commit cups for openSUSE:Factory
Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at Wed Mar 31 19:57:29 CEST 2010. -------- --- cups/cups.changes 2010-03-16 12:49:40.000000000 +0100 +++ /mounts/work_src_done/STABLE/cups/cups.changes 2010-03-31 13:28:43.000000000 +0200 @@ -1,0 +2,18 @@ +Wed Mar 31 12:52:02 CEST 2010 - jsmeix@suse.de + +- Upgraded to CUPS 1.4.3: + * The scheduler could try responding on a closed client + connection, leading to a crash + (CVE-2009-3553, STR #3200, and bnc#554861). + * The lppasswd program allowed the localization files + to be overridden when running in setuid mode + (CVE-2010-0393, STR #3482, and bnc#574336). + * The scheduler would crash when an active printer was deleted. + * The DBUS notifier did not build (STR #3447). + * The scheduler did not reset the SIGPIPE handler + of child processes (STR #3399). + * For a complete list see the CHANGES.txt file. +- cups-1.3.9-CVE-2009-3553.patch has become + obsolete because it is fixed in the source. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- cups-1.4.2-source.tar.bz2 New: ---- cups-1.4.3-source.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.RBRX3W/_old 2010-03-31 19:56:20.000000000 +0200 +++ /var/tmp/diff_new_pack.RBRX3W/_new 2010-03-31 19:56:20.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package cups (Version 1.4.2) +# spec file for package cups (Version 1.4.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,7 +29,7 @@ License: GPLv2+ Group: Hardware/Printing Summary: The Common UNIX Printing System -Version: 1.4.2 +Version: 1.4.3 Release: 1 # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) @@ -51,8 +51,8 @@ Conflicts: plp lprold lprng Obsoletes: cups-SUSE-ppds-dat # Source0...Source9 is for sources from upstream: -# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.2/cups-1.4.2-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php is d95e2d588e3d36e563027a963b117b1b +# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2 +# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab Source0: cups-%{version}-source.tar.bz2 # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: @@ -60,7 +60,6 @@ # Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: Patch10: cups-1.2rc1-template.patch # Source100...Source999 is for private sources from Novell/openSUSE which are not intended for upstream: -Source100: cups-krb5-config Source101: cups.init Source102: postscript.ppd.bz2 Source103: cups.sysconfig @@ -200,8 +199,6 @@ %patch103 # Patch104 adds the 'allowallforanybody' policy to cupsd.conf: %patch104 -# Install our special krb5-config (Source100: cups-krb5-config): -install -m755 %{SOURCE100} krb5-config %build %{?suse_update_config:%{suse_update_config -f . }} @@ -211,7 +208,7 @@ export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fno-strict-aliasing -fstack-protector" export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fstack-protector -DLDAP_DEPRECATED" export CXX=g++ -KRB5CONFIG=${PWD}/krb5-config ./configure \ +./configure \ --mandir=%{_mandir} \ --sysconfdir=%{_sysconfdir} \ --libdir=%{_libdir} \ @@ -244,28 +241,32 @@ install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.cups perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT/etc/init.d/cups ln -sf ../../etc/init.d/cups $RPM_BUILD_ROOT/usr/sbin/rccups -# use Ghostscript fonts instead of CUPS fonts: +# Use Ghostscript fonts instead of CUPS fonts: rm -r $RPM_BUILD_ROOT/usr/share/cups/fonts mkdir -p $RPM_BUILD_ROOT/usr/share/ghostscript/fonts ln -sf /usr/share/ghostscript/fonts $RPM_BUILD_ROOT/usr/share/cups/ -# make directory for ssl files: +# Make directory for ssl files: mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cups/ssl -# add old client.conf as reference (Source108: cups-client.conf): +# Add a client.conf as template (Source108: cups-client.conf): install -m644 %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/cups/client.conf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d install -m 644 -D packaging/cups-dbus.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/cups.conf # Source104: cups.xinetd install -m 644 -D %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd +# Make the libraries accessible also via generic named links: ln -sf libcupsimage.so.2 $RPM_BUILD_ROOT%{_libdir}/libcupsimage.so ln -sf libcups.so.2 $RPM_BUILD_ROOT%{_libdir}/libcups.so +# Add missing usual directories: install -d -m755 $RPM_BUILD_ROOT/usr/share/cups/drivers install -d -m755 $RPM_BUILD_ROOT/var/cache/cups install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name} install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/images +# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff): install -m 644 -D conf/pam.suse $RPM_BUILD_ROOT/etc/pam.d/cups -for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt; do - install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ +# Add missing usual documentation: +for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt +do install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ done # Source102: postscript.ppd.bz2 bzip2 -cd < %{SOURCE102} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript.ppd @@ -274,7 +275,7 @@ # Source106: PSLEVEL2.PPD.bz2 bzip2 -cd < %{SOURCE106} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-level2.ppd find %{buildroot}/usr/share/cups/model -name "*.ppd" | while read FILE -do # change default paper size from Letter to A4 if possible +do # Change default paper size from Letter to A4 if possible # https://bugzilla.novell.com/show_bug.cgi?id=suse30662 # and delete trailing whitespace: perl -pi -e 's:^(\*Default.*)Letter\s*$:$1A4\n:; \ @@ -283,19 +284,19 @@ s:\s\n:\n:' "$FILE" gzip -9 "$FILE" done -# add files for menu: +# Add files for desktop menu: rm -f $RPM_BUILD_ROOT/usr/share/applications/cups.desktop %suse_update_desktop_file -i -r %name PrintingUtility 2>/dev/null mkdir $RPM_BUILD_ROOT/usr/share/pixmaps install -m 644 $RPM_BUILD_ROOT/usr/share/icons/hicolor/64x64/apps/cups.png $RPM_BUILD_ROOT/usr/share/pixmaps rm -rf $RPM_BUILD_ROOT/usr/share/icons -# remove unpackaged files: +# Remove unpackaged files: rm -rf $RPM_BUILD_ROOT/%{_mandir}/es/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/fr/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/cat? -# remove unknown locale directory: +# Remove unknown locale directory: rm -rf $RPM_BUILD_ROOT/usr/share/locale/no -# run fdupes: +# Run fdupes: %fdupes $RPM_BUILD_ROOT %clean @@ -303,20 +304,50 @@ %pre /usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || : - -%post libs -p /sbin/ldconfig +# exit successfully in any case: +exit 0 %post %{fillup_and_insserv -ny cups cups} +# exit successfully in any case: +exit 0 %preun %stop_on_removal cups +# exit successfully in any case: +exit 0 %postun %restart_on_update cups %{insserv_cleanup} +# exit successfully in any case: +exit 0 -%postun libs -p /sbin/ldconfig +%post libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 + +%postun libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 + +# The files sections list all mandatory files explicitely one by one. +# In particular all executables are listed explicitely. +# This avoids that CUPS' configure magic might silently +# not build and install an executable when whatever condition +# for configure's automated tests is not fulfilled in the build system. +# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 +# (In CUPS 1.3.10 a configure magic did silently skip to build +# the pdftops filter when there was no /usr/bin/pdftops +# installed in the build system regardless of an explicite +# configure setting ' --with-pdftops=/usr/bin/pdftops', +# see also http://www.cups.org/str.php?L3278). +# When all mandatory files are explicitely listed. +# the build fails intentionally if a mandatory file was not built +# which ensures that already existing correctly built binary RPMs +# are not overwritten by broken RPMs where mandatory files are missing. %files %defattr(-,root,root) @@ -382,6 +413,7 @@ /usr/lib/cups/monitor/bcp /usr/lib/cups/monitor/tbcp %dir /usr/lib/cups/notifier +/usr/lib/cups/notifier/dbus /usr/lib/cups/notifier/mailto /usr/lib/cups/notifier/rss %dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers @@ -413,13 +445,22 @@ %{_datadir}/cups/ %exclude %{_datadir}/cups/ppdc/ +# Set explicite owner, group, and permissions for lppasswd +# to enforce to have the upstream owner, group, and permissions in the RPM +# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755 +# according to /etc/permissions.secure in the build system, +# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12 +# and subsequent comments up to comment #17 therein. +# Even if /etc/permissions.secure in the openSUSE:Factory build system might be +# already fixed, it must also work for build systems for released products. + %files client %defattr(-,root,root) %{_bindir}/cancel %{_bindir}/cupstestdsc %{_bindir}/lp %{_bindir}/lpoptions -%attr(2755,lp,lp) %{_bindir}/lppasswd +%attr(0555,root,root) %{_bindir}/lppasswd %{_bindir}/lpq %{_bindir}/lpr %{_bindir}/lprm ++++++ cups-1.4.2-source.tar.bz2 -> cups-1.4.3-source.tar.bz2 ++++++ ++++ 18180 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de