Pullup ticket 328 - requested by Lubomir Sedlacik

security fix for cups

Revisions pulled up:
- pkgsrc/print/cups/Makefile		1.90
- pkgsrc/print/cups/distinfo		1.31
- pkgsrc/print/cups/patches/patch-au	1.4
- pkgsrc/print/cups/patches/patch-av	1.3

    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Wed Mar  2 18:33:02 UTC 2005

    Modified Files:
            pkgsrc/print/cups: Makefile distinfo
            pkgsrc/print/cups/patches: patch-au
    Added Files:
            pkgsrc/print/cups/patches: patch-av

    Log Message:
    Fix  CAN-2005-0206:
    An overflow check introduced earlier (for CAN-2004-0888) was never
    triggered on 64-bit systems because 64-bit arithmetics was used there.
    Sprinkle some casts to int su that the overflow can happen.
    This fix is similar to the redhat one. The fix for similar code
    in print/teTeX-bin looks much cleaner, but since cups already contains
    the wrong redhad fix, I've chosen to stay close to the original.
    bump PKGREVISION

4 files changed, 67 insertions, 5 deletions

diff --git a/print/cups/Makefile b/print/cups/Makefile
index e0f8e1b46d0..a9ef82e8b63 100644
--- a/print/cups/Makefile
+++ b/print/cups/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.82.2.2 2005/02/05 17:47:19 salo Exp $
+# $NetBSD: Makefile,v 1.82.2.3 2005/03/04 04:56:26 snj Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -6,7 +6,7 @@
 
 DISTNAME=	cups-${DIST_VERS}-source
 PKGNAME=	cups-${VERS}
-PKGREVISION=	1
+PKGREVISION=	2
 BASE_VERS=	1.1.23
 DIST_VERS=	${BASE_VERS}
 VERS=		${DIST_VERS:S/-/./g}
diff --git a/print/cups/distinfo b/print/cups/distinfo
index c484e60cf68..0bd9feda7b6 100644
--- a/print/cups/distinfo
+++ b/print/cups/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26.2.2 2005/02/05 17:47:19 salo Exp $
+$NetBSD: distinfo,v 1.26.2.3 2005/03/04 04:56:26 snj Exp $
 
 SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c
 Size (cups-1.1.23-source.tar.bz2) = 8705521 bytes
@@ -8,4 +8,5 @@ SHA1 (patch-ad) = 166749eb9fc7b4b20e123d81cd3b2cf96db27677
 SHA1 (patch-an) = de699800471069b1521ab2ba7194df445fb75892
 SHA1 (patch-ao) = c4c8f833cf4a09a686a338df6c209cebec36c6ef
 SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f
-SHA1 (patch-au) = 48d63140a54ff4b5af4216cfe6454adef4b66781
+SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98
+SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11
diff --git a/print/cups/patches/patch-au b/print/cups/patches/patch-au
index 5c7a23aba71..2050bbd3633 100644
--- a/print/cups/patches/patch-au
+++ b/print/cups/patches/patch-au
@@ -1,7 +1,43 @@
-$NetBSD: patch-au,v 1.2.10.1 2005/02/05 17:47:19 salo Exp $
+$NetBSD: patch-au,v 1.2.10.2 2005/03/04 04:56:26 snj Exp $
 
 --- pdftops/XRef.cxx.orig	2004-10-13 22:55:53.000000000 +0200
 +++ pdftops/XRef.cxx
+@@ -76,7 +76,7 @@ XRef::XRef(BaseStream *strA, GString *ow
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if (size*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -291,7 +291,7 @@ GBool XRef::readXRef(Guint *pos) {
+     // table size
+     if (first + n > size) {
+       newSize = first + n;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -445,7 +445,7 @@ GBool XRef::constructXRef() {
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
+@@ -470,7 +470,7 @@ GBool XRef::constructXRef() {
+     } else if (!strncmp(p, "endstream", 9)) {
+       if (streamEndsLen == streamEndsSize) {
+ 	streamEndsSize += 64;
+-        if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
++        if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) {
+           error(-1, "Invalid 'endstream' parameter.");
+           return gFalse;
+         }
 @@ -527,6 +527,9 @@ GBool XRef::checkEncrypted(GString *owne
  	} else {
  	  keyLength = 5;
diff --git a/print/cups/patches/patch-av b/print/cups/patches/patch-av
new file mode 100644
index 00000000000..8fd211aa379
--- /dev/null
+++ b/print/cups/patches/patch-av
@@ -0,0 +1,25 @@
+$NetBSD: patch-av,v 1.2.10.1 2005/03/04 04:56:26 snj Exp $
+
+--- pdftops/Catalog.cxx.orig	2005-03-01 15:38:37.000000000 +0100
++++ pdftops/Catalog.cxx
+@@ -64,8 +64,8 @@ Catalog::Catalog(XRef *xrefA) {
+   }
+   pagesSize = numPages0 = (int)obj.getNum();
+   obj.free();
+-  if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+-      pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++  if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize ||
++      pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) {
+     error(-1, "Invalid 'pagesSize'");
+     ok = gFalse;
+     return;
+@@ -197,7 +197,8 @@ int Catalog::readPageTree(Dict *pagesDic
+       }
+       if (start >= pagesSize) {
+ 	pagesSize += 32;
+-        if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize) {
++        if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize ||
++		pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) {
+           error(-1, "Invalid 'pagesSize' parameter.");
+           goto err3;
+         }