Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-commit (564 mails)

< Previous Next >
commit cups for openSUSE:Factory
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Tue, 22 Jun 2010 10:30:08 +0200
  • Message-id: <20100622083008.58B3020244@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package cups for openSUSE:Factory
checked in at Tue Jun 22 10:30:08 CEST 2010.



--------
--- cups/cups.changes 2010-06-14 14:49:43.000000000 +0200
+++ /mounts/work_src_done/STABLE/cups/cups.changes 2010-06-18
09:49:43.000000000 +0200
@@ -1,0 +2,26 @@
+Fri Jun 18 09:11:02 CEST 2010 - jsmeix@xxxxxxx
+
+- Upgraded to CUPS 1.4.4
+ CUPS 1.4.4 fixes several security, scheduler, printing,
+ and conformance issues, in particular:
+ * The web interface now includes additional CSRF protection
+ (CVE-2010-0540, STR #3498, STR #3593, and
+ Novell/Suse Bugzilla bnc#601830)
+ * The texttops filter did not check the results of allocations
+ (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)
+ * The web admin interface could disclose the contents of memory
+ (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)
+ * The fix for CVE-2009-3553 (STR #3200) was incomplete
+ for systems that use kqueue or epoll (STR #3490)
+ * CUPS could overwrite files as root in directories owned or
+ writable by non-root users (STR #3510)
+ * The OpenSSL interfaces have been made thread-safe and
+ the GNU TLS interface is explicitly forbidden
+ when threading is enabled (STR #3461)
+ * The scheduler could crash on restart if classes
+ were defined (STR #3524)
+ * The socket backend no longer waits for back-channel data
+ on platforms other than Mac OS X (STR #3495)
+ * For a complete list see the CHANGES.txt file.
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


Old:
----
cups-1.4.3-source.tar.bz2

New:
----
cups-1.4.4-source.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cups.spec ++++++
--- /var/tmp/diff_new_pack.WTce9e/_old 2010-06-22 10:29:24.000000000 +0200
+++ /var/tmp/diff_new_pack.WTce9e/_new 2010-06-22 10:29:24.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package cups (Version 1.4.3)
+# spec file for package cups (Version 1.4.4)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -29,8 +29,8 @@
License: GPLv2+ ; LGPLv2.1+
Group: Hardware/Printing
Summary: The Common UNIX Printing System
-Version: 1.4.3
-Release: 6
+Version: 1.4.4
+Release: 1
# Require the exact matching version-release of the cups-libs sub-package
because
# non-matching CUPS libraries may let CUPS software crash (e.g. segfault)
# because all CUPS software is built from the one same CUPS source tar ball
@@ -52,8 +52,8 @@
Obsoletes: cups-SUSE-ppds-dat
Provides: cups-SUSE-ppds-dat
# Source0...Source9 is for sources from upstream:
-# URL for Source0:
http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2
-# MD5 sum for Source0 on http://www.cups.org/software.php is
e70b1c3f60143d7310c1d74c111a21ab
+# URL for Source0:
http://ftp.easysw.com/pub/cups/1.4.4/cups-1.4.4-source.tar.bz2
+# MD5 sum for Source0 on http://www.cups.org/software.php
8776403ad60fea9e85eab9c04d88560d
Source0: cups-%{version}-source.tar.bz2
# Patch0...Patch9 is for patches from upstream:
# Source10...Source99 is for sources from Novell/openSUSE which are intended
for upstream:



++++++ cups-1.4.3-source.tar.bz2 -> cups-1.4.4-source.tar.bz2 ++++++
++++ 19326 lines of diff (skipped)



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread