-
cupsys (1.3.7-1ubuntu3.16) hardy-security; urgency=low
* SECURITY UPDATE: privilege escalation via config file editing
- debian/patches/CVE-2012-5519.dpatch: split configuration file into
two, to isolate options that have a security impact.
- debian/cupsys.install: also install cups-files.conf
- debian/patches/removecvstag.dpatch: updated to remove tag from
cups-files.conf.
- CVE-2012-5519
-- Marc Deslauriers <email address hidden> Mon, 03 Dec 2012 09:49:14 -0500
-
cupsys (1.3.7-1ubuntu3.13) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via missing code words
- debian/patches/CVE-2011-2896.dpatch: improve logic in
filter/image-gif.c.
- CVE-2011-2896
* SECURITY UPDATE: arbitrary code execution via incorrect code word
handling
- debian/patches/CVE-2011-3170.dpatch: don't overflow in
filter/image-gif.c.
- CVE-2011-3170
-- Marc Deslauriers <email address hidden> Mon, 12 Sep 2011 09:41:09 -0400
-
cupsys (1.3.7-1ubuntu3.12) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
invalid free
- debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
tags in cups/ipp.{c,h}.
- CVE-2010-2941
-- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 11:22:58 -0400
-
cupsys (1.3.7-1ubuntu3.11) hardy-security; urgency=low
* SECURITY UPDATE: cross-site request forgery in admin interface
- debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
templates/*.tmpl.
- CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
texttops image filter
- debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
filter/texttops.c.
- CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
- debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
- CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
- debian/patches/security-str3510.dpatch: introduce cups_open() in
cups/file.c and use to make sure hard-linked or symlinked files don't
get overwritten as root.
- No CVE number
-- Marc Deslauriers <email address hidden> Fri, 18 Jun 2010 10:32:12 -0400
-
cupsys (1.3.7-1ubuntu3.9) hardy-proposed; urgency=low
* debian/patches/fix-lpstat.dpatch: Fix lpstat to work correctly against
CUPS 1.4 servers. (LP: #497606)
-- Evan Broder <email address hidden> Wed, 03 Mar 2010 18:06:14 -0500
-
cupsys (1.3.7-1ubuntu3.8) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via use-after-free
- debian/patches/CVE-2009-3553.dpatch: check fdptr->use and
cupsd_inactive_fds in scheduler/select.c.
- CVE-2009-3553
- CVE-2010-0302
* SECURITY UPDATE: privilege escalation via lppasswd tool
- debian/patches/CVE-2010-0393.dpatch: don't allow environment
variables to override directories in cups/globals.c and
systemv/lppasswd.c.
- CVE-2010-0393
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2010 11:00:51 -0500
-
cupsys (1.3.7-1ubuntu3.6) hardy-security; urgency=low
* SECURITY UPDATE: XSS and CRLF injection in headers
- debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
cgi-bin/{var.c,cgi.h}. Clear out variables in
cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
clear out variables in cgi-bin/admin.c. Filter more characters in
cgi-bin/template.c.
- CVE-2009-2820
-- Marc Deslauriers <email address hidden> Fri, 30 Oct 2009 21:38:14 -0400
-
cupsys (1.3.7-1ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags.
- debian/patches/CVE-2009-0949.dpatch: make sure the name field exists
in scheduler/ipp.c.
- CVE-2009-0949
-- Marc Deslauriers <email address hidden> Mon, 01 Jun 2009 10:32:52 -0400
-
cupsys (1.3.7-1ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: fix integer overflow via large TIFF file
- debian/patches/CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in
filter/image-private.h
- CVE-2009-0163
-- Jamie Strandboge <email address hidden> Wed, 15 Apr 2009 09:19:42 -0500
-
cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service by adding a large number of RSS
subscriptions (LP: #298241)
- debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
being reached in scheduler/{ipp.c,subscriptions.c}.
- CVE-2008-5183
* SECURITY UPDATE: unauthorized access to RSS subscription functions in
web interface (LP: #298241)
- debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated
in /cgi-bin/admin.c.
- CVE-2008-5184
* SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
image with a large height value
- This issue was introduced in the patch for CVE-2008-1722.
- debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
instead of img->ysize so we don't overflow in filter/image-png.c.
- CVE-2008-5286
* SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
- debian/filters/pstopdf: use the cleaned-up version from Debian.
- CVE-2008-5377
-- Marc Deslauriers <email address hidden> Thu, 08 Jan 2009 10:29:38 -0500
-
cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low
* debian/rules: Install the serial backend with 0700 permissions to make it
run as root, since /dev/ttyS* are root:dialout and thus not accessible as
user "lp". (LP: #154277)
-- Martin Pitt <email address hidden> Wed, 26 Nov 2008 14:30:00 +0000
-
cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low
* SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
the SGI filter
- debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust
filter/image-sgilib.c to properly check for xsize. Taken from Debian
patch by Martin Pitt.
- STR #2918
- CVE-2008-3639
* SECURITY UPDATE: integer overflow in texttops filter which could lead
to heap-based overflow
- debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust
textcommon.c and texttops.c to check for too large or negative page
metrics. Taken from Debian patch by Martin Pitt.
- STR #2919
- CVE-2008-3640
* SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
arbitrary code execution
- debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust
hpgl-attr.c to properly check for an invalid number of pens. Also
includes fix for regression in orginal upstream patch which changed
the color mapping and an off-by-one loop error. Taken from Debian patch
by Martin Pitt.
- STR #2911
- STR #2966
- CVE-2008-3641
-- Jamie Strandboge <email address hidden> Tue, 14 Oct 2008 13:17:07 -0500
-
cupsys (1.3.7-1ubuntu3) hardy; urgency=low
* Add debian/patches/CVE-2008-1722.dpatch: Two integer overflows in png
image filter allow a denial of service attack and possibly arbitrary code
execution. [STR #2790, CVE-2008-1722]. Taken from Debian SVN head.
-- Martin Pitt <email address hidden> Mon, 21 Apr 2008 17:54:33 +0200
-
cupsys (1.3.7-1ubuntu2) hardy; urgency=low
* debian/control: Add missing build dependency lsb-release. This will bring
back the lost AppArmor profile. (LP: #211375) Also wrap long fields, so
that they are easier to edit.
-- Martin Pitt <email address hidden> Sun, 06 Apr 2008 10:24:39 -0600
-
cupsys (1.3.7-1ubuntu1) hardy; urgency=low
* Merge new upstream bug fix release from unstable.
- Fixes CUPS GIF image filter overflow [CVE-2008-1373]. (LP: #210718)
cupsys (1.3.7-1) unstable; urgency=medium
* Urgency medium due to security fix.
* New upstream bugfix/security update release. For a detailled list of
changes see http://www.cups.org/articles.php?L537.
- CUPS GIF image filter overflow [CVE-2008-1373, STR #2765].
* Drop patches which are now upstream:
- cgiCompileSearch_buffer_overflow.dpatch
- testsuite-exit-code.dpatch
- pbmprint.dpatch
* search_mime_files_in_usr_share.dpatch: Drop log message about missing
/usr/share/cups/mime/ from error to info, since it is not really an
error, and causing the test suite to fail due to error log count mismatch.
* pdftops-cups-1.4.dpatch: Apply r7391 from SVN head to fix missing error
message newlines (STR #2743).
* debian/rules: Remove cleaning of test suite HTML reports in test/, they
are written to /tmp now.
* Add pdftops-wait-eintr.dpatch: Handle EINTR in pdftops' wait() call.
(Caught by test suite.)
* debian/libcupsys2-dev.files: Drop i18n.h, it's an internal interface and
not installed by upstream any more.
* debian/control: Add poppler-utils | xpdf-utils build dependency, so that
the test suite works during build.
-- Martin Pitt <email address hidden> Wed, 02 Apr 2008 11:16:39 +0200
-
cupsys (1.3.6-3ubuntu1) hardy; urgency=low
* Merge recent bug fixes and security fix from Debian unstable.
cupsys (1.3.6-3) unstable; urgency=high
[ Till Kamppeter ]
* pdftops-cups-1.4.dpatch: Updated to Mike Sweet's patch version from CUPS
STR #2716.
* debian/patches/ppd-poll-with-client-conf.dpatch: If there is a client.conf
pointing to a remote server, clients were not able to poll the PPD options
from printers on that server (CUPS STRs #2731, #2763)
[ Martin Pitt ]
* Urgency high due to security fix.
* debian/local/apparmor-profile: Allow cups-pdf to read files in ~/PDF/, so
that it can overwrite files. (LP: #161222)
* Add cgiCompileSearch_buffer_overflow.dpatch: Fix buffer overflow in
cgiCompileSearch() using crafted search expressions. Exploitable if
printer sharing is enabled. (CVE-2008-0047, STR #2729, Closes: #472105)
-- Martin Pitt <email address hidden> Sat, 22 Mar 2008 12:48:56 +0100
-
cupsys (1.3.6-2ubuntu2) hardy; urgency=low
* debian/cupsys.postinst: Fix 'revert to single file' transitional code to
also apply to newer versions in dapper-updates, remove a debugging
statement, and fix syntax of the check.
* debian/rules: Do not try to build a -dbg on Ubuntu, we removed it from the
control file.
-- Martin Pitt <email address hidden> Mon, 17 Mar 2008 17:01:32 +0100
-
cupsys (1.3.6-2ubuntu1) hardy; urgency=low
* Merge with Debian unstable, where I applied most of our remaining Delta;
Remaining Ubuntu changes:
- debian/cupsys.{pre,post}inst, debian/cupsys.preinst:
+ Revert to single cupsd.conf file for upgrade from Dapper, can be
dropped after releasing Hardy.
+ Revert usr/share/doc symlink/directory breakage for upgrade from
Gutsy, can be dropped after releasing Hardy.
- debian/control, debian/rules: Drop cupsys-dbg package. This is not worth
keeping as the only delta, so we can sync this package after Hardy's
release.
cupsys (1.3.6-2) unstable; urgency=low
* debian/rules: Configure with default log file permissions 0640.
(Closes: #469853)
* debian/control: Mention "lpr" in the description of -bsd, for easier
apt-cache search catching. (Closes: #426519)
* Remove debian/NEWS, there's nothing new since Etch's release.
(Closes: #376580)
* Add debian/patches/pbmprint.dpatch: Fix printing of PBM files, thanks to
Eugeniy Meshcheryakov! (Closes: #313536)
* debian/cupsys.preinst: Only chown /var/run/cups if it exists. (LP #156634)
* Move scripting examples from cupsys to libcupsys2-dev. No need to install
those 1.3 MB by default on every system, this is much more developer
oriented. Mention this in the package description.
* debian/rules: Explicitly build with -fno-stack-protector on arm and armel,
since the compiler produces segfaulting binaries. Works around #469517.
* search_mime_files_in_usr_share.dpatch: Do not fatally fail if
DataDir/mime does not exist. This both makes much more sense (since
/etc/cups is the canonical dir which must exist, and /usr/share/cups/mime
is optional), and also unbreaks the test suite (which does not create this
directory by default).
* pidfile.dpatch: Specify PidFile in temporary directory in the self test's
cupsd.conf.
* debian/rules clean: Remove test suite HTML reports.
* Add testsuite-exit-code.dpatch: Exit with nonzero if the test suite fails,
so that it is easier to integrate into package building.
* pdftops-cups-1.4.dpatch: Update pdftops location in test suite, too, so
that it does not fail the PDF printing test. (Forwarded to STR #2759)
* debian/rules: Run test suite on build. This will fail the build if any
tests fail, so that problems on particular platforms will be caught
easily.
* debian/control: Add alternative (build-)depends to heimdal-dev.
* debian/rules, debian/cupsys.postinst: Call update-rc.d to not install stop
symlinks for runlevels 0 and 6, since they just needlessly slow down
shutdown. Remove the obsolete kill symlinks on upgrade. Patch adopted from
the Ubuntu branch, but without using the Ubuntu-only 'multiuser' mode of
update-rc.d.
* Add debian/local/apparmor-profile: AppArmor profile (taken from Ubuntu
branch). Install it in debian/rules if package is built on Ubuntu (tested
with lsb_release -is). Reload AppArmor in debian/cupsys.postinst if both
the cupsys profile and AppArmor itself are present.
* Add debian/patches/ubuntu-disable-browsing.dpatch: Disable Browsing by
default when building on Ubuntu.
* Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Set
default job error policy to "Retry", since it is less confusing and a
better default on desktop machines. This is only applied when building on
Ubuntu.
* debian/control: Add Vcs-{Svn,Browser} fields.
-- Martin Pitt <email address hidden> Sun, 16 Mar 2008 22:57:04 +0100
-
cupsys (1.3.6-1ubuntu2) hardy; urgency=low
* debian/cupsys.preinst:
- only chown /var/run/cups if it exists (LP: #156634)
-- Michael Vogt <email address hidden> Mon, 10 Mar 2008 11:25:29 +0100
-
cupsys (1.3.6-1ubuntu1) hardy; urgency=low
* Merge with Debian unstable to bring in the new upstream bugfix-only
release and some packaging fixes. See 1.3.5-1ubuntu1 for list of remaining
changes.
cupsys (1.3.6-1) unstable; urgency=low
* New upstream bugfix release.
* Remove the following patches which are upstream now:
- fix_regression_reactivate_net_ifaces_changes_detection.dpatch
- web-interface-breaks-default-auth-setting.dpatch
* search_mime_files_in_usr_share.dpatch: Greatly simplified the patch by
using mimeMerge(), so that it is more robust against upstream changes.
Forwarded to STR#2719.
* Dropped cupsd.conf-AllowLocal.dpatch; it does not do anything good any
more for the current web and GUI administration tools (they handle this
fine by themselves), so it's obsolete now.
* Drop enable{sharing,browsing} and {sharing,browsing}_status scripts. They
have never been used in Debian, not used any more in Ubuntu, and the
current frontends (web, system-config-printer, etc.) do this in a much
better way.
* debian/docs: Remove redundant LICENSE.txt.
* debian/rules: Add a generic rule to install lintian overrides in
debian/packagename.lintian.
* Add lintian overrides for unjustified/wontfix complaints about libcupsys2
and cupsys.
* debian/cupsys.doc-base: Remove erroneous whitespace in the section
separator.
* debian/rules: Remove *.o and *.so files from PHP scripting examples
directory (it's /usr/share after all).
* debian/cupsys.init.d: Add Short-Description.
* debian/rules: Do not ship an empty /usr/share/cups/model/ directory.
-- Martin Pitt <email address hidden> Tue, 26 Feb 2008 14:36:47 +0100
-
cupsys (1.3.5-2ubuntu1) hardy; urgency=low
* debian/local/apparmor-profile: Added Kerberos authentication support
to the AppArmor profile (LP: #189022).
cupsys (1.3.5-2) unstable; urgency=low
[ Martin Pitt ]
* debian/cupsys.init.d: Add Should-Start: avahi. (Closes: #459662)
[ Till Kamppeter ]
* debian/patches/pdftops-cups-1.4.dpatch, debian/local/filters/pdftops:
Replaced Helge Blischke's alternative pdftops wrapper by the pdftops
of CUPS 1.4. The old pdftops wrapper did not work with the pdftops
filter of Poppler, the new one works with the pdftops filters of both
Poppler and XPDF (Closes: #457810; Ubuntu LP: #182379).
* debian/patches/web-interface-breaks-default-auth-setting.dpatch: When
modifying server settings with the CUPS web interface, the setting
for the default authentication got overwritten with gibberish
(Closes: #461331; CUPS STR #2703, Ubuntu LP: #188426).
* debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries,
as they clutter the lists of detected printers and make the network
printer discovery process taking more time than needed. Applied also
a bug fix and the possibility of querying one IP address by calling
the dnssd backend with the IP as command line argument (like the
snmp CUPS backend).
-- Till Kamppeter <email address hidden> Sat, 23 Feb 2008 18:01:06 +0100
-
cupsys (1.3.5-1ubuntu3) hardy; urgency=low
[ Martin Pitt ]
* debian/cupsys.init.d: Add Should-Start: avahi. (LP: #181122)
[ Till Kamppeter ]
* debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries,
as they clutter the lists of detected printers and make the network
printer discovery process taking more time than needed. Applied also
a bug fix and the possibility of querying one IP address by calling
the dnssd backend with the IP as command line argument (like the
snmp CUPS backend).
-- Till Kamppeter <email address hidden> Tue, 29 Jan 2008 19:01:06 +0000
-
cupsys (1.3.5-1ubuntu2) hardy; urgency=low
* No-change rebuild against libldap-2.4-2.
-- Steve Langasek <email address hidden> Tue, 22 Jan 2008 16:52:31 +0000
-
cupsys (1.3.5-1ubuntu1) hardy; urgency=low
* Merge with Debian unstable; remaining Ubuntu changes:
- TearDown (fast shutdown):
+ debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency.
+ debian/rules: Use 'multiuser' update-rc.d mode.
- debian/control, debian/rules: Drop cupsys-dbg package.
- debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade
fixes that need to be kept until after the next LTS:
+ Revert to single cupsd.conf file.
+ Remove obsolete rc.d links.
+ Revert usr/share/doc symlink/directory breakage.
- debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a
failed job instead of stopping the print queue.
- debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by
default.
- Add AppArmor profile:
+ debian/local/apparmor-profile
+ debian/cupsys.postinst: Reload AA profile on configuration.
cupsys (1.3.5-1) unstable; urgency=high
[ Kenshi Muto]
* New upstream release
- cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress patch is
merged.
- Fix that SNMP backend did not check for negative string lengths.
(CVE-2007-5849, closes: #457453).
* Update pdftops.pl to 1.20. It fixes overwriting arbitary files
via symlink attack. (CVE-2007-6358, closes: #456960)
[ Till Kamppeter ]
* debian/patches/fix_regression_reactivate_net_ifaces_changes_detection.dpatch :
Fix a regression in upstream code that has removed the network interface
update poll (CUPS STR #2631, LP: #177075). Thanks to Hugues Fournier
(hugues dot fournier at gmail dot com) for the patch.
cupsys (1.3.4-4) unstable; urgency=high
[ Kenshi Muto]
* cupsys depends on "ghostscript | gs-esp", not "ghostscript | gsp-esp"!
I should punish myself.
(closes: #456455)
cupsys (1.3.4-3) unstable; urgency=high
[ Martin Pitt ]
* debian/control: Bump Standards-Version to 3.7.3 (no changes necessary).
[ Till Kamppeter ]
* debian/patches/cups-stops-broadcasting-on-hup-with-explicit-browseaddress.dpatch:
cups stopped broadcasting on a hup signal when using a fixed
browseaddress (cups str #2618, lp: #173470).
[ Kenshi Muto]
* Debconf translation
- French (closes: #456272)
- do update-debconfpo. Update all translations to use the msgstr 'dnssd'
for msgid 'dnssd'.
* cupsys depends on "ghostscript | gs-esp", to ease testing transition and
upgrades from etch (closes: #456455).
-- Martin Pitt <email address hidden> Wed, 02 Jan 2008 13:29:53 +0100
-
cupsys (1.3.4-2ubuntu3) hardy; urgency=low
* debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch:
CUPS stopped broadcasting on a HUP signal when using a fixed
BrowseAddress (CUPS STR #2618, LP: #173470).
-- Till Kamppeter <email address hidden> Mon, 10 Dec 2007 0:01:06 +0000
-
cupsys (1.3.4-2ubuntu2) hardy; urgency=low
[ Martin Pitt ]
* debian/local/apparmor-profile: Run drivers (PPD generators) unconfined,
since they run as non-root and there are third-party ones we cannot
control.
[ Till Kamppeter ]
* debian/local/backends/dnssd: Updated dnssd to support Mac OS X servers
which broadcast their print queues only via DNS-SD and require clients
to create raw IPP queues pointing to the server's queues manually.
-- Martin Pitt <email address hidden> Mon, 03 Dec 2007 11:22:57 +0100
-
cupsys (1.3.4-2ubuntu1) hardy; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- TearDown (fast shutdown):
+ debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency.
+ debian/rules: Use 'multiuser' update-rc.d mode.
- debian/control, debian/rules: Drop cupsys-dbg package.
- debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade
fixes that need to be kept until after the next LTS:
+ Revert to single cupsd.conf file.
+ Remove obsolete rc.d links.
+ Revert usr/share/doc symlink/directory breakage.
- debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a
failed job instead of stopping the print queue.
- debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by
default.
- Add AppArmor profile:
+ debian/local/apparmor-profile
+ debian/cupsys.postinst: Reload AA profile on configuration.
* Revert most of the doc symlinking changes from 1.3.2-1ubuntu4, since
Ubuntu's cdbs does it by default now. Clean up a few other pieces of
Debian-Ubuntu delta noise along the way.
* debian/local/apparmor-profile: Only restrict backends which are shipped by
cupsys itself (or known packages like cups-pdf). All other backends remain
unrestricted, since we cannot predict which privileges they need.
* debian/local/apparmor-profile: Run bluetooth backend confined again and
allow opening bluetooth sockets.
cupsys (1.3.4-2) unstable; urgency=low
[ Kenshi Muto ]
* Bumps up shlibs to 1.3.4.
[ Martin Pitt ]
* debian/control: Remove gs-esp alternative dependency, it's just
"ghostscript" nowadays.
* debian/control: Slightly bump the C/R: for -common; it's a pointless delta
to Ubuntu and it doesn't hurt us.
* debian/cupsys-bsd.postinst: Symlink cupsys-bsd's doc directory to
cupsys-common's, not cupsys', since the latter is not a dependency.
* debian/control: Demote cups-pdf from Recommends: to Suggests: to match the
semantics (apt installs recommends by default now).
* debian/cupsys.init.d: Add LSB header, thanks to Petter Reinholdtsen!
(closes: #337640)
* debian/rules: Configure with default printcap in /var/run/cups/.
(closes: #452446)
[ Till Kamppeter ]
* Add debian/local/backends/dnssd: Printer discovery backend for
several cheaper printers, like the HP Color LaserJet 2600n, are not
discovered by the "snmp" backend. In addition, this backend extracts more
info from the printers than the "snmp" backend, like for example available
page description languages. This leads to better driver choices for
unknown printer models.
* debian/cupsys.install, debian/cupsys.{prerm,postinst,templates,rules}:
Install new backend.
* debian/control: Add Recommends: to avahi-utils; if it is installed, the
dnssd backend can actually work.
* debian/postinst: Activate new backends (since Etch) by default on
upgrades. This affects snmp, scsi, serial, and dnssd.
-- Martin Pitt <email address hidden> Mon, 03 Dec 2007 10:01:48 +0100
-
cupsys (1.3.4-1ubuntu4) hardy; urgency=low
* correct Replaces line in cupsys-common to make dapper->hardy
upgrades work
-- Michael Vogt <email address hidden> Fri, 30 Nov 2007 11:28:44 +0100
-
cupsys (1.3.4-1ubuntu3) hardy; urgency=low
* debian/local/apparmor-profile:
- Allow rw access to /dev/parport* and ro access to
/proc/sys/dev/parport/**, so that parallel port printer detection works.
- Allow unconfined execution of the bluetooth backend. AppArmor currently
forbids creation of bluetooth sockets without providing a profile option
to allow it (see bug #172534). (LP: #147800)
- Permit reading /etc/pnm2ppa.conf. (LP: #155530)
- Disable AA profile for Samsung's MFP driver, since it needs very high
and unknown privileges and is a third-party driver which we cannot
control. (LP: #152537)
-- Martin Pitt <email address hidden> Wed, 28 Nov 2007 12:05:30 +0100
-
cupsys (1.3.4-1ubuntu2) hardy; urgency=low
* debian/local/backends/dnssd, debian/rules, debian/cupsys.install,
debian/cupsys.postinst, debian/cupsys.prerm, debian/cupsys.templates,
debian/control:
Added printer discovery backend "dnssd". Several cheaper printers, like
the HP Color LaserJet 2600n, are not discovered by the "snmp" backend.
In addition, this backend extracts more info from the printers than the
"snmp" backend, like for example available page description languages.
This leads to better driver choises for unknown printer models.
-- Till Kamppeter <email address hidden> Fri, 23 Nov 2007 12:01:06 +0000
-
cupsys (1.3.4-1ubuntu1) hardy; urgency=low
* Merge new upstream version from Debian.
cupsys (1.3.4-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2007-4351
IPP Tags Memory Corruption Vulnerability (closes: #448866)
[ Martin Pitt ]
* debian/cupsys.postinst: Drop ancient code to remove root from group
lpadmin.
[ Kenshi Muto ]
* Debconf translation
- Finnish (closes: #446740)
-- Martin Pitt <email address hidden> Wed, 07 Nov 2007 14:25:15 -0500
-
cupsys (1.3.2-1ubuntu8) hardy; urgency=low
* SECURITY UPDATE: arbitrary code execution via stack overflow.
* Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
from Michael Sweet.
* References
CVE-2007-4351
-- Kees Cook <email address hidden> Thu, 01 Nov 2007 06:52:01 -0700
-
cupsys (1.3.2-1ubuntu7) gutsy; urgency=low
* debian/cupsys.postinst: Drop ancient transitional code to remove root from
group lpadmin. Under very odd circumstances ("root" has the same UID than
the user) this could cause the user to be removed from group 'lpadmin'.
Quite unlikely that this is the prime reason for LP #134503, but it's much
cleaner in any case.
-- Martin Pitt <email address hidden> Mon, 15 Oct 2007 12:32:16 +0200
