Changelog for cups-libs-32bit-1.4.6-2.4.x86_64.rpm :
Thu Feb 10 13:00:00 2011
- Cleaned up the RPM Requires:
Removed the needless \"Suggests: poppler-tools\" because there
is \"Requires: /usr/bin/pdftops\" which should be sufficient.
Replaced the RPM Requires for foomatic-filters by Recommends
because foomatic-rip is only needed by CUPS in a few cases
and printer driver packages which need foomatic-rip require
foomatic-filters on their own.

Fri Jan 14 13:00:00 2011
- Upgraded to CUPS 1.4.6
CUPS 1.4.6 fixes in particular a regression:

* A change was made in CUPS 1.4.5\'s pstops filter
that it did not support landscape printing
of PostScript files (STR #3722)

* For a complete list see the CHANGES.txt file.

Thu Dec 9 13:00:00 2010
- Fixing coolo\'s quick and ditry unconditioned
\"PreReq: sysvinit(syslog)\" stuff from below because build fails
everywhere except openSUSE:Factory (i.e. openSUSE 11.4)
because sysvinit(syslog) is nowhere else provided.
Now the PreReq is only if suse_version > 1130.

Tue Dec 7 13:00:00 2010
- prereq init script syslog

Fri Nov 12 13:00:00 2010
- Upgraded to CUPS 1.4.5
CUPS 1.4.5 fixes several scheduler and printing bugs
as well as a reported security bug, in particular:

* Fixed a IPP parsing memory corruption bug
(CVE-2010-2941, STR #3648, Novell/Suse Bugzilla bnc#649256)

* Fixed a PPD loader bug that could crash the cupsd (STR #3680)

* The scheduler restarts jobs while shutting down (STR #3679)

* Did not initialize Kerberos in all cases (STR #3662)

* The socket backend could go into an infinite loop
with certain printers (STR #3622)

* Moving a job via the web interface failed without
asking for authentication (STR #3559)

* The web interface did not allow a user to change
the driver (STR #3537, STR #3601)

* For a complete list see the CHANGES.txt file.

Thu Jul 15 14:00:00 2010
- Fixed /etc/init.d/cups (cups.init source file) so that stopping
the cupsd waits up to 10 seconds until the cupsd had actually
finished (if not SIGKILL would be sent to it) to make sure
that \"rccups restart\" and \"rccups stop ; rccups start\" work
correctly (see Novell/Suse Bugzilla bnc#622058).

Fri Jun 25 14:00:00 2010
- cups-1.4.4-str3461-1.4.reverted.patch reverts changes
by CUPS STR #3461 as band-aid workaround for now to avoid
that applications crash when they try to print
(STR #3461, STR #3605, and Novell/Suse Bugzilla bnc#617026).

Fri Jun 18 14:00:00 2010
- Upgraded to CUPS 1.4.4
CUPS 1.4.4 fixes several security, scheduler, printing,
and conformance issues, in particular:

* The web interface now includes additional CSRF protection
(CVE-2010-0540, STR #3498, STR #3593, and
Novell/Suse Bugzilla bnc#601830)

* The texttops filter did not check the results of allocations
(CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)

* The web admin interface could disclose the contents of memory
(CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)

* The fix for CVE-2009-3553 (STR #3200) was incomplete
for systems that use kqueue or epoll (STR #3490)

* CUPS could overwrite files as root in directories owned or
writable by non-root users (STR #3510)

* The OpenSSL interfaces have been made thread-safe and
the GNU TLS interface is explicitly forbidden
when threading is enabled (STR #3461)

* The scheduler could crash on restart if classes
were defined (STR #3524)

* The socket backend no longer waits for back-channel data
on platforms other than Mac OS X (STR #3495)

* For a complete list see the CHANGES.txt file.

Mon Jun 14 14:00:00 2010
- Update cups-1.3.9-desktop_file.patch: add the Settings category
(required since we use HardwareSettigns) and add NotShowIn=GNOME:
in GNOME, the configuration tool we want to use is

Wed Jun 2 14:00:00 2010
- Explicitly set configure option \'--enable-debug\' because
otherwise the cups-debuginfo RPM would be empty.
- Removed no longer recognized configure option \'--enable-pie\'
(it compiles and links with \'-pie -fPIE -fPIC\' by default).
- Disabled .SILENT in so that make is verbose as usual.

Mon May 10 14:00:00 2010
- In cups.spec removed \'-r\' from the suse_update_desktop_file call
to not replace valid (and previously patched via
cups-1.3.9-desktop_file.patch) categories of the desktop file
so that it shows up in the right place (this is particularly
an issue with the LXDE/XFCE menu).

Thu May 6 14:00:00 2010
- cups-1.4.3-default-webcontent-path.patch changes the default path
whereto the web content is installed from /usr/share/doc/...
to /usr/share/cups/webcontent because the files of the CUPS
web content are no documentation (see CUPS STR #3578 and
Novell/Suse Bugzilla bnc#546023 starting at comment#6).
- In cups.spec replaced usage of the RPM macro \'name\' by the
explicite value \'cups\' (except for the BuildRoot) so that
CUPS could be built as well with a different package name
(e.g. when someone likes to provide a CUPS SVN revision
as \'cupsSVN\' or a specifically adapted CUPS as \'cups4me\').

Tue Apr 27 14:00:00 2010
- cups-krb5-config wrapper script for krb5-config is no longer
needed because since April 2008 krb5-config works correctly
(see Novell/Suse Bugzilla bnc#378270 and compare STR #3556).

Tue Apr 20 14:00:00 2010
- In cups.xinetd replaced \'AATTLIBAATT\' by \'/usr/lib\' and removed
the perl substitute calls regarding \'AATTLIBAATT\' in cups.spec because
since the upstream compliant CUPS 1.4 it is \'/usr/lib/cups/\'
on all platforms (see Novell/Suse Bugzilla bnc#575544).

Wed Mar 31 14:00:00 2010
- Upgraded to CUPS 1.4.3:

* The scheduler could try responding on a closed client
connection, leading to a crash
(CVE-2009-3553, STR #3200, and bnc#554861).

* The lppasswd program allowed the localization files
to be overridden when running in setuid mode
(CVE-2010-0393, STR #3482, and bnc#574336).

* The scheduler would crash when an active printer was deleted.

* The DBUS notifier did not build (STR #3447).

* The scheduler did not reset the SIGPIPE handler
of child processes (STR #3399).

* For a complete list see the CHANGES.txt file.
- cups-1.3.9-CVE-2009-3553.patch has become
obsolete because it is fixed in the source.

Wed Jan 27 13:00:00 2010
- CUPS 1.3 -> 1.4 version upgrade and major cleanup:
For the CUPS upstream changes see the CHANGES.txt file.
Such a major version upgrade is the perfect chance
to drop almost all our own patches to enforce a
reset to almost 100% compliance with upstream.
Here our openSUSE CUPS versions and their number of patches
(i.e. the \"Patch\" entries in the cups.spec files):
CUPS version 1.2.12 in openSUSE 10.3: 37
CUPS version 1.3.7 in openSUSE 11.0: 29
CUPS version 1.3.9 in openSUSE 11.1: 26
CUPS version 1.3.11 in openSUSE 11.2: 17
Of course this includes patches with backported bug fixes
via our maintenance but nevertheless there were really
too much openSUSE specific patches.
Therefore I would like to provide CUPS 1.4 \"as is\" to the
furthest possible extent (there are still 6 patches left).
Then let\'s see if we get bug reports because of this.
I did such a reset to 100% compliance with upstream
already in the past for sane-backends and guess what:
I got no single bug report at all because of this.
I guess what they do at upstream is actually not so bad ;-)
- Added the explicite path to \'--with-cachedir=/var/cache/cups\'
in cups.spec to avoid that the fallback value \'yes\' results
the cache directory \'/etc/cups/yes/\'.
- cups-1.3.11-CVE-2009-2820-regression-fix.patch and
cups-1.3.11-CVE-2009-2820.patch have become
obsolete because it is fixed in the source.
- cups-1.4-full_path_to_configure_with-pdftops.patch has become
obsolete because it is fixed in the source.

Tue Dec 15 13:00:00 2009
- add baselibs.conf as a source
- enable parallel building

Tue Dec 15 13:00:00 2009
- Fixed the URL and MD5 sum comments for Source0 in cups.spec.
- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
in the scheduler which leads to remote denial of service,
(CVE-2009-3553, CUPS STR #3200,
and Novell/Suse Bugzilla bnc#554861)

Wed Nov 11 13:00:00 2009
- cups-1.3.11-CVE-2009-2820-regression-fix.patch
fixes a regression which was introduced by
the previous cups-1.3.11-CVE-2009-2820.patch
which lets adding a class via CUPS Web Interface fail
with an \'Unknown operation \"{op}\"\' error message
(CUPS STR #3401 and
Novell/Suse Bugzilla bnc#548317 starting at comment #24).
- cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface
Cross-Site Scripting (XSS) and CRLF injection in HTTP headers
(CVE-2009-2820 and CUPS STR #3367 and
Novell/Suse Bugzilla bnc#548317).

Tue Nov 3 13:00:00 2009
- updated patches to apply with fuzz=0

Wed Aug 26 14:00:00 2009
- Fixed as-needed issues when compiling additional tools
by using the right ordering of source and linked library
in \'gcc -opoll_ppd_base ... SOURCE1 -lcups\'
and \'gcc -olphelp ... SOURCE2 -lcups\' which
obsoletes the \'export SUSE_ASNEEDED=0\' workaround,
see the \'Fri Jul 10 12:34:54 CEST 2009\' entry below.
- Run fdupes.

Fri Jul 31 14:00:00 2009
- full_path_to_configure_with-pdftops.patch
adds support to specify a full path in
\'configure --with-pdftops=/usr/bin/pdftops\'
to avoid \'BuildRequires: xpdf-tools\' which would
bloat the build system but would be only needed to
satisfy \'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)\'
in cups-pdf.m4 if only \'configure --with-pdftops=pdftops\'
was possible (Novell/Suse Bugzilla bnc#526847).

Tue Jul 28 14:00:00 2009
- Upgraded to CUPS 1.3.11:

* The scheduler and cupsfilter utility would crash with
certain MIME .types rules (CUPS STR #3159).

* cups-1.3.10-fix-DNS-rebinding-protection.patch
(Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238)
is obsolete since CUPS 1.3.11 because it is fixed
in the source (it is fixed via CUPS STR #3164).

* For a complete list see the CHANGES.txt file.

Fri Jul 10 14:00:00 2009
- Set \'export SUSE_ASNEEDED=0\' in cups.spec because build fails
with --as-needed so that this is for now simply disabled.

Fri Jun 26 14:00:00 2009
- cups-1.3.10-fix-DNS-rebinding-protection.patch fixes
a regression of the CUPS 1.3.10 DNS rebinding protection which
lets e.g. \"lpoptions -h localhost -p -l\" fail with
\"lpoptions: Unable to get PPD file for : Bad Request\"
and in /var/log/cups/error_log there is the warning
W ... Request from \"localhost\" using invalid Host: field \"::1\"
but \"::1\" is the IPv6 loopback IP address for \"localhost\"
(Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).

Wed Jun 24 14:00:00 2009
- Upgraded to CUPS 1.3.10:

* Use a wrapper program filter/pdftops.c which only calls
/usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops)
instead of the CUPS fork of the Xpdf source code which was in
the pdftops directory (CUPS STR #3129). Because of this
cups-1.4svn-pdftops_as_filter.patch and
cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete
since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808).

* The scheduler now protects against DNS rebinding attacks
(CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624).

* cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2979).

* cups-1.3.9-max_subscription.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(no CUPS STR but mentioned in CHANGES.txt \"The scheduler
would crash if you exceeded the MaxSubscriptions limit\").

* cups-1.3.9-filter_png_overflow2.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631).

* cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2966 which is the
successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543).

* cups-1.3.9-cupsImageReadTiff.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).

* For a complete list see the CHANGES.txt file.
- cups-1.1.21rc2-preauth_security.patch and
cups-1.1.21rc2-usermode.patch and
cups-1.1.21-umlaut_printer.patch and
cups-1.1.23-testpage.patch are finally removed
since CUPS 1.3.10 because they were made for CUPS 1.1 and
were no longer applied since CUPS 1.2 in Suse Linux 10.3.
In particular cups-1.1.21rc2-usermode.patch can no longer
apply since CUPS 1.2 because RunAsUser in cupsd.conf is
no longer supported since CUPS 1.2, for more info see e.g. the
\"RunAsUser removed; reassurance wanted\" mails on
Furthermore we neither got any Suse Linux/openSUSE user request
nor any SLE11 beta-tester/customer request for them.

Mon Jun 8 14:00:00 2009
- Replaced \"--enable-static\" by \"--disable-static\" in configure
so that the static libraries /usr/lib[64]/libcups.a and
/usr/lib[64]/libcupsimage.a are no longer built and included
in the cups-devel package to enforce detection of other software
which might be built with static CUPS libraries so that those
other software could be fixed to use the dynamic libraries
(see also Novell/Suse Bugzilla bnc#509945).

Wed Jun 3 14:00:00 2009
- Set BROADCAST=\"ipp\" in cups.SuSEfirewall2 source file (which
gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups)
so that adding \"cups\" to allowed services in the firewall
also allows CUPS Browsing information via UDP broadcasts
(Novell/Suse Bugzilla bnc#498429).

Thu Mar 26 13:00:00 2009
- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
in the \"_cupsImageReadTIFF()\" function CVE-2009-0163
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).