X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=CHANGES-1.3.txt;h=9af534f9bf29d7ea2591570f20d525fce2e5f812;hb=b485551a771de42fed4b5dfe7c749e899a691d07;hp=21abb59557e8e4a314a8510c0d0b16bdb1785476;hpb=0a6827453a0fe4a97ad37a6a1a7ffeb96a10e339;p=thirdparty%2Fcups.git

diff --git a/CHANGES-1.3.txt b/CHANGES-1.3.txt
index 21abb5955..9af534f9b 100644
--- a/CHANGES-1.3.txt
+++ b/CHANGES-1.3.txt
@@ -1,8 +1,426 @@
 CHANGES-1.3.txt
 ---------------
 
+CHANGES IN CUPS V1.3.11
+
+	- The scheduler did not prevent nested classes (STR #3211)
+	- The scheduler did not reprint processing jobs that were moved to
+	  another destination (STR #3222)
+	- The scheduler did not reset the current job file when stopping a
+	  printer (STR #3226)
+	- The scheduler did not handle POSTs to custom CGIs properly (STR #3221)
+	- The pdftops filter did not print landscape PDF pages properly
+	  (STR #2881)
+	- The scheduler did not handle partial header lines properly from CGI
+	  programs (STR #3194)
+	- The web interface could hang on OpenBSD (STR #3176, STR #3196)
+	- The scheduler and cupsfilter utility did not handle rules starting
+	  with a negation operator properly (STR #3160)
+	- The scheduler and cupsfilter utility would crash with certain MIME
+	  .types rules (STR #3159)
+	- httpSetField wasn't bracketing IPv6 numeric addresses for the Host:
+	  field (STR #3164)
+	- The ServerName, if specified, was not treated as a valid alias for the
+	  local system (STR #3167)
+	- "make epm" did not work (STR #3166)
+	- "lpstat -h server" showed non-shared printers (STR #3147)
+	- "make check" did not work on Linux (STR #3161)
+
+
+CHANGES IN CUPS V1.3.10
+
+	- Documentation fixes (STR #2994, STR #2995, STR #3008, STR #3056,
+	  STR #3057)
+	- SECURITY: The scheduler now protects against DNS rebinding attacks
+	  (STR #3118)
+	- SECURITY: Fixed TIFF integer overflow in image filters (STR #3031)
+	- The scheduler did not support the job-hold-until attribute with the
+	  Restart-Job operation (STR #3130)
+	- SECURITY: The PNG image reading code did not validate the
+	  image size properly, leading to a potential buffer overflow
+	  (STR #2974)
+	- The rastertohp driver did not set the 1-sided printing mode when
+	  needed (STR #3131)
+	- Now use a wrapper program instead of our fork of the Xpdf code to
+	  support printing of PDF files. The new wrapper supports using Xpdf,
+	  poppler, or Ghostscript to convert PDF files to PostScript (STR #3129)
+	- Long job names caused problems with some PJL printers (STR #3125)
+	- The lpq command did not work when showing all destinations (STR #3117)
+	- The scheduler used a codeset name of UTF8 which is not supported on
+	  Solaris (STR #3113)
+	- cupsGetJobs() did not work with a NULL destination (STR #3107)
+	- Fixed a localization problem for option choices (incorrectly) named
+	  "Custom" (STR #3106)
+	- The fallback OpenSSL random number seeding would not work (STR #3079)
+	- The scheduler might miss a child signal, causing high CPU usage.
+	- The scheduler did not enforce quotas after the job history was
+	  unloaded (STR #3078)
+	- The job-k-limit, job-page-limit, and job-quota-period attributes
+	  could not be set using the lpadmin command (STR #3077)
+	- httpSeparateURI() did not error out on URIs with a missing port
+	  number after a colon.
+	- Fixed a Valgrind-detected initialization error when creating a
+	  missing directory on startup.
+	- The scheduler did not always read all of the HTTP headers from a
+	  CGI script/program.
+        - The scheduler did not always set the "air" property in Bonjour/DNS-SD
+          registrations.
+	- The scheduler incorrectly compared Mac OS X UUIDs for access
+	  control, preventing access in certain configurations.
+        - The IPP backend incorrectly reset the required authentication
+	  to Kerberos when authentication failed.
+	- The scheduler no longer looks up the local hostname by default;
+	  turn on hostname lookups to restore the previous behavior.
+	- The scheduler did not always load MIME type rules correctly
+	  (STR #3059)
+	- The test page did not format correctly on A4 paper (STR #3060)
+	- The web interface sometimes incorrectly redirected users to
+	  127.0.0.1 (STR #3022)
+	- cupsPrintFile*() did not send the document filename for single
+	  file submissions (STR #3055)
+	- The scheduler did not update the member-names attribute when
+	  removing the last printer from a class.
+	- The scheduler did not report PPD Products with parenthesis
+	  in them properly (STR #3046)
+	- The wrong italic fonts were listed in the UTF-8 charset file
+	  for the text filter.
+	- The backends did not return an OK status for the
+	  CUPS_SC_CMD_GET_BIDI side-channel command (STR #3029)
+	- The scheduler did not purge jobs that were missing a
+	  time-at-creation attribute, indicating a bad job control file
+	  (STR #3030)
+	- The "-o job-hold-until=week-end" option did not work properly
+	  (STR #3025)
+	- The Solaris USB printer device does not support select or poll
+	  (STR #3028)
+	- The scheduler would crash if you exceeded the MaxSubscriptions
+	  limit.
+	- The lp "-H immediate" option did not specify that the job
+	  should not be held (STR #3013)
+	- The scheduler did not support the "Connection: close"
+	  HTTP header (STR #3010)
+	- The mailto notifier didn't terminate messages properly
+	  (STR #3011)
+	- Backends could spin trying to read back-channel data
+	  (STR #3001)
+	- The HP-GL/2 filter was using the wrong default colors
+	  (STR #2966)
+	- The scheduler incorrectly allowed Get-Jobs operations without a
+	  printer-uri (STR #2996)
+	- The compression option was not being encoded properly
+	  (STR #2997)
+	- Added a missing character map for JIS-X0213/ShiftJIS.
+	- The scheduler now rejects ATTR: messages with empty values.
+	- The scheduler could consume all CPU handling closed connections
+	  (STR #2988)
+	- Fixed some configure script bugs with rc/xinetd directories
+	  (STR #2970)
+	- The Epson sample driver PPDs contained errors (STR #2979)
+
+
+CHANGES IN CUPS V1.3.9
+
+	- SECURITY: The HP-GL/2 filter did not range check pen numbers
+	  (STR #2911)
+	- SECURITY: The SGI image file reader did not range check
+	  16-bit run lengths (STR #2918)
+	- SECURITY: The text filter did not range check cpi, lpi, or
+	  column values (STR #2919)
+	- Documentation updates (STR #2904, STR #2944)
+	- The French web admin page was never updated (STR #2963)
+	- The IPP backend did not retry print jobs when the printer
+	  reported itself as busy or unavailable (STR #2951)
+	- The "Set Allowed Users" web interface did not handle trailing
+	  whitespace correctly (STR #2956)
+	- The PostScript filter did not work with Adobe applications
+	  using custom page sizes (STR #2968)
+	- The Mac OS X USB backend did not work with some printers
+	  that reported a bad 1284 device ID.
+	- The scheduler incorrectly resolved the client connection
+	  address when HostNameLookups was set to Off (STR #2946)
+	- The IPP backend incorrectly stopped the local queue if
+	  the remote server reported the "paused" state.
+	- The cupsGetDests() function did not catch all types of
+	  request errors.
+	- The scheduler did not always log "job queued" messages
+	  (STR #2943)
+	- The scheduler did not support destination filtering using
+	  the printer-location attribute properly (STR #2945)
+	- The scheduler did not send the server-started,
+	  server-restarted, or server-stopped events (STR #2927)
+	- The scheduler no longer enforces configuration file
+	  permissions on symlinked files (STR #2937)
+	- CUPS now reinitializes the DNS resolver on failures
+	  (STR #2920)
+	- The CUPS desktop menu item was broken (STR #2924)
+	- The PPD parser was too strict about missing keyword
+	  values in "relaxed" mode.
+	- The PostScript filter incorrectly mirrored landscape
+	  documents.
+	- The scheduler did not correctly update the
+	  auth-info-required value(s) if the AuthType was Default.
+	- The scheduler required Kerberos authentication for
+	  all operations on remote Kerberized printers instead
+	  of just for the operations that needed it.
+	- The socket backend could wait indefinitely for back-
+	  channel data with some devices.
+	- PJL panel messages were not reset correctly on older
+	  printers (STR #2909)
+	- cupsfilter used the wrong default path (STR #2908)
+	- Fixed address matching for "BrowseAddress @IF(name)"
+	  (STR #2910)
+	- Fixed compiles on AIX.
+	- Firefox 3 did not work with the CUPS web interface in SSL
+	  mode (STR #2892)
+	- Custom options with multiple parameters were not emitted
+	  correctly.
+	- Refined the cupstestppd utility.
+	- ppdEmit*() did not support custom JCL options (STR #2889)
+	- The cupstestppd utility incorrectly reported missing
+	  "en" base translations (STR #2887)
+
+
+CHANGES IN CUPS V1.3.8
+
+	- Documentation updates (STR #2785, STR #2861, STR #2862)
+	- The scheduler did not add the ending job sheet when the
+	  job was released.
+	- The IPP backend did not relay marker-* attributes.
+	- The CUPS GNOME/KDE menu item was not localized for
+	  Chinese (STR #2880)
+	- The CUPS GNOME/KDE menu item was not localized for
+	  Japanese (STR #2876)
+	- The cupstestppd utility reported mixed line endings for
+	  Mac OS and Windows PPD files (STR #2874)
+	- The pdftops filter did not print landscape orientation PDF
+	  pages correctly on all printers (STR #2850)
+	- The scheduler did not handle expiring of implicit classes
+	  or their members properly, leading to a configuration where
+	  one of the members would have a short name (STR #2766)
+	- The scheduler and cupstestppd utilities did not support
+	  cupsFilter and cupsPreFilter programs with spaces in their
+	  names (STR #2866)
+	- Removed unused variables and assignments found by the
+	  LLVM "clang" tool.
+	- Added NULL checks recommended by the LLVM "clang" tool.
+	- The scheduler would crash if you started a printer that
+	  pointed to a backend that did not exist (STR #2865)
+	- The ppdLocalize functions incorrectly mapped all generic
+	  locales to country-specific locales.
+	- The cups-driverd program did not support Simplified Chinese
+	  or Traditional Chinese language version strings (STR #2851)
+	- Added an Indonesian translation (STR #2792)
+	- Fixed a timing issue in the backends that could cause data
+	  corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel
+	  command (STR #2858)
+	- The scheduler did not support "HostNameLookups" with all of
+	  the boolean names (STR #2861)
+	- Fixed a compile problem with glibc 2.8 (STR #2860)
+	- The scheduler incorrectly filtered out queues with ACLs and
+	  authentication.
+	- The PostScript filter did not support %%IncludeFeature lines
+	  in the page setup section of each page (STR #2831)
+	- The scheduler did not generate printer-state events when the
+	  default printer was changed (STR #2764)
+	- cupstestppd incorrectly reported a warning about the PPD format
+	  version in some locales (STR #2854)
+	- cupsGetPPD() and friends incorrectly returned a PPD file for
+	  a class with no printers.
+	- The member-uris values for local printers in a class returned
+	  by the scheduler did not reflect the connected hostname or
+	  port.
+	- The CUPS PHP extension was not thread-safe (STR #2828)
+	- The scheduler incorrectly added the document-format-default
+	  attribute to the list of "common" printer attributes, which
+	  over time would slow down the printing system (STR #2755,
+	  STR #2836)
+	- The cups-deviced and cups-driverd helper programs did not set
+	  the CFProcessPath environment variable on Mac OS X (STR #2837)
+	- "lpstat -p" could report the wrong job as printing (STR #2845)
+	- The scheduler would crash when some cupsd.conf directives
+	  were missing values (STR #2849)
+	- The web interface "move jobs" operation redirected users to
+	  the wrong URL (STR #2815)
+	- The Polish web interface translation contained errors
+	  (STR #2815)
+	- The scheduler did not report PostScript printer PPDs with
+	  filters as PostScript devices.
+	- The scheduler did not set the job document-format attribute
+	  for jobs submitted using Create-Job and Send-Document.
+	- cupsFileTell() did not work for log files opened in append
+	  mode (STR #2810)
+	- The scheduler did not set QUERY_STRING all of the time
+	  for CGI scripts (STR #2781, STR #2816)
+	- The scheduler now returns an error for bad job-sheets
+	  values (STR #2775)
+	- Authenticated remote printing did not work over domain
+	  sockets (STR #2750)
+	- The scheduler incorrectly logged errors for print filters
+	  when a job was canceled (STR #2806, #2808)
+	- The scheduler no longer allows multiple RSS subscriptions
+	  with the same URI (STR #2789)
+	- The scheduler now supports Kerberized printing with
+	  multiple server names (STR #2783)
+	- "Satisfy any" did not work in IPP policies (STR #2782)
+	- The CUPS imaging library would crash with very large
+	  images - more than 16Mx16M pixels (STR #2805)
+	- The PNG image loading code would crash with large images
+	  (STR #2790)
+	- The scheduler did not limit the total number of filters.
+	- The scheduler now ensures that the RSS directory has
+	  the correct permissions.
+	- The RSS notifier did not quote the feed URL in the RSS
+	  file it created (STR #2801)
+	- The web interface allowed the creation and cancellation
+	  of RSS subscriptions without a username (STR #2774)
+	- Increased the default MaxCopies value on Mac OS X to
+	  9999 to match the limit imposed by the print dialog.
+	- The scheduler did not reject requests with an empty
+	  Content-Length field (STR #2787)
+	- The scheduler did not log the current date and time and
+	  did not escape special characters in request URIs when
+	  logging bad requests to the access_log file (STR #2788)
+
+
+CHANGES IN CUPS V1.3.7
+
+	- CVE-2008-0047: cgiCompileSearch buffer overflow (STR #2729)
+	- CVE-2008-1373: CUPS GIF image filter overflow (STR #2765)
+	- Updated the "make check" tests to do a more thorough
+	  automated test.
+	- cups-driverd complained about missing directories (STR
+	  #2777)
+	- cupsaddsmb would leave the Samba username and password on
+	  disk if no Windows drivers were installed (STR #2779)
+	- The Linux USB backend used 100% CPU when a printer was
+	  disconnected (STR #2769)
+	- The sample raster drivers did not properly handle SIGTERM
+	  (STR #2770)
+	- The scheduler sent notify_post() messages too often on
+	  Mac OS X.
+	- Kerberos access to the web interface did not work
+	  (STR #2748)
+	- The scheduler did not support "AuthType Default" in IPP
+	  policies (STR #2749)
+	- The scheduler did not support the "HideImplicitMembers"
+	  directive as documented (STR #2760)
+	- "make check" didn't return a non-zero exit code on
+	  error (STR #2758)
+	- The scheduler incorrectly logged AUTH_foo environment
+	  variables in debug mode (STR #2751)
+	- The image filters inverted PBM files (STR #2746)
+	- cupsctl would crash if the scheduler was not running
+	  (STR #2741)
+	- The scheduler could crash when printing using a port
+	  monitor (STR #2742)
+	- The scheduler would crash if PAM was broken (STR #2734)
+	- The image filters did not work with some CMYK JPEG files
+	  produced by Adobe applications (STR #2727)
+	- The Mac OS X USB backend did not work with printers that
+	  did not report a make or model.
+	- The job-sheets option was not encoded properly (STR #2715)
+	- The scheduler incorrectly complained about missing LSB
+	  PPD directories.
+
+
+CHANGES IN CUPS V1.3.6
+
+	- Documentation updates (STR #2646, STR #2647, STR #2649)
+	- Fixed a problem with the web interface "Use Kerberos
+	  Authentication" check box (STR #2703)
+	- The scheduler unconditionally overwrote the printer-state-
+	  message with "process-name failed" when a filter or backend
+	  failed, preventing a useful error message from being shown
+	  to the user.
+	- Policies on CUPS-Move-Job didn't work as expected (STR
+	  #2699)
+	- The configure script only supported D-BUS on Linux
+	  (STR #2702)
+	- The scheduler did not support </LimitExcept> (STR #2701)
+	- The scheduler did not reset the job-hold-until attribute
+	  after a job's hold time was reached.
+	- The scheduler did not support printer supply attributes
+	  (STR #1307)
+	- The Kerberos credentials provided by some Windows KDCs
+	  were still too large - now use a dynamic buffer to
+	  support credentials up to 64k in size (STR #2695)
+	- Printing a test page from the web interface incorrectly
+	  defaulted to the "guest" user (STR #2688)
+	- The cupsEncodeOptions2() function did not parse multiple-
+	  value attribute values properly (STR #2690)
+	- The scheduler incorrectly sent printer-stopped events for
+	  status updates from the print filters (STR #2680)
+	- The IPP backend could crash when handling printer errors
+	  (STR #2667)
+	- Multi-file jobs did not print to remote CUPS servers
+	  (STR #2673)
+	- The scheduler did not provide the Apple language ID to
+	  job filters.
+	- Kerberos authentication did not work with the web
+	  interface (STR #2606, STR #2669)
+	- The requesing-user-name-allowed and -denied functionality
+	  did not work for Kerberos-authenticated usernames (STR
+	  #2670)
+	- CUPS didn't compile on HP-UX 11i (STR #2679)
+	- cupsEncodeOptions2() did not handle option values like
+	  "What's up, doc?" properly.
+	- Added lots of memory allocation checks (Fortify)
+	- The scheduler would crash if it was unable to add a job
+	  file (Fortify)
+	- ppdOpen*() did not check all memory allocations (Coverity)
+	- ippReadIO() did not check all memory allocations (Coverity)
+	- The PostScript filter did not detect read errors (Coverity)
+	- The scheduler did not check for a missing job-sheets-completed
+	  attribute when sending an event notification (Coverity)
+	- "Set Printer Options" might not work with raw queues (Coverity)
+	- cupsRasterInterpretPPD() could crash on certain PostScript
+	  errors (Coverity)
+	- The USB backend did not check for back-channel support
+	  properly on all systems (Coverity)
+	- Fixed memory leaks in the GIF and PNM image loading code
+	  (Coverity)
+	- Removed some dead code in the CUPS API and scheduler (Coverity)
+	- Fixed two overflow bugs in the HP-GL/2 filter (Coverity)
+	- Fixed another ASN1 string parsing bug (STR #2665)
+	- The RSS notifier directory was not installed with the
+	  correct permissions.
+	- The standard CUPS backends could use 100% CPU while waiting
+	  for print data (STR #2664)
+	- Filename-based MIME rules did not work (STR #2659)
+	- The cups-polld program did not exit if the scheduler crashed
+	  (STR #2640)
+	- The scheduler would crash if you tried to set the port-monitor
+	  on a raw queue (STR #2639)
+	- The scheduler could crash if a polled remote printer was
+	  converted to a class (STR #2656)
+	- The web interface and cupsctl did not correctly reflect
+	  the "allow printing from the Internet" state (STR #2650)
+	- The scheduler incorrectly treated MIME types as case-
+	  sensitive (STR #2657)
+	- The Java support classes did not send UTF-8 strings to
+	  the scheduler (STR #2651)
+	- The CGI code did not handle interrupted POST requests
+	  properly (STR #2652)
+	- The PostScript filter incorrectly handled number-up when
+	  the number of pages was evenly divisible by the number-up
+	  value.
+	- The PDF filter incorrectly filtered pages when page-ranges
+	  and number-up were both specified (STR #2643)
+	- The IPP backend did not handle printing of pictwps files
+	  to a non-Mac CUPS server properly.
+	- The scheduler did not detect network interface changes
+	  on operating systems other than Mac OS X (STR #2631)
+	- The scheduler now logs the UNIX error message when it
+	  is unable to create a request file such as a print job.
+	- Added support for --enable-pie on Mac OS X.
+
+
 CHANGES IN CUPS V1.3.5
 
+	- The SNMP backend did not check for negative string
+	  lengths (STR #2589)
+	- The scheduler incorrectly removed auth-info attributes,
+	  potentially leading to a loss of all options for a job.
 	- The scheduler stopped sending CUPS browse packets on a
 	  restart when using fixed addresses (STR #2618)
 	- Fixed PDF filter security issues (CVE-2007-4352