Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

cups-devel-1.7.5-12.9.1 RPM for ppc64le

From OpenSuSE Ports Leap 42.3 updates for ppc64le

Name: cups-devel Distribution: openSUSE Leap 42.3
Version: 1.7.5 Vendor: openSUSE
Release: 12.9.1 Build date: Wed Dec 12 18:06:58 2018
Group: Development/Libraries/C and C++ Build host: obs-power8-06
Size: 215165 Source RPM: cups-1.7.5-12.9.1.src.rpm
Summary: Development Environment for CUPS
The Common UNIX Printing System (CUPS) is the
standards-based, open source printing system.


This is the development package.

CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.

For details regarding incompatible changes in CUPS >= 1.6 see
and follow the links therein.






* Mon Dec 03 2018
  - cups-2.2.7-CVE-2018-4700.patch from SLE15 also applies to
    cups-1.7.5 in SLE12 and fixes CVE-2018-4700: session cookie
    is extremely predictable, effectively breaking the
    CSRF protection of the CUPS web interface (bsc#1115750)
* Thu Jun 21 2018
  - 0004-Fix-authorization-check-for-kerberos-local-connectio.patch
    Fixes authorization check for clients (like samba) connected through the
    local socket when Kerberos authentication is enabled (bsc#1050082)
* Tue Jun 19 2018
  - cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954-for-cups-1.7.5-stripped.diff
    is derived from
    'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
    and stripped down to only what is needed for CUPS 1.7.5
    that fixes local privilege escalation to root and sandbox
    bypasses in scheduler (Apple's internal issues rdar://37836779,
    rdar://37836995, rdar://37837252, rdar://37837581)
    bsc#1096405 CVE-2018-4180:
    Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
    bsc#1096406 CVE-2018-4181:
    Limited Local File Reads as Root via cupsd.conf Include Directive
    bsc#1096407 CVE-2018-4182:
    cups-exec Sandbox Bypass Due to Insecure Error Handling
    bsc#1096408 CVE-2018-4183:
    cups-exec Sandbox Bypass Due to Profile Misconfiguration
* Tue Mar 27 2018
  - DBUS-notifications-could-crash-the-scheduler-Issue-5.patch
    * bsc#1061066 DBUS library aborts caller process
      in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
    * bsc#1087018 CVE-2017-18248: cups: The add_job function in
      scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
      enabled, can be crashed by remote attackers by sending print
      jobs with an invalid username, related to a D-Bus notification
    which are the CUPS upstream issues
      Remote DoS attack against cupsd via invalid username
      and malicious D-Bus library
      squash non-UTF-8 strings into ASCII on plain IPP level
      persistently substitute invalid job attributes
      with default values - not only in add_job
    see also
    * bsc#1087072 dbus-1:
      Disable assertions to prevent un-expected DDoS attacks
* Mon Feb 19 2018
  - Add CVE-2017-18190.patch: Removed localhost.localdomain from list
    of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP
    command execution in conjunction with DNS rebinding.
    (CVE-2017-18190 bsc#1081557)
* Thu May 18 2017
  - cups-scheduler_logs_jobs_at_loglevel_info.patch
    (made on Tue Jan 24 2017 by
    is based on the upstream patch
    so that the scheduler now also logs messages for jobs at
    LogLevel "info", see
    and bsc#1021133 and bsc#990045
* Thu Apr 20 2017
  - Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
    0002-Save-work-on-Avahi-code.patch and
    0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
    finally commited to cups 2.2 sources in response to in order to fix cupsEnumDests
    to react to the ALL_FOR_NOW avahi event (and also include a similar
    fix for the dnssd case). Related to bsc#955432 and fate#322052.
* Mon Apr 10 2017
  - Add cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff .
    Avahi sends an ALL_FOR_NOW event when it finishes sending
    its cache contents. This patch makes cupsEnumDests finish
    when the signal is received so it doesn't block the caller
    doing nothing until the timeout finishes (related to bsc#955432 and
    fate#322052, submitted upstream at
* Thu May 12 2016
  - add_gziptoany_filter_when_raw_printing_multiple_files_GitHub4782.patch
    is the upstream patch part for scheduler/job.c from
    adapted to fit exactly for CUPS-1.7.5
    that fixes raw printing multiple files by adding the gziptoany
    filter, see
  - cups-lpd_remove_adding_docname_GitHub4790.patch is an excerpt
    from the upstream patch part for scheduler/cups-lpd.c from
    that avoids warnings in error_log of the form "Unexpected
    'document-name' operation attribute in a Create-Job request"
    (SUSE Service Request 10994025138)
* Wed Apr 22 2015
  - str4609.CERT-VU-810572.CUPS-1.7.5.patch
    fixes a possible privilege escalation via cross-site scripting
    and bad print job submission used to replace cupsd.conf on server
    plus possible bad interaction via dynamic linker variables
    (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158 CVE-2015-1159
    In general it is crucial to limit access to CUPS to trustworthy
    users who do not misuse their permission to submit print jobs
    which means to upload arbitrary data onto the CUPS server, see
    and cf. the entries about CVE-2012-5519 below.
* Tue Feb 17 2015
  - str4551.CVE-2014-9679.CUPS-1.7.5.patch
    fixes a possible buffer overflow in filter/raster.c
    (CUPS STR#4551 CVE-2014-9679 bsc#917799).
* Tue Sep 23 2014
  - change BuildRequires for systemd to pkgconfig(systemd)
    and pkgconfig(libsystemd-daemon) to avoid build-cycles
* Mon Aug 25 2014
  - Version upgrade to 1.7.5:
    CUPS 1.7.5 addresses some minor issues and expands upon the
    symlink security protection. Changes include (excerpt):
    * Security: Addressed some more situations where symlinked
      files would be served by the web interface (CVE-2014-5029
      CVE-2014-5030 CVE-2014-5031 STR #4455 and bnc#887240).
    * The LPD backend did not work with some versions
      of glibc (STR #4452)
    * CGI scripts did not work (STR #4454)
  - str4455-1.7.patch (see the previous entry below)
    is obsolete because it is fixed upstream since CUPS 1.7.5.
  - Let fdupes only create symlinks in /usr/share/cups/templates/ to
    avoid a symlink /usr/share/cups/webcontent/images/cups-icon.png
    because since CUPS 1.7.4/1.7.5 the cupsd web server does
    no longer follow symlinks to avoid the security issues
    mentioned in the previous two entries below
    (fixes bnc#892587 a regression of bnc#887240).
* Tue Jul 29 2014
  - str4455-1.7.patch complements the incomplete fix for
    CVE-2014-3537 STR#445 in the CUPS 1.7.4 sources
    to fix the subsequent CVE-2014-5029 CVE-2014-5030
    CVE-2014-5031 STR#4455 (bnc#887240).
* Tue Jul 15 2014
  - Version upgrade to 1.7.4:
    CUPS 1.7.4 fixes several networking and build issues,
    and addresses a symlink security issue CVE-2014-3537.
    Changes since 1.7.3 include (excerpt):
    * Security: The web interface incorrectly served symlinked files
      and files that were not world-readable, potentially leading to
      a disclosure of information (CVE-2014-3537, STR #4450,
      and bnc#887240).
    * The "snmp" option did not work with the network backends
      (STR #4422).
    * The User directive in client.conf did not override the USER
      environment variable (STR #4426).
    * The web interface now properly shows a "Go" button for
      all text-based browsers (STR #4425).
    * The MaxJobTime directive now properly supports time
      values (STR #4434).
    * Fixed an "IPP read error" race condition issue (STR #4440).
* Mon Jun 02 2014
  - Version upgrade to 1.7.3:
    CUPS 1.7.3 includes a number of general bug fixes.
    Changes since 1.7.2 include (excerpt):
    * Fixed mapping of OutputBin values such as "Tray1".
    * Several ippGet* functions incorrectly returned -1
      instead of 0 on error.
    * Fixed an authentication race condition in
      cupsSendRequest (STR #4403).
    * The scheduler did not add the "job-hold-until-specified"
      reason when holding a job using the lp command (STR #4405).
    * Auto-typing of PWG Raster files did not work (STR #4417).
    * IPP queues using hardcoded credentials would ask
      for credentials (STR #4371).
* Wed Apr 23 2014
  - Version upgrade to 1.7.2:
    CUPS 1.7.2 addresses a web interface redirection security issue,
    some scheduler crashed on Linux, and other general bug fixes.
    Changes since 1.7.1 include (excerpt):
    * CVE-2014-2856: The scheduler now blocks URLs containing
      embedded HTML (STR #4356 and bnc#873899).
    * cupsDoIORequest could miss the server status, causing failed
      lpadmin and other administrative commands (STR #4386).
    * Fixed a D-BUS threading issue that caused the scheduler
      to crash (STR #4347).
    * The scheduler now automatically reconnects to Avahi
      as needed (STR #4370, STR #4373).
  - str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail
    is obsolete because it is fixed upstream since CUPS 1.7.2.
  - Removed the CUPS banner files in /usr/share/cups/banners/ and
    the CUPS testpage /usr/share/cups/data/testprint (which is also
    a CUPS banner file type) because they do no longer work
    since CUPS >= 1.6 (see
    because there is no longer a filter for Linux that can convert
    the CUPS banner files. Since CUPS >= 1.6 only the banner files
    and testpage in the cups-filters package work via the
    cups-filters PDF workflow and the cups-filters package also
    provides the matching bannertopdf filter (bnc#873376).
* Fri Apr 11 2014
  - In case of systemd use --with-rundir=/run/cups
    instead of --with-rundir=/run (bnc#871640).
* Thu Feb 27 2014
  - str4351.patch from CUPS upstream fixes
    "STR #4351 cups-lpd hugh jobs (>2G) fail"
* Wed Feb 26 2014
  - Version upgrade to 1.7.1 (fate#314630):
    CUPS >= 1.6 has major incompatible changes compared to CUPS
    up to version 1.5.4 in particular when printing via network:
    * The IPP protocol default version increased form 1.1 to 2.0.
      Older IPP servers like CUPS 1.3.x (e.g. in SLE11)
      reject IPP 2.0 requests with "Bad Request" (STR #4231).
      By adding '/version=1.1' to ServerName in client.conf
      (e.g. ServerName
      or the CUPS_SERVER environment variable value or by
      adding it to the server name value of the '-h' opion
      (e.g. lpstat -h -p)
      the older IPP protocol version for older servers
      must be explicitly specified.
    * CUPS Browsing is dropped in CUPS but the new package
      cups-filters provides the cups-browsed that provides
      basic CUPS Browsing and Polling functionality.
      The native protocol in CUPS for automatic client discovery
      of printers is now DNS-SD.
    * Some printing filters and backends are dropped in CUPS
      but the new package cups-filters provides them so that
      cups-filters is usually needed (recommended by RPM)
      but cups-filters is not strictly required.
    * The cupsd configuration directives are split into two files
      cupsd.conf (can also be modified via HTTP PUT e.g. via cupsctl)
      and cups-files.conf (can only be modified manually by root)
      to have better default protection against misuse of privileges
      by normal users who have been specifically allowed
      by root to do cupsd configuration changes
      (STR #4223 CVE-2012-5519 bnc#789566).
    See the entries below for more information.
    For details see the openSUSE Bugzilla bnc#735404 issue.
    CUPS 1.7.1 improves network and USB printing, fixes some
    scheduler issues, and addresses a minor security issue
    in the lppasswd program.
    Changes since 1.7.0 include (excerpt):
    * Security: the lppasswd program incorrectly used settings
      from ~/.cups/client.conf (STR #4319)
    * ATTR messages could cause string pool memory corruption
      in the scheduler (<rdar://problem/15382819>)
    * Printing to a raw queue could result in corrupt output
      due to opportunistic compression (<rdar://problem/15008524>)
    * Japanese PPDs using with the Shift-JIS encoding
      did not work (<rdar://problem/15427759>)
    * The libusb-based USB backend incorrectly used write
      timeouts (<rdar://problem/15564888>)
    * The IPP backend did not wait for a busy printer
      to become available before attempting to print
    * Using "@IF(name)" in an Allow or Deny rule
      did not work (STR #4328)
    * The D-BUS notifier did not remove its lockfile (STR #4314)
    * CUPS incorrectly used the USER environment variable when
      the name did not match the user ID (STR #4327)
    For details see the CHANGES.txt file.
  - cups-1.7-additional_policies.patch adds the 'allowallforanybody'
    policy to cupsd.conf (fate#303515) and replaces
  - Clean up of systemd unit files (bnc#857372):
    Make it working again as simple and secure as it worked
    all the time in the past by providing only one single
    systemd unit file cups.service. In particular currently YaST
    cannot manage services with additional other systemd unit files.
    Furthermore systemd socket activation is currently insecure
    in case of IPv6 (CVE-2012-6094 bnc#795624).
  - Clean up how cupsd is launched (via SysVinit or systemd)
    by maintaining strictly separated sections in cups.spec:
    Either for launching cupsd via systemd (if have_systemd is set)
    or for launching cupsd via SysVinit (if have_systemd is not set).
    SysVinit support cannot be removed because CUPS 1.7.1 still
    builds and can be used even for SLE11.
  - The default group of users who are allowed to do cupsd
    configuration changes via requests to the running cupsd
    (i.e. the SystemGroup directive in cupsd.conf) is set
    to 'root' only (related to STR #4223 CVE-2012-5519 bnc#789566).
    In this context a general security advice:
    When root allows normal users to do system administration tasks
    (in particular when root allows normal users to administer
    system processes - i.e. processes that run as root), then
    this or that kind of privilege escalation will be possible.
    Only trustworthy users who do not misuse their privileges
    may get allowed to do specific system administration tasks.
* Wed Oct 30 2013
  - Version upgrade to 1.7.0
    CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
    See the entries below for more information.
    For details see the openSUSE Bugzilla bnc#735404 issue.
    Changes since 1.7rc1 include (excerpt):
    * The lpadmin command did not send the PPD name from
      the "-m" option (<rdar://problem/15264697>).
    * The scheduler did not respond using the hostname
      specified by the client (<rdar://problem/14583574>).
    * Fixed a couple memory leaks in ippfind that were
      reported by Clang.
    * Fixed a compile issue on 64-bit Linux with Clang - need
      to use the -pie option instead of -Wl,-pie now
    * The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE
      environment variable to the filters or backend
    For details see the CHANGES.txt file.
* Tue Jul 16 2013
  - Version upgrade to 1.7rc1 only for testing purpose.
    CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
    After a version upgrade to CUPS >= 1.6 printing in the network
    would no longer work as it did up to CUPS 1.5.
    For details regarding incompatible changes in CUPS >= 1.6 see
    and follow the links therein.
    The 1.7 series is primarily a "polish" release with improved
    support for paid, PIN, and release printing, expanded support
    for IPP Everywhere, automatic support for data compression,
    and improved CUPS APIs.
    CUPS 1.7rc1 is the first release candidate for CUPS 1.7.0
    and includes the fixes from CUPS 1.6.3, adds a new
    ippfind utility, fixes some issues in the ipptool utility,
    and fixes some general printing bugs.
    For details what is new in CUPS 1.7 see the CHANGES.txt file.
    * Printer xxx-default values were not reported by
      Get-Printer-Attributes or lpoptions (<rdar://problem/14401795>)
    * Added a new ippfind tool for finding IPP printers and
      other Bonjour services (<rdar://problem/13876199>)
  - Version upgrade to 1.6.3
    CUPS 1.6.3 fixes some compatibility issues with servers
    running CUPS 1.3.12 or older, fixes some general printing bugs,
    and fixes some minor security issues.
    For details what is new in CUPS 1.6 see the CHANGES-1.6.txt file.
    * The lp, lpq, lpr, and lpstat now display an error message
      advising the use of the /version=1.1 ServerName option
    * Added documentation about the /version=1.1 option to ServerName
      in client.conf (<rdar://problem/14216262>)
    * The lp, lpq, lpr, and lpstat commands incorrectly ignored
      the default printer set in the lpoptions file
    * Printing using "ipps" URIs was not encrypted.
* Tue Mar 19 2013
  - Version upgrade to 1.6.2.
    CUPS 1.6 has major incompatible changes compared to CUPS 1.5.
    For details regarding incompatible changes in CUPS 1.6 see
    and follow the links therein.
    For details what is new in CUPS 1.6 see the CHANGES.txt file.
    * Security: All file, directory, user, and group settings
      are now stored in a separate cups-files.conf configuration
      file that cannot be set through the CUPS web interface
      or APIs (STR #4223).
    * The IPP backend could crash if the printer disconnects
      early (STR #4284).
    * cupsGetPPD did not work with statically-configured CUPS
      shared queues (STR #4178).
    * Bad IPP responses could crash ipptool (STR #4262).
    * Updated USB quirk rules for various printers
      (STR #4217, STR #4263, STR #4286).
    * Added USB blacklisting for printers that require a custom
      backend (STR #4218).
    * The CUPS library did not always detect a timed out connection
      to the server which could cause temporary loss of printing
      from applications (STR #4187).
    * The IPP backend now stops queues when the server configuration
      prevents successful job submission (STR #4125).
    * CUPS 1.6 clients using the ServerName directive in client.conf
      did not work with CUPS 1.3.x or older servers
      (STR #4231, STR #4291).
    * The scheduler could crash when using Avahi
      (STR #4183, STR #4192, STR #4200, STR #4213).
    * The IPP backend could get stuck in an endless loop on certain
      network errors (STR #4194).
    * The scheduler no longer allows job-name values that are
      not valid network Unicode strings (STR #4072).
    * The network backends now support disabling of SNMP supply
      level queries via the "snmp" URI option (STR #4106).
    * The IPP backend did not specify the compression used
      (STR #4181).
    * The scheduler did not recognize dnssd: or ipps: URIs as
      Bonjour shared queues (STR #4158).
    * Applications could not get the PPD file for
      statically-configured Bonjour-shared print queues (STR #4159).
    * Fixed a USB backend compatibility issue on systems using
      libusb (STR #4155, STR #4191).
    * Some Bonjour features were not available on systems
      with Avahi (STR #4156).
  - cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch is
    obsolete because it is fixed upstream (STR #4231, STR #4291).
  - cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch
    replaces cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch
  - Adapted cups-client.conf template file for CUPS 1.6.
* Wed Nov 28 2012
  - cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch
    adapts the defaults in cupsd.conf for SUSE.
    It replaces cups-1.3.6-access_conf.patch that
    added 'Allow' to cupsd.conf to allow access
    for the loopback IP address which is set for
    the hostname by SUSE in /etc/hosts at least up to
    SLE10 products.
    It also replaces cups-1.5-additional_policies.patch
    that added the 'allowallforanybody' policy to cupsd.conf
    Furthermore it fixes some issues with the CUPS upstream
    defaults i.e. removal of no longer supported keywords
    BrowseOrder BrowseAllow DefaultAuthType (otherwise cupsd
    prints error messages of the form "Unknown directive
    BrowseOrder on line 22").
  - cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch
    reverts the incompatible change in CUPS 1.6
    that makes IPP version 2.0 default
    back to using IPP version 1.1 by default.
    Otherwise CUPS 1.6 on clients cannot talk to older CUPS
    servers in particular not to CUPS 1.3.9 on SLE11.
    E.g. on a CUPS 1.6 client "lpstat -h sle11.cups.server -p"
    would fail on the client with "lpstat: Bad Request" and
    the CUPS 1.3.9 server logs in /var/log/cups/error_log the
    lines "E ... cupsdReadClient: ... IPP Read Error!"
    and "D ... cupsdSendError: ... code=400 (Bad Request)".
* Tue Nov 27 2012
  - Version upgrade to 1.6.1.
    CUPS 1.6 has major incompatible changes compared to CUPS 1.5.
    After a version upgrade to CUPS 1.6 printing in the network
    would no longer work as it did up to CUPS 1.5.
    For an overview about what is new in CUPS 1.6 see
    For details regarding incompatible changes in CUPS 1.6 see
    and follow the links therein.
    For details what is new in CUPS 1.6 see the CHANGES.txt file.
    * CUPS now supports color management using colord (STR #3808).
    * CUPS now supports Bonjour using Avahi (STR #3066).
    * The "brightness", "columns", "fitplot", "gamma", "hue",
      "natural-scaling", "penwidth", "position", "ppi",
      "saturation", and "scaling" options are not longer
      supported (STR #4010).
    * Added new destination connection and enumeration functions
      via new dynamic destination APIs (STR #3924).
    * Added new option, localization, and job submission functions
      via new APIs that do not depend on PPD files (STR #3925).
    * The scheduler now supports a DefaultAuthType of "auto" to
      automatically choose between Basic (username/password)
      and Negotiate (Kerberos) authentication.
    * CUPS no longer supports automatic remote printers or
      implicit classes via the CUPS, LDAP, or SLP protocols
      (STR #3922, STR #3923).
    * The PPD APIs are now deprecated and will be removed
      in a future version of CUPS (STR #3927).
    * The default IPP version for requests is now 2.0 (STR #3929).
    * The IPP APIs no longer expose the ipp_t or ipp_attribute_t
      structures and instead provide accessor functions (STR #3928).
    * The scheduler will no longer run programs with group write
    * The PHP module has been removed (STR #3932).
    * The bannertops, commandtoescpx, commandtopclx, imagetops,
      imagetoraster, pdftops, rastertoescpx, rastertopclx,
      and texttops filters have been removed (STR #3930).
    * The serial and parallel backends have been removed (STR #3935).
  - Adapted cups-config-libs.patch for CUPS 1.6.1
    (IMGLIBS is no longer present in
* Thu Oct 18 2012
  - buildrequire systemd through the pkgconfig provide to get
    systemd-mini in build environment (to break cycle)
* Thu Sep 27 2012
  - Version upgrade to 1.5.4 (mainly a bugfix release) that fixes
    some IPP printing issues.
    * The IPP backend no longer tries to get the job status for
      printers that do not implement the required operation
      (STR #4083).
    * Sending a document in an unsupported format to an IPP printer
      now automatically cancels the job (STR #4093).
    * The IPP backend now treats the client-error-not-possible
      status code as a job history issue, allowing IPP printing to
      Windows to work(STR #4047).
    For a complete list see the CHANGES.txt file.
  - revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of
    an upstream fix.
* Tue Sep 04 2012
  - license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
    Apple grant an openssl linking exception (and an exception for
    linking on Apple owned operating systems).
* Wed Aug 01 2012
  - Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default
    from becoming hardlinked via the fdupes run in cups.spec
    (see the 'Wed Aug 26 21:43:03 CEST 2009' entry below)
    by making their content different and at the same time
    fix the misleading comment (openSUSE Bugzilla bnc#773971).
  - Minor clean-up in cups.spec (the "Remove unpackaged files"
    via "rm -rf <some_man-pages>") is no longer needed because
    those man pages are no longer installed.
* Wed May 16 2012
  - Upgraded to CUPS 1.5.3 (mainly a bugfix release) that fixes
    a number of PostScript, SSL, authenticated printing,
    and networking issues.
    * The scheduler could crash if a PPD file contained
      an invalid paper size (STR #4049).
    * Missing localizations caused empty output (STR #4033).
    * Changed how timeouts are implemented in the LPD backend
      (STR #4013).
    * The default InputSlot setting was never used (STR #3957).
    * Fixed the IPP backend's handling of HTTP/1.0 compatibility
      (STR #3988).
    For a complete list see the CHANGES.txt file.
  - revert_cups-ssl.m4_to_1.5.2.patch reverts cups-ssl.m4 to what
    it was in CUPS 1.5.2 so that autoconf produces a syntactically
    correct configure script otherwise "bash -n configure" fails
    with "syntax error: unexpected end of file",
* Thu Apr 12 2012
  - No longer require Ghostscript but only "Recommends: ghostscript"
    because the Ghostscript device "cups" is needed by several CUPS
    filters (in particular the "rasterto..." filters) but those
    filters are not used on all systems (e.g. on a print server
    with only "raw" queues) so that a weak Recommends fits better.
    Furthermore this avoids a build dependency cycle between the
    main-packages cups and ghostscript.
  - No longer require /usr/bin/pdftops but only a "Recommends"
    because the CUPS filter /usr/lib/cups/filter/pdftops
    (which calls /usr/bin/pdftops) is not used on all systems
    (e.g. on a print server with only "raw" queues) so that
    a weak Recommends fits better.
* Tue Apr 10 2012
  - In cups.spec only "Requires: ghostscript" but no longer require
    ghostscript-fonts-std in cups.spec because in ghostscript.spec
    there is already "Requires: ghostscript-fonts-std"
    (related to openSUSE Bugzilla bnc#735824).
  - In cups.spec remove the Obsoletes/Provides cups-SUSE-ppds-dat
    because cups-SUSE-ppds-dat.rpm existed only up to SLE10
    but it does no longer exist since 11.1/SLE11
    and CUPS 1.5.x is not provided for SLE10.
  - Use traditional bash scriptlets for post/postun with
    an explicite "exit 0" line at the end to be fail safe and
    therefore also "PreReq: /sbin/ldconfig" explicitly for the
    cups-libs sub-package, see the "Shared_libraries" section in
* Tue Feb 07 2012
  - Upgraded to CUPS 1.5.2 (mainly a bugfix release). This release
    fixes a number of printing, encryption, and ipptool issues.
    * The scheduler incorrectly used free() on a POSIX ACL value,
      which could cause a crash (STR #3970).
    * Encryption was broken with OpenSSL (probably STR #3933
      and bnc#739410 ).
    * Badly formed GIF files could cause the image filters
      to crash (STR #3914).
    For a complete list see the CHANGES.txt file.
* Tue Jan 10 2012
  - Use explicit buildrequires on the needed libraries.
    otherwise build will fail after libtiff-devel deps cleanup
  - Cleanup requires of -devel package, which only needs glibc-devel
  - cups-config-libs.patch fixes cups-config script,
    which with option --libs adds:
    LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto
    - lz -lpthread -lm -lcrypt "
    IMGLIBS="-ltiff -ljpeg -lpng"
    This only makes sense when using static linking but we do not
    ship static libraries and it will only bloat dependant packages.
* Sat Dec 17 2011
  - Update systemd patch, Bind to datagram socket as well in
    systemd cups.socket unit file, to prevent that port being
    stolen by another service (from RH).
  - There is no need to use -fno-strict-aliasing
    in cflags any longer.
* Sat Dec 03 2011
  - Update systemd patch to a newer version that uses
    libsystemd-daemon instead of bundling sd-daemon wrappers.
* Sat Dec 03 2011
  - cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
    adds complete systemd support, the hardware stuff is handled in
    builtin udev rules (see /lib/udev/rules.d/99-systemd.rules).
    See also
* Thu Oct 06 2011
  - Upgraded to CUPS 1.5.0 (openSUSE Bugzilla bnc#722057)
    Backward incompatible changes:
    * The main header cups/cups.h no longer includes the PPD header
      cups/ppd.h which may require code changes to applications.
    * CUPS no longer supports the old ~/.cupsrc or ~/.lpoptions files
      from CUPS 1.1.x. The ~/.cups/client.conf and ~/.cups/lpoptions
      files that were introduced in CUPS 1.2 must now be used.
    * The scheduler now requires that filters and backends
      have group write permissions disabled (security).
    * The HP-GL/2 filter is no longer included (STR #3322).
    * The SCSI backend is no longer included (STR #3500).
    Other changes:
    * Updated the PostScript filter to support IncludeFeature
      in more circumstances (STR #3417).
    * The scheduler now sets the process group for child processes
      and manages the group (STR #2829).
    * The scheduler now more carefully creates and removes
      configuration, cache, and state files (STR #3715).
    * The lpadmin command now allows default option values
      to be deleted (STR #2959).
    * Restored support for GNU TLS and OpenSSL with threading
      enabled (STR #3605, STR #3461).
      Therefore cups-1.4.4-str3461-1.4.reverted.patch
      is no longer needed (openSUSE Bugzilla bnc#617026).
    * Increased the default RIPCache value to 128MB (STR #3535).
      Therefore cups-1.4.4-set_default_RIPCache_128m.patch
      is no longer needed (openSUSE Bugzilla bnc#628233).
    * Updated PDF filter to support Ghostscript ps2write (STR #3766).
    * Updated PDF filter to support Poppler option to preserve page
      sizes in PDF files when the user has not selected a particular
      media size (STR #3689).
    * Added new PWG Raster filter for IPP Everywhere printer support.
    * Added support for a new cupsFilter2 keyword in PPD files
      to allow for the propagation of the actual MIME media type
      produced by a filter.
    * Name resolution errors no longer no longer cause
      queues to stop (STR #3719, STR #3753). See also
    * Added a new cups-exec helper program that applies security
      profiles to filters, port monitors, backends, CGI programs,
      and mini-daemons.
    * The web interface can now be disabled using the WebInterface
      directive in cupsd.conf (STR #2625).
    * The ipptest tool is now a first-class user program (STR #3484).
    For a complete list see the CHANGES.txt file.
  - cups-1.4.4-str3461-1.4.reverted.patch (bnc#617026) and
    cups-1.4.4-set_default_RIPCache_128m.patch (bnc#628233)
    are no longer needed because the issues are fixed upstream.
    cups-1.5-additional_policies.patch (fate#303515) replaces the
    cups-1.4-additional_policies.patch which does no longer apply.
* Fri Sep 30 2011
  - add libtool as buildrequire to make the spec file more reliable
* Thu Sep 29 2011
  - Reverted the change from meissner below dated
    "Fri Sep 23 09:54:39 CEST 2011" so that baselibs.conf again
    contains only one line "cups-libs" as before because the
    submitrequest 85423 Printing/cups -> openSUSE:Factory/cups
    was declined by coolo with the following reason:
    "cups-devel-32bit requires cups-32bit (default requires),
    which does not exist".
* Thu Sep 29 2011
  - Upgraded to CUPS 1.4.8
    * network backends could crash if a printer returned a value
      of 0 for the maximum capacity for a supply (STR #3875)
    * For a complete list see the CHANGES.txt file.
  - Upgraded to CUPS 1.4.7
    * imageto* filters could crash with bad GIF files (STR #3867)
    * CUPS did not work with some printers that incorrectly
      implemented the HTTP/1.1 standard (STR #3778, STR #3791)
    * Fixed crash in scheduler when the application/octet-stream
      MIME type was not defined (STR #3690)
    * The web interface no longer tries to use multi-part delivery
      when adding printers (STR #3455) using Epiphany or IE
    * "lp" and "lpr" failed with Kerberos enabled (STR #3768)
    * Remote printer URIs with options did not work (STR #3717)
    * The scheduler now only looks up interface hostnames
      if HostNameLookups are enabled (STR #3737)
    * The scheduler could crash if a browsed printer times out
      while a job is printing (STR #3754)
    * For a complete list see the CHANGES.txt file.
* Thu Sep 29 2011
  - cups-1.4.4-set_default_RIPCache_128m.patch enlarges
    the CUPS upstream default RIPCache from 8m to 128m
    to avoid various kind of printout failures
    (STR #3535, and Novell/openSUSE Bugzilla bnc#628233).
* Fri Sep 23 2011
  - cups-devel baselibs package for Wine 32bit on 64bit building
    (added "cups-devel requires cups-libs..." to baselibs.conf).
* Sun Sep 18 2011
  - Remove redundant tags/sections from specfile
    (removed "norootforbuild" and the "clean" section).
* Mon Jul 25 2011
  - "no" locale is "nb" (norwegian bokmal) these days
    (move /usr/share/locale/no to /usr/share/locale/nb).
  - "zh" is probably meant as "zh_CN", as "zh_TW" exists
    (move /usr/share/locale/zh to /usr/share/locale/zh_CN).
* Thu Feb 10 2011
  - Cleaned up the RPM Requires:
    Removed the needless "Suggests: poppler-tools" because there
    is "Requires: /usr/bin/pdftops" which should be sufficient.
    Replaced the RPM Requires for foomatic-filters by Recommends
    because foomatic-rip is only needed by CUPS in a few cases
    and printer driver packages which need foomatic-rip require
    foomatic-filters on their own.
* Fri Jan 14 2011
  - Upgraded to CUPS 1.4.6
    CUPS 1.4.6 fixes in particular a regression:
    * A change was made in CUPS 1.4.5's pstops filter
      that it did not support landscape printing
      of PostScript files (STR #3722)
    * For a complete list see the CHANGES.txt file.
* Thu Dec 09 2010
  - Fixed coolo's quick and ditry unconditioned
    "PreReq: sysvinit(syslog)" stuff from below because build fails
    everywhere except openSUSE:Factory (i.e. openSUSE 11.4)
    because sysvinit(syslog) is nowhere else provided.
    Now the PreReq is only if suse_version > 1130.
* Tue Dec 07 2010
  - prereq init script syslog
* Fri Nov 12 2010
  -  Upgraded to CUPS 1.4.5
    CUPS 1.4.5 fixes several scheduler and printing bugs
    as well as a reported security bug, in particular:
    * Fixed a IPP parsing memory corruption bug
      (CVE-2010-2941, STR #3648, Novell/Suse Bugzilla bnc#649256)
    * Fixed a PPD loader bug that could crash the cupsd (STR #3680)
    * The scheduler restarts jobs while shutting down (STR #3679)
    * Did not initialize Kerberos in all cases (STR #3662)
    * The socket backend could go into an infinite loop
      with certain printers (STR #3622)
    * Moving a job via the web interface failed without
      asking for authentication (STR #3559)
    * The web interface did not allow a user to change
      the driver (STR #3537, STR #3601)
    * For a complete list see the CHANGES.txt file.
* Thu Jul 15 2010
  - Fixed /etc/init.d/cups (cups.init source file) so that stopping
    the cupsd waits up to 10 seconds until the cupsd had actually
    finished (if not SIGKILL would be sent to it) to make sure
    that "rccups restart" and "rccups stop ; rccups start" work
    correctly (see Novell/Suse Bugzilla bnc#622058).
* Fri Jun 25 2010
  - cups-1.4.4-str3461-1.4.reverted.patch reverts changes
    by CUPS STR #3461 as band-aid workaround for now to avoid
    that applications crash when they try to print
    (STR #3461, STR #3605, and Novell/Suse Bugzilla bnc#617026).
* Fri Jun 18 2010
  - Upgraded to CUPS 1.4.4
    CUPS 1.4.4 fixes several security, scheduler, printing,
    and conformance issues, in particular:
    * The web interface now includes additional CSRF protection
      (CVE-2010-0540, STR #3498, STR #3593, and
      Novell/Suse Bugzilla bnc#601830)
    * The texttops filter did not check the results of allocations
      (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)
    * The web admin interface could disclose the contents of memory
      (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)
    * The fix for CVE-2009-3553 (STR #3200) was incomplete
      for systems that use kqueue or epoll (STR #3490)
    * CUPS could overwrite files as root in directories owned or
      writable by non-root users (STR #3510)
    * The OpenSSL interfaces have been made thread-safe and
      the GNU TLS interface is explicitly forbidden
      when threading is enabled (STR #3461)
    * The scheduler could crash on restart if classes
      were defined (STR #3524)
    * The socket backend no longer waits for back-channel data
      on platforms other than Mac OS X (STR #3495)
    * For a complete list see the CHANGES.txt file.
* Mon Jun 14 2010
  - Update cups-1.3.9-desktop_file.patch: add the Settings category
    (required since we use HardwareSettigns) and add NotShowIn=GNOME:
    in GNOME, the configuration tool we want to use is
* Wed Jun 02 2010
  - Explicitly set configure option '--enable-debug' because
    otherwise the cups-debuginfo RPM would be empty.
  - Removed no longer recognized configure option '--enable-pie'
    (it compiles and links with '-pie -fPIE -fPIC' by default).
  - Disabled .SILENT in so that make is verbose as usual.
* Mon May 10 2010
  - In cups.spec removed '-r' from the suse_update_desktop_file call
    to not replace valid (and previously patched via
    cups-1.3.9-desktop_file.patch) categories of the desktop file
    so that it shows up in the right place (this is particularly
    an issue with the LXDE/XFCE menu).
* Thu May 06 2010
  - cups-1.4.3-default-webcontent-path.patch changes the default path
    whereto the web content is installed from /usr/share/doc/...
    to /usr/share/cups/webcontent because the files of the CUPS
    web content are no documentation (see CUPS STR #3578 and
    Novell/Suse Bugzilla bnc#546023 starting at comment#6).
  - In cups.spec replaced usage of the RPM macro 'name' by the
    explicite value 'cups' (except for the BuildRoot) so that
    CUPS could be built as well with a different package name
    (e.g. when someone likes to provide a CUPS SVN revision
    as 'cupsSVN' or a specifically adapted CUPS as 'cups4me').
* Tue Apr 27 2010
  - cups-krb5-config wrapper script for krb5-config is no longer
    needed because since April 2008 krb5-config works correctly
    (see Novell/Suse Bugzilla bnc#378270 and compare STR #3556).
* Tue Apr 20 2010
  - In cups.xinetd replaced '@LIB@' by '/usr/lib' and removed
    the perl substitute calls regarding '@LIB@' in cups.spec because
    since the upstream compliant CUPS 1.4 it is '/usr/lib/cups/'
    on all platforms (see Novell/Suse Bugzilla bnc#575544).
* Wed Mar 31 2010
  - Upgraded to CUPS 1.4.3:
    * The scheduler could try responding on a closed client
      connection, leading to a crash
      (CVE-2009-3553, STR #3200, and bnc#554861).
    * The lppasswd program allowed the localization files
      to be overridden when running in setuid mode
      (CVE-2010-0393, STR #3482, and bnc#574336).
    * The scheduler would crash when an active printer was deleted.
    * The DBUS notifier did not build (STR #3447).
    * The scheduler did not reset the SIGPIPE handler
      of child processes (STR #3399).
    * For a complete list see the CHANGES.txt file.
  - cups-1.3.9-CVE-2009-3553.patch has become
    obsolete because it is fixed in the source.
* Wed Jan 27 2010
  - CUPS 1.3 -> 1.4 version upgrade and major cleanup:
    For the CUPS upstream changes see the CHANGES.txt file.
    Such a major version upgrade is the perfect chance
    to drop almost all our own patches to enforce a
    reset to almost 100% compliance with upstream.
    Here our openSUSE CUPS versions and their number of patches
    (i.e. the "Patch" entries in the cups.spec files):
      CUPS version 1.2.12 in openSUSE 10.3: 37
      CUPS version 1.3.7  in openSUSE 11.0: 29
      CUPS version 1.3.9  in openSUSE 11.1: 26
      CUPS version 1.3.11 in openSUSE 11.2: 17
    Of course this includes patches with backported bug fixes
    via our maintenance but nevertheless there were really
    too much openSUSE specific patches.
    Therefore I would like to provide CUPS 1.4 "as is" to the
    furthest possible extent (there are still 6 patches left).
    Then let's see if we get bug reports because of this.
    I did such a reset to 100% compliance with upstream
    already in the past for sane-backends and guess what:
    I got no single bug report at all because of this.
    I guess what they do at upstream is actually not so bad ;-)
  - Added the explicite path to '--with-cachedir=/var/cache/cups'
    in cups.spec to avoid that the fallback value 'yes' results
    the cache directory '/etc/cups/yes/'.
  - cups-1.3.11-CVE-2009-2820-regression-fix.patch and
    cups-1.3.11-CVE-2009-2820.patch have become
    obsolete because it is fixed in the source.
  - cups-1.4-full_path_to_configure_with-pdftops.patch has become
    obsolete because it is fixed in the source.
* Tue Dec 15 2009
  - add baselibs.conf as a source
  - enable parallel building
* Tue Dec 15 2009
  - Fixed the URL and MD5 sum comments for Source0 in cups.spec.
  - cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
    in the scheduler which leads to remote denial of service,
    (CVE-2009-3553, CUPS STR #3200,
    and Novell/Suse Bugzilla bnc#554861)
* Wed Nov 11 2009
  - cups-1.3.11-CVE-2009-2820-regression-fix.patch
    fixes a regression which was introduced by
    the previous cups-1.3.11-CVE-2009-2820.patch
    which lets adding a class via CUPS Web Interface fail
    with an 'Unknown operation "{op}"' error message
    (CUPS STR #3401 and
    Novell/Suse Bugzilla bnc#548317 starting at comment #24).
  - cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface
    Cross-Site Scripting (XSS) and CRLF injection in HTTP headers
    (CVE-2009-2820 and CUPS STR #3367 and
    Novell/Suse Bugzilla bnc#548317).
* Tue Nov 03 2009
  - updated patches to apply with fuzz=0
* Wed Aug 26 2009
  - Fixed as-needed issues when compiling additional tools
    by using the right ordering of source and linked library
    in 'gcc -opoll_ppd_base ... SOURCE1 -lcups'
    and 'gcc -olphelp ... SOURCE2 -lcups' which
    obsoletes the 'export SUSE_ASNEEDED=0' workaround,
    see the 'Fri Jul 10 12:34:54 CEST 2009' entry below.
  - Run fdupes.
* Fri Jul 31 2009
  - full_path_to_configure_with-pdftops.patch
    adds support to specify a full path in
    'configure --with-pdftops=/usr/bin/pdftops'
    to avoid 'BuildRequires: xpdf-tools' which would
    bloat the build system but would be only needed to
    satisfy 'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)'
    in cups-pdf.m4 if only 'configure --with-pdftops=pdftops'
    was possible (Novell/Suse Bugzilla bnc#526847).
* Tue Jul 28 2009
  - Upgraded to CUPS 1.3.11:
    * The scheduler and cupsfilter utility would crash with
    certain MIME .types rules (CUPS STR #3159).
    * cups-1.3.10-fix-DNS-rebinding-protection.patch
    (Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238)
    is obsolete since CUPS 1.3.11 because it is fixed
    in the source (it is fixed via CUPS STR #3164).
    * For a complete list see the CHANGES.txt file.
* Fri Jul 10 2009
  - Set 'export SUSE_ASNEEDED=0' in cups.spec because build fails
    with --as-needed so that this is for now simply disabled.
* Fri Jun 26 2009
  - cups-1.3.10-fix-DNS-rebinding-protection.patch fixes
    a regression of the CUPS 1.3.10 DNS rebinding protection which
    lets e.g. "lpoptions -h localhost -p <queue> -l" fail with
    "lpoptions: Unable to get PPD file for <queue>: Bad Request"
    and in /var/log/cups/error_log there is the warning
    W ... Request from "localhost" using invalid Host: field "::1"
    but "::1" is the IPv6 loopback IP address for "localhost"
    (Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).
* Wed Jun 24 2009
  - Upgraded to CUPS 1.3.10:
    * Use a wrapper program filter/pdftops.c which only calls
    /usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops)
    instead of the CUPS fork of the Xpdf source code which was in
    the pdftops directory (CUPS STR #3129). Because of this
    cups-1.4svn-pdftops_as_filter.patch and
    cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete
    since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808).
    * The scheduler now protects against DNS rebinding attacks
    (CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624).
    * cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10
    because it is fixed in the source (CUPS STR #2979).
    * cups-1.3.9-max_subscription.patch is obsolete
    since CUPS 1.3.10 because it is fixed in the source
    (no CUPS STR but mentioned in CHANGES.txt "The scheduler
    would crash if you exceeded the MaxSubscriptions limit").
    * cups-1.3.9-filter_png_overflow2.patch is obsolete
    since CUPS 1.3.10 because it is fixed in the source
    (CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631).
    * cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10
    because it is fixed in the source (CUPS STR #2966 which is the
    successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543).
    * cups-1.3.9-cupsImageReadTiff.patch is obsolete
    since CUPS 1.3.10 because it is fixed in the source
    (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
    * For a complete list see the CHANGES.txt file.
  - cups-1.1.21rc2-preauth_security.patch and
    cups-1.1.21rc2-usermode.patch and
    cups-1.1.21-umlaut_printer.patch and
    cups-1.1.23-testpage.patch are finally removed
    since CUPS 1.3.10 because they were made for CUPS 1.1 and
    were no longer applied since CUPS 1.2 in Suse Linux 10.3.
    In particular cups-1.1.21rc2-usermode.patch can no longer
    apply since CUPS 1.2 because RunAsUser in cupsd.conf is
    no longer supported since CUPS 1.2, for more info see e.g. the
    "RunAsUser removed; reassurance wanted" mails on
    Furthermore we neither got any Suse Linux/openSUSE user request
    nor any SLE11 beta-tester/customer request for them.
* Mon Jun 08 2009
  - Replaced "--enable-static" by "--disable-static" in configure
    so that the static libraries /usr/lib[64]/libcups.a and
    /usr/lib[64]/libcupsimage.a are no longer built and included
    in the cups-devel package to enforce detection of other software
    which might be built with static CUPS libraries so that those
    other software could be fixed to use the dynamic libraries
    (see also Novell/Suse Bugzilla bnc#509945).
* Wed Jun 03 2009
  - Set BROADCAST="ipp" in cups.SuSEfirewall2 source file (which
    gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups)
    so that adding "cups" to allowed services in the firewall
    also allows CUPS Browsing information via UDP broadcasts
    (Novell/Suse Bugzilla bnc#498429).
* Thu Mar 26 2009
  - cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
    in the "_cupsImageReadTIFF()" function CVE-2009-0163
    (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 9 10:42:55 2021