SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cups-devel-32bit-2.4.11-2024gos20.313.1.x86_64.rpm :

* Mon Sep 30 2024 Johannes Meixner - Version upgrade to 2.4.11: See https://github.com/openprinting/cups/releases CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support (checkbox support, modifying printers) and others fixes. Detailed list (from CHANGES.md):
* Updated the maximum file descriptor limit for `cupsd` to 64k-1 (Issue #989)
* Fixed `lpoptions -d` with a discovered but not added printer (Issue #833)
* Fixed incorrect error message for HTTP/IPP errors (Issue #893)
* Fixed JobPrivateAccess and SubscriptionPrivateAccess support for \"all\" (Issue #990)
* Fixed issues with cupsGetDestMediaByXxx (Issue #993)
* Fixed adding and modifying of printers via the web interface (Issue #998)
* Fixed HTTP PeerCred authentication for domain users (Issue #1001)
* Fixed checkbox support (Issue #1008)
* Fixed printer state notifications (Issue #1013)
* Fixed IPP Everywhere printer setup (Issue #1033) Issues are those at https://github.com/OpenPrinting/cups/issues In particular CUPS 2.4.11 contains those commit regarding IPP response validation and processing PPD values:
* \"Quote PPD localized strings\" https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd plus a cleanup to \"Fix warnings for unused vars\" https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.11- avoid_C99_mode_for_loop_initial_declarations.patch is no longer needed because the issue is fixed upstream.
* Mon Jul 08 2024 Johannes Meixner - Replaced avoid_C99_mode_for_loop_initial_declarations.patch which is now the upstream fix https://github.com/OpenPrinting/cups/commit/a2b8872ea95564e065e3a08e2aa12a15515bc993 see https://github.com/OpenPrinting/cups/issues/1000 and https://github.com/OpenPrinting/cups/pull/1004
* Tue Jul 02 2024 Johannes Meixner - Version upgrade to 2.4.10: See https://github.com/openprinting/cups/releases CUPS 2.4.10 brings two fixes:
* Fixed error handling when reading a mixed 1setOf attribute.
* Fixed scheduler start if there is only domain socket to listen on (Issue #985) which is fix for regression after fix for CVE-2024-35235 in scenarios where is no other listeners in cupsd.conf than domain socket created on demand by systemd, launchd or upstart. Issues are those at https://github.com/OpenPrinting/cups/issues- Version upgrade to 2.4.9: See https://github.com/openprinting/cups/releases CUPS 2.4.9 brings security fix for CVE-2024-35235 and several bug fixes regarding CUPS Web User Interface, PPD generation and HTTP protocol implementation. Detailed list (from CHANGES.md):
* Fixed domain socket handling (CVE-2024-35235)
* Fixed creating of `cupsUrfSupported` PPD keyword (Issue #952)
* Fixed searching for destinations in web ui (Issue #954)
* Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI extension.
* Really raised `cups_enum_dests()` timeout for listing available IPP printers (Issue #751)...
* Fixed `Host` header regression (Issue #967)
* Fixed DNS-SD lookups of local services with Avahi (Issue #970)
* Fixed listing jobs in destinations in web ui. (Apple issue #6204)
* Fixed showing search query in web ui help page. (Issue #977) Issues are those at https://github.com/OpenPrinting/cups/issues Apple issues are those at https://github.com/apple/cups/issues- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.10- Removed cups-2.4.8-CVE-2024-35235.patch : fixed upstream see the above CUPS 2.4.9 changes- avoid_C99_mode_for_loop_initial_declarations.patch avoids error \"\'for\' loop initial declarations are only allowed in C99 mode\" that happens when building for SLE12 in scheduler/client.c at \"for (char
*start = ...\" since https://github.com/OpenPrinting/cups/commit/a7eda84da73126e40400e05dd27d57f8c92d5b0d see https://github.com/OpenPrinting/cups/issues/1000
* Tue Jun 11 2024 Johannes Meixner - cups-2.4.8-CVE-2024-35235.patch is derived from the upstream patch against master (CUPS 2.5) to apply to CUPS 2.4.8 in openSUSE Factory to fix CVE-2024-35235 \"cupsd Listen port arbitrary chmod 0140777\" https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f bsc#1225365
* Wed May 29 2024 Dominique Leuenberger - Update to version 2.4.8: See https://github.com/openprinting/cups/releases CUPS 2.4.8 brings many bug fixes which aggregated over the last half a year. It brings the important fix for race conditions and errors which can happen when installing permanent IPP Everywhere printer, support for PAM modules password-auth and system-auth and new option for lpstat which can show only the successful jobs. Detailed list (from CHANGES.md):
* Added warning if the device has to be asked for \'all,media-col-database\' separately (Issue #829)
* Added new value for \'lpstat\' option \'-W\' - successfull - for getting successfully printed jobs (Issue #830)
* Added support for PAM modules password-auth and system-auth (Issue #892)
* Updated IPP Everywhere printer creation error reporting (Issue #347)
* Updated and documented the MIME typing buffering limit (Issue #925)
* Raised \'cups_enum_dests()\' timeout for listing available IPP printers (Issue #751)
* Now report an error for temporary printer defaults with lpadmin (Issue #237)
* Fixed mapping of PPD InputSlot, MediaType, and OutputBin values (Issue #238)
* Fixed \"document-unprintable-error\" handling (Issue #391)
* Fixed the web interface not showing an error for a non-existent printer (Issue #423)
* Fixed printing of jobs with job name longer than 255 chars on older printers (Issue #644)
* Really backported fix for Issue #742
* Fixed \'cupsCopyDestInfo\' device connection detection (Issue #586)
* Fixed \"Upgrade\" header handling when there is no TLS support (Issue #775)
* Fixed memory leak when unloading a job (Issue #813)
* Fixed memory leak when creating color profiles (Issue #815)
* Fixed a punch finishing bug in the IPP Everywhere support (Issue #821)
* Fixed crash in \'scan_ps()\' if incoming argument is NULL (Issue #831)
* Fixed setting job state reasons for successful jobs (Issue #832)
* Fixed infinite loop in IPP backend if hostname is IP address with Kerberos (Issue #838)
* Added additional check on socket if \'revents\' from \'poll()\' returns POLLHUP together with POLLIN or POLLOUT in \'httpAddrConnect2()\' (Issue #839)
* Fixed crash in \'ppdEmitString()\' if \'size\' is NULL (Issue #850)
* Fixed reporting \'media-source-supported\' when sharing printer which has numbers as strings instead of keywords as \'InputSlot\' values (Issue #859)
* Fixed IPP backend to support the \"print-scaling\" option with IPP printers (Issue #862)
* Fixed potential race condition for the creation of temporary queues (Issue #871)
* Fixed \'httpGets\' timeout handling (Issue #879)
* Fixed checking for required attributes during PPD generation (Issue #890)
* Fixed encoding of IPv6 addresses in HTTP requests (Issue #903)
* Fixed sending response headers to client (Issue #927)
* Fixed CGI program initialization and validation of form checkbox and text fields. Issues are those at https://github.com/OpenPrinting/cups/issues- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.8
* Mon Feb 26 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Fri Feb 02 2024 Johannes Meixner - Removed outdated ntadmin stuff from cups.spec (boo#1219503)
* Wed Jan 24 2024 Johannes Meixner - Version upgrade to 2.4.7: See https://github.com/openprinting/cups/releases CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 and several other changes, among them it is adding OpenSSL support for cupsHashData function and bug fixes. Detailed list:
* CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files
* Added OpenSSL support for cupsHashData (Issue #762)
* Fixed delays in lpd backend (Issue #741)
* Fixed extensive logging in scheduler (Issue #604)
* Fixed hanging of lpstat on IBM AIX (Issue #773)
* Fixed hanging of lpstat on Solaris (Issue #156)
* Fixed printing to stderr if we can\'t open cups-files.conf (Issue #777)
* Fixed purging job files via cancel -x (Issue #742)
* Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743)
* Fixed a bug in the PPD command interpretation code (Issue #768) Issues are those at https://github.com/OpenPrinting/cups/issues- Version upgrade to 2.4.6: See https://github.com/openprinting/cups/releases CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 and two other bug fixes. Detailed list:
* Fix linking error on old MacOS (Issue #715)
* Fix printing multiple files on specific printers (Issue #643)
* Fix use-after-free when logging warnings in case of failures in cupsdAcceptClient() (fixes CVE-2023-34241) Issues are those at https://github.com/OpenPrinting/cups/issues- Version upgrade to 2.4.5: See https://github.com/openprinting/cups/releases CUPS 2.4.5 is a hotfix release for a bug which corrupted locally saved certificates, which broke secured printing via TLS after the first print job.- Version upgrade to 2.4.4: See https://github.com/openprinting/cups/releases CUPS 2.4.4 release is created as a hotfix for segfault in cupsGetNamedDest(), when caller tries to find the default destination and the default destination is not set on the machine.- Version upgrade to 2.4.3: See https://github.com/openprinting/cups/releases CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements and many bug fixes. CUPS now implements fallback for printers with broken firmware, which is not capable of answering to IPP request get-printer-attributes with all, media-col-database - this enables driverless support for bunch of printers which don\'t follow IPP Everywhere standard. Aside from the CVE fix the most important fixes are around color settings, printer application support fixes and OpenSSL support. Detailed list of changes:
* Added a title with device uri for found network printers (Issues #402, #393)
* Added new media sizes defined by IANA (Issues #501)
* Added quirk for GoDEX label printers (Issue #440)
* Fixed --enable-libtool-unsupported (Issue #394)
* Fixed configuration on RISC-V machines (Issue #404)
* Fixed the device_uri invalid pointer for driverless printers with .local hostname (Issue #419)
* Fixed an OpenSSL crash bug (Issue #409)
* Fixed a potential SNMP OID value overflow issue (Issue #431)
* Fixed an OpenSSL certificate loading issue (Issue #465)
* Fixed Brazilian Portuguese translations (Issue #288)
* Fixed cupsd default keychain location when building with OpenSSL (Issue #529)
* Fixed default color settings for CMYK printers as well (Issue #500)
* Fixed duplicate PPD2IPP media-type names (Issue #688)
* Fixed possible heap buffer overflow in _cups_strlcpy() (fixes CVE-2023-32324)
* Fixed InputSlot heuristic for photo sizes smaller than 5x7\" if there is no media-source in the request (Issue #569)
* Fixed invalid memory access during generating IPP Everywhere queue (Issue #466)
* Fixed lprm if no destination is provided (Issue #457)
* Fixed memory leaks in create_local_bg_thread() (Issue #466)
* Fixed media size tolerance in ippeveprinter (Issue #487)
* Fixed passing command name without path into ippeveprinter (Issue #629)
* Fixed saving strings file path in printers.conf (Issue #710)
* Fixed TLS certificate generation bugs (Issue #652)
* ippDeleteValues would not delete the last value (Issue #556)
* Ignore some of IPP defaults if the application sends its PPD alternative (Issue #484)
* Make Letter the default size in ippevepcl (Issue #543)
* Now accessing Admin page in Web UI requires authentication (Issue #518)
* Now look for default printer on network if needed (Issue #452)
* Now we poll media-col-database separately if we fail at first (Issue #599)
* Now report fax attributes and values as needed (Issue #459)
* Now localize HTTP responses using the Content-Language value (Issue #426)
* Raised file size limit for importing PPD via Web UI (Issue #433)
* Raised maximum listen backlog size to INT MAX (Issue #626)
* Update print-color-mode if the printer is modified via ColorModel PPD option (Issue #451)
* Use localhost when printing via printer application (Issue #353)
* Write defaults into /etc/cups/lpoptions if we\'re root (Issue #456) Issues are those at https://github.com/OpenPrinting/cups/issues- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.7- Removed cups-2.4.2-CVE-2023-4504.patch : fixed upstream see the above CUPS 2.4.7 changes- Removed cups-2.4.2-CVE-2023-32360.patch : fixed upstream via https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913- Removed cups-2.4.2-CVE-2023-34241.patch : fixed upstream see the above CUPS 2.4.6 changes- Removed cups-2.4.2-CVE-2023-32324.patch : fixed upstream see the above CUPS 2.4.3 changes
* Wed Sep 20 2023 Johannes Meixner - cups-2.4.2-CVE-2023-4504.patch fixes CVE-2023-4504 \"CUPS PostScript Parsing Heap Overflow\" https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h bsc#1215204
* Wed Sep 20 2023 Johannes Meixner - cups-2.4.2-CVE-2023-32360.patch fixes CVE-2023-32360 \"Information leak through Cups-Get-Document operation\" by requiring authentication for CUPS-Get-Document in cupsd.conf https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g bsc#1214254- cups-2.4.2-additional_policies.patch is an updated version of cups-2.0.3-additional_policies.patch that replaces it to add the \'allowallforanybody\' policy to cupsd.conf after cups-2.4.2-CVE-2023-32360.patch was applied
* Thu Jun 22 2023 Johannes Meixner - cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241 \"use-after-free in cupsdAcceptClient()\" https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 bsc#1212230
* Thu Jun 01 2023 Johannes Meixner - cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324 \"Heap buffer overflow in cupsd\" https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 bsc#1211643
* Mon Dec 12 2022 Callum Farmer - Use %_pam_vendordir
* Sat Dec 10 2022 Callum Farmer - Remove invalid %config directive on %_distconfdir/pam.d/cups
* Fri Dec 09 2022 Stefan Schubert - Migration PAM settings to /usr/etc: Fixed posttrans. Should only be used for TW.
* Thu Dec 08 2022 Stefan Schubert - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Sat Jul 09 2022 Callum Farmer - Move the dbus-1 system.d file to /usr (bsc#1201346)
* Mon May 30 2022 jsmeixAATTsuse.de- Version upgrade to 2.4.2: See https://github.com/openprinting/cups/releases CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474) together with LibreSSL/OpenSSL and minimal AIX support.
* Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
* The `cupsFileOpen` function no longer opens files for append in read-write mode (Issue #291)
* The cupsd daemon removed processing temporary queue (Issue #364)
* Fixed delay in IPP backend if GNUTLS is used and endpoint doesn\'t confirm closing the connection (Issue #365)
* Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
* Fixed CSS related issues in CUPS Web UI (Issue #344)
* Fixed copyright in CUPS Web UI trailer template (Issue #346)
* mDNS hostname in device uri is not resolved when installaling a permanent IPP Everywhere queue (Issues #340, #343)
* The `lpstat` command now reports when the scheduler is not running (Issue #352)
* Updated the man pages concerning the `-h` option (Issue #357)
* Re-added LibreSSL/OpenSSL support (Issue #362)
* Updated the Solaris smf service file (Issue #368)
* Fixed a regression in lpoptions option support (Issue #370)
* The scheduler now regenerates the PPD cache information after changing the \"cupsd.conf\" file (Issue #371)
* Updated the scheduler to set \"auth-info-required\" to \"username,password\" if a backend reports it needs authentication info but doesn\'t set a method for authentication (Issue #373)
* Updated the configure script to look for the OpenSSL library the old way if pkg-config is not available (Issue #375)
* Fixed the prototype for the `httpWriteResponse` function (Issue #380)
* Brought back minimal AIX support (Issue #389)
* `cupsGetResponse` did not always set the last error.
* Fixed a number of old references to the Apple CUPS web page.
* Restored the default/generic printer icon file for the web interface.
* Removed old stylesheet classes that are no longer used by the web interface.- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2
* Mon Apr 04 2022 jsmeixAATTsuse.de- Have cups.pc in %{_libdir} to avoid a conflict that cups-devel and cups-devel-32bit would both contain /usr/lib/pkgconfig/cups.pc because when cups.pc is arch dependent it has to be in %{_libdir} which it is because it contains \'libdir=/usr/lib64\' on x86_64 (if it was arch independent it would have to be in %{_datadir}) cf. https://build.opensuse.org/request/show/965680
* Fri Mar 04 2022 jsmeixAATTsuse.de- Improved comments in spec file and in changes file- Have cups.keyring in ASCII armored format- Do not error out when \'make test\' fails in the \'check\' section because https://github.com/OpenPrinting/cups/issues/155 is not yet actually fixed so currently the testsuite still sometimes fails
* Tue Mar 01 2022 Aurelien Joga - Version upgrade to 2.4.1: See https://github.com/openprinting/cups/releases CUPS 2.4.1 is the first bug fix release from 2.4.x series. Among the other bug fixes it fixes sharing default color mode to clients and several memory leaks.
* The default color mode now is now configurable and defaults to the printer\'s reported default mode (Issue #277)
* Configuration script now checks linking for -Wl,-pie flags (Issue #303)
* Fixed memory leaks - in testi18n (Issue #313), in cups_enum_dests() (Issue #317), in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
* Fixed missing bracket in de/index.html (Issue #299)
* Fixed typos in configuration scripts (Issues #304, #316)
* Removed remaining legacy code for RIP_MAX_CACHE environment variable (Issue #323)
* Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
* Removed purge-jobs legacy code from CGI scripts and templates (Issue #325)- Version upgrade to 2.4.0: CUPS 2.4.0 is the latest stable OpenPrinting CUPS release. Among the changes from beta and release candidate the stable release adds two new configuration options for optimizing cupsd setup on servers and several other changes.
* Added configure option --with-idle-exit-timeout (Issue #294)
* Added --with-systemd-timeoutstartsec configure option (Issue #298)
* DigestOptions now are applied for MD5 Digest authentication defined by RFC 2069 as well (Issue #287)
* Fixed compilation on Solaris (Issue #293)
* Fixed and improved German translations (Issue #296, Issue #297)- Version upgrade to 2.4rc1: CUPS 2.4rc1 is a release candidate for OpenPrinting CUPS 2.4.0, which adds two enhancements before the stable release.
* Added warning and debug messages when loading printers if the queue is raw or with driver (Issue #286)
* Compilation now uses -fstack-protector-strong if available (Issue #285)- Version upgrade to 2.4b1: CUPS 2.4b1 is the beta release for OpenPrinting CUPS 2.4 which contains several new features such as basic OAuth support, support for AirPrint and Mopria clients and support for running CUPS as a snap, several deprecations (Kerberos, cups-config), removals of old deprecated directives, and many bug fixes.
* Added support for CUPS running in a Snapcraft snap.
* Added basic OAuth 2.0 client support (Issue #100)
* Added support for AirPrint and Mopria clients (Issue #105)
* Added configure support for specifying systemd dependencies in the CUPS service file (Issue #144)
* Added several features and improvements to ipptool (Issue #153)
* Added a JSON output mode for ipptool.
* The ipptool command now correctly reports an error when a test file cannot be found.
* CUPS library now uses thread safe getpwnam_r and getpwuid_r functions (Issue #274)
* Fixed Kerberos authentication for the web interface (Issue #19)
* The ZPL sample driver now supports more \"standard\" label sizes (Issue #70)
* Fixed reporting of printer instances when enumerating and when no options are set for the main instance (Issue #71)
* Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
* The IPP backend did not return the correct status code when a job was canceled at the printer/server (Issue #74)
* The testlang unit test program now loops over all of the available locales by default (Issue #85)
* The cupsfilter command now shows error messages when options are used incorrectly (Issue #88)
* The PPD functions now treat boolean values as case-insensitive (Issue #106)
* Temporary queue names no longer end with an underscore (Issue #110)
* The USB backend now runs as root (Issue #121)
* Added pkg-config file for libcups (Issue #122)
* Fixed a PPD memory leak caused by emulator definitions (Issue #124)
* Fixed a DISPLAY bug in ipptool (Issue #139)
* The scheduler now includes the [Job N] prefix for job log messages, even when using syslog logging (Issue #154)
* Added support for locales using the GB18030 character set (Issue #159)
* httpReconnect2 did not reset the socket file descriptor when the TLS negotiation failed (Apple #5907)
* httpUpdate did not reset the socket file descriptor when the TLS negotiation failed (Apple #5915)
* The IPP backend now retries Validate-Job requests (Issue #132)
* Now show better error messages when a driver interface program fails to provide a PPD file (Issue #148)
* Added dark mode support to the CUPS web interface (Issue #152)
* Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
* Fixed an interaction between --remote-admin and --remote-any for the cupsctl command (Issue #158)
* Now use a 60 second timeout for reading USB backchannel data (Issue #160)
* The USB backend now tries harder to find a serial number (Issue #170)
* Fixed AATTIF(name) handling in cupsd.conf (Apple #5918)
* Fixed documentation and added examples for CUPS\' limited CGI support (Apple #5940)
* Fixed the lpc command prompt (Apple #5946)
* Now always pass \"localhost\" in the Host: header when talking over a domain socket or the loopback interface (Issue #185)
* Fixed a job history update issue in the scheduler (Issue #187)
* Fixed job-pages-per-set value for duplex print jobs.
* Fixed an edge case in ippReadIO to make sure that only complete attributes and values are retained on an error (Issue #195)
* Hardened ippReadIO to prevent invalid IPP messages from being propagated (Issue #195, Issue #196)
* The scheduler now supports the \"everywhere\" model directly (Issue #201)
* Fixed some IPP Everywhere option mapping problems (Issue #238)
* Fixed support for \"job-hold-until\" with the Restart-Job operation (Issue #250)
* Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
* Fixed support for the \'offline-report\' state for all USB backends (Issue #264)
* Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
* Localization updates (Issue #123, Issue #129, Issue #134, Issue #146, Issue #164)
* USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838, Apple #5843, Apple #5867)
* Web interface updates (Issue #142, Issue #218)
* The ippeveprinter tool now automatically uses an available port.
* Fixed several Windows TLS and hashing issues.
* Deprecated cups-config (Issue #97)
* Deprecated Kerberos (AuthType Negotiate) authentication (Issue #98)
* Removed support for the (long deprecated and unused) FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout, RIPCache, and SMBConfigFile directives in cupsd.conf and cups-files.conf.
* Stubbed out deprecated httpMD5 functions.
* Add test for undefined page ranges during printing.- downgrade-autoconf-requirement.patch downgrades the autoconf requirement to what is currently available in openSUSE- fix-negotiate-authentication-between-CGIs-and-scheduler.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/3ff789ee90b18205c735e42e599eb3ee3043e88a https://github.com/OpenPrinting/cups/pull/19 https://github.com/apple/cups/pull/5847 https://github.com/apple/cups/issues/5596- upstream_pull_174.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/43edb9df51b977d92929b084186dcd67d4f5ca44 https://github.com/OpenPrinting/cups/pull/174 https://github.com/OpenPrinting/cups/issues/72- patch cups-2.1.0-cups-systemd-socket.patch is obsolete because it is included in the upstream code, see https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c- Updated upstream source tarball signing key in cups.keyring, see https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579- Re-enabled the CUPS upstream testsuite via \'make test\' and removed \'make check\' because since the upstream commit https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6 the two Makefile targets \'test\' and \'check\' are identical.- Changed cups-2.1.0-cups-systemd-socket.patch to accomodate new coding style- Changed cups-config-libs.orig to accommodate recent code changes (SSL->TLS)- Changed cups-2.1.0-default-webcontent-path.patch to accommodate code changes
* Tue Feb 01 2022 jsmeixAATTsuse.de- Enhanced harden_cups.service.patch by adding ReadWritePaths=/etc/cups because cupsd needs write access in /etc/cups (boo#1195288)
* Fri Oct 15 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400), see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort Added patch: harden_cups.service.patch
* Mon Jun 07 2021 jsmeixAATTsuse.de- Provide /usr/share/cups/ppdc/ in the \"cups\" main package to avoid that \"lpinfo -m\" results in /var/log/cups/error_log things like \"ppdc: Unable to find include file font.defs\" or \"ppdc: Unable to find include file hp.h\" and then \"Bad driver information file /usr/share/cups/drv/sample.drv\" (bsc#1186843)
* Mon May 03 2021 jsmeixAATTsuse.de- When cupsd creates directories with specific owner group and permissions (usually owner is \'root\' and group matches \"configure --with-cups-group=lp\") specify same owner group and permissions in the RPM spec file to ensure those directories are installed by RPM with the right settings because if those directories were installed by RPM with different settings then cupsd would use them as is and not adjust its specific owner group and permissions which could lead to privilege escalation from \'lp\' user to \'root\' via symlink attacks e.g. if owner is falsely \'lp\' instead of \'root\' CVE-2021-25317 (bsc#1184161)
* Tue Apr 20 2021 jsmeixAATTsuse.de- upstream_pull_174.patch is https://github.com/OpenPrinting/cups/pull/174 \"Use 60s timeout for read_thread, revert read limits\" to fix printing with older USB printers- New upstream URL https://openprinting.github.io/cups
* Tue Apr 06 2021 jsmeixAATTsuse.de- Disable testsuite for now via \"bcond_with testsuite\" until https://github.com/OpenPrinting/cups/issues/155 is fixed
* Thu Mar 25 2021 Florian - Add \"testsuite\" conditional that disables anything within %check
* Fri Mar 19 2021 Samuel Cabrero - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960)
* Fri Mar 19 2021 Florian - Upstream changed to https://github.com/OpenPrinting/cups- Added %check section to specfile that executes the old \'make check\' and the new (see 2.3.3op1) \'make test\'- Version upgrade to 2.3.3op2:
* Security: Fixed a buffer (read) overflow in the ippReadIO function (CVE-2020-10001)
* Clarified the documentation for the \"Listen\" directive
* Fixed duplicate ColorModel entries for AirPrint printers
* Fixed directory/permission defaults for Debian kfreebsd-based systems
* Fixed crash bug in ppdOpen
* Fixed regression in snprintf emulation function
* The scheduler\'s systemd service file now waits for the nslcd service to start
* The libusb-based USB backend now uses a simpler read timer implementation to avoid a regression in a previous change
* The PPD caching code now only tracks the APPrinterIconPath value on macOS
* Fixed segfault in help.cgi when searching in man pages
* Root certificates were incorrectly stored in \"~/.cups/ssl\".
* Version upgrade to 2.3.3op1:
* The automated test suite can now be activated using make test for consistency with other projects and CI environments - the old make check continues to work as well, and the previous test server behavior can be accessed by running make testserver.
* ippeveprinter now supports multiple icons and strings files.
* ippeveprinter now uses the system\'s FQDN with Avahi.
* ippeveprinter now supports Get-Printer-Attributes on \"/\".
* ippeveprinter now uses a deterministic \"printer-uuid\" value.
* ippeveprinter now uses system sounds on macOS for Identify-Printer.
* Updated ippfind to look for files in \"~/Desktop\" on Windows.
* Updated ippfind to honor SKIP-XXX directives with PAUSE.
* Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale
* ipptool now supports DNS-SD URIs like ipps://My%20Printer._ipps._tcp.local
* The scheduler now allows root backends to have world read permissions but not world execute permissions
* Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host
* The SNMP backend now supports the HP and Ricoh vendor MIBs
* The scheduler no longer includes a timestamp in files it writes
* The systemd service names are now \"cups.service\" and \"cups-lpd.service\"
* The scheduler no longer adds the local hostname to the ServerAlias list
* Added LogFileGroup directive in \"cups-files.conf\" to control the group owner of log files
* Added --with-max-log-size configure option
* Added --enable-sync-on-close configure option
* Added --with-error-policy configure option
* IPP Everywhere PPDs could have an \"unknown\" default InputSlot
* The httpAddrListen function now uses a listen backlog of 128.
* Added USB quirks
* Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
* Fixed DNS-SD name collision support in ippeveprinter.
* Fixed compiler and code analyzer warnings.
* Fixed TLS support on Windows.
* Fixed ippfind sub-type searches with Avahi.
* Fixed the default hostname used by ippeveprinter on macOS.
* Fixed resolution of local IPP-USB printers with Avahi.
* Fixed coverity issues
* Fixed httpAddrConnect issues
* Fixed web interface device URI issue
* Fixed lp/lpr \"printer/class not found\" error reporting
* Fixed xinetd support for LPD clients
* Fixed libtool build issue
* Fixed a memory leak in the scheduler
* Fixed a potential integer overflow in the PPD hashing code
* Fixed output-bin and print-quality handling issues
* Fixed PPD options getting mapped to odd IPP values like \"tray---4\"
* Fixed remote access to the cupsd.conf and log files
* Fixed the automated test suite when running in certain build/CI environments
* Fixed a logging regression caused by a previous change for Apple issue #5604
* Fixed fax phone number handling with GNOME
* Fixed potential rounding error in rastertopwg filter
* Fixed the \"uri-security-supported\" value from the scheduler
* Fixed IPP backend crash bug with \"printer-alert\" values
* Removed old Solaris inetconv(1m) reference in cups-lpd man page
* Fixed default options that incorrectly use the \"custom\" prefix
* Fixed a memory leak when resolving DNS-SD URIs
* Fixed systemd status reporting by adopting the notify interface
* Fixed crash in rastertopwg
* Fixed cupsManualCopies values in IPP Everywhere PPDs- Removed let-cupsd-start-after-network.patch as it is no longer required- Removed CVE-2020-10001.patch as a fix as been merged upstream- Removed section of specfile responsible for renaming \"org.cups.cups
*\" systemd files to cups
*, due to upstream renaming these files
* Thu Mar 18 2021 olafAATTaepfle.de- Remove code comments from expanded scriptlets to reduce size cf. https://build.opensuse.org/request/show/879976
* Tue Feb 02 2021 jsmeixAATTsuse.de- CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520) access to uninitialized buffer in ipp.c
* Wed Oct 14 2020 Michael Gorse - Version upgrade to 2.3.3:
* CVE-2020-3898: The \'ppdOpen\' function did not handle invalid UI constraint. \'ppdcSource::get_resolution\' function did not handle invalid resolution strings.
* CVE-2019-8842: The \'ippReadIO\' function may under-read an extension field.
* Fixed WARNING_OPTIONS support for GCC 9.x Changes in CUPS 2.3.2: Localization updates Changes in CUPS 2.3.1:
* CVE-2019-2228: The \'ippSetValuetag\' function did not validate the default language value.
* Fixed a crash bug in the web interface.
* The PPD cache code now looks up page sizes using their dimensions.
* PPD files containing \"custom\" option keywords did not work.
* Added a workaround for the scheduler\'s systemd support.
* Added a DigestOptions directive for the \'client.conf\' file to control whether MD5-based Digest authentication is allowed.
* Fixed a bug in the handling of printer resource files.
* The libusb-based USB backend now reports an error when the distribution permissions are wrong.
* Added paint can labels to Dymo driver.
* The \'ippeveprinter\' program now supports authentication.
* The \'ippeveprinter\' program now advertises DNS-SD services on the correct interfaces, and provides a way to turn them off.
* The \'--with-dbusdir\' option was ignored by the configure script.
* Sandboxed applications were not able to get the default printer.
* Log file access controls were not preserved by \'cupsctl\'.
* Default printers set with \'lpoptions\' did not work in all cases.
* Fixed an error in the jobs web interface template.
* Fixed an off-by-one error in \'ippEnumString\'.
* Fixed some new compiler warnings.
* Fixed a few issues with the Apple Raster support.
* The IPP backend did not detect all cases where a job should be retried using a raster format.
* Fixed spelling of \"fold-accordion\".
* Fixed the default common name for TLS certificates used by \'ippeveprinter\'.
* Fixed the option names used for IPP Everywhere finishing options.
* Added support for the second roll of the DYMO Twin/DUO label printers. Changes in CUPS v2.3.0:
* CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
* Added a GPL2/LGPL2 exception to the new CUPS license terms.
* Fixed a bug in the scheduler job cleanup code.
* Fixed builds when there is no TLS library.
* \"make\" failed with GZIP options.
* Fixed potential excess logging from the scheduler when removing job files.
* Fixed a NULL pointer dereference bug in \'httpGetSubField2\'.
* Added FIPS-140 workarounds for GNU TLS.
* The scheduler no longer provides a default value for the description.
* The scheduler now logs jobs held for authentication using the error level so it is clear what happened.
* The \'lpadmin\' command did not always update the PPD file for changes to the \'cupsIPPSupplies\' and \'cupsSNMPSupplies\' keywords.
* The scheduler now uses both the group\'s membership list as well as the various OS-specific membership functions to determine whether a user belongs to a named group.
* Added USB quirks rule for HP LaserJet 1015.
* Fixed some PPD parser issues.
* The IPP parser no longer allows invalid member attributes in collections.
* The configure script now treats the \"wheel\" group as a potential system group.
* Fixed IPP buffer overflow.
* Fixed memory disclosure issue in the scheduler.
* Fixed DoS issues in the scheduler.
* Fixed an issue with unsupported \"sides\" values in the IPP backend.
* The scheduler would restart continuously when idle and printers were not shared.
* Fixed an issue with \'EXPECT !name WITH-VALUE ...\' tests.
* Fixed a command ordering issue in the Zebra ZPL driver.
* Fixed a memory leak in \'ppdOpen\'. Changes in CUPS v2.3rc1:
* The \'cups-config\' script no longer adds extra libraries when linking against shared libraries.
* The supplied example print documents have been optimized for size.
* The \'cupsctl\' command now prevents setting \"cups-files.conf\" directives.
* The \"forbidden\" message in the web interface is now explained.
* The footer in the web interface covered some content on small displays.
* The libusb-based USB backend now enforces read limits, improving print speed in many cases.
* The \'ippeveprinter\' command now looks for print commands in the \"command\" subdirectory.
* The \'ipptool\' command now supports \'$date-current\' and \'$date-start\' variables to insert the current and starting date and time values, as well as ISO-8601 relative time values such as \"PT30S\" for 30 seconds in the future. Changes in CUPS v2.3b8
* Media size matching now uses a tolerance of 0.5mm.
* The lpadmin command would hang with a bad PPD file.
* Fixed a potential crash bug in cups-driverd.
* Fixed a performance regression with large PPDs.
* Fixed a memory reallocation bug in HTTP header value expansion.
* Timed out job submission now yields an error.
* Restored minimal support for the \'Emulators\' keyword in PPD files to allow old Samsung printer drivers to continue to work.
* The scheduler did not encode octetString values like \"job-password\" correctly for the print filters.
* The \'cupsCheckDestSupported\' function did not check octetString values correctly.
* Added support for \'UserAgentTokens\' directive in \"client.conf\".
* Updated the systemd service file for cupsd.
* The \'ippValidateAttribute\' function did not catch all instances of invalid UTF-8 strings.
* Fixed an issue with the self-signed certificates generated by GNU TLS.
* Fixed a potential memory leak when reading at the end of a file.
* Fixed potential unaligned accesses in the string pool.
* Fixed a potential memory leak when loading a PPD file.
* Added a USB quirks rule for the Lexmark E120n.
* Updated the USB quirks rule for Zebra label printers.
* The lpadmin command, web interface, and scheduler all queried an IPP Everywhere printer differently, resulting in different PPDs for the same printer.
* The web interface no longer provides access to the log files.
* Non-Kerberized printing to Windows via IPP was broken.
* The scheduler no longer stops a printer if an error occurs when a job is canceled or aborted.
* Added a USB quirks rule for the DYMO 450 Turbo.
* Added a USB quirks rule for Xerox printers.
* The scheduler\'s self-signed certificate did not include all of the alternate names for the server when using GNU TLS.
* Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs.
* Fixed \'PreserveJobHistory\' bug with time values.
* The scheduler no longer advertises the HTTP methods it supports.
* The scheduler did not always idle exit as quickly as it could.
* Added a new \'ippeveprinter\' command based on the old ippserver sample code. Changes in CUPS v2.3b7
* Running ppdmerge with the same input and output filenames did not work as advertised.
* Rebase let-cupsd-start-after-network.patch and cups-config-libs.patch.
* Drop issue5509-fix-utf-8-validation-issue.patch and issue5453.patch: fixed upstream.
* Thu Jun 25 2020 Ludwig Nussel - make cups-devel pull in cups-rpm-helper to fix printer driver provides (boo#1172407)
* Fri Jun 05 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec
* Thu Feb 21 2019 vliaskovitisAATTsuse.com- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118) Fixes https://github.com/apple/cups/issues/5509- Remove libcupscgi1, libcupsmime1, libcupsppdc1 from baselibs.conf
* Mon Dec 10 2018 jsmeixAATTsuse.de- Version upgrade to 2.3b6: This is the sixth beta of the CUPS 2.3 series which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and \"polish\" issues. For details see https://github.com/apple/cups/releases or the CHANGES.md file. Backward incompatible changes:
* The cupsaddsmb program has been removed (Issue #5449)
* The cupstestdsc program has been removed (Issue #5450)
* The cupscgi, cupsmime, and cupsppdc support libraries are no longer installed as shared libraries. Changes include:
* CVE-2018-4700: Linux session cookies used a predictable random number seed.
* The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045)
* The lpadmin command would create a non-working printer in some error cases (Issue #5305)
* The scheduler would crash if an empty AccessLog directive was specified (Issue #5309)
* The scheduler did not idle-exit on some Linux distributions (Issue #5319)
* Fixed a regression in the changes to ippValidateAttribute (Issue #5322, Issue #5330)
* Fixed a crash bug in the Epson dot matrix driver (Issue #5323)
* Automatic debug logging of job errors did not work with systemd (Issue #5337)
* The web interface did not list the IPP Everywhere \"driver\" (Issue #5338)
* The scheduler did not report all of the supported job options and values (Issue #5340)
* The IPP Everywhere \"driver\" now properly supports face-up printers (Issue #5345)
* Fixed some typos in the label printer drivers (Issue #5350)
* Setting the Community name to the empty string in snmp.conf now disables SNMP supply level monitoring by all the standard network backends (Issue #5354)
* Multi-file jobs could get stuck if the backend failed (Issue #5359, Issue #5413)
* The IPP Everywhere \"driver\" no longer does local filtering when printing to a shared CUPS printer (Issue #5361)
* The lpadmin command now correctly reports IPP errors when configuring an IPP Everywhere printer (Issue #5370)
* Fixed some memory leaks discovered by Coverity (Issue #5375)
* The PPD compiler incorrectly terminated JCL options (Issue #5379)
* The cupstestppd utility did not generate errors for missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381)
* The scheduler now reports the actual location of the log file (Issue #5398)
* The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433)
* Kerberos credentials might be truncated (Issue #5435)
* The handling of MaxJobTime 0 did not match the documentation (Issue #5438)
* Fixed a bug adding a queue with the -E option (Issue #5440)
* The scheduler did not validate that required initial request attributes were in the operation group (rdar://41098178)
* Fixed an issue with HTTP Digest authentication (rdar://41709086)
* The scheduler could crash when job history was purged (rdar://42198057)
* Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976)
* Fixed a memory leak for some IPP (extension) syntaxes.
* The snmp backend is now deprecated.- issue5453.patch fixes https://github.com/apple/cups/issues/5453- Version upgrade to 2.3b5: This is the fifth beta of the CUPS 2.3 series which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and \"polish\" issues. For details see https://github.com/apple/cups/releases or the CHANGES.md file. Changes include:
* The ipptool program no longer checks for duplicate attributes when running in list or CSV mode (Issue #5278)
* The cupsCreateJob, cupsPrintFile2, and cupsPrintFiles2 APIs did not use the supplied HTTP connection (Issue #5288)
* Fixed another crash in the scheduler when adding an IPP Everywhere printer (Issue #5290)
* Added a workaround for certain web browsers that do not support multiple authentication schemes in a single response header (Issue #5289)
* Fixed policy limits containing the All operation (Issue #5296)
* The scheduler was always restarted after idle-exit with systemd (Issue #5297)
* The mailto notifier did not wait for the welcome message (Issue #5312)
* Fixed a parsing bug in the pstops filter (Issue #5321)
* The scheduler allowed environment variables to be specified in the cupsd.conf file (rdar://37836779, rdar://37836995, rdar://37837252, rdar://37837581)
* Fax queues did not support pause (p) or wait-for-dialtone (w) characters (rdar://39212256)
* The scheduler did not validate notify-recipient-uri values properly (rdar://40068936)
* The IPP parser allowed invalid group tags (rdar://40442124)
* Fixed a parsing bug in the new authentication code.- issue5296_fix_policy_limits_using_All.patch is obsolete because it is fixed upstream (see \"Issue #5296\" above)
* Thu Oct 18 2018 Dr. Werner Fink - Add patch let-cupsd-start-after-network.patch Let cuspd start after possible network connection (boo#1111351) This let cupsd also stop before a used network connection goes down, hence the cusp does not lock due waiting on remote printers.
* Fri Sep 14 2018 antoine.belvireAATTopensuse.org- Fix warning message upon update (boo#1050845): Remove template service cups-lpdAATT from service_
* macro in scriptlets.
* Wed Apr 18 2018 jsmeixAATTsuse.de- issue5296_fix_policy_limits_using_All.patch fixes https://github.com/apple/cups/issues/5296 by only the actually relevant part of https://github.com/apple/cups/commit/0873f681e43c04972b3d6bc90bdbdedb29e6e913 (follow-up of boo#936309 and bsc#577936 starting at comment 13)
* Wed Mar 28 2018 jsmeixAATTsuse.de- Version upgrade to 2.3b4: This is the fourth beta of the CUPS 2.3 series. For details see https://github.com/apple/cups/releases or the CHANGES.md file. Changes include:
* Additional security fixes for: bsc#1061066 DBUS library aborts caller process in _dbus_check_is_valid_utf8 (in particular that aborts cupsd) and bsc#1087018 CVE-2017-18248: cups: The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification which are the CUPS upstream issues https://github.com/apple/cups/issues/5143 Remote DoS attack against cupsd via invalid username and malicious D-Bus library and https://github.com/apple/cups/issues/5186 squash non-UTF-8 strings into ASCII on plain IPP level and https://github.com/apple/cups/issues/5229 persistently substitute invalid job attributes with default values - not only in add_job see also bsc#1087072 dbus-1: Disable assertions to prevent un-expected DDoS attacks
* NOTICE: Raw print queues are now deprecated (Issue #5269) so that now there is a warning message when you add or modify a queue to use the \"raw driver\" but raw printing will continue to work through CUPS 2.3.x, cf. https://lists.cups.org/pipermail/cups/2018-March/074060.html
* Kerberized printing to another CUPS server did not work correctly (Issue #5233)
* The scheduler now supports using temporary print queues for older IPP/1.1 print queues like those shared by CUPS 1.3 and earlier (Issue #5241)
* Systemd did not restart cupsd when configuration changes were made that required a restart (Issue #5263)
* Fixed an Avahi crash bug in the scheduler (Issue #5268)
* TLS connections now properly timeout (rdar://34938533)
* Removed support for the \'-D_PPD_DEPRECATED=\"\"\' developer cheat - the PPD API should no longer be used.
* Removed support for \'-D_IPP_PRIVATE_STRUCTURES=1\' developer cheat - the IPP accessor functions should be used instead.
* The symlink rastertodymo -> rastertolabel in /usr/lib/cups/filter is no longer provided.- Removed fix_filter_Makefile.patch because since CUPS 2.3b4 it is fixed in the upstream code via https://github.com/apple/cups/issues/5247 more precisely via https://github.com/apple/cups/commit/ab89234de2d9bf36bb59f2aa4873d98e95ca4df2
* Thu Feb 08 2018 jsmeixAATTsuse.de- Version upgrade to 2.3b3: This is the third beta of the CUPS 2.3 series. For details see https://github.com/apple/cups/releases Changes include:
* More fixes for printing to old CUPS servers (Issue #5211)
* Additional changes for the scheduler to substitute default values for invalid job attributes when running in \"relaxed conformance\" mode (Issue #5229 - a follow-up of issues #5186 and #5143) A detailed list of changes can be found in the CHANGES.md file.- fix_filter_Makefile.patch fixes https://github.com/apple/cups/issues/5247
* Thu Jan 18 2018 jsmeixAATTsuse.de- Version upgrade to 2.3b2: This is the second beta of the CUPS 2.3 series. For details see https://github.com/apple/cups/releases Changes include:
* Printing to old CUPS servers has been fixed (Issue #5211) A detailed list of changes can be found in the CHANGES.md file.
* Wed Dec 20 2017 jsmeixAATTsuse.de- Version upgrade to 2.3b1: This is the first beta of the CUPS 2.3 series which adopts the new CUPS license (Apache License, Version 2.0), adds support for IPP presets and finishing templates, and fixes a number of bugs and \"polish\" issues. For details see https://github.com/apple/cups/releases Changes include:
* CUPS is now provided under the Apache License, Version 2.0
* The CUPS library now supports the latest HTTP Digest authentication specification including support for SHA-256 (Issue #4862)
* Dropped RSS subscription management from the web interface (Issue #5012)
* The lpadmin command now provides a better error message when an unsupported System V interface script is used (Issue #5111)
* The SSLOptions directive now supports MinTLS and MaxTLS options to control the minimum and maximum TLS versions that will be allowed, respectively (Issue #5119)
* Dropped hard-coded CGI scripting language support (Issue #5124)
* The scheduler now substitutes default values for invalid job attributes when running in \"relaxed conformance\" mode (Issue #5186 - a follow-up of issue #5143) A detailed list of changes can be found in the CHANGES.md file.
* Tue Nov 14 2017 christopheAATTkrop.fr- Make sure cups-libs- is removed.
* Tue Nov 07 2017 jsmeixAATTsuse.de- Version upgrade to 2.2.6: CUPS 2.2.6 is a general bug fix release. For details see https://github.com/apple/cups/releases Changes include:
* DBUS notifications could crash the scheduler (Issue #5143) (see also bsc#1061066 \"DBUS library aborts caller process\") A detailed list of changes can be found in the CHANGES.md file.
* Fri Oct 20 2017 jsmeixAATTsuse.de- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017 that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.- Version upgrade to 2.2.5: CUPS 2.2.5 is a general bug fix release. For details see https://github.com/apple/cups/releases- Version upgrade to 2.2.4: CUPS 2.2.4 is a general bug fix release. For details see https://github.com/apple/cups/releases- Removed 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch 0002-Save-work-on-Avahi-code.patch 0003-Avahi-fixes-for-cupsEnumDests.patch because since CUPS 2.2.4 it is fixed in the upstream code via https://github.com/apple/cups/pull/4989 more precisely via https://github.com/apple/cups/commit/a2187a63425a3d6c05de1e1cbf8c26fd39a1aced https://github.com/apple/cups/commit/657c5b5f91e6d5120c4ad7b118cf9098dd27f03d https://github.com/apple/cups/commit/3fae3b337df0be1a766857be741173d8a9915da7
* Wed Oct 18 2017 opensuseAATTdstoecker.de- Fix typo in requires
* Fri Oct 13 2017 jengelhAATTinai.de- Implement shared library packaging guideline [boo#862112]- Update package descriptions.
* Sat Sep 30 2017 jengelhAATTinai.de- Remove redundant Requires(pre) line — the use of %post -p already implies it.
* Wed Sep 20 2017 schwabAATTsuse.de- Pre-require user(lp) in cups-libs
* Thu Jun 08 2017 jsmeixAATTsuse.de- In /usr/lib/tmpfiles.d/cups.conf use group \'root\' for /run/cups/certs (boo#1042916).
* Fri Jun 02 2017 jsmeixAATTsuse.de- Major backward incompatible change since CUPS 2.2.0: There is no longer the directory /etc/cups/interfaces because since CUPS 2.2.0 so called \"System V style Interface Scripts\" are no longer supported for security reasons (see below the entry about the changes included in CUPS 2.2.0).- Disabled cups-2.1.0-cups-systemd-socket.patch because it does no longer apply which needs to be examined and decided by someone who knows about systemd internals.- Disabled 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch 0002-Save-work-on-Avahi-code.patch 0003-Avahi-fixes-for-cupsEnumDests.patch because they do no longer apply which needs to be examined and decided by someone who knows about Avahi internals.- Version upgrade to 2.2.3: CUPS 2.2.3 is a general bug fix release. See https://github.com/apple/cups/releases Changes include:
* The IPP backend could get into an infinite loop for certain errors, causing a hung queue (rdar://problem/28008717)
* The scheduler could pause responding to client requests in order to save state changes to disk (rdar://problem/28690656)
* Added support for PPD finishing keywords (Issue #4960, Issue #4961, Issue #4962)
* The IPP backend did not send a media-col attribute for just the source or type (Issue #4963)
* IPP Everywhere print queues did not always support all print qualities supported by the printer (Issue #4953)
* IPP Everywhere print queues did not always support all media types supported by the printer (Issue #4953)
* The IPP Everywhere PPD generator did not return useful error messages (Issue #4954)
* The IPP Everywhere finishings support did not work correctly with common UI or command-line options (Issue #4976)
* Fixed an error handling issue for the network backends (Issue #4979)
* The \"reprint job\" option was not available for some canceled jobs (Issue #4915)
* Updated the job listing in the web interface (Issue #4978) A detailed list of changes can be found in the CHANGES.txt file.- Version upgrade to 2.2.2: CUPS 2.2.2 is a general bug fix release. See https://github.com/apple/cups/releases Changes include:
* Fixed some issues with IPP Everywhere printer support (Issue #4893, Issue #4909, Issue #4916, Issue #4921, Issue #4923, Issue #4932, Issue #4933, Issue #4938)
* The rastertopwg filter could crash with certain input (Issue #4942)
* The scheduler did not detect when an encrypted connection was closed by the client on Linux (Issue #4901)
* The cups-lpd program did not catch all legacy usage of ISO-8859-1 (Issue #4899)
* The scheduler no longer creates log files on startup ()
* The ippContainsString function now uses case-insensitive comparisons for mimeMediaType, name, and text values in conformance with RFC 2911.
* The network backends now log the addresses that were found for a printer ()
* Let\'s Encrypt certificates did not work when the hostname contained uppercase letters (Issue #4919)
* Fixed reporting of printed pages in the web interface (Issue #4924)
* Updated systemd config files (Issue #4935) A detailed list of changes can be found in the CHANGES.txt file.- Version upgrade to 2.2.1: CUPS 2.2.1 is a general bug fix release. See https://github.com/apple/cups/releases Changes include:
* Added \"CreateSelfSignedCerts\" directive for cups-files.conf to control whether the scheduler automatically creates its own self-signed X.509 certificates for TLS connections (Issue #4876)
* http
*Connect did not handle partial failures (Issue #4870)
* cupsHashData did not use the correct hashing algorithm ()
* Updated man pages (PR #4885) A detailed list of changes can be found in the CHANGES.txt file.- Version upgrade to 2.2.0: CUPS 2.2.0 adds support for local IPP Everywhere print queues and includes several performance and security improvements. See https://github.com/apple/cups/releases Changes include:
* Normalized the TLS certificate validation code and added additional error messages to aid troubleshooting.
* http
*Connect did not work on Linux when cupsd was not running (Issue #4870)
* The --no-remote-any option of cupsctl had no effect (Issue #4866)
* http
*Connect did not return early when all addresses failed (Issue #4870)
* The IPP backend did not validate TLS credentials properly.
* The printer-state-message attribute was not cleared after a print job with no errors (Issue #4851)
* The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer operations did not always return an error for failed adds (Issue #4854)
* PPD files with names longer than 127 bytes did not work (Issue #4860)
* CUPS now supports Let\'s Encrypt certificates on Linux.
* All CUPS commands now support POSIX options (Issue #4813)
* The scheduler now restarts faster (Issue #4760)
* Improved performance of web interface with large numbers of jobs (Issue #3819)
* Encrypted printing can now be limited to only trusted printers and servers ()
* The scheduler now advertises PWG Raster attributes for IPP Everywhere clients (Issue #4428)
* The scheduler now logs informational messages for jobs at LogLevel \"info\" (Issue #4815)
* The scheduler now uses the getgrouplist function when available (Issue #4611)
* The IPP backend no longer enables compression by default except for certain raster formats that generally benefit from it ()
* The scheduler did not handle out-of-disk situations gracefully (Issue #4742)
* The LPD mini-daemon now detects invalid UTF-8 sequences in job, document, and user names (Issue #4748)
* The IPP backend now continues on to the next job when the remote server/printer puts the job on hold ()
* The scheduler did not cancel multi-document jobs immediately ()
* The scheduler did not return non-shared printers to local clients unless they connected to the domain socket ()
* The scheduler now reads the spool directory if one or more job cache entries point to deleted jobs ()
* Added support for disc media sizes ()
* The httpAddrConnect and httpConnect
* APIs now try connecting to multiple addresses in parallel ()
* Interface scripts are no longer supported for security reasons () A detailed list of changes can be found in the CHANGES.txt file.- Version upgrade to 2.1.4: CUPS 2.1.4 is a general bug fix release. See https://github.com/apple/cups/releases Changes include:
* Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
* Fixed printing of multiple files to raw queues (Issue #4782)
* The scheduler did not implement the Hold-New-Jobs opertion correctly (Issue #4767)
* The cups-lpd mini-daemon incorrectly included the document-name attribute when creating a job. It should only be included when sending a job (Issue #4790) A detailed list of changes can be found in the CHANGES.txt file.
* Sat May 20 2017 dimstarAATTopensuse.org- Replace krb5-devel BuildRequires with pkgconfig(krb5) on suse_version >= 1315: give OBS a better chance to break up build cycles.
* Thu Apr 20 2017 alarrosaAATTsuse.com- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add 0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch, 0002-Save-work-on-Avahi-code.patch and 0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream finally commited to cups 2.2 sources in response to https://github.com/apple/cups/pull/4989 in order to fix cupsEnumDests to react to the ALL_FOR_NOW avahi event (and also include a similar fix for the dnssd case). Related to bsc#955432.
* Mon Apr 10 2017 alarrosaAATTsuse.com- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff . Avahi sends an ALL_FOR_NOW event when it finishes sending its cache contents. This patch makes cupsEnumDests finish when the signal is received so it doesn\'t block the caller doing nothing until the timeout finishes (related to bsc#955432, submitted upstream at https://github.com/apple/cups/pull/4989)
* Wed Mar 29 2017 kukukAATTsuse.com- Add /etc/cups to cups-libs package [bsc#1025689]
* Mon Dec 12 2016 dimstarAATTopensuse.org- Replace pkgconfig(libsystemd-daemon) BuildRequires with pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various sub-libraries have been merged into libsystemd since version 209. openSUSE 13.1 was the last product to ship systemd 208.
* Tue Jun 28 2016 kamikazowAATTweb.de- Remove CUPS.desktop and pixmap
* Obsoletes patch cups-1.3.9-desktop_file.patch
* Mon Feb 29 2016 michaelAATTstroeder.com- Version upgrade to 2.1.3: CUPS 2.1.3 fixes some issues in the scheduler, sample drivers, and user commands. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt):
* The scheduler should not exit under memory pressure ()
* Fixed some issues in ipptool for skipped tests ()
* The \"lp -H resume\" command did not reset the \"job-state-reasons\" attribute value (STR #4752)
* The scheduler did not allow access to resource files (icons, etc.) when the web interface was disabled (STR #4755)- Version upgrade to 2.1.2: CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which actually contained a current 2.2 snapshot. There are no other changes.- Version upgrade to 2.1.1: CUPS 2.1.1 fixes a number of USB and IPP printing issues, addresses some error reporting and hardening issues in the scheduler, and updates some localizations. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt):
* Security hardening fixes (, , , , , , , , , , , , , , , , , , , )
* The cupsGetPPD
* functions did not work with IPP printers (STR #4725)
* Some older HP LaserJet printers need a delayed close when printing using the libusb-based USB backend (STR #4549)
* The libusb-based USB backend did not unload the kernel usblp module if it was preventing the backend from accessing the printer (STR #4707)
* Current Primera printers were incorrectly reported as Fargo printers (STR #4708)
* The IPP backend did not always handle jobs getting canceled at the printer ()
* Added USB quirk for Canon MP530 (STR #4730)
* The scheduler did not deliver job notifications for jobs submitted to classes (STR #4733)
* Changing the printer-is-shared value for a remote queue did not produce an error (STR #4738)
* The IPP backend incorrectly included the job-password attribute in Validate-Job requests ()
* Sun Sep 20 2015 meissnerAATTsuse.com- add -devel to build a 32bit wine on 64bit only Leap systems.
* Tue Sep 01 2015 jsmeixAATTsuse.de- Version upgrade to 2.1.0: CUPS 2.1.0 offers improved support for IPP Everywhere, adds support for advanced logging using journald on Linux, and includes new security features for encrypted printing and reduced network visibility in the default configuration. A detailed list of changes can be found in the CHANGES.txt file. Changes include (excerpt):
* Added support for 3D printers (basic types only, no built-in filters) based on PWG white paper.
* The IPP backend now stops sending print data if the printer indicates the job has been aborted or canceled ()
* The IPP backend now sends the job-pages-per-set attribute when printing multiple copy jobs with finishings ()
* The IPP backend now updates the cupsMandatory values when the printer configuration changes ()
* No longer install banner files since third-party banner filters now supply their own (STR #4518)
* The scheduler no longer listens on the loopback interface unless the web interface or printer sharing are enabled ()
* Added a PPD generator for IPP Everywhere printers (STR #4258)
* Now install \"default\" versions of more configuration files () in particular cups-files.conf.default and snmp.conf.default
* Added SSLOptions values to allow Diffie-Hellman key exchange and disable TLS/1.0 support.
* Updated the scheduler to support more IPP Everywhere attributes (STR #4630)
* The scheduler now supports advanced ASL and journald logging when \"syslog\" output is configured (STR #4474)
* The scheduler now supports logging to stderr when running in the foreground (STR #4505)- Adapted patches so that they apply to CUPS 2.1.0 sources:
* cups-2.1.0-choose-uri-template.patch replaces cups-1.2rc1-template.patch
* cups-2.1.0-default-webcontent-path.patch replaces cups-1.4.3-default-webcontent-path.patch
* cups-2.1.0-cups-systemd-socket.patch replaces cups-systemd-socket.patch
* Tue Sep 01 2015 tchvatalAATTsuse.com- Fix bnc#943950, escape the macro call %systemd-tmpfiles in comment.
* Thu Aug 20 2015 tchvatalAATTsuse.com- Add gpg verification for the tarball- Version update to 2.0.4:
* Fixed a bug in cupsRasterWritePixels (STR #4650)
* Fixed redirection in the web interface (STR #4538)
* The IPP backend did not respond to side-channel requests (STR #4645)
* The scheduler did not start all pending jobs at once (STR #4646)
* The web search incorrectly searched time-at-xxx values (STR #4652)
* Fixed an RPM spec file issue (STR #4657)
* The scheduler incorrectly started jobs while canceling multiple jobs (STR #4648)
* Fixed processing of server overrides without port numbers (STR #4675)
* Documentation changes (STR #4651, STR #4674)
* Wed Jul 01 2015 jsmeixAATTsuse.de- cups-2.0.3-additional_policies.patch replaces cups-1.7-additional_policies.patch that still adds the same \"allowallforanybody\" policy but now with separated \"Limit All\" to avoid https://www.cups.org/str.php?L4659 (boo#936309).- Added \"-p /bin/bash\" to RPM shell commands scriptlets that enforces bash to be safe against any possible \"bashisms\", cf https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
* Thu Jun 25 2015 tchvatalAATTsuse.com- Fix the previous commit by using direct systemd call and ensuring we work even on older distros
* Mon Jun 22 2015 tchvatalAATTsuse.com- Fix postin-without-tmpfile-creation and run %tmpfiles_create macro on our cups.conf
* Tue Jun 09 2015 jsmeixAATTsuse.de- Version upgrade to 2.0.3: The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include (excerpt):
* Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159 exploiting the dynamic linker (STR #4609) (bsc#924208)
* Security: The scheduler could hang with malformed gzip data (STR #4602)
* Restored missing generic printer icon file (STR #4587)
* Fixed logging of configuration errors to show up as errors (STR #4582)
* Fixed potential buffer overflows in raster code and filters (STR #4598, STR #4599, STR #4600, STR #4601)
* Fixed inside (STR #4575)
* Fixed lpadmin when both -m and -o are used (STR #4578)
* The web interface always showed support for 2-sided printing (STR #4595)
* cupsRasterReadHeader did not fully validate the raster header (STR #4596)
* The rastertopwg filter did not check for truncated input (STR #4597)
* The cups-lpd mini-daemon did not check for request parameters (STR #4603)
* The scheduler could get caught in a busy loop (STR #4605)
* The sample Epson driver could crash (STR #4616)
* The IPP backend now correctly monitors jobs ()
* The ppdhtml and ppdpo utilities crashed when the -D option was used before a driver information file (STR #4627)
* ippfind incorrectly substituted \"=port\" for service_port.
* The IPP/1.1 test file did not handle the initial print job completing early (STR #4576)
* Fixed a memory leak in cupsConnectDest (STR #4634)
* PWG Raster Format output contained invalid ImageBox values ()
* Added Russian translation (STR #4577)
* Added German translation (STR #4635)- cups-busy-loop.patch fixed STR #4605 is obsolete because it is fixed upstream (see above).- cleaned up this whole RPM changlog (wrapped too long lines if possible and removed trailing whitespaces).
* Sat Mar 28 2015 mimi.vxAATTgmail.com- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
* Thu Feb 12 2015 tchvatalAATTsuse.com- Add back the posttrans cleanup script as it is needed
* Thu Feb 12 2015 tchvatalAATTsuse.com- Add patch cups-systemd-socket.patch to fix socket activation and to match socket approach Fedora has.
* Thu Feb 12 2015 tchvatalAATTsuse.com- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid page header and compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD keyword was already an IPP keyword ()
* cupsGetPPD
* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
* Thu Feb 12 2015 tchvatalAATTsuse.com- Enable PIE for build
* Fri Jan 30 2015 tchvatalAATTsuse.com- Remove legacy paralel-port support as it is not really needed as most do not want it
* Fri Jan 30 2015 tchvatalAATTsuse.com- Update descriptions to just state what changed and let user find it out.- Add back comment about %fdupes- Remove exit 0 on scriptlets as it is provided by the %service bla ones already- Fix the comment about openSUSE version on tmpfilesdir declaration
* Fri Jan 16 2015 tchvatalAATTsuse.com- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is distributed with the package
* Disabling of sslv3 to mitigate poodle- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license- Remove cups.sysconfig as it is not used with systemd based distros- Purposely lose support for SLE11 as it doubles size of some of the sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only as needs newer gnutls, so don\'t bother with keeping the compat- Use upstream service and socket files to allow more working tools- Removed patches:
* cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
* cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
* cups-0003-systemd-secure-cups.service-unit-file.patch
* cups-1.3.6-access_conf.patch
* cups-1.5-additional_policies.patch
* cups-1.5.4-CVE-2012-5519.patch
* cups-1.5.4-strftime.patch
* cups-move-everything-to-run.patch
* cups-polld_avoid_busy_loop.patch
* cups-provides-cupsd-service.patch
* str4190.patch
* str4351.patch
* str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch- Refreshed patches:
* cups-1.3.9-desktop_file.patch
* cups-config-libs.patch- Added patches:
* cups-1.7-additional_policies.patch
* cups-systemd-socket.patch
  
ICM