-
cupsys (1.2.2-0ubuntu0.6.06.20) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
invalid free
- debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
tags in cups/ipp.{c,h}.
- CVE-2010-2941
-- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 11:35:21 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.19) dapper-security; urgency=low
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
-- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 10:37:35 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.17) dapper-security; urgency=low
* SECURITY UPDATE: privilege escalation via lppasswd tool
- debian/patches/84_CVE-2010-0393.dpatch: don't allow environment
variables to override directories in cups/globals.c and
systemv/lppasswd.c.
- CVE-2010-0393
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2010 11:04:17 -0500
-
cupsys (1.2.2-0ubuntu0.6.06.15) dapper-security; urgency=low
* SECURITY UPDATE: XSS and CRLF injection in headers
- debian/patches/83_CVE-2009-2820.dpatch: Introduce cgiClearVariables()
in cgi-bin/{var.c,cgi.h}. Clear out variables in
cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
clear out variables in cgi-bin/admin.c. Filter more characters in
cgi-bin/template.c.
- CVE-2009-2820
-- Marc Deslauriers <email address hidden> Fri, 30 Oct 2009 21:40:07 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.14) dapper-security; urgency=low
* SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags.
- debian/patches/82_CVE-2009-0949.dpatch: make sure the name field
exists in scheduler/ipp.c.
- CVE-2009-0949
-- Marc Deslauriers <email address hidden> Mon, 01 Jun 2009 10:34:39 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.13) dapper-security; urgency=low
* SECURITY UPDATE: fix integer overflow via large TIFF file
- debian/patches/81_CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in
filter/image-private.h
- CVE-2009-0163
-- Jamie Strandboge <email address hidden> Wed, 15 Apr 2009 09:25:58 -0500
-
cupsys (1.2.2-0ubuntu0.6.06.12) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
image with a large height value
- This issue was introduced in the patch for CVE-2008-1722.
- debian/patches/77_CVE-2008-1722.patch: adjust patch to multiply img->xsize
instead of img->ysize so we don't overflow in filter/image-png.c.
- CVE-2008-5286
* SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
- debian/filters/pstopdf: use the cleaned-up version from Debian.
- CVE-2008-5377
-- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:27:16 -0500
-
cupsys (1.2.2-0ubuntu0.6.06.11) dapper-security; urgency=low
* SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
the SGI filter
- debian/patches/78_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to
properly check for xsize. Taken from Debian patch by Martin Pitt.
- STR #2918
- CVE-2008-3639
* SECURITY UPDATE: integer overflow in texttops filter which could lead
to heap-based overflow
- debian/patches/79_CVE-2008-3640.dpatch: adjust textcommon.c and
texttops.c to check for too large or negative page metrics. Based on
Debian patch by Martin Pitt.
- STR #2919
- CVE-2008-3640
* SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
arbitrary code execution
- debian/patches/80_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly
check for an invalid number of pens. Also includes fix for regression in
orginal upstream patch which changed the color mapping and an off-by-one
loop error. Taken from Debian patch by Martin Pitt.
- STR #2911
- STR #2966
- CVE-2008-3641
* debian/patches/00list: apply 77_CVE-2008-1722.dpatch from previous update,
which was not applied
-- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 14:08:29 -0500
-
cupsys (1.2.2-0ubuntu0.6.06.9) dapper-security; urgency=low
* SECURITY UPDATE: Denial of service and possibly arbitrary code execution
* debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in
filter/image-png.c. Taken from Debian SVN Head.
* References
CVE-2008-1722
LP: #219491
http://www.cups.org/str.php?L2790
-- Jamie Strandboge <email address hidden> Thu, 24 Apr 2008 13:02:31 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.8) dapper-security; urgency=low
* debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in
cgiCompileSearch() using crafted search expressions. Exploitable if
printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
* debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in
process_browse_data(), which could be exploited to a remote DoS by sending
crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
patch.
* debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in
the self test's cupsd.conf. This affects the test suite (in the sense that
it actually works now) and does not affect the built binaries at all.
(Backported from trunk). Thanks to Martin Pitt for supplying the patch.
* debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in
ParseCommand() in hpgl-input.c by properly checking number of parameters
* debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in
gif_read_image() in image-gif.c by properly validating code_size
* References
CVE-2008-0047
CVE-2008-0882
CVE-2008-0053
CVE-2008-1373
http://www.cups.org/str.php?L2729
http://www.cups.org/str.php?L2656
-- Jamie Strandboge <email address hidden> Wed, 26 Mar 2008 15:02:55 -0400
-
cupsys (1.2.2-0ubuntu0.6.06.7) dapper-proposed; urgency=low
* Reapply pending SRU which got superseded in -security.
* Add debian/patches/60_ipp_read_busy_loop.dpatch:
- Fix logic error that causes IPP client programs like gnome-cups-icon to
sometimes get into a state where it uses 100% CPU time.
- Properly handle ippReadIO() encountering IPP_IDLE and make sure to never
return this to the outside world, since it is interpreted as an error
condition which causes a busy loop.
- Error out if the read callback doesn't return a value/group tag, which
would confuse the higher layers.
- Patch backported from upstream SVN (fixed in 1.2.11).
- LP: #44196
-- Martin Pitt <email address hidden> Wed, 09 Jan 2008 09:14:42 +0100
-
cupsys (1.2.2-0ubuntu0.6.06.6) dapper-security; urgency=low
* SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
* Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
thanks to Kenshi Muto.
* References
CVE-2007-6358
CVE-2007-5849
-- Kees Cook <email address hidden> Mon, 07 Jan 2008 16:08:28 -0800
-
cupsys (1.2.2-0ubuntu0.6.06.5) dapper-proposed; urgency=low
* Add debian/patches/60_ipp_read_busy_loop.dpatch:
- Fix logic error that causes IPP client programs like gnome-cups-icon to
sometimes get into a state where it uses 100% CPU time.
- Properly handle ippReadIO() encountering IPP_IDLE and make sure to never
return this to the outside world, since it is interpreted as an error
condition which causes a busy loop.
- Error out if the read callback doesn't return a value/group tag, which
would confuse the higher layers.
- Patch backported from upstream SVN (fixed in 1.2.11).
- LP: #44196
-- Martin Pitt <email address hidden> Tue, 20 Nov 2007 10:08:30 +0100
-
cupsys (1.2.2-0ubuntu0.6.06.4) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via stack overflow.
* Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
from Michael Sweet.
* References
CVE-2007-4351
-- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
-
cupsys (1.2.2-0ubuntu0.6.06.3) dapper-proposed; urgency=low
* Add debian/patches/59_title_escaping.dpatch:
- Escape non-ASCII characters in comment fields in the filters.
- This fixes printing of documents with titles containing non-ASCII
characters, line breaks, etc.
- Patch backported from upstream SVN (dropped the formatting changes):
http://www.cups.org/strfiles/1988/str1988.patch
- LP #57445.
* Skipping version number to .3 since .2 is in proposed and didn't verify.
-- Martin Pitt <email address hidden> Fri, 10 Aug 2007 12:47:32 +0200
-
cupsys (1.2.2-0ubuntu0.6.06.2~proposed1) dapper-proposed; urgency=low
* debian/patches/99-svn5875.dpatch: reverts some changes from CUPS STR 1795
(Closes LP#55828)
-- Ante Karamatic <email address hidden> Thu, 24 Aug 2006 21:38:58 +0200
-
cupsys (1.2.2-0ubuntu0.6.06.1) dapper-proposed; urgency=low
* debian/cupsys.init.d: Always make sure that log files have proper
permissions. Closes: LP#54277
-- Martin Pitt <email address hidden> Wed, 20 Sep 2006 05:51:00 +0000
-
cupsys (1.2.2-0ubuntu0.6.06) dapper-updates; urgency=low
* New upstream bugfix release:
- Fixes printing to 1.1.x servers. Closes: LP#42513, LP#42802
- Fixes parsing of some PostScript files which previously generated empty
pages. Closes: LP#51432
- Fixes parsing of network masks. Closes: LP#52390
- Lots of more fixes, see upstream changelog.
* Dropped debian/patches/00_r{5643,5660}.dpatch: Upstream now.
* debian/patches/02_configure.dpatch,
debian/patches/09_runasuser_autoconf.dpatch: Adapted to new upstream
version (taken from current edgy package).
-- Martin Pitt <email address hidden> Thu, 27 Jul 2006 06:38:01 +0000
-
cupsys (1.2.1-0ubuntu2) dapper-updates; urgency=low
* Add debian/patches/00_r5660.dpatch
- Fix for 11.22.33.* network masks (STR #1769), Closes: LP#52390
* Fixed debian/patches/05_avoidunknowngroup
- Don't create .rej files
* Fixed debian/rules
- Delete backend/*.o on clean
-- Ante Karamatic <email address hidden> Sun, 9 Jul 2006 08:05:12 +0200
-
cupsys (1.2.1-0ubuntu1) dapper-updates; urgency=low
* Upgrade to new upstream version 1.2.1 (backported from edgy):
- fix for printing on Xerox IPP printers; Closes: LP#47387
- fix for banners on single page
- fix for custom page sizes (cups ignores them now in some cases)
- fix for -u and -U switches for lpadmin
- fix for printing on some Canon printers
- fix for printing on CUPS server < 1.1.17 (RHEL3 and older)
(partly fixes LP bug #42802)
- couple of fixes for imagetoraster
* Add debian/patches/00_r5643.dpatch: Pull some fixes from upstream SVN
scheduled to go into 1.2.2:
- The lpstat command did not use the correct character
set when reporting the date and time (STR #1751)
- The cupsaddsmb command and web interface did not update
the Windows PPD files properly, resulting in corrupt
PPD files for the Windows client to use (STR #1750)
- The cupsd.conf man page didn't describe the Listen
domain socket syntax (STR #1753)
- The scheduler no longer tries to support more than
FD_SETSIZE file descriptors.
- The USB backend now reports a "no such device" error
when using the old filename-based USB URIs instead of
the "success" error.
- Increased the HTTP and IPP read timeouts to 10 seconds,
as 1 second was too short on congested networks (STR
#1719)
- Fixed another file descriptor leak when printing raw
files (STR #1736)
- The scheduler didn't always choose the least costly
filter.
- Fixed parsing of IPv6 addresses in Allow, Deny,
BrowseAllow, BrowseDeny, and BrowseRelay directives
(STR #1713)
- Special cases for the "localhost" hostname did not
work, causing printing to not work when the /etc/hosts
file did not contain a localhost entry (STR #1723)
- Updated the Spanish translation (STR #1720)
- Reverse-order page output was broken when N-up or
landscape orientations were used (STR #1725)
- The parallel, serial, socket, and USB backends needed
print data before they would report back-channel data,
causing problems with several new drivers (STR #1724)
* Ship /etc/cups/ssl directory. Closes: LP#44931
* Removed debian/patches/svn*.dpatch, these were backported from 1.2.1 in
1.2.0-0ubuntu3.
* debian/cupsys.init.d: Add missing log_end_msg. Closes: LP#48116
* Bump up shlibs to >= 1.2.1 for compatibility safety.
-- Martin Pitt <email address hidden> Thu, 6 Jul 2006 19:25:04 +0200
-
cupsys (1.2.0-0ubuntu5) dapper; urgency=low
* Remove debian/patches/56_revert_svn_5438.dpatch: The reason for this
reversion has now been fixed in gnome-cups-manager 0.31-1.1ubuntu8. This
fixes the handling of spaces in manufacturer names. Closes: LP#33545
-- Martin Pitt <email address hidden> Wed, 17 May 2006 13:18:05 +0200
-
cupsys (1.2.0-0ubuntu4) dapper; urgency=low
* Add debian/patches/svn5530_str1667_octet_stream.dpatch: Fix printing of
application/octet-stream jobs (usually from Windows clients with locally
installed driver). (STR #1667) Closes: LP#43145
-- Martin Pitt <email address hidden> Wed, 17 May 2006 08:58:16 +0200
-
cupsys (1.2.0-0ubuntu3) dapper; urgency=low
* Pull some bug fixes from SVN head:
* Add debian/patches/svn5512_KCMYcm_fix.dpatch: Fix bug in KCMYcm handling
(typo in variable name).
* Add debian/patches/svn5518_12bitraster.dpatch: Make sure we swap 12/16 bit
chunky data in raster filter.
* Add debian/patches/svn5523_1_2_4bit_raster.dpatch:
- Fix imagetoraster generation of 1/2/4-bit raster data.
- Fix cupsRasterWritePixels() - bad double line termination.
* Add debian/patches/svn5526_str1676_stopped_jobs_active.dpatch: Fix stopped
jobs to be considered active (STR #1676).
* Add debian/patches/svn5527_LDAP_define.dpatch: Fix typo in #ifdef:
s/OPENDAP/OPENLDAP/.
* Add debian/patches/svn5527_str1683_lpstaterror.dpatch: The lpstat command
displayed the wrong error message for a missing destination (STR #1683).
* Add debian/patches/svn5527_str1689_printeroptions.dpatch: "Set Printer
Options" in the web interface did not update the DefaultImageableArea or
DefaultPaperDimension attributes in the PPD file (STR #1689).
* Add debian/patches/svn5528_str1680_load_custom_options.dpatch: ppdOpen*()
did not load custom options properly (STR #1680).
-- Martin Pitt <email address hidden> Tue, 16 May 2006 12:39:35 +0200
-
cupsys (1.2.0-0ubuntu2) dapper; urgency=low
* debian/cupsys.init:
- Load the 'lp' module. Earlier installers did not put it in /etc/modules
and we keep getting dozens of bug reports about that, so let's just fix it
here once and for all.
- Load the 'ppdev' module. This should fix detection of parallel printers.
Closes: LP#29050
-- Martin Pitt <email address hidden> Thu, 11 May 2006 11:09:59 +0200
-
cupsys (1.2.0-0ubuntu1) dapper; urgency=low
* Final 1.2.0 upstream release (bug fixes only). Closes: LP#43898
* Remove debian/patches/01_cupsimage.dpatch, fixed upstream.
* Remove debian/patches/57_svn_5461.dpatch, fixed upstream.
* debian/patches/58_cupsd.conf-AllowLocal.dpatch: Fix typo: @LOCAL@ ->
@LOCAL. Closes: LP#43933
-- Martin Pitt <email address hidden> Wed, 10 May 2006 12:09:54 +0200
-
cupsys (1.1.99.rc3-0ubuntu4) dapper; urgency=low
* Add debian/patches/58_cupsd.conf-AllowLocal.dpatch: Add 'Allow @LOCAL'
to server ACL to actually allow LAN computers to access the printer if
sharing is enabled. This avoid having to change two things for enabling
printer sharing (a source of much confusion and a FAQ). This does not
change the default behavior (port only listens on localhost by default).
-- Martin Pitt <email address hidden> Tue, 9 May 2006 17:53:02 +0200
-
cupsys (1.1.99.rc3-0ubuntu3) dapper; urgency=low
* debian/cupsys.config: Print migration note to stderr, not stdout, to not
confuse debconf. Closes: LP#41716
* debian/cupsys.postinst: Fix ownership of files in /var/cache/cups/ so that
they are writable by non-root cupsd. Earlier dapper versions got the
ownership wrong, so fix this for intra-dapper upgrades. Closes: LP#40795
* Add debian/local/{sharing_status,enable_sharing}: Scripts to control
printer sharing (by opening or closing the TCP port). Thanks to Ante
Karamatić for his initial scripts and research!
-- Martin Pitt <email address hidden> Tue, 9 May 2006 16:33:19 +0200
-
cupsys (1.1.99.rc3-0ubuntu2) dapper; urgency=low
* debian/cupsys.init.d: Fix log creation for real. Closes: LP#41267
* debian/cupsys.logrotate: Create files as cupsys:lpadmin, not root:lp.
(Also part of LP#41267)
-- Martin Pitt <email address hidden> Tue, 2 May 2006 19:36:22 +0200
-
cupsys (1.1.99.rc3-0ubuntu1) dapper; urgency=low
* New upstream bug fix release 1.2RC3, UVF exception approved by Matt
Zimmerman.
* Add debian/patches/56_revert_svn_5438.dpatch: Revert upstream svn commit
5438 (fixed handling of products/manufacturers with spaces in the name)
for now since it causes regressions in gnome-cups-add. Will be reactivated
later when the issue is sorted out with upstream.
* Update patches for new upstream release.
* Remove debian/patches/20_httpGetHostname_crash.dpatch, fixed upstream.
* Add debian/patches/14_dont_force_ssl.dpatch: Upstream now requires
encryption by default for accessing /admin/, but our GUI frontends do not
yet cope with that. Disable SSL requirement for now to revert to the old
behaviour.
* debian/patches/08_cupsd.conf.conf.d.dpatch:
- Set "BrowseAddress @LOCAL"; without this, sending browsing information
does not work (Browsing still has to be enabled). Since enable_browsing
now works for exporting printers, too, this Closes: LP#17981
- Add some comments to point out that the Port and Browsing settings are
moved to /etc/cups/cups.d/.
* debian/cupsys.postrm: Clean up passwd.md5 on purge.
* debian/cupsys.init.d: Pre-create error_log, too, and clean up code a bit.
Closes: LP#41267
* debian/cupsys.postinst: If upgrading from Breezy, adapt the inclusion of
external browsing configuration in cupsd.conf to retain the correct
setting for modified cupsd.conf files.
* debian/cupsys.config:
- Fix handling of cupsd-browsing.conf -> cups.d/browse.conf transition for
breezy->dapper upgrades.
- Fix browse.conf parsing to set the correct debconf default value, so
that the browse setting is not reset to 'off' on upgrades.
Closes: LP#38704
* Add debian/patches/57_svn_5461.dpatch:
- Properly HTML-quote the printer name so that names containing e. g. '+'
work properly in the web interface.
- Upstream svn commit 5461.
- Closes: LP#37018
-- Martin Pitt <email address hidden> Tue, 25 Apr 2006 20:09:37 +0200
-
cupsys (1.1.99.rc2-0ubuntu2) dapper; urgency=low
* debian/cupsys-client.links: Fix cupsenable/cupsdisable manpage link.
Closes: LP#40725
* debian/patches/09_runasuser.dpatch: Do not drop additional group
privileges in scheduler/process.c. This should fix a range of bugs
concerning detection of parallel port printers and other 'permission
denied' bugs.
-- Martin Pitt <email address hidden> Mon, 24 Apr 2006 19:17:12 +0200
-
cupsys (1.1.99.rc2-0ubuntu1) dapper; urgency=low
* Many changes have been applied in Debian now; reapply remaining Ubuntu
changes from scratch to clean up some cruft (see below for details). Also,
maintain Ubuntu package as SVN branch of the Debian one.
* debian/rules: Enable --with-cups-user=cupsys and
--enable-privilege-dropping to not run cupsd as root.
* debian/control: Remove libdbus-1-dev build dependency, dbus support is not
something for dapper.
* debian/cupsys.init.d: Disable reload (it doesn't work as normal user),
change force-reload to restart.
* debian/cupsys.init.d: Pre-create access_log and error_log since cupsd
can't create them as normal user.
* debian/rules: Set rc runlevel priority to 19.
* debian/cupsys.{postinst,postrm}, debian/cupsys-client.postinst:
Setup/remove cupsys user and its needed groups.
* debian/cupsys.templates: Disable browsing by default due to our 'no open
ports in the default install' policy.
* debian/README.Debian: Explain disabling of administrative functions in web
interface and describe how to re-enable it.
* debian/cupsys.preinst:
- Migrate /etc/cups/cupsd-browsing.conf to /etc/cups/cups.d/browse.conf
for smooth upgrades from Hoary.
- Fix owner of /etc/cups/ppd/* on upgrades.
* debian/patches/ubuntu-nowebadmin.dpatch: Explain disabling of
administrative functions in the web interface and point to doc how to
reenable it.
* debian/patches/55_ppd_okidata_name.dpatch: Change "Oki" manufacturer name
to "Okidata" to be consistent with other PPD files.
* Implement http://wiki.debian.org/PpdFileStructureSpecification:
- debian/dirs: Create /usr/share/ppd/cups-included/.
- debian/rules: Install shipped PPDs into
/usr/share/ppd/cups-included/<Manufacturer>/ and provide a symlink to
the old /usr/share/cups/model directory for backwards compatibility.
* debian/libcupsys2.shlibs: Remove Debian revision to allow -0ubuntuN
number.
* Support custom PPD installation by lpadmin members (through e. g.
gnome-cups-manager):
- debian/cupsys.dirs: Create /usr/share/ppd/custom/.
- debian/cupsys.init.d: Fix permissions of that dir to root:lpadmin 3775.
- debian/rules: Install compatibility symlink
/usr/share/cups/model/custom.
* debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if
it's missing.
* debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
certificate permissions from 0440 to 0240, so that the CGI programs cannot
read it any more. Without this patch, cupsd presented its own certificate
to itself, and *every* user could do admin tasks without authentication.
cupsys (1.1.99.rc2-0exp1) experimental; urgency=low
[ Kenshi Muto ]
* New upstream release 1.2RC2.
- Because -fpie config becomes optional, compiler works on amd64 and
other architectures. (closes: #335199)
* Enable LDAP support.
* Remove duplicated update-rc.d (closes: #356911)
* Stopped asking admin password because it works only if user chooses
digest authentication. The default configuration of Debian uses
PAM and basic authentication.
* Enable dbus support.
* 03_clean.dpatch: Remove produced and remained files during build.
* Now CUPS uses 'lp' user/group privilege to call backend or any other
programs.
CUPS SystemGroup is 'lpadmin'. You need to add users who are allowed
to add/modify/remove printers/jobs/classes.
* Remove image.h.patch from source. It is no longer needed.
* 02_configure.dpath: Remove -rpath from configure.
* Fix typo in cupsys-bsd description. (closes: #362070)
* Add Galician debconf translation. (closes: #361258)
* Update Danish debconf translation. (closes: #357969)
* Use 'reload' during logrotate instead of 'restart'. It looks safe
on CUPS 1.2. (though job-restart problem still remains)
* set TZ in init script only if TZ isn't defined yet.
* Use if-fi structure style for postrotate of logrotate script.
It solves error when cupsys is not running. (closes: #347641)
* Unset TMPDIR environment variable before running daemon. (closes: #347829)
* Removed /etc/cups/pdftops.conf because it was for pdftops of upstream
version. Debian CUPS uses xpdf-utils wrapper and doesn't need
pdftops.conf.
* Notice: /etc/cups/client.conf has been removed upstream.
* Notice: {dis,en}able have been renamed to cups{dis,en}able.
[ Martin Pitt ]
* debian/patches/48_stdlib.dpatch: Adapted to new upstream version.
* debian/cupsys.init.d:
- Fix arguments of start-stop-daemon and remove the hideous kill
algorithm.
- Ensure that /var/run/cupsd exists; this makes the init script work with
/var/run mounted on a tmpfs.
* debian/libcupsys2-dev.files, debian/libcupsimage2-dev.files: Remove static
library; upstream does not build them any more, and they are useless
anyway.
* Add debian/patches/06_disable_backend_setuid.dpatch: Remove the uid
changing in scheduler/cups-deviced.c which was introduced recently in
upstream. It totally breaks device node access (e. g. /dev/lp0 is root:lp
0660, which is inaccessible for a process which runs as lp:root).
* debian/rules: Remove --with-cups-user, upstream does not support
it any more.
* debian/patches/09_runasuser_fixes.dpatch: RunAsUser was removed upstream;
rename the patch to 09_runasuser.dpatch and rewrite it:
- Enclose all changes in an #if CUPS_DROP_PRIVILEGES, so that it is easy to
enable this feature.
- scheduler/main.c: Drop privileges after initialization.
- scheduler/conf.c: If we build with CUPS_DROP_PRIVILEGES, set RunUser to
User instead of getuid(), since at that point we will always run as root
(privileges cannot yet be dropped at that point).
- config-scripts/cups-defaults.m4: Add --enable-privilege-dropping option.
- config.h.in: Add CUPS_DROP_PRIVILEGES option template.
* Add debian/patches/09_runasuser_autoconf.dpatch: autoconf changes for
09_runasuser_fixes.dpatch changes.
* debian/pdftops: Fix reading from stdin (https://launchpad.net/bugs/17124)
* debian/cupsys.preinst: Remove dangling /etc/cups/pdftops.conf symlink on
upgrades to unbreak printing with poppler-utils.
* debian/control: Add poppler-utils alternative for xpdf-utils dependency.
* Add debian/patches/12_quiesce_ipp_logging.dpatch:
- Drop successful IPP messages to log level 'debug' and unsuccessful ones
to 'info'.
- Do not flood access_log with successful CUPS-Get-Printers and
Get-Printer-Attributes queries (which are generated by e. g.
gnome-cups-icon every 3 seconds).
- Closes: #280718
* Add debian/patches/13_default_log_warn.dpatch: Raise default log severity
to 'warning' to not log gazillions of IPP requests by default. (other part
of #280718)
* debian/rules, debian/cupsys.postinst: Remove obsolete /etc/cups/certs and
/var/lib/cups/certs (certificates are managed in /var/run/certs now).
* debian/cupsys.preinst: Remove obsolete /etc/cups/certs symlink on upgrades.
* debian/cupsys-client.files: Install cupstestdsc and manpage.
* debian/cupsd.init: Have force-reload to reload, not restart.
* debian/cupsys.logrotate: Use force-reload instead of reload, since the
latter is not required to exist by Debian Policy.
* debian/rules: Ship browsing_status and enable_browsing.
* debian/patches/20_httpGetHostname_crash.dpatch: Add some robustifications
to httpGetHostname() to hopefully fix a reported crash.
-- Martin Pitt <email address hidden> Fri, 21 Apr 2006 16:19:37 +0200
-
cupsys (1.1.99.b1.r4929-0ubuntu9) dapper; urgency=low
* Correct permissions of /var/run/cups in the init script.
-- Scott James Remnant <email address hidden> Wed, 19 Apr 2006 14:15:14 +0100
-
cupsys (1.1.99.b1.r4929-0ubuntu8) dapper; urgency=low
* Disable 53_usr_share_ppd_support.dpatch again, too many
packages still have /usr/share/cups/model hardcoded.
* Symlink /usr/share/cups/model/cups-included to /usr/share/ppd/cups-included.
* Place ppd files in manufacturer specific subdirectories.
* Change "Oki" manufacturer name to "Okidata".
* Symlink /usr/share/cups/model/custom to /usr/share/ppd/custom.
-- Matthias Klose <email address hidden> Wed, 12 Apr 2006 19:26:18 +0200
-
cupsys (1.1.99.b1.r4929-0ubuntu7) dapper; urgency=low
* debian/cupsys.init.d: Move log_end_msg to the right place again.
* Add debian/patches/53_usr_share_ppd_support.dpatch:
- Look for PPDs in /usr/share/ppd, according to
http://wiki.debian.org/PpdFileStructureSpecification.
- Fixes Debian bug #358186.
* debian/rules: Install PPD files into /usr/share/ppd/cups-included,
according to above specification.
* debian/patches/54_cups-config_modeldir.dpatch: Add --modeldir to
cups-config so that other packages can use it to figure out the correct
PPD base path.
* debian/libcupsys2.shlibs: Bump version number so that other packages can
rely on cups-config's modeldir.
* Re-add debian/patches/51_dont_log_ipp_printer_query.dpatch, since these
log messages are routed through a different code path.
* debian/cupsys.init.d: Change custom PPD path from /usr/share/cups/ppd to
/usr/share/ppd/custom.
-- Martin Pitt <email address hidden> Fri, 7 Apr 2006 17:14:25 +0200
-
cupsys (1.1.99.b1.r4929-0ubuntu6) dapper; urgency=low
* Add debian/patches/51_ipp_log_severity_info.dpatch: Drop successful IPP
messages to log level 'debug' and unsuccessful ones to 'info'. This is a
more generic approach to avoid ridiculously huge logs due to polling by
gnome-cups-icon and friends.
* Drop debian/patches/51_dont_log_ipp_printer_query.dpatch, obsoleted by
above patch.
* Add debian/patches/52_default_log_level_warning.dpatch: Raise default log
level from info to warning. Closes: LP#38042
-- Martin Pitt <email address hidden> Thu, 6 Apr 2006 12:05:45 +0200
-
cupsys (1.1.99.b1.r4929-0ubuntu5) dapper; urgency=low
* debian/patches/51_dont_log_ipp_printer_query.dpatch: Suppress logging of
successful CUPS_GET_DEFAULT messages, too. Closes: LP#29895
* debian/pdftops: Fix reading from stdin. Closes: LP#17124
-- Martin Pitt <email address hidden> Thu, 30 Mar 2006 19:52:20 +0200
-
cupsys (1.1.99.b1.r4929-0ubuntu4) dapper; urgency=low
* debian/cupsys.postinst: Make sure that the scanner group exists before
trying to add the cupsys user to it.
-- Colin Watson <email address hidden> Thu, 9 Mar 2006 08:20:02 +0000
-
cupsys (1.1.99.b1.r4929-0ubuntu3) dapper; urgency=low
* debian/rules: Do not install dangling pdftops.conf symlink. (Malone #26785)
* debian/cupsys.preinst: Remove a dangling pdftops.conf symlink on upgrades
to this version.
* debian/cupsys.postinst: Add cupsys to group 'scanner' to be able to access
printer/scanner combined devices. (Malone #29050)
* debian/patches/44_fixconfdirperms.dpatch: Make /etc/cups/ppd group
writable. (Malone #31533)
* debian/cupsys.init.d: Make sure that page_log exists with the right
permissions. (Malone #33409)
* Add debian/patches/51_dont_log_ipp_printer_query.dpatch: Do not flood
access_log with successful CUPS-Get-Printers and Get-Printer-Attributes
queries (which are generated by gnome-cups-icon every 3 seconds). This is
a hideous and hackish patch, but it has to do until we dbusify cupsys
properly. (Malone #29895)
-- Martin Pitt <email address hidden> Mon, 6 Mar 2006 16:08:32 +0100
-
cupsys (1.1.99.b1.r4929-0ubuntu2) dapper; urgency=low
* Add 50_truncate_ppd.dpatch:
- cups/file.c: Do not forget to write the pending uncompressed tail when
copying a compressed file. Fixes cropped PPD files in /etc/cups/ppd.
- Patch taken from upstream svn commit 4942.
- Malone #28642
* debian/cupsys.init.d: Create access_log with proper permissions if it does
not yet exist. (Malone #28492)
* debian/cupsys.preinst: If we upgrade from a version earlier than this one,
change all root-owned PPD files in /etc/cups/ppd to be owned by cupsys.
(Malone #12879)
-- Martin Pitt <email address hidden> Thu, 19 Jan 2006 16:55:51 +0100
-
cupsys (1.1.99.b1.r4892-0ubuntu1) dapper; urgency=low
* New upstream snapshot.
* Adapt patches to new upstream version:
- 02_configure.dpatch
- 48_stdlib.dpatch
- ubuntu-nowebadmin.dpatch
* Add debian/patches/50_local_username_check.dpatch: Fix the restriction
of changing/cancelling of print jobs to the owner.
- scheduler/auth.c: Disable weird code that bypasses user name check for
local authentication.
- scheduler/ipp.c: Copy the determined user name of the connection to the
con structure, so that cupsdCheckPolicy() has a chance to actually
verify it.
- Ubuntu #12177
-- Martin Pitt <email address hidden> Fri, 13 Jan 2006 15:28:22 +0100
-
cupsys (1.1.99.b1.r4841-1ubuntu8) dapper; urgency=low
* debian/cupsys.init.d: Remove the hideous killing hacks and just invoke
start-stop-daemon with the correct arguments.
-- Martin Pitt <email address hidden> Wed, 11 Jan 2006 19:23:47 +0100
-
cupsys (1.1.99.b1.r4841-1ubuntu7) dapper; urgency=low
* debian/cupsys.init.d: Make sure that the PID file directory /var/run/cups
exists. The new approach of mounting /var/run as tmpfs removes the
directory that is shipped in the deb. (Ubuntu #22261)
-- Martin Pitt <email address hidden> Wed, 11 Jan 2006 13:47:45 +0100
-
cupsys (1.1.99.b1.r4841-1ubuntu6) dapper; urgency=low
* debian/cupsys.init: Call stop/start in the 'restart/force-reload' section
to make use of the much more robust 'stop' handling. This should avoid
frequent failures of force-reload. (Ubuntu #21787)
* debian/cupsys.postinst:
- Set permissions of /etc/cups/interfaces to root:lpadmin 2775.
- Make /etc/printcap writable for group lpadmin.
- This fixes third-party printer drivers and command line tools.
- Ubuntu #20891
-- Martin Pitt <email address hidden> Thu, 5 Jan 2006 18:11:51 +0100
-
cupsys (1.1.99.b1.r4841-1ubuntu5) dapper; urgency=low
* Synchronize to Debian's svn head to get the various configuration handling
RC bug fixes, but keep Ubuntu upstream version at r4841 since 4885 has
serious regressions.
* All non-Ubuntu specific patches have been applied in Debian now.
* Drop the following patches (accepted in Debian):
- ubuntu-sanitize-conffile-handling.dpatch
- ubuntu-localports.dpatch
- ubuntu-include-conf.d.dpatch
- ubuntu-nowebadmin.dpatch
- ubuntu-cupsimage.dpatch
* ubuntu-runasuser.dpatch: Remove the upstream code fixes (already in Debian
now), just add the 'RunAsUser' directive to cupsd.conf.
* debian/cupsys.templates: Disable browsing by default.
-- Martin Pitt <email address hidden> Thu, 22 Dec 2005 15:08:51 +0100
-
cupsys (1.1.99.b1.r4841-1ubuntu4) dapper; urgency=low
* Move forcefully killing of cupsd when start-stop-daemon fails from
postinst to init script, where it belongs to. Do not kill all running
cupsd processes, but only the one in the pid file.
-- Martin Pitt <email address hidden> Wed, 14 Dec 2005 11:07:04 +0100
