OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=52

2008-11-28 15:23:12 +00:00 · 2008-11-28 15:23:12 +00:00 · de1d0c1961
commit de1d0c1961
parent daa765de20
4 changed files with 96 additions and 2 deletions
--- a/cups-1.3.9-filter_png_overflow2.patch
+++ b/cups-1.3.9-filter_png_overflow2.patch
@ -0,0 +1,20 @@
+--- cups-1.3.9/filter/image-png.c.orig	2008-07-12 00:48:49.000000000 +0200
+++ cups-1.3.9/filter/image-png.c	2008-11-25 16:38:13.000000000 +0100
+@@ -178,7 +178,7 @@ _cupsImageReadPNG(
+     {
+       bufsize = img->xsize * img->ysize;
+ 
+-      if ((bufsize / img->ysize) != img->xsize)
+      if ((bufsize / img->xsize) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);
+@@ -190,7 +190,7 @@ _cupsImageReadPNG(
+     {
+       bufsize = img->xsize * img->ysize * 3;
+ 
+-      if ((bufsize / (img->ysize * 3)) != img->xsize)
+      if ((bufsize / (img->xsize * 3)) != img->ysize)
+       {
+ 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ 		(unsigned)width, (unsigned)height);
--- a/cups-1.3.9-hpgltops2.patch
+++ b/cups-1.3.9-hpgltops2.patch
@ -0,0 +1,54 @@
+--- cups-1.3.9/filter/hpgl-attr.c.orig	2008-10-09 22:12:03.000000000 +0200
+++ cups-1.3.9/filter/hpgl-attr.c	2008-11-25 16:40:42.000000000 +0100
+@@ -214,7 +214,7 @@ NP_number_pens(int     num_params,	/* I
+             "DEBUG: HP-GL/2 \'NP\' command with invalid number of "
+ 	    "parameters (%d)!\n", num_params);
+ 
+-  for (i = 0; i <= PenCount; i ++)
+  for (i = 0; i < PenCount; i ++)
+     Pens[i].width = PenWidth;
+ 
+   PC_pen_color(0, NULL);
+@@ -232,14 +232,14 @@ PC_pen_color(int     num_params,	/* I -
+   int		i;			/* Looping var */
+   static float	standard_colors[8][3] =	/* Standard colors for first 8 pens */
+ 		{
+-		  { 1.0, 1.0, 1.0 },	/* White */
+ 		  { 0.0, 0.0, 0.0 },	/* Black */
+ 		  { 1.0, 0.0, 0.0 },	/* Red */
+ 		  { 0.0, 1.0, 0.0 },	/* Green */
+ 		  { 1.0, 1.0, 0.0 },	/* Yellow */
+ 		  { 0.0, 0.0, 1.0 },	/* Blue */
+ 		  { 1.0, 0.0, 1.0 },	/* Magenta */
+-		  { 0.0, 1.0, 1.0 }	/* Cyan */
+		  { 0.0, 1.0, 1.0 },	/* Cyan */
+		  { 1.0, 1.0, 1.0 }	/* White */
+ 		};
+ 
+ 
+--- cups-1.3.9/filter/hpgl-vector.c.orig	2008-07-12 00:48:49.000000000 +0200
+++ cups-1.3.9/filter/hpgl-vector.c	2008-11-25 16:40:42.000000000 +0100
+@@ -393,13 +393,20 @@ PE_polyline_encoded(int     num_params,
+           break;
+       case ':' :	/* Select pen */
+           s ++;
+-          PenNumber = (int)decode_number(&s, base_bits, 1.0);
+          temp = (int)decode_number(&s, base_bits, 1.0) - 1;
+	  if (temp < 0 || temp >= PenCount)
+	  {
+	    fprintf(stderr, "DEBUG: Bad pen number %d in PE\n", temp + 1);
+	    return;
+	  }
+
+          PenNumber = temp;
+ 
+ #ifdef DEBUG
+-          fprintf(stderr, "DEBUG:     set pen #%d\n", PenNumber);
+          fprintf(stderr, "DEBUG:     set pen #%d\n", PenNumber + 1);
+ #endif /* DEBUG */
+ 
+-          Outputf("%% PE: set pen #%d\n", PenNumber);
+          Outputf("%% PE: set pen #%d\n", PenNumber + 1);
+ 
+ 	  if (PageDirty)
+ 	    printf("%.3f %.3f %.3f %.2f SP\n", Pens[PenNumber].rgb[0],
--- a/cups.changes
+++ b/cups.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Nov 28 16:09:12 CET 2008 - kssingvo@suse.de
+
+- fixed permission of snmp.conf (bnc#449570)
+
+-------------------------------------------------------------------
+Tue Nov 25 16:50:12 CET 2008 - kssingvo@suse.de
+
+- fix for png size validation CVE-2008-??? (bnc#448631)
+- correction for hpgl pen selection fix CVE-2008-3641 (bnc#430543)
+
 -------------------------------------------------------------------
 Thu Nov 20 15:05:36 CET 2008 - kssingvo@suse.de

--- a/cups.spec
+++ b/cups.spec
@ -30,7 +30,7 @@ License:        GPL v2 or later
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.9
-Release:        5
+Release:        6
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux /usr/bin/pdftops
@ -83,6 +83,8 @@ Patch21:        cups-1.3.7-lppasswd_fixperm.patch
 Patch22:        cups-1.3.7-additional_policies.patch
 Patch23:        cups-1.3.9-cupstestppd.patch
 Patch24:        cups-1.3.9-max_subscription.patch
+Patch25:        cups-1.3.9-filter_png_overflow2.patch
+Patch26:        cups-1.3.9-hpgltops2.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -194,6 +196,8 @@ mv pdftops pdftos.use_filter_pdftops_c
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
+%patch25 -p1
+%patch26 -p1
 if [ -f /.buildenv ]; then
 	. /.buildenv
 	test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"
@ -359,12 +363,12 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
 %dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl
 %dir %attr(755,root,lp) %{_sysconfdir}/cups/ppd
 %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf
+%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/snmp.conf
 %{_sysconfdir}/cups/cupsd.conf.default
 %{_sysconfdir}/dbus-1/system.d/cups.conf
 %config(noreplace) %attr(755,lp,lp) %{_sysconfdir}/cups/interfaces
 %config(noreplace) %{_sysconfdir}/cups/mime.*
 %config(noreplace) %{_sysconfdir}/xinetd.d/cups-lpd
-%config(noreplace) %{_sysconfdir}/cups/snmp.conf
 %{_bindir}/poll_ppd_base
 %{_bindir}/cupstestppd
 %{_bindir}/cupstestdsc
@ -447,6 +451,11 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
 %{_datadir}/locale/*/cups_*

 %changelog
+* Fri Nov 28 2008 kssingvo@suse.de
+- fixed permission of snmp.conf (bnc#449570)
+* Tue Nov 25 2008 kssingvo@suse.de
+- fix for png size validation CVE-2008-??? (bnc#448631)
+- correction for hpgl pen selection fix CVE-2008-3641 (bnc#430543)
 * Thu Nov 20 2008 kssingvo@suse.de
 - fixed rss subscription issue (bnc#446975)
 * Tue Nov 04 2008 kssingvo@suse.de