-
cups (1.7.5-3ubuntu3.2) utopic-security; urgency=medium
* SECURITY UPDATE: privilege escalation through dynamic linker and
isolated vulnerabilities
- debian/patches/str4609.patch: apply patch from upstream to
cgi-bin/ipp-var.c, cgi-bin/template.c, scheduler/client.c,
scheduler/env.c, scheduler/ipp.c, scheduler/job.c, scheduler/main.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Thu, 04 Jun 2015 08:07:45 -0400
-
cups (1.7.5-3ubuntu3.1) utopic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in cupsRasterReadPixels
- debian/patches/CVE-2014-9679.patch: validate cupsBytesPerLine and
clear returned buffer in filter/raster.c.
- CVE-2014-9679
-- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 14:07:41 -0500
-
cups (1.7.5-3ubuntu3) utopic-proposed; urgency=medium
* Fix -h option not honoured when CUPS_SERVER variable
is defined. (LP: #1352809)
-- Louis Bouchard <email address hidden> Mon, 09 Feb 2015 11:36:08 +0100
-
cups (1.7.5-3ubuntu2) utopic; urgency=medium
* debian/local/apparmor-profile:
- allow all signals to /usr/sbin/cupsd//third_party
- allow unix to /usr/sbin/cupsd//third_party (LP: #1382042)
-- Jamie Strandboge <email address hidden> Thu, 16 Oct 2014 08:28:29 -0500
-
cups (1.7.5-3ubuntu1) utopic; urgency=medium
* debian/local/apparmor-profile:
- fix peer on signal rule to use /usr/sbin/cupsd//third_party
(LP: #1376611)
- temporarily use attach_disconnected to work around LP: #1373070. This
should be undone once 1373070 is properly fixed
-- Jamie Strandboge <email address hidden> Thu, 02 Oct 2014 08:22:36 -0500
-
cups (1.7.5-3) unstable; urgency=medium
[ Didier Raboud ]
* Add two USB quirk fixes for Canon MX310 and MX320 printers
(LP: #1346868, #1369547)
[ Jamie Strandboge ]
* Update the apparmor-profile
- move Ux to Cx -> third_party and provie a third_party child profile. In
this manner, we can add some modest confinement (can't change MAC
policy, change_profile or mount) but more importantly it allows us to
specify peer=third_party to restrict where the strictly confined cups
process can send signals (LP: #1370930)
- allow r of /var/cache/samba/*.tdb (LP: #1371097)
- allow r of /var/{cache,lib}/samba/printing/printers.tdb
-- Didier Raboud <email address hidden> Tue, 30 Sep 2014 08:21:21 +0200
-
cups (1.7.5-2ubuntu1) utopic; urgency=medium
* debian/local/apparmor-profile:
- move Ux to Cx -> third_party and provie a third_party child profile. In
this manner, we can add some modest confinement (can't change MAC
policy, change_profile or mount) but more importantly it allows us to
specify peer=third_party to restrict where the strictly confined cups
process can send signals (LP: #1370930)
- allow r of /var/cache/samba/*.tdb (LP: #1371097)
- allow r of /var/{cache,lib}/samba/printing/printers.tdb
-- Jamie Strandboge <email address hidden> Wed, 24 Sep 2014 11:24:03 -0500
-
cups (1.7.5-2) unstable; urgency=medium
[ Helge Kreutzmann ]
* Update German man page (1537t)
[ Till Kamppeter ]
* Updated color management extension patch to the newest version from Joseph
Simon, especially to fix PPD updates via the web interface (LP: #1362321).
[ Didier Raboud ]
* Replace the RedHat patch restoring the access to cupsd.conf and logfiles
with upstream's
-- Didier Raboud <email address hidden> Wed, 17 Sep 2014 13:37:01 +0200
-
cups (1.7.5-1) unstable; urgency=medium
* New 1.7.5 upstream release
- Drop upstream-originated patches, refresh all
- Refresh manpage translations for new upstream release
-- Didier Raboud <email address hidden> Thu, 14 Aug 2014 19:32:52 +0200
-
cups (1.7.4-4) unstable; urgency=medium
* Add patch to ignore the 'Failed to connect to system bus' error that
sometimes breaks the errorlines counting on various architectures
* Refresh cupsd-write-systemd-Port patch
-- Didier Raboud <email address hidden> Wed, 30 Jul 2014 10:40:53 +0200
-
cups (1.7.4-3) unstable; urgency=medium
* In cups-daemon's postinst, remove leftover cups.patch symlink in
multi-user.target.wants (Closes: #755932)
* Correct default listening address used under systemd for new installations;
also correct the discrepancy on upgrades (Closes: #755807)
-- Didier Raboud <email address hidden> Mon, 28 Jul 2014 08:22:29 +0200
-
cups (1.7.4-2) unstable; urgency=medium
* Install systemd's cups.path in paths.target instead of multi-user.target
(Closes: #755690)
* Import two upstream patches:
- Fix for unsufficient permission checking for files accesses from the
webinterface (STR: #4455)
CVE-2014-5029 Incomplete fix CVE-2014-3537
CVE-2014-5030 Disallow symlinks for directory index files
CVE-2014-5031 File/directory does not have world read permissions for
directory index files
- Fix for CGI scripts (STR: #4454)
-- Didier Raboud <email address hidden> Wed, 23 Jul 2014 09:45:49 +0200
-
cups (1.7.4-1) unstable; urgency=medium
* New 1.7.4 upstream release
- Security: The web interface incorrectly served symlinked files and
files that were not world-readable, potentially leading to a
disclosure of information (STR #4450, CVE-2014-3537)
- Added USB quirk rule for Lexmark E230 (STR #4448)
- Fix broken links on the web homepage (STR #4453, Closes: #754243)
- Refresh patches
[ Helge Kreutzmann ]
* Update German man page (1531t)
[ Didier Raboud ]
* Stop managing the rename of /etc/pam.d/cups in the cups binary package:
/etc/pam.d/cups is not renamed anymore but is now just installed from a
different package (cups-daemon). (Closes: #753439)
Thanks to Raphaƫl Hertzog
-- Didier Raboud <email address hidden> Mon, 14 Jul 2014 16:55:45 +0200
-
cups (1.7.3-6) unstable; urgency=medium
* Discard lpadmin stderr in the tests' utility, fixes autopkgtests.
-- Didier Raboud <email address hidden> Thu, 26 Jun 2014 07:51:30 +0200
-
cups (1.7.3-5) unstable; urgency=medium
* Add a trap to test-drivers utility, move it to cups-client instead of cups
* Run the tests using the installed test-drivers utility
-- Didier Raboud <email address hidden> Wed, 25 Jun 2014 09:53:34 +0200
-
cups (1.7.3-4) unstable; urgency=medium
* In cups-config, run krb5-config at runtime to avoid architecture
differences due to the output of krb5-config; add check at build-time to
avoid this happening again (Closes: #751157)
* Fix dpkg-architecture calls in cups-config
* Make the test-drivers utility more generic, install it in the cups package
to be able to use it in other packages' autopkgtests
-- Didier Raboud <email address hidden> Mon, 23 Jun 2014 17:09:02 +0200
-
cups (1.7.3-3) unstable; urgency=medium
* Fix autopkgtests:
- only use accessible files,
- extend the tests to test-print all PDFs in the source test/ directory,
- abstract the drivers testing script as a separate script.
-- Didier Raboud <email address hidden> Tue, 10 Jun 2014 13:18:23 +0200
-
cups (1.7.3-2) unstable; urgency=medium
[ Till Kamppeter ]
* Added IPP attributes required by IPP Everywhere for PWG Raster when PWG
Raster as input format is supported. This is needed for shared printers
correctly emulating an IPP Everywhere printer (CUPS STR #4428)
[ Didier Raboud ]
* Add SystemdIdleExit and IdleExitTimeout references in cupsd.conf manpage
* Rename the cups pam configfile from cups-daemon to cups (Closes: #750602)
* Rewrite the autopkgtests suite:
- Drop isolation-container restriction
- Test cups-core-drivers with no driver for now
- Test cups with all available drivers
[ Jean-Paul Guillonneau ]
* Update the manpages' french translation (Closes: #744987)
-- Didier Raboud <email address hidden> Mon, 09 Jun 2014 20:46:07 +0200
-
cups (1.7.3-1build1) utopic; urgency=medium
* Rebuild against libgnutls-deb0-28.
-- Colin Watson <email address hidden> Fri, 06 Jun 2014 15:23:18 +0100
-
cups (1.7.3-1) unstable; urgency=medium
* New 1.7.3 upstream release
- Refresh patches
* Add one simple autopackagetest
* In cups-daemon.preinst, only write ListenStream stanzas for 'Port' OR
'Listen localhost', not both (Closes: #742668)
* Explicitly install README.Debian to libcups2, add symlinks in various
other packages (Closes: #750532)
-- Didier Raboud <email address hidden> Wed, 04 Jun 2014 15:27:04 +0200
-
cups (1.7.2-3build1) utopic; urgency=high
* No change rebuild against new dh_installinit, to call update-rc.d at
postinst.
-- Dimitri John Ledkov <email address hidden> Wed, 28 May 2014 10:39:38 +0100
-
cups (1.7.2-3) unstable; urgency=medium
[ Till Kamppeter ]
* Updated version numbers in Replaces:/Breaks: for cups-bsd to also work with
updating CUPS under Ubuntu (LP: #1315766)
-- Didier Raboud <email address hidden> Sun, 04 May 2014 12:18:32 +0200
-
cups (1.7.2-2) unstable; urgency=low
[ Helge Kreutzmann ]
* Update German man page (1526t)
[ Till Kamppeter ]
* Removed Ubuntu difference in the dependency of cups-deamon on avahi-daemon:
avahi-daemon is a Recommends for both now; remove "on started avahi-daemon"
from the "start on ..." rule in /etc/init/cups.conf upstart script
(LP: #1242185, #1178172)
* Add two patches for Upstart socket-triggered activation:
- allow starting cupsd socket-triggered through Upstart, for on-demand
starting to save resources (especially on mobile devices)
- let cupsd stop after 30 seconds idle time in when started by Upstart
socket-activation (if timeout is not explicitly set to another time)
(Closes: #742666, LP: #1276713)
-- Didier Raboud <email address hidden> Fri, 02 May 2014 15:54:20 +0200
-
cups (1.7.2-0ubuntu1) trusty; urgency=medium
* New upstream bug fix release
- Addresses a web interface redirection security issue, some scheduler
crashed on Linux, and other general bug fixes.
* str4393-fix-memoryleak-in-rastertolabel.patch,
fix-cupsdgetprivateattrs-function-missing-null-check.patch,
fix-cupsenumdests-does-not-fill-in-is_default-field.patch,
cupsd-support-avahi-daemon-restarting.patch,
cupsenumdests-does-not-set-cb.patch,
fix-a-dbus-threading-issue-that-caused-the-scheduler-to-crash.patch:
Removed patches backported from upstream.
* build-with-full-relro.patch,
fix-template.c-typo.patch,
prevent-dnssd-backend-exiting-too-early.patch: Removed, fixed upstream.
* mention-rfc2911-in-ipptoolfile-for-clarity.patch: Removed, fixed
differently upstream.
* manpage-hyphen-minus.patch,
cupsd-upstart-support.patch: Manually regenerated to adapt
to upstream changes.
* color-management-extension.patch,
cupsd-exit-on-idle.patch,
cupsd-exit-on-idle-upstart.patch,
read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch,
airprint-support.patch,
no-conffile-timestamp.patch,
pidfile.patch: Refreshed with quilt.
-- Till Kamppeter <email address hidden> Thu, 10 Apr 2014 19:17:25 +0200
