commit cups for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package cups for openSUSE:Factory checked in at Thu Apr 23 21:15:01 CEST 2009. -------- --- cups/cups.changes 2009-01-21 14:17:28.000000000 +0100 +++ cups/cups.changes 2009-03-26 13:05:29.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Mar 26 12:59:36 CET 2009 - jsmeix@suse.de + +- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow + in the "_cupsImageReadTIFF()" function CVE-2009-0163 + (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- cups-1.3.9-cupsImageReadTiff.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.PO3522/_old 2009-04-23 21:09:40.000000000 +0200 +++ /var/tmp/diff_new_pack.PO3522/_new 2009-04-23 21:09:40.000000000 +0200 @@ -30,7 +30,7 @@ Group: Hardware/Printing Summary: The Common UNIX Printing System Version: 1.3.9 -Release: 10 +Release: 11 Requires: cups-libs = %{version}, cups-client = %{version} Requires: ghostscript_any, ghostscript-fonts-std, foomatic-filters Requires: util-linux /usr/bin/pdftops @@ -85,6 +85,9 @@ Patch24: cups-1.3.9-max_subscription.patch Patch25: cups-1.3.9-filter_png_overflow2.patch Patch26: cups-1.3.9-hpgltops2.patch +# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function, +# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895): +Patch27: cups-1.3.9-cupsImageReadTiff.patch Patch100: cups-1.1.23-testpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -200,6 +203,9 @@ %patch24 -p1 %patch25 -p1 %patch26 -p1 +# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function, +# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895): +%patch27 if [ -f /.buildenv ]; then . /.buildenv test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}" @@ -454,6 +460,10 @@ %{_datadir}/locale/*/cups_* %changelog +* Thu Mar 26 2009 jsmeix@suse.de +- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow + in the "_cupsImageReadTIFF()" function CVE-2009-0163 + (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895). * Wed Jan 21 2009 kssingvo@suse.de - added directory %%{libdir}/cups/driver to %%files of cups (bnc#465794) * Wed Jan 14 2009 olh@suse.de ++++++ cups-1.3.9-cupsImageReadTiff.patch ++++++ Index: filter/image-private.h =================================================================== --- filter/image-private.h (revision 8153) +++ filter/image-private.h (working copy) @@ -40,8 +40,8 @@ # define CUPS_IMAGE_MAX_WIDTH 0x07ffffff /* 2^27-1 to allow for 15-channel data */ -# define CUPS_IMAGE_MAX_HEIGHT 0x7fffffff - /* 2^31-1 */ +# define CUPS_IMAGE_MAX_HEIGHT 0x3fffffff + /* 2^30-1 */ # define CUPS_TILE_SIZE 256 /* 256x256 pixel tiles */ # define CUPS_TILE_MINIMUM 10 /* Minimum number of tiles */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de