Changelog for libcups2-2.3b6-236.1.x86_64.rpm :
Mon Dec 10 13:00:00 2018
- Version upgrade to 2.3b6:
This is the sixth beta of the CUPS 2.3 series which adopts the
new CUPS license, adds support for IPP presets and finishing
templates, and fixes a number of bugs and \"polish\" issues.
For details see
or the file.
Backward incompatible changes:

* The cupsaddsmb program has been removed (Issue #5449)

* The cupstestdsc program has been removed (Issue #5450)

* The cupscgi, cupsmime, and cupsppdc support libraries
are no longer installed as shared libraries.
Changes include:

* CVE-2018-4700: Linux session cookies used a predictable
random number seed.

* The lpoptions command now works with IPP Everywhere printers
that have not yet been added as local queues (Issue #5045)

* The lpadmin command would create a non-working printer
in some error cases (Issue #5305)

* The scheduler would crash if an empty AccessLog directive
was specified (Issue #5309)

* The scheduler did not idle-exit on some
Linux distributions (Issue #5319)

* Fixed a regression in the changes to ippValidateAttribute
(Issue #5322, Issue #5330)

* Fixed a crash bug in the Epson dot matrix driver (Issue #5323)

* Automatic debug logging of job errors did not work
with systemd (Issue #5337)

* The web interface did not list the
IPP Everywhere \"driver\" (Issue #5338)

* The scheduler did not report all of the supported job options
and values (Issue #5340)

* The IPP Everywhere \"driver\" now properly supports
face-up printers (Issue #5345)

* Fixed some typos in the label printer drivers (Issue #5350)

* Setting the Community name to the empty string in snmp.conf
now disables SNMP supply level monitoring by all the
standard network backends (Issue #5354)

* Multi-file jobs could get stuck if the backend failed
(Issue #5359, Issue #5413)

* The IPP Everywhere \"driver\" no longer does local filtering
when printing to a shared CUPS printer (Issue #5361)

* The lpadmin command now correctly reports IPP errors
when configuring an IPP Everywhere printer (Issue #5370)

* Fixed some memory leaks discovered by Coverity (Issue #5375)

* The PPD compiler incorrectly terminated JCL options
(Issue #5379)

* The cupstestppd utility did not generate errors for
missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381)

* The scheduler now reports the actual location
of the log file (Issue #5398)

* The generated PPD files for IPP Everywhere printers
did not contain the cupsManualCopies keyword (Issue #5433)

* Kerberos credentials might be truncated (Issue #5435)

* The handling of MaxJobTime 0 did not match the documentation
(Issue #5438)

* Fixed a bug adding a queue with the -E option (Issue #5440)

* The scheduler did not validate that required initial request
attributes were in the operation group (rdar://41098178)

* Fixed an issue with HTTP Digest authentication

* The scheduler could crash when job history was purged

* Fixed a crash bug when mapping PPD duplex options
to IPP attributes (rdar://46183976)

* Fixed a memory leak for some IPP (extension) syntaxes.

* The snmp backend is now deprecated.
- issue5453.patch fixes
- Version upgrade to 2.3b5:
This is the fifth beta of the CUPS 2.3 series which adopts the
new CUPS license, adds support for IPP presets and finishing
templates, and fixes a number of bugs and \"polish\" issues.
For details see
or the file.
Changes include:

* The ipptool program no longer checks for duplicate attributes
when running in list or CSV mode (Issue #5278)

* The cupsCreateJob, cupsPrintFile2, and cupsPrintFiles2 APIs
did not use the supplied HTTP connection (Issue #5288)

* Fixed another crash in the scheduler when adding an IPP
Everywhere printer (Issue #5290)

* Added a workaround for certain web browsers that
do not support multiple authentication schemes
in a single response header (Issue #5289)

* Fixed policy limits containing the All operation (Issue #5296)

* The scheduler was always restarted after idle-exit
with systemd (Issue #5297)

* The mailto notifier did not wait for the
welcome message (Issue #5312)

* Fixed a parsing bug in the pstops filter (Issue #5321)

* The scheduler allowed environment variables to be specified
in the cupsd.conf file (rdar://37836779, rdar://37836995,
rdar://37837252, rdar://37837581)

* Fax queues did not support pause (p) or
wait-for-dialtone (w) characters (rdar://39212256)

* The scheduler did not validate notify-recipient-uri values
properly (rdar://40068936)

* The IPP parser allowed invalid group tags (rdar://40442124)

* Fixed a parsing bug in the new authentication code.
- issue5296_fix_policy_limits_using_All.patch is obsolete
because it is fixed upstream (see \"Issue #5296\" above)

Thu Oct 18 14:00:00 2018 Dr. Werner Fink
- Add patch let-cupsd-start-after-network.patch
Let cuspd start after possible network connection (boo#1111351)
This let cupsd also stop before a used network connection goes
down, hence the cusp does not lock due waiting on remote printers.

Fri Sep 14 14:00:00 2018
- Fix warning message upon update (boo#1050845): Remove template
service cups-lpdAATT from service_
* macro in scriptlets.

Wed Apr 18 14:00:00 2018
- issue5296_fix_policy_limits_using_All.patch fixes
by only the actually relevant part of
(follow-up of boo#936309 and bsc#577936 starting at comment 13)

Wed Mar 28 14:00:00 2018
- Version upgrade to 2.3b4:
This is the fourth beta of the CUPS 2.3 series.
For details see
or the file.
Changes include:

* Additional security fixes for:
bsc#1061066 DBUS library aborts caller process
in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
bsc#1087018 CVE-2017-18248: cups: The add_job function in
scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
enabled, can be crashed by remote attackers by sending print
jobs with an invalid username, related to a D-Bus notification
which are the CUPS upstream issues
Remote DoS attack against cupsd via invalid username
and malicious D-Bus library
squash non-UTF-8 strings into ASCII on plain IPP level
persistently substitute invalid job attributes
with default values - not only in add_job
see also
bsc#1087072 dbus-1:
Disable assertions to prevent un-expected DDoS attacks

* NOTICE: Raw print queues are now deprecated (Issue #5269)
so that now there is a warning message when you
add or modify a queue to use the \"raw driver\" but
raw printing will continue to work through CUPS 2.3.x, cf.

* Kerberized printing to another CUPS server did not work
correctly (Issue #5233)

* The scheduler now supports using temporary print queues
for older IPP/1.1 print queues like those shared by CUPS 1.3
and earlier (Issue #5241)

* Systemd did not restart cupsd when configuration changes
were made that required a restart (Issue #5263)

* Fixed an Avahi crash bug in the scheduler (Issue #5268)

* TLS connections now properly timeout (rdar://34938533)

* Removed support for the `-D_PPD_DEPRECATED=\"\"` developer
cheat - the PPD API should no longer be used.

* Removed support for `-D_IPP_PRIVATE_STRUCTURES=1` developer
cheat - the IPP accessor functions should be used instead.

* The symlink rastertodymo -> rastertolabel
in /usr/lib/cups/filter is no longer provided.
- Removed fix_filter_Makefile.patch
because since CUPS 2.3b4 it is fixed in the upstream code via more precisely via

Thu Feb 8 13:00:00 2018
- Version upgrade to 2.3b3:
This is the third beta of the CUPS 2.3 series.
For details see
Changes include:

* More fixes for printing to old CUPS servers (Issue #5211)

* Additional changes for the scheduler to substitute
default values for invalid job attributes
when running in \"relaxed conformance\" mode
(Issue #5229 - a follow-up of issues #5186 and #5143)
A detailed list of changes can be found in the file.
- fix_filter_Makefile.patch fixes

Thu Jan 18 13:00:00 2018
- Version upgrade to 2.3b2:
This is the second beta of the CUPS 2.3 series.
For details see
Changes include:

* Printing to old CUPS servers has been fixed (Issue #5211)
A detailed list of changes can be found in the file.

Wed Dec 20 13:00:00 2017
- Version upgrade to 2.3b1:
This is the first beta of the CUPS 2.3 series which
adopts the new CUPS license (Apache License, Version 2.0),
adds support for IPP presets and finishing templates,
and fixes a number of bugs and \"polish\" issues.
For details see
Changes include:

* CUPS is now provided under the Apache License, Version 2.0

* The CUPS library now supports the latest HTTP Digest
authentication specification including support for SHA-256
(Issue #4862)

* Dropped RSS subscription management from the
web interface (Issue #5012)

* The lpadmin command now provides a better error message when
an unsupported System V interface script is used (Issue #5111)

* The SSLOptions directive now supports MinTLS and MaxTLS
options to control the minimum and maximum TLS versions
that will be allowed, respectively (Issue #5119)

* Dropped hard-coded CGI scripting language support (Issue #5124)

* The scheduler now substitutes default values for invalid
job attributes when running in \"relaxed conformance\"
mode (Issue #5186 - a follow-up of issue #5143)
A detailed list of changes can be found in the file.

Tue Nov 14 13:00:00 2017
- Make sure cups-libs- is removed.

Tue Nov 7 13:00:00 2017
- Version upgrade to 2.2.6:
CUPS 2.2.6 is a general bug fix release.
For details see
Changes include:

* DBUS notifications could crash the scheduler (Issue #5143)
(see also bsc#1061066 \"DBUS library aborts caller process\")
A detailed list of changes can be found in the file.

Fri Oct 20 14:00:00 2017
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
CUPS 2.2.5 is a general bug fix release.
For details see
- Version upgrade to 2.2.4:
CUPS 2.2.4 is a general bug fix release.
For details see
- Removed
because since CUPS 2.2.4 it is fixed in the upstream code
via more precisely via

Wed Oct 18 14:00:00 2017
- Fix typo in requires

Fri Oct 13 14:00:00 2017
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.

Sat Sep 30 14:00:00 2017
- Remove redundant Requires(pre) line — the use of %post -p
already implies it.

Wed Sep 20 14:00:00 2017
- Pre-require user(lp) in cups-libs

Thu Jun 8 14:00:00 2017
- In /usr/lib/tmpfiles.d/cups.conf use
group \'root\' for /run/cups/certs (boo#1042916).

Fri Jun 2 14:00:00 2017
- Major backward incompatible change since CUPS 2.2.0:
There is no longer the directory /etc/cups/interfaces because
since CUPS 2.2.0 so called \"System V style Interface Scripts\"
are no longer supported for security reasons (see below the
entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
because it does no longer apply which needs to be examined
and decided by someone who knows about systemd internals.
- Disabled
because they do no longer apply which needs to be examined
and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
CUPS 2.2.3 is a general bug fix release.
Changes include:

* The IPP backend could get into an infinite loop for certain
errors, causing a hung queue (rdar://problem/28008717)

* The scheduler could pause responding to client requests in
order to save state changes to disk (rdar://problem/28690656)

* Added support for PPD finishing keywords
(Issue #4960, Issue #4961, Issue #4962)

* The IPP backend did not send a media-col attribute for just
the source or type (Issue #4963)

* IPP Everywhere print queues did not always support all print
qualities supported by the printer (Issue #4953)

* IPP Everywhere print queues did not always support all media
types supported by the printer (Issue #4953)

* The IPP Everywhere PPD generator did not return useful error
messages (Issue #4954)

* The IPP Everywhere finishings support did not work correctly
with common UI or command-line options (Issue #4976)

* Fixed an error handling issue for the network backends
(Issue #4979)

* The \"reprint job\" option was not available for some canceled
jobs (Issue #4915)

* Updated the job listing in the web interface (Issue #4978)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
CUPS 2.2.2 is a general bug fix release.
Changes include:

* Fixed some issues with IPP Everywhere printer support
(Issue #4893, Issue #4909, Issue #4916, Issue #4921,
Issue #4923, Issue #4932, Issue #4933, Issue #4938)

* The rastertopwg filter could crash with certain input
(Issue #4942)

* The scheduler did not detect when an encrypted connection
was closed by the client on Linux (Issue #4901)

* The cups-lpd program did not catch all legacy usage
of ISO-8859-1 (Issue #4899)

* The scheduler no longer creates log files on startup

* The ippContainsString function now uses case-insensitive
comparisons for mimeMediaType, name, and text values in
conformance with RFC 2911.

* The network backends now log the addresses that were found
for a printer ()

* Let\'s Encrypt certificates did not work when the hostname
contained uppercase letters (Issue #4919)

* Fixed reporting of printed pages in the web interface
(Issue #4924)

* Updated systemd config files (Issue #4935)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
CUPS 2.2.1 is a general bug fix release.
Changes include:

* Added \"CreateSelfSignedCerts\" directive for cups-files.conf
to control whether the scheduler automatically creates
its own self-signed X.509 certificates for TLS connections
(Issue #4876)

* http
*Connect did not handle partial failures (Issue #4870)

* cupsHashData did not use the correct hashing algorithm

* Updated man pages (PR #4885)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
CUPS 2.2.0 adds support for local IPP Everywhere print queues
and includes several performance and security improvements.
Changes include:

* Normalized the TLS certificate validation code and added
additional error messages to aid troubleshooting.

* http
*Connect did not work on Linux when cupsd was not running
(Issue #4870)

* The --no-remote-any option of cupsctl had no effect
(Issue #4866)

* http
*Connect did not return early when all addresses failed
(Issue #4870)

* The IPP backend did not validate TLS credentials properly.

* The printer-state-message attribute was not cleared after a
print job with no errors (Issue #4851)

* The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
operations did not always return an error for failed
adds (Issue #4854)

* PPD files with names longer than 127 bytes did not work
(Issue #4860)

* CUPS now supports Let\'s Encrypt certificates on Linux.

* All CUPS commands now support POSIX options (Issue #4813)

* The scheduler now restarts faster (Issue #4760)

* Improved performance of web interface with large numbers
of jobs (Issue #3819)

* Encrypted printing can now be limited to only trusted
printers and servers ()

* The scheduler now advertises PWG Raster attributes for
IPP Everywhere clients (Issue #4428)

* The scheduler now logs informational messages for jobs
at LogLevel \"info\" (Issue #4815)

* The scheduler now uses the getgrouplist function
when available (Issue #4611)

* The IPP backend no longer enables compression by default
except for certain raster formats that generally benefit
from it ()

* The scheduler did not handle out-of-disk situations
gracefully (Issue #4742)

* The LPD mini-daemon now detects invalid UTF-8 sequences
in job, document, and user names (Issue #4748)

* The IPP backend now continues on to the next job
when the remote server/printer puts the job on hold

* The scheduler did not cancel multi-document jobs immediately

* The scheduler did not return non-shared printers to local
clients unless they connected to the domain socket

* The scheduler now reads the spool directory if one or more
job cache entries point to deleted jobs

* Added support for disc media sizes ()

* The httpAddrConnect and httpConnect
* APIs now try connecting
to multiple addresses in parallel ()

* Interface scripts are no longer supported for security reasons
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
CUPS 2.1.4 is a general bug fix release.
Changes include:

* Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)

* Fixed printing of multiple files to raw queues (Issue #4782)

* The scheduler did not implement the Hold-New-Jobs opertion
correctly (Issue #4767)

* The cups-lpd mini-daemon incorrectly included the document-name
attribute when creating a job. It should only be included when
sending a job (Issue #4790)
A detailed list of changes can be found in the CHANGES.txt file.

Sat May 20 14:00:00 2017
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
suse_version >= 1315: give OBS a better chance to break up build

Thu Apr 20 14:00:00 2017
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
0002-Save-work-on-Avahi-code.patch and
0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
finally commited to cups 2.2 sources in response to in order to fix cupsEnumDests
to react to the ALL_FOR_NOW avahi event (and also include a similar
fix for the dnssd case). Related to bsc#955432.

Mon Apr 10 14:00:00 2017
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
Avahi sends an ALL_FOR_NOW event when it finishes sending
its cache contents. This patch makes cupsEnumDests finish
when the signal is received so it doesn\'t block the caller
doing nothing until the timeout finishes (related to bsc#955432,
submitted upstream at

Wed Mar 29 14:00:00 2017
- Add /etc/cups to cups-libs package [bsc#1025689]

Mon Dec 12 13:00:00 2016
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
sub-libraries have been merged into libsystemd since version 209.
openSUSE 13.1 was the last product to ship systemd 208.

Tue Jun 28 14:00:00 2016
- Remove CUPS.desktop and pixmap

* Obsoletes patch cups-1.3.9-desktop_file.patch

Mon Feb 29 13:00:00 2016
- Version upgrade to 2.1.3:
CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
and user commands.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):

* The scheduler should not exit under memory pressure

* Fixed some issues in ipptool for skipped tests

* The \"lp -H resume\" command did not reset the
\"job-state-reasons\" attribute value (STR #4752)

* The scheduler did not allow access to resource files
(icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
actually contained a current 2.2 snapshot.
There are no other changes.
- Version upgrade to 2.1.1:
CUPS 2.1.1 fixes a number of USB and IPP printing issues,
addresses some error reporting and hardening issues in
the scheduler, and updates some localizations.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):

* Security hardening fixes (,
, ,
, ,
, ,
, ,
, ,
, ,
, ,
, ,
, ,

* The cupsGetPPD
* functions did not work with IPP printers
(STR #4725)

* Some older HP LaserJet printers need a delayed close when
printing using the libusb-based USB backend (STR #4549)

* The libusb-based USB backend did not unload the kernel usblp
module if it was preventing the backend from accessing the
printer (STR #4707)

* Current Primera printers were incorrectly reported as Fargo
printers (STR #4708)

* The IPP backend did not always handle jobs getting canceled
at the printer ()

* Added USB quirk for Canon MP530 (STR #4730)

* The scheduler did not deliver job notifications for jobs
submitted to classes (STR #4733)

* Changing the printer-is-shared value for a remote queue
did not produce an error (STR #4738)

* The IPP backend incorrectly included the job-password
attribute in Validate-Job requests ()

Sun Sep 20 14:00:00 2015
- add -devel to build a 32bit wine on 64bit only Leap systems.

Tue Sep 1 14:00:00 2015
- Version upgrade to 2.1.0:
CUPS 2.1.0 offers improved support for IPP Everywhere,
adds support for advanced logging using journald on Linux, and
includes new security features for encrypted printing and
reduced network visibility in the default configuration.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):

* Added support for 3D printers (basic types only,
no built-in filters) based on PWG white paper.

* The IPP backend now stops sending print data
if the printer indicates the job has been aborted
or canceled ()

* The IPP backend now sends the job-pages-per-set
attribute when printing multiple copy jobs with
finishings ()

* The IPP backend now updates the cupsMandatory values when the
printer configuration changes ()

* No longer install banner files since third-party banner
filters now supply their own (STR #4518)

* The scheduler no longer listens on the loopback
interface unless the web interface or printer sharing
are enabled ()

* Added a PPD generator for IPP Everywhere printers (STR #4258)

* Now install \"default\" versions of more configuration
files () in particular
cups-files.conf.default and snmp.conf.default

* Added SSLOptions values to allow Diffie-Hellman key exchange
and disable TLS/1.0 support.

* Updated the scheduler to support more IPP Everywhere
attributes (STR #4630)

* The scheduler now supports advanced ASL and journald logging
when \"syslog\" output is configured (STR #4474)

* The scheduler now supports logging to stderr when running
in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:

* cups-2.1.0-choose-uri-template.patch replaces

* cups-2.1.0-default-webcontent-path.patch replaces

* cups-2.1.0-cups-systemd-socket.patch replaces

Tue Sep 1 14:00:00 2015
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
in comment.

Thu Aug 20 14:00:00 2015
- Add gpg verification for the tarball
- Version update to 2.0.4:

* Fixed a bug in cupsRasterWritePixels (STR #4650)

* Fixed redirection in the web interface (STR #4538)

* The IPP backend did not respond to side-channel
requests (STR #4645)

* The scheduler did not start all pending jobs
at once (STR #4646)

* The web search incorrectly searched time-at-xxx
values (STR #4652)

* Fixed an RPM spec file issue (STR #4657)

* The scheduler incorrectly started jobs while canceling
multiple jobs (STR #4648)

* Fixed processing of server overrides without
port numbers (STR #4675)

* Documentation changes (STR #4651, STR #4674)

Wed Jul 1 14:00:00 2015
- cups-2.0.3-additional_policies.patch replaces
cups-1.7-additional_policies.patch that still adds the same
\"allowallforanybody\" policy but now with separated \"Limit All\"
to avoid (boo#936309).
- Added \"-p /bin/bash\" to RPM shell commands scriptlets that
enforces bash to be safe against any possible \"bashisms\", cf

Thu Jun 25 14:00:00 2015
- Fix the previous commit by using direct systemd call and
ensuring we work even on older distros

Mon Jun 22 14:00:00 2015
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
macro on our cups.conf

Tue Jun 9 14:00:00 2015
- Version upgrade to 2.0.3:
The new release addresses two security vulnerabilities,
add localizations for German and Russian, and includes several
general bug fixes. Changes include (excerpt):

* Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
exploiting the dynamic linker (STR #4609) (bsc#924208)

* Security: The scheduler could hang with malformed gzip data
(STR #4602)

* Restored missing generic printer icon file (STR #4587)

* Fixed logging of configuration errors to show up as errors
(STR #4582)

* Fixed potential buffer overflows in raster code and filters
(STR #4598, STR #4599, STR #4600, STR #4601)

* Fixed inside (STR #4575)

* Fixed lpadmin when both -m and -o are used (STR #4578)

* The web interface always showed support for 2-sided printing
(STR #4595)

* cupsRasterReadHeader did not fully validate the raster header
(STR #4596)

* The rastertopwg filter did not check for truncated input
(STR #4597)

* The cups-lpd mini-daemon did not check for request parameters
(STR #4603)

* The scheduler could get caught in a busy loop (STR #4605)

* The sample Epson driver could crash (STR #4616)

* The IPP backend now correctly monitors jobs

* The ppdhtml and ppdpo utilities crashed when the -D option
was used before a driver information file (STR #4627)

* ippfind incorrectly substituted \"=port\" for service_port.

* The IPP/1.1 test file did not handle the initial print job
completing early (STR #4576)

* Fixed a memory leak in cupsConnectDest (STR #4634)

* PWG Raster Format output contained invalid ImageBox values

* Added Russian translation (STR #4577)

* Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
possible and removed trailing whitespaces).

Sat Mar 28 13:00:00 2015
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605

Thu Feb 12 13:00:00 2015
- Add back the posttrans cleanup script as it is needed

Thu Feb 12 13:00:00 2015
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.

Thu Feb 12 13:00:00 2015
- Version bump to 2.0.2:

* Security: cupsRasterReadPixels buffer overflow with invalid
page header and compressed raster data (STR #4551)

* Mapping of PPD keywords to IPP keywords did not work if the PPD
keyword was already an IPP keyword ()

* cupsGetPPD
* sent bad requests (STR #4567)

* For detailed list see CHANGES.txt file

Thu Feb 12 13:00:00 2015
- Enable PIE for build

Fri Jan 30 13:00:00 2015
- Remove legacy paralel-port support as it is not really needed
as most do not want it

Fri Jan 30 13:00:00 2015
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration

Fri Jan 16 13:00:00 2015
- cups-2.0.1 update:

* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package

* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive

* openssl is no longer supported upstream

* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12

* even with the conditions we would have to go unencrypted only
as needs newer gnutls, so don\'t bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:

* cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch

* cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch

* cups-0003-systemd-secure-cups.service-unit-file.patch

* cups-1.3.6-access_conf.patch

* cups-1.5-additional_policies.patch

* cups-1.5.4-CVE-2012-5519.patch

* cups-1.5.4-strftime.patch

* cups-move-everything-to-run.patch

* cups-polld_avoid_busy_loop.patch

* cups-provides-cupsd-service.patch

* str4190.patch

* str4351.patch

* str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:

* cups-1.3.9-desktop_file.patch

* cups-config-libs.patch
- Added patches:

* cups-1.7-additional_policies.patch

* cups-systemd-socket.patch

Tue Sep 23 14:00:00 2014
- change BuildRequires for systemd to pkgconfig(systemd)
and pkgconfig(libsystemd-daemon) to avoid build-cycles

Mon Aug 25 14:00:00 2014
- Version upgrade to 1.7.5:
CUPS 1.7.5 addresses some minor issues and expands upon the
symlink security protection. Changes include (excerpt):

* Security: Addressed some more situations where symlinked
files would be served by the web interface (CVE-2014-5029
CVE-2014-5030 CVE-2014-5031 STR #4455 and bnc#887240).

* The LPD backend did not work with some versions
of glibc (STR #4452)

* CGI scripts did not work (STR #4454)
- str4455-1.7.patch (see the previous entry below)
is obsolete because it is fixed upstream since CUPS 1.7.5.
- Let fdupes only create symlinks in /usr/share/cups/templates/ to
avoid a symlink /usr/share/cups/webcontent/images/cups-icon.png
because since CUPS 1.7.4/1.7.5 the cupsd web server does
no longer follow symlinks to avoid the security issues
mentioned in the previous two entries below
(fixes bnc#892587 a regression of bnc#887240).

Tue Jul 29 14:00:00 2014
- str4455-1.7.patch complements the incomplete fix for
CVE-2014-3537 STR#445 in the CUPS 1.7.4 sources
to fix the subsequent CVE-2014-5029 CVE-2014-5030
CVE-2014-5031 STR#4455 (bnc#887240).

Tue Jul 15 14:00:00 2014
- Version upgrade to 1.7.4:
CUPS 1.7.4 fixes several networking and build issues,
and addresses a symlink security issue CVE-2014-3537.
Changes since 1.7.3 include (excerpt):

* Security: The web interface incorrectly served symlinked files
and files that were not world-readable, potentially leading to
a disclosure of information (CVE-2014-3537, STR #4450,
and bnc#887240).

* The \"snmp\" option did not work with the network backends
(STR #4422).

* The User directive in client.conf did not override the USER
environment variable (STR #4426).

* The web interface now properly shows a \"Go\" button for
all text-based browsers (STR #4425).

* The MaxJobTime directive now properly supports time
values (STR #4434).

* Fixed an \"IPP read error\" race condition issue (STR #4440).

Mon Jun 2 14:00:00 2014
- Version upgrade to 1.7.3:
CUPS 1.7.3 includes a number of general bug fixes.
Changes since 1.7.2 include (excerpt):

* Fixed mapping of OutputBin values such as \"Tray1\".

* Several ippGet
* functions incorrectly returned -1
instead of 0 on error.

* Fixed an authentication race condition in
cupsSendRequest (STR #4403).

* The scheduler did not add the \"job-hold-until-specified\"
reason when holding a job using the lp command (STR #4405).

* Auto-typing of PWG Raster files did not work (STR #4417).

* IPP queues using hardcoded credentials would ask
for credentials (STR #4371).

Wed Apr 23 14:00:00 2014
- Version upgrade to 1.7.2:
CUPS 1.7.2 addresses a web interface redirection security issue,
some scheduler crashed on Linux, and other general bug fixes.
Changes since 1.7.1 include (excerpt):

* CVE-2014-2856: The scheduler now blocks URLs containing
embedded HTML (STR #4356 and bnc#873899).

* cupsDoIORequest could miss the server status, causing failed
lpadmin and other administrative commands (STR #4386).

* Fixed a D-BUS threading issue that caused the scheduler
to crash (STR #4347).

* The scheduler now automatically reconnects to Avahi
as needed (STR #4370, STR #4373).
- str4351.patch that fixed STR #4351: cups-lpd hugh jobs (>2G) fail
is obsolete because it is fixed upstream since CUPS 1.7.2.
- Removed the CUPS banner files in /usr/share/cups/banners/ and
the CUPS testpage /usr/share/cups/data/testprint (which is also
a CUPS banner file type) because they do no longer work
since CUPS >= 1.6 (see
because there is no longer a filter for Linux that can convert
the CUPS banner files. Since CUPS >= 1.6 only the banner files
and testpage in the cups-filters package work via the
cups-filters PDF workflow and the cups-filters package also
provides the matching bannertopdf filter (bnc#873376).

Fri Apr 11 14:00:00 2014
- In case of systemd use --with-rundir=/run/cups
instead of --with-rundir=/run (bnc#871640).

Thu Feb 27 13:00:00 2014
- str4351.patch from CUPS upstream fixes
\"STR #4351 cups-lpd hugh jobs (>2G) fail\"

Wed Feb 26 13:00:00 2014
- Version upgrade to 1.7.1 (fate#314630):
CUPS >= 1.6 has major incompatible changes compared to CUPS
up to version 1.5.4 in particular when printing via network:

* The IPP protocol default version increased form 1.1 to 2.0.
Older IPP servers like CUPS 1.3.x (e.g. in SLE11)
reject IPP 2.0 requests with \"Bad Request\" (STR #4231).
By adding \'/version=1.1\' to ServerName in client.conf
(e.g. ServerName
or the CUPS_SERVER environment variable value or by
adding it to the server name value of the \'-h\' opion
(e.g. lpstat -h -p)
the older IPP protocol version for older servers
must be explicitly specified.

* CUPS Browsing is dropped in CUPS but the new package
cups-filters provides the cups-browsed that provides
basic CUPS Browsing and Polling functionality.
The native protocol in CUPS for automatic client discovery
of printers is now DNS-SD.

* Some printing filters and backends are dropped in CUPS
but the new package cups-filters provides them so that
cups-filters is usually needed (recommended by RPM)
but cups-filters is not strictly required.

* The cupsd configuration directives are split into two files
cupsd.conf (can also be modified via HTTP PUT e.g. via cupsctl)
and cups-files.conf (can only be modified manually by root)
to have better default protection against misuse of privileges
by normal users who have been specifically allowed
by root to do cupsd configuration changes
(STR #4223 CVE-2012-5519 bnc#789566).
See the entries below for more information.
For details see the openSUSE Bugzilla bnc#735404 issue.
CUPS 1.7.1 improves network and USB printing, fixes some
scheduler issues, and addresses a minor security issue
in the lppasswd program.
Changes since 1.7.0 include (excerpt):

* Security: the lppasswd program incorrectly used settings
from ~/.cups/client.conf (STR #4319)

* ATTR messages could cause string pool memory corruption
in the scheduler ()

* Printing to a raw queue could result in corrupt output
due to opportunistic compression ()

* Japanese PPDs using with the Shift-JIS encoding
did not work ()

* The libusb-based USB backend incorrectly used write
timeouts ()

* The IPP backend did not wait for a busy printer
to become available before attempting to print

* Using \"AATTIF(name)\" in an Allow or Deny rule
did not work (STR #4328)

* The D-BUS notifier did not remove its lockfile (STR #4314)

* CUPS incorrectly used the USER environment variable when
the name did not match the user ID (STR #4327)
For details see the CHANGES.txt file.
- cups-1.7-additional_policies.patch adds the \'allowallforanybody\'
policy to cupsd.conf (fate#303515) and replaces
- Clean up of systemd unit files (bnc#857372):
Make it working again as simple and secure as it worked
all the time in the past by providing only one single
systemd unit file cups.service. In particular currently YaST
cannot manage services with additional other systemd unit files.
Furthermore systemd socket activation is currently insecure
in case of IPv6 (CVE-2012-6094 bnc#795624).
- Clean up how cupsd is launched (via SysVinit or systemd)
by maintaining strictly separated sections in cups.spec:
Either for launching cupsd via systemd (if have_systemd is set)
or for launching cupsd via SysVinit (if have_systemd is not set).
SysVinit support cannot be removed because CUPS 1.7.1 still
builds and can be used even for SLE11.
- The default group of users who are allowed to do cupsd
configuration changes via requests to the running cupsd
(i.e. the SystemGroup directive in cupsd.conf) is set
to \'root\' only (related to STR #4223 CVE-2012-5519 bnc#789566).
In this context a general security advice:
When root allows normal users to do system administration tasks
(in particular when root allows normal users to administer
system processes - i.e. processes that run as root), then
this or that kind of privilege escalation will be possible.
Only trustworthy users who do not misuse their privileges
may get allowed to do specific system administration tasks.

Wed Oct 30 13:00:00 2013
- Version upgrade to 1.7.0
CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
See the entries below for more information.
For details see the openSUSE Bugzilla bnc#735404 issue.
Changes since 1.7rc1 include (excerpt):

* The lpadmin command did not send the PPD name from
the \"-m\" option ().

* The scheduler did not respond using the hostname
specified by the client ().

* Fixed a couple memory leaks in ippfind that were
reported by Clang.

* Fixed a compile issue on 64-bit Linux with Clang - need
to use the -pie option instead of -Wl,-pie now

* The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE
environment variable to the filters or backend
For details see the CHANGES.txt file.

Tue Jul 16 14:00:00 2013
- Version upgrade to 1.7rc1 only for testing purpose.
CUPS >= 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS >= 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.
For details regarding incompatible changes in CUPS >= 1.6 see
and follow the links therein.
The 1.7 series is primarily a \"polish\" release with improved
support for paid, PIN, and release printing, expanded support
for IPP Everywhere, automatic support for data compression,
and improved CUPS APIs.
CUPS 1.7rc1 is the first release candidate for CUPS 1.7.0
and includes the fixes from CUPS 1.6.3, adds a new
ippfind utility, fixes some issues in the ipptool utility,
and fixes some general printing bugs.
For details what is new in CUPS 1.7 see the CHANGES.txt file.

* Printer xxx-default values were not reported by
Get-Printer-Attributes or lpoptions ()

* Added a new ippfind tool for finding IPP printers and
other Bonjour services ()
- Version upgrade to 1.6.3
CUPS 1.6.3 fixes some compatibility issues with servers
running CUPS 1.3.12 or older, fixes some general printing bugs,
and fixes some minor security issues.
For details what is new in CUPS 1.6 see the CHANGES-1.6.txt file.

* The lp, lpq, lpr, and lpstat now display an error message
advising the use of the /version=1.1 ServerName option

* Added documentation about the /version=1.1 option to ServerName
in client.conf ()

* The lp, lpq, lpr, and lpstat commands incorrectly ignored
the default printer set in the lpoptions file

* Printing using \"ipps\" URIs was not encrypted.

Tue Mar 19 13:00:00 2013
- Version upgrade to 1.6.2.
CUPS 1.6 has major incompatible changes compared to CUPS 1.5.
For details regarding incompatible changes in CUPS 1.6 see
and follow the links therein.
For details what is new in CUPS 1.6 see the CHANGES.txt file.

* Security: All file, directory, user, and group settings
are now stored in a separate cups-files.conf configuration
file that cannot be set through the CUPS web interface
or APIs (STR #4223).

* The IPP backend could crash if the printer disconnects
early (STR #4284).

* cupsGetPPD did not work with statically-configured CUPS
shared queues (STR #4178).

* Bad IPP responses could crash ipptool (STR #4262).

* Updated USB quirk rules for various printers
(STR #4217, STR #4263, STR #4286).

* Added USB blacklisting for printers that require a custom
backend (STR #4218).

* The CUPS library did not always detect a timed out connection
to the server which could cause temporary loss of printing
from applications (STR #4187).

* The IPP backend now stops queues when the server configuration
prevents successful job submission (STR #4125).

* CUPS 1.6 clients using the ServerName directive in client.conf
did not work with CUPS 1.3.x or older servers
(STR #4231, STR #4291).

* The scheduler could crash when using Avahi
(STR #4183, STR #4192, STR #4200, STR #4213).

* The IPP backend could get stuck in an endless loop on certain
network errors (STR #4194).

* The scheduler no longer allows job-name values that are
not valid network Unicode strings (STR #4072).

* The network backends now support disabling of SNMP supply
level queries via the \"snmp\" URI option (STR #4106).

* The IPP backend did not specify the compression used
(STR #4181).

* The scheduler did not recognize dnssd: or ipps: URIs as
Bonjour shared queues (STR #4158).

* Applications could not get the PPD file for
statically-configured Bonjour-shared print queues (STR #4159).

* Fixed a USB backend compatibility issue on systems using
libusb (STR #4155, STR #4191).

* Some Bonjour features were not available on systems
with Avahi (STR #4156).
- cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch is
obsolete because it is fixed upstream (STR #4231, STR #4291).
- cups-1.6.2-adapt_cupsd.conf_defaults_for_SUSE.patch
replaces cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch
- Adapted cups-client.conf template file for CUPS 1.6.

Wed Nov 28 13:00:00 2012
- cups-1.6.1-adapt_cupsd.conf_defaults_for_SUSE.patch
adapts the defaults in cupsd.conf for SUSE.
It replaces cups-1.3.6-access_conf.patch that
added \'Allow\' to cupsd.conf to allow access
for the loopback IP address which is set for
the hostname by SUSE in /etc/hosts at least up to
SLE10 products.
It also replaces cups-1.5-additional_policies.patch
that added the \'allowallforanybody\' policy to cupsd.conf
Furthermore it fixes some issues with the CUPS upstream
defaults i.e. removal of no longer supported keywords
BrowseOrder BrowseAllow DefaultAuthType (otherwise cupsd
prints error messages of the form \"Unknown directive
BrowseOrder on line 22\").
- cups-1.6.1-revertSTR3929_to_default_IPP_1.1_again.patch
reverts the incompatible change in CUPS 1.6
that makes IPP version 2.0 default
back to using IPP version 1.1 by default.
Otherwise CUPS 1.6 on clients cannot talk to older CUPS
servers in particular not to CUPS 1.3.9 on SLE11.
E.g. on a CUPS 1.6 client \"lpstat -h sle11.cups.server -p\"
would fail on the client with \"lpstat: Bad Request\" and
the CUPS 1.3.9 server logs in /var/log/cups/error_log the
lines \"E ... cupsdReadClient: ... IPP Read Error!\"
and \"D ... cupsdSendError: ... code=400 (Bad Request)\".

Tue Nov 27 13:00:00 2012
- Version upgrade to 1.6.1.
CUPS 1.6 has major incompatible changes compared to CUPS 1.5.
After a version upgrade to CUPS 1.6 printing in the network
would no longer work as it did up to CUPS 1.5.
For an overview about what is new in CUPS 1.6 see
For details regarding incompatible changes in CUPS 1.6 see
and follow the links therein.
For details what is new in CUPS 1.6 see the CHANGES.txt file.

* CUPS now supports color management using colord (STR #3808).

* CUPS now supports Bonjour using Avahi (STR #3066).

* The \"brightness\", \"columns\", \"fitplot\", \"gamma\", \"hue\",
\"natural-scaling\", \"penwidth\", \"position\", \"ppi\",
\"saturation\", and \"scaling\" options are not longer
supported (STR #4010).

* Added new destination connection and enumeration functions
via new dynamic destination APIs (STR #3924).

* Added new option, localization, and job submission functions
via new APIs that do not depend on PPD files (STR #3925).

* The scheduler now supports a DefaultAuthType of \"auto\" to
automatically choose between Basic (username/password)
and Negotiate (Kerberos) authentication.

* CUPS no longer supports automatic remote printers or
implicit classes via the CUPS, LDAP, or SLP protocols
(STR #3922, STR #3923).

* The PPD APIs are now deprecated and will be removed
in a future version of CUPS (STR #3927).

* The default IPP version for requests is now 2.0 (STR #3929).

* The IPP APIs no longer expose the ipp_t or ipp_attribute_t
structures and instead provide accessor functions (STR #3928).

* The scheduler will no longer run programs with group write

* The PHP module has been removed (STR #3932).

* The bannertops, commandtoescpx, commandtopclx, imagetops,
imagetoraster, pdftops, rastertoescpx, rastertopclx,
and texttops filters have been removed (STR #3930).

* The serial and parallel backends have been removed (STR #3935).
- Adapted cups-config-libs.patch for CUPS 1.6.1
(IMGLIBS is no longer present in

Thu Oct 18 14:00:00 2012
- buildrequire systemd through the pkgconfig provide to get
systemd-mini in build environment (to break cycle)

Thu Sep 27 14:00:00 2012
- Version upgrade to 1.5.4 (mainly a bugfix release) that fixes
some IPP printing issues.

* The IPP backend no longer tries to get the job status for
printers that do not implement the required operation
(STR #4083).

* Sending a document in an unsupported format to an IPP printer
now automatically cancels the job (STR #4093).

* The IPP backend now treats the client-error-not-possible
status code as a job history issue, allowing IPP printing to
Windows to work(STR #4047).
For a complete list see the CHANGES.txt file.
- revert_cups-ssl.m4_to_1.5.2.patch is now obsolete because of
an upstream fix.

Tue Sep 4 14:00:00 2012
- license update: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
Apple grant an openssl linking exception (and an exception for
linking on Apple owned operating systems).

Wed Aug 1 14:00:00 2012
- Save /etc/cups/cupsd.conf and /etc/cups/cupsd.conf.default
from becoming hardlinked via the fdupes run in cups.spec
(see the \'Wed Aug 26 21:43:03 CEST 2009\' entry below)
by making their content different and at the same time
fix the misleading comment (openSUSE Bugzilla bnc#773971).
- Minor clean-up in cups.spec (the \"Remove unpackaged files\"
via \"rm -rf \") is no longer needed because
those man pages are no longer installed.

Wed May 16 14:00:00 2012
- Upgraded to CUPS 1.5.3 (mainly a bugfix release) that fixes
a number of PostScript, SSL, authenticated printing,
and networking issues.

* The scheduler could crash if a PPD file contained
an invalid paper size (STR #4049).

* Missing localizations caused empty output (STR #4033).

* Changed how timeouts are implemented in the LPD backend
(STR #4013).

* The default InputSlot setting was never used (STR #3957).

* Fixed the IPP backend\'s handling of HTTP/1.0 compatibility
(STR #3988).
For a complete list see the CHANGES.txt file.
- revert_cups-ssl.m4_to_1.5.2.patch reverts cups-ssl.m4 to what
it was in CUPS 1.5.2 so that autoconf produces a syntactically
correct configure script otherwise \"bash -n configure\" fails
with \"syntax error: unexpected end of file\",

Thu Apr 12 14:00:00 2012
- No longer require Ghostscript but only \"Recommends: ghostscript\"
because the Ghostscript device \"cups\" is needed by several CUPS
filters (in particular the \"rasterto...\" filters) but those
filters are not used on all systems (e.g. on a print server
with only \"raw\" queues) so that a weak Recommends fits better.
Furthermore this avoids a build dependency cycle between the
main-packages cups and ghostscript.
- No longer require /usr/bin/pdftops but only a \"Recommends\"
because the CUPS filter /usr/lib/cups/filter/pdftops
(which calls /usr/bin/pdftops) is not used on all systems
(e.g. on a print server with only \"raw\" queues) so that
a weak Recommends fits better.

Tue Apr 10 14:00:00 2012
- In cups.spec only \"Requires: ghostscript\" but no longer require
ghostscript-fonts-std in cups.spec because in ghostscript.spec
there is already \"Requires: ghostscript-fonts-std\"
(related to openSUSE Bugzilla bnc#735824).
- In cups.spec remove the Obsoletes/Provides cups-SUSE-ppds-dat
because cups-SUSE-ppds-dat.rpm existed only up to SLE10
but it does no longer exist since 11.1/SLE11
and CUPS 1.5.x is not provided for SLE10.
- Use traditional bash scriptlets for post/postun with
an explicite \"exit 0\" line at the end to be fail safe and
therefore also \"PreReq: /sbin/ldconfig\" explicitly for the
cups-libs sub-package, see the \"Shared_libraries\" section in

Tue Feb 7 13:00:00 2012
- Upgraded to CUPS 1.5.2 (mainly a bugfix release). This release
fixes a number of printing, encryption, and ipptool issues.

* The scheduler incorrectly used free() on a POSIX ACL value,
which could cause a crash (STR #3970).

* Encryption was broken with OpenSSL (probably STR #3933
and bnc#739410 ).

* Badly formed GIF files could cause the image filters
to crash (STR #3914).
For a complete list see the CHANGES.txt file.

Tue Jan 10 13:00:00 2012
- Use explicit buildrequires on the needed libraries.
otherwise build will fail after libtiff-devel deps cleanup
- Cleanup requires of -devel package, which only needs glibc-devel
- cups-config-libs.patch fixes cups-config script,
which with option --libs adds:
LIBS=\"-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto
- lz -lpthread -lm -lcrypt \"
IMGLIBS=\"-ltiff -ljpeg -lpng\"
This only makes sense when using static linking but we do not
ship static libraries and it will only bloat dependant packages.

Sat Dec 17 13:00:00 2011
- Update systemd patch, Bind to datagram socket as well in
systemd cups.socket unit file, to prevent that port being
stolen by another service (from RH).
- There is no need to use -fno-strict-aliasing
in cflags any longer.

Sat Dec 3 13:00:00 2011
- Update systemd patch to a newer version that uses
libsystemd-daemon instead of bundling sd-daemon wrappers.

Sat Dec 3 13:00:00 2011
- cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
adds complete systemd support, the hardware stuff is handled in
builtin udev rules (see /lib/udev/rules.d/99-systemd.rules).
See also

Thu Oct 6 14:00:00 2011
- Upgraded to CUPS 1.5.0 (openSUSE Bugzilla bnc#722057)
Backward incompatible changes:

* The main header cups/cups.h no longer includes the PPD header
cups/ppd.h which may require code changes to applications.

* CUPS no longer supports the old ~/.cupsrc or ~/.lpoptions files
from CUPS 1.1.x. The ~/.cups/client.conf and ~/.cups/lpoptions
files that were introduced in CUPS 1.2 must now be used.

* The scheduler now requires that filters and backends
have group write permissions disabled (security).

* The HP-GL/2 filter is no longer included (STR #3322).

* The SCSI backend is no longer included (STR #3500).
Other changes:

* Updated the PostScript filter to support IncludeFeature
in more circumstances (STR #3417).

* The scheduler now sets the process group for child processes
and manages the group (STR #2829).

* The scheduler now more carefully creates and removes
configuration, cache, and state files (STR #3715).

* The lpadmin command now allows default option values
to be deleted (STR #2959).

* Restored support for GNU TLS and OpenSSL with threading
enabled (STR #3605, STR #3461).
Therefore cups-1.4.4-str3461-1.4.reverted.patch
is no longer needed (openSUSE Bugzilla bnc#617026).

* Increased the default RIPCache value to 128MB (STR #3535).
Therefore cups-1.4.4-set_default_RIPCache_128m.patch
is no longer needed (openSUSE Bugzilla bnc#628233).

* Updated PDF filter to support Ghostscript ps2write (STR #3766).

* Updated PDF filter to support Poppler option to preserve page
sizes in PDF files when the user has not selected a particular
media size (STR #3689).

* Added new PWG Raster filter for IPP Everywhere printer support.

* Added support for a new cupsFilter2 keyword in PPD files
to allow for the propagation of the actual MIME media type
produced by a filter.

* Name resolution errors no longer no longer cause
queues to stop (STR #3719, STR #3753). See also

* Added a new cups-exec helper program that applies security
profiles to filters, port monitors, backends, CGI programs,
and mini-daemons.

* The web interface can now be disabled using the WebInterface
directive in cupsd.conf (STR #2625).

* The ipptest tool is now a first-class user program (STR #3484).
For a complete list see the CHANGES.txt file.
- cups-1.4.4-str3461-1.4.reverted.patch (bnc#617026) and
cups-1.4.4-set_default_RIPCache_128m.patch (bnc#628233)
are no longer needed because the issues are fixed upstream.
cups-1.5-additional_policies.patch (fate#303515) replaces the
cups-1.4-additional_policies.patch which does no longer apply.

Fri Sep 30 14:00:00 2011
- add libtool as buildrequire to make the spec file more reliable

Thu Sep 29 14:00:00 2011
- Reverted the change from meissner below dated
\"Fri Sep 23 09:54:39 CEST 2011\" so that baselibs.conf again
contains only one line \"cups-libs\" as before because the
submitrequest 85423 Printing/cups -> openSUSE:Factory/cups
was declined by coolo with the following reason:
\"cups-devel-32bit requires cups-32bit (default requires),
which does not exist\".

Thu Sep 29 14:00:00 2011
- Upgraded to CUPS 1.4.8

* network backends could crash if a printer returned a value
of 0 for the maximum capacity for a supply (STR #3875)

* For a complete list see the CHANGES.txt file.
- Upgraded to CUPS 1.4.7

* imageto
* filters could crash with bad GIF files (STR #3867)

* CUPS did not work with some printers that incorrectly
implemented the HTTP/1.1 standard (STR #3778, STR #3791)

* Fixed crash in scheduler when the application/octet-stream
MIME type was not defined (STR #3690)

* The web interface no longer tries to use multi-part delivery
when adding printers (STR #3455) using Epiphany or IE

* \"lp\" and \"lpr\" failed with Kerberos enabled (STR #3768)

* Remote printer URIs with options did not work (STR #3717)

* The scheduler now only looks up interface hostnames
if HostNameLookups are enabled (STR #3737)

* The scheduler could crash if a browsed printer times out
while a job is printing (STR #3754)

* For a complete list see the CHANGES.txt file.

Thu Sep 29 14:00:00 2011
- cups-1.4.4-set_default_RIPCache_128m.patch enlarges
the CUPS upstream default RIPCache from 8m to 128m
to avoid various kind of printout failures
(STR #3535, and Novell/openSUSE Bugzilla bnc#628233).

Fri Sep 23 14:00:00 2011
- cups-devel baselibs package for Wine 32bit on 64bit building
(added \"cups-devel requires cups-libs...\" to baselibs.conf).

Sun Sep 18 14:00:00 2011
- Remove redundant tags/sections from specfile
(removed \"norootforbuild\" and the \"clean\" section).

Mon Jul 25 14:00:00 2011
- \"no\" locale is \"nb\" (norwegian bokmal) these days
(move /usr/share/locale/no to /usr/share/locale/nb).
- \"zh\" is probably meant as \"zh_CN\", as \"zh_TW\" exists
(move /usr/share/locale/zh to /usr/share/locale/zh_CN).

Thu Feb 10 13:00:00 2011
- Cleaned up the RPM Requires:
Removed the needless \"Suggests: poppler-tools\" because there
is \"Requires: /usr/bin/pdftops\" which should be sufficient.
Replaced the RPM Requires for foomatic-filters by Recommends
because foomatic-rip is only needed by CUPS in a few cases
and printer driver packages which need foomatic-rip require
foomatic-filters on their own.

Fri Jan 14 13:00:00 2011
- Upgraded to CUPS 1.4.6
CUPS 1.4.6 fixes in particular a regression:

* A change was made in CUPS 1.4.5\'s pstops filter
that it did not support landscape printing
of PostScript files (STR #3722)

* For a complete list see the CHANGES.txt file.

Thu Dec 9 13:00:00 2010
- Fixed coolo\'s quick and ditry unconditioned
\"PreReq: sysvinit(syslog)\" stuff from below because build fails
everywhere except openSUSE:Factory (i.e. openSUSE 11.4)
because sysvinit(syslog) is nowhere else provided.
Now the PreReq is only if suse_version > 1130.

Tue Dec 7 13:00:00 2010
- prereq init script syslog

Fri Nov 12 13:00:00 2010
- Upgraded to CUPS 1.4.5
CUPS 1.4.5 fixes several scheduler and printing bugs
as well as a reported security bug, in particular:

* Fixed a IPP parsing memory corruption bug
(CVE-2010-2941, STR #3648, Novell/Suse Bugzilla bnc#649256)

* Fixed a PPD loader bug that could crash the cupsd (STR #3680)

* The scheduler restarts jobs while shutting down (STR #3679)

* Did not initialize Kerberos in all cases (STR #3662)

* The socket backend could go into an infinite loop
with certain printers (STR #3622)

* Moving a job via the web interface failed without
asking for authentication (STR #3559)

* The web interface did not allow a user to change
the driver (STR #3537, STR #3601)

* For a complete list see the CHANGES.txt file.

Thu Jul 15 14:00:00 2010
- Fixed /etc/init.d/cups (cups.init source file) so that stopping
the cupsd waits up to 10 seconds until the cupsd had actually
finished (if not SIGKILL would be sent to it) to make sure
that \"rccups restart\" and \"rccups stop ; rccups start\" work
correctly (see Novell/Suse Bugzilla bnc#622058).

Fri Jun 25 14:00:00 2010
- cups-1.4.4-str3461-1.4.reverted.patch reverts changes
by CUPS STR #3461 as band-aid workaround for now to avoid
that applications crash when they try to print
(STR #3461, STR #3605, and Novell/Suse Bugzilla bnc#617026).

Fri Jun 18 14:00:00 2010
- Upgraded to CUPS 1.4.4
CUPS 1.4.4 fixes several security, scheduler, printing,
and conformance issues, in particular:

* The web interface now includes additional CSRF protection
(CVE-2010-0540, STR #3498, STR #3593, and
Novell/Suse Bugzilla bnc#601830)

* The texttops filter did not check the results of allocations
(CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)

* The web admin interface could disclose the contents of memory
(CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)

* The fix for CVE-2009-3553 (STR #3200) was incomplete
for systems that use kqueue or epoll (STR #3490)

* CUPS could overwrite files as root in directories owned or
writable by non-root users (STR #3510)

* The OpenSSL interfaces have been made thread-safe and
the GNU TLS interface is explicitly forbidden
when threading is enabled (STR #3461)

* The scheduler could crash on restart if classes
were defined (STR #3524)

* The socket backend no longer waits for back-channel data
on platforms other than Mac OS X (STR #3495)

* For a complete list see the CHANGES.txt file.

Mon Jun 14 14:00:00 2010
- Update cups-1.3.9-desktop_file.patch: add the Settings category
(required since we use HardwareSettigns) and add NotShowIn=GNOME:
in GNOME, the configuration tool we want to use is

Wed Jun 2 14:00:00 2010
- Explicitly set configure option \'--enable-debug\' because
otherwise the cups-debuginfo RPM would be empty.
- Removed no longer recognized configure option \'--enable-pie\'
(it compiles and links with \'-pie -fPIE -fPIC\' by default).
- Disabled .SILENT in so that make is verbose as usual.

Mon May 10 14:00:00 2010
- In cups.spec removed \'-r\' from the suse_update_desktop_file call
to not replace valid (and previously patched via
cups-1.3.9-desktop_file.patch) categories of the desktop file
so that it shows up in the right place (this is particularly
an issue with the LXDE/XFCE menu).

Thu May 6 14:00:00 2010
- cups-1.4.3-default-webcontent-path.patch changes the default path
whereto the web content is installed from /usr/share/doc/...
to /usr/share/cups/webcontent because the files of the CUPS
web content are no documentation (see CUPS STR #3578 and
Novell/Suse Bugzilla bnc#546023 starting at comment#6).
- In cups.spec replaced usage of the RPM macro \'name\' by the
explicite value \'cups\' (except for the BuildRoot) so that
CUPS could be built as well with a different package name
(e.g. when someone likes to provide a CUPS SVN revision
as \'cupsSVN\' or a specifically adapted CUPS as \'cups4me\').

Tue Apr 27 14:00:00 2010
- cups-krb5-config wrapper script for krb5-config is no longer
needed because since April 2008 krb5-config works correctly
(see Novell/Suse Bugzilla bnc#378270 and compare STR #3556).

Tue Apr 20 14:00:00 2010
- In cups.xinetd replaced \'AATTLIBAATT\' by \'/usr/lib\' and removed
the perl substitute calls regarding \'AATTLIBAATT\' in cups.spec because
since the upstream compliant CUPS 1.4 it is \'/usr/lib/cups/\'
on all platforms (see Novell/Suse Bugzilla bnc#575544).

Wed Mar 31 14:00:00 2010
- Upgraded to CUPS 1.4.3:

* The scheduler could try responding on a closed client
connection, leading to a crash
(CVE-2009-3553, STR #3200, and bnc#554861).

* The lppasswd program allowed the localization files
to be overridden when running in setuid mode
(CVE-2010-0393, STR #3482, and bnc#574336).

* The scheduler would crash when an active printer was deleted.

* The DBUS notifier did not build (STR #3447).

* The scheduler did not reset the SIGPIPE handler
of child processes (STR #3399).

* For a complete list see the CHANGES.txt file.
- cups-1.3.9-CVE-2009-3553.patch has become
obsolete because it is fixed in the source.

Wed Jan 27 13:00:00 2010
- CUPS 1.3 -> 1.4 version upgrade and major cleanup:
For the CUPS upstream changes see the CHANGES.txt file.
Such a major version upgrade is the perfect chance
to drop almost all our own patches to enforce a
reset to almost 100% compliance with upstream.
Here our openSUSE CUPS versions and their number of patches
(i.e. the \"Patch\" entries in the cups.spec files):
CUPS version 1.2.12 in openSUSE 10.3: 37
CUPS version 1.3.7 in openSUSE 11.0: 29
CUPS version 1.3.9 in openSUSE 11.1: 26
CUPS version 1.3.11 in openSUSE 11.2: 17
Of course this includes patches with backported bug fixes
via our maintenance but nevertheless there were really
too much openSUSE specific patches.
Therefore I would like to provide CUPS 1.4 \"as is\" to the
furthest possible extent (there are still 6 patches left).
Then let\'s see if we get bug reports because of this.
I did such a reset to 100% compliance with upstream
already in the past for sane-backends and guess what:
I got no single bug report at all because of this.
I guess what they do at upstream is actually not so bad ;-)
- Added the explicite path to \'--with-cachedir=/var/cache/cups\'
in cups.spec to avoid that the fallback value \'yes\' results
the cache directory \'/etc/cups/yes/\'.
- cups-1.3.11-CVE-2009-2820-regression-fix.patch and
cups-1.3.11-CVE-2009-2820.patch have become
obsolete because it is fixed in the source.
- cups-1.4-full_path_to_configure_with-pdftops.patch has become
obsolete because it is fixed in the source.

Tue Dec 15 13:00:00 2009
- add baselibs.conf as a source
- enable parallel building

Tue Dec 15 13:00:00 2009
- Fixed the URL and MD5 sum comments for Source0 in cups.spec.
- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
in the scheduler which leads to remote denial of service,
(CVE-2009-3553, CUPS STR #3200,
and Novell/Suse Bugzilla bnc#554861)

Wed Nov 11 13:00:00 2009
- cups-1.3.11-CVE-2009-2820-regression-fix.patch
fixes a regression which was introduced by
the previous cups-1.3.11-CVE-2009-2820.patch
which lets adding a class via CUPS Web Interface fail
with an \'Unknown operation \"{op}\"\' error message
(CUPS STR #3401 and
Novell/Suse Bugzilla bnc#548317 starting at comment #24).
- cups-1.3.11-CVE-2009-2820.patch fixes CUPS Web Interface
Cross-Site Scripting (XSS) and CRLF injection in HTTP headers
(CVE-2009-2820 and CUPS STR #3367 and
Novell/Suse Bugzilla bnc#548317).

Tue Nov 3 13:00:00 2009
- updated patches to apply with fuzz=0

Wed Aug 26 14:00:00 2009
- Fixed as-needed issues when compiling additional tools
by using the right ordering of source and linked library
in \'gcc -opoll_ppd_base ... SOURCE1 -lcups\'
and \'gcc -olphelp ... SOURCE2 -lcups\' which
obsoletes the \'export SUSE_ASNEEDED=0\' workaround,
see the \'Fri Jul 10 12:34:54 CEST 2009\' entry below.
- Run fdupes.

Fri Jul 31 14:00:00 2009
- full_path_to_configure_with-pdftops.patch
adds support to specify a full path in
\'configure --with-pdftops=/usr/bin/pdftops\'
to avoid \'BuildRequires: xpdf-tools\' which would
bloat the build system but would be only needed to
satisfy \'AC_PATH_PROG(CUPS_PDFTOPS, pdftops)\'
in cups-pdf.m4 if only \'configure --with-pdftops=pdftops\'
was possible (Novell/Suse Bugzilla bnc#526847).

Tue Jul 28 14:00:00 2009
- Upgraded to CUPS 1.3.11:

* The scheduler and cupsfilter utility would crash with
certain MIME .types rules (CUPS STR #3159).

* cups-1.3.10-fix-DNS-rebinding-protection.patch
(Novell/Suse Bugzilla bnc#516511 and CUPS STR #3238)
is obsolete since CUPS 1.3.11 because it is fixed
in the source (it is fixed via CUPS STR #3164).

* For a complete list see the CHANGES.txt file.

Fri Jul 10 14:00:00 2009
- Set \'export SUSE_ASNEEDED=0\' in cups.spec because build fails
with --as-needed so that this is for now simply disabled.

Fri Jun 26 14:00:00 2009
- cups-1.3.10-fix-DNS-rebinding-protection.patch fixes
a regression of the CUPS 1.3.10 DNS rebinding protection which
lets e.g. \"lpoptions -h localhost -p -l\" fail with
\"lpoptions: Unable to get PPD file for : Bad Request\"
and in /var/log/cups/error_log there is the warning
W ... Request from \"localhost\" using invalid Host: field \"::1\"
but \"::1\" is the IPv6 loopback IP address for \"localhost\"
(Novell/Suse Bugzilla bnc#489624 comment#19 and bnc#516511).

Wed Jun 24 14:00:00 2009
- Upgraded to CUPS 1.3.10:

* Use a wrapper program filter/pdftops.c which only calls
/usr/bin/pdftops (via configure --with-pdftops=/usr/bin/pdftops)
instead of the CUPS fork of the Xpdf source code which was in
the pdftops directory (CUPS STR #3129). Because of this
cups-1.4svn-pdftops_as_filter.patch and
cups-1.4svn-pdftops_dont_fail_on_cancel.patch are obsolete
since CUPS 1.3.10 (the latter was fixed via CUPS STR #2808).

* The scheduler now protects against DNS rebinding attacks
(CUPS STR #3118 and Novell/Suse Bugzilla bnc#489624).

* cups-1.3.9-cupstestppd.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2979).

* cups-1.3.9-max_subscription.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(no CUPS STR but mentioned in CHANGES.txt \"The scheduler
would crash if you exceeded the MaxSubscriptions limit\").

* cups-1.3.9-filter_png_overflow2.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #2974 and Novell/Suse Bugzilla bnc#448631).

* cups-1.3.9-hpgltops2.patch is obsolete since CUPS 1.3.10
because it is fixed in the source (CUPS STR #2966 which is the
successor of CUPS STR #2911 and Novell/Suse Bugzilla bnc#430543).

* cups-1.3.9-cupsImageReadTiff.patch is obsolete
since CUPS 1.3.10 because it is fixed in the source
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).

* For a complete list see the CHANGES.txt file.
- cups-1.1.21rc2-preauth_security.patch and
cups-1.1.21rc2-usermode.patch and
cups-1.1.21-umlaut_printer.patch and
cups-1.1.23-testpage.patch are finally removed
since CUPS 1.3.10 because they were made for CUPS 1.1 and
were no longer applied since CUPS 1.2 in Suse Linux 10.3.
In particular cups-1.1.21rc2-usermode.patch can no longer
apply since CUPS 1.2 because RunAsUser in cupsd.conf is
no longer supported since CUPS 1.2, for more info see e.g. the
\"RunAsUser removed; reassurance wanted\" mails on
Furthermore we neither got any Suse Linux/openSUSE user request
nor any SLE11 beta-tester/customer request for them.

Mon Jun 8 14:00:00 2009
- Replaced \"--enable-static\" by \"--disable-static\" in configure
so that the static libraries /usr/lib[64]/libcups.a and
/usr/lib[64]/libcupsimage.a are no longer built and included
in the cups-devel package to enforce detection of other software
which might be built with static CUPS libraries so that those
other software could be fixed to use the dynamic libraries
(see also Novell/Suse Bugzilla bnc#509945).

Wed Jun 3 14:00:00 2009
- Set BROADCAST=\"ipp\" in cups.SuSEfirewall2 source file (which
gets installed as /etc/sysconfig/SuSEfirewall2.d/services/cups)
so that adding \"cups\" to allowed services in the firewall
also allows CUPS Browsing information via UDP broadcasts
(Novell/Suse Bugzilla bnc#498429).

Thu Mar 26 13:00:00 2009
- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
in the \"_cupsImageReadTIFF()\" function CVE-2009-0163
(CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).