From 8aabbce8def52d0e88d2f3e1b453c807ca5248b09709b4b8a28af66db32b40c5 Mon Sep 17 00:00:00 2001 From: Johannes Meixner Date: Wed, 31 Mar 2010 11:46:50 +0000 Subject: [PATCH 1/3] Accepting request 36237 from home:jsmeix:branches:Printing Copy from home:jsmeix:branches:Printing/cups via accept of submit request 36237 revision 2. Request was accepted with message: Version upgrade to CUPS 1.4.3 OBS-URL: https://build.opensuse.org/request/show/36237 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=186 --- cups-1.4.2-source.tar.bz2 | 3 -- cups-1.4.3-source.tar.bz2 | 3 ++ cups.changes | 18 +++++++++ cups.spec | 82 +++++++++++++++++++++++++++++---------- 4 files changed, 82 insertions(+), 24 deletions(-) delete mode 100644 cups-1.4.2-source.tar.bz2 create mode 100644 cups-1.4.3-source.tar.bz2 diff --git a/cups-1.4.2-source.tar.bz2 b/cups-1.4.2-source.tar.bz2 deleted file mode 100644 index 80ccfd1..0000000 --- a/cups-1.4.2-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:646bc0dbac064d05c0a93735fb556299eda0ae32ce4568506654cb952c719314 -size 4450466 diff --git a/cups-1.4.3-source.tar.bz2 b/cups-1.4.3-source.tar.bz2 new file mode 100644 index 0000000..d2fba97 --- /dev/null +++ b/cups-1.4.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:47a559b1c50192b94479ae7dab132ea0008727045d4993501cf0a6df0c64db97 +size 4461101 diff --git a/cups.changes b/cups.changes index 1a1c58c..c0523cc 100644 --- a/cups.changes +++ b/cups.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Mar 31 12:52:02 CEST 2010 - jsmeix@suse.de + +- Upgraded to CUPS 1.4.3: + * The scheduler could try responding on a closed client + connection, leading to a crash + (CVE-2009-3553, STR #3200, and bnc#554861). + * The lppasswd program allowed the localization files + to be overridden when running in setuid mode + (CVE-2010-0393, STR #3482, and bnc#574336). + * The scheduler would crash when an active printer was deleted. + * The DBUS notifier did not build (STR #3447). + * The scheduler did not reset the SIGPIPE handler + of child processes (STR #3399). + * For a complete list see the CHANGES.txt file. +- cups-1.3.9-CVE-2009-3553.patch has become + obsolete because it is fixed in the source. + ------------------------------------------------------------------- Wed Jan 27 14:43:37 CET 2010 - jsmeix@suse.de diff --git a/cups.spec b/cups.spec index 11ffe40..3e31ab0 100644 --- a/cups.spec +++ b/cups.spec @@ -29,7 +29,7 @@ Url: http://www.cups.org/ License: GPLv2+ Group: Hardware/Printing Summary: The Common UNIX Printing System -Version: 1.4.2 +Version: 1.4.3 Release: 1 # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) @@ -51,8 +51,8 @@ Suggests: poppler-tools Conflicts: plp lprold lprng Obsoletes: cups-SUSE-ppds-dat # Source0...Source9 is for sources from upstream: -# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.2/cups-1.4.2-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php is d95e2d588e3d36e563027a963b117b1b +# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2 +# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab Source0: cups-%{version}-source.tar.bz2 # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: @@ -60,7 +60,6 @@ Source0: cups-%{version}-source.tar.bz2 # Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: Patch10: cups-1.2rc1-template.patch # Source100...Source999 is for private sources from Novell/openSUSE which are not intended for upstream: -Source100: cups-krb5-config Source101: cups.init Source102: postscript.ppd.bz2 Source103: cups.sysconfig @@ -200,8 +199,6 @@ http://www.cups.org %patch103 # Patch104 adds the 'allowallforanybody' policy to cupsd.conf: %patch104 -# Install our special krb5-config (Source100: cups-krb5-config): -install -m755 %{SOURCE100} krb5-config %build %{?suse_update_config:%{suse_update_config -f . }} @@ -211,7 +208,7 @@ autoconf export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fno-strict-aliasing -fstack-protector" export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fstack-protector -DLDAP_DEPRECATED" export CXX=g++ -KRB5CONFIG=${PWD}/krb5-config ./configure \ +./configure \ --mandir=%{_mandir} \ --sysconfdir=%{_sysconfdir} \ --libdir=%{_libdir} \ @@ -244,28 +241,32 @@ install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.cups perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT/etc/init.d/cups ln -sf ../../etc/init.d/cups $RPM_BUILD_ROOT/usr/sbin/rccups -# use Ghostscript fonts instead of CUPS fonts: +# Use Ghostscript fonts instead of CUPS fonts: rm -r $RPM_BUILD_ROOT/usr/share/cups/fonts mkdir -p $RPM_BUILD_ROOT/usr/share/ghostscript/fonts ln -sf /usr/share/ghostscript/fonts $RPM_BUILD_ROOT/usr/share/cups/ -# make directory for ssl files: +# Make directory for ssl files: mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cups/ssl -# add old client.conf as reference (Source108: cups-client.conf): +# Add a client.conf as template (Source108: cups-client.conf): install -m644 %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/cups/client.conf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d install -m 644 -D packaging/cups-dbus.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/cups.conf # Source104: cups.xinetd install -m 644 -D %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd +# Make the libraries accessible also via generic named links: ln -sf libcupsimage.so.2 $RPM_BUILD_ROOT%{_libdir}/libcupsimage.so ln -sf libcups.so.2 $RPM_BUILD_ROOT%{_libdir}/libcups.so +# Add missing usual directories: install -d -m755 $RPM_BUILD_ROOT/usr/share/cups/drivers install -d -m755 $RPM_BUILD_ROOT/var/cache/cups install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name} install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/images +# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff): install -m 644 -D conf/pam.suse $RPM_BUILD_ROOT/etc/pam.d/cups -for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt; do - install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ +# Add missing usual documentation: +for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt +do install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ done # Source102: postscript.ppd.bz2 bzip2 -cd < %{SOURCE102} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript.ppd @@ -274,7 +275,7 @@ bzip2 -cd < %{SOURCE105} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-leve # Source106: PSLEVEL2.PPD.bz2 bzip2 -cd < %{SOURCE106} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-level2.ppd find %{buildroot}/usr/share/cups/model -name "*.ppd" | while read FILE -do # change default paper size from Letter to A4 if possible +do # Change default paper size from Letter to A4 if possible # https://bugzilla.novell.com/show_bug.cgi?id=suse30662 # and delete trailing whitespace: perl -pi -e 's:^(\*Default.*)Letter\s*$:$1A4\n:; \ @@ -283,19 +284,19 @@ do # change default paper size from Letter to A4 if possible s:\s\n:\n:' "$FILE" gzip -9 "$FILE" done -# add files for menu: +# Add files for desktop menu: rm -f $RPM_BUILD_ROOT/usr/share/applications/cups.desktop %suse_update_desktop_file -i -r %name PrintingUtility 2>/dev/null mkdir $RPM_BUILD_ROOT/usr/share/pixmaps install -m 644 $RPM_BUILD_ROOT/usr/share/icons/hicolor/64x64/apps/cups.png $RPM_BUILD_ROOT/usr/share/pixmaps rm -rf $RPM_BUILD_ROOT/usr/share/icons -# remove unpackaged files: +# Remove unpackaged files: rm -rf $RPM_BUILD_ROOT/%{_mandir}/es/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/fr/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/cat? -# remove unknown locale directory: +# Remove unknown locale directory: rm -rf $RPM_BUILD_ROOT/usr/share/locale/no -# run fdupes: +# Run fdupes: %fdupes $RPM_BUILD_ROOT %clean @@ -303,21 +304,50 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %pre /usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || : - -%post libs -p /sbin/ldconfig +# exit successfully in any case: +exit 0 %post %{fillup_and_insserv -ny cups cups} +# exit successfully in any case: +exit 0 %preun %stop_on_removal cups +# exit successfully in any case: +exit 0 %postun %restart_on_update cups %{insserv_cleanup} +# exit successfully in any case: +exit 0 -%postun libs -p /sbin/ldconfig +%post libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 +%postun libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 + +# The files sections list all mandatory files explicitely one by one. +# In particular all executables are listed explicitely. +# This avoids that CUPS' configure magic might silently +# not build and install an executable when whatever condition +# for configure's automated tests is not fulfilled in the build system. +# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 +# (In CUPS 1.3.10 a configure magic did silently skip to build +# the pdftops filter when there was no /usr/bin/pdftops +# installed in the build system regardless of an explicite +# configure setting ' --with-pdftops=/usr/bin/pdftops', +# see also http://www.cups.org/str.php?L3278). +# When all mandatory files are explicitely listed. +# the build fails intentionally if a mandatory file was not built +# which ensures that already existing correctly built binary RPMs +# are not overwritten by broken RPMs where mandatory files are missing. %files %defattr(-,root,root) %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf @@ -382,6 +412,7 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no /usr/lib/cups/monitor/bcp /usr/lib/cups/monitor/tbcp %dir /usr/lib/cups/notifier +/usr/lib/cups/notifier/dbus /usr/lib/cups/notifier/mailto /usr/lib/cups/notifier/rss %dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers @@ -413,13 +444,21 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %{_datadir}/cups/ %exclude %{_datadir}/cups/ppdc/ +# Set explicite owner, group, and permissions for lppasswd +# to enforce to have the upstream owner, group, and permissions in the RPM +# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755 +# according to /etc/permissions.secure in the build system, +# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12 +# and subsequent comments up to comment #17 therein. +# Even if /etc/permissions.secure in the openSUSE:Factory build system might be +# already fixed, it must also work for build systems for released products. %files client %defattr(-,root,root) %{_bindir}/cancel %{_bindir}/cupstestdsc %{_bindir}/lp %{_bindir}/lpoptions -%attr(2755,lp,lp) %{_bindir}/lppasswd +%attr(0555,root,root) %{_bindir}/lppasswd %{_bindir}/lpq %{_bindir}/lpr %{_bindir}/lprm @@ -497,3 +536,4 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %doc %{_mandir}/man1/cups-config.1.gz %changelog + From e19a34c6f47a5b8d8049be7a64372a0e5a24e0abfb20280d0a94ab8cf53cf791 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 31 Mar 2010 17:57:30 +0000 Subject: [PATCH 2/3] Accepting request 36238 from Printing checked in (request 36238) OBS-URL: https://build.opensuse.org/request/show/36238 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=187 --- cups-1.4.2-source.tar.bz2 | 3 ++ cups-1.4.3-source.tar.bz2 | 3 -- cups.changes | 18 --------- cups.spec | 82 ++++++++++----------------------------- 4 files changed, 24 insertions(+), 82 deletions(-) create mode 100644 cups-1.4.2-source.tar.bz2 delete mode 100644 cups-1.4.3-source.tar.bz2 diff --git a/cups-1.4.2-source.tar.bz2 b/cups-1.4.2-source.tar.bz2 new file mode 100644 index 0000000..80ccfd1 --- /dev/null +++ b/cups-1.4.2-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:646bc0dbac064d05c0a93735fb556299eda0ae32ce4568506654cb952c719314 +size 4450466 diff --git a/cups-1.4.3-source.tar.bz2 b/cups-1.4.3-source.tar.bz2 deleted file mode 100644 index d2fba97..0000000 --- a/cups-1.4.3-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47a559b1c50192b94479ae7dab132ea0008727045d4993501cf0a6df0c64db97 -size 4461101 diff --git a/cups.changes b/cups.changes index c0523cc..1a1c58c 100644 --- a/cups.changes +++ b/cups.changes @@ -1,21 +1,3 @@ -------------------------------------------------------------------- -Wed Mar 31 12:52:02 CEST 2010 - jsmeix@suse.de - -- Upgraded to CUPS 1.4.3: - * The scheduler could try responding on a closed client - connection, leading to a crash - (CVE-2009-3553, STR #3200, and bnc#554861). - * The lppasswd program allowed the localization files - to be overridden when running in setuid mode - (CVE-2010-0393, STR #3482, and bnc#574336). - * The scheduler would crash when an active printer was deleted. - * The DBUS notifier did not build (STR #3447). - * The scheduler did not reset the SIGPIPE handler - of child processes (STR #3399). - * For a complete list see the CHANGES.txt file. -- cups-1.3.9-CVE-2009-3553.patch has become - obsolete because it is fixed in the source. - ------------------------------------------------------------------- Wed Jan 27 14:43:37 CET 2010 - jsmeix@suse.de diff --git a/cups.spec b/cups.spec index 3e31ab0..11ffe40 100644 --- a/cups.spec +++ b/cups.spec @@ -29,7 +29,7 @@ Url: http://www.cups.org/ License: GPLv2+ Group: Hardware/Printing Summary: The Common UNIX Printing System -Version: 1.4.3 +Version: 1.4.2 Release: 1 # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) @@ -51,8 +51,8 @@ Suggests: poppler-tools Conflicts: plp lprold lprng Obsoletes: cups-SUSE-ppds-dat # Source0...Source9 is for sources from upstream: -# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab +# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.2/cups-1.4.2-source.tar.bz2 +# MD5 sum for Source0 on http://www.cups.org/software.php is d95e2d588e3d36e563027a963b117b1b Source0: cups-%{version}-source.tar.bz2 # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: @@ -60,6 +60,7 @@ Source0: cups-%{version}-source.tar.bz2 # Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: Patch10: cups-1.2rc1-template.patch # Source100...Source999 is for private sources from Novell/openSUSE which are not intended for upstream: +Source100: cups-krb5-config Source101: cups.init Source102: postscript.ppd.bz2 Source103: cups.sysconfig @@ -199,6 +200,8 @@ http://www.cups.org %patch103 # Patch104 adds the 'allowallforanybody' policy to cupsd.conf: %patch104 +# Install our special krb5-config (Source100: cups-krb5-config): +install -m755 %{SOURCE100} krb5-config %build %{?suse_update_config:%{suse_update_config -f . }} @@ -208,7 +211,7 @@ autoconf export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fno-strict-aliasing -fstack-protector" export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fstack-protector -DLDAP_DEPRECATED" export CXX=g++ -./configure \ +KRB5CONFIG=${PWD}/krb5-config ./configure \ --mandir=%{_mandir} \ --sysconfdir=%{_sysconfdir} \ --libdir=%{_libdir} \ @@ -241,32 +244,28 @@ install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.cups perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT/etc/init.d/cups ln -sf ../../etc/init.d/cups $RPM_BUILD_ROOT/usr/sbin/rccups -# Use Ghostscript fonts instead of CUPS fonts: +# use Ghostscript fonts instead of CUPS fonts: rm -r $RPM_BUILD_ROOT/usr/share/cups/fonts mkdir -p $RPM_BUILD_ROOT/usr/share/ghostscript/fonts ln -sf /usr/share/ghostscript/fonts $RPM_BUILD_ROOT/usr/share/cups/ -# Make directory for ssl files: +# make directory for ssl files: mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cups/ssl -# Add a client.conf as template (Source108: cups-client.conf): +# add old client.conf as reference (Source108: cups-client.conf): install -m644 %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/cups/client.conf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d install -m 644 -D packaging/cups-dbus.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/cups.conf # Source104: cups.xinetd install -m 644 -D %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd -# Make the libraries accessible also via generic named links: ln -sf libcupsimage.so.2 $RPM_BUILD_ROOT%{_libdir}/libcupsimage.so ln -sf libcups.so.2 $RPM_BUILD_ROOT%{_libdir}/libcups.so -# Add missing usual directories: install -d -m755 $RPM_BUILD_ROOT/usr/share/cups/drivers install -d -m755 $RPM_BUILD_ROOT/var/cache/cups install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name} install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/images -# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff): install -m 644 -D conf/pam.suse $RPM_BUILD_ROOT/etc/pam.d/cups -# Add missing usual documentation: -for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt -do install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ +for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt; do + install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ done # Source102: postscript.ppd.bz2 bzip2 -cd < %{SOURCE102} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript.ppd @@ -275,7 +274,7 @@ bzip2 -cd < %{SOURCE105} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-leve # Source106: PSLEVEL2.PPD.bz2 bzip2 -cd < %{SOURCE106} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-level2.ppd find %{buildroot}/usr/share/cups/model -name "*.ppd" | while read FILE -do # Change default paper size from Letter to A4 if possible +do # change default paper size from Letter to A4 if possible # https://bugzilla.novell.com/show_bug.cgi?id=suse30662 # and delete trailing whitespace: perl -pi -e 's:^(\*Default.*)Letter\s*$:$1A4\n:; \ @@ -284,19 +283,19 @@ do # Change default paper size from Letter to A4 if possible s:\s\n:\n:' "$FILE" gzip -9 "$FILE" done -# Add files for desktop menu: +# add files for menu: rm -f $RPM_BUILD_ROOT/usr/share/applications/cups.desktop %suse_update_desktop_file -i -r %name PrintingUtility 2>/dev/null mkdir $RPM_BUILD_ROOT/usr/share/pixmaps install -m 644 $RPM_BUILD_ROOT/usr/share/icons/hicolor/64x64/apps/cups.png $RPM_BUILD_ROOT/usr/share/pixmaps rm -rf $RPM_BUILD_ROOT/usr/share/icons -# Remove unpackaged files: +# remove unpackaged files: rm -rf $RPM_BUILD_ROOT/%{_mandir}/es/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/fr/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/cat? -# Remove unknown locale directory: +# remove unknown locale directory: rm -rf $RPM_BUILD_ROOT/usr/share/locale/no -# Run fdupes: +# run fdupes: %fdupes $RPM_BUILD_ROOT %clean @@ -304,50 +303,21 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %pre /usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || : -# exit successfully in any case: -exit 0 + +%post libs -p /sbin/ldconfig %post %{fillup_and_insserv -ny cups cups} -# exit successfully in any case: -exit 0 %preun %stop_on_removal cups -# exit successfully in any case: -exit 0 %postun %restart_on_update cups %{insserv_cleanup} -# exit successfully in any case: -exit 0 -%post libs -/sbin/ldconfig -# exit successfully in any case: -exit 0 +%postun libs -p /sbin/ldconfig -%postun libs -/sbin/ldconfig -# exit successfully in any case: -exit 0 - -# The files sections list all mandatory files explicitely one by one. -# In particular all executables are listed explicitely. -# This avoids that CUPS' configure magic might silently -# not build and install an executable when whatever condition -# for configure's automated tests is not fulfilled in the build system. -# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 -# (In CUPS 1.3.10 a configure magic did silently skip to build -# the pdftops filter when there was no /usr/bin/pdftops -# installed in the build system regardless of an explicite -# configure setting ' --with-pdftops=/usr/bin/pdftops', -# see also http://www.cups.org/str.php?L3278). -# When all mandatory files are explicitely listed. -# the build fails intentionally if a mandatory file was not built -# which ensures that already existing correctly built binary RPMs -# are not overwritten by broken RPMs where mandatory files are missing. %files %defattr(-,root,root) %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf @@ -412,7 +382,6 @@ exit 0 /usr/lib/cups/monitor/bcp /usr/lib/cups/monitor/tbcp %dir /usr/lib/cups/notifier -/usr/lib/cups/notifier/dbus /usr/lib/cups/notifier/mailto /usr/lib/cups/notifier/rss %dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers @@ -444,21 +413,13 @@ exit 0 %{_datadir}/cups/ %exclude %{_datadir}/cups/ppdc/ -# Set explicite owner, group, and permissions for lppasswd -# to enforce to have the upstream owner, group, and permissions in the RPM -# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755 -# according to /etc/permissions.secure in the build system, -# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12 -# and subsequent comments up to comment #17 therein. -# Even if /etc/permissions.secure in the openSUSE:Factory build system might be -# already fixed, it must also work for build systems for released products. %files client %defattr(-,root,root) %{_bindir}/cancel %{_bindir}/cupstestdsc %{_bindir}/lp %{_bindir}/lpoptions -%attr(0555,root,root) %{_bindir}/lppasswd +%attr(2755,lp,lp) %{_bindir}/lppasswd %{_bindir}/lpq %{_bindir}/lpr %{_bindir}/lprm @@ -536,4 +497,3 @@ exit 0 %doc %{_mandir}/man1/cups-config.1.gz %changelog - From b6916d428c7dd333bb35fd5680af2c3f62316914fe1451cd306d131b2fddea80 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 31 Mar 2010 17:57:49 +0000 Subject: [PATCH 3/3] Updating link to change in openSUSE:Factory/cups revision 71.0 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=c2097cdfc3e2ec1fa0d0d838f2d94fc1 --- cups-1.4.2-source.tar.bz2 | 3 -- cups-1.4.3-source.tar.bz2 | 3 ++ cups.changes | 18 +++++++++ cups.spec | 85 +++++++++++++++++++++++++++++---------- 4 files changed, 84 insertions(+), 25 deletions(-) delete mode 100644 cups-1.4.2-source.tar.bz2 create mode 100644 cups-1.4.3-source.tar.bz2 diff --git a/cups-1.4.2-source.tar.bz2 b/cups-1.4.2-source.tar.bz2 deleted file mode 100644 index 80ccfd1..0000000 --- a/cups-1.4.2-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:646bc0dbac064d05c0a93735fb556299eda0ae32ce4568506654cb952c719314 -size 4450466 diff --git a/cups-1.4.3-source.tar.bz2 b/cups-1.4.3-source.tar.bz2 new file mode 100644 index 0000000..d2fba97 --- /dev/null +++ b/cups-1.4.3-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:47a559b1c50192b94479ae7dab132ea0008727045d4993501cf0a6df0c64db97 +size 4461101 diff --git a/cups.changes b/cups.changes index 1a1c58c..c0523cc 100644 --- a/cups.changes +++ b/cups.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Mar 31 12:52:02 CEST 2010 - jsmeix@suse.de + +- Upgraded to CUPS 1.4.3: + * The scheduler could try responding on a closed client + connection, leading to a crash + (CVE-2009-3553, STR #3200, and bnc#554861). + * The lppasswd program allowed the localization files + to be overridden when running in setuid mode + (CVE-2010-0393, STR #3482, and bnc#574336). + * The scheduler would crash when an active printer was deleted. + * The DBUS notifier did not build (STR #3447). + * The scheduler did not reset the SIGPIPE handler + of child processes (STR #3399). + * For a complete list see the CHANGES.txt file. +- cups-1.3.9-CVE-2009-3553.patch has become + obsolete because it is fixed in the source. + ------------------------------------------------------------------- Wed Jan 27 14:43:37 CET 2010 - jsmeix@suse.de diff --git a/cups.spec b/cups.spec index 11ffe40..8afb046 100644 --- a/cups.spec +++ b/cups.spec @@ -1,5 +1,5 @@ # -# spec file for package cups (Version 1.4.2) +# spec file for package cups (Version 1.4.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,7 +29,7 @@ Url: http://www.cups.org/ License: GPLv2+ Group: Hardware/Printing Summary: The Common UNIX Printing System -Version: 1.4.2 +Version: 1.4.3 Release: 1 # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) @@ -51,8 +51,8 @@ Suggests: poppler-tools Conflicts: plp lprold lprng Obsoletes: cups-SUSE-ppds-dat # Source0...Source9 is for sources from upstream: -# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.2/cups-1.4.2-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php is d95e2d588e3d36e563027a963b117b1b +# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2 +# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab Source0: cups-%{version}-source.tar.bz2 # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: @@ -60,7 +60,6 @@ Source0: cups-%{version}-source.tar.bz2 # Patch10 adds 'smb://...' URIs to templates/choose-uri.tmpl: Patch10: cups-1.2rc1-template.patch # Source100...Source999 is for private sources from Novell/openSUSE which are not intended for upstream: -Source100: cups-krb5-config Source101: cups.init Source102: postscript.ppd.bz2 Source103: cups.sysconfig @@ -200,8 +199,6 @@ http://www.cups.org %patch103 # Patch104 adds the 'allowallforanybody' policy to cupsd.conf: %patch104 -# Install our special krb5-config (Source100: cups-krb5-config): -install -m755 %{SOURCE100} krb5-config %build %{?suse_update_config:%{suse_update_config -f . }} @@ -211,7 +208,7 @@ autoconf export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -O2 -fno-strict-aliasing -fstack-protector" export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fstack-protector -DLDAP_DEPRECATED" export CXX=g++ -KRB5CONFIG=${PWD}/krb5-config ./configure \ +./configure \ --mandir=%{_mandir} \ --sysconfdir=%{_sysconfdir} \ --libdir=%{_libdir} \ @@ -244,28 +241,32 @@ install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.cups perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT/etc/init.d/cups ln -sf ../../etc/init.d/cups $RPM_BUILD_ROOT/usr/sbin/rccups -# use Ghostscript fonts instead of CUPS fonts: +# Use Ghostscript fonts instead of CUPS fonts: rm -r $RPM_BUILD_ROOT/usr/share/cups/fonts mkdir -p $RPM_BUILD_ROOT/usr/share/ghostscript/fonts ln -sf /usr/share/ghostscript/fonts $RPM_BUILD_ROOT/usr/share/cups/ -# make directory for ssl files: +# Make directory for ssl files: mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cups/ssl -# add old client.conf as reference (Source108: cups-client.conf): +# Add a client.conf as template (Source108: cups-client.conf): install -m644 %{SOURCE108} $RPM_BUILD_ROOT%{_sysconfdir}/cups/client.conf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d install -m 644 -D packaging/cups-dbus.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/cups.conf # Source104: cups.xinetd install -m 644 -D %{SOURCE104} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd perl -pi -e "s:\@LIB\@:%{_libdir}:g" $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/cups-lpd +# Make the libraries accessible also via generic named links: ln -sf libcupsimage.so.2 $RPM_BUILD_ROOT%{_libdir}/libcupsimage.so ln -sf libcups.so.2 $RPM_BUILD_ROOT%{_libdir}/libcups.so +# Add missing usual directories: install -d -m755 $RPM_BUILD_ROOT/usr/share/cups/drivers install -d -m755 $RPM_BUILD_ROOT/var/cache/cups install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name} install -d -m755 $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/images +# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff): install -m 644 -D conf/pam.suse $RPM_BUILD_ROOT/etc/pam.d/cups -for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt; do - install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ +# Add missing usual documentation: +for f in CHANGES*.txt CREDITS.txt INSTALL.txt LICENSE.txt README.txt +do install -m 644 "$f" $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/ done # Source102: postscript.ppd.bz2 bzip2 -cd < %{SOURCE102} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript.ppd @@ -274,7 +275,7 @@ bzip2 -cd < %{SOURCE105} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-leve # Source106: PSLEVEL2.PPD.bz2 bzip2 -cd < %{SOURCE106} > $RPM_BUILD_ROOT%{_datadir}/cups/model/Postscript-level2.ppd find %{buildroot}/usr/share/cups/model -name "*.ppd" | while read FILE -do # change default paper size from Letter to A4 if possible +do # Change default paper size from Letter to A4 if possible # https://bugzilla.novell.com/show_bug.cgi?id=suse30662 # and delete trailing whitespace: perl -pi -e 's:^(\*Default.*)Letter\s*$:$1A4\n:; \ @@ -283,19 +284,19 @@ do # change default paper size from Letter to A4 if possible s:\s\n:\n:' "$FILE" gzip -9 "$FILE" done -# add files for menu: +# Add files for desktop menu: rm -f $RPM_BUILD_ROOT/usr/share/applications/cups.desktop %suse_update_desktop_file -i -r %name PrintingUtility 2>/dev/null mkdir $RPM_BUILD_ROOT/usr/share/pixmaps install -m 644 $RPM_BUILD_ROOT/usr/share/icons/hicolor/64x64/apps/cups.png $RPM_BUILD_ROOT/usr/share/pixmaps rm -rf $RPM_BUILD_ROOT/usr/share/icons -# remove unpackaged files: +# Remove unpackaged files: rm -rf $RPM_BUILD_ROOT/%{_mandir}/es/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/fr/cat? rm -rf $RPM_BUILD_ROOT/%{_mandir}/cat? -# remove unknown locale directory: +# Remove unknown locale directory: rm -rf $RPM_BUILD_ROOT/usr/share/locale/no -# run fdupes: +# Run fdupes: %fdupes $RPM_BUILD_ROOT %clean @@ -303,20 +304,50 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %pre /usr/sbin/groupadd -g 71 -o -r ntadmin 2>/dev/null || : - -%post libs -p /sbin/ldconfig +# exit successfully in any case: +exit 0 %post %{fillup_and_insserv -ny cups cups} +# exit successfully in any case: +exit 0 %preun %stop_on_removal cups +# exit successfully in any case: +exit 0 %postun %restart_on_update cups %{insserv_cleanup} +# exit successfully in any case: +exit 0 -%postun libs -p /sbin/ldconfig +%post libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 + +%postun libs +/sbin/ldconfig +# exit successfully in any case: +exit 0 + +# The files sections list all mandatory files explicitely one by one. +# In particular all executables are listed explicitely. +# This avoids that CUPS' configure magic might silently +# not build and install an executable when whatever condition +# for configure's automated tests is not fulfilled in the build system. +# See https://bugzilla.novell.com/show_bug.cgi?id=526847#c9 +# (In CUPS 1.3.10 a configure magic did silently skip to build +# the pdftops filter when there was no /usr/bin/pdftops +# installed in the build system regardless of an explicite +# configure setting ' --with-pdftops=/usr/bin/pdftops', +# see also http://www.cups.org/str.php?L3278). +# When all mandatory files are explicitely listed. +# the build fails intentionally if a mandatory file was not built +# which ensures that already existing correctly built binary RPMs +# are not overwritten by broken RPMs where mandatory files are missing. %files %defattr(-,root,root) @@ -382,6 +413,7 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no /usr/lib/cups/monitor/bcp /usr/lib/cups/monitor/tbcp %dir /usr/lib/cups/notifier +/usr/lib/cups/notifier/dbus /usr/lib/cups/notifier/mailto /usr/lib/cups/notifier/rss %dir %attr(0775,root,ntadmin) %{_datadir}/cups/drivers @@ -413,13 +445,22 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no %{_datadir}/cups/ %exclude %{_datadir}/cups/ppdc/ +# Set explicite owner, group, and permissions for lppasswd +# to enforce to have the upstream owner, group, and permissions in the RPM +# because otherwise our build magic /usr/sbin/Check sets them to lp:lp 2755 +# according to /etc/permissions.secure in the build system, +# see https://bugzilla.novell.com/show_bug.cgi?id=574336#c12 +# and subsequent comments up to comment #17 therein. +# Even if /etc/permissions.secure in the openSUSE:Factory build system might be +# already fixed, it must also work for build systems for released products. + %files client %defattr(-,root,root) %{_bindir}/cancel %{_bindir}/cupstestdsc %{_bindir}/lp %{_bindir}/lpoptions -%attr(2755,lp,lp) %{_bindir}/lppasswd +%attr(0555,root,root) %{_bindir}/lppasswd %{_bindir}/lpq %{_bindir}/lpr %{_bindir}/lprm