diff options
| author | salo <salo@pkgsrc.org> | 2005-08-10 23:37:08 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-08-10 23:37:08 +0000 |
| commit | 70d299a0daef501802b3d0d80962ea7158770582 (patch) | |
| tree | d221c5ff5ef4fd0e43093195381f47bb874dc7d1 | |
| parent | 8a98b824919c92bc14bf40ebc53a118c2634e9b6 (diff) | |
| download | pkgsrc-70d299a0daef501802b3d0d80962ea7158770582.tar.gz | |
Security fix for CAN-2005-2097.
"A vulnerability has been reported in CUPS, which can be exploited by malicious
people to cause a DoS (Denial of Service) on a vulnerable system.
When processing a PDF file, bounds checking was not correctly performed on
some fields. This could cause the pdftops filter (running as user "lp") to
crash."
http://secunia.com/advisories/16380/
http://rhn.redhat.com/errata/RHSA-2005-706.html
Patch from RedHat.
| -rw-r--r-- | print/cups/Makefile | 4 | ||||
| -rw-r--r-- | print/cups/buildlink3.mk | 4 | ||||
| -rw-r--r-- | print/cups/distinfo | 3 | ||||
| -rw-r--r-- | print/cups/patches/patch-aw | 24 |
4 files changed, 30 insertions, 5 deletions
diff --git a/print/cups/Makefile b/print/cups/Makefile index e7e7737834c..cf11b2140b3 100644 --- a/print/cups/Makefile +++ b/print/cups/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.94 2005/06/01 20:08:01 jlam Exp $ +# $NetBSD: Makefile,v 1.95 2005/08/10 23:37:08 salo Exp $ # # The CUPS author is very good about taking back changes into the main # CUPS distribution. The correct place to send patches or bug-fixes is: @@ -6,7 +6,7 @@ DISTNAME= cups-${DIST_VERS}-source PKGNAME= cups-${VERS} -PKGREVISION= 2 +PKGREVISION= 3 BASE_VERS= 1.1.23 DIST_VERS= ${BASE_VERS} VERS= ${DIST_VERS:S/-/./g} diff --git a/print/cups/buildlink3.mk b/print/cups/buildlink3.mk index 055b1885ccf..f32976fe339 100644 --- a/print/cups/buildlink3.mk +++ b/print/cups/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.12 2005/01/11 00:09:21 salo Exp $ +# $NetBSD: buildlink3.mk,v 1.13 2005/08/10 23:37:08 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ CUPS_BUILDLINK3_MK:= ${CUPS_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= cups .if !empty(CUPS_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.cups+= cups>=1.1.19nb3 -BUILDLINK_RECOMMENDED.cups+= cups>=1.1.23 +BUILDLINK_RECOMMENDED.cups+= cups>=1.1.23nb3 BUILDLINK_PKGSRCDIR.cups?= ../../print/cups .endif # CUPS_BUILDLINK3_MK diff --git a/print/cups/distinfo b/print/cups/distinfo index 4ac88e4fae7..b6ca0cbb20c 100644 --- a/print/cups/distinfo +++ b/print/cups/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.31 2005/03/02 18:33:02 drochner Exp $ +$NetBSD: distinfo,v 1.32 2005/08/10 23:37:08 salo Exp $ SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5 @@ -11,3 +11,4 @@ SHA1 (patch-ao) = c4c8f833cf4a09a686a338df6c209cebec36c6ef SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98 SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11 +SHA1 (patch-aw) = fbfe7c89952b5aadd48ee84b7d0502fa4e280870 diff --git a/print/cups/patches/patch-aw b/print/cups/patches/patch-aw new file mode 100644 index 00000000000..920a41852eb --- /dev/null +++ b/print/cups/patches/patch-aw @@ -0,0 +1,24 @@ +$NetBSD: patch-aw,v 1.3 2005/08/10 23:37:08 salo Exp $ + +Fix for CAN-2005-2097, from RedHat. + +--- pdftops/FontFile.cxx.orig 2004-02-02 23:41:09.000000000 +0100 ++++ pdftops/FontFile.cxx 2005-08-10 22:30:54.000000000 +0200 +@@ -18,6 +18,7 @@ + #include <stdarg.h> + #include <string.h> + #include <ctype.h> ++#include <error.h> + #include "gmem.h" + #include "GHash.h" + #include "Error.h" +@@ -3572,6 +3573,9 @@ + } else { + origLocaTable[i].pos = 2 * getUShort(pos + 2*i); + } ++ ++ if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len) ++ error (1, 0, "bad loca table pos value"); + } + qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos); + for (i = 0; i < nGlyphs; ++i) { |