1 Commits

Author SHA256 Message Date
363eab9b01 Update branch slfo-main to current OBS Factory 2026-01-28 10:46:02 +01:00
7 changed files with 210 additions and 47 deletions

Binary file not shown.

Binary file not shown.

BIN
cups-2.4.16-source.tar.gz LFS Normal file

Binary file not shown.

Binary file not shown.

View File

@@ -1,3 +1,153 @@
-------------------------------------------------------------------
Wed Jan 21 08:38:41 UTC 2026 - Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.16:
See https://github.com/openprinting/cups/releases
The hotfix release 2.4.16 includes fix for infinite loop in GTK,
which was caused by change of internal behavior in libcups
on which GTK depended on, and workaround for stopping
the scheduler if configuration includes unknown directives.
Detailed list (from CHANGES.md):
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.15:
See https://github.com/openprinting/cups/releases
The release CUPS 2.4.15 brings two CVE fixes:
Fix various cupsd issues which cause local DoS
(CVE-2025-61915 bsc#1253783)
Fix unresponsive cupsd process caused by slow client
(CVE-2025-58436 bsc#1244057)
and several bug fixes described in CHANGES.md.
Detailed list (from CHANGES.md):
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16
- Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017"
which contained needless UTF-8 Unicode characters that are
now replaced by plain ASCII text in "... line - the ..."
to fix a rpmlint "non-break-space" warning.
- Adapted and enhanced 'tmpfiles.d' related things in cups.spec
to "Fix packages for Immutable Mode - cups"
(implementation task jsc#PED-14775 from epic jsc#PED-14688)
-------------------------------------------------------------------
Wed Sep 17 06:47:34 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.14:
See https://github.com/openprinting/cups/releases
The hotfix release brings fix for installation process
of localized templates and CUPS web UI home pages.
- Version upgrade to 2.4.13:
See https://github.com/openprinting/cups/releases
The release 2.4.13 brings two CVE fixes
fix for important CVE-2025-58060
"Authentication bypass with AuthType Negotiate" (bsc#1249049)
and fix for moderate CVE-2025-58364
"Remote DoS via null dereference" (bsc#1249128)
together with several bug fixes.
The release includes a new feature - new attribute
for printer and job objects - print-as-raster - which
allows enforce rasterization of the file for
IPP Everywhere/AirPrint printers, which supports PDF
and raster document formats. The feature is useful for
working around internal PDF issues in the printer firmware,
for example missing diacritic when printing a PDF.
Detailed list (from CHANGES.md):
* Blocked authentication using alternate methods
in cupsd (CVE-2025-58060)
* Fixed extension tag handling in 'ipp_read_io()'
in libcups (CVE-2025-58364)
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.14
-------------------------------------------------------------------
Thu Apr 10 13:37:02 UTC 2025 - Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.12:
See https://github.com/openprinting/cups/releases
The last planned release of CUPS 2.4.x series
(the next will be 2.5.x series) contains several enhancements
among set of bug fixes, such following cryptographic policies
when using GnuTLS crypto provider and possibility to opt-out
from this behavior, logging job debugging history if print
queue backends fails, or raising alerts for certificate issues
in IPPS backend.
Detailed list (from CHANGES.md):
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.12
-------------------------------------------------------------------
Wed Oct 16 14:58:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
@@ -1237,7 +1387,7 @@ Fri Oct 13 11:11:10 UTC 2017 - jengelh@inai.de
-------------------------------------------------------------------
Sat Sep 30 08:52:42 UTC 2017 - jengelh@inai.de
- Remove redundant Requires(pre) line — the use of %post -p
- Remove redundant Requires(pre) line - the use of %post -p
already implies it.
-------------------------------------------------------------------

View File

@@ -1,7 +1,7 @@
#
# spec file for package cups
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2026 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,18 +40,18 @@ Name: cups
# "zypper vcmp 2.3.b99 2.3.0" shows "2.3.b99 is older than 2.3.0" and
# "zypper vcmp 2.2.99 2.3b6" show "2.2.99 is older than 2.3b6" so that
# version upgrades from 2.2.x via 2.3.b* to 2.3.0 work:
Version: 2.4.11
Version: 2.4.16
Release: 0
Summary: The Common UNIX Printing System
License: Apache-2.0
Group: Hardware/Printing
URL: https://openprinting.github.io/cups
# To get Source0 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.4.11-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.11/cups-2.4.11-source.tar.gz
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.11/cups-2.4.11-source.tar.gz
# wget --no-check-certificate -O cups-2.4.16-source.tar.gz https://github.com/OpenPrinting/cups/releases/download/v2.4.16/cups-2.4.16-source.tar.gz
Source0: https://github.com/OpenPrinting/cups/releases/download/v2.4.16/cups-2.4.16-source.tar.gz
# To get Source1 go to https://github.com/OpenPrinting/cups/releases or use e.g.
# wget --no-check-certificate -O cups-2.4.11-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.11/cups-2.4.11-source.tar.gz.sig
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.11/cups-2.4.11-source.tar.gz.sig
# wget --no-check-certificate -O cups-2.4.16-source.tar.gz.sig https://github.com/OpenPrinting/cups/releases/download/v2.4.16/cups-2.4.16-source.tar.gz.sig
Source1: https://github.com/OpenPrinting/cups/releases/download/v2.4.16/cups-2.4.16-source.tar.gz.sig
# To make Source2 use e.g.
# gpg --keyserver keys.openpgp.org --recv-keys 7082A0A50A2E92640F3880E0E4522DCC9B246FF7
# gpg --export --armor 7082A0A50A2E92640F3880E0E4522DCC9B246FF7 >cups.keyring
@@ -61,7 +61,7 @@ Source2: cups.keyring
# To manually verify Source0 with Source1 and Source2 do e.g.
# gpg --import cups.keyring
# gpg --list-keys | grep -1 'Zdenek Dohnal'
# gpg --verify cups-2.4.11-source.tar.gz.sig cups-2.4.11-source.tar.gz
# gpg --verify cups-2.4.16-source.tar.gz.sig cups-2.4.16-source.tar.gz
Source102: Postscript.ppd.gz
Source105: Postscript-level1.ppd.gz
Source106: Postscript-level2.ppd.gz
@@ -408,7 +408,6 @@ ln -sf libcups.so.2 %{buildroot}%{_libdir}/libcups.so
test -d %{buildroot}%{_libdir}/pkgconfig || mv %{buildroot}/usr/lib/pkgconfig %{buildroot}%{_libdir}/pkgconfig
# Add missing usual directories:
install -d -m755 %{buildroot}%{_datadir}/cups/drivers
install -d -m755 %{buildroot}%{_localstatedir}/cache/cups
# Add conf/pam.suse regarding support for PAM (see Patch100: cups-pam.diff):
%if 0%{?suse_version} > 1500
install -d -m755 %{buildroot}%{_pam_vendordir}
@@ -446,21 +445,43 @@ ln -s service %{buildroot}%{_sbindir}/rccups
ln -s service %{buildroot}%{_sbindir}/rccups-lpd
%endif
# Install /usr/lib/tmpfiles.d/cups.conf
# According to
# https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/
# d /var/spool/cups/tmp - - - 30d
# results that each file older than 30 days on /var/spool/cups/tmp will be deleted where a file
# will be considered unused only if atime, mtime and ctime are all older than the specified time.
# We use group 'root' for /run/cups/certs (instead of 'sys')
# d /run/cups/certs 0511 lp root -
# because of https://bugzilla.opensuse.org/show_bug.cgi?id=1042916
mkdir -p %{buildroot}%{_tmpfilesdir}
cat > %{buildroot}%{_tmpfilesdir}/cups.conf <<EOF
# See tmpfiles.d(5) for details
# Type(d=directory) Path Mode UID GID Age(until delete when cleaning)
# When cupsd creates directories with specific owner group and permissions
# (usually owner is 'root' and group matches "configure --with-cups-group=lp")
# we must specify same owner group and permission settings here
# to ensure those directories are installed by RPM with the right settings
# because if those directories were installed by RPM with different settings then
# cupsd would use them as is and not adjust its specific owner group and permissions.
# How cupsd creates those directories:
# drwxr-xr-x root lp /run/cups
# dr-x--x--x lp root /run/cups/certs
# drwxr-xr-x root lp /var/log/cups
# drwxrwx--- root lp /var/cache/cups
# drwxrwxr-x root lp /var/cache/cups/rss
# drwx--x--- root lp /var/spool/cups
# drwxrwx--T root lp /var/spool/cups/tmp
# see https://bugzilla.suse.com/show_bug.cgi?id=1184161#c7
# We use group 'root' for /run/cups/certs (instead of 'sys')
# because of https://bugzilla.opensuse.org/show_bug.cgi?id=1042916
# The 'lp' user does not need write permissions in /var/log/cups
# regardless that filters and backends are usually run as user 'lp' because
# filters and backends write log messages to the inherited stderr file descriptor
# and do not append them directly to /var/log/cups/error_log (via fopen on their own).
# According to
# https://developers.redhat.com/blog/2016/09/20/managing-temporary-files-with-systemd-tmpfiles-on-rhel7/
# d /var/spool/cups/tmp ... 30d
# results that each file older than 30 days on /var/spool/cups/tmp will be deleted where a file
# will be considered unused only if atime, mtime and ctime are all older than the specified time.
d /run/cups 0755 root lp -
d /run/cups/certs 0511 lp root -
d %{_localstatedir}/spool/cups/tmp - - - 30d
d %{_localstatedir}/log/cups 0755 root lp -
d %{_localstatedir}/cache/cups 0770 root lp -
d %{_localstatedir}/cache/cups/rss 0775 root lp -
d %{_localstatedir}/spool/cups 0710 root lp -
d %{_localstatedir}/spool/cups/tmp 1770 root lp 30d
EOF
# Never run fdupes carelessly over the whole buildroot directory
# because in older openSUSE and SLE11 versions fdupes
@@ -591,23 +612,29 @@ exit 0
# In particular all executables are listed explicitly.
# This avoids that CUPS' configure magic might silently
# not build and install an executable when whatever condition
# for configure's automated tests is not fulfilled in the build system.
# See https://bugzilla.suse.com/show_bug.cgi?id=526847#c9
# for configure's automated tests is not fulfilled in the build system,
# see https://bugzilla.suse.com/show_bug.cgi?id=526847#c9
# Regarding specific owner group and permission settings for directories
# see https://bugzilla.suse.com/show_bug.cgi?id=1184161
# When cupsd creates directories with specific owner group and permissions
# (usually owner is 'root' and group matches "configure --with-cups-group=lp")
# we must specify same owner group and permission settings here
# to ensure those directories are installed by RPM with the right settings
# because if those directories were installed by RPM with different settings then
# cupsd would use them as is and not adjust its specific owner group and permissions.
# How cupsd creates those directories:
# drwxr-xr-x ... root lp ... /etc/cups/ppd
# to ensure those directories are installed by RPM with the right settings.
# When those directories were installed by RPM with different settings then
# cupsd would adapt them and report that in /var/log/cups/error_log
# with debug messages for example like
# D ... Creating missing directory "/var/spool/cups"
# D ... Repairing ownership of "/var/spool/cups"
# D ... Repairing access permissions of "/var/spool/cups"
# D ... Repairing ownership of "/etc/cups/ssl"
# D ... Repairing access permissions of "/etc/cups/ssl"
# How cupsd creates those directories see the tmpfiles.d part above and
# drwxr-xr-x root lp /etc/cups/ppd
# drwx------ root lp /etc/cups/ssl
# see https://bugzilla.suse.com/show_bug.cgi?id=1184161#c7
# The /etc/cups/ssl directory is not created by cupsd (but needed by it)
# and when needed (e.g. during the first run of "# lpstat -E -p")
# cupsd creates files in /etc/cups/ssl like localhost.crt and localhost.key
# so we specify secure owner group and permissions for /etc/cups/ssl
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cups-files.conf
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf
%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/snmp.conf
@@ -621,7 +648,7 @@ exit 0
%config %{_sysconfdir}/cups/cups-files.conf.default
%config %{_sysconfdir}/cups/snmp.conf.default
%dir %attr(755,root,lp) %{_sysconfdir}/cups/ppd
%dir %attr(700,root,root) %{_sysconfdir}/cups/ssl
%dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl
%{_unitdir}/cups.service
%{_unitdir}/cups.socket
%{_unitdir}/cups.path
@@ -780,16 +807,6 @@ exit 0
%files config
# Regarding specific owner group and permission settings for directories
# see the above comment in the files section of the main package.
# How cupsd creates those directories:
# drwx--x--- ... root lp ... /var/spool/cups
# drwxrwx--T ... root lp ... /var/spool/cups/tmp
# drwxr-xr-x ... root lp ... /var/log/cups
# drwxrwx--- ... root lp ... /var/cache/cups
# see https://bugzilla.suse.com/show_bug.cgi?id=1184161#c7
# The 'lp' user does not need write permissions in /var/log/cups
# regardless that filters and backends are usually run as user 'lp' because
# filters and backends write log messages to the inherited stderr file descriptor
# and do not append them directly to /var/log/cups/error_log (via fopen on their own).
# The /etc/cups directory is not created by cupsd but needed by it
# because cupsd cannot start if there is no /etc/cups/cupsd.conf file
# (otherwise cupsd aborts with: "Unable to open /etc/cups/cupsd.conf").
@@ -798,10 +815,6 @@ exit 0
%dir %attr(0755,root,lp) /etc/cups
%endif
%config(noreplace) %{_sysconfdir}/cups/client.conf
%dir %attr(0710,root,lp) %{_var}/spool/cups
%dir %attr(1770,root,lp) %{_var}/spool/cups/tmp
%dir %attr(0755,root,lp) %{_var}/log/cups
%dir %attr(0770,root,lp) %{_var}/cache/cups
%{_bindir}/cups-config
%{_datadir}/locale/*/cups_*
%doc %{_mandir}/man1/cups-config.1.gz

View File

@@ -1,5 +1,5 @@
--- configure.ac.orig 2024-09-30 13:38:35.000000000 +0200
+++ configure.ac 2024-09-30 15:02:31.994893137 +0200
--- configure.ac.orig 2025-12-04 09:13:12.000000000 +0100
+++ configure.ac 2026-01-21 09:36:54.702856497 +0100
@@ -9,8 +9,8 @@ dnl Licensed under Apache License v2.0.
dnl information.
dnl
@@ -10,4 +10,4 @@
+AC_PREREQ([2.69])
dnl Package name and version...
AC_INIT([CUPS],[2.4.11],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])
AC_INIT([CUPS],[2.4.16],[https://github.com/openprinting/cups/issues],[cups],[https://openprinting.github.io/cups])