github apple/cups release-1.4.4
v1.4.4
on GitHub

Changes in CUPS v1.4.4:

  • Documentation updates (Issue #3453, Issue #3527, Issue #3528, Issue #3529)
  • Security: The fix for CVE-2009-3553 was incomplete (Issue #3490)
  • Security: The texttops filter did not check the results of allocations (Issue #3516)
  • Security: The web admin interface could disclose the contents of memory (Issue #3577)
  • Security: CUPS could overwrite files as root in directories owned or writable by non-root users (Issue #3510)
  • The cups-config utility did not return the correct linker options on AIX (Issue #3587)
  • Fixed some IPP conformance issues with the scheduler’s ippget-event-life, operations-supported, output-bin, and sides attributes (Issue #3554)
  • The OpenSSL interfaces have been made thread-safe and the GNU TLS interface is explicitly forbidden when threading is enabled (Issue #3461)
  • Fixed an IPP conformance issue with the scheduler’s Send-Document implementation (Issue #3514)
  • Added additional validation checks for the 1284 device ID (Issue #3534)
  • Fixed a problem with the RPM spec file (Issue #3544)
  • The lpstat command did not limit the job list to the specified printers (Issue #3541)
  • The cupsfilter command did not set the RIP_MAX_CACHE environment variable (Issue #3531)
  • Fixed support for media-col and page size variants (Issue #3394)
  • The PostScript filter did not support all media selection options for the first page (Issue #3525)
  • The scheduler did not always remove job control files (Issue #3425)
  • The scheduler could crash on restart if classes were defined (Issue #3524)
  • The scheduler no longer looks up network interface hostnames by default on Mac OS X (Issue #3523)
  • ippWriteIO did not write collection (member) attributes properly in all cases (Issue #3521)
  • The “cupsctl –remote-any” and corresponding web interface check box (allow printing from the Internet) did not work reliably (Issue #3520)
  • The lpq and lpr commands would sometimes choose different default printers (Issue #3503)
  • cupsDo*Request did not flush error text, leading to multiple issues (Issue #3325, Issue #3519)
  • cupsDoAuthentication did not cancel password authentication after 3 failures (Issue #3518)
  • Fixed several LDAP browsing bugs (Issue #3392)
  • The Dymo driver did not support copies (Issue #3457)
  • The scheduler did not update the classes.conf file when deleting a printer belonging to a class (Issue #3505)
  • The lppasswd command did not use localized password prompts (Issue #3492)
  • The socket backend no longer waits for back-channel data on platforms other than Mac OS X (Issue #3495)
  • The scheduler didn’t send events when a printer started accepting or rejecting jobs (Issue #3480)
  • The web interface now includes additional CSRF protection (Issue #3498)
4 years ago