Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E844384D5B for ; Thu, 8 Jun 2023 19:02:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id cnlzKLf8aLN9 for ; Thu, 8 Jun 2023 19:02:48 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 4506284D2E for ; Thu, 8 Jun 2023 19:02:48 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 3D1CAFA89; Thu, 8 Jun 2023 19:02:48 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_168625096860000" MIME-Version: 1.0 Date: Thu, 8 Jun 2023 19:02:48 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2023Q1] pkgsrc/print/cups-base To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20230608190248.3D1CAFA89@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_168625096860000 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Thu Jun 8 19:02:48 UTC 2023 Modified Files: pkgsrc/print/cups-base [pkgsrc-2023Q1]: Makefile distinfo Added Files: pkgsrc/print/cups-base/patches [pkgsrc-2023Q1]: patch-cups_string.c Log Message: Pullup ticket #6761 - requested by bsiegert print/cups-base: security fix Revisions pulled up: - print/cups-base/Makefile 1.57 - print/cups-base/distinfo 1.33 - print/cups-base/patches/patch-cups_string.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Thu Jun 1 11:39:33 UTC 2023 Modified Files: pkgsrc/print/cups-base: Makefile distinfo Added Files: pkgsrc/print/cups-base/patches: patch-cups_string.c Log Message: cups-base: fix security problem. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile cvs rdiff -u -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/print/cups-base/patches/patch-cups_string.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_168625096860000 Content-Disposition: inline Content-Length: 3136 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/print/cups-base/Makefile diff -u pkgsrc/print/cups-base/Makefile:1.54 pkgsrc/print/cups-base/Makefile:1.54.2.1 --- pkgsrc/print/cups-base/Makefile:1.54 Tue Jan 3 17:36:30 2023 +++ pkgsrc/print/cups-base/Makefile Thu Jun 8 19:02:47 2023 @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.54 2023/01/03 17:36:30 wiz Exp $ +# $NetBSD: Makefile,v 1.54.2.1 2023/06/08 19:02:47 spz Exp $ .include "../../print/cups/Makefile.common" PKGNAME= cups-base-${CUPS_VERS} -PKGREVISION= 6 +PKGREVISION= 7 MASTER_SITES= ${MASTER_SITE_GITHUB:=OpenPrinting/} MAINTAINER= sbd@NetBSD.org Index: pkgsrc/print/cups-base/distinfo diff -u pkgsrc/print/cups-base/distinfo:1.32 pkgsrc/print/cups-base/distinfo:1.32.6.1 --- pkgsrc/print/cups-base/distinfo:1.32 Sun Jul 3 10:26:55 2022 +++ pkgsrc/print/cups-base/distinfo Thu Jun 8 19:02:47 2023 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2022/07/03 10:26:55 wiz Exp $ +$NetBSD: distinfo,v 1.32.6.1 2023/06/08 19:02:47 spz Exp $ BLAKE2s (cups-2.4.2-source.tar.gz) = e9da26d5d208e4620074abc6e394cd66777a853e6e4c57e04cfd3645d85a2177 SHA512 (cups-2.4.2-source.tar.gz) = 07474643bffe11c79b3226b70d28f1bb803dc19daa10711938cea303feacdcce3945ba8ff0334d94fdd5922ea7d6bf37a28c1ea62cce8ce946c2f90a0faf002f @@ -13,6 +13,7 @@ SHA1 (patch-config-scripts_cups-director SHA1 (patch-config-scripts_cups-gssapi.m4) = 8ccde86c99ad5ce96c38ec0c2f76a99dc7f29331 SHA1 (patch-cups-tls.c) = b02bc528b6d551283373f271529d6f1956e1c7df SHA1 (patch-cups_http-addrlist.c) = b8558e6c9a646299e16d7d47ab43bc79f1a0baa0 +SHA1 (patch-cups_string.c) = 2c8d7f488785c731e0c0d95caf85a6737691bf8a SHA1 (patch-cups_thread.c) = 453f8bd9e13b7b824cc7add75ea9ef49b8e0c991 SHA1 (patch-doc-help-man-cups-files.conf.html) = c26754104788eb619e69e49d6d51bf84ab047876 SHA1 (patch-man-cups-files.conf.man.in) = 51c06d39e20bf8c39c784fec1f32f6c8100cf821 Added files: Index: pkgsrc/print/cups-base/patches/patch-cups_string.c diff -u /dev/null pkgsrc/print/cups-base/patches/patch-cups_string.c:1.1.2.2 --- /dev/null Thu Jun 8 19:02:48 2023 +++ pkgsrc/print/cups-base/patches/patch-cups_string.c Thu Jun 8 19:02:48 2023 @@ -0,0 +1,16 @@ +$NetBSD: patch-cups_string.c,v 1.1.2.2 2023/06/08 19:02:48 spz Exp $ + +Fix denial-of-service using patch from Michael R Sweet. +https://www.openwall.com/lists/oss-security/2023/06/01/1 + +--- cups/string.c.orig 2022-05-26 06:17:21.000000000 +0000 ++++ cups/string.c +@@ -729,6 +729,8 @@ _cups_strlcpy(char *dst, /* O - D + { + size_t srclen; /* Length of source string */ + ++ if (size == 0) ++ return (0); + + /* + * Figure out how much room is needed... --_----------=_168625096860000--