diff --git a/print/cups/Makefile b/print/cups/Makefile index 77d6aef626f..8435ccc9129 100644 --- a/print/cups/Makefile +++ b/print/cups/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.58 2009/10/12 11:17:17 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.59 2009/10/25 16:04:34 jasper Exp $ COMMENT= Common Unix Printing System VERSION= 1.3.11 DISTNAME= cups-${VERSION}-source -PKGNAME= cups-${VERSION}p1 +PKGNAME= cups-${VERSION}p2 CATEGORIES= print sysutils diff --git a/print/cups/patches/patch-config-scripts_cups-pdf_m4 b/print/cups/patches/patch-config-scripts_cups-pdf_m4 new file mode 100644 index 00000000000..44cc39b3b7b --- /dev/null +++ b/print/cups/patches/patch-config-scripts_cups-pdf_m4 @@ -0,0 +1,22 @@ +$OpenBSD: patch-config-scripts_cups-pdf_m4,v 1.1 2009/10/25 16:04:34 jasper Exp $ + +Security fix for CVE-2009-3608, CVE-2009-3609. +CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities + +Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch + +--- config-scripts/cups-pdf.m4.orig Fri Oct 23 13:00:39 2009 ++++ config-scripts/cups-pdf.m4 Fri Oct 23 13:01:00 2009 +@@ -64,6 +64,12 @@ case "x$with_pdftops" in + ;; + esac + ++if test "x$CUPS_PDFTOPS" != x; then ++ if `$CUPS_PDFTOPS -h 2>&1 | grep -q -- -origpagesizes 2>/dev/null`; then ++ AC_DEFINE(HAVE_PDFTOPS_WITH_ORIGPAGESIZES) ++ fi ++fi ++ + AC_DEFINE_UNQUOTED(CUPS_PDFTOPS, "$CUPS_PDFTOPS") + AC_DEFINE_UNQUOTED(CUPS_GHOSTSCRIPT, "$CUPS_GHOSTSCRIPT") + AC_SUBST(PDFTOPS) diff --git a/print/cups/patches/patch-config_h_in b/print/cups/patches/patch-config_h_in new file mode 100644 index 00000000000..36b4ad8bb43 --- /dev/null +++ b/print/cups/patches/patch-config_h_in @@ -0,0 +1,17 @@ +$OpenBSD: patch-config_h_in,v 1.1 2009/10/25 16:04:34 jasper Exp $ + +Security fix for CVE-2009-3608, CVE-2009-3609. +CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities + +Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch + +--- config.h.in.orig Fri Oct 23 13:01:25 2009 ++++ config.h.in Fri Oct 23 13:01:39 2009 +@@ -440,6 +440,7 @@ + */ + + #undef HAVE_PDFTOPS ++#undef HAVE_PDFTOPS_WITH_ORIGPAGESIZES + #define CUPS_PDFTOPS "/usr/bin/pdftops" + + diff --git a/print/cups/patches/patch-filter_pdftops_c b/print/cups/patches/patch-filter_pdftops_c new file mode 100644 index 00000000000..324795e3050 --- /dev/null +++ b/print/cups/patches/patch-filter_pdftops_c @@ -0,0 +1,40 @@ +$OpenBSD: patch-filter_pdftops_c,v 1.1 2009/10/25 16:04:34 jasper Exp $ + +Security fix for CVE-2009-3608, CVE-2009-3609. +CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities + +Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch + +--- filter/pdftops.c.orig Fri Oct 23 13:02:31 2009 ++++ filter/pdftops.c Fri Oct 23 13:03:37 2009 +@@ -303,7 +303,9 @@ main(int argc, /* I - Number of command-line args + } + else + #ifdef HAVE_PDFTOPS +- pdf_argv[pdf_argc++] = (char *)"-level3"; ++ /* Do not emit PS Level 3 with Poppler, some HP PostScript printers ++ do not like it. See https://bugs.launchpad.net/bugs/277404. */ ++ pdf_argv[pdf_argc++] = (char *)"-level2"; + #else + pdf_argv[pdf_argc++] = (char *)"-dLanguageLevel=3"; + #endif /* HAVE_PDFTOPS */ +@@ -389,7 +391,19 @@ main(int argc, /* I - Number of command-line args + pdf_argv[pdf_argc++] = pdf_width; + pdf_argv[pdf_argc++] = pdf_height; + #endif /* HAVE_PDFTOPS */ ++ } ++#if defined(HAVE_PDFTOPS) && defined(HAVE_PDFTOPS_WITH_ORIGPAGESIZES) ++ else ++ { ++ /* ++ * Use the page sizes of the original PDF document, this way documents ++ * which contain pages of different sizes can be printed correctly ++ */ ++ ++ pdf_argv[pdf_argc++] = (char *)"-origpagesizes"; ++ + } ++#endif /* HAVE_PDFTOPS && HAVE_PDFTOPS_WITH_ORIGPAGESIZES */ + } + + #ifdef HAVE_PDFTOPS