|
|
|
|
Changelog for cups-devel-32bit-2.4.2-6.2.x86_64.rpm :
* Mon Dec 12 2022 Callum Farmer - Use %_pam_vendordir * Sat Dec 10 2022 Callum Farmer - Remove invalid %config directive on %_distconfdir/pam.d/cups * Fri Dec 09 2022 Stefan Schubert - Migration PAM settings to /usr/etc: Fixed posttrans. Should only be used for TW. * Thu Dec 08 2022 Stefan Schubert - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Sat Jul 09 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1201346) * Mon May 30 2022 jsmeixAATTsuse.de- Version upgrade to 2.4.2: See https://github.com/openprinting/cups/releases CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474) together with LibreSSL/OpenSSL and minimal AIX support. * Fixed certificate strings comparison for Local authorization (CVE-2022-26691) * The `cupsFileOpen` function no longer opens files for append in read-write mode (Issue #291) * The cupsd daemon removed processing temporary queue (Issue #364) * Fixed delay in IPP backend if GNUTLS is used and endpoint doesn\'t confirm closing the connection (Issue #365) * Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329) * Fixed CSS related issues in CUPS Web UI (Issue #344) * Fixed copyright in CUPS Web UI trailer template (Issue #346) * mDNS hostname in device uri is not resolved when installaling a permanent IPP Everywhere queue (Issues #340, #343) * The `lpstat` command now reports when the scheduler is not running (Issue #352) * Updated the man pages concerning the `-h` option (Issue #357) * Re-added LibreSSL/OpenSSL support (Issue #362) * Updated the Solaris smf service file (Issue #368) * Fixed a regression in lpoptions option support (Issue #370) * The scheduler now regenerates the PPD cache information after changing the \"cupsd.conf\" file (Issue #371) * Updated the scheduler to set \"auth-info-required\" to \"username,password\" if a backend reports it needs authentication info but doesn\'t set a method for authentication (Issue #373) * Updated the configure script to look for the OpenSSL library the old way if pkg-config is not available (Issue #375) * Fixed the prototype for the `httpWriteResponse` function (Issue #380) * Brought back minimal AIX support (Issue #389) * `cupsGetResponse` did not always set the last error. * Fixed a number of old references to the Apple CUPS web page. * Restored the default/generic printer icon file for the web interface. * Removed old stylesheet classes that are no longer used by the web interface.- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2 * Mon Apr 04 2022 jsmeixAATTsuse.de- Have cups.pc in %{_libdir} to avoid a conflict that cups-devel and cups-devel-32bit would both contain /usr/lib/pkgconfig/cups.pc because when cups.pc is arch dependent it has to be in %{_libdir} which it is because it contains \'libdir=/usr/lib64\' on x86_64 (if it was arch independent it would have to be in %{_datadir}) cf. https://build.opensuse.org/request/show/965680 * Fri Mar 04 2022 jsmeixAATTsuse.de- Improved comments in spec file and in changes file- Have cups.keyring in ASCII armored format- Do not error out when \'make test\' fails in the \'check\' section because https://github.com/OpenPrinting/cups/issues/155 is not yet actually fixed so currently the testsuite still sometimes fails * Tue Mar 01 2022 Aurelien Joga - Version upgrade to 2.4.1: See https://github.com/openprinting/cups/releases CUPS 2.4.1 is the first bug fix release from 2.4.x series. Among the other bug fixes it fixes sharing default color mode to clients and several memory leaks. * The default color mode now is now configurable and defaults to the printer\'s reported default mode (Issue #277) * Configuration script now checks linking for -Wl,-pie flags (Issue #303) * Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322) * Fixed missing bracket in de/index.html (Issue #299) * Fixed typos in configuration scripts (Issues #304, #316) * Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323) * Removed deprecated directives from cupsctl and cups-files.conf (Issue #300) * Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)- Version upgrade to 2.4.0: CUPS 2.4.0 is the latest stable OpenPrinting CUPS release. Among the changes from beta and release candidate the stable release adds two new configuration options for optimizing cupsd setup on servers and several other changes. * Added configure option --with-idle-exit-timeout (Issue #294) * Added --with-systemd-timeoutstartsec configure option (Issue #298) * DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287) * Fixed compilation on Solaris (Issue #293) * Fixed and improved German translations (Issue #296, Issue #297)- Version upgrade to 2.4rc1: CUPS 2.4rc1 is a release candidate for OpenPrinting CUPS 2.4.0, which adds two enhancements before the stable release. * Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286) * Compilation now uses -fstack-protector-strong if available (Issue #285)- Version upgrade to 2.4b1: CUPS 2.4b1 is the beta release for OpenPrinting CUPS 2.4 which contains several new features such as basic OAuth support, support for AirPrint and Mopria clients and support for running CUPS as a snap, several deprecations (Kerberos, cups-config), removals of old deprecated directives, and many bug fixes. * Added support for CUPS running in a Snapcraft snap. * Added basic OAuth 2.0 client support (Issue #100) * Added support for AirPrint and Mopria clients (Issue #105) * Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144) * Added several features and improvements to ipptool (Issue #153) * Added a JSON output mode for ipptool. * The ipptool command now correctly reports an error when a test file cannot be found. * CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274) * Fixed Kerberos authentication for the web interface (Issue #19) * The ZPL sample driver now supports more \"standard\" label sizes (Issue #70) * Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71) * Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72) * The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74) * The testlang unit test program now loops over all of the available locales by default (Issue #85) * The cupsfilter command now shows error messages when options are used incorrectly (Issue #88) * The PPD functions now treat boolean values as case-insensitive (Issue #106) * Temporary queue names no longer end with an underscore (Issue #110) * The USB backend now runs as root (Issue #121) * Added pkg-config file for libcups (Issue #122) * Fixed a PPD memory leak caused by emulator definitions (Issue #124) * Fixed a DISPLAY bug in ipptool (Issue #139) * The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154) * Added support for locales using the GB18030 character set (Issue #159) * httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907) * httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915) * The IPP backend now retries Validate-Job requests (Issue #132) * Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148) * Added dark mode support to the CUPS web interface (Issue #152) * Added a workaround for Solaris in httpAddrConnect2 (Issue #156) * Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158) * Now use a 60 second timeout for reading USB backchannel data (Issue #160) * The USB backend now tries harder to find a serial number (Issue #170) * Fixed AATTIF(name) handling in cupsd.conf (Apple #5918) * Fixed documentation and added examples for CUPS\' limited CGI support (Apple #5940) * Fixed the lpc command prompt (Apple #5946) * Now always pass \"localhost\" in the Host: header when talking over a domain socket or the loopback interface (Issue #185) * Fixed a job history update issue in the scheduler (Issue #187) * Fixed job-pages-per-set value for duplex print jobs. * Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195) * Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196) * The scheduler now supports the \"everywhere\" model directly (Issue #201) * Fixed some IPP Everywhere option mapping problems (Issue #238) * Fixed support for \"job-hold-until\" with the Restart-Job operation (Issue #250) * Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262) * Fixed support for the \'offline-report\' state for all USB backends (Issue #264) * Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184) * Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164) * USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867) * Web interface updates (Issue #142, Issue #218) * The ippeveprinter tool now automatically uses an available port. * Fixed several Windows TLS and hashing issues. * Deprecated cups-config (Issue #97) * Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98) * Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf. * Stubbed out deprecated httpMD5 functions. * Add test for undefined page ranges during printing.- downgrade-autoconf-requirement.patch downgrades the autoconf requirement to what is currently available in openSUSE- fix-negotiate-authentication-between-CGIs-and-scheduler.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/3ff789ee90b18205c735e42e599eb3ee3043e88a https://github.com/OpenPrinting/cups/pull/19 https://github.com/apple/cups/pull/5847 https://github.com/apple/cups/issues/5596- upstream_pull_174.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/43edb9df51b977d92929b084186dcd67d4f5ca44 https://github.com/OpenPrinting/cups/pull/174 https://github.com/OpenPrinting/cups/issues/72- patch cups-2.1.0-cups-systemd-socket.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c- Updated upstream source tarball signing key in cups.keyring, see https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579- Re-enabled the CUPS upstream testsuite via \'make test\' and removed \'make check\' because since the upstream commit https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6 the two Makefile targets \'test\' and \'check\' are identical.- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes * Tue Feb 01 2022 jsmeixAATTsuse.de- Enhanced harden_cups.service.patch by adding ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups (boo#1195288) * Fri Oct 15 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400), see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort Added patch: harden_cups.service.patch * Mon Jun 07 2021 jsmeixAATTsuse.de- Provide /usr/share/cups/ppdc/ in the \"cups\" main package to avoid that \"lpinfo -m\" results in /var/log/cups/error_log things like \"ppdc: Unable to find include file font.defs\" or \"ppdc: Unable to find include file hp.h\" and then \"Bad driver information file /usr/share/cups/drv/sample.drv\" (bsc#1186843) * Mon May 03 2021 jsmeixAATTsuse.de- When cupsd creates directories with specific owner group and permissions (usually owner is \'root\' and group matches \"configure --with-cups-group=lp\") specify same owner group and permissions in the RPM spec file to ensure those directories are installed by RPM with the right settings because if those directories were installed by RPM with different settings then cupsd would use them as is and not adjust its specific owner group and permissions which could lead to privilege escalation from \'lp\' user to \'root\' via symlink attacks e.g. if owner is falsely \'lp\' instead of \'root\' CVE-2021-25317 (bsc#1184161) * Tue Apr 20 2021 jsmeixAATTsuse.de- upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 \"Use 60s timeout for read_thread, revert read limits\" to fix printing with older USB printers- New upstream URL https://openprinting.github.io/cups * Tue Apr 06 2021 jsmeixAATTsuse.de- Disable testsuite for now via \"bcond_with testsuite\" until https://github.com/OpenPrinting/cups/issues/155 is fixed * Thu Mar 25 2021 Florian - Add \"testsuite\" conditional that disables anything within %check * Fri Mar 19 2021 Samuel Cabrero - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960) * Fri Mar 19 2021 Florian - Upstream changed to https://github.com/OpenPrinting/cups- Added %check section to specfile that executes the old \'make check\' and the new (see 2.3.3op1) \'make test\'- Version upgrade to 2.3.3op2: * Security: Fixed a buffer (read) overflow in the ippReadIO function (CVE-2020-10001) * Clarified the documentation for the \"Listen\" directive * Fixed duplicate ColorModel entries for AirPrint printers * Fixed directory/permission defaults for Debian kfreebsd-based systems * Fixed crash bug in ppdOpen * Fixed regression in snprintf emulation function * The scheduler\'s systemd service file now waits for the nslcd service to start * The libusb-based USB backend now uses a simpler read timer implementation to avoid a regression in a previous change * The PPD caching code now only tracks the APPrinterIconPath value on macOS * Fixed segfault in help.cgi when searching in man pages * Root certificates were incorrectly stored in \"~/.cups/ssl\". * Version upgrade to 2.3.3op1: * The automated test suite can now be activated using make test for consistency with other projects and CI environments - the old make check continues to work as well, and the previous test server behavior can be accessed by running make testserver. * ippeveprinter now supports multiple icons and strings files. * ippeveprinter now uses the system\'s FQDN with Avahi. * ippeveprinter now supports Get-Printer-Attributes on \"/\". * ippeveprinter now uses a deterministic \"printer-uuid\" value. * ippeveprinter now uses system sounds on macOS for Identify-Printer. * Updated ippfind to look for files in \"~/Desktop\" on Windows. * Updated ippfind to honor SKIP-XXX directives with PAUSE. * Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale * ipptool now supports DNS-SD URIs like ipps://My%20Printer._ipps._tcp.local * The scheduler now allows root backends to have world read permissions but not world execute permissions * Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host * The SNMP backend now supports the HP and Ricoh vendor MIBs * The scheduler no longer includes a timestamp in files it writes * The systemd service names are now \"cups.service\" and \"cups-lpd.service\" * The scheduler no longer adds the local hostname to the ServerAlias list * Added LogFileGroup directive in \"cups-files.conf\" to control the group owner of log files * Added --with-max-log-size configure option * Added --enable-sync-on-close configure option * Added --with-error-policy configure option * IPP Everywhere PPDs could have an \"unknown\" default InputSlot * The httpAddrListen function now uses a listen backlog of 128. * Added USB quirks * Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. * Fixed DNS-SD name collision support in ippeveprinter. * Fixed compiler and code analyzer warnings. * Fixed TLS support on Windows. * Fixed ippfind sub-type searches with Avahi. * Fixed the default hostname used by ippeveprinter on macOS. * Fixed resolution of local IPP-USB printers with Avahi. * Fixed coverity issues * Fixed httpAddrConnect issues * Fixed web interface device URI issue * Fixed lp/lpr \"printer/class not found\" error reporting * Fixed xinetd support for LPD clients * Fixed libtool build issue * Fixed a memory leak in the scheduler * Fixed a potential integer overflow in the PPD hashing code * Fixed output-bin and print-quality handling issues * Fixed PPD options getting mapped to odd IPP values like \"tray---4\" * Fixed remote access to the cupsd.conf and log files * Fixed the automated test suite when running in certain build/CI environments * Fixed a logging regression caused by a previous change for Apple issue #5604 * Fixed fax phone number handling with GNOME * Fixed potential rounding error in rastertopwg filter * Fixed the \"uri-security-supported\" value from the scheduler * Fixed IPP backend crash bug with \"printer-alert\" values * Removed old Solaris inetconv(1m) reference in cups-lpd man page * Fixed default options that incorrectly use the \"custom\" prefix * Fixed a memory leak when resolving DNS-SD URIs * Fixed systemd status reporting by adopting the notify interface * Fixed crash in rastertopwg * Fixed cupsManualCopies values in IPP Everywhere PPDs- Removed let-cupsd-start-after-network.patch as it is no longer required- Removed CVE-2020-10001.patch as a fix as been merged upstream- Removed section of specfile responsible for renaming \"org.cups.cups *\" systemd files to cups *, due to upstream renaming these files * Thu Mar 18 2021 olafAATTaepfle.de- Remove code comments from expanded scriptlets to reduce size cf. https://build.opensuse.org/request/show/879976 * Tue Feb 02 2021 jsmeixAATTsuse.de- CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) access to uninitialized buffer in ipp.c * Wed Oct 14 2020 Michael Gorse - Version upgrade to 2.3.3: * CVE-2020-3898: The \'ppdOpen\' function did not handle invalid UI constraint. \'ppdcSource::get_resolution\' function did not handle invalid resolution strings. * CVE-2019-8842: The \'ippReadIO\' function may under-read an extension field. * Fixed WARNING_OPTIONS support for GCC 9.x Changes in CUPS 2.3.2: Localization updates Changes in CUPS 2.3.1: * CVE-2019-2228: The \'ippSetValuetag\' function did not validate the default language value. * Fixed a crash bug in the web interface. * The PPD cache code now looks up page sizes using their dimensions. * PPD files containing \"custom\" option keywords did not work. * Added a workaround for the scheduler\'s systemd support. * Added a DigestOptions directive for the \'client.conf\' file to control whether MD5-based Digest authentication is allowed. * Fixed a bug in the handling of printer resource files. * The libusb-based USB backend now reports an error when the distribution permissions are wrong. * Added paint can labels to Dymo driver. * The \'ippeveprinter\' program now supports authentication. * The \'ippeveprinter\' program now advertises DNS-SD services on the correct interfaces, and provides a way to turn them off. * The \'--with-dbusdir\' option was ignored by the configure script. * Sandboxed applications were not able to get the default printer. * Log file access controls were not preserved by \'cupsctl\'. * Default printers set with \'lpoptions\' did not work in all cases. * Fixed an error in the jobs web interface template. * Fixed an off-by-one error in \'ippEnumString\'. * Fixed some new compiler warnings. * Fixed a few issues with the Apple Raster support. * The IPP backend did not detect all cases where a job should be retried using a raster format. * Fixed spelling of \"fold-accordion\". * Fixed the default common name for TLS certificates used by \'ippeveprinter\'. * Fixed the option names used for IPP Everywhere finishing options. * Added support for the second roll of the DYMO Twin/DUO label printers. Changes in CUPS v2.3.0: * CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows. * Added a GPL2/LGPL2 exception to the new CUPS license terms. * Fixed a bug in the scheduler job cleanup code. * Fixed builds when there is no TLS library. * \"make\" failed with GZIP options. * Fixed potential excess logging from the scheduler when removing job files. * Fixed a NULL pointer dereference bug in \'httpGetSubField2\'. * Added FIPS-140 workarounds for GNU TLS. * The scheduler no longer provides a default value for the description. * The scheduler now logs jobs held for authentication using the error level so it is clear what happened. * The \'lpadmin\' command did not always update the PPD file for changes to the \'cupsIPPSupplies\' and \'cupsSNMPSupplies\' keywords. * The scheduler now uses both the group\'s membership list as well as the various OS-specific membership functions to determine whether a user belongs to a named group. * Added USB quirks rule for HP LaserJet 1015. * Fixed some PPD parser issues. * The IPP parser no longer allows invalid member attributes in collections. * The configure script now treats the \"wheel\" group as a potential system group. * Fixed IPP buffer overflow. * Fixed memory disclosure issue in the scheduler. * Fixed DoS issues in the scheduler. * Fixed an issue with unsupported \"sides\" values in the IPP backend. * The scheduler would restart continuously when idle and printers were not shared. * Fixed an issue with \'EXPECT !name WITH-VALUE ...\' tests. * Fixed a command ordering issue in the Zebra ZPL driver. * Fixed a memory leak in \'ppdOpen\'. Changes in CUPS v2.3rc1: * The \'cups-config\' script no longer adds extra libraries when linking against shared libraries. * The supplied example print documents have been optimized for size. * The \'cupsctl\' command now prevents setting \"cups-files.conf\" directives. * The \"forbidden\" message in the web interface is now explained. * The footer in the web interface covered some content on small displays. * The libusb-based USB backend now enforces read limits, improving print speed in many cases. * The \'ippeveprinter\' command now looks for print commands in the \"command\" subdirectory. * The \'ipptool\' command now supports \'$date-current\' and \'$date-start\' variables to insert the current and starting date and time values, as well as ISO-8601 relative time values such as \"PT30S\" for 30 seconds in the future. Changes in CUPS v2.3b8 * Media size matching now uses a tolerance of 0.5mm. * The lpadmin command would hang with a bad PPD file. * Fixed a potential crash bug in cups-driverd. * Fixed a performance regression with large PPDs. * Fixed a memory reallocation bug in HTTP header value expansion. * Timed out job submission now yields an error. * Restored minimal support for the \'Emulators\' keyword in PPD files to allow old Samsung printer drivers to continue to work. * The scheduler did not encode octetString values like \"job-password\" correctly for the print filters. * The \'cupsCheckDestSupported\' function did not check octetString values correctly. * Added support for \'UserAgentTokens\' directive in \"client.conf\". * Updated the systemd service file for cupsd. * The \'ippValidateAttribute\' function did not catch all instances of invalid UTF-8 strings. * Fixed an issue with the self-signed certificates generated by GNU TLS. * Fixed a potential memory leak when reading at the end of a file. * Fixed potential unaligned accesses in the string pool. * Fixed a potential memory leak when loading a PPD file. * Added a USB quirks rule for the Lexmark E120n. * Updated the USB quirks rule for Zebra label printers. * The lpadmin command, web interface, and scheduler all queried an IPP Everywhere printer differently, resulting in different PPDs for the same printer. * The web interface no longer provides access to the log files. * Non-Kerberized printing to Windows via IPP was broken. * The scheduler no longer stops a printer if an error occurs when a job is canceled or aborted. * Added a USB quirks rule for the DYMO 450 Turbo. * Added a USB quirks rule for Xerox printers. * The scheduler\'s self-signed certificate did not include all of the alternate names for the server when using GNU TLS. * Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs. * Fixed \'PreserveJobHistory\' bug with time values. * The scheduler no longer advertises the HTTP methods it supports. * The scheduler did not always idle exit as quickly as it could. * Added a new \'ippeveprinter\' command based on the old ippserver sample code. Changes in CUPS v2.3b7 * Running ppdmerge with the same input and output filenames did not work as advertised. * Rebase let-cupsd-start-after-network.patch and cups-config-libs.patch. * Drop issue5509-fix-utf-8-validation-issue.patch and issue5453.patch: fixed upstream. * Thu Jun 25 2020 Ludwig Nussel - make cups-devel pull in cups-rpm-helper to fix printer driver provides (boo#1172407) * Fri Jun 05 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec
|
|
|