pkgsrc.se | The NetBSD package collection

./print/cups, Common UNIX Printing System

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.17, Package name: cups-2.4.17, Maintainer: sbd

The Common UNIX Printing System provides a portable printing layer for
UNIX operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

CUPS uses the Internet Printing Protocol (IETF-IPP) as the basis for
managing print jobs and queues. The Line Printer Daemon (LPD, RFC1179)
and AppSocket protocols are also supported with reduced functionality.

CUPS adds network printer browsing and PostScript Printer Description
("PPD")-based printing options to support real world applications under
UNIX.

This is a meta-package for installing CUPS and the necessary backends,
filters, and other software that is required for using printer drivers
from CUPS 1.6.0 on.

MESSAGE.libusb [+/-]
MESSAGE.nokerberos [+/-]
MESSAGE.pam [+/-]

Required to run:
[print/cups-filters] [print/cups-base]

Master sites:

https://github.com/apple/

Version history: (Expand)

(2026-04-19) Updated to version: cups-2.4.17
(2026-02-06) Updated to version: cups-2.4.16nb2
(2026-01-07) Updated to version: cups-2.4.16nb1
(2025-12-12) Updated to version: cups-2.4.16
(2025-11-30) Updated to version: cups-2.4.15
(2025-10-24) Updated to version: cups-2.4.14nb1

CVS history: (Expand)

2026-04-19 16:52:23 by Thomas Klausner | Files touched by this commit (7) | Package updated

Log message:
*cups*: update to 2.4.17

Changes in CUPS v2.4.17 (2026-04-17)
------------------------------------

- CVE-2026-27447: The scheduler treated local user and group names as case-
  insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS
  directory.
- CVE-2026-34980: The scheduler did not filter control characters from option
  values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a
  job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the
  loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
- The scheduler followed symbolic links when cleaning out its temporary
  directory (Issue #1448)
- Updated `cupsFileGetConf` and `cupsFilePutConf` to escape more characters.
- Updated man page `cancel` (Issue #984)
- Updated `cupsRasterReadHeader` to validate more of the page header values
  (Issue #1501)
- Fixed an issue with the class/printer CGI name checking.
- Fixed infinite loop in `http_write()` on busy print servers (Issue #827)
- Fixed potential TLS blocking issues (Issue #1128)
- Fixed a job history bug in the scheduler (Issue #1440)
- Fixed notifier logging bug that would result in nul bytes getting into the
  log (Issue #1450)
- Fixed possible use-after-free in `cupsdReadClient()` (Issue #1454)
- Fixed a document format bug in the IPP backend (Issue #1457)
- Fixed DRAIN_OUTPUT race condition (Issue #1461)
- Fixed a bug when then `ippFindXxx` and `ippSetXxx` functions were mixed.
- Fixed the mapping of supply type keywords to SNMP names.
- Fixed a bug in the IPP backend when SNMP was disabled.
- Fixed a crash bug in the rastertoepson filter.
- Fixed a bug in cgiCheckVariables.
- Fixed handling read/write errors with OpenSSL (Issue #1506)
- Fixed handling rehandshake error in `_httpTLSRead` (Issue #1508)
- Fixed a debug printf bug on Windows (Issue #1529)
- Fixed a recursion issue with encoding of nested collections (Issue #1539)
- Fixed parsing of the `LimitRequestBody`, `MaxLogSize`, and `MaxRequestSize`
  directives in "cupsd.conf" (Issue #1540)
- Fixed a parsing bug in `ipptool` (Issue #1542)
- Fixed blank line detection in the `rastertolabel` filter (Issue #1545)
- Fixed `httpPeek` edge case on compressed streams

2026-02-06 11:06:21 by Thomas Klausner | Files touched by this commit (1305)

Log message:
*: recursive bump for nettle 4.0 shlib major bump

2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525)

Log message:
*: recursive bump for icu 78.1

2025-12-12 10:27:40 by Thomas Klausner | Files touched by this commit (2) | Package updated

Log message:
*cups*: update to 2.4.16

Changes in CUPS v2.4.16 (2025-12-04)
------------------------------------

- `cupsUTF8ToCharset` didn't validate 2-byte UTF-8 sequences, potentially
  reading past the end of the source string (Issue #1438)
- The web interface did not support domain usernames fully (Issue #1441)
- Fixed an infinite loop issue in the GTK+ print dialog (Issue #1439)
- Fixed stopping scheduler on unknown directive in configuration (Issue #1443)

2025-11-30 14:58:06 by Thomas Klausner | Files touched by this commit (7) | Package updated

Log message:
*cups*: update to 2.4.15

Changes in CUPS v2.4.15 (2025-11-27)
------------------------------------

- Fix various cupsd issues which cause local DoS (CVE-2025-61915)
- Fix unresponsive cupsd process caused by slow client (CVE-2025-58436)
- Fixed potential crash in `cups-driverd` when there are duplicate PPDs
  (Issue #1355)
- Fixed error recovery when scanning for PPDs in `cups-driverd` (Issue #1416)

2025-10-23 22:40:24 by Thomas Klausner | Files touched by this commit (2999)

Log message:
*: recursive bump for pcre2

Running an old binary against the new pcre doesn't work:
/usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by \ 
/usr/pkg/lib/libglib-2.0.so.0 not defined

2025-09-21 20:27:11 by Thomas Klausner | Files touched by this commit (5) | Package updated

Log message:
*cups*: update to 2.4.14

Changes in CUPS v2.4.14 (2025-09-11)
------------------------------------

- Fixed installation of localized index.html and templates (Issue #1362)

Changes in CUPS v2.4.13 (2025-09-11)
------------------------------------

- Blocked authentication using alternate methods in cupsd (CVE-2025-58060)
- Fixed extension tag handling in `ipp_read_io()` in libcups (CVE-2025-58364)
- Added `print-as-raster` printer and job attributes for forcing rasterization
  (Issue #1282)
- Updated documentation (Issue #1086)
- Updated IPP backend to try a sanitized user name if the printer/server does
  not like the value (Issue #1145)
- Updated the scheduler to send the "printer-added" or \ 
"printer-modified" events
  whenever an IPP Everywhere PPD is installed (Issue #1244)
- Updated the scheduler to send the "printer-modified" event whenever \ 
the system
  default printer is changed (Issue #1246)
- Fixed a memory leak in `httpClose` (Issue #1223)
- Fixed missing commas in `ippCreateRequestedArray` (Issue #1234)
- Fixed subscription issues in the scheduler and D-Bus notifier (Issue #1235)
- Fixed media-default reporting for custom sizes (Issue #1238)
- Fixed support for IPP/PPD options with periods or underscores (Issue #1249)
- Fixed parsing of real numbers in PPD compiler source files (Issue #1263)
- Fixed scheduler freezing with zombie clients (Issue #1264)
- Fixed support for the server name in the ErrorLog filename (Issue #1277)
- Fixed job cleanup after daemon restart (Issue #1315)
- Fixed handling of buggy DYMO USB printer serial numbers (Issue #1338)
- Fixed unreachable block in IPP backend (Issue #1351)
- Fixed memory leak in _cupsConvertOptions (Issue #1354)

2025-08-31 00:46:51 by Thomas Klausner | Files touched by this commit (1355)

Log message:
*: recursive bump for tiff growing lerc dependency