#828228).
* Fri Jun 28 2013 stefan.bruensAATTrwth-aachen.de- Fix endless loop if IPP server does not accect job (bnc#827418) see also https://www.cups.org/str.php?L4190 (STR#4190, patch str4190.patch).
* Wed Jun 26 2013 jsmeixAATTsuse.de- Changed Source0 URL from http://ftp.easysw.com/pub/cups/1.5.4/cups-1.5.4-source.tar.bz2 to its currently valid location http://www.cups.org/software/1.5.4/cups-1.5.4-source.tar.bz2 so that the factory-auto check script does no longer error out with \"Failed to download ... Source URLs are not valid.\"
* Wed Jun 26 2013 jsmeixAATTsuse.de- Use BuildRequires krb5-mini-devel to avoid this build cycle: cups -> krb5 -> python-Jinja2 -> vim -> gtk2 -> cups (according to OBS request 180870). Because krb5-mini-devel is not available for SLE11 krb5-devel must still be used for SLE11 builds (required addition to OBS request 180870).
* Fri Mar 22 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Wed Jan 30 2013 rmilasanAATTsuse.com- Move everything (pid, lock, socket files) to /run only for 12.3. Added: cups-move-everything-to-run.patch See also http://lists.opensuse.org/opensuse-factory/2013-01/msg00578.html
* Thu Dec 20 2012 jsmeixAATTsuse.de- Added \"BuildRequires: poppler-tools\" which installs /usr/bin/pdftops for the build-time check in cups-pdf.m4 regarding HAVE_PDFTOPS_WITH_ORIGPAGESIZE that makes sure that the CUPS filter /usr/lib/cups/filter/pdftops calls /usr/bin/pdftops with \"-origpagesizes\" otherwise it would result wrong PostScript output for poppler > 0.18.0 (bnc#776080) see also https://www.cups.org/str.php?L3689 (STR #3689).- Changed \'configure --with-pdftops=/usr/bin/pdftops\' back to the upstream default \'configure --with-pdftops=pdftops\' (compare the entry dated \'Fri Jul 31 15:08:41 CEST 2009\').- Removed leftover and since a longer time obsolete \"BuildRequires: avahi-compat-mDNSResponder-devel\".
* Tue Nov 13 2012 fcrozatAATTsuse.com- Add cups-provides-cupsd.service: ensure cupsd.service is provided by cups.service.
* Thu Oct 18 2012 cooloAATTsuse.com- buildrequire systemd through the pkgconfig provide to get systemd-mini in build environment (to break cycle)
* Thu Sep 27 2012 mmeisterAATTsuse.com- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes some IPP printing issues. Excerpt:
* The IPP backend no longer tries to get the job status for printers that do not implement the required operation (STR #4083).
* Sending a document in an unsupported format to an IPP printer now automatically cancels the job (STR #4093).
* The IPP backend now treats the client-error-not-possible status code as a job history issue, allowing IPP printing to Windows to work(STR #4047). For a complete list see the CHANGES.txt file.- revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of an upstream fix.
* Tue Sep 04 2012 cfarrellAATTsuse.com- license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 Apple grant an openssl linking exception (and an exception for linking on Apple owned operating systems).
* Wed Aug 01 2012 jsmeixAATTsuse.de- Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default from becoming hardlinked via the fdupes run in cups.spec (see the \'Wed Aug 26 21:43:03 CEST 2009\' entry below) by making their content different and at the same time fix the misleading comment (openSUSE Bugzilla bnc#773971).- Minor clean-up in cups.spec (the \"Remove unpackaged files\" via \"rm -rf \") is no longer needed because those man pages are no longer installed.
* Wed May 16 2012 jsmeixAATTsuse.de- Upgraded to CUPS 1.5.3 (mainly a bugfix release) that fixes a number of PostScript, SSL, authenticated printing, and networking issues. Excerpt:
* The scheduler could crash if a PPD file contained an invalid paper size (STR #4049).
* Missing localizations caused empty output (STR #4033).
* Changed how timeouts are implemented in the LPD backend (STR #4013).
* The default InputSlot setting was never used (STR #3957).
* Fixed the IPP backend\'s handling of HTTP/1.0 compatibility (STR #3988). For a complete list see the CHANGES.txt file.- revert_cups-ssl.m4_to_1.5.2.patch reverts cups-ssl.m4 to what it was in CUPS 1.5.2 so that autoconf produces a syntactically correct configure script otherwise \"bash -n configure\" fails with \"syntax error: unexpected end of file\", see http://www.cups.org/str.php?L4084
* Thu Apr 12 2012 jsmeixAATTsuse.de- No longer require Ghostscript but only \"Recommends: ghostscript\" because the Ghostscript device \"cups\" is needed by several CUPS filters (in particular the \"rasterto...\" filters) but those filters are not used on all systems (e.g. on a print server with only \"raw\" queues) so that a weak Recommends fits better. Furthermore this avoids a build dependency cycle between the main-packages cups and ghostscript.- No longer require /usr/bin/pdftops but only a \"Recommends\" because the CUPS filter /usr/lib/cups/filter/pdftops (which calls /usr/bin/pdftops) is not used on all systems (e.g. on a print server with only \"raw\" queues) so that a weak Recommends fits better.
* Tue Apr 10 2012 jsmeixAATTsuse.de- In cups.spec only \"Requires: ghostscript\" but no longer require ghostscript-fonts-std in cups.spec because in ghostscript.spec there is already \"Requires: ghostscript-fonts-std\" (related to openSUSE Bugzilla bnc#735824).- In cups.spec remove the Obsoletes/Provides cups-SUSE-ppds-dat because cups-SUSE-ppds-dat.rpm existed only up to SLE10 but it does no longer exist since 11.1/SLE11 and CUPS 1.5.x is not provided for SLE10.- Use traditional bash scriptlets for post/postun with an explicite \"exit 0\" line at the end to be fail safe and therefore also \"PreReq: /sbin/ldconfig\" explicitly for the cups-libs sub-package, see the \"Shared_libraries\" section in http://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
* Tue Feb 07 2012 jsmeixAATTsuse.de- Upgraded to CUPS 1.5.2 (mainly a bugfix release). This release fixes a number of printing, encryption, and ipptool issues. Excerpt:
* The scheduler incorrectly used free() on a POSIX ACL value, which could cause a crash (STR #3970).
* Encryption was broken with OpenSSL (probably STR #3933 and bnc#739410 ).
* Badly formed GIF files could cause the image filters to crash (STR #3914). For a complete list see the CHANGES.txt file.
* Tue Jan 10 2012 crrodriguezAATTopensuse.org- Use explicit buildrequires on the needed libraries. otherwise build will fail after libtiff-devel deps cleanup- Cleanup requires of -devel package, which only needs glibc-devel- Fix up, cups-config script, which with option --libs adds: LIBS=\"-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto - lz -lpthread -lm -lcrypt \" IMGLIBS=\"-ltiff -ljpeg -lpng\" This only makes sense when using static linking but we don\'t ship static libraries and will only help bloating dependant packages.
* Sat Dec 17 2011 crrodriguezAATTopensuse.org- Update systemd patch, Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen by another service (from RH).- There is no need to use -fno-strict-aliasing in cflags any longer.
* Sat Dec 03 2011 crrodriguezAATTopensuse.org- Update systemd patch to a newer version that uses libsystemd-daemon instead of bundling sd-daemon wrappers.
* Sat Dec 03 2011 crrodriguezAATTopensuse.org- Add complete systemd support, the hardware stuff is handled in builtin udev rules (see /lib/udev/rules.d/99-systemd.rules). See also http://0pointer.de/blog/projects/socket-activation2.html
* Thu Oct 06 2011 jsmeixAATTsuse.de- Upgraded to CUPS 1.5.0 (openSUSE Bugzilla bnc#722057) Backward incompatible changes:
* The main header cups/cups.h no longer includes the PPD header cups/ppd.h which may require code changes to applications.
* CUPS no longer supports the old ~/.cupsrc or ~/.lpoptions files from CUPS 1.1.x. The ~/.cups/client.conf and ~/.cups/lpoptions files that were introduced in CUPS 1.2 must now be used.
* The scheduler now requires that filters and backends have group write permissions disabled (security).
* The HP-GL/2 filter is no longer included (STR #3322).
* The SCSI backend is no longer included (STR #3500). Other changes:
* Updated the PostScript filter to support IncludeFeature in more circumstances (STR #3417).
* The scheduler now sets the process group for child processes and manages the group (STR #2829).
* The scheduler now more carefully creates and removes configuration, cache, and state files (STR #3715).
* The lpadmin command now allows default option values to be deleted (STR #2959).
* Restored support for GNU TLS and OpenSSL with threading enabled (STR #3605, STR #3461). Therefore cups-1.4.4-str3461-1.4.reverted.patch is no longer needed (openSUSE Bugzilla bnc#617026).
* Increased the default RIPCache value to 128MB (STR #3535). Therefore cups-1.4.4-set_default_RIPCache_128m.patch is no longer needed (openSUSE Bugzilla bnc#628233).
* Updated PDF filter to support Ghostscript ps2write (STR #3766).
* Updated PDF filter to support Poppler option to preserve page sizes in PDF files when the user has not selected a particular media size (STR #3689).
* Added new PWG Raster filter for IPP Everywhere printer support.
* Added support for a new cupsFilter2 keyword in PPD files to allow for the propagation of the actual MIME media type produced by a filter.
* Name resolution errors no longer no longer cause queues to stop (STR #3719, STR #3753). See also https://bugzilla.novell.com/show_bug.cgi?id=337794#c16
* Added a new cups-exec helper program that applies security profiles to filters, port monitors, backends, CGI programs, and mini-daemons.
* The web interface can now be disabled using the WebInterface directive in cupsd.conf (STR #2625).
* The ipptest tool is now a first-class user program (STR #3484). For a complete list see the CHANGES.txt file.- cups-1.4.4-str3461-1.4.reverted.patch (bnc#617026) and cups-1.4.4-set_default_RIPCache_128m.patch (bnc#628233) are no longer needed because the issues are fixed upstream. cups-1.5-additional_policies.patch (fate#303515) replaces the cups-1.4-additional_policies.patch which does no longer apply.
* Fri Sep 30 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Thu Sep 29 2011 jsmeixAATTsuse.de- Reverted the change from meissner below dated \"Fri Sep 23 09:54:39 CEST 2011\" so that baselibs.conf again contains only one line \"cups-libs\" as before because the submitrequest 85423 Printing/cups -> openSUSE:Factory/cups was declined by coolo with the following reason: \"cups-devel-32bit requires cups-32bit (default requires), which does not exist\".
* Thu Sep 29 2011 jsmeixAATTsuse.de- Upgraded to CUPS 1.4.8
* network backends could crash if a printer returned a value of 0 for the maximum capacity for a supply (STR #3875)
* For a complete list see the CHANGES.txt file.- Upgraded to CUPS 1.4.7
* imageto
* filters could crash with bad GIF files (STR #3867)
* CUPS did not work with some printers that incorrectly implemented the HTTP/1.1 standard (STR #3778, STR #3791)
* Fixed crash in scheduler when the application/octet-stream MIME type was not defined (STR #3690)
* The web interface no longer tries to use multi-part delivery when adding printers (STR #3455) using Epiphany or IE
* \"lp\" and \"lpr\" failed with Kerberos enabled (STR #3768)
* Remote printer URIs with options did not work (STR #3717)
* The scheduler now only looks up interface hostnames if HostNameLookups are enabled (STR #3737)
* The scheduler could crash if a browsed printer times out while a job is printing (STR #3754)
* For a complete list see the CHANGES.txt file.
* Thu Sep 29 2011 jsmeixAATTsuse.de- cups-1.4.4-set_default_RIPCache_128m.patch enlarges the CUPS upstream default RIPCache from 8m to 128m to avoid various kind of printout failures (STR #3535, and Novell/openSUSE Bugzilla bnc#628233).
* Fri Sep 23 2011 meissnerAATTsuse.de- cups-devel baselibs package for Wine 32bit on 64bit building (added \"cups-devel requires cups-libs...\" to baselibs.conf).
* Sun Sep 18 2011 jengelhAATTmedozas.de- Remove redundant tags/sections from specfile (removed \"norootforbuild\" and the \"clean\" section).
* Mon Jul 25 2011 meissnerAATTsuse.de- \"no\" locale is \"nb\" (norwegian bokmal) these days (move /usr/share/locale/no to /usr/share/locale/nb).- \"zh\" is probably meant as \"zh_CN\", as \"zh_TW\" exists (move /usr/share/locale/zh to /usr/share/locale/zh_CN).
* Thu Feb 10 2011 jsmeixAATTsuse.de- Cleaned up the RPM Requires: Removed the needless \"Suggests: poppler-tools\" because there is \"Requires: /usr/bin/pdftops\" which should be sufficient. Replaced the RPM Requires for foomatic-filters by Recommends because foomatic-rip is only needed by CUPS in a few cases and printer driver packages which need foomatic-rip require foomatic-filters on their own.
* Fri Jan 14 2011 jsmeixAATTsuse.de- Upgraded to CUPS 1.4.6 CUPS 1.4.6 fixes in particular a regression:
* A change was made in CUPS 1.4.5\'s pstops filter that it did not support landscape printing of PostScript files (STR #3722)
* For a complete list see the CHANGES.txt file.
* Thu Dec 09 2010 jsmeixAATTsuse.de- Fixed coolo\'s quick and ditry unconditioned \"PreReq: sysvinit(syslog)\" stuff from below because build fails everywhere except openSUSE:Factory (i.e. openSUSE 11.4) because sysvinit(syslog) is nowhere else provided. Now the PreReq is only if suse_version > 1130.
* Tue Dec 07 2010 cooloAATTnovell.com- prereq init script syslog
* Fri Nov 12 2010 jsmeixAATTsuse.de- Upgraded to CUPS 1.4.5 CUPS 1.4.5 fixes several scheduler and printing bugs as well as a reported security bug, in particular:
* Fixed a IPP parsing memory corruption bug (CVE-2010-2941, STR #3648, Novell/Suse Bugzilla bnc#649256)
* Fixed a PPD loader bug that could crash the cupsd (STR #3680)
* The scheduler restarts jobs while shutting down (STR #3679)
* Did not initialize Kerberos in all cases (STR #3662)
* The socket backend could go into an infinite loop with certain printers (STR #3622)
* Moving a job via the web interface failed without asking for authentication (STR #3559)
* The web interface did not allow a user to change the driver (STR #3537, STR #3601)
* For a complete list see the CHANGES.txt file.
* Thu Jul 15 2010 jsmeixAATTsuse.de- Fixed /etc/init.d/cups (cups.init source file) so that stopping the cupsd waits up to 10 seconds until the cupsd had actually finished (if not SIGKILL would be sent to it) to make sure that \"rccups restart\" and \"rccups stop ; rccups start\" work correctly (see Novell/Suse Bugzilla bnc#622058).
* Fri Jun 25 2010 jsmeixAATTsuse.de- cups-1.4.4-str3461-1.4.reverted.patch reverts changes by CUPS STR #3461 as band-aid workaround for now to avoid that Mozilla.org applications crash when they try to print (STR #3461, STR #3605, and Novell/Suse Bugzilla bnc#617026).
* Fri Jun 18 2010 jsmeixAATTsuse.de- Upgraded to CUPS 1.4.4 CUPS 1.4.4 fixes several security, scheduler, printing, and conformance issues, in particular:
* The web interface now includes additional CSRF protection (CVE-2010-0540, STR #3498, STR #3593, and Novell/Suse Bugzilla bnc#601830)
* The texttops filter did not check the results of allocations (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)
* The web admin interface could disclose the contents of memory (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)
* The fix for CVE-2009-3553 (STR #3200) was incomplete for systems that use kqueue or epoll (STR #3490)
* CUPS could overwrite files as root in directories owned or writable by non-root users (STR #3510)
* The OpenSSL interfaces have been made thread-safe and the GNU TLS interface is explicitly forbidden when threading is enabled (STR #3461)
* The scheduler could crash on restart if classes were defined (STR #3524)
* The socket backend no longer waits for back-channel data on platforms other than Mac OS X (STR #3495)
* For a complete list see the CHANGES.txt file.
* Mon Jun 14 2010 vuntzAATTopensuse.org- Update cups-1.3.9-desktop_file.patch: add the Settings category (required since we use HardwareSettigns) and add NotShowIn=GNOME: in GNOME, the configuration tool we want to use is system-config-printer.
* Wed Jun 02 2010 jsmeixAATTsuse.de- Explicitly set configure option \'--enable-debug\' because otherwise the cups-debuginfo RPM would be empty.- Removed no longer recognized configure option \'--enable-pie\' (it compiles and links with \'-pie -fPIE -fPIC\' by default).- Disabled .SILENT in Makedefs.in so that make is verbose as usual.
* Mon May 10 2010 guido+opensuse.orgAATTberhoerster.name- In cups.spec removed \'-r\' from the suse_update_desktop_file call to not replace valid (and previously patched via cups-1.3.9-desktop_file.patch) categories of the desktop file so that it shows up in the right place (this is particularly an issue with the LXDE/XFCE menu).
* Thu May 06 2010 jsmeixAATTsuse.de- cups-1.4.3-default-webcontent-path.patch changes the default path whereto the web content is installed from /usr/share/doc/... to /usr/share/cups/webcontent because the files of the CUPS web content are no documentation (see CUPS STR #3578 and Novell/Suse Bugzilla bnc#546023 starting at comment#6).- In cups.spec replaced usage of the RPM macro \'name\' by the explicite value \'cups\' (except for the BuildRoot) so that CUPS could be built as well with a different package name (e.g. when someone likes to provide a CUPS SVN revision as \'cupsSVN\' or a specifically adapted CUPS as \'cups4me\').
* Tue Apr 27 2010 jsmeixAATTsuse.de- cups-krb5-config wrapper script for krb5-config is no longer needed because since April 2008 krb5-config works correctly (see Novell/Suse Bugzilla bnc#378270 and compare STR #3556).
* Tue Apr 20 2010 jsmeixAATTsuse.de- In cups.xinetd replaced \'AATTLIBAATT\' by \'/usr/lib\' and removed the perl substitute calls regarding \'AATTLIBAATT\' in cups.spec because since the upstream compliant CUPS 1.4 it is \'/usr/lib/cups/\' on all platforms (see Novell/Suse Bugzilla bnc#575544).
* Wed Mar 31 2010 jsmeixAATTsuse.de- Upgraded to CUPS 1.4.3:
* The scheduler could try responding on a closed client connection, leading to a crash (CVE-2009-3553, STR #3200, and bnc#554861).
* The lppasswd program allowed the localization files to be overridden when running in setuid mode (CVE-2010-0393, STR #3482, and bnc#574336).
* The scheduler would crash when an active printer was deleted.
* The DBUS notifier did not build (STR #3447).
* The scheduler did not reset the SIGPIPE handler of child processes (STR #3399).
* For a complete list see the CHANGES.txt file.- cups-1.3.9-CVE-2009-3553.patch has become obsolete because it is fixed in the source.
* Wed Jan 27 2010 jsmeixAATTsuse.de- CUPS 1.3 -> 1.4 version upgrade and major cleanup: For the CUPS upstream changes see the CHANGES.txt file. Such a major version upgrade is the perfect chance to drop almost all our own patches to enforce a reset to almost 100% compliance with upstream. Here our openSUSE CUPS versions and their number of patches (i.e. the \"Patch\" entries in the cups.spec files): CUPS version 1.2.12 in openSUSE 10.3: 37 CUPS version 1.3.7 in openSUSE 11.0: 29 CUPS version 1.3.9 in openSUSE 11.1: 26 CUPS version 1.3.11 in openSUSE 11.2: 17 Of course this includes patches with backported bug fixes via our maintenance but nevertheless there were really too much openSUSE specific patches. Therefore I would like to provide CUPS 1.4 \"as is\" to the furthest possible extent (there are still 6 patches left). Then let\'s see if we get bug reports because of this. I did such a reset to 100% compliance with upstream already in the past for sane-backends and guess what: I got no single bug report at all because of this. I guess what they do at upstream is actually not so bad ;-)- Added the explicite path to \'--with-cachedir=/var/cache/cups\' in cups.spec to avoid that the fallback value \'yes\' results the cache directory \'/etc/cups/yes/\'.- cups-1.3.11-CVE-2009-2820-regression-fix.patch and cups-1.3.11-CVE-2009-2820.patch have become obsolete because it is fixed in the source.- cups-1.4-full_path_to_configure_with-pdftops.patch has become obsolete because it is fixed in the source.
* Tue Dec 15 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- enable parallel building
* Tue Dec 15 2009 jsmeixAATTsuse.de- Fixed the URL and MD5 sum comments for Source0 in cups.spec.- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug in the scheduler which leads to remote denial of service, (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861)
* Wed Nov 11 2009 jsmeixAATTsuse.de- cups-1.3.11-CVE-2009-2820-regression-fix.patch fixes a regression which was introduced by the previous cups-1.3.11-CVE-2009-2820.patch which lets adding a class via CUPS Web Interface fail with an \'Unknown operation \"{op}\"\' error message (CUPS STR #3401 and Novell/Suse Bugzilla bnc#548317 starting at comment #24).- cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface Cross-Site Scripting (XSS) and CRLF injection in HTTP headers (CVE-2009-2820 and CUPS STR #3367 and Novell/Suse Bugzilla bnc#548317).
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Wed Aug 26 2009 meissnerAATTsuse.de- Fixed as-needed issues when compiling additional tools by using the right ordering of source and linked library in \'gcc -opoll_ppd_base ... SOURCE1 -lcups\' and \'gcc -olphelp ... SOURCE2 -lcups\' which obsoletes the \'export SUSE_ASNEEDED=0\' workaround, see the \'Fri Jul 10 12:34:54 CEST 2009\' entry below.- Run fdupes.
* Fri Jul 31 2009 jsmeixAATTsuse.de- full_path_to_configure_with-pdftops.patch adds support to specify a full path in \'configure --with-pdftops=/usr/bin/pdftops\' to avoid \'BuildRequires: xpdf-tools\' which would bloat the build system but would be only needed to satisfy \'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)\' in cups-pdf.m4 if only \'configure --with-pdftops=pdftops\' was possible (Novell/Suse Bugzilla bnc#526847).
* Tue Jul 28 2009 jsmeixAATTsuse.de- Upgraded to CUPS 1.3.11:
* The scheduler and cupsfilter utility would crash with certain MIME .types rules (CUPS STR #3159).
* cups-1.3.10-fix-DNS-rebinding-protection.patch (Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238) is obsolete since CUPS 1.3.11 because it is fixed in the source (it is fixed via CUPS STR #3164).
* For a complete list see the CHANGES.txt file.
* Fri Jul 10 2009 jsmeixAATTsuse.de- Set \'export SUSE_ASNEEDED=0\' in cups.spec because build fails with --as-needed so that this is for now simply disabled.
* Fri Jun 26 2009 jsmeixAATTsuse.de- cups-1.3.10-fix-DNS-rebinding-protection.patch fixes a regression of the CUPS 1.3.10 DNS rebinding protection which lets e.g. \"lpoptions -h localhost -p -l\" fail with \"lpoptions: Unable to get PPD file for : Bad Request\" and in /var/log/cups/error_log there is the warning W ... Request from \"localhost\" using invalid Host: field \"::1\" but \"::1\" is the IPv6 loopback IP address for \"localhost\" (Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).
* Wed Jun 24 2009 jsmeixAATTsuse.de- Upgraded to CUPS 1.3.10:
* Use a wrapper program filter/pdftops.c which only calls /usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops) instead of the CUPS fork of the Xpdf source code which was in the pdftops directory (CUPS STR #3129). Because of this cups-1.4svn-pdftops_as_filter.patch and cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808).
* The scheduler now protects against DNS rebinding attacks (CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624).
* cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2979).
* cups-1.3.9-max_subscription.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (no CUPS STR but mentioned in CHANGES.txt \"The scheduler would crash if you exceeded the MaxSubscriptions limit\").
* cups-1.3.9-filter_png_overflow2.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631).
* cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #2966 which is the successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543).
* cups-1.3.9-cupsImageReadTiff.patch is obsolete since CUPS 1.3.10 because it is fixed in the source (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
* For a complete list see the CHANGES.txt file.- cups-1.1.21rc2-preauth_security.patch and cups-1.1.21rc2-usermode.patch and cups-1.1.21-umlaut_printer.patch and cups-1.1.23-testpage.patch are finally removed since CUPS 1.3.10 because they were made for CUPS 1.1 and were no longer applied since CUPS 1.2 in Suse Linux 10.3. In particular cups-1.1.21rc2-usermode.patch can no longer apply since CUPS 1.2 because RunAsUser in cupsd.conf is no longer supported since CUPS 1.2, for more info see e.g. the \"RunAsUser removed; reassurance wanted\" mails on cupsAATTeasysw.com. Furthermore we neither got any Suse Linux/openSUSE user request nor any SLE11 beta-tester/customer request for them.
* Mon Jun 08 2009 crrodriguezAATTsuse.de- Replaced \"--enable-static\" by \"--disable-static\" in configure so that the static libraries /usr/lib[64]/libcups.a and /usr/lib[64]/libcupsimage.a are no longer built and included in the cups-devel package to enforce detection of other software which might be built with static CUPS libraries so that those other software could be fixed to use the dynamic libraries (see also Novell/Suse Bugzilla bnc#509945).
* Wed Jun 03 2009 jsmeixAATTsuse.de- Set BROADCAST=\"ipp\" in cups.SuSEfirewall2 source file (which gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups) so that adding \"cups\" to allowed services in the firewall also allows CUPS Browsing information via UDP broadcasts (Novell/Suse Bugzilla bnc#498429).
* Thu Mar 26 2009 jsmeixAATTsuse.de- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow in the \"_cupsImageReadTIFF()\" function CVE-2009-0163 (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
  
ICM