-CHANGES - 2.2.10 - 2018-12-06
+CHANGES - 2.2.10 - 2018-12-07
=============================
Changes in CUPS v2.2.10
-----------------------
+- CVE-2018-4700: Linux session cookies used a predictable random number seed.
- The `lpoptions` command now works with IPP Everywhere printers that have not
yet been added as local queues (Issue #5045)
- Added USB quirk rules (Issue #5395, Issue #5443)
const char *remote_addr, /* REMOTE_ADDR */
*server_name, /* SERVER_NAME */
*server_port; /* SERVER_PORT */
+ struct timeval curtime; /* Current time */
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
if ((server_port = getenv("SERVER_PORT")) == NULL)
server_port = "SERVER_PORT";
- CUPS_SRAND(time(NULL));
+ gettimeofday(&curtime, NULL);
+ CUPS_SRAND(curtime.tv_sec + curtime.tv_usec);
snprintf(buffer, sizeof(buffer), "%s:%s:%s:%02X%02X%02X%02X%02X%02X%02X%02X",
remote_addr, server_name, server_port,
(unsigned)CUPS_RAND() & 255, (unsigned)CUPS_RAND() & 255,