Accepting request 41683 from home:jsmeix:branches:Printing

Copy from home:jsmeix:branches:Printing/cups via accept of submit request 41683 revision 2. Request was accepted with message: Bugfix version upgrade to CUPS 1.4.4 which fixes in particular bnc#601830, bnc#601352, bnc#604271 OBS-URL: https://build.opensuse.org/request/show/41683 OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=200
2010-06-18 08:05:06 +00:00 · 2010-06-18 08:05:06 +00:00 · f2db012a5a
commit f2db012a5a
parent 0a33202b6c
4 changed files with 32 additions and 6 deletions
--- a/cups-1.4.3-source.tar.bz2
+++ b/cups-1.4.3-source.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:47a559b1c50192b94479ae7dab132ea0008727045d4993501cf0a6df0c64db97
-size 4461101
--- a/cups-1.4.4-source.tar.bz2
+++ b/cups-1.4.4-source.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d25ffa35add3abeeec0eba60be2cffc89425b649c64ef3a73dfc724683a59aa3
+size 4472741
--- a/cups.changes
+++ b/cups.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri Jun 18 09:11:02 CEST 2010 - jsmeix@suse.de
+
+- Upgraded to CUPS 1.4.4
+  CUPS 1.4.4 fixes several security, scheduler, printing,
+  and conformance issues, in particular:
+  * The web interface now includes additional CSRF protection
+    (CVE-2010-0540, STR #3498, STR #3593, and
+     Novell/Suse Bugzilla bnc#601830)
+  * The texttops filter did not check the results of allocations
+    (CVE-2010-0542, STR #3516, Novell/Suse Bugzilla bnc#601352)
+  * The web admin interface could disclose the contents of memory
+    (CVE-2010-1748, STR #3577, Novell/Suse Bugzilla bnc#604271)
+  * The fix for CVE-2009-3553 (STR #3200) was incomplete
+    for systems that use kqueue or epoll (STR #3490)
+  * CUPS could overwrite files as root in directories owned or
+    writable by non-root users (STR #3510)
+  * The OpenSSL interfaces have been made thread-safe and
+    the GNU TLS interface is explicitly forbidden
+    when threading is enabled (STR #3461)
+  * The scheduler could crash on restart if classes
+    were defined (STR #3524)
+  * The socket backend no longer waits for back-channel data
+    on platforms other than Mac OS X (STR #3495)
+  * For a complete list see the CHANGES.txt file.
+
 -------------------------------------------------------------------
 Mon Jun 14 14:47:29 CEST 2010 - vuntz@opensuse.org

--- a/cups.spec
+++ b/cups.spec
@ -29,7 +29,7 @@ Url:            http://www.cups.org/
 License:        GPLv2+ ; LGPLv2.1+
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
-Version:        1.4.3
+Version:        1.4.4
 Release:        6
 # Require the exact matching version-release of the cups-libs sub-package because
 # non-matching CUPS libraries may let CUPS software crash (e.g. segfault)
@ -52,8 +52,8 @@ Conflicts:      plp lprold lprng
 Obsoletes:      cups-SUSE-ppds-dat
 Provides:       cups-SUSE-ppds-dat
 # Source0...Source9 is for sources from upstream:
-# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.3/cups-1.4.3-source.tar.bz2
-# MD5 sum for Source0 on http://www.cups.org/software.php is e70b1c3f60143d7310c1d74c111a21ab
+# URL for Source0: http://ftp.easysw.com/pub/cups/1.4.4/cups-1.4.4-source.tar.bz2
+# MD5 sum for Source0 on http://www.cups.org/software.php 8776403ad60fea9e85eab9c04d88560d
 Source0:        cups-%{version}-source.tar.bz2
 # Patch0...Patch9 is for patches from upstream:
 # Source10...Source99 is for sources from Novell/openSUSE which are intended for upstream: