apple/cups

CUPS 2.2.13 is the last general bug fix release in the 2.2.x series and includes
a fix for CVE-2019-2228. Changes include:

• CVE-2019-2228: The ippSetValuetag function did not validate the default
  language value.
• Added a workaround for the scheduler's systemd support (Issue #5640)
• Fixed spelling of "fold-accordion".
• Fixed the default common name for TLS certificates used by ippserver.
• The libusb-based USB backend now reports an error when the distribution
  permissions are wrong (Issue #5658)
• Default printers set with lpoptions did not work in all cases (Issue #5681,
  Issue #5683, Issue #5684)
• Fixed an off-by-one error in ippEnumString (Issue #5695)
• Fixed some new compiler warnings (Issue #5700)
• Fixed a few issues with the Apple Raster support (rdar://55301114)
• The IPP backend did not detect all cases where a job should be retried using
  a raster format (rdar://56021091)

Enjoy!

CUPS 2.3.0 is now available for download, which adopts the new CUPS license, adds support for IPP presets and finishing templates, fixes a number of bugs and "polish" issues, and includes the new ippeveprinter utility. Changes include:

• CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
• Added a GPL2/LGPL2 exception to the new CUPS license terms.
• Documentation updates (Issue #5604)
• Localization updates (Issue #5637)
• Fixed a bug in the scheduler job cleanup code (Issue #5588)
• Fixed builds when there is no TLS library (Issue #5590)
• Eliminated some new GCC compiler warnings (Issue #5591)
• Removed dead code from the scheduler (Issue #5593)
• "make" failed with GZIP options (Issue #5595)
• Fixed potential excess logging from the scheduler when removing job files
  (Issue #5597)
• Fixed a NULL pointer dereference bug in httpGetSubField2 (Issue #5598)
• Added FIPS-140 workarounds for GNU TLS (Issue #5601, Issue #5622)
• The scheduler no longer provides a default value for the description
  (Issue #5603)
• The scheduler now logs jobs held for authentication using the error level so
  it is clear what happened (Issue #5604)
• The lpadmin command did not always update the PPD file for changes to the
  cupsIPPSupplies and cupsSNMPSupplies keywords (Issue #5610)
• The scheduler now uses both the group's membership list as well as the
  various OS-specific membership functions to determine whether a user belongs
  to a named group (Issue #5613)
• Added USB quirks rule for HP LaserJet 1015 (Issue #5617)
• Fixed some PPD parser issues (Issue #5623, Issue #5624)
• The IPP parser no longer allows invalid member attributes in collections
  (Issue #5630)
• The configure script now treats the "wheel" group as a potential system
  group (Issue #5638)
• Fixed a USB printing issue on macOS (rdar://31433931)
• Fixed IPP buffer overflow (rdar://50035411)
• Fixed memory disclosure issue in the scheduler (rdar://51373853)
• Fixed DoS issues in the scheduler (rdar://51373929)
• Fixed an issue with unsupported "sides" values in the IPP backend
  (rdar://51775322)
• The scheduler would restart continuously when idle and printers were not
  shared (rdar://52561199)
• Fixed an issue with EXPECT !name WITH-VALUE ... tests.
• Fixed a command ordering issue in the Zebra ZPL driver.
• Fixed a memory leak in ppdOpen.

Enjoy!

CUPS 2.2.12 is now available and includes security, compatibility, and general bug fixes. Changes include:

• CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows (rdar://51685251)
• The cupsctl command now prevents setting "cups-files.conf" directives
  (Issue #5530)
• Updated the systemd service file for cupsd (Issue #5551)
• The cupsCheckDestSupported function did not check octetString values
  correctly (Issue #5557)
• The scheduler did not encode octetString values like "job-password" correctly
  for the print filters (Issue #5558)
• Restored minimal support for the Emulators keyword in PPD files to allow
  old Samsung printer drivers to continue to work (Issue #5562)
• Timed out job submission now yields an error (Issue #5570)
• The footer in the web interface covered some content on small displays
  (Issue #5574)
• The libusb-based USB backend now enforces read limits, improving print speed
  in many cases (Issue #5583)
• Fixed some compatibility issues with old releases of CUPS (Issue #5587)
• Fixed a bug in the scheduler job cleanup code (Issue #5588)
• "make" failed with GZIP options (Issue #5595)
• Added FIPS-140 workarounds for GNU TLS (Issue #5601, Issue #5622)
• The scheduler no longer provides a default value for the description
  (Issue #5603)
• The lpadmin command did not always update the PPD file for changes to the
  cupsIPPSupplies and cupsSNMPSupplies keywords (Issue #5610)
• The scheduler now uses both the group's membership list as well as the
  various OS-specific membership functions to determine whether a user belongs
  to a named group (Issue #5613)
• Added USB quirks rule for HP LaserJet 1015 (Issue #5617)
• Fixed some PPD parser issues (Issue #5623, Issue #5624)
• The IPP parser no longer allows invalid member attributes in collections
  (Issue #5630)
• Fixed IPP buffer overflow (rdar://50035411)
• Fixed memory disclosure issue in the scheduler (rdar://51373853)
• Fixed DoS issues in the scheduler (rdar://51373929)
• The scheduler would restart continuously when idle and printers were not
  shared (rdar://52561199)
• Fixed a command ordering issue in the Zebra ZPL driver.
• Fixed a memory leak in ppdOpen.

Enjoy!

CUPS 2.2.11 is a bug fix release that addresses issues in the scheduler,
IPP Everywhere support, CUPS library, and USB printer support. Changes include:

• Running ppdmerge with the same input and output filenames did not work as
  advertised (Issue #5455)
• Fixed a potential memory leak when reading at the end of a file (Issue #5473)
• Fixed potential unaligned accesses in the string pool (Issue #5474)
• Fixed a potential memory leak when loading a PPD file (Issue #5475)
• Added a USB quirks rule for the Lexmark E120n (Issue #5478)
• Updated the USB quirks rule for Zebra label printers (Issue #5395)
• Fixed a compile error on Linux (Issue #5483)
• The lpadmin command, web interface, and scheduler all queried an IPP
  Everywhere printer differently, resulting in different PPDs for the same
  printer (Issue #5484)
• Fixed an issue with the self-signed certificates generated by GNU TLS
  (Issue #5506)
• The ippValidateAttribute function did not catch all instances of invalid
  UTF-8 strings (Issue #5509)
• Non-Kerberized printing to Windows via IPP was broken (Issue #5515)
• The scheduler no longer stops a printer if an error occurs when a job is
  canceled or aborted (Issue #5517)
• Added a USB quirks rule for the DYMO 450 Turbo (Issue #5521)
• Added a USB quirks rule for Xerox printers (Issue #5523)
• The scheduler's self-signed certificate did not include all of the alternate
  names for the server when using GNU TLS (Issue #5525)
• Fixed compiler warnings with newer versions of GCC (Issue #5532, Issue #5533)
• Fixed some PPD caching and IPP Everywhere PPD accounting/password bugs
  (Issue #5535)
• Fixed PreserveJobHistory bug with time values (Issue #5538)
• Media size matching now uses a tolerance of 0.5mm (rdar://33822024)
• The lpadmin command would hang with a bad PPD file (rdar://41495016)
• Fixed a potential crash bug in cups-driverd (rdar://46625579)
• Fixed a performance regression with large PPDs (rdar://47040759)
• The scheduler did not always idle exit as quickly as it could.

Enjoy!

CUPS 2.2.10 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include:

• CVE-2018-4300: Linux session cookies used a predictable random number seed.
• The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045)
• Added USB quirk rules (Issue #5395, Issue #5443)
• The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433)
• Kerberos credentials might be truncated (Issue #5435)
• The handling of MaxJobTime 0 did not match the documentation (Issue #5438)
• Incorporated the page accounting changes from CUPS 2.3 (Issue #5439)
• Fixed a bug adding a queue with the -E option (Issue #5440)
• Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976)

Enjoy!