[cups/f20] Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels buffer overflow (STR #4551, bug #119

Mon Feb 16 16:13:55 UTC 2015

commit 3151287abe7a343971dab0d61262049c58db7b16
Author: Tim Waugh <twaugh at redhat.com>
Date:   Mon Feb 16 15:46:01 2015 +0000

    Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels buffer overflow (STR #4551, bug #1191591).
    
    Resolves: rhbz#1191591

 cups-str4551.patch |   43 +++++++++++++++++++++++++++++++++++++++++++
 cups.spec          |   10 +++++++++-
 2 files changed, 52 insertions(+), 1 deletions(-)
---

diff --git a/cups-str4551.patch b/cups-str4551.patch
new file mode 100644
index 0000000..f021361
--- /dev/null
+++ b/cups-str4551.patch
@@ -0,0 +1,43 @@
+diff -up cups-1.7.5/filter/raster.c.str4551 cups-1.7.5/filter/raster.c
+--- cups-1.7.5/filter/raster.c.str4551	2013-05-29 12:51:34.000000000 +0100
++++ cups-1.7.5/filter/raster.c	2015-02-16 15:43:14.790184784 +0000
+@@ -3,7 +3,7 @@
+  *
+  *   Raster file routines for CUPS.
+  *
+- *   Copyright 2007-2012 by Apple Inc.
++ *   Copyright 2007-2015 by Apple Inc.
+  *   Copyright 1997-2006 by Easy Software Products.
+  *
+  *   This file is part of the CUPS Imaging library.
+@@ -281,7 +281,10 @@ cupsRasterReadHeader(
+   */
+ 
+   if (!cups_raster_read_header(r))
++  {
++    memset(h, 0, sizeof(cups_page_header_t));
+     return (0);
++  }
+ 
+  /*
+   * Copy the header to the user-supplied buffer...
+@@ -310,7 +313,10 @@ cupsRasterReadHeader2(
+   */
+ 
+   if (!cups_raster_read_header(r))
++  {
++    memset(h, 0, sizeof(cups_page_header2_t));
+     return (0);
++  }
+ 
+  /*
+   * Copy the header to the user-supplied buffer...
+@@ -988,7 +994,7 @@ cups_raster_read_header(
+ 
+   cups_raster_update(r);
+ 
+-  return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0);
++  return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0 && (r->header.cupsBytesPerLine % r->bpp) == 0);
+ }
+ 
+ 
diff --git a/cups.spec b/cups.spec
index 2b91e38..a29f3ef 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 1.7.5
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2
 Url: http://www.cups.org/
 Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@@ -70,6 +70,7 @@ Patch40: cups-str2913.patch
 Patch41: cups-str4475.patch
 Patch42: cups-str4500.patch
 Patch43: cups-str4496.patch
+Patch44: cups-str4551.patch
 
 Patch100: cups-lspp.patch
 
@@ -269,6 +270,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 # Upstream fix for cupsd crash on restart when colord not available
 # (STR #4496).
 %patch43 -p1 -b .str4496
+# Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
+# buffer overflow (STR #4551, bug #1191591).
+%patch44 -p1 -b .str4551
 
 %if %lspp
 # LSPP support.
@@ -657,6 +661,10 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man5/ipptoolfile.5.gz
 
 %changelog
+* Mon Feb 16 2015 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-12
+- Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
+  buffer overflow (STR #4551, bug #1191591).
+
 * Wed Oct 22 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-11
 - Upstream fix for cupsd crash on restart when colord not available
 - (STR #4496).
