Subject: CVS commit: [pkgsrc-2015Q2] pkgsrc/print/cups-filters
From: Matthias Scheler
Date: 2015-07-08 21:47:19
Message id: 20150708194719.6B6A698@cvs.netbsd.org
Log Message:
Pullup ticket #4757 - requested by wiz
print/cups-filters: security update

Revisions pulled up:
- print/cups-filters/Makefile                                   1.23-1.24
- print/cups-filters/distinfo                                   1.18-1.19
- print/cups-filters/patches/patch-configure.ac                 deleted
- print/cups-filters/patches/patch-filter_foomatic-rip_foomaticrip.c deleted

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Jul  1 15:31:34 UTC 2015

   Modified Files:
   	pkgsrc/print/cups-filters: Makefile distinfo
   Removed Files:
   	pkgsrc/print/cups-filters/patches: patch-configure.ac
   	    patch-filter_foomatic-rip_foomaticrip.c

   Log Message:
   Update to 1.0.70, provided by Leonardo Taccari in PR 50013:

   Changes:
   - texttopdf: Fixed buffer overflow on size allocation of texttopdf
     when working with extremely small line sizes, which causes the size
     calculation to result in 0 (CVE-2015-3258, thanks to Stefan
     Cornelius fro Red Hat for the patch).
   - cups-browsed: leak fixes
   - cups-browsed: Further BrowseAllow fixing
   - cups-browsed: BrowsePoll is an array of pointers, not structures,
     so allocate room for the pointers
     - cups-browsed: Prevent NULL dereference when handling BrowseAllow
     without value
     - cups-browsed: Use memory deallocation function corresponding to
     allocation function used
   - cups-browsed: Fixes for glib source handling (Red Hat bug #1228555)
   - foomatic-rip: Allow using another shell than /bin/bash using the
     "--with-shell=..." option for "./configure". Thanks to \ 
Leonardo
     Taccari for the patch (Bug #1288).

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Jul  3 12:25:13 UTC 2015

   Modified Files:
   	pkgsrc/print/cups-filters: Makefile distinfo

   Log Message:
   Update to 1.0.71:

   CHANGES IN V1.0.71

     	- texttopdf: The Page allocation is moved into textcommon.c, where it
   	  does all the necessary checking: lower-bounds for CVE-2015-3258 and
   	  upper-bounds for CVE-2015-3259 due to integer overflows for the
   	  calloc() call initialising Page[0] and the memset() call in
   	  texttopdf.c's WritePage() function zeroing the entire array. Thanks
   	  to Tim Waugh from Red Hat for the patch.
   	- texttopdf: Upper-bounds checking (CVE-2015-3259).
Files:
RevisionActionfile
1.22.2.1modifypkgsrc/print/cups-filters/Makefile
1.17.2.1modifypkgsrc/print/cups-filters/distinfo
1.2removepkgsrc/print/cups-filters/patches/patch-configure.ac
1.5removepkgsrc/print/cups-filters/patches/patch-filter_foomatic-rip_foomaticrip.c