Changes in CUPS v1.4.4:
- Documentation updates (Issue #3453, Issue #3527, Issue #3528, Issue #3529)
- Security: The fix for CVE-2009-3553 was incomplete (Issue #3490)
- Security: The texttops filter did not check the results of allocations (Issue #3516)
- Security: The web admin interface could disclose the contents of memory (Issue #3577)
- Security: CUPS could overwrite files as root in directories owned or writable by non-root users (Issue #3510)
- The cups-config utility did not return the correct linker options on AIX (Issue #3587)
- Fixed some IPP conformance issues with the scheduler's ippget-event-life, operations-supported, output-bin, and sides attributes (Issue #3554)
- The OpenSSL interfaces have been made thread-safe and the GNU TLS interface is explicitly forbidden when threading is enabled (Issue #3461)
- Fixed an IPP conformance issue with the scheduler's Send-Document implementation (Issue #3514)
- Added additional validation checks for the 1284 device ID (Issue #3534)
- Fixed a problem with the RPM spec file (Issue #3544)
- The lpstat command did not limit the job list to the specified printers (Issue #3541)
- The cupsfilter command did not set the RIP_MAX_CACHE environment variable (Issue #3531)
- Fixed support for media-col and page size variants (Issue #3394)
- The PostScript filter did not support all media selection options for the first page (Issue #3525)
- The scheduler did not always remove job control files (Issue #3425)
- The scheduler could crash on restart if classes were defined (Issue #3524)
- The scheduler no longer looks up network interface hostnames by default on Mac OS X (Issue #3523)
- ippWriteIO did not write collection (member) attributes properly in all cases (Issue #3521)
- The "cupsctl --remote-any" and corresponding web interface check box (allow printing from the Internet) did not work reliably (Issue #3520)
- The lpq and lpr commands would sometimes choose different default printers (Issue #3503)
- cupsDo*Request did not flush error text, leading to multiple issues (Issue #3325, Issue #3519)
- cupsDoAuthentication did not cancel password authentication after 3 failures (Issue #3518)
- Fixed several LDAP browsing bugs (Issue #3392)
- The Dymo driver did not support copies (Issue #3457)
- The scheduler did not update the classes.conf file when deleting a printer belonging to a class (Issue #3505)
- The lppasswd command did not use localized password prompts (Issue #3492)
- The socket backend no longer waits for back-channel data on platforms other than Mac OS X (Issue #3495)
- The scheduler didn't send events when a printer started accepting or rejecting jobs (Issue #3480)
- The web interface now includes additional CSRF protection (Issue #3498)