Hello community, here is the log from the commit of package cups checked in at Fri Nov 28 16:23:08 CET 2008. -------- --- cups/cups.changes 2008-11-20 15:06:04.000000000 +0100 +++ cups/cups.changes 2008-11-28 16:09:18.842733000 +0100 @@ -1,0 +2,11 @@ +Fri Nov 28 16:09:12 CET 2008 - kssingvo@suse.de + +- fixed permission of snmp.conf (bnc#449570) + +------------------------------------------------------------------- +Tue Nov 25 16:50:12 CET 2008 - kssingvo@suse.de + +- fix for png size validation CVE-2008-??? (bnc#448631) +- correction for hpgl pen selection fix CVE-2008-3641 (bnc#430543) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- cups-1.3.9-filter_png_overflow2.patch cups-1.3.9-hpgltops2.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cups.spec ++++++ --- /var/tmp/diff_new_pack.Me7543/_old 2008-11-28 16:22:37.000000000 +0100 +++ /var/tmp/diff_new_pack.Me7543/_new 2008-11-28 16:22:37.000000000 +0100 @@ -30,7 +30,7 @@ Group: Hardware/Printing Summary: The Common UNIX Printing System Version: 1.3.9 -Release: 5 +Release: 6 Requires: cups-libs = %{version}, cups-client = %{version} Requires: ghostscript_any, ghostscript-fonts-std, foomatic-filters Requires: util-linux /usr/bin/pdftops @@ -83,6 +83,8 @@ Patch22: cups-1.3.7-additional_policies.patch Patch23: cups-1.3.9-cupstestppd.patch Patch24: cups-1.3.9-max_subscription.patch +Patch25: cups-1.3.9-filter_png_overflow2.patch +Patch26: cups-1.3.9-hpgltops2.patch Patch100: cups-1.1.23-testpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -194,6 +196,8 @@ %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 +%patch26 -p1 if [ -f /.buildenv ]; then . /.buildenv test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}" @@ -359,12 +363,12 @@ %dir %attr(700,root,lp) %{_sysconfdir}/cups/ssl %dir %attr(755,root,lp) %{_sysconfdir}/cups/ppd %config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/cupsd.conf +%config(noreplace) %attr(640,root,lp) %{_sysconfdir}/cups/snmp.conf %{_sysconfdir}/cups/cupsd.conf.default %{_sysconfdir}/dbus-1/system.d/cups.conf %config(noreplace) %attr(755,lp,lp) %{_sysconfdir}/cups/interfaces %config(noreplace) %{_sysconfdir}/cups/mime.* %config(noreplace) %{_sysconfdir}/xinetd.d/cups-lpd -%config(noreplace) %{_sysconfdir}/cups/snmp.conf %{_bindir}/poll_ppd_base %{_bindir}/cupstestppd %{_bindir}/cupstestdsc @@ -447,6 +451,11 @@ %{_datadir}/locale/*/cups_* %changelog +* Fri Nov 28 2008 kssingvo@suse.de +- fixed permission of snmp.conf (bnc#449570) +* Tue Nov 25 2008 kssingvo@suse.de +- fix for png size validation CVE-2008-??? (bnc#448631) +- correction for hpgl pen selection fix CVE-2008-3641 (bnc#430543) * Thu Nov 20 2008 kssingvo@suse.de - fixed rss subscription issue (bnc#446975) * Tue Nov 04 2008 kssingvo@suse.de ++++++ cups-1.3.9-filter_png_overflow2.patch ++++++ --- cups-1.3.9/filter/image-png.c.orig 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.9/filter/image-png.c 2008-11-25 16:38:13.000000000 +0100 @@ -178,7 +178,7 @@ _cupsImageReadPNG( { bufsize = img->xsize * img->ysize; - if ((bufsize / img->ysize) != img->xsize) + if ((bufsize / img->xsize) != img->ysize) { fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", (unsigned)width, (unsigned)height); @@ -190,7 +190,7 @@ _cupsImageReadPNG( { bufsize = img->xsize * img->ysize * 3; - if ((bufsize / (img->ysize * 3)) != img->xsize) + if ((bufsize / (img->xsize * 3)) != img->ysize) { fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", (unsigned)width, (unsigned)height); ++++++ cups-1.3.9-hpgltops2.patch ++++++ --- cups-1.3.9/filter/hpgl-attr.c.orig 2008-10-09 22:12:03.000000000 +0200 +++ cups-1.3.9/filter/hpgl-attr.c 2008-11-25 16:40:42.000000000 +0100 @@ -214,7 +214,7 @@ NP_number_pens(int num_params, /* I "DEBUG: HP-GL/2 \'NP\' command with invalid number of " "parameters (%d)!\n", num_params); - for (i = 0; i <= PenCount; i ++) + for (i = 0; i < PenCount; i ++) Pens[i].width = PenWidth; PC_pen_color(0, NULL); @@ -232,14 +232,14 @@ PC_pen_color(int num_params, /* I - int i; /* Looping var */ static float standard_colors[8][3] = /* Standard colors for first 8 pens */ { - { 1.0, 1.0, 1.0 }, /* White */ { 0.0, 0.0, 0.0 }, /* Black */ { 1.0, 0.0, 0.0 }, /* Red */ { 0.0, 1.0, 0.0 }, /* Green */ { 1.0, 1.0, 0.0 }, /* Yellow */ { 0.0, 0.0, 1.0 }, /* Blue */ { 1.0, 0.0, 1.0 }, /* Magenta */ - { 0.0, 1.0, 1.0 } /* Cyan */ + { 0.0, 1.0, 1.0 }, /* Cyan */ + { 1.0, 1.0, 1.0 } /* White */ }; --- cups-1.3.9/filter/hpgl-vector.c.orig 2008-07-12 00:48:49.000000000 +0200 +++ cups-1.3.9/filter/hpgl-vector.c 2008-11-25 16:40:42.000000000 +0100 @@ -393,13 +393,20 @@ PE_polyline_encoded(int num_params, break; case ':' : /* Select pen */ s ++; - PenNumber = (int)decode_number(&s, base_bits, 1.0); + temp = (int)decode_number(&s, base_bits, 1.0) - 1; + if (temp < 0 || temp >= PenCount) + { + fprintf(stderr, "DEBUG: Bad pen number %d in PE\n", temp + 1); + return; + } + + PenNumber = temp; #ifdef DEBUG - fprintf(stderr, "DEBUG: set pen #%d\n", PenNumber); + fprintf(stderr, "DEBUG: set pen #%d\n", PenNumber + 1); #endif /* DEBUG */ - Outputf("%% PE: set pen #%d\n", PenNumber); + Outputf("%% PE: set pen #%d\n", PenNumber + 1); if (PageDirty) printf("%.3f %.3f %.3f %.2f SP\n", Pens[PenNumber].rgb[0], ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org