[Pkg-cups-devel] r21 - in cupsys/trunk/debian: . patches
Kenshi Muto
kmuto at costa.debian.org
Mon Aug 22 09:55:06 UTC 2005
Author: kmuto
Date: Mon Aug 22 09:55:05 2005
New Revision: 21
Added:
cupsys/trunk/debian/patches/38_pdftopscan.dpatch (contents, props changed)
Modified:
cupsys/trunk/debian/changelog
cupsys/trunk/debian/patches/00list
Log:
Add 38_pdftopscan (closes: #324459, #324460, #324464)
Modified: cupsys/trunk/debian/changelog
==============================================================================
--- cupsys/trunk/debian/changelog (original)
+++ cupsys/trunk/debian/changelog Mon Aug 22 09:55:05 2005
@@ -1,3 +1,14 @@
+cupsys (1.1.23-13) UNRELEASED; urgency=low
+
+ * 38_pdftopscan.dpatch: Apply CAN-2005-0064, CAN-2004-0888,
+ and CAN-2005-2097 patches. (closes: #324459, #324460, #324464)
+ Because Debian cupsys uses xpdf wrapper instead of forked pdftops,
+ users aren't affected these security problems.
+ This patch is just for users who want to create own pdftops from
+ source.
+
+ -- Kenshi Muto <kmuto at debian.org> Mon, 22 Aug 2005 18:50:26 +0900
+
cupsys (1.1.23-12) unstable; urgency=medium
* foomatic-rip may be treated as recommended tool.
Modified: cupsys/trunk/debian/patches/00list
==============================================================================
--- cupsys/trunk/debian/patches/00list (original)
+++ cupsys/trunk/debian/patches/00list Mon Aug 22 09:55:05 2005
@@ -17,6 +17,7 @@
30_invalidhtons.dpatch
33_jobsauthorize.dpatch
37_gfxfont.dpatch
+38_pdftopscan.dpatch
40_cycladeserial.dpatch
41_lppasswdnoexistingconf.dpatch
42_parallelbackend.dpatch
Added: cupsys/trunk/debian/patches/38_pdftopscan.dpatch
==============================================================================
--- (empty file)
+++ cupsys/trunk/debian/patches/38_pdftopscan.dpatch Mon Aug 22 09:55:05 2005
@@ -0,0 +1,123 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 38_pdftopscan.dpatch by Kenshi Muto <kmuto at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad cupsys-1.1.23/pdftops/Catalog.cxx /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/Catalog.cxx
+--- cupsys-1.1.23/pdftops/Catalog.cxx 2004-10-14 05:55:53.000000000 +0900
++++ /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/Catalog.cxx 2005-08-22 18:48:09.842803799 +0900
+@@ -64,8 +64,8 @@
+ }
+ pagesSize = numPages0 = (int)obj.getNum();
+ obj.free();
+- if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize ||
+- pagesSize*sizeof(Ref)/sizeof(Ref) != pagesSize) {
++ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize ||
++ pagesSize*(int)sizeof(Ref)/sizeof(Ref) != pagesSize) {
+ error(-1, "Invalid 'pagesSize'");
+ ok = gFalse;
+ return;
+@@ -197,7 +197,8 @@
+ }
+ if (start >= pagesSize) {
+ pagesSize += 32;
+- if (pagesSize*sizeof(Page *)/sizeof(Page *) != pagesSize) {
++ if (pagesSize*(int)sizeof(Page *)/sizeof(Page *) != pagesSize ||
++ pageSize*(int)sizeof(Ref)/sizeof(Ref) != pageSize) {
+ error(-1, "Invalid 'pagesSize' parameter.");
+ goto err3;
+ }
+diff -urNad cupsys-1.1.23/pdftops/Decrypt.cxx /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/Decrypt.cxx
+--- cupsys-1.1.23/pdftops/Decrypt.cxx 2004-02-03 07:41:09.000000000 +0900
++++ /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/Decrypt.cxx 2005-08-22 18:44:36.577653498 +0900
+@@ -130,13 +130,19 @@
+ Guchar *buf;
+ Guchar test[32];
+ Guchar fState[256];
+- Guchar tmpKey[16];
++ Guchar *tmpKey;
+ Guchar fx, fy;
+ int len, i, j;
+ GBool ok;
+
++ // check whether we have non-zero keyLength
++ if ( !keyLength || keyLength > 16 ) {
++ return gFalse;
++ }
++
+ // generate file key
+ buf = (Guchar *)gmalloc(68 + fileID->getLength());
++ tmpKey = (Guchar *)gmalloc(keyLength * sizeof(Guchar));
+ if (userPassword) {
+ len = userPassword->getLength();
+ if (len < 32) {
+@@ -189,6 +195,7 @@
+ ok = gFalse;
+ }
+
++ gfree(tmpKey);
+ gfree(buf);
+ return ok;
+ }
+diff -urNad cupsys-1.1.23/pdftops/FontFile.cxx /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/FontFile.cxx
+--- cupsys-1.1.23/pdftops/FontFile.cxx 2004-02-03 07:41:09.000000000 +0900
++++ /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/FontFile.cxx 2005-08-22 18:49:13.106082319 +0900
+@@ -18,6 +18,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <ctype.h>
++#include <error.h>
+ #include "gmem.h"
+ #include "GHash.h"
+ #include "Error.h"
+@@ -3572,6 +3573,9 @@
+ } else {
+ origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+ }
++
++ if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++ error (1, 0, "bad loca table pos value");
+ }
+ qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+ for (i = 0; i < nGlyphs; ++i) {
+diff -urNad cupsys-1.1.23/pdftops/XRef.cxx /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/XRef.cxx
+--- cupsys-1.1.23/pdftops/XRef.cxx 2004-10-14 05:55:53.000000000 +0900
++++ /tmp/dpep.xKKQqh/cupsys-1.1.23/pdftops/XRef.cxx 2005-08-22 18:46:12.770824893 +0900
+@@ -76,7 +76,7 @@
+
+ // trailer is ok - read the xref table
+ } else {
+- if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++ if (size*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
+ error(-1, "Invalid 'size' inside xref table.");
+ ok = gFalse;
+ errCode = errDamaged;
+@@ -291,7 +291,7 @@
+ // table size
+ if (first + n > size) {
+ newSize = first + n;
+- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+ error(-1, "Invalid 'newSize'");
+ goto err2;
+ }
+@@ -445,7 +445,7 @@
+ if (!strncmp(p, "obj", 3)) {
+ if (num >= size) {
+ newSize = (num + 1 + 255) & ~255;
+- if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++ if (newSize*(int)sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
+ error(-1, "Invalid 'obj' parameters.");
+ return gFalse;
+ }
+@@ -470,7 +470,7 @@
+ } else if (!strncmp(p, "endstream", 9)) {
+ if (streamEndsLen == streamEndsSize) {
+ streamEndsSize += 64;
+- if (streamEndsSize*sizeof(int)/sizeof(int) != streamEndsSize) {
++ if (streamEndsSize*(int)sizeof(int)/sizeof(int) != streamEndsSize) {
+ error(-1, "Invalid 'endstream' parameter.");
+ return gFalse;
+ }
More information about the Pkg-cups-devel
mailing list