PR/50013 CVS commit: [pkgsrc-2015Q2] pkgsrc/print/cups-filters

["Matthias Scheler" <tron%netbsd.org@localhost>]

The following reply was made to PR pkg/50013; it has been noted by GNATS.

From: "Matthias Scheler" <tron%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/50013 CVS commit: [pkgsrc-2015Q2] pkgsrc/print/cups-filters
Date: Wed, 8 Jul 2015 19:47:19 +0000

 Module Name:	pkgsrc
 Committed By:	tron
 Date:		Wed Jul  8 19:47:19 UTC 2015
 
 Modified Files:
 	pkgsrc/print/cups-filters [pkgsrc-2015Q2]: Makefile distinfo
 Removed Files:
 	pkgsrc/print/cups-filters/patches [pkgsrc-2015Q2]: patch-configure.ac
 	    patch-filter_foomatic-rip_foomaticrip.c
 
 Log Message:
 Pullup ticket #4757 - requested by wiz
 print/cups-filters: security update
 
 Revisions pulled up:
 - print/cups-filters/Makefile                                   1.23-1.24
 - print/cups-filters/distinfo                                   1.18-1.19
 - print/cups-filters/patches/patch-configure.ac                 deleted
 - print/cups-filters/patches/patch-filter_foomatic-rip_foomaticrip.c deleted
 
 ---
    Module Name:	pkgsrc
    Committed By:	wiz
    Date:		Wed Jul  1 15:31:34 UTC 2015
 
    Modified Files:
    	pkgsrc/print/cups-filters: Makefile distinfo
    Removed Files:
    	pkgsrc/print/cups-filters/patches: patch-configure.ac
    	    patch-filter_foomatic-rip_foomaticrip.c
 
    Log Message:
    Update to 1.0.70, provided by Leonardo Taccari in PR 50013:
 
    Changes:
    - texttopdf: Fixed buffer overflow on size allocation of texttopdf
      when working with extremely small line sizes, which causes the size
      calculation to result in 0 (CVE-2015-3258, thanks to Stefan
      Cornelius fro Red Hat for the patch).
    - cups-browsed: leak fixes
    - cups-browsed: Further BrowseAllow fixing
    - cups-browsed: BrowsePoll is an array of pointers, not structures,
      so allocate room for the pointers
      - cups-browsed: Prevent NULL dereference when handling BrowseAllow
      without value
      - cups-browsed: Use memory deallocation function corresponding to
      allocation function used
    - cups-browsed: Fixes for glib source handling (Red Hat bug #1228555)
    - foomatic-rip: Allow using another shell than /bin/bash using the
      "--with-shell=..." option for "./configure". Thanks to Leonardo
      Taccari for the patch (Bug #1288).
 
 ---
    Module Name:	pkgsrc
    Committed By:	wiz
    Date:		Fri Jul  3 12:25:13 UTC 2015
 
    Modified Files:
    	pkgsrc/print/cups-filters: Makefile distinfo
 
    Log Message:
    Update to 1.0.71:
 
    CHANGES IN V1.0.71
 
      	- texttopdf: The Page allocation is moved into textcommon.c, where it
    	  does all the necessary checking: lower-bounds for CVE-2015-3258 and
    	  upper-bounds for CVE-2015-3259 due to integer overflows for the
    	  calloc() call initialising Page[0] and the memset() call in
    	  texttopdf.c's WritePage() function zeroing the entire array. Thanks
    	  to Tim Waugh from Red Hat for the patch.
    	- texttopdf: Upper-bounds checking (CVE-2015-3259).
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.22 -r1.22.2.1 pkgsrc/print/cups-filters/Makefile
 cvs rdiff -u -r1.17 -r1.17.2.1 pkgsrc/print/cups-filters/distinfo
 cvs rdiff -u -r1.2 -r0 pkgsrc/print/cups-filters/patches/patch-configure.ac
 cvs rdiff -u -r1.5 -r0 \
     pkgsrc/print/cups-filters/patches/patch-filter_foomatic-rip_foomaticrip.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.