summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-print/cups/ChangeLog9
-rw-r--r--net-print/cups/cups-1.3.9-r1.ebuild (renamed from net-print/cups/cups-1.3.9.ebuild)5
-rw-r--r--net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch22
3 files changed, 34 insertions, 2 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 839bc9a92478..07ece7fceae6 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-print/cups
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.334 2008/11/25 23:58:46 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.335 2008/12/04 21:42:11 tgurr Exp $
+
+*cups-1.3.9-r1 (04 Dec 2008)
+
+ 04 Dec 2008; Timo Gurr <tgurr@gentoo.org>
+ +files/cups-1.3.9-CVE-2008-5286.patch, -cups-1.3.9.ebuild,
+ +cups-1.3.9-r1.ebuild:
+ Revbump fixing security bug #249727 (CVE-2008-5286). Remove old.
25 Nov 2008; Timo Gurr <tgurr@gentoo.org>
-files/cups-1.2.12-CVE-2007-4045.patch,
diff --git a/net-print/cups/cups-1.3.9.ebuild b/net-print/cups/cups-1.3.9-r1.ebuild
index 4fee14e78d07..47492f3e122c 100644
--- a/net-print/cups/cups-1.3.9.ebuild
+++ b/net-print/cups/cups-1.3.9-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9.ebuild,v 1.1 2008/10/10 19:38:50 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9-r1.ebuild,v 1.1 2008/12/04 21:42:11 tgurr Exp $
inherit autotools eutils flag-o-matic multilib pam
@@ -100,6 +100,9 @@ src_unpack() {
# create a missing symlink to allow https printing via IPP, bug #217293
epatch "${FILESDIR}/${PN}-1.3.7-backend-https.patch"
+ # security bug #249727
+ epatch "${FILESDIR}/${PN}-1.3.9-CVE-2008-5286.patch"
+
# cups does not use autotools "the usual way" and ship a static config.h.in
eaclocal
eautoconf
diff --git a/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
new file mode 100644
index 000000000000..bca23f71d7e4
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
@@ -0,0 +1,22 @@
+Index: filter/image-png.c
+===================================================================
+--- filter/image-png.c (revision 8062)
++++ filter/image-png.c (working copy)
+@@ -178,7 +178,7 @@
+ {
+ bufsize = img->xsize * img->ysize;
+
+- if ((bufsize / img->ysize) != img->xsize)
++ if ((bufsize / img->xsize) != img->ysize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)width, (unsigned)height);
+@@ -190,7 +190,7 @@
+ {
+ bufsize = img->xsize * img->ysize * 3;
+
+- if ((bufsize / (img->ysize * 3)) != img->xsize)
++ if ((bufsize / (img->xsize * 3)) != img->ysize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)width, (unsigned)height);