Thu Jun 8 19:02:48 2023 UTC ()
Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix

Revisions pulled up:
- print/cups-base/Makefile                                      1.57
- print/cups-base/distinfo                                      1.33
- print/cups-base/patches/patch-cups_string.c                   1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Thu Jun  1 11:39:33 UTC 2023

   Modified Files:
           pkgsrc/print/cups-base: Makefile distinfo
   Added Files:
           pkgsrc/print/cups-base/patches: patch-cups_string.c

   Log Message:
   cups-base: fix security problem.

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
   cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c


(spz)
diff -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile
diff -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo
diff -r0 -r1.1.2.2 pkgsrc/print/cups-base/patches/patch-cups_string.c
cvs diff -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile (expand / switch to context diff)
--- pkgsrc/print/cups-base/Makefile 2023/01/03 17:36:30 1.54
+++ pkgsrc/print/cups-base/Makefile 2023/06/08 19:02:47 1.54.2.1
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.54 2023/01/03 17:36:30 wiz Exp $
+# $NetBSD: Makefile,v 1.54.2.1 2023/06/08 19:02:47 spz Exp $
 
 .include "../../print/cups/Makefile.common"
 
 PKGNAME=	cups-base-${CUPS_VERS}
-PKGREVISION=	6
+PKGREVISION=	7
 MASTER_SITES=	${MASTER_SITE_GITHUB:=OpenPrinting/}
 
 MAINTAINER=	sbd@NetBSD.org
cvs diff -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo (expand / switch to context diff)
--- pkgsrc/print/cups-base/distinfo 2022/07/03 10:26:55 1.32
+++ pkgsrc/print/cups-base/distinfo 2023/06/08 19:02:47 1.32.6.1
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2022/07/03 10:26:55 wiz Exp $
+$NetBSD: distinfo,v 1.32.6.1 2023/06/08 19:02:47 spz Exp $
 
 BLAKE2s (cups-2.4.2-source.tar.gz) = e9da26d5d208e4620074abc6e394cd66777a853e6e4c57e04cfd3645d85a2177
 SHA512 (cups-2.4.2-source.tar.gz) = 07474643bffe11c79b3226b70d28f1bb803dc19daa10711938cea303feacdcce3945ba8ff0334d94fdd5922ea7d6bf37a28c1ea62cce8ce946c2f90a0faf002f
@@ -13,6 +13,7 @@
 SHA1 (patch-config-scripts_cups-gssapi.m4) = 8ccde86c99ad5ce96c38ec0c2f76a99dc7f29331
 SHA1 (patch-cups-tls.c) = b02bc528b6d551283373f271529d6f1956e1c7df
 SHA1 (patch-cups_http-addrlist.c) = b8558e6c9a646299e16d7d47ab43bc79f1a0baa0
+SHA1 (patch-cups_string.c) = 2c8d7f488785c731e0c0d95caf85a6737691bf8a
 SHA1 (patch-cups_thread.c) = 453f8bd9e13b7b824cc7add75ea9ef49b8e0c991
 SHA1 (patch-doc-help-man-cups-files.conf.html) = c26754104788eb619e69e49d6d51bf84ab047876
 SHA1 (patch-man-cups-files.conf.man.in) = 51c06d39e20bf8c39c784fec1f32f6c8100cf821
File Added: pkgsrc/print/cups-base/patches/Attic/patch-cups_string.c
$NetBSD: patch-cups_string.c,v 1.1.2.2 2023/06/08 19:02:48 spz Exp $

Fix denial-of-service using patch from Michael R Sweet.
https://www.openwall.com/lists/oss-security/2023/06/01/1

--- cups/string.c.orig	2022-05-26 06:17:21.000000000 +0000
+++ cups/string.c
@@ -729,6 +729,8 @@ _cups_strlcpy(char       *dst,		/* O - D
 {
   size_t	srclen;			/* Length of source string */
 
+  if (size == 0)                                                                                                                                                                                                                                                            
+    return (0);                                                                                                                                                                                                                                                             
 
  /*
   * Figure out how much room is needed...