head 1.16; access; symbols pkgsrc-2014Q1:1.15.0.20 pkgsrc-2014Q1-base:1.15 pkgsrc-2013Q4:1.15.0.18 pkgsrc-2013Q4-base:1.15 pkgsrc-2013Q3:1.15.0.16 pkgsrc-2013Q3-base:1.15 pkgsrc-2013Q2:1.15.0.14 pkgsrc-2013Q2-base:1.15 pkgsrc-2013Q1:1.15.0.12 pkgsrc-2013Q1-base:1.15 pkgsrc-2012Q4:1.15.0.10 pkgsrc-2012Q4-base:1.15 pkgsrc-2012Q3:1.15.0.8 pkgsrc-2012Q3-base:1.15 pkgsrc-2012Q2:1.15.0.6 pkgsrc-2012Q2-base:1.15 pkgsrc-2012Q1:1.15.0.4 pkgsrc-2012Q1-base:1.15 pkgsrc-2011Q4:1.15.0.2 pkgsrc-2011Q4-base:1.15 pkgsrc-2011Q3:1.13.0.6 pkgsrc-2011Q3-base:1.13 pkgsrc-2011Q2:1.13.0.4 pkgsrc-2011Q2-base:1.13 pkgsrc-2011Q1:1.13.0.2 pkgsrc-2011Q1-base:1.13 pkgsrc-2009Q4:1.12.0.4 pkgsrc-2009Q4-base:1.12 pkgsrc-2008Q4:1.12.0.2 pkgsrc-2008Q4-base:1.12 pkgsrc-2008Q3:1.11.0.8 pkgsrc-2008Q3-base:1.11 cube-native-xorg:1.11.0.6 cube-native-xorg-base:1.11 pkgsrc-2008Q2:1.11.0.4 pkgsrc-2008Q2-base:1.11 cwrapper:1.11.0.2 pkgsrc-2008Q1:1.10.0.2 pkgsrc-2008Q1-base:1.10 pkgsrc-2007Q4:1.9.0.2 pkgsrc-2007Q4-base:1.9 pkgsrc-2007Q3:1.8.0.4 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.2 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.7.0.2 pkgsrc-2007Q1-base:1.7 pkgsrc-2006Q4:1.4.0.16 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.14 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.12 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.10 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.8 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.6 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.4 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.2 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2 netbsd-1-4-PATCH002:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.16 date 2014.06.07.07.34.05; author wiz; state dead; branches; next 1.15; commitid IkMNWbCzpSJRSyDx; 1.15 date 2011.12.21.08.57.11; author sbd; state Exp; branches; next 1.14; 1.14 date 2011.11.13.21.49.17; author sbd; state Exp; branches; next 1.13; 1.13 date 2011.01.19.17.09.20; author drochner; state Exp; branches; next 1.12; 1.12 date 2008.10.22.21.48.16; author tonnerre; state dead; branches; next 1.11; 1.11 date 2008.04.15.17.26.23; author drochner; state Exp; branches 1.11.8.1; next 1.10; 1.10 date 2008.01.22.23.58.14; author markd; state dead; branches; next 1.9; 1.9 date 2007.11.05.20.16.19; author adrianp; state Exp; branches; next 1.8; 1.8 date 2007.06.06.11.14.28; author markd; state dead; branches 1.8.4.1; next 1.7; 1.7 date 2007.04.03.15.23.23; author gdt; state Exp; branches; next 1.6; 1.6 date 2007.04.02.12.11.01; author gdt; state Exp; branches; next 1.5; 1.5 date 2007.03.14.12.29.06; author markd; state dead; branches; next 1.4; 1.4 date 2005.03.02.18.33.02; author drochner; state Exp; branches; next 1.3; 1.3 date 2005.01.19.11.03.23; author drochner; state Exp; branches; next 1.2; 1.2 date 2000.07.12.20.09.38; author jlam; state dead; branches 1.2.10.1; next 1.1; 1.1 date 99.11.29.02.18.54; author jlam; state Exp; branches 1.1.1.1; next ; 1.11.8.1 date 2008.11.04.12.25.43; author rtr; state dead; branches; next ; 1.8.4.1 date 2007.12.03.13.13.14; author ghen; state Exp; branches; next ; 1.2.10.1 date 2005.02.05.17.47.19; author salo; state Exp; branches; next 1.2.10.2; 1.2.10.2 date 2005.03.04.04.56.26; author snj; state Exp; branches; next ; 1.1.1.1 date 99.11.29.02.18.54; author jlam; state Exp; branches; next ; desc @@ 1.16 log @Update to 1.7.3 based on patch by Leonardo Taccari on pkgsrc-users. Additionally, remove patch-au since it is now superfluous. CHANGES IN CUPS V1.7.3 - Added Brazilian Portuguese translation (STR #4409) - Fixed mapping of OutputBin values such as "Tray1" () - Several ippGet* functions incorrectly returned -1 instead of 0 on error. - The cupsGetResponse function did not work properly with CUPS_HTTP_DEFAULT () - The IPP backend did not abort a job when the printer did not validate the supplied options () - Fixed an authentication race condition in cupsSendRequest (STR #4403) - The scheduler did not add the "job-hold-until-specified" reason when holding a job using the lp command (STR #4405) - The CUPS headers incorrectly needed libdispatch for blocks support (STR #4397) - The configure script incorrectly added libgcrypt as a GNU TLS dependency (STR #4399) - CUPS did not compile when Avahi or mDNSResponder was not present (STR #4402) - cupsGetDestMediaCount did not work for CUPS_MEDIA_FLAGS DEFAULT (STR #4414) - Auto-typing of PWG Raster files did not work (STR #4417) - IPP queues using hardcoded credentials would ask for credentials (STR #4371) - Dates in non-UTF-8 locales did not display correctly (STR #4388) - The RPM spec file now looks for libusb-devel 1.0 or later. - Fixed the "create-printer-subscription.test" file for IPPTOOL (STR #4420) CHANGES IN CUPS V1.7.2 - Security: The scheduler now blocks URLs containing embedded HTML (STR #4356) - Documentation fixes (STR #3259, STR #4346, STR #4355) - Fixed the Japanese localization (STR #4385) - Added a German localization (STR #4363) - The cupsfilter command incorrectly read the cupsd.conf file; it now reads the cups-files.conf file instead. - Fixed OS X builds with Xcode 5.x () - Fixed SSL support on Windows (STR #4358) - Fixed documentation and naming of Create-Job/Printer-Subscriptions operations (STR #4389) - Phone numbers in fax jobs were not properly filtered for IPP FaxOut () - Fixed a memory leak in the label printer driver (STR #4393) - Updated Linux "relro" support (STR #4349) - cupsEnumDests did not set the "is_default" field (STR #4332) - cupsDoIORequest could miss the server status, causing failed lpadmin and other administrative commands (STR #4386) - cupsEnumDests didn't always call the callback function (STR #4380) - "lp -i job-id -H hold" did not work (STR #4401) - CUPS didn't compile on older platforms (STR #4338) - Several libcups files did not have the Apple license exception notice (STR #4361) - Fixed a D-BUS threading issue that caused the scheduler to crash (STR #4347) - The scheduler now automatically reconnects to Avahi as needed (STR #4370, STR #4373) - The scheduler did not handle GET requests for the log files properly (STR #3265) - The dnssd backend did not always report all discovered printers using Avahi (STR #4365) - The Zebra printer driver did not properly handle negative "label top" values (STR #4354) - The scheduler did not always update the MakeModel value in printers.conf after updating the driver (STR #4264) - The LPD mini daemon did not support print jobs larger than 2GB (STR #4351) - Fixed a bug in the status reading code when sending a compressed data stream to an IPP printer/server () - The IPP backend might not include all job attributes in Validate-Job operations () - Fixed some clang-reported issues () CHANGES IN CUPS V1.7.1 - Security: the lppasswd program incorrectly used settings from ~/.cups/client.conf (STR #4319) - Auto debug logging was broken in 1.7.0 () - Some gzip'd PPD files could not be used () - Cleaned up some job logging in the scheduler () - ATTR messages could cause string pool memory corruption in the scheduler () - The RPM spec file did not list the build requirements; this was on purpose, but now we are listing the Red Hat package names (, STR #4322) - Printing to a raw queue could result in corrupt output due to opportunistic compression () - The GNU TLS support code triggered many compiler warnings due to the use of old GNU TLS compatibility type names () - The "make check" test suite did not work on Linux without the cups-filters package installed () - Japanese PPDs using with the Shift-JIS encoding did not work () - "tel:" URIs incorrectly had slashes () - The libusb-based USB backend incorrectly used write timeouts () - Shared printers could become inaccessible after a few days on OS X () - The IPP backend did not wait for a busy printer to become available before attempting to print () - CUPS did not support "auto-monochrome" or "process-monochrome" for the "print-color-mode" option () - Using "@@IF(name)" in an Allow or Deny rule did not work (STR #4328) - lpq and lpstat did not list jobs in the correct order when priorities were specified (STR #4326) - The D-BUS notifier did not remove its lockfile (STR #4314) - CUPS incorrectly used the USER environment variable when the name did not match the user ID (STR #4327) CHANGES IN CUPS V1.7.0 - Updated Japanese localization. - The lpadmin command did not send the PPD name from the "-m" option () - Network backends now use the prtMarkerSuppliesClass property to determine the direction of supply level values () - The scheduler did not remove backup PPD files when a printer was deleted () - The scheduler incorrectly responded to HEAD requests when the web interface was disabled () - The scheduler did not respond using the hostname specified by the client () - Fax queues did not work when shared via Bonjour () - Error messages from the scheduler were not localized using the language specified in the client's IPP request () - Added an Italian localization () - Fixed a couple memory leaks in ippfind that were reported by Clang. - Fixed a compile issue on 64-bit Linux with Clang - need to use the -pie option instead of -Wl,-pie now () - The ippfind utility reported the wrong port numbers when compiled against Avahi () - httpGetFd, httpGetFile, httpPutFd, and httpPutFile did not automatically reconnect if the server closed the connecion after the previous response. - Fixed a compile error in libcups () - The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE environment variable to the filters or backend () - The cups-exec helper program could fail randomly on OS X due to sandbox violations when closing excess file descriptors () - The scheduler incorrectly did not use the kqueue interface on OS X. CHANGES IN CUPS V1.7rc1 - Printer xxx-default values were not reported by Get-Printer-Attributes or lpoptions () - Fixed deprecation warnings for many functions on OS X so they are tied to the deployment version when building () - Fixed a build issue on ARM-based Linux systems - unable to validate va_list arguments. - Added a new ippfind tool for finding IPP printers and other Bonjour services () - Fixed some issues with conversion of PWG media size names to hundredths of millimeters () - The IPP backend could crash on OS X when printing to a Kerberized printer () - The ipptool program now automatically extends timeouts when the output buffer is filled () - The ipptool program now supports the --help and --version options. - The ipptool program did not continue past include file errors by default () - The ipptool program now supports FILE-ID and TEST-ID directives and includes their values in its XML output () - The ipptool program now supports WITH-HOSTNAME, WITH-RESOURCE, and WITH-SCHEME expect predicates to compare the corresponding URI components () CHANGES IN CUPS V1.7b1 - The configure script now supports a --with-rundir option to change the transient run-time state directory from the default to other locations like /run/cups (STR #4306) - The scheduler now supports PPD lookups for classes (STR #4296) - The cupsfilter program did not set the FINAL_CONTENT_TYPE environment variable for filters. - Added a new "-x" option to the cancel command (STR #4103) - Made the PWG media handling APIs public (STR #4267) - Implemented ready media support for the cupsGetDestMediaXxx APIs (STR #4289) - Added new cupsFindDestDefault, cupsFindDestReady, and cupsFindDestSupported APIs (STR #4289) - Added new cupsGetDestMediaByIndex, cupsGetDestMediaCount, and cupsGetDestMediaDefault APIs (STR #4289) - Added new ippGet/SetOctetString APIs for getting and setting an octetString value (STR #4289) - Added new ippCreateRequestedArray API for generating a array of attributes from the requested-attributes attribute. - The ipptool utility now supports compression, conditional tests based on the presence of files, and new DEFINE predicates for STATUS. - Added new IPP APIs for checking values (STR #4167) - Added new IPP APis for adding and setting formatted strings. - Added new HTTP APIs to support basic server functionality via libcups. - The dnssd backend now generates a 1284 device ID as needed (STR #3702) - CUPS now supports compressing and decompressing streamed data (STR #4168) - CUPS now supports higher-level PIN printing, external accounting systems, and "print here" printing environments (STR #4169) - IRIX is no longer a supported operating system (STR #4092) - The PPD compiler now supports JCL options properly (STR #4115) - The web interface now checks whether the web browser has cookies enabled and displays a suitable error message (STR #4141) CHANGES IN CUPS V1.6.4 - Removed some duplicate size definitions for some ISO sizes that were causing problems () - The IPP backend did not add the "last-document" attribute () - Added a SyncOnClose directive to cups-files.conf to force cupsd to call fsync before closing any configuration/state files it writes () - Added USB quirk rule for Lexmark E238 () - Closed server connections were still not always detected () - The libusb-based USB backend now loads its list of quirks from files in /usr/share/cups/usb instead of using a hardcoded table () - The scheduler did not properly register ICC color profiles with colord () CHANGES IN CUPS V1.6.3 - The configure script now prefers Clang over GCC. - Fixed a compile problem on AIX (STR #4307) - The default IPP version did not always get set before creating a new IPP request message () - The lp, lpq, lpr, and lpstat now display an error message advising the use of the /version=1.1 ServerName option () - Added documentation about the /version=1.1 option to ServerName in client.conf () - httpStatus(HTTP_ERROR) did not return a useful error message () - The lp, lpq, lpr, and lpstat commands incorrectly ignored the default printer set in the lpoptions file () - Fixed a URI encoding issue for hostnames containing the ` (backquote) character () - Added support for RFC 6874's IPv6 link local address format in URIs () - The USB backend could crash on libusb-based systems if USB was disabled in the BIOS () - Fixed a rounding error in the PWG media size mapping code () - Fixed several ipptool test files that used old STATUS names. - Kerberos credentials could get truncated when printing to a shared printer. - Printing using "ipps" URIs was not encrypted. - Insecure ICC profiles prevented installation of user profiles for a printer on OS X. - Added more USB quirks for the libusb-based backend (STR #4311, ) - The Russian web interface templates were broken (STR #4310) - The scheduler no longer tries to do Kerberos authentication over the loopback interface. - The IPP backend could fail to pause a job for authentication (STR #4298) - Fixed a regression on the handling of auth keys on OS X if the cups-files.conf was not present or did not contain a SystemAuthKey value. - The scheduler incorrectly did a reverse lookup of the server address when HostNameLookups was turned off (STR #4302) - The scheduler incorrectly computed the final content type value when null filters were present. CHANGES IN CUPS V1.6.2 - Documentation fixes (STR #4229, STR #4239, STR #4234, STR #4248, STR #4259) - Security: All file, directory, user, and group settings are now stored in a separate cups-files.conf configuration file that cannot be set through the CUPS web interface or APIs (STR #4223) - Added a Czech localization (STR #4201) - Added a French localization (STR #4247) - Added a Russian localization (STR #4228, STR #4285) - Updated the Catalan localization (STR #4202) - Local certificate authentication did not guard against an empty certification file (STR #4293) - The scheduler did not reject device URIs with spaces. - Added USB quirk rule for Epson Stylus Photo 750 (STR #4286) - The IPP backend could crash if the printer disconnects early (STR #4284) - cupsGetPPD did not work with statically-configured CUPS shared queues (STR #4178) - The scheduler did not support long MIME media types (STR #4270) - The cupsfilter command did not set the CHARSET environment variable for the text filters (STR #4273) - The lp command did not show errors for unknown "--foo" (STR #4261) - Bad IPP responses could crash ipptool (STR #4262) - Updated USB quirk rules for Canon and Xerox printers (STR #4217, STR #4263) - Added USB blacklisting for printers that require a custom backend (STR #4218) - The PPD compiler did not correctly JCL options (STR #4115, STR #4203) - The ipptool program now supports DEFINE-MATCH and DEFINE-NO-MATCH predicates for STATUS directives. - Fixed a problem with local Kerberos authentication (STR #4140) - Coverity scan: fixed some minor issues (STR #4242) - The scheduler did not remove color profiles after deleting a printer (STR #4232, STR #4276) - The CUPS library did not always detect a timed out connection to the server which could cause temporary loss of printing from applications (STR #4187) - The ipptool program now supports variable substitution in OPERATION and DELAY directives (STR #4175) - The IPP backend now stops queues when the server configuration prevents successful job submission (STR #4125) - The XML output of ipptool contained empty dictionaries (STR #4136) - The scheduler did not delete job control backup files (STR #4244) - cupsGetPPD3 could return a local PPD instead of the correct remote PPD. - The scheduler incorrectly advertised auth-info-required for local queues needing local authentication (STR #4205) - CUPS 1.6 clients using the ServerName directive in client.conf did not work with CUPS 1.3.x or older servers (STR #4231, STR #4291) - The SNMP backend now tries to work around broken printers that use a newline to separate key/value pairs. - The IPP backend did not send a cancel request to printers when a job was canceled and the printer did not support Create-Job. - Fixed EPM packaging files (STR #4199) - OpenBSD build fix (STR #4195, STR #4196, STR #4197) - The scheduler could crash when using Avahi (STR #4183, STR #4192, STR #4200, STR #4213) - The IPP backend could get stuck in an endless loop on certain network errors (STR #4194) - 32-bit builds failed on Debian (STR #4133) - The scheduler no longer accepts or sends job description attributes. - The IPP backend now works around some conformance issues for broken printers (STR #4190) - cupsBackendReport() now filters out all control characters from the reported 1284 device IDs (STR #4124) - The scheduler no longer allows job-name values that are not valid network Unicode strings (STR #4072) - The web interface did not preserve the order of classes, jobs, or printers (STR #4170) - The network backends now support disabling of SNMP supply level queries via the "snmp" URI option (STR #4106) - The IPP backend did not specify the compression used (STR #4181) - ipptool did not support octetString values. - The scheduler did not recognize dnssd: or ipps: URIs as Bonjour shared queues (STR #4158) - Applications could not get the PPD file for statically-configured Bonjour-shared print queues (STR #4159) - The cupsd.conf file included obsolete browsing directives (STR #4157) - Fixed a USB backend compatibility issue on systems using libusb (STR #4155, STR #4191) - Some Bonjour features were not available on systems with Avahi (STR #4156) - CUPS now includes the port number in the Host: header for HTTP requests. - Fixed REPEAT-MATCH for STATUS and EXPECT - was incorrectly erroring out. CHANGES IN CUPS V1.6.1 - Documentation fix (STR #4149) - RPM packaging fixes (STR #4129, #4145) - The Japanese and English web interface headers were swapped (STR #4148) CHANGES IN CUPS V1.6.0 - Document changes (STR #4131) - Added new Catalan (STR #4107) and Spanish (STR #4137) localizations. CHANGES IN CUPS V1.6rc1 - Added a new Japanese localization (STR #4122) - The SNMP backend no longer exits if it is unable to obtain an IPv6 socket (STR #4109) - The LPD backend incorrectly used "localhost" in the control file instead of the current hostname. CHANGES IN CUPS V1.6b1 - Documentation updates (STR #3927, STR #3980, STR #4010, STR #4068) - The scheduler now consolidates all PPD updates from filters at the end of the job (STR #4075) - CUPS now supports color management using colord (STR #3808) - CUPS now supports Bonjour using Avahi (STR #3066) - The PreserveJobFiles and PreserveJobHistory directives now support specification of a time interval (STR #3143) - PPD files can now be archived in (gzip'd) tar files to further reduce the disk space used by PPD files (STR #3772) - The network backends now deal with printers that report their levels in percent but do not specify a maximum capacity of 100 (STR #3551) - The network backends now report full/almost-full waste bins in printers along with end-of-life for cleaning pads (STR #4017) - Added a configure option to set the permissions of the installed cupsd (STR #3459) - Added a new WITH-ALL-VALUES directive to ipptool EXPECT predicates (STR #3949) - CUPS now supports a User directive in client.conf and the CUPS_USER environment variable for overriding the default username (STR #3114) - Now set the PJL USERNAME variable as needed (STR #3100) - Added support for usernames and passwords longer than 32 characters (STR #2856) - Added a new MaxHoldTime directive to automatically cancel jobs that have been held indefinitely after a specific number of seconds (STR #2291) - The LPD backend now uses the originating host name when it is not the local system (STR #2053) - CUPS now prefers the suffix "dpcm" when reporting resolution in dots- per-centimeter (STR #4006) - The configure script and build system no longer support building of separate 32-bit and 64-bit libraries. - The "brightness", "columns", "fitplot", "gamma", "hue", "natural-scaling", "penwidth", "position", "ppi", "saturation", and "scaling" options are not longer supported (STR #4010) - The "page-bottom", "page-left", "page-right", "page-top", "prettyprint", and "wrap" options have been deprecated (STR #4010) - The scheduler now reports the standard "number-of-documents" attribute instead of the CUPS-specific "document-count" attribute in job objects. - Added new destination connection and enumeration functions (STR #3924) - Added new option, localization, and job submission functions that do not depend on PPD files (STR #3925) - Added a new MaxJobTime directive for cupsd that specifies the maximum amount of time allowed for a job to complete before it is canceled. - The default password callback now supports passwords up to 127 characters. - The scheduler now supports a DefaultAuthType of "auto" to automatically choose between Basic (username/password) and Negotiate (Kerberos) authentication. - cupsSideChannelSNMPGet/Walk now support OIDs and values up to 64k in length. - CUPS no longer supports automatic remote printers or implicit classes via the CUPS, LDAP, or SLP protocols (STR #3922, STR #3923) - The PPD APIs are now deprecated and will be removed in a future version of CUPS (STR #3927) - The default IPP version for requests is now 2.0 (STR #3929) - The IPP APIs no longer expose the ipp_t or ipp_attribute_t structures and instead provide accessor functions (STR #3928) - The scheduler will no longer run programs with group write permission. - The PHP module has been removed (STR #3932) - The bannertops, commandtoescpx, commandtopclx, imagetops, imagetoraster, pdftops, rastertoescpx, rastertopclx, and texttops filters have been removed (STR #3930) - The serial and parallel backends have been removed (STR 3935) @ text @$NetBSD: patch-au,v 1.15 2011/12/21 08:57:11 sbd Exp $ --- scheduler/printers.c.orig 2011-06-15 00:46:13.000000000 +0000 +++ scheduler/printers.c @@@@ -80,6 +80,9 @@@@ # include #endif /* __APPLE__ */ +#if defined(HAVE_STATVFS) && ( defined(__NetBSD__) || defined(__sun) ) +#undef HAVE_STATFS +#endif /* * Local functions... @ 1.15 log @Don't use statfs() on SunOS (PR#44453). @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.14 2011/11/13 21:49:17 sbd Exp $ @ 1.14 log @Update to cups-1.5.0 -------------------- CHANGES IN CUPS V1.5.0 - Documentation updates. - Localization update (STR #3865) - Needed to limit TLS to v1.0 on some versions of Mac OS X. - The snmp backend did not work with some printers. CHANGES IN CUPS V1.5rc1 - Compile fixes (STR #3849, STR #3850) - The scheduler didn't check for empty values for several configuration directives (STR #3861) - ipptool didn't generate valid XML when a test was skipped. - Added additional error checking to the 1284 device ID code (STR #3858) - Fixed some compatibility issues migrating from the old usblp backend to the libusb backend (STR #3860) - Fixed the wake-from-sleep printing behavior on Mac OS X. - The scheduler incorrectly allowed jobs to be held from a terminating state. - The cups-driverd program could crash when a PPD was renamed. - The dnssd backend took too long to discover printers on large or busy networks with the new default timeout used by lpinfo and the web interface. This resulted in "lost" printers. CHANGES IN CUPS V1.5b2 - Documentation updates. - Localization updates (STR #3845) - Compiler warning cleanup. - Fixed PIE support for Linux (STR #3846) - Made httpSetTimeout API public and use it in the IPP backend to avoid timeout errors. - The scheduler incorrectly set the "authenticated" printer-type bit for remote queues using authentication. CHANGES IN CUPS V1.5b1 - The CUPS library now supports per-connection HTTP timeouts and callbacks. - The CUPS library now supports (limited) SSL/TLS X.509 certificate validation and revocation (STR #1616) - Updated the PostScript filter to support IncludeFeature in more circumstances (STR #3417) - The schedule did not correctly parse some IPv6 addresses and masks in the cupsd.conf file (STR #3533) - Fixed a case-insensitive string comparison issue for locales that do not treat "I" and "i" as equivalent (STR #3800) - The scheduler reported an incorrect job-printer-uri value when sharing was not enabled (STR #3639) - The scheduler now allows the ServerAlias directive to contain multiple hostnames separated by spaces or commas (STR #3813) - The scheduler now sets the process group for child processes and manages the group (STR #2829) - Fixed some minor issues discovered by a Coverity scan (STR #3838) - The scheduler now more carefully creates and removes configuration, cache, and state files (STR #3715) - The lpadmin command now allows default option values to be deleted (STR #2959) - The lpadmin command now allows the cupsIPPSupplies and cupsSNMPSupplies keywords to be set in a PPD file (STR #3825) - Moving a held job no longer releases it (STR #3839) - Restored support for GNU TLS and OpenSSL with threading enabled (STR #3605) - Fixed a confusing error message from cups-polld (STR #3806) - Increased the default RIPCache value to 128MB (STR #3535) - MIME errors are now routed to the error_log file (STR #2410) - Updated PDF filter to support new Ghostscript ps2write device (STR #3766) - Updated PDF filter to support new Poppler option to preserve page sizes in PDF files when the user has not selected a particular media size (STR #3689) - Added new PWG Raster filter for IPP Everywhere printer support. - Added job-uuid, printer-uuid, and subscription-uuid attributes. - Added support for the cupsSingleFile PPD keyword. - Dropped support for the printer-state-history attribute (STR #3654) - Added support for a new cupsIPPSupplies keyword in PPD files to allow drivers to disable IPP supply level reporting. - Added support for a new cupsFilter2 keyword in PPD files to allow for the propagation of the actual MIME media type produced by a filter. - The scheduler did not always get the correct Kerberos username when authenticating (STR #3670) - Added new cupsRasterOpenIO function and CUPS_RASTER_WRITE_PWG to the CUPS imaging library to support printing to IPP Everywhere raster printers. - The scheduler now provides default values for the pages-per-minute and pages-per-minute-color attributes for PPD files that lack a Throughput keyword. - Email notifications did not work on Mac OS X. - The cupstestppd program now shows an error for files missing a CloseGroup keyword (STR #3668) - Name resolution errors no longer cause queues to stop (STR #3719, STR #3753) - Added a new cups-exec helper program that applies security profiles to filters, port monitors, backends, CGI programs, and mini-daemons. - The web interface can now be disabled using the WebInterface directive in cupsd.conf (STR #2625) - The scheduler now provides privacy controls for jobs and subscriptions (STR #2969) - Added new cupsArrayNew3 API which offers memory management of array elements. - Added several new color spaces to the CUPS raster format (STR #3419) - The Validate-Job operation now uses the same policy as Print-Job by default. - CUPS now uses iconv to implement all of its character encoding support (STR #3097) - The scheduler now implements the Cancel-Jobs, Cancel-My-Jobs, and Close-Job operations along with the job-ids operation attribute from PWG 5100.11. - The main CUPS header () no longer includes the PPD header (). - The scheduler and CUPS API now support the print-quality job template attribute. - The scheduler no longer supports the old Mac OS X Server quota plugin. - The scheduler now allows writing to /Users/Shared from print filters on Mac OS X. - CUPS no longer supports the old ~/.cupsrc or ~/.lpoptions files from CUPS 1.1.x. The ~/.cups/client.conf and ~/.cups/lpoptions files that were introduced in CUPS 1.2 must now be used. - The ipptest tool is now a first-class user program and has several improvements along with new documentation (STR #3484) - The cupstestppd tool now warns about non-unique filenames and provides a way to ignore all filename warnings. - Dropped support for the recoverable: and recovered: message prefixes. - The scheduler now requires that filters and backends have group write permissions disabled. - The PPD compiler now checks for overlapping filenames when writing PPD files. - The HP-GL/2 filter is no longer included with CUPS (STR #3322) - The SCSI backend is no longer included with CUPS (STR #3500) @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.13 2011/01/19 17:09:20 drochner Exp $ d9 1 a9 1 +#if defined(HAVE_STATVFS) && defined(__NetBSD__) @ 1.13 log @build fix: on semi-new NetBSD, statfs() is present in libc for binary compatibility and thus found by autoconf, but the API was removed. Don't try to use it. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- scheduler/printers.c.orig 2010-09-22 18:35:07.000000000 +0000 d5 3 a7 3 @@@@ -81,6 +81,9 @@@@ # include #endif /* HAVE_SYS_VFS_H */ @ 1.12 log @Upgrade cups to version 1.3.9 in order to fix CVE-2008-3639, CVE-2008-3640 and CVE-2008-3641. Also, it fixes a ton of bugs and has portability enhancements. Full list of changes: - SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911) - SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918) - SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919) - Documentation updates (STR #2904, STR #2944) - The French web admin page was never updated (STR #2963) - The IPP backend did not retry print jobs when the printer reported itself as busy or unavailable (STR #2951) - The "Set Allowed Users" web interface did not handle trailing whitespace correctly (STR #2956) - The PostScript filter did not work with Adobe applications using custom page sizes (STR #2968) - The Mac OS X USB backend did not work with some printers that reported a bad 1284 device ID. - The scheduler incorrectly resolved the client connection address when HostNameLookups was set to Off (STR #2946) - The IPP backend incorrectly stopped the local queue if the remote server reported the "paused" state. - The cupsGetDests() function did not catch all types of request errors. - The scheduler did not always log "job queued" messages (STR #2943) - The scheduler did not support destination filtering using the printer-location attribute properly (STR #2945) - The scheduler did not send the server-started, server-restarted, or server-stopped events (STR #2927) - The scheduler no longer enforces configuration file permissions on symlinked files (STR #2937) - CUPS now reinitializes the DNS resolver on failures (STR #2920) - The CUPS desktop menu item was broken (STR #2924) - The PPD parser was too strict about missing keyword values in "relaxed" mode. - The PostScript filter incorrectly mirrored landscape documents. - The scheduler did not correctly update the auth-info-required value(s) if the AuthType was Default. - The scheduler required Kerberos authentication for all operations on remote Kerberized printers instead of just for the operations that needed it. - The socket backend could wait indefinitely for back- channel data with some devices. - PJL panel messages were not reset correctly on older printers (STR #2909) - cupsfilter used the wrong default path (STR #2908) - Fixed address matching for "BrowseAddress @@IF(name)" (STR #2910) - Fixed compiles on AIX. - Firefox 3 did not work with the CUPS web interface in SSL mode (STR #2892) - Custom options with multiple parameters were not emitted correctly. - Refined the cupstestppd utility. - ppdEmit*() did not support custom JCL options (STR #2889) - The cupstestppd utility incorrectly reported missing "en" base translations (STR #2887) - Documentation updates (STR #2785, STR #2861, STR #2862) - The scheduler did not add the ending job sheet when the job was released. - The IPP backend did not relay marker-* attributes. - The CUPS GNOME/KDE menu item was not localized for Chinese (STR #2880) - The CUPS GNOME/KDE menu item was not localized for Japanese (STR #2876) - The cupstestppd utility reported mixed line endings for Mac OS and Windows PPD files (STR #2874) - The pdftops filter did not print landscape orientation PDF pages correctly on all printers (STR #2850) - The scheduler did not handle expiring of implicit classes or their members properly, leading to a configuration where one of the members would have a short name (STR #2766) - The scheduler and cupstestppd utilities did not support cupsFilter and cupsPreFilter programs with spaces in their names (STR #2866) - Removed unused variables and assignments found by the LLVM "clang" tool. - Added NULL checks recommended by the LLVM "clang" tool. - The scheduler would crash if you started a printer that pointed to a backend that did not exist (STR #2865) - The ppdLocalize functions incorrectly mapped all generic locales to country-specific locales. - The cups-driverd program did not support Simplified Chinese or Traditional Chinese language version strings (STR #2851) - Added an Indonesian translation (STR #2792) - Fixed a timing issue in the backends that could cause data corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel command (STR #2858) - The scheduler did not support "HostNameLookups" with all of the boolean names (STR #2861) - Fixed a compile problem with glibc 2.8 (STR #2860) - The PostScript filter did not support %%IncludeFeature lines in the page setup section of each page (STR #2831) - The scheduler did not generate printer-state events when the default printer was changed (STR #2764) - cupstestppd incorrectly reported a warning about the PPD format version in some locales (STR #2854) - cupsGetPPD() and friends incorrectly returned a PPD file for a class with no printers. - The member-uris values for local printers in a class returned by the scheduler did not reflect the connected hostname or port. - The CUPS PHP extension was not thread-safe (STR #2828) - The scheduler incorrectly added the document-format-default attribute to the list of "common" printer attributes, which over time would slow down the printing system (STR #2755, STR #2836) - The cups-deviced and cups-driverd helper programs did not set the CFProcessPath environment variable on Mac OS X (STR #2837) - "lpstat -p" could report the wrong job as printing (STR #2845) - The scheduler would crash when some cupsd.conf directives were missing values (STR #2849) - The web interface "move jobs" operation redirected users to the wrong URL (STR #2815) - The Polish web interface translation contained errors (STR #2815) - The scheduler did not report PostScript printer PPDs with filters as PostScript devices. - The scheduler did not set the job document-format attribute for jobs submitted using Create-Job and Send-Document. - cupsFileTell() did not work for log files opened in append mode (STR #2810) - The scheduler did not set QUERY_STRING all of the time for CGI scripts (STR #2781, STR #2816) - The scheduler now returns an error for bad job-sheets values (STR #2775) - Authenticated remote printing did not work over domain sockets (STR #2750) - The scheduler incorrectly logged errors for print filters when a job was canceled (STR #2806, #2808) - The scheduler no longer allows multiple RSS subscriptions with the same URI (STR #2789) - The scheduler now supports Kerberized printing with multiple server names (STR #2783) - "Satisfy any" did not work in IPP policies (STR #2782) - The CUPS imaging library would crash with very large images - more than 16Mx16M pixels (STR #2805) - The PNG image loading code would crash with large images (STR #2790) - The scheduler did not limit the total number of filters. - The scheduler now ensures that the RSS directory has the correct permissions. - The RSS notifier did not quote the feed URL in the RSS file it created (STR #2801) - The web interface allowed the creation and cancellation of RSS subscriptions without a username (STR #2774) - Increased the default MaxCopies value on Mac OS X to 9999 to match the limit imposed by the print dialog. - The scheduler did not reject requests with an empty Content-Length field (STR #2787) - The scheduler did not log the current date and time and did not escape special characters in request URIs when logging bad requests to the access_log file (STR #2788) @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.11 2008/04/15 17:26:23 drochner Exp $ d3 5 a7 14 --- ./filter/image-png.c.orig 2007-07-11 23:46:42.000000000 +0200 +++ ./filter/image-png.c @@@@ -3,7 +3,7 @@@@ * * PNG image routines for the Common UNIX Printing System (CUPS). * - * Copyright 2007 by Apple Inc. + * Copyright 2007-2008 by Apple Inc. * Copyright 1993-2007 by Easy Software Products. * * These coded instructions, statements, and computer programs are the @@@@ -170,16 +170,56 @@@@ _cupsImageReadPNG( * Interlaced images must be loaded all at once... */ d9 3 a11 33 + size_t bufsize; /* Size of buffer */ + + if (color_type == PNG_COLOR_TYPE_GRAY || color_type == PNG_COLOR_TYPE_GRAY_ALPHA) - in = malloc(img->xsize * img->ysize); + { + bufsize = img->xsize * img->ysize; + + if ((bufsize / img->ysize) != img->xsize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); + fclose(fp); + return (1); + } + } else - in = malloc(img->xsize * img->ysize * 3); + { + bufsize = img->xsize * img->ysize * 3; + + if ((bufsize / (img->ysize * 3)) != img->xsize) + { + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", + (unsigned)width, (unsigned)height); + fclose(fp); + return (1); + } + } + + in = malloc(bufsize); } d13 2 a14 21 bpp = cupsImageGetDepth(img); out = malloc(img->xsize * bpp); + if (!in || !out) + { + fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr); + + if (in) + free(in); + + if (out) + free(out); + + fclose(fp); + + return (1); + } + /* * Read the image, interlacing as needed... */ @ 1.11 log @fix a possible integer overflow in buffer size calculation, from upstream, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.11.8.1 log @pullup ticket #2574 - requested by bouyer cups: update package for security and bug fixes revisions pulled up: cvs rdiff -r1.135 -r1.136 pkgsrc/print/cups/Makefile cvs rdiff -r1.24 -r1.25 pkgsrc/print/cups/PLIST cvs rdiff -r1.56 -r1.57 pkgsrc/print/cups/distinfo cvs rdiff -r1.11 -r0 pkgsrc/print/cups/patches/patch-au Modified Files: pkgsrc/print/cups: Makefile PLIST distinfo Removed Files: pkgsrc/print/cups/patches: patch-au Log Message: Upgrade cups to version 1.3.9 in order to fix CVE-2008-3639, CVE-2008-3640 and CVE-2008-3641. Also, it fixes a ton of bugs and has portability enhancements. Full list of changes: - SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911) - SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918) - SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919) - Documentation updates (STR #2904, STR #2944) - The French web admin page was never updated (STR #2963) - The IPP backend did not retry print jobs when the printer reported itself as busy or unavailable (STR #2951) - The "Set Allowed Users" web interface did not handle trailing whitespace correctly (STR #2956) - The PostScript filter did not work with Adobe applications using custom page sizes (STR #2968) - The Mac OS X USB backend did not work with some printers that reported a bad 1284 device ID. - The scheduler incorrectly resolved the client connection address when HostNameLookups was set to Off (STR #2946) - The IPP backend incorrectly stopped the local queue if the remote server reported the "paused" state. - The cupsGetDests() function did not catch all types of request errors. - The scheduler did not always log "job queued" messages (STR #2943) - The scheduler did not support destination filtering using the printer-location attribute properly (STR #2945) - The scheduler did not send the server-started, server-restarted, or server-stopped events (STR #2927) - The scheduler no longer enforces configuration file permissions on symlinked files (STR #2937) - CUPS now reinitializes the DNS resolver on failures (STR #2920) - The CUPS desktop menu item was broken (STR #2924) - The PPD parser was too strict about missing keyword values in "relaxed" mode. - The PostScript filter incorrectly mirrored landscape documents. - The scheduler did not correctly update the auth-info-required value(s) if the AuthType was Default. - The scheduler required Kerberos authentication for all operations on remote Kerberized printers instead of just for the operations that needed it. - The socket backend could wait indefinitely for back- channel data with some devices. - PJL panel messages were not reset correctly on older printers (STR #2909) - cupsfilter used the wrong default path (STR #2908) - Fixed address matching for "BrowseAddress @@IF(name)" (STR #2910) - Fixed compiles on AIX. - Firefox 3 did not work with the CUPS web interface in SSL mode (STR #2892) - Custom options with multiple parameters were not emitted correctly. - Refined the cupstestppd utility. - ppdEmit*() did not support custom JCL options (STR #2889) - The cupstestppd utility incorrectly reported missing "en" base translations (STR #2887) - Documentation updates (STR #2785, STR #2861, STR #2862) - The scheduler did not add the ending job sheet when the job was released. - The IPP backend did not relay marker-* attributes. - The CUPS GNOME/KDE menu item was not localized for Chinese (STR #2880) - The CUPS GNOME/KDE menu item was not localized for Japanese (STR #2876) - The cupstestppd utility reported mixed line endings for Mac OS and Windows PPD files (STR #2874) - The pdftops filter did not print landscape orientation PDF pages correctly on all printers (STR #2850) - The scheduler did not handle expiring of implicit classes or their members properly, leading to a configuration where one of the members would have a short name (STR #2766) - The scheduler and cupstestppd utilities did not support cupsFilter and cupsPreFilter programs with spaces in their names (STR #2866) - Removed unused variables and assignments found by the LLVM "clang" tool. - Added NULL checks recommended by the LLVM "clang" tool. - The scheduler would crash if you started a printer that pointed to a backend that did not exist (STR #2865) - The ppdLocalize functions incorrectly mapped all generic locales to country-specific locales. - The cups-driverd program did not support Simplified Chinese or Traditional Chinese language version strings (STR #2851) - Added an Indonesian translation (STR #2792) - Fixed a timing issue in the backends that could cause data corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel command (STR #2858) - The scheduler did not support "HostNameLookups" with all of the boolean names (STR #2861) - Fixed a compile problem with glibc 2.8 (STR #2860) - The PostScript filter did not support %%IncludeFeature lines in the page setup section of each page (STR #2831) - The scheduler did not generate printer-state events when the default printer was changed (STR #2764) - cupstestppd incorrectly reported a warning about the PPD format version in some locales (STR #2854) - cupsGetPPD() and friends incorrectly returned a PPD file for a class with no printers. - The member-uris values for local printers in a class returned by the scheduler did not reflect the connected hostname or port. - The CUPS PHP extension was not thread-safe (STR #2828) - The scheduler incorrectly added the document-format-default attribute to the list of "common" printer attributes, which over time would slow down the printing system (STR #2755, STR #2836) - The cups-deviced and cups-driverd helper programs did not set the CFProcessPath environment variable on Mac OS X (STR #2837) - "lpstat -p" could report the wrong job as printing (STR #2845) - The scheduler would crash when some cupsd.conf directives were missing values (STR #2849) - The web interface "move jobs" operation redirected users to the wrong URL (STR #2815) - The Polish web interface translation contained errors (STR #2815) - The scheduler did not report PostScript printer PPDs with filters as PostScript devices. - The scheduler did not set the job document-format attribute for jobs submitted using Create-Job and Send-Document. - cupsFileTell() did not work for log files opened in append mode (STR #2810) - The scheduler did not set QUERY_STRING all of the time for CGI scripts (STR #2781, STR #2816) - The scheduler now returns an error for bad job-sheets values (STR #2775) - Authenticated remote printing did not work over domain sockets (STR #2750) - The scheduler incorrectly logged errors for print filters when a job was canceled (STR #2806, #2808) - The scheduler no longer allows multiple RSS subscriptions with the same URI (STR #2789) - The scheduler now supports Kerberized printing with multiple server names (STR #2783) - "Satisfy any" did not work in IPP policies (STR #2782) - The CUPS imaging library would crash with very large images - more than 16Mx16M pixels (STR #2805) - The PNG image loading code would crash with large images (STR #2790) - The scheduler did not limit the total number of filters. - The scheduler now ensures that the RSS directory has the correct permissions. - The RSS notifier did not quote the feed URL in the RSS file it created (STR #2801) - The web interface allowed the creation and cancellation of RSS subscriptions without a username (STR #2774) - Increased the default Maxpies value on Mac OS X to 9999 to match the limit imposed by the print dialog. - The scheduler did not reject requests with an empty Content-Length field (STR #2787) - The scheduler did not log the current date and time and did not escape specicharacters in request URIs when logging bad requests to the access_log file (STR #2788) @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.11 2008/04/15 17:26:23 drochner Exp $ @ 1.10 log @Update cups to 1.3.5 Adds dns-sd support and Negotiate authentication (kerberos) various bug fixes. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.9 2007/11/05 20:16:19 adrianp Exp $ d3 70 a72 153 # CVE-2007-4351 --- cups/ipp.c.orig 2007-02-05 20:25:50.000000000 +0000 +++ cups/ipp.c @@@@ -1315,6 +1315,12 @@@@ ippReadIO(void *src, /* I - Data { case IPP_TAG_INTEGER : case IPP_TAG_ENUM : + if (n != 4) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 4) < 4) { DEBUG_puts("ippReadIO: Unable to read integer value!"); @@@@ -1327,6 +1333,12 @@@@ ippReadIO(void *src, /* I - Data value->integer = n; break; case IPP_TAG_BOOLEAN : + if (n != 1) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 1) < 1) { DEBUG_puts("ippReadIO: Unable to read boolean value!"); @@@@ -1344,6 +1356,12 @@@@ ippReadIO(void *src, /* I - Data case IPP_TAG_CHARSET : case IPP_TAG_LANGUAGE : case IPP_TAG_MIMETYPE : + if (n >= sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, n) < n) { DEBUG_puts("ippReadIO: unable to read name!"); @@@@ -1356,6 +1374,12 @@@@ ippReadIO(void *src, /* I - Data value->string.text)); break; case IPP_TAG_DATE : + if (n != 11) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, value->date, 11) < 11) { DEBUG_puts("ippReadIO: Unable to date integer value!"); @@@@ -1363,6 +1387,12 @@@@ ippReadIO(void *src, /* I - Data } break; case IPP_TAG_RESOLUTION : + if (n != 9) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 9) < 9) { DEBUG_puts("ippReadIO: Unable to read resolution value!"); @@@@ -1379,6 +1409,12 @@@@ ippReadIO(void *src, /* I - Data (ipp_res_t)buffer[8]; break; case IPP_TAG_RANGE : + if (n != 8) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 8) < 8) { DEBUG_puts("ippReadIO: Unable to read range value!"); @@@@ -1394,7 +1430,7 @@@@ ippReadIO(void *src, /* I - Data break; case IPP_TAG_TEXTLANG : case IPP_TAG_NAMELANG : - if (n > sizeof(buffer) || n < 4) + if (n >= sizeof(buffer) || n < 4) { DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); return (IPP_ERROR); @@@@ -1420,22 +1456,27 @@@@ ippReadIO(void *src, /* I - Data n = (bufptr[0] << 8) | bufptr[1]; - if (n >= sizeof(string)) + if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)) || + n >= sizeof(string)) { - memcpy(string, bufptr + 2, sizeof(string) - 1); - string[sizeof(string) - 1] = '\0'; + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); } - else - { - memcpy(string, bufptr + 2, n); - string[n] = '\0'; - } + + memcpy(string, bufptr + 2, n); + string[n] = '\0'; value->string.charset = _cupsStrAlloc((char *)string); bufptr += 2 + n; n = (bufptr[0] << 8) | bufptr[1]; + if ((bufptr + 2 + n) >= (buffer + sizeof(buffer))) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + bufptr[2 + n] = '\0'; value->string.text = _cupsStrAlloc((char *)bufptr + 2); break; @@@@ -1477,6 +1518,12 @@@@ ippReadIO(void *src, /* I - Data * we need to carry over... */ + if (n >= sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, n) < n) { DEBUG_puts("ippReadIO: Unable to read member name value!"); @@@@ -1498,6 +1545,12 @@@@ ippReadIO(void *src, /* I - Data break; default : /* Other unsupported values */ + if (n > sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + value->unknown.length = n; if (n > 0) { @ 1.9 log @Fix for CVE-2007-4351 PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ @ 1.8 log @Update cups to 1.2.11 CUPS 1.2.11 fixes several build system, printing, PPD, and IPP conformance issues. It also fixes a crash bug in the scheduler when printing to files in non-existent directories. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.7 2007/04/03 15:23:23 gdt Exp $ d3 1 a3 1 This has been filed upstream as: d5 151 a155 16 http://www.cups.org/str.php?L2324 --- backend/usb-unix.c.orig 2007-02-20 08:41:07.000000000 -0500 +++ backend/usb-unix.c @@@@ -90,6 +90,11 @@@@ print_device(const char *uri, /* I - De strcasecmp(hostname, "Konica Minolta") && strcasecmp(hostname, "Minolta"); +#ifdef __NetBSD__ + /* XXX Use configure test to see if reading from ulpt(4) works. */ + use_bc = 0; +#endif + if ((device_fd = open_device(uri, &use_bc)) == -1) { if (getenv("CLASS") != NULL) @ 1.8.4.1 log @Pullup ticket 2233 - requested by adrianp security fix for cups - pkgsrc/print/cups/Makefile 1.127-1.128 - pkgsrc/print/cups/distifno 1.53 - pkgsrc/print/cups/patches/patch-au 1.9 Module Name: pkgsrc Committed By: dsainty Date: Mon Oct 22 11:56:46 UTC 2007 Modified Files: pkgsrc/print/cups: Makefile Log Message: Fix the output of "cups-config --ldflags" to output "-Wl,-R/usr/pkg" like other config scripts do. Bump PKGREVISION since client software may not correctly build or run without this fix. --- Module Name: pkgsrc Committed By: adrianp Date: Mon Nov 5 20:16:19 UTC 2007 Modified Files: pkgsrc/print/cups: Makefile distinfo Added Files: pkgsrc/print/cups/patches: patch-au Log Message: Fix for CVE-2007-4351 PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 # CVE-2007-4351 d5 16 a20 151 --- cups/ipp.c.orig 2007-02-05 20:25:50.000000000 +0000 +++ cups/ipp.c @@@@ -1315,6 +1315,12 @@@@ ippReadIO(void *src, /* I - Data { case IPP_TAG_INTEGER : case IPP_TAG_ENUM : + if (n != 4) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 4) < 4) { DEBUG_puts("ippReadIO: Unable to read integer value!"); @@@@ -1327,6 +1333,12 @@@@ ippReadIO(void *src, /* I - Data value->integer = n; break; case IPP_TAG_BOOLEAN : + if (n != 1) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 1) < 1) { DEBUG_puts("ippReadIO: Unable to read boolean value!"); @@@@ -1344,6 +1356,12 @@@@ ippReadIO(void *src, /* I - Data case IPP_TAG_CHARSET : case IPP_TAG_LANGUAGE : case IPP_TAG_MIMETYPE : + if (n >= sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, n) < n) { DEBUG_puts("ippReadIO: unable to read name!"); @@@@ -1356,6 +1374,12 @@@@ ippReadIO(void *src, /* I - Data value->string.text)); break; case IPP_TAG_DATE : + if (n != 11) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, value->date, 11) < 11) { DEBUG_puts("ippReadIO: Unable to date integer value!"); @@@@ -1363,6 +1387,12 @@@@ ippReadIO(void *src, /* I - Data } break; case IPP_TAG_RESOLUTION : + if (n != 9) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 9) < 9) { DEBUG_puts("ippReadIO: Unable to read resolution value!"); @@@@ -1379,6 +1409,12 @@@@ ippReadIO(void *src, /* I - Data (ipp_res_t)buffer[8]; break; case IPP_TAG_RANGE : + if (n != 8) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, 8) < 8) { DEBUG_puts("ippReadIO: Unable to read range value!"); @@@@ -1394,7 +1430,7 @@@@ ippReadIO(void *src, /* I - Data break; case IPP_TAG_TEXTLANG : case IPP_TAG_NAMELANG : - if (n > sizeof(buffer) || n < 4) + if (n >= sizeof(buffer) || n < 4) { DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); return (IPP_ERROR); @@@@ -1420,22 +1456,27 @@@@ ippReadIO(void *src, /* I - Data n = (bufptr[0] << 8) | bufptr[1]; - if (n >= sizeof(string)) + if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)) || + n >= sizeof(string)) { - memcpy(string, bufptr + 2, sizeof(string) - 1); - string[sizeof(string) - 1] = '\0'; + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); } - else - { - memcpy(string, bufptr + 2, n); - string[n] = '\0'; - } + + memcpy(string, bufptr + 2, n); + string[n] = '\0'; value->string.charset = _cupsStrAlloc((char *)string); bufptr += 2 + n; n = (bufptr[0] << 8) | bufptr[1]; + if ((bufptr + 2 + n) >= (buffer + sizeof(buffer))) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + bufptr[2 + n] = '\0'; value->string.text = _cupsStrAlloc((char *)bufptr + 2); break; @@@@ -1477,6 +1518,12 @@@@ ippReadIO(void *src, /* I - Data * we need to carry over... */ + if (n >= sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + if ((*cb)(src, buffer, n) < n) { DEBUG_puts("ippReadIO: Unable to read member name value!"); @@@@ -1498,6 +1545,12 @@@@ ippReadIO(void *src, /* I - Data break; default : /* Other unsupported values */ + if (n > sizeof(buffer)) + { + DEBUG_printf(("ippReadIO: bad value length %d!\n", n)); + return (IPP_ERROR); + } + value->unknown.length = n; if (n > 0) { @ 1.7 log @Note that USB driver "use_bc=0" patch has been filed as a bug with cups.org. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.6 2007/04/02 12:11:01 gdt Exp $ @ 1.6 log @Add patch to disable the use of the back channel for USB on NetBSD. This is based on a suggestion by Yorick Hardy, who reports that it improved behavior. Without the patch, the cups usb driver tries to read status from ulpt(4) (for most printers), and this results in no output. @ text @d1 5 a5 1 $NetBSD$ @ 1.5 log @Update cups to 1.2.8 ok'ed jlam a while back. CUPS 1.2.8 adds a French localization, updates the Japanese and Spanish localizations, and fixes several web interface, printing, and networking bugs. CUPS 1.2.7 adds several Mac OS X improvements, implements timeouts in the SSL negotiation code, and fixes the bounding box generated by the PostScript filter, bidirectional support in the USB backend, and another case where the lpstat command could hang. CUPS 1.2.6 fixes some compile errors, localization of the web interface on Mac OS X, bugs in the lpc and lpstat commands, and backchannel support in the parallel backend. CUPS 1.2.5 fixes minor printing, networking, and documentation issues and adds support for older versions of DBUS and a translation for Estonian. CUPS 1.2.4 fixes a number of web interface, scheduler, and CUPS API issues. CUPS 1.2.3 fixes a number of web interface, networking, remote printing, and CUPS API issues. CUPS 1.2.2 fixes several build, platform, notification, and printing bugs. CUPS 1.2.1 fixes several build, platform, and printing bugs. CUPS 1.2.0 is the first stable feature release in the 1.2.x series and includes over 90 new features and changes since CUPS 1.1.23, including a greatly improved web interface and "plug-and-print" support for many local and network printers. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.4 2005/03/02 18:33:02 drochner Exp $ d3 5 a7 3 --- pdftops/XRef.cxx.orig 2004-10-13 22:55:53.000000000 +0200 +++ pdftops/XRef.cxx @@@@ -76,7 +76,7 @@@@ XRef::XRef(BaseStream *strA, GString *ow d9 8 a16 44 // trailer is ok - read the xref table } else { - if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { + if (size*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != size) { error(-1, "Invalid 'size' inside xref table."); ok = gFalse; errCode = errDamaged; @@@@ -291,7 +291,7 @@@@ GBool XRef::readXRef(Guint *pos) { // table size if (first + n > size) { newSize = first + n; - if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { error(-1, "Invalid 'newSize'"); goto err2; } @@@@ -445,7 +445,7 @@@@ GBool XRef::constructXRef() { if (!strncmp(p, "obj", 3)) { if (num >= size) { newSize = (num + 1 + 255) & ~255; - if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { error(-1, "Invalid 'obj' parameters."); return gFalse; } @@@@ -470,7 +470,7 @@@@ GBool XRef::constructXRef() { } else if (!strncmp(p, "endstream", 9)) { if (streamEndsLen == streamEndsSize) { streamEndsSize += 64; - if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { + if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) { error(-1, "Invalid 'endstream' parameter."); return gFalse; } @@@@ -527,6 +527,9 @@@@ GBool XRef::checkEncrypted(GString *owne } else { keyLength = 5; } + if (keyLength > 16) { + keyLength = 16; + } permFlags = permissions.getInt(); if (encVersion >= 1 && encVersion <= 2 && encRevision >= 2 && encRevision <= 3) { @ 1.4 log @Fix CAN-2005-0206: An overflow check introduced earlier (for CAN-2004-0888) was never triggered on 64-bit systems because 64-bit arithmetics was used there. Sprinkle some casts to int su that the overflow can happen. This fix is similar to the redhat one. The fix for similar code in print/teTeX-bin looks much cleaner, but since cups already contains the wrong redhad fix, I've chosen to stay close to the original. bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @apply the last xpdf security patch to the embedded pdftops filter which is based on xpdf, bump PKGREVISUIN @ text @d5 36 @ 1.2 log @Update CUPS to 1.1. Remove most of the patches; I worked closely with the author to make this package compile more seamlessly on BSD systems, and in particular with the NetBSD pkgsrc software collection. CUPS 1.1 is the newest production (stable) release of CUPS. It provides many new features from the 1.0.x releases, including a new Level 3 PostScript RIP, a new PDF filter, EPSON printer drivers, IPP/1.1 support, banner page support, and LPD client support. Binaries for several platforms are also available. Major changes in v1.1 include: - The text filter now embeds missing fonts. - Integrated Xpdf's pdftops filter into CUPS, which is a lightweight and reliable replacement for Ghostscript's PDF support. - The web administration interface now allows you to set the default banner pages. - Images can now be positioned on the page using the new "position" option. - Updated the serial, parallel, and usb backends to do multiple writes and ignore ioctl() errors as needed; this should fix problems with serial printing on old serial drivers and with the UltraSPARC parallel port driver under Solaris 2.7. - Now propagate LD_LIBRARY_PATH to child processes from cupsd. - Queued remote jobs recreate remote printers as needed when the scheduler is started. - Deleting a printer also purges all jobs on that printer. - Old job and control files that don't belong to a printer are automatically deleted. - cups-lpd now supports options set with lpoptions. - The IPP backend now switches to IPP/1.0 if a 1.1 request fails. @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.1 1999/11/29 02:18:54 jlam Exp $ d3 12 a14 20 --- scheduler/classes.c.orig Wed Sep 22 14:08:40 1999 +++ scheduler/classes.c Sun Nov 28 21:06:29 1999 @@@@ -300,7 +300,7 @@@@ * Open the classes.conf file... */ - sprintf(line, "%s/conf/classes.conf", ServerRoot); + sprintf(line, "%s/classes.conf", ConfRoot); if ((fp = fopen(line, "r")) == NULL) return; @@@@ -470,7 +470,7 @@@@ * Create the classes.conf file... */ - sprintf(temp, "%s/conf/classes.conf", ServerRoot); + sprintf(temp, "%s/classes.conf", ConfRoot); if ((fp = fopen(temp, "w")) == NULL) { LogMessage(LOG_ERROR, "Unable to save classes.conf - %s", strerror(errno)); @ 1.2.10.1 log @Pullup ticket 269 - requested by Johnny C. Lam security fix for cups Revisions pulled up: - pkgsrc/print/cups/Makefile 1.88 - pkgsrc/print/cups/distinfo 1.29 - pkgsrc/print/cups/patches/patch-au 1.3 Module Name: pkgsrc Committed By: drochner Date: Wed Jan 19 11:03:23 UTC 2005 Modified Files: pkgsrc/print/cups: Makefile distinfo Added Files: pkgsrc/print/cups/patches: patch-au Log Message: apply the last xpdf security patch to the embedded pdftops filter which is based on xpdf, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.3 2005/01/19 11:03:23 drochner Exp $ d3 20 a22 12 --- pdftops/XRef.cxx.orig 2004-10-13 22:55:53.000000000 +0200 +++ pdftops/XRef.cxx @@@@ -527,6 +527,9 @@@@ GBool XRef::checkEncrypted(GString *owne } else { keyLength = 5; } + if (keyLength > 16) { + keyLength = 16; + } permFlags = permissions.getInt(); if (encVersion >= 1 && encVersion <= 2 && encRevision >= 2 && encRevision <= 3) { @ 1.2.10.2 log @Pullup ticket 328 - requested by Lubomir Sedlacik security fix for cups Revisions pulled up: - pkgsrc/print/cups/Makefile 1.90 - pkgsrc/print/cups/distinfo 1.31 - pkgsrc/print/cups/patches/patch-au 1.4 - pkgsrc/print/cups/patches/patch-av 1.3 Module Name: pkgsrc Committed By: drochner Date: Wed Mar 2 18:33:02 UTC 2005 Modified Files: pkgsrc/print/cups: Makefile distinfo pkgsrc/print/cups/patches: patch-au Added Files: pkgsrc/print/cups/patches: patch-av Log Message: Fix CAN-2005-0206: An overflow check introduced earlier (for CAN-2004-0888) was never triggered on 64-bit systems because 64-bit arithmetics was used there. Sprinkle some casts to int su that the overflow can happen. This fix is similar to the redhat one. The fix for similar code in print/teTeX-bin looks much cleaner, but since cups already contains the wrong redhad fix, I've chosen to stay close to the original. bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: patch-au,v 1.4 2005/03/02 18:33:02 drochner Exp $ a4 36 @@@@ -76,7 +76,7 @@@@ XRef::XRef(BaseStream *strA, GString *ow // trailer is ok - read the xref table } else { - if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { + if (size*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != size) { error(-1, "Invalid 'size' inside xref table."); ok = gFalse; errCode = errDamaged; @@@@ -291,7 +291,7 @@@@ GBool XRef::readXRef(Guint *pos) { // table size if (first + n > size) { newSize = first + n; - if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { error(-1, "Invalid 'newSize'"); goto err2; } @@@@ -445,7 +445,7 @@@@ GBool XRef::constructXRef() { if (!strncmp(p, "obj", 3)) { if (num >= size) { newSize = (num + 1 + 255) & ~255; - if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { error(-1, "Invalid 'obj' parameters."); return gFalse; } @@@@ -470,7 +470,7 @@@@ GBool XRef::constructXRef() { } else if (!strncmp(p, "endstream", 9)) { if (streamEndsLen == streamEndsSize) { streamEndsSize += 64; - if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { + if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) { error(-1, "Invalid 'endstream' parameter."); return gFalse; } @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ @ 1.1.1.1 log @Common UNIX Printing System, a IPP 1.0 implementation. @ text @@