Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at 2020-10-26 16:11:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cups (Old) and /work/SRC/openSUSE:Factory/.cups.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups" Mon Oct 26 16:11:53 2020 rev:151 rq:843399 version:2.3.3 Changes: -------- --- /work/SRC/openSUSE:Factory/cups/cups.changes 2020-07-05 01:10:38.647500233 +0200 +++ /work/SRC/openSUSE:Factory/.cups.new.3463/cups.changes 2020-10-26 16:12:24.222721224 +0100 @@ -1,0 +2,154 @@ +Wed Oct 14 09:11:00 UTC 2020 - Michael Gorse <mgo...@suse.com> + +- Version upgrade to 2.3.3: + - CVE-2020-3898: The `ppdOpen` function did not handle invalid UI + constraint. `ppdcSource::get_resolution` function did not + handle invalid resolution strings. + - CVE-2019-8842: The `ippReadIO` function may under-read an + extension field. + - Fixed WARNING_OPTIONS support for GCC 9.x + Changes in CUPS 2.3.2: + Localization updates + Changes in CUPS 2.3.1: + - CVE-2019-2228: The `ippSetValuetag` function did not validate + the default language value. + - Fixed a crash bug in the web interface. + - The PPD cache code now looks up page sizes using their + dimensions. + - PPD files containing "custom" option keywords did not work. + - Added a workaround for the scheduler's systemd support. + - Added a DigestOptions directive for the `client.conf` file to + control whether MD5-based Digest authentication is allowed. + - Fixed a bug in the handling of printer resource files. + - The libusb-based USB backend now reports an error when the + distribution permissions are wrong. + - Added paint can labels to Dymo driver. + - The `ippeveprinter` program now supports authentication. + - The `ippeveprinter` program now advertises DNS-SD services on + the correct interfaces, and provides a way to turn them off. + - The `--with-dbusdir` option was ignored by the configure + script. + - Sandboxed applications were not able to get the default + printer. + - Log file access controls were not preserved by `cupsctl`. + - Default printers set with `lpoptions` did not work in all + cases. + - Fixed an error in the jobs web interface template. + - Fixed an off-by-one error in `ippEnumString`. + - Fixed some new compiler warnings. + - Fixed a few issues with the Apple Raster support. + - The IPP backend did not detect all cases where a job should be + retried using a raster format. + - Fixed spelling of "fold-accordion". + - Fixed the default common name for TLS certificates used by + `ippeveprinter`. + - Fixed the option names used for IPP Everywhere finishing + options. + - Added support for the second roll of the DYMO Twin/DUO label + printers. + Changes in CUPS v2.3.0: + - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows. + - Added a GPL2/LGPL2 exception to the new CUPS license terms. + - Fixed a bug in the scheduler job cleanup code. + - Fixed builds when there is no TLS library. + - "make" failed with GZIP options. + - Fixed potential excess logging from the scheduler when removing + job files. + - Fixed a NULL pointer dereference bug in `httpGetSubField2`. + - Added FIPS-140 workarounds for GNU TLS. + - The scheduler no longer provides a default value for the + description. + - The scheduler now logs jobs held for authentication using the + error level so it is clear what happened. + - The `lpadmin` command did not always update the PPD file for + changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords. + - The scheduler now uses both the group's membership list as well + as the various OS-specific membership functions to determine + whether a user belongs to a named group. + - Added USB quirks rule for HP LaserJet 1015. + - Fixed some PPD parser issues. + - The IPP parser no longer allows invalid member attributes in + collections. + - The configure script now treats the "wheel" group as a + potential system group. + - Fixed IPP buffer overflow. + - Fixed memory disclosure issue in the scheduler. + - Fixed DoS issues in the scheduler. + - Fixed an issue with unsupported "sides" values in the IPP + backend. + - The scheduler would restart continuously when idle and printers + were not shared. + - Fixed an issue with `EXPECT !name WITH-VALUE ...` tests. + - Fixed a command ordering issue in the Zebra ZPL driver. + - Fixed a memory leak in `ppdOpen`. + Changes in CUPS v2.3rc1: + - The `cups-config` script no longer adds extra libraries when linking against + shared libraries. + - The supplied example print documents have been optimized for + size. + - The `cupsctl` command now prevents setting "cups-files.conf" + directives. + - The "forbidden" message in the web interface is now explained. + - The footer in the web interface covered some content on small + displays. + - The libusb-based USB backend now enforces read limits, + improving print speed in many cases. + - The `ippeveprinter` command now looks for print commands in + the "command" subdirectory. + - The `ipptool` command now supports `$date-current` and + `$date-start` variables to insert the current and starting date + and time values, as well as ISO-8601 relative time values such + as "PT30S" for 30 seconds in the future. + Changes in CUPS v2.3b8 + - Media size matching now uses a tolerance of 0.5mm. + - The lpadmin command would hang with a bad PPD file. + - Fixed a potential crash bug in cups-driverd. + - Fixed a performance regression with large PPDs. + - Fixed a memory reallocation bug in HTTP header value expansion. + - Timed out job submission now yields an error. + - Restored minimal support for the `Emulators` keyword in PPD + files to allow old Samsung printer drivers to continue to work. + - The scheduler did not encode octetString values like + "job-password" correctly for the print filters. + - The `cupsCheckDestSupported` function did not check octetString + values correctly. + - Added support for `UserAgentTokens` directive in "client.conf". + - Updated the systemd service file for cupsd. + - The `ippValidateAttribute` function did not catch all instances + of invalid UTF-8 strings. + - Fixed an issue with the self-signed certificates generated by + GNU TLS. + - Fixed a potential memory leak when reading at the end of a + file. + - Fixed potential unaligned accesses in the string pool. + - Fixed a potential memory leak when loading a PPD file. + - Added a USB quirks rule for the Lexmark E120n. + - Updated the USB quirks rule for Zebra label printers. + - The lpadmin command, web interface, and scheduler all queried + an IPP Everywhere printer differently, resulting in different + PPDs for the same printer. + - The web interface no longer provides access to the log files. + - Non-Kerberized printing to Windows via IPP was broken. + - The scheduler no longer stops a printer if an error occurs when + a job is canceled or aborted. + - Added a USB quirks rule for the DYMO 450 Turbo. + - Added a USB quirks rule for Xerox printers. + - The scheduler's self-signed certificate did not include all of + the alternate names for the server when using GNU TLS. + - Fixed some PPD caching and IPP Everywhere PPD + accounting/password bugs. + - Fixed `PreserveJobHistory` bug with time values. + - The scheduler no longer advertises the HTTP methods it + supports. + - The scheduler did not always idle exit as quickly as it could. + - Added a new `ippeveprinter` command based on the old ippserver + sample code. + Changes in CUPS v2.3b7 + - Running ppdmerge with the same input and output filenames did + not work as advertised. + - Rebase let-cupsd-start-after-network.patch and + cups-config-libs.patch. + - Drop issue5509-fix-utf-8-validation-issue.patch and + issue5453.patch: fixed upstream. + +------------------------------------------------------------------- Old: ---- cups-2.3b6-source.tar.gz cups-2.3b6-source.tar.gz.sig issue5453.patch issue5509-fix-utf-8-validation-issue.patch New: ---- cups-2.3.3-source.tar.gz cups-2.3.3-source.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.5bZR0z/_old 2020-10-26 16:12:26.310723146 +0100 +++ /var/tmp/diff_new_pack.5bZR0z/_new 2020-10-26 16:12:26.314723150 +0100 @@ -23,24 +23,24 @@ # "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and # "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that # version upgrades from 2.2.x via 2.3.b* to 2.3.0 work: -Version: 2.3b6 +Version: 2.3.3 Release: 0 Summary: The Common UNIX Printing System License: Apache-2.0 Group: Hardware/Printing URL: http://www.cups.org/ # To get Source0 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3b6-source.tar.gz https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz -Source0: https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz +# wget --no-check-certificate -O cups-2.3.3-source.tar.gz https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz +Source0: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz # To get Source1 go to https://www.cups.org/software.html or https://github.com/apple/cups/releases or use e.g. -# wget --no-check-certificate -O cups-2.3b6-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz.sig -Source1: https://github.com/apple/cups/releases/download/v2.3b6/cups-2.3b6-source.tar.gz.sig +# wget --no-check-certificate -O cups-2.3.3-source.tar.gz.sig https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig +Source1: https://github.com/apple/cups/releases/download/v2.3.3/cups-2.3.3-source.tar.gz.sig # To get Source2 go to https://www.cups.org/pgp.html Source2: cups.keyring # To manually verify Source0 with Source1 and Source2 do e.g. # gpg --import cups.keyring # gpg --list-keys | grep -1 'CUPS.org' | grep -v 'expired' -# gpg --verify cups-2.3b6-source.tar.gz.sig cups-2.3b6-source.tar.gz +# gpg --verify cups-2.3.3-source.tar.gz.sig cups-2.3.3-source.tar.gz Source102: Postscript.ppd.gz Source105: Postscript-level1.ppd.gz Source106: Postscript-level2.ppd.gz @@ -60,8 +60,6 @@ Patch12: cups-2.1.0-cups-systemd-socket.patch # Patch42 Let cupsd start after possible network connection (boo#1111351) Patch42: let-cupsd-start-after-network.patch -# Patch43 Fix UTF-8 validation issue (bsc#1118118, Issue #5509) -Patch43: issue5509-fix-utf-8-validation-issue.patch # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: Patch100: cups-pam.diff @@ -77,8 +75,6 @@ Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: Patch104: cups-config-libs.patch -# Patch105 issue5453.patch fixes https://github.com/apple/cups/issues/5453 -Patch105: issue5453.patch # Build Requirements: BuildRequires: dbus-1-devel BuildRequires: fdupes @@ -285,7 +281,6 @@ #patch12 -b cups-systemd-socket.orig # Patch42 Let cupsd start after possible network connection (boo#1111351) %patch42 -p0 -%patch43 -p1 # Patch100...Patch999 is for private patches from SUSE which are not intended for upstream: # Patch100 cups-pam.diff adds conf/pam.suse regarding support for PAM for SUSE: %patch100 -b cups-pam.orig @@ -301,8 +296,6 @@ %patch103 -b do_not_strip_recommended_from_PPDs.orig # Patch104 cups-config-libs.patch fixes option --libs in cups-config script: %patch104 -b cups-config-libs.orig -# Patch105 issue5453.patch fixes https://github.com/apple/cups/issues/5453 -%patch105 -b issue5453.orig %build # Remove ".SILENT" rule for verbose build output @@ -542,6 +535,9 @@ /usr/lib/cups/cgi-bin/help.cgi /usr/lib/cups/cgi-bin/jobs.cgi /usr/lib/cups/cgi-bin/printers.cgi +%dir /usr/lib/cups/command +/usr/lib/cups/command/ippevepcl +/usr/lib/cups/command/ippeveps %dir /usr/lib/cups/daemon /usr/lib/cups/daemon/cups-deviced /usr/lib/cups/daemon/cups-driverd @@ -567,6 +563,7 @@ %doc %{_defaultdocdir}/cups %doc %{_mandir}/man1/cups.1.gz %doc %{_mandir}/man1/cupstestppd.1.gz +%doc %{_mandir}/man1/ippeveprinter.1.gz %doc %{_mandir}/man5/classes.conf.5.gz %doc %{_mandir}/man5/client.conf.5.gz %doc %{_mandir}/man5/cups-snmp.conf.5.gz @@ -580,6 +577,8 @@ %doc %{_mandir}/man5/subscriptions.conf.5.gz %doc %{_mandir}/man7/backend.7.gz %doc %{_mandir}/man7/filter.7.gz +%doc %{_mandir}/man7/ippevepcl.7.gz +%doc %{_mandir}/man7/ippeveps.7.gz %doc %{_mandir}/man7/notifier.7.gz %doc %{_mandir}/man8/cups-deviced.8.gz %doc %{_mandir}/man8/cups-driverd.8.gz @@ -596,6 +595,7 @@ %files client %defattr(-,root,root) %{_bindir}/cancel +%{_bindir}/ippeveprinter %{_bindir}/ippfind %{_bindir}/ipptool %{_bindir}/lp @@ -604,7 +604,6 @@ %{_bindir}/lpr %{_bindir}/lprm %{_bindir}/lpstat -%{_sbindir}/accept %{_sbindir}/cupsaccept %{_sbindir}/cupsdisable %{_sbindir}/cupsenable @@ -613,7 +612,6 @@ %{_sbindir}/lpc %{_sbindir}/lpinfo %{_sbindir}/lpmove -%{_sbindir}/reject %doc %{_mandir}/man1/cancel.1.gz %doc %{_mandir}/man1/ippfind.1.gz %doc %{_mandir}/man1/ipptool.1.gz @@ -624,7 +622,6 @@ %doc %{_mandir}/man1/lprm.1.gz %doc %{_mandir}/man1/lpstat.1.gz %doc %{_mandir}/man5/ipptoolfile.5.gz -%doc %{_mandir}/man8/accept.8.gz %doc %{_mandir}/man8/cupsaccept.8.gz %doc %{_mandir}/man8/cupsdisable.8.gz %doc %{_mandir}/man8/cupsenable.8.gz @@ -633,7 +630,6 @@ %doc %{_mandir}/man8/lpc.8.gz %doc %{_mandir}/man8/lpinfo.8.gz %doc %{_mandir}/man8/lpmove.8.gz -%doc %{_mandir}/man8/reject.8.gz %files devel %defattr(-,root,root) ++++++ cups-2.3b6-source.tar.gz -> cups-2.3.3-source.tar.gz ++++++ /work/SRC/openSUSE:Factory/cups/cups-2.3b6-source.tar.gz /work/SRC/openSUSE:Factory/.cups.new.3463/cups-2.3.3-source.tar.gz differ: char 4, line 1 ++++++ cups-config-libs.patch ++++++ --- /var/tmp/diff_new_pack.5bZR0z/_old 2020-10-26 16:12:26.438723263 +0100 +++ /var/tmp/diff_new_pack.5bZR0z/_new 2020-10-26 16:12:26.438723263 +0100 @@ -1,10 +1,10 @@ --- cups-config.in.orig 2011-08-27 11:23:01.000000000 +0200 +++ cups-config.in 2012-11-27 15:47:27.000000000 +0100 @@ -35,7 +35,7 @@ INSTALLSTATIC=@INSTALLSTATIC@ - # flags for C++ compiler: + # flags for compiler and linker... CFLAGS="" LDFLAGS="@EXPORT_LDFLAGS@" --LIBS="@LIBGSSAPI@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@" +-LIBS="@LIBGSSAPI@ @DNSSDLIBS@ @EXPORT_SSLLIBS@ @LIBZ@ @LIBS@" +LIBS="" # Check for local invocation... ++++++ let-cupsd-start-after-network.patch ++++++ --- /var/tmp/diff_new_pack.5bZR0z/_old 2020-10-26 16:12:26.466723289 +0100 +++ /var/tmp/diff_new_pack.5bZR0z/_new 2020-10-26 16:12:26.466723289 +0100 @@ -13,11 +13,12 @@ --- scheduler/org.cups.cupsd.service.in +++ scheduler/org.cups.cupsd.service.in 2018-10-18 05:16:30.867333704 +0000 -@@ -1,6 +1,7 @@ +@@ -1,7 +1,7 @@ [Unit] Description=CUPS Scheduler Documentation=man:cupsd(8) -+After=network.target +-After=sssd.service ++After=sssd.service network.target [Service] ExecStart=@sbindir@/cupsd -l