cupsys (1.3.7-1ubuntu3.5) hardy-security; urgency=low * SECURITY UPDATE: Remote denial-of-service via IPP_TAG_UNSUPPORTED tags. - debian/patches/CVE-2009-0949.dpatch: make sure the name field exists in scheduler/ipp.c. - CVE-2009-0949 -- Marc Deslauriers Mon, 01 Jun 2009 10:32:52 -0400 cupsys (1.3.7-1ubuntu3.4) hardy-security; urgency=low * SECURITY UPDATE: fix integer overflow via large TIFF file - debian/patches/CVE-2009-0163.dpatch: adjust CUPS_IMAGE_MAX_HEIGHT in filter/image-private.h - CVE-2009-0163 -- Jamie Strandboge Wed, 15 Apr 2009 09:19:42 -0500 cupsys (1.3.7-1ubuntu3.3) hardy-security; urgency=low * SECURITY UPDATE: denial of service by adding a large number of RSS subscriptions (LP: #298241) - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions being reached in scheduler/{ipp.c,subscriptions.c}. - CVE-2008-5183 * SECURITY UPDATE: unauthorized access to RSS subscription functions in web interface (LP: #298241) - debian/patches/CVE-2008-5184.dpatch: make sure user is authenticated in /cgi-bin/admin.c. - CVE-2008-5184 * SECURITY UPDATE: arbitrary code execution via integer overflow from a PNG image with a large height value - This issue was introduced in the patch for CVE-2008-1722. - debian/patches/CVE-2008-1722.dpatch: adjust patch to multiply img->xsize instead of img->ysize so we don't overflow in filter/image-png.c. - CVE-2008-5286 * SECURITY UPDATE: arbitrary file overwrite via temp log file symlink attack - debian/filters/pstopdf: use the cleaned-up version from Debian. - CVE-2008-5377 -- Marc Deslauriers Thu, 08 Jan 2009 10:29:38 -0500 cupsys (1.3.7-1ubuntu3.2) hardy-proposed; urgency=low * debian/rules: Install the serial backend with 0700 permissions to make it run as root, since /dev/ttyS* are root:dialout and thus not accessible as user "lp". (LP: #154277) -- Martin Pitt Wed, 26 Nov 2008 14:30:00 +0000 cupsys (1.3.7-1ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: heap-based buffer overflow due to unchecked boundary in the SGI filter - debian/patches/CVE-2008-3639_sgi_filter_overflow.dpatch: adjust filter/image-sgilib.c to properly check for xsize. Taken from Debian patch by Martin Pitt. - STR #2918 - CVE-2008-3639 * SECURITY UPDATE: integer overflow in texttops filter which could lead to heap-based overflow - debian/patches/CVE-2008-3640_texttops_overflow.dpatch: adjust textcommon.c and texttops.c to check for too large or negative page metrics. Taken from Debian patch by Martin Pitt. - STR #2919 - CVE-2008-3640 * SECURITY UPDATE: buffer overflow in HPGL filter which could lead to arbitrary code execution - debian/patches/CVE-2008-3641_hpgl_filter_overflow.dpatch: adjust hpgl-attr.c to properly check for an invalid number of pens. Also includes fix for regression in orginal upstream patch which changed the color mapping and an off-by-one loop error. Taken from Debian patch by Martin Pitt. - STR #2911 - STR #2966 - CVE-2008-3641 -- Jamie Strandboge Tue, 14 Oct 2008 13:17:07 -0500 cupsys (1.3.7-1ubuntu3) hardy; urgency=low * Add debian/patches/CVE-2008-1722.dpatch: Two integer overflows in png image filter allow a denial of service attack and possibly arbitrary code execution. [STR #2790, CVE-2008-1722]. Taken from Debian SVN head. -- Martin Pitt Mon, 21 Apr 2008 17:54:33 +0200 cupsys (1.3.7-1ubuntu2) hardy; urgency=low * debian/control: Add missing build dependency lsb-release. This will bring back the lost AppArmor profile. (LP: #211375) Also wrap long fields, so that they are easier to edit. -- Martin Pitt Sun, 06 Apr 2008 10:24:39 -0600 cupsys (1.3.7-1ubuntu1) hardy; urgency=low * Merge new upstream bug fix release from unstable. - Fixes CUPS GIF image filter overflow [CVE-2008-1373]. (LP: #210718) -- Martin Pitt Wed, 02 Apr 2008 11:16:39 +0200 cupsys (1.3.7-1) unstable; urgency=medium * Urgency medium due to security fix. * New upstream bugfix/security update release. For a detailled list of changes see http://www.cups.org/articles.php?L537. - CUPS GIF image filter overflow [CVE-2008-1373, STR #2765]. * Drop patches which are now upstream: - cgiCompileSearch_buffer_overflow.dpatch - testsuite-exit-code.dpatch - pbmprint.dpatch * search_mime_files_in_usr_share.dpatch: Drop log message about missing /usr/share/cups/mime/ from error to info, since it is not really an error, and causing the test suite to fail due to error log count mismatch. * pdftops-cups-1.4.dpatch: Apply r7391 from SVN head to fix missing error message newlines (STR #2743). * debian/rules: Remove cleaning of test suite HTML reports in test/, they are written to /tmp now. * Add pdftops-wait-eintr.dpatch: Handle EINTR in pdftops' wait() call. (Caught by test suite.) * debian/libcupsys2-dev.files: Drop i18n.h, it's an internal interface and not installed by upstream any more. * debian/control: Add poppler-utils | xpdf-utils build dependency, so that the test suite works during build. -- Martin Pitt Wed, 02 Apr 2008 11:03:37 +0200 cupsys (1.3.6-3ubuntu1) hardy; urgency=low * Merge recent bug fixes and security fix from Debian unstable. -- Martin Pitt Sat, 22 Mar 2008 12:48:56 +0100 cupsys (1.3.6-3) unstable; urgency=high [ Till Kamppeter ] * pdftops-cups-1.4.dpatch: Updated to Mike Sweet's patch version from CUPS STR #2716. * debian/patches/ppd-poll-with-client-conf.dpatch: If there is a client.conf pointing to a remote server, clients were not able to poll the PPD options from printers on that server (CUPS STRs #2731, #2763) [ Martin Pitt ] * Urgency high due to security fix. * debian/local/apparmor-profile: Allow cups-pdf to read files in ~/PDF/, so that it can overwrite files. (LP: #161222) * Add cgiCompileSearch_buffer_overflow.dpatch: Fix buffer overflow in cgiCompileSearch() using crafted search expressions. Exploitable if printer sharing is enabled. (CVE-2008-0047, STR #2729, Closes: #472105) -- Martin Pitt Sat, 22 Mar 2008 12:37:57 +0100 cupsys (1.3.6-2ubuntu2) hardy; urgency=low * debian/cupsys.postinst: Fix 'revert to single file' transitional code to also apply to newer versions in dapper-updates, remove a debugging statement, and fix syntax of the check. * debian/rules: Do not try to build a -dbg on Ubuntu, we removed it from the control file. -- Martin Pitt Mon, 17 Mar 2008 17:01:32 +0100 cupsys (1.3.6-2ubuntu1) hardy; urgency=low * Merge with Debian unstable, where I applied most of our remaining Delta; Remaining Ubuntu changes: - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: + Revert to single cupsd.conf file for upgrade from Dapper, can be dropped after releasing Hardy. + Revert usr/share/doc symlink/directory breakage for upgrade from Gutsy, can be dropped after releasing Hardy. - debian/control, debian/rules: Drop cupsys-dbg package. This is not worth keeping as the only delta, so we can sync this package after Hardy's release. -- Martin Pitt Sun, 16 Mar 2008 22:57:04 +0100 cupsys (1.3.6-2) unstable; urgency=low * debian/rules: Configure with default log file permissions 0640. (Closes: #469853) * debian/control: Mention "lpr" in the description of -bsd, for easier apt-cache search catching. (Closes: #426519) * Remove debian/NEWS, there's nothing new since Etch's release. (Closes: #376580) * Add debian/patches/pbmprint.dpatch: Fix printing of PBM files, thanks to Eugeniy Meshcheryakov! (Closes: #313536) * debian/cupsys.preinst: Only chown /var/run/cups if it exists. (LP #156634) * Move scripting examples from cupsys to libcupsys2-dev. No need to install those 1.3 MB by default on every system, this is much more developer oriented. Mention this in the package description. * debian/rules: Explicitly build with -fno-stack-protector on arm and armel, since the compiler produces segfaulting binaries. Works around #469517. * search_mime_files_in_usr_share.dpatch: Do not fatally fail if DataDir/mime does not exist. This both makes much more sense (since /etc/cups is the canonical dir which must exist, and /usr/share/cups/mime is optional), and also unbreaks the test suite (which does not create this directory by default). * pidfile.dpatch: Specify PidFile in temporary directory in the self test's cupsd.conf. * debian/rules clean: Remove test suite HTML reports. * Add testsuite-exit-code.dpatch: Exit with nonzero if the test suite fails, so that it is easier to integrate into package building. * pdftops-cups-1.4.dpatch: Update pdftops location in test suite, too, so that it does not fail the PDF printing test. (Forwarded to STR #2759) * debian/rules: Run test suite on build. This will fail the build if any tests fail, so that problems on particular platforms will be caught easily. * debian/control: Add alternative (build-)depends to heimdal-dev. * debian/rules, debian/cupsys.postinst: Call update-rc.d to not install stop symlinks for runlevels 0 and 6, since they just needlessly slow down shutdown. Remove the obsolete kill symlinks on upgrade. Patch adopted from the Ubuntu branch, but without using the Ubuntu-only 'multiuser' mode of update-rc.d. * Add debian/local/apparmor-profile: AppArmor profile (taken from Ubuntu branch). Install it in debian/rules if package is built on Ubuntu (tested with lsb_release -is). Reload AppArmor in debian/cupsys.postinst if both the cupsys profile and AppArmor itself are present. * Add debian/patches/ubuntu-disable-browsing.dpatch: Disable Browsing by default when building on Ubuntu. * Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Set default job error policy to "Retry", since it is less confusing and a better default on desktop machines. This is only applied when building on Ubuntu. * debian/control: Add Vcs-{Svn,Browser} fields. -- Martin Pitt Sun, 16 Mar 2008 22:34:50 +0100 cupsys (1.3.6-1ubuntu2) hardy; urgency=low * debian/cupsys.preinst: - only chown /var/run/cups if it exists (LP: #156634) -- Michael Vogt Mon, 10 Mar 2008 11:25:29 +0100 cupsys (1.3.6-1ubuntu1) hardy; urgency=low * Merge with Debian unstable to bring in the new upstream bugfix-only release and some packaging fixes. See 1.3.5-1ubuntu1 for list of remaining changes. -- Martin Pitt Tue, 26 Feb 2008 14:36:47 +0100 cupsys (1.3.6-1) unstable; urgency=low * New upstream bugfix release. - Fixes (CVE-2008-0882, bug #467653). * Remove the following patches which are upstream now: - fix_regression_reactivate_net_ifaces_changes_detection.dpatch - web-interface-breaks-default-auth-setting.dpatch * search_mime_files_in_usr_share.dpatch: Greatly simplified the patch by using mimeMerge(), so that it is more robust against upstream changes. Forwarded to STR#2719. * Dropped cupsd.conf-AllowLocal.dpatch; it does not do anything good any more for the current web and GUI administration tools (they handle this fine by themselves), so it's obsolete now. * Drop enable{sharing,browsing} and {sharing,browsing}_status scripts. They have never been used in Debian, not used any more in Ubuntu, and the current frontends (web, system-config-printer, etc.) do this in a much better way. * debian/docs: Remove redundant LICENSE.txt. * debian/rules: Add a generic rule to install lintian overrides in debian/packagename.lintian. * Add lintian overrides for unjustified/wontfix complaints about libcupsys2 and cupsys. * debian/cupsys.doc-base: Remove erroneous whitespace in the section separator. * debian/rules: Remove *.o and *.so files from PHP scripting examples directory (it's /usr/share after all). * debian/cupsys.init.d: Add Short-Description. * debian/rules: Do not ship an empty /usr/share/cups/model/ directory. -- Martin Pitt Tue, 26 Feb 2008 14:23:50 +0100 cupsys (1.3.5-2ubuntu1) hardy; urgency=low * debian/local/apparmor-profile: Added Kerberos authentication support to the AppArmor profile (LP: #189022). -- Till Kamppeter Sat, 23 Feb 2008 18:01:06 +0100 cupsys (1.3.5-2) unstable; urgency=low [ Martin Pitt ] * debian/cupsys.init.d: Add Should-Start: avahi. (Closes: #459662) [ Till Kamppeter ] * debian/patches/pdftops-cups-1.4.dpatch, debian/local/filters/pdftops: Replaced Helge Blischke's alternative pdftops wrapper by the pdftops of CUPS 1.4. The old pdftops wrapper did not work with the pdftops filter of Poppler, the new one works with the pdftops filters of both Poppler and XPDF (Closes: #457810; Ubuntu LP: #182379). * debian/patches/web-interface-breaks-default-auth-setting.dpatch: When modifying server settings with the CUPS web interface, the setting for the default authentication got overwritten with gibberish (Closes: #461331; CUPS STR #2703, Ubuntu LP: #188426). * debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries, as they clutter the lists of detected printers and make the network printer discovery process taking more time than needed. Applied also a bug fix and the possibility of querying one IP address by calling the dnssd backend with the IP as command line argument (like the snmp CUPS backend). -- Martin Pitt Mon, 25 Feb 2008 11:13:15 +0100 cupsys (1.3.5-1ubuntu3) hardy; urgency=low [ Martin Pitt ] * debian/cupsys.init.d: Add Should-Start: avahi. (LP: #181122) [ Till Kamppeter ] * debian/local/backends/dnssd: Updated dnssd to filter out IPv6 entries, as they clutter the lists of detected printers and make the network printer discovery process taking more time than needed. Applied also a bug fix and the possibility of querying one IP address by calling the dnssd backend with the IP as command line argument (like the snmp CUPS backend). -- Till Kamppeter Tue, 29 Jan 2008 19:01:06 +0000 cupsys (1.3.5-1ubuntu2) hardy; urgency=low * No-change rebuild against libldap-2.4-2. -- Steve Langasek Tue, 22 Jan 2008 16:52:31 +0000 cupsys (1.3.5-1ubuntu1) hardy; urgency=low * Merge with Debian unstable; remaining Ubuntu changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade fixes that need to be kept until after the next LTS: + Revert to single cupsd.conf file. + Remove obsolete rc.d links. + Revert usr/share/doc symlink/directory breakage. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration. -- Martin Pitt Wed, 02 Jan 2008 13:29:53 +0100 cupsys (1.3.5-1) unstable; urgency=high [ Kenshi Muto] * New upstream release - cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress patch is merged. - Fix that SNMP backend did not check for negative string lengths. (CVE-2007-5849, closes: #457453). * Update pdftops.pl to 1.20. It fixes overwriting arbitary files via symlink attack. (CVE-2007-6358, closes: #456960) [ Till Kamppeter ] * debian/patches/fix_regression_reactivate_net_ifaces_changes_detection.dpatch : Fix a regression in upstream code that has removed the network interface update poll (CUPS STR #2631, LP: #177075). Thanks to Hugues Fournier (hugues dot fournier at gmail dot com) for the patch. -- Kenshi Muto Wed, 19 Dec 2007 17:07:05 +0900 cupsys (1.3.4-4) unstable; urgency=high [ Kenshi Muto] * cupsys depends on "ghostscript | gs-esp", not "ghostscript | gsp-esp"! I should punish myself. (closes: #456455) -- Kenshi Muto Tue, 18 Dec 2007 07:49:17 +0900 cupsys (1.3.4-3) unstable; urgency=high [ Martin Pitt ] * debian/control: Bump Standards-Version to 3.7.3 (no changes necessary). [ Till Kamppeter ] * debian/patches/cups-stops-broadcasting-on-hup-with-explicit-browseaddress.dpatch: cups stopped broadcasting on a hup signal when using a fixed browseaddress (cups str #2618, lp: #173470). [ Kenshi Muto] * Debconf translation - French (closes: #456272) - do update-debconfpo. Update all translations to use the msgstr 'dnssd' for msgid 'dnssd'. * cupsys depends on "ghostscript | gs-esp", to ease testing transition and upgrades from etch (closes: #456455). -- Kenshi Muto Mon, 17 Dec 2007 10:25:02 +0900 cupsys (1.3.4-2ubuntu3) hardy; urgency=low * debian/patches/cups-stops-broadcasting-on-HUP-with-explicit-BrowseAddress.dpatch: CUPS stopped broadcasting on a HUP signal when using a fixed BrowseAddress (CUPS STR #2618, LP: #173470). -- Till Kamppeter Mon, 10 Dec 2007 0:01:06 +0000 cupsys (1.3.4-2ubuntu2) hardy; urgency=low [ Martin Pitt ] * debian/local/apparmor-profile: Run drivers (PPD generators) unconfined, since they run as non-root and there are third-party ones we cannot control. [ Till Kamppeter ] * debian/local/backends/dnssd: Updated dnssd to support Mac OS X servers which broadcast their print queues only via DNS-SD and require clients to create raw IPP queues pointing to the server's queues manually. -- Martin Pitt Mon, 03 Dec 2007 11:22:57 +0100 cupsys (1.3.4-2ubuntu1) hardy; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.{pre,post}inst, debian/cupsys.preinst: Various upgrade fixes that need to be kept until after the next LTS: + Revert to single cupsd.conf file. + Remove obsolete rc.d links. + Revert usr/share/doc symlink/directory breakage. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration. * Revert most of the doc symlinking changes from 1.3.2-1ubuntu4, since Ubuntu's cdbs does it by default now. Clean up a few other pieces of Debian-Ubuntu delta noise along the way. * debian/local/apparmor-profile: Only restrict backends which are shipped by cupsys itself (or known packages like cups-pdf). All other backends remain unrestricted, since we cannot predict which privileges they need. * debian/local/apparmor-profile: Run bluetooth backend confined again and allow opening bluetooth sockets. -- Martin Pitt Mon, 03 Dec 2007 10:01:48 +0100 cupsys (1.3.4-2) unstable; urgency=low [ Kenshi Muto ] * Bumps up shlibs to 1.3.4. [ Martin Pitt ] * debian/control: Remove gs-esp alternative dependency, it's just "ghostscript" nowadays. * debian/control: Slightly bump the C/R: for -common; it's a pointless delta to Ubuntu and it doesn't hurt us. * debian/cupsys-bsd.postinst: Symlink cupsys-bsd's doc directory to cupsys-common's, not cupsys', since the latter is not a dependency. * debian/control: Demote cups-pdf from Recommends: to Suggests: to match the semantics (apt installs recommends by default now). * debian/cupsys.init.d: Add LSB header, thanks to Petter Reinholdtsen! (closes: #337640) * debian/rules: Configure with default printcap in /var/run/cups/. (closes: #452446) [ Till Kamppeter ] * Add debian/local/backends/dnssd: Printer discovery backend for several cheaper printers, like the HP Color LaserJet 2600n, are not discovered by the "snmp" backend. In addition, this backend extracts more info from the printers than the "snmp" backend, like for example available page description languages. This leads to better driver choices for unknown printer models. * debian/cupsys.install, debian/cupsys.{prerm,postinst,templates,rules}: Install new backend. * debian/control: Add Recommends: to avahi-utils; if it is installed, the dnssd backend can actually work. * debian/postinst: Activate new backends (since Etch) by default on upgrades. This affects snmp, scsi, serial, and dnssd. -- Martin Pitt Fri, 30 Nov 2007 18:42:15 +0100 cupsys (1.3.4-1ubuntu4) hardy; urgency=low * correct Replaces line in cupsys-common to make dapper->hardy upgrades work -- Michael Vogt Fri, 30 Nov 2007 11:28:44 +0100 cupsys (1.3.4-1ubuntu3) hardy; urgency=low * debian/local/apparmor-profile: - Allow rw access to /dev/parport* and ro access to /proc/sys/dev/parport/**, so that parallel port printer detection works. - Allow unconfined execution of the bluetooth backend. AppArmor currently forbids creation of bluetooth sockets without providing a profile option to allow it (see bug #172534). (LP: #147800) - Permit reading /etc/pnm2ppa.conf. (LP: #155530) - Disable AA profile for Samsung's MFP driver, since it needs very high and unknown privileges and is a third-party driver which we cannot control. (LP: #152537) -- Martin Pitt Wed, 28 Nov 2007 12:05:30 +0100 cupsys (1.3.4-1ubuntu2) hardy; urgency=low * debian/local/backends/dnssd, debian/rules, debian/cupsys.install, debian/cupsys.postinst, debian/cupsys.prerm, debian/cupsys.templates, debian/control: Added printer discovery backend "dnssd". Several cheaper printers, like the HP Color LaserJet 2600n, are not discovered by the "snmp" backend. In addition, this backend extracts more info from the printers than the "snmp" backend, like for example available page description languages. This leads to better driver choises for unknown printer models. -- Till Kamppeter Fri, 23 Nov 2007 12:01:06 +0000 cupsys (1.3.4-1ubuntu1) hardy; urgency=low * Merge new upstream version from Debian. -- Martin Pitt Wed, 07 Nov 2007 14:25:15 -0500 cupsys (1.3.4-1) unstable; urgency=high * New upstream release. - Fixes CVE-2007-4351 IPP Tags Memory Corruption Vulnerability (closes: #448866) [ Martin Pitt ] * debian/cupsys.postinst: Drop ancient code to remove root from group lpadmin. [ Kenshi Muto ] * Debconf translation - Finnish (closes: #446740) -- Kenshi Muto Fri, 02 Nov 2007 21:32:29 +0900 cupsys (1.3.2-1ubuntu7) gutsy; urgency=low * debian/cupsys.postinst: Drop ancient transitional code to remove root from group lpadmin. Under very odd circumstances ("root" has the same UID than the user) this could cause the user to be removed from group 'lpadmin'. Quite unlikely that this is the prime reason for LP #134503, but it's much cleaner in any case. -- Martin Pitt Mon, 15 Oct 2007 12:32:16 +0200 cupsys (1.3.2-1ubuntu6) gutsy; urgency=low * debian/local/apparmor-profile: Allow 'm' (executable mmapping) of /etc/shadow. This does not actually extend privileges since it is already readable, and does not actually make sense, but some weird backends want to do it nevertheless. (LP: #152061) -- Martin Pitt Sun, 14 Oct 2007 22:01:31 +0200 cupsys (1.3.2-1ubuntu5) gutsy; urgency=low * Revert previous approach to symlinking of documentation directories, and do it in a way that's more in line with the existing code in debian/rules. * debian/cupsys.docs: Remove duplicate files (LP: #149106). * Make libcupsys2 replace the broken version of cupsys to help out people who used dpkg --force-overwrite wrongly. * Fix dh_compress arguments to cope with moved examples. * debian/cupsys.preinst, debian/cupsys-common.preinst: Remove old directories before unpack, since dpkg won't replace directories with symlinks. -- Colin Watson Fri, 05 Oct 2007 02:46:34 +0100 cupsys (1.3.2-1ubuntu4) gutsy; urgency=low * cupsys-common: Depend on libcupsys2. * Symlink doc directories to avoid duplicate files. -- Matthias Klose Thu, 04 Oct 2007 17:45:31 +0200 cupsys (1.3.2-1ubuntu3) gutsy; urgency=low * No-change upload of 1ubuntu1, to revert the 1ubuntu2 upload which should never have happened. -- Martin Pitt Thu, 04 Oct 2007 13:42:28 +0200 cupsys (1.3.2-1ubuntu1) gutsy; urgency=low * Merge from Debian to get new upstream bug fix microrelease. (LP: #140877) * Removed debian/patches/fix_auto_rotate_images.dpatch: Fixed upstream (although slightly differently). * debian/local/apparmor-profile: Allow 'm' access to /etc/{passwd,group}. Apparently some backends want it that way. (part of LP #139665) * debian/local/apparmor-profile: Add forgotten /usr/lib/cups/cgi-bin/* rule to unbreak the web interface (regression from 1.3.0-4ubuntu2). -- Martin Pitt Wed, 19 Sep 2007 08:39:59 +0200 cupsys (1.3.2-1) unstable; urgency=low * New upstream bug fix release. - Fixes web interface for many browsers. (STR#2472, Closes: #440589) * Remove str2488-fix-localedir.dpatch, str2505_localize.dpatch, str2508-dont_kill_edit-config.tmpl.dpatch: Fixed upstream. -- Martin Pitt Tue, 18 Sep 2007 08:15:17 +0200 cupsys (1.3.0-4ubuntu4) gutsy; urgency=low [ Martin Pitt ] * debian/local/apparmor-profile: Allow cups-pdf to read /etc/papersize. [ Till Kamppeter ] * debian/patches/fix_auto_rotate_images.dpatch: Fix auto-rotation for best fit of images on the paper (CUPS STRs #2502 and #2513). -- Martin Pitt Wed, 12 Sep 2007 19:06:02 +0200 cupsys (1.3.0-4ubuntu3) gutsy; urgency=low * debian/local/apparmor-profile: Use abstraction tunable variables for /proc and /home. -- Kees Cook Wed, 12 Sep 2007 22:07:50 -0700 cupsys (1.3.0-4ubuntu2) gutsy; urgency=low * debian/local/apparmor-profile: #139105 was not a bug after all, but rather a misunderstood concept of AppArmor. Change the profile to allow unrestricted execution of filters, which are always run as unprivileged system user anyway. This should unbreak most third-party printer drivers. -- Martin Pitt Wed, 12 Sep 2007 19:02:43 +0200 cupsys (1.3.0-4ubuntu1) gutsy; urgency=low * Merge bugfixes from Debian. * debian/local/apparmor-profile: Append slashes to directory names, since AppArmor 2.1 wants it that way. * debian/local/apparmor-profile: Open up the profile for third-party printer drivers (like Turboprint, and other stuff in /usr/local/). This requires opening up the profile much more than necessary, due to AppArmor bug #139105. (LP: #133818) -- Martin Pitt Wed, 12 Sep 2007 15:34:13 +0200 cupsys (1.3.0-4) unstable; urgency=low * Install PO files again, but this time under /usr/share/cups/locale. cups has its own crazy PO file parser. * Add debian/patches/str2488-fix-localedir.dpatch: Make the --localedir configure option actually work (taken from upstream SVN, STR#2488) * debian/rules: Add --enable-gssapi to ensure that the package is built with Kerberos support. * debian/rules: Use -Wl,--as-needed linker flag. This drops a few unnecessary dependencies and should make checklib much happier. * Add debian/patches/str2508-dont_kill_edit-config.tmpl.dpatch: Do not kill edit-config.tmpl on distclean. Forwarded upstream as STR#2508. (Closes: #441697) * Add debian/patches/str2505_localize.dpatch: Fix localization of web interface (STR#2505, Closes: #440256) -- Martin Pitt Tue, 11 Sep 2007 22:43:06 +0200 cupsys (1.3.0-3ubuntu1) gutsy; urgency=low * Merge bugfixes from Debian. * debian/local/apparmor-profile: Allow dac_override for now; this is slightly nasty, but cups chowns a lot of files (e. g. in /var/spool/cups/tmp) to 'lp' and thus cannot read/write them any more afterwards. Since we confine file access pretty tightly, this should not be much of a problem. (LP: #133015) * debian/local/apparmor-profile: cupsd should manage /etc/printcap. (LP: #132969) -- Martin Pitt Tue, 21 Aug 2007 07:48:34 +0200 cupsys (1.3.0-3) unstable; urgency=low [ Martin Pitt ] * debian/control: Allow 'ghostscript' as alternative dependency to gs-esp. * debian/cupsys.dirs: Create /usr/lib/cups/backend/ (regression from the big debian/rules cleanup). (closes: #438432) * debian/cupsys.preinst: Bump the version comparison for the file owner cleanup, since some log files were still left as owned by 'cupsys' until #437536 was fixed. * debian/cupsys-common.files: Do not install the .po files, cups does not use them at runtime. (closes: #438625) [ Till Kamppeter ] * debian/local/postscript.ppd: New generic PostScript PPD file for unknown PostScript printers added. -- Martin Pitt Mon, 20 Aug 2007 16:23:58 +0200 cupsys (1.3.0-2ubuntu2) gutsy; urgency=low * debian/local/postscript.ppd: New generic PostScript PPD file for unknown PostScript printers added. -- Till Kamppeter Thu, 16 Aug 2007 18:01:06 +0100 cupsys (1.3.0-2ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.postinst: Various transitions that need to be kept until the next LTS: + Auto-enable snmp, scsi, and serial backends on upgrade. + Revert to single cupsd.conf file. + Remove obsolete rc.d links. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration. -- Martin Pitt Wed, 15 Aug 2007 09:39:08 +0200 cupsys (1.3.0-2) unstable; urgency=low * debian/control: Re-add erroneously dropped adduser dependencies to cupsys and cupsys-client. Still needed for addgroup lpadmin. (closes: #437951) * debian/control: Add missing libkrb5-dev dependency to libcupsys2-dev. -- Martin Pitt Wed, 15 Aug 2007 09:22:29 +0200 cupsys (1.3.0-1) unstable; urgency=low [ Till Kamppeter ] * New upstream release (first release of 1.3.x generation) * 90_include_krb5_h_in_job_h.dpatch: Added a missing "#include " to the scheduler/job.h file (upstream bug). * Regenerated patches: 44_fixconfdirperms.dpatch, 47_pid.dpatch, 70_reactivate_recommended_driver.dpatch. * Removed patches (fixed upstream): 53_usr_share_ppd_support.dpatch, 55_ppd_okidata_name.dpatch, 68_edit-config.dpatch * debian/control: Added "libkrb5-dev", and "libavahi-compat-libdnssd-dev" to the build dependencies, so that the new Kerberos and DNS Service Discovery support of CUPS gets compiled. * debian/libcupsys2-dev.files: Removed /usr/include/cups/md5.h This file is not provided any more by CUPS * debian/cupsys.install, debian/cupsys-client.files: Added new files. * debian/rules: Added more files to "clean::" rule which upstream has forgotten in "make clean". [ Martin Pitt ] * Bump library shlibs to >= 1.3.0. * Drop 02_configure.dpatch, upstream configure does not set rpath any more for prefix=/usr. * Drop 54_cups-config_modeldir.dpatch, --modeldir was never actually used anywhere and not documented, and LSB prescribes /usr/share/ppd/ anyway. * Drop 56_dirsvc.dpatch, which was fixed upstream long ago and disabled in 00list anyway since then. * Drop 67_printcap.dpatch: /var/run/cups/printcap is now the implicit default upstream. * debian/patches: Drop number prefixes from patches. The enumeration is not useful at all any more since it both got inflated and is not sorted by any category. With dpatch we also do not need number prefixes. -- Martin Pitt Tue, 14 Aug 2007 21:10:50 +0200 cupsys (1.3.0-0ubuntu1) gutsy; urgency=low [ Till Kamppeter ] * New upstream release (first release of 1.3.x generation) * 90_include_krb5_h_in_job_h.dpatch: Added a missing "#include " to the scheduler/job.h file (upstream bug). * Regenerated patches: 44_fixconfdirperms.dpatch, 47_pid.dpatch, 70_reactivate_recommended_driver.dpatch, ubuntu-disable-browsing.dpatch, ubuntu-default-error-policy-retry-job.dpatch * Removed patches (fixed upstream): 53_usr_share_ppd_support.dpatch, 55_ppd_okidata_name.dpatch, 68_edit-config.dpatch * debian/control: Added "libkrb5-dev", and "libavahi-compat-libdnssd-dev" to the build dependencies, so that the new Kerberos and DNS Service Discovery support of CUPS gets compiled. * debian/libcupsys2-dev.files: Removed /usr/include/cups/md5.h This file is not provided any more by CUPS * debian/cupsys.install, debian/cupsys-client.files: Added new files. * debian/rules: Added more files to "clean::" rule which upstream has forgotten in "make clean". [ Martin Pitt ] * debian/local/apparmor-profile: Some more updates to work with third-party printer drivers (also under /opt). * Bump library shlibs to >= 1.3.0. -- Martin Pitt Tue, 14 Aug 2007 20:00:00 +0200 cupsys (1.2.12-4) unstable; urgency=low [ Martin Pitt ] * cupsys.logrotate: Fix last occurence of 'cupsys' user. (closes: #437536) * Moved all Debian specific filters to debian/local/filters. * Cleaned up debian/rules, moved some file installs to debian/cupsys.install. * Merge debian/cupsys.files into debian/cupsys.install and remove the former. Two different files are just too confusing. * debian/local/filters/pdftops: Do not pass /etc/cups/pdftops.conf to pdftops if it does not exist (poppler-utils does not have this file). (https://launchpad.net/bugs/125300) [ Martin-Éric Racine ] * Corrected download URL in debian/copyright. * Added debian/watch file using that URL. * Revised the Uploaders in debian/control: - Fixed the name for Masayuki Hatta. - Added Roger Leigh. * Removed cupsys-driver-gimpprint alternative in debian/control; superseded by cupsys-driver-gutenprint since Etch. -- Martin-Éric Racine Sun, 12 Aug 2007 13:36:30 +0300 cupsys (1.2.12-3ubuntu3) gutsy; urgency=low * debian/local/apparmor-profile: Allow unrestricted access to hplip. This has not been confined before and unbreaks hplip until we get an actual profile for it. (LP: #131470) -- Martin Pitt Tue, 14 Aug 2007 17:08:50 +0200 cupsys (1.2.12-3ubuntu2) gutsy; urgency=low * cupsys.logrotate: Fix last occurence of 'cupsys' user. * Moved all Debian specific filters to debian/local/filters. * Cleaned up debian/rules, moved some file installs to debian/cupsys.install. * Merge debian/cupsys.files into debian/cupsys.install and remove the former. Two different files are just too confusing. * debian/local/filters/pdftops: Do not pass /etc/cups/pdftops.conf to pdftops if it does not exist (poppler-utils does not have this file). (LP: #125300) * debian/local/apparmor-profile: Unbreak library access (for e. g. ghostscript and gutenprint) and allow execution of pdftops and pstops. * debian/local/apparmor-profile: Update profile to work with cups-pdf. -- Martin Pitt Sat, 11 Aug 2007 16:44:13 +0200 cupsys (1.2.12-3ubuntu1) gutsy; urgency=low * Merge latest fixes from Debian unstable. (LP: #29050) * debian/local/apparmor-profile: - Use abstractions/authentication and drop the passwd/shadow/pam rules. - Drop the redundant "/usr/lib/** mr" rule (already in 'base'). - Enforce by default, so that we get actual protection. -- Martin Pitt Thu, 09 Aug 2007 21:16:34 +0200 cupsys (1.2.12-3) unstable; urgency=low [ Martin-Éric Racine ] * Added presubj script to warn bug reporters to avoid filing Poppler or XPDF security issues, since we don't use that codebase; we call external programs who do and that's where the bug should be filed. [ Martin Pitt ] * cupsys.init.d: Remove stray chown'ing to 'cupsys' which does not exist any more. (closes: #436662) * cupsys.init.d: Fix detection of parallel printers when 'lp' is already loaded. (https://launchpad.net/bugs/29050) * debian/cupsys.init.d: Put back 'reload'. -- Martin Pitt Thu, 09 Aug 2007 20:47:42 +0200 cupsys (1.2.12-2ubuntu2) gutsy; urgency=low * cupsys.init.d: Remove stray chown'ing to 'cupsys' which does not exist any more.' -- Martin Pitt Wed, 08 Aug 2007 12:56:01 +0200 cupsys (1.2.12-2ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control, debian/rules: Drop cupsys-dbg package. - debian/cupsys.postinst: Various transitions that need to be kept until the next LTS: + Auto-enable snmp, scsi, and serial backends on upgrade. + Revert to single cupsd.conf file. + Remove obsolete rc.d links. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Add AppArmor profile: + debian/local/apparmor-profile + debian/cupsys.postinst: Reload AA profile on configuration. -- Martin Pitt Mon, 06 Aug 2007 16:24:49 +0200 cupsys (1.2.12-2) unstable; urgency=low [ Kenshi Muto ] * Added scripting directory to /usr/share/doc/cupsys/examples. This directory contains the binding code from Java, Perl, and PHP to CUPS. (closes: #193076) Although we Debian CUPS team cannot afford to maintain them, some of you may want them. * Added 'Recommends: cupsys' to cupsys-bsd. (closes: #426521) * Changed cupsys-client from 'Recommends: cupsys-bsd' to 'Suggests: cupsys-bsd.' because cupsys-bsd isn't so necessary for cupsys-client. * Fixed to use 'cupsys' instead of 'cups' for PAM on cups-check-pam-auth. (though Debian CUPS doesn't use this daemon) (closes: #425701) * Added debconf-2.0 to the dependency of cupsys-bsd. (closes: #415684) [ Martin Pitt ] * Drop the derooting changes. It still has some regressions, and with upstream not even acknowledging the need for improving cupsys' security we will sit on this forever. This will be replaced by an AppArmor/SELinux profiles in the future. - Drop derooting related patches: 06_disable_backend_setuid.dpatch 10_external_pam_helper.dpatch 09_runasuser.dpatch 09_runasuser_autoconf.dpatch - debian/cupsys{,-client}.postinst: Drop the 'cupsys' user setup and file permission juggling. - debian/rules: + Drop --with-cups-user configure option. + Do not modify the upstream default backend permissions. - debian/cupsys.init.d: Do not touch log file permissions any more. - debian/cupsys.files: Drop cups-check-pam-auth. - debian/NEWS: Drop description of derooting changes. - debian/control: Drop adduser dependency. * debian/patches/44_fixconfdirperms.dpatch: Do not create /var/run/cups/certs as lp:lpadmin, but as root:lpadmin, so that cupsd does not need CAP_DAC_OVERRIDE. This will make it possible to create a sensible AppArmor/SELinux profile. * debian/cupsys.preinst: Fix file permissions on upgrades (owner cupsys -> root). * debian/control, debian/rules: Remove references to libcupsys2-gnutls10, since it's a transitional package in Etch and not relevant any more in Lenny. * debian/cupsys.{pre,post}inst: Remove obsolete transition bits. * Remove obsolete debian/patches/05_avoidunknowngroup.dpatch. * Use ssl-cert's "snakeoil" SSL certificate by default: (Closes: #402370) - debian/control: Add ssl-cert dependency. - debian/cupsys.postinst: Symlink snakeoil SSL certificate if present, and there is none present yet. * debian/control: Replace obsolete ${Source-Version} with ${binary:Version}. [ Till Kamppeter ] * Add debian/local/textonly.{ppd,filter}: Text-only printer driver from Red Hat. Install it in debian/rules. * debian/rules: Install the D-Bus config file so that CUPS reports job progress to dbus clients (like sytem-config-printer). * Add debian/local/oopstops.{.pl,types,convs}: Helge Bliscke's oopstops filter to work around the bugs in the PostScript output of OpenOffice.org (from http://www.srz.de/Members/bla/cups/filter/oopstops). Install them in debian/rules. -- Martin Pitt Mon, 06 Aug 2007 15:47:33 +0200 cupsys (1.2.12-1ubuntu3) gutsy; urgency=low * debian/rules: Install the D-Bus config file so that CUPS reports job progress to the applet of sytem-config-printer * debian/rules, devian/textonly.ppd, debian/textonly.filter: Added text-only printer driver from Red Hat. -- Till Kamppeter Sun, 5 Aug 2007 20:22:06 +0100 cupsys (1.2.12-1ubuntu2) gutsy; urgency=low * Drop our derooting changes. It still has some regressions, and with upstream not even acknowledging the need for improving cupsys' security we will sit on this forever. (LP: #119289, LP: #129634) - Drop derooting related patches: 06_disable_backend_setuid.dpatch 10_external_pam_helper.dpatch 09_runasuser.dpatch 09_runasuser_autoconf.dpatch - debian/cupsys{,-client}.postinst: Drop the 'cupsys' user setup and file permission juggling. - debian/rules: + Drop --with-cups-user and --enable-privilege-dropping configure options. + Do not modify the upstream default backend permissions. - debian/cupsys.init.d: Do not touch log file permissions any more. - debian/cupsys.files: Drop cups-check-pam-auth. - debian/NEWS: Drop description of derooting changes. - debian/control: Drop adduser dependency. * debian/patches/44_fixconfdirperms.dpatch: Do not create /var/run/cups/certs as lp:lpadmin, but as root:lpadmin, so that cupsd does not need CAP_DAC_OVERRIDE. This will make it possible to create a sensible AppArmor profile. * debian/cupsys.preinst: Fix file permissions on upgrades (owner cupsys -> root). * Add debian/local/apparmor-profile: AppArmor profile for cupsys, to replace the former derooting patches. This uses complain mode for now, until we got some more testing. Install it to /etc/apparmor.d/usr.sbin.cupsd in debian/rules and reload apparmor in debian/cupsys.postinst on configure. -- Martin Pitt Thu, 02 Aug 2007 14:06:05 +0200 cupsys (1.2.12-1ubuntu1) gutsy; urgency=low * Merge to Debian's svn head to get upstream fixes. * debian/patches/10_external_pam_helper.dpatch: Close pipes in the case of errors, too. This can not really be responsible for the mess in #112803, but should be fixed anyway. -- Martin Pitt Mon, 16 Jul 2007 15:58:08 +0200 cupsys (1.2.12-1) unstable; urgency=low * New upstream release * removed unnecessary dependency against patch package (Closes: #431069) * Debconf translation - Danish (Closes: #426772) - Vietnamese (Closes: #426822) - Spanish (Closes: #430004) * Disabled external_pam_helper due to #425944 and Ubuntu#112803. (closes: #425944) -- Kenshi Muto Sat, 14 Jul 2007 14:56:24 +0900 cupsys (1.2.11-2ubuntu2) gutsy; urgency=low * debian/oopstops*, debian/rules: Added Helge Bliscke's oopstops filter to work around the bugs in the PostScript output of OpenOffice.org (from http://www.srz.de/Members/bla/cups/filter/oopstops). -- Till Kamppeter Mon, 4 Jun 2007 11:22:06 +0100 cupsys (1.2.11-2ubuntu1) gutsy; urgency=low * Merge ipp fix from Debian unstable. -- Martin Pitt Wed, 16 May 2007 09:16:33 +0200 cupsys (1.2.11-2) unstable; urgency=low * debian/rules: Latest cups installs the ipp backend with 0700 permissions, which makes it inaccessible to both the cups daemon (Closes: #423972) and unreadable for users (Closes: #415872) -- Martin Pitt Wed, 16 May 2007 09:06:44 +0200 cupsys (1.2.11-1ubuntu1) gutsy; urgency=low * Synchronize to Debian; remaining Ubuntu changes: - Snakeoil SSL cert support: + debian/control: Add ssl-cert dependency. + debian/cupsys.postinst: Symlink snakeoil SSL certificate if present. + debian/cupsys.preinst: Fix global SSL certificate owner/mode breakage (see 1.2.1-2ubuntu2); this needs to be kept until the next LTS release. - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/cupsys.postinst: Remove obsolete rc.d links. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control: Drop cupsys-dbg. - debian/cupsys.{config,postinst}: Transition to enable additional backends on upgrades. Needs to be kept until next LTS release. - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. * Drop patches which are upstream now: - 80_brother_no_backchannel.dpatch - 92_texttops-prettyprint-crash.dpatch - 94_doc-port-in-client-conf.dpatch - 96_more-bug-fixes-between-cups-1.2.8-1.2.9.dpatch - 90_testpage-on-large-paper-sizes.dpatch -- Martin Pitt Mon, 14 May 2007 11:07:42 +0200 cupsys (1.2.11-1) unstable; urgency=low [ Kenshi Muto ] * Applied templates improvement patch contributed by debian-l10n-english team. (closes: #416350) * Debconf translation - Japanese - Galician (closes: #416357) - Swedish (closes: #416356) - Catalan (closes: #416367) - Basque (closes: #416385) - Norwegian (closes: #416401) - Italian (closes: #416407) * New upstream version 1.2.11: - 56_dirsvc patch is merged. [ Christian Perrier ] * Debconf translation - Czech (closes: #416939) - German (closes: #416994) - Brazilian Portuguese (closes: #417249) - French - Malayalam. (closes: #418030) - Russian. (closes: #417874) - Dutch. (closes: #418135) - Portuguese (closes: #418299) [ Martin Pitt ] * New upstream bugfix release (closes: #421899). Synchronize patches with Ubuntu and new upstream version 1.2.10: * Drop patches which are fixed upstream: 00_00str2111.dpatch, 00_01str2137.dpatch, 00_02str2144.dpatch, 00_03str2106.dpatch, 00_04str2117.dpatch, 00_05str2133.dpatch, 00_06str2121.dpatch, 00_07str2123.dpatch, 00_08str2135.dpatch, 00_09str2198.dpatch, 03_clean.dpatch, 65_detect_http_shutdown.dpatch * Remove a few obsolete patches: 08_cupsd.conf.conf.d.dpatch, 26_modprobe.dpatch, 48_stdlib.dpatch, 61_job_c_strangeloop.dpatch, 08_cupsd.conf.conf.d.dpatch, 64_driverfolder.dpatch. * Add debian/patches/14_dont_force_ssl.dpatch: Do not require SSL for /admin pages, since gnome-cups-manager (and most probably other GUI frontends) does not support this. * Add debian/patches/58_cupsd.conf-AllowLocal.dpatch: Allow access to local ethernet by default. This just affects the ACL, for actually enabling access cupsd needs to be switched to not only listen on localhost. With that, this setting does not need to be configured in two different places. * Add debian/patches/70_reactivate_recommended_driver.dpatch: Upstream CUPS filters the "(recommended)" marking from the NickNames of the PPD files when listing PPDs. These are an important orientation for the user and they are also made use of by some printer setup tools. We need them at least until a better solution for recommending drivers gets available. * Add debian/patches/98_search_mime_files_in_usr_share.dpatch: Let CUPS also search for *.types and *.convs files in /usr/share/cups/mime. This way packages can provide *.types and *.convs files which do not get considered as conffiles. (See https://launchpad.net/36532 for details). * debian/patches/*.dpatch: Forwarded a lot of patches to upstream bug tracker, add STR URLs to dpatch DP: headers. Synchronize packaging with Ubuntu: * debian/control: Drop transitional libcupsys2-gnutls10 package, it was only required for Sarge->Etch upgrades. * debian/control: Change netbase dependency to update-inetd, since that lives in its own package now. * debian/local/enable_sharing: Also match on 127.0.0.1 IP adresses in addition to 'localhost'. * debian/rules: Most of the clean:: rule is obsolete, only two files are left behind now. These two have been reported upstream in http://www.cups.org/str.php?L2366. * debian/cupsys.templates: Activate SCSI, serial, and SNMP backends by default. With these backends activated, many printers can be easily set up with the printer setup tools. Especially network printers get auto-detected and the correct URI gets assigned to them (doing this manually is a non-trivial task for most users). * debian/cupsys.dirs: Add /usr/share/ppd/custom/, a place where lpadmins can store additional PPDs (this functionality is e. g. provided in gnome-cups-manager's "Custom driver..." file dialog). * debian/cupsys.init.d: Give proper permissions to /usr/share/ppd/custom/: root:lpadmin 3775. Drop the obsolete chmod/chowning of /usr/share/cups/model. * Run the backend as non-root system user to confine the impact of security vulnerabilities: - Add debian/patches/10_external_pam_helper.dpatch: + Add a helper program 'cups-check-pam-auth' which performs PAM authentication and returns the status as exit code. + scheduler/auth.c, cupsdAuthorize(): Attempt to use cups-check-pam-auth before trying native PAM. + With this we do not need to put the cupsys user into the shadow group. - debian/cupsys.files: Install PAM helper. - debian/cupsys.postinst: Set permissions of PAM helper to cupsys:shadow 2754, alter permissions of some configuration files and directories to work with non-root cupsd. - debian/cupsys.postinst: Fix /var/cache/cups/ permissions for upgrades which might have written cache files as root. - debian/cupsys.logrotate: Save log files as cupsys:lpadmin. - debian/cupsys.init.d: Disable 'reload'; change force-reload to restart, since cupsd cannot reload as non-root. - debian/cupsys.init.d: Set up proper permissions of log files. - debian/rules: Enable --enable-privilege-dropping configure option. - debian/rules: Install lpd backend suid root, so that it can bind to ports < 1024 (really silly, but required for RFC compliance). - debian/cupsys-client.postinst, debian/cupsys.postinst: Set up cupsys system user. * debian/NEWS: Describe derooting. -- Martin Pitt Mon, 14 May 2007 09:23:16 +0200 cupsys (1.2.8-0ubuntu8) feisty; urgency=low * debian/cupsys.postinst: Clean up the mess which cupsys_1.2.8-0ubuntu3 and later caused by activating all the CUPS backends (closes: LP#92042). * debian/cupsys.postinst, debian/rules: Removed directories /opt/share/ppd and /usr/local/share/ppd. LSB 3.2 will only require /usr/share/ppd (PPD files and directories at other places should be symlinked to here) to not conflict with FHS (closes: LP#94353). -- Till Kamppeter Tue, 3 Apr 2007 17:22:06 +0100 cupsys (1.2.8-0ubuntu7) feisty; urgency=low * debian/cupsys.postinst: Sync /usr/lib/cups/backend always with the debconf settingsm, as otherwise sooner or later the backend directory will be empty (closes: LP#92042). * 96_more-bug-fixes-between-cups-1.2.8-1.2.9.dpatch: Generated some garbage files. Fixed. -- Till Kamppeter Tue, 14 Mar 2007 16:22:06 +0000 cupsys (1.2.8-0ubuntu6) feisty; urgency=low * 98_search_mime_files_in_usr_share.dpatch: CUPS failed reading the *.types and *.convs files in /etc/cups when /usr/share/cups/mime did not exist. Fixed (closes: LP#92205). -- Till Kamppeter Tue, 14 Mar 2007 12:22:06 +0000 cupsys (1.2.8-0ubuntu5) feisty; urgency=low * debian/cupsys.postinst: Assure that special permissions of lpd backend are always correctly set for the link in /usr/lib/cups/backend (closes: LP#91382). * 98_search_mime_files_in_usr_share.dpatch: Let CUPS also search for *.types and *.convs files in /usr/share/cups/mime. This way packages can provide *.types and *.convs files which do not get considered as conffiles (All files in /etc get considered as conffiles, closes: LP#36532). * 96_more-bug-fixes-between-cups-1.2.8-1.2.9.dpatch: Keep up with upstream bug fixes: o cupsd crash in get_jobs: In get_jobs when my-jobs is set, we compare the job username before it is loaded (upstream STR #2288). o Fixed messed-up french translation (upstream STR #2287). o The scheduler's openssl certificate generation code was broken on some platforms (upstream STR #2282). o The scheduler's log rotation check for devices was broken (upstream STR #2278). o The LPD mini-daemon did not handle the document-format option correctly (upstream STR #2266). -- Till Kamppeter Mon, 12 Mar 2007 15:22:06 +0000 cupsys (1.2.8-0ubuntu4) feisty; urgency=low * debian/cupsys.postinst: (De)activate backends also if the user initially installs cupsys (no update from older cupsys package). * 96_more-bug-fixes-between-cups-1.2.8-1.2.9.dpatch: Keep up with upstream bug fixes: o The pdftops filter ignored the "match" size option in the pdftops.conf file (upstream STR #2285) o cupstestppd now validates UTF-8 text strings in globalized PPD files (STR #2283) o The outputorder=reverse option did not work with all printers (STR #2279) -- Till Kamppeter Sun, 11 Mar 2007 17:22:06 +0000 cupsys (1.2.8-0ubuntu3) feisty; urgency=low * debian/cupsys.templates: Re-activated CUPS backeds "snmp", "serial", and "scsi" which were deactivated by Debian. With these backends activated many more printers can be easily set up with the printer setup tools. Especially network printers get auto-detected and the correct URI gets assigned to them (doing this manually is a non-trivial task for most users. * debian/cupsys.config, debian/cupsys.postinst: (De)activate only if the user has called the configuration interface (eg by calling "dpkg-reconfigure cupsys") and changed something there. * debian/cupsys.postinst: On an update from any older cupsys package to this one or newer activate the snmp, scsi, and serial backends. * 96_more-bug-fixes-between-cups-1.2.8-1.2.9.dpatch: Keep up with upstream bug fixes: o Classes containing other classes did not always work (upstream STR #2255) o Printer location and description information was lost if the corresponding string contained the "#" character (upstream STR #2254) o cupsRemoveOption() did not work properly (upstream STR #2264) -- Till Kamppeter Mon, 5 Mar 2007 19:22:06 +0000 cupsys (1.2.8-0ubuntu2) feisty; urgency=low * 70_reactivate_recommended_driver.dpatch: Upstream CUPS filters the "(recommended)" marking from the NickNames of the PPD files when listing PPDs. These are an important orientation for the user and they are also made use of by some printer setup tools. We need them at least until a better solution for recommending drivers gets available. * 80_brother_no_backchannel.dpatch: Brother printers are not accessible any more when they have printed one job through the CUPS "usb" backend. The problem is solved by letting the backend not querying the backchannel on these printers any more (closes: LP#57050, upstream STR #2243). * 90_testpage-on-large-paper-sizes.dpatch: The labels at the rulers on the borders of the CUPS test page got too big on large paper sizes (closes: LP#85339, upstream STR #2252). * 92_texttops-prettyprint-crash.dpatch: The plain text filter of CUPS crashed when using the prettyprint option (upstream STR #2158). * 94_doc-port-in-client-conf.dpatch: The documentation did not tell how to specify a port in client.conf. -- Till Kamppeter Thu, 22 Feb 2007 12:22:06 +0000 cupsys (1.2.8-0ubuntu1) feisty; urgency=low * New upstream bugfix release. * Removed patches: 00_NNstrXXXX.dpatch, 65_detect_http_shutdown.dpatch: These were backported from SVN and are now part of 1.2.8. * debian/patches/09_runasuser_autoconf.dpatch: Adapt to new upstream version. * debian/control: Set Ubuntu maintainer. -- Martin Pitt Wed, 21 Feb 2007 14:22:44 +0100 cupsys (1.2.7-4ubuntu2) feisty; urgency=low * debian/local/enable_sharing: Fix regex to find both 127.0.0.1 and 'localhost' to fix enabling sharing the second time. Closes: LP#75903 * debian/patches/09_runasuser.dpatch: Drop root privileges of cups-polld after creating the socket. This allows cupsd to kill polld on shutdown, and has the nice side effect of improving security. Closes: LP#30965 -- Martin Pitt Wed, 7 Feb 2007 17:48:28 +0100 cupsys (1.2.7-4ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - Snakeoil SSL cert support: + debian/control: Add ssl-cert dependency. + debian/cupsys.postinst: Symlink snakeoil SSL certificate if present. - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/cupsys.postinst: Remove obsolete rc.d links. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control: Drop libcupsys2-gnutls10 and cupsys-dbg packages. - Run cupsd as system user 'cupsd' instead of root to confine impact of security vulnerabilities: + cupsys{,-client}.postinst: Set up cupsys user and put it into the appropriate groups. + debian/cupsys.init.d: Set up proper permissions of log files. + debian/cupsys.init.d: Disable 'reload', force-reload does restart, since cupsd cannot reload as non-root. + debian/cupsys.logrotate: Own the log files to cupsys:lpadmin. + Add debian/patches/ubuntu-external-pam-helper.dpatch: Helper program cups-check-pam-auth which performs PAM authentication and returns the status as exit code. + debian/cupsys.files: Install cups-check-pam-auth. + debian/cupsys.postinst: Set permissions of cups-check-pam-auth to cupsys:shadow 2754. + debian/rules: Configure with --enable-privilege-dropping. + debian/rules: Install lpd backend suid root so that it can bind to a privileged port. - Support user-installed PPDs: - debian/cupsys.dirs: Add usr/share/ppd/custom. - debian/cupsys.init.d: Set up this dir as root:lpadmin 03775. - debian/patches/14_dont_force_ssl.dpatch: Do not require SSL for the web frontend since gnome-cups-manager does not cope with that. - debian/patches/58_cupsd.conf-AllowLocal.dpatch: Allow access to local ethernet by default. This just affects the ACL, for actually enabling access cupsd needs to be switched to not only listen on localhost. (So this does not need to be configured in two different places). - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Changed dependency in cupsys-bsd for netbase into update-inetd. - Removed obsolete emacs config settings at the end of changelog. * debian/cupsys.init.d: Fixed parallel port module loading in the init script, the "ppdev" module got only loaded when the "lp" module was not loaded yet (closes LP#29050). * debian/cupsys.init.d: Set permissions of log files again after starting the CUPS daemon, as the daemon sets them to a bad state so that it cannot log after dropping privileges (closes LP#54277). -- Till Kamppeter Tue, 6 Feb 2007 13:22:06 +0000 cupsys (1.2.7-4) unstable; urgency=high [ Kenshi Muto ] * Use dh_usrlocal to install files in /usr/local in the maintainer scripts, instead of shipping them in the deb. This was policy violation (closes: #409335) -- Kenshi Muto Fri, 2 Feb 2007 18:16:24 +0900 cupsys (1.2.7-3) unstable; urgency=high [ Kenshi Muto ] * removed STR2137 patch. This patch corruted some Postscript files. (closes: #403703) This was a release critical bug. * Provides /usr/local/share/ppd and /opt/share/ppd to satisfy LSB 3.2. (closes: #408154) * Applied upstream patch: - STR2198: The scheduler still loaded the remote printer cache, even when browsing was disabled * Debconf translation - Portuguese (closes: #408332) - Norwegian (closes: #406253) -- Kenshi Muto Thu, 1 Feb 2007 10:17:30 +0000 cupsys (1.2.7-2ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - Snakeoil SSL cert support: + debian/control: Add ssl-cert dependency. + debian/cupsys.postinst: Symlink snakeoil SSL certificate if present. - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/cupsys.postinst: Remove obsolete rc.d links. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control: Drop libcupsys2-gnutls10 and cupsys-dbg packages. - Run cupsd as system user 'cupsd' instead of root to confine impact of security vulnerabilities: + cupsys{,-client}.postinst: Set up cupsys user and put it into the appropriate groups. + debian/cupsys.init.d: Set up proper permissions of log files. + debian/cupsys.init.d: Disable 'reload', force-reload does restart, since cupsd cannot reload as non-root. + debian/cupsys.logrotate: Own the log files to cupsys:lpadmin. + Add debian/patches/ubuntu-external-pam-helper.dpatch: Helper program cups-check-pam-auth which performs PAM authentication and returns the status as exit code. + debian/cupsys.files: Install cups-check-pam-auth. + debian/cupsys.postinst: Set permissions of cups-check-pam-auth to cupsys:shadow 2754. + debian/rules: Configure with --enable-privilege-dropping. + debian/rules: Install lpd backend suid root so that it can bind to a privileged port. - Support user-installed PPDs: - debian/cupsys.dirs: Add usr/share/ppd/custom. - debian/cupsys.init.d: Set up this dir as root:lpadmin 03775. - debian/patches/14_dont_force_ssl.dpatch: Do not require SSL for the web frontend since gnome-cups-manager does not cope with that. - debian/patches/58_cupsd.conf-AllowLocal.dpatch: Allow access to local ethernet by default. This just affects the ACL, for actually enabling access cupsd needs to be switched to not only listen on localhost. (So this does not need to be configured in two different places). - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. - Changed dependency in cupsys-bsd for netbase into update-inetd. - Removed obsolete emacs config settings at the end of changelog. * Added directories and links for PPD files according to the FHS extension for a distribution-independent printer driver location: http://lists.freestandards.org/pipermail/printing-architecture/2006/001512.html (Debian bug #408154). -- Till Kamppeter Fri, 26 Jan 2007 13:22:06 +0000 cupsys (1.2.7-2) unstable; urgency=high [ Kenshi Muto ] * Applied upstream patches to fix some (include RC) bugs as dpatch style: - STR2106: Raw PBM files did not print correctly - STR2111: The PostScript filter did not properly output document setup commands for reversed output (closes: Bug#403703) - STR2117: The scheduler did not parse IPv6 netmask properly - STR2121: cupsDoAuthentication() did not translate the password prompt - STR2123: The backends incorrectly used STATUS: media-tray-empty-error messages for out-of-paper conditions - STR2133: httpGetLength2() did not handle error messages without content correctly - STR2135: cupsMarkOptions() did not handle the multiple-document-handling option - STR2137: Collated output produced by the PostScript filter could lose some options - STR2144: job-hold-until with time values for the next day would be held for 60 days * 67_printcap: Add Printcap/PrintcapFormat/PrintcapGUI variables to cupsd.conf file. (closes: #401981) * cupsys makes /var/run/cups/certs. Although CUPS daemon can make it automatically, the daemon logs an warning. * 68_edit-config: Provide same cupsd.conf as initial package installation. -- Kenshi Muto Wed, 6 Dec 2006 22:42:34 +0000 cupsys (1.2.7-1ubuntu2) feisty; urgency=low * Change dependency in cupsys-bsd for netbase into update-inetd. * Remove obsolete emacs config settings at the end of changelog. -- Tollef Fog Heen Thu, 14 Dec 2006 11:37:58 +0100 cupsys (1.2.7-1ubuntu1) feisty; urgency=low * Merge to Debian unstable to get new upstream bugfix release. -- Martin Pitt Fri, 24 Nov 2006 17:53:12 +0100 cupsys (1.2.7-1) unstable; urgency=low * New upstream release - Added Italian translation [ Kenshi Muto ] * Add printer.schema to /usr/share/doc/cupsys/examples for LDAP. (closes: #399122) -- Kenshi Muto Sat, 18 Nov 2006 10:03:30 +0900 cupsys (1.2.6-2) unstable; urgency=low [ Kenshi Muto ] * Debconf translation - Brazillian Portuguese (closes: #397842) - Basque (closes: #398574) * 00_r6100: Apply SVN r6100. - Fixed an inefficiency in the SNMP IPP detection code (closes: #397833) -- Kenshi Muto Tue, 14 Nov 2006 22:29:08 +0900 cupsys (1.2.6-1) unstable; urgency=low * New upstream release Fixes bugs include - "lpc status" did not show the number of queued jobs for disabled queues - The lpstat program could hang -- Kenshi Muto Tue, 7 Nov 2006 21:09:33 +0900 cupsys (1.2.5-1ubuntu1) feisty; urgency=low * Merge to Debian svn head. Remaining Ubuntu changes: - Snakeoil SSL cert support: + debian/control: Add ssl-cert dependency. + debian/cupsys.postinst: Symlink snakeoil SSL certificate if present. - TearDown (fast shutdown): + debian/control: Add sysv-rc (>= 2.86.ds1-14.1ubuntu2) dependency. + debian/cupsys.postinst: Remove obsolete rc.d links. + debian/rules: Use 'multiuser' update-rc.d mode. - debian/control: Drop libcupsys2-gnutls10 and cupsys-dbg packages. - Run cupsd as system user 'cupsd' instead of root to confine impact of security vulnerabilities: + cupsys{,-client}.postinst: Set up cupsys user and put it into the appropriate groups. + debian/cupsys.init.d: Set up proper permissions of log files. + debian/cupsys.init.d: Disable 'reload', force-reload does restart, since cupsd cannot reload as non-root. + debian/cupsys.logrotate: Own the log files to cupsys:lpadmin. + Add debian/patches/ubuntu-external-pam-helper.dpatch: Helper program cups-check-pam-auth which performs PAM authentication and returns the status as exit code. + debian/cupsys.files: Install cups-check-pam-auth. + debian/cupsys.postinst: Set permissions of cups-check-pam-auth to cupsys:shadow 2754. + debian/rules: Configure with --enable-privilege-dropping. + debian/rules: Install lpd backend suid root so that it can bind to a privileged port. - Support user-installed PPDs: - debian/cupsys.dirs: Add usr/share/ppd/custom. - debian/cupsys.init.d: Set up this dir as root:lpadmin 03775. - debian/patches/14_dont_force_ssl.dpatch: Do not require SSL for the web frontend since gnome-cups-manager does not cope with that. - debian/patches/58_cupsd.conf-AllowLocal.dpatch: Allow access to local ethernet by default. This just affects the ACL, for actually enabling access cupsd needs to be switched to not only listen on localhost. (So this does not need to be configured in two different places). - debian/patches/ubuntu-default-error-policy-retry-job.dpatch: Retry a failed job instead of stopping the print queue. - debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default. -- Martin Pitt Fri, 3 Nov 2006 11:15:14 +0100 cupsys (1.2.5-1) unstable; urgency=medium * New upstream release. [ Kenshi Muto ] * 00_r6052: Apply SVN r6052 to pass the compile with libpaper. * provides /etc/pam.d/cupsys correctly. (closes: #392142) (renamed debian/pam to debian/cupsys.pam) * fixed "ppd API fails to discover printer nickname and options" problem" by upstream (closes: #394255) -- Kenshi Muto Sat, 21 Oct 2006 01:18:34 +0000 cupsys (1.2.4-2ubuntu3) edgy; urgency=low * Add debian/patches/15_usb-devname.dpatch: - Removing the first USB printer caused other USB printers to be inaccessible. - Upstream: STR#2017 - Closes: LP#64725 -- Matthias Urlichs Sun, 8 Oct 2006 18:06:23 +0200 cupsys (1.2.4-2ubuntu2) edgy; urgency=low * debian/rules: Do not install http/ipp backend with 0700 permissions (regression from 1.2.4-2). Closes: LP#63707 * Add debian/patches/00_dsc-comment-encoding.dpatch: - Fix printing of jobs with invalid/misinterpreted characters in the name. - Patch taken from upstream SVN, thanks to Till Kamppeter for porting it to 1.2.4. (STR#1988) - Closes: LP#57445 -- Martin Pitt Thu, 5 Oct 2006 10:30:24 +0200 cupsys (1.2.4-2ubuntu1) edgy; urgency=low * Merge recent Debian changes to get some bug fixes and new upstream version 1.2.4 (UVF exception approved by Matt Zimmerman): - The --with-printcap configure option did not work (STR #1984) - The character set reported by cupsLangGet() did not always reflect the default character set of a given locale (STR #1983) - Older Lexmark and Tektronix printers did not work with IPP (STR #1980) - Failsafe printing did not work (PR #6328) - Some web interface redirects did not work (STR #1978) - The web interface change settings button could introduce a "Port 0" line in cupsd.conf if there was no loopback connection available (STR #1979) - The web interface change settings and edit configuration file buttons would truncate the cupsd.conf file (STR #1976) - The German web interface used the wrong printer icon images (STR #1973) - (The other changes of 1.2.4 were already present as patch in the previous version.) - Remove transitional PPD symlink which is not necessary any more and just causes loops. Closes: LP#62198 - Fix CPU hogging of gnome-cups-manager. Closes: LP#44196 * Add debian/patches/ubuntu-default-error-policy-retry-job.dpatch: - Do not stop the printer if a job failed, just reattempt it. The default policy might be suitable for large offices with an admin, but it puts home users at loss. Thanks to Till Kamppeter for the patch! Closes: LP#41313 -- Martin Pitt Mon, 2 Oct 2006 16:08:27 +0200 cupsys (1.2.4-2) unstable; urgency=low [ Kenshi Muto ] * PPD transition to /usr/share/ppd is mostly finished. Now I remove old symlink /usr/share/ppd/cups-transitional-dir and /usr/share/cups/cups-included. (closes: #381266, #383291) * Update debconf translations: - Brazilian Portuguese (closes: #389222) * Tried to solve the backend permission problem. CUPS scheduler uses a permission and owner information of backend program. - Install ipp and lpd as mode 0700. - Create backend links as hardlink instead of symlink. -- Kenshi Muto Sat, 30 Sep 2006 14:56:29 +0900 cupsys (1.2.4-1) unstable; urgency=medium * New upstream release - The web interface change settings and edit configuration file buttons would truncate the cupsd.conf file (STR #1976, closes: #389093) Because this bug seems critical, we upload this fixed version as urgency=medium. [ Martin Pitt ] * debian/patches/56_dirsvc.dpatch: Update patch so that a patch/unpatch cycle restores the source properly instead of breaking dirsvc.c in two different places. [ Kenshi Muto ] * debian/patches/65_detect_http_shutdown.dpatch: avoid that gnome-cups-manager eats CPU 100%. (closes: #377640) -- Kenshi Muto Sun, 24 Sep 2006 09:54:44 +0000 cupsys (1.2.3-1ubuntu3) edgy; urgency=low * debian/control: Bump Conflicts/Replaces of cupsys-common to also apply to dapper-updates, to fix dapper-updates->edgy upgrade. -- Martin Pitt Fri, 22 Sep 2006 13:37:04 +0200 cupsys (1.2.3-1ubuntu2) edgy; urgency=low * debian/patches/56_dirsvc.dpatch: Update patch so that a patch/unpatch cycle restores the source properly instead of breaking dirsvc.c in two different places. * debian/rules: Install 'lpd' backend suid root (root:lp 4754), so that cupsd can print to RFC compliant lpd servers (which require the source port to be < 1024). Closes: LP#47773 -- Martin Pitt Fri, 15 Sep 2006 19:50:29 +0200 cupsys (1.2.3-1ubuntu1) edgy; urgency=low * Merge recent bug fixes from Debian (see Kenshi's changes in 1.2.3-1 for Ubuntu-relevant details). 00_r5958.dpatch has the following fixes from upstream: - The "All Documents" link in the on-line help was missing a trailing slash (STR #1971) - The Polish web interface translation used the wrong URLs for the job history (STR #1963) - The "reprint job" button did not work (STR #1956) - The scheduler did not always report printer or job events properly (STR #1955) - The scheduler always stopped the queue on error, regardless of the exit code, if the error policy was set to "stop-printer" (STR #1959) - ppdEmitJCL() included UTF-8 characters in the JCL job name, which caused problems on some printers (STR #1959) - Fixed a buffering problem that cause high CPU usage (STR #1968) (Closes: LP#59542) - The command-line applications did not convert command-line strings to UTF-8 as needed (STR #1958) - cupsDirRead() incorrectly aborted when reading a symbolic link that pointed to a file/directory that did not exist (STR #1953) - The cupsInterpretRasterPPD() function did not handle custom page sizes properly. * debian/cupsys.init.d: Always make sure that log files have proper permissions. Closes: LP#54277 -- Martin Pitt Tue, 12 Sep 2006 12:02:43 +0200 cupsys (1.2.3-1) unstable; urgency=medium * New upstream release - The parallel and USB backends no longer wait for the printer to go on-line - this caused problems with certain printers that don't follow with the IEEE-1284 standard (STR #1738, closes: #383091) - fixed Printer options were not always honored when printing from Windows clients (STR#1839, closes: #385605) [ Martin Pitt ] * Add appropriate Replaces: to cupsys-common to unbreak upgrades. * debian/patches/44_fixconfdirperms.dpatch: Fix file mode specification: 3755 -> 03755 (regression of svn commit 353). [ Kenshi Muto ] * Apply upstream svn r5958. * check modprobe command and /proc/modules dir exist before running modprobe (closes: #387176). * 62_classes_crash: fix incorrect code. old code returned an error even if user use the correct class configuration. (closes: #380663, #384654) * bump up libcupsys2.shlibs version to 1.2.3. (closes: #385724) * Merge old separated style configuration to the single format only if user upgraded from an affected version. (closes: #386551) * Provide /usr/share/cups/drivers to contain Windows drivers. * 57_cupsaddsmb: original cupsaddsmb easily goes infinite and DoS-like loop. Debian cupsaddsmb ends soon when it catches an error. -- Kenshi Muto Fri, 8 Sep 2006 11:28:12 +0200 cupsys (1.2.3-0ubuntu1) edgy; urgency=medium * New upstream bugfix release (UVF exception approved by Colin Watson). * Merged with Debian sid. * debian/control: Revert Debian's addition of -dbg package, since we will have ddebs soon. * debian/patches/44_fixconfdirperms.dpatch: Fix file mode specification: 3755 -> 03755 (regression of svn commit 353). -- Martin Pitt Fri, 8 Sep 2006 11:09:05 +0200 cupsys (1.2.2-2) unstable; urgency=high [ Kenshi Muto ] * Apply upstream svn change r5845. - BrowseRelay didn't work on Debian (closes: #372855) 61_job_c_strangeloop.dpatch: I don't make sure but job.c of r5818 causes strange CPU busy when it gets printing jobs. This patch avoids it. * 12_quiesce_ipp_logging: some part are merged into the upstream source. updated. * libcupsys2 conflicts cupsys version 1.1. libcupsys2 version 1.2 changed its private API. This breaks old cupsys 1.1, but we believe cupsys is only one application is affected by this change. (closes: #380619) * Provide an new package, "cupsys-dbg" to help chasing the problems at user's environment. * Increment compat to 5. * 44_fixconfdirperms: set owner lp for /etc/cups directory. And modify lppasswd.man to mention about Debian specific changes. lppasswd command now work. (closes: #378062) * 62_classes_crash: when class hasn't any printers, cupsd will crash immedieately after receiving a job. This patch avoids a crash. * Update debconf translations: - Spanish (closes: #383087) -- Kenshi Muto Thu, 27 Jul 2006 23:40:54 +0900 cupsys (1.2.2-1) unstable; urgency=medium * New upstream release [ Martin Pitt ] * Adapt patches to new upstream version. * debian/cupsys.init.d: If lp module loading is requested, also load the 'ppdev' module to fix the name and model detection of parallel printers on newer kernels. * Revive debian/patches/56_dirsvc.dpatch; it's still not fixed upstream. * debian/patches/09_runasuser.dpatch: Do not drop additional group privileges in scheduler/process.c. This should fix a range of bugs concerning detection of parallel port printers and other 'permission denied' bugs if privilege dropping is enabled (it is disabled by default in Debian). * debian/patches/44_fixconfdirperms.dpatch: Do not change owner and mode of SSL certificate, in order to not break permissions of customized global ones (like the one from the ssl-cert package). Grrr, cups, no, you cannot own the world! * debian/patches/54_cups-config_modeldir.dpatch: Add --modeldir to cups-config so that other packages can use it to figure out the correct PPD base path. * debian/cupsys.examples: Do not ship .svn files (upstream Makefiles install them). * debian/local/{enable_browsing,browsing_status}: Adapt to single-file configuration file style. * Add debian/local/{enable_sharing,sharing_status}: Similar to enable_browsing and browsing_status, this switches between "Listen localhost:631" and "Port 631" (just as the web interface does). Install files in debian/rules. -- Kenshi Muto Mon, 24 Jul 2006 10:59:27 +0200 cupsys (1.2.2-0ubuntu4) edgy; urgency=low * Add appropriate Replaces: to cupsys-common to unbreak upgrades. -- Martin Pitt Mon, 4 Sep 2006 08:53:07 +0200 cupsys (1.2.2-0ubuntu3) edgy; urgency=low * Rebuild against dbus 0.90 -- Sebastian Dröge Thu, 24 Aug 2006 17:30:02 +0200 cupsys (1.2.2-0ubuntu2) edgy; urgency=low * debian/patches/ubuntu-disable-browsing.dpatch: Re-add BrowseAddress @LOCAL@ to fix browsing. * Enable web interface by default: - Add debian/patches/ubuntu-external-pam-helper.dpatch: + Add a helper program 'cups-check-pam-auth' which performs PAM authentication and returns the status as exit code. + scheduler/auth.c, cupsdAuthorize(): Attempt to use cups-check-pam-auth before trying native PAM. - debian/cupsys.files: Install helper. - debian/cupsys.postinst: Set permissions of helper to cupsys:shadow 2754. * Remove debian/patches/ubuntu-nowebadmin.dpatch, remove explanation of disabled web interface from debian/README.Debian. This version enables the web interface by default. Closes: LP#50886 * debian/cupsys.postinst: Remove cupsys from the shadow group on upgrades, so that users who previously enabled the web interface get the benefit of privilege separation as well. -- Martin Pitt Wed, 26 Jul 2006 18:11:22 +0200 cupsys (1.2.2-0ubuntu1) edgy; urgency=low * Merge to Debian unstable: - This gets rid of /etc/cups/conf.d/ again and re-merges the separate browsing and ports settings to /etc/cups/cupsd.conf again. Separating was nice for preserving an unchanged conffile for the most important settings, but it broke KDE and the web interface and generated way too many bugs. Closes: LP#37892, LP#50804, LP#53582 * Update to new upstream version 1.2.2 (UVF exception granted by by Matt Zimmerman): - Fixes printing to 1.1.x servers. Closes: LP#42513, LP#42802 - Fixes parsing of some PostScript files which previously generated empty pages. Closes: LP#51432 - Fixes parsing of network masks. Closes: LP#52390 - Lots of more fixes, see upstream changelog. * debian/cupsys.preinst: Drop some obsolete migration bits for Breezy->Dapper upgrade. * debian/control: Add libdbus-1-dev build dependency to enable dbus support. * debian/cupsys.examples: Do not ship .svn files (upstream Makefiles install them). * cupsys.postinst: Fix permissions of cupsd.conf to be writable by user cupsys world-readable. * debian/local/enable_{sharing,browsing}, {sharing,browsing}_status: Adapt to new single configuration file format. * debian/rules: Clean cups/raster.h symlink to unbreak source package build. * Add debian/patches/ubuntu-disable-browsing.dpatch: Disable browsing by default to avoid open port and stay compatible to previous releases. -- Martin Pitt Mon, 24 Jul 2006 11:20:04 +0200 cupsys (1.2.1-4) unstable; urgency=medium [Kenshi Muto] * Include changelogs during 1.1.23-13 - 1.1.23-15. (closes: #374494) * Apply upstream svn change r5754. - Fix negotiation problem between unstable clients and sarge servers. (closes: #375359) * 58_fixdestc: avoid build failure of r5754 (add ipp-private.h include). * 59_de_docroot: install German translation/images. Although upstream SVN has, Debian diff structure can't handle a binary diff. This patch will be removed when 1.2.2 is released. * Add snmp to backend choices. Because I don't make sure this backend is stable, the default is disabled. Use dpkg-reconfigure cupsys to enable. (closes: #376496) * Don't remove backend symlinks during reconfigure/upgrade process. (closes: #376499) * Check Include directive with case insensitive. (closes: #376883) * libcupsys2 has /etc/cups directory to allow admin put own client.conf. (closes: #370788) * Include sample client.conf in libcupsys2. You can copy /usr/share/ doc/libcupsys2/examples/client.conf to /etc/cups or ~/.cups and modify for your environment. (closes: #376840) * Split locale files to new package "cupsys-common". (closes: #378659) This package is used by cupsys and cupsys-client/cupsys-bsd. * removed 26_modprobe: because parallel backend executes with user 'lp' permission, modprobe can't work. We CUPS team believe it's better that lp module is loaded by discover or any other hardware detection programs instead of CUPS. We provide a module loader by init script for user's convenience at this time. * 60_device_uri: preserve old URI during the printer configuration on Web interface. -- Kenshi Muto Wed, 21 Jun 2006 15:06:02 +0000 cupsys (1.2.1-3) unstable; urgency=low [Kenshi Muto] * Apply upstream svn change r5673. - Remove unnecessary %s from dirsvc.c and will solve a mysterious cupsd crash. Thanks Neil. (closes: #372696, #370611) - Support again * character as IP address. (closes: #372291) - Fixes wrong command line arguments to backend. (closes: #372586, #373839) * Improve the wording of NEWS file, thanks Tomas (closes: #372256) * 53_usr_share_ppd_support: Use /usr/share/ppd as PPD path. (closes: #365300, #373722) Make symlink /usr/share/ppd/cups-transitional-dir -> /usr/share/cups/ppd for keeping a compatibility. We'll migrate all of PPD files to /usr/share/ppd in the future. * Revert to use single /etc/cups/cupsd.conf file for the configuration instead of using separate files in /etc/cups/cups.d. The migration will be done automatically. (closes: #345973, #372727) * Apply correct permission modes to the files under /etc/cups at postinst stage. * Update debconf translations: - Danish (closes: #371170) - French (closes: #372714) - Italian (closes: #372198) -- Kenshi Muto Sun, 11 Jun 2006 11:51:01 +0000 cupsys (1.2.1-2ubuntu4) edgy; urgency=low * Add forgotten versioned-dependency on sysv-rc to get new update-rc.d behaviour. Go me. -- Scott James Remnant Fri, 21 Jul 2006 01:20:39 +0100 cupsys (1.2.1-2ubuntu3) edgy; urgency=low * Remove stop links from rc0 and rc6 -- Scott James Remnant Thu, 20 Jul 2006 22:13:25 +0100 cupsys (1.2.1-2ubuntu2) edgy; urgency=low * debian/patches/44_fixconfdirperms.dpatch: - Do not change owner and mode of SSL certificate, in order to not break the SSL snakeoil cert/key (and customized global ones). (Grrr, cups, no, you cannot own the world!) * debian/cupsys.preinst: Add transitional code to fix snakeoil SSL cert/key owner and mode. -- Martin Pitt Tue, 27 Jun 2006 16:05:38 +0200 cupsys (1.2.1-2ubuntu1) edgy; urgency=low * Merge to current SVN head of Debian. * Removed debian/patches/svn*.dpatch, these were backported from 1.2.1 in 1.2.0-0ubuntu3. * Do not build libcupsys2-gnutls10 any more (it was a transitional package). * snakeoil SSL certificate support: - debian/cupsys.postinst: Symlink snakeoil SSL certificate/key to /etc/cups/ssl/ and put cupsys into ssl-cert on upgrades or fresh installs. - debian/control: Depend on ssl-cert. -- Martin Pitt Thu, 15 Jun 2006 20:54:51 +0200 cupsys (1.2.1-2) unstable; urgency=low [Kenshi Muto] * Provides /etc/cups/ssl directory for SSL. (closes: #370407, #370450) * Add an newline after 'Starting ...' message by appending log_end_msg to /etc/init.d/cupsys. (closes: #370460) -- Kenshi Muto Mon, 5 Jun 2006 22:44:55 +0900 cupsys (1.2.1-1) unstable; urgency=low [Kenshi Muto] * New upstream release 1.2.1 for Debian unstable/testing. * 00_r5610: Apply patches from upstream r5610. * Re-update Dutch debconf translation (closes: #369004) * Pump up shlibs to >=1.2.1 for compatibility safe. -- Kenshi Muto Wed, 31 May 2006 13:17:16 +0000 cupsys (1.2.1-0exp1) experimental; urgency=low [Kenshi Muto] * New upstream release 1.2.1. * Update Dutch debconf translation (closes: #369004) * Update Italian debconf translation (closes: #367943) * Includes the installation guide of dvi filter to /usr/share/doc/ cupsys/examples/filters/dvipipetops.INSTALL is contributed by Francesco Potort. This is partial fix for Bug#368450. [Martin Pitt] * New upstream release 1.2.0. * Update patches for new upstream release. * Remove debian/patches/01_cupsimage.dpatch, fixed upstream. * Remove debian/patches/20_httpGetHostname_crash.dpatch, fixed upstream. * debian/patches/55_ppd_okidata_name.dpatch: Change "Oki" manufacturer name to "Okidata" to be consistent with other PPD files. * Implement http://wiki.debian.org/PpdFileStructureSpecification: - debian/dirs: Create /usr/share/ppd/cups-included/. - debian/rules: Install shipped PPDs into /usr/share/ppd/cups-included// and provide a symlink to the old /usr/share/cups/model directory for backwards compatibility. * debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if it's missing. * debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root certificate permissions from 0440 to 0240, so that the CGI programs cannot read it any more. Without this patch, cupsd presented its own certificate to itself, and *every* user could do admin tasks without authentication. * debian/cupsys-client.links: Fix cupsenable/cupsdisable manpage link. Closes: #364447 * debian/patches/08_cupsd.conf.conf.d.dpatch: - Set "BrowseAddress @LOCAL"; without this, sending browsing information does not work (Browsing still has to be enabled). - Add some comments to point out that the Port and Browsing settings are moved to /etc/cups/cups.d/. * debian/cupsys.postrm: Clean up passwd.md5 on purge. -- Kenshi Muto Sun, 28 May 2006 13:07:36 +0000 cupsys (1.2.0-0ubuntu5) dapper; urgency=low * Remove debian/patches/56_revert_svn_5438.dpatch: The reason for this reversion has now been fixed in gnome-cups-manager 0.31-1.1ubuntu8. This fixes the handling of spaces in manufacturer names. Closes: LP#33545 -- Martin Pitt Wed, 17 May 2006 13:18:05 +0200 cupsys (1.2.0-0ubuntu4) dapper; urgency=low * Add debian/patches/svn5530_str1667_octet_stream.dpatch: Fix printing of application/octet-stream jobs (usually from Windows clients with locally installed driver). (STR #1667) Closes: LP#43145 -- Martin Pitt Wed, 17 May 2006 08:58:16 +0200 cupsys (1.2.0-0ubuntu3) dapper; urgency=low * Pull some bug fixes from SVN head: * Add debian/patches/svn5512_KCMYcm_fix.dpatch: Fix bug in KCMYcm handling (typo in variable name). * Add debian/patches/svn5518_12bitraster.dpatch: Make sure we swap 12/16 bit chunky data in raster filter. * Add debian/patches/svn5523_1_2_4bit_raster.dpatch: - Fix imagetoraster generation of 1/2/4-bit raster data. - Fix cupsRasterWritePixels() - bad double line termination. * Add debian/patches/svn5526_str1676_stopped_jobs_active.dpatch: Fix stopped jobs to be considered active (STR #1676). * Add debian/patches/svn5527_LDAP_define.dpatch: Fix typo in #ifdef: s/OPENDAP/OPENLDAP/. * Add debian/patches/svn5527_str1683_lpstaterror.dpatch: The lpstat command displayed the wrong error message for a missing destination (STR #1683). * Add debian/patches/svn5527_str1689_printeroptions.dpatch: "Set Printer Options" in the web interface did not update the DefaultImageableArea or DefaultPaperDimension attributes in the PPD file (STR #1689). * Add debian/patches/svn5528_str1680_load_custom_options.dpatch: ppdOpen*() did not load custom options properly (STR #1680). -- Martin Pitt Tue, 16 May 2006 12:39:35 +0200 cupsys (1.2.0-0ubuntu2) dapper; urgency=low * debian/cupsys.init: - Load the 'lp' module. Earlier installers did not put it in /etc/modules and we keep getting dozens of bug reports about that, so let's just fix it here once and for all. - Load the 'ppdev' module. This should fix detection of parallel printers. Closes: LP#29050 -- Martin Pitt Thu, 11 May 2006 11:09:59 +0200 cupsys (1.2.0-0ubuntu1) dapper; urgency=low * Final 1.2.0 upstream release (bug fixes only). Closes: LP#43898 * Remove debian/patches/01_cupsimage.dpatch, fixed upstream. * Remove debian/patches/57_svn_5461.dpatch, fixed upstream. * debian/patches/58_cupsd.conf-AllowLocal.dpatch: Fix typo: @LOCAL@ -> @LOCAL. Closes: LP#43933 -- Martin Pitt Wed, 10 May 2006 12:09:54 +0200 cupsys (1.1.99.rc3-0ubuntu4) dapper; urgency=low * Add debian/patches/58_cupsd.conf-AllowLocal.dpatch: Add 'Allow @LOCAL' to server ACL to actually allow LAN computers to access the printer if sharing is enabled. This avoid having to change two things for enabling printer sharing (a source of much confusion and a FAQ). This does not change the default behavior (port only listens on localhost by default). -- Martin Pitt Tue, 9 May 2006 17:53:02 +0200 cupsys (1.1.99.rc3-0ubuntu3) dapper; urgency=low * debian/cupsys.config: Print migration note to stderr, not stdout, to not confuse debconf. Closes: LP#41716 * debian/cupsys.postinst: Fix ownership of files in /var/cache/cups/ so that they are writable by non-root cupsd. Earlier dapper versions got the ownership wrong, so fix this for intra-dapper upgrades. Closes: LP#40795 * Add debian/local/{sharing_status,enable_sharing}: Scripts to control printer sharing (by opening or closing the TCP port). Thanks to Ante Karamatić for his initial scripts and research! -- Martin Pitt Tue, 9 May 2006 16:33:19 +0200 cupsys (1.1.99.rc3-0ubuntu2) dapper; urgency=low * debian/cupsys.init.d: Fix log creation for real. Closes: LP#41267 * debian/cupsys.logrotate: Create files as cupsys:lpadmin, not root:lp. (Also part of LP#41267) -- Martin Pitt Tue, 2 May 2006 19:36:22 +0200 cupsys (1.1.99.rc3-0ubuntu1) dapper; urgency=low * New upstream bug fix release 1.2RC3, UVF exception approved by Matt Zimmerman. * Add debian/patches/56_revert_svn_5438.dpatch: Revert upstream svn commit 5438 (fixed handling of products/manufacturers with spaces in the name) for now since it causes regressions in gnome-cups-add. Will be reactivated later when the issue is sorted out with upstream. * Update patches for new upstream release. * Remove debian/patches/20_httpGetHostname_crash.dpatch, fixed upstream. * Add debian/patches/14_dont_force_ssl.dpatch: Upstream now requires encryption by default for accessing /admin/, but our GUI frontends do not yet cope with that. Disable SSL requirement for now to revert to the old behaviour. * debian/patches/08_cupsd.conf.conf.d.dpatch: - Set "BrowseAddress @LOCAL"; without this, sending browsing information does not work (Browsing still has to be enabled). Since enable_browsing now works for exporting printers, too, this Closes: LP#17981 - Add some comments to point out that the Port and Browsing settings are moved to /etc/cups/cups.d/. * debian/cupsys.postrm: Clean up passwd.md5 on purge. * debian/cupsys.init.d: Pre-create error_log, too, and clean up code a bit. Closes: LP#41267 * debian/cupsys.postinst: If upgrading from Breezy, adapt the inclusion of external browsing configuration in cupsd.conf to retain the correct setting for modified cupsd.conf files. * debian/cupsys.config: - Fix handling of cupsd-browsing.conf -> cups.d/browse.conf transition for breezy->dapper upgrades. - Fix browse.conf parsing to set the correct debconf default value, so that the browse setting is not reset to 'off' on upgrades. Closes: LP#38704 * Add debian/patches/57_svn_5461.dpatch: - Properly HTML-quote the printer name so that names containing e. g. '+' work properly in the web interface. - Upstream svn commit 5461. - Closes: LP#37018 -- Martin Pitt Tue, 25 Apr 2006 20:09:37 +0200 cupsys (1.1.99.rc2-0ubuntu2) dapper; urgency=low * debian/cupsys-client.links: Fix cupsenable/cupsdisable manpage link. Closes: LP#40725 * debian/patches/09_runasuser.dpatch: Do not drop additional group privileges in scheduler/process.c. This should fix a range of bugs concerning detection of parallel port printers and other 'permission denied' bugs. -- Martin Pitt Mon, 24 Apr 2006 19:17:12 +0200 cupsys (1.1.99.rc2-0ubuntu1) dapper; urgency=low * Many changes have been applied in Debian now; reapply remaining Ubuntu changes from scratch to clean up some cruft (see below for details). Also, maintain Ubuntu package as SVN branch of the Debian one. * debian/rules: Enable --with-cups-user=cupsys and --enable-privilege-dropping to not run cupsd as root. * debian/control: Remove libdbus-1-dev build dependency, dbus support is not something for dapper. * debian/cupsys.init.d: Disable reload (it doesn't work as normal user), change force-reload to restart. * debian/cupsys.init.d: Pre-create access_log and error_log since cupsd can't create them as normal user. * debian/rules: Set rc runlevel priority to 19. * debian/cupsys.{postinst,postrm}, debian/cupsys-client.postinst: Setup/remove cupsys user and its needed groups. * debian/cupsys.templates: Disable browsing by default due to our 'no open ports in the default install' policy. * debian/README.Debian: Explain disabling of administrative functions in web interface and describe how to re-enable it. * debian/cupsys.preinst: - Migrate /etc/cups/cupsd-browsing.conf to /etc/cups/cups.d/browse.conf for smooth upgrades from Hoary. - Fix owner of /etc/cups/ppd/* on upgrades. * debian/patches/ubuntu-nowebadmin.dpatch: Explain disabling of administrative functions in the web interface and point to doc how to reenable it. * debian/patches/55_ppd_okidata_name.dpatch: Change "Oki" manufacturer name to "Okidata" to be consistent with other PPD files. * Implement http://wiki.debian.org/PpdFileStructureSpecification: - debian/dirs: Create /usr/share/ppd/cups-included/. - debian/rules: Install shipped PPDs into /usr/share/ppd/cups-included// and provide a symlink to the old /usr/share/cups/model directory for backwards compatibility. * debian/libcupsys2.shlibs: Remove Debian revision to allow -0ubuntuN number. * Support custom PPD installation by lpadmin members (through e. g. gnome-cups-manager): - debian/cupsys.dirs: Create /usr/share/ppd/custom/. - debian/cupsys.init.d: Fix permissions of that dir to root:lpadmin 3775. - debian/rules: Install compatibility symlink /usr/share/cups/model/custom. * debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if it's missing. * debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root certificate permissions from 0440 to 0240, so that the CGI programs cannot read it any more. Without this patch, cupsd presented its own certificate to itself, and *every* user could do admin tasks without authentication. -- Martin Pitt Fri, 21 Apr 2006 16:19:37 +0200 cupsys (1.1.99.rc2-0exp1) experimental; urgency=low [ Kenshi Muto ] * New upstream release 1.2RC2. - Because -fpie config becomes optional, compiler works on amd64 and other architectures. (closes: #335199) * Enable LDAP support. * Remove duplicated update-rc.d (closes: #356911) * Stopped asking admin password because it works only if user chooses digest authentication. The default configuration of Debian uses PAM and basic authentication. * Enable dbus support. * 03_clean.dpatch: Remove produced and remained files during build. * Now CUPS uses 'lp' user/group privilege to call backend or any other programs. CUPS SystemGroup is 'lpadmin'. You need to add users who are allowed to add/modify/remove printers/jobs/classes. * Remove image.h.patch from source. It is no longer needed. * 02_configure.dpath: Remove -rpath from configure. * Fix typo in cupsys-bsd description. (closes: #362070) * Add Galician debconf translation. (closes: #361258) * Update Danish debconf translation. (closes: #357969) * Use 'reload' during logrotate instead of 'restart'. It looks safe on CUPS 1.2. (though job-restart problem still remains) * set TZ in init script only if TZ isn't defined yet. * Use if-fi structure style for postrotate of logrotate script. It solves error when cupsys is not running. (closes: #347641) * Unset TMPDIR environment variable before running daemon. (closes: #347829) * Removed /etc/cups/pdftops.conf because it was for pdftops of upstream version. Debian CUPS uses xpdf-utils wrapper and doesn't need pdftops.conf. * Notice: /etc/cups/client.conf has been removed upstream. * Notice: {dis,en}able have been renamed to cups{dis,en}able. [ Martin Pitt ] * debian/patches/48_stdlib.dpatch: Adapted to new upstream version. * debian/cupsys.init.d: - Fix arguments of start-stop-daemon and remove the hideous kill algorithm. - Ensure that /var/run/cupsd exists; this makes the init script work with /var/run mounted on a tmpfs. * debian/libcupsys2-dev.files, debian/libcupsimage2-dev.files: Remove static library; upstream does not build them any more, and they are useless anyway. * Add debian/patches/06_disable_backend_setuid.dpatch: Remove the uid changing in scheduler/cups-deviced.c which was introduced recently in upstream. It totally breaks device node access (e. g. /dev/lp0 is root:lp 0660, which is inaccessible for a process which runs as lp:root). * debian/rules: Remove --with-cups-user, upstream does not support it any more. * debian/patches/09_runasuser_fixes.dpatch: RunAsUser was removed upstream; rename the patch to 09_runasuser.dpatch and rewrite it: - Enclose all changes in an #if CUPS_DROP_PRIVILEGES, so that it is easy to enable this feature. - scheduler/main.c: Drop privileges after initialization. - scheduler/conf.c: If we build with CUPS_DROP_PRIVILEGES, set RunUser to User instead of getuid(), since at that point we will always run as root (privileges cannot yet be dropped at that point). - config-scripts/cups-defaults.m4: Add --enable-privilege-dropping option. - config.h.in: Add CUPS_DROP_PRIVILEGES option template. * Add debian/patches/09_runasuser_autoconf.dpatch: autoconf changes for 09_runasuser_fixes.dpatch changes. * debian/pdftops: Fix reading from stdin (https://launchpad.net/bugs/17124) * debian/cupsys.preinst: Remove dangling /etc/cups/pdftops.conf symlink on upgrades to unbreak printing with poppler-utils. * debian/control: Add poppler-utils alternative for xpdf-utils dependency. * Add debian/patches/12_quiesce_ipp_logging.dpatch: - Drop successful IPP messages to log level 'debug' and unsuccessful ones to 'info'. - Do not flood access_log with successful CUPS-Get-Printers and Get-Printer-Attributes queries (which are generated by e. g. gnome-cups-icon every 3 seconds). - Closes: #280718 * Add debian/patches/13_default_log_warn.dpatch: Raise default log severity to 'warning' to not log gazillions of IPP requests by default. (other part of #280718) * debian/rules, debian/cupsys.postinst: Remove obsolete /etc/cups/certs and /var/lib/cups/certs (certificates are managed in /var/run/certs now). * debian/cupsys.preinst: Remove obsolete /etc/cups/certs symlink on upgrades. * debian/cupsys-client.files: Install cupstestdsc and manpage. * debian/cupsd.init: Have force-reload to reload, not restart. * debian/cupsys.logrotate: Use force-reload instead of reload, since the latter is not required to exist by Debian Policy. * debian/rules: Ship browsing_status and enable_browsing. * debian/patches/20_httpGetHostname_crash.dpatch: Add some robustifications to httpGetHostname() to hopefully fix a reported crash. -- Kenshi Muto Sun, 16 Apr 2006 17:49:57 +0900 cupsys (1.1.99.b1.r4929-0ubuntu9) dapper; urgency=low * Correct permissions of /var/run/cups in the init script. -- Scott James Remnant Wed, 19 Apr 2006 14:15:14 +0100 cupsys (1.1.99.b1.r4929-0ubuntu8) dapper; urgency=low * Disable 53_usr_share_ppd_support.dpatch again, too many packages still have /usr/share/cups/model hardcoded. * Symlink /usr/share/cups/model/cups-included to /usr/share/ppd/cups-included. * Place ppd files in manufacturer specific subdirectories. * Change "Oki" manufacturer name to "Okidata". * Symlink /usr/share/cups/model/custom to /usr/share/ppd/custom. -- Matthias Klose Wed, 12 Apr 2006 19:26:18 +0200 cupsys (1.1.99.b1.r4929-0ubuntu7) dapper; urgency=low * debian/cupsys.init.d: Move log_end_msg to the right place again. * Add debian/patches/53_usr_share_ppd_support.dpatch: - Look for PPDs in /usr/share/ppd, according to http://wiki.debian.org/PpdFileStructureSpecification. - Fixes Debian bug #358186. * debian/rules: Install PPD files into /usr/share/ppd/cups-included, according to above specification. * debian/patches/54_cups-config_modeldir.dpatch: Add --modeldir to cups-config so that other packages can use it to figure out the correct PPD base path. * debian/libcupsys2.shlibs: Bump version number so that other packages can rely on cups-config's modeldir. * Re-add debian/patches/51_dont_log_ipp_printer_query.dpatch, since these log messages are routed through a different code path. * debian/cupsys.init.d: Change custom PPD path from /usr/share/cups/ppd to /usr/share/ppd/custom. -- Martin Pitt Fri, 7 Apr 2006 17:14:25 +0200 cupsys (1.1.99.b1.r4929-0ubuntu6) dapper; urgency=low * Add debian/patches/51_ipp_log_severity_info.dpatch: Drop successful IPP messages to log level 'debug' and unsuccessful ones to 'info'. This is a more generic approach to avoid ridiculously huge logs due to polling by gnome-cups-icon and friends. * Drop debian/patches/51_dont_log_ipp_printer_query.dpatch, obsoleted by above patch. * Add debian/patches/52_default_log_level_warning.dpatch: Raise default log level from info to warning. Closes: LP#38042 -- Martin Pitt Thu, 6 Apr 2006 12:05:45 +0200 cupsys (1.1.99.b1.r4929-0ubuntu5) dapper; urgency=low * debian/patches/51_dont_log_ipp_printer_query.dpatch: Suppress logging of successful CUPS_GET_DEFAULT messages, too. Closes: LP#29895 * debian/pdftops: Fix reading from stdin. Closes: LP#17124 -- Martin Pitt Thu, 30 Mar 2006 19:52:20 +0200 cupsys (1.1.99.b1.r4929-0ubuntu4) dapper; urgency=low * debian/cupsys.postinst: Make sure that the scanner group exists before trying to add the cupsys user to it. -- Colin Watson Thu, 9 Mar 2006 08:20:02 +0000 cupsys (1.1.99.b1.r4929-0ubuntu3) dapper; urgency=low * debian/rules: Do not install dangling pdftops.conf symlink. (Malone #26785) * debian/cupsys.preinst: Remove a dangling pdftops.conf symlink on upgrades to this version. * debian/cupsys.postinst: Add cupsys to group 'scanner' to be able to access printer/scanner combined devices. (Malone #29050) * debian/patches/44_fixconfdirperms.dpatch: Make /etc/cups/ppd group writable. (Malone #31533) * debian/cupsys.init.d: Make sure that page_log exists with the right permissions. (Malone #33409) * Add debian/patches/51_dont_log_ipp_printer_query.dpatch: Do not flood access_log with successful CUPS-Get-Printers and Get-Printer-Attributes queries (which are generated by gnome-cups-icon every 3 seconds). This is a hideous and hackish patch, but it has to do until we dbusify cupsys properly. (Malone #29895) -- Martin Pitt Mon, 6 Mar 2006 16:08:32 +0100 cupsys (1.1.99.b1.r4929-0ubuntu2) dapper; urgency=low * Add 50_truncate_ppd.dpatch: - cups/file.c: Do not forget to write the pending uncompressed tail when copying a compressed file. Fixes cropped PPD files in /etc/cups/ppd. - Patch taken from upstream svn commit 4942. - Malone #28642 * debian/cupsys.init.d: Create access_log with proper permissions if it does not yet exist. (Malone #28492) * debian/cupsys.preinst: If we upgrade from a version earlier than this one, change all root-owned PPD files in /etc/cups/ppd to be owned by cupsys. (Malone #12879) -- Martin Pitt Thu, 19 Jan 2006 16:55:51 +0100 cupsys (1.1.99.b1.r4929-0ubuntu1) dapper; urgency=low * New upstream snapshot with lots of bug fixes. * Remove debian/patches/50_local_username_check.dpatch: Adopted upstream. * debian/patches/02_configure.patch: Greatly simplified to be more robust against upstream changes; renamed to debian/patches/02_disable_pie.patch for clarity. * Disable debian/patches/48_stdlib.dpatch, it shouldn't be necessary on at least our platforms. -- Martin Pitt Tue, 17 Jan 2006 16:44:47 +0100 cupsys (1.1.99.b1.r4892-0ubuntu1) dapper; urgency=low * New upstream snapshot. * Adapt patches to new upstream version: - 02_configure.dpatch - 48_stdlib.dpatch - ubuntu-nowebadmin.dpatch * Add debian/patches/50_local_username_check.dpatch: Fix the restriction of changing/cancelling of print jobs to the owner. - scheduler/auth.c: Disable weird code that bypasses user name check for local authentication. - scheduler/ipp.c: Copy the determined user name of the connection to the con structure, so that cupsdCheckPolicy() has a chance to actually verify it. - Ubuntu #12177 -- Martin Pitt Fri, 13 Jan 2006 15:28:22 +0100 cupsys (1.1.99.b1.r4885-1) experimental; urgency=low [ Kenshi Muto ] * New SVN release taken from rr4885. * Updated Russian debconf translation, taken from cupsys trunk. * Downgrade port and browse question to low. * Add timeout routine to avoid lockup. * debian/patches/08_cupsd.conf.conf.d.dpatch: - Commented out Port/Listen/Browsing from cupsd.conf.in. CUPS crashes when there is a duplicate definition. * Updated Swedish debconf translation. * Set seen false flag when ports configuration is failed. * Allow '*' for hostname in ports.conf. * Use /bin/echo instead of shell built-in echo. * Improve cupsys.templates. * Updated Russian, German, Czech,French, Vietnamese debconf translation. * Removed example descriptions from init.d script. * Fix IPv4 validation. [ Martin Pitt ] * Adapt debian/patches/02_configure.dpatch to r4885. * Move forcefully killing of cupsd if start-stop-daemon fails from postinst to init script, where it belongs to. Do not kill all running cupsd processes, but only the one in the pid file; this will unbreak cupsd behaviour in chroots. * debian/cupsys.default: Remove obsolete FORCE_RESTART option. * Resurrect debian/patches/01_cupsimage.dpatch (formerly 03_cupsimage.dpatch), as we get unresolved symbols if libcupsimage isn't properly linked to libcupsys, causing other packages to FTBFS. Thanks to Adam Conrad. * debian/cupsys.init.d: Add --oknodo to not fail if cupsd is already running. * debian/rules: In clean rule, clean up a lot of files that are left behind by 'make clean'. -- Kenshi Muto Fri, 23 Dec 2005 06:33:05 +0000 cupsys (1.1.99.b1.r4876-1) unstable; urgency=low [ Martin Pitt ] * debian/local/{enable_browsing,browsing_status}: Adapt configuration file locations to new conf.d structure. * debian/cupsys.templates: Fix default value for cupsys/browse: 'yes' is an invalid bool option, change to true. * debian/cupsys.init.d: Use LSB init functions. Add lsb-base package dependency. * debian/cupsys.postinst: Wait a second between kill -9'ing cupsys and checking if the process still exists to avoid false positives and upgrade failures. * Clean up support for /etc/cups/conf.d: - Add debian/patches/08_cupsd.conf.conf.d.dpatch: Add include commands to default cupsd.conf file. - debian/cupsys.postinst: Remove fiddling with cupsd.conf. - This will ensure that cupsd.conf will remain an unchanged conffile. * debian/rules: Remove empty debian/patched on clean. * debian/patches/10_cupsd.conf2.dpatch: Re-enable listening to localhost to make the web interface work. * debian/patches/44_fixconfdirperms.dpatch: - Put configuration files into group root instead of nobody to avoid privilege escalation of nobody/nogroup and comply to Debian standards. - Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for setgid'ing to and conffiles which must be writable for cupsd. - Disable changing permissions of cupsd.conf conffile. * Add debian/patches/09_runasuser_fixes.dpatch: - scheduler/main.c: Generate a certificate even when running as user, just as in 1.1.x; this unbreaks local certificate authorization for cupsd when it runs as normal user. - scheduler/main.c: When running as non-root, call initgroups() instead of setgroups() to allow auxiliary groups. These are required to access different device types (lp for USB/parallel printers, dialout for serial printers, etc.) [ Kenshi Muto ] * New SVN release taken from r4876. -- Kenshi Muto Thu, 8 Dec 2005 21:26:22 +0900 cupsys (1.1.99.b1.r4841-1ubuntu8) dapper; urgency=low * debian/cupsys.init.d: Remove the hideous killing hacks and just invoke start-stop-daemon with the correct arguments. -- Martin Pitt Wed, 11 Jan 2006 19:23:47 +0100 cupsys (1.1.99.b1.r4841-1ubuntu7) dapper; urgency=low * debian/cupsys.init.d: Make sure that the PID file directory /var/run/cups exists. The new approach of mounting /var/run as tmpfs removes the directory that is shipped in the deb. (Ubuntu #22261) -- Martin Pitt Wed, 11 Jan 2006 13:47:45 +0100 cupsys (1.1.99.b1.r4841-1ubuntu6) dapper; urgency=low * debian/cupsys.init: Call stop/start in the 'restart/force-reload' section to make use of the much more robust 'stop' handling. This should avoid frequent failures of force-reload. (Ubuntu #21787) * debian/cupsys.postinst: - Set permissions of /etc/cups/interfaces to root:lpadmin 2775. - Make /etc/printcap writable for group lpadmin. - This fixes third-party printer drivers and command line tools. - Ubuntu #20891 -- Martin Pitt Thu, 5 Jan 2006 18:11:51 +0100 cupsys (1.1.99.b1.r4841-1ubuntu5) dapper; urgency=low * Synchronize to Debian's svn head to get the various configuration handling RC bug fixes, but keep Ubuntu upstream version at r4841 since 4885 has serious regressions. * All non-Ubuntu specific patches have been applied in Debian now. * Drop the following patches (accepted in Debian): - ubuntu-sanitize-conffile-handling.dpatch - ubuntu-localports.dpatch - ubuntu-include-conf.d.dpatch - ubuntu-nowebadmin.dpatch - ubuntu-cupsimage.dpatch * ubuntu-runasuser.dpatch: Remove the upstream code fixes (already in Debian now), just add the 'RunAsUser' directive to cupsd.conf. * debian/cupsys.templates: Disable browsing by default. -- Martin Pitt Thu, 22 Dec 2005 15:08:51 +0100 cupsys (1.1.99.b1.r4885-1) experimental; urgency=low [ Kenshi Muto ] * New SVN release taken from rr4885. * Updated Russian debconf translation, taken from cupsys trunk. * Downgrade port and browse question to low. * Add timeout routine to avoid lockup. * debian/patches/08_cupsd.conf.conf.d.dpatch: - Commented out Port/Listen/Browsing from cupsd.conf.in. CUPS crashes when there is a duplicate definition. * Updated Swedish debconf translation. * Set seen false flag when ports configuration is failed. * Allow '*' for hostname in ports.conf. * Use /bin/echo instead of shell built-in echo. * Improve cupsys.templates. * Updated Russian, German, Czech,French, Vietnamese debconf translation. * Removed example descriptions from init.d script. * Fix IPv4 validation. [ Martin Pitt ] * Adapt debian/patches/02_configure.dpatch to r4885. * Move forcefully killing of cupsd if start-stop-daemon fails from postinst to init script, where it belongs to. Do not kill all running cupsd processes, but only the one in the pid file; this will unbreak cupsd behaviour in chroots. * debian/cupsys.default: Remove obsolete FORCE_RESTART option. * Resurrect debian/patches/01_cupsimage.dpatch (formerly 03_cupsimage.dpatch), as we get unresolved symbols if libcupsimage isn't properly linked to libcupsys, causing other packages to FTBFS. Thanks to Adam Conrad. * debian/cupsys.init.d: Add --oknodo to not fail if cupsd is already running. * debian/rules: In clean rule, clean up a lot of files that are left behind by 'make clean'. -- Kenshi Muto Fri, 23 Dec 2005 06:33:05 +0000 cupsys (1.1.99.b1.r4876-1) unstable; urgency=low [ Martin Pitt ] * debian/local/{enable_browsing,browsing_status}: Adapt configuration file locations to new conf.d structure. * debian/cupsys.templates: Fix default value for cupsys/browse: 'yes' is an invalid bool option, change to true. * debian/cupsys.init.d: Use LSB init functions. Add lsb-base package dependency. * debian/cupsys.postinst: Wait a second between kill -9'ing cupsys and checking if the process still exists to avoid false positives and upgrade failures. * Clean up support for /etc/cups/conf.d: - Add debian/patches/08_cupsd.conf.conf.d.dpatch: Add include commands to default cupsd.conf file. - debian/cupsys.postinst: Remove fiddling with cupsd.conf. - This will ensure that cupsd.conf will remain an unchanged conffile. * debian/rules: Remove empty debian/patched on clean. * debian/patches/10_cupsd.conf2.dpatch: Re-enable listening to localhost to make the web interface work. * debian/patches/44_fixconfdirperms.dpatch: - Put configuration files into group root instead of nobody to avoid privilege escalation of nobody/nogroup and comply to Debian standards. - Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for setgid'ing to and conffiles which must be writable for cupsd. - Disable changing permissions of cupsd.conf conffile. * Add debian/patches/09_runasuser_fixes.dpatch: - scheduler/main.c: Generate a certificate even when running as user, just as in 1.1.x; this unbreaks local certificate authorization for cupsd when it runs as normal user. - scheduler/main.c: When running as non-root, call initgroups() instead of setgroups() to allow auxiliary groups. These are required to access different device types (lp for USB/parallel printers, dialout for serial printers, etc.) [ Kenshi Muto ] * New SVN release taken from r4876. -- Kenshi Muto Thu, 8 Dec 2005 21:26:22 +0900 cupsys (1.1.99.b1.r4841-1) experimental; urgency=low * EXPERIMENTAL * New SVN release taken from r4841. * Remove -pie and -fpie from compiler option. pie option causes a problem with Debian binutils. I hope this change avoids FTBFS on sparc and others. (closes: #339120) -- Kenshi Muto Wed, 16 Nov 2005 12:27:27 +0000 cupsys (1.1.99.b1.r4748-4) experimental; urgency=low * EXPERIMENTAL * 00_r4835.dpatch: Taken from r4835. Well, r4835 removes some files. It means dpkg-buildpackage always fails when we rebuild source. Maybe it's time to change orig source. Moved obsolete patches to patches/obsolete. * 48_stdlib.dpatch: Fix FTBFS for arm, mips, and mipsel. * 03_manext.dpatch: Don't use upstream's manpage file handling. Debian uses dh_installman. * 04_freebsd.dpatch: Apply Brian's patch to support GNU/kFreeBSD (closes: #338266) * Install lppasswd as owner 'lp'. -- Kenshi Muto Fri, 4 Nov 2005 13:56:27 +0000 cupsys (1.1.99.b1.r4748-3) experimental; urgency=low * EXPERIMENTAL * 47_pid.dpatch: Modified to allow to configure location of pid file. (closes: #337093) You can change this location by PidFile directive at your cupsd.conf. * Remove example comments from init script. (closes: #334842) -- Kenshi Muto Thu, 3 Nov 2005 11:39:07 +0000 cupsys (1.1.99.b1.r4748-2) experimental; urgency=medium * EXPERIMENTAL * 02_configure.dpatch: Modified to remove -pie/-fpie if arch = x86_64. (closes: #335199) -- Kenshi Muto Mon, 24 Oct 2005 11:42:59 +0000 cupsys (1.1.99.b1.r4748-1) experimental; urgency=low * EXPERIMENTAL * CUPS 1.2 snapshot (r4748) from SVN. -- Kenshi Muto Wed, 5 Oct 2005 12:54:27 +0000 cupsys (1.1.23-15) unstable; urgency=high [Kenshi Muto] * Allow '*' for hostname in ports.conf. (closes: #340975) * Fix IPv4 address validation. * Use /bin/echo instead of shell built-in echo. (closes: #343566) * Improve cupsys.templates. (closes: #343498) * Updated Swedish debconf translation. * Updated Russian debconf translation. * Updated German debconf translation. * Updated Czech debconf translation. (closes: #343716) * Updated French debconf translation. (closes: #344116) * Updated Vietnamese debconf translation. * Removed example descriptions from init.d script. (closes: #334842) * Apply kFreeBSD patch. (closes: 338266) -- Kenshi Muto Fri, 16 Dec 2005 21:05:47 +0900 cupsys (1.1.23-14) unstable; urgency=high [Kenshi Muto] * Downgrade port and browse question to low. (closes: #343341) * debian/patches/08_cupsd.conf.conf.d.dpatch: - Commented out Port/Listen/Browsing in cupsd.conf.in because CUPS crashes when there is a duplicate definition! (closes: #343251, #343279, ##343285, #343292) * Added NEWS to explain how to fix this for 1.1.23-13 users: Tweaking cupsd.conf via postinst is a bad idea, so I gave up trying to correct this automatically. Instead, comment out the Port/Listen/Browsing lines in /etc/cups/cupsd.conf if you had already replaced this file by the one from 1.1.23-13. * Updated Swedish debconf translation. (closes: #343397) * Set seen false flag when ports configuration is failed. (closes: #343400) [Martin-Éric Racine] * Added debian/watch file. -- Kenshi Muto Thu, 15 Dec 2005 06:00:09 +0900 cupsys (1.1.23-13) unstable; urgency=high * 38_pdftopscan.dpatch: Apply CAN-2005-0064, CAN-2004-0888, and CAN-2005-2097 patches. (closes: #324459, #324460, #324464) Because Debian cupsys uses xpdf wrapper instead of forked pdftops, so users aren't affected these security problems. This patch is just for users who want to create own pdftops from source. * Move Port/Listen and Browsing configurations from /etc/cups/ cupsd.conf to /etc/cups/cups.d/. /etc/cups/cups.d/ports.conf: Port/Listen configuration. /etc/cups/cups.d/browse.conf: Browsing configuration You can configure these values by using "dpkg-reconfigure cupsys". (closes: #235906, #297695, #178838, #288838) * Added Swedish debconf translation (closes: #338545). Thanks Daniel. * Updated Russian debconf translation (closes: #340626). Thanks Yuri. * Applied xpdf patch to fix buffer overflows [pdftops/Stream.cxx, pdftops/Stream.h, CAN-2005-3191, CAN-2005-3192, 48_security_CAN-2005-3191.dpatch] Because Debian cupsys uses xpdf wrapper instead of forked pdftops, so users aren't affected these security problems. This patch is just for users who want to create own pdftops from source. -- Kenshi Muto Mon, 22 Aug 2005 18:50:26 +0900 cupsys (1.1.23-12) unstable; urgency=medium * foomatic-rip may be treated as recommended tool. Modified control file. (closes: #320196) * Add debconf-2.0 as debconf alternative. * Migrated to libgnutls12. (closes: #322087) libcupsys2 backed as real library. libcupsys2-gnutls10 became transitional package. (closes: #322018) * Add procps to Depends: of cupsys. ps command is used by cupsys.postinst. * 47_pid.dpatch: Added a patch to make forked PID file. Now init script use this file instead of one created by start-stop-daemon. I hope this solves Samba starting bug. (closes: #315017) * Back gs-esp to Depends:. (closes: #312244) PostScript printer owners may claim this, but currently we Debian CUPS Maintainers team have massive complains about missing gs-esp dependency. It's current best workaround to avoid such printing problems. -- Kenshi Muto Thu, 28 Jul 2005 11:35:27 +0900 cupsys (1.1.23-11) unstable; urgency=low * "At Debconf 5" release. * Now CUPS is maintained by Debian CUPS Maintainers Team. * Do "sleep 2" to wait daemon's wake up. (this is just workaround... needs better solution, for #309794 and #315017) * Added Vietnamese translation. (closes: #310152) * Check whether daemon is running or not before restart in logrotate. (closes: #310535) * Add description about foomatic-rip (in foomatic-filters package) to README.Debian. (closes: #309399) * Remove unnecessary comment from debian/po/de.po (closes: #314135) * Apply status option for init script (closes: #312683). Thanks Stephen. * Suggests cupsys-driver-gutenprint, this package is new name of cupsys-driver-gimpprint. * 46_ppdsdat: Move /etc/cups/ppds.dat to /var/lib/cups/ppds.dat and make symlink. (closes: #317905) * Unapply NOAUTH handling from 33_jobauthorize. A user warns me it's dangerous to use. -- Kenshi Muto Fri, 20 May 2005 11:07:42 +0900 cupsys (1.1.23-10ubuntu4) breezy; urgency=low * Add debian/patches/ubuntu-disable-conffile-chmod.dpatch: - Stop fiddling with the /etc/cups/cupsd.conf permissions at server startup. The default permissions as shipped (root:root 0644) are just fine for that file, and cupsys modifies it in a way that normal users cannot read them any more, which breaks gnome-cups-manager. - Ubuntu #15165 * debian/cupsys.postinst: - If the package is upgraded from a version earlier than this one, correct permissions of cupsd.conf. -- Martin Pitt Wed, 14 Sep 2005 14:52:13 +0200 cupsys (1.1.23-10ubuntu3) breezy; urgency=low * Fix installation of /usr/share/cups/{enable-browsing,browsing_status} to ship these scripts again. (Ubuntu #14546 ) -- Martin Pitt Fri, 2 Sep 2005 12:00:02 +0200 cupsys (1.1.23-10ubuntu2) breezy; urgency=low * Added debian/patches/ubuntu-confpermissions.dpatch: - Add and document ConfigFilePerm to cupsd.conf and set it to 0600 to avoid exposing SMB passwords to lpadmin members. This makes it slightly harder to intercept the password. (Ubuntu #12036) -- Martin Pitt Thu, 23 Jun 2005 12:44:14 +0200 cupsys (1.1.23-10ubuntu1) breezy; urgency=low * Debian adopted many changes and MOM output was messy; reapplied remaining Ubuntu changes to pristine Debian version. Mention them here again to ease further merges and Debian adoptions. * Convert Ubuntu patches to dpatch and added descriptions. * Convert to poppler: - debian/patches/ubuntu-pdf2ps_poppler.dpatch: Replace pdftops/pdftops.cxx with a port from xpdf-utils to libpoppler. - debian/control: Add build dependency libpoppler-dev, remove xpdf-utils dependency. - Disable 06_replacepdftops.dpatch to build the pdftops/ subdir again. - debian/rules: Install newly built pdftops into /usr/lib/cups/. * Run as user 'cupsys' instead of root: - debian/patches/ubuntu-runasuser.dpatch: Enable RunAsUser in configuration. - debian/patches/ubuntu-auxgroups.dpatch: When running as non-root, call initgroups() instead of setgroups() to allow auxiliary groups. - debian/rules: Configure with --with-cups-user=cupsys. - debian/cupsys.postinst, debian/cupsys-client.postinst: Create cupsys user and setup permissions. - debian/cupsys.postrm: Remove cupsys user on purge. * Disable web interface to avoid putting the user 'cupsys' into group shadow: - debian/README.Debian: Explain the change. - debian/patches/ubuntu-nowebadmin.dpatch: Explain the disabled administrator pages in the web interface. - Add debian/local/ja-nowebadmin.ptch: Add the same explanation to the Japanese translation in patches/ja.tar.gz.uu. - debian/rules: Apply debian/local/ja-nowebadmin.ptch. * Automatic detection of LAN printers (browsing): - Add debian/local/{enable_browsing,browsing_status,cupsd-browsing.conf} and install them in debian/rules. - debian/patches/ubuntu-externalbrowseconf.dpatch: Externalize browsing setting to cupsd-browsing.conf. * Listen to local port only by default to comply to Ubuntu Security Policy: - debian/patches/ubuntu-localports.dpatch * debian/cupsys.init.d: LSB init script. -- Martin Pitt Thu, 23 Jun 2005 11:23:37 +0200 cupsys (1.1.23-10) unstable; urgency=high * Recovered http backend. -8 and -9 missed it. (closes: #305169) * Use absolete path for doc-root instead of relative path. (closes: #305339) -- Kenshi Muto Tue, 19 Apr 2005 20:47:49 +0900 cupsys (1.1.23-9) unstable; urgency=medium * Remove unnecessary and toxic space in doc-base file. (closes: #305084) -- Kenshi Muto Mon, 18 Apr 2005 08:08:03 +0900 cupsys (1.1.23-8) unstable; urgency=medium * "Brush up for Sarge" release. * Introduced dpatch for source management. * Included Spanish man pages. * 43_filtercost: Applied a patch for wrong computation of cost (closes: #304205) * Applied many part of ubuntu patch, http://people.ubuntu.com/~scott/patches/cupsys/cupsys_1.1.23-7ubuntu1.patch. (User 'cupsys' feature and Browsing feature aren't applied at this time. They are post-Sarge things) * Applied improved dvifilter patch. (Although you need to modify /etc/cups/mime.convs and some other files to use it) (closes: #198100) * Provides /var/run/cups/cupsd.pid. (closes: #301804) * Added cupsys documentation to doc-base structure. (closes: #171396, #304333) * Included filter for PostScript from Windows PostScript driver, created by Matt Swift . If you want to use, put /usr/share/doc/cupsys/examples/filters/samba-postscript.* to /etc/cups, and put /usr/share/doc/cupsys/examples/filters/samba-ps-to-ps to /usr/lib/cups/filter. (closes: #246577) -- Kenshi Muto Wed, 16 Mar 2005 10:01:57 +0900 cupsys (1.1.23-7ubuntu2) breezy; urgency=low * debian/control: - Add build dependency libpoppler-dev. - Drop cupsys dependency xpdf-utils. * Added debian/patches/ubuntu-pdf2ps_poppler.patch: - Replace pdftops/pdftops.cxx with the latest version from xpdf-3.00 code; it was modified to use poppler's include files and use GooString instead of GString (a simple rename in poppler). - Adapt build rule. * debian/rules: Install newly built pdftops into /usr/lib/cups/. * debian/pdftops: Change path to pdftops from /usr/bin to /usr/lib/cups. * Removed debian/patches/06replacepdftops.patch: This patch prevented the building of pdftops/, but we want that again. -- Martin Pitt Tue, 24 May 2005 14:39:14 +0200 cupsys (1.1.23-7ubuntu1) breezy; urgency=low * Resynchronise with Debian. (#9281) * Fixed merging conflicts in debian/rules. * Dropped patch ubuntu-lppasswd_noexistingconf.patch, now included in Debian. * debian/cupsys.postinst: Include /etc/default/cupsys to make the #298040 patch effective (this somehow got lost in MOM). -- Martin Pitt Fri, 15 Apr 2005 13:20:17 +0200 cupsys (1.1.23-7) unstable; urgency=low * Drop /etc/cups/printers.conf and /etc/cups/classes.conf from configuration files. (closes: #298103) Migration will be done automatically. * Add /etc/default/cupsys. You can change force stop behavior by changing FORCE_RESTART in this file. (closes: #298040) * Add hplip to Suggests:. (closes: #297776) -- Kenshi Muto Sat, 5 Mar 2005 12:27:32 +0900 cupsys (1.1.23-6) unstable; urgency=medium * Fix missing adduser dependency in cupsys-client. (closes: #296849) * Apply parallel backend improvement patch. - don't receive signal during writing (closes: #296222) - fix 64bit problem (closes: #296223) -- Kenshi Muto Sat, 26 Feb 2005 08:07:39 +0000 cupsys (1.1.23-5) unstable; urgency=low * Improve postinst message (closes: #295642). Thanks Adam. -- Kenshi Muto Fri, 18 Feb 2005 21:23:10 +0900 cupsys (1.1.23-4) unstable; urgency=low * 20defaultport.patch is merged in upstream source. * ARGH, libcupsys2-dev should conflict/replace against <<1.1.22-3. Fix control file. (closes: #292879) * Remove obsolete README_fr.txt. (closes: #293274) -- Kenshi Muto Sun, 30 Jan 2005 08:35:17 +0900 cupsys (1.1.23-3) unstable; urgency=low * Remove $Id$ from config file: 07cvsremovetag.patch (closes: #291629) * Fix 'lppasswd does not work with nonexisting passwd file' by mpitt's patch: 41lppasswdnoexistingconf.patch (closes: 290011) -- Kenshi Muto Sat, 22 Jan 2005 12:23:46 +0900 cupsys (1.1.23-2) unstable; urgency=medium * Move defvalue declaration to begin block for compile on backports environment. Thanks Massimiliano. * Fix Cyclades serial port name: 40cycladeserial.patch (closes: #270375) * Upgrade shlibs of libcupsys2-gnutls10. cupsys-client needs newest libcupsys2-gnutls10 (closes: #289930, #289939). -- Kenshi Muto Mon, 10 Jan 2005 13:48:32 +0900 cupsys (1.1.23-1ubuntu12) hoary; urgency=low * debian/cupsys.init.d: - Make the start-stop-daemon invocation in restart use the schedule syntax (--retry TERM/10) to keep trying to kill cupsd for 10 seconds before it gives up. If it does fail, restart now fails gracefully, rather than bringing down the shell. (Ubuntu #7847) - Make the same changes to the stop target for consistency. -- Adam Conrad Tue, 22 Mar 2005 03:40:51 +0000 cupsys (1.1.23-1ubuntu11) hoary; urgency=low * debian/cupsys.postinst: - cleanup kill code somewhat - use pidof instead of ps aux output. should fix Debian bug#298040 - Don't die if the kill fails. -- LaMont Jones Thu, 17 Mar 2005 16:10:27 -0700 cupsys (1.1.23-1ubuntu10) hoary; urgency=low * debian/cupsys.postinst: - Remove "--home /" from adduser invocation; sometimes adduser chowns the home directory even if --no-create-home is given. - If upgrading from a previous version, chown / to 0:0 to fix the bug from previous releases. -- Martin Pitt Thu, 10 Mar 2005 08:30:42 +0100 cupsys (1.1.23-1ubuntu9) hoary; urgency=low * Updated debian/patches/ubuntu-fixconfdirperms.patch: - chmod /etc/cups/ppd to 2775 instead of 755 so that cupsd can actually write into it. (Ubuntu #6816) * Added debian/patches/ubuntu-slashprinternames.patch: - When determining the path to a PPD or interface file, replace slashes with underscores; otherwise the server will try to write into nonexisting subdirectories of e. g. /etc/cups/ppd/. (Ubuntu #6816) * Updated debian/patches/ubuntu-nowebadmin.patch: - Corrected the gnome-cumps-manager menu path on all web pages and translations. (Ubuntu #4725) -- Martin Pitt Mon, 28 Feb 2005 19:04:51 +0100 cupsys (1.1.23-1ubuntu8) hoary; urgency=low * debian/patches/ubuntu-localports.patch: - Removed "Browsing" patch hunk. * Added debian/patches/ubuntu-externalbrowseconf.patch: - Replace "Browsing" setting by "Include cupsd-browsing.conf" and update the documentation comment; this allows to enable/disable browsing without changing the main configuration file (which avoids dpkg questions on upgrades). - Enable "BrowseAddress @LOCAL" by default. * Added debian/local/cupsd-browsing.conf (single "Browsing" configuration parameter, default Off) and install it to /etc/cups/. * Added scripts to manage browsing status to debian/local and install them to /usr/share/cups/: - browsing_status: Return whether browsing is currently disabled (0), enabled (1) or there is a custom configuration (2). - enable_browsing: Enable (1) or disable (0) browsing. Only possible with non-custom configurations and with root privileges. * Backend part of Ubuntu bug #2251 (user-friendly browsing configuration). -- Martin Pitt Tue, 22 Feb 2005 13:46:02 +0100 cupsys (1.1.23-1ubuntu7) hoary; urgency=low * Reapply patch to background cupsd during startup. -- Thom May Thu, 20 Jan 2005 17:28:30 +0000 cupsys (1.1.23-1ubuntu6) hoary; urgency=low * Must create cupsys user _AFTER_ we create the lpadmin group. sigh. -- LaMont Jones Fri, 14 Jan 2005 15:01:21 -0700 cupsys (1.1.23-1ubuntu5) hoary; urgency=low * Need to possibly add cupsys user in cupsys-client postinst, too. -- LaMont Jones Fri, 14 Jan 2005 12:08:14 -0700 cupsys (1.1.23-1ubuntu4) hoary; urgency=low * Fix postrm to not horribly break debconf and die. -- LaMont Jones Thu, 13 Jan 2005 11:35:39 -0700 cupsys (1.1.23-1ubuntu3) hoary; urgency=low * debian/control: Added missing cupsys dependency 'procps'. * Moved lppasswd permission setup from cupsys.postinst to cupsys-client.postinst (to where it belongs). -- Martin Pitt Thu, 13 Jan 2005 11:27:09 +0100 cupsys (1.1.23-1ubuntu2) hoary; urgency=low * Added debian/patches/ubuntu-build_avoid_unknown_chown.patch: - systemv/Makefile: do not try to install lppasswd with owner CUPS_USER during build since user "cupsys" does not exist on the buildds; install it as root:root 755 instead * debian/cupsys.postinst: setup permissions of lppasswd to cupsys:root 4755 * Added debian/patches/ubuntu-lppasswd_noexistingconf.patch: - lppasswd tries to rename /etc/passwd.md5 to /etc/passwd.old; do not fail if the former does not exist (at the very first invocation of the program) * debian/rules: removed silly "DEB_DH_INSTALLINIT_ARGS := -n" introduced by some Ubuntu upload; this completely broke install/upgrade service stopping/starting/restarting * Added debian/patches/ubuntu-fixconfdirperms.patch: - scheduler/conf.c: chmod /etc/cups to 3755 instead of 755: + setgid forces the correct group (lpadmin) to files like passwd.md5 + sticky denies removing root-owned files by lpadmin members -- Martin Pitt Wed, 12 Jan 2005 12:06:30 +0100 cupsys (1.1.23-1ubuntu1) hoary; urgency=low * Merged new Debian version * Dropped patches (merged upstream): + 39CAN-2004-1125.patch + 40CAN-2004-1267.patch + 41CAN-2004-1268+1269+1270.patch * Moved change to cups/cups_C.h to ubuntu-nowebadmin.patch * Reworked the following patches to work with new version: + ubuntu-init.d.patch + ubuntu-runasuser.patch * Applied and removed Ubuntu-specific patches which patch files in debian/; this plays better with merge-o-matic and my fellow developers like it that way; however, it will make manual merges a pain: + ubuntu-init.d.patch + ubuntu-logrotate.patch + ubuntu-runasuser.patch (only the parts touching debian/) + ubuntu-runlevel-19.patch -- Martin Pitt Thu, 6 Jan 2005 10:21:18 +0100 cupsys (1.1.23-1) unstable; urgency=low * New upstream release * lprng disabled ipp feature since 3.8.26-1. Remove conflicts: lprng of cupsys. (closes: #288531) -- Kenshi Muto Tue, 4 Jan 2005 19:32:16 +0900 cupsys (1.1.22-8) unstable; urgency=high * Fix another security vulnerability since 1.1.21. Sigh... (closes: #287835) -- Kenshi Muto Fri, 31 Dec 2004 13:16:54 +0900 cupsys (1.1.22-7) unstable; urgency=medium * Use Depends: xpdf-utils instead of Recommends:. This is RC fix (closes: #287921) -- Kenshi Muto Fri, 31 Dec 2004 08:37:54 +0900 cupsys (1.1.22-6) unstable; urgency=high * Replaced upstream pdftops (derived from Xpdf) with pdftops.pl wrapper. pdftops.pl is made by Helge Blischke, GNU GPL licensed. CUPS 1.1.22 should enter to Sarge ASAP by some security reasons, but upstream pdftops prevents to enter because it has libgcc_s.so dependency and current gcc 3.4 faces difficult 'unwind' problem. Now I believe cupsys 1.1.22-6 can enter soon without waiting gcc problem. If you want to print PDF files directly, you need to install xpdf-utils. pdftops.pl calls pdftops in xpdf-utils package. * Fix typo in control file. -- Kenshi Muto Wed, 29 Dec 2004 14:59:28 +0000 cupsys (1.1.22-5) unstable; urgency=high * Apply upstream CVS patch (00cvs20041229.patch) This includes fix of buffer overflow possibility in scheduler. -- Kenshi Muto Wed, 29 Dec 2004 21:35:51 +0900 cupsys (1.1.22-4) unstable; urgency=high * Add Replaces migration for libcupsys2-dev. It solves 'libcupsys2-dev overwrite a file in cupsys' problem. (closes: #287609) -- Kenshi Muto Wed, 29 Dec 2004 02:43:09 +0000 cupsys (1.1.22-3) unstable; urgency=medium * Remove unwanted ldflag: Back 02configure.patch (closes: #286450) * Move fr/cups-config.1 to libcupsys2-dev (closes: #286449) Thanks for your above two bug reports, Henrique. * Note: [CAN-2004-1125] "xpdf buffer overflows" is already fixed in previous Debian revision (1.1.22-2) with upstream patch. -- Kenshi Muto Sat, 25 Dec 2004 23:40:15 +0900 cupsys (1.1.22-2) unstable; urgency=medium * Apply security fix patches from 1.1.23rc1. * Revert logrotate to use 'reload'. (closes: #271872) -- Kenshi Muto Sun, 19 Dec 2004 17:43:10 +0900 cupsys (1.1.22-1) unstable; urgency=low * New upstream release for unstable. Time is over, sarge isn't shipped. I checked 1.1.21 to 1.1.22 migration doesn't break ABI quickly, but I'm still scared... * Apply gcc-4.0 patch for amd64: 37gfxfont.patch (closes: #285601) * Do 'restart' instead of 'reload' when log is rotated. 'reload' sometime causes just shutdown daemon. (Unknown problem) * Fix equation in cupsys.postscript. (closes: #285205) * Apply Russell's patch: 38httpwait.patch (closes: #284829) (This is trial. If there is any grave problem by this, I'll off this patch) - Made http_wait() handle EINTR. This bug was causing cups to print multiple copies of reports on remote printers. - Lengthed the wait in ipp_http_read to handle connections running over the internet. The short wait was causing unwated multiple copies of reports to be printed. - While both these bugs need to be fixed, neither completely solves the original multiple copies problem. To solve that no data should be printed if there was a read error. * Add dependency version of smbclient. (closes: #284733) * Fix SIGSEGV when remote destination goes timeout: 39remotetimeout.patch (closes: #283500) -- Kenshi Muto Wed, 15 Dec 2004 18:58:55 +0900 cupsys (1.1.22-0.experimental4) experimental; urgency=low * "I'm tired waiting Sarge forever" release. I'm considering to upload 1.1.22 to unstable. * I forgot to copy files from unstable version... FTBFS is solved. (closes: #284574) * Downgrade gs-esp dependency to Recommends. I'm bore with attacks from stingy people. -- Kenshi Muto Tue, 7 Dec 2004 21:39:55 +0900 cupsys (1.1.22-0.experimental3) experimental; urgency=low * Rebuild with -sa. -- Kenshi Muto Tue, 7 Dec 2004 00:52:15 +0900 cupsys (1.1.22-0.experimental2) experimental; urgency=low * New upstream release -- Kenshi Muto Mon, 6 Dec 2004 23:10:18 +0900 cupsys (1.1.21-0.experimental2) experimental; urgency=low * Fix typo in templates and unfuzzied po files. (closes: Bug#274851) * Update German translation (closes: Bug#274828) * Make pam.d/cupsys standard @include style (closes: Bug#265299) * Set up group lpadmin in postinst instead of rules. Because lpadmin isn't there on initial build environemnt (closes: Bug#274985) -- Kenshi Muto Mon, 4 Oct 2004 23:09:51 +0900 cupsys (1.1.21-0.experimental1) experimental; urgency=low * Experimental. * new upstream version. -- Kenshi Muto Sun, 3 Oct 2004 18:15:23 +0900 cupsys (1.1.20final+rc1-10ubuntu8) hoary; urgency=low * debian/patches patches patching debian/. sigh. -- LaMont Jones Tue, 4 Jan 2005 09:29:48 -0700 cupsys (1.1.20final+rc1-10ubuntu7) hoary; urgency=low * Ignore errors on the stop phase of restart. Closes: warty#4504 -- LaMont Jones Mon, 3 Jan 2005 20:10:54 -0700 cupsys (1.1.20final+rc1-10ubuntu6) hoary; urgency=low * SECURITY UPDATE: fixed multiple buffer overflows * Added patch 39CAN-2004-1125.patch: - cupsys contains code from xpdf, therefore CAN-2004-1125 applies, too. - References: CAN-2004-1125 http://www.idefense.com/application/poi/display?id=172 * Added patch 40CAN-2004-1267.patch: - filter/hpgl-input.c, ParseCommand(): Prevent reading an arbitrary string into statically sized buffer "buf"; clip string if necessary. - patch taken from http://www.cups.org/str.php?L1024+P0+S-2+C0+I0+E0+Qhpgl - Thanks to Ariel Berkman for spotting this. - References: CAN-2004-1267 http://tigger.uic.edu/~jlongs2/holes/cups.txt * Added patch 41CAN-2004-1268+1269+1270.patch: fix several vulns in systemv/lppasswd.c: - Check return value of fputs() and fprintf() when writing to the new password file. When ignoring them, an user can truncate the new passwd file by filling up the disk at the right moment. Now unlink the file on error and print out a message. - If the passwd.new file reaches the maximum file size system limit, the new file was not deleted, thus lppasswd could not be used again. Now ignores all relevant signals and unlinks the new file on write error. - Check that the output file is not stdin, stdout, or stderr; otherwise error messages would be written into the output file which would destroy it. - Thanks to Bartlomiej Sieka for spotting this. - References: CAN-2004-1268 CAN-2004-1269 CAN-2004-1270 http://tigger.uic.edu/~jlongs2/holes/cups2.txt -- Martin Pitt Thu, 23 Dec 2004 11:18:50 +0100 cupsys (1.1.20final+rc1-10ubuntu5) hoary; urgency=low * Start cupsys using its -F switch and explicitly background it with start-stop-daemon; this shaves seconds off the boot process. * Rename debian/patches/ubuntu-runlevel-12.patch to ubuntu-runlevel-19.patch, moving the start point from 12 to 19 and migrating users who were at both 20 and 12. -- Scott James Remnant Thu, 9 Dec 2004 09:28:35 +0100 cupsys (1.1.20final+rc1-10ubuntu4) hoary; urgency=low * Unbreak debian/patches/ubuntu-nowebadmin.patch, so that it does not create other patches in debian/patches (jp-nowebadmin.patch moved to debian/local), or .orig files. * Add debian/patches/ubuntu-runlevel-12.patch, which moves the runlevel of the init script to 12, and performs the migration accordingly. -- Daniel Stone Mon, 6 Dec 2004 17:30:45 +0100 cupsys (1.1.20final+rc1-10ubuntu3) hoary; urgency=low * SECURITY: still CAN-2004-0888. Updated patch 36pdftopsoverflow.patch: - pdftops/gmem.[ch]: change declarations of gmalloc and grealloc to use size_t instead of int; int truncated sizes to 32 bits, which made xpdf still vulnerable to integer (and eventually buffer) overflow attacks on 64 bit platforms like amd64. - pdftops/Xref.cxx: fix several unchecked negative integer conditions * Thanks to Marcus Meissner for providing the patches. -- Martin Pitt Mon, 1 Nov 2004 14:37:58 +0100 cupsys (1.1.20final+rc1-10ubuntu2) hoary; urgency=low * Fixed debian/patches/ubuntu-localports.patch: do not comment out the 'Listen' statement (Warty bug #3009). -- Martin Pitt Fri, 29 Oct 2004 08:50:56 +0200 cupsys (1.1.20final+rc1-10ubuntu1) hoary; urgency=low * Resynchronized to Debian * Now keep all Ubuntu specific modification as patches prefixed with "ubuntu-" to ease further merges: - ubuntu-auxgroups: allow cupsd to run in auxilliary groups - ubuntu-init.d: pretty initscript, make /usr/share/cups/model lpadmin-writeable to install custom printer drivers - ubuntu-localports: listen on localhost port only by default - ubuntu-logrotate: use 'restart', not 'reload' to restart cupsd after log rotation (reload does not exist any more) - ubuntu-nowebadmin: display a red warning on the web interface that administrative functions are disabled for security reasons - ubuntu-runasuser: do not run as 'root', but as 'cupsys' by default * Ubuntu-specific debian/rules (can't be patched): - configure with --with-cups-user=cupsys - apply patch debian/patches/ja-nowebadmin.ptch (must be done after uudecoding ja.tar.gz.uu) -- Martin Pitt Thu, 28 Oct 2004 23:56:54 +0200 cupsys (1.1.20final+rc1-8) unstable; urgency=medium * Apply GNU Hurd configure patch for fix FTBFS. (closes: Bug#274599) * Improve patch test routine. (closes: Bug#272952, Bug#274564) -- Kenshi Muto Sun, 3 Oct 2004 13:07:43 +0900 cupsys (1.1.20final+rc1-7) unstable; urgency=medium * Fix french debconf translation (closes: Bug#272520). This update is important because previous version shows illegal debconf choice in French. -- Kenshi Muto Tue, 21 Sep 2004 22:31:54 +0900 cupsys (1.1.20final+rc1-6) unstable; urgency=high * Applied patch from Alvaro Martinez Echevarria to fix daniel of service [scheduler/dirsvc.c, CAN-2004-0558] * Apply GNU/Hurd patch (closes: Bug#263526) * Update pt_PR debconf translation (closes: Bug#264096) * Remove directory before making symlink (closes: Bug#270741) -- Kenshi Muto Tue, 24 Aug 2004 10:31:32 +0900 cupsys (1.1.20final+rc1-5) unstable; urgency=low * Apply anonymous patch for /jobs. This patch avoids many client-error-forbidden. (closes: Bug#184361) cupsd.conf will be automatically modified to use basic user authentication (Add AuthType Basic AuthType User). -- Kenshi Muto Wed, 4 Aug 2004 09:13:02 +0900 cupsys (1.1.20final+rc1-4) unstable; urgency=medium * Wait 10 seconds after reload for samba restart problem. (closes: Bug#260969) * Update Czech debconf translation (closes: Bug#260862) * Built against libtiff4. * Build against libgnutls11. (Though package name is still libcupsys2-gnutls10) -- Kenshi Muto Mon, 26 Jul 2004 22:12:18 +0900 cupsys (1.1.20final+rc1-3) unstable; urgency=high * Change guess order of USB device name for FHS compliant. (closes: Bug#259965) -- Kenshi Muto Sun, 18 Jul 2004 04:54:58 +0900 cupsys (1.1.20final+rc1-2) unstable; urgency=medium * Replace set-as-default icon of Japanese. Thanks Tomo-p. * Provides libcupsys2 dummy package for smooth transition. (closes: #259378) -- Kenshi Muto Wed, 14 Jul 2004 19:10:43 +0900 cupsys (1.1.20final+rc1-1) unstable; urgency=low * Apply a patch for fixing typo in DE templates. (Closes: Bug#250883) * New upstream source, 2004-07-03 CVS. * Add netbase dependency for cupsys-bsd. * Move certs files to /var/lib/cups/certs. (Closes: Bug#254153) -- Kenshi Muto Wed, 26 May 2004 08:46:35 +0900 cupsys (1.1.20final+cvs20040330-4) unstable; urgency=medium * Now libgnutls10 migration starts at 'unstable'/'testing'. Packages depending libcupsys2 should be rebuit with newer libcupsys2-dev. * Fix log rotation problem by adding 'sharedscripts' to /etc/logrotate.d/cupsys. (Closes: Bug#249023) -- Kenshi Muto Tue, 25 May 2004 08:14:44 +0900 cupsys (1.1.20final+cvs20040330-3experimental2) experimental; urgency=medium * Rename libcupsys2 to libcupsys2-gnutls10. This package doesn't 'Provides: libcupsys2' to migrate libgnutls10. Sebastien Bacher plans cups/libgnutls10 migration. * Add notes about backend configuration to README.Debian. * Fix (I hope) log rotation problem by adding sharedscripts to /etc/logrotate.d/cupsys. (Closes: Bug#249024) -- Kenshi Muto Sat, 15 May 2004 11:17:16 +0900 cupsys (1.1.20final+cvs20040330-3) unstable; urgency=low * Remove EXPORT_SSLLIBS variable from cups-config (Closes: Bug#246102). -lgnutls isn't necessary by software using libcups. * Apply PJL detection patch from upstream. * Translations - Updated Turkish debconf messages (Closes: Bug#246075). Thanks Recai and Gurkan. -- Kenshi Muto Wed, 28 Apr 2004 00:23:59 +0900 cupsys (1.1.20final+cvs20040330-2) unstable; urgency=low * Fix typo in HOWTO_BUGREPORT.txt. * Translations - Update Dutch debconf messages (Closes: Bug#242260). Thanks Tim. -- Kenshi Muto Tue, 6 Apr 2004 19:16:48 +0900 cupsys (1.1.20final+cvs20040330-1) unstable; urgency=low * New upstream CVS * Revert pstops to old 1.1.20. (Closes: Bug#240792) * Translations - Updated Danish debconf messages. -- Kenshi Muto Fri, 26 Mar 2004 19:00:01 +0900 cupsys (1.1.20final+cvs20040317-4) unstable; urgency=low * Chagnge backend question priority to low. (Closes: Bug#238847) When you use PPC, parallel backend will be removed from default choice automatically. If you want to use parallel (and you know what you will do), please run 'dpkg-reconfigure cupsys'. * Translations - Updated Danish debconf messages (Closes: Bug#239256). Thanks Claus. - Updated French debconf messages (Closes: Bug#239756). Thanks Christian. -- Kenshi Muto Wed, 24 Mar 2004 22:30:28 +0900 cupsys (1.1.20final+cvs20040317-3) unstable; urgency=low * Remove sysvinit. This package is essential. Thanks Thomas. * Now choice menu is translatable (Closes: Bug#238821). * Updated French debconf messages. Thanks Christian. * Add socket to default choice. I think this backend doesn't cause hang up anywhere. -- Kenshi Muto Fri, 19 Mar 2004 17:16:48 +0900 cupsys (1.1.20final+cvs20040317-2) unstable; urgency=medium * Add sysvinit in dependency. (Closes: Bug#238763) * Updated Brazilian Portuguese debconf messages. Thanks Andre. * Fix printers.cgi crash (Closes: Bug#238800) * Updated Japanese templates & images. -- Kenshi Muto Fri, 19 Mar 2004 09:00:04 +0900 cupsys (1.1.20final+cvs20040317-1) unstable; urgency=low * New CVS release. * Add asking about backend program. This is not best way to solve PPC crash / i386 serial hang-up, but at least user can choose what he/she want to use. serial backend becomes 'not use' by default. Add notice about 'parallel of PPC may cause a problem'. (closes: Bug#237613, Bug#233529, Bug#211677, Bug#224760) * Updated Spanish debconf messages (closes: Bug#236470). Thanks Carlos. * Updated Danish debconf messages. Thanks Claus. * Updated French debconf messages. Thanks Christian. * Updated Czech debconf messages. Thanks Miroslav. -- Kenshi Muto Sat, 6 Mar 2004 21:36:35 +0900 cupsys (1.1.20final-16) unstable; urgency=low * Improved init.d/cupsys message (closes: Bug#235693). Thanks Lee. * Add Czech debconf messages (closes: Bug#236276). Thanks Miroslav. -- Kenshi Muto Tue, 2 Mar 2004 09:13:07 +0900 cupsys (1.1.20final-15) unstable; urgency=low * Add conflicts lprng for avoid conflicting ipp support. * Add Danish debconf messages (closes: Bug#233067). Thanks Claus. * Apply current CVS patch. -- Kenshi Muto Sat, 14 Feb 2004 18:10:54 +0900 cupsys (1.1.20final-14) unstable; urgency=medium * Apply loop avoid patch. (closes: Bug#231676) Thanks Ray. -- Kenshi Muto Wed, 11 Feb 2004 14:59:46 +0900 cupsys (1.1.20final-13) unstable; urgency=medium * Use pidof instead of start-stop-daemon for stopping cupsys. I hope this will fix Bug#228967. -- Kenshi Muto Thu, 22 Jan 2004 09:12:25 +0900 cupsys (1.1.20final-12) unstable; urgency=low * Fix incorrect root detection routine (closes: Bug#227733). THanks David. * Continue to install whether deluser is failed (for NIS/LDAP). * 22ipprewrite.patch has critical bug. Fixed by better patch. (closes: Bug#162613) -- Kenshi Muto Sat, 17 Jan 2004 12:57:47 +0900 cupsys (1.1.20final-11) unstable; urgency=low * Improved cupsys stop check. * Apply username patch for Solaris lpd printing (closes: Bug#228078). Thanks Lionel. -- Kenshi Muto Sat, 17 Jan 2004 12:28:15 +0900 cupsys (1.1.20final-10) unstable; urgency=low * Apply Brazilian Portuguese debconf message (closes: Bug#227445). Thanks Andre. * Show verbose message when cups won't stop. -- Kenshi Muto Wed, 14 Jan 2004 08:38:55 +0900 cupsys (1.1.20final-9) unstable; urgency=low * Apply patch for avoid infinite loop (closes: Bug#225625). * Apply patch for http password authenticaion cache (closes: Bug#227143). -- Kenshi Muto Mon, 12 Jan 2004 12:00:17 +0900 cupsys (1.1.20final-8) unstable; urgency=low * Fix typo in lpadmin.8.gz (one of Bug#226149). Thanks Dan. * Unfortunately, I heard cupsys won't stop when upgrading. I implemented Force-stop routine into postinst (closes: Bug#222464, Bug#226140). -- Kenshi Muto Mon, 5 Jan 2004 21:11:30 +0900 cupsys (1.1.20final-7) unstable; urgency=low * Argh, I forgot to apply default port patch. -- Kenshi Muto Tue, 30 Dec 2003 23:01:29 +0900 cupsys (1.1.20final-6) unstable; urgency=low * Apply Dutch debconf translation (closes: Bug#225410). Thanks Tim. * Set default port when any Port/Listen isn't defined (closes: Bug#225208). -- Kenshi Muto Tue, 30 Dec 2003 08:57:10 +0900 cupsys (1.1.20final-5) unstable; urgency=low * Add pdftops.conf into /etc/cups/. This file is symlink to /etc/xpdf/xpdfrc, and configuration for pdftops tool. -- Kenshi Muto Sun, 21 Dec 2003 11:45:38 +0900 cupsys (1.1.20final-4) unstable; urgency=low * Fix cups* commands don't work (closes: Bug#224585). Thanks Rainer. -- Kenshi Muto Sat, 20 Dec 2003 20:52:24 +0900 cupsys (1.1.20final-3) unstable; urgency=low * Apply patch into lpd.c for true compatible with RFC1179 (closes: Bug#223432). Thanks Lionel. * Hmm, PJL patch causes a problem. Since I don't have any PJL printers, I simply unapply PJL patch and reopen Bug#220611 (closes: Bug#223748) -- Kenshi Muto Fri, 12 Dec 2003 18:32:58 +0900 cupsys (1.1.20final-2) unstable; urgency=low * Apply PJL patch (closes: Bug#220611). Thanks Zed. -- Kenshi Muto Sat, 6 Dec 2003 10:42:37 +0900 cupsys (1.1.20final-1) unstable; urgency=low * New upstream release * cupsys set UTF-8 as defaultCharset, but it causes some browsing problem, and looks don't need indeed. I changed defaultCharset to invalid value. It will fix French screen (closes: Bug#221904). * Fix dependency with libgnutls7 by dirty trick. I hope libgnutls7 maintainer will fix Bug#221309. -- Kenshi Muto Tue, 25 Nov 2003 19:17:57 +0900 cupsys (1.1.20candidate6-6) unstable; urgency=low * Set fixed version into Depends for cupsys, cupsys-client. -- Kenshi Muto Mon, 17 Nov 2003 21:35:55 +0900 cupsys (1.1.20candidate6-5) unstable; urgency=high * I'm sorry but openssl license conflicts. I use libgnutls (closes: Bug#220902). * Add euc-jp text. -- Kenshi Muto Sat, 15 Nov 2003 23:55:06 +0900 cupsys (1.1.20candidate6-4) unstable; urgency=low * Add French translation (closes: Bug#220805). Thanks, Christian. * openssl, popular SSL implementation, becomes Debian main, so I think it is no reason for using libgnutls. I changed depends openssl instead of libgnutls. -- Kenshi Muto Sat, 15 Nov 2003 10:24:38 +0900 cupsys (1.1.20candidate6-3) unstable; urgency=low * Remove -Wl from configure (closes: Bug#194353) * Remove /etc/sups/raw.* when purged (closes: Bug#198126) * Remove always Content-Type charset header. This is test (and ad-hoc) case. I'll unapply if this patch causes a problem. * Add Japanese resource. -- Kenshi Muto Thu, 13 Nov 2003 23:02:40 +0900 cupsys (1.1.20candidate6-2) unstable; urgency=medium * Fix FTBFS build error (closes: Bug#220534) -- Kenshi Muto Thu, 13 Nov 2003 15:52:00 +0900 cupsys (1.1.20candidate6-1) unstable; urgency=low * New upstream. * Rename filter, backend man page (closes: Bug#220500). -- Kenshi Muto Wed, 12 Nov 2003 23:41:02 +0900 cupsys (1.1.19final-4) unstable; urgency=low * "Welcome patch" release. * Transited packaging system to CDBS. This release wll be final version for 1.1.19. I'll upload 1.1.20candidate version at next time. * libcupsimage2.so.2 links libcupsys.so.2. (closes: Bug#193618) -- Kenshi Muto Mon, 10 Nov 2003 10:01:58 +0900 cupsys (1.1.19final-3) unstable; urgency=low * Fix check routine of Printcap. (closes: Bug#200278) * Removed "suggests qtcups". (closes: Bug#197267) -- Kenshi Muto Fri, 7 Nov 2003 21:43:39 +0900 cupsys (1.1.19final-2) unstable; urgency=low * lpadmin group included root user, but I didn't understand why it needs. This may cause security problem, so I remove this process and remove root from lpadmin group. (closes: Bug#214746) * Support large file. (closes: Bug#215568) * Support log rotation. (closes: Bug#200704) * Force enable PAM (closes: Bug#183211, Bug#181512) -- Kenshi Muto Thu, 6 Nov 2003 18:31:02 +0900 cupsys (1.1.19final-1.5) unstable; urgency=low * New maintainer (acknowledged from Jeff Licquia). Thanks Jeff! * Changed templates.* to po-debconf style (closes: Bug#199236). * Added Japanese debconf translation (closes: Bug#202273). -- Kenshi Muto Thu, 6 Nov 2003 09:50:29 +0900 cupsys (1.1.19final-1.4) unstable; urgency=low * Non-maintainer upload * Removed '#include ' line from image.h from the version in libcupsimage2-dev with debian/image.h.patch (Closes: #200427) -- Roland Stigge Thu, 4 Sep 2003 14:04:15 +0200 cupsys (1.1.19final-1.3) unstable; urgency=low * Non-maintainer upload * cupsys Replaces: and Conflicts: cupsys-pstoraster (Closes: #206547) NOTE: the Conflicts: was made versioned (<< 2) not to Conflict with gs-esp which provides cupsys-pstoraster. * Build-Depends: libpam0g-dev (new) instead of libpam-dev (removed from archive) -- Roland Stigge Wed, 3 Sep 2003 19:33:09 +0200 cupsys (1.1.19final-1.2) unstable; urgency=low * NMU. * Completely remove dependency on libgnutls5-dev. -- Robin Verduijn Wed, 27 Aug 2003 18:08:50 -0100 cupsys (1.1.19final-1.1) unstable; urgency=low * NMU. * Built against libgnutls7-dev instead of (obsolete) libgnutls5-dev. Closes: #203059. -- Robin Verduijn Tue, 26 Aug 2003 19:28:21 -0100 cupsys (1.1.19final-1) unstable; urgency=high * New upstream final release. DoS attack fixed; thus the urgency. * Rebuilt with the latest libpng-dev, and fixed the explicit deps in the control file. * Removed rpath statment from output of cups-config --ldflags. Closes: #194262. -- Jeff Licquia Thu, 29 May 2003 20:44:48 -0500 cupsys (1.1.19candidate4-1) unstable; urgency=low * New upstream release candidate. * Includes upstream fix to the problem with 100% CPU consumption. Closes: #189795. * Added a dh_makeshlibs call for libcupsimage2. * Made libcupsys2 conflict with cupsys-driver-gimpprint versions built before the libcupsimage split. Closes: #189175. * Move /etc/printcap.cups to /var/run/cups/printcap, since it's generated and non-editable. Also, take care of the /etc/printcap symlink. Closes: #187954. * Per suggestion from the KDE project, suggest the kdeprint package instead of the kdelibs3-cups package. -- Jeff Licquia Sat, 10 May 2003 13:05:33 -0500 cupsys (1.1.19candidate1-3) unstable; urgency=low * Make libcupsys2 conflict with gs-esp versions built before the libcupsimage split. This is part of the fix for bug 189175. * Add a dep on libgnutls-dev for libcupsys2-dev. Closes: #190877. -- Jeff Licquia Mon, 28 Apr 2003 10:57:03 -0500 cupsys (1.1.19candidate1-2) unstable; urgency=low * Set Replaces: on cupsys-client to cover the move of the French man page for cupstestppd. Closes: #189737, #190042. * Add cupsys-pt and xpp to Suggests for cupsys-client. Closes: #168399, #170929. * Added some more example filters: mailto and pstopdf. Closes: #152001. * Pass --system to addgroup when adding the lpadmin group. Closes: #189835. * Set section for the -dev packages to "libdevel". * Fix shlibs files for libcupsys2 and libcupsimage2 to reference the right package versions. Closes: #174391. -- Jeff Licquia Tue, 22 Apr 2003 14:27:43 -0500 cupsys (1.1.19candidate1-1) unstable; urgency=low * New upstream version. I will try to follow upstream's new release policy by uploading release candidate versions to unstable. * Wrote a new GNU TLS patch, which was accepted by upstream. Re-enable SSL support based on this. * Based on recent upstream work, wrote a libpaper patch which has also been accepted upstream. Closes: #60035, #88597, #101591. * Upstream fix included to allow SLP-only browsing support to work. Closes: #178380. * Updated the Spanish debconf template for cupsys-bsd. Closes: #167171. * Added cupstestppd to cupsys-client. Closes: #176941. * Don't respect TMPDIR if we don't have write permissions to that directory. Closes: #176725. -- Jeff Licquia Sat, 12 Apr 2003 14:36:20 -0500 cupsys (1.1.18-3) unstable; urgency=low * Split libcupsimage into its own package. Closes: #187897. * Added versioned build-dep on debhelper >= 2. -- Jeff Licquia Tue, 8 Apr 2003 02:59:57 -0500 cupsys (1.1.18-2) unstable; urgency=high * Disable SSL again. Inexplicably, the GNU TLS people put the OpenSSL compatibility layer under the GPL, not the LGPL. This forces the effective license on libcupsys2 to GPL, which I'm not comfortable with. The urgency reflects possible license conflicts for apps that link to libcupsys2. Closes: #168056. * Add a debconf question to ask whether unrecognized application/octet-stream jobs should be printed as raw jobs. * Forward-port some of the security fixes from woody. * Set the default group for lppasswd to "lpadmin", in keeping with the default in cupsd. Closes: #172842. * Replaced the conflict with manpages-fr, versioned this time to allow for easy upgrades. Also added a Replaces entry for it. -- Jeff Licquia Sun, 5 Jan 2003 23:36:50 -0500 cupsys (1.1.18-1) unstable; urgency=high * New upstream version. This is a security update for problems that include remote root exploits - thus the urgency. * Remove the conflict with manpages-fr per reports that the offending files are now all gone. Closes: #158500. -- Jeff Licquia Fri, 20 Dec 2002 03:27:18 -0500 cupsys (1.1.16-4) unstable; urgency=low * Documentation updates. * Change the GNU TLS patch to more explicitly control which SSL library is linked to, and support switching SSL libraries in the build. By default, the package will not use OpenSSL, so autobuilders won't accidentally build it that way. Closes: #167489. * Add libgnutls-dev to the Dependencies for libcupsys2-dev. * Set the proper permissions on cupsys-client man pages. -- Jeff Licquia Sat, 9 Nov 2002 16:39:54 -0500 cupsys (1.1.16-3) unstable; urgency=low * Totally nuke all script modifications for dh_installinit; do it all manually instead. Closes: #166878. -- Jeff Licquia Tue, 29 Oct 2002 23:06:20 -0500 cupsys (1.1.16-2) unstable; urgency=low * Add libpam-dev to Build-Depends. Closes: #166556. * Update clean target in debian/rules to clean a few more files that are missed by the Makefiles. * Remove SFont.cxx and T1Font.cxx from the pdftops Makefile; these two files aren't needed, and including them would pull in a build dep on xlibs-dev, which is bad news. Closes: #166716. * Tell dh_installdocs to not mess with the postinst/prerm, so the compatibility symlinks aren't created. -- Jeff Licquia Tue, 29 Oct 2002 00:45:38 -0500 cupsys (1.1.16-1) unstable; urgency=low * New upstream version... Closes: #165631. * ...which includes bugfixes to several BSD utilities to avoid segfaulting when certain options are misused. Closes: #159597. * Add upstream patch to scheduler that fixes certain printer operations in the web interface. * Re-enabled SSL support using the OpenSSL compatibility library in libgnutls. Closes: #150600. * Use our own logic for stopping/restarting cupsd on upgrade, instead of relying on dh_installinit. Closes: #160345, #164435. * Make cupsys-client Recommend cupsys-bsd. Closes: #157974. * Make sure we remove everything in /var/spool/cups on purge. Closes: #163571. * Make force-reload send SIGHUP, since policy prefers that mode of operation. * Add dependencies for libcupsys2-dev on the image libraries we need. Closes: #166451. -- Jeff Licquia Sat, 26 Oct 2002 19:37:56 -0500 cupsys (1.1.15-4) unstable; urgency=low * Fix segfault in lp when passing "-q" by itself as the last option. Closes: #150819. * Make the switch to libpng3, now that woody is out. Closes: #156622. * It seemed that the rastertoepson filter occasionally lost its cookies under certain circumstances and passed NULL for a field. Cancel the pending job if that happens. Closes: #147119. * Remove .cvsignore files. * Turned browsing back on by default. With no BrowseAddresses set, no broadcast packets will go out, but cupsd will recognize and accept incoming packets. Closes: #155574. -- Jeff Licquia Tue, 20 Aug 2002 15:51:45 -0500 cupsys (1.1.15-3) unstable; urgency=low * Reorganized the French man pages so they appear in the proper packages. * Declared a Conflict between cupsys-bsd and manpages-fr, as the latter package includes man pages for lpr, lpq, and lprm. * Move lpinfo and lpmove utilities to cupsys-client, where they belong. * Added patch from upstream that fixes some problems with Orientation settings made by some PostScript generators. Closes: #155534. * Fixed compiler settings for the static and shared versions of libcupsys2. -- Jeff Licquia Sun, 11 Aug 2002 02:45:02 -0500 cupsys (1.1.15-2) unstable; urgency=high * Removed SSL support again due to license infection problems. Closes: #154792. * Removed the preformatted French man pages. -- Jeff Licquia Mon, 29 Jul 2002 19:02:21 -0500 cupsys (1.1.15-1) unstable; urgency=low * New upstream version. * Removed cupsys-pstoraster (since it's no longer provided in CUPS), and rely on gs-esp instead for its functionality. * Enabled SSL support and updated copyright file to reflect license change. Closes: #150600. * Applied patch from upstream that causes the cupsd foreground process to wait until the daemon is ready before exiting. Also, changed init script to wait on the daemon before continuing. Closes: #150426. * Moved /etc/cups/certs to /var/spool/cups/certs. Closes: #144887. * Split out German and Portugese debconf templates into separate files, and added French, Russian, and Spanish files. Closes: #137630, #138068, #142904. * Make cupsys Recommend smbclient, and handle symlinking smbspool to /usr/lib/cups/backend/smb if it's available. Closes: #82690. * Make cupsys Suggest foomatic-bin for cupsomatic, so that linuxprinting.org PPDs work. Closes: #146655. * Add examples/filters directory to cupsys and added the contributed DVI filter to it. Users can copy the filter and config files into place themselves to get the functionality. Closes: #55013, #136496. * Fixed a bug where "-" filters are rejected in some cases. -- Jeff Licquia Mon, 29 Jul 2002 00:33:00 -0500 cupsys (1.1.14-3) unstable; urgency=low * Changed libpng dependency to "libpng2 | libpng" to accomodate the current libpng policy. * Changed adduser dep so that the proper adduser (that does root) is available for the postinst. Closes: #133709. * Removed spaces from init script output. Closes: #133262. * Set TZ in init script to REALLY fix timezone problem. Closes: #130676. -- Jeff Licquia Sat, 9 Mar 2002 23:48:41 -0500 cupsys (1.1.14-2) unstable; urgency=high * Remove all the stuff about setting the lpd backend setuid; per upstream, we don't need it anymore, and it's a security hole. -- Jeff Licquia Sun, 17 Feb 2002 18:52:45 -0500 cupsys (1.1.14-1) unstable; urgency=high * New upstream version. * Fixes more buffer overflows not covered in the previous patch; thus the urgency. -- Jeff Licquia Wed, 13 Feb 2002 22:40:50 -0500 cupsys (1.1.13-2) unstable; urgency=high * Fix potentially exploitable buffer overflow in cups/ipp.c. -- Jeff Licquia Sat, 9 Feb 2002 21:27:41 -0500 cupsys (1.1.13-1) unstable; urgency=low * New upstream version. * Silly me. fopen() returns NULL, not non-NULL, when it fails. :-) Closes: #130532, #131433. -- Jeff Licquia Sat, 2 Feb 2002 16:10:20 -0500 cupsys (1.1.12-5) unstable; urgency=low * Fix man page references so, e.g., references go from backend(1) to cups-backend(1). Closes: #126811. * Oops! Debian has time_t->tm_gmtoff, which is defined to have the opposite sign of timezone. Is it that way on BSD? Anyway, reverse the sense of the sign for time_t->tm_gmtoff if we use that. Closes: #126195. * Add header for gs_malloc to pstoraster/gscrdp.c, to prevent problems with implicit declaration on 64-bit systems. Closes: #126002. * cgi-bin/admin.c: Be a little bit more paranoid about one's ability to write to tempfiles. Closes: #122324. * Enabled OpenSLP support. * Cleaned up Priorities and Sections. -- Jeff Licquia Sun, 20 Jan 2002 02:14:35 -0500 cupsys (1.1.12-4) unstable; urgency=low * Move cups-lpd man page to cupsys-bsd. Closes: #122311. * Oops! Lost the patch to allow "cupsaccept", etc. commands. Closes: #123280. * Minor change to the init script output. Closes: #121938. * Changed choose-uri.tmpl to be a little more clear. Closes: #117376. * Moved CUPS document root from /usr/share/doc/cupsys to /usr/share/cups/doc-root, and created a symlink from /u/s/d/cupsys/online-docs to it. It turns out that serving files via CUPS from /usr/share/doc is a policy violation. Closes: #120923. * Fixed a small problem when upgrading from potato libcupsys1-dev to current libcupsys2-dev. -- Jeff Licquia Mon, 17 Dec 2001 00:58:41 -0500 cupsys (1.1.12-3) unstable; urgency=low * Fix libcupsys2 shlibs file to provide the proper dependency information. Closes: #121405. * Oops! Make sure SSL support isn't built yet. -- Jeff Licquia Wed, 28 Nov 2001 11:41:17 -0500 cupsys (1.1.12-2) unstable; urgency=low * It helps to run autoconf after making a change to the configure script. :-) CXX=$CC change wasn't propagated, making the build fail on hppa. -- Jeff Licquia Mon, 26 Nov 2001 12:01:58 -0500 cupsys (1.1.12-1) unstable; urgency=low * New upstream version. Closes: #119162. * Updated Standards-Version. * Made cupsys depend on debconf. * Removed -Wl,rpath from config-scripts/cups-sharedlibs.m4. * Removed explicit libcupsys dep from cupsys. * Removed "CXX=$CC" from config-scripts/cups-compiler.m4. * Removed .SILENT from Makedefs so the build isn't silent anymore. * On devfs, look in /dev/printers as well as /dev/parallel. (Do we still need /dev/parallel?) Closes: #114063. * Changed internal file: device URI type to test:, since (per upstream) it's not intended for anything other than to test filters. See bug #115252 or README.Debian for more info. -- Jeff Licquia Sun, 25 Nov 2001 11:21:32 -0500 cupsys (1.1.10-4) unstable; urgency=low * Switched cupsenable and cupsdisable symlinks to always point to /usr/sbin/accept to prevent them from breaking when files move around (as they did recently). Closes: #114006. * It turns out that libcupsys needs to make temp files in /var/spool/cups/tmp, so that dir needs to be in the package. Closes: #115154. * Related to the above, when creating temp files, don't loop when the open fails unless the return value is EEXIST. Thanks to Brian Ristuccia for the suggestion. * Honor the DEB_BUILD_OPTTIONS "debug" setting. * Per policy, make sure we build with -D_REENTRANT. * Don't remove /var/spool/cups in the cupsys postrm when purging. * Added German description to template. Closes: #113604. * Added Portuguese description to cupsys-bsd template. Closes: #106131. -- Jeff Licquia Thu, 18 Oct 2001 23:07:34 -0500 cupsys (1.1.10-3) unstable; urgency=low * Scale back a bit on aggressiveness on purging cupsys, as it can cause us to remove the cupsys-client conffile. * It turns out that client.conf is parsed by libcupsys2, not cupsys-client, so it needs to switch packages. * Changed PAM code so it attempts to open the "cupsys" PAM config file, instead of the "cups" one. Not sure how this broke again. Closes: #110651. * Per request, implemented the "reload" option in the init script. -- Jeff Licquia Wed, 19 Sep 2001 21:53:48 -0500 cupsys (1.1.10-2) unstable; urgency=low * Added Conflicts: on cupsys-pstoraster with older cupsys packages because of moved files. Closes: #106107. * Fixed bug concerning update-inetd handling; it was removing the inetd entry for the lpd server in cupsys-bsd with every upgrade. Closes: #109298. -- Jeff Licquia Thu, 30 Aug 2001 23:14:08 -0500 cupsys (1.1.10-1) unstable; urgency=low * New upstream version - with Makefile oops fixed (1.1.10-1 upstream). * Fixed lpadmin group creation so NIS-style lpadmin group is recognized. Closes: #78895, #107744. * Replaced kups with kdelibs3-cups in Suggests: lines, and reorganized Suggests line. Closes: #109695. * Moved Suggests for all add-on clients to cupsys-client. * Fixed purge so /etc/cups is completely cleaned out. Closes: #108488. * Moved filter and backend man pages to cups-filter and cups-backend to avoid conflicts with other packages. Closes: #107629. * Made the lpd backend non-setuid, and created a low-priority debconf question to handle the few who really need it setuid. Closes: #77617. * Altered cupsys-bsd postinst; always remove any inetd lines when removing the package (we'll put it back later if we're just upgrading). -- Jeff Licquia Tue, 28 Aug 2001 00:43:36 -0500 cupsys (1.1.9-1.1) unstable; urgency=low * NMU * Fix gcc 3.0/hppa build problems. Closes: #104620, #105308. -- LaMont Jones Wed, 15 Aug 2001 19:28:23 -0600 cupsys (1.1.9-1) unstable; urgency=low * Return of the Maintainer. :-) * New upstream version. * Added dep on adduser (fixed bug #105382). -- Jeff Licquia Mon, 30 Jul 2001 00:28:47 -0500 cupsys (1.1.8-0.1) unstable; urgency=low * Non-maintainer upload. * i think anyone who wants cupsys in woody will be happy by this nmu * New upstream release (Closes: #80895, #100156, #94364) * With the new upstream release the problem with cgi-bin has been fixed (Closes: #96055, #98264, #96530, #96055, #99914, #100707, #103095) * Added cupsys-pstoraster package. * Added the LOGDIR option to install rule (Closes: #94502) * Suggests cupsys-driver-gimpprint | cupsomatic-ppd (Closes: #99146) * Moved to DH_COMPAT=2 * Added a pointer to http://localhost:631/admin to README.Debian (Closes: #97964) * Removed the extra from cupsd.conf (Closes: #96012) * Not installing copyright for libcupsys2-dev, it will have a link pointing to libcupsys2 anyways (Closes: #94504) * Removed maintainer postinst and prerm scripts from cupsys-client and libcupsys2-dev, by purging either of them you would have removed your cups documentation. * added German translation of debconf template to cupsys-bsd by Sebastian Feltel (Closes: #101467, #100901) * changed rm -f to rm -rf from cupsys-bsd prerm, and removed the link handling for /usr/doc, let debhelper worry about that. (Closes: #94539, #100501, #102669) -- Sami Haahtinen Thu, 5 Jul 2001 16:04:42 +0300 cupsys (1.1.6-0.1) unstable; urgency=low * Non-maintainer upload * New upstream release, fixing multiple vulnerabilities (Closes: Bug#88932) * cupsys removes only its own configuration files upon purge (Closes: Bug#84341) * fixed postinst, so it does not fail when the lpadmin group already exists (Closes: Bug#84443) * added a helpful URL to README.Debian (Closes: Bug#63590) * Suggests gtklp | kups | qtcups (Closes: Bug#82974) -- Gergely Nagy <8@free.bsd.hu> Sat, 14 Apr 2001 18:05:23 +0200 cupsys (1.1.4-3) unstable; urgency=low * Fixed PAM module name confusion (closes bugs #76457, #77114). * Fixed broken deps w.r.t. cupsys-client Replacing older cupsys versions (closes bug #75241). * Fixed broken deps surrounding cupsys-dev (closes bug #75242). * My shlibs file was badly broken; it referred to the cupsys package instead of the libcupsys2 package (closes bug #78485). * Fixed problem with upgrading; --oknodo wasn't passed to start-stop-daemon, causing the prerm to fail if cupsd wasn't running (closes bug #70698). -- Jeff Licquia Sun, 3 Dec 2000 22:45:29 -0500 cupsys (1.1.4-2) unstable; urgency=high * Fix misconfiguration in default config; cupsd now refuses connections to printers and printer classes from all hosts except localhost by default. The previous default was to allow all hosts to connect to all printers - not a terribly secure default. :-) -- Jeff Licquia Sat, 18 Nov 2000 00:55:48 -0500 cupsys (1.0.4-8) stable; urgency=high * Security fix: the default configuration now no longer allows people to connect to printers except from localhost. The previous default configuration allowed anyone to connect to any printer from any location; not a smart security move. -- Jeff Licquia Sat, 18 Nov 2000 00:37:06 -0500 cupsys (1.1.4-1) unstable; urgency=low * New upstream version. * Fixed SystemGroup to point to lpadmin again (closes bug #72155). -- Jeff Licquia Sun, 15 Oct 2000 20:36:01 -0500 cupsys (1.1.2-4) unstable; urgency=low * The scheduler will now accept up to 128 characters for a password (closes bug #70946). -- Jeff Licquia Sun, 15 Oct 2000 14:54:31 -0500 cupsys (1.1.2-3) unstable; urgency=low * Re-add ppd directory to build (when did it drop out?) (closes bug #70448). -- Jeff Licquia Mon, 28 Aug 2000 20:14:51 -0500 cupsys (1.1.2-2) unstable; urgency=low * Added debhelper to build deps (closes bug #69677). * Fixed PAM configuration file (closes bug #69787). -- Jeff Licquia Thu, 24 Aug 2000 11:40:56 -0500 cupsys (1.1.2-1) unstable; urgency=low * Another new upstream version. * More build fixes. -- Jeff Licquia Sat, 19 Aug 2000 17:15:34 -0500 cupsys (1.1.1-1) unstable; urgency=low * New upstream version - non-beta this time. * Fixed up build process to reflect upstream changes. * Removed lots of Debian-specific stuff that isn't needed anymore. -- Jeff Licquia Mon, 7 Aug 2000 20:27:29 -0500 cupsys (1.1.0-0b3d1) unstable; urgency=low * New upstream version. * Daemon 'cups-lpd' (new to this version) added to cupsys-bsd, with appropriate update-inetd calls, so cupsys-bsd is now a complete replacement for lpr. -- Jeff Licquia Sun, 14 May 2000 00:08:23 -0500 cupsys (1.0.4-7) frozen unstable; urgency=high * Additional DoS fixes, included in Easy Software Products' patch for the bug below. As these are DoS bugs, I HIGHLY recommend including this in potato. -- Jeff Licquia Sun, 18 Jun 2000 22:39:01 -0500 cupsys (1.0.4-6) frozen unstable; urgency=high * Fixed denial-of-service bug; POSTing non-IPP data would cause the server to crash. Closes bug #65576 (severity: critical). -- Jeff Licquia Tue, 13 Jun 2000 22:04:40 -0500 cupsys (1.0.4-5) frozen unstable; urgency=low * Backported 1.0.5 bugfix: adding a printer would fail if /usr/share/cups were mounted on a different partition than /etc/cups. Closes bug #62267 (severity: grave). -- Jeff Licquia Thu, 13 Apr 2000 23:09:40 -0500 cupsys (1.0.4-4) frozen unstable; urgency=low * Makefile in conf was attempting to remove /etc/printcap during build, and fails to build if this fails (which it will under fakeroot); disabled this. Closes bug #60455 (severity: important). -- Jeff Licquia Wed, 15 Mar 2000 12:34:20 -0600 cupsys (1.0.4-3) frozen unstable; urgency=low * Oops - ppd directory move fails in preinst if /var/lib/cups/ppd is empty. Reported as bug #59993, fixed. * Missed the library Build-Depends. Closes bug #60090. * Postrm during purge now removes /etc/cups properly. * Documentation updates. -- Jeff Licquia Fri, 10 Mar 2000 22:59:07 -0600 cupsys (1.0.4-2) frozen unstable; urgency=low * Fixed documentation corruption in HTML docs (closes bug #59063). * Moved /var/lib/cups/ppd/* config files (printer definitions) to /etc/cups/ppd (closes bug #59263). * Fixed shlibs for libcupsys1 (erroneous information) preventing packages that link to it from depending properly. * Changed default for browsing to Off to keep cupsd from probing the local network continuously (closes bug #59277). -- Jeff Licquia Sat, 4 Mar 2000 18:23:01 -0600 cupsys (1.0.4-1) unstable; urgency=low * New upstream version. * Changed policy version & tweaked for conformance. * Fixed symlinks for cupsys-bsd, including /usr/doc symlinks. * Reverted lp -h hack in favor of upstream fix. -- Jeff Licquia Sun, 9 Jan 2000 23:25:06 -0600 cupsys (1.0.2-2) unstable; urgency=low * Added quick hack to allow for -h option to lp (closes bug #52050). * Set the lpd backend suid after quick audit; it doesn't appear to have any egregious errors (closes part of bug #52381). * Move /var/lib/cups/conf files to /etc/cups, with a symlink in place of the old location (closes bug #52318). * Added "Authentication failed" message when authorizing after the first auth failure (which is likely before the first password request) (closes rest of bug #50264). * Made cupsys-bsd doc dir a symlink to the cupsys doc files, per policy section 6.6 (closes bug #51958). * Symlinked /var/lib/cups/logs to /var/log/cups (closes bug #51957). -- Jeff Licquia Mon, 13 Dec 1999 02:12:40 -0600 cupsys (1.0.2-1) unstable; urgency=low * New upstream version. * Conflict with lprng, since lprng includes some SysV printing commands (closes bug #50539). * Added "cupsenable", "cupsdisable", "cupsaccept", and "cupsreject" commands as part of an ongoing effort to reduce namespace pollution. (addresses part of bug #50661 and #50384) * Set both the default user and group to "lp" (for permissions fixes). * Created "lpadmin" group and set SystemGroup to this. This will fix problems with CUPS not being usable initially. As soon as bug #50620 gets fixed, I'll set up to add root to the group, which will make root able to configure CUPS immediately after installation. -- Jeff Licquia Mon, 29 Nov 1999 00:16:44 -0600 cupsys (1.0.1-3) unstable; urgency=low * Fixed wrong symlinks. (closes bug #50279) * Stopped compression of .pdf files; they didn't gain much, broke the links in the HTML, and generally caused confusion. (closes part of bug #50264) -- Jeff Licquia Mon, 15 Nov 1999 22:28:56 -0600 cupsys (1.0.1-2) unstable; urgency=low * cupsys-bsd should conflict with lpr, not "lpd" (whatever that is) (closes #50047) * Changed priority to "extra". -- Jeff Licquia Fri, 12 Nov 1999 22:24:15 -0600 cupsys (1.0.1-1) unstable; urgency=low * Initial Release. -- Jeff Licquia Sun, 6 Nov 1999 20:58:02 -0500