Re: cups-filters 1.6.0 released!

To: Didier 'OdyX' Raboud <odyx@debian.org>, debian-printing@lists.debian.org
Cc: Debian Security Team <team@security.debian.org>
Subject: Re: cups-filters 1.6.0 released!
From: Till Kamppeter <till.kamppeter@gmail.com>
Date: Tue, 19 Jan 2016 00:38:02 -0200
Message-id: <[🔎] 569DA18A.7010803@gmail.com>
In-reply-to: <[🔎] 3012078.Icm1uSyD69@odyx.org>
References: <[🔎] 5697182B.4090702@gmail.com> <[🔎] 3012078.Icm1uSyD69@odyx.org>

On 01/14/2016 10:07 AM, Didier 'OdyX' Raboud wrote:

Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit :

Hi,

I have released cups-filters 1.6.0 now, with the following changes:

	- cups-browsed: Fixed use of CUPS domain socket, both
	  detection during build process and permission check at
	  runtime.
	- foomatic-rip: Fixed buffer overflow when reading environment
	  variables CUPS_FONTPATH, CUPS_DATADIR, and GS_LIB (Bug
	  #1336).


Is this of any security-related concern?


Yes, but it did not get a CVE.

I would appreciate if you could upload it to Debian soon so that it
syncs into Ubuntu, as it is needed for further development work on
Ubuntu Mobile. This release contains an important fix for cups-browsed
to work correctly in environments where CUPS runs on-demand.


I have uploaded 1.6.0-1 to unstable. As there were several new files, I
have _tried_ to update debian/copyright, trying to recollate information
from COPYING, previous debian/copyright, etc.

There are several problems, which should really be fixed upstream:

* files in backend/ say that they inherit from dnssd.c, and their
licence says:

* Copyright 2008-2015 by Apple Inc.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
* law.  Distribution and use rights are outlined in the file
* "LICENSE.txt" "LICENSE" which should have been included with this
* file.  If this file is missing or damaged, see the license at
* "http://www.cups.org/";.
*
* This file is subject to the Apple OS-Developed Software exception.


There's no "LICENSE{,.txt}" file in the cups-filters source package,
letting us up to guesses.

This is the LICENSE.txt file of CUPS. I will look into whether I cancopy it (or the relevant parts) into the COPYING file of cups-filtersand modify the copyright headers appropriately.

In general, as you can see from the debian/copyright file, there is
quite a mess of various licenses, and it seems that the COPYING file
from the source package is outdated.

I have recently added some "forgotten" files to COPYING. Probably onlybeh is missing now. I will update this. The Braille stuff is already in.


This will make up upstream 1.7.1 (as this does not add features).

Please tell me if there are more files not served by the COPYING file.

Could you please clean this up in the next cups-filters release? The
ideal way would be for you (as upstream) to adopt the CF-1.0 format
[CF1] for upstream's COPYING file.

[CF1] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/


Will look into this.

Is this the format used by Debian packages, will this simply allow tocopy COPYING to debian/copyright?


   Till

Reply to:

Follow-Ups:
- Re: cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>
- Re: cups-filters 1.6.0 released!
  - From: Didier 'OdyX' Raboud <odyx@debian.org>

References:
- cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>
- Re: cups-filters 1.6.0 released!
  - From: Didier 'OdyX' Raboud <odyx@debian.org>

Prev by Date: Re: cups-filters 1.7.0 released!
Next by Date: Re: cups-filters 1.6.0 released!
Previous by thread: Re: cups-filters 1.6.0 released!
Next by thread: Re: cups-filters 1.6.0 released!
Index(es):
- Date
- Thread