-
cups (1.5.3-5+deb7u6) wheezy-security; urgency=high
* Import 1.5 upstream fix for CERT VU#810572: Privilege escalation through
dynamic linker and isolated vulnerabilities: STR: #4609, VU#810572
- CVE-2015-1158 - Improper Update of Reference Count
- CVE-2015-1159 - Cross-Site Scripting
-- Didier Raboud <email address hidden> Tue, 09 Jun 2015 09:54:07 +0200
-
cups (1.5.3-5+deb7u4) wheezy-security; urgency=high
* Backport upstream patch to fix insufficient checking when allowing files
download from the webinterface (STR #4455), fixes CVE-2014-5029,
CVE-2014-5030 and CVE-2014-5031
-- Didier Raboud <email address hidden> Thu, 24 Jul 2014 22:44:08 +0200
-
cups (1.5.3-5+deb7u2) stable; urgency=low
* Add patch to fix hungarian templates syntax typos (Closes: #737709)
* Import upstream patch to fix XSS in the CUPS webinterface (STR #4356),
fixes CVE-2014-2856
-- Didier Raboud <email address hidden> Sat, 03 May 2014 15:24:00 +0200
-
cups (1.5.3-5+deb7u1) stable; urgency=low
[ Tim Waugh ]
* dnssd backend: don't crash if avahi gives a callback with no TXT
record (Closes: #722886)
-- Didier Raboud <email address hidden> Fri, 27 Sep 2013 19:53:20 +0200
-
cups (1.5.3-5) unstable; urgency=low
* Team upload
- Rebuild against a fixed libmagic1 (see #703274).
- Non-NMU version, above all past 1.5.x experimental versions.
* Uploaders:
- Remove Kenshi Muto <email address hidden> with his agreement and with
great thanks for his past work!
- Add myself.
-- Didier Raboud <email address hidden> Mon, 18 Mar 2013 15:23:04 +0100
-
cups (1.5.3-2.15) unstable; urgency=low
[ Till Kamppeter ]
* Update airprint-support.patch to make AirPrint support also work for
iOS 6. (Closes: #700961, LP: #1054495) - thanks to Jan Wagner.
[ Didier Raboud ]
* Add usb-backend quirk for Epson Stylus Photo 750 (Closes: #697970)
-- Didier Raboud <email address hidden> Wed, 27 Feb 2013 12:59:30 +0100
-
cups (1.5.3-2.14) unstable; urgency=low
* Add upstream patch to avoid using Kerberos over the local socket.
Avoids having the hplip-cups upgrade asking for a root password
during upgrade (Closes: #640939).
* Fix Japanese and Russian templates translations typos (Closes: #698521)
-- Didier Raboud <email address hidden> Sun, 20 Jan 2013 17:20:16 +0100
-
cups (1.5.3-2.13) unstable; urgency=low
[ Helge Kreutzmann ]
* Update German manpage translation (Closes: #697860).
[ Didier Raboud ]
* Also refresh the po4a translations infrastructure.
-- Didier Raboud <email address hidden> Fri, 11 Jan 2013 10:30:13 +0100
-
cups (1.5.3-2.12) unstable; urgency=low
[ Julien Cristau ]
* In the dbus UTF8 checker:
- Make sure to reset the buffer correctly.
-- Didier Raboud <email address hidden> Sun, 30 Dec 2012 14:12:20 +0100
-
cups (1.5.3-2.4) unstable; urgency=low
* Non-maintainer upload on behalf of the Printing Team.
[ Till Kamppeter ]
* Correctly install language-private.h as /usr/include/cups/i18n.h,
.install file entries cannot rename files (LP: #1013470).
[ Martin Pitt ]
* Tighten cups' and cups-client's dependency to libcups2 to current binary
version. They use private symbols from the libraries which the automatic
dependencies from the .symbols files don't cover.
(Closes: #668662, #677180)
* manpage-translations.patch: Update German manpage translations, thanks
Helge Kreutzmann! (Closes: #670042)
* manpage-translations.patch: Update French manpage translations, thanks
Julien Patriarca! (Closes: #670224)
* debian/README.Debian: Explain how to enable cups-lpd, thanks Vincent
McIntyre. (Closes: #508941)
[ Didier Raboud ]
* Backport upstream quirks for the libusb backend (Closes: #690982).
* Packaging repository moved to Git, change VCS-* fields accordingly.
-- Didier Raboud <email address hidden> Thu, 25 Oct 2012 08:56:29 +0200
-
cups (1.5.3-1) unstable; urgency=low
[ Till Kamppeter ]
* New upstream release
- Numerous fixes on IPP (LP: #945028, LP: #973270, LP: #990734,
LP: #992468, LP: #992982, LP: #1000172, LP: #1000758)
- USB backend based on the maintained libusb 1.0.x with support for
bi-directional communication
- Fixes on SNMP-based supply level reporting
- PostScript prtinter auto-configuration reliable now
- Several fixes on PostScript, SSL, authenticated printing, and
networking issues
* debian/patches/ipp-fixes-1.5.3.patch,
debian/patches/fix-empty-translations.patch,
debian/patches/ppd-cache-fix-crash.patch,
debian/patches/commandtops-make-robust-against-broken-postscript.patch,
debian/patches/cups-polld-reconnect.patch,
debian/patches/usb-backend-libusb-1.0.patch,
debian/patches/usb-backend-backchannel-support.patch: Removed patches which
got included upstream.
* debian/patches/fix-supply-level-computation-for-percent-supply-unit.patch,
debian/patches/fix-supply-levels-for-enumerated-prtmarkersupplieslevel.patch,
debian/patches/fix-status-reports-when-supply-levels-grow.patch,
debian/patches/add-status-reports-for-full-waste-trays-and-cleaner-unit-eol.patch,
debian/patches/match-marker-colorants-which-use-non-standard-string.patch,
debian/patches/truncate-marker-supply-names-at-comma.patch: Removed supply
level report fixes. This got solved differently upstream.
* debian/patches/do-not-suppress-inputslot-setting-with-empty-ap-d-inputslot.patch:
Removed, problem solved differently upstream.
* debian/patches/cups-avahi.patch: Manually regenerated to adapt to upstream
changes.
* debian/patches/ppd-poll-with-client-conf.patch,
debian/patches/colord-support.patch,
debian/patches/airprint-support.patch,
debian/patches/no-conffile-timestamp.patch,
debian/patches/drop_unnecessary_dependencies.patch,
debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch,
debian/patches/show-compile-command-lines.patch: Refreshed using quilt.
* debian/patches/usb-backend-busy-loop-fix.patch: Correct loops to repeat
claiming interfaces on USB devices when they are busy. Before, hitting busy
state made the device opening function error out without comment
(LP: #987485).
* debian/patches/usb-backend-detach-usblp-earlier-crash-guards.patch: Protect
against crashes by checking error codes of libusb functions (LP: #997040)
and detach usblp kernel module in an earlier stage when opening a device
(LP: #987485, LP: #997040).
* debian/patches/usb-backend-initialize-usblp-attached-state.patch: Initialize
usblp_attached field in printer data structure to assure that detaching
and re-attaching the usblp kernel module is always done correctly
(LP: #902535, LP: #959676, LP: #960666, LP: #987485,
LP: #995111, LP: #997040, LP: #1000253, LP: #1001028).
* debian/patches/install-sh-remove-bashism.patch: Removed bashism.
* debian/local/blacklist-cups-usblp.conf, debian/cups.postinst,
debian/cups.install: Blacklist the "usblp" kernel module again. We have
now a full-featured USB backend based on the maintained libusb 1.0.x
and so we can acess printers always through the raw USB devices making
the module deprecated. Detaching the kernel module for each access causes
a lot of problems: LP: #902535, LP: #959676, LP: #960666, LP: #987485,
LP: #995111, LP: #997040, LP: #1000253, LP: #1001028.
* debian/watch: Fixed URL.
[ Bastian Blank ]
* debian/control: Support multi-arch: Mark cups, cups-client, cups-bsd,
cups-common and cups-ppdc as foreign. (Closes: #672879)
[ Martin Pitt ]
* debian/cups.{preinst,postinst,postrm}: Drop the removal of obsolete
/etc/modprobe.d/blacklist-cups-usblp.conf conffile, as this file is
reintroduced now.
-- Martin Pitt <email address hidden> Wed, 23 May 2012 14:31:36 +0200
-
cups (1.5.2-5) unstable; urgency=low
* debian/patches/commandtops-make-robust-against-broken-postscript.patch:
CUPS' commandtops filter allows auto-configuration of the default option
settings of PostScript printers querying the printer using PostScript
commands defined in the PPD file ("*?..." entries). Problem is that if
one of the query commands has a PostScript error (rather common in
manufacturer-supplied PPD files) the printer errors out and ignores all
subsequent queries putting the auto-configuration job into a 90-second
timeout for each query. This patch protects the job against failures
on broken PostScript and shortens the timeout to 10 seconds, so that
as many options as possible get auto-configured in a reasonable time.
Thanks to Helge Blischke for applying the needed PostScript tricks
(CUPS STR #4028). No auto-configuration of PostScript printers actually
works by sending a job like 'echo -en '#CUPS-COMMAND\nAutoConfigure\n' |
lp -d <printer>' which could be done by a button in a printer setup tool.
-- Till Kamppeter <email address hidden> Thu, 23 Feb 2012 14:52:01 +0100
-
cups (1.5.0-13) unstable; urgency=low
[ Till Kamppeter ]
* debian/patches/ipp-patch-r8950+.patch: Revert the IPP backend to the state
of CUPS 1.4.x, as the 1.5.x versiuon has major regressions (LP: #877958,
LP: #879625, LP: #881843, LP: #883585, Closes: #638521, CUPS STR #3966,
CUPS STR #3967). This patch will get removed as soon as upstream has fixed
all these regressions. As upstream did not announce any new features for
the IPP backend in the release notes for 1.5.x, we assume that with this
step no features will get lost.
* debian/patches/dont-send-malformed-dbus-messages.patch: Do not send D-Bus
notifications with too few parameters when there are parameters which
cannot be added to the D-Bus request, especially invalid UTF-8 strings.
This made gnome-session-daemon crash (LP: #893676, CUPS STR #3984).
* debian/local/filters/cpdftocps: The cpdftocps filter (used for PostScript
printers and for drivers with PPDs which are not PDF-aware) did not
recognize the duplex setting correctly, making duplex not working on
many common printers (LP: #897723).
* debian/local/filters/cpdftocps: Cleaned up the header comments.
[ Martin-Éric Racine ]
* [cups.postrm]: purge /etc/cups/ssl/server.[crt|key] and /etc/cups/ssl.
[ Martin Pitt ]
* debian/compat: Bump from 5 to 9, this apparently was forgotten in the
Multi-Arch transition.
-- Martin Pitt <email address hidden> Fri, 02 Dec 2011 11:05:51 +0100
-
cups (1.5.0-12) unstable; urgency=low
[ Martin-Éric Racine ]
* debian/control: cups-ppdc: move from net/optional to utils/optional
to match the repository override's correct assumption.
* Fixed: Lintian: W: spelling-error-in-changelog: lenght length.
* Fixed: Lintian: I: conflicts-with-version: cupsddk-drivers (<< 1.4.0).
* Fixed: Lintian: I: conflicts-with-version: cupsddk (<< 1.4.0).
* Fixed: Lintian: W: symbols-file-contains-debian-revision: 1.5.0-0ubuntu1
(-0ubuntu1 version removed): _mimeError@Base and mimeNew@Base.
* Removed |libheimdal-dev from libcups2-dev Depends. (Closes: #648105)
[ Martin Pitt ]
* Add debian/source/options: Ignore .bzr-builddeb/, for developers who use
bzr, but not bzr-buildpackage.
* debian/cups.lintian-overrides: Quiesce "possible-missing-stop" warning, we
quite deliberately do not run the init script on levels 0 and 6.
-- Martin Pitt <email address hidden> Sun, 13 Nov 2011 14:39:22 +0100
-
cups (1.5.0-8) unstable; urgency=medium
* Urgency medium due to security fix. The previous version wasn't in testing
yet, but already matured for half of the usual period, so it will still
be 10 days in sum.
* Add 00svn_gif_overflow.patch: Fix heap overflow with broken/crafted GIF
files. Patch taken from upstream svn. [CVE-2011-3170]
-- Martin Pitt <email address hidden> Tue, 27 Sep 2011 14:46:38 +0200
-
cups (1.5.0-5) unstable; urgency=low
[ Till Kamppeter ]
* debian/cups.postinst: When executing the trigger on *.ppd-updater files of
printer driver packages, log the modification dates of the *.ppd-updater
(are more or less the build dates of the driver packages) after updating
the PPDs of the existing queues for this package and only update again if
the *.ppd-updater file has a different modification date (package got
replaced). This avoids unnecessary updates and so long delays when one
printer driver package gets updated.
* debian/control: Added myself to Uploaders: to avoid Lintian warnings about
unlogged NMUs.
[ Martin Pitt ]
* debian/control: Bump Breaks: cups version for libcups2, as cupsd seems to
use internal private symbols from this library. (Closes: #638462)
-- Till Kamppeter <email address hidden> Mon, 22 Aug 2011 12:13:43 +0200
-
cups (1.4.8-2) unstable; urgency=low
* debian/control: Unbreak Maintainer: field. (Closes: #636574)
-- Martin Pitt <email address hidden> Thu, 04 Aug 2011 13:28:47 +0200
-
cups (1.4.7-1) unstable; urgency=low
* New upstream version. [ Till Kamppeter ] * debian/patches/ubuntu-upstart.dpatch: Updated the patch to add support to the new device enumeration functionality of udev-configure-printer. This way we do not need to retrigger the printers. Retriggering is only needed if udev rules change. A fallback to the old bahavior is provided so that this CUPS package continues to work with older versions of udev-configure-printer. [ Martin Pitt ] * Update patches for new upstream release. * Drop fix-broken-ipv6-uris.patch, applied upstream. * debian/local/apparmor-profile: /var/run → /run transition. (LP: #810270) * Drop debian/patches/ubuntu-upstart.dpatch and move the upstart script to debian/local/cups.upstart. In debian/rules, copy it to debian/, and remove that again during clean. This is a slightly easier workaround for a nonexisting "dh_installinit --sysvinit-only" option than the previous creation of the upstart file with an ubuntu specific dpatch. * debian/patches/, debian/rules, debian/control, debian/source/format: Move to source format "3.0 (quilt)" and convert our dpatches to quilt patches. Drop dpatch build dependency. * Move Ubuntu specific patches to debian/patches/ubuntu. In debian/rules, apply them when building on Ubuntu. Add "patch" build dependency. -- Martin Pitt <email address hidden> Thu, 14 Jul 2011 15:02:36 +0200
-
cups (1.4.6-9) unstable; urgency=low
[ Till Kamppeter ] * debian/patches/usb-backend-accept-old-usblp-uris.dpatch: Fixed bugs in the patch which got introduced by the upstream clean-up and by the fix of a potential segfault. * debian/patches/usb-backend-accept-old-usblp-uris.dpatch: Patch got accepted upstream, replaced it by the version from the upstream trunk (1.5.x). [ Martin Pitt ] * debian/cups.postinst: Quiesce errors from rmmod. (Closes: #630109) -- Martin Pitt <email address hidden> Wed, 15 Jun 2011 06:39:52 +0200
-
cups (1.4.6-6) unstable; urgency=low
[ Till Kamppeter ] * debian/filters/pstopdf: Let pstopdf determine the page size via the "PageSize" or "PageRegion" setting in the 5th command line argument and not via "media". The "media" setting is usually inserted by CUPS and uses a PWG name of the paper size and not the name used in the PPD file. This makes Ghostscript being called without paper size setting and so a PDF file in the default paper size (A4/Letter) is passed on, breaking any printout from applications which send jobs in PostScript and which have a non-default paper size (LP: #787635). [ Martin Pitt ] * Revert calling "convert" on the banner PNGs (r961); the file is already correct in the source. The format conversion happens in Ubuntu's pkgbinarymangler, so it does not affect Debian builds at all and also this cannot be circumvented that way. Instead, blacklist this package from pkgstripfiles. (LP: #710881) * Bump Standards-Version to 3.9.2 (no changes necessary). -- Martin Pitt <email address hidden> Wed, 25 May 2011 07:03:55 +0200
-
cups (1.4.6-5) unstable; urgency=low
[ Till Kamppeter ] * debian/patches/cups-avahi.dpatch: Updated the patch to add Avahi support to the newest state of the art from http://twaugh.fedorapeople.org/cups-avahi/ (upstream of the patch), in the hope to fix CUPS crashers like LP #759031, #754567, #711875, #751770. [ Martin Pitt ] * debian/local/apparmor-profile: Add cap_dac_read_search for cups-pdf. This circumvents the sandboxing even more, but with cups-pdf's architecture there is no way around it. (LP: #295536) -- Martin Pitt <email address hidden> Mon, 18 Apr 2011 19:22:20 +0200
-
cups (1.4.6-4) unstable; urgency=low
* debian/patches/fix-broken-ipv6-uris.dpatch: When accessing the web interface via http: (unencrypted) and one does an adminstrative task which requires encryption, on upgrading to https: (encrypted) mode IPv6 IP addresses without "[...]" get inserted into the URL and the browser cannot parse the URL correctly. Fixed with a patch from upstream (LP: #744674). * debian/rules: Convert cups.png (CUPS logo for test page) to RGBA, as the original 8-bit-per-pixel color map format leads to a crash in libpng. This prevents the CUPS test page and the banner pages from printing (LP: #710881). * debian/control: Add ImageMagick to the build dependencies, as it is needed for the CUPS logo image conversion. -- Till Kamppeter <email address hidden> Fri, 01 Apr 2011 11:06:02 +0200
-
cups (1.4.6-3) unstable; urgency=low
[ Till Kamppeter ] * debian/local/filters/pdf-filters/filter/pdftoraster.cxx: Latest bug fixes from upstream: o Respect the "*RequiresPageRegion" attribute of the PPD files in the same way as pstops does (LP: #405116). o Change default rendering intent to PERCEPTUAL. o Use external ICC color profile also with CMYK color space. * debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Latest bug fixes from upstream: o Support ipp-attribute-fidelity option and MirrorPrint choice. This is needed that appropriate options in printing dialogs and printer setup tools are respected. [ Martin Pitt ] * debian/control: Downgrade smbclient to Recommends. (Closes: #618545) -- Martin Pitt <email address hidden> Thu, 17 Mar 2011 10:49:04 +0100
-
cups (1.4.6-1) unstable; urgency=low
* New upstream release. [ Martin Pitt ] * ppdc-dynamic-linking.dpatch: Update to new upstream version. * debian/control: Bump smbclient from Suggests to Recommends. (Closes: #595771) [ Martin-Éric Racine ] * Updated my contact info in debian/control. -- Martin Pitt <email address hidden> Sat, 19 Feb 2011 22:41:08 +0100
-
cups (1.4.5-3) unstable; urgency=low
[ Till Kamppeter ] * debian/rules: Do not remove the /usr/share/cups/model/ directory, some manufacturer-supplied printer drivers (like from Brother) still use it. * debian/rules: Remove a cost factor change for pstops. It is not used any more and overridden by pstops-based-workflow-only-for-printing-ps-on-a-ps-printer.dpatch * debian/local/filters/pdf-filters/filter/pdftoraster.cxx, debian/local/filters/pdf-filters/conf/pdftoraster.convs, debian/local/filters/pdf-filters/README, debian/local/filters/pdf-filters/addtocups debian/local/filters/pdf-filters/conf/HP-PhotoSmart_Pro_B8300-hpijs-pdftoijs.ppd, debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4, debian/local/filters/pdf-filters/removefromcups: Upstream changes of the PDF filter add-on package: o Added the Poppler-based pdftoraster filter. This filter is much faster than the Ghostscript-based filter (LP: #668800). o Cleaned up the sample PPD file for pdftoijs (does not go into the Debian/Ubuntu package of CUPS). * debian/rules: Rename the newly added Poppler-based pdftoraster filter to pdftoraster-poppler to not conflict with Ghostscript's pdftoraster and lower its cost factor so that it is prioritized against Ghostscript's filter. * debian/patches/cups-avahi.dpatch: Updated to fix assertion failure (LP: #707592, Red Hat bug #672143). [ Martin Pitt ] * debian/patches/ubuntu-upstart.dpatch: Don't ignore failures from apparmor-profile-load. -- Martin Pitt <email address hidden> Tue, 08 Feb 2011 10:46:25 +0100
-
cups (1.4.5-2) unstable; urgency=low
[ Till Kamppeter ] * debian/patches/cups-avahi.dpatch: Added patch from Tim Waugh from Red Hat to implement full Avahi support, not only for printer discovery by the "dnssd" backend but also for print queue broadcasting and browsing by the scheduler (CUPS daemon). Fixes LP: #465916. * debian/patches/dnssd-avahi.dpatch: Removed, is part of new cups-avahi.dpatch. * debian/patches/quiesce-bonjour-warning.dpatch: Removed, not needed any more with the new cups-avahi.dpatch. * debian/rules: Added "--with-local_protocols='CUPS dnssd' --with-remote_protocols='CUPS dnssd'" to the command line of "./configure". This adds support for DNS-SD-based browsing and broadcasting by default. * debian/patches/configure-default-browse-protocols.dpatch: Fixed handling of "--with-local_protocols=..." and "--with-remote_protocols=..." on the command line of "./configure". Now (quoted) values with spaces, like "CUPS dnssd" are treated correctly. * debian/patches/usb-backend-no-segfault-on-bad-device-id.dpatch: Assure that the device ID string read from a USB device can never be a mess: Try other byte order for device ID string length also if length is too small, empty the read device ID string if there is an IOCTL failure, reject ID strings with unprintable characters, clean white space in the ID string, and finally accept the empty ID string as an unknown device. This overcomes the problem that USB-to-Parallel adapter cables do not report back a usable ID string. With these changes it is at least possible to use one adapter cable per computer if the cables do not report unique serial numbers via libusb and any number of adapter cables if they do report serial numbers via libusb. Real USB printers can always be used, also if there are other printers connected with an adapter cable (LP: #468701, LP: #564917). [ Martin Pitt ] * debian/local/apparmor-profile: Explicitly deny access to ttyUSB* to silence noise. This is presumably an extra control channel for some USB printers, but cupsd can't use it anyway. (LP: #692892) * ubuntu-upstart.dpatch: Drop reloading of Samba. It didn't work in some cases, and is better fixed in samba's upstart script (start cups in its pre-start). * debian/rules: Set LC_MESSAGES=C to avoid breaking the test suite in non-English locales. This is a temporary fix until it is resolved upstream (see http://www.cups.org/str.php?L3765). [ Kees Cook ] * ubuntu-upstart.dpatch: Use AppArmor profile loading helper. (LP: #690040) -- Martin Pitt <email address hidden> Tue, 04 Jan 2011 11:02:32 +0100
