ports/129193: [vuxml] [patch] print/cups-base: fix buffer overflow in the PNG reader
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Tue Nov 25 21:30:04 UTC 2008
>Number: 129193
>Category: ports
>Synopsis: [vuxml] [patch] print/cups-base: fix buffer overflow in the PNG reader
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 25 21:30:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE i386
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-PRERELEASE i386
>Description:
Release notes for CUPS 1.3.10 say that there were potential buffer
overflow in the PNG reader code:
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
The corresponding entry in the CUPS bug tracker is at
http://www.cups.org/str.php?L2974
>How-To-Repeat:
Look at the above URLs.
>Fix:
The following patch updates the port itself. I had used PORTREVISION
of 2, but the patch was made against the clean 1.3.9 tree. If it will
be applied simultaneously with the patch in ports/129001, then the
PORTVERSION can be set to 1. In this case the below VuXML entry
should be changed to reflect this.
--- 1.3.9-fix-potential-PNG-buffer-overflow.diff begins here ---
>From 95c304d2b3ce819ea68f493f6dcc2fed76ac2029 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
Date: Wed, 26 Nov 2008 00:11:53 +0300
See: http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
See: http://www.openwall.com/lists/oss-security/2008/11/25/2
Signed-off-by: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
---
print/cups-base/Makefile | 1 +
print/cups-base/files/patch-str2974 | 27 +++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 0 deletions(-)
create mode 100644 print/cups-base/files/patch-str2974
diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile
index 87e5ee3..aad7c52 100644
--- a/print/cups-base/Makefile
+++ b/print/cups-base/Makefile
@@ -7,6 +7,7 @@
PORTNAME= cups
PORTVERSION= 1.3.9
+PORTREVISION= 2
DISTVERSIONSUFFIX= -source
CATEGORIES= print
MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION}
diff --git a/print/cups-base/files/patch-str2974 b/print/cups-base/files/patch-str2974
new file mode 100644
index 0000000..f407d55
--- /dev/null
+++ b/print/cups-base/files/patch-str2974
@@ -0,0 +1,27 @@
+Fix for the buffer overflow in the PNG reading code
+
+See: http://www.cups.org/str.php?L2974
+Obtained from: http://www.cups.org/strfiles/2974/str2974.patch
+
+Index: filter/image-png.c
+===================================================================
+--- filter/image-png.c (revision 8062)
++++ filter/image-png.c (working copy)
+@@ -178,7 +178,7 @@
+ {
+ bufsize = img->xsize * img->ysize;
+
+- if ((bufsize / img->ysize) != img->xsize)
++ if ((bufsize / img->xsize) != img->ysize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)width, (unsigned)height);
+@@ -190,7 +190,7 @@
+ {
+ bufsize = img->xsize * img->ysize * 3;
+
+- if ((bufsize / (img->ysize * 3)) != img->xsize)
++ if ((bufsize / (img->xsize * 3)) != img->ysize)
+ {
+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)width, (unsigned)height);
--
1.6.0.4
--- 1.3.9-fix-potential-PNG-buffer-overflow.diff ends here ---
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="unknown">
<topic>cups -- potential buffer overflow in PNG reading code</topic>
<affects>
<package>
<name>cups-base</name>
<range><lt>1.3.9_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ChangeLog for CUPS 1.3.10 says:</p>
<blockquote cite="http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt">
<p>SECURITY: The PNG image reading code did not validate
the image size properly, leading to a potential buffer
overflow (STR #2974)</p>
</blockquote>
</body>
</description>
<references>
<url>http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt</url>
<mlist>http://www.openwall.com/lists/oss-security/2008/11/25/2</mlist>
</references>
<dates>
<discovery>2008-11-25</discovery>
<entry>today</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list