Re: cups-filters 1.6.0 released!

To: debian-printing@lists.debian.org
Cc: Till Kamppeter <till.kamppeter@gmail.com>, Debian Security Team <team@security.debian.org>
Subject: Re: cups-filters 1.6.0 released!
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Wed, 20 Jan 2016 08:29:29 +0100
Message-id: <[🔎] 1569316.Bf7PyyiQN9@odyx.org>
In-reply-to: <[🔎] 569DA18A.7010803@gmail.com>
References: <[🔎] 5697182B.4090702@gmail.com> <[🔎] 3012078.Icm1uSyD69@odyx.org> <[🔎] 569DA18A.7010803@gmail.com>

Le mardi, 19 janvier 2016, 00.38:02 Till Kamppeter a écrit :
> On 01/14/2016 10:07 AM, Didier 'OdyX' Raboud wrote:
> > Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit :
> >> Hi,
> >> 
> >> I have released cups-filters 1.6.0 now, with the following changes:
> >> (…)
> >> 	- foomatic-rip: Fixed buffer overflow when reading environment
> >> 	  variables CUPS_FONTPATH, CUPS_DATADIR, and GS_LIB (Bug
> >> 	  #1336).
> > 
> > Is this of any security-related concern?
> 
> Yes, but it did not get a CVE.

Security-Team: an opinion there?
> > * files in backend/ say that they inherit from dnssd.c, and their
> >   licence says:
> >> * Copyright 2008-2015 by Apple Inc.
> >> *
> >> * These coded instructions, statements, and computer programs are
> >> the
> >> * property of Apple Inc. and are protected by Federal copyright
> >> * law.  Distribution and use rights are outlined in the file
> >> * "LICENSE.txt" "LICENSE" which should have been included with this
> >> * file.  If this file is missing or damaged, see the license at
> >> * "http://www.cups.org/";.
> >> *
> >> * This file is subject to the Apple OS-Developed Software
> >> exception.
> > 
> > There's no "LICENSE{,.txt}" file in the cups-filters source package,
> > letting us up to guesses.
> 
> This is the LICENSE.txt file of CUPS. I will look into whether I can
> copy it (or the relevant parts) into the COPYING file of cups-filters
> and modify the copyright headers appropriately.

That'd be good, thanks.

> Please tell me if there are more files not served by the COPYING file.
> > Could you please clean this up in the next cups-filters release? The
> > ideal way would be for you (as upstream) to adopt the CF-1.0 format
> > [CF1] for upstream's COPYING file.
> > 
> > [CF1]
> > https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
> Will look into this.
> 
> Is this the format used by Debian packages, will this simply allow to
> copy COPYING to debian/copyright?

It's a format accepted in Debian packages, so yes, it would simply allow 
to be pasted thre.

-- 
Cheers,
    OdyX

Reply to:

References:
- cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>
- Re: cups-filters 1.6.0 released!
  - From: Didier 'OdyX' Raboud <odyx@debian.org>
- Re: cups-filters 1.6.0 released!
  - From: Till Kamppeter <till.kamppeter@gmail.com>

Prev by Date: Re: cups-filters 1.6.0 released!
Next by Date: Re: cups-filters 1.7.0 released!
Previous by thread: Re: cups-filters 1.6.0 released!
Next by thread: Processing of cups-filters_1.6.0-1_source.changes
Index(es):
- Date
- Thread