Ubuntu

Change log for “cupsys” package in Ubuntu

175 of 157 results
Published in hardy-updates on 2012-12-05
Published in hardy-security on 2012-12-05
cupsys (1.3.7-1ubuntu3.16) hardy-security; urgency=low

  * SECURITY UPDATE: privilege escalation via config file editing
    - debian/patches/CVE-2012-5519.dpatch: split configuration file into
      two, to isolate options that have a security impact.
    - debian/cupsys.install: also install cups-files.conf
    - debian/patches/removecvstag.dpatch: updated to remove tag from
      cups-files.conf.
    - CVE-2012-5519
 -- Marc Deslauriers <email address hidden>   Mon, 03 Dec 2012 09:49:14 -0500
Superseded in hardy-updates on 2012-12-05
Superseded in hardy-security on 2012-12-05
cupsys (1.3.7-1ubuntu3.13) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via missing code words
    - debian/patches/CVE-2011-2896.dpatch: improve logic in
      filter/image-gif.c.
    - CVE-2011-2896
  * SECURITY UPDATE: arbitrary code execution via incorrect code word
    handling
    - debian/patches/CVE-2011-3170.dpatch: don't overflow in
      filter/image-gif.c.
    - CVE-2011-3170
 -- Marc Deslauriers <email address hidden>   Mon, 12 Sep 2011 09:41:09 -0400
Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
cupsys (1.2.2-0ubuntu0.6.06.20) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free
    - debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
      tags in cups/ipp.{c,h}.
    - CVE-2010-2941
 -- Marc Deslauriers <email address hidden>   Tue, 02 Nov 2010 11:35:21 -0400
Superseded in hardy-updates on 2011-09-14
Superseded in hardy-security on 2011-09-14
cupsys (1.3.7-1ubuntu3.12) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free
    - debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
      tags in cups/ipp.{c,h}.
    - CVE-2010-2941
 -- Marc Deslauriers <email address hidden>   Tue, 02 Nov 2010 11:22:58 -0400
Superseded in dapper-updates on 2010-11-04
Superseded in dapper-security on 2010-11-04
cupsys (1.2.2-0ubuntu0.6.06.19) dapper-security; urgency=low

  * SECURITY UPDATE: cross-site request forgery in admin interface
    - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
      to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
      cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
      templates/*.tmpl.
    - CVE-2010-0540
  * SECURITY UPDATE: denial of service or arbitrary code execution in
    texttops image filter
    - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
      filter/texttops.c.
    - CVE-2010-0542
  * SECURITY UPDATE: web interface memory disclosure
    - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
    - CVE-2010-1748
  * SECURITY UPDATE: file overwrite vulnerability
    - debian/patches/security-str3510.dpatch: introduce cups_open() in
      cups/file.c and use to make sure hard-linked or symlinked files don't
      get overwritten as root.
    - No CVE number
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jun 2010 10:37:35 -0400
Superseded in hardy-updates on 2010-11-04
Superseded in hardy-security on 2010-11-04
cupsys (1.3.7-1ubuntu3.11) hardy-security; urgency=low

  * SECURITY UPDATE: cross-site request forgery in admin interface
    - debian/patches/CVE-2010-0540.dpatch: add unpredictable session token
      to cgi-bin/admin.c, cgi-bin/cgi.h, cgi-bin/ipp-var.c,
      cgi-bin/template.c, cgi-bin/var.c, scheduler/client.c,
      templates/*.tmpl.
    - CVE-2010-0540
  * SECURITY UPDATE: denial of service or arbitrary code execution in
    texttops image filter
    - debian/patches/CVE-2010-0542.dpatch: make sure calloc succeeded in
      filter/texttops.c.
    - CVE-2010-0542
  * SECURITY UPDATE: web interface memory disclosure
    - debian/patches/CVE-2010-1748.dpatch: validate data in cgi-bin/var.c.
    - CVE-2010-1748
  * SECURITY UPDATE: file overwrite vulnerability
    - debian/patches/security-str3510.dpatch: introduce cups_open() in
      cups/file.c and use to make sure hard-linked or symlinked files don't
      get overwritten as root.
    - No CVE number
 -- Marc Deslauriers <email address hidden>   Fri, 18 Jun 2010 10:32:12 -0400
Superseded in hardy-updates on 2010-06-21
Deleted in hardy-proposed on 2010-06-22 (Reason: moved to -updates)
cupsys (1.3.7-1ubuntu3.9) hardy-proposed; urgency=low

   * debian/patches/fix-lpstat.dpatch: Fix lpstat to work correctly against
     CUPS 1.4 servers. (LP: #497606)
 -- Evan Broder <email address hidden>   Wed, 03 Mar 2010 18:06:14 -0500
Superseded in hardy-updates on 2010-03-16
Superseded in hardy-security on 2010-06-21
cupsys (1.3.7-1ubuntu3.8) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via use-after-free
    - debian/patches/CVE-2009-3553.dpatch: check fdptr->use and
      cupsd_inactive_fds in scheduler/select.c.
    - CVE-2009-3553
    - CVE-2010-0302
  * SECURITY UPDATE: privilege escalation via lppasswd tool
    - debian/patches/CVE-2010-0393.dpatch: don't allow environment
      variables to override directories in cups/globals.c and
      systemv/lppasswd.c.
    - CVE-2010-0393
 -- Marc Deslauriers <email address hidden>   Thu, 25 Feb 2010 11:00:51 -0500
Superseded in dapper-updates on 2010-06-21
Superseded in dapper-security on 2010-06-21
cupsys (1.2.2-0ubuntu0.6.06.17) dapper-security; urgency=low

  * SECURITY UPDATE: privilege escalation via lppasswd tool
    - debian/patches/84_CVE-2010-0393.dpatch: don't allow environment
      variables to override directories in cups/globals.c and
      systemv/lppasswd.c.
    - CVE-2010-0393
 -- Marc Deslauriers <email address hidden>   Thu, 25 Feb 2010 11:04:17 -0500
Superseded in hardy-updates on 2010-03-03
Superseded in hardy-security on 2010-03-03
cupsys (1.3.7-1ubuntu3.6) hardy-security; urgency=low

  * SECURITY UPDATE: XSS and CRLF injection in headers
    - debian/patches/CVE-2009-2820.dpatch: Introduce cgiClearVariables() in
      cgi-bin/{var.c,cgi.h}. Clear out variables in
      cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
      clear out variables in cgi-bin/admin.c. Filter more characters in
      cgi-bin/template.c.
    - CVE-2009-2820

 -- Marc Deslauriers <email address hidden>   Fri, 30 Oct 2009 21:38:14 -0400
Superseded in dapper-updates on 2010-03-03
Superseded in dapper-security on 2010-03-03
cupsys (1.2.2-0ubuntu0.6.06.15) dapper-security; urgency=low

  * SECURITY UPDATE: XSS and CRLF injection in headers
    - debian/patches/83_CVE-2009-2820.dpatch: Introduce cgiClearVariables()
      in cgi-bin/{var.c,cgi.h}. Clear out variables in
      cgi-bin/{classes,help,ipp-var,jobs,printers}.c. Encode URL string and
      clear out variables in cgi-bin/admin.c. Filter more characters in
      cgi-bin/template.c.
    - CVE-2009-2820

 -- Marc Deslauriers <email address hidden>   Fri, 30 Oct 2009 21:40:07 -0400
Superseded in hardy-updates on 2009-11-10
Superseded in hardy-security on 2009-11-10
cupsys (1.3.7-1ubuntu3.5) hardy-security; urgency=low

  * SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags.
    - debian/patches/CVE-2009-0949.dpatch: make sure the name field exists
      in scheduler/ipp.c.
    - CVE-2009-0949

 -- Marc Deslauriers <email address hidden>   Mon, 01 Jun 2009 10:32:52 -0400
Superseded in dapper-updates on 2009-11-10
Superseded in dapper-security on 2009-11-10
cupsys (1.2.2-0ubuntu0.6.06.14) dapper-security; urgency=low

  * SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags.
    - debian/patches/82_CVE-2009-0949.dpatch: make sure the name field
      exists in scheduler/ipp.c.
    - CVE-2009-0949

 -- Marc Deslauriers <email address hidden>   Mon, 01 Jun 2009 10:34:39 -0400
Superseded in dapper-updates on 2009-06-03
Superseded in dapper-security on 2009-06-03
cupsys (1.2.2-0ubuntu0.6.06.13) dapper-security; urgency=low

  * SECURITY UPDATE: fix integer overflow via large TIFF file
    - debian/patches/81_CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in
      filter/image-private.h
    - CVE-2009-0163

 -- Jamie Strandboge <email address hidden>   Wed, 15 Apr 2009 09:25:58 -0500
Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
cupsys (1.3.2-1ubuntu7.10) gutsy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow via large TIFF file
    - debian/patches/83_CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in
      filter/image-private.h
    - CVE-2009-0163

 -- Jamie Strandboge <email address hidden>   Wed, 15 Apr 2009 09:21:58 -0500
Superseded in hardy-updates on 2009-06-03
Superseded in hardy-security on 2009-06-03
cupsys (1.3.7-1ubuntu3.4) hardy-security; urgency=low

  * SECURITY UPDATE: fix integer overflow via large TIFF file
    - debian/patches/CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in
      filter/image-private.h
    - CVE-2009-0163

 -- Jamie Strandboge <email address hidden>   Wed, 15 Apr 2009 09:19:42 -0500
Superseded in hardy-updates on 2009-04-16
Superseded in hardy-security on 2009-04-16
cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service by adding a large number of RSS
    subscriptions (LP: #298241)
    - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
      being reached in scheduler/{ipp.c,subscriptions.c}.
    - CVE-2008-5183
  * SECURITY UPDATE: unauthorized access to RSS subscription functions in
    web interface (LP: #298241)
    - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated
      in /cgi-bin/admin.c.
    - CVE-2008-5184
  * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
    image with a large height value
    - This issue was introduced in the patch for CVE-2008-1722.
    - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
      instead of img->ysize so we don't overflow in filter/image-png.c.
    - CVE-2008-5286
  * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
    - debian/filters/pstopdf: use the cleaned-up version from Debian.
    - CVE-2008-5377

 -- Marc Deslauriers <email address hidden>   Thu, 08 Jan 2009 10:29:38 -0500
Superseded in gutsy-updates on 2009-04-16
Superseded in gutsy-security on 2009-04-16
cupsys (1.3.2-1ubuntu7.9) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service by adding a large number of RSS
    subscriptions (LP: #298241)
    - debian/patches/81_CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
      being reached in scheduler/{ipp.c,subscriptions.c}.
    - CVE-2008-5183
  * SECURITY UPDATE: unauthorized access to RSS subscription functions in
    web interface (LP: #298241)
    - debian/patches/82_CVE-2008-5184.dpatch: make sure user is authenticated
      in /cgi-bin/admin.c.
    - CVE-2008-5184
  * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
    image with a large height value
    - This issue was introduced in the patch for CVE-2008-1722.
    - debian/patches/77_CVE-2008-1722.dpatch: adjust patch to multiply img->xsize
      instead of img->ysize so we don't overflow in filter/image-png.c.
    - CVE-2008-5286
  * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
    - debian/filters/pstopdf: use the cleaned-up version from Debian.
    - CVE-2008-5377

 -- Marc Deslauriers <email address hidden>   Thu, 08 Jan 2009 10:28:34 -0500
Superseded in dapper-updates on 2009-04-16
Superseded in dapper-security on 2009-04-16
cupsys (1.2.2-0ubuntu0.6.06.12) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG
    image with a large height value
    - This issue was introduced in the patch for CVE-2008-1722.
    - debian/patches/77_CVE-2008-1722.patch: adjust patch to multiply img->xsize
      instead of img->ysize so we don't overflow in filter/image-png.c.
    - CVE-2008-5286
  * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack
    - debian/filters/pstopdf: use the cleaned-up version from Debian.
    - CVE-2008-5377

 -- Marc Deslauriers <email address hidden>   Thu, 08 Jan 2009 10:27:16 -0500
Superseded in hardy-updates on 2009-01-12
Deleted in hardy-proposed on 2009-01-13 (Reason: moved to -updates)
cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low

  * debian/rules: Install the serial backend with 0700 permissions to make it
    run as root, since /dev/ttyS* are root:dialout and thus not accessible as
    user "lp". (LP: #154277)

 -- Martin Pitt <email address hidden>   Wed, 26 Nov 2008 14:30:00 +0000
Superseded in hardy-updates on 2008-12-07
Superseded in hardy-security on 2009-01-12
cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust
      filter/image-sgilib.c to properly check for xsize. Taken from Debian
      patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust
      textcommon.c and texttops.c to check for too large or negative page
      metrics. Taken from Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust
      hpgl-attr.c to properly check for an invalid number of pens. Also
      includes fix for regression in orginal upstream patch which changed
      the color mapping and an off-by-one loop error. Taken from Debian patch
      by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

 -- Jamie Strandboge <email address hidden>   Tue, 14 Oct 2008 13:17:07 -0500
Superseded in gutsy-updates on 2009-01-12
Superseded in gutsy-security on 2009-01-12
cupsys (1.3.2-1ubuntu7.8) gutsy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/78_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to
      properly check for xsize. Taken from Debian patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/79_CVE-2008-3640.dpatch: adjust textcommon.c and
      texttops.c to check for too large or negative page metrics. Taken from
      Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/80_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly
      check for an invalid number of pens. Also includes fix for regression in
      orginal upstream patch which changed the color mapping and an off-by-one
      loop error. Taken from Debian patch by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

 -- Jamie Strandboge <email address hidden>   Tue, 14 Oct 2008 13:49:34 -0500
Superseded in dapper-updates on 2009-01-12
Superseded in dapper-security on 2009-01-12
cupsys (1.2.2-0ubuntu0.6.06.11) dapper-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/78_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to
      properly check for xsize. Taken from Debian patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/79_CVE-2008-3640.dpatch: adjust textcommon.c and
      texttops.c to check for too large or negative page metrics. Based on
      Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/80_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly
      check for an invalid number of pens. Also includes fix for regression in
      orginal upstream patch which changed the color mapping and an off-by-one
      loop error. Taken from Debian patch by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641
  * debian/patches/00list: apply 77_CVE-2008-1722.dpatch from previous update,
    which was not applied

 -- Jamie Strandboge <email address hidden>   Tue, 14 Oct 2008 14:08:29 -0500
Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
cupsys (1.2.8-0ubuntu8.6) feisty-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in
    the SGI filter
    - debian/patches/105_CVE-2008-3639.dpatch: adjust filter/image-sgilib.c to
      properly check for xsize. Taken from Debian patch by Martin Pitt.
    - STR #2918
    - CVE-2008-3639
  * SECURITY UPDATE: integer overflow in texttops filter which could lead
    to heap-based overflow
    - debian/patches/106_CVE-2008-3640.dpatch: adjust textcommon.c and
      texttops.c to check for too large or negative page metrics. Based on
      Debian patch by Martin Pitt.
    - STR #2919
    - CVE-2008-3640
  * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to
    arbitrary code execution
    - debian/patches/107_CVE-2008-3641.dpatch: adjust hpgl-attr.c to properly
      check for an invalid number of pens. Also includes fix for regression in
      orginal upstream patch which changed the color mapping and an off-by-one
      loop error. Taken from Debian patch by Martin Pitt.
    - STR #2911
    - STR #2966
    - CVE-2008-3641

 -- Jamie Strandboge <email address hidden>   Tue, 14 Oct 2008 14:02:18 -0500
Superseded in gutsy-updates on 2008-10-30
Superseded in gutsy-updates on 2008-05-06
Superseded in gutsy-security on 2008-10-15
cupsys (1.3.2-1ubuntu7.7) gutsy-security; urgency=low

  * SECURITY UPDATE: Denial of service and possibly arbitrary code execution
  * debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in
    filter/image-png.c. Taken from Debian SVN Head.
  * References
    CVE-2008-1722
    LP: #219491
    http://www.cups.org/str.php?L2790

 -- Jamie Strandboge <email address hidden>   Wed, 23 Apr 2008 12:59:45 -0400
Superseded in feisty-updates on 2008-10-30
Superseded in feisty-security on 2008-10-15
cupsys (1.2.8-0ubuntu8.4) feisty-security; urgency=low

  * SECURITY UPDATE: Denial of service and possibly arbitrary code execution
  * debian/patches/104_CVE-2008-1722.dpatch: fix for two integer overflows in
    filter/image-png.c. Taken from Debian SVN Head.
  * References
    CVE-2008-1722
    LP: #219491
    http://www.cups.org/str.php?L2790

 -- Jamie Strandboge <email address hidden>   Thu, 24 Apr 2008 12:55:20 -0400
Superseded in dapper-updates on 2008-10-30
Superseded in dapper-security on 2008-10-15
cupsys (1.2.2-0ubuntu0.6.06.9) dapper-security; urgency=low

  * SECURITY UPDATE: Denial of service and possibly arbitrary code execution
  * debian/patches/77_CVE-2008-1722.dpatch: fix for two integer overflows in
    filter/image-png.c. Taken from Debian SVN Head.
  * References
    CVE-2008-1722
    LP: #219491
    http://www.cups.org/str.php?L2790

 -- Jamie Strandboge <email address hidden>   Thu, 24 Apr 2008 13:02:31 -0400
Deleted in intrepid-release on 2008-06-13 (Reason: renamed to cups)
cupsys (1.3.7-5) unstable; urgency=low

  * debian/cupsys-bsd.install: Remove daemon/cups-lpd. It really does not
    belong into -bsd.
  * debian/control: Add appropriate Conflicts/Replaces to older cupsys-bsd
    which shipped daemon/cups-lpd. (Closes: #477392)

Superseded in intrepid-release on 2008-05-03
Published in hardy-release on 2008-04-21
cupsys (1.3.7-1ubuntu3) hardy; urgency=low

  * Add debian/patches/CVE-2008-1722.dpatch: Two integer overflows in png
    image filter allow a denial of service attack and possibly arbitrary code
    execution. [STR #2790, CVE-2008-1722]. Taken from Debian SVN head.

 -- Martin Pitt <email address hidden>   Mon, 21 Apr 2008 17:54:33 +0200
Superseded in hardy-release on 2008-04-21
cupsys (1.3.7-1ubuntu2) hardy; urgency=low

  * debian/control: Add missing build dependency lsb-release. This will bring
    back the lost AppArmor profile. (LP: #211375) Also wrap long fields, so
    that they are easier to edit.

 -- Martin Pitt <email address hidden>   Sun, 06 Apr 2008 10:24:39 -0600
Superseded in gutsy-updates on 2008-05-06
Superseded in gutsy-security on 2008-05-05
cupsys (1.3.2-1ubuntu7.6) gutsy-security; urgency=low

  * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in
    cgiCompileSearch() using crafted search expressions. Exploitable if
    printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
  * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in
    process_browse_data(), which could be exploited to a remote DoS by sending
    crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
    patch.
  * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in
    the self test's cupsd.conf. This affects the test suite (in the sense that
    it actually works now) and does not affect the built binaries at all.
    (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
  * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in
    ParseCommand() in hpgl-input.c by properly checking number of parameters
  * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in
    gif_read_image() in image-gif.c by properly validating code_size
  * References
    CVE-2008-0047
    CVE-2008-0882
    CVE-2008-0053
    CVE-2008-1373
    http://www.cups.org/str.php?L2729
    http://www.cups.org/str.php?L2656

 -- Jamie Strandboge <email address hidden>   Wed, 26 Mar 2008 10:56:23 -0400
Superseded in feisty-updates on 2008-05-06
Superseded in feisty-security on 2008-05-05
cupsys (1.2.8-0ubuntu8.3) feisty-security; urgency=low

  * debian/patches/99_CVE-2008-0047.dpatch: Fix buffer overflow in
    cgiCompileSearch() using crafted search expressions. Exploitable if
    printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
  * debian/patches/100_CVE-2008-0882.dpatch: Fix double-free in
    process_browse_data(), which could be exploited to a remote DoS by sending
    crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
    patch.
  * debian/patches/101_pid.dpatch: Specify PidFile in temporary directory in
    the self test's cupsd.conf. This affects the test suite (in the sense that
    it actually works now) and does not affect the built binaries at all.
    (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
  * debian/patches/102_CVE-2008-0053.dpatch: Fix buffer overflows in
    ParseCommand() in hpgl-input.c by properly checking number of parameters
  * debian/patches/103_CVE-2008-1373.dpatch: Fix buffer overflow in
    gif_read_image() in image-gif.c by properly validating code_size
  * References
    CVE-2008-0047
    CVE-2008-0882
    CVE-2008-0053
    CVE-2008-1373
    http://www.cups.org/str.php?L2729
    http://www.cups.org/str.php?L2656

 -- Jamie Strandboge <email address hidden>   Wed, 26 Mar 2008 13:59:53 -0400
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
cupsys (1.2.4-2ubuntu3.3) edgy-security; urgency=low

  * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in
    cgiCompileSearch() using crafted search expressions. Exploitable if
    printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
  * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in
    process_browse_data(), which could be exploited to a remote DoS by sending
    crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
    patch.
  * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in
    the self test's cupsd.conf. This affects the test suite (in the sense that
    it actually works now) and does not affect the built binaries at all.
    (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
  * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in
    ParseCommand() in hpgl-input.c by properly checking number of parameters
  * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in
    gif_read_image() in image-gif.c by properly validating code_size
  * References
    CVE-2008-0047
    CVE-2008-0882
    CVE-2008-0053
    CVE-2008-1373
    http://www.cups.org/str.php?L2729
    http://www.cups.org/str.php?L2656

 -- Jamie Strandboge <email address hidden>   Wed, 26 Mar 2008 14:13:26 -0400
Superseded in dapper-updates on 2008-05-06
Superseded in dapper-security on 2008-05-05
cupsys (1.2.2-0ubuntu0.6.06.8) dapper-security; urgency=low

  * debian/patches/72_CVE-2008-0047.dpatch: Fix buffer overflow in
    cgiCompileSearch() using crafted search expressions. Exploitable if
    printer sharing is enabled. Thanks to Martin Pitt for supplying the patch.
  * debian/patches/73_CVE-2008-0882.dpatch: Fix double-free in
    process_browse_data(), which could be exploited to a remote DoS by sending
    crafted data to the cups UDP port. Thanks to Martin Pitt for supplying the
    patch.
  * debian/patches/74_pid.dpatch: Specify PidFile in temporary directory in
    the self test's cupsd.conf. This affects the test suite (in the sense that
    it actually works now) and does not affect the built binaries at all.
    (Backported from trunk). Thanks to Martin Pitt for supplying the patch.
  * debian/patches/75_CVE-2008-0053.dpatch: Fix buffer overflows in
    ParseCommand() in hpgl-input.c by properly checking number of parameters
  * debian/patches/76_CVE-2008-1373.dpatch: Fix buffer overflow in
    gif_read_image() in image-gif.c by properly validating code_size
  * References
    CVE-2008-0047
    CVE-2008-0882
    CVE-2008-0053
    CVE-2008-1373
    http://www.cups.org/str.php?L2729
    http://www.cups.org/str.php?L2656

 -- Jamie Strandboge <email address hidden>   Wed, 26 Mar 2008 15:02:55 -0400
Superseded in hardy-release on 2008-04-06
cupsys (1.3.7-1ubuntu1) hardy; urgency=low

  * Merge new upstream bug fix release from unstable.
    - Fixes CUPS GIF image filter overflow [CVE-2008-1373]. (LP: #210718)

Superseded in hardy-release on 2008-04-02
cupsys (1.3.6-3ubuntu1) hardy; urgency=low

  * Merge recent bug fixes and security fix from Debian unstable.

Superseded in hardy-release on 2008-03-22
cupsys (1.3.6-2ubuntu2) hardy; urgency=low

  * debian/cupsys.postinst: Fix 'revert to single file' transitional code to
    also apply to newer versions in dapper-updates, remove a debugging
    statement, and fix syntax of the check.
  * debian/rules: Do not try to build a -dbg on Ubuntu, we removed it from the
    control file.

 -- Martin Pitt <email address hidden>   Mon, 17 Mar 2008 17:01:32 +0100
Superseded in hardy-release on 2008-03-18
cupsys (1.3.6-2ubuntu1) hardy; urgency=low

  * Merge with Debian unstable, where I applied most of our remaining Delta;
    Remaining Ubuntu changes:
    - debian/cupsys.{pre,post}inst, debian/cupsys.preinst:
      + Revert to single cupsd.conf file for upgrade from Dapper, can be
        dropped after releasing Hardy.
      + Revert usr/share/doc symlink/directory breakage for upgrade from
      Gutsy, can be dropped after releasing Hardy.
    - debian/control, debian/rules: Drop cupsys-dbg package. This is not worth
      keeping as the only delta, so we can sync this package after Hardy's
      release.

Superseded in hardy-release on 2008-03-18
cupsys (1.3.6-1ubuntu2) hardy; urgency=low

  * debian/cupsys.preinst:
    - only chown /var/run/cups if it exists (LP: #156634)

 -- Michael Vogt <email address hidden>   Mon, 10 Mar 2008 11:25:29 +0100
Superseded in hardy-release on 2008-03-10
cupsys (1.3.6-1ubuntu1) hardy; urgency=low

  * Merge with Debian unstable to bring in the new upstream bugfix-only
    release and some packaging fixes. See 1.3.5-1ubuntu1 for list of remaining
    changes.

Superseded in hardy-release on 2008-02-26
cupsys (1.3.5-2ubuntu1) hardy; urgency=low

  * debian/local/apparmor-profile: Added Kerberos authentication support
    to the AppArmor profile (LP: #189022).

Superseded in hardy-release on 2008-02-25
cupsys (1.3.5-1ubuntu3) hardy; urgency=low

  [ Martin Pitt ]
  * debian/cupsys.init.d: Add Should-Start: avahi. (LP: #181122)

  [ Till Kamppeter ]
  * debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries,
    as they clutter the lists of detected printers and make the network
    printer discovery process taking more time than needed. Applied also
    a bug fix and the possibility of querying one IP address by calling
    the dnssd backend with the IP as command line argument (like the
    snmp CUPS backend).

 -- Till Kamppeter <email address hidden>   Tue, 29 Jan 2008 19:01:06 +0000
Superseded in hardy-release on 2008-01-29
cupsys (1.3.5-1ubuntu2) hardy; urgency=low

  * No-change rebuild against libldap-2.4-2.

 -- Steve Langasek <email address hidden>   Tue, 22 Jan 2008 16:52:31 +0000
Superseded in gutsy-updates on 2008-04-11
Deleted in gutsy-proposed on 2008-04-16 (Reason: moved to -updates)
cupsys (1.3.2-1ubuntu7.5) gutsy-proposed; urgency=low

  * Add debian/patches/fix_regression_reactivate_net_ifaces_changes_detection.dpatch:
    Fix a regression in upstream code that has removed the network interface
    update poll, which caused sharing of local printers to not work for
    interfaces which turned up after cups startup. (CUPS STR #2631,
    LP: #177075).

Superseded in dapper-updates on 2008-04-11
Deleted in dapper-proposed on 2008-04-16 (Reason: moved to -updates)
cupsys (1.2.2-0ubuntu0.6.06.7) dapper-proposed; urgency=low

  * Reapply pending SRU which got superseded in -security.
  * Add debian/patches/60_ipp_read_busy_loop.dpatch:
    - Fix logic error that causes IPP client programs like gnome-cups-icon to
      sometimes get into a state where it uses 100% CPU time.
    - Properly handle ippReadIO() encountering IPP_IDLE and make sure to never
      return this to the outside world, since it is interpreted as an error
      condition which causes a busy loop.
    - Error out if the read callback doesn't return a value/group tag, which
      would confuse the higher layers.
    - Patch backported from upstream SVN (fixed in 1.2.11).
    - LP: #44196

 -- Martin Pitt <email address hidden>   Wed, 09 Jan 2008 09:14:42 +0100
Superseded in gutsy-proposed on 2008-01-10
cupsys (1.3.2-1ubuntu7.4) gutsy-proposed; urgency=low

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Reapply changes of previous SRU which got
    superseded by a security update:
    - Allow rw access to /dev/parport* and ro access to
      /proc/sys/dev/parport/**, so that parallel port printer detection works.
    - Allow bluetooth socket creation to unbreak the bluetooth backend.
      (LP: #147800)
    - Permit reading /etc/pnm2ppa.conf. (LP: #155530)
    - Only restrict backends which are shipped by cupsys itself (or known
      packages like cups-pdf). All other backends remain unrestricted, since we
      cannot predict which privileges they need. (LP: #152537)

  [ Till Kamppeter ]
  * debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch:
    - CUPS stopped broadcasting on a HUP signal when using a fixed
      BrowseAddress (CUPS STR #2618, LP: #173470).

 -- Martin Pitt <email address hidden>   Wed, 09 Jan 2008 09:03:49 +0100
Superseded in feisty-updates on 2008-04-11
Superseded in feisty-security on 2008-04-02
cupsys (1.2.8-0ubuntu8.2) feisty-security; urgency=low

  * SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
  * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
    thanks to Kenshi Muto.
  * References
    CVE-2007-6358
    CVE-2007-5849

 -- Kees Cook <email address hidden>   Mon, 07 Jan 2008 16:08:28 -0800
Superseded in edgy-updates on 2008-04-11
Superseded in edgy-security on 2008-04-02
cupsys (1.2.4-2ubuntu3.2) edgy-security; urgency=low

  * SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
  * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
    thanks to Kenshi Muto.
  * References
    CVE-2007-6358
    CVE-2007-5849

 -- Kees Cook <email address hidden>   Mon, 07 Jan 2008 16:08:28 -0800
Superseded in gutsy-security on 2008-04-02
cupsys (1.3.2-1ubuntu7.3) gutsy-security; urgency=low

  * SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
  * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
    thanks to Kenshi Muto.
  * References
    CVE-2007-6358
    CVE-2007-5849

 -- Kees Cook <email address hidden>   Mon, 07 Jan 2008 16:08:28 -0800
Superseded in dapper-security on 2008-04-02
cupsys (1.2.2-0ubuntu0.6.06.6) dapper-security; urgency=low

  * SECURITY UPDATE: tempfile race, denial of service in SNMP backend.
  * Add 70_CVE-2007-6358.dpatch, 71_CVE-2007-5849.dpatch: upstream fixes
    thanks to Kenshi Muto.
  * References
    CVE-2007-6358
    CVE-2007-5849

 -- Kees Cook <email address hidden>   Mon, 07 Jan 2008 16:08:28 -0800
Superseded in hardy-release on 2008-01-22
cupsys (1.3.5-1ubuntu1) hardy; urgency=low

  * Merge with Debian unstable; remaining Ubuntu changes:
    - TearDown (fast shutdown):
      + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency.
      + debian/rules: Use 'multiuser' update-rc.d mode.
    - debian/control, debian/rules: Drop cupsys-dbg package.
    - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade
      fixes that need to be kept until after the next LTS:
      + Revert to single cupsd.conf file.
      + Remove obsolete rc.d links.
      + Revert usr/share/doc symlink/directory breakage.
    - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a
      failed job instead of stopping the print queue.
    - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by
      default.
    - Add AppArmor profile:
      + debian/local/apparmor-profile
      + debian/cupsys.postinst: Reload AA profile on configuration.

Superseded in hardy-release on 2008-01-02
cupsys (1.3.4-2ubuntu3) hardy; urgency=low

  * debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch:
    CUPS stopped broadcasting on a HUP signal when using a fixed
    BrowseAddress (CUPS STR #2618, LP: #173470).

 -- Till Kamppeter <email address hidden>   Mon, 10 Dec 2007  0:01:06 +0000
Superseded in hardy-release on 2007-12-11
cupsys (1.3.4-2ubuntu2) hardy; urgency=low

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Run drivers (PPD generators) unconfined,
    since they run as non-root and there are third-party ones we cannot
    control.

  [ Till Kamppeter ]
  * debian/local/backends/dnssd: Updated dnssd to support Mac OS X servers
    which broadcast their print queues only via DNS-SD and require clients
    to create raw IPP queues pointing to the server's queues manually.

 -- Martin Pitt <email address hidden>   Mon, 03 Dec 2007 11:22:57 +0100
Superseded in gutsy-proposed on 2008-01-09
cupsys (1.3.2-1ubuntu7.2) gutsy-proposed; urgency=low

  * debian/local/apparmor-profile:
    - Allow rw access to /dev/parport* and ro access to
      /proc/sys/dev/parport/**, so that parallel port printer detection works.
    - Allow bluetooth socket creation to unbreak the bluetooth backend.
      (LP: #147800)
    - Permit reading /etc/pnm2ppa.conf. (LP: #155530)
    - Only restrict backends which are shipped by cupsys itself (or known
      packages like cups-pdf). All other backends remain unrestricted, since we
      cannot predict which privileges they need. (LP: #152537)

 -- Martin Pitt <email address hidden>   Mon, 03 Dec 2007 10:07:09 +0100
Superseded in hardy-release on 2007-12-04
cupsys (1.3.4-2ubuntu1) hardy; urgency=low

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - TearDown (fast shutdown):
      + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency.
      + debian/rules: Use 'multiuser' update-rc.d mode.
    - debian/control, debian/rules: Drop cupsys-dbg package.
    - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade
      fixes that need to be kept until after the next LTS:
      + Revert to single cupsd.conf file.
      + Remove obsolete rc.d links.
      + Revert usr/share/doc symlink/directory breakage.
    - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a
      failed job instead of stopping the print queue.
    - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by
      default.
    - Add AppArmor profile:
      + debian/local/apparmor-profile
      + debian/cupsys.postinst: Reload AA profile on configuration.
  * Revert most of the doc symlinking changes from 1.3.2-1ubuntu4, since
    Ubuntu's cdbs does it by default now. Clean up a few other pieces of
    Debian-Ubuntu delta noise along the way.
  * debian/local/apparmor-profile: Only restrict backends which are shipped by
    cupsys itself (or known packages like cups-pdf). All other backends remain
    unrestricted, since we cannot predict which privileges they need.
  * debian/local/apparmor-profile: Run bluetooth backend confined again and
    allow opening bluetooth sockets.

Superseded in hardy-release on 2007-12-03
cupsys (1.3.4-1ubuntu4) hardy; urgency=low

  * correct Replaces line in cupsys-common to make dapper->hardy
    upgrades work

 -- Michael Vogt <email address hidden>   Fri, 30 Nov 2007 11:28:44 +0100
Superseded in hardy-release on 2007-11-30
cupsys (1.3.4-1ubuntu3) hardy; urgency=low

  * debian/local/apparmor-profile:
    - Allow rw access to /dev/parport* and ro access to
      /proc/sys/dev/parport/**, so that parallel port printer detection works.
    - Allow unconfined execution of the bluetooth backend. AppArmor currently
      forbids creation of bluetooth sockets without providing a profile option
      to allow it (see bug #172534). (LP: #147800)
    - Permit reading /etc/pnm2ppa.conf. (LP: #155530)
    - Disable AA profile for Samsung's MFP driver, since it needs very high
      and unknown privileges and is a third-party driver which we cannot
      control. (LP: #152537)

 -- Martin Pitt <email address hidden>   Wed, 28 Nov 2007 12:05:30 +0100
Superseded in hardy-release on 2007-11-28
cupsys (1.3.4-1ubuntu2) hardy; urgency=low

  * debian/local/backends/dnssd, debian/rules, debian/cupsys.install,
    debian/cupsys.postinst, debian/cupsys.prerm, debian/cupsys.templates,
    debian/control:
    Added printer discovery backend "dnssd". Several cheaper printers, like
    the HP Color LaserJet 2600n, are not discovered by the "snmp" backend.
    In addition, this backend extracts more info from the printers than the
    "snmp" backend, like for example available page description languages.
    This leads to better driver choises for unknown printer models.

 -- Till Kamppeter <email address hidden>   Fri, 23 Nov 2007 12:01:06 +0000
Superseded in dapper-proposed on 2008-01-09
cupsys (1.2.2-0ubuntu0.6.06.5) dapper-proposed; urgency=low

  * Add debian/patches/60_ipp_read_busy_loop.dpatch:
    - Fix logic error that causes IPP client programs like gnome-cups-icon to
      sometimes get into a state where it uses 100% CPU time.
    - Properly handle ippReadIO() encountering IPP_IDLE and make sure to never
      return this to the outside world, since it is interpreted as an error
      condition which causes a busy loop.
    - Error out if the read callback doesn't return a value/group tag, which
      would confuse the higher layers.
    - Patch backported from upstream SVN (fixed in 1.2.11).
    - LP: #44196

 -- Martin Pitt <email address hidden>   Tue, 20 Nov 2007 10:08:30 +0100
Superseded in hardy-release on 2007-11-26
cupsys (1.3.4-1ubuntu1) hardy; urgency=low

  * Merge new upstream version from Debian.

Superseded in gutsy-updates on 2008-01-16
Superseded in gutsy-security on 2008-01-09
cupsys (1.3.2-1ubuntu7.1) gutsy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via stack overflow.
  * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
    from Michael Sweet.
  * References
    CVE-2007-4351

 -- Kees Cook <email address hidden>   Thu, 01 Nov 2007 06:52:01 -0700
Superseded in feisty-updates on 2008-02-04
Superseded in feisty-security on 2008-01-09
cupsys (1.2.8-0ubuntu8.1) feisty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via stack overflow.
  * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
    from Michael Sweet.
  * References
    CVE-2007-4351

 -- Kees Cook <email address hidden>   Thu, 01 Nov 2007 06:52:01 -0700
Superseded in edgy-updates on 2008-02-04
Superseded in edgy-security on 2008-01-09
cupsys (1.2.4-2ubuntu3.1) edgy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via stack overflow.
  * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
    from Michael Sweet.
  * References
    CVE-2007-4351

 -- Kees Cook <email address hidden>   Thu, 01 Nov 2007 06:52:01 -0700
Superseded in dapper-updates on 2008-01-16
Superseded in dapper-security on 2008-01-09
cupsys (1.2.2-0ubuntu0.6.06.4) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via stack overflow.
  * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
    from Michael Sweet.
  * References
    CVE-2007-4351

 -- Kees Cook <email address hidden>   Thu, 01 Nov 2007 06:52:01 -0700
Superseded in hardy-release on 2007-11-12
cupsys (1.3.2-1ubuntu8) hardy; urgency=low

  * SECURITY UPDATE: arbitrary code execution via stack overflow.
  * Add debian/patches/ipptags-corruption-fix.dpatch: upstream fixes
    from Michael Sweet.
  * References
    CVE-2007-4351

 -- Kees Cook <email address hidden>   Thu, 01 Nov 2007 06:52:01 -0700
Superseded in hardy-release on 2007-11-01
Obsolete in gutsy-release on 2011-09-16
cupsys (1.3.2-1ubuntu7) gutsy; urgency=low

  * debian/cupsys.postinst: Drop ancient transitional code to remove root from
    group lpadmin. Under very odd circumstances ("root" has the same UID than
    the user) this could cause the user to be removed from group 'lpadmin'.
    Quite unlikely that this is the prime reason for LP #134503, but it's much
    cleaner in any case.

 -- Martin Pitt <email address hidden>   Mon, 15 Oct 2007 12:32:16 +0200
Superseded in gutsy-release on 2007-10-15
cupsys (1.3.2-1ubuntu6) gutsy; urgency=low

  * debian/local/apparmor-profile: Allow 'm' (executable mmapping) of
    /etc/shadow. This does not actually extend privileges since it is already
    readable, and does not actually make sense, but some weird backends want
    to do it nevertheless. (LP: #152061)

 -- Martin Pitt <email address hidden>   Sun, 14 Oct 2007 22:01:31 +0200
Superseded in gutsy-release on 2007-10-14
cupsys (1.3.2-1ubuntu5) gutsy; urgency=low

  * Revert previous approach to symlinking of documentation directories, and
    do it in a way that's more in line with the existing code in
    debian/rules.
  * debian/cupsys.docs: Remove duplicate files (LP: #149106).
  * Make libcupsys2 replace the broken version of cupsys to help out people
    who used dpkg --force-overwrite wrongly.
  * Fix dh_compress arguments to cope with moved examples.
  * debian/cupsys.preinst, debian/cupsys-common.preinst: Remove old
    directories before unpack, since dpkg won't replace directories with
    symlinks.

 -- Colin Watson <email address hidden>   Fri, 05 Oct 2007 02:46:34 +0100
Superseded in gutsy-release on 2007-10-05
cupsys (1.3.2-1ubuntu4) gutsy; urgency=low

  * cupsys-common: Depend on libcupsys2.
  * Symlink doc directories to avoid duplicate files.

 -- Matthias Klose <email address hidden>   Thu, 04 Oct 2007 17:45:31 +0200
Superseded in gutsy-release on 2007-10-04
cupsys (1.3.2-1ubuntu3) gutsy; urgency=low

  * No-change upload of 1ubuntu1, to revert the 1ubuntu2 upload which should
    never have happened.

 -- Martin Pitt <email address hidden>   Thu, 04 Oct 2007 13:42:28 +0200
Superseded in gutsy-release on 2007-10-04
cupsys (1.3.2-1ubuntu2) gutsy; urgency=low

  * debian/local/apparmor-profile: Allow cups-pdf to write into ~/Desktop
    so that ~/Desktop can be used as default destination for the PDFs created
    by cups-pdf. The old destination ~/PDF is still allowed to simplify package
    updates.

 -- Till Kamppeter <email address hidden>   Wed,  4 Oct 2007 17:01:06 +0100
Superseded in gutsy-release on 2007-10-04
cupsys (1.3.2-1ubuntu1) gutsy; urgency=low

  * Merge from Debian to get new upstream bug fix microrelease. (LP: #140877)
  * Removed debian/patches/fix_auto_rotate_images.dpatch: Fixed upstream
    (although slightly differently).
  * debian/local/apparmor-profile: Allow 'm' access to /etc/{passwd,group}.
    Apparently some backends want it that way. (part of LP #139665)
  * debian/local/apparmor-profile: Add forgotten /usr/lib/cups/cgi-bin/* rule
    to unbreak the web interface (regression from 1.3.0-4ubuntu2).

Superseded in gutsy-release on 2007-09-19
cupsys (1.3.0-4ubuntu4) gutsy; urgency=low

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow cups-pdf to read /etc/papersize.

  [ Till Kamppeter ]
  * debian/patches/fix_auto_rotate_images.dpatch: Fix auto-rotation for best
    fit of images on the paper (CUPS STRs #2502 and #2513).

 -- Martin Pitt <email address hidden>   Wed, 12 Sep 2007 19:06:02 +0200
Superseded in gutsy-release on 2007-09-17
cupsys (1.3.0-4ubuntu3) gutsy; urgency=low

  * debian/local/apparmor-profile: Use abstraction tunable variables for
    /proc and /home.

 -- Kees Cook <email address hidden>   Wed, 12 Sep 2007 22:07:50 -0700
Superseded in gutsy-release on 2007-09-13
cupsys (1.3.0-4ubuntu2) gutsy; urgency=low

  * debian/local/apparmor-profile: #139105 was not a bug after all, but rather
    a misunderstood concept of AppArmor. Change the profile to allow
    unrestricted execution of filters, which are always run as unprivileged
    system user anyway. This should unbreak most third-party printer drivers.

 -- Martin Pitt <email address hidden>   Wed, 12 Sep 2007 19:02:43 +0200
175 of 157 results