Hello community, here is the log from the commit of package cups-filters.3901 for openSUSE:13.2:Update checked in at 2015-07-14 17:12:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/cups-filters.3901 (Old) and /work/SRC/openSUSE:13.2:Update/.cups-filters.3901.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cups-filters.3901" Changes: -------- New Changes file: --- /dev/null 2015-06-25 09:04:34.320025005 +0200 +++ /work/SRC/openSUSE:13.2:Update/.cups-filters.3901.new/cups-filters.changes 2015-07-14 17:12:42.000000000 +0200 @@ -0,0 +1,595 @@ +------------------------------------------------------------------- +Mon Jul 6 14:01:58 CEST 2015 - jsm...@suse.de + +- cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch is a diff + of textcommon.c and texttopdf.c between cups-filters-1.0.58 + and cups-filters-1.0.71 where CVE-2015-3258 and CVE-2015-3279 + are fixed (bsc#936281 and bsc#937018). +- cups-filters-1.0.58-CVE-2015-2265.patch is a diff of the + remove_bad_chars() function between cups-filters-1.0.58 + and cups-filters-1.0.66 where CVE-2015-2265 is fixed + see https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 + (boo#921753). + +------------------------------------------------------------------- +Wed Nov 19 12:41:53 UTC 2014 - bbrun...@suse.com + +- Rebuild to install cups-filters-ghostscript correctly (boo#904652) + +------------------------------------------------------------------- +Mon Aug 25 15:30:37 CEST 2014 - jsm...@suse.de + +- A /usr/bin/foomatic-rip -> /usr/lib/cups/filter/foomatic-rip + symlink is added to the cups-filters-foomatic-rip sub-package + to make our lsb RPM installable again (bnc#892604). + LSB currently requires /usr/bin/foomatic-rip but future LSB + will require /usr/lib/cups/filter/foomatic-rip see + https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3900 + +------------------------------------------------------------------- +Mon Aug 25 10:22:51 CEST 2014 - jsm...@suse.de + +- Version upgrade to 1.0.58 + Changes in 1.0.58 (excerpt - for details see the NEWS file): + * pdftoraster: Changed ICC profile get function to accept a + PPD fallback profile. + * pdftoraster: Fixed handling of cupsColorSpaces 18,19,20. + * rastertopdf: Grayscale color conversion now properly inverts + bits. + * rastertopdf: Implemented basic 8bit->8bit color space + conversions. + * rastertopdf: Added black point compensation. + * rastertopdf: Added handling of color rendering intent. + * gstoraster, imagetoraster, pdftoraster, rastertopclx, + rastertopdf, foomatic-rip: Use color management functions in + libcupsfilters. + * libcupsfilters: Modified code formatting and documentation in + the color management functions. + * libcupsfilters: Fixed string handling and added debug log + messages in the color management functions. + * libcupsfilters: Fixed Adobe RGB matrix for proper rendering + (transpose) + * libcupsfilters: Moved color management functions from the + individual filters to the libcupsfilters library. +- Version upgrade to 1.0.57 + Changes in 1.0.57 (excerpt - for details see the NEWS file): + * Build system: Explicitly link to libm as -lm was dropped + from cups-config --libs. + * libcupsfilters, foomaticrip, gstoraster, imagetoraster, + pdftoraster, rastertopclx, rastertopdf: Handle absence of + colord or D-Bus gracefully (Ubuntu bug #1356405). +- Version upgrade to 1.0.56 + Changes in 1.0.56 (excerpt - for details see the NEWS file): + * Major regression fix in cups-browsed (introduced in 1.0.55 + by no longer creating a local queue pointing to a remote + raw queue that causes no longer creating local queues for + traditional CUPS Browsing remote CUPS queues): + Do not consider a remote CUPS queue as raw if the TXT record + is NULL as for queues broadcasted by the legacy CUPS method + the TXT record does not exist. Now consider a queue with + NULL TXT record only as raw if the domain entry is not empty + which tells that the queue is Bonjour-broadcasted + (linuxfoundation.org bug #1223). + * cups-browsed: Do also not mark a discovered printer as + already provided by another server when the other server's + queue has "unconfirmed" status. Mark the other queue with + "disappeared" or "unconfirmed" status as duplicate of the + discovered printer so that the new queue for the discovered + printer does not get removed when the entry for the other + queue times out. + * rastertopdf: Some code polishing and removal of now unneeded + functions + * rastertopdf: Reduced color space handling to only + PWG-supported color spaces + * rastertopdf: Added colorspace calibration function; included + optional "/Alternate" PDF key for ICC profile embedding + * rastertopdf: Colorspace sRGB now embeds srgb icc profile; + implemented ICC Profile embedding (PDF 1.3 spec) + * rastertopdf: Added basic color calibration + * rastertopdf: Implemented ICC Profile creation code for IPP + Everywhere (from PWG raster) + * pdftoraster: Added colord handling of ICC profiles + +------------------------------------------------------------------- +Wed Jul 30 13:22:22 CEST 2014 - jsm...@suse.de + +- Version upgrade to 1.0.55 + Changes in 1.0.55 (excerpt - for details see the NEWS file): + * pdftopdf: Fixed manual duplex by adding a blank page to even + pages if the total number of pages of the document is odd. + Otherwise the last page of the document would stay in + the input tray. This fixes also a side effect as the set of + even pages reducing to a zero page job if the job consists + of only one page, making Poppler's pdftops error out + (Ubuntu bug #1340435). + * cups-browsed: Do not mark a discovered printer as already + provided by another server when the other server's queue has + "disappeared" status. This queue can be from the same server + before it changed its name. + * cups-browsed: Do not create a local queue pointing to a + remote raw queue (Ubuntu bug #1335211). + * foomatic-rip, imagetoraster, pdftoraster, rastertopclx, + rastertopdf: Added colord "device_inhibit" support for + color-managed filters. + * bannertopdf: Fixed "Printer Location" and "Driver Version" + entries on test page/banners (linuxfoundation.org bug #1209). + * bannertopdf: Added new PDF template files which contain the + text strings appropriate to the banners, before the banners + were all equal, without text (linuxfoundation.org bug #1209). + * pstopdf: Use "grep -E" instead of "grep -P" as the latter + generates executable code and executes it, requiring + "execmem" privileges which could be not available in some + security policies. Thanks to Tim Waugh from Red Hat for the + patch (Red Hat bug #1079534). + * pdftoraster: Fixed segfault caused by introduction of + "no-color-management" option (linuxfoundation.org bug #1214). + * libcupsfilters: Let cupsRasterParseIPPOptions() also accept + "pwg-raster-document-type" settings with hyphen between + color space name and color depth. +- Our separated source files classified.pdf confidential.pdf + secret.pdf standard.pdf topsecret.pdf unclassified.pdf (see + the entry below dated "Thu Jun 12 17:27:56 CEST 2014") are + no longer needed because it is now provided in the upstream + sources (see "linuxfoundation.org bug #1209" entries above). +- Added CVE-2014-4336 CVE-2014-4337 bnc#883543 and + CVE-2014-4338 bnc#883536 to the matching entry below + dated "Mon Apr 28 10:49:21 CEST 2014" because those CVEs + and bncs have not been known at that time (cf. bnc#871327 + therein comment#47 and bnc#883307 therein comment#2). + +------------------------------------------------------------------- +Thu Jun 12 17:27:56 CEST 2014 - jsm...@suse.de + +- Have different header texts for the PDF-BANNER printouts + (same headers as on the CUPS <= 1.5.4 banner pages): + Provide PDF template files classified.pdf confidential.pdf + secret.pdf standard.pdf topsecret.pdf unclassified.pdf and + modify the matching /usr/share/cups/banners/ template files + accordingly to use those PDF templates + (see https://bugs.linuxfoundation.org/show_bug.cgi?id=1209). + +------------------------------------------------------------------- +Wed Jun 11 10:18:21 CEST 2014 - jsm...@suse.de + +- Version upgrade to 1.0.54 + Changes in 1.0.54 (excerpt): + * pdftoraster: Support for output in the color spaces 18 + (CUPS_CSPACE_SW, sGray), 19 (CUPS_CSPACE_SRGB, sRGB), and 20 + (CUPS_CSPACE_ADOBERGB, Adobe RGB). No color management + appropriate to these color spaces is added yet. + * rastertopdf: Added new filter to convert PWG Raster input + into a PDF file (using QPDF). This filter makes CUPS + supporting the PWG Raster input format which is required to + be supported by IPP Everywhere printers, making a shared + CUPS queue emulating an IPP Everywhere printer. This is a + first implementation which supports the black, RGB, CMYK, + sGray, sRGB, and Adobe RGB color spaces (all mapped to + DeviceGray, DeviceRGB, and DeviceCMYK resp. in the PDF + output) with 1, 8, and 16 bits per component color + depth. sGray, sRGB, and Adobe RGB are currently also mapped + to DeviceGray and DeviceRGB and do not have the correct + color management yet, so color output is not absolutely + correct. Note that mime.types of CUPS up to 1.7.2 has a bug + which prevents PWG Raster to be recognized, the + "priority(100)" of the rule needs to be changed to + "priority(150)". + * cups-browsed: Create local queues also to access classes on + remote CUPS servers (Ubuntu bug #1313741). + * cups-browsed: Let a newly discovered printer not only + overtaking an existing printer entry if it is from the same + host (usually IPP -> IPPS) or without host entry + (unconfirmed local queue from previous cups-browsed session) + but also if it is marked disappeared. So printer entries get + correctly migrated when things like a host name change of + the remote server happen. + * cups-browsed: Always do case-insensitive comparing of + strings, as CUPS queue names and URIs are case-insensitive + (CUPS STR #4411). + For details see the NEWS file. + +------------------------------------------------------------------- +Mon Apr 28 10:49:21 CEST 2014 - jsm...@suse.de + +- Version upgrade to 1.0.53 + Changes in 1.0.53: + * foomatic-rip: Fixed segfault when creating log file, see + https://bugs.linuxfoundation.org/show_bug.cgi?id=1206 + * cups-browsed: SECURITY FIX: Fix on usage of the ++++ 398 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.cups-filters.3901.new/cups-filters.changes New: ---- cups-filters-1.0.58-CVE-2015-2265.patch cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch cups-filters-1.0.58.tar.gz cups-filters.changes cups-filters.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups-filters.spec ++++++ # # spec file for package cups-filters # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Summary: OpenPrinting CUPS filters, backends, and cups-browsed License: GPL-2.0 and GPL-2.0+ and GPL-3.0 and MIT Group: Hardware/Printing Url: http://www.linuxfoundation.org/collaborate/workgroups/openprinting/pdf_as_standard_print_job_format # For a breakdown of the licensing, see COPYING file # GPLv2: filters: commandto*, imagetoraster, pdftops, rasterto*, # imagetopdf, pstopdf, texttopdf # backends: parallel, serial # GPLv2+: filters: textonly, texttops, imagetops # GPLv3: filters: bannertopdf # MIT: filters: pdftoijs, pdftoopvp, pdftopdf, pdftoraster Name: cups-filters # Normal version for official cups-filters releases is the upstream version (e.g. "Version: 1.0.49"). # For a current tarball cups-filters-1.0-yyyymmdd.tar.gz (e.g. cups-filters-1.0-20140326.tar.gz) # the current tarball's date is added to the version to ensure a strictly increasing sequence # "last version" < "current version" < "next version" e.g. "1.0.49" < "1.0.49.20140326" < "1.0.50" # to verify this run: zypper vcmp 'last version' 'current version' # and also run: zypper vcmp 'next version' 'current version' # e.g. zypper vcmp '1.0.49' '1.0.49.20140326' -> 1.0.49 is older than 1.0.49.20140326 # and zypper vcmp '1.0.50' '1.0.49.20140326' -> 1.0.50 is newer than 1.0.49.20140326 Version: 1.0.58 Release: 0 # tarball_version is used below to specify the directory via "setup -n": # Special tarball_version needed for current cups-filters e.g. "define tarball_version 9.10rc1". # For official cups-filters releases tarball_version and version are the same (i.e. "define tarball_version %{version}") # Special tarball_version needed for current cups-filters e.g. "define tarball_version 9.10rc1". %define tarball_version %{version} Source0: http://www.openprinting.org/download/cups-filters/cups-filters-%{tarball_version}.tar.gz # Patch2 cups-filters-1.0.58-CVE-2015-2265.patch is a diff of the remove_bad_chars() function # between cups-filters-1.0.58 and cups-filters-1.0.66 where CVE-2015-2265 is fixed # see https://bugzilla.opensuse.org/show_bug.cgi?id=921753 # and https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 Patch2: cups-filters-1.0.58-CVE-2015-2265.patch # Patch3 cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch is a diff # of textcommon.c and texttopdf.c between cups-filters-1.0.58 and cups-filters-1.0.71 # where CVE-2015-3258 and CVE-2015-3279 are fixed (bsc#936281 and bsc#937018) # cf. http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 Patch3: cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch # Since cups-filters version 1.0.42 foomatic-rip is also provided by cups-filters. # The foomatic-rip version that is provided by cups-filters is not specified in the cups-filters sources # but on http://www.openprinting.org/download/foomatic/ the foomatic-filters-4.0-current.tar.gz # dated 27-Mar-2014 (i.e. from today as of this writing) contains a VERSION.full file that reads "4.0.17.256" # so that foomatic_rip_version (macro name can be only alphanumeric and '_' i.e. "foomatic-rip_version" does not work) # is defined here accordingly but with one more additional trailing number '.1' to ensure that # the sub-package cups-filters-foomatic-rip (see below) conflicts with any foomatic-filters package: # zypper vcmp '4.0.17.256' '4.0.17.256.1' -> 4.0.17.256 is older than 4.0.17.256.1 # zypper vcmp '4.0.17.257' '4.0.17.256.1' -> 4.0.17.257 is newer than 4.0.17.256.1 %define foomatic_rip_version 4.0.17.256.1 BuildRequires: cups-devel BuildRequires: pkgconfig # pdftopdf BuildRequires: qpdf-devel # pdftops BuildRequires: poppler-tools # pdftoijs, pdftoopvp, pdftoraster BuildRequires: ghostscript-mini-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libpoppler-cpp0 BuildRequires: libpoppler-devel BuildRequires: libpoppler-glib-devel BuildRequires: libtiff-devel BuildRequires: zlib-devel # libijs BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: liblcms2-devel # Make sure we get postscriptdriver tags. BuildRequires: python-cups # cups-browsed # "BuildRequires libavahi-devel" is insufficient # (build fails at configure "checking for AVAHI_GLIB") # "BuildRequires libavahi-gobject-devel" is too much # (libavahi-gobject-devel requires libavahi-glib-devel and libavahi-devel) # "BuildRequires libavahi-glib-devel" is sufficient # (libavahi-glib-devel requires libavahi-devel) BuildRequires: libavahi-glib-devel # autogen.sh BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ BuildRequires: glibc-devel BuildRequires: libtool BuildRequires: systemd %systemd_requires # test requires BuildRequires: dejavu-fonts # Because gstoraster is linked with libcupsfilters.so # that library is in the cups-filters-ghostscript sub-package # (see the cups-filters-ghostscript sub-package file section). # But many other filters in the cups-filters main package are also # linked with with libcupsfilters.so so that the cups-filters main package # requires the cups-filters-ghostscript sub-package. To be on the safe side explicitly # require the exact matching version-release of the cups-filters-ghostscript sub-package # because all cups-filters software is built from one same source tar ball # and there could be whatever subtle internal dependencies. # The exact matching version-release of the cups-filters-ghostscript sub-package is available # on the same package repository where the cups-filters main package is because # all are built simulaneously from the same cups-filters source package # and all required packages are provided on the same repository: Requires: cups-filters-ghostscript = %{version}-%{release} # Conflict with CUPS < 1.6 because up to CUPS 1.5.4 # the following files are provided by the cups binary RPM package # /usr/lib/cups/filter/commandtoescpx # /usr/lib/cups/filter/commandtopclx # /usr/lib/cups/filter/imagetops # /usr/lib/cups/filter/imagetoraster # /usr/lib/cups/filter/pdftops # /usr/lib/cups/filter/rastertoescpx # /usr/lib/cups/filter/rastertopclx # /usr/lib/cups/filter/texttops # /usr/lib/cups/backend/parallel # /usr/lib/cups/backend/serial # and the following files are provided by the cups-devel package # /usr/share/cups/ppdc/escp.h # /usr/share/cups/ppdc/pcl.h Conflicts: cups < 1.6 # When a user installs the cups-filters main package, he usually expects # to get "the whole cups-filters stuff" installed (i.e. also all sub-packages). # To be on the safe side recommend the exact matching version-release # of the cups-filters sub-packages because all cups-filters software # is built from one same source tar ball and there could be whatever subtle internal dependencies. # The exact matching version-release of the cups-filters sub-packages are available # on the same package repository where the cups-filters main package is because # all are built simulaneously from the same cups-filters source package # and all required packages are provided on the same repository: Recommends: cups-filters-foomatic-rip = %{version}-%{release} Recommends: cups-filters-cups-browsed = %{version}-%{release} # /usr/bin/pdftops (provided by poppler-tools) # is needed (but not required for non-PostScript printers) # to print PDFs on PostScript printers because in this case # the CUPS filter chain is: # /usr/lib/cups/filter/pdftopdf # /usr/lib/cups/filter/pdftops # where /usr/lib/cups/filter/pdftops calls /usr/bin/pdftops # /usr/lib/cups/backend/... # see https://bugzilla.novell.com/show_bug.cgi?id=868148 Recommends: poppler-tools %description Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse broadcasts of remote CUPS printers and makes these printers available locally. %package ghostscript Summary: OpenPrinting CUPS filters for Ghostscript Group: Hardware/Printing # Provide the well known generic name "gstoraster" so that it is easier for users # to find or install the RPM package name "cups-filters-ghostscript" that actually provides it # e.g. via "zypper search gstoraster" or "zypper install gstoraster": Provides: gstoraster %description ghostscript Since Ghostscript version 9.10 the CUPS filters gstoraster and gstopxl are removed from Ghostscript. Those filters are now provided by cups-filters (a free software package hosted by OpenPrinting). The binary RPM sub-package cups-filters-ghostscript provides only those CUPS filters for Ghostscript. This way cups-filters-ghostscript can be used with the traditional CUPS up to version 1.5 where the other filters, backends, and cups-browsed from cups-filters would cause conflicts because CUPS <= 1.5 already provides them. In contrast for CUPS versions since 1.6 the whole cups-filters is usually needed (but not strictly required). %package foomatic-rip Summary: OpenPrinting CUPS filter foomatic-rip Group: Hardware/Printing # Because gstoraster is linked with libcupsfilters.so # that library is in the cups-filters-ghostscript sub-package # (see the cups-filters-ghostscript sub-package file section). # But foomatic-rip is also linked with libcupsfilters.so # so that the cups-filters-foomatic-rip sub-package requires # the cups-filters-ghostscript sub-package. To be on the safe side explicitly # require the exact matching version-release of the cups-filters-ghostscript sub-package # because all cups-filters software is built from one same source tar ball # and there could be whatever subtle internal dependencies. # The exact matching version-release of the cups-filters-ghostscript sub-package is available # on the same package repository where the cups-filters main package is because # all are built simulaneously from the same cups-filters source package # and all required packages are provided on the same repository: Requires: cups-filters-ghostscript = %{version}-%{release} # Provide the well known generic name "foomatic-rip" so that it is easier for users # to find or install the RPM package name "cups-filters-foomatic-rip" that actually provides it # e.g. via "zypper search foomatic-rip" or "zypper install foomatic-rip": Provides: foomatic-rip # Provide foomatic-filters with the exact foomatic_rip_version # see https://bugzilla.novell.com/show_bug.cgi?id=870621 # and conflict with any other foomatic-filters version because # the following files are also provided by foomatic-filters # /usr/lib/cups/filter/foomatic-rip # /usr/share/man/man1/foomatic-rip Conflicts: foomatic-filters < %{foomatic_rip_version} Provides: foomatic-filters = %{foomatic_rip_version} Conflicts: foomatic-filters > %{foomatic_rip_version} %description foomatic-rip Since cups-filters version 1.0.42 foomatic-rip is also provided by cups-filters so that there is a file conflict with the foomatic-filters package (both provide /usr/lib/cups/filter/foomatic-rip and /usr/share/man/man1/foomatic-rip). Therefore foomatic-rip is separated in the sub-package cups-filters-foomatic-rip and only that sub-package conflicts with foomatic-filters. %package cups-browsed Summary: OpenPrinting cups-browsed for CUPS Browsing Group: Hardware/Printing # Do not conflict with CUPS < 1.6 regardless that up to CUPS 1.5.4 # the CUPS Browsing functionality is provided by the cupsd # because it can be disabled for the cupsd up to CUPS 1.5.4. # Provide the well known generic name "cups-browsed" so that it is easier for users # to find or install the RPM package name "cups-filters-cups-browsed" that actually provides it # e.g. via "zypper search cups-browsed" or "zypper install cups-browsed": Provides: cups-browsed %description cups-browsed Since CUPS >= 1.6 the CUPS Browsing functionality is dropped in CUPS. The OpenPrinting cups-browsed is a daemon running in parallel to the CUPS daemon to provide again basic CUPS Browsing functionality. This way basic CUPS Browsing works on clients with CUPS >= 1.6 when there are remote CUPS servers of CUPS version 1.5 and older in the network. For each reported remote CUPS queue cups-browsed creates a local raw queue pointing to the remote queue so that it appears in local print dialogs and is also available for printing via the command line. Also high availability with redundant print servers is supported. If there is more than one server providing a print queue with the same name, cups-browsed uses the first queue which appears and if this queue disappears, cups-browsed switches to the queue of another server. Load-balancing (what CUPS <= 1.5 did via implicit classes) is not supported with cups-browsed. %package devel Summary: Development files for cups-filters Group: Development/Libraries/C and C++ Requires: %{name} = %{version} # Conflict with cups-devel < 1.6 because up to CUPS 1.5.4 # the following files are provided by the cups-devel package # /usr/share/cups/ppdc/escp.h # /usr/share/cups/ppdc/pcl.h Conflicts: cups-devel < 1.6 %description devel This package contains the development files for cups-filters. %prep # Be quiet when unpacking and use a directory name matching Source0: %setup -q -n cups-filters-%{tarball_version} # Patch2 cups-filters-1.0.58-CVE-2015-2265.patch is a diff of the remove_bad_chars() function # between cups-filters-1.0.58 and cups-filters-1.0.66 where CVE-2015-2265 is fixed # see https://bugzilla.opensuse.org/show_bug.cgi?id=921753 # and https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 %patch2 # Patch3 cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch is a diff # of textcommon.c and texttopdf.c between cups-filters-1.0.58 and cups-filters-1.0.71 # where CVE-2015-3258 and CVE-2015-3279 are fixed (bsc#936281 and bsc#937018) # cf. http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 %patch3 -p1 %build # Just do what is described in the upstream INSTALL file # unless there is a really good reason not to do it this way # and then it is probably worth submitting an upstream issue report to # https://bugs.linuxfoundation.org for "Product: OpenPrinting" and "Component: cups-filters" ./autogen.sh # No need to set our preferred architecture-specific flags for the compiler and linker # via export CFLAGS="$RPM_OPT_FLAGS" and export CXXFLAGS="$RPM_OPT_FLAGS" # because the RPM macro configure does that. # --with-pdftops=pdftops - use Poppler instead of Ghostscript (see README) %configure --disable-static \ --disable-silent-rules \ --enable-shared \ --enable-imagefilters \ --with-pdftops=pdftops \ --with-browseremoteprotocols=DNSSD,CUPS \ --without-php \ --with-rcdir=no \ --with-test-font-path=/usr/share/fonts/truetype/DejaVuSans.ttf # At least for now - until an expert may have had a look - using plain make # instead of make with _smp_mflags because that caused sometimes strange build failures: make %check # At least for now - until an expert may have had a look - using plain make # instead of make with _smp_mflags because that caused sometimes strange build failures: make check %install make install DESTDIR=%{buildroot} # LSB requires /usr/bin/foomatic-rip only future LSB will require /usr/lib/cups/filter/foomatic-rip # see https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3900 # so that a /usr/bin/foomatic-rip -> /usr/lib/cups/filter/foomatic-rip symlink is added # to our cups-filters-foomatic-rip sub-package to make the lsb RPM installable again # see https://bugzilla.novell.com/show_bug.cgi?id=892604 ln -s /usr/lib/cups/filter/foomatic-rip %{buildroot}%{_bindir}/foomatic-rip # As band-aid for now remove the "# BrowseAllow cups.example.com" example line in cups-browsed.conf # because currently hostnames do not work, see https://bugs.linuxfoundation.org/show_bug.cgi?id=1205 if grep -q '^# BrowseAllow cups.example.com' %{buildroot}%{_sysconfdir}/cups/cups-browsed.conf then sed -i -e '/^# BrowseAllow cups.example.com/d' %{buildroot}%{_sysconfdir}/cups/cups-browsed.conf else echo "No longer '# BrowseAllow cups.example.com' in cups-browsed.conf - clean up cups-filters.spec" exit 9 fi # https://fedoraproject.org/wiki/Packaging_tricks#With_.25doc mkdir __doc mv %{buildroot}%{_datadir}/doc/cups-filters/* __doc rm -r %{buildroot}%{_datadir}/doc/cups-filters mv fontembed/README __doc/fontembed.README # Install the cups-browsed.service systemd unit file from the upstream sources: mkdir -p %{buildroot}%{_unitdir} install -p -m 644 utils/cups-browsed.service %{buildroot}%{_unitdir} # Provide SUSE policy symlink /usr/sbin/rcFOO -> /etc/init.d/FOO # /usr/sbin/service exists only since openSUSE 12.3: %if 0%{?suse_version} > 1220 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rccups-browsed %else ln -s /sbin/service %{buildroot}%{_sbindir}/rccups-browsed %endif # Don't ship libtool la files. rm -f %{buildroot}%{_libdir}/lib*.la # Not sure what is this good for rm -f %{buildroot}%{_bindir}/ttfread %post /sbin/ldconfig exit 0 %postun /sbin/ldconfig exit 0 %pre ghostscript # The CUPS filter gstoraster requires matching MIME conversion rules for CUPS # otherwise CUPS would not know when to use the gstoraster filter. # The cups-filters main package contains them in /usr/share/cups/mime/cupsfilters.convs # but this contains all MIME conversion rules for the PDF printing workflow # that is used for CUPS since version 1.6 but not for traditional CUPS <= 1.5.4. # The cups-filters-ghostscript sub-package is explicitly intended to be also used # for traditional CUPS <= 1.5.4 (see the cups-filters-ghostscript sub-package description) # so that we need to provide MIME conversion rules for gstoraster in a special way # that gets overwritten when the cups-filters main package is installed # after the cups-filters-ghostscript sub-package. Therefore we create # the traditional MIME conversion rules for gstoraster that were provided # in Ghostscript up to version 9.07 in /etc/cups/gstoraster.convs and # we use the same file name /usr/share/cups/mime/cupsfilters.convs # that is also used by the cups-filters main package so that its installation # will overwrite the traditional MIME conversion rules for gstoraster in that file # by the new MIME conversion rules from cups-filters. To be on the safe side # do not overwrite an existing /usr/share/cups/mime/cupsfilters.convs file # (e.g. when cups-filters was installed before cups-filters-ghostscript). # Do nothing when /usr/share/cups/mime/ does not exist (e.g. when CUPS is not installed). if test -e %{_datadir}/cups/mime/cupsfilters.convs then exit 0 fi if test -d %{_datadir}/cups/mime/ then echo '# traditional CUPS <= 1.5.4 MIME conversion rules for the gstoraster filter' >%{_datadir}/cups/mime/cupsfilters.convs echo 'application/vnd.cups-pdf application/vnd.cups-raster 66 gstoraster' >>%{_datadir}/cups/mime/cupsfilters.convs echo 'application/vnd.cups-postscript application/vnd.cups-raster 100 gstoraster' >>%{_datadir}/cups/mime/cupsfilters.convs fi exit 0 %post ghostscript /sbin/ldconfig exit 0 %postun ghostscript /sbin/ldconfig exit 0 %pre cups-browsed %service_add_pre cups-browsed.service exit 0 %post cups-browsed %service_add_post cups-browsed.service exit 0 %preun cups-browsed %service_del_preun cups-browsed.service exit 0 %postun cups-browsed %service_del_preun cups-browsed.service exit 0 %files # The files sections list all mandatory files explicitly one by one. # In particular all executables are listed explicitly. # This avoids that whatever configure magic might silently # not build and install an executable when whatever condition # for configure's automated tests is not fulfilled in the build system, # (cf. https://bugzilla.novell.com/show_bug.cgi?id=526847#c9). # When all mandatory files are explicitly listed, # the build fails intentionally if a mandatory file was not built # which ensures that already existing correctly built binary RPMs # are not overwritten by broken RPMs where mandatory files are missing. %defattr(-,root,root) %doc __doc/README __doc/AUTHORS __doc/NEWS __doc/COPYING __doc/fontembed.README %config(noreplace) %{_sysconfdir}/fonts/conf.d/99pdftoopvp.conf %dir /usr/lib/cups %dir /usr/lib/cups/backend %attr(0755,root,root) /usr/lib/cups/backend/parallel # Serial backend needs to run as root # see https://bugzilla.redhat.com/show_bug.cgi?id=212577#c4 %attr(0700,root,root) /usr/lib/cups/backend/serial %dir /usr/lib/cups/filter %attr(0755,root,root) /usr/lib/cups/filter/bannertopdf %attr(0755,root,root) /usr/lib/cups/filter/commandtoescpx %attr(0755,root,root) /usr/lib/cups/filter/commandtopclx %attr(0755,root,root) /usr/lib/cups/filter/imagetopdf %attr(0755,root,root) /usr/lib/cups/filter/imagetops %attr(0755,root,root) /usr/lib/cups/filter/imagetoraster %attr(0755,root,root) /usr/lib/cups/filter/pdftoijs %attr(0755,root,root) /usr/lib/cups/filter/pdftoippprinter %attr(0755,root,root) /usr/lib/cups/filter/pdftoopvp %attr(0755,root,root) /usr/lib/cups/filter/pdftopdf %attr(0755,root,root) /usr/lib/cups/filter/pdftops %attr(0755,root,root) /usr/lib/cups/filter/pdftoraster %attr(0755,root,root) /usr/lib/cups/filter/pstopdf %attr(0755,root,root) /usr/lib/cups/filter/rastertoescpx %attr(0755,root,root) /usr/lib/cups/filter/rastertopclx %attr(0755,root,root) /usr/lib/cups/filter/rastertopdf %attr(0755,root,root) /usr/lib/cups/filter/textonly %attr(0755,root,root) /usr/lib/cups/filter/texttopdf %attr(0755,root,root) /usr/lib/cups/filter/texttops %attr(0755,root,root) /usr/lib/cups/filter/urftopdf %dir %{_datadir}/cups %{_datadir}/cups/banners %{_datadir}/cups/charsets %dir %{_datadir}/cups/data %{_datadir}/cups/data/* %dir %{_datadir}/cups/drv %{_datadir}/cups/drv/cupsfilters.drv %dir %{_datadir}/cups/mime %{_datadir}/cups/mime/cupsfilters.types %{_datadir}/cups/mime/cupsfilters.convs %dir %{_datadir}/ppd %{_datadir}/ppd/cupsfilters %{_libdir}/libfontembed.so.* %files ghostscript # "ldd /usr/lib/cups/filter/gstoraster | grep cups" shows that # gstoraster is linked with /usr/lib/libcupsfilters.so.* so that # it must be in the cups-filters-ghostscript sub-package to ensure # the cups-filters-ghostscript sub-package can be installed on its own # without a RPM requirement for the cups-filters main package # which would cause file conflicts with CUPS <= 1.5.4 # see the cups-filters-ghostscript sub-package description. # /usr/lib/cups/filter/gstopxl is a bash script. %defattr(-,root,root) %dir /usr/lib/cups %dir /usr/lib/cups/filter %attr(0755,root,root) /usr/lib/cups/filter/gstoraster %attr(0755,root,root) /usr/lib/cups/filter/gstopxl %{_libdir}/libcupsfilters.so.* %files foomatic-rip %defattr(-,root,root) %dir /usr/lib/cups %dir /usr/lib/cups/filter %attr(0755,root,root) /usr/lib/cups/filter/foomatic-rip %{_bindir}/foomatic-rip %{_mandir}/man1/foomatic-rip.1.gz %files cups-browsed %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/cups/cups-browsed.conf %{_sbindir}/cups-browsed %{_sbindir}/rccups-browsed %{_unitdir}/cups-browsed.service %{_mandir}/man5/cups-browsed.conf.5.gz %{_mandir}/man8/cups-browsed.8.gz %files devel %defattr(-,root,root) %dir %{_datadir}/cups/ppdc %{_datadir}/cups/ppdc/pcl.h %{_datadir}/cups/ppdc/escp.h %{_libdir}/libcupsfilters.so %{_libdir}/libfontembed.so %{_libdir}/pkgconfig/libcupsfilters.pc %{_libdir}/pkgconfig/libfontembed.pc %{_includedir}/cupsfilters %{_includedir}/fontembed %changelog ++++++ cups-filters-1.0.58-CVE-2015-2265.patch ++++++ --- utils/cups-browsed.c 2015-03-12 13:42:32.000000000 +0100 +++ utils/cups-browsed.c 2015-03-12 13:42:10.000000000 +0100 @@ -629,10 +629,12 @@ remove_bad_chars(const char *str_orig, / if (((str[i] >= 'A') && (str[i] <= 'Z')) || ((str[i] >= 'a') && (str[i] <= 'z')) || ((str[i] >= '0') && (str[i] <= '9')) || - (mode == 1 && (str[i] == '/' || str[i] == '_' || + str[i] == '_' || + (mode == 1 && (str[i] == '/' || str[i] == '.' || str[i] == ','))) { - /* Letter or number, keep it */ + /* Allowed character, keep it */ havedash = 0; + str[j] = str[i]; } else { /* Replace all other characters by a single '-' */ if (havedash == 1) ++++++ cups-filters-1.0.58-CVE-2015-3258-CVE-2015-3279.patch ++++++ --- cups-filters-1.0.58/filter/textcommon.c 2014-04-07 16:40:24.000000000 +0200 +++ cups-filters-1.0.71/filter/textcommon.c 2015-07-03 00:51:21.000000000 +0200 @@ -26,6 +26,7 @@ */ #include "textcommon.h" +#include <limits.h> /* @@ -644,6 +645,45 @@ TextMain(const char *name, /* I - Name o if (PrettyPrint) PageTop -= 216.0f / LinesPerInch; + /* + * Allocate memory for the page... + */ + + SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch; + SizeLines = (PageTop - PageBottom) / 72.0 * LinesPerInch; + + /* + * Enforce minimum size... + */ + if (SizeColumns < 1) + SizeColumns = 1; + if (SizeLines < 1) + SizeLines = 1; + + if (SizeLines >= INT_MAX / SizeColumns / sizeof(lchar_t)) + { + fprintf(stderr, "ERROR: bad page size\n"); + exit(1); + } + + Page = calloc(sizeof(lchar_t *), SizeLines); + if (!Page) + { + fprintf(stderr, "ERROR: cannot allocate memory for page\n"); + exit(1); + } + + Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines); + if (!Page[0]) + { + free(Page); + fprintf(stderr, "ERROR: cannot allocate memory for page\n"); + exit(1); + } + + for (i = 1; i < SizeLines; i ++) + Page[i] = Page[0] + i * SizeColumns; + Copies = atoi(argv[4]); WriteProlog(argv[3], argv[2], getenv("CLASSIFICATION"), @@ -1122,6 +1162,8 @@ TextMain(const char *name, /* I - Name o if (ppd != NULL) ppdClose(ppd); + free(Page[0]); + free(Page); return (0); } --- cups-filters-1.0.58/filter/texttopdf.c 2013-12-10 22:20:15.000000000 +0100 +++ cups-filters-1.0.71/filter/texttopdf.c 2015-07-03 00:51:21.000000000 +0200 @@ -172,9 +172,6 @@ WriteEpilogue(void) { "FN","FB","FI" }; int i,j; - free(Page[0]); - free(Page); - // embed fonts for (i = PrettyPrint ? 2 : 1; i >= 0; i --) { for (j = 0; j < NumFonts; j ++) @@ -333,18 +330,6 @@ WriteProlog(const char *title, /* I - T PageTop -= 36; } - /* - * Allocate memory for the page... - */ - - SizeColumns = (PageRight - PageLeft) / 72.0 * CharsPerInch; - SizeLines = (PageTop - PageBottom) / 72.0 * LinesPerInch; - - Page = calloc(sizeof(lchar_t *), SizeLines); - Page[0] = calloc(sizeof(lchar_t), SizeColumns * SizeLines); - for (i = 1; i < SizeLines; i ++) - Page[i] = Page[0] + i * SizeColumns; - if (PageColumns > 1) { ColumnGutter = CharsPerInch / 2;