-CHANGES - 2.2.5 - 2017-10-12
+CHANGES - 2.2.6 - 2017-10-19
============================
-CHANGES IN CUPS V2.2.5
+
+Changes in CUPS v2.2.6
+----------------------
+
+- Added USB quirks rules for Canon MP540 and Samsung ML-2160 (Issue #5148)
+- Fixed TLS cipher suite selection with GNU TLS (Issue #5145)
+
+
+Changes in CUPS v2.2.5
----------------------
- The scheduler's `-t` option did not force all errors to the standard error
WITH-SCHEME predicates.
-CHANGES IN CUPS V2.2.4
+Changes in CUPS v2.2.4
----------------------
- The scheduler did not remove old job files (Issue #4987)
`DenyCBC` and `DenyTLS1.0` options (Issue #5037)
-CHANGES IN CUPS V2.2.3
+Changes in CUPS v2.2.3
----------------------
- The IPP backend could get into an infinite loop for certain errors, causing a
- Fixed some localization issues on macOS (<rdar://problem/27245567>)
-CHANGES IN CUPS V2.2.2
+Changes in CUPS v2.2.2
----------------------
- Fixed some issues with the Zebra ZPL printer driver (Issue #4898)
- Updated packaging files (Issue #4940)
-CHANGES IN CUPS V2.2.1
+Changes in CUPS v2.2.1
----------------------
- Added "CreateSelfSignedCerts" directive for cups-files.conf to control whether
- Updated localizations (PR #4877, PR #4886)
-CHANGES IN CUPS V2.2.0
+Changes in CUPS v2.2.0
----------------------
- Normalized the TLS certificate validation code and added additional error
- http*Connect did not return early when all addresses failed (Issue #4870)
-CHANGES IN CUPS V2.2rc1
+Changes in CUPS v2.2rc1
-----------------------
- Updated the list of supported IPP Everywhere media types.
- Updated localizations (Issue #4846, PR #4858)
-CHANGES IN CUPS V2.2b2
+Changes in CUPS v2.2b2
----------------------
- Added Upstart support (PR #4825)
- CUPS now supports Let's Encrypt certificates on Linux.
-CHANGES IN CUPS V2.2b1
+Changes in CUPS v2.2b1
----------------------
- All CUPS commands now support POSIX options (Issue #4813)
# Canon, Inc. MP510 Printer (https://bugs.launchpad.net/bugs/1050009)
0x04a9 0x1717 unidir
+# Canon, Inc. MP540 Printer, https://bugzilla.redhat.com/967873
+0x04a9 0x1730 unidir
+
# Canon, Inc. MP550 Printer (Issue #4155)
0x04a9 0x173d unidir
# All Samsung devices (https://bugs.launchpad.net/bugs/1032456)
0x04e8 soft-reset
+# Samsung ML-2160 Series (https://bugzilla.redhat.com/show_bug.cgi?id=873123)
+0x04e8 0x330f unidir
+
# All Zebra devices (https://bugs.launchpad.net/bugs/1001028)
0x0a5f unidir
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for CUPS 2.2.5.
+# Generated by GNU Autoconf 2.69 for CUPS 2.2.6.
#
# Report bugs to <https://github.com/apple/cups/issues>.
#
# Identity of this package.
PACKAGE_NAME='CUPS'
PACKAGE_TARNAME='cups'
-PACKAGE_VERSION='2.2.5'
-PACKAGE_STRING='CUPS 2.2.5'
+PACKAGE_VERSION='2.2.6'
+PACKAGE_STRING='CUPS 2.2.6'
PACKAGE_BUGREPORT='https://github.com/apple/cups/issues'
PACKAGE_URL='https://www.cups.org/'
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures CUPS 2.2.5 to adapt to many kinds of systems.
+\`configure' configures CUPS 2.2.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of CUPS 2.2.5:";;
+ short | recursive ) echo "Configuration of CUPS 2.2.6:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-CUPS configure 2.2.5
+CUPS configure 2.2.6
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by CUPS $as_me 2.2.5, which was
+It was created by CUPS $as_me 2.2.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
ac_config_headers="$ac_config_headers config.h"
-CUPS_VERSION="2.2.5"
+CUPS_VERSION="2.2.6"
CUPS_REVISION=""
CUPS_BUILD="cups-$CUPS_VERSION"
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by CUPS $as_me 2.2.5, which was
+This file was extended by CUPS $as_me 2.2.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-CUPS config.status 2.2.5
+CUPS config.status 2.2.6
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
AC_PREREQ(2.60)
dnl Package name and version...
-AC_INIT([CUPS], [2.2.5], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])
+AC_INIT([CUPS], [2.2.6], [https://github.com/apple/cups/issues], [cups], [https://www.cups.org/])
sinclude(config-scripts/cups-opsys.m4)
sinclude(config-scripts/cups-common.m4)
* Constants...
*/
-# define CUPS_VERSION 2.0205
+# define CUPS_VERSION 2.0206
# define CUPS_VERSION_MAJOR 2
# define CUPS_VERSION_MINOR 2
-# define CUPS_VERSION_PATCH 5
+# define CUPS_VERSION_PATCH 6
# define CUPS_BC_FD 3
/* Back-channel file descriptor for
* Constants...
*/
-
-#define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
-#define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
-#define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
-#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
-#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
-
-#define _HTTP_TLS_NONE 0 /* No TLS options */
-#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
-#define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */
-#define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */
-#define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */
-#define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */
-#define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */
+# define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
+# define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
+# define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
+# define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
+# define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
+
+# define _HTTP_TLS_NONE 0 /* No TLS options */
+# define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
+# define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */
+# define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */
+# define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */
+# define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */
+# define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */
+# define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
/*
* Get the default connection as needed...
*/
- if (!http)
- if ((http = _cupsConnect()) == NULL)
- {
- ippDelete(request);
+ if (!http && (http = _cupsConnect()) == NULL)
+ {
+ ippDelete(request);
- return (NULL);
- }
+ return (NULL);
+ }
/*
* See if we have a file to send...
* Get the default connection as needed...
*/
- if (!http)
- if ((http = _cupsConnect()) == NULL)
- return (HTTP_STATUS_SERVICE_UNAVAILABLE);
+ if (!http && (http = _cupsConnect()) == NULL)
+ return (HTTP_STATUS_SERVICE_UNAVAILABLE);
/*
* If the prior request was not flushed out, do so now...
void
_httpTLSSetOptions(int options) /* I - Options */
{
- tls_options = options;
+ if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
+ tls_options = options;
}
void
_httpTLSSetOptions(int options) /* I - Options */
{
- tls_options = options;
+ if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
+ tls_options = options;
}
if (!(tls_options & _HTTP_TLS_ALLOW_RC4))
strlcat(priority_string, ":-ARCFOUR-128", sizeof(priority_string));
- if (!(tls_options & _HTTP_TLS_ALLOW_DH))
- strlcat(priority_string, ":!ANON-DH", sizeof(priority_string));
+ strlcat(priority_string, ":!ANON-DH", sizeof(priority_string));
- if (!(tls_options & _HTTP_TLS_DENY_CBC))
+ if (tls_options & _HTTP_TLS_DENY_CBC)
strlcat(priority_string, ":!AES-128-CBC:!AES-256-CBC:!CAMELLIA-128-CBC:!CAMELLIA-256-CBC:!3DES-CBC", sizeof(priority_string));
#ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
* TLS support for CUPS on Windows using the Security Support Provider
* Interface (SSPI).
*
- * Copyright 2010-2015 by Apple Inc.
+ * Copyright 2010-2017 by Apple Inc.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
void
_httpTLSSetOptions(int options) /* I - Options */
{
- tls_options = options;
+ if (!(options & _HTTP_TLS_SET_DEFAULT) || tls_options < 0)
+ tls_options = options;
}
cg->validate_certs = cc.validate_certs;
#ifdef HAVE_SSL
- _httpTLSSetOptions(cc.ssl_options);
+ _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT);
#endif /* HAVE_SSL */
}
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH client.conf 5 "CUPS" "26 June 2017" "Apple Inc."
+.TH client.conf 5 "CUPS" "19 October 2017" "Apple Inc."
.SH NAME
client.conf \- client configuration file for cups
.SH DESCRIPTION
\fBSSLOptions None\fR
Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation.
-The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+Security is reduced when \fIAllow\fR options are used.
+Security is enhanced when \fIDeny\fR options are used.
+The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsd.conf 5 "CUPS" "28 August 2017" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "19 October 2017" "Apple Inc."
.SH NAME
cupsd.conf \- server configuration file for cups
.SH DESCRIPTION
\fBSSLOptions None\fR
Sets encryption options.
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation.
-The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+Security is reduced when \fIAllow\fR options are used.
+Security is enhanced when \fIDeny\fR options are used.
+The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
* Version of software...
*/
-#define CUPS_SVERSION "CUPS v2.2.4"
-#define CUPS_MINIMAL "CUPS/2.2.4"
+#define CUPS_SVERSION "CUPS v2.2.6"
+#define CUPS_MINIMAL "CUPS/2.2.6"
/*
* Version of software...
*/
-#define CUPS_SVERSION "CUPS v2.2.5"
-#define CUPS_MINIMAL "CUPS/2.2.5"
+#define CUPS_SVERSION "CUPS v2.2.6"
+#define CUPS_MINIMAL "CUPS/2.2.6"
/*