| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libcupsimage2 | Distribution: openSUSE Tumbleweed |
| Version: 2.4.16 | Vendor: openSUSE |
| Release: 1.2 | Build date: Wed Jan 21 09:38:41 2026 |
| Group: System/Libraries | Build host: reproducible |
| Size: 67320 | Source RPM: cups-2.4.16-1.2.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://openprinting.github.io/cups | |
| Summary: CUPS library for working with large images | |
The CUPS imaging library provides functions for managing large images, doing colorspace conversion and color management, scaling images for printing, and managing raster page streams. It is used by the CUPS image file filters, the PostScript RIP, and all raster printers drivers.
Apache-2.0
* Wed Jan 21 2026 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.16:
See https://github.com/openprinting/cups/releases
The hotfix release 2.4.16 includes fix for infinite loop in GTK,
which was caused by change of internal behavior in libcups
on which GTK depended on, and workaround for stopping
the scheduler if configuration includes unknown directives.
Detailed list (from CHANGES.md):
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.15:
See https://github.com/openprinting/cups/releases
The release CUPS 2.4.15 brings two CVE fixes:
Fix various cupsd issues which cause local DoS
(CVE-2025-61915 bsc#1253783)
Fix unresponsive cupsd process caused by slow client
(CVE-2025-58436 bsc#1244057)
and several bug fixes described in CHANGES.md.
Detailed list (from CHANGES.md):
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16
- Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017"
which contained needless UTF-8 Unicode characters that are
now replaced by plain ASCII text in "... line - the ..."
to fix a rpmlint "non-break-space" warning.
- Adapted and enhanced 'tmpfiles.d' related things in cups.spec
to "Fix packages for Immutable Mode - cups"
(implementation task jsc#PED-14775 from epic jsc#PED-14688)
* Wed Sep 17 2025 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.14:
See https://github.com/openprinting/cups/releases
The hotfix release brings fix for installation process
of localized templates and CUPS web UI home pages.
- Version upgrade to 2.4.13:
See https://github.com/openprinting/cups/releases
The release 2.4.13 brings two CVE fixes
fix for important CVE-2025-58060
"Authentication bypass with AuthType Negotiate" (bsc#1249049)
and fix for moderate CVE-2025-58364
"Remote DoS via null dereference" (bsc#1249128)
together with several bug fixes.
The release includes a new feature - new attribute
for printer and job objects - print-as-raster - which
allows enforce rasterization of the file for
IPP Everywhere/AirPrint printers, which supports PDF
and raster document formats. The feature is useful for
working around internal PDF issues in the printer firmware,
for example missing diacritic when printing a PDF.
Detailed list (from CHANGES.md):
* Blocked authentication using alternate methods
in cupsd (CVE-2025-58060)
* Fixed extension tag handling in 'ipp_read_io()'
in libcups (CVE-2025-58364)
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.14
* Thu Apr 10 2025 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.12:
See https://github.com/openprinting/cups/releases
The last planned release of CUPS 2.4.x series
(the next will be 2.5.x series) contains several enhancements
among set of bug fixes, such following cryptographic policies
when using GnuTLS crypto provider and possibility to opt-out
from this behavior, logging job debugging history if print
queue backends fails, or raising alerts for certificate issues
in IPPS backend.
Detailed list (from CHANGES.md):
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.12
* Wed Oct 16 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks for CODE16 (PED-266).
* Mon Sep 30 2024 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.11:
See https://github.com/openprinting/cups/releases
CUPS 2.4.11 brings several bug fixes regarding IPP response
validation, processing PPD values, Web UI support
(checkbox support, modifying printers) and others fixes.
Detailed list (from CHANGES.md):
* Updated the maximum file descriptor limit
for `cupsd` to 64k-1 (Issue #989)
* Fixed `lpoptions -d` with a discovered
but not added printer (Issue #833)
* Fixed incorrect error message for HTTP/IPP errors (Issue #893)
* Fixed JobPrivateAccess and SubscriptionPrivateAccess support
for "all" (Issue #990)
* Fixed issues with cupsGetDestMediaByXxx (Issue #993)
* Fixed adding and modifying of printers
via the web interface (Issue #998)
* Fixed HTTP PeerCred authentication
for domain users (Issue #1001)
* Fixed checkbox support (Issue #1008)
* Fixed printer state notifications (Issue #1013)
* Fixed IPP Everywhere printer setup (Issue #1033)
Issues are those at https://github.com/OpenPrinting/cups/issues
In particular CUPS 2.4.11 contains those commit regarding
IPP response validation and processing PPD values:
* "Quote PPD localized strings"
https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd
plus a cleanup to "Fix warnings for unused vars"
https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.11
- avoid_C99_mode_for_loop_initial_declarations.patch
is no longer needed because the issue is fixed upstream.
* Mon Jul 08 2024 Johannes Meixner <jsmeix@suse.com>
- Replaced avoid_C99_mode_for_loop_initial_declarations.patch
which is now the upstream fix
https://github.com/OpenPrinting/cups/commit/a2b8872ea95564e065e3a08e2aa12a15515bc993
see https://github.com/OpenPrinting/cups/issues/1000
and https://github.com/OpenPrinting/cups/pull/1004
* Tue Jul 02 2024 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.10:
See https://github.com/openprinting/cups/releases
CUPS 2.4.10 brings two fixes:
* Fixed error handling when reading a mixed 1setOf attribute.
* Fixed scheduler start if there is only domain socket
to listen on (Issue #985) which is fix for regression
after fix for CVE-2024-35235 in scenarios where is
no other listeners in cupsd.conf than domain socket
created on demand by systemd, launchd or upstart.
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.9:
See https://github.com/openprinting/cups/releases
CUPS 2.4.9 brings security fix for CVE-2024-35235 and
several bug fixes regarding CUPS Web User Interface,
PPD generation and HTTP protocol implementation.
Detailed list (from CHANGES.md):
* Fixed domain socket handling (CVE-2024-35235)
* Fixed creating of `cupsUrfSupported` PPD keyword
(Issue #952)
* Fixed searching for destinations in web ui (Issue #954)
* Fixed TLS negotiation using OpenSSL with servers
that require the TLS SNI extension.
* Really raised `cups_enum_dests()` timeout for listing
available IPP printers (Issue #751)...
* Fixed `Host` header regression (Issue #967)
* Fixed DNS-SD lookups of local services with Avahi
(Issue #970)
* Fixed listing jobs in destinations in web ui.
(Apple issue #6204)
* Fixed showing search query in web ui help page.
(Issue #977)
Issues are those at https://github.com/OpenPrinting/cups/issues
Apple issues are those at https://github.com/apple/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.10
- Removed cups-2.4.8-CVE-2024-35235.patch : fixed upstream
see the above CUPS 2.4.9 changes
- avoid_C99_mode_for_loop_initial_declarations.patch avoids error
"'for' loop initial declarations are only allowed in C99 mode"
that happens when building for SLE12
in scheduler/client.c at "for (char *start = ..." since
https://github.com/OpenPrinting/cups/commit/a7eda84da73126e40400e05dd27d57f8c92d5b0d
see https://github.com/OpenPrinting/cups/issues/1000
* Tue Jun 11 2024 Johannes Meixner <jsmeix@suse.com>
- cups-2.4.8-CVE-2024-35235.patch is derived
from the upstream patch against master (CUPS 2.5)
to apply to CUPS 2.4.8 in openSUSE Factory to fix CVE-2024-35235
"cupsd Listen port arbitrary chmod 0140777"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
bsc#1225365
* Wed May 29 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.4.8:
See https://github.com/openprinting/cups/releases
CUPS 2.4.8 brings many bug fixes which aggregated over the last
half a year. It brings the important fix for race conditions
and errors which can happen when installing permanent
IPP Everywhere printer, support for PAM modules password-auth
and system-auth and new option for lpstat which can show only
the successful jobs.
Detailed list (from CHANGES.md):
* Added warning if the device has to be asked for
'all,media-col-database' separately (Issue #829)
* Added new value for 'lpstat' option '-W' - successfull - for
getting successfully printed jobs (Issue #830)
* Added support for PAM modules password-auth
and system-auth (Issue #892)
* Updated IPP Everywhere printer creation error
reporting (Issue #347)
* Updated and documented the MIME typing buffering
limit (Issue #925)
* Raised 'cups_enum_dests()' timeout for listing
available IPP printers (Issue #751)
* Now report an error for temporary printer defaults
with lpadmin (Issue #237)
* Fixed mapping of PPD InputSlot, MediaType,
and OutputBin values (Issue #238)
* Fixed "document-unprintable-error" handling (Issue #391)
* Fixed the web interface not showing an error
for a non-existent printer (Issue #423)
* Fixed printing of jobs with job name longer than 255 chars
on older printers (Issue #644)
* Really backported fix for Issue #742
* Fixed 'cupsCopyDestInfo' device connection
detection (Issue #586)
* Fixed "Upgrade" header handling when there is
no TLS support (Issue #775)
* Fixed memory leak when unloading a job (Issue #813)
* Fixed memory leak when creating color profiles (Issue #815)
* Fixed a punch finishing bug in the IPP Everywhere
support (Issue #821)
* Fixed crash in 'scan_ps()' if incoming argument
is NULL (Issue #831)
* Fixed setting job state reasons for successful
jobs (Issue #832)
* Fixed infinite loop in IPP backend if hostname
is IP address with Kerberos (Issue #838)
* Added additional check on socket if 'revents' from 'poll()'
returns POLLHUP together with POLLIN or POLLOUT
in 'httpAddrConnect2()' (Issue #839)
* Fixed crash in 'ppdEmitString()' if 'size' is NULL (Issue #850)
* Fixed reporting 'media-source-supported' when
sharing printer which has numbers as strings instead of
keywords as 'InputSlot' values (Issue #859)
* Fixed IPP backend to support the "print-scaling" option
with IPP printers (Issue #862)
* Fixed potential race condition for the creation
of temporary queues (Issue #871)
* Fixed 'httpGets' timeout handling (Issue #879)
* Fixed checking for required attributes during
PPD generation (Issue #890)
* Fixed encoding of IPv6 addresses in HTTP requests (Issue #903)
* Fixed sending response headers to client (Issue #927)
* Fixed CGI program initialization and validation
of form checkbox and text fields.
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.8
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Fri Feb 02 2024 Johannes Meixner <jsmeix@suse.com>
- Removed outdated ntadmin stuff from cups.spec (boo#1219503)
* Wed Jan 24 2024 Johannes Meixner <jsmeix@suse.com>
- Version upgrade to 2.4.7:
See https://github.com/openprinting/cups/releases
CUPS 2.4.7 is released to ship the fix for CVE-2023-4504
and several other changes, among them it is
adding OpenSSL support for cupsHashData function and bug fixes.
Detailed list:
* CVE-2023-4504 - Fixed Heap-based buffer overflow when
reading Postscript in PPD files
* Added OpenSSL support for cupsHashData (Issue #762)
* Fixed delays in lpd backend (Issue #741)
* Fixed extensive logging in scheduler (Issue #604)
* Fixed hanging of lpstat on IBM AIX (Issue #773)
* Fixed hanging of lpstat on Solaris (Issue #156)
* Fixed printing to stderr if we can't open cups-files.conf
(Issue #777)
* Fixed purging job files via cancel -x (Issue #742)
* Fixed RFC 1179 port reserving behavior in LPD backend
(Issue #743)
* Fixed a bug in the PPD command interpretation code
(Issue #768)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.6:
See https://github.com/openprinting/cups/releases
CUPS 2.4.6 is released to ship the fix for CVE-2023-34241
and two other bug fixes.
Detailed list:
* Fix linking error on old MacOS (Issue #715)
* Fix printing multiple files on specific printers (Issue #643)
* Fix use-after-free when logging warnings in case of failures
in cupsdAcceptClient() (fixes CVE-2023-34241)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.5:
See https://github.com/openprinting/cups/releases
CUPS 2.4.5 is a hotfix release for a bug which corrupted
locally saved certificates, which broke secured printing
via TLS after the first print job.
- Version upgrade to 2.4.4:
See https://github.com/openprinting/cups/releases
CUPS 2.4.4 release is created as a hotfix for segfault
in cupsGetNamedDest(), when caller tries to find
the default destination and the default destination
is not set on the machine.
- Version upgrade to 2.4.3:
See https://github.com/openprinting/cups/releases
CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements
and many bug fixes. CUPS now implements fallback for printers
with broken firmware, which is not capable of answering
to IPP request get-printer-attributes with all,
media-col-database - this enables driverless support for
bunch of printers which don't follow IPP Everywhere standard.
Aside from the CVE fix the most important fixes are around color
settings, printer application support fixes and OpenSSL support.
Detailed list of changes:
* Added a title with device uri for found network printers
(Issues #402, #393)
* Added new media sizes defined by IANA (Issues #501)
* Added quirk for GoDEX label printers (Issue #440)
* Fixed --enable-libtool-unsupported (Issue #394)
* Fixed configuration on RISC-V machines (Issue #404)
* Fixed the device_uri invalid pointer for driverless printers
with .local hostname (Issue #419)
* Fixed an OpenSSL crash bug (Issue #409)
* Fixed a potential SNMP OID value overflow issue (Issue #431)
* Fixed an OpenSSL certificate loading issue (Issue #465)
* Fixed Brazilian Portuguese translations (Issue #288)
* Fixed cupsd default keychain location when building
with OpenSSL (Issue #529)
* Fixed default color settings for CMYK printers as well
(Issue #500)
* Fixed duplicate PPD2IPP media-type names (Issue #688)
* Fixed possible heap buffer overflow in _cups_strlcpy()
(fixes CVE-2023-32324)
* Fixed InputSlot heuristic for photo sizes smaller than 5x7"
if there is no media-source in the request (Issue #569)
* Fixed invalid memory access during generating IPP Everywhere
queue (Issue #466)
* Fixed lprm if no destination is provided (Issue #457)
* Fixed memory leaks in create_local_bg_thread() (Issue #466)
* Fixed media size tolerance in ippeveprinter (Issue #487)
* Fixed passing command name without path into ippeveprinter
(Issue #629)
* Fixed saving strings file path in printers.conf (Issue #710)
* Fixed TLS certificate generation bugs (Issue #652)
* ippDeleteValues would not delete the last value (Issue #556)
* Ignore some of IPP defaults if the application sends
its PPD alternative (Issue #484)
* Make Letter the default size in ippevepcl (Issue #543)
* Now accessing Admin page in Web UI requires authentication
(Issue #518)
* Now look for default printer on network if needed (Issue #452)
* Now we poll media-col-database separately if we fail at first
(Issue #599)
* Now report fax attributes and values as needed (Issue #459)
* Now localize HTTP responses using the Content-Language value
(Issue #426)
* Raised file size limit for importing PPD via Web UI
(Issue #433)
* Raised maximum listen backlog size to INT MAX (Issue #626)
* Update print-color-mode if the printer is modified
via ColorModel PPD option (Issue #451)
* Use localhost when printing via printer application
(Issue #353)
* Write defaults into /etc/cups/lpoptions if we're root
(Issue #456)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.7
- Removed cups-2.4.2-CVE-2023-4504.patch : fixed upstream
see the above CUPS 2.4.7 changes
- Removed cups-2.4.2-CVE-2023-32360.patch : fixed upstream via
https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
- Removed cups-2.4.2-CVE-2023-34241.patch : fixed upstream
see the above CUPS 2.4.6 changes
- Removed cups-2.4.2-CVE-2023-32324.patch : fixed upstream
see the above CUPS 2.4.3 changes
* Wed Sep 20 2023 Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-4504.patch fixes CVE-2023-4504
"CUPS PostScript Parsing Heap Overflow"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
bsc#1215204
* Wed Sep 20 2023 Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-32360.patch fixes CVE-2023-32360
"Information leak through Cups-Get-Document operation"
by requiring authentication for CUPS-Get-Document in cupsd.conf
https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
bsc#1214254
- cups-2.4.2-additional_policies.patch is an updated version
of cups-2.0.3-additional_policies.patch that replaces it
to add the 'allowallforanybody' policy to cupsd.conf
after cups-2.4.2-CVE-2023-32360.patch was applied
* Thu Jun 22 2023 Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
* Thu Jun 01 2023 Johannes Meixner <jsmeix@suse.com>
- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
"Heap buffer overflow in cupsd"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
/usr/lib64/libcupsimage.so.2
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Apr 15 22:49:08 2026