Thu Jun 8 19:02:48 2023 UTC ()
Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix

Revisions pulled up:
- print/cups-base/Makefile                                      1.57
- print/cups-base/distinfo                                      1.33
- print/cups-base/patches/patch-cups_string.c                   1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Thu Jun  1 11:39:33 UTC 2023

   Modified Files:
           pkgsrc/print/cups-base: Makefile distinfo
   Added Files:
           pkgsrc/print/cups-base/patches: patch-cups_string.c

   Log Message:
   cups-base: fix security problem.

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
   cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c


(spz)
diff -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile
diff -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo
diff -r0 -r1.1.2.2 pkgsrc/print/cups-base/patches/patch-cups_string.c
cvs diff -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile (expand / switch to unified diff)

--- pkgsrc/print/cups-base/Makefile 2023/01/03 17:36:30 1.54
+++ pkgsrc/print/cups-base/Makefile 2023/06/08 19:02:47 1.54.2.1
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.54 2023/01/03 17:36:30 wiz Exp $ 1# $NetBSD: Makefile,v 1.54.2.1 2023/06/08 19:02:47 spz Exp $
2 2
3.include "../../print/cups/Makefile.common" 3.include "../../print/cups/Makefile.common"
4 4
5PKGNAME= cups-base-${CUPS_VERS} 5PKGNAME= cups-base-${CUPS_VERS}
6PKGREVISION= 6 6PKGREVISION= 7
7MASTER_SITES= ${MASTER_SITE_GITHUB:=OpenPrinting/} 7MASTER_SITES= ${MASTER_SITE_GITHUB:=OpenPrinting/}
8 8
9MAINTAINER= sbd@NetBSD.org 9MAINTAINER= sbd@NetBSD.org
10COMMENT= Common UNIX Printing System 10COMMENT= Common UNIX Printing System
11 11
12GITHUB_PROJECT= cups 12GITHUB_PROJECT= cups
13GITHUB_RELEASE= v${PKGVERSION_NOREV} 13GITHUB_RELEASE= v${PKGVERSION_NOREV}
14 14
15CONFLICTS+= LPRng-[0-9]* LPRng-core-[0-9]* 15CONFLICTS+= LPRng-[0-9]* LPRng-core-[0-9]*
16 16
17WRKSRC= ${WRKDIR}/${DISTNAME:S/-source//} 17WRKSRC= ${WRKDIR}/${DISTNAME:S/-source//}
18UNLIMIT_RESOURCES= datasize memorysize 18UNLIMIT_RESOURCES= datasize memorysize
19USE_LANGUAGES= c c++ # pdftops is a C++ application 19USE_LANGUAGES= c c++ # pdftops is a C++ application
cvs diff -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo (expand / switch to unified diff)

--- pkgsrc/print/cups-base/distinfo 2022/07/03 10:26:55 1.32
+++ pkgsrc/print/cups-base/distinfo 2023/06/08 19:02:47 1.32.6.1
@@ -1,24 +1,25 @@ @@ -1,24 +1,25 @@
1$NetBSD: distinfo,v 1.32 2022/07/03 10:26:55 wiz Exp $ 1$NetBSD: distinfo,v 1.32.6.1 2023/06/08 19:02:47 spz Exp $
2 2
3BLAKE2s (cups-2.4.2-source.tar.gz) = e9da26d5d208e4620074abc6e394cd66777a853e6e4c57e04cfd3645d85a2177 3BLAKE2s (cups-2.4.2-source.tar.gz) = e9da26d5d208e4620074abc6e394cd66777a853e6e4c57e04cfd3645d85a2177
4SHA512 (cups-2.4.2-source.tar.gz) = 07474643bffe11c79b3226b70d28f1bb803dc19daa10711938cea303feacdcce3945ba8ff0334d94fdd5922ea7d6bf37a28c1ea62cce8ce946c2f90a0faf002f 4SHA512 (cups-2.4.2-source.tar.gz) = 07474643bffe11c79b3226b70d28f1bb803dc19daa10711938cea303feacdcce3945ba8ff0334d94fdd5922ea7d6bf37a28c1ea62cce8ce946c2f90a0faf002f
5Size (cups-2.4.2-source.tar.gz) = 8128785 bytes 5Size (cups-2.4.2-source.tar.gz) = 8128785 bytes
6SHA1 (patch-ae) = b81d7a2ce457f0d6994d6a084c63aa0a870bb881 6SHA1 (patch-ae) = b81d7a2ce457f0d6994d6a084c63aa0a870bb881
7SHA1 (patch-ai) = d4aa1b59c77fa2cbf614eb661d9a791311b399c2 7SHA1 (patch-ai) = d4aa1b59c77fa2cbf614eb661d9a791311b399c2
8SHA1 (patch-at) = 9517bff0bf2c892f0723a25f243ba188f7781393 8SHA1 (patch-at) = 9517bff0bf2c892f0723a25f243ba188f7781393
9SHA1 (patch-conf-cups-files.conf.in) = b2eccf54e108d8c9e70094acfd9618a66779a84a 9SHA1 (patch-conf-cups-files.conf.in) = b2eccf54e108d8c9e70094acfd9618a66779a84a
10SHA1 (patch-conf_Makefile) = ba1c6f9e5c1bb8074038f65f4d17bf55e556738e 10SHA1 (patch-conf_Makefile) = ba1c6f9e5c1bb8074038f65f4d17bf55e556738e
11SHA1 (patch-config-scripts_cups-compiler.m4) = 5446340c9b4976b0814a72e680025f5cab5da54a 11SHA1 (patch-config-scripts_cups-compiler.m4) = 5446340c9b4976b0814a72e680025f5cab5da54a
12SHA1 (patch-config-scripts_cups-directories.m4) = 272a10e2ae70c589a65d73fe788f62fcbb2392b0 12SHA1 (patch-config-scripts_cups-directories.m4) = 272a10e2ae70c589a65d73fe788f62fcbb2392b0
13SHA1 (patch-config-scripts_cups-gssapi.m4) = 8ccde86c99ad5ce96c38ec0c2f76a99dc7f29331 13SHA1 (patch-config-scripts_cups-gssapi.m4) = 8ccde86c99ad5ce96c38ec0c2f76a99dc7f29331
14SHA1 (patch-cups-tls.c) = b02bc528b6d551283373f271529d6f1956e1c7df 14SHA1 (patch-cups-tls.c) = b02bc528b6d551283373f271529d6f1956e1c7df
15SHA1 (patch-cups_http-addrlist.c) = b8558e6c9a646299e16d7d47ab43bc79f1a0baa0 15SHA1 (patch-cups_http-addrlist.c) = b8558e6c9a646299e16d7d47ab43bc79f1a0baa0
 16SHA1 (patch-cups_string.c) = 2c8d7f488785c731e0c0d95caf85a6737691bf8a
16SHA1 (patch-cups_thread.c) = 453f8bd9e13b7b824cc7add75ea9ef49b8e0c991 17SHA1 (patch-cups_thread.c) = 453f8bd9e13b7b824cc7add75ea9ef49b8e0c991
17SHA1 (patch-doc-help-man-cups-files.conf.html) = c26754104788eb619e69e49d6d51bf84ab047876 18SHA1 (patch-doc-help-man-cups-files.conf.html) = c26754104788eb619e69e49d6d51bf84ab047876
18SHA1 (patch-man-cups-files.conf.man.in) = 51c06d39e20bf8c39c784fec1f32f6c8100cf821 19SHA1 (patch-man-cups-files.conf.man.in) = 51c06d39e20bf8c39c784fec1f32f6c8100cf821
19SHA1 (patch-scheduler-conf.c) = 3e8dda2dc04c31a58a902c70161724a57bdc3e43 20SHA1 (patch-scheduler-conf.c) = 3e8dda2dc04c31a58a902c70161724a57bdc3e43
20SHA1 (patch-scheduler-conf.h) = cd5c49579795c69b50abbff2b0f9604ffe8bfa5a 21SHA1 (patch-scheduler-conf.h) = cd5c49579795c69b50abbff2b0f9604ffe8bfa5a
21SHA1 (patch-scheduler-main.c) = a5410c7f78756506d23d705dfa93a756fe3e513e 22SHA1 (patch-scheduler-main.c) = a5410c7f78756506d23d705dfa93a756fe3e513e
22SHA1 (patch-scheduler_auth.c) = 686b26286b7ad88363ddc7b394aefbfb3ad26c2d 23SHA1 (patch-scheduler_auth.c) = 686b26286b7ad88363ddc7b394aefbfb3ad26c2d
23SHA1 (patch-scheduler_dirsvc.c) = 1dba98dc171df733acb99e5f31ad838845a917bc 24SHA1 (patch-scheduler_dirsvc.c) = 1dba98dc171df733acb99e5f31ad838845a917bc
24SHA1 (patch-tools_ippfind.c) = f0774fcf5ece380fd6fa09adb3c068910ddfa367 25SHA1 (patch-tools_ippfind.c) = f0774fcf5ece380fd6fa09adb3c068910ddfa367
File Added: pkgsrc/print/cups-base/patches/Attic/patch-cups_string.c
$NetBSD: patch-cups_string.c,v 1.1.2.2 2023/06/08 19:02:48 spz Exp $

Fix denial-of-service using patch from Michael R Sweet.
https://www.openwall.com/lists/oss-security/2023/06/01/1

--- cups/string.c.orig	2022-05-26 06:17:21.000000000 +0000
+++ cups/string.c
@@ -729,6 +729,8 @@ _cups_strlcpy(char       *dst,		/* O - D
 {
   size_t	srclen;			/* Length of source string */
 
+  if (size == 0)                                                                                                                                                                                                                                                            
+    return (0);                                                                                                                                                                                                                                                             
 
  /*
   * Figure out how much room is needed...