diff options
-rw-r--r-- | net-print/cups/ChangeLog | 9 | ||||
-rw-r--r-- | net-print/cups/cups-1.3.9-r1.ebuild (renamed from net-print/cups/cups-1.3.9.ebuild) | 5 | ||||
-rw-r--r-- | net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch | 22 |
3 files changed, 34 insertions, 2 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog index 839bc9a92478..07ece7fceae6 100644 --- a/net-print/cups/ChangeLog +++ b/net-print/cups/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-print/cups # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.334 2008/11/25 23:58:46 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.335 2008/12/04 21:42:11 tgurr Exp $ + +*cups-1.3.9-r1 (04 Dec 2008) + + 04 Dec 2008; Timo Gurr <tgurr@gentoo.org> + +files/cups-1.3.9-CVE-2008-5286.patch, -cups-1.3.9.ebuild, + +cups-1.3.9-r1.ebuild: + Revbump fixing security bug #249727 (CVE-2008-5286). Remove old. 25 Nov 2008; Timo Gurr <tgurr@gentoo.org> -files/cups-1.2.12-CVE-2007-4045.patch, diff --git a/net-print/cups/cups-1.3.9.ebuild b/net-print/cups/cups-1.3.9-r1.ebuild index 4fee14e78d07..47492f3e122c 100644 --- a/net-print/cups/cups-1.3.9.ebuild +++ b/net-print/cups/cups-1.3.9-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9.ebuild,v 1.1 2008/10/10 19:38:50 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9-r1.ebuild,v 1.1 2008/12/04 21:42:11 tgurr Exp $ inherit autotools eutils flag-o-matic multilib pam @@ -100,6 +100,9 @@ src_unpack() { # create a missing symlink to allow https printing via IPP, bug #217293 epatch "${FILESDIR}/${PN}-1.3.7-backend-https.patch" + # security bug #249727 + epatch "${FILESDIR}/${PN}-1.3.9-CVE-2008-5286.patch" + # cups does not use autotools "the usual way" and ship a static config.h.in eaclocal eautoconf diff --git a/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch new file mode 100644 index 000000000000..bca23f71d7e4 --- /dev/null +++ b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch @@ -0,0 +1,22 @@ +Index: filter/image-png.c +=================================================================== +--- filter/image-png.c (revision 8062) ++++ filter/image-png.c (working copy) +@@ -178,7 +178,7 @@ + { + bufsize = img->xsize * img->ysize; + +- if ((bufsize / img->ysize) != img->xsize) ++ if ((bufsize / img->xsize) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); +@@ -190,7 +190,7 @@ + { + bufsize = img->xsize * img->ysize * 3; + +- if ((bufsize / (img->ysize * 3)) != img->xsize) ++ if ((bufsize / (img->xsize * 3)) != img->ysize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); |