CUPS 1.4.4

Michael Sweet mike at easysw.com
Thu Jun 17 11:39:39 PDT 2010 

CUPS 1.4.4 is now available for download from:

    http://www.cups.org/software.php

CUPS 1.4.4 fixes several security, scheduler, printing, and conformance issues. Changes include:

- Documentation updates (STR #3453, STR #3527, STR #3528, STR #3529)
- Security: The texttops filter did not check the results of allocations (STR #3516)
- Security: The fix for CVE-2009-3553 was incomplete (STR #3490)
- Security: The web admin interface could disclose the contents of memory (STR #3577)
- Security: CUPS could overwrite files as root in directories owned or writable by non-root users (STR #3510)
- The cups-config utility did not return the correct linker options on AIX (STR #3587)
- Fixed some IPP conformance issues with the scheduler's ippget-event-life, operations-supported, output-bin, and sides attributes (STR #3554)
- The OpenSSL interfaces have been made thread-safe and the GNU TLS interface is explicitly forbidden when threading is enabled (STR #3461)
- Fixed an IPP conformance issue with the scheduler's Send-Document implementation (STR #3514)
- Added additional validation checks for the 1284 device ID (STR #3534)
- Fixed a problem with the RPM spec file (STR #3544)
- The lpstat command did not limit the job list to the specified printers (STR #3541)
- The cupsfilter command did not set the RIP_MAX_CACHE environment variable (STR #3531)
- Fixed support for media-col and page size variants (STR #3394)
- The PostScript filter did not support all media selection options for the first page (STR #3525)
- The scheduler did not always remove job control files (STR #3425)
- The scheduler could crash on restart if classes were defined (STR #3524)
- The scheduler no longer looks up network interface hostnames by default on Mac OS X (STR #3523)
- ippWriteIO did not write collection (member) attributes properly in all cases (STR #3521)
- The "cupsctl --remote-any" and corresponding web interface check box (allow printing from the Internet) did not work reliably (STR #3520)
- The lpq and lpr commands would sometimes choose different default printers (STR #3503)
- cupsDo*Request did not flush error text, leading to multiple issues (STR #3325, STR #3519)
- cupsDoAuthentication did not cancel password authentication after 3 failures (STR #3518)
- Fixed several LDAP browsing bugs (STR #3392)
- The Dymo driver did not support copies (STR #3457)
- The scheduler did not update the classes.conf file when deleting a printer belonging to a class (STR #3505)
- The lppasswd command did not use localized password prompts (STR #3492)
- The socket backend no longer waits for back-channel data on platforms other than Mac OS X (STR #3495)
- The scheduler didn't send events when a printer started accepting or rejecting jobs (STR #3480)
- The web interface now includes additional CSRF protection (STR #3498)

Enjoy!

More information about the cups mailing list