Ubuntu
cups package

lp://staging/ubuntu/karmic-updates/cups

  1. Karmic (9.10)
  2. karmic-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/karmic-updates/cups
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

20. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  invalid free
  - debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
    tags in cups/ipp.{c,h}.
  - CVE-2010-2941

19. By Marc Deslauriers

* SECURITY UPDATE: cross-site request forgery in admin interface
  - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
    to cgi-bin/cgi.h, cgi-bin/libcupscgi.exp, cgi-bin/template.c,
    cgi-bin/var.c, templates/*.tmpl.
  - CVE-2010-0540
* SECURITY UPDATE: denial of service or arbitrary code execution in
  texttops image filter
  - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
    filter/texttops.c.
  - CVE-2010-0542
* SECURITY UPDATE: web interface memory disclosure
  - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
  - CVE-2010-1748
* SECURITY UPDATE: file overwrite vulnerability
  - debian/patches/security-str3510.dpatch: introduce cups_open() in
    cups/file.c and use to make sure hard-linked or symlinked files don't
    get overwritten as root.
  - No CVE number
* debian/libcupscgi1.symbols: Add new symbols

18. By Marc Deslauriers

* SECURITY UPDATE: denial of service via use-after-free
  - debian/patches/CVE-2009-3553.dpatch: check fdptr->use and
    cupsd_inactive_fds in scheduler/select.c.
  - CVE-2009-3553
  - CVE-2010-0302
* SECURITY UPDATE: privilege escalation via lppasswd tool
  - debian/patches/CVE-2010-0393.dpatch: don't allow environment
    variables to override directories in cups/globals.c and
    systemv/lppasswd.c.
  - CVE-2010-0393

17. By Marc Deslauriers

* SECURITY UPDATE: XSS and CRLF injection in headers
  - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
    cgi-bin/{var.c,cgi.h,libcupscgi.exp}. Clear out variables in
    cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
    clear out variables in cgi-bin/admin.c. Filter more characters in
    cgi-bin/template.c.
  - debian/libcupscgi1.symbols: add new symbol from security patch
  - CVE-2009-2820

16. By Martin Pitt

debian/rules: Do not have a failing test suite break the build. This is a
temporary workaround for broken Ubuntu buildd chroots which cannot resolve
their own hostname (see LP #447919).

15. By Till Kamppeter

* debian/patches/usb-backend-both-usblp-and-libusb.dpatch: Fixed a bug
  of modifying the URI of the current print queue when comparing it with
  discovered URIs. Made the USB backend also compatible with URIS generated
  by old versions of CUPS, without serial number or with "serial=?"
  (LP: #450513).
* debian/cups.init.d: Make cold-plugging of USB printers also correctly
  work if the usblp kernel module is loaded.

14. By Martin Pitt

[ Till Kamppeter ]
* debian/patches/do-not-broadcast-with-hostnames.dpatch: Do not use host
  names for broadcasting print queues and managing print queues broadcasted
  from other servers by default. Many networks do not have valid host names
  for all machines (LP: #449586).
* debian/cups.postinst: Clear cache for upgrade to CUPS 1.4.x (LP: #420490).
* usb-backend-both-usblp-and-libusb.dpatch: Removed some lines which were
  temporarily inserted for debugging.

[ Martin Pitt ]
* usb-backend-both-usblp-and-libusb.dpatch: Add upstream link.
* Drop: disable-pie-mipsen.dpatch: Didn't help to fix the mipsen segfault.
* debian/cups.postinst: Simplify structure and avoid calling invoke-rc.d in
  Till's change above.
* Add ppdc-dynamic-linking.dpatch: Dynamically link ppdc, to work around
  segfault on mipsen. Thanks to Sune Vuorela! (Closes: #548246)

[ Tormod Volden ]
* debian/cups.init.d: honour blacklist when loading ppdev and lp kernel
  modules (LP: #424795)

13. By Martin Pitt

[ Till Kamppeter ]
* debian/patches/usb-backend-both-usblp-and-libusb.dpatch: Make the USB
  backend supporting both printer access via libusb and via the usblp kernel
  module. Make it also printing via libusb if the URI for the queue was
  generated via usblp and vice versa. This should solve most USB printing
  problems which occured on the transition to CUPS 1.4.x (LP: #420015,
  LP: #436495; Closes: #546558, #545288, #545453).

[ Martin Pitt ]
* debian/rules: Make the USB backend run as root again, udev rules do not
  cover all printers. (LP: #420015)
* Drop debian/blacklist-cups.conf, and remove it on upgrade. With Till's fix
  from above this is not necessary any more.

12. By Martin Pitt

[ Till Kamppeter ]
* debian/local/filters/textonly: Adding a final form feed to the job (via
  PPD option) did not work (LP: #396673).
* debian/local/filters/pdf-filters/filter/imagetopdf.c: imagetopdf proceeded
  the PDF output with a blank line. This made some filters misbehave.
* debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.dpatch:
  Make CUPS read the number of copies out of Windows print jobs reliably by
  also considering lines like "%%BeginNonPPDFeature: NumCopies 2". Thanks
  to Dan Sheridan from Adelard (djs at adelard dot com) for this improvement
  of the patch.

[ Stéphane Graber ]
* Add printer-filtering.dpatch: Add support for printer filtering.
  With this patch, when the PRINTER_LIST environment variable is defined
  only the printers (comma separated) in it will be displayed.

[ Martin Pitt ]
* New upstream bug fix release. See http://www.cups.org/articles.php?L586
  for details.
* Drop pdftops-testsuite.dpatch (fixed upstream).
* poppler-based-pdftops-fixes.dpatch, search_mime_files_in_usr_share.dpatch:
  Update to new upstream version.

11. By Martin Pitt

[ Till Kamppeter ]
* debian/local/filters/pdf-filters/pdftopdf/P2PFont.cxx: Make the pdftopdf
  filter also building with Poppler 0.11.0.
* debian/filters/pstopdf: Make pstopdf also reading default values from the
  PPD if there is no space between the colon and the value. Some programs
  seem to remove this space when setting the defaults. Fixes problem of
  Shaun Crampton in LP: #357732.

[ Martin Pitt ]
* debian/control: Lift cups-driver-gutenprint from Suggests to Recommends,
  it's needed by many printers and not very large. (Closes: #522428)
* debian/control: Drop cups-bsd's Recommends: cups to a Suggests:. Client
  packages shouldn't pull in the server by default. (Closes: #529630)
* debian/libcups2.dirs: Drop, obsolete.
* debian/cups.dirs: Remove most directories, not necessary to explicitly
  create them.

[ Martin-Éric Racine]
* Cleaned Lintian errors:
  (source)
  E: debian-rules-ignores-make-clean-error
  W: debhelper-but-no-misc-depends
  W: dbg-package-missing-depends
  (cups)
  E: dir-or-file-in-var-run
  (cups-common)
  W: symlink-should-be-relative
* Added Lintian overrides:
  (cups)
  W: non-standard-executable-perm
     usr/lib/cups/backend-available/[ipp|lpd|serial] 0744 != 0755

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/lucid/cups
This branch contains Public information 
Everyone can see this information.

Subscribers