Revbump fixing security bug #249727 (CVE-2008-5286). Remove old.

Package-Manager: portage-2.2_rc16/cvs/Linux 2.6.27-gentoo-r4 x86_64

4 files changed, 37 insertions, 4 deletions

diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 839bc9a92478..07ece7fceae6 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.334 2008/11/25 23:58:46 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.335 2008/12/04 21:42:11 tgurr Exp $
+
+*cups-1.3.9-r1 (04 Dec 2008)
+
+  04 Dec 2008; Timo Gurr <tgurr@gentoo.org>
+  +files/cups-1.3.9-CVE-2008-5286.patch, -cups-1.3.9.ebuild,
+  +cups-1.3.9-r1.ebuild:
+  Revbump fixing security bug #249727 (CVE-2008-5286). Remove old.
 
   25 Nov 2008; Timo Gurr <tgurr@gentoo.org>
   -files/cups-1.2.12-CVE-2007-4045.patch,
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest
index e0eaa053293a..e74b95f67c8c 100644
--- a/net-print/cups/Manifest
+++ b/net-print/cups/Manifest
@@ -5,11 +5,12 @@ AUX cups-1.3.8-CVE-2008-3640.patch 2487 RMD160 5c0180fdbf7521c651de7f0aeaddf2384
 AUX cups-1.3.8-CVE-2008-3641.patch 4066 RMD160 42eb0aba35a2df15a32a68ba255675cc5550d4df SHA1 4c0fd2844091d3a73cf34bb0ec022cc62dbe9b86 SHA256 fa053a07ea03cd8b5d8345acc5ab91efb40bd2fe42e03ac08921d4bdb0073719
 AUX cups-1.3.8-str2892-1.3.patch 2587 RMD160 6a189f1921760833028302619515a0ae895f2978 SHA1 befc3c7849bc5a53e29c9c3b26fb708ee8dc43f8 SHA256 b75b30ed996eb41baeb6e5dc35c82883e9e4d27c2c1febe0f09b2e9018184c2f
 AUX cups-1.3.8-str2924.patch 2296 RMD160 dc80896b4a12834be0c99ee82623cbee78c33754 SHA1 1f29545527a98c1371b52db5a148c31494ae9361 SHA256 a0ac058f3f276d73a1e2494cdadd30fae6941b87aa703cf8db6c6da8b0cafa44
+AUX cups-1.3.9-CVE-2008-5286.patch 761 RMD160 7abe5d746cc2c8135e946de492b767137204345a SHA1 1e904c63e5bb2ef2e6f9792e3b2c3bcb89cdc6e8 SHA256 e85dc13164dd1c7b7fa978aeb5b6df886d9595319aab5fadde57e35d0259aee3
 AUX cupsd.init.d 293 RMD160 19fbef21cee7e472e7028f3101b680baa0089c54 SHA1 e6b27b2638fec258fe2f55c926c2530e909ca3d2 SHA256 b4268a6bae95e96b6af21c3716ecc905073736ce7dc33be1489d574a447f3c48
 AUX pdftops-1.20.gentoo 10412 RMD160 16e229662c47e03af1d1f4cb5764a76d17a66642 SHA1 6afb8a655b6ff013a2c8c8cbfb615ba1e561503b SHA256 ac5fa01ca776d75bd7cef62eef9f6b0c3945ee87e8950b40ca9f9f3ff46a16c1
 DIST cups-1.3.8-source.tar.bz2 3978390 RMD160 dc077c748ea7c8df7333260a96c7527a9b8d7c9e SHA1 3943608111426722ea6a2e0db588636b013acc1a SHA256 d488980f84ad0e6044a67859144306980624cafb654eb0cab071b3e46fee6e1d
 DIST cups-1.3.9-source.tar.bz2 3993875 RMD160 ec8bd9fc6ee45648b6eb22949f44fc4cf2defd4e SHA1 c1a596b355201320456b393446286fe3947bce16 SHA256 38856ab4b8bcf51be2bed1f554cd8089c1f2448a6979c055762b49eda82a6b6b
 EBUILD cups-1.3.8-r2.ebuild 8903 RMD160 edbf3b92b5b850715423aa963ed31154daf9fd26 SHA1 618dea72e4175cd4ef88e9a17f946b5caffed90f SHA256 75cd39ef82d3300e3d7c335820e21e519dbaa2073e34718c99a1f6bf75fa5244
-EBUILD cups-1.3.9.ebuild 8496 RMD160 156ecba317ce05d7674cf41b22f6b40dc361994f SHA1 85d9b9c7e2f1f8e682fe702debce2ea28762aeae SHA256 7e37057eff4139e3ca7c93801255af41bc3ac413de26e8decf65ad68936f121f
-MISC ChangeLog 49649 RMD160 32eb41892465fd2fc2c2d38a96823bdec1e4a134 SHA1 0e799548fe2ff079bb1fd0f876e49918eb85f816 SHA256 eead66f923496f632d907c14cb4e33a02427a6027d3aa338a82aa2ec41c766fa
+EBUILD cups-1.3.9-r1.ebuild 8578 RMD160 1d4a7df36e5f6e7251469354ca2af77aaafa3f29 SHA1 c3098b5d147add836e9a005640182016de1d9cd7 SHA256 984d15ff47c3a0761f661aeafb4b512545a96be91bc0479c18886bbfd01e8b73
+MISC ChangeLog 49877 RMD160 82b569809ed8f6eb20c66d50abc1511d36c8b2c7 SHA1 b59c0a2d23bc0d9bb7e86039d472df4f7b014bd8 SHA256 21dc1b42de96a740d50924351f3cd6ada84284c0b63c8e9beac6b6681e76413f
 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76
diff --git a/net-print/cups/cups-1.3.9.ebuild b/net-print/cups/cups-1.3.9-r1.ebuild
index 4fee14e78d07..47492f3e122c 100644
--- a/net-print/cups/cups-1.3.9.ebuild
+++ b/net-print/cups/cups-1.3.9-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9.ebuild,v 1.1 2008/10/10 19:38:50 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.9-r1.ebuild,v 1.1 2008/12/04 21:42:11 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -100,6 +100,9 @@ src_unpack() {
 	# create a missing symlink to allow https printing via IPP, bug #217293
 	epatch "${FILESDIR}/${PN}-1.3.7-backend-https.patch"
 
+	# security bug #249727
+	epatch "${FILESDIR}/${PN}-1.3.9-CVE-2008-5286.patch"
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
new file mode 100644
index 000000000000..bca23f71d7e4
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
@@ -0,0 +1,22 @@
+Index: filter/image-png.c
+===================================================================
+--- filter/image-png.c	(revision 8062)
++++ filter/image-png.c	(working copy)
+@@ -178,7 +178,7 @@
+     {
+       bufsize = img->xsize * img->ysize;
+ 
+-      if ((bufsize / img->ysize) != img->xsize)
++      if ((bufsize / img->xsize) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);
+@@ -190,7 +190,7 @@
+     {
+       bufsize = img->xsize * img->ysize * 3;
+ 
+-      if ((bufsize / (img->ysize * 3)) != img->xsize)
++      if ((bufsize / (img->xsize * 3)) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);