Accepting request 592040 from home:jsmeix:branches:Printing
CUPS version upgrade to 2.3b4 (fourth beta of the CUPS 2.3 series) that fixes in particular bsc#1061066 and bsc#1087018 CVE-2017-18248 (see also bsc#1087072) OBS-URL: https://build.opensuse.org/request/show/592040 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=348
This commit is contained in:
Git OBS Bridge
55
cups.changes
55
cups.changes
@@ -1,3 +1,58 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 28 13:58:32 CEST 2018 - jsmeix@suse.de
|
||||
|
||||
- Version upgrade to 2.3b4:
|
||||
This is the fourth beta of the CUPS 2.3 series.
|
||||
For details see https://github.com/apple/cups/releases
|
||||
or the CHANGES.md file.
|
||||
Changes include:
|
||||
* Additional security fixes for:
|
||||
bsc#1061066 DBUS library aborts caller process
|
||||
in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
|
||||
and
|
||||
bsc#1087018 CVE-2017-18248: cups: The add_job function in
|
||||
scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
|
||||
enabled, can be crashed by remote attackers by sending print
|
||||
jobs with an invalid username, related to a D-Bus notification
|
||||
which are the CUPS upstream issues
|
||||
https://github.com/apple/cups/issues/5143
|
||||
Remote DoS attack against cupsd via invalid username
|
||||
and malicious D-Bus library
|
||||
and
|
||||
https://github.com/apple/cups/issues/5186
|
||||
squash non-UTF-8 strings into ASCII on plain IPP level
|
||||
and
|
||||
https://github.com/apple/cups/issues/5229
|
||||
persistently substitute invalid job attributes
|
||||
with default values - not only in add_job
|
||||
see also
|
||||
bsc#1087072 dbus-1:
|
||||
Disable assertions to prevent un-expected DDoS attacks
|
||||
* NOTICE: Raw print queues are now deprecated (Issue #5269)
|
||||
so that now there is a warning message when you
|
||||
add or modify a queue to use the "raw driver" but
|
||||
raw printing will continue to work through CUPS 2.3.x, cf.
|
||||
https://lists.cups.org/pipermail/cups/2018-March/074060.html
|
||||
* Kerberized printing to another CUPS server did not work
|
||||
correctly (Issue #5233)
|
||||
* The scheduler now supports using temporary print queues
|
||||
for older IPP/1.1 print queues like those shared by CUPS 1.3
|
||||
and earlier (Issue #5241)
|
||||
* Systemd did not restart cupsd when configuration changes
|
||||
were made that required a restart (Issue #5263)
|
||||
* Fixed an Avahi crash bug in the scheduler (Issue #5268)
|
||||
* TLS connections now properly timeout (rdar://34938533)
|
||||
* Removed support for the `-D_PPD_DEPRECATED=""` developer
|
||||
cheat - the PPD API should no longer be used.
|
||||
* Removed support for `-D_IPP_PRIVATE_STRUCTURES=1` developer
|
||||
cheat - the IPP accessor functions should be used instead.
|
||||
* The symlink rastertodymo -> rastertolabel
|
||||
in /usr/lib/cups/filter is no longer provided.
|
||||
- Removed fix_filter_Makefile.patch
|
||||
because since CUPS 2.3b4 it is fixed in the upstream code via
|
||||
https://github.com/apple/cups/issues/5247 more precisely via
|
||||
https://github.com/apple/cups/commit/ab89234de2d9bf36bb59f2aa4873d98e95ca4df2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 8 14:21:22 CET 2018 - jsmeix@suse.de
|
||||
|
||||
|
||||
Reference in New Issue
Block a user