-
cupsys (1.2.4-2ubuntu3.3) edgy-security; urgency=low
* debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in
cgiCompileSearch() using crafted search expressions. Exploitable if
printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
* debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in
process_browse_data(), which could be exploited to a remote DoS by sending
crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
patch.
* debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in
the self test's cupsd.conf. This affects the test suite (in the sense that
it actually works now) and does not affect the built binaries at all.
(Backported from trunk). Thanks to Martin Pitt for supplying the patch.
* debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in
ParseCommand() in hpgl-input.c by properly checking number of parameters
* debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in
gif_read_image() in image-gif.c by properly validating code_size
* References
CVE-2008-0047
CVE-2008-0882
CVE-2008-0053
CVE-2008-1373
http://www.cups.org/str.php?L2729
http://www.cups.org/str.php?L2656
-- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 14:13:26 -0400
-
cupsys (1.2.4-2ubuntu3.2) edgy-security; urgency=low
* SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
* Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
thanks to Kenshi Muto.
* References
CVE-2007-6358
CVE-2007-5849
-- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
-
cupsys (1.2.4-2ubuntu3.1) edgy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via stack overflow.
* Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
from Michael Sweet.
* References
CVE-2007-4351
-- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
-
cupsys (1.2.4-2ubuntu3) edgy; urgency=low
* Add debian/patches/15_usb-devname.dpatch:
- Removing the first USB printer caused other USB printers to be
inaccessible.
- Upstream: STR#2017
- Closes: LP#64725
-- Matthias Urlichs <email address hidden> Sun, 8 Oct 2006 18:06:23 +0200
-
cupsys (1.2.4-2ubuntu2) edgy; urgency=low
* debian/rules: Do not install http/ipp backend with 0700 permissions
(regression from 1.2.4-2). Closes: LP#63707
* Add debian/patches/00_dsc-comment-encoding.dpatch:
- Fix printing of jobs with invalid/misinterpreted characters in the name.
- Patch taken from upstream SVN, thanks to Till Kamppeter for porting it
to 1.2.4. (STR#1988)
- Closes: LP#57445
-- Martin Pitt <email address hidden> Thu, 5 Oct 2006 10:30:24 +0200
-
cupsys (1.2.4-2ubuntu1) edgy; urgency=low
* Merge recent Debian changes to get some bug fixes and new upstream version
1.2.4 (UVF exception approved by Matt Zimmerman):
- The --with-printcap configure option did not work (STR #1984)
- The character set reported by cupsLangGet() did not always reflect the
default character set of a given locale (STR #1983)
- Older Lexmark and Tektronix printers did not work with IPP (STR #1980)
- Failsafe printing did not work (PR #6328)
- Some web interface redirects did not work (STR #1978)
- The web interface change settings button could introduce a "Port 0" line
in cupsd.conf if there was no loopback connection available (STR #1979)
- The web interface change settings and edit configuration file buttons
would truncate the cupsd.conf file (STR #1976)
- The German web interface used the wrong printer icon images (STR #1973)
- (The other changes of 1.2.4 were already present as patch in the
previous version.)
- Remove transitional PPD symlink which is not necessary any more and just
causes loops. Closes: LP#62198
- Fix CPU hogging of gnome-cups-manager. Closes: LP#44196
* Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch:
- Do not stop the printer if a job failed, just reattempt it. The default
policy might be suitable for large offices with an admin, but it
puts home users at loss. Thanks to Till Kamppeter for the patch!
Closes: LP#41313
cupsys (1.2.4-2) unstable; urgency=low
[ Kenshi Muto ]
* PPD transition to /usr/share/ppd is mostly finished.
Now I remove old symlink /usr/share/ppd/cups-transitional-dir and
/usr/share/cups/cups-included. (closes: #381266, #383291)
* Update debconf translations:
- Brazilian Portuguese (closes: #389222)
* Tried to solve the backend permission problem. CUPS scheduler
uses a permission and owner information of backend program.
- Install ipp and lpd as mode 0700.
- Create backend links as hardlink instead of symlink.
cupsys (1.2.4-1) unstable; urgency=medium
* New upstream release
- The web interface change settings and edit configuration
file buttons would truncate the cupsd.conf file (STR #1976,
closes: #389093)
Because this bug seems critical, we upload this fixed version
as urgency=medium.
[ Martin Pitt ]
* debian/patches/56_dirsvc.dpatch: Update patch so that a patch/unpatch
cycle restores the source properly instead of breaking dirsvc.c in two
different places.
[ Kenshi Muto ]
* debian/patches/65_detect_http_shutdown.dpatch: avoid that
gnome-cups-manager eats CPU 100%. (closes: #377640)
-- Martin Pitt <email address hidden> Mon, 2 Oct 2006 16:08:27 +0200
-
cupsys (1.2.3-1ubuntu3) edgy; urgency=low
* debian/control: Bump Conflicts/Replaces of cupsys-common to also apply to
dapper-updates, to fix dapper-updates->edgy upgrade.
-- Martin Pitt <email address hidden> Fri, 22 Sep 2006 13:37:04 +0200
-
cupsys (1.2.3-1ubuntu2) edgy; urgency=low
* debian/patches/56_dirsvc.dpatch: Update patch so that a patch/unpatch
cycle restores the source properly instead of breaking dirsvc.c in two
different places.
* debian/rules: Install 'lpd' backend suid root (root:lp 4754), so that
cupsd can print to RFC compliant lpd servers (which require the source
port to be < 1024). Closes: LP#47773
-- Martin Pitt <email address hidden> Fri, 15 Sep 2006 19:50:29 +0200
-
cupsys (1.2.3-1ubuntu1) edgy; urgency=low
* Merge recent bug fixes from Debian (see Kenshi's changes in 1.2.3-1 for
Ubuntu-relevant details). 00_r5958.dpatch has the following fixes from
upstream:
- The "All Documents" link in the on-line help was missing a trailing
slash (STR #1971)
- The Polish web interface translation used the wrong URLs for the job
history (STR #1963)
- The "reprint job" button did not work (STR #1956)
- The scheduler did not always report printer or job events properly (STR
#1955)
- The scheduler always stopped the queue on error, regardless of the exit
code, if the error policy was set to "stop-printer" (STR #1959)
- ppdEmitJCL() included UTF-8 characters in the JCL job name, which caused
problems on some printers (STR #1959)
- Fixed a buffering problem that cause high CPU usage (STR #1968)
(Closes: LP#59542)
- The command-line applications did not convert command-line strings to
UTF-8 as needed (STR #1958)
- cupsDirRead() incorrectly aborted when reading a symbolic link that
pointed to a file/directory that did not exist (STR #1953)
- The cupsInterpretRasterPPD() function did not handle custom page sizes
properly.
* debian/cupsys.init.d: Always make sure that log files have proper
permissions. Closes: LP#54277
cupsys (1.2.3-1) unstable; urgency=medium
* New upstream release
- The parallel and USB backends no longer wait for the
printer to go on-line - this caused problems with
certain printers that don't follow with the IEEE-1284
standard (STR #1738, closes: #383091)
- fixed Printer options were not always honored when printing
from Windows clients (STR#1839, closes: #385605)
[ Martin Pitt ]
* Add appropriate Replaces: to cupsys-common to unbreak upgrades.
* debian/patches/44_fixconfdirperms.dpatch: Fix file mode specification:
3755 -> 03755 (regression of svn commit 353).
[ Kenshi Muto ]
* Apply upstream svn r5958.
* check modprobe command and /proc/modules dir exist before running
modprobe (closes: #387176).
* 62_classes_crash: fix incorrect code. old code returned an error
even if user use the correct class configuration. (closes: #380663, #384654)
* bump up libcupsys2.shlibs version to 1.2.3. (closes: #385724)
* Merge old separated style configuration to the single format
only if user upgraded from an affected version. (closes: #386551)
* Provide /usr/share/cups/drivers to contain Windows drivers.
* 57_cupsaddsmb: original cupsaddsmb easily goes infinite and DoS-like
loop. Debian cupsaddsmb ends soon when it catches an error.
-- Martin Pitt <email address hidden> Tue, 12 Sep 2006 12:02:43 +0200
-
cupsys (1.2.3-0ubuntu1) edgy; urgency=medium
* New upstream bugfix release (UVF exception approved by Colin Watson).
* Merged with Debian sid.
* debian/control: Revert Debian's addition of -dbg package, since we will
have ddebs soon.
* debian/patches/44_fixconfdirperms.dpatch: Fix file mode specification:
3755 -> 03755 (regression of svn commit 353).
cupsys (1.2.2-2) unstable; urgency=high
[ Kenshi Muto ]
* Apply upstream svn change r5845.
- BrowseRelay didn't work on Debian (closes: #372855)
61_job_c_strangeloop.dpatch: I don't make sure but job.c of
r5818 causes strange CPU busy when it gets printing jobs.
This patch avoids it.
* 12_quiesce_ipp_logging: some part are merged into the upstream
source. updated.
* libcupsys2 conflicts cupsys version 1.1.
libcupsys2 version 1.2 changed its private API. This breaks
old cupsys 1.1, but we believe cupsys is only one application
is affected by this change. (closes: #380619)
* Provide an new package, "cupsys-dbg" to help chasing the
problems at user's environment.
* Increment compat to 5.
* 44_fixconfdirperms: set owner lp for /etc/cups directory.
And modify lppasswd.man to mention about Debian
specific changes. lppasswd command now work. (closes: #378062)
* 62_classes_crash: when class hasn't any printers, cupsd will
crash immedieately after receiving a job. This patch avoids
a crash.
* Update debconf translations:
- Spanish (closes: #383087)
cupsys (1.2.2-1) unstable; urgency=medium
* New upstream release
[ Martin Pitt ]
* Adapt patches to new upstream version.
* debian/cupsys.init.d: If lp module loading is requested, also load the
'ppdev' module to fix the name and model detection of parallel printers on
newer kernels.
* Revive debian/patches/56_dirsvc.dpatch; it's still not fixed upstream.
* debian/patches/09_runasuser.dpatch: Do not drop additional group
privileges in scheduler/process.c. This should fix a range of bugs
concerning detection of parallel port printers and other 'permission
denied' bugs if privilege dropping is enabled (it is disabled by default in
Debian).
* debian/patches/44_fixconfdirperms.dpatch: Do not change owner and mode of
SSL certificate, in order to not break permissions of customized global
ones (like the one from the ssl-cert package). Grrr, cups, no, you cannot
own the world!
* debian/patches/54_cups-config_modeldir.dpatch: Add --modeldir to
cups-config so that other packages can use it to figure out the correct
PPD base path.
* debian/cupsys.examples: Do not ship .svn files (upstream Makefiles install
them).
* debian/local/{enable_browsing,browsing_status}: Adapt to single-file
configuration file style.
* Add debian/local/{enable_sharing,sharing_status}: Similar to
enable_browsing and browsing_status, this switches between "Listen
localhost:631" and "Port 631" (just as the web interface does). Install
files in debian/rules.
-- Martin Pitt <email address hidden> Fri, 8 Sep 2006 11:09:05 +0200
-
cupsys (1.2.2-0ubuntu4) edgy; urgency=low
* Add appropriate Replaces: to cupsys-common to unbreak upgrades.
-- Martin Pitt <email address hidden> Mon, 4 Sep 2006 08:53:07 +0200
-
cupsys (1.2.2-0ubuntu3) edgy; urgency=low
* Rebuild against dbus 0.90
-- Sebastian Dröge <email address hidden> Thu, 24 Aug 2006 17:30:02 +0200
-
cupsys (1.2.2-0ubuntu2) edgy; urgency=low
* debian/patches/ubuntu-disable-browsing.dpatch: Re-add BrowseAddress
@LOCAL@ to fix browsing.
* Enable web interface by default:
- Add debian/patches/ubuntu-external-pam-helper.dpatch:
+ Add a helper program 'cups-check-pam-auth' which performs PAM
authentication and returns the status as exit code.
+ scheduler/auth.c, cupsdAuthorize(): Attempt to use
cups-check-pam-auth before trying native PAM.
- debian/cupsys.files: Install helper.
- debian/cupsys.postinst: Set permissions of helper to cupsys:shadow 2754.
* Remove debian/patches/ubuntu-nowebadmin.dpatch, remove explanation of
disabled web interface from debian/README.Debian. This version enables the
web interface by default. Closes: LP#50886
* debian/cupsys.postinst: Remove cupsys from the shadow group on upgrades,
so that users who previously enabled the web interface get the benefit of
privilege separation as well.
-- Martin Pitt <email address hidden> Wed, 26 Jul 2006 18:11:22 +0200
-
cupsys (1.2.2-0ubuntu1) edgy; urgency=low
* Merge to Debian unstable:
- This gets rid of /etc/cups/conf.d/ again and re-merges the separate
browsing and ports settings to /etc/cups/cupsd.conf again. Separating
was nice for preserving an unchanged conffile for the most important
settings, but it broke KDE and the web interface and generated way too
many bugs. Closes: LP#37892, LP#50804, LP#53582
* Update to new upstream version 1.2.2 (UVF exception granted by by Matt
Zimmerman):
- Fixes printing to 1.1.x servers. Closes: LP#42513, LP#42802
- Fixes parsing of some PostScript files which previously generated empty
pages. Closes: LP#51432
- Fixes parsing of network masks. Closes: LP#52390
- Lots of more fixes, see upstream changelog.
* debian/cupsys.preinst: Drop some obsolete migration bits for
Breezy->Dapper upgrade.
* debian/control: Add libdbus-1-dev build dependency to enable dbus support.
* debian/cupsys.examples: Do not ship .svn files (upstream Makefiles install
them).
* cupsys.postinst: Fix permissions of cupsd.conf to be writable by user
cupsys world-readable.
* debian/local/enable_{sharing,browsing}, {sharing,browsing}_status: Adapt
to new single configuration file format.
* debian/rules: Clean cups/raster.h symlink to unbreak source package build.
* Add debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by
default to avoid open port and stay compatible to previous releases.
cupsys (1.2.1-4) unstable; urgency=medium
[Kenshi Muto]
* Include changelogs during 1.1.23-13 - 1.1.23-15. (closes: #374494)
* Apply upstream svn change r5754.
- Fix negotiation problem between unstable clients and sarge servers.
(closes: #375359)
* 58_fixdestc: avoid build failure of r5754 (add ipp-private.h include).
* 59_de_docroot: install German translation/images. Although upstream
SVN has, Debian diff structure can't handle a binary diff. This patch
will be removed when 1.2.2 is released.
* Add snmp to backend choices. Because I don't make sure this backend
is stable, the default is disabled. Use dpkg-reconfigure cupsys to
enable. (closes: #376496)
* Don't remove backend symlinks during reconfigure/upgrade process.
(closes: #376499)
* Check Include directive with case insensitive. (closes: #376883)
* libcupsys2 has /etc/cups directory to allow admin put own
client.conf. (closes: #370788)
* Include sample client.conf in libcupsys2. You can copy /usr/share/
doc/libcupsys2/examples/client.conf to /etc/cups or ~/.cups and modify
for your environment. (closes: #376840)
* Split locale files to new package "cupsys-common". (closes: #378659)
This package is used by cupsys and cupsys-client/cupsys-bsd.
* removed 26_modprobe: because parallel backend executes with user 'lp'
permission, modprobe can't work. We CUPS team believe it's better
that lp module is loaded by discover or any other hardware detection
programs instead of CUPS. We provide a module loader by init script
for user's convenience at this time.
* 60_device_uri: preserve old URI during the printer configuration on
Web interface.
cupsys (1.2.1-3) unstable; urgency=low
[Kenshi Muto]
* Apply upstream svn change r5673.
- Remove unnecessary %s from dirsvc.c and will solve a mysterious
cupsd crash. Thanks Neil. (closes: #372696, #370611)
- Support again * character as IP address. (closes: #372291)
- Fixes wrong command line arguments to backend. (closes: #372586, #373839)
* Improve the wording of NEWS file, thanks Tomas (closes: #372256)
* 53_usr_share_ppd_support: Use /usr/share/ppd as PPD path.
(closes: #365300, #373722)
Make symlink /usr/share/ppd/cups-transitional-dir -> /usr/share/cups/ppd
for keeping a compatibility. We'll migrate all of PPD files to
/usr/share/ppd in the future.
* Revert to use single /etc/cups/cupsd.conf file for the configuration
instead of using separate files in /etc/cups/cups.d. The migration will
be done automatically. (closes: #345973, #372727)
* Apply correct permission modes to the files under /etc/cups at postinst
stage.
* Update debconf translations:
- Danish (closes: #371170)
- French (closes: #372714)
- Italian (closes: #372198)
-- Martin Pitt <email address hidden> Mon, 24 Jul 2006 11:20:04 +0200
-
cupsys (1.2.1-2ubuntu4) edgy; urgency=low
* Add forgotten versioned-dependency on sysv-rc to get new update-rc.d
behaviour. Go me.
-- Scott James Remnant <email address hidden> Fri, 21 Jul 2006 01:20:39 +0100
-
cupsys (1.2.1-2ubuntu3) edgy; urgency=low
* Remove stop links from rc0 and rc6
-- Scott James Remnant <email address hidden> Thu, 20 Jul 2006 22:13:25 +0100
-
cupsys (1.2.1-2ubuntu2) edgy; urgency=low
* debian/patches/44_fixconfdirperms.dpatch:
- Do not change owner and mode of SSL certificate, in order to not break
the SSL snakeoil cert/key (and customized global ones). (Grrr, cups, no,
you cannot own the world!)
* debian/cupsys.preinst: Add transitional code to fix snakeoil SSL cert/key
owner and mode.
-- Martin Pitt <email address hidden> Tue, 27 Jun 2006 16:05:38 +0200
-
cupsys (1.2.1-2ubuntu1) edgy; urgency=low
* Merge to current SVN head of Debian.
* Removed debian/patches/svn*.dpatch, these were backported from 1.2.1 in
1.2.0-0ubuntu3.
* Do not build libcupsys2-gnutls10 any more (it was a transitional package).
* snakeoil SSL certificate support:
- debian/cupsys.postinst: Symlink snakeoil SSL certificate/key to
/etc/cups/ssl/ and put cupsys into ssl-cert on upgrades or fresh
installs.
- debian/control: Depend on ssl-cert.
cupsys (1.2.1-3) UNRELEASED-unstable; urgency=low
[Kenshi Muto]
* Apply upstream svn change r5643.
* Remove unnecessary %s from dirsvc.c and will solve a mysterious
cupsd crash. Thanks Neil. (closes: #372696)
* Improve the wording of NEWS file, thanks Tomas (closes: #372256)
* Update debconf translations:
- Danish (closes: #371170)
- French (closes: #372714)
- Italian (closes: #372198)
cupsys (1.2.1-2) unstable; urgency=low
[Kenshi Muto]
* Provides /etc/cups/ssl directory for SSL. (closes: #370407, #370450)
* Add an newline after 'Starting ...' message by appending log_end_msg
to /etc/init.d/cupsys. (closes: #370460)
cupsys (1.2.1-1) unstable; urgency=low
[Kenshi Muto]
* New upstream release 1.2.1 for Debian unstable/testing.
* 00_r5610: Apply patches from upstream r5610.
* Re-update Dutch debconf translation (closes: #369004)
* Pump up shlibs to >=1.2.1 for compatibility safe.
cupsys (1.2.1-0exp1) experimental; urgency=low
[Kenshi Muto]
* New upstream release 1.2.1.
* Update Dutch debconf translation (closes: #369004)
* Update Italian debconf translation (closes: #367943)
* Includes the installation guide of dvi filter to /usr/share/doc/
cupsys/examples/filters/dvipipetops.INSTALL is contributed by
Francesco Potort. This is partial fix for Bug#368450.
[Martin Pitt]
* New upstream release 1.2.0.
* Update patches for new upstream release.
* Remove debian/patches/01_cupsimage.dpatch, fixed upstream.
* Remove debian/patches/20_httpGetHostname_crash.dpatch, fixed upstream.
* debian/patches/55_ppd_okidata_name.dpatch: Change "Oki" manufacturer name
to "Okidata" to be consistent with other PPD files.
* Implement http://wiki.debian.org/PpdFileStructureSpecification:
- debian/dirs: Create /usr/share/ppd/cups-included/.
- debian/rules: Install shipped PPDs into
/usr/share/ppd/cups-included/<Manufacturer>/ and provide a symlink to
the old /usr/share/cups/model directory for backwards compatibility.
* debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if
it's missing.
* debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
certificate permissions from 0440 to 0240, so that the CGI programs cannot
read it any more. Without this patch, cupsd presented its own certificate
to itself, and *every* user could do admin tasks without authentication.
* debian/cupsys-client.links: Fix cupsenable/cupsdisable manpage link.
Closes: #364447
* debian/patches/08_cupsd.conf.conf.d.dpatch:
- Set "BrowseAddress @LOCAL"; without this, sending browsing information
does not work (Browsing still has to be enabled).
- Add some comments to point out that the Port and Browsing settings are
moved to /etc/cups/cups.d/.
* debian/cupsys.postrm: Clean up passwd.md5 on purge.
-- Martin Pitt <email address hidden> Thu, 15 Jun 2006 20:54:51 +0200
-
cupsys (1.2.0-0ubuntu5) dapper; urgency=low
* Remove debian/patches/56_revert_svn_5438.dpatch: The reason for this
reversion has now been fixed in gnome-cups-manager 0.31-1.1ubuntu8. This
fixes the handling of spaces in manufacturer names. Closes: LP#33545
-- Martin Pitt <email address hidden> Wed, 17 May 2006 13:18:05 +0200
