CUPS 2.4.2 brings the fix for CVE-2022-26691, together with LibreSSL/OpenSSL and minimal AIX support. There are lots of bug fixes as well, feel free to check the list of changes:
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The
cupsFileOpenfunction no longer opens files for append in read-write
mode (Issue #291) - The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365) - Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
IPP Everywhere queue (Issues #340, #343) - The
lpstatcommand now reports when the scheduler is not running
(Issue #352) - Updated the man pages concerning the
-hoption (Issue #357) - Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371) - Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373) - Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375) - Fixed the prototype for the
httpWriteResponsefunction (Issue #380) - Brought back minimal AIX support (Issue #389)
cupsGetResponsedid not always set the last error.- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
Enjoy the new CUPS release!