pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/print/cups Security fix for CAN-2005-2097.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/31dc35434499
branches:  trunk
changeset: 498047:31dc35434499
user:      salo <salo%pkgsrc.org@localhost>
date:      Wed Aug 10 23:37:08 2005 +0000

description:
Security fix for CAN-2005-2097.

"A vulnerability has been reported in CUPS, which can be exploited by malicious
people to cause a DoS (Denial of Service) on a vulnerable system.

When processing a PDF file, bounds checking was not correctly performed on
some fields. This could cause the pdftops filter (running as user "lp") to
crash."

http://secunia.com/advisories/16380/
http://rhn.redhat.com/errata/RHSA-2005-706.html

Patch from RedHat.

diffstat:

 print/cups/Makefile         |   4 ++--
 print/cups/buildlink3.mk    |   4 ++--
 print/cups/distinfo         |   3 ++-
 print/cups/patches/patch-aw |  24 ++++++++++++++++++++++++
 4 files changed, 30 insertions(+), 5 deletions(-)

diffs (78 lines):

diff -r 1a66e67c00b4 -r 31dc35434499 print/cups/Makefile
--- a/print/cups/Makefile       Wed Aug 10 22:57:24 2005 +0000
+++ b/print/cups/Makefile       Wed Aug 10 23:37:08 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.94 2005/06/01 20:08:01 jlam Exp $
+# $NetBSD: Makefile,v 1.95 2005/08/10 23:37:08 salo Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -6,7 +6,7 @@
 
 DISTNAME=      cups-${DIST_VERS}-source
 PKGNAME=       cups-${VERS}
-PKGREVISION=   2
+PKGREVISION=   3
 BASE_VERS=     1.1.23
 DIST_VERS=     ${BASE_VERS}
 VERS=          ${DIST_VERS:S/-/./g}
diff -r 1a66e67c00b4 -r 31dc35434499 print/cups/buildlink3.mk
--- a/print/cups/buildlink3.mk  Wed Aug 10 22:57:24 2005 +0000
+++ b/print/cups/buildlink3.mk  Wed Aug 10 23:37:08 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.12 2005/01/11 00:09:21 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.13 2005/08/10 23:37:08 salo Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 CUPS_BUILDLINK3_MK:=   ${CUPS_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(CUPS_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.cups+=       cups>=1.1.19nb3
-BUILDLINK_RECOMMENDED.cups+=   cups>=1.1.23
+BUILDLINK_RECOMMENDED.cups+=   cups>=1.1.23nb3
 BUILDLINK_PKGSRCDIR.cups?=     ../../print/cups
 .endif # CUPS_BUILDLINK3_MK
 
diff -r 1a66e67c00b4 -r 31dc35434499 print/cups/distinfo
--- a/print/cups/distinfo       Wed Aug 10 22:57:24 2005 +0000
+++ b/print/cups/distinfo       Wed Aug 10 23:37:08 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2005/03/02 18:33:02 drochner Exp $
+$NetBSD: distinfo,v 1.32 2005/08/10 23:37:08 salo Exp $
 
 SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c
 RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5
@@ -11,3 +11,4 @@
 SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f
 SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98
 SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11
+SHA1 (patch-aw) = fbfe7c89952b5aadd48ee84b7d0502fa4e280870
diff -r 1a66e67c00b4 -r 31dc35434499 print/cups/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/cups/patches/patch-aw       Wed Aug 10 23:37:08 2005 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aw,v 1.3 2005/08/10 23:37:08 salo Exp $
+
+Fix for CAN-2005-2097, from RedHat.
+
+--- pdftops/FontFile.cxx.orig  2004-02-02 23:41:09.000000000 +0100
++++ pdftops/FontFile.cxx       2005-08-10 22:30:54.000000000 +0200
+@@ -18,6 +18,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <ctype.h>
++#include <error.h>
+ #include "gmem.h"
+ #include "GHash.h"
+ #include "Error.h"
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error (1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {



Home | Main Index | Thread Index | Old Index