aboutsummaryrefslogtreecommitdiffstats
path: root/print/cups-base
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2007-07-31 21:27:00 +0800
committermiwi <miwi@FreeBSD.org>2007-07-31 21:27:00 +0800
commit48247561788bc2ac4f3704847ba5ba3246cc5cd9 (patch)
treefcd1981d5b014b024887909b79a1ed2a90b26b79 /print/cups-base
parent6882c321074be50c196ffccad0d467a826b877ae (diff)
downloadfreebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.tar.gz
freebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.tar.zst
freebsd-ports-gnome-48247561788bc2ac4f3704847ba5ba3246cc5cd9.zip
- Fix buffer overflow vulnerability.
- Bump PORTREVISION Approved by: simon (secteam) Security: http://www.vuxml.org/freebsd/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html
Diffstat (limited to 'print/cups-base')
-rw-r--r--print/cups-base/Makefile2
-rw-r--r--print/cups-base/files/patch-CVE-2007-338723
2 files changed, 24 insertions, 1 deletions
diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile
index 2610d198b976..8211254ce05f 100644
--- a/print/cups-base/Makefile
+++ b/print/cups-base/Makefile
@@ -7,7 +7,7 @@
PORTNAME= cups
PORTVERSION= 1.2.11
-PORTREVISION= 2
+PORTREVISION= 3
DISTVERSIONSUFFIX= -source
CATEGORIES= print
MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION}
diff --git a/print/cups-base/files/patch-CVE-2007-3387 b/print/cups-base/files/patch-CVE-2007-3387
new file mode 100644
index 000000000000..91710dba6195
--- /dev/null
+++ b/print/cups-base/files/patch-CVE-2007-3387
@@ -0,0 +1,23 @@
+--- pdftops/Stream.cxx.orig 2006-02-13 04:08:11.000000000 +0100
++++ pdftops/Stream.cxx 2007-07-31 15:05:53.000000000 +0200
+@@ -411,15 +411,13 @@
+ ok = gFalse;
+
+ nVals = width * nComps;
+- if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+- nComps >= INT_MAX / nBits ||
+- width >= INT_MAX / nComps / nBits ||
+- nVals * nBits + 7 < 0) {
+- return;
+- }
+ pixBytes = (nComps * nBits + 7) >> 3;
+ rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+- if (rowBytes <= 0) {
++ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++ nComps > gfxColorMaxComps ||
++ nBits > 16 ||
++ width >= INT_MAX / nComps || // check for overflow in nVals
++ nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
+ return;
+ }
+ predLine = (Guchar *)gmalloc(rowBytes);