CUPS 1.2.11 fixes several build system, printing, PPD, and IPP conformance
issues. It also fixes a crash bug in the scheduler when printing to files
in non-existent directories.
This is based on a suggestion by Yorick Hardy, who reports that it
improved behavior. Without the patch, the cups usb driver tries to
read status from ulpt(4) (for most printers), and this results in no
output.
pkgsrc changes: fix locale path
patch a bug in pstops's n-up handling (reported to upstream)
CUPS 1.2.10 fixes the init script used to start the scheduler, a recursion
bug in the pdftops filter, and several other issues reported after the
1.2.9 release. Changes include:
* ppdLocalize() now supports localizing for Japanese using the "jp" locale
name used by the ppdmerge program from the CUPS DDK 1.1.0
* _cupsAdminSetServerSettings() did not support changing of top-level
directives as designed.
* The init script path check was broken.
* CUPS incorrectly used the attribute "notify-recipient" instead of
"notify-recicpient-uri" in several places
* Fixed a configure script bug on MirBSD
* The pdftops filter did not limit the amount of recursion of page sets
* Custom page sizes with fractional point sizes did not work
* The lpoptions command would crash when adding or removing options on a
system with no printers
ok'ed jlam a while back.
CUPS 1.2.8 adds a French localization, updates the Japanese and Spanish
localizations, and fixes several web interface, printing, and networking
bugs.
CUPS 1.2.7 adds several Mac OS X improvements, implements timeouts in the
SSL negotiation code, and fixes the bounding box generated by the PostScript
filter, bidirectional support in the USB backend, and another case where the
lpstat command could hang.
CUPS 1.2.6 fixes some compile errors, localization of the web interface on
Mac OS X, bugs in the lpc and lpstat commands, and backchannel support in
the parallel backend.
CUPS 1.2.5 fixes minor printing, networking, and documentation issues and
adds support for older versions of DBUS and a translation for Estonian.
CUPS 1.2.4 fixes a number of web interface, scheduler, and CUPS API
issues.
CUPS 1.2.3 fixes a number of web interface, networking, remote printing,
and CUPS API issues.
CUPS 1.2.2 fixes several build, platform, notification, and printing bugs.
CUPS 1.2.1 fixes several build, platform, and printing bugs.
CUPS 1.2.0 is the first stable feature release in the 1.2.x series and
includes over 90 new features and changes since CUPS 1.1.23, including a
greatly improved web interface and "plug-and-print" support for many local
and network printers.
CAN-2005-3191
CAN-2005-3192
The fixes were largely copied from xpdf-3.01pl1.patch from foolabs.com;
however, patch-be for Stream.cxx also includes a proper fix for
CAN-2005-3191 which was only partially fixed in the foolabs.com patch.
Bump the PKGREVISION to 4.
"A vulnerability has been reported in CUPS, which can be exploited by malicious
people to cause a DoS (Denial of Service) on a vulnerable system.
When processing a PDF file, bounds checking was not correctly performed on
some fields. This could cause the pdftops filter (running as user "lp") to
crash."
http://secunia.com/advisories/16380/http://rhn.redhat.com/errata/RHSA-2005-706.html
Patch from RedHat.
An overflow check introduced earlier (for CAN-2004-0888) was never
triggered on 64-bit systems because 64-bit arithmetics was used there.
Sprinkle some casts to int su that the overflow can happen.
This fix is similar to the redhat one. The fix for similar code
in print/teTeX-bin looks much cleaner, but since cups already contains
the wrong redhad fix, I've chosen to stay close to the original.
bump PKGREVISION
- The scheduler's is_path_absolute() code could cause a DoS (STR #1042)
- The scheduler's device loading code used the wrong size limits for the
make/model and info parameters (STR #1035)
- The PNG loading code did not use a "long unsigned integer" format
specifier for the width and height (STR #1032)
- The web interface only showed the first 4 or 8 characters of
"{variable-name}" for undefined template variables (STR #1031)
- The hpgltops filter did not handle a common PCL command to enter
HP-GL/2 mode (STR #1037)
- The scheduler no longer sends the page-set option when printing banner
pages (STR #995)
- The hpgltops filter contained two buffer overflows that could
potentially allow remote access to the "lp" account (STR #1024)
- The lppasswd command did not protect against file descriptor or ulimit
attacks (STR #1023)
- The "lpc status" command used the wrong resource path when querying
the list of printers and jobs, causing unnecessary authentication
requests (STR #1018)
- The httpWait() function did not handle signal interruptions (STR #1020)
- The USB backend used the wrong size status variable when checking the
printer status (STR #1017)
- The scheduler did not delete classes from other classes or implicit
classes, which could cause a crash (STR #1015)
- The IPP backend now logs the remote print job ID at log level NOTICE
instead of INFO (so it shows up in the error_log file...)
- The lpstat man page incorrectly listed the "-s" option
as using the equivalent of the "-p" option to list the
printers; it uses the "-v" option to list the printers
(STR #986)
- Now allow 0-length reads in the CUPS file API (STR
#985)
- cupsDoFileRequest() now sets cupsLastError() to
IPP_ERROR on network errors (STR #953)
- The pdftops filter didn't scale small pages up to the
output page size when the fitplot option was used (STR
#984)
- Fixed the ipptest program usage message (STR #959)
- Added Spanish man pages (STR #963)
- Fixed the order of comparisons in the client.conf
reading code (STR #971)
- cupsLangGet() incorrectly set the current locale (STR
#970)
Changes 1.1.22rc2:
- The pdftops filter didn't check the range of all
integer attributes (STR #972)
- Documentation corrections (STR #944, STR #946)
- Also sanitize device URI in argv[0] (STR #933)
- cupsRasterReadHeader() didn't swap bytes for the
numeric fields properly (STR #930)
Changes 1.1.22rc1:
- Now sanitize the device URI that is reported in the
error_log file (STR #920)
- Fixed some memory and file descriptor leaks in the job
dispatch code (STR #921)
- Deleting a printer could cause a crash with browsing
enabled (STR #865, STR #881, STR #928)
- Browsing would turn off if the scheduler got an EAGAIN
error (STR #924)
- The mime.types file didn't recognize PostScript as a
PJL language name (STR #925)
Changes 1.1.21:
- The scheduler did not separate Digest authentication
parameters with commas (STR #882)
- Fixed some problems with image printing to custom page
sizes (STR #891)
- Removed the remaining scheduler code that did not use
the "close-on-exec" file descriptor flag to speed up
program invocations (STR #890)
- The "lpr -r" command removed the print file even if it
was not printed. It now only removes the file if the
job is successfully created (STR #886)
- Revamped the custom page size orientation fix (STR
#127)
- The lp, lpq, lpr, and lpstat commands now report when
an environment variable is pointing to a non-existent
printer instead of just saying "no default
destination" (STR #879)
- Queue names with 2 periods (e.g. "printer..2") were
not supported (STR #866)
the PKGREVISION. Also remove the unnecessary -preserve-dup-deps argument
to libtool, rename the configure option to --enable-libtool, and remove
the unnecessary bits to deal with libcrypt/libcrypto (buildlink3 does
this for us automatically).
Bug fixes:
- The HTTP code did not use a case-insensitive
comparison when checking for the Basic authentication
method (STR #407)
- The cupsaddsmb program didn't export the new CUPS
driver for Windows properly (STR #390)
- The default landscape orientation was not the same as
that defined in the PPD file (STR #397)
- The pdftops filter incorrectly auto-rotated pages when
the user already had specified the proper orientation
(STR #207)
- The scheduler did not reset the group list when
running CGI and filter processes (STR #185)
Enhancements:
- Updated the pdftops filter to use the annotation flags
instead of the subtype to determine whether to print
an annotation (STR #425)
- The pdftops filter no longer needs to create temporary
files with tmpnam (STR #406)
- The scheduler now waits up to 60 seconds before
restarting to allow active jobs to complete printing
and pending requests to be processed (STR #226)
- Added new cupsDoAuthentication(), cupsGetFd(),
cupsGetFile(), cupsPutFd(), and cupsPutFile() functions
to the CUPS API (STR #112)
- The PDF filter always scaled and offset pages; this
caused problems under MacOS X, so now the "fitplot"
option controls whether PDF files are scaled to fit
within the printable area of the page (STR #250)
- Updated the pdftops filter to be based upon Xpdf
2.02pl1 (STR #191)
of the diffs between vanilla CUPS and pkgsrc CUPS will be sent back to
the author.
* Allow overriding the default paths for "CUPS_SERVERBIN" and
"CUPS_LOCALEDIR" by passing values through the configure script.
This facilitates using custom directory hierarchies as is common in
various packaging systems.
* Allow choosing the man page extension style by passing values
directly through the configure script. This allows overriding the
defaults for an operating system, which can happen in some packaging
systems. Leave the default behaviour unchanged if not specified.
- security fix to scheduler to address a DoS attack
- improve conformance to IPP specification
- miscellaneous bug fixes to server and userland utilities
- plug memory leaks
- bug fixes to SSL code
- the mime.convs file was missing the filter definition for Windows BMP
(image/x-bitmap) files
- improved test suite
- added CUPS support files for Java, Perl, and PHP
- The cups-lpd mini-daemon now sends jobs to the default queue when an
empty queue name (or "lp" and there is no "lp" queue) is sent.
- The scheduler now supports fax queues identified by a "*cupsFax: True"
attribute in the PPD file.
- The scheduler now supports print files that have been compressed using
gzip.
- Added a robots.txt file to the standard install to prevent search
engines from indexing the CUPS server.
- When writing BSD printcap files, the scheduler now includes the rm and
rp attributes, allowing the file to be exported to LPD clients.
- The pdftops filter now scales PDF pages within the printable area of the
page.
- The PostScript filter now supports binary PostScript files and files
beginning with the PJL language escape sequence.
- Fixed the CIE colorspace support code in the image and PS RIPs.
NetBSD, by linking in -lcrypt before -lcrypto in the shared library and
scheduler. (cups_crypto() looks to fall-back to crypt(). Both of the
shared libraries in question have crypt(), but only the one in -lcrypt
supports blowfish hashes.) Not tested.
- Bug fixes to the backends and scheduler.
- Bug fixes to the image filters.
- The scheduler now allows accounts authenticated via PAM to not have a
corresponding UNIX account, but group membership still requires the
account name to be listed in the UNIX group file(s)...
- Added some startup performance enhancements to the scheduler so that the
printer object information is regenerated fewer times and the MIME type
database is not filled with lots of empty filters for raw/direct queues.
- The backends now ignore SIGPIPE so that failed job filters will not stop
a print queue.
- User-defined classification strings are now printed verbatim.
- The lpstat command did not allow for destination lists.
- The LPD backend now sends the job title as the print filename.
- Added support for variable sizes in the EPSON dot matrix printer drivers.
This allows for pages as short as 1/2" (1 row of labels) and does not do
an automatic form feed.
- The Solaris USB backend now supports the new device URI syntax.
- The serial backend now enumerates serial ports under MacOS X.
CUPS 1.1.16 adds support for a new CUPS printer driver for Windows
NT/2000/XP that provides accurate page accounting as well as support
for the banner, job billing, job priority, and page label options. The
new release also contains many small bug fixes and enhancements,
including better USB printing support, support for printer names
containing any printable character (123print, my-long-printer-name,
etc.), and French language localization of the web interface and
documentation.
======================================================================
* Removed the pstoraster filter (based on GNU Ghostscript 5.50) and now
* provide the raster "driver" and patch file necessary to use the current
* GNU Ghostscript 7.05 release. Pkgsrc users should install the
* print/ghostscript-esp package.
======================================================================
- Many, many bug fixes.
- Improvements to polling and scheduling of jobs to CUPS and to connected
printers.
- Updated the CUPS license agreement for the new MacOS and OpenSSL license
exceptions.
- The jobs.cgi web interface now handles all job operations, allowing the
administrator to allow "job administrators" or operators to manage jobs
(but not queues) on the server.
- New SCSI printer backend.
- The PostScript filter now supports 6, 9, and 16-up output, as well as new
page-border and number-up-layout options.
- Added ConfigFilePerm and LogFilePerm directives.
- The HTML job operation templates now link back to the destination printer
or class.
- Removed unnecessary fonts and updated the Courier and Symbol fonts to the
latest versions to better support non-ISOLatin1 text.
- The text filter now always embeds the Courier and Symbol fonts to ensure
that they contain the full set of glyphs.
- The PostScript image filter (imagetops) now supports printing CMYK images
using the CMYK colorspace.
- The cupsaddsmb program was updated to use the setdriver command instead of
addprinter.
- The Allow, Deny, BrowseAllow, BrowseDeny, and BrowseAddress directives
now support the network interface names "@LOCAL" and "@IF(name)" for
access control and browsing based on the current interface addresses
instead of fixed names or IP addresses.
- The cupsaddsmb program now supports alternative CUPS and SAMBA server names.
- The PostScript filter now supports the Orientation comment and rotates the
page as needed automatically.
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
- The ippRead() function did not verify that the
attribute name length or string with language value
was not larger than the read buffer.
- The scheduler set the signal handlers before loading
the configuration files the first time; this prevented
the RunAsUser directive from blocking server reloads.
- Added Swedish message catalog.
- The parallel backend now recognizes the /dev/printers
device directory under Linux 2.4.x.
- MacOS X fixes.
- The cupsaddsmb utility sent the server name after the
user information when executing the rpcclient program.
This caused problems with some versions of SAMBA
2.2.x.
- The IPP backend did not pass the requesting user name
when checking on the print job status. This prevented
it from waiting for the job to complete when
communicating with some IPP implementations that
require it.
CUPS 1.1.13 adds support for the KOI8-R and KOI8-U encodings, message
catalogs for several Russian locales and for Simplified Chinese,
improvements for MacOS X (Darwin) and IRIX, improvements to the PDF,
PostScript, and text filters, status reporting for IPP-based printers
(paper out, etc.), and improvements to the SAMBA driver export facility.
The new release also fixes bugs in the scheduler, the lpstat command, the
CUPS API, and the pstoraster filter.
- Bug fixes.
- Start of internationalization support for banner and PPD files.
- Added support for embedded TrueType fonts in PDF files.
- Added support for PostScript functions in PDF files.
- Added new "cupsaddsmb" utility for exporting CUPS printer drivers to
SAMBA/Windows clients.
- The ippRead() and ipp_read_file() functions could not handle more than
IPP_MAX_VALUES (100) values in a 1setOf attribute. These functions have
been updated to dynamically allocate more memory as needed, and the
IPP_MAX_VALUES constant now represents the allocation increment. [this
caused some versions of the GIMP-print drivers to fail since the number
of media options exceeded 100...]
- The web interfaces did not always quote < and & in things like the job
title. This had the potential for browser-based security violations (on
the browser's machine); bug report from SuSE.
- The scheduler now treats unauthenticated usernames as case-insensitive
when doing quota and allow/deny processing.
- The PostScript filter (pstops) now handles EPS files, adding a showpage
command to the files as needed.
- The cups-lpd mini-daemon did not support anonymous printing (no username
specified). While the username is REQUIRED by RFC-1179, MacOS clients do
not send the REQUIRED username information when printing via LPD.
- The httpConnect*() functions now try all available addresses for a host
when connecting for the first time.
+ Use our own cupsd rc.d-style script instead of using the one supplied
with the CUPS sources.
- Bug fixes.
- Added a driver for DYMO label printers.
- Added new ClassifyOverride directive to allow users to override the
classification of individual jobs.
- Added new BrowseProtocols directive to control which browse protocols
are used (currently CUPS and SLP).
- Added SLPv2 support.
- The pdftops filter did not have the Japanese and Chinese text support
compiled into it.
* Bug fixes to the pstoraster filter, the DeskJet printer driver,
digest authentication.
* Optimized PPD file scanner so servers with lots of PPD files start
much faster (up to 40%).
* Fixed the "N * N copy bug" where N * N copies were sent when N were
specified.
* Added new DeskJet and Stylus Photo printer drivers.
* Workaround buggy IPP implementations in some HP JetDirect servers.
documentation updates, better support of Apache options in configuration
files, and:
- Added support for "double" HostNameLookups.
- Added new "RunAsUser" directive to support non-root configurations on the
standard (privileged) ports.
- Added support for non-root invocation of the lpd backend (does no reserve a
priviledged port, which might not work with some LPD servers...)
- Added new PrintcapFormat directive to control the output format of the
printcap file (BSD or Solaris formats are supported at present.)
- httpConnect() now looks up "localhost" by name and by address (127.0.0.1)
for users that go to the trouble of removing the required localhost entry
in /etc/hosts or on their DNS server...
- The EPSON drivers now send the "end packet mode" command when printing to
USB devices.
- The LPD backend now supports a new "order" option:
"lpd://server/queue?order=control,data" (default) and
"lpd://server/queue?order=data,control".
- New "Classification" directive to force labeling of the current
classification on each page.
- New "page-label" attribute to add per-page labels ("For Official Use Only",
"Draft", etc.)
- Dropped the "file" backend from the device list that is reported, since it
is only available for *testing* and should never be used in a production
environment. The file: device can still be used, but it won't show up in
the list of devices from lpinfo or the web interface.
- Added META variables to the CGI header template to prevent caching of the
results.
- Added two new directives - MaxJobsPerPrinter and MaxJobsPerUser - to allow
an administrator to set the maximum number of pending jobs in a queue or
submitted by a user.
- Added support for the Enable-Printer and Disable-Printer extension
operations (same as CUPS-Accept-Jobs and CUPS-Reject-Jobs.)
- Added support for the DeskJet 900 series duplexer and CRET color modes in
the HP driver.
- Added support for PPD-defined margins in the HP driver.
- Added new cupsGetJobs() and cupsFreeJobs() functions to manage print jobs.
- cupsEncodeOptions() would encode names of 0 length and cupsAddOption() and
cupsParseOptions() would add names of 0 length.
from the mailing list:
1) Use /dev/urandom instead of /dev/random for random device.
2) Read configuration file before creating certificates as the conf
file may redefine the location of the certs directory.
version 1.1.6.2nb1 include incorporation of USB fixes from NetBSD pkgsrc,
security fixes from SuSE, lpr-compatibility fixes from Caldera, and:
- Fix problem exposed by the MaxJobs directive where the scheduler was
losing count of the number of jobs. This fix, stored in patch-ah, was
gleaned from the CUPS mailing list, and bumps the cups packages version
number to 1.1.6.3nb1.
- The updated cupsTempFile() function did not return the filename when
called with a filename buffer of NULL (previously it used a static
buffer.)
- DeletePrinter() didn't remove the printer from any classes it was a member of.
- DeletePrinterFromClass() didn't preserve the implicit status of a class.
- DeletePrinterFromClasses() didn't remove printers from implicit classes.
- StartJob() didn't send the job-sheets, job-priority, and job-hold-until
attributes to remote printers.
- LoadAllJobs() was looking for job-sheets-completed instead of
job-media-sheets-completed. This would prevent accumulation of page data
after a restart of the scheduler.
- The pstops and imagetops filters now generate copies using the appropriate
method for a Level 1, 2, or 3 printer since some Level 2/3 printers don't
support the /#copies variable anymore.
- The IPP backend didn't handle version-not-supported errors and revert to
IPP/1.0 (previously it only checked for a bad-request error)
- Added changes to support NetBSD startup scripts.
- The mime.types file contained syntax errors.
- Updated the FreeBSD USB device filenames to use the /dev/unlptN files
so that the USB device is not reset prior to printing (causes print
corruption on many printers)
- Added new cupsTempFd() function to avoid serious security bug in
glibc fopen() function. The glibc fopen() function unlinks a file
before creating it, which opens up possible symlink attacks.
- Now reject 0-length names in add-printer and add-class
requests.
- cupsGetPPD() didn't reconnect when a HTTP connection
was lost.
- Many security-related fixes from SuSE.
