Add str3648.patch by Mike Sweet to address CVE-2010-2941.

Obtained from https://bugzilla.redhat.com/show_bug.cgi?id=624438 as Cups STR#3648 (http://www.cups.org/str.php?L3648) is not public yet!
author: sbd <sbd> 2010-11-12 08:24:31 +0000
committer: sbd <sbd> 2010-11-12 08:24:31 +0000
commit: 5327136152c6199411cd4041582f79e3e8113169 (patch)
tree: 6b2f748b0aefbfeeeb4f0527688879359433d165 /print
parent: 74c656851ce71d4f09af3063f9d3ac9f0833f807 (diff)
download: pkgsrc-5327136152c6199411cd4041582f79e3e8113169.tar.gz
4 files changed, 62 insertions, 3 deletions
diff --git a/print/cups/Makefile b/print/cups/Makefile
index 6c1f28a1dc5..38f8e495cec 100644
--- a/print/cups/Makefile
+++ b/print/cups/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.169 2010/07/14 11:25:19 sbd Exp $
+# $NetBSD: Makefile,v 1.170 2010/11/12 08:24:31 sbd Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -8,7 +8,7 @@ DISTNAME=	cups-${DIST_VERS}-source
 PKGNAME=	cups-${DIST_VERS:S/-/./g}
 BASE_VERS=	1.4.3
 DIST_VERS=	${BASE_VERS}
-PKGREVISION=	9
+PKGREVISION=	10
 
 CATEGORIES=	print
 MASTER_SITES=	http://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
diff --git a/print/cups/distinfo b/print/cups/distinfo
index cdcfb6838a4..77e2d1d2541 100644
--- a/print/cups/distinfo
+++ b/print/cups/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.75 2010/07/13 10:59:42 sbd Exp $
+$NetBSD: distinfo,v 1.76 2010/11/12 08:24:32 sbd Exp $
 
 SHA1 (cups-1.4.3-source.tar.bz2) = 0dd9e3d709614d26cce77728b9263556c94c9559
 RMD160 (cups-1.4.3-source.tar.bz2) = 6c5ab282405d6a1132163c727583f3a572307d88
@@ -19,6 +19,8 @@ SHA1 (patch-am) = b2cc09ac01e45c96247558667f875fd4a95b125f
 SHA1 (patch-an) = 231c871e31db279e8aeafba71506f93330e0a971
 SHA1 (patch-ao) = 7fe50080b9a6fd4dac186020f9351ef6000373c7
 SHA1 (patch-ap) = 70c5fa4a19ca2812818844180ca9db9cb7cfd601
+SHA1 (patch-aq) = 098d78b7dd82ae0d69804d736603cdad9814ee9a
+SHA1 (patch-ar) = ec48fcb37ed2525af4ee669e6f3fa6a253e7bf10
 SHA1 (patch-at) = aee1f0e8cbcd9e2dbcfa9af3fb675ea7ce1ce622
 SHA1 (patch-ba) = caf7c85d5c23cb36711b56cc401ae3b6f7e366df
 SHA1 (patch-bb) = 4a554f5815c8dd7a79d2a0c7080b8b5095b37515
diff --git a/print/cups/patches/patch-aq b/print/cups/patches/patch-aq
new file mode 100644
index 00000000000..7cc38f34e73
--- /dev/null
+++ b/print/cups/patches/patch-aq
@@ -0,0 +1,18 @@
+$NetBSD: patch-aq,v 1.4 2010/11/12 08:24:32 sbd Exp $
+
+Add str3648.patch by Mike Sweet to address CVE-2010-2941.
+Obtained from https://bugzilla.redhat.com/show_bug.cgi?id=624438
+as Cups STR#3648 (http://www.cups.org/str.php?L3648) is not public yet!
+
+--- cups/ipp.h.orig	2010-04-23 18:56:34.000000000 +0000
++++ cups/ipp.h
+@@ -93,7 +93,8 @@ typedef enum ipp_tag_e			/**** Format ta
+   IPP_TAG_END_COLLECTION,		/* End of collection value */
+   IPP_TAG_TEXT = 0x41,			/* Text value */
+   IPP_TAG_NAME,				/* Name value */
+-  IPP_TAG_KEYWORD = 0x44,		/* Keyword value */
++  IPP_TAG_RESERVED_STRING,		/* Reserved for future string value @private@ */
++  IPP_TAG_KEYWORD,			/* Keyword value */
+   IPP_TAG_URI,				/* URI value */
+   IPP_TAG_URISCHEME,			/* URI scheme value */
+   IPP_TAG_CHARSET,			/* Character set value */
diff --git a/print/cups/patches/patch-ar b/print/cups/patches/patch-ar
new file mode 100644
index 00000000000..0c68a557e4d
--- /dev/null
+++ b/print/cups/patches/patch-ar
@@ -0,0 +1,39 @@
+$NetBSD: patch-ar,v 1.4 2010/11/12 08:24:32 sbd Exp $
+
+Add str3648.patch by Mike Sweet to address CVE-2010-2941.
+Obtained from https://bugzilla.redhat.com/show_bug.cgi?id=624438
+as Cups STR#3648 (http://www.cups.org/str.php?L3648) is not public yet!
+
+--- cups/ipp.c.orig	2010-04-23 18:56:34.000000000 +0000
++++ cups/ipp.c
+@@ -1275,7 +1275,9 @@ ippReadIO(void       *src,		/* I - Data
+ 
+ 	      attr->value_tag = tag;
+ 	    }
+-	    else if ((value_tag >= IPP_TAG_TEXTLANG &&
++	    else if (value_tag == IPP_TAG_TEXTLANG ||
++	             value_tag == IPP_TAG_NAMELANG ||
++		     (value_tag >= IPP_TAG_TEXT &&
+ 		      value_tag <= IPP_TAG_MIMETYPE))
+             {
+ 	     /*
+@@ -1283,8 +1285,9 @@ ippReadIO(void       *src,		/* I - Data
+ 	      * forms; accept sets of differing values...
+ 	      */
+ 
+-	      if ((tag < IPP_TAG_TEXTLANG || tag > IPP_TAG_MIMETYPE) &&
+-	          tag != IPP_TAG_NOVALUE)
++	      if (tag != IPP_TAG_TEXTLANG && tag != IPP_TAG_NAMELANG &&
++	          (tag < IPP_TAG_TEXT || tag > IPP_TAG_MIMETYPE) &&
++		  tag != IPP_TAG_NOVALUE)
+ 	      {
+ 		DEBUG_printf(("1ippReadIO: 1setOf value tag %x(%s) != %x(%s)",
+ 			      value_tag, ippTagString(value_tag), tag,
+@@ -2766,6 +2769,7 @@ _ippFreeAttr(ipp_attribute_t *attr)	/* I
+   {
+     case IPP_TAG_TEXT :
+     case IPP_TAG_NAME :
++    case IPP_TAG_RESERVED_STRING :
+     case IPP_TAG_KEYWORD :
+     case IPP_TAG_URI :
+     case IPP_TAG_URISCHEME :
author	sbd <sbd>	2010-11-12 08:24:31 +0000
committer	sbd <sbd>	2010-11-12 08:24:31 +0000
commit	5327136152c6199411cd4041582f79e3e8113169 (patch)
tree	6b2f748b0aefbfeeeb4f0527688879359433d165 /print
parent	74c656851ce71d4f09af3063f9d3ac9f0833f807 (diff)
download	pkgsrc-5327136152c6199411cd4041582f79e3e8113169.tar.gz