-
cups-filters (1.0.52-0ubuntu1.8) trusty-security; urgency=medium
* Rebuild against new qpdf security update.
- debian/control: Bump libqpdf-dev Build-Depends to 8.0~
-- Marc Deslauriers <email address hidden> Tue, 01 May 2018 14:26:06 -0400
-
cups-filters (1.0.52-0ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via improper escaping in foomatic-rip
- debian/patches/CVE-2015-8560.patch: add semicolon to list of shell
escape characters in filter/foomatic-rip/util.c.
- CVE-2015-8560
-- Marc Deslauriers <email address hidden> Wed, 16 Dec 2015 08:12:27 -0500
-
cups-filters (1.0.52-0ubuntu1.6) trusty-security; urgency=medium
* SECURITY UPDATE: code execution via improper escaping in foomatic-rip
- debian/patches/CVE-2015-8327.patch: add backtick to list of shell
escape characters in filter/foomatic-rip/util.c.
- CVE-2015-8327
-- Marc Deslauriers <email address hidden> Thu, 03 Dec 2015 09:03:20 -0500
-
cups-filters (1.0.52-0ubuntu1.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
overflows in testtopdf filter
- debian/patches/CVE-2015-3258-3279.patch: move memory allocation from
filter/texttopdf.c to filter/textcommon.c and perform bounds
checking.
- CVE-2015-3258
- CVE-2015-3279
-- Marc Deslauriers <email address hidden> Fri, 03 Jul 2015 07:10:26 -0400
-
cups-filters (1.0.52-0ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code injection via incorrect filtering
- debian/patches/CVE-2015-2265.patch: properly handle multiple
consecutive bad chars in utils/cups-browsed.c.
- CVE-2015-2265
* This package does _not_ contain the changes from 1.0.52-0ubuntu1.3 in
trusty-proposed.
-- Marc Deslauriers <email address hidden> Fri, 13 Mar 2015 07:42:48 -0400
-
cups-filters (1.0.52-0ubuntu1.3) trusty-proposed; urgency=low
* Added full support for the IPP Everywhere standard for driverless
printing (LP: #1386241):
- Added ippusbxd (Support for IPP-over-USB printers) generating the
new binary package cups-filters-ippusbxd.
- Added rastertopdf filter. This filter allows PWG Raster as input
format for a CUPS queue. This is needed to make shared CUPS printers
fully emulating IPP Everywhere printers (all other requirements are
fulfilled by CUPS itself).
- rastertopdf-mime-convs.patch: Added conversion rule for rastertopdf
filter.
- add-ipp-everywhere-ppd.patch: Added PPD file for a generic IPP
Everywhere printer (on-the-fly generation via cupsfilters.drv).
- support-for-pwgraster-output-with-ppd.patch: Support for PWG-Raster
output selected via keyword in the PPD file.
- pdftoraster-cspace-18-19-20.patch: pdftoraster: Support for output
in the color spaces 18 (CUPS_CSPACE_SW, sGray), 19 (CUPS_CSPACE_SRGB,
sRGB), and 20 (CUPS_CSPACE_ADOBERGB, Adobe RGB). No color management
appropriate to these color spaces is added yet.
-- Till Kamppeter <email address hidden> Mon, 27 Oct 2014 16:21:06 +0100
-
cups-filters (1.0.52-0ubuntu1.2) trusty-proposed; urgency=low
* Re-added ./configure option "--with-pdftops=hybrid" to activate
the hybrid rendering mode (LP: #1326295).
-- Till Kamppeter <email address hidden> Wed, 4 Jun 2014 12:08:06 +0200
-
cups-filters (1.0.52-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code injection via malicous print servers
(LP: #1316229)
- debian/patches/CVE-2014-2707-part2.patch: also sanitize remote
queue name in utils/cups-browsed.c.
- CVE number pending
* SECURITY UPDATE: BrowseAllow option fails open (LP: #1316229)
- debian/patches/fix_browseallow.patch: Deny access if BrowseAllow
option is invalid in utils/cups-browsed.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Mon, 05 May 2014 13:02:52 -0400
-
cups-filters (1.0.52-0ubuntu1) trusty; urgency=low
* New upstream bug fix release
- texttopdf: Make sure that margin changes for prettyprint
get applied.
- texttopdf, imagetopdf, imagetoraster: Range-check paper
dimensions and margins taken from the PPD file and correct
them if needed (Bug #1195).
-- Till Kamppeter <email address hidden> Mon, 7 Apr 2014 22:07:06 +0200
-
cups-filters (1.0.51-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release
- cups-browsed: SECURITY FIX to prevent arbitrary code
injection into the System V interface scripts generated for
queues for discovered native IPP printers by a malicious IPP
print service with forged make/model and/or PDL string.
-- Till Kamppeter <email address hidden> Wed, 2 Apr 2014 11:36:06 +0200
-
cups-filters (1.0.50-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release
- pdftops: Let old HP LaserJet printers (model number without
letter, like "LaserJet 3" or "LaserJet 4000") use Poppler
instead of Ghostscript (Closes: #742765).
- pdftops: Improved workaround for Toshiba printers. Instead
of using Poppler do not emit TrueType fonts with Ghostscript
(LP: #998087).
- cups-browsed: Build the device URIs for all local queues we create
with the CUPS library function httpAssembleURIf() for proper
percent escaping of characters which are not allowed in URIs
(Upstream bug #1187).
-- Till Kamppeter <email address hidden> Thu, 27 Mar 2014 15:40:06 +0100
-
cups-filters (1.0.49-0ubuntu1) trusty; urgency=medium
* New upstream release
- pdftops: Use Poppler also for Toshiba printers (LP: #998087).
- pdftops: Fixed typo which always made PostScript level 2 being
generated when using Poppler's pdftops (LP: #1294370).
-- Till Kamppeter <email address hidden> Mon, 24 Mar 2014 12:58:18 +0100
-
cups-filters (1.0.48-0ubuntu2) trusty; urgency=medium
* Use upstart job in source tree so AppArmor profile is correctly
loaded before cups-browsed is started (LP: #1276630)
- debian/local/cups-browsed.upstart: removed
- debian/rules: copy upstart job from utils directory, stop using
deprecated --upstart-only.
-- Marc Deslauriers <email address hidden> Tue, 18 Mar 2014 16:02:28 -0400
-
cups-filters (1.0.48-0ubuntu1) trusty; urgency=high
* New upstream release 1.0.48
- cups-browsed: Fix for a crash which happens on Bonjour reports of
printers without "product", "usb_MDL", and "ty" fields in the
text record (LP: #1284834).
- cups-browsed: In README and in the sample startup scripts/configs
for System V Init and Upstart taken into account the fact that it
is not required any more to start avahi-daemon before starting
cups-browsed.
-- Till Kamppeter <email address hidden> Wed, 12 Mar 2014 21:03:06 +0100
-
cups-filters (1.0.47-0ubuntu1) trusty; urgency=medium
* New upstream release 1.0.47
- pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475,
and CVE-2013-6476: Introduction of gmallocn and gmallocn3
to protect against arbitrary code execution with the
privileges of the "lp" user via malicious PDF files. Also
restrict the directory from where OPVP drivers can get
loaded.
- urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based
buffer overflow flaws in urftopdf. If a malicious URF file
were processed it could lead to arbitrary code execution
with the privileges of the "lp" user.
- pdftopdf: Fixed typo in initialization which sets the default
value page border to an undefined value. Thanks to Helge
Blischke for the patch.
- cups-browsed: Check for changes of the URI of a queue which
we have created and correct the URI if needed, especially if
a queue was not removed on shutdown of cups-browsed (default
printer or still having jobs) and before restart of
cups-browsed the server's DNS-SD-provided has changed.
- bannertopdf: Support PDF forms as banner template. This allows
especially internationalized banner pages. Forms can contain
fields for any CUPS/IPP value and get automatically filled
Thanks to Andrew V. Stepanov from ALT Linux (Bug #1170,
also first step to fix Ubuntu bug #1196986).
* Removed hard dependency of cups-browsed on avahi-daemon, demoted Depends: to
Recommends: and removed "on started avahi-daemon" from the "start on ..."
rule in /etc/init/cups-browsed.conf (LP: #1242185, LP: #1178172).
-- Till Kamppeter <email address hidden> Mon, 10 Mar 2014 13:40:06 +0100
-
cups-filters (1.0.46-0ubuntu1) trusty; urgency=low
* New upstream release 1.0.46
- gstoraster: Ignore SIGCHLD, rely on waitpid instead. Thanks
to Lauri Tirkkonen (Upstream bug #1184).
- gstoraster: Fix two instances of insufficient EINTR handling.
Thanks to Lauri Tirkkonen (Upstream bug #1184).
-- Till Kamppeter <email address hidden> Wed, 19 Feb 2014 20:19:06 +0100
-
cups-filters (1.0.45-1) unstable; urgency=medium
* New upstream release 1.0.45
- cups-browsed: Under Upstart load the AppArmor profile (LP: #1276630)
- foomatic-rip: Do not use PATH_MAX for the length of static strings
which are supposed to hold a command line. Use our own CMDLINE_MAX
constant to set them to a length of 65535 bytes
(LP: #1019662, Closes: #738440).
* Drop the upstart patch now included upstream
* Bump Standards-Version to 3.9.5 without changes needed
-- Didier Raboud <email address hidden> Fri, 14 Feb 2014 10:37:28 +0100
-
cups-filters (1.0.44-2) unstable; urgency=medium
[ Jamie Strandboge ]
* Add patch to ensure that under upstart, the apparmor profile is
loaded in the kernel before cups-browsed is started (LP: #1276630)
[ Didier Raboud ]
* Drop specific fonts' dependencies from cups-filters, as a reasonable
set of fonts is provided through fontconfig already, thanks to
Fabian Greffrath (Closes: #735223, #670059)
-- Didier Raboud <email address hidden> Wed, 05 Feb 2014 17:25:00 +0100
-
cups-filters (1.0.44-1) unstable; urgency=low
* New upstream release 1.0.44
[ Till Kamppeter ]
* Split binary package "cups-filters" into "cups-filters" and
"cups-filters-core-drivers". In low-footprint (mobile) environments we
can restrict the printer support to only IPP printers with known
common languages (PDF, PostScript, PWG Raster, PCL) to get rid of
the heavy load of drivers and PPDs for thousands of printers. From
cups-filters we need only the "cups-browsed" and
"cups-filters-core-drivers" (plus library packages) then and with
"cups-daemon" and "cups-core-drivers" from CUPS and "poppler-utils"
and "libpoppler" from Poppler one gets a low-footprint printing stack
for mobile devices setting up IPP printers automatically (Needs
"CreateIPPPrinterQueues Yes" in cups-browsed.conf).
* AppArmor profile: Allow reading and writing in /tmp/ as cups-browsed
creates temporary files when setting up native IPP printers PPD-less
("CreateIPPPrinterQueues Yes" in cups-browsed.conf).
[ Didier Raboud ]
* Strip UNRELEASED 1.0.39-1 changelog entry (Closes: #733981)
* Drop update-rc.d arguments in Debian, as they are no longer
supported
-- Didier Raboud <email address hidden> Sun, 26 Jan 2014 12:28:55 +0100
-
cups-filters (1.0.43-1build1) trusty; urgency=medium
* Rebuild for the new poppler soname
-- Sebastien Bacher <email address hidden> Wed, 22 Jan 2014 22:46:37 +0100
-
cups-filters (1.0.43-1) unstable; urgency=medium
* New upstream release 1.0.43:
- pdftopdf: Fixed software copy generation logic for printers
with hardware copy generation, but without collate support
(LP: #1259240).
- pstopdf: Support for the "landscape" and
"orientation-requested" options (LP: #1243484).
* Drop all patches:
- PATH_MAX fix was from upstream;
- The Fedora fix for PDF landscape printing got included
differently.
* Update debian/watch to prefer .xz tarballs
* Install manpages for cups-browsed and foomatic-rip
-- Didier Raboud <email address hidden> Thu, 19 Dec 2013 19:29:49 +0100
-
cups-filters (1.0.42-2) unstable; urgency=low
[ Didier Raboud ]
* Switch avahi LSB Required-{Start,Stop} dependencies to be
avahi-daemon; also bump package relationship to >= 0.6.31-3~
(Closes: #731611)
* Add Debian-specific more lightweight default testpage in svg;
convert it at build-time with rsvg-convert, hence add librsvg2-bin
in Build-Depends. Thanks to Stefan Nagy (Closes: #718895)
* Make all Ubuntu derivatives use Ubuntu material through dpkg-vendor
--derives-from instead of --is
* Backport upstream patch to fix kFreeBSD FTBFS due to conflicting
PATH_MAX defintions. Thanks to Peter Green (Closes: #731658)
[ Felix Geyer ]
* Include AppArmor profile (Closes: #728709)
-- Didier Raboud <email address hidden> Tue, 10 Dec 2013 15:01:49 +0100
-
cups-filters (1.0.42-1) unstable; urgency=low
* New upstream release 1.0.42:
- cupsfilters.convs: Corrected cost factor of
vnd.cups-postscript -> vnd.cups-raster conversion with
gstoraster, so that input data of the type
application/vnd.adobe-reader-postscript is converted
correctly (not via pstotiff). Thanks to Tim Waugh from Red
Hat for this patch
- cups-browsed: Fixed several memory leaks by adding missing
free() calls and removing an unneeded strdup(). Thanks to
Jaromir Koncicky from Red Hat for the patch (Red Hat bug
#1027317).
- foomatic-rip: Moved foomatic-rip's upstream home from the
foomatic-filters package to cups-filters, to make it easier
for distributions to ship and maintain a complete printing
stack and also to make upstream maintenance and development
easier.
- gstoraster: Fixed build system for gstoraster use D-Bus for
colord support.
[ Till Kamppeter ]
* Drop patches included upstream:
- Include dbus to make sure colord support works; therefore add
libdbus-1-dev in Build-Depends
- Fix memory leaks in cups-browsed
- Adjust filter costs so application/vnd.adobe-read-postscript input
doesn't go via pstotiff
* Updated libcupsfilters1 symbols for 1.0.42
* Add "Conflicts/Replaces/Provides: foomatic-filters" for the
cups-filters binary package. Now foomatic-rip is part of
cups-filters and the foomatic-filters package is obsolete and should
get automatically uninstalled by the cups-filters binary package.
[ Didier Raboud ]
* Move packaging from bzr to git
- Drop .bzr-builddeb
- Update Vcs-* fields
* Drop conflicting Recommends against foomatic-filters
* Rename ttf-dejavu dependency to fonts-dejavu (Closes: #716744)
-- Didier Raboud <email address hidden> Fri, 06 Dec 2013 23:36:33 +0100
-
cups-filters (1.0.41-2) unstable; urgency=low
* Import several patches from Fedora:
- Fix PDF landscape printing
- Include dbus to make sure colord support works; therefore add
libdbus-1-dev in Build-Depends
- Fix memory leaks in cups-browsed (Closes: #730720)
- Adjust filter costs so application/vnd.adobe-read-postscript input
doesn't go via pstotiff
* Use dh-autoreconf to cope with the patching of configure.ac
* In cups-filters, add Replaces and Breaks against cups-ppdc << 1.6 as
pcl.h moved (Closes: #730709)
-- Didier Raboud <email address hidden> Thu, 28 Nov 2013 23:27:04 +0100
-
cups-filters (1.0.41-0ubuntu1) trusty; urgency=low
* New upstream release 1.0.41:
- cups-browsed: Added support for automatic PPD-less setup of
print queues for IPP printers discovered on the network via
Bonjour. Supported are printers with known languages (PWG
Raster, PDF, PostScript, PCL XL, PCL 5c/e), especially also
IPP Everywhere printers. This functionality is especially
ment for mobile devices to be able to print without printer
setup tool and without printer driver/PPD collection. To
activate with "CreateIPPPrinterQueues Yes" in
/etc/cups/cups-browsed.conf.
- cups-browsed: Fixed a Valgrind-reported issue.
- pdftoippprinter: New filter for PPD-less printing. The filter
will be configured as System-V interface script for a print
queue for a discovered IPP network printer generated by
cups-browsed.
- rastertopclx: Added support for PPD-less printing. Without
PPD the filter generates PCL 5e.
- cups-browsed: Fixed socket leaks in recent IPP subscriptions
changes. Thanks to Tim Waugh from Red Hat for the patch (Red
Hat bug #1021512).
-- Till Kamppeter <email address hidden> Fri, 1 Nov 2013 15:03:57 +0100
-
cups-filters (1.0.40-0ubuntu2) trusty; urgency=low
* Rebuild for libqpdf13.
-- Colin Watson <email address hidden> Thu, 24 Oct 2013 13:48:44 +0100
-
cups-filters (1.0.40-0ubuntu1) saucy; urgency=low
* New upstream bug fix release 1.0.40:
- pdftops: Introduced new "hybrid" renderer: Here usually
Ghostscript is used, but if the printer is a Brother,
Minolta, or Konica Minolta Poppler's pdftops gets used. This
is a quirk rule to work around bugs in the PS interpreters
of the printers (LP: #1097105, LP: #1053443, LP: #1205898, LP: #238129,
LP: #1072915, LP: #293832).
- Fixed format string issues and added __attribute__ wording
to printf-like functions to catch any regressions. Thanks to
Tim Waugh from Red Hat for the patch.
- pdftops: Fix for landscape PDF handling. Do not use the
command line options "-origpagesizes" and
"-choosePaperByPDFPageSize" of Poppler's pdftops utility on
already processed PDF data. Thanks to Tim Waugh from Red Hat
for the patch.
- cups-browsed: Improve the efficiency of BrowsePoll by using
IPP notifications when possible. It falls back to the
previous behaviour if it is not possible to use this
optimization. Thanks to Tim Waugh from Red Hat for the patch.
* pdftops-only-use-origpagesizes-on-unprocessed-PDFs.patch: Removed patch
backported from upstream.
* debian/rules: Added ./configure option "--with-pdftops=hybrid" to activate
the hybrid rendering mode (LP: #1097105, LP: #1053443, LP: #1205898,
LP: #238129, LP: #1072915, LP: #293832).
-- Till Kamppeter <email address hidden> Thu, 10 Oct 2013 12:04:57 +0200