Thu Jun 8 19:02:48 2023 UTC ()
Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix
Revisions pulled up:
- print/cups-base/Makefile 1.57
- print/cups-base/distinfo 1.33
- print/cups-base/patches/patch-cups_string.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 1 11:39:33 UTC 2023
Modified Files:
pkgsrc/print/cups-base: Makefile distinfo
Added Files:
pkgsrc/print/cups-base/patches: patch-cups_string.c
Log Message:
cups-base: fix security problem.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c
(spz)
diff -r1.54 -r1.54.2.1 pkgsrc/print/cups-base/Makefile
diff -r1.32 -r1.32.6.1 pkgsrc/print/cups-base/distinfo
diff -r0 -r1.1.2.2 pkgsrc/print/cups-base/patches/patch-cups_string.c
--- pkgsrc/print/cups-base/Makefile 2023/01/03 17:36:30 1.54
+++ pkgsrc/print/cups-base/Makefile 2023/06/08 19:02:47 1.54.2.1
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.54 2023/01/03 17:36:30 wiz Exp $
+# $NetBSD: Makefile,v 1.54.2.1 2023/06/08 19:02:47 spz Exp $
.include "../../print/cups/Makefile.common"
PKGNAME= cups-base-${CUPS_VERS}
-PKGREVISION= 6
+PKGREVISION= 7
MASTER_SITES= ${MASTER_SITE_GITHUB:=OpenPrinting/}
MAINTAINER= sbd@NetBSD.org
--- pkgsrc/print/cups-base/distinfo 2022/07/03 10:26:55 1.32
+++ pkgsrc/print/cups-base/distinfo 2023/06/08 19:02:47 1.32.6.1
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2022/07/03 10:26:55 wiz Exp $
+$NetBSD: distinfo,v 1.32.6.1 2023/06/08 19:02:47 spz Exp $
BLAKE2s (cups-2.4.2-source.tar.gz) = e9da26d5d208e4620074abc6e394cd66777a853e6e4c57e04cfd3645d85a2177
SHA512 (cups-2.4.2-source.tar.gz) = 07474643bffe11c79b3226b70d28f1bb803dc19daa10711938cea303feacdcce3945ba8ff0334d94fdd5922ea7d6bf37a28c1ea62cce8ce946c2f90a0faf002f
@@ -13,6 +13,7 @@
SHA1 (patch-config-scripts_cups-gssapi.m4) = 8ccde86c99ad5ce96c38ec0c2f76a99dc7f29331
SHA1 (patch-cups-tls.c) = b02bc528b6d551283373f271529d6f1956e1c7df
SHA1 (patch-cups_http-addrlist.c) = b8558e6c9a646299e16d7d47ab43bc79f1a0baa0
+SHA1 (patch-cups_string.c) = 2c8d7f488785c731e0c0d95caf85a6737691bf8a
SHA1 (patch-cups_thread.c) = 453f8bd9e13b7b824cc7add75ea9ef49b8e0c991
SHA1 (patch-doc-help-man-cups-files.conf.html) = c26754104788eb619e69e49d6d51bf84ab047876
SHA1 (patch-man-cups-files.conf.man.in) = 51c06d39e20bf8c39c784fec1f32f6c8100cf821
$NetBSD: patch-cups_string.c,v 1.1.2.2 2023/06/08 19:02:48 spz Exp $
Fix denial-of-service using patch from Michael R Sweet.
https://www.openwall.com/lists/oss-security/2023/06/01/1
--- cups/string.c.orig 2022-05-26 06:17:21.000000000 +0000
+++ cups/string.c
@@ -729,6 +729,8 @@ _cups_strlcpy(char *dst, /* O - D
{
size_t srclen; /* Length of source string */
+ if (size == 0)
+ return (0);
/*
* Figure out how much room is needed...