CHANGES-1.3.txt
---------------
+CHANGES IN CUPS V1.3.11
+
+ - The scheduler did not prevent nested classes (STR #3211)
+ - The scheduler did not reprint processing jobs that were moved to
+ another destination (STR #3222)
+ - The scheduler did not reset the current job file when stopping a
+ printer (STR #3226)
+ - The scheduler did not handle POSTs to custom CGIs properly (STR #3221)
+ - The pdftops filter did not print landscape PDF pages properly
+ (STR #2881)
+ - The scheduler did not handle partial header lines properly from CGI
+ programs (STR #3194)
+ - The web interface could hang on OpenBSD (STR #3176, STR #3196)
+ - The scheduler and cupsfilter utility did not handle rules starting
+ with a negation operator properly (STR #3160)
+ - The scheduler and cupsfilter utility would crash with certain MIME
+ .types rules (STR #3159)
+ - httpSetField wasn't bracketing IPv6 numeric addresses for the Host:
+ field (STR #3164)
+ - The ServerName, if specified, was not treated as a valid alias for the
+ local system (STR #3167)
+ - "make epm" did not work (STR #3166)
+ - "lpstat -h server" showed non-shared printers (STR #3147)
+ - "make check" did not work on Linux (STR #3161)
+
+
+CHANGES IN CUPS V1.3.10
+
+ - Documentation fixes (STR #2994, STR #2995, STR #3008, STR #3056,
+ STR #3057)
+ - SECURITY: The scheduler now protects against DNS rebinding attacks
+ (STR #3118)
+ - SECURITY: Fixed TIFF integer overflow in image filters (STR #3031)
+ - The scheduler did not support the job-hold-until attribute with the
+ Restart-Job operation (STR #3130)
+ - SECURITY: The PNG image reading code did not validate the
+ image size properly, leading to a potential buffer overflow
+ (STR #2974)
+ - The rastertohp driver did not set the 1-sided printing mode when
+ needed (STR #3131)
+ - Now use a wrapper program instead of our fork of the Xpdf code to
+ support printing of PDF files. The new wrapper supports using Xpdf,
+ poppler, or Ghostscript to convert PDF files to PostScript (STR #3129)
+ - Long job names caused problems with some PJL printers (STR #3125)
+ - The lpq command did not work when showing all destinations (STR #3117)
+ - The scheduler used a codeset name of UTF8 which is not supported on
+ Solaris (STR #3113)
+ - cupsGetJobs() did not work with a NULL destination (STR #3107)
+ - Fixed a localization problem for option choices (incorrectly) named
+ "Custom" (STR #3106)
+ - The fallback OpenSSL random number seeding would not work (STR #3079)
+ - The scheduler might miss a child signal, causing high CPU usage.
+ - The scheduler did not enforce quotas after the job history was
+ unloaded (STR #3078)
+ - The job-k-limit, job-page-limit, and job-quota-period attributes
+ could not be set using the lpadmin command (STR #3077)
+ - httpSeparateURI() did not error out on URIs with a missing port
+ number after a colon.
+ - Fixed a Valgrind-detected initialization error when creating a
+ missing directory on startup.
+ - The scheduler did not always read all of the HTTP headers from a
+ CGI script/program.
+ - The scheduler did not always set the "air" property in Bonjour/DNS-SD
+ registrations.
+ - The scheduler incorrectly compared Mac OS X UUIDs for access
+ control, preventing access in certain configurations.
+ - The IPP backend incorrectly reset the required authentication
+ to Kerberos when authentication failed.
+ - The scheduler no longer looks up the local hostname by default;
+ turn on hostname lookups to restore the previous behavior.
+ - The scheduler did not always load MIME type rules correctly
+ (STR #3059)
+ - The test page did not format correctly on A4 paper (STR #3060)
+ - The web interface sometimes incorrectly redirected users to
+ 127.0.0.1 (STR #3022)
+ - cupsPrintFile*() did not send the document filename for single
+ file submissions (STR #3055)
+ - The scheduler did not update the member-names attribute when
+ removing the last printer from a class.
+ - The scheduler did not report PPD Products with parenthesis
+ in them properly (STR #3046)
+ - The wrong italic fonts were listed in the UTF-8 charset file
+ for the text filter.
+ - The backends did not return an OK status for the
+ CUPS_SC_CMD_GET_BIDI side-channel command (STR #3029)
+ - The scheduler did not purge jobs that were missing a
+ time-at-creation attribute, indicating a bad job control file
+ (STR #3030)
+ - The "-o job-hold-until=week-end" option did not work properly
+ (STR #3025)
+ - The Solaris USB printer device does not support select or poll
+ (STR #3028)
+ - The scheduler would crash if you exceeded the MaxSubscriptions
+ limit.
+ - The lp "-H immediate" option did not specify that the job
+ should not be held (STR #3013)
+ - The scheduler did not support the "Connection: close"
+ HTTP header (STR #3010)
+ - The mailto notifier didn't terminate messages properly
+ (STR #3011)
+ - Backends could spin trying to read back-channel data
+ (STR #3001)
+ - The HP-GL/2 filter was using the wrong default colors
+ (STR #2966)
+ - The scheduler incorrectly allowed Get-Jobs operations without a
+ printer-uri (STR #2996)
+ - The compression option was not being encoded properly
+ (STR #2997)
+ - Added a missing character map for JIS-X0213/ShiftJIS.
+ - The scheduler now rejects ATTR: messages with empty values.
+ - The scheduler could consume all CPU handling closed connections
+ (STR #2988)
+ - Fixed some configure script bugs with rc/xinetd directories
+ (STR #2970)
+ - The Epson sample driver PPDs contained errors (STR #2979)
+
+
+CHANGES IN CUPS V1.3.9
+
+ - SECURITY: The HP-GL/2 filter did not range check pen numbers
+ (STR #2911)
+ - SECURITY: The SGI image file reader did not range check
+ 16-bit run lengths (STR #2918)
+ - SECURITY: The text filter did not range check cpi, lpi, or
+ column values (STR #2919)
+ - Documentation updates (STR #2904, STR #2944)
+ - The French web admin page was never updated (STR #2963)
+ - The IPP backend did not retry print jobs when the printer
+ reported itself as busy or unavailable (STR #2951)
+ - The "Set Allowed Users" web interface did not handle trailing
+ whitespace correctly (STR #2956)
+ - The PostScript filter did not work with Adobe applications
+ using custom page sizes (STR #2968)
+ - The Mac OS X USB backend did not work with some printers
+ that reported a bad 1284 device ID.
+ - The scheduler incorrectly resolved the client connection
+ address when HostNameLookups was set to Off (STR #2946)
+ - The IPP backend incorrectly stopped the local queue if
+ the remote server reported the "paused" state.
+ - The cupsGetDests() function did not catch all types of
+ request errors.
+ - The scheduler did not always log "job queued" messages
+ (STR #2943)
+ - The scheduler did not support destination filtering using
+ the printer-location attribute properly (STR #2945)
+ - The scheduler did not send the server-started,
+ server-restarted, or server-stopped events (STR #2927)
+ - The scheduler no longer enforces configuration file
+ permissions on symlinked files (STR #2937)
+ - CUPS now reinitializes the DNS resolver on failures
+ (STR #2920)
+ - The CUPS desktop menu item was broken (STR #2924)
+ - The PPD parser was too strict about missing keyword
+ values in "relaxed" mode.
+ - The PostScript filter incorrectly mirrored landscape
+ documents.
+ - The scheduler did not correctly update the
+ auth-info-required value(s) if the AuthType was Default.
+ - The scheduler required Kerberos authentication for
+ all operations on remote Kerberized printers instead
+ of just for the operations that needed it.
+ - The socket backend could wait indefinitely for back-
+ channel data with some devices.
+ - PJL panel messages were not reset correctly on older
+ printers (STR #2909)
+ - cupsfilter used the wrong default path (STR #2908)
+ - Fixed address matching for "BrowseAddress @IF(name)"
+ (STR #2910)
+ - Fixed compiles on AIX.
+ - Firefox 3 did not work with the CUPS web interface in SSL
+ mode (STR #2892)
+ - Custom options with multiple parameters were not emitted
+ correctly.
+ - Refined the cupstestppd utility.
+ - ppdEmit*() did not support custom JCL options (STR #2889)
+ - The cupstestppd utility incorrectly reported missing
+ "en" base translations (STR #2887)
+
+
+CHANGES IN CUPS V1.3.8
+
+ - Documentation updates (STR #2785, STR #2861, STR #2862)
+ - The scheduler did not add the ending job sheet when the
+ job was released.
+ - The IPP backend did not relay marker-* attributes.
+ - The CUPS GNOME/KDE menu item was not localized for
+ Chinese (STR #2880)
+ - The CUPS GNOME/KDE menu item was not localized for
+ Japanese (STR #2876)
+ - The cupstestppd utility reported mixed line endings for
+ Mac OS and Windows PPD files (STR #2874)
+ - The pdftops filter did not print landscape orientation PDF
+ pages correctly on all printers (STR #2850)
+ - The scheduler did not handle expiring of implicit classes
+ or their members properly, leading to a configuration where
+ one of the members would have a short name (STR #2766)
+ - The scheduler and cupstestppd utilities did not support
+ cupsFilter and cupsPreFilter programs with spaces in their
+ names (STR #2866)
+ - Removed unused variables and assignments found by the
+ LLVM "clang" tool.
+ - Added NULL checks recommended by the LLVM "clang" tool.
+ - The scheduler would crash if you started a printer that
+ pointed to a backend that did not exist (STR #2865)
+ - The ppdLocalize functions incorrectly mapped all generic
+ locales to country-specific locales.
+ - The cups-driverd program did not support Simplified Chinese
+ or Traditional Chinese language version strings (STR #2851)
+ - Added an Indonesian translation (STR #2792)
+ - Fixed a timing issue in the backends that could cause data
+ corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel
+ command (STR #2858)
+ - The scheduler did not support "HostNameLookups" with all of
+ the boolean names (STR #2861)
+ - Fixed a compile problem with glibc 2.8 (STR #2860)
+ - The scheduler incorrectly filtered out queues with ACLs and
+ authentication.
+ - The PostScript filter did not support %%IncludeFeature lines
+ in the page setup section of each page (STR #2831)
+ - The scheduler did not generate printer-state events when the
+ default printer was changed (STR #2764)
+ - cupstestppd incorrectly reported a warning about the PPD format
+ version in some locales (STR #2854)
+ - cupsGetPPD() and friends incorrectly returned a PPD file for
+ a class with no printers.
+ - The member-uris values for local printers in a class returned
+ by the scheduler did not reflect the connected hostname or
+ port.
+ - The CUPS PHP extension was not thread-safe (STR #2828)
+ - The scheduler incorrectly added the document-format-default
+ attribute to the list of "common" printer attributes, which
+ over time would slow down the printing system (STR #2755,
+ STR #2836)
+ - The cups-deviced and cups-driverd helper programs did not set
+ the CFProcessPath environment variable on Mac OS X (STR #2837)
+ - "lpstat -p" could report the wrong job as printing (STR #2845)
+ - The scheduler would crash when some cupsd.conf directives
+ were missing values (STR #2849)
+ - The web interface "move jobs" operation redirected users to
+ the wrong URL (STR #2815)
+ - The Polish web interface translation contained errors
+ (STR #2815)
+ - The scheduler did not report PostScript printer PPDs with
+ filters as PostScript devices.
+ - The scheduler did not set the job document-format attribute
+ for jobs submitted using Create-Job and Send-Document.
+ - cupsFileTell() did not work for log files opened in append
+ mode (STR #2810)
+ - The scheduler did not set QUERY_STRING all of the time
+ for CGI scripts (STR #2781, STR #2816)
+ - The scheduler now returns an error for bad job-sheets
+ values (STR #2775)
+ - Authenticated remote printing did not work over domain
+ sockets (STR #2750)
+ - The scheduler incorrectly logged errors for print filters
+ when a job was canceled (STR #2806, #2808)
+ - The scheduler no longer allows multiple RSS subscriptions
+ with the same URI (STR #2789)
+ - The scheduler now supports Kerberized printing with
+ multiple server names (STR #2783)
+ - "Satisfy any" did not work in IPP policies (STR #2782)
+ - The CUPS imaging library would crash with very large
+ images - more than 16Mx16M pixels (STR #2805)
+ - The PNG image loading code would crash with large images
+ (STR #2790)
+ - The scheduler did not limit the total number of filters.
+ - The scheduler now ensures that the RSS directory has
+ the correct permissions.
+ - The RSS notifier did not quote the feed URL in the RSS
+ file it created (STR #2801)
+ - The web interface allowed the creation and cancellation
+ of RSS subscriptions without a username (STR #2774)
+ - Increased the default MaxCopies value on Mac OS X to
+ 9999 to match the limit imposed by the print dialog.
+ - The scheduler did not reject requests with an empty
+ Content-Length field (STR #2787)
+ - The scheduler did not log the current date and time and
+ did not escape special characters in request URIs when
+ logging bad requests to the access_log file (STR #2788)
+
+
+CHANGES IN CUPS V1.3.7
+
+ - CVE-2008-0047: cgiCompileSearch buffer overflow (STR #2729)
+ - CVE-2008-1373: CUPS GIF image filter overflow (STR #2765)
+ - Updated the "make check" tests to do a more thorough
+ automated test.
+ - cups-driverd complained about missing directories (STR
+ #2777)
+ - cupsaddsmb would leave the Samba username and password on
+ disk if no Windows drivers were installed (STR #2779)
+ - The Linux USB backend used 100% CPU when a printer was
+ disconnected (STR #2769)
+ - The sample raster drivers did not properly handle SIGTERM
+ (STR #2770)
+ - The scheduler sent notify_post() messages too often on
+ Mac OS X.
+ - Kerberos access to the web interface did not work
+ (STR #2748)
+ - The scheduler did not support "AuthType Default" in IPP
+ policies (STR #2749)
+ - The scheduler did not support the "HideImplicitMembers"
+ directive as documented (STR #2760)
+ - "make check" didn't return a non-zero exit code on
+ error (STR #2758)
+ - The scheduler incorrectly logged AUTH_foo environment
+ variables in debug mode (STR #2751)
+ - The image filters inverted PBM files (STR #2746)
+ - cupsctl would crash if the scheduler was not running
+ (STR #2741)
+ - The scheduler could crash when printing using a port
+ monitor (STR #2742)
+ - The scheduler would crash if PAM was broken (STR #2734)
+ - The image filters did not work with some CMYK JPEG files
+ produced by Adobe applications (STR #2727)
+ - The Mac OS X USB backend did not work with printers that
+ did not report a make or model.
+ - The job-sheets option was not encoded properly (STR #2715)
+ - The scheduler incorrectly complained about missing LSB
+ PPD directories.
+
+
+CHANGES IN CUPS V1.3.6
+
+ - Documentation updates (STR #2646, STR #2647, STR #2649)
+ - Fixed a problem with the web interface "Use Kerberos
+ Authentication" check box (STR #2703)
+ - The scheduler unconditionally overwrote the printer-state-
+ message with "process-name failed" when a filter or backend
+ failed, preventing a useful error message from being shown
+ to the user.
+ - Policies on CUPS-Move-Job didn't work as expected (STR
+ #2699)
+ - The configure script only supported D-BUS on Linux
+ (STR #2702)
+ - The scheduler did not support </LimitExcept> (STR #2701)
+ - The scheduler did not reset the job-hold-until attribute
+ after a job's hold time was reached.
+ - The scheduler did not support printer supply attributes
+ (STR #1307)
+ - The Kerberos credentials provided by some Windows KDCs
+ were still too large - now use a dynamic buffer to
+ support credentials up to 64k in size (STR #2695)
+ - Printing a test page from the web interface incorrectly
+ defaulted to the "guest" user (STR #2688)
+ - The cupsEncodeOptions2() function did not parse multiple-
+ value attribute values properly (STR #2690)
+ - The scheduler incorrectly sent printer-stopped events for
+ status updates from the print filters (STR #2680)
+ - The IPP backend could crash when handling printer errors
+ (STR #2667)
+ - Multi-file jobs did not print to remote CUPS servers
+ (STR #2673)
+ - The scheduler did not provide the Apple language ID to
+ job filters.
+ - Kerberos authentication did not work with the web
+ interface (STR #2606, STR #2669)
+ - The requesing-user-name-allowed and -denied functionality
+ did not work for Kerberos-authenticated usernames (STR
+ #2670)
+ - CUPS didn't compile on HP-UX 11i (STR #2679)
+ - cupsEncodeOptions2() did not handle option values like
+ "What's up, doc?" properly.
+ - Added lots of memory allocation checks (Fortify)
+ - The scheduler would crash if it was unable to add a job
+ file (Fortify)
+ - ppdOpen*() did not check all memory allocations (Coverity)
+ - ippReadIO() did not check all memory allocations (Coverity)
+ - The PostScript filter did not detect read errors (Coverity)
+ - The scheduler did not check for a missing job-sheets-completed
+ attribute when sending an event notification (Coverity)
+ - "Set Printer Options" might not work with raw queues (Coverity)
+ - cupsRasterInterpretPPD() could crash on certain PostScript
+ errors (Coverity)
+ - The USB backend did not check for back-channel support
+ properly on all systems (Coverity)
+ - Fixed memory leaks in the GIF and PNM image loading code
+ (Coverity)
+ - Removed some dead code in the CUPS API and scheduler (Coverity)
+ - Fixed two overflow bugs in the HP-GL/2 filter (Coverity)
+ - Fixed another ASN1 string parsing bug (STR #2665)
+ - The RSS notifier directory was not installed with the
+ correct permissions.
+ - The standard CUPS backends could use 100% CPU while waiting
+ for print data (STR #2664)
+ - Filename-based MIME rules did not work (STR #2659)
+ - The cups-polld program did not exit if the scheduler crashed
+ (STR #2640)
+ - The scheduler would crash if you tried to set the port-monitor
+ on a raw queue (STR #2639)
+ - The scheduler could crash if a polled remote printer was
+ converted to a class (STR #2656)
+ - The web interface and cupsctl did not correctly reflect
+ the "allow printing from the Internet" state (STR #2650)
+ - The scheduler incorrectly treated MIME types as case-
+ sensitive (STR #2657)
+ - The Java support classes did not send UTF-8 strings to
+ the scheduler (STR #2651)
+ - The CGI code did not handle interrupted POST requests
+ properly (STR #2652)
+ - The PostScript filter incorrectly handled number-up when
+ the number of pages was evenly divisible by the number-up
+ value.
+ - The PDF filter incorrectly filtered pages when page-ranges
+ and number-up were both specified (STR #2643)
+ - The IPP backend did not handle printing of pictwps files
+ to a non-Mac CUPS server properly.
+ - The scheduler did not detect network interface changes
+ on operating systems other than Mac OS X (STR #2631)
+ - The scheduler now logs the UNIX error message when it
+ is unable to create a request file such as a print job.
+ - Added support for --enable-pie on Mac OS X.
+
+
+CHANGES IN CUPS V1.3.5
+
+ - The SNMP backend did not check for negative string
+ lengths (STR #2589)
+ - The scheduler incorrectly removed auth-info attributes,
+ potentially leading to a loss of all options for a job.
+ - The scheduler stopped sending CUPS browse packets on a
+ restart when using fixed addresses (STR #2618)
+ - Fixed PDF filter security issues (CVE-2007-4352
+ CVE-2007-5392 CVE-2007-5393)
+ - Changing settings would always change the DefaultAuthType
+ and Allow lines (STR #2580)
+ - The scheduler would crash when submitting an undefined
+ format file from Samba with LogLevel debug2 (STR #2600)
+ - The scheduler did not use poll() when epoll() was not
+ supported by the running kernel (STR #2582)
+ - Fixed a compile problem with Heimdal Kerberos (STR #2592)
+ - The USB backend now retries connections to a printer
+ indefinitely rather than stopping the queue.
+ - Printers with untranslated JCL options were not exported
+ to Samba correctly (STR #2570)
+ - The USB backend did not work with some Minolta USB
+ printers (STR #2604)
+ - The strcasecmp() emulation code did not compile (STR
+ #2612)
+ - The scheduler would crash if a job was sent to an empty
+ class (STR #2605)
+ - The lpc command did not work in non-UTF-8 locales (STR
+ #2595)
+ - Subscriptions for printer-stopped events also received
+ other state changes (STR #2572)
+ - cupstestppd incorrectly reported translation errors for
+ the "en" locale.
+ - ppdOpen() did not handle custom options properly when the
+ Custom attribute appeared before the OpenUI for that
+ option.
+ - The scheduler could crash when deleting a printer or
+ listing old jobs.
+ - The Mac OS X USB backend did not allow for requeuing of
+ jobs submitted to a class.
+ - lpmove didn't accept a job ID by itself.
+ - The scheduler incorrectly removed job history information
+ for remote print jobs.
+ - The scheduler incorrectly sent the
+ "com.apple.printerListChanged" message for printer state
+ changes.
+ - The PostScript filter drew the page borders (when enabled)
+ outside the imageable area.
+ - The LPD and IPP backends did not default to the correct
+ port numbers when using alternate scheme names.
+ - The scheduler incorrectly deleted hardwired remote
+ printers on system sleep.
+ - The scheduler would abort if a bad browse protocol name
+ was listed in the cupsd.conf file.
+ - The online cupsd.conf help file incorrectly showed
+ "dns-sd" instead of "dnssd" for Bonjour sharing.
+ - The scheduler could crash changing the port-monitor value.
+ - The scheduler generated CoreFoundation errors when run as
+ a background process.
+ - When printing with number-up > 1, it was possible to get
+ an extra blank page.
+
+
CHANGES IN CUPS V1.3.4
- - Documentation updates (STR #2560, STR #2563)
+ - Documentation updates (STR #2560, STR #2563, STR #2569)
+ - CUPS now maps the "nb" locale to "no" on all platforms
+ (STR #2575)
+ - CUPS did not work with a Windows 2003 R2 KDC (STR #2568)
+ - ippReadIO() could read past the end of a buffer (STR
+ #2561)
+ - The scheduler would crash on shutdown if it was unable
+ to create a Kerberos context.
- Multiple AuthTypes in cupsd.conf did not work (STR
#2545)
- The snmp.conf file referenced the wrong man page (STR