diff options
author | miwi <miwi@FreeBSD.org> | 2007-07-31 21:27:00 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2007-07-31 21:27:00 +0800 |
commit | 48247561788bc2ac4f3704847ba5ba3246cc5cd9 (patch) | |
tree | fcd1981d5b014b024887909b79a1ed2a90b26b79 /print/cups-base | |
parent | 6882c321074be50c196ffccad0d467a826b877ae (diff) | |
download | freebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.tar.gz freebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.tar.zst freebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.zip |
- Fix buffer overflow vulnerability.
- Bump PORTREVISION
Approved by: simon (secteam)
Security: http://www.vuxml.org/freebsd/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html
Diffstat (limited to 'print/cups-base')
-rw-r--r-- | print/cups-base/Makefile | 2 | ||||
-rw-r--r-- | print/cups-base/files/patch-CVE-2007-3387 | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile index 2610d198b976..8211254ce05f 100644 --- a/print/cups-base/Makefile +++ b/print/cups-base/Makefile @@ -7,7 +7,7 @@ PORTNAME= cups PORTVERSION= 1.2.11 -PORTREVISION= 2 +PORTREVISION= 3 DISTVERSIONSUFFIX= -source CATEGORIES= print MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION} diff --git a/print/cups-base/files/patch-CVE-2007-3387 b/print/cups-base/files/patch-CVE-2007-3387 new file mode 100644 index 000000000000..91710dba6195 --- /dev/null +++ b/print/cups-base/files/patch-CVE-2007-3387 @@ -0,0 +1,23 @@ +--- pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100 ++++ pdftops/Stream.cxx 2007-07-31 15:05:53.000000000 +0200 +@@ -411,15 +411,13 @@ + ok = gFalse; + + nVals = width * nComps; +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits || +- nVals * nBits + 7 < 0) { +- return; +- } + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; +- if (rowBytes <= 0) { ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || ++ nBits > 16 || ++ width >= INT_MAX / nComps || // check for overflow in nVals ++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes + return; + } + predLine = (Guchar *)gmalloc(rowBytes); |