[cups/f21] Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels buffer overflow (STR #4551, bug #119
Tim Waugh
twaugh at fedoraproject.org
Mon Feb 16 16:14:18 UTC 2015
commit df0060ea0ec0216d5d655b0fa75ba6093d4ed141
Author: Tim Waugh <twaugh at redhat.com>
Date: Mon Feb 16 15:46:01 2015 +0000
Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels buffer overflow (STR #4551, bug #1191591).
Resolves: rhbz#1191591
cups-str4551.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
cups.spec | 10 +++++++++-
2 files changed, 52 insertions(+), 1 deletions(-)
---
diff --git a/cups-str4551.patch b/cups-str4551.patch
new file mode 100644
index 0000000..f021361
--- /dev/null
+++ b/cups-str4551.patch
@@ -0,0 +1,43 @@
+diff -up cups-1.7.5/filter/raster.c.str4551 cups-1.7.5/filter/raster.c
+--- cups-1.7.5/filter/raster.c.str4551 2013-05-29 12:51:34.000000000 +0100
++++ cups-1.7.5/filter/raster.c 2015-02-16 15:43:14.790184784 +0000
+@@ -3,7 +3,7 @@
+ *
+ * Raster file routines for CUPS.
+ *
+- * Copyright 2007-2012 by Apple Inc.
++ * Copyright 2007-2015 by Apple Inc.
+ * Copyright 1997-2006 by Easy Software Products.
+ *
+ * This file is part of the CUPS Imaging library.
+@@ -281,7 +281,10 @@ cupsRasterReadHeader(
+ */
+
+ if (!cups_raster_read_header(r))
++ {
++ memset(h, 0, sizeof(cups_page_header_t));
+ return (0);
++ }
+
+ /*
+ * Copy the header to the user-supplied buffer...
+@@ -310,7 +313,10 @@ cupsRasterReadHeader2(
+ */
+
+ if (!cups_raster_read_header(r))
++ {
++ memset(h, 0, sizeof(cups_page_header2_t));
+ return (0);
++ }
+
+ /*
+ * Copy the header to the user-supplied buffer...
+@@ -988,7 +994,7 @@ cups_raster_read_header(
+
+ cups_raster_update(r);
+
+- return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0);
++ return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0 && (r->header.cupsBytesPerLine % r->bpp) == 0);
+ }
+
+
diff --git a/cups.spec b/cups.spec
index 48bf810..11b2d50 100644
--- a/cups.spec
+++ b/cups.spec
@@ -11,7 +11,7 @@ Summary: CUPS printing system
Name: cups
Epoch: 1
Version: 1.7.5
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2
Url: http://www.cups.org/
Source: http://www.cups.org/software/%{version}/cups-%{version}-source.tar.bz2
@@ -70,6 +70,7 @@ Patch40: cups-str2913.patch
Patch41: cups-str4475.patch
Patch42: cups-str4500.patch
Patch43: cups-str4496.patch
+Patch44: cups-str4551.patch
Patch100: cups-lspp.patch
@@ -281,6 +282,9 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
# Upstream fix for cupsd crash on restart when colord not available
# (STR #4496).
%patch43 -p1 -b .str4496
+# Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
+# buffer overflow (STR #4551, bug #1191591).
+%patch44 -p1 -b .str4551
%if %lspp
# LSPP support.
@@ -688,6 +692,10 @@ rm -f %{cups_serverbin}/backend/smb
%{_mandir}/man5/ipptoolfile.5.gz
%changelog
+* Mon Feb 16 2015 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-15
+- Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
+ buffer overflow (STR #4551, bug #1191591).
+
* Thu Nov 6 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-14
- Fixed some warnings in cups-lspp.patch.
- New systemd journal fields CUPS_DEST and CUPS_PRINTER, as well as
More information about the scm-commits
mailing list