diff options
| author | drochner <drochner@pkgsrc.org> | 2005-03-02 18:33:02 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2005-03-02 18:33:02 +0000 |
| commit | d8e8761d60a97532f30ffb1edd280929b575e6c7 (patch) | |
| tree | 5ddd578985ad50c312c47c69faa33b8596d837e2 | |
| parent | 801d5a6cc816a972248b58478ac084e00387fffe (diff) | |
| download | pkgsrc-d8e8761d60a97532f30ffb1edd280929b575e6c7.tar.gz | |
Fix CAN-2005-0206:
An overflow check introduced earlier (for CAN-2004-0888) was never
triggered on 64-bit systems because 64-bit arithmetics was used there.
Sprinkle some casts to int su that the overflow can happen.
This fix is similar to the redhat one. The fix for similar code
in print/teTeX-bin looks much cleaner, but since cups already contains
the wrong redhad fix, I've chosen to stay close to the original.
bump PKGREVISION
| -rw-r--r-- | print/cups/Makefile | 4 | ||||
| -rw-r--r-- | print/cups/distinfo | 5 | ||||
| -rw-r--r-- | print/cups/patches/patch-au | 38 | ||||
| -rw-r--r-- | print/cups/patches/patch-av | 25 |
4 files changed, 67 insertions, 5 deletions
diff --git a/print/cups/Makefile b/print/cups/Makefile index aaf5e33bac5..336d357b548 100644 --- a/print/cups/Makefile +++ b/print/cups/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.89 2005/02/07 11:35:46 jlam Exp $ +# $NetBSD: Makefile,v 1.90 2005/03/02 18:33:02 drochner Exp $ # # The CUPS author is very good about taking back changes into the main # CUPS distribution. The correct place to send patches or bug-fixes is: @@ -6,7 +6,7 @@ DISTNAME= cups-${DIST_VERS}-source PKGNAME= cups-${VERS} -PKGREVISION= 1 +PKGREVISION= 2 BASE_VERS= 1.1.23 DIST_VERS= ${BASE_VERS} VERS= ${DIST_VERS:S/-/./g} diff --git a/print/cups/distinfo b/print/cups/distinfo index 9cfa270b7c2..4ac88e4fae7 100644 --- a/print/cups/distinfo +++ b/print/cups/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.30 2005/02/24 12:51:42 agc Exp $ +$NetBSD: distinfo,v 1.31 2005/03/02 18:33:02 drochner Exp $ SHA1 (cups-1.1.23-source.tar.bz2) = 32d5bfb44c4edc1b54ccb014b5a44499295c6c5c RMD160 (cups-1.1.23-source.tar.bz2) = 255ec4c22422b14f2367d69f3ec7e590dc46bea5 @@ -9,4 +9,5 @@ SHA1 (patch-ad) = 166749eb9fc7b4b20e123d81cd3b2cf96db27677 SHA1 (patch-an) = de699800471069b1521ab2ba7194df445fb75892 SHA1 (patch-ao) = c4c8f833cf4a09a686a338df6c209cebec36c6ef SHA1 (patch-at) = aa36ec591164675b889d2cf32e4d754e9b6db94f -SHA1 (patch-au) = 48d63140a54ff4b5af4216cfe6454adef4b66781 +SHA1 (patch-au) = ab43911c1b27b250a257c67d1d34066237e4da98 +SHA1 (patch-av) = 33437f71e0b6443b172246f1962f9d2eebbd8f11 diff --git a/print/cups/patches/patch-au b/print/cups/patches/patch-au index de9ed1624a4..491e5947146 100644 --- a/print/cups/patches/patch-au +++ b/print/cups/patches/patch-au @@ -1,7 +1,43 @@ -$NetBSD: patch-au,v 1.3 2005/01/19 11:03:23 drochner Exp $ +$NetBSD: patch-au,v 1.4 2005/03/02 18:33:02 drochner Exp $ --- pdftops/XRef.cxx.orig 2004-10-13 22:55:53.000000000 +0200 +++ pdftops/XRef.cxx +@@ -76,7 +76,7 @@ XRef::XRef(BaseStream *strA, GString *ow + + // trailer is ok - read the xref table + } else { +- if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) { ++ if (size*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != size) { + error(-1, "Invalid 'size' inside xref table."); + ok = gFalse; + errCode = errDamaged; +@@ -291,7 +291,7 @@ GBool XRef::readXRef(Guint *pos) { + // table size + if (first + n > size) { + newSize = first + n; +- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + error(-1, "Invalid 'newSize'"); + goto err2; + } +@@ -445,7 +445,7 @@ GBool XRef::constructXRef() { + if (!strncmp(p, "obj", 3)) { + if (num >= size) { + newSize = (num + 1 + 255) & ~255; +- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { ++ if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) { + error(-1, "Invalid 'obj' parameters."); + return gFalse; + } +@@ -470,7 +470,7 @@ GBool XRef::constructXRef() { + } else if (!strncmp(p, "endstream", 9)) { + if (streamEndsLen == streamEndsSize) { + streamEndsSize += 64; +- if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) { ++ if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) { + error(-1, "Invalid 'endstream' parameter."); + return gFalse; + } @@ -527,6 +527,9 @@ GBool XRef::checkEncrypted(GString *owne } else { keyLength = 5; diff --git a/print/cups/patches/patch-av b/print/cups/patches/patch-av new file mode 100644 index 00000000000..a0f6580b1ee --- /dev/null +++ b/print/cups/patches/patch-av @@ -0,0 +1,25 @@ +$NetBSD: patch-av,v 1.3 2005/03/02 18:33:02 drochner Exp $ + +--- pdftops/Catalog.cxx.orig 2005-03-01 15:38:37.000000000 +0100 ++++ pdftops/Catalog.cxx +@@ -64,8 +64,8 @@ Catalog::Catalog(XRef *xrefA) { + } + pagesSize = numPages0 = (int)obj.getNum(); + obj.free(); +- if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize || +- pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) { ++ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { + error(-1, "Invalid 'pagesSize'"); + ok = gFalse; + return; +@@ -197,7 +197,8 @@ int Catalog::readPageTree(Dict *pagesDic + } + if (start >= pagesSize) { + pagesSize += 32; +- if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize) { ++ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize || ++ pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) { + error(-1, "Invalid 'pagesSize' parameter."); + goto err3; + } |