[PC-BSD Testing] Hell freeze over, CUPS 1.3.10 released

Arthur a-koziol at neiu.edu
Sun Apr 19 11:01:54 PDT 2009


The new release fixes 3 minor security issues as well as several 
printing and web interface bug fixes. Changes include:
    * <http://www.cups.org/str.php?L2994>Documentation fixes 
<http://www.cups.org/str.php?L3057>STR #3057)
    * <http://www.cups.org/str.php?L3118>SECURITY: The scheduler now 
protects against DNS rebinding attacks 
(<http://www.cups.org/str.php?L3118>STR #3118)
    * <http://www.cups.org/str.php?L3031>SECURITY: Fixed TIFF integer 
overflow in image filters (<http://www.cups.org/str.php?L3031>STR #3031)
    * <http://www.cups.org/str.php?L3130>The scheduler did not 
support the job-hold-until attribute with the Restart-Job operation 
(<http://www.cups.org/str.php?L3130>STR #3130)
    * <http://www.cups.org/str.php?L2974>SECURITY: The PNG image 
reading code did not validate the image size properly, leading to a 
potential buffer overflow (<http://www.cups.org/str.php?L2974>STR #2974)
    * <http://www.cups.org/str.php?L3131>The rastertohp driver did 
not set the 1-sided printing mode when needed 
(<http://www.cups.org/str.php?L3131>STR #3131)
    * <http://www.cups.org/str.php?L3129>Now use a wrapper program 
instead of our fork of the Xpdf code to support printing of PDF 
files. The new wrapper supports using Xpdf, poppler, or Ghostscript 
to convert PDF files to PostScript 
(<http://www.cups.org/str.php?L3129>STR #3129)
    * <http://www.cups.org/str.php?L3125>Long job names caused 
problems with some PJL printers (<http://www.cups.org/str.php?L3125>STR #3125)
    * <http://www.cups.org/str.php?L3117>The lpq command did not work 
when showing all destinations (<http://www.cups.org/str.php?L3117>STR #3117)
    * <http://www.cups.org/str.php?L3113>The scheduler used a codeset 
name of UTF8 which is not supported on Solaris 
(<http://www.cups.org/str.php?L3113>STR #3113)
    * <http://www.cups.org/str.php?L3107>cupsGetJobs() did not work 
with a NULL destination (<http://www.cups.org/str.php?L3107>STR #3107)
    * <http://www.cups.org/str.php?L3106>Fixed a localization problem 
for option choices (incorrectly) named "Custom" 
(<http://www.cups.org/str.php?L3106>STR #3106)
    * <http://www.cups.org/str.php?L3079>The fallback OpenSSL random 
number seeding would not work (<http://www.cups.org/str.php?L3079>STR #3079)
    * The scheduler might miss a child signal, causing high CPU usage.
    * <http://www.cups.org/str.php?L3078>The scheduler did not 
enforce quotas after the job history was unloaded 
(<http://www.cups.org/str.php?L3078>STR #3078)
    * <http://www.cups.org/str.php?L3077>The job-k-limit, 
job-page-limit, and job-quota-period attributes could not be set 
using the lpadmin command (<http://www.cups.org/str.php?L3077>STR #3077)
    * httpSeparateURI() did not error out on URIs with a missing port 
number after a colon.
    * Fixed a Valgrind-detected initialization error when creating a 
missing directory on startup.
    * The scheduler did not always read all of the HTTP headers from 
a CGI script/program.
    * The scheduler did not always set the "air" property in 
Bonjour/DNS-SD registrations.
    * The scheduler incorrectly compared Mac OS X UUIDs for access 
control, preventing access in certain configurations.
    * The IPP backend incorrectly reset the required authentication 
to Kerberos when authentication failed.
    * The scheduler no longer looks up the local hostname by default; 
turn on hostname lookups to restore the previous behavior.
    * <http://www.cups.org/str.php?L3059>The scheduler did not always 
load MIME type rules correctly (<http://www.cups.org/str.php?L3059>STR #3059)
    * <http://www.cups.org/str.php?L3060>The test page did not format 
correctly on A4 paper (<http://www.cups.org/str.php?L3060>STR #3060)
    * <http://www.cups.org/str.php?L3022>The web interface sometimes 
incorrectly redirected users to 
(<http://www.cups.org/str.php?L3022>STR #3022)
    * <http://www.cups.org/str.php?L3055>cupsPrintFile*() did not 
send the document filename for single file submissions 
(<http://www.cups.org/str.php?L3055>STR #3055)
    * The scheduler did not update the member-names attribute when 
removing the last printer from a class.
    * <http://www.cups.org/str.php?L3046>The scheduler did not report 
PPD Products with parenthesis in them properly 
(<http://www.cups.org/str.php?L3046>STR #3046)
    * The wrong italic fonts were listed in the UTF-8 charset file 
for the text filter.
    * <http://www.cups.org/str.php?L3029>The backends did not return 
an OK status for the CUPS_SC_CMD_GET_BIDI side-channel command 
(<http://www.cups.org/str.php?L3029>STR #3029)
    * <http://www.cups.org/str.php?L3030>The scheduler did not purge 
jobs that were missing a time-at-creation attribute, indicating a bad 
job control file (<http://www.cups.org/str.php?L3030>STR #3030)
    * <http://www.cups.org/str.php?L3025>The "-o 
job-hold-until=week-end" option did not work properly 
(<http://www.cups.org/str.php?L3025>STR #3025)
    * <http://www.cups.org/str.php?L3028>The Solaris USB printer 
device does not support select or poll 
(<http://www.cups.org/str.php?L3028>STR #3028)
    * The scheduler would crash if you exceeded the MaxSubscriptions limit.
    * <http://www.cups.org/str.php?L3013>The lp "-H immediate" option 
did not specify that the job should not be held 
(<http://www.cups.org/str.php?L3013>STR #3013)
    * <http://www.cups.org/str.php?L3010>The scheduler did not 
support the "Connection: close" HTTP header 
(<http://www.cups.org/str.php?L3010>STR #3010)
    * <http://www.cups.org/str.php?L3011>The mailto notifier didn't 
terminate messages properly (<http://www.cups.org/str.php?L3011>STR #3011)
    * <http://www.cups.org/str.php?L3001>Backends could spin trying 
to read back-channel data (<http://www.cups.org/str.php?L3001>STR #3001)
    * <http://www.cups.org/str.php?L2966>The HP-GL/2 filter was using 
the wrong default colors (<http://www.cups.org/str.php?L2966>STR #2966)
    * <http://www.cups.org/str.php?L2996>The scheduler incorrectly 
allowed Get-Jobs operations without a printer-uri 
(<http://www.cups.org/str.php?L2996>STR #2996)
    * <http://www.cups.org/str.php?L2997>The compression option was 
not being encoded properly (<http://www.cups.org/str.php?L2997>STR #2997)
    * Added a missing character map for JIS-X0213/ShiftJIS.
    * The scheduler now rejects ATTR: messages with empty values.
    * <http://www.cups.org/str.php?L2988>The scheduler could consume 
all CPU handling closed connections 
(<http://www.cups.org/str.php?L2988>STR #2988)
    * <http://www.cups.org/str.php?L2970>Fixed some configure script 
bugs with rc/xinetd directories (<http://www.cups.org/str.php?L2970>STR #2970)
    * <http://www.cups.org/str.php?L2979>The Epson sample driver PPDs 
contained errors (<http://www.cups.org/str.php?L2979>STR #2979)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20090419/a22c3ee9/attachment.html>

More information about the Testing mailing list