rpms/cups/F-8 cups-CVE-2008-1722.patch, NONE, 1.1 cups.spec, 1.391, 1.392
Tim Waugh (twaugh)
fedora-extras-commits at redhat.com
Fri May 9 10:41:38 UTC 2008
- Previous message (by thread): rpms/squid/devel squid-3.0.STABLE5-configure_netfilter.patch, NONE, 1.1 squid.spec, 1.98, 1.99
- Next message (by thread): rpms/rsh/F-9 netkit-rsh-0.17-arg_max.patch, 1.1, 1.2 netkit-rsh-0.17-audit.patch, 1.2, 1.3 rlogin.pam, 1.6, 1.7 rsh.pam, 1.6, 1.7 rsh.spec, 1.45, 1.46
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: twaugh
Update of /cvs/pkgs/rpms/cups/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10887
Modified Files:
cups.spec
Added Files:
cups-CVE-2008-1722.patch
Log Message:
* Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-2
- Applied patch to fix CVE-2008-1722 (integer overflow in image filter,
bug #441692, STR #2790).
cups-CVE-2008-1722.patch:
--- NEW FILE cups-CVE-2008-1722.patch ---
diff -up cups-1.3.7/filter/image-png.c.CVE-2008-1722 cups-1.3.7/filter/image-png.c
--- cups-1.3.7/filter/image-png.c.CVE-2008-1722 2007-07-11 22:46:42.000000000 +0100
+++ cups-1.3.7/filter/image-png.c 2008-05-09 11:39:39.000000000 +0100
@@ -3,7 +3,7 @@
*
* PNG image routines for the Common UNIX Printing System (CUPS).
*
- * Copyright 2007 by Apple Inc.
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1993-2007 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
@@ -170,16 +170,56 @@ _cupsImageReadPNG(
* Interlaced images must be loaded all at once...
*/
+ size_t bufsize; /* Size of buffer */
+
+
if (color_type == PNG_COLOR_TYPE_GRAY ||
color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
- in = malloc(img->xsize * img->ysize);
+ {
+ bufsize = img->xsize * img->ysize;
+
+ if ((bufsize / img->ysize) != img->xsize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)img->xsize, (unsigned)img->ysize);
+ fclose(fp);
+ return (1);
+ }
+ }
else
- in = malloc(img->xsize * img->ysize * 3);
+ {
+ bufsize = img->xsize * img->ysize * 3;
+
+ if ((bufsize / (img->ysize * 3)) != img->xsize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)img->xsize, (unsigned)img->ysize);
+ fclose(fp);
+ return (1);
+ }
+ }
+
+ in = malloc(bufsize);
}
bpp = cupsImageGetDepth(img);
out = malloc(img->xsize * bpp);
+ if (!in || !out)
+ {
+ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);
+
+ if (in)
+ free(in);
+
+ if (out)
+ free(out);
+
+ fclose(fp);
+
+ return (1);
+ }
+
/*
* Read the image, interlacing as needed...
*/
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-8/cups.spec,v
retrieving revision 1.391
retrieving revision 1.392
diff -u -r1.391 -r1.392
--- cups.spec 2 May 2008 07:12:05 -0000 1.391
+++ cups.spec 9 May 2008 10:40:59 -0000 1.392
@@ -6,7 +6,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}-source.tar.bz2
@@ -47,6 +47,7 @@
Patch22: cups-strict-ppd-line-length.patch
Patch25: cups-usb-paperout.patch
Patch29: cups-CVE-2008-1373.patch
+Patch30: cups-CVE-2008-1722.patch
Patch100: cups-lspp.patch
Epoch: 1
Url: http://www.cups.org/
@@ -161,6 +162,7 @@
%patch22 -p1 -b .strict-ppd-line-length
%patch25 -p1 -b .usb-paperout
%patch29 -p1 -b .CVE-2008-1373
+%patch30 -p1 -b .CVE-2008-1722
%if %lspp
%patch100 -p1 -b .lspp
@@ -453,6 +455,10 @@
%{cups_serverbin}/daemon/cups-lpd
%changelog
+* Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.3.7-2
+- Applied patch to fix CVE-2008-1722 (integer overflow in image filter,
+ bug #441692, STR #2790).
+
* Fri May 2 2008 Tim Waugh <twaugh at redhat.com>
- Include the hostname in the charset error (part of bug #441719).
- Previous message (by thread): rpms/squid/devel squid-3.0.STABLE5-configure_netfilter.patch, NONE, 1.1 squid.spec, 1.98, 1.99
- Next message (by thread): rpms/rsh/F-9 netkit-rsh-0.17-arg_max.patch, 1.1, 1.2 netkit-rsh-0.17-audit.patch, 1.2, 1.3 rlogin.pam, 1.6, 1.7 rsh.pam, 1.6, 1.7 rsh.spec, 1.45, 1.46
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list