Package: cups; Maintainer for cups is Debian Printing Team <debian-printing@lists.debian.org>; Source for cups is src:cups (PTS, buildd, popcon).
Reported by: Raphael Geissert <atomo64@gmail.com>
Date: Wed, 19 Nov 2008 03:24:02 UTC
Severity: important
Tags: patch, security
Found in versions cups/1.3.7-1, cups/1.3.8-1lenny2, cups/1.3.7-6
Fixed in versions cups/1.3.9-12, cups/1.3.9-13
Done: Martin Pitt <mpitt@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Wed, 19 Nov 2008 03:24:04 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: cups Severity: important Version: 1.3.7-1 Tags: security Hi, An exploit[0][1] has been published for CUPS. > The daemon crashes when more than 100 RSS Subscriptions are added which has > been successfully tested on the latest versions of openSuse and Ubuntu > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, > the user doesn’t need to login to add RSS subscriptions, although > authentication is required to perform other actions. I’m not sure if this > bug can lead to remote code execution. Further investigation/gdbing is > required. Note: when reproducing it locally in a default Debian setup, I was required to login before the RSS subscriptions could be added and then crash cupsd. If you fix the vulnerability please also make sure to include the CVE id when one is assigned in the changelog entry. [0]http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/ [1]http://www.milw0rm.com/exploits/7151 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Martin Pitt <mpitt@debian.org>
:
You have taken responsibility.
(Wed, 19 Nov 2008 12:15:03 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <atomo64@gmail.com>
:
Bug acknowledged by developer.
(Wed, 19 Nov 2008 12:15:04 GMT) (full text, mbox, link).
Message #8 received at 506180-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 1.3.8-1 Hello Raphael, Raphael Geissert [2008-11-18 21:22 -0600]: > An exploit[0][1] has been published for CUPS. > > > The daemon crashes when more than 100 RSS Subscriptions are added which has > > been successfully tested on the latest versions of openSuse and Ubuntu > > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, > > the user doesn’t need to login to add RSS subscriptions, although > > authentication is required to perform other actions. I’m not sure if this > > bug can lead to remote code execution. Further investigation/gdbing is > > required. > > Note: when reproducing it locally in a default Debian setup, I was required to > login before the RSS subscriptions could be added and then crash cupsd. This is http://www.cups.org/str.php?L2774 which has been fixed in 1.3.8. Thus current testing and unstable are unaffected. Etch is unaffected as well, since 1.2.7 did not yet have RSS subscriptions. So I close this report. However, it is relevant for Ubuntu 7.10 and 8.04, so I'll fix it there. > If you fix the vulnerability please also make sure to include the CVE id when > one is assigned in the changelog entry. I will, but currently there is none. Thanks for pointing out! Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Wed, 19 Nov 2008 22:18:15 GMT) (full text, mbox, link).
Acknowledgement sent
to "Raphael Geissert" <atomo64@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Wed, 19 Nov 2008 22:18:16 GMT) (full text, mbox, link).
Message #13 received at 506180@bugs.debian.org (full text, mbox, reply):
found 506180 1.3.8-1lenny2 thanks 2008/11/19 Martin Pitt <mpitt@debian.org>: > Version: 1.3.8-1 > > Hello Raphael, Hello Martin, > > Raphael Geissert [2008-11-18 21:22 -0600]: >> An exploit[0][1] has been published for CUPS. >> >> > The daemon crashes when more than 100 RSS Subscriptions are added which has >> > been successfully tested on the latest versions of openSuse and Ubuntu >> > Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, >> > the user doesn't need to login to add RSS subscriptions, although >> > authentication is required to perform other actions. I'm not sure if this >> > bug can lead to remote code execution. Further investigation/gdbing is >> > required. >> >> Note: when reproducing it locally in a default Debian setup, I was required to >> login before the RSS subscriptions could be added and then crash cupsd. > > This is http://www.cups.org/str.php?L2774 which has been fixed in > 1.3.8. Thus current testing and unstable are unaffected. Etch is > unaffected as well, since 1.2.7 did not yet have RSS subscriptions. I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed didn't actually fix the bug. > > So I close this report. However, it is relevant for Ubuntu 7.10 and > 8.04, so I'll fix it there. > >> If you fix the vulnerability please also make sure to include the CVE id when >> one is assigned in the changelog entry. > > I will, but currently there is none. Thanks > > Thanks for pointing out! > > Martin > -- > Martin Pitt | http://www.piware.de > Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkkkAp4ACgkQDecnbV4Fd/IK2QCgn0fu3EINqmK1K8bm4eJWtoyM > aq0AoKAf5F+LyDsKVWVq1j+6+fi34oJB > =wZbr > -----END PGP SIGNATURE----- > > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Alfred Hitchcock - "Television has brought back murder into the home - where it belongs."
Bug marked as found in version 1.3.8-1lenny2 and reopened.
Request was from "Raphael Geissert" <atomo64@gmail.com>
to control@bugs.debian.org
.
(Wed, 19 Nov 2008 22:18:17 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Thu, 20 Nov 2008 11:01:18 GMT) (full text, mbox, link).
Acknowledgement sent
to Martin Pitt <mpitt@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Thu, 20 Nov 2008 11:02:02 GMT) (full text, mbox, link).
Message #20 received at 506180@bugs.debian.org (full text, mbox, reply):
Raphael Geissert [2008-11-19 16:13 -0600]: > I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed > didn't actually fix the bug. Hm, all I get is a hanging browser, because it spits out hundreds of empty message boxes. I wouldn't exactly call that a browser vulnerability, it's just a JavaScript lifelock, but it didn't cause cups to crash here. Did you get the same? Can you please run "cupsctl --debug-logging", then run the reproducer, and attach /var/log/cups/error_log afterwards? Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Thu, 20 Nov 2008 18:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Raphael Geissert" <atomo64@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Thu, 20 Nov 2008 18:48:05 GMT) (full text, mbox, link).
Message #25 received at 506180@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
2008/11/20 Martin Pitt <mpitt@debian.org>: > Raphael Geissert [2008-11-19 16:13 -0600]: >> I did manage to reproduce it in 1.3.8-1lenny2, so whatever was changed >> didn't actually fix the bug. > > Hm, all I get is a hanging browser, because it spits out hundreds of > empty message boxes. I wouldn't exactly call that a browser > vulnerability, it's just a JavaScript lifelock, but it didn't cause > cups to crash here. If I log into the web interface before running the exploit it does crash cups (and if I don't login at least konqueror doesn't hang:). > > Did you get the same? On the first execution of the exploit it only inserts 95 feeds and doesn't crash, but if I re run the exploit (with a different feed name) when after it reaches 100 feeds in total (first run + second run) cupsd crashes. > Can you please run "cupsctl --debug-logging", > then run the reproducer, and attach /var/log/cups/error_log > afterwards? Done > > Thanks, > > Martin > > -- > Martin Pitt | http://www.piware.de > Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Lily Tomlin - "The trouble with the rat race is that even if you win, you're still a rat."
[error_log.gz (application/x-gzip, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Sat, 22 Nov 2008 20:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to "Raphael Geissert" <atomo64@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Sat, 22 Nov 2008 20:21:08 GMT) (full text, mbox, link).
Message #30 received at 506180@bugs.debian.org (full text, mbox, reply):
found 506180 1.3.7-6 retitle 506180 CVE-2008-5183: daemon crashes when adding more than 100 subscriptions thanks 2008/11/18 Raphael Geissert <atomo64@gmail.com>: > Source: cups > Severity: important > Version: 1.3.7-1 > Tags: security > > Hi, > > An exploit[0][1] has been published for CUPS. > >> The daemon crashes when more than 100 RSS Subscriptions are added which has >> been successfully tested on the latest versions of openSuse and Ubuntu >> Desktop at time of writing (11.0 and 8.04.1 respectively). For some reason, This is CVE-2008-5183 >> the user doesn't need to login to add RSS subscriptions, although >> authentication is required to perform other actions. I'm not sure if this and this is CVE-2008-5184. So, if I got it right etch is not affected either, right? Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Yogi Berra - "I never said most of the things I said."
Bug marked as found in version 1.3.7-6.
Request was from "Raphael Geissert" <atomo64@gmail.com>
to control@bugs.debian.org
.
(Sat, 22 Nov 2008 20:21:09 GMT) (full text, mbox, link).
Changed Bug title to `CVE-2008-5183: daemon crashes when adding more than 100' from `CUPS: daemon crashes when adding more than 100 rss subscriptions'.
Request was from "Raphael Geissert" <atomo64@gmail.com>
to control@bugs.debian.org
.
(Sat, 22 Nov 2008 20:21:10 GMT) (full text, mbox, link).
Bug no longer marked as fixed in version 1.3.8-1.
Request was from Raphael Geissert <atomo64@gmail.com>
to control@bugs.debian.org
.
(Sat, 22 Nov 2008 21:51:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Sun, 30 Nov 2008 19:18:02 GMT) (full text, mbox, link).
Message #39 received at 506180@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 506180 CVE-2008-5183: daemon crashes when adding more than 100 subscriptions thanks Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb7a7d6d0 (LWP 6035)] create_subscription (con=0x9d71768, uri=0x9d3bbc8) at ipp.c:5603 5603 ipp.c: No such file or directory. in ipp.c (gdb) bt #0 create_subscription (con=0x9d71768, uri=0x9d3bbc8) at ipp.c:5603 #1 0x0807f527 in cupsdProcessIPPRequest (con=0x9d71768) at ipp.c:613 #2 0x08059614 in cupsdReadClient (con=0x9d71768) at client.c:2131 #3 0x08092b12 in cupsdDoSelect (timeout=1) at select.c:543 #4 0x0806b34c in main (argc=1, argv=0xbfefdc64) at main.c:787 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
[signature.asc (application/pgp-signature, inline)]
Changed Bug title to `CVE-2008-5183: daemon crashes when adding more than 100 subscriptions' from `CVE-2008-5183: daemon crashes when adding more than 100'.
Request was from Raphael Geissert <atomo64@gmail.com>
to control@bugs.debian.org
.
(Sun, 30 Nov 2008 19:18:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Sun, 21 Dec 2008 12:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Sun, 21 Dec 2008 12:27:04 GMT) (full text, mbox, link).
Message #46 received at 506180@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, what is the status of this issue regarding lenny? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Fri, 02 Jan 2009 15:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Martin Pitt <mpitt@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Fri, 02 Jan 2009 15:48:04 GMT) (full text, mbox, link).
Message #51 received at 506180@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Nico, happy new year! Nico Golde [2008-12-21 13:21 +0100]: > what is the status of this issue regarding lenny? The "unauthenticated RSS subscription crash" (CVE-2008-5184, STR #2774) is fixed in 1.3.8, thus in lenny and unstable; it does not affect etch at all. The "crash on more than 100 subscriptions" (CVE-2008-5183) is not fixed anywhere (not even upstream svn trunk). However, it is just an authenticated local DoS (NULL pointer deref), and as such I claim that it is not urgent at all, if it can even be called a vulnerability in the first place. http://lab.gnucitizen.org/projects/cups-0day has some details on this. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
:
Bug#506180
; Package cups
.
(Sun, 04 Jan 2009 01:24:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastien ROUCARIES <roucaries.bastien+debian@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
.
(Sun, 04 Jan 2009 01:24:02 GMT) (full text, mbox, link).
Message #56 received at 506180@bugs.debian.org (full text, mbox, reply):
tags 506180 + patch thanks Seems that red hat as a patch: https://bugzilla.redhat.com/show_bug.cgi?id=473901 https://bugzilla.redhat.com/attachment.cgi?id=325223 Regards -- "ROUCARIÈS Bastien" roucaries.bastien+debian@gmail.com ------------------------------------------------------------------------------- DO NOT WRITE TO roucaries.bastien+blackhole@gmail.com OR BE BLACKLISTED
Tags added: patch
Request was from Bastien ROUCARIES <roucaries.bastien+debian@gmail.com>
to control@bugs.debian.org
.
(Sun, 04 Jan 2009 01:24:03 GMT) (full text, mbox, link).
Reply sent
to Till Kamppeter <till.kamppeter@gmail.com>
:
You have taken responsibility.
(Sun, 25 Jan 2009 11:48:03 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <atomo64@gmail.com>
:
Bug acknowledged by developer.
(Sun, 25 Jan 2009 11:48:03 GMT) (full text, mbox, link).
Message #63 received at 506180-close@bugs.debian.org (full text, mbox, reply):
Source: cups Source-Version: 1.3.9-12 We believe that the bug you reported is fixed in the latest version of cups, which is due to be installed in the Debian FTP archive: cups-bsd_1.3.9-12_i386.deb to pool/main/c/cups/cups-bsd_1.3.9-12_i386.deb cups-client_1.3.9-12_i386.deb to pool/main/c/cups/cups-client_1.3.9-12_i386.deb cups-common_1.3.9-12_all.deb to pool/main/c/cups/cups-common_1.3.9-12_all.deb cups-dbg_1.3.9-12_i386.deb to pool/main/c/cups/cups-dbg_1.3.9-12_i386.deb cups_1.3.9-12.diff.gz to pool/main/c/cups/cups_1.3.9-12.diff.gz cups_1.3.9-12.dsc to pool/main/c/cups/cups_1.3.9-12.dsc cups_1.3.9-12_i386.deb to pool/main/c/cups/cups_1.3.9-12_i386.deb cupsys-bsd_1.3.9-12_all.deb to pool/main/c/cups/cupsys-bsd_1.3.9-12_all.deb cupsys-client_1.3.9-12_all.deb to pool/main/c/cups/cupsys-client_1.3.9-12_all.deb cupsys-common_1.3.9-12_all.deb to pool/main/c/cups/cupsys-common_1.3.9-12_all.deb cupsys-dbg_1.3.9-12_all.deb to pool/main/c/cups/cupsys-dbg_1.3.9-12_all.deb cupsys_1.3.9-12_all.deb to pool/main/c/cups/cupsys_1.3.9-12_all.deb libcups2-dev_1.3.9-12_i386.deb to pool/main/c/cups/libcups2-dev_1.3.9-12_i386.deb libcups2_1.3.9-12_i386.deb to pool/main/c/cups/libcups2_1.3.9-12_i386.deb libcupsimage2-dev_1.3.9-12_i386.deb to pool/main/c/cups/libcupsimage2-dev_1.3.9-12_i386.deb libcupsimage2_1.3.9-12_i386.deb to pool/main/c/cups/libcupsimage2_1.3.9-12_i386.deb libcupsys2-dev_1.3.9-12_all.deb to pool/main/c/cups/libcupsys2-dev_1.3.9-12_all.deb libcupsys2_1.3.9-12_all.deb to pool/main/c/cups/libcupsys2_1.3.9-12_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 506180@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Till Kamppeter <till.kamppeter@gmail.com> (supplier of updated cups package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 25 Jan 2009 12:05:44 +0100 Source: cups Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev Architecture: source all i386 Version: 1.3.9-12 Distribution: experimental Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com> Changed-By: Till Kamppeter <till.kamppeter@gmail.com> Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cupsys - Common UNIX Printing System (transitional package) cupsys-bsd - Common UNIX Printing System (transitional package) cupsys-client - Common UNIX Printing System (transitional package) cupsys-common - Common UNIX Printing System (transitional package) cupsys-dbg - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - libs libcups2-dev - Common UNIX Printing System(tm) - development files libcupsimage2 - Common UNIX Printing System(tm) - image libs libcupsimage2-dev - Common UNIX Printing System(tm) - image development files libcupsys2 - Common UNIX Printing System (transitional package) libcupsys2-dev - Common UNIX Printing System (transitional package) Closes: 506180 Changes: cups (1.3.9-12) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx, debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Do not reposition the pages when an automatic rotation did not actually take place and do not apply the page size and margins from the PPD file or the coomand line if no manipulations affecting the printout size are done (N-up, scaling, fitplot, ...). This caused LP: #310575. . * debian/cups.postinst: Let the PPD files of the existing print queues get automatically updated after each installation of this package (if they use PPDs of this package). . [ Marc Deslauriers ] * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (Closes: #506180, LP: #298241) - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c} - CVE-2008-5183 . [ Martin Pitt ] * pidfile.dpatch: Adapt to changes from MaxSubscriptions fix from above. Checksums-Sha1: e8c36ef5f2e7c69d5168c3c05053402fb06cef22 1996 cups_1.3.9-12.dsc 7fac3061c4a2e1e46ea242d6f11582def58e7517 324982 cups_1.3.9-12.diff.gz 2b077def7a99791104c9255a5afec78f5fb77b38 1181762 cups-common_1.3.9-12_all.deb a3392b5786390728fe988227d37946f89581eb3b 58244 cupsys_1.3.9-12_all.deb 6989e7ee96fdced4be84dbc1fa0e43cd593cea2d 58266 cupsys-client_1.3.9-12_all.deb eb9b72a49441ebb9a51463f1cc580f777c283fa8 58262 cupsys-common_1.3.9-12_all.deb ecebe12865823ca2cc042176d3b53aef39aa4384 58260 cupsys-bsd_1.3.9-12_all.deb c8d53fd3eb18ba6278707f0c35c28576f303753f 58260 cupsys-dbg_1.3.9-12_all.deb 868545c46bb432fc8219330f1a87cf24363cd104 58266 libcupsys2_1.3.9-12_all.deb 8c6806d804720bda5fcf26aa09595f769bd2c781 58276 libcupsys2-dev_1.3.9-12_all.deb f3fabdca5ff8fa058a1d35ef093b2b353392c6d6 171612 libcups2_1.3.9-12_i386.deb c38d8a85961d0d4835272270911ef5a4194fe852 105560 libcupsimage2_1.3.9-12_i386.deb 916d8327168161c41b83785b8ca7b06a945af069 2207620 cups_1.3.9-12_i386.deb 755c9de05e0a7d2b0bc3403dffcf397df91f9610 115786 cups-client_1.3.9-12_i386.deb f2569df14d473a074238e15a02fd70896024172f 401796 libcups2-dev_1.3.9-12_i386.deb c8e4f9fa498093fc92456ea07880a9c9e02647a3 60628 libcupsimage2-dev_1.3.9-12_i386.deb 610e81b4b3bc9d4fdc0fea7ba8309f4082dd816f 36594 cups-bsd_1.3.9-12_i386.deb f7d7e36259b4ab19b10fea747ee3acadfe741df4 1517232 cups-dbg_1.3.9-12_i386.deb Checksums-Sha256: 3aa7fe2270079da0b54d51792f192be213f7de45ba8ce8a05d7bd9419ccc3436 1996 cups_1.3.9-12.dsc ce00f2836713b3e96ed5b064b6f4a27de83bdcc9d06d5d943e8558389dd00a5d 324982 cups_1.3.9-12.diff.gz cb7f31594aa1101872591a6d53573bb6f4973c148cfd07eb4bdd0bd0e65bc74f 1181762 cups-common_1.3.9-12_all.deb 185ccfb295e5bea2094390c7a73390d190cdddbe11ec288b524e08a413486a44 58244 cupsys_1.3.9-12_all.deb d3df4bd9dca2b9d3ab6a654b02a1ced890ea8e6900d9259c71e44ab59ef488ad 58266 cupsys-client_1.3.9-12_all.deb fe1e6c90f8c0790a9461e6ab2fb397da146aecf86bd82483ce19725706e90fc3 58262 cupsys-common_1.3.9-12_all.deb 2c53ec1a9dd86d783eb02703cf56f1983a75551bfcebdcf58fff1b600dc12ed5 58260 cupsys-bsd_1.3.9-12_all.deb ab70bd3b57e1febc223c9cbdae5c839a25df418a7f2db8903c136f2ace5a1890 58260 cupsys-dbg_1.3.9-12_all.deb 02a88565272539cf861bbcdfbb2ccbb12c04cdb783b287bc80761644ef36a634 58266 libcupsys2_1.3.9-12_all.deb 4e3abfe0847f1c9b9ceee8ac88c3a245b1b097e35818d7c5ae7ad2a271b3cb7d 58276 libcupsys2-dev_1.3.9-12_all.deb a9e2b1060c0a5ff0f8274eea2427068133add5b6a5025e2efddb2febd629798c 171612 libcups2_1.3.9-12_i386.deb f786f08599a3529a4f33d40c98b5edf33a07262703d0df785c23ae9b27180d13 105560 libcupsimage2_1.3.9-12_i386.deb e4f6ea6359fb215ae327c9b26d88c7c88f8516bb4aedbe2096bfcc22924dbbd0 2207620 cups_1.3.9-12_i386.deb 7db6be72f66225fa6f4fc1ea71aca16b1aea9a9b5ba829f84e265042fd8f6225 115786 cups-client_1.3.9-12_i386.deb 5fc8c260835c4037f458414248f95ca5feeb8d533a627a024281e5472ffddb70 401796 libcups2-dev_1.3.9-12_i386.deb ec8550cb4e18185c000d0396a11b039fc58cc597057523a4fdb299fd56d9fe0f 60628 libcupsimage2-dev_1.3.9-12_i386.deb 0ed18cde7f5bbac0bcbb20d12945e840488a61a74b3d3ad0621c4544785130ec 36594 cups-bsd_1.3.9-12_i386.deb 304d8cc89da42904ebad1f06c475a3efd0c07a127d06b5151664a53e4930d0aa 1517232 cups-dbg_1.3.9-12_i386.deb Files: 455796a8fef80118fc3a0dbabeb455dd 1996 net optional cups_1.3.9-12.dsc d1febb11a80f8f8ba3aca237c97f8482 324982 net optional cups_1.3.9-12.diff.gz d910c6f8ead06296748b18c5b26ff3b8 1181762 net optional cups-common_1.3.9-12_all.deb d3a687345f3af9df82c713b95b6f121a 58244 oldlibs extra cupsys_1.3.9-12_all.deb 4ec581050e3ecdd16cbd01db70ee1caf 58266 oldlibs extra cupsys-client_1.3.9-12_all.deb 1f27fcb6d8fc35ca21687ee3d890b3da 58262 oldlibs extra cupsys-common_1.3.9-12_all.deb 8fb1816227d9b2c0748c04ecb0766c31 58260 oldlibs extra cupsys-bsd_1.3.9-12_all.deb 02d6b1ea44c166d21775359d002e0e43 58260 oldlibs extra cupsys-dbg_1.3.9-12_all.deb c8ee8f14832f29a3347d0c096833f0b1 58266 oldlibs extra libcupsys2_1.3.9-12_all.deb cb92052b102c224f4325d7ecee05c8ad 58276 oldlibs extra libcupsys2-dev_1.3.9-12_all.deb 9fab8633f8e7e751b7352fb54b00fc0c 171612 libs optional libcups2_1.3.9-12_i386.deb 871c664725354de8357d542659bc1774 105560 libs optional libcupsimage2_1.3.9-12_i386.deb a0450b3c3f05c3f601d35762d4f1cec4 2207620 net optional cups_1.3.9-12_i386.deb 784c67570c17cf258296e45e19711653 115786 net optional cups-client_1.3.9-12_i386.deb 4bec5cfe2f368bce36aae617886733a2 401796 libdevel optional libcups2-dev_1.3.9-12_i386.deb 8919dde0587ec2e5357a85f5f340cf15 60628 libdevel optional libcupsimage2-dev_1.3.9-12_i386.deb 7dadee9de16121af273cadb2f7098ff2 36594 net extra cups-bsd_1.3.9-12_i386.deb 6751f8cb7bc6660bb69ed2dba59b3fe3 1517232 libdevel extra cups-dbg_1.3.9-12_i386.deb Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkl8SjoACgkQDecnbV4Fd/IxmACfYCdtbdjjDJjVH2wk4JeHiVLs g/oAoIl+1lyzSyYvHY9W7Az4iUsW6wLp =crLC -----END PGP SIGNATURE-----
Reply sent
to Martin Pitt <mpitt@debian.org>
:
You have taken responsibility.
(Sun, 15 Feb 2009 18:18:13 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <atomo64@gmail.com>
:
Bug acknowledged by developer.
(Sun, 15 Feb 2009 18:18:14 GMT) (full text, mbox, link).
Message #68 received at 506180-close@bugs.debian.org (full text, mbox, reply):
Source: cups Source-Version: 1.3.9-13 We believe that the bug you reported is fixed in the latest version of cups, which is due to be installed in the Debian FTP archive: cups-bsd_1.3.9-13_i386.deb to pool/main/c/cups/cups-bsd_1.3.9-13_i386.deb cups-client_1.3.9-13_i386.deb to pool/main/c/cups/cups-client_1.3.9-13_i386.deb cups-common_1.3.9-13_all.deb to pool/main/c/cups/cups-common_1.3.9-13_all.deb cups-dbg_1.3.9-13_i386.deb to pool/main/c/cups/cups-dbg_1.3.9-13_i386.deb cups_1.3.9-13.diff.gz to pool/main/c/cups/cups_1.3.9-13.diff.gz cups_1.3.9-13.dsc to pool/main/c/cups/cups_1.3.9-13.dsc cups_1.3.9-13_i386.deb to pool/main/c/cups/cups_1.3.9-13_i386.deb cupsys-bsd_1.3.9-13_all.deb to pool/main/c/cups/cupsys-bsd_1.3.9-13_all.deb cupsys-client_1.3.9-13_all.deb to pool/main/c/cups/cupsys-client_1.3.9-13_all.deb cupsys-common_1.3.9-13_all.deb to pool/main/c/cups/cupsys-common_1.3.9-13_all.deb cupsys-dbg_1.3.9-13_all.deb to pool/main/c/cups/cupsys-dbg_1.3.9-13_all.deb cupsys_1.3.9-13_all.deb to pool/main/c/cups/cupsys_1.3.9-13_all.deb libcups2-dev_1.3.9-13_i386.deb to pool/main/c/cups/libcups2-dev_1.3.9-13_i386.deb libcups2_1.3.9-13_i386.deb to pool/main/c/cups/libcups2_1.3.9-13_i386.deb libcupsimage2-dev_1.3.9-13_i386.deb to pool/main/c/cups/libcupsimage2-dev_1.3.9-13_i386.deb libcupsimage2_1.3.9-13_i386.deb to pool/main/c/cups/libcupsimage2_1.3.9-13_i386.deb libcupsys2-dev_1.3.9-13_all.deb to pool/main/c/cups/libcupsys2-dev_1.3.9-13_all.deb libcupsys2_1.3.9-13_all.deb to pool/main/c/cups/libcupsys2_1.3.9-13_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 506180@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Pitt <mpitt@debian.org> (supplier of updated cups package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 15 Feb 2009 18:39:03 +0100 Source: cups Binary: libcups2 libcupsimage2 cups cups-client libcups2-dev libcupsimage2-dev cups-bsd cups-common cups-dbg cupsys cupsys-client cupsys-common cupsys-bsd cupsys-dbg libcupsys2 libcupsys2-dev Architecture: source all i386 Version: 1.3.9-13 Distribution: unstable Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com> Changed-By: Martin Pitt <mpitt@debian.org> Description: cups - Common UNIX Printing System(tm) - server cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-dbg - Common UNIX Printing System(tm) - debugging symbols cupsys - Common UNIX Printing System (transitional package) cupsys-bsd - Common UNIX Printing System (transitional package) cupsys-client - Common UNIX Printing System (transitional package) cupsys-common - Common UNIX Printing System (transitional package) cupsys-dbg - Common UNIX Printing System (transitional package) libcups2 - Common UNIX Printing System(tm) - libs libcups2-dev - Common UNIX Printing System(tm) - development files libcupsimage2 - Common UNIX Printing System(tm) - image libs libcupsimage2-dev - Common UNIX Printing System(tm) - image development files libcupsys2 - Common UNIX Printing System (transitional package) libcupsys2-dev - Common UNIX Printing System (transitional package) Closes: 410171 475270 478280 482186 489045 489246 494168 495220 495598 497492 498664 500305 503644 506180 507183 Changes: cups (1.3.9-13) unstable; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/filter/imagetopdf.c: Added support for the new "fit-to-page" option (new, more intuitive name for "fitplot"). * debian/filters/pstopdf: Only apply paper size if the "fitplot" or the "fit-to-page" option is set. * debian/local/filters/cpdftocps: Only the last digit of the number of copies was used (LP: #309314). * debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Do not preceed the PDF output with a newline (LP: #303691). Only impose the page size from the PPD file to all pages if the "fitplot" or the "fit-to-page" option is set. This prevented from automatic paper tray switching to the correct paper sizes when a multiple-page-size document is printed (partial fix for LP: #310575). * debian/patches/pdftops-cups-1.4.dpatch: Updated from CUPS 1.4 SVN. Contains fixes for multiple-page-size document printing (partial fix for LP: #310575). * debian/patches/pdftops-dont_fail_on_cancel.dpatch: Removed, should be fixed in the new upstream version of pdftops. . [ Martin Pitt ] * debian/patches/pdftops-cups-1.4.dpatch: Add definition of HAVE_PDFTOPS and CUPS_PDFTOPS, so that the filter actually gets again built with pdftops support. (Fixes Till's change from above). . cups (1.3.9-12) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx, debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Do not reposition the pages when an automatic rotation did not actually take place and do not apply the page size and margins from the PPD file or the coomand line if no manipulations affecting the printout size are done (N-up, scaling, fitplot, ...). This caused LP: #310575. . * debian/cups.postinst: Let the PPD files of the existing print queues get automatically updated after each installation of this package (if they use PPDs of this package). . [ Marc Deslauriers ] * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (Closes: #506180, LP: #298241) - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c} - CVE-2008-5183 . [ Martin Pitt ] * pidfile.dpatch: Adapt to changes from MaxSubscriptions fix from above. . cups (1.3.9-11) experimental; urgency=low . * debian/local/filters/cpdftocps: Fixed the fix for the number of copies. In some cases it failed and pstops was called with 0 copies requested (LP: #309314, LP: #300312, LP: #286048). . cups (1.3.9-10) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.h, debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PDoc.h, debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PPage.h, debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.h, debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Fixed problem of Landscape-oriented PDF files being printed in the wrong orientation (LP: #47649, LP: #244840). . * debian/local/filters/cpdftocps: Made correct number of copies being printed on PostScript printers with hardware copy handling (LP: #286048). . [ Martin Pitt ] * debian/local/apparmor-profile: Allow cupsd to run Brother drivers. (LP: #237256) . cups (1.3.9-9) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PResources.cxx: Added processing of the rotate tag (LP: #300312). . [ Martin Pitt ] * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image reader (Closes: #507183, STR #2974, CVE-2008-5286) . cups (1.3.9-8) experimental; urgency=low . * debian/local/filters/pdf-filters/pdftopdf/P2POutputStream.cxx, debian/local/filters/pdf-filters/pdftopdf/P2POutputStream.h: Removed an endianess dependency from the pdftopdf filter, so that it also works on non-PC platforms like PowerPC (LP: #271350). This also fixes the filter on mipsel and makes the test suite, and thus the build, succeed again. (Closes: #500305) * debian/filters/pstopdf: Do not supply the margins from the PPD to the ps2pdf process, as this breaks full-bleed printing and is also disturbs the printing if PPDs have too conservative margin definitions (LP: #282186). . cups (1.3.9-7) experimental; urgency=low . * Previous upload had some cruft in the diff.gz which caused some changed defaults in cupsd.conf. Reupload with a clean diff.gz. *Brown paperbag* . cups (1.3.9-6) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/cpdftocps: The cpdftocps filter did case-sensitive checking for CUPS options to keep them away from the pstops filter. CUPS treats such options case-insensitive, so in some cases CUPS options got applied twice (LP: #299707). . [ Martin Pitt ] * debian/rules: Install the serial backend with 0744 permissions to make it run as root, since /dev/ttyS* are root:dialout and thus not accessible as user "lp". Thanks to Chanoch (Ken) Bloom. (part of #506181, LP: #154277) . cups (1.3.9-5) experimental; urgency=low . * hpgl-regression.dpatch: Replaced with version which got committed upstream. * Add runloop-backchannel-eof-spin.dpatch: Fix backend runloop spin on backchannel EOF (select() returns "ready for read" on EOF). This completely broke printing with e. g. HPJetDirect. Thanks to Samuel Thibault for tracking down the problem! (Closes: #489045) * debian/cups-bsd.postinst: Assume default printcap path (in /var/run/cups/) if not specified in cupsd.conf. This brings back the lost /etc/printcap for legacy applications. (Closes: #482186, LP: #282667) * debian/rules: Drop arm/armel -f-no-stack-protector workaround, since SSP works on these architectures now. (See #469517) * debian/cups-bsd.postinst: Robustify the cupsd.conf parsing for Printcap, as per suggestion from Jo Mills. * rootbackends-worldreadable.dpatch: Apply the same relaxed permission check to cups-deviced, so that backends installed as 0744 don't disappear from printer detecttion. (Closes: #503644, LP: #275407) . cups (1.3.9-4) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/conf/pdftoraster.convs, debian/local/filters/pdf-filters/filter/pdftoraster.cxx, debian/local/filters/pdf-filters/README, debian/local/filters/pdf-filters/addtocups, debian/local/filters/pdf-filters/removefromcups, debian/rules, debian/copyright: Removed Poppler-based pdftoraster filter. It will be replaced by a Ghostscript-based pdftoraster filter filter provided by the Ghostscript package, requested via Debian bug #505282 (fixes LP: #290395). . * debian/filters/pstopdf: Fixed debug output. . cups (1.3.9-3) experimental; urgency=low . [ Till Kamppeter ] * debian/filters/pstopdf: Fixed several bugs in the pstopdf filter. First, removed the use of CUPS' pstops filter for inserting option settings. This also inserts PJL headers and then Ghostscript cannot convert the PostScript to PDF in the next step. Fixed also the sed magic so that the paper size and the margins get really read from the PPD and fixed the calculation of the top and bottom margins, they were exchanged. Fixes LP: #289759, LP: #292690, LP: #282186. Possible fix for LP #293883. . [ Martin Pitt ] * debian/local/apparmor-profile: Allow dnssd backend to create various less common network protocols (x25, appletalk, etc.) for detection. Also allow it to read /proc/*/net/, which the bonjour avahi library apparently uses. (LP: #254022) . cups (1.3.9-2) experimental; urgency=low . * debian/local/filters/cpdftocps, debian/filters/pstopdf: Avoid duplicate execution of the number of copies. Sending a PostScript job to a non-PostScript printer produced n*n copies instead of n copies, also sending a non-PostScript job to a PostScript printer. A PostScript job sent to a PostScript printer could even produce n*n*n copies (LP: #286048). . cups (1.3.9-1) experimental; urgency=low . * New upstream security/bug fix release: - The HP-GL/2 filter did not range check pen numbers. [CVE-2008-3641] - The SGI image file reader did not range check 16-bit run lengths. [CVE-2008-3639] - The text filter did not range check cpi, lpi, or column values. [CVE-2008-3640] - Fix incompatibility with Firefox 3.0 when using SSL. - Update the French admin.tmpl, to have the missing "Find new printer" button and the "Subscriptions" section. Thanks to Yves-Alexis Perez! (Closes: #475270) - Lots of other bug fixes, see http://www.cups.org/articles.php?L575. * Drop patches accepted upstream: - cupsfilter-path-typo.dpatch - pjl-display-ready-message.dpatch - dont-chown-symlinked-ssl.dpatch * Add hpgl-regression.dpatch: Revert the SP_select_pen() enumeration change introduced in STR #2911, because it changes the color mapping (e. g. "SP1" would now select a white pen instead of a black one, and "SP0" would not be valid at all any more). Also fix a remaining off-by-one loop. (STR #2966) . cups (1.3.8-13) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.h, debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PDoc.h, debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.cxx, debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.h, debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: When N-up printing and selection of only the even or odd pages (for manual duplex) was used together the pages were selected the wrong way (number-up=2 page-set=even with an 8-page document gave 2+4, 6+8 and should give 3+4, 7+8). This is fixed now. The behavior of pdftopdf is now exactly the same as of pstops. . [ Martin Pitt ] * debian/local/apparmor-profile: Allow locking on /var/cache/cups/**. (Mentioned in LP #270046) . cups (1.3.8-12) experimental; urgency=low . [ Till Kamppeter ] * debian/filters/pstopdf, debian/local/filters/pdf-filters/filter/pdftoraster.cxx, debian/local/filters/pdf-filters/pdftopdf/*: Fixed paper size handling of pstopdf, pdftopdf, and pdftoraster which led SpliX to crash (LP: #261363, LP: #268510), fixed monochrome CUPS Raster output of pdftoraster which led to black pages being printed (LP: #269691). . cups (1.3.8-11) experimental; urgency=low . * debian/rules: Explicitly configure with --with-dbusdir. For some obscure reason, the automatic check fails on the buildds, causing the D-BUS configuratin not to be installed. Fixes FTBFS. (Closes: #498664) . cups (1.3.8-10) experimental; urgency=low . [ Martin Pitt ] * rootbackends-worldreadable.dpatch: Do not run backends as root if they are group or world writable (this is by and large a paranoia fix, though). * dont-chown-symlinked-ssl.dpatch: Replace patch with the upstream committed version, which is more general. * debian/control: Package development moved to bzr, update Vcs- tags. * cupsaccept.dpatch: Replaced with the more comprehensive solution upstream committed to 1.4 trunk. Removed debian/cups-client.links, since the links are now installed by upstream. Adapt manpage-translations.dpatch accordingly. * Move installation of D-BUS configuration files from debian/rules to debian/cups.install. * debian/libcups2-dev.install: Add missing sidechannel.h. . [ Johan Kiviniemi ] * debian/filters/pstopdf: Apply PPD settings (resolution, page size, page margins) to the conversion (LP: #263049). * debian/control: cups Depends: bc (for margin calculation). . cups (1.3.8-9) experimental; urgency=low . * Previous upload had some cruft in the diff.gz which caused some changed defaults in cupsd.conf. Reupload with a clean diff.gz. *Brown paperbag* . cups (1.3.8-8) experimental; urgency=low . * Remove debian/patches/dont_force_ssl.dpatch; gnome-cups-manager is ancient and removed from Debian, and newer GUIs like system-config-printer get along fine with the default setting. * Add quiesce-bonjour-warning.dpatch: Silence the "Apple Bonjour compatibility layer of Avahi" warning, since it can cause SIGPIPE crashes when being issued in a child process without stderr. (Closes: #497492) * confdirperms.dpatch, manpage-translations.dpatch: Revert note that Debian doesn't install lppasswd suid root, since we do. (Closes: #478280) * debian/control: Drop the "It can be safely removed from your system" from the old package names, since that is untrue until the transition is actually complete. (Closes: #489246) * debian/control: Bump Standards-Version (no actual changes necessary). * Remove classes_crash.dpatch, it has been fixed upstream a while ago. * cupsaccept.dpatch: Rewrite to be consistent with current upstream code, and send it upstream. * Drop quiesce_ipp_logging.dpatch: It was only necessary for the polling from gnome-cups-icon, but fortunately gnome-cups-manager has been removed now. * confdirperms.dpatch: Remove a few hunks which were only relevant for running cups as system user. Remove the SSL certificate bits as well, rewrite it to be upstream compatible, split it out to dont-chown-symlinked-ssl.dpatch, reported it upstream. * Remove device_uri.dpatch, does not seem to be necessary any more. * Add rootbackends-worldreadable.dpatch: Install root backends world-readable, to comply to Debian Policy and because it is both nonsensical to to not do so, and also breaks system checkers, bug reporting, etc. (Closes: #410171) . cups (1.3.8-7) experimental; urgency=low . * Previous upload had some cruft in the diff.gz which caused some changed defaults in cupsd.conf. Reupload with a clean diff.gz. . cups (1.3.8-6) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/filter/texttopdf.c, debian/local/filters/pdf-filters/filter/pdfutils.c, debian/local/filters/pdf-filters/filter/test_pdf2.c, debian/local/filters/pdf-filters/filter/fontembed/test_ps.c, debian/local/filters/pdf-filters/filter/fontembed/test_pdf.c, debian/local/filters/pdf-filters/filter/fontembed/sfnt.h, debian/local/filters/pdf-filters/filter/fontembed/main.c, debian/local/filters/pdf-filters/filter/fontembed/iofn.h, debian/local/filters/pdf-filters/filter/fontembed/fontfile.h, debian/local/filters/pdf-filters/filter/fontembed/fontfile.c, debian/local/filters/pdf-filters/filter/fontembed/embed.h, debian/local/filters/pdf-filters/filter/fontembed/embed.c, debian/local/filters/pdf-filters/filter/fontembed/Makefile, debian/local/filters/pdf-filters/addtocups: Fixed crashes of texttopdf on bad or missing fonts, make texttopdf also working without configuration of the fonts (at least for ASCII). * debian/local/filters/pdf-filters/filter/pdftoijs.cxx, debian/local/filters/pdf-filters/conf/HP-PhotoSmart_Pro_B8300-hpijs-pdftoijs.ppd debian/local/filters/pdf-filters/addtocups, debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4, debian/local/filters/pdf-filters/removefromcups, debian/local/filters/pdf-filters/README, debian/control, debian/rules: Added pdftoijs filter. . [ Johan Kiviniemi ] * debian/filters/pstopdf: - Adobe Reader generates DRM-infested PostScript from encrypted PDF files. This PostScript contains code which stops Ghostscript with an error when one tries to convert it to (now unencrypted) PDF. Change the filter to normalize such PostScript using ps2ps before conversion. . [ Martin Pitt ] * Add alternative dependency "gsfonts-x11" for ttf-freefonts. (Closes: #495598) * debian/patches/: Update the status of patches, add some upstream references, update status in 00list. * Drop obsolete include_krb5_h_in_job_h.dpatch, package builds fine in current unstable. * debian/rules: Enable PIE and other compiler flags security enhancements with DEB_BUILD_HARDENING=1. Add hardening-wrapper build dependency. Thanks to Kees Cook! * Add debian/local/cups.ufw.profile: "ufw" firewall profile. Install it for Ubuntu builds only for now, until ufw enters Debian as well. Thanks to Didier Roche and Jamie Strandboge! (https://launchpad.net/bugs/261903) . cups (1.3.8-5) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/filter/texttopdf.c: Added bug fix from upstream so that texttopdf does not segfault on missing or bad fonts any more. Backed out Johan Kiviniemi's patch of replacing Courier by FreeMono. * Remove hardcoded -march=pentium from texttopdf Makefile. (Closes: #495220) . * debian/local/filters/pdf-filters/conf/imagetopdf.convs: Reduced cost factor to prefer this filter instead of imagetops. . [ Johan Kiviniemi ] * debian/local/filters/cpdftocps, debian/local/cpdftocps.convs, debian/cups.install, debian/rules: - Add an application/vnd.cups-pdf → application/vnd.cups-postscript filter, thus making the PDF filter chain possible for PostScript printers. - The filter’s cost is 22, making the total cost of pstopdf → pdftopdf → cpdftocps 66 after the following change. * debian/local/filters/pdf-filters/conf/pdftopdf.convs, debian/local/pstopdf.convs, debian/rules: - Change filter costs to prefer the PDF chain over pstops. • pdftopdf: 22 instead of 66. • pstopdf: 22 instead of 100. • pstops: 100 instead of 66. * Add pjl-display-ready-message.dpatch: - According to the PJL spec, one should use "" (not "READY") to return the display to the normal ready message. . cups (1.3.8-4) experimental; urgency=low . [ Till Kamppeter ] * debian/control, debian/rules, debian/local/filters/pdf-filters/filter/pdfutils.h, debian/local/filters/pdf-filters/filter/texttopdf.c, debian/local/filters/pdf-filters/filter/fontembed, debian/local/filters/pdf-filters/filter/test.sh, debian/local/filters/pdf-filters/filter/test_pdf1.c, debian/local/filters/pdf-filters/filter/test_pdf2.c, debian/local/filters/pdf-filters/filter/pdfutils.c, debian/local/filters/pdf-filters/conf/texttopdf.convs, debian/local/filters/pdf-filters/AUTHORS, debian/local/filters/pdf-filters/addtocups, debian/local/filters/pdf-filters/data, debian/local/filters/pdf-filters/data/pdf.utf-8.simple, debian/local/filters/pdf-filters/data/pdf.utf-8.heavy, debian/local/filters/pdf-filters/removefromcups, debian/local/filters/pdf-filters/README: Added texttopdf filter. Added "Depends: ttf-freefont" for the cups package, as the texttopdf filter needs these fonts. . [ Johan Kiviniemi ] * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c, which caused filters not to have /bin in their PATH. * debian/filters/pstopdf: - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via cupsfilter) made all other users (including cups itself) unable to run the filter because of no permission to open the logfile. - Put unquoted variables into quotes where appropriate. - Never create an outfile in the same directory as the given infile; the process might not have write access there. - set -e. * debian/local/filters/pdf-filters/filter/texttopdf.c: - Use FreeMono instead of Courier, since texttopdf requires a TrueType font. . [ Martin Pitt ] * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168) . cups (1.3.8-3) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/addtocups, debian/local/filters/pdf-filters/removefromcups, debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4, pdftopdf/Makefile: Avoid that all executables and libraries of CUPS get linked against libpoppler. This especially leads to all packages dependent on CUPS needing libpoppler, even for building. . cups (1.3.8-2) experimental; urgency=low . [ Till Kamppeter ] * debian/local/filters/pdf-filters/, debian/local/pstopdf.convs, debian/rules, debian/control, debian/copyright, debian/cups.install: Introduced the first bunch of infrastructure for using PDF as standard print job format. Added CUPS filters imagetopdf, pstopdf, pdftopdf, pdftoraster, added build dependency on libpoppler-dev, as the new filters are Poppler-based. texttopdf and pdftoijs will be added soon. All this is temporary, as the filters are planned to be added to the upstream package of CUPS (CUPS STR #2897, #1595). * debian/patches/search_mime_files_in_usr_share.dpatch: Replaced by the changes which were done for this purpose in CUPS 1.4. In addition to the introduction of /usr/share/cups/mime for installing file detection and conversion rules as non-conffiles it also changes the reading order to all *.types files and the all *.convs files (instead of all in /usr/share/cups/mime and then all in /etc/cups). This way /usr/share/cups/mime can contain conversion rules based on file types defined by files in /etc/cups (CUPS STR #2719, CUPS SVN revs #7670 and #7694). . [ Martin Pitt ] * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1 changelog. Checksums-Sha1: 0319495cd132fe12e86d74c5781e187b34dcf071 1996 cups_1.3.9-13.dsc 953a431a21ecd7c03b193c0fd4077321658f9148 325634 cups_1.3.9-13.diff.gz 6a7235a0596c0d6d7552174bcf06b34d3bb8b0b2 1182128 cups-common_1.3.9-13_all.deb c30737c403f9c89a02743aeb38b7e9571755f7f6 58624 cupsys_1.3.9-13_all.deb 075f576f3b385afeaa214f32e9ced609542b72d3 58642 cupsys-client_1.3.9-13_all.deb 9ac8952b35af2a4e0f4260de9dc4531d338e45e5 58642 cupsys-common_1.3.9-13_all.deb d6d889197be9777b8f9684072ad6f011082d9779 58636 cupsys-bsd_1.3.9-13_all.deb 328f2afea188555fe0d55536b358b953352214ad 58634 cupsys-dbg_1.3.9-13_all.deb 160d56fc07176fdb01c62b3ac5ecc16dce9b3bad 58640 libcupsys2_1.3.9-13_all.deb 1cd6b879b0633a3be1ed59661462e97aa596a449 58652 libcupsys2-dev_1.3.9-13_all.deb fa822622d7816ed8d747373101a2ddcd242f8aa3 172006 libcups2_1.3.9-13_i386.deb 41542db24de32a880812133f7808a4f83979e5df 105936 libcupsimage2_1.3.9-13_i386.deb b53738515668a38b82dfdbc845d953ecd0672df3 2208500 cups_1.3.9-13_i386.deb 64cb349017466890532a8663aacc768570cf571e 115762 cups-client_1.3.9-13_i386.deb a00eb58c041fc0c4050892e4067dd0d221688ed0 402126 libcups2-dev_1.3.9-13_i386.deb a673568c44443297b4ace8ed52dabd7a6a44241d 60590 libcupsimage2-dev_1.3.9-13_i386.deb 96dc8bbbb183b39d9e0bb19cf6277cccf408c2a2 36580 cups-bsd_1.3.9-13_i386.deb f8c01c21634db3ef630396d806d0884425c1dddd 1516760 cups-dbg_1.3.9-13_i386.deb Checksums-Sha256: e11693fd72b2bd0b1618e0dd6b9a4c8eeaf73d297e1f41eb1655f8e22bd5bf84 1996 cups_1.3.9-13.dsc 7bb7f0f03a1692c9833d1c121ee200419988e25d094e042760b19077c7b3cb21 325634 cups_1.3.9-13.diff.gz 62785554b9fa57ae5743dc06e2e2fe27fd77da5e6a52e3cd6c801275a97b82d4 1182128 cups-common_1.3.9-13_all.deb c9043bbfa244aaaa2bfc00c3166282f96c4c370a924cb2e3cd5ebe9bc59f5ed5 58624 cupsys_1.3.9-13_all.deb e0f636fcb1d314da44f397b93ac5e2670ea6bc0b121d3e7711e5fa0c196e1418 58642 cupsys-client_1.3.9-13_all.deb 83594fe19540973487baee3fd5b8a5ce56fc9d4b2890c5689ebf3ea840d1ed6f 58642 cupsys-common_1.3.9-13_all.deb 97c163af19fa8d0ff5e6c89f1dac2fe55d2c16dc9e6a4dcee3795f5e098c7a2b 58636 cupsys-bsd_1.3.9-13_all.deb b9f12ea4fad4432b4b3c009d9b51502a7e5cc6d30e6d3b0b5078e29940a47e32 58634 cupsys-dbg_1.3.9-13_all.deb 523af3d2e25916e00481bbb32fddf2fe9d47e748909061fd0efb6cb82975a4d0 58640 libcupsys2_1.3.9-13_all.deb 658349a69ff101edbebc889bf468d505008b03a4a80b124fba387e03d63d3f00 58652 libcupsys2-dev_1.3.9-13_all.deb 9c00620563c3942d511c9854fe82e7fd603cbabbda720288f4c21e3ecf50b698 172006 libcups2_1.3.9-13_i386.deb 21ff45af0f9c4cc56446fce0e928f003c2480044de37376f11ef63b73c7fcd24 105936 libcupsimage2_1.3.9-13_i386.deb 3c31b03ec09485e8be74ba33f36e5a14082134935eefdafce34a1e326b5a499b 2208500 cups_1.3.9-13_i386.deb 663f83001981db712b6778dd0f149383f5ca23ebee7fcb8d2ea07da0ff8362d0 115762 cups-client_1.3.9-13_i386.deb 6fe64ada8adb500cb194a668f5d438ddb8a639efb5f5912b83348c941f9b9829 402126 libcups2-dev_1.3.9-13_i386.deb 08a79e5e09a953be3929d8f24597b63a1f6c10ced511fbd11a3eec474bb0b0a7 60590 libcupsimage2-dev_1.3.9-13_i386.deb 5752fd45ba231b426c792b467d96834ccdd4f1550712cf09528536771fd49523 36580 cups-bsd_1.3.9-13_i386.deb 05f5e329ed05af141184547b0963670bb89f164af72c0aaaefc61826a7e87ba5 1516760 cups-dbg_1.3.9-13_i386.deb Files: 7f27e8d31dbb1309612c53f3a91ecca1 1996 net optional cups_1.3.9-13.dsc d6d0b05691ea45993f75fe1df223b961 325634 net optional cups_1.3.9-13.diff.gz 44cf1d2e64a1978d5d88e021a7e8eb20 1182128 net optional cups-common_1.3.9-13_all.deb de2ee82029c68d84aedf845d779daaeb 58624 oldlibs extra cupsys_1.3.9-13_all.deb 9b90e2d3839d2ff219e5ce9c93b803fd 58642 oldlibs extra cupsys-client_1.3.9-13_all.deb b4778459c6ce2e2b2a78962b3d606208 58642 oldlibs extra cupsys-common_1.3.9-13_all.deb f5b244a4e782b5ba08a3c418f22f472f 58636 oldlibs extra cupsys-bsd_1.3.9-13_all.deb 06514fee9219b505d6db44cf0c19b4e2 58634 oldlibs extra cupsys-dbg_1.3.9-13_all.deb c69c780f0e903c881d7d641f7b165a11 58640 oldlibs extra libcupsys2_1.3.9-13_all.deb 110470a27be60355fd10f287250db1ee 58652 oldlibs extra libcupsys2-dev_1.3.9-13_all.deb 0ebc59f82a9b59ad022df4d7ddb10e42 172006 libs optional libcups2_1.3.9-13_i386.deb 77a2f7d7b824874eb891f8ca256d5c6c 105936 libs optional libcupsimage2_1.3.9-13_i386.deb 0cf57dbe0045236774323a4d22193dc8 2208500 net optional cups_1.3.9-13_i386.deb 2c49880578bcb46a46a76f822c6da6c7 115762 net optional cups-client_1.3.9-13_i386.deb 6276459e132209d7d1872e8c3664a34a 402126 libdevel optional libcups2-dev_1.3.9-13_i386.deb 5803dd688b424d6b9d9688966ca81e48 60590 libdevel optional libcupsimage2-dev_1.3.9-13_i386.deb c9d4b7e9f74059a60d581947f3a9a0b4 36580 net extra cups-bsd_1.3.9-13_i386.deb 46a44d49a43791c79898191c265a8495 1516760 libdevel extra cups-dbg_1.3.9-13_i386.deb Original-Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmYVRUACgkQDecnbV4Fd/I1RACgwZh93b38cDplbrqM0El9A1j5 uR0AoP2Df0cauUquAx1nI/BZQ2m2Fd9j =cssV -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 18 Sep 2009 07:47:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.