pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q2]: pkgsrc/print/cups Pullup ticket 673 - requested by Lu...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a2127736cefc
branches:  pkgsrc-2005Q2
changeset: 495975:a2127736cefc
user:      snj <snj%pkgsrc.org@localhost>
date:      Thu Aug 11 07:08:36 2005 +0000

description:
Pullup ticket 673 - requested by Lubomir Sedlacik
security fix for cups

Revisions pulled up:
- pkgsrc/print/cups/Makefile            1.95
- pkgsrc/print/cups/buildlink3.mk       1.13
- pkgsrc/print/cups/distinfo            1.32-1.33
- pkgsrc/print/cups/patches/patch-aw    1.3-1.4

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Wed Aug 10 23:37:08 UTC 2005

    Modified Files:
            pkgsrc/print/cups: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/print/cups/patches: patch-aw

    Log Message:
    Security fix for CAN-2005-2097.

    "A vulnerability has been reported in CUPS, which can be exploited by
    malic ious people to cause a DoS (Denial of Service) on a vulnerable
    system.

    When processing a PDF file, bounds checking was not correctly performed on
    some fields. This could cause the pdftops filter (running as user "lp") to
    crash."

    http://secunia.com/advisories/16380/
    http://rhn.redhat.com/errata/RHSA-2005-706.html

    Patch from RedHat.
----
    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Thu Aug 11 00:03:18 UTC 2005

    Modified Files:
            pkgsrc/print/cups: distinfo
            pkgsrc/print/cups/patches: patch-aw

    Log Message:
    Remove erroneous (literally) include.

diffstat:

 print/cups/Makefile         |   4 ++--
 print/cups/buildlink3.mk    |   4 ++--
 print/cups/distinfo         |   3 ++-
 print/cups/patches/patch-aw |  16 ++++++++++++++++
 4 files changed, 22 insertions(+), 5 deletions(-)

diffs (70 lines):

diff -r 148080300341 -r a2127736cefc print/cups/Makefile
--- a/print/cups/Makefile       Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/Makefile       Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.94 2005/06/01 20:08:01 jlam Exp $
+# $NetBSD: Makefile,v 1.94.2.1 2005/08/11 07:08:36 snj Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -6,7 +6,7 @@
 
 DISTNAME=      cups-${DIST_VERS}-source
 PKGNAME=       cups-${VERS}
-PKGREVISION=   2
+PKGREVISION=   3
 BASE_VERS=     1.1.23
 DIST_VERS=     ${BASE_VERS}
 VERS=          ${DIST_VERS:S/-/./g}
diff -r 148080300341 -r a2127736cefc print/cups/buildlink3.mk
--- a/print/cups/buildlink3.mk  Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/buildlink3.mk  Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.12 2005/01/11 00:09:21 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.12.4.1 2005/08/11 07:08:36 snj Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 CUPS_BUILDLINK3_MK:=   ${CUPS_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(CUPS_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.cups+=       cups>=1.1.19nb3
-BUILDLINK_RECOMMENDED.cups+=   cups>=1.1.23
+BUILDLINK_RECOMMENDED.cups+=   cups>=1.1.23nb3
 BUILDLINK_PKGSRCDIR.cups?=     ../../print/cups
 .endif # CUPS_BUILDLINK3_MK
 
diff -r 148080300341 -r a2127736cefc print/cups/distinfo
--- a/print/cups/distinfo       Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/distinfo       Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2005/03/02 18:33:02 drochner Exp $
+$NetBSD: distinfo,v 1.31.4.1 2005/08/11 07:08:36 snj Exp $
 
 SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c
 RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5
@@ -11,3 +11,4 @@
 SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f
 SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98
 SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11
+SHA1 (patch-aw) = f9a83423eac1a631b67e10911e0ef9e111da9b84
diff -r 148080300341 -r a2127736cefc print/cups/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/cups/patches/patch-aw       Thu Aug 11 07:08:36 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-aw,v 1.2.14.1 2005/08/11 07:08:37 snj Exp $
+
+Fix for CAN-2005-2097, from RedHat.
+
+--- pdftops/FontFile.cxx.orig  2004-02-02 23:41:09.000000000 +0100
++++ pdftops/FontFile.cxx       2005-08-10 22:30:54.000000000 +0200
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error (1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {



Home | Main Index | Thread Index | Old Index