diff --git a/cups-1.4.3-source.tar.bz2 b/cups-1.4.3-source.tar.bz2 deleted file mode 100644 index d2fba97..0000000 --- a/cups-1.4.3-source.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:47a559b1c50192b94479ae7dab132ea0008727045d4993501cf0a6df0c64db97 -size 4461101 diff --git a/cups-1.4.4-source.tar.bz2 b/cups-1.4.4-source.tar.bz2 new file mode 100644 index 0000000..6b4be43 --- /dev/null +++ b/cups-1.4.4-source.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d25ffa35add3abeeec0eba60be2cffc89425b649c64ef3a73dfc724683a59aa3 +size 4472741 diff --git a/cups.changes b/cups.changes index 0a36f8b..396903e 100644 --- a/cups.changes +++ b/cups.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Fri Jun 18 09:11:02 CEST 2010 - jsmeix@suse.de + +- Upgraded to CUPS 1.4.4 + CUPS 1.4.4 fixes several security, scheduler, printing, + and conformance issues, in particular: + * The web interface now includes additional CSRF protection + (CVE-2010-0540, STR #3498, STR #3593, and + Novell/Suse Bugzilla bnc#601830) + * The texttops filter did not check the results of allocations + (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352) + * The web admin interface could disclose the contents of memory + (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271) + * The fix for CVE-2009-3553 (STR #3200) was incomplete + for systems that use kqueue or epoll (STR #3490) + * CUPS could overwrite files as root in directories owned or + writable by non-root users (STR #3510) + * The OpenSSL interfaces have been made thread-safe and + the GNU TLS interface is explicitly forbidden + when threading is enabled (STR #3461) + * The scheduler could crash on restart if classes + were defined (STR #3524) + * The socket backend no longer waits for back-channel data + on platforms other than Mac OS X (STR #3495) + * For a complete list see the CHANGES.txt file. + ------------------------------------------------------------------- Mon Jun 14 14:47:29 CEST 2010 - vuntz@opensuse.org diff --git a/cups.spec b/cups.spec index c9ff91c..9658d6f 100644 --- a/cups.spec +++ b/cups.spec @@ -1,5 +1,5 @@ # -# spec file for package cups (Version 1.4.3) +# spec file for package cups (Version 1.4.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,8 +29,8 @@ Url: http://www.cups.org/ License: GPLv2+ ; LGPLv2.1+ Group: Hardware/Printing Summary: The Common UNIX Printing System -Version: 1.4.3 -Release: 6 +Version: 1.4.4 +Release: 1 # Require the exact matching version-release of the cups-libs sub-package because # non-matching CUPS libraries may let CUPS software crash (e.g. segfault) # because all CUPS software is built from the one same CUPS source tar ball @@ -52,8 +52,8 @@ Conflicts: plp lprold lprng Obsoletes: cups-SUSE-ppds-dat Provides: cups-SUSE-ppds-dat # Source0...Source9 is for sources from upstream: -# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2 -# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab +# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.4/cups-1.4.4-source.tar.bz2 +# MD5 sum for Source0 on http://www.cups.org/software.php 8776403ad60fea9e85eab9c04d88560d Source0: cups-%{version}-source.tar.bz2 # Patch0...Patch9 is for patches from upstream: # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: