pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q2]: pkgsrc/print/cups Pullup ticket 673 - requested by Lu...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a2127736cefc
branches: pkgsrc-2005Q2
changeset: 495975:a2127736cefc
user: snj <snj%pkgsrc.org@localhost>
date: Thu Aug 11 07:08:36 2005 +0000
description:
Pullup ticket 673 - requested by Lubomir Sedlacik
security fix for cups
Revisions pulled up:
- pkgsrc/print/cups/Makefile 1.95
- pkgsrc/print/cups/buildlink3.mk 1.13
- pkgsrc/print/cups/distinfo 1.32-1.33
- pkgsrc/print/cups/patches/patch-aw 1.3-1.4
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 10 23:37:08 UTC 2005
Modified Files:
pkgsrc/print/cups: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/print/cups/patches: patch-aw
Log Message:
Security fix for CAN-2005-2097.
"A vulnerability has been reported in CUPS, which can be exploited by
malic ious people to cause a DoS (Denial of Service) on a vulnerable
system.
When processing a PDF file, bounds checking was not correctly performed on
some fields. This could cause the pdftops filter (running as user "lp") to
crash."
http://secunia.com/advisories/16380/
http://rhn.redhat.com/errata/RHSA-2005-706.html
Patch from RedHat.
----
Module Name: pkgsrc
Committed By: salo
Date: Thu Aug 11 00:03:18 UTC 2005
Modified Files:
pkgsrc/print/cups: distinfo
pkgsrc/print/cups/patches: patch-aw
Log Message:
Remove erroneous (literally) include.
diffstat:
print/cups/Makefile | 4 ++--
print/cups/buildlink3.mk | 4 ++--
print/cups/distinfo | 3 ++-
print/cups/patches/patch-aw | 16 ++++++++++++++++
4 files changed, 22 insertions(+), 5 deletions(-)
diffs (70 lines):
diff -r 148080300341 -r a2127736cefc print/cups/Makefile
--- a/print/cups/Makefile Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/Makefile Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.94 2005/06/01 20:08:01 jlam Exp $
+# $NetBSD: Makefile,v 1.94.2.1 2005/08/11 07:08:36 snj Exp $
#
# The CUPS author is very good about taking back changes into the main
# CUPS distribution. The correct place to send patches or bug-fixes is:
@@ -6,7 +6,7 @@
DISTNAME= cups-${DIST_VERS}-source
PKGNAME= cups-${VERS}
-PKGREVISION= 2
+PKGREVISION= 3
BASE_VERS= 1.1.23
DIST_VERS= ${BASE_VERS}
VERS= ${DIST_VERS:S/-/./g}
diff -r 148080300341 -r a2127736cefc print/cups/buildlink3.mk
--- a/print/cups/buildlink3.mk Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/buildlink3.mk Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.12 2005/01/11 00:09:21 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.12.4.1 2005/08/11 07:08:36 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
CUPS_BUILDLINK3_MK:= ${CUPS_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(CUPS_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.cups+= cups>=1.1.19nb3
-BUILDLINK_RECOMMENDED.cups+= cups>=1.1.23
+BUILDLINK_RECOMMENDED.cups+= cups>=1.1.23nb3
BUILDLINK_PKGSRCDIR.cups?= ../../print/cups
.endif # CUPS_BUILDLINK3_MK
diff -r 148080300341 -r a2127736cefc print/cups/distinfo
--- a/print/cups/distinfo Wed Aug 10 18:29:03 2005 +0000
+++ b/print/cups/distinfo Thu Aug 11 07:08:36 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2005/03/02 18:33:02 drochner Exp $
+$NetBSD: distinfo,v 1.31.4.1 2005/08/11 07:08:36 snj Exp $
SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c
RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5
@@ -11,3 +11,4 @@
SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f
SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98
SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11
+SHA1 (patch-aw) = f9a83423eac1a631b67e10911e0ef9e111da9b84
diff -r 148080300341 -r a2127736cefc print/cups/patches/patch-aw
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/cups/patches/patch-aw Thu Aug 11 07:08:36 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-aw,v 1.2.14.1 2005/08/11 07:08:37 snj Exp $
+
+Fix for CAN-2005-2097, from RedHat.
+
+--- pdftops/FontFile.cxx.orig 2004-02-02 23:41:09.000000000 +0100
++++ pdftops/FontFile.cxx 2005-08-10 22:30:54.000000000 +0200
+@@ -3572,6 +3573,9 @@
+ } else {
+ origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+ }
++
++ if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++ error (1, 0, "bad loca table pos value");
+ }
+ qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+ for (i = 0; i < nGlyphs; ++i) {
Home |
Main Index |
Thread Index |
Old Index