pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q3]: pkgsrc/print/cups pullup ticket #2574 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1cb07583b74d
branches: pkgsrc-2008Q3
changeset: 547866:1cb07583b74d
user: rtr <rtr%pkgsrc.org@localhost>
date: Tue Nov 04 12:25:43 2008 +0000
description:
pullup ticket #2574 - requested by bouyer
cups: update package for security and bug fixes
revisions pulled up:
cvs rdiff -r1.135 -r1.136 pkgsrc/print/cups/Makefile
cvs rdiff -r1.24 -r1.25 pkgsrc/print/cups/PLIST
cvs rdiff -r1.56 -r1.57 pkgsrc/print/cups/distinfo
cvs rdiff -r1.11 -r0 pkgsrc/print/cups/patches/patch-au
Modified Files:
pkgsrc/print/cups: Makefile PLIST distinfo
Removed Files:
pkgsrc/print/cups/patches: patch-au
Log Message:
Upgrade cups to version 1.3.9 in order to fix CVE-2008-3639, CVE-2008-3640
and CVE-2008-3641. Also, it fixes a ton of bugs and has portability
enhancements. Full list of changes:
- SECURITY: The HP-GL/2 filter did not range check pen numbers
(STR #2911)
- SECURITY: The SGI image file reader did not range check
16-bit run lengths (STR #2918)
- SECURITY: The text filter did not range check cpi, lpi, or
column values (STR #2919)
- Documentation updates (STR #2904, STR #2944)
- The French web admin page was never updated (STR #2963)
- The IPP backend did not retry print jobs when the printer
reported itself as busy or unavailable (STR #2951)
- The "Set Allowed Users" web interface did not handle trailing
whitespace correctly (STR #2956)
- The PostScript filter did not work with Adobe applications
using custom page sizes (STR #2968)
- The Mac OS X USB backend did not work with some printers
that reported a bad 1284 device ID.
- The scheduler incorrectly resolved the client connection
address when HostNameLookups was set to Off (STR #2946)
- The IPP backend incorrectly stopped the local queue if
the remote server reported the "paused" state.
- The cupsGetDests() function did not catch all types of
request errors.
- The scheduler did not always log "job queued" messages
(STR #2943)
- The scheduler did not support destination filtering using
the printer-location attribute properly (STR #2945)
- The scheduler did not send the server-started,
server-restarted, or server-stopped events (STR #2927)
- The scheduler no longer enforces configuration file
permissions on symlinked files (STR #2937)
- CUPS now reinitializes the DNS resolver on failures
(STR #2920)
- The CUPS desktop menu item was broken (STR #2924)
- The PPD parser was too strict about missing keyword
values in "relaxed" mode.
- The PostScript filter incorrectly mirrored landscape
documents.
- The scheduler did not correctly update the
auth-info-required value(s) if the AuthType was Default.
- The scheduler required Kerberos authentication for
all operations on remote Kerberized printers instead
of just for the operations that needed it.
- The socket backend could wait indefinitely for back-
channel data with some devices.
- PJL panel messages were not reset correctly on older
printers (STR #2909)
- cupsfilter used the wrong default path (STR #2908)
- Fixed address matching for "BrowseAddress @IF(name)"
(STR #2910)
- Fixed compiles on AIX.
- Firefox 3 did not work with the CUPS web interface in SSL
mode (STR #2892)
- Custom options with multiple parameters were not emitted
correctly.
- Refined the cupstestppd utility.
- ppdEmit*() did not support custom JCL options (STR #2889)
- The cupstestppd utility incorrectly reported missing
"en" base translations (STR #2887)
- Documentation updates (STR #2785, STR #2861, STR #2862)
- The scheduler did not add the ending job sheet when the
job was released.
- The IPP backend did not relay marker-* attributes.
- The CUPS GNOME/KDE menu item was not localized for
Chinese (STR #2880)
- The CUPS GNOME/KDE menu item was not localized for
Japanese (STR #2876)
- The cupstestppd utility reported mixed line endings for
Mac OS and Windows PPD files (STR #2874)
- The pdftops filter did not print landscape orientation PDF
pages correctly on all printers (STR #2850)
- The scheduler did not handle expiring of implicit classes
or their members properly, leading to a configuration where
one of the members would have a short name (STR #2766)
- The scheduler and cupstestppd utilities did not support
cupsFilter and cupsPreFilter programs with spaces in their
names (STR #2866)
- Removed unused variables and assignments found by the
LLVM "clang" tool.
- Added NULL checks recommended by the LLVM "clang" tool.
- The scheduler would crash if you started a printer that
pointed to a backend that did not exist (STR #2865)
- The ppdLocalize functions incorrectly mapped all generic
locales to country-specific locales.
- The cups-driverd program did not support Simplified Chinese
or Traditional Chinese language version strings (STR #2851)
- Added an Indonesian translation (STR #2792)
- Fixed a timing issue in the backends that could cause data
corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel
command (STR #2858)
- The scheduler did not support "HostNameLookups" with all of
the boolean names (STR #2861)
- Fixed a compile problem with glibc 2.8 (STR #2860)
- The PostScript filter did not support %%IncludeFeature lines
in the page setup section of each page (STR #2831)
- The scheduler did not generate printer-state events when the
default printer was changed (STR #2764)
- cupstestppd incorrectly reported a warning about the PPD format
version in some locales (STR #2854)
- cupsGetPPD() and friends incorrectly returned a PPD file for
a class with no printers.
- The member-uris values for local printers in a class returned
by the scheduler did not reflect the connected hostname or
port.
- The CUPS PHP extension was not thread-safe (STR #2828)
- The scheduler incorrectly added the document-format-default
attribute to the list of "common" printer attributes, which
over time would slow down the printing system (STR #2755,
STR #2836)
- The cups-deviced and cups-driverd helper programs did not set
the CFProcessPath environment variable on Mac OS X (STR #2837)
- "lpstat -p" could report the wrong job as printing (STR #2845)
- The scheduler would crash when some cupsd.conf directives
were missing values (STR #2849)
- The web interface "move jobs" operation redirected users to
the wrong URL (STR #2815)
- The Polish web interface translation contained errors
(STR #2815)
- The scheduler did not report PostScript printer PPDs with
filters as PostScript devices.
- The scheduler did not set the job document-format attribute
for jobs submitted using Create-Job and Send-Document.
- cupsFileTell() did not work for log files opened in append
mode (STR #2810)
- The scheduler did not set QUERY_STRING all of the time
for CGI scripts (STR #2781, STR #2816)
- The scheduler now returns an error for bad job-sheets
values (STR #2775)
- Authenticated remote printing did not work over domain
sockets (STR #2750)
- The scheduler incorrectly logged errors for print filters
when a job was canceled (STR #2806, #2808)
- The scheduler no longer allows multiple RSS subscriptions
with the same URI (STR #2789)
- The scheduler now supports Kerberized printing with
multiple server names (STR #2783)
- "Satisfy any" did not work in IPP policies (STR #2782)
- The CUPS imaging library would crash with very large
images - more than 16Mx16M pixels (STR #2805)
- The PNG image loading code would crash with large images
(STR #2790)
- The scheduler did not limit the total number of filters.
- The scheduler now ensures that the RSS directory has
the correct permissions.
- The RSS notifier did not quote the feed URL in the RSS
file it created (STR #2801)
- The web interface allowed the creation and cancellation
of RSS subscriptions without a username (STR #2774)
- Increased the default Maxpies value on Mac OS X to
9999 to match the limit imposed by the print dialog.
- The scheduler did not reject requests with an empty
Content-Length field (STR #2787)
- The scheduler did not log the current date and time and
did not escape specicharacters in request URIs when
logging bad requests to the access_log file (STR #2788)
diffstat:
print/cups/Makefile | 5 +-
print/cups/PLIST | 131 +++++++++++++++++++++++++++++++++++++++++++-
print/cups/distinfo | 8 +-
print/cups/patches/patch-au | 72 ------------------------
4 files changed, 135 insertions(+), 81 deletions(-)
diffs (298 lines):
diff -r 2992a69b9851 -r 1cb07583b74d print/cups/Makefile
--- a/print/cups/Makefile Tue Nov 04 12:07:17 2008 +0000
+++ b/print/cups/Makefile Tue Nov 04 12:25:43 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.135 2008/08/23 07:47:00 obache Exp $
+# $NetBSD: Makefile,v 1.135.4.1 2008/11/04 12:25:43 rtr Exp $
#
# The CUPS author is very good about taking back changes into the main
# CUPS distribution. The correct place to send patches or bug-fixes is:
@@ -6,8 +6,7 @@
DISTNAME= cups-${DIST_VERS}-source
PKGNAME= cups-${VERS}
-PKGREVISION= 1
-BASE_VERS= 1.3.7
+BASE_VERS= 1.3.9
DIST_VERS= ${BASE_VERS}
VERS= ${DIST_VERS:S/-/./g}
CATEGORIES= print
diff -r 2992a69b9851 -r 1cb07583b74d print/cups/PLIST
--- a/print/cups/PLIST Tue Nov 04 12:07:17 2008 +0000
+++ b/print/cups/PLIST Tue Nov 04 12:25:43 2008 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2008/04/12 22:43:09 jlam Exp $
+@comment $NetBSD: PLIST,v 1.24.8.1 2008/11/04 12:25:43 rtr Exp $
bin/cancel
bin/cups-config
bin/cupstestdsc
@@ -59,7 +59,6 @@
libexec/cups/monitor/tbcp
libexec/cups/notifier/mailto
libexec/cups/notifier/rss
-libexec/cups/notifier/testnotify
man/man1/cancel.1
man/man1/cups-config.1
man/man1/cupstestdsc.1
@@ -521,6 +520,73 @@
share/cups/templates/header.tmpl
share/cups/templates/help-header.tmpl
share/cups/templates/help-printable.tmpl
+share/cups/templates/id/add-class.tmpl
+share/cups/templates/id/add-printer.tmpl
+share/cups/templates/id/add-rss-subscription.tmpl
+share/cups/templates/id/admin.tmpl
+share/cups/templates/id/choose-device.tmpl
+share/cups/templates/id/choose-make.tmpl
+share/cups/templates/id/choose-model.tmpl
+share/cups/templates/id/choose-serial.tmpl
+share/cups/templates/id/choose-uri.tmpl
+share/cups/templates/id/class-added.tmpl
+share/cups/templates/id/class-confirm.tmpl
+share/cups/templates/id/class-deleted.tmpl
+share/cups/templates/id/class-jobs-header.tmpl
+share/cups/templates/id/class-modified.tmpl
+share/cups/templates/id/classes-header.tmpl
+share/cups/templates/id/classes.tmpl
+share/cups/templates/id/edit-config.tmpl
+share/cups/templates/id/error-op.tmpl
+share/cups/templates/id/error.tmpl
+share/cups/templates/id/header.tmpl
+share/cups/templates/id/help-header.tmpl
+share/cups/templates/id/help-printable.tmpl
+share/cups/templates/id/job-cancel.tmpl
+share/cups/templates/id/job-hold.tmpl
+share/cups/templates/id/job-move.tmpl
+share/cups/templates/id/job-moved.tmpl
+share/cups/templates/id/job-release.tmpl
+share/cups/templates/id/job-restart.tmpl
+share/cups/templates/id/jobs-header.tmpl
+share/cups/templates/id/jobs.tmpl
+share/cups/templates/id/list-available-printers.tmpl
+share/cups/templates/id/maintenance.tmpl
+share/cups/templates/id/modify-class.tmpl
+share/cups/templates/id/modify-printer.tmpl
+share/cups/templates/id/norestart.tmpl
+share/cups/templates/id/option-boolean.tmpl
+share/cups/templates/id/option-conflict.tmpl
+share/cups/templates/id/option-header.tmpl
+share/cups/templates/id/option-pickmany.tmpl
+share/cups/templates/id/option-pickone.tmpl
+share/cups/templates/id/option-trailer.tmpl
+share/cups/templates/id/pager.tmpl
+share/cups/templates/id/printer-accept.tmpl
+share/cups/templates/id/printer-added.tmpl
+share/cups/templates/id/printer-configured.tmpl
+share/cups/templates/id/printer-confirm.tmpl
+share/cups/templates/id/printer-default.tmpl
+share/cups/templates/id/printer-deleted.tmpl
+share/cups/templates/id/printer-jobs-header.tmpl
+share/cups/templates/id/printer-modified.tmpl
+share/cups/templates/id/printer-purge.tmpl
+share/cups/templates/id/printer-reject.tmpl
+share/cups/templates/id/printer-start.tmpl
+share/cups/templates/id/printer-stop.tmpl
+share/cups/templates/id/printers-header.tmpl
+share/cups/templates/id/printers.tmpl
+share/cups/templates/id/restart.tmpl
+share/cups/templates/id/samba-export.tmpl
+share/cups/templates/id/samba-exported.tmpl
+share/cups/templates/id/search.tmpl
+share/cups/templates/id/set-printer-options-header.tmpl
+share/cups/templates/id/set-printer-options-trailer.tmpl
+share/cups/templates/id/subscription-added.tmpl
+share/cups/templates/id/subscription-canceled.tmpl
+share/cups/templates/id/test-page.tmpl
+share/cups/templates/id/trailer.tmpl
+share/cups/templates/id/users.tmpl
share/cups/templates/it/add-class.tmpl
share/cups/templates/it/add-printer.tmpl
share/cups/templates/it/admin.tmpl
@@ -1058,6 +1124,7 @@
share/doc/cups/fr/images/button-delete-printer.gif
share/doc/cups/fr/images/button-edit-configuration-file.gif
share/doc/cups/fr/images/button-export-samba.gif
+share/doc/cups/fr/images/button-find-new-printers.gif
share/doc/cups/fr/images/button-help.gif
share/doc/cups/fr/images/button-hold-job.gif
share/doc/cups/fr/images/button-manage-classes.gif
@@ -1218,6 +1285,62 @@
share/doc/cups/help/standard.html
share/doc/cups/help/translation.html
share/doc/cups/help/whatsnew.html
+share/doc/cups/id/images/button-accept-jobs.gif
+share/doc/cups/id/images/button-add-class.gif
+share/doc/cups/id/images/button-add-printer.gif
+share/doc/cups/id/images/button-add-rss-subscription.gif
+share/doc/cups/id/images/button-add-this-printer.gif
+share/doc/cups/id/images/button-cancel-all-jobs.gif
+share/doc/cups/id/images/button-cancel-job.gif
+share/doc/cups/id/images/button-cancel-subscription.gif
+share/doc/cups/id/images/button-change-settings.gif
+share/doc/cups/id/images/button-clean-print-heads.gif
+share/doc/cups/id/images/button-clear.gif
+share/doc/cups/id/images/button-continue.gif
+share/doc/cups/id/images/button-delete-class.gif
+share/doc/cups/id/images/button-delete-printer.gif
+share/doc/cups/id/images/button-edit-configuration-file.gif
+share/doc/cups/id/images/button-export-samba.gif
+share/doc/cups/id/images/button-find-new-printers.gif
+share/doc/cups/id/images/button-help.gif
+share/doc/cups/id/images/button-hold-job.gif
+share/doc/cups/id/images/button-manage-classes.gif
+share/doc/cups/id/images/button-manage-jobs.gif
+share/doc/cups/id/images/button-manage-printers.gif
+share/doc/cups/id/images/button-manage-server.gif
+share/doc/cups/id/images/button-modify-class.gif
+share/doc/cups/id/images/button-modify-printer.gif
+share/doc/cups/id/images/button-move-job.gif
+share/doc/cups/id/images/button-move-jobs.gif
+share/doc/cups/id/images/button-print-self-test-page.gif
+share/doc/cups/id/images/button-print-test-page.gif
+share/doc/cups/id/images/button-publish-printer.gif
+share/doc/cups/id/images/button-reject-jobs.gif
+share/doc/cups/id/images/button-release-job.gif
+share/doc/cups/id/images/button-restart-job.gif
+share/doc/cups/id/images/button-save-changes.gif
+share/doc/cups/id/images/button-search.gif
+share/doc/cups/id/images/button-set-allowed-users.gif
+share/doc/cups/id/images/button-set-as-default.gif
+share/doc/cups/id/images/button-set-printer-options.gif
+share/doc/cups/id/images/button-show-active.gif
+share/doc/cups/id/images/button-show-all.gif
+share/doc/cups/id/images/button-show-completed.gif
+share/doc/cups/id/images/button-show-next.gif
+share/doc/cups/id/images/button-show-previous.gif
+share/doc/cups/id/images/button-sort-ascending.gif
+share/doc/cups/id/images/button-sort-descending.gif
+share/doc/cups/id/images/button-start-class.gif
+share/doc/cups/id/images/button-start-printer.gif
+share/doc/cups/id/images/button-stop-class.gif
+share/doc/cups/id/images/button-stop-printer.gif
+share/doc/cups/id/images/button-unpublish-printer.gif
+share/doc/cups/id/images/button-use-default-config.gif
+share/doc/cups/id/images/button-view-access-log.gif
+share/doc/cups/id/images/button-view-error-log.gif
+share/doc/cups/id/images/button-view-page-log.gif
+share/doc/cups/id/images/button-view-printable-version.gif
+share/doc/cups/id/index.html
share/doc/cups/images/bottom-left.gif
share/doc/cups/images/bottom-right.gif
share/doc/cups/images/button-accept-jobs.gif
@@ -1580,6 +1703,7 @@
share/locale/fi/cups_fi.po
share/locale/fr/cups_fr.po
share/locale/he/cups_he.po
+share/locale/id/cups_id.po
share/locale/it/cups_it.po
share/locale/ja/cups_ja.po
share/locale/ko/cups_ko.po
@@ -1625,6 +1749,8 @@
@dirrm share/doc/cups/it/images
@dirrm share/doc/cups/it
@dirrm share/doc/cups/images
+@dirrm share/doc/cups/id/images
+@dirrm share/doc/cups/id
@dirrm share/doc/cups/help
@dirrm share/doc/cups/he/images
@dirrm share/doc/cups/he
@@ -1662,6 +1788,7 @@
@dirrm share/cups/templates/ko
@dirrm share/cups/templates/ja
@dirrm share/cups/templates/it
+@dirrm share/cups/templates/id
@dirrm share/cups/templates/he
@dirrm share/cups/templates/fr
@exec ${MKDIR} %D/share/cups/templates/fi
diff -r 2992a69b9851 -r 1cb07583b74d print/cups/distinfo
--- a/print/cups/distinfo Tue Nov 04 12:07:17 2008 +0000
+++ b/print/cups/distinfo Tue Nov 04 12:25:43 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.56 2008/04/15 17:26:23 drochner Exp $
+$NetBSD: distinfo,v 1.56.8.1 2008/11/04 12:25:43 rtr Exp $
-SHA1 (cups-1.3.7-source.tar.bz2) = 4267822cdad2fdad44ff0885587132250bcf8dff
-RMD160 (cups-1.3.7-source.tar.bz2) = 7d3bd9dbe91e787f7032b770e576ab31cfcf6588
-Size (cups-1.3.7-source.tar.bz2) = 3895825 bytes
+SHA1 (cups-1.3.9-source.tar.bz2) = c1a596b355201320456b393446286fe3947bce16
+RMD160 (cups-1.3.9-source.tar.bz2) = ec8bd9fc6ee45648b6eb22949f44fc4cf2defd4e
+Size (cups-1.3.9-source.tar.bz2) = 3993875 bytes
SHA1 (patch-aa) = 51ff6e66f881e445adca768d4cf2f6bd18fc36dd
SHA1 (patch-ab) = 11936b2512fc4480a45a8efb01de0c5a29a7a6e8
SHA1 (patch-ac) = 02fab706563f7ba01d66530f9462759689c09f04
diff -r 2992a69b9851 -r 1cb07583b74d print/cups/patches/patch-au
--- a/print/cups/patches/patch-au Tue Nov 04 12:07:17 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-$NetBSD: patch-au,v 1.11 2008/04/15 17:26:23 drochner Exp $
-
---- ./filter/image-png.c.orig 2007-07-11 23:46:42.000000000 +0200
-+++ ./filter/image-png.c
-@@ -3,7 +3,7 @@
- *
- * PNG image routines for the Common UNIX Printing System (CUPS).
- *
-- * Copyright 2007 by Apple Inc.
-+ * Copyright 2007-2008 by Apple Inc.
- * Copyright 1993-2007 by Easy Software Products.
- *
- * These coded instructions, statements, and computer programs are the
-@@ -170,16 +170,56 @@ _cupsImageReadPNG(
- * Interlaced images must be loaded all at once...
- */
-
-+ size_t bufsize; /* Size of buffer */
-+
-+
- if (color_type == PNG_COLOR_TYPE_GRAY ||
- color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
-- in = malloc(img->xsize * img->ysize);
-+ {
-+ bufsize = img->xsize * img->ysize;
-+
-+ if ((bufsize / img->ysize) != img->xsize)
-+ {
-+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
-+ (unsigned)width, (unsigned)height);
-+ fclose(fp);
-+ return (1);
-+ }
-+ }
- else
-- in = malloc(img->xsize * img->ysize * 3);
-+ {
-+ bufsize = img->xsize * img->ysize * 3;
-+
-+ if ((bufsize / (img->ysize * 3)) != img->xsize)
-+ {
-+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
-+ (unsigned)width, (unsigned)height);
-+ fclose(fp);
-+ return (1);
-+ }
-+ }
-+
-+ in = malloc(bufsize);
- }
-
- bpp = cupsImageGetDepth(img);
- out = malloc(img->xsize * bpp);
-
-+ if (!in || !out)
-+ {
-+ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);
-+
-+ if (in)
-+ free(in);
-+
-+ if (out)
-+ free(out);
-+
-+ fclose(fp);
-+
-+ return (1);
-+ }
-+
- /*
- * Read the image, interlacing as needed...
- */
Home |
Main Index |
Thread Index |
Old Index