-CHANGES - 2.3b8 - 2019-02-27
-============================
+Change History
+==============
+
+Changes in CUPS v2.3.6
+----------------------
+- CVE-2022-26691: An incorrect comparison in local admin authentication.
+
+
+Changes in CUPS v2.3.5
+----------------------
+
+- The automated test suite can now be activated using `make test` for
+ consistency with other projects and CI environments - the old `make check`
+ continues to work as well, and the previous test server behavior can be
+ accessed by running `make testserver`.
+- ippeveprinter now supports multiple icons and strings files.
+- ippeveprinter now uses the system's FQDN with Avahi.
+- ippeveprinter now supports Get-Printer-Attributes on "/".
+- ippeveprinter now uses a deterministic "printer-uuid" value.
+- ippeveprinter now uses system sounds on macOS for Identify-Printer.
+- Updated ippfind to look for files in "~/Desktop" on Windows.
+- Updated ippfind to honor `SKIP-XXX` directives with `PAUSE`.
+- Updated IPP Everywhere support to work around printers that only advertise
+ color raster support but really also support grayscale (OpenPrinting #1)
+- ipptool now supports DNS-SD URIs like `ipps://My%20Printer._ipps._tcp.local`
+ (OpenPrinting #5)
+- ipptool now supports monitoring the printer state while submitting a job
+ with the `MONITOR-PRINTER-STATE` directive (OpenPrinting #153)
+- ipptool now supports testing for unique values with the `WITH-DISTINCT-VALUES`
+ predicate (OpenPrinting #153)
+- ipptool now supports retrying requests on a `server-error-busy` status code
+ (OpenPrinting #153)
+- ipptool now supports `value-tag(MAX)` and `value-tag(MIN:MAX)` for the
+ `OF-TYPE` predicate (OpenPrinting #153)
+- The scheduler now allows root backends to have world read permissions but not
+ world execute permissions (OpenPrinting #21)
+- Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is
+ disabled on the host (OpenPrinting #25)
+- The SNMP backend now supports the HP and Ricoh vendor MIBs (OpenPrinting #28)
+- The scheduler no longer includes a timestamp in files it writes (OpenPrinting #29)
+- IPP Everywhere PPDs could have an "unknown" default InputSlot (OpenPrinting #44)
+- The `httpAddrListen` function now uses a listen backlog of 128.
+- The PPD functions now treat boolean values as case-insensitive (OpenPrinting #106)
+- Temporary queue names no longer end with an underscore (OpenPrinting #110)
+- Added USB quirks (Issue #5789, #5766, #5823, #5831, #5838, #5843, #5867)
+- Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
+- Fixed DNS-SD name collision support in ippeveprinter.
+- Fixed compiler and code analyzer warnings.
+- Fixed TLS support on Windows.
+- Fixed ippfind sub-type searches with Avahi.
+- Fixed the default hostname used by ippeveprinter on macOS.
+- Fixed resolution of local IPP-USB printers with Avahi.
+- Fixed coverity issues (OpenPrinting #2)
+- Fixed `httpAddrConnect` issues (OpenPrinting #3)
+- Fixed web interface device URI issue (OpenPrinting #4)
+- Fixed lp/lpr "printer/class not found" error reporting (OpenPrinting #6)
+- Fixed a memory leak in the scheduler (OpenPrinting #12)
+- Fixed a potential integer overflow in the PPD hashing code (OpenPrinting #13)
+- Fixed output-bin and print-quality handling issues (OpenPrinting #18)
+- Fixed PPD options getting mapped to odd IPP values like "tray---4" (OpenPrinting #23)
+- Fixed remote access to the cupsd.conf and log files (OpenPrinting #24)
+- Fixed a logging regression caused by a previous change for Issue #5604
+ (OpenPrinting #25)
+- Fixed the "uri-security-supported" value from the scheduler (OpenPrinting #42)
+- Fixed IPP backend crash bug with "printer-alert" values (OpenPrinting #43)
+- Fixed default options that incorrectly use the "custom" prefix (OpenPrinting #48)
+- Fixed a memory leak when resolving DNS-SD URIs (OpenPrinting #49)
+- Fixed cupsManualCopies values in IPP Everywhere PPDs (Issue #5807)
+- Fixed duplicate ColorModel entries for AirPrint printers (Issue 59)
+- Fixed crash bug in `ppdOpen` (OpenPrinting #64, OpenPrinting #78)
+- Fixed regression in `snprintf` emulation function (OpenPrinting #67)
+- Fixed reporting of printer instances when enumerating and when no options are
+ set for the main instance (OpenPrinting #71)
+- Fixed segfault in help.cgi when searching in man pages (OpenPrinting #81)
+- Fixed a bug in ipptool that caused the reuse of request IDs when repeating a
+ test (OpenPrinting #153)
+- Root certificates were incorrectly stored in "~/.cups/ssl".
+- Fixed a PPD memory leak caused by emulator definitions (OpenPrinting #124)
+- Fixed a `DISPLAY` bug in `ipptool` (OpenPrinting #139)
+- `httpReconnect2` did not reset the socket file descriptor when the TLS
+ negotiation failed (Issue #5907)
+- `httpUpdate` did not reset the socket file descriptor when the TLS
+ negotiation failed (Apple #5915)
+- The `ippeveprinter` tool now automatically uses an available port.
+- The IPP backend now retries Validate-Job requests (OpenPrinting #132)
+- Removed support for the (long deprecated and unused) `KeepAliveTimeout`
+ directive in `cupsd.conf` (Issue #5733)
+- Fixed `@IF(name)` handling in `cupsd.conf` (Issue #5918)
+- The scheduler now supports the "everywhere" model directly (Issue #5919)
+- Fixed documentation and added examples for CUPS' limited CGI support
+ (Issue #5940)
+- Fixed the `lpc` command prompt (Issue #5946)
+- Fixed `job-pages-per-set` value for duplex print jobs.
+
+
+Changes in CUPS v2.3.4
+----------------------
+
+- CVE-2020-10001: Fixed a buffer (read) overflow in the `ippReadIO` function.
+
+
+Changes in CUPS v2.3.3
+----------------------
+
+- CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
+ constraint. `ppdcSource::get_resolution` function did not handle
+ invalid resolution strings.
+- CVE-2019-8842: The `ippReadIO` function may under-read an extension
+ field.
+- Fixed WARNING_OPTIONS support for GCC 9.x
+
+
+Changes in CUPS v2.3.2
+----------------------
+
+- Localization updates.
+
+
+Changes in CUPS v2.3.1
+----------------------
+
+- Documentation updates (Issue #5661, #5674, #5682)
+- CVE-2019-2228: The `ippSetValuetag` function did not validate the default
+ language value.
+- Fixed a crash bug in the web interface (Issue #5621)
+- The PPD cache code now looks up page sizes using their dimensions
+ (Issue #5633)
+- PPD files containing "custom" option keywords did not work (Issue #5639)
+- Added a workaround for the scheduler's systemd support (Issue #5640)
+- On Windows, TLS certificates generated on February 29 would likely fail
+ (Issue #5643)
+- Added a DigestOptions directive for the `client.conf` file to control whether
+ MD5-based Digest authentication is allowed (Issue #5647)
+- Fixed a bug in the handling of printer resource files (Issue #5652)
+- The libusb-based USB backend now reports an error when the distribution
+ permissions are wrong (Issue #5658)
+- Added paint can labels to Dymo driver (Issue #5662)
+- The `ippeveprinter` program now supports authentication (Issue #5665)
+- The `ippeveprinter` program now advertises DNS-SD services on the correct
+ interfaces, and provides a way to turn them off (Issue #5666)
+- The `--with-dbusdir` option was ignored by the configure script (Issue #5671)
+- Sandboxed applications were not able to get the default printer (Issue #5676)
+- Log file access controls were not preserved by `cupsctl` (Issue #5677)
+- Default printers set with `lpoptions` did not work in all cases (Issue #5681,
+ Issue #5683, Issue #5684)
+- Fixed an error in the jobs web interface template (Issue #5694)
+- Fixed an off-by-one error in `ippEnumString` (Issue #5695)
+- Fixed some new compiler warnings (Issue #5700)
+- Fixed a few issues with the Apple Raster support (rdar://55301114)
+- The IPP backend did not detect all cases where a job should be retried using
+ a raster format (rdar://56021091)
+- Fixed spelling of "fold-accordion".
+- Fixed the default common name for TLS certificates used by `ippeveprinter`.
+- Fixed the option names used for IPP Everywhere finishing options.
+- Added support for the second roll of the DYMO Twin/DUO label printers.
+
+
+Changes in CUPS v2.3.0
+----------------------
+
+- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
+- Added a GPL2/LGPL2 exception to the new CUPS license terms.
+- Documentation updates (Issue #5604)
+- Localization updates (Issue #5637)
+- Fixed a bug in the scheduler job cleanup code (Issue #5588)
+- Fixed builds when there is no TLS library (Issue #5590)
+- Eliminated some new GCC compiler warnings (Issue #5591)
+- Removed dead code from the scheduler (Issue #5593)
+- "make" failed with GZIP options (Issue #5595)
+- Fixed potential excess logging from the scheduler when removing job files
+ (Issue #5597)
+- Fixed a NULL pointer dereference bug in `httpGetSubField2` (Issue #5598)
+- Added FIPS-140 workarounds for GNU TLS (Issue #5601, Issue #5622)
+- The scheduler no longer provides a default value for the description
+ (Issue #5603)
+- The scheduler now logs jobs held for authentication using the error level so
+ it is clear what happened (Issue #5604)
+- The `lpadmin` command did not always update the PPD file for changes to the
+ `cupsIPPSupplies` and `cupsSNMPSupplies` keywords (Issue #5610)
+- The scheduler now uses both the group's membership list as well as the
+ various OS-specific membership functions to determine whether a user belongs
+ to a named group (Issue #5613)
+- Added USB quirks rule for HP LaserJet 1015 (Issue #5617)
+- Fixed some PPD parser issues (Issue #5623, Issue #5624)
+- The IPP parser no longer allows invalid member attributes in collections
+ (Issue #5630)
+- The configure script now treats the "wheel" group as a potential system
+ group (Issue #5638)
+- Fixed a USB printing issue on macOS (rdar://31433931)
+- Fixed IPP buffer overflow (rdar://50035411)
+- Fixed memory disclosure issue in the scheduler (rdar://51373853)
+- Fixed DoS issues in the scheduler (rdar://51373929)
+- Fixed an issue with unsupported "sides" values in the IPP backend
+ (rdar://51775322)
+- The scheduler would restart continuously when idle and printers were not
+ shared (rdar://52561199)
+- Fixed an issue with `EXPECT !name WITH-VALUE ...` tests.
+- Fixed a command ordering issue in the Zebra ZPL driver.
+- Fixed a memory leak in `ppdOpen`.
+
+
+Changes in CUPS v2.3rc1
+-----------------------
+
+- The `cups-config` script no longer adds extra libraries when linking against
+ shared libraries (Issue #5261)
+- The supplied example print documents have been optimized for size
+ (Issue #5529)
+- The `cupsctl` command now prevents setting "cups-files.conf" directives
+ (Issue #5530)
+- The "forbidden" message in the web interface is now explained (Issue #5547)
+- The footer in the web interface covered some content on small displays
+ (Issue #5574)
+- The libusb-based USB backend now enforces read limits, improving print speed
+ in many cases (Issue #5583)
+- The `ippeveprinter` command now looks for print commands in the "command"
+ subdirectory.
+- The `ipptool` command now supports `$date-current` and `$date-start` variables
+ to insert the current and starting date and time values, as well as ISO-8601
+ relative time values such as "PT30S" for 30 seconds in the future.
Changes in CUPS v2.3b8
- The lpadmin command would hang with a bad PPD file (rdar://41495016)
- Fixed a potential crash bug in cups-driverd (rdar://46625579)
- Fixed a performance regression with large PPDs (rdar://47040759)
+- Fixed a memory reallocation bug in HTTP header value expansion
+ (rdar://problem/50000749)
+- Timed out job submission now yields an error (Issue #5570)
+- Restored minimal support for the `Emulators` keyword in PPD files to allow
+ old Samsung printer drivers to continue to work (Issue #5562)
+- The scheduler did not encode octetString values like "job-password" correctly
+ for the print filters (Issue #5558)
+- The `cupsCheckDestSupported` function did not check octetString values
+ correctly (Issue #5557)
+- Added support for `UserAgentTokens` directive in "client.conf" (Issue #5555)
+- Updated the systemd service file for cupsd (Issue #5551)
- The `ippValidateAttribute` function did not catch all instances of invalid
UTF-8 strings (Issue #5509)
- Fixed an issue with the self-signed certificates generated by GNU TLS
- Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
- Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs
(Issue #5535)
+- Fixed `PreserveJobHistory` bug with time values (Issue #5538)
+- The scheduler no longer advertises the HTTP methods it supports (Issue #5540)
- Localization updates (Issue #5461, Issues #5471, Issue #5481, Issue #5486,
Issue #5489, Issue #5491, Issue #5492, Issue #5493, Issue #5494, Issue #5495,
Issue #5497, Issue #5499, Issue #5500, Issue #5501, Issue #5504)
- The scheduler did not always idle exit as quickly as it could.
+- Added a new `ippeveprinter` command based on the old ippserver sample code.
Changes in CUPS v2.3b7
- Localization update (Issue #5339, Issue #5348, Issue #5362, Issue #5408,
Issue #5410)
- Documentation updates (Issue #5369, Issue #5402, Issue #5403, Issue #5404)
-- CVE-2018-4700: Linux session cookies used a predictable random number seed.
+- CVE-2018-4300: Linux session cookies used a predictable random number seed.
- All user commands now support the `--help` option (Issue #5326)
- The `lpoptions` command now works with IPP Everywhere printers that have not
yet been added as local queues (Issue #5045)
projects / thirdparty / cups.git / blobdiff