Packages changed:
  cups
  libcap (2.61 -> 2.62)

=== Details ===

==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2

- Provide /usr/share/cups/ppdc/ in the "cups" main package
  to avoid that "lpinfo -m" results in /var/log/cups/error_log
  things like "ppdc: Unable to find include file font.defs"
  or "ppdc: Unable to find include file hp.h" and then
  "Bad driver information file /usr/share/cups/drv/sample.drv"
  (bsc#1186843)
- When cupsd creates directories with specific owner group
  and permissions (usually owner is 'root' and group matches
  "configure --with-cups-group=lp") specify same owner group and
  permissions in the RPM spec file to ensure those directories
  are installed by RPM with the right settings because if those
  directories were installed by RPM with different settings then
  cupsd would use them as is and not adjust its specific owner
  group and permissions which could lead to privilege escalation
  from 'lp' user to 'root' via symlink attacks e.g. if owner is
  falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- upstream_pull_174.patch is
  https://github.com/OpenPrinting/cups/pull/174
  "Use 60s timeout for read_thread, revert read limits"
  to fix printing with older USB printers
- New upstream URL https://openprinting.github.io/cups
- Disable testsuite for now via "bcond_with testsuite"
  until https://github.com/OpenPrinting/cups/issues/155 is fixed
- Add "testsuite" conditional that disables anything within %check
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
  fixes web UI Kerberos authentication (bsc#1175960)
- Upstream changed to https://github.com/OpenPrinting/cups
- Added %check section to specfile that executes
  the old 'make check' and the new (see 2.3.3op1) 'make test'
- Version upgrade to 2.3.3op2:
  * Security: Fixed a buffer (read) overflow
    in the ippReadIO function (CVE-2020-10001)
  * Clarified the documentation for the "Listen" directive
  * Fixed duplicate ColorModel entries for AirPrint printers
  * Fixed directory/permission defaults for Debian
    kfreebsd-based systems
  * Fixed crash bug in ppdOpen
  * Fixed regression in snprintf emulation function
  * The scheduler's systemd service file now waits
    for the nslcd service to start
  * The libusb-based USB backend now uses a simpler read timer
    implementation to avoid a regression in a previous change
  * The PPD caching code now only tracks the APPrinterIconPath
    value on macOS
  * Fixed segfault in help.cgi when searching in man pages
  * Root certificates were incorrectly stored in "~/.cups/ssl".
  * Version upgrade to 2.3.3op1:
  * The automated test suite can now be activated using make test
    for consistency with other projects and CI environments - the
    old make check continues to work as well, and the previous test
    server behavior can be accessed by running make testserver.
  * ippeveprinter now supports multiple icons and strings files.
  * ippeveprinter now uses the system's FQDN with Avahi.
  * ippeveprinter now supports Get-Printer-Attributes on "/".
  * ippeveprinter now uses a deterministic "printer-uuid" value.
  * ippeveprinter now uses system sounds on macOS
    for Identify-Printer.
  * Updated ippfind to look for files in "~/Desktop" on Windows.
  * Updated ippfind to honor SKIP-XXX directives with PAUSE.
  * Updated IPP Everywhere support to work around printers that only
    advertise color raster support but really also support grayscale
  * ipptool now supports DNS-SD URIs like
    ipps://My%20Printer._ipps._tcp.local
  * The scheduler now allows root backends to have world read
    permissions but not world execute permissions
  * Failures to bind IPv6 listener sockets no longer cause errors
    if IPv6 is disabled on the host
  * The SNMP backend now supports the HP and Ricoh vendor MIBs
  * The scheduler no longer includes a timestamp in files it writes
  * The systemd service names are now "cups.service"
    and "cups-lpd.service"
  * The scheduler no longer adds the local hostname to
    the ServerAlias list
  * Added LogFileGroup directive in "cups-files.conf" to control
    the group owner of log files
  * Added --with-max-log-size configure option
  * Added --enable-sync-on-close configure option
  * Added --with-error-policy configure option
  * IPP Everywhere PPDs could have an "unknown" default InputSlot
  * The httpAddrListen function now uses a listen backlog of 128.
  * Added USB quirks
  * Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
  * Fixed DNS-SD name collision support in ippeveprinter.
  * Fixed compiler and code analyzer warnings.
  * Fixed TLS support on Windows.
  * Fixed ippfind sub-type searches with Avahi.
  * Fixed the default hostname used by ippeveprinter on macOS.
  * Fixed resolution of local IPP-USB printers with Avahi.
  * Fixed coverity issues
  * Fixed httpAddrConnect issues
  * Fixed web interface device URI issue
  * Fixed lp/lpr "printer/class not found" error reporting
  * Fixed xinetd support for LPD clients
  * Fixed libtool build issue
  * Fixed a memory leak in the scheduler
  * Fixed a potential integer overflow in the PPD hashing code
  * Fixed output-bin and print-quality handling issues
  * Fixed PPD options getting mapped to odd IPP values
    like "tray---4"
  * Fixed remote access to the cupsd.conf and log files
  * Fixed the automated test suite when running in certain
    build/CI environments
  * Fixed a logging regression caused by a previous change
    for Apple issue #5604
  * Fixed fax phone number handling with GNOME
  * Fixed potential rounding error in rastertopwg filter
  * Fixed the "uri-security-supported" value from the scheduler
  * Fixed IPP backend crash bug with "printer-alert" values
  * Removed old Solaris inetconv(1m) reference in cups-lpd man page
  * Fixed default options that incorrectly use the "custom" prefix
  * Fixed a memory leak when resolving DNS-SD URIs
  * Fixed systemd status reporting by adopting the notify interface
  * Fixed crash in rastertopwg
  * Fixed cupsManualCopies values in IPP Everywhere PPDs
- Removed let-cupsd-start-after-network.patch
  as it is no longer required
- Removed CVE-2020-10001.patch as a fix as been merged upstream
- Removed section of specfile responsible for
  renaming "org.cups.cups*" systemd files to cups*, due to
  upstream renaming these files
- Remove code comments from expanded scriptlets to reduce size
  cf. https://build.opensuse.org/request/show/879976
- CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
  access to uninitialized buffer in ipp.c
- Version upgrade to 2.3.3:
  * CVE-2020-3898: The 'ppdOpen' function did not handle invalid UI
    constraint.  'ppdcSource::get_resolution' function did not
    handle invalid resolution strings.
  * CVE-2019-8842: The 'ippReadIO' function may under-read an
    extension field.
  * Fixed WARNING_OPTIONS support for GCC 9.x
  Changes in CUPS 2.3.2:
  Localization updates
  Changes in CUPS 2.3.1:
  * CVE-2019-2228: The 'ippSetValuetag' function did not validate
    the default language value.
  * Fixed a crash bug in the web interface.
  * The PPD cache code now looks up page sizes using their
    dimensions.
  * PPD files containing "custom" option keywords did not work.
  * Added a workaround for the scheduler's systemd support.
  * Added a DigestOptions directive for the 'client.conf' file to
    control whether MD5-based Digest authentication is allowed.
  * Fixed a bug in the handling of printer resource files.
  * The libusb-based USB backend now reports an error when the
    distribution permissions are wrong.
  * Added paint can labels to Dymo driver.
  * The 'ippeveprinter' program now supports authentication.
  * The 'ippeveprinter' program now advertises DNS-SD services on
    the correct interfaces, and provides a way to turn them off.
  * The '--with-dbusdir' option was ignored by the configure
    script.
  * Sandboxed applications were not able to get the default
    printer.
  * Log file access controls were not preserved by 'cupsctl'.
  * Default printers set with 'lpoptions' did not work in all
    cases.
  * Fixed an error in the jobs web interface template.
  * Fixed an off-by-one error in 'ippEnumString'.
  * Fixed some new compiler warnings.
  * Fixed a few issues with the Apple Raster support.
  * The IPP backend did not detect all cases where a job should be
    retried using a raster format.
  * Fixed spelling of "fold-accordion".
  * Fixed the default common name for TLS certificates used by
    'ippeveprinter'.
  * Fixed the option names used for IPP Everywhere finishing
    options.
  * Added support for the second roll of the DYMO Twin/DUO label
    printers.
  Changes in CUPS v2.3.0:
  * CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
  * Added a GPL2/LGPL2 exception to the new CUPS license terms.
  * Fixed a bug in the scheduler job cleanup code.
  * Fixed builds when there is no TLS library.
  * "make" failed with GZIP options.
  * Fixed potential excess logging from the scheduler when removing
    job files.
  * Fixed a NULL pointer dereference bug in 'httpGetSubField2'.
  * Added FIPS-140 workarounds for GNU TLS.
  * The scheduler no longer provides a default value for the
    description.
  * The scheduler now logs jobs held for authentication using the
    error level so it is clear what happened.
  * The 'lpadmin' command did not always update the PPD file for
    changes to the 'cupsIPPSupplies' and 'cupsSNMPSupplies' keywords.
  * The scheduler now uses both the group's membership list as well
    as the various OS-specific membership functions to determine
    whether a user belongs to a named group.
  * Added USB quirks rule for HP LaserJet 1015.
  * Fixed some PPD parser issues.
  * The IPP parser no longer allows invalid member attributes in
    collections.
  * The configure script now treats the "wheel" group as a
    potential system group.
  * Fixed IPP buffer overflow.
  * Fixed memory disclosure issue in the scheduler.
  * Fixed DoS issues in the scheduler.
  * Fixed an issue with unsupported "sides" values in the IPP
    backend.
  * The scheduler would restart continuously when idle and printers
    were not shared.
  * Fixed an issue with 'EXPECT !name WITH-VALUE ...' tests.
  * Fixed a command ordering issue in the Zebra ZPL driver.
  * Fixed a memory leak in 'ppdOpen'.
  Changes in CUPS v2.3rc1:
  * The 'cups-config' script no longer adds extra libraries when linking against
    shared libraries.
  * The supplied example print documents have been optimized for
    size.
  * The 'cupsctl' command now prevents setting "cups-files.conf"
    directives.
  * The "forbidden" message in the web interface is now explained.
  * The footer in the web interface covered some content on small
    displays.
  * The libusb-based USB backend now enforces read limits,
    improving print speed in many cases.
  * The 'ippeveprinter' command now looks for print commands in
    the "command" subdirectory.
  * The 'ipptool' command now supports '$date-current' and
    '$date-start' variables to insert the current and starting date
    and time values, as well as ISO-8601 relative time values such
    as "PT30S" for 30 seconds in the future.
  Changes in CUPS v2.3b8
  * Media size matching now uses a tolerance of 0.5mm.
  * The lpadmin command would hang with a bad PPD file.
  * Fixed a potential crash bug in cups-driverd.
  * Fixed a performance regression with large PPDs.
  * Fixed a memory reallocation bug in HTTP header value expansion.
  * Timed out job submission now yields an error.
  * Restored minimal support for the 'Emulators' keyword in PPD
    files to allow old Samsung printer drivers to continue to work.
  * The scheduler did not encode octetString values like
    "job-password" correctly for the print filters.
  * The 'cupsCheckDestSupported' function did not check octetString
    values correctly.
  * Added support for 'UserAgentTokens' directive in "client.conf".
  * Updated the systemd service file for cupsd.
  * The 'ippValidateAttribute' function did not catch all instances
    of invalid UTF-8 strings.
  * Fixed an issue with the self-signed certificates generated by
    GNU TLS.
  * Fixed a potential memory leak when reading at the end of a
    file.
  * Fixed potential unaligned accesses in the string pool.
  * Fixed a potential memory leak when loading a PPD file.
  * Added a USB quirks rule for the Lexmark E120n.
  * Updated the USB quirks rule for Zebra label printers.
  * The lpadmin command, web interface, and scheduler all queried
    an IPP Everywhere printer differently, resulting in different
    PPDs for the same printer.
  * The web interface no longer provides access to the log files.
  * Non-Kerberized printing to Windows via IPP was broken.
  * The scheduler no longer stops a printer if an error occurs when
    a job is canceled or aborted.
  * Added a USB quirks rule for the DYMO 450 Turbo.
  * Added a USB quirks rule for Xerox printers.
  * The scheduler's self-signed certificate did not include all of
    the alternate names for the server when using GNU TLS.
  * Fixed some PPD caching and IPP Everywhere PPD
    accounting/password bugs.
  * Fixed 'PreserveJobHistory' bug with time values.
  * The scheduler no longer advertises the HTTP methods it
    supports.
  * The scheduler did not always idle exit as quickly as it could.
  * Added a new 'ippeveprinter' command based on the old ippserver
    sample code.
  Changes in CUPS v2.3b7
  * Running ppdmerge with the same input and output filenames did
    not work as advertised.
  * Rebase let-cupsd-start-after-network.patch and
    cups-config-libs.patch.
  * Drop issue5509-fix-utf-8-validation-issue.patch and
    issue5453.patch: fixed upstream.
- make cups-devel pull in cups-rpm-helper to fix printer driver
  provides (boo#1172407)
- Fixes for %_libexecdir changing to /usr/libexec
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
  Fixes https://github.com/apple/cups/issues/5509
- Remove libcupscgi1, libcupsmime1, libcupsppdc1 from
  baselibs.conf
- Version upgrade to 2.3b6:
  This is the sixth beta of the CUPS 2.3 series which adopts the
  new CUPS license, adds support for IPP presets and finishing
  templates, and fixes a number of bugs and "polish" issues.
  For details see https://github.com/apple/cups/releases
  or the CHANGES.md file.
  Backward incompatible changes:
  * The cupsaddsmb program has been removed (Issue #5449)
  * The cupstestdsc program has been removed (Issue #5450)
  * The cupscgi, cupsmime, and cupsppdc support libraries
    are no longer installed as shared libraries.
  Changes include:
  * CVE-2018-4700: Linux session cookies used a predictable
    random number seed.
  * The lpoptions command now works with IPP Everywhere printers
    that have not yet been added as local queues (Issue #5045)
  * The lpadmin command would create a non-working printer
    in some error cases (Issue #5305)
  * The scheduler would crash if an empty AccessLog directive
    was specified (Issue #5309)
  * The scheduler did not idle-exit on some
    Linux distributions (Issue #5319)
  * Fixed a regression in the changes to ippValidateAttribute
    (Issue #5322, Issue #5330)
  * Fixed a crash bug in the Epson dot matrix driver (Issue #5323)
  * Automatic debug logging of job errors did not work
    with systemd (Issue #5337)
  * The web interface did not list the
    IPP Everywhere "driver" (Issue #5338)
  * The scheduler did not report all of the supported job options
    and values (Issue #5340)
  * The IPP Everywhere "driver" now properly supports
    face-up printers (Issue #5345)
  * Fixed some typos in the label printer drivers (Issue #5350)
  * Setting the Community name to the empty string in snmp.conf
    now disables SNMP supply level monitoring by all the
    standard network backends (Issue #5354)
  * Multi-file jobs could get stuck if the backend failed
    (Issue #5359, Issue #5413)
  * The IPP Everywhere "driver" no longer does local filtering
    when printing to a shared CUPS printer (Issue #5361)
  * The lpadmin command now correctly reports IPP errors
    when configuring an IPP Everywhere printer (Issue #5370)
  * Fixed some memory leaks discovered by Coverity (Issue #5375)
  * The PPD compiler incorrectly terminated JCL options
    (Issue #5379)
  * The cupstestppd utility did not generate errors for
    missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381)
  * The scheduler now reports the actual location
    of the log file (Issue #5398)
  * The generated PPD files for IPP Everywhere printers
    did not contain the cupsManualCopies keyword (Issue #5433)
  * Kerberos credentials might be truncated (Issue #5435)
  * The handling of MaxJobTime 0 did not match the documentation
    (Issue #5438)
  * Fixed a bug adding a queue with the -E option (Issue #5440)
  * The scheduler did not validate that required initial request
    attributes were in the operation group (rdar://41098178)
  * Fixed an issue with HTTP Digest authentication
    (rdar://41709086)
  * The scheduler could crash when job history was purged
    (rdar://42198057)
  * Fixed a crash bug when mapping PPD duplex options
    to IPP attributes (rdar://46183976)
  * Fixed a memory leak for some IPP (extension) syntaxes.
  * The snmp backend is now deprecated.
- issue5453.patch fixes https://github.com/apple/cups/issues/5453
- Version upgrade to 2.3b5:
  This is the fifth beta of the CUPS 2.3 series which adopts the
  new CUPS license, adds support for IPP presets and finishing
  templates, and fixes a number of bugs and "polish" issues.
  For details see https://github.com/apple/cups/releases
  or the CHANGES.md file.
  Changes include:
  * The ipptool program no longer checks for duplicate attributes
    when running in list or CSV mode (Issue #5278)
  * The cupsCreateJob, cupsPrintFile2, and cupsPrintFiles2 APIs
    did not use the supplied HTTP connection (Issue #5288)
  * Fixed another crash in the scheduler when adding an IPP
    Everywhere printer (Issue #5290)
  * Added a workaround for certain web browsers that
    do not support multiple authentication schemes
    in a single response header (Issue #5289)
  * Fixed policy limits containing the All operation (Issue #5296)
  * The scheduler was always restarted after idle-exit
    with systemd (Issue #5297)
  * The mailto notifier did not wait for the
    welcome message (Issue #5312)
  * Fixed a parsing bug in the pstops filter (Issue #5321)
  * The scheduler allowed environment variables to be specified
    in the cupsd.conf file (rdar://37836779, rdar://37836995,
    rdar://37837252, rdar://37837581)
  * Fax queues did not support pause (p) or
    wait-for-dialtone (w) characters (rdar://39212256)
  * The scheduler did not validate notify-recipient-uri values
    properly (rdar://40068936)
  * The IPP parser allowed invalid group tags (rdar://40442124)
  * Fixed a parsing bug in the new authentication code.
- issue5296_fix_policy_limits_using_All.patch is obsolete
  because it is fixed upstream (see "Issue #5296" above)
- Add patch let-cupsd-start-after-network.patch
  Let cuspd start after possible network connection (boo#1111351)
  This let cupsd also stop before a used network connection goes
  down, hence the cusp does not lock due waiting on remote printers.
- Fix warning message upon update (boo#1050845): Remove template
  service cups-lpd@ from service_* macro in scriptlets.
- issue5296_fix_policy_limits_using_All.patch fixes
  https://github.com/apple/cups/issues/5296
  by only the actually relevant part of
  https://github.com/apple/cups/commit/0873f681e43c04972b3d6bc90bdbdedb29e6e913
  (follow-up of boo#936309 and bsc#577936 starting at comment 13)
- Version upgrade to 2.3b4:
  This is the fourth beta of the CUPS 2.3 series.
  For details see https://github.com/apple/cups/releases
  or the CHANGES.md file.
  Changes include:
  * Additional security fixes for:
    bsc#1061066 DBUS library aborts caller process
    in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
    and
    bsc#1087018 CVE-2017-18248: cups: The add_job function in
    scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
    enabled, can be crashed by remote attackers by sending print
    jobs with an invalid username, related to a D-Bus notification
    which are the CUPS upstream issues
    https://github.com/apple/cups/issues/5143
    Remote DoS attack against cupsd via invalid username
    and malicious D-Bus library
    and
    https://github.com/apple/cups/issues/5186
    squash non-UTF-8 strings into ASCII on plain IPP level
    and
    https://github.com/apple/cups/issues/5229
    persistently substitute invalid job attributes
    with default values - not only in add_job
    see also
    bsc#1087072 dbus-1:
    Disable assertions to prevent un-expected DDoS attacks
  * NOTICE: Raw print queues are now deprecated (Issue #5269)
    so that now there is a warning message when you
    add or modify a queue to use the "raw driver" but
    raw printing will continue to work through CUPS 2.3.x, cf.
    https://lists.cups.org/pipermail/cups/2018-March/074060.html
  * Kerberized printing to another CUPS server did not work
    correctly (Issue #5233)
  * The scheduler now supports using temporary print queues
    for older IPP/1.1 print queues like those shared by CUPS 1.3
    and earlier (Issue #5241)
  * Systemd did not restart cupsd when configuration changes
    were made that required a restart (Issue #5263)
  * Fixed an Avahi crash bug in the scheduler (Issue #5268)
  * TLS connections now properly timeout (rdar://34938533)
  * Removed support for the '-D_PPD_DEPRECATED=""' developer
    cheat - the PPD API should no longer be used.
  * Removed support for '-D_IPP_PRIVATE_STRUCTURES=1' developer
    cheat - the IPP accessor functions should be used instead.
  * The symlink rastertodymo -> rastertolabel
    in /usr/lib/cups/filter is no longer provided.
- Removed fix_filter_Makefile.patch
  because since CUPS 2.3b4 it is fixed in the upstream code via
  https://github.com/apple/cups/issues/5247 more precisely via
  https://github.com/apple/cups/commit/ab89234de2d9bf36bb59f2aa4873d98e95ca4df2
- Version upgrade to 2.3b3:
  This is the third beta of the CUPS 2.3 series.
  For details see https://github.com/apple/cups/releases
  Changes include:
  * More fixes for printing to old CUPS servers (Issue #5211)
  * Additional changes for the scheduler to substitute
    default values for invalid job attributes
    when running in "relaxed conformance" mode
    (Issue #5229 - a follow-up of issues #5186 and #5143)
  A detailed list of changes can be found in the CHANGES.md file.
- fix_filter_Makefile.patch fixes
  https://github.com/apple/cups/issues/5247
- Version upgrade to 2.3b2:
  This is the second beta of the CUPS 2.3 series.
  For details see https://github.com/apple/cups/releases
  Changes include:
  * Printing to old CUPS servers has been fixed (Issue #5211)
  A detailed list of changes can be found in the CHANGES.md file.

==== libcap ====
Version update (2.61 -> 2.62)

- update to 2.62:
  * Bug fix for Go package "cap" and launching
  * Build cleanups
  * Documentation updates: cap_max_bits has a man page entry
  * Recognize default securebits as a libcap mode: HYBRID