Skip to content

@salgernon salgernon released this Apr 27, 2020

CHANGES - 2.3.3 - 2020-04-24

Changes in CUPS v2.3.3

  • CVE-2020-3898: The ppdOpen function did not handle invalid UI
    constraint. ppdcSource::get_resolution function did not handle
    invalid resolution strings.
  • CVE-2019-8842: The ippReadIO function may under-read an extension

Changes in CUPS v2.3.2 (never tagged)

  • Localization updates.
Assets 4

@michaelrsweet michaelrsweet released this Dec 13, 2019 · 8 commits to master since this release

CUPS 2.3.1 is a general bug fix release, including a fix for CVE-2019-2228. Changes include:

  • Documentation updates (Issue #5661, #5674, #5682)
  • CVE-2019-2228: The ippSetValuetag function did not validate the default
    language value.
  • Fixed a crash bug in the web interface (Issue #5621)
  • The PPD cache code now looks up page sizes using their dimensions
    (Issue #5633)
  • PPD files containing "custom" option keywords did not work (Issue #5639)
  • Added a workaround for the scheduler's systemd support (Issue #5640)
  • On Windows, TLS certificates generated on February 29 would likely fail
    (Issue #5643)
  • Added a DigestOptions directive for the client.conf file to control whether
    MD5-based Digest authentication is allowed (Issue #5647)
  • Fixed a bug in the handling of printer resource files (Issue #5652)
  • The libusb-based USB backend now reports an error when the distribution
    permissions are wrong (Issue #5658)
  • Added paint can labels to Dymo driver (Issue #5662)
  • The ippeveprinter program now supports authentication (Issue #5665)
  • The ippeveprinter program now advertises DNS-SD services on the correct
    interfaces, and provides a way to turn them off (Issue #5666)
  • The --with-dbusdir option was ignored by the configure script (Issue #5671)
  • Sandboxed applications were not able to get the default printer (Issue #5676)
  • Log file access controls were not preserved by cupsctl (Issue #5677)
  • Default printers set with lpoptions did not work in all cases (Issue #5681,
    Issue #5683, Issue #5684)
  • Fixed an error in the jobs web interface template (Issue #5694)
  • Fixed an off-by-one error in ippEnumString (Issue #5695)
  • Fixed some new compiler warnings (Issue #5700)
  • Fixed a few issues with the Apple Raster support (rdar://55301114)
  • The IPP backend did not detect all cases where a job should be retried using
    a raster format (rdar://56021091)
  • Fixed spelling of "fold-accordion".
  • Fixed the default common name for TLS certificates used by ippeveprinter.
  • Fixed the option names used for IPP Everywhere finishing options.
  • Added support for the second roll of the DYMO Twin/DUO label printers.

Enjoy!

Assets 4

@michaelrsweet michaelrsweet released this Dec 13, 2019 · 801 commits to master since this release

CUPS 2.2.13 is the last general bug fix release in the 2.2.x series and includes
a fix for CVE-2019-2228. Changes include:

  • CVE-2019-2228: The ippSetValuetag function did not validate the default
    language value.
  • Added a workaround for the scheduler's systemd support (Issue #5640)
  • Fixed spelling of "fold-accordion".
  • Fixed the default common name for TLS certificates used by ippserver.
  • The libusb-based USB backend now reports an error when the distribution
    permissions are wrong (Issue #5658)
  • Default printers set with lpoptions did not work in all cases (Issue #5681,
    Issue #5683, Issue #5684)
  • Fixed an off-by-one error in ippEnumString (Issue #5695)
  • Fixed some new compiler warnings (Issue #5700)
  • Fixed a few issues with the Apple Raster support (rdar://55301114)
  • The IPP backend did not detect all cases where a job should be retried using
    a raster format (rdar://56021091)

Enjoy!

Assets 4

@michaelrsweet michaelrsweet released this Aug 23, 2019 · 73 commits to master since this release

CUPS 2.3.0 is now available for download, which adopts the new CUPS license, adds support for IPP presets and finishing templates, fixes a number of bugs and "polish" issues, and includes the new ippeveprinter utility. Changes include:

  • CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
  • Added a GPL2/LGPL2 exception to the new CUPS license terms.
  • Documentation updates (Issue #5604)
  • Localization updates (Issue #5637)
  • Fixed a bug in the scheduler job cleanup code (Issue #5588)
  • Fixed builds when there is no TLS library (Issue #5590)
  • Eliminated some new GCC compiler warnings (Issue #5591)
  • Removed dead code from the scheduler (Issue #5593)
  • "make" failed with GZIP options (Issue #5595)
  • Fixed potential excess logging from the scheduler when removing job files
    (Issue #5597)
  • Fixed a NULL pointer dereference bug in httpGetSubField2 (Issue #5598)
  • Added FIPS-140 workarounds for GNU TLS (Issue #5601, Issue #5622)
  • The scheduler no longer provides a default value for the description
    (Issue #5603)
  • The scheduler now logs jobs held for authentication using the error level so
    it is clear what happened (Issue #5604)
  • The lpadmin command did not always update the PPD file for changes to the
    cupsIPPSupplies and cupsSNMPSupplies keywords (Issue #5610)
  • The scheduler now uses both the group's membership list as well as the
    various OS-specific membership functions to determine whether a user belongs
    to a named group (Issue #5613)
  • Added USB quirks rule for HP LaserJet 1015 (Issue #5617)
  • Fixed some PPD parser issues (Issue #5623, Issue #5624)
  • The IPP parser no longer allows invalid member attributes in collections
    (Issue #5630)
  • The configure script now treats the "wheel" group as a potential system
    group (Issue #5638)
  • Fixed a USB printing issue on macOS (rdar://31433931)
  • Fixed IPP buffer overflow (rdar://50035411)
  • Fixed memory disclosure issue in the scheduler (rdar://51373853)
  • Fixed DoS issues in the scheduler (rdar://51373929)
  • Fixed an issue with unsupported "sides" values in the IPP backend
    (rdar://51775322)
  • The scheduler would restart continuously when idle and printers were not
    shared (rdar://52561199)
  • Fixed an issue with EXPECT !name WITH-VALUE ... tests.
  • Fixed a command ordering issue in the Zebra ZPL driver.
  • Fixed a memory leak in ppdOpen.

Enjoy!

Assets 4

@michaelrsweet michaelrsweet released this Aug 15, 2019 · 801 commits to master since this release

CUPS 2.2.12 is now available and includes security, compatibility, and general bug fixes. Changes include:

  • CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
  • The cupsctl command now prevents setting "cups-files.conf" directives
    (Issue #5530)
  • Updated the systemd service file for cupsd (Issue #5551)
  • The cupsCheckDestSupported function did not check octetString values
    correctly (Issue #5557)
  • The scheduler did not encode octetString values like "job-password" correctly
    for the print filters (Issue #5558)
  • Restored minimal support for the Emulators keyword in PPD files to allow
    old Samsung printer drivers to continue to work (Issue #5562)
  • Timed out job submission now yields an error (Issue #5570)
  • The footer in the web interface covered some content on small displays
    (Issue #5574)
  • The libusb-based USB backend now enforces read limits, improving print speed
    in many cases (Issue #5583)
  • Fixed some compatibility issues with old releases of CUPS (Issue #5587)
  • Fixed a bug in the scheduler job cleanup code (Issue #5588)
  • "make" failed with GZIP options (Issue #5595)
  • Added FIPS-140 workarounds for GNU TLS (Issue #5601, Issue #5622)
  • The scheduler no longer provides a default value for the description
    (Issue #5603)
  • The lpadmin command did not always update the PPD file for changes to the
    cupsIPPSupplies and cupsSNMPSupplies keywords (Issue #5610)
  • The scheduler now uses both the group's membership list as well as the
    various OS-specific membership functions to determine whether a user belongs
    to a named group (Issue #5613)
  • Added USB quirks rule for HP LaserJet 1015 (Issue #5617)
  • Fixed some PPD parser issues (Issue #5623, Issue #5624)
  • The IPP parser no longer allows invalid member attributes in collections
    (Issue #5630)
  • Fixed IPP buffer overflow (rdar://50035411)
  • Fixed memory disclosure issue in the scheduler (rdar://51373853)
  • Fixed DoS issues in the scheduler (rdar://51373929)
  • The scheduler would restart continuously when idle and printers were not
    shared (rdar://52561199)
  • Fixed a command ordering issue in the Zebra ZPL driver.
  • Fixed a memory leak in ppdOpen.

Enjoy!

Assets 4
Pre-release
Pre-release

@michaelrsweet michaelrsweet released this May 21, 2019 · 130 commits to master since this release

CUPS 2.3rc1 is now available for download. This is the first release candidate for CUPS 2.3.0 which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and "polish" issues. This beta also includes the new ippeveprinter utility. Changes include:

  • The cups-config script no longer adds extra libraries when linking against
    shared libraries (Issue #5261)
  • The supplied example print documents have been optimized for size
    (Issue #5529)
  • The cupsctl command now prevents setting "cups-files.conf" directives
    (Issue #5530)
  • The "forbidden" message in the web interface is now explained (Issue #5547)
  • The footer in the web interface covered some content on small displays
    (Issue #5574)
  • The libusb-based USB backend now enforces read limits, improving print speed
    in many cases (Issue #5583)
  • The ippeveprinter command now looks for print commands in the "command"
    subdirectory.
  • The ipptool command now supports $date-current and $date-start variables
    to insert the current and starting date and time values, as well as ISO-8601
    relative time values such as "PT30S" for 30 seconds in the future.

Enjoy!

Assets 4
Pre-release
Pre-release

@michaelrsweet michaelrsweet released this May 2, 2019 · 173 commits to master since this release

CUPS 2.3b8 is now available for download. This is the eighth beta of the CUPS 2.3 series which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and "polish" issues. This beta also includes the new ippeveprinter utility. Changes include:

  • Media size matching now uses a tolerance of 0.5mm (rdar://33822024)
  • The lpadmin command would hang with a bad PPD file (rdar://41495016)
  • Fixed a potential crash bug in cups-driverd (rdar://46625579)
  • Fixed a performance regression with large PPDs (rdar://47040759)
  • Fixed a memory reallocation bug in HTTP header value expansion
    (rdar://problem/50000749)
  • Timed out job submission now yields an error (Issue #5570)
  • Restored minimal support for the Emulators keyword in PPD files to allow
    old Samsung printer drivers to continue to work (Issue #5562)
  • The scheduler did not encode octetString values like "job-password" correctly
    for the print filters (Issue #5558)
  • The cupsCheckDestSupported function did not check octetString values
    correctly (Issue #5557)
  • Added support for UserAgentTokens directive in "client.conf" (Issue #5555)
  • Updated the systemd service file for cupsd (Issue #5551)
  • The ippValidateAttribute function did not catch all instances of invalid
    UTF-8 strings (Issue #5509)
  • Fixed an issue with the self-signed certificates generated by GNU TLS
    (Issue #5506)
  • Fixed a potential memory leak when reading at the end of a file (Issue #5473)
  • Fixed potential unaligned accesses in the string pool (Issue #5474)
  • Fixed a potential memory leak when loading a PPD file (Issue #5475)
  • Added a USB quirks rule for the Lexmark E120n (Issue #5478)
  • Updated the USB quirks rule for Zebra label printers (Issue #5395)
  • Fixed a compile error on Linux (Issue #5483)
  • The lpadmin command, web interface, and scheduler all queried an IPP
    Everywhere printer differently, resulting in different PPDs for the same
    printer (Issue #5484)
  • The web interface no longer provides access to the log files (Issue #5513)
  • Non-Kerberized printing to Windows via IPP was broken (Issue #5515)
  • Eliminated use of private headers and some deprecated macOS APIs (Issue #5516)
  • The scheduler no longer stops a printer if an error occurs when a job is
    canceled or aborted (Issue #5517)
  • Added a USB quirks rule for the DYMO 450 Turbo (Issue #5521)
  • Added a USB quirks rule for Xerox printers (Issue #5523)
  • The scheduler's self-signed certificate did not include all of the alternate
    names for the server when using GNU TLS (Issue #5525)
  • Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
  • Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs
    (Issue #5535)
  • Fixed PreserveJobHistory bug with time values (Issue #5538)
  • The scheduler no longer advertises the HTTP methods it supports (Issue #5540)
  • Localization updates (Issue #5461, Issues #5471, Issue #5481, Issue #5486,
    Issue #5489, Issue #5491, Issue #5492, Issue #5493, Issue #5494, Issue #5495,
    Issue #5497, Issue #5499, Issue #5500, Issue #5501, Issue #5504)
  • The scheduler did not always idle exit as quickly as it could.
  • Added a new ippeveprinter command based on the old ippserver sample code.

Enjoy!

Assets 4

@michaelrsweet michaelrsweet released this Mar 22, 2019 · 801 commits to master since this release

CUPS 2.2.11 is a bug fix release that addresses issues in the scheduler,
IPP Everywhere support, CUPS library, and USB printer support. Changes include:

  • Running ppdmerge with the same input and output filenames did not work as
    advertised (Issue #5455)
  • Fixed a potential memory leak when reading at the end of a file (Issue #5473)
  • Fixed potential unaligned accesses in the string pool (Issue #5474)
  • Fixed a potential memory leak when loading a PPD file (Issue #5475)
  • Added a USB quirks rule for the Lexmark E120n (Issue #5478)
  • Updated the USB quirks rule for Zebra label printers (Issue #5395)
  • Fixed a compile error on Linux (Issue #5483)
  • The lpadmin command, web interface, and scheduler all queried an IPP
    Everywhere printer differently, resulting in different PPDs for the same
    printer (Issue #5484)
  • Fixed an issue with the self-signed certificates generated by GNU TLS
    (Issue #5506)
  • The ippValidateAttribute function did not catch all instances of invalid
    UTF-8 strings (Issue #5509)
  • Non-Kerberized printing to Windows via IPP was broken (Issue #5515)
  • The scheduler no longer stops a printer if an error occurs when a job is
    canceled or aborted (Issue #5517)
  • Added a USB quirks rule for the DYMO 450 Turbo (Issue #5521)
  • Added a USB quirks rule for Xerox printers (Issue #5523)
  • The scheduler's self-signed certificate did not include all of the alternate
    names for the server when using GNU TLS (Issue #5525)
  • Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
  • Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs
    (Issue #5535)
  • Fixed PreserveJobHistory bug with time values (Issue #5538)
  • Media size matching now uses a tolerance of 0.5mm (rdar://33822024)
  • The lpadmin command would hang with a bad PPD file (rdar://41495016)
  • Fixed a potential crash bug in cups-driverd (rdar://46625579)
  • Fixed a performance regression with large PPDs (rdar://47040759)
  • The scheduler did not always idle exit as quickly as it could.

Enjoy!

Assets 4
Pre-release
Pre-release

@michaelrsweet michaelrsweet released this Dec 14, 2018 · 358 commits to master since this release

CUPS 2.3b7 is now available for download. This is the sixth beta of the CUPS 2.3 series which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and "polish" issues.

Changes include:

  • Fixed some build failures (Issue #5451, Issue #5463)
  • Running ppdmerge with the same input and output filenames did not work as
    advertised (Issue #5455)

Enjoy!

Assets 4
Pre-release
Pre-release

@michaelrsweet michaelrsweet released this Dec 7, 2018 · 366 commits to master since this release

CUPS 2.3b6 is now available for download. This is the sixth beta of the CUPS 2.3 series which adopts the new CUPS license, adds support for IPP presets and finishing templates, and fixes a number of bugs and “polish” issues. Changes include:

  • Localization update (Issue #5339, Issue #5348, Issue #5362, Issue #5408, Issue #5410)
  • Documentation updates (Issue #5369, Issue #5402, Issue #5403, Issue #5404)
  • CVE-2018-4700: Linux session cookies used a predictable random number seed.
  • All user commands now support the --help option (Issue #5326)
  • The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045)
  • The lpadmin command would create a non-working printer in some error cases (Issue #5305)
  • The scheduler would crash if an empty AccessLog directive was specified (Issue #5309)
  • The scheduler did not idle-exit on some Linux distributions (Issue #5319)
  • Fixed a regression in the changes to ippValidateAttribute (Issue #5322, Issue #5330)
  • Fixed a crash bug in the Epson dot matrix driver (Issue #5323)
  • Automatic debug logging of job errors did not work with systemd (Issue #5337)
  • The web interface did not list the IPP Everywhere "driver" (Issue #5338)
  • The scheduler did not report all of the supported job options and values (Issue #5340)
  • The IPP Everywhere "driver" now properly supports face-up printers (Issue #5345)
  • Fixed some typos in the label printer drivers (Issue #5350)
  • Setting the Community name to the empty string in snmp.conf now disables SNMP supply level monitoring by all the standard network backends (Issue #5354)
  • Multi-file jobs could get stuck if the backend failed (Issue #5359, Issue #5413)
  • The IPP Everywhere "driver" no longer does local filtering when printing to a shared CUPS printer (Issue #5361)
  • The lpadmin command now correctly reports IPP errors when configuring an IPP Everywhere printer (Issue #5370)
  • Fixed some memory leaks discovered by Coverity (Issue #5375)
  • The PPD compiler incorrectly terminated JCL options (Issue #5379)
  • The cupstestppd utility did not generate errors for missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381)
  • The scheduler now reports the actual location of the log file (Issue #5398)
  • Added USB quirk rules (Issue #5395, Issue #5420, Issue #5443)
  • The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433)
  • Kerberos credentials might be truncated (Issue #5435)
  • The handling of MaxJobTime 0 did not match the documentation (Issue #5438)
  • Fixed a bug adding a queue with the -E option (Issue #5440)
  • The cupsaddsmb program has been removed (Issue #5449)
  • The cupstestdsc program has been removed (Issue #5450)
  • The scheduler was being backgrounded on macOS, causing applications to spin (rdar://40436080)
  • The scheduler did not validate that required initial request attributes were in the operation group (rdar://41098178)
  • Authentication in the web interface did not work on macOS (rdar://41444473)
  • Fixed an issue with HTTP Digest authentication (rdar://41709086)
  • The scheduler could crash when job history was purged (rdar://42198057)
  • Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976)
  • Fixed a memory leak for some IPP (extension) syntaxes.
  • The cupscgi, cupsmime, and cupsppdc support libraries are no longer installed as shared libraries.
  • The snmp backend is now deprecated.

Enjoy!

Assets 4
You can’t perform that action at this time.