Re: cups-filters 1.6.0 released!

To: debian-printing@lists.debian.org, Till Kamppeter <till.kamppeter@gmail.com>
Cc: Debian Security Team <team@security.debian.org>
Subject: Re: cups-filters 1.6.0 released!
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Thu, 14 Jan 2016 13:07:53 +0100
Message-id: <[🔎] 3012078.Icm1uSyD69@odyx.org>
In-reply-to: <[🔎] 5697182B.4090702@gmail.com>
References: <[🔎] 5697182B.4090702@gmail.com>

Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit :
> Hi,
> 
> I have released cups-filters 1.6.0 now, with the following changes:
> 
> 	- cups-browsed: Fixed use of CUPS domain socket, both
> 	  detection during build process and permission check at
> 	  runtime.
> 	- foomatic-rip: Fixed buffer overflow when reading environment
> 	  variables CUPS_FONTPATH, CUPS_DATADIR, and GS_LIB (Bug
> 	  #1336).

Is this of any security-related concern?

> I would appreciate if you could upload it to Debian soon so that it
> syncs into Ubuntu, as it is needed for further development work on
> Ubuntu Mobile. This release contains an important fix for cups-browsed
> to work correctly in environments where CUPS runs on-demand.

I have uploaded 1.6.0-1 to unstable. As there were several new files, I 
have _tried_ to update debian/copyright, trying to recollate information 
from COPYING, previous debian/copyright, etc.

There are several problems, which should really be fixed upstream:

* files in backend/ say that they inherit from dnssd.c, and their 
licence says:

> * Copyright 2008-2015 by Apple Inc.
> *
> * These coded instructions, statements, and computer programs are the
> * property of Apple Inc. and are protected by Federal copyright
> * law.  Distribution and use rights are outlined in the file
> * "LICENSE.txt" "LICENSE" which should have been included with this
> * file.  If this file is missing or damaged, see the license at
> * "http://www.cups.org/";.
> *
> * This file is subject to the Apple OS-Developed Software exception.

There's no "LICENSE{,.txt}" file in the cups-filters source package, 
letting us up to guesses.

In general, as you can see from the debian/copyright file, there is 
quite a mess of various licenses, and it seems that the COPYING file 
from the source package is outdated.

Could you please clean this up in the next cups-filters release? The 
ideal way would be for you (as upstream) to adopt the CF-1.0 format 
[CF1] for upstream's COPYING file.

[CF1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

-- 
Cheers,
    OdyX

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>

References:
- cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>

Prev by Date: failed kfreebsd-amd64 build of hplip 3.15.11+repack0-1
Next by Date: Processing of cups-filters_1.6.0-1_source.changes
Previous by thread: cups-filters 1.6.0 released!
Next by thread: Re: cups-filters 1.6.0 released!
Index(es):
- Date
- Thread