Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at 2024-01-31 23:53:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cups (Old) and /work/SRC/openSUSE:Factory/.cups.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups" Wed Jan 31 23:53:34 2024 rev:170 rq:1142944 version:2.4.7 Changes: -------- --- /work/SRC/openSUSE:Factory/cups/cups.changes 2023-09-22 21:47:56.278001388 +0200 +++ /work/SRC/openSUSE:Factory/.cups.new.1815/cups.changes 2024-01-31 23:53:47.573081809 +0100 @@ -1,0 +2,118 @@ +Wed Jan 24 07:47:38 UTC 2024 - Johannes Meixner <[email protected]> + +- Version upgrade to 2.4.7: + See https://github.com/openprinting/cups/releases + CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 + and several other changes, among them it is + adding OpenSSL support for cupsHashData function and bug fixes. + Detailed list: + * CVE-2023-4504 - Fixed Heap-based buffer overflow when + reading Postscript in PPD files + * Added OpenSSL support for cupsHashData (Issue #762) + * Fixed delays in lpd backend (Issue #741) + * Fixed extensive logging in scheduler (Issue #604) + * Fixed hanging of lpstat on IBM AIX (Issue #773) + * Fixed hanging of lpstat on Solaris (Issue #156) + * Fixed printing to stderr if we can't open cups-files.conf + (Issue #777) + * Fixed purging job files via cancel -x (Issue #742) + * Fixed RFC 1179 port reserving behavior in LPD backend + (Issue #743) + * Fixed a bug in the PPD command interpretation code + (Issue #768) + Issues are those at https://github.com/OpenPrinting/cups/issues +- Version upgrade to 2.4.6: + See https://github.com/openprinting/cups/releases + CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 + and two other bug fixes. + Detailed list: + * Fix linking error on old MacOS (Issue #715) + * Fix printing multiple files on specific printers (Issue #643) + * Fix use-after-free when logging warnings in case of failures + in cupsdAcceptClient() (fixes CVE-2023-34241) + Issues are those at https://github.com/OpenPrinting/cups/issues +- Version upgrade to 2.4.5: + See https://github.com/openprinting/cups/releases + CUPS 2.4.5 is a hotfix release for a bug which corrupted + locally saved certificates, which broke secured printing + via TLS after the first print job. +- Version upgrade to 2.4.4: + See https://github.com/openprinting/cups/releases + CUPS 2.4.4 release is created as a hotfix for segfault + in cupsGetNamedDest(), when caller tries to find + the default destination and the default destination + is not set on the machine. +- Version upgrade to 2.4.3: + See https://github.com/openprinting/cups/releases + CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements + and many bug fixes. CUPS now implements fallback for printers + with broken firmware, which is not capable of answering + to IPP request get-printer-attributes with all, + media-col-database - this enables driverless support for + bunch of printers which don't follow IPP Everywhere standard. + Aside from the CVE fix the most important fixes are around color + settings, printer application support fixes and OpenSSL support. + Detailed list of changes: + * Added a title with device uri for found network printers + (Issues #402, #393) + * Added new media sizes defined by IANA (Issues #501) + * Added quirk for GoDEX label printers (Issue #440) + * Fixed --enable-libtool-unsupported (Issue #394) + * Fixed configuration on RISC-V machines (Issue #404) + * Fixed the device_uri invalid pointer for driverless printers + with .local hostname (Issue #419) + * Fixed an OpenSSL crash bug (Issue #409) + * Fixed a potential SNMP OID value overflow issue (Issue #431) + * Fixed an OpenSSL certificate loading issue (Issue #465) + * Fixed Brazilian Portuguese translations (Issue #288) + * Fixed cupsd default keychain location when building + with OpenSSL (Issue #529) + * Fixed default color settings for CMYK printers as well + (Issue #500) + * Fixed duplicate PPD2IPP media-type names (Issue #688) + * Fixed possible heap buffer overflow in _cups_strlcpy() + (fixes CVE-2023-32324) + * Fixed InputSlot heuristic for photo sizes smaller than 5x7" + if there is no media-source in the request (Issue #569) + * Fixed invalid memory access during generating IPP Everywhere + queue (Issue #466) + * Fixed lprm if no destination is provided (Issue #457) + * Fixed memory leaks in create_local_bg_thread() (Issue #466) + * Fixed media size tolerance in ippeveprinter (Issue #487) + * Fixed passing command name without path into ippeveprinter + (Issue #629) + * Fixed saving strings file path in printers.conf (Issue #710) + * Fixed TLS certificate generation bugs (Issue #652) + * ippDeleteValues would not delete the last value (Issue #556) + * Ignore some of IPP defaults if the application sends + its PPD alternative (Issue #484) + * Make Letter the default size in ippevepcl (Issue #543) + * Now accessing Admin page in Web UI requires authentication + (Issue #518) + * Now look for default printer on network if needed (Issue #452) + * Now we poll media-col-database separately if we fail at first + (Issue #599) + * Now report fax attributes and values as needed (Issue #459) + * Now localize HTTP responses using the Content-Language value + (Issue #426) + * Raised file size limit for importing PPD via Web UI + (Issue #433) + * Raised maximum listen backlog size to INT MAX (Issue #626) + * Update print-color-mode if the printer is modified + via ColorModel PPD option (Issue #451) + * Use localhost when printing via printer application + (Issue #353) + * Write defaults into /etc/cups/lpoptions if we're root + (Issue #456) + Issues are those at https://github.com/OpenPrinting/cups/issues +- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.7 +- Removed cups-2.4.2-CVE-2023-4504.patch : fixed upstream + see the above CUPS 2.4.7 changes +- Removed cups-2.4.2-CVE-2023-32360.patch : fixed upstream via + https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 +- Removed cups-2.4.2-CVE-2023-34241.patch : fixed upstream + see the above CUPS 2.4.6 changes +- Removed cups-2.4.2-CVE-2023-32324.patch : fixed upstream + see the above CUPS 2.4.3 changes + +------------------------------------------------------------------- Old: ---- cups-2.4.2-CVE-2023-32324.patch cups-2.4.2-CVE-2023-32360.patch cups-2.4.2-CVE-2023-34241.patch cups-2.4.2-CVE-2023-4504.patch cups-2.4.2-source.tar.gz cups-2.4.2-source.tar.gz.sig New: ---- cups-2.4.7-source.tar.gz cups-2.4.7-source.tar.gz.sig BETA DEBUG BEGIN: Old: see the above CUPS 2.4.6 changes - Removed cups-2.4.2-CVE-2023-32324.patch : fixed upstream see the above CUPS 2.4.3 changes Old: see the above CUPS 2.4.7 changes - Removed cups-2.4.2-CVE-2023-32360.patch : fixed upstream via https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 Old: https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 - Removed cups-2.4.2-CVE-2023-34241.patch : fixed upstream see the above CUPS 2.4.6 changes Old:- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.7 - Removed cups-2.4.2-CVE-2023-4504.patch : fixed upstream see the above CUPS 2.4.7 changes BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.pEu2eL/_old 2024-01-31 23:53:48.465113992 +0100 +++ /var/tmp/diff_new_pack.pEu2eL/_new 2024-01-31 23:53:48.465113992 +0100 @@ -1,7 +1,7 @@ # # spec file for package cups # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,18 +40,18 @@ # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.4.2 +Version: 2.4.7 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: https://openprinting.github.io/cups # To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.4.2-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz -Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz +# wget --no-check-certificate -O cups-2.4.7-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.7/cups-2.4.7-source.tar.gz +Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.7/cups-2.4.7-source.tar.gz # To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.4.2-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz.sig -Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.2/cups-2.4.2-source.tar.gz.sig +# wget --no-check-certificate -O cups-2.4.7-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.7/cups-2.4.7-source.tar.gz.sig +Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.7/cups-2.4.7-source.tar.gz.sig # To make Source2 use e.g. # gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 # gpg --export --armor 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 >cups.keyring @@ -61,7 +61,7 @@ # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring # gpg --list-keys | grep -1 'Zdenek Dohnal' -# gpg --verify cups-2.4.2-source.tar.gz.sig cups-2.4.2-source.tar.gz +# gpg --verify cups-2.4.7-source.tar.gz.sig cups-2.4.7-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz @@ -97,31 +97,12 @@ # see https://bugzilla.suse.com/show_bug.cgi?id=1195288 Patch107: harden_cups.service.patch # Patch108 downgrade-autoconf-requirement.patch -# downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: +# downgrades the autoconf requirement in configure.ac from autoconf 2.71 to autoconf 2.69 +# that is available in Tumbleweed as of this writing (March 2022) Patch108: downgrade-autoconf-requirement.patch -# Patch109 cups-2.4.2-CVE-2023-32324.patch -# fixes CVE-2023-32324 "Heap buffer overflow in cupsd" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 -# https://bugzilla.suse.com/show_bug.cgi?id=1211643 -Patch109: cups-2.4.2-CVE-2023-32324.patch -# Patch110 cups-2.4.2-CVE-2023-34241.patch -# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 -# https://bugzilla.suse.com/show_bug.cgi?id=1212230 -Patch110: cups-2.4.2-CVE-2023-34241.patch -# Patch111 cups-2.4.2-CVE-2023-32360.patch -# fixes CVE-2023-32360 "Information leak through Cups-Get-Document operation" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g -# https://bugzilla.suse.com/show_bug.cgi?id=1214254 -Patch111: cups-2.4.2-CVE-2023-32360.patch # Patch112 cups-2.4.2-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf # see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 Patch112: cups-2.4.2-additional_policies.patch -# Patch113 cups-2.4.2-CVE-2023-4504.patch -# fixes CVE-2023-4504 "CUPS PostScript Parsing Heap Overflow" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h -# https://bugzilla.suse.com/show_bug.cgi?id=1215204 -Patch113: cups-2.4.2-CVE-2023-4504.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -346,29 +327,9 @@ # Patch108 downgrade-autoconf-requirement.patch # downgrades the autoconf requirement to the autoconf available in Tumbleweed as of this writing: %patch108 -b downgrade-autoconf-requirement.orig -# Patch109 cups-2.4.2-CVE-2023-32324.patch -# fixes CVE-2023-32324 "Heap buffer overflow in cupsd" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 -# https://bugzilla.suse.com/show_bug.cgi?id=1211643 -%patch109 -b cups-2.4.2-CVE-2023-32324.orig -# Patch110 cups-2.4.2-CVE-2023-34241.patch -# fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 -# https://bugzilla.suse.com/show_bug.cgi?id=1212230 -%patch110 -b cups-2.4.2-CVE-2023-34241.orig -# Patch111 cups-2.4.2-CVE-2023-32360.patch -# fixes CVE-2023-32360 "Information leak through Cups-Get-Document operation" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g -# https://bugzilla.suse.com/show_bug.cgi?id=1214254 -%patch111 -b cups-2.4.2-CVE-2023-32360.orig # Patch112 cups-2.4.2-additional_policies.patch adds the 'allowallforanybody' policy to cupsd.conf # see SUSE FATE 303515 and https://bugzilla.suse.com/show_bug.cgi?id=936309 %patch112 -b cups-2.4.2-additional_policies.orig -# Patch113 cups-2.4.2-CVE-2023-4504.patch -# fixes CVE-2023-4504 "CUPS PostScript Parsing Heap Overflow" -# https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h -# https://bugzilla.suse.com/show_bug.cgi?id=1215204 -%patch113 -b cups-2.4.2-CVE-2023-4504.orig %build # Remove ".SILENT" rule for verbose build output ++++++ cups-2.4.2-source.tar.gz -> cups-2.4.7-source.tar.gz ++++++ /work/SRC/openSUSE:Factory/cups/cups-2.4.2-source.tar.gz /work/SRC/openSUSE:Factory/.cups.new.1815/cups-2.4.7-source.tar.gz differ: char 5, line 1 ++++++ downgrade-autoconf-requirement.patch ++++++ --- /var/tmp/diff_new_pack.pEu2eL/_old 2024-01-31 23:53:48.561117455 +0100 +++ /var/tmp/diff_new_pack.pEu2eL/_new 2024-01-31 23:53:48.565117599 +0100 @@ -1,5 +1,5 @@ ---- configure.ac.orig 2022-05-26 08:17:21.000000000 +0200 -+++ configure.ac 2022-05-30 10:26:29.258674533 +0200 +--- configure.ac.orig 2023-09-20 15:25:54.000000000 +0200 ++++ configure.ac 2024-01-24 09:19:28.344274065 +0100 @@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0. dnl information. dnl @@ -10,5 +10,5 @@ +AC_PREREQ([2.69]) dnl Package name and version... - AC_INIT([CUPS],[2.4.2],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups]) + AC_INIT([CUPS],[2.4.7],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])
