github apple/cups release-1.1.18
v1.1.18
on GitHub

Changes in CUPS v1.1.18:

  • Fixed a bug in the Set-Job-Attributes code in the scheduler that would cause it to crash or continuously write a job control file.
  • SECURITY FIX: The scheduler now provides a FileDevice directive to control whether new printers can be added using device URIs of the form “file:/filename”. The default is to not allow printers with these device URIs.
  • The scheduler did not compute the cost of filters properly, nor did it choose a multi-filter solution with a lower cost than a single filter solution.
  • Now install CUPS PPD file test utility (cupstestppd) to support basic conformance testing of PPD files.
  • The scheduler now logs an error message when it sees a non-conforming PPD file.
  • Upgraded pdftops filter to Xpdf 2.01 with fixes for TrueType fonts.
  • Added a MaxClientsPerHost configuration directive to provide limited protection against Denial of Service attacks.
  • SECURITY FIX: Potential underflow/overflow bug in web interface.
  • SECURITY FIX: Race condition in certificate creation.
  • SECURITY FIX: Bad URIs in browse packets could be used to exploint the web interface underflow/overflow bug.
  • SECURITY FIX: Some types of Denial of Service attacks were not handled properly, so once the attack was over the scheduler did not close the connections immediately on all platforms.
  • SECURITY FIXES: Added integer overflow/underflow checks for all image formats.
  • The pstops filter didn’t reset the showpage operator back to its original at the end of a job; this prevented the concatenation of documents (used primarily for CUPS 1.2…)
  • The cupsGetPPD() function didn’t always set the cupsLastError() value when an error occurred.
  • The IPP media, output-bin, and sides attributes took precedence over the corresponding PPD options, which caused inconsistent behavior under MacOS X with some PPD files.
  • The cupsaddsmb utility specified the wrong number of arguments to the adddriver command when adding the Win9x PostScript drivers.
  • The web interface did not always report the correct error message.
  • The scheduler did not clear the POSIX signal action structure when waiting for the child to send it a SIGUSR1 signal; this could cause the signal handler not to be called properly, preventing the parent process from returning.
4 years ago