This release fix some old bugs (see release note for more informations
about this) and take care of some small overfull hbox that was
present in some particular combination of options and packages.
In particular it fixes an annoying unbalanced brace that could cause some
troubles.
Internal change: the main support for French is now in file
french.ldf; portemanteau files frenchb.ldf, francais.ldf,
acadian.ldf, canadien.ldf have been added.
This change is meant for Babel's future releases, but frenchb
v3.3b still works with current Babel (v3.12).
Recommended options to use with Babel are *french* or *acadian*
(for Canadian French currently identical to French), all others
are *deprecated*.
* New options are implemented:
* --cleanup, for general cleanup operation
* --dump-data, for dumping font database to file
* Better support for win32: avoid dangling NTFS symlink for
--link-texmf.
* Database fix and additions.
CHANGES IN V1.16.1
- cups-browsed: Make timeouts for HTTP access to the local
CUPS daemon and remote IPP printers configurable. Thanks to
Cedric Dufour (cedric dot dufour at idiap dot ch) for the
patch (Bug #1387, Debian bug #852436).
- texttopdf: Allow bold and underline formatting to be used
together when using "prettyprint". Thanks to Michael Moran
(vampm at comcast dot net) for the patch.
- texttopdf: Allow to alter margins, and chars/lines per Inch
when using "prettyprint". Thanks to Michael Moran (vampm at
comcast dot net) for the patch.
- texttopdf: When "prettyprint" is used, do not drop out of
C/shell comment mode too early. Thanks to Michael Moran
(vampm at comcast dot net) for the patch.
- cups-browsed: Additional NULL checks for description and
location.
- cups-browsed: Fixed crash which happens when using
BrowsePoll (Debian bug #723835).
CHANGES IN V1.16.0
- cups-browsed: Let elements in arrays get stacked up in the
order they are added, before, they were in the order how
they are positioned in memory. This especially led to a
random order of printer cluster definitions and of
command-line-supplied configuration options.
- cups-browsed: On shutdown not all locally created queues got
deleted.
- cups-browsed: Added support for manual definition of
load-balancing printer clusters via the "Cluster" directive
in cups-browsed.conf.
CHANGES IN V1.15.0
- cups-browsed: Removed the function to compare printer entries
for sorting the printer entry list. This led to corruption
of the list and so to crashes.
- cups-browsed: Fixed crashes when many printers (especially
all printers of a load-balanced cluster) are removed at once.
- cups-browsed: Log the full list of handled remote printers
whenever one is added or removed.
- cups-browsed: Renamed the handle_cups_queues() function to
update_cups_queues() to better reflect what it is doing.
- cups-browsed: When clustering remote CUPS printers together
do not call them duplicates but slaves asigned to a master.
- cups-browsed: Log the error if the network interface name of
a DNS-SD event could not be determined.
- cups-browsed: Simplified printer entry removal procedure.
- cups-browsed: Log memeber printer list of a printer cluster
(implicit class) when a member printer is added or removed.
- cups-browsed: Removed superfluous (and not correctly
working) duplicate counter from the remote printer entry
data structure.
- cups-browsed: Add "AutoClustering" directive to
cups-browsed.conf to turn on and off automatically
clustering equally named local print queues which point to
remote CUPS printers. When automatic clustering is turned
off, queue name clashes are prevented by adding "@<server
name>" to local queue names based on the remote queue name
or on make and model.
- cups-browsed: Skip callback functions and the CUPS queue
creation/update/removal loop when cups-browsed is terminated
by a SIGTERM signal. This avoids hanging on shutdown. Thanks
to Edgar Fuss (ef at math dot uni-bonn dot de, Bug #1402).
- libcupsfilters: Added some fallbacks for incorrect
resolution IPP attributes on IPP network printers (Debian
bug #868360).
- pdftoopvp: Added missing "#include <math.h>" needed for
cross-compiling for arm-v7a-linux-gnueabi (Bug #1232).
- cups-browsed: Prevent the creation of two remote printer
entries for two IPP network printers or an IPP network
printer and a remote CUPS printer with the same local queue
name. This could easily happen with make/model-based naming.
- cups-browsed: Added the possibility to optionally not
create local queues for remote printers for which CUPS
(from 2.2.x on) auto-creates queues by itself (DNS-SD
advertised driverless printers).
- cups-browsed: Removed repeated code for clean-up when
generate_local_queue() function fails.
- cups-browsed: Take care of CUPS' temporary queues. Do not
consider them when checking whether a queue with the same
name as the one we are creating already exists and make
temporary queues permanent (or remove them) before
overwriting them with our local queue.
- cups-browsed: Make the naming scheme for locally created
print queue configurable, especially allow for naming based
on the DNS-SD service name (now default) as this is the same
scheme as CUPS uses for its temporary queues. This way we
prevent CUPS creating temporary queues when cups-browsed is
already creating a queue.
- cups-browsed: Do not add "APRemoteQueueID" keyword to the
local queue's PPD file if the queue is for an IPP network
printer.
- cups-browsed: Skip multiple browse entries for the same
printer with interface alias addresses. Thanks to Edgar
Fuss (ef at math dot uni-bonn dot de, Bug #1399).
- cups-browsed: Improved support for Description (Info) and
Location fields of remote CUPS queues. Thanks to Edgar Fuss
(ef at math dot uni-bonn dot de, Bug #1398).
- cups-browsed: Renamed variable names for better code
readability. Thanks to Edgar Fuss (ef at math dot uni-bonn
dot de, Bug #1398).
- cups-browsed: Additional NULL checks in the
create_local_queue() function. Thanks to Edgar Fuss (ef at
math dot uni-bonn dot de, Bug #1398).
CHANGES IN V1.14.1
- cups-browsed: Do correct removal of printer entry handling
duplicates correctly also when a legacy CUPS-broadcasted
printer disappears or a printer remaining from the last
session does not appear again.
- cups-browsed: Use getline() instead of fgets() to read saved
option settings. This is less crash-prone (Ubuntu bug
#1658833).
- cups-browsed: Improved error logging when saving option
settings.
- cups-browsed: Added NULL checks for generate_local_queue()
and create_local_queue() functions.
- cups-browsed: When accessing local CUPS queues use always
the correct port of the CUPS daemon we are attached to.
- cups-browsed: Check whether a connection to the local CUPS
daemon actually happened before using it (Ubuntu bug
#1644049).
- cups-browsed: Set unused fields of printer record to NULL
when tranfering data from the record of a duplicate printer
to the record of a disappeared one.
- cups-browsed: Simplify removal of all queues on shutdown or
stop of Avahi.
- cups-browsed: When creating a record for a discovered
printer set it all zero before filling it in, to assure
that no field is in an undefined state.
- cups-browsed: All functions which are called via Glib
functions or otherwise event-triggered log now in which
thread they are running. This way one can see whether
problems can be caused by concurrent access to global
resources.
- cups-browsed: Do not check whether the DNS-SD event is from
the local machine in the browse_callback() function. We
cannot check the port here.
- cups-browsed: Added more NULL checks to Avahi callback
functions.
- cups-browsed: Added NULL check to avoid crashes in the Avahi
resolver callback (Ubuntu bug #1696967).
- libcupsfilters: Let PPD generator do case-insensitive
comparisons for PWG Raster color spaces, as some printers
(Epson) do not use the standard-conforming all-lowercase
form for them (CUPS Issue #4998).
---- Version 8.13.12 - 2017-07-03 ----
Fix bad height of SVG images when lyrics under the staff
(reported by Manavasu)
Don't display ottava decorations on secondary voices
(reported by Willem Vree)
Fix loss of measure bar when followed by %%score and voice absent
(reported by Simon Wascher)
HPLIP 3.17.7 - This release has the following changes:
Added Support for the Following New Printers:
- HP DeskJet Ink Advantage 2635 All-in-One
- HP DeskJet Ink Advantage 2636 All-in-One
- HP DeskJet Ink Advantage 2675 All-in-One
- HP DeskJet Ink Advantage 2676 All-in-One
- HP DeskJet Ink Advantage 2677 All-in-One
- HP DeskJet Ink Advantage 2678 All-in-One
- HP DeskJet 2620 All-in-One
- HP DeskJet 2621 All-in-One
- HP DeskJet 2622 All-in-One
- HP DeskJet 2623 All-in-One
- HP DeskJet Ink Advantage 2200 All-in-One
- HP DeskJet 3722 All-in-One
- HP DeskJet Ink Advanatge 3789 All-in-One
- HP DeskJet Ink Advanatge 3790 All-in-One
Other Requirement:
1. 43180 - Re-implementation of "hpps" filter in C
2.7 (2016-12-08)
* New option (--nouri-encode) to prevent URL encoding of URLs. Avoids
breaking display of URLS which contain non-ASCII.
* Misc bug fixes
2.6 (2016-09-10)
* Improved tool mode bibtex output. This has some normalisation
consequences for YEAR and custom fields. See PDF doc.
* Support for new \ifuniquebaretitle test
* Sourcemaps can now be restricted to particular refsections
* Perl 5.24 is now required due to use of postfix deref notation
* Removed RIS input driver due to lack of use
* Added extended name format - see documentation
* Added notfield function to sourcemaps - see documentation
2.5 (2016-05-10)
* Added data annotations feature - see biblatex documentation.
* Removed the "latinkeys.txt" Unicode::Collate table. This is now
pointless because the compiled 'allkeys.txt' is faster and complete.
* Incompatible biblatex/biber version is now a fatal error.
* Significant performance improvements, particularly in sorting
subsystem.
* Addition of new bblXML output format and associated RelaxNG XML
schema based on active datamodel.
* Integration with new biblatex 3.4 labelprefix name change and
refcontext option.
* Integration with new biblatex 3.4 \DeclareDatafieldSet
functionality.
* Improved sourcemap looping functionality
This has not been accepted upstream in various previous tries, but is
deemed useful functionality anyway.
Bump PKGREVISION.
While here, revert undiscussed mit-krb5 dependency. Should be optional,
and should have bumped PKGREVISION.
Upstream NEWS (some points summarized):
* Changes from 5.2.12
1) Critical bugfix
* Correct mis-defined paper type that collided with standard
A4 paper. This resulted in some Canon and PCL printers
mishandling A4 paper.
2) Added support for the following Epson inkjet printers:
EPSON Artisan 1430
EPSON L210
3) Improvements to the dye-sublimation driver:
* Code optimizations in the dye-sublimation driver, resulting
in a significant (2x-2.7x) boost in performance.
* Added support for the following thermal printer:
Mitsubishi P93DW
* Enhanced support (and bugfixes) for several printers (Canon,
Fujifilm, Kodak, Mitsubishi)
4) Improvements to the Gimp plugin
* Compilation fixes when CUPS is not enabled
* Fix non-interactive plugin mode
5) Changes to the Canon driver:
* Added support for many printer models.
* Corrected black-only and color-only cartridge support for MP230
series
* Improved printer firmware papersize detection when using
automatic paper source selection (Autofeed), by changing paper
width from calculated to a constant value for paper sizes known
to the driver.
* Added several resolution modes for Pro9500
6) Added the Datamax-O'Neil H class series of printers.
7) Added the two Honeywell printers, RP2 (SAV2) and RP4 (SAV4).
From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 6 Jul 2017 20:02:00 +0200
Subject: [PATCH] comics: Remove support for tar and tar-like commands
When handling tar files, or using a command with tar-compatible syntax,
to open comic-book archives, both the archive name (the name of the
comics file) and the filename (the name of a page within the archive)
are quoted to not be interpreted by the shell.
But the filename is completely with the attacker's control and can start
with "--" which leads to tar interpreting it as a command line flag.
This can be exploited by creating a CBT file (a tar archive with the
.cbt suffix) with an embedded file named something like this:
"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
CBT files are infinitely rare (CBZ is usually used for DRM-free
commercial releases, CBR for those from more dubious provenance), so
removing support is the easiest way to avoid the bug triggering. All
this code was rewritten in the development release for GNOME 3.26 to not
shell out to any command, closing off this particular attack vector.
This also removes the ability to use libarchive's bsdtar-compatible
binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
are already supported by unzip and 7zip respectively. libarchive's RAR
support is limited, so unrar is a requirement anyway.
Discovered by Felix Wilhelm from the Google Security Team.
https://bugzilla.gnome.org/show_bug.cgi?id=784630
Bump PKGREVISION
