universal: Enableapplication/vnd.cups-postscriptas input There are filters which produce this MIME type (such ashppsof HPLIP), and if someone uses such driver on a client and the server has an IPP Everywhere/driverless printer, the job fails (Pull request #534).
-
beh backend: Use
execv()instead ofsystem()- CVE-2023-24805 Withexecv()command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. -
beh backend: Extra checks against odd/forged input - CVE-2023-24805
-
Do not allow
/in the scheme of the URI (= backend executable name), to assure that only backends inside/usr/lib/cups/backend/are used. -
Pre-define scheme buffer to empty string, to be defined for case of URI being NULL.
-
URI must have
:, to split off scheme, otherwise error. -
Check return value of
snprintf()to create call path for backend, to error out on truncation of a too long scheme or on complete failure due to a completely odd scheme.
-
-
beh backend: Further improvements - CVE-2023-24805
-
Use
strncat()instead ofstrncpy()for getting scheme from URI, the latter does not require setting terminating zero byte in case of truncation. -
Also exclude
.or..as scheme, as directories are not valid CUPS backends. -
Do not use
fprintf()insigterm_handler(), to not interfere with afprintf()which could be running in the main process whensigterm_handler()is triggered. -
Use
static volatile intfor global variable job_canceled.
-
-
parallelbackend: Added missing#includelines
-
foomatic-rip: Fix a SIGPIPE error when calling gs (Pull request #517) Ubuntu's autopkgtest for foo2zjs shows foo2zjs's testsuite failing with cups-filters 2.0beta3 on ppc64el. This is cause by a timing issue in foomatic-rip which is fixed now.
-
Coverity check done by Zdenek Dohnal for the inclusion of cups-filters in Fedora and Red Hat. Zdenek has fixed all the issues: Missing
free(), files not closed, potential string overflows, ... Thanks a lot! (Pull request #510). -
Dropped all C++ references and obsolete C standards (Pull requests #504 and #513) With no C++ compiler needed, there is no need for any checks or setting for C++ in configure.ac.
-
configure.ac: Change deprecated AC_PROG_LIBTOOL for LT_INIT (Pull request #508)
-
texttopdf: Do not include fontconfig.h in the CUPS filter wrapper
-
Build system: Do not explicitly check for libpoppler-cpp The cups-filters package does not contain any code using libpoppler-cpp, therefore we let ./configure not check for it.
-
COPYING, NOTICE: Simplification for autotools-generated files autotools-generated files can be included under the license of the upstream code, and FSF copyright added to upstream copyright list. Simplified COPYING appropriately.
-
Makefile.am: Include LICENSE in distribution tarball
-
Add templates for issue reports on GitHub. This makes a selection screen appear when clicking "New Issue" in the web UI, to selct whether the issue is a regular bug, a feature request, or a security vulnerability.
-
Corrected installation path for *.h files of *.drv files. The ppdc (and underlying functions) of libppd searches for include files in /usr/share/ppdc and not in /usr/share/cups/ppdc any more.
-
configure.ac: Remove unnecessary "AVAHI_GLIB_..." definitions.
-
Makefile.am: Include NOTICE in distribution tarball
-
configure.ac: Added "foreign" to to AM_INIT_AUTOMAKE() call. Makes automake not require a file named README.
-
Cleaned up .gitignore
-
Tons of fixes in the source code documentation: README.md, INSTALL, DEVELOPING.md, CONTRIBUTING.md, COPYING, NOTICE, ... Adapted to the cups-filters component, added links.
-
Converted nearly all filters to filter functions, only exceptions are
rastertoescpx,rastertopclx,commandtoescpx,commandtopclx, andfoomatic-rip. The latter is deeply involved with Foomatic PPDs and the others are legacy printer drivers. The filter functions are mainly in libcupsfilters, the ones which generate PostScript are in libppd. -
Replaced all the filters converted to filter functions by simple wrapper executables using
ppdFilterCUPSWrapper()of libppd for backward compatibility with CUPS 2.x. -
Added new streaming mode triggered by the boolean "filter-streaming-mode" option. In this mode a filter (function) is supposed to avoid everything which prevents the job data from streaming, as loading the whole job (or good part of it) into a temporary file or into memory, interpreting PDF, pre-checking input file type or zero-page jobs, ... This is mainly to be used by Printer Applications when they do raster printing in streaming mode, to run with lowest resources possible. Currently
foomatic-rip,ghostscript, andpdftopdfgot a streaming mode. For the former two PostScript (not PDF) is assumed as input and no zero-page-job check is done, in the latter all QPDF processing (page management, page size adjustment, ...) is skipped and only JCL according to the PPD added. -
The CUPS filter
imagetopsuses theppdFilterImageToPS()filter function of libppd now. -
driverless,driverless-fax: Added IPP Fax Out support. Now printer setup tools list an additional fax "driver". A fax queue is created by selecting this driver. Jobs have to be sent with "-o phone=12345" to supply the destination phone number (Pull request #280, #293, #296, #302, #304, #305, #306, #309, Issue #298, #308). -
sys5ippprinter: Removedsys5ippprinter, as CUPS does not support System V interface scripts any more. This first approach of PPD-less printing was also not actually made use of. -
urftopdf: Removed as we require CUPS 2.2.2+ now which supports Apple Raster by itself. -
Build system,
README.md: Require CUPS 2.2.2+. Removed now unneeded./configureswitches for use of theurftopdffilter for old CUPS versions. -
Sample PPDs: Renamed source directory from
ppd/toppdfiles/. -
Build system: Remove '-D_PPD_DEPRECATED=""' from the compiling command lines of the source files which use libcups. The flag is not supported any more for longer times already and all the PPD-related functions deprecated by CUPS have moved into libppd now.
-
Build system: Add files in
.gitignorethat are generated by "autogen.sh", "configure", and "make" (Pull request #336).